diff --git a/go.mod b/go.mod
index 0b88ede845..5330859b9d 100644
--- a/go.mod
+++ b/go.mod
@@ -17,7 +17,7 @@ require (
 	github.com/opencontainers/go-digest v1.0.0
 	github.com/pkg/errors v0.9.1
 	github.com/secure-systems-lab/go-securesystemslib v0.7.0
-	github.com/sigstore/cosign/v2 v2.2.0
+	github.com/sigstore/cosign/v2 v2.2.1
 	github.com/sigstore/rekor v1.3.3
 	github.com/sigstore/sigstore v1.7.5
 	github.com/sigstore/sigstore/pkg/signature/kms/aws v1.7.5
@@ -32,12 +32,12 @@ require (
 	gocloud.dev v0.34.0
 	gocloud.dev/docstore/mongodocstore v0.34.0
 	gocloud.dev/pubsub/kafkapubsub v0.34.0
-	golang.org/x/crypto v0.14.0
+	golang.org/x/crypto v0.15.0
 	google.golang.org/grpc v1.59.0
 	google.golang.org/protobuf v1.31.0
-	k8s.io/api v0.27.3
-	k8s.io/apimachinery v0.27.3
-	k8s.io/client-go v0.27.3
+	k8s.io/api v0.28.3
+	k8s.io/apimachinery v0.28.3
+	k8s.io/client-go v0.28.3
 	k8s.io/code-generator v0.26.5
 	knative.dev/pkg v0.0.0-20231011193800-bd99f2f98be7
 	sigs.k8s.io/yaml v1.4.0
@@ -47,10 +47,10 @@ require (
 	4d63.com/gocheckcompilerdirectives v1.2.1 // indirect
 	4d63.com/gochecknoglobals v0.2.1 // indirect
 	cloud.google.com/go v0.110.9 // indirect
-	cloud.google.com/go/compute v1.23.1 // indirect
+	cloud.google.com/go/compute v1.23.2 // indirect
 	cloud.google.com/go/firestore v1.13.0 // indirect
-	cloud.google.com/go/iam v1.1.3 // indirect
-	cloud.google.com/go/kms v1.15.3 // indirect
+	cloud.google.com/go/iam v1.1.4 // indirect
+	cloud.google.com/go/kms v1.15.4 // indirect
 	cloud.google.com/go/longrunning v0.5.2 // indirect
 	contrib.go.opencensus.io/exporter/ocagent v0.7.1-0.20200907061046-05415f1de66d // indirect
 	contrib.go.opencensus.io/exporter/prometheus v0.4.0 // indirect
@@ -64,7 +64,7 @@ require (
 	github.com/Azure/azure-sdk-for-go v68.0.0+incompatible // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.8.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/internal v1.4.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.0.1 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0 // indirect
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
@@ -75,21 +75,21 @@ require (
 	github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
 	github.com/Azure/go-autorest/logger v0.2.1 // indirect
 	github.com/Azure/go-autorest/tracing v0.6.0 // indirect
-	github.com/AzureAD/microsoft-authentication-library-for-go v1.1.1 // indirect
+	github.com/AzureAD/microsoft-authentication-library-for-go v1.2.0 // indirect
 	github.com/BurntSushi/toml v1.3.2 // indirect
 	github.com/DataDog/appsec-internal-go v1.0.0 // indirect
-	github.com/DataDog/datadog-agent/pkg/obfuscate v0.45.0-rc.1 // indirect
-	github.com/DataDog/datadog-agent/pkg/remoteconfig/state v0.46.0-rc.4 // indirect
+	github.com/DataDog/datadog-agent/pkg/obfuscate v0.48.1 // indirect
+	github.com/DataDog/datadog-agent/pkg/remoteconfig/state v0.48.1 // indirect
 	github.com/DataDog/datadog-go/v5 v5.3.0 // indirect
-	github.com/DataDog/go-libddwaf v1.4.1 // indirect
-	github.com/DataDog/go-tuf v0.3.0--fix-localmeta-fork // indirect
-	github.com/DataDog/sketches-go v1.2.1 // indirect
+	github.com/DataDog/go-libddwaf v1.5.0 // indirect
+	github.com/DataDog/go-tuf v1.0.2-0.5.2 // indirect
+	github.com/DataDog/sketches-go v1.4.3 // indirect
 	github.com/Djarvur/go-err113 v0.0.0-20210108212216-aea10b59be24 // indirect
 	github.com/GaijinEntertainment/go-exhaustruct/v3 v3.1.0 // indirect
 	github.com/Masterminds/semver v1.5.0 // indirect
 	github.com/Microsoft/go-winio v0.6.1 // indirect
 	github.com/OpenPeeDeeP/depguard/v2 v2.1.0 // indirect
-	github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 // indirect
+	github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c // indirect
 	github.com/Shopify/sarama v1.38.1 // indirect
 	github.com/ThalesIgnite/crypto11 v1.2.5 // indirect
 	github.com/alecthomas/go-check-sumtype v0.1.3 // indirect
@@ -98,20 +98,20 @@ require (
 	github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.4 // indirect
 	github.com/alibabacloud-go/cr-20160607 v1.0.1 // indirect
 	github.com/alibabacloud-go/cr-20181201 v1.0.10 // indirect
-	github.com/alibabacloud-go/darabonba-openapi v0.1.18 // indirect
-	github.com/alibabacloud-go/debug v0.0.0-20190504072949-9472017b5c68 // indirect
+	github.com/alibabacloud-go/darabonba-openapi v0.2.1 // indirect
+	github.com/alibabacloud-go/debug v1.0.0 // indirect
 	github.com/alibabacloud-go/endpoint-util v1.1.1 // indirect
-	github.com/alibabacloud-go/openapi-util v0.0.11 // indirect
-	github.com/alibabacloud-go/tea v1.1.18 // indirect
-	github.com/alibabacloud-go/tea-utils v1.4.4 // indirect
-	github.com/alibabacloud-go/tea-xml v1.1.2 // indirect
+	github.com/alibabacloud-go/openapi-util v0.1.0 // indirect
+	github.com/alibabacloud-go/tea v1.2.1 // indirect
+	github.com/alibabacloud-go/tea-utils v1.4.5 // indirect
+	github.com/alibabacloud-go/tea-xml v1.1.3 // indirect
 	github.com/alingse/asasalint v0.0.11 // indirect
-	github.com/aliyun/credentials-go v1.2.3 // indirect
+	github.com/aliyun/credentials-go v1.3.1 // indirect
 	github.com/antlr/antlr4/runtime/Go/antlr v1.4.10 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
 	github.com/ashanbrown/forbidigo v1.6.0 // indirect
 	github.com/ashanbrown/makezero v1.1.1 // indirect
-	github.com/aws/aws-sdk-go v1.46.3 // indirect
+	github.com/aws/aws-sdk-go v1.47.0 // indirect
 	github.com/aws/aws-sdk-go-v2 v1.21.2 // indirect
 	github.com/aws/aws-sdk-go-v2/config v1.19.1 // indirect
 	github.com/aws/aws-sdk-go-v2/credentials v1.13.43 // indirect
@@ -119,15 +119,15 @@ require (
 	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.43 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.45 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ecr v1.18.11 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.16.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ecr v1.20.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.18.2 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.37 // indirect
 	github.com/aws/aws-sdk-go-v2/service/kms v1.24.7 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sso v1.15.2 // indirect
 	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.3 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sts v1.23.2 // indirect
 	github.com/aws/smithy-go v1.15.0 // indirect
-	github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20230510185313-f5e39e5f34c7 // indirect
+	github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20231024185945-8841054dbdb8 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/bkielbasa/cyclop v1.2.1 // indirect
 	github.com/blang/semver v3.5.1+incompatible // indirect
@@ -138,7 +138,7 @@ require (
 	github.com/bombsimon/wsl/v3 v3.4.0 // indirect
 	github.com/breml/bidichk v0.2.7 // indirect
 	github.com/breml/errchkjson v0.3.6 // indirect
-	github.com/buildkite/agent/v3 v3.52.1 // indirect
+	github.com/buildkite/agent/v3 v3.58.0 // indirect
 	github.com/buildkite/interpolate v0.0.0-20200526001904-07f35b4ae251 // indirect
 	github.com/butuzov/ireturn v0.2.2 // indirect
 	github.com/butuzov/mirror v1.1.0 // indirect
@@ -150,31 +150,31 @@ require (
 	github.com/charithe/durationcheck v0.0.10 // indirect
 	github.com/chavacava/garif v0.1.0 // indirect
 	github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589 // indirect
-	github.com/clbanning/mxj/v2 v2.5.6 // indirect
+	github.com/clbanning/mxj/v2 v2.7.0 // indirect
 	github.com/cloudevents/sdk-go/v2 v2.14.0 // indirect
-	github.com/cloudflare/circl v1.3.3 // indirect
+	github.com/cloudflare/circl v1.3.5 // indirect
 	github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be // indirect
 	github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect
 	github.com/coreos/go-oidc/v3 v3.7.0 // indirect
 	github.com/curioswitch/go-reassign v0.2.0 // indirect
-	github.com/cyberphone/json-canonicalization v0.0.0-20220623050100-57a0ce2678a7 // indirect
+	github.com/cyberphone/json-canonicalization v0.0.0-20231011164504-785e29786b46 // indirect
 	github.com/daixiang0/gci v0.11.2 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 // indirect
 	github.com/denis-tingaikin/go-header v0.4.3 // indirect
 	github.com/digitorus/pkcs7 v0.0.0-20230818184609-3a137a874352 // indirect
-	github.com/digitorus/timestamp v0.0.0-20230821155606-d1ad5ca9624c // indirect
+	github.com/digitorus/timestamp v0.0.0-20230902153158-687734543647 // indirect
 	github.com/dimchansky/utfbom v1.1.1 // indirect
-	github.com/docker/cli v24.0.0+incompatible // indirect
-	github.com/docker/distribution v2.8.2+incompatible // indirect
+	github.com/docker/cli v24.0.7+incompatible // indirect
+	github.com/docker/distribution v2.8.3+incompatible // indirect
 	github.com/docker/docker v24.0.7+incompatible // indirect
-	github.com/docker/docker-credential-helpers v0.7.0 // indirect
+	github.com/docker/docker-credential-helpers v0.8.0 // indirect
 	github.com/dustin/go-humanize v1.0.1 // indirect
-	github.com/eapache/go-resiliency v1.3.0 // indirect
+	github.com/eapache/go-resiliency v1.4.0 // indirect
 	github.com/eapache/go-xerial-snappy v0.0.0-20230731223053-c322873962e3 // indirect
 	github.com/eapache/queue v1.1.0 // indirect
-	github.com/ebitengine/purego v0.4.0-alpha.4.0.20230519103000-ee8dcecc618f // indirect
-	github.com/emicklei/go-restful/v3 v3.10.2 // indirect
+	github.com/ebitengine/purego v0.5.0 // indirect
+	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
 	github.com/emirpasic/gods v1.18.1 // indirect
 	github.com/esimonov/ifshort v1.0.4 // indirect
 	github.com/ettle/strcase v0.1.1 // indirect
@@ -183,20 +183,20 @@ require (
 	github.com/fatih/color v1.15.0 // indirect
 	github.com/fatih/structtag v1.2.0 // indirect
 	github.com/firefart/nonamedreturns v1.0.4 // indirect
-	github.com/fsnotify/fsnotify v1.6.0 // indirect
+	github.com/fsnotify/fsnotify v1.7.0 // indirect
 	github.com/fzipp/gocyclo v0.6.0 // indirect
-	github.com/gabriel-vasile/mimetype v1.4.2 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.3 // indirect
 	github.com/ghostiam/protogetter v0.2.3 // indirect
 	github.com/go-chi/chi v4.1.2+incompatible // indirect
 	github.com/go-critic/go-critic v0.9.0 // indirect
 	github.com/go-jose/go-jose/v3 v3.0.0 // indirect
 	github.com/go-kit/log v0.2.1 // indirect
 	github.com/go-logfmt/logfmt v0.6.0 // indirect
-	github.com/go-logr/logr v1.2.4 // indirect
+	github.com/go-logr/logr v1.3.0 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-openapi/analysis v0.21.4 // indirect
 	github.com/go-openapi/errors v0.20.4 // indirect
-	github.com/go-openapi/jsonpointer v0.19.6 // indirect
+	github.com/go-openapi/jsonpointer v0.20.0 // indirect
 	github.com/go-openapi/jsonreference v0.20.2 // indirect
 	github.com/go-openapi/loads v0.21.2 // indirect
 	github.com/go-openapi/runtime v0.26.0 // indirect
@@ -234,10 +234,10 @@ require (
 	github.com/golangci/revgrep v0.5.2 // indirect
 	github.com/golangci/unconvert v0.0.0-20180507085042-28b1c447d1f4 // indirect
 	github.com/google/cel-go v0.12.6 // indirect
-	github.com/google/certificate-transparency-go v1.1.6 // indirect
-	github.com/google/gnostic v0.6.9 // indirect
+	github.com/google/certificate-transparency-go v1.1.7 // indirect
+	github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 // indirect
 	github.com/google/go-containerregistry/pkg/authn/kubernetes v0.0.0-20230516205744-dbecb1de8cfa // indirect
-	github.com/google/go-github/v53 v53.2.0 // indirect
+	github.com/google/go-github/v55 v55.0.0 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/licenseclassifier v0.0.0-20210722185704-3043a050f148 // indirect
@@ -251,21 +251,22 @@ require (
 	github.com/gostaticanalysis/comment v1.4.2 // indirect
 	github.com/gostaticanalysis/forcetypeassert v0.1.0 // indirect
 	github.com/gostaticanalysis/nilerr v0.1.1 // indirect
-	github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 // indirect
+	github.com/gowebpki/jcs v1.0.1 // indirect
+	github.com/grpc-ecosystem/grpc-gateway/v2 v2.18.0 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-retryablehttp v0.7.4 // indirect
 	github.com/hashicorp/go-rootcerts v1.0.2 // indirect
 	github.com/hashicorp/go-secure-stdlib/parseutil v0.1.7 // indirect
 	github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect
-	github.com/hashicorp/go-sockaddr v1.0.2 // indirect
+	github.com/hashicorp/go-sockaddr v1.0.5 // indirect
 	github.com/hashicorp/go-uuid v1.0.3 // indirect
 	github.com/hashicorp/go-version v1.6.0 // indirect
 	github.com/hashicorp/golang-lru v1.0.2 // indirect
-	github.com/hashicorp/hcl v1.0.0 // indirect
+	github.com/hashicorp/hcl v1.0.1-vault-5 // indirect
 	github.com/hashicorp/vault/api v1.10.0 // indirect
 	github.com/hexops/gotextdiff v1.0.3 // indirect
-	github.com/imdario/mergo v0.3.15 // indirect
+	github.com/imdario/mergo v0.3.16 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
 	github.com/jcmturner/aescts/v2 v2.0.0 // indirect
@@ -273,7 +274,7 @@ require (
 	github.com/jcmturner/gofork v1.7.6 // indirect
 	github.com/jcmturner/gokrb5/v8 v8.4.4 // indirect
 	github.com/jcmturner/rpc/v2 v2.0.3 // indirect
-	github.com/jedisct1/go-minisign v0.0.0-20211028175153-1c139d1cc84b // indirect
+	github.com/jedisct1/go-minisign v0.0.0-20230811132847-661be99b8267 // indirect
 	github.com/jellydator/ttlcache/v3 v3.1.0 // indirect
 	github.com/jgautheron/goconst v1.6.0 // indirect
 	github.com/jingyugao/rowserrcheck v1.1.1 // indirect
@@ -287,7 +288,7 @@ require (
 	github.com/kisielk/errcheck v1.6.3 // indirect
 	github.com/kisielk/gotool v1.0.0 // indirect
 	github.com/kkHAIKE/contextcheck v1.1.4 // indirect
-	github.com/klauspost/compress v1.17.0 // indirect
+	github.com/klauspost/compress v1.17.2 // indirect
 	github.com/kulti/thelper v0.6.3 // indirect
 	github.com/kunwardeep/paralleltest v1.0.8 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
@@ -296,13 +297,13 @@ require (
 	github.com/ldez/tagliatelle v0.5.0 // indirect
 	github.com/leodido/go-urn v1.2.4 // indirect
 	github.com/leonklingele/grouper v1.1.1 // indirect
-	github.com/lestrrat-go/blackmagic v1.0.1 // indirect
+	github.com/lestrrat-go/blackmagic v1.0.2 // indirect
 	github.com/lestrrat-go/httpcc v1.0.1 // indirect
 	github.com/lestrrat-go/httprc v1.0.4 // indirect
 	github.com/lestrrat-go/iter v1.0.2 // indirect
-	github.com/lestrrat-go/jwx/v2 v2.0.11 // indirect
+	github.com/lestrrat-go/jwx/v2 v2.0.16 // indirect
 	github.com/lestrrat-go/option v1.0.1 // indirect
-	github.com/letsencrypt/boulder v0.0.0-20221109233200-85aa52084eaf // indirect
+	github.com/letsencrypt/boulder v0.0.0-20231026200631-000cd05d5491 // indirect
 	github.com/lufeee/execinquery v1.2.1 // indirect
 	github.com/macabu/inamedparam v0.1.2 // indirect
 	github.com/magiconair/properties v1.8.7 // indirect
@@ -311,8 +312,8 @@ require (
 	github.com/maratori/testpackage v1.1.1 // indirect
 	github.com/matoous/godox v0.0.0-20230222163458-006bad1f9d26 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
-	github.com/mattn/go-isatty v0.0.19 // indirect
-	github.com/mattn/go-runewidth v0.0.14 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
+	github.com/mattn/go-runewidth v0.0.15 // indirect
 	github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect
 	github.com/mbilski/exhaustivestruct v1.2.0 // indirect
 	github.com/mgechev/revive v1.3.4 // indirect
@@ -336,7 +337,7 @@ require (
 	github.com/opencontainers/image-spec v1.1.0-rc5 // indirect
 	github.com/opentracing/opentracing-go v1.2.0 // indirect
 	github.com/openzipkin/zipkin-go v0.3.0 // indirect
-	github.com/outcaste-io/ristretto v0.2.1 // indirect
+	github.com/outcaste-io/ristretto v0.2.3 // indirect
 	github.com/pborman/uuid v1.2.1 // indirect
 	github.com/pelletier/go-toml/v2 v2.1.0 // indirect
 	github.com/philhofer/fwd v1.1.2 // indirect
@@ -349,13 +350,13 @@ require (
 	github.com/prometheus/common v0.45.0 // indirect
 	github.com/prometheus/procfs v0.12.0 // indirect
 	github.com/prometheus/statsd_exporter v0.21.0 // indirect
-	github.com/puzpuzpuz/xsync/v2 v2.4.1 // indirect
+	github.com/puzpuzpuz/xsync/v2 v2.5.1 // indirect
 	github.com/quasilyte/go-ruleguard v0.4.0 // indirect
 	github.com/quasilyte/gogrep v0.5.0 // indirect
 	github.com/quasilyte/regex/syntax v0.0.0-20210819130434-b3f0c404a727 // indirect
 	github.com/quasilyte/stdinfo v0.0.0-20220114132959-f7386bf02567 // indirect
 	github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 // indirect
-	github.com/rivo/uniseg v0.2.0 // indirect
+	github.com/rivo/uniseg v0.4.4 // indirect
 	github.com/ryancurrah/gomodguard v1.3.0 // indirect
 	github.com/ryanrolds/sqlclosecheck v0.5.1 // indirect
 	github.com/ryanuber/go-glob v1.0.0 // indirect
@@ -371,8 +372,8 @@ require (
 	github.com/sergi/go-diff v1.3.1 // indirect
 	github.com/shazow/go-diff v0.0.0-20160112020656-b6b7b6733b8c // indirect
 	github.com/shibumi/go-pathspec v1.3.0 // indirect
-	github.com/sigstore/fulcio v1.4.0 // indirect
-	github.com/sigstore/timestamp-authority v1.1.2 // indirect
+	github.com/sigstore/fulcio v1.4.3 // indirect
+	github.com/sigstore/timestamp-authority v1.2.0 // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect
 	github.com/sivchari/containedctx v1.0.3 // indirect
 	github.com/sivchari/nosnakecase v1.7.0 // indirect
@@ -383,14 +384,14 @@ require (
 	github.com/sourcegraph/go-diff v0.7.0 // indirect
 	github.com/spf13/afero v1.10.0 // indirect
 	github.com/spf13/cast v1.5.1 // indirect
-	github.com/spf13/cobra v1.7.0 // indirect
+	github.com/spf13/cobra v1.8.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/spf13/viper v1.17.0 // indirect
 	github.com/src-d/gcfg v1.4.0 // indirect
 	github.com/ssgreg/nlreturn/v2 v2.2.1 // indirect
 	github.com/stbenjam/no-sprintf-host-port v0.1.1 // indirect
 	github.com/stoewer/go-strcase v1.2.0 // indirect
-	github.com/stretchr/objx v0.5.0 // indirect
+	github.com/stretchr/objx v0.5.1 // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
 	github.com/syndtr/goleveldb v1.0.1-0.20220721030215-126854af5e6d // indirect
 	github.com/t-yuki/gocover-cobertura v0.0.0-20180217150009-aaee18c8195c // indirect
@@ -402,15 +403,15 @@ require (
 	github.com/timonwong/loggercheck v0.9.4 // indirect
 	github.com/tinylib/msgp v1.1.8 // indirect
 	github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect
-	github.com/tjfoc/gmsm v1.3.2 // indirect
+	github.com/tjfoc/gmsm v1.4.1 // indirect
 	github.com/tomarrell/wrapcheck/v2 v2.8.1 // indirect
 	github.com/tommy-muehle/go-mnd/v2 v2.5.1 // indirect
 	github.com/transparency-dev/merkle v0.0.2 // indirect
 	github.com/ultraware/funlen v0.1.0 // indirect
 	github.com/ultraware/whitespace v0.0.5 // indirect
 	github.com/uudashr/gocognit v1.1.2 // indirect
-	github.com/vbatts/tar-split v0.11.3 // indirect
-	github.com/xanzy/go-gitlab v0.90.0 // indirect
+	github.com/vbatts/tar-split v0.11.5 // indirect
+	github.com/xanzy/go-gitlab v0.93.2 // indirect
 	github.com/xanzy/ssh-agent v0.3.3 // indirect
 	github.com/xdg-go/pbkdf2 v1.0.0 // indirect
 	github.com/xdg-go/scram v1.1.2 // indirect
@@ -423,7 +424,7 @@ require (
 	github.com/zeebo/errs v1.3.0 // indirect
 	gitlab.com/bosi/decorder v0.4.1 // indirect
 	go-simpler.org/sloglint v0.1.2 // indirect
-	go.mongodb.org/mongo-driver v1.12.0 // indirect
+	go.mongodb.org/mongo-driver v1.12.1 // indirect
 	go.opencensus.io v0.24.0 // indirect
 	go.opentelemetry.io/otel v1.19.0 // indirect
 	go.opentelemetry.io/otel/metric v1.19.0 // indirect
@@ -433,17 +434,17 @@ require (
 	go.uber.org/atomic v1.11.0 // indirect
 	go.uber.org/automaxprocs v1.5.2 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
-	go4.org/intern v0.0.0-20211027215823-ae77deb06f29 // indirect
-	go4.org/unsafe/assume-no-moving-gc v0.0.0-20220617031537-928513b29760 // indirect
+	go4.org/intern v0.0.0-20230525184215-6c62f75575cb // indirect
+	go4.org/unsafe/assume-no-moving-gc v0.0.0-20230525183740-e7c30c78aeb2 // indirect
 	golang.org/x/exp v0.0.0-20231006140011-7918f672742d // indirect
 	golang.org/x/exp/typeparams v0.0.0-20230307190834-24139beb5833 // indirect
 	golang.org/x/mod v0.13.0 // indirect
 	golang.org/x/net v0.17.0 // indirect
 	golang.org/x/oauth2 v0.13.0 // indirect
-	golang.org/x/sync v0.4.0 // indirect
-	golang.org/x/sys v0.13.0 // indirect
-	golang.org/x/term v0.13.0 // indirect
-	golang.org/x/text v0.13.0 // indirect
+	golang.org/x/sync v0.5.0 // indirect
+	golang.org/x/sys v0.14.0 // indirect
+	golang.org/x/term v0.14.0 // indirect
+	golang.org/x/text v0.14.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
 	golang.org/x/tools v0.14.0 // indirect
 	golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect
@@ -453,7 +454,8 @@ require (
 	google.golang.org/genproto v0.0.0-20231016165738-49dd2c1f3d0b // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20231016165738-49dd2c1f3d0b // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b // indirect
-	gopkg.in/DataDog/dd-trace-go.v1 v1.53.0 // indirect
+	gopkg.in/DataDog/dd-trace-go.v1 v1.56.1 // indirect
+	gopkg.in/go-jose/go-jose.v2 v2.6.1 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/square/go-jose.v2 v2.6.0 // indirect
@@ -463,19 +465,19 @@ require (
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	honnef.co/go/tools v0.4.6 // indirect
-	inet.af/netaddr v0.0.0-20220811202034-502d2d690317 // indirect
+	inet.af/netaddr v0.0.0-20230525184311-b8eac61e914a // indirect
 	k8s.io/apiextensions-apiserver v0.26.5 // indirect
-	k8s.io/gengo v0.0.0-20221011193443-fad74ee6edd9 // indirect
+	k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01 // indirect
 	k8s.io/klog/v2 v2.100.1 // indirect
-	k8s.io/kube-openapi v0.0.0-20230515203736-54b630e78af5 // indirect
-	k8s.io/utils v0.0.0-20230505201702-9f6742963106 // indirect
+	k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 // indirect
+	k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect
 	mvdan.cc/gofumpt v0.5.0 // indirect
 	mvdan.cc/interfacer v0.0.0-20180901003855-c20040233aed // indirect
 	mvdan.cc/lint v0.0.0-20170908181259-adc824a0674b // indirect
 	mvdan.cc/unparam v0.0.0-20221223090309-7455f1af531d // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 	sigs.k8s.io/release-utils v0.7.6 // indirect
-	sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.3.0 // indirect
 )
 
 // Replace glog to fix flag collision between klog and glog.
diff --git a/go.sum b/go.sum
index d4a45ed3a3..9147b9aef8 100644
--- a/go.sum
+++ b/go.sum
@@ -50,8 +50,8 @@ cloud.google.com/go/compute v1.5.0/go.mod h1:9SMHyhJlzhlkJqrPAc839t2BZFTSk6Jdj6m
 cloud.google.com/go/compute v1.6.0/go.mod h1:T29tfhtVbq1wvAPo0E3+7vhgmkOYeXjhFvz/FMzPu0s=
 cloud.google.com/go/compute v1.6.1/go.mod h1:g85FgpzFvNULZ+S8AYq87axRKuf2Kh7deLqV/jJ3thU=
 cloud.google.com/go/compute v1.7.0/go.mod h1:435lt8av5oL9P3fv1OEzSbSUe+ybHXGMPQHHZWZxy9U=
-cloud.google.com/go/compute v1.23.1 h1:V97tBoDaZHb6leicZ1G6DLK2BAaZLJ/7+9BB/En3hR0=
-cloud.google.com/go/compute v1.23.1/go.mod h1:CqB3xpmPKKt3OJpW2ndFIXnA9A4xAy/F3Xp1ixncW78=
+cloud.google.com/go/compute v1.23.2 h1:nWEMDhgbBkBJjfpVySqU4jgWdc22PLR0o4vEexZHers=
+cloud.google.com/go/compute v1.23.2/go.mod h1:JJ0atRC0J/oWYiiVBmsSsrRnh92DhZPG4hFDcR04Rns=
 cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
 cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA=
 cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
@@ -60,10 +60,10 @@ cloud.google.com/go/firestore v1.13.0 h1:/3S4RssUV4GO/kvgJZB+tayjhOfyAHs+KcpJgRV
 cloud.google.com/go/firestore v1.13.0/go.mod h1:QojqqOh8IntInDUSTAh0c8ZsPYAr68Ma8c5DWOy8xb8=
 cloud.google.com/go/iam v0.3.0/go.mod h1:XzJPvDayI+9zsASAFO68Hk07u3z+f+JrT2xXNdp4bnY=
 cloud.google.com/go/iam v0.4.0/go.mod h1:cbaZxyScUhxl7ZAkNWiALgihfP75wS/fUsVNaa1r3vA=
-cloud.google.com/go/iam v1.1.3 h1:18tKG7DzydKWUnLjonWcJO6wjSCAtzh4GcRKlH/Hrzc=
-cloud.google.com/go/iam v1.1.3/go.mod h1:3khUlaBXfPKKe7huYgEpDn6FtgRyMEqbkvBxrQyY5SE=
-cloud.google.com/go/kms v1.15.3 h1:RYsbxTRmk91ydKCzekI2YjryO4c5Y2M80Zwcs9/D/cI=
-cloud.google.com/go/kms v1.15.3/go.mod h1:AJdXqHxS2GlPyduM99s9iGqi2nwbviBbhV/hdmt4iOQ=
+cloud.google.com/go/iam v1.1.4 h1:K6n/GZHFTtEoKT5aUG3l9diPi0VduZNQ1PfdnpkkIFk=
+cloud.google.com/go/iam v1.1.4/go.mod h1:l/rg8l1AaA+VFMho/HYx2Vv6xinPSLMF8qfhRPIZ0L8=
+cloud.google.com/go/kms v1.15.4 h1:gEZzC54ZBI+aeW8/jg9tgz9KR4Aa+WEDPbdGIV3iJ7A=
+cloud.google.com/go/kms v1.15.4/go.mod h1:L3Sdj6QTHK8dfwK5D1JLsAyELsNMnd3tAIwGS4ltKpc=
 cloud.google.com/go/longrunning v0.5.2 h1:u+oFqfEwwU7F9dIELigxbe0XVnBAo9wqMuQLA50CZ5k=
 cloud.google.com/go/longrunning v0.5.2/go.mod h1:nqo6DQbNV2pXhGDbDMoN2bWz68MjZUzqv2YttZiveCs=
 cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
@@ -108,8 +108,8 @@ github.com/Azure/azure-sdk-for-go/sdk/azcore v1.8.0 h1:9kDVnTz3vbfweTqAUmk/a/pH5
 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.8.0/go.mod h1:3Ug6Qzto9anB6mGlEdgYMDF5zHQ+wwhEaYR4s17PHMw=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0 h1:BMAjVKJM0U/CYF27gA0ZMmXGkOcvfFtD0oHVZ1TIPRI=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0/go.mod h1:1fXstnBMas5kzG+S3q8UoJcmyU6nUeunJcMDHcRYHhs=
-github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 h1:sXr+ck84g/ZlZUOZiNELInmMgOsuGwdjjVkEIde0OtY=
-github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0/go.mod h1:okt5dMMTOFjX/aovMlrjvvXoPMBVSPzk9185BT0+eZM=
+github.com/Azure/azure-sdk-for-go/sdk/internal v1.4.0 h1:TuEMD+E+1aTjjLICGQOW6vLe8UWES7kopac9mUXL56Y=
+github.com/Azure/azure-sdk-for-go/sdk/internal v1.4.0/go.mod h1:s4kgfzA0covAXNicZHDMN58jExvcng2mC/DepXiF1EI=
 github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.0.1 h1:MyVTgWR8qd/Jw1Le0NZebGBUCLbtak3bJ3z1OlqZBpw=
 github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.0.1/go.mod h1:GpPjLhVR9dnUoJMyHWSPy71xY9/lcmpzIPZXmF0FCVY=
 github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0 h1:D3occbWoio4EBLkbkevetNMAVX197GkzbUMtqjGWn80=
@@ -137,29 +137,27 @@ github.com/Azure/go-autorest/logger v0.2.1 h1:IG7i4p/mDa2Ce4TRyAO8IHnVhAVF3RFU+Z
 github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8=
 github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo=
 github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU=
-github.com/AzureAD/microsoft-authentication-library-for-go v1.1.1 h1:WpB/QDNLpMw72xHJc34BNNykqSOeEJDAWkhf0u12/Jk=
-github.com/AzureAD/microsoft-authentication-library-for-go v1.1.1/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI=
+github.com/AzureAD/microsoft-authentication-library-for-go v1.2.0 h1:hVeq+yCyUi+MsoO/CU95yqCIcdzra5ovzk8Q2BBpV2M=
+github.com/AzureAD/microsoft-authentication-library-for-go v1.2.0/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
 github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8=
 github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/DataDog/appsec-internal-go v1.0.0 h1:2u5IkF4DBj3KVeQn5Vg2vjPUtt513zxEYglcqnd500U=
 github.com/DataDog/appsec-internal-go v1.0.0/go.mod h1:+Y+4klVWKPOnZx6XESG7QHydOaUGEXyH2j/vSg9JiNM=
-github.com/DataDog/datadog-agent/pkg/obfuscate v0.45.0-rc.1 h1:XyYvstMFpSyZtfJHWJm1Sf1meNyCdfhKJrjB6+rUNOk=
-github.com/DataDog/datadog-agent/pkg/obfuscate v0.45.0-rc.1/go.mod h1:e933RWa4kAWuHi5jpzEuOiULlv21HcCFEVIYegmaB5c=
-github.com/DataDog/datadog-agent/pkg/remoteconfig/state v0.46.0-rc.4 h1:KE/ntoEPODxVGYXjWXFVVRniprifNhE4OOrylNolUv0=
-github.com/DataDog/datadog-agent/pkg/remoteconfig/state v0.46.0-rc.4/go.mod h1:VVMDDibJxYEkwcLdZBT2g8EHKpbMT4JdOhRbQ9GdjbM=
-github.com/DataDog/datadog-go/v5 v5.1.1/go.mod h1:KhiYb2Badlv9/rofz+OznKoEF5XKTonWyhx5K83AP8E=
+github.com/DataDog/datadog-agent/pkg/obfuscate v0.48.1 h1:uS2NzlwpCs+ZBHE9MLK1tGgxJOe2fVbwwjEEu34Kll4=
+github.com/DataDog/datadog-agent/pkg/obfuscate v0.48.1/go.mod h1:HzySONXnAgSmIQfL6gOv9hWprKJkx8CicuXuUbmgWfo=
+github.com/DataDog/datadog-agent/pkg/remoteconfig/state v0.48.1 h1:5nE6N3JSs2IG3xzMthNFhXfOaXlrsdgqmJ73lndFf8c=
+github.com/DataDog/datadog-agent/pkg/remoteconfig/state v0.48.1/go.mod h1:Vc+snp0Bey4MrrJyiV2tVxxJb6BmLomPvN1RgAvjGaQ=
 github.com/DataDog/datadog-go/v5 v5.3.0 h1:2q2qjFOb3RwAZNU+ez27ZVDwErJv5/VpbBPprz7Z+s8=
 github.com/DataDog/datadog-go/v5 v5.3.0/go.mod h1:XRDJk1pTc00gm+ZDiBKsjh7oOOtJfYfglVCmFb8C2+Q=
-github.com/DataDog/go-libddwaf v1.4.1 h1:dZTypHGyf38vDk5QbbsqaB8w5X213dFOZKT8SnMLmSI=
-github.com/DataDog/go-libddwaf v1.4.1/go.mod h1:qLZEuaF5amEVMP5NTYtr/6m30m73voPL4i7SK7dnnt4=
-github.com/DataDog/go-tuf v0.3.0--fix-localmeta-fork h1:yBq5PrAtrM4yVeSzQ+bn050+Ysp++RKF1QmtkL4VqvU=
-github.com/DataDog/go-tuf v0.3.0--fix-localmeta-fork/go.mod h1:yA5JwkZsHTLuqq3zaRgUQf35DfDkpOZqgtBqHKpwrBs=
-github.com/DataDog/gostackparse v0.5.0 h1:jb72P6GFHPHz2W0onsN51cS3FkaMDcjb0QzgxxA4gDk=
-github.com/DataDog/sketches-go v1.2.1 h1:qTBzWLnZ3kM2kw39ymh6rMcnN+5VULwFs++lEYUUsro=
-github.com/DataDog/sketches-go v1.2.1/go.mod h1:1xYmPLY1So10AwxV6MJV0J53XVH+WL9Ad1KetxVivVI=
+github.com/DataDog/go-libddwaf v1.5.0 h1:lrHP3VrEriy1M5uQuaOcKphf5GU40mBhihMAp6Ik55c=
+github.com/DataDog/go-libddwaf v1.5.0/go.mod h1:Fpnmoc2k53h6desQrH1P0/gR52CUzkLNFugE5zWwUBQ=
+github.com/DataDog/go-tuf v1.0.2-0.5.2 h1:EeZr937eKAWPxJ26IykAdWA4A0jQXJgkhUjqEI/w7+I=
+github.com/DataDog/go-tuf v1.0.2-0.5.2/go.mod h1:zBcq6f654iVqmkk8n2Cx81E1JnNTMOAx1UEO/wZR+P0=
+github.com/DataDog/gostackparse v0.7.0 h1:i7dLkXHvYzHV308hnkvVGDL3BR4FWl7IsXNPz/IGQh4=
+github.com/DataDog/sketches-go v1.4.3 h1:ZB9nijteJRFUQixkQfatCqASartGNfiolIlMiEv3u/w=
+github.com/DataDog/sketches-go v1.4.3/go.mod h1:XR0ns2RtEEF09mDKXiKZiQg+nfZStrq1ZuL1eezeZe0=
 github.com/Djarvur/go-err113 v0.0.0-20210108212216-aea10b59be24 h1:sHglBQTwgx+rWPdisA5ynNEsoARbiCBOyGcJM4/OzsM=
 github.com/Djarvur/go-err113 v0.0.0-20210108212216-aea10b59be24/go.mod h1:4UJr5HIiMZrwgkSPdsjy2uOQExX/WEILpIrO9UPGuXs=
 github.com/GaijinEntertainment/go-exhaustruct/v3 v3.1.0 h1:3ZBs7LAezy8gh0uECsA6CGU43FF3zsx5f4eah5FxTMA=
@@ -167,7 +165,6 @@ github.com/GaijinEntertainment/go-exhaustruct/v3 v3.1.0/go.mod h1:rZLTje5A9kFBe0
 github.com/Masterminds/semver v1.5.0 h1:H65muMkzWKEuNDnfl9d70GUjFniHKHRbFPGBuZ3QEww=
 github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y=
 github.com/Microsoft/go-winio v0.5.0/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
-github.com/Microsoft/go-winio v0.5.1/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
 github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=
 github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow=
 github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM=
@@ -175,8 +172,8 @@ github.com/Microsoft/hcsshim v0.11.1 h1:hJ3s7GbWlGK4YVV92sO88BQSyF4ZLVy7/awqOlPx
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
 github.com/OpenPeeDeeP/depguard/v2 v2.1.0 h1:aQl70G173h/GZYhWf36aE5H0KaujXfVMnn/f1kSDVYY=
 github.com/OpenPeeDeeP/depguard/v2 v2.1.0/go.mod h1:PUBgk35fX4i7JDmwzlJwJ+GMe6NfO1723wmJMgPThNQ=
-github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 h1:kkhsdkhsCvIsutKu5zLMgWtgh9YxGCNAw8Ad8hjwfYg=
-github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0=
+github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c h1:kMFnB0vCcX7IL/m9Y5LO+KQYv+t1CQOiFe6+SV2J7bE=
+github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0=
 github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
 github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
 github.com/Shopify/sarama v1.30.0/go.mod h1:zujlQQx1kzHsh4jfV1USnptCQrHAEZ2Hk8fTKCulPVs=
@@ -212,37 +209,41 @@ github.com/alibabacloud-go/cr-20181201 v1.0.10 h1:B60f6S1imsgn2fgC6X6FrVNrONDrbC
 github.com/alibabacloud-go/cr-20181201 v1.0.10/go.mod h1:VN9orB/w5G20FjytoSpZROqu9ZqxwycASmGqYUJSoDc=
 github.com/alibabacloud-go/darabonba-openapi v0.1.12/go.mod h1:sTAjsFJmVsmcVeklL9d9uDBlFsgl43wZ6jhI6BHqHqU=
 github.com/alibabacloud-go/darabonba-openapi v0.1.14/go.mod h1:w4CosR7O/kapCtEEMBm3JsQqWBU/CnZ2o0pHorsTWDI=
-github.com/alibabacloud-go/darabonba-openapi v0.1.18 h1:3eUVmAr7WCJp7fgIvmCd9ZUyuwtJYbtUqJIed5eXCmk=
-github.com/alibabacloud-go/darabonba-openapi v0.1.18/go.mod h1:PB4HffMhJVmAgNKNq3wYbTUlFvPgxJpTzd1F5pTuUsc=
+github.com/alibabacloud-go/darabonba-openapi v0.2.1 h1:WyzxxKvhdVDlwpAMOHgAiCJ+NXa6g5ZWPFEzaK/ewwY=
+github.com/alibabacloud-go/darabonba-openapi v0.2.1/go.mod h1:zXOqLbpIqq543oioL9IuuZYOQgHQ5B8/n5OPrnko8aY=
 github.com/alibabacloud-go/darabonba-string v1.0.0/go.mod h1:93cTfV3vuPhhEwGGpKKqhVW4jLe7tDpo3LUM0i0g6mA=
-github.com/alibabacloud-go/debug v0.0.0-20190504072949-9472017b5c68 h1:NqugFkGxx1TXSh/pBcU00Y6bljgDPaFdh5MUSeJ7e50=
 github.com/alibabacloud-go/debug v0.0.0-20190504072949-9472017b5c68/go.mod h1:6pb/Qy8c+lqua8cFpEy7g39NRRqOWc3rOwAy8m5Y2BY=
+github.com/alibabacloud-go/debug v1.0.0 h1:3eIEQWfay1fB24PQIEzXAswlVJtdQok8f3EVN5VrBnA=
+github.com/alibabacloud-go/debug v1.0.0/go.mod h1:8gfgZCCAC3+SCzjWtY053FrOcd4/qlH6IHTI4QyICOc=
 github.com/alibabacloud-go/endpoint-util v1.1.0/go.mod h1:O5FuCALmCKs2Ff7JFJMudHs0I5EBgecXXxZRyswlEjE=
 github.com/alibabacloud-go/endpoint-util v1.1.1 h1:ZkBv2/jnghxtU0p+upSU0GGzW1VL9GQdZO3mcSUTUy8=
 github.com/alibabacloud-go/endpoint-util v1.1.1/go.mod h1:O5FuCALmCKs2Ff7JFJMudHs0I5EBgecXXxZRyswlEjE=
 github.com/alibabacloud-go/openapi-util v0.0.9/go.mod h1:sQuElr4ywwFRlCCberQwKRFhRzIyG4QTP/P4y1CJ6Ws=
 github.com/alibabacloud-go/openapi-util v0.0.10/go.mod h1:sQuElr4ywwFRlCCberQwKRFhRzIyG4QTP/P4y1CJ6Ws=
-github.com/alibabacloud-go/openapi-util v0.0.11 h1:iYnqOPR5hyEEnNZmebGyRMkkEJRWUEjDiiaOHZ5aNhA=
 github.com/alibabacloud-go/openapi-util v0.0.11/go.mod h1:sQuElr4ywwFRlCCberQwKRFhRzIyG4QTP/P4y1CJ6Ws=
+github.com/alibabacloud-go/openapi-util v0.1.0 h1:0z75cIULkDrdEhkLWgi9tnLe+KhAFE/r5Pb3312/eAY=
+github.com/alibabacloud-go/openapi-util v0.1.0/go.mod h1:sQuElr4ywwFRlCCberQwKRFhRzIyG4QTP/P4y1CJ6Ws=
 github.com/alibabacloud-go/tea v1.1.0/go.mod h1:IkGyUSX4Ba1V+k4pCtJUc6jDpZLFph9QMy2VUPTwukg=
 github.com/alibabacloud-go/tea v1.1.7/go.mod h1:/tmnEaQMyb4Ky1/5D+SE1BAsa5zj/KeGOFfwYm3N/p4=
 github.com/alibabacloud-go/tea v1.1.8/go.mod h1:/tmnEaQMyb4Ky1/5D+SE1BAsa5zj/KeGOFfwYm3N/p4=
 github.com/alibabacloud-go/tea v1.1.11/go.mod h1:/tmnEaQMyb4Ky1/5D+SE1BAsa5zj/KeGOFfwYm3N/p4=
 github.com/alibabacloud-go/tea v1.1.17/go.mod h1:nXxjm6CIFkBhwW4FQkNrolwbfon8Svy6cujmKFUq98A=
-github.com/alibabacloud-go/tea v1.1.18 h1:+6GJ06eu5Cr/Mkj09vWrf6QAfrPepctY2OxcWNclRC0=
-github.com/alibabacloud-go/tea v1.1.18/go.mod h1:nXxjm6CIFkBhwW4FQkNrolwbfon8Svy6cujmKFUq98A=
+github.com/alibabacloud-go/tea v1.1.19/go.mod h1:nXxjm6CIFkBhwW4FQkNrolwbfon8Svy6cujmKFUq98A=
+github.com/alibabacloud-go/tea v1.2.1 h1:rFF1LnrAdhaiPmKwH5xwYOKlMh66CqRwPUTzIK74ask=
+github.com/alibabacloud-go/tea v1.2.1/go.mod h1:qbzof29bM/IFhLMtJPrgTGK3eauV5J2wSyEUo4OEmnA=
 github.com/alibabacloud-go/tea-utils v1.3.1/go.mod h1:EI/o33aBfj3hETm4RLiAxF/ThQdSngxrpF8rKUDJjPE=
 github.com/alibabacloud-go/tea-utils v1.3.9/go.mod h1:EI/o33aBfj3hETm4RLiAxF/ThQdSngxrpF8rKUDJjPE=
 github.com/alibabacloud-go/tea-utils v1.4.3/go.mod h1:KNcT0oXlZZxOXINnZBs6YvgOd5aYp9U67G+E3R8fcQw=
-github.com/alibabacloud-go/tea-utils v1.4.4 h1:lxCDvNCdTo9FaXKKq45+4vGETQUKNOW/qKTcX9Sk53o=
-github.com/alibabacloud-go/tea-utils v1.4.4/go.mod h1:KNcT0oXlZZxOXINnZBs6YvgOd5aYp9U67G+E3R8fcQw=
-github.com/alibabacloud-go/tea-xml v1.1.2 h1:oLxa7JUXm2EDFzMg+7oRsYc+kutgCVwm+bZlhhmvW5M=
+github.com/alibabacloud-go/tea-utils v1.4.5 h1:h0/6Xd2f3bPE4XHTvkpjwxowIwRCJAJOqY6Eq8f3zfA=
+github.com/alibabacloud-go/tea-utils v1.4.5/go.mod h1:KNcT0oXlZZxOXINnZBs6YvgOd5aYp9U67G+E3R8fcQw=
 github.com/alibabacloud-go/tea-xml v1.1.2/go.mod h1:Rq08vgCcCAjHyRi/M7xlHKUykZCEtyBy9+DPF6GgEu8=
+github.com/alibabacloud-go/tea-xml v1.1.3 h1:7LYnm+JbOq2B+T/B0fHC4Ies4/FofC4zHzYtqw7dgt0=
+github.com/alibabacloud-go/tea-xml v1.1.3/go.mod h1:Rq08vgCcCAjHyRi/M7xlHKUykZCEtyBy9+DPF6GgEu8=
 github.com/alingse/asasalint v0.0.11 h1:SFwnQXJ49Kx/1GghOFz1XGqHYKp21Kq1nHad/0WQRnw=
 github.com/alingse/asasalint v0.0.11/go.mod h1:nCaoMhw7a9kSJObvQyVzNTPBDbNpdocqrSP7t/cW5+I=
 github.com/aliyun/credentials-go v1.1.2/go.mod h1:ozcZaMR5kLM7pwtCMEpVmQ242suV6qTJya2bDq4X1Tw=
-github.com/aliyun/credentials-go v1.2.3 h1:Vmodnr52Rz1mcbwn0kzMhLRKb6soizewuKXdfZiNemU=
-github.com/aliyun/credentials-go v1.2.3/go.mod h1:/KowD1cfGSLrLsH28Jr8W+xwoId0ywIy5lNzDz6O1vw=
+github.com/aliyun/credentials-go v1.3.1 h1:uq/0v7kWrxmoLGpqjx7vtQ/s03f0zR//0br/xWDTE28=
+github.com/aliyun/credentials-go v1.3.1/go.mod h1:8jKYhQuDawt8x2+fusqa1Y6mPxemTsBEN04dgcAcYz0=
 github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c=
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8=
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
@@ -258,52 +259,40 @@ github.com/ashanbrown/forbidigo v1.6.0 h1:D3aewfM37Yb3pxHujIPSpTf6oQk9sc9WZi8ger
 github.com/ashanbrown/forbidigo v1.6.0/go.mod h1:Y8j9jy9ZYAEHXdu723cUlraTqbzjKF1MUyfOKL+AjcU=
 github.com/ashanbrown/makezero v1.1.1 h1:iCQ87C0V0vSyO+M9E/FZYbu65auqH0lnsOkf5FcB28s=
 github.com/ashanbrown/makezero v1.1.1/go.mod h1:i1bJLCRSCHOcOa9Y6MyF2FTfMZMFdHvxKHxgO5Z1axI=
-github.com/aws/aws-sdk-go v1.46.3 h1:zcrCu14ANOji6m38bUTxYdPqne4EXIvJQ2KXZ5oi9k0=
-github.com/aws/aws-sdk-go v1.46.3/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
-github.com/aws/aws-sdk-go-v2 v1.18.0/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
+github.com/aws/aws-sdk-go v1.47.0 h1:/JUg9V1+xh+qBn8A6ec/l15ETPaMaBqxkjz+gg63dNk=
+github.com/aws/aws-sdk-go v1.47.0/go.mod h1:DlEaEbWKZmsITVbqlSVvekPARM1HzeV9PMYg15ymSDA=
 github.com/aws/aws-sdk-go-v2 v1.21.2 h1:+LXZ0sgo8quN9UOKXXzAWRT3FWd4NxeXWOZom9pE7GA=
 github.com/aws/aws-sdk-go-v2 v1.21.2/go.mod h1:ErQhvNuEMhJjweavOYhxVkn2RUx7kQXVATHrjKtxIpM=
-github.com/aws/aws-sdk-go-v2/config v1.18.25/go.mod h1:dZnYpD5wTW/dQF0rRNLVypB396zWCcPiBIvdvSWHEg4=
 github.com/aws/aws-sdk-go-v2/config v1.19.1 h1:oe3vqcGftyk40icfLymhhhNysAwk0NfiwkDi2GTPMXs=
 github.com/aws/aws-sdk-go-v2/config v1.19.1/go.mod h1:ZwDUgFnQgsazQTnWfeLWk5GjeqTQTL8lMkoE1UXzxdE=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.24/go.mod h1:jYPYi99wUOPIFi0rhiOvXeSEReVOzBqFNOX5bXYoG2o=
 github.com/aws/aws-sdk-go-v2/credentials v1.13.43 h1:LU8vo40zBlo3R7bAvBVy/ku4nxGEyZe9N8MqAeFTzF8=
 github.com/aws/aws-sdk-go-v2/credentials v1.13.43/go.mod h1:zWJBz1Yf1ZtX5NGax9ZdNjhhI4rgjfgsyk6vTY1yfVg=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.3/go.mod h1:4Q0UFP0YJf0NrsEuEYHpM9fTSEVnD16Z3uyEF7J9JGM=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.13 h1:PIktER+hwIG286DqXyvVENjgLTAwGgoeriLDD5C+YlQ=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.13/go.mod h1:f/Ib/qYjhV2/qdsf79H3QP/eRE4AkVyEf6sk7XfZ1tg=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.33/go.mod h1:7i0PF1ME/2eUPFcjkVIwq+DOygHEoK92t5cDqNgYbIw=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.43 h1:nFBQlGtkbPzp/NjZLuFxRqmT91rLJkgvsEQs68h962Y=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.43/go.mod h1:auo+PiyLl0n1l8A0e8RIeR8tOzYPfZZH/JNlrJ8igTQ=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.27/go.mod h1:UrHnn3QV/d0pBZ6QBAEQcqFLf8FAzLmoUfPVIueOvoM=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37 h1:JRVhO25+r3ar2mKGP7E0LDl8K9/G36gjlqca5iQbaqc=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37/go.mod h1:Qe+2KtKml+FEsQF/DHmDV+xjtche/hwoF75EG4UlHW8=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.3.34/go.mod h1:Etz2dj6UHYuw+Xw830KfzCfWGMzqvUTCjUj5b76GVDc=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.3.45 h1:hze8YsjSh8Wl1rYa1CJpRmXP21BvOBuc76YhW0HsuQ4=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.3.45/go.mod h1:lD5M20o09/LCuQ2mE62Mb/iSdSlCNuj6H5ci7tW7OsE=
-github.com/aws/aws-sdk-go-v2/service/ecr v1.18.11 h1:wlTgmb/sCmVRJrN5De3CiHj4v/bTCgL5+qpdEd0CPtw=
-github.com/aws/aws-sdk-go-v2/service/ecr v1.18.11/go.mod h1:Ce1q2jlNm8BVpjLaOnwnm5v2RClAbK6txwPljFzyW6c=
-github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.16.2 h1:yflJrGmi1pXtP9lOpOeaNZyc0vXnJTuP2sor3nJcGGo=
-github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.16.2/go.mod h1:uHtRE7aqXNmpeYL+7Ec7LacH5zC9+w2T5MBOeEKDdu0=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.27/go.mod h1:EOwBD4J4S5qYszS5/3DpkejfuK+Z5/1uzICfPaZLtqw=
+github.com/aws/aws-sdk-go-v2/service/ecr v1.20.2 h1:y6LX9GUoEA3mO0qpFl1ZQHj1rFyPWVphlzebiSt2tKE=
+github.com/aws/aws-sdk-go-v2/service/ecr v1.20.2/go.mod h1:Q0LcmaN/Qr8+4aSBrdrXXePqoX0eOuYpJLbYpilmWnA=
+github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.18.2 h1:PpbXaecV3sLAS6rjQiaKw4/jyq3Z8gNzmoJupHAoBp0=
+github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.18.2/go.mod h1:fUHpGXr4DrXkEDpGAjClPsviWf+Bszeb0daKE0blxv8=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.37 h1:WWZA/I2K4ptBS1kg0kV1JbBtG/umed0vwHRrmcr9z7k=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.37/go.mod h1:vBmDnwWXWxNPFRMmG2m/3MKOe+xEcMDo1tanpaWCcck=
 github.com/aws/aws-sdk-go-v2/service/kms v1.24.7 h1:uRGw0UKo5hc7M2T7uGsK/Yg2qwecq/dnVjQbbq9RCzY=
 github.com/aws/aws-sdk-go-v2/service/kms v1.24.7/go.mod h1:z3O9CXfVrKAV3c9fMWOUUv2C6N2ggXCDHeXpOB6lAEk=
-github.com/aws/aws-sdk-go-v2/service/sso v1.12.10/go.mod h1:ouy2P4z6sJN70fR3ka3wD3Ro3KezSxU6eKGQI2+2fjI=
 github.com/aws/aws-sdk-go-v2/service/sso v1.15.2 h1:JuPGc7IkOP4AaqcZSIcyqLpFSqBWK32rM9+a1g6u73k=
 github.com/aws/aws-sdk-go-v2/service/sso v1.15.2/go.mod h1:gsL4keucRCgW+xA85ALBpRFfdSLH4kHOVSnLMSuBECo=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.10/go.mod h1:AFvkxc8xfBe8XA+5St5XIHHrQQtkxqrRincx4hmMHOk=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.3 h1:HFiiRkf1SdaAmV3/BHOFZ9DjFynPHj8G/UIO1lQS+fk=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.3/go.mod h1:a7bHA82fyUXOm+ZSWKU6PIoBxrjSprdLoM8xPYvzYVg=
-github.com/aws/aws-sdk-go-v2/service/sts v1.19.0/go.mod h1:BgQOMsg8av8jset59jelyPW7NoZcZXLVpDsXunGDrk8=
 github.com/aws/aws-sdk-go-v2/service/sts v1.23.2 h1:0BkLfgeDjfZnZ+MhB3ONb01u9pwFYTCZVhlsSSBvlbU=
 github.com/aws/aws-sdk-go-v2/service/sts v1.23.2/go.mod h1:Eows6e1uQEsc4ZaHANmsPRzAKcVDrcmjjWiih2+HUUQ=
-github.com/aws/smithy-go v1.13.5/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
 github.com/aws/smithy-go v1.15.0 h1:PS/durmlzvAFpQHDs4wi4sNNP9ExsqZh6IlfdHXgKK8=
 github.com/aws/smithy-go v1.15.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
-github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20230510185313-f5e39e5f34c7 h1:G5IT+PEpFY0CDb3oITDP9tkmLrHkVD8Ny+elUmBqVYI=
-github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20230510185313-f5e39e5f34c7/go.mod h1:VVALgT1UESBh91dY0GprHnT1Z7mKd96VDk8qVy+bmu0=
+github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20231024185945-8841054dbdb8 h1:SoFYaT9UyGkR0+nogNyD/Lj+bsixB+SNuAS4ABlEs6M=
+github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20231024185945-8841054dbdb8/go.mod h1:2JF49jcDOrLStIXN/j/K1EKRq8a8R2qRnlZA6/o/c7c=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
@@ -328,9 +317,8 @@ github.com/breml/bidichk v0.2.7 h1:dAkKQPLl/Qrk7hnP6P+E0xOodrq8Us7+U0o4UBOAlQY=
 github.com/breml/bidichk v0.2.7/go.mod h1:YodjipAGI9fGcYM7II6wFvGhdMYsC5pHDlGzqvEW3tQ=
 github.com/breml/errchkjson v0.3.6 h1:VLhVkqSBH96AvXEyclMR37rZslRrY2kcyq+31HCsVrA=
 github.com/breml/errchkjson v0.3.6/go.mod h1:jhSDoFheAF2RSDOlCfhHO9KqhZgAYLyvHe7bRCX8f/U=
-github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0=
-github.com/buildkite/agent/v3 v3.52.1 h1:s2pxVsYVt/OSMDlOM+ei5ZuE3+X6WptSwSR+OnQ7Gz8=
-github.com/buildkite/agent/v3 v3.52.1/go.mod h1:MSIR+qpVb1Z663HlSqKEoIc4kkhmUFf4XazdCkxyE8E=
+github.com/buildkite/agent/v3 v3.58.0 h1:yyhsY47GZcuaKS5nlRo2jil4OSiNIP0GcNjqWD67y1Q=
+github.com/buildkite/agent/v3 v3.58.0/go.mod h1:DfwabLiZUtIJII2WVc0jufwun74iOVidQG/R46E+z+w=
 github.com/buildkite/interpolate v0.0.0-20200526001904-07f35b4ae251 h1:k6UDF1uPYOs0iy1HPeotNa155qXRWrzKnqAaGXHLZCE=
 github.com/buildkite/interpolate v0.0.0-20200526001904-07f35b4ae251/go.mod h1:gbPR1gPu9dB96mucYIR7T3B7p/78hRVSOuzIWLHK2Y4=
 github.com/butuzov/ireturn v0.2.2 h1:jWI36dxXwVrI+RnXDwux2IZOewpmfv930OuIRfaBUJ0=
@@ -361,13 +349,15 @@ github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb2
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
-github.com/clbanning/mxj/v2 v2.5.6 h1:Jm4VaCI/+Ug5Q57IzEoZbwx4iQFA6wkXv72juUSeK+g=
-github.com/clbanning/mxj/v2 v2.5.6/go.mod h1:hNiWqW14h+kc+MdF9C6/YoRfjEJoR3ou6tn/Qo+ve2s=
+github.com/clbanning/mxj/v2 v2.5.5/go.mod h1:hNiWqW14h+kc+MdF9C6/YoRfjEJoR3ou6tn/Qo+ve2s=
+github.com/clbanning/mxj/v2 v2.7.0 h1:WA/La7UGCanFe5NpHF0Q3DNtnCsVoxbPKuyBNHWRyME=
+github.com/clbanning/mxj/v2 v2.7.0/go.mod h1:hNiWqW14h+kc+MdF9C6/YoRfjEJoR3ou6tn/Qo+ve2s=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cloudevents/sdk-go/v2 v2.14.0 h1:Nrob4FwVgi5L4tV9lhjzZcjYqFVyJzsA56CwPaPfv6s=
 github.com/cloudevents/sdk-go/v2 v2.14.0/go.mod h1:xDmKfzNjM8gBvjaF8ijFjM1VYOVUEeUfapHMUX1T5To=
-github.com/cloudflare/circl v1.3.3 h1:fE/Qz0QdIGqeWfnwq0RE0R7MI51s0M2E4Ga9kq5AEMs=
 github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA=
+github.com/cloudflare/circl v1.3.5 h1:g+wWynZqVALYAlpSQFAa7TscDnUK8mKYtrxMpw6AUKo=
+github.com/cloudflare/circl v1.3.5/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
 github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
@@ -378,7 +368,6 @@ github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWH
 github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/codahale/rfc6979 v0.0.0-20141003034818-6a90f24967eb h1:EDmT6Q9Zs+SbUoc7Ik9EfrFqcylYqgPZ9ANSbTAntnE=
-github.com/codahale/rfc6979 v0.0.0-20141003034818-6a90f24967eb/go.mod h1:ZjrT6AXHbDs86ZSdt/osfBi5qfexBrKUdONk989Wnk4=
 github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be h1:J5BL2kskAlV9ckgEsNQXscjIaLiOYiZ75d4e94E6dcQ=
 github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be/go.mod h1:mk5IQ+Y0ZeO87b858TlA645sVcEcbiX6YqP98kt+7+w=
 github.com/containerd/containerd v1.7.7 h1:QOC2K4A42RQpcrZyptP6z9EJZnlHfHJUfZrAAHe15q4=
@@ -389,17 +378,17 @@ github.com/coreos/go-oidc/v3 v3.7.0 h1:FTdj0uexT4diYIPlF4yoFVI5MRO1r5+SEcIpEw9vC
 github.com/coreos/go-oidc/v3 v3.7.0/go.mod h1:yQzSCqBnK3e6Fs5l+f5i0F8Kwf0zpH9bPEsbY00KanM=
 github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/curioswitch/go-reassign v0.2.0 h1:G9UZyOcpk/d7Gd6mqYgd8XYWFMw/znxwGDUstnC9DIo=
 github.com/curioswitch/go-reassign v0.2.0/go.mod h1:x6OpXuWvgfQaMGks2BZybTngWjT84hqJfKoO8Tt/Roc=
-github.com/cyberphone/json-canonicalization v0.0.0-20220623050100-57a0ce2678a7 h1:vU+EP9ZuFUCYE0NYLwTSob+3LNEJATzNfP/DC7SWGWI=
-github.com/cyberphone/json-canonicalization v0.0.0-20220623050100-57a0ce2678a7/go.mod h1:uzvlm1mxhHkdfqitSA92i7Se+S9ksOn3a3qmv/kyOCw=
+github.com/cyberphone/json-canonicalization v0.0.0-20231011164504-785e29786b46 h1:2Dx4IHfC1yHWI12AxQDJM1QbRCDfk6M+blLzlZCXdrc=
+github.com/cyberphone/json-canonicalization v0.0.0-20231011164504-785e29786b46/go.mod h1:uzvlm1mxhHkdfqitSA92i7Se+S9ksOn3a3qmv/kyOCw=
 github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg=
 github.com/daixiang0/gci v0.11.2 h1:Oji+oPsp3bQ6bNNgX30NBAVT18P4uBH4sRZnlOlTj7Y=
 github.com/daixiang0/gci v0.11.2/go.mod h1:xtHP9N7AHdNvtRNfcx9gwTDfw7FRJx4bZUsiEfiNNAI=
-github.com/danieljoos/wincred v1.1.2 h1:QLdCxFs1/Yl4zduvBdcHB8goaYk9RARS2SgLLRuAyr0=
-github.com/danieljoos/wincred v1.1.2/go.mod h1:GijpziifJoIBfYh+S7BbkdUTU4LfM+QnGqR5Vl2tAx0=
+github.com/danieljoos/wincred v1.2.0 h1:ozqKHaLK0W/ii4KVbbvluM91W2H3Sh0BncbUNPS7jLE=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
@@ -416,36 +405,35 @@ github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2/go.mod h1:SqUrOPUn
 github.com/digitorus/pkcs7 v0.0.0-20230713084857-e76b763bdc49/go.mod h1:SKVExuS+vpu2l9IoOc0RwqE7NYnb0JlcFHFnEJkVDzc=
 github.com/digitorus/pkcs7 v0.0.0-20230818184609-3a137a874352 h1:ge14PCmCvPjpMQMIAH7uKg0lrtNSOdpYsRXlwk3QbaE=
 github.com/digitorus/pkcs7 v0.0.0-20230818184609-3a137a874352/go.mod h1:SKVExuS+vpu2l9IoOc0RwqE7NYnb0JlcFHFnEJkVDzc=
-github.com/digitorus/timestamp v0.0.0-20230821155606-d1ad5ca9624c h1:kgG83Hfj3YXkUbrihwBxDc0COzP1ZejiDSr4/fItT0E=
-github.com/digitorus/timestamp v0.0.0-20230821155606-d1ad5ca9624c/go.mod h1:GvWntX9qiTlOud0WkQ6ewFm0LPy5JUR1Xo0Ngbd1w6Y=
+github.com/digitorus/timestamp v0.0.0-20230902153158-687734543647 h1:WOk5Aclr/+sZ2/SX2YyxulNFwZOUhSrDJLw5KbHKmdE=
+github.com/digitorus/timestamp v0.0.0-20230902153158-687734543647/go.mod h1:GvWntX9qiTlOud0WkQ6ewFm0LPy5JUR1Xo0Ngbd1w6Y=
 github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U=
 github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE=
 github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI=
-github.com/docker/cli v24.0.0+incompatible h1:0+1VshNwBQzQAx9lOl+OYCTCEAD8fKs/qeXMx3O0wqM=
-github.com/docker/cli v24.0.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
-github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8=
-github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
+github.com/docker/cli v24.0.7+incompatible h1:wa/nIwYFW7BVTGa7SWPVyyXU9lgORqUb1xfI36MSkFg=
+github.com/docker/cli v24.0.7+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
+github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk=
+github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
 github.com/docker/docker v24.0.7+incompatible h1:Wo6l37AuwP3JaMnZa226lzVXGA3F9Ig1seQen0cKYlM=
 github.com/docker/docker v24.0.7+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
-github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A=
-github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0=
-github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
+github.com/docker/docker-credential-helpers v0.8.0 h1:YQFtbBQb4VrpoPxhFuzEBPQ9E16qz5SpHLS+uswaCp8=
+github.com/docker/docker-credential-helpers v0.8.0/go.mod h1:UGFXcuoQ5TxPiB54nHOZ32AWRqQdECoh/Mg0AlEYb40=
 github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
 github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=
 github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
 github.com/dvyukov/go-fuzz v0.0.0-20210103155950-6a8e9d1f2415/go.mod h1:11Gm+ccJnvAhCNLlf5+cS9KjtbaD5I5zaZpFMsTHWTw=
 github.com/eapache/go-resiliency v1.2.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs=
-github.com/eapache/go-resiliency v1.3.0 h1:RRL0nge+cWGlxXbUzJ7yMcq6w2XBEr19dCN6HECGaT0=
-github.com/eapache/go-resiliency v1.3.0/go.mod h1:5yPzW0MIvSe0JDsv0v+DvcjEv2FyD6iZYSs1ZI+iQho=
+github.com/eapache/go-resiliency v1.4.0 h1:3OK9bWpPk5q6pbFAaYSEwD9CLUSHG8bnZuqX2yMt3B0=
+github.com/eapache/go-resiliency v1.4.0/go.mod h1:5yPzW0MIvSe0JDsv0v+DvcjEv2FyD6iZYSs1ZI+iQho=
 github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU=
 github.com/eapache/go-xerial-snappy v0.0.0-20230731223053-c322873962e3 h1:Oy0F4ALJ04o5Qqpdz8XLIpNA3WM/iSIXqxtqo7UGVws=
 github.com/eapache/go-xerial-snappy v0.0.0-20230731223053-c322873962e3/go.mod h1:YvSRo5mw33fLEx1+DlK6L2VV43tJt5Eyel9n9XBcR+0=
 github.com/eapache/queue v1.1.0 h1:YOEu7KNc61ntiQlcEeUIoDTJ2o8mQznoNvUhiigpIqc=
 github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I=
-github.com/ebitengine/purego v0.4.0-alpha.4.0.20230519103000-ee8dcecc618f h1:v8f0ADMg0RBM0+5rb8qCFj/XlPkjo+xkyCLuUpBnj9s=
-github.com/ebitengine/purego v0.4.0-alpha.4.0.20230519103000-ee8dcecc618f/go.mod h1:ah1In8AOtksoNK6yk5z1HTJeUkC1Ez4Wk2idgGslMwQ=
-github.com/emicklei/go-restful/v3 v3.10.2 h1:hIovbnmBTLjHXkqEBUz3HGpXZdM7ZrE9fJIZIqlJLqE=
-github.com/emicklei/go-restful/v3 v3.10.2/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
+github.com/ebitengine/purego v0.5.0 h1:JrMGKfRIAM4/QVKaesIIT7m/UVjTj5GYhRSQYwfVdpo=
+github.com/ebitengine/purego v0.5.0/go.mod h1:ah1In8AOtksoNK6yk5z1HTJeUkC1Ez4Wk2idgGslMwQ=
+github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g=
+github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
 github.com/emirpasic/gods v1.12.0/go.mod h1:YfzfFFoVP/catgzJb4IKIqXjX78Ha8FMSDh3ymbK86o=
 github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc=
 github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ=
@@ -467,9 +455,6 @@ github.com/evanphx/json-patch v4.12.0+incompatible h1:4onqiflcdA9EOZ4RxV643DvftH
 github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/evanphx/json-patch/v5 v5.6.0 h1:b91NhWfaz02IuVxO9faSllyAtNXHMPkC5J8sJCLunww=
 github.com/evanphx/json-patch/v5 v5.6.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4=
-github.com/facebookgo/clock v0.0.0-20150410010913-600d898af40a h1:yDWHCSQ40h88yih2JAcL6Ls/kVkSE8GFACTGVnMPruw=
-github.com/facebookgo/limitgroup v0.0.0-20150612190941-6abd8d71ec01 h1:IeaD1VDVBPlx3viJT9Md8if8IxxJnO+x0JCGb054heg=
-github.com/facebookgo/muster v0.0.0-20150708232844-fd3d7953fd52 h1:a4DFiKFJiDRGFD1qIcqGLX/WlUMD9dyLSLDt+9QZgt8=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
 github.com/fatih/color v1.15.0 h1:kOqh6YHBtK8aywxGerMG2Eq3H6Qgoqeo13Bk2Mv/nBs=
 github.com/fatih/color v1.15.0/go.mod h1:0h5ZqXfHYED7Bhv2ZJamyIOUej9KtShiJESRwBDUSsw=
@@ -477,8 +462,6 @@ github.com/fatih/structtag v1.2.0 h1:/OdNE99OxoI/PqaW/SuSK9uxxT3f/tcSZgon/ssNSx4
 github.com/fatih/structtag v1.2.0/go.mod h1:mBJUNpUnHmRKrKlQQlmCrh5PuhftFbNv8Ys4/aAZl94=
 github.com/firefart/nonamedreturns v1.0.4 h1:abzI1p7mAEPYuR4A+VLKn4eNDOycjYo2phmY9sfv40Y=
 github.com/firefart/nonamedreturns v1.0.4/go.mod h1:TDhe/tjI1BXo48CmYbUduTV7BdIga8MAO/xbKdcVsGI=
-github.com/flowstack/go-jsonschema v0.1.1/go.mod h1:yL7fNggx1o8rm9RlgXv7hTBWxdBM0rVwpMwimd3F3N0=
-github.com/flynn/go-docopt v0.0.0-20140912013429-f6dd2ebbb31e/go.mod h1:HyVoz1Mz5Co8TFO8EupIdlcpwShBmY98dkT2xeHkvEI=
 github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
 github.com/fortytw2/leaktest v1.3.0 h1:u8491cBMTQ8ft8aeV+adlcytMZylmA5nnwwkRZjI8vw=
 github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g=
@@ -487,12 +470,12 @@ github.com/frankban/quicktest v1.14.4 h1:g2rn0vABPOOXmZUj+vbmUp0lPoXEMuhTpIluN0X
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
 github.com/fsnotify/fsnotify v1.5.4/go.mod h1:OVB6XrOHzAwXMpEM7uPOzcehqUV2UqJxmVXmkdnm1bU=
-github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
-github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=
+github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
+github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
 github.com/fzipp/gocyclo v0.6.0 h1:lsblElZG7d3ALtGMx9fmxeTKZaLLpU8mET09yN4BBLo=
 github.com/fzipp/gocyclo v0.6.0/go.mod h1:rXPyn8fnlpa0R2csP/31uerbiVBugk5whMdlyaLkLoA=
-github.com/gabriel-vasile/mimetype v1.4.2 h1:w5qFW6JKBz9Y393Y4q372O9A7cUSequkh1Q7OhCmWKU=
-github.com/gabriel-vasile/mimetype v1.4.2/go.mod h1:zApsH/mKG4w07erKIaJPFiX0Tsq9BFQgN3qGY5GnNgA=
+github.com/gabriel-vasile/mimetype v1.4.3 h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uqxgUFjbI0=
+github.com/gabriel-vasile/mimetype v1.4.3/go.mod h1:d8uq/6HKRL6CGdk+aubisF/M5GcPfT7nKyLpA0lbSSk=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/ghostiam/protogetter v0.2.3 h1:qdv2pzo3BpLqezwqfGDLZ+nHEYmc5bUpIdsMbBVwMjw=
 github.com/ghostiam/protogetter v0.2.3/go.mod h1:KmNLOsy1v04hKbvZs8EfGI1fk39AgTdRDxWNYPfXVc4=
@@ -524,8 +507,8 @@ github.com/go-logfmt/logfmt v0.6.0/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KE
 github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
 github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ=
-github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY=
+github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
 github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
 github.com/go-openapi/analysis v0.21.2/go.mod h1:HZwRk4RRisyG8vx2Oe6aqeSQcoxRp47Xkp3+K6q+LdY=
@@ -538,8 +521,9 @@ github.com/go-openapi/errors v0.20.4 h1:unTcVm6PispJsMECE3zWgvG4xTiKda1LIR5rCRWL
 github.com/go-openapi/errors v0.20.4/go.mod h1:Z3FlZ4I8jEGxjUK+bugx3on2mIAk4txuAOhlsB1FSgk=
 github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
 github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
-github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE=
 github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs=
+github.com/go-openapi/jsonpointer v0.20.0 h1:ESKJdU9ASRfaPNOPRx12IUyA1vn3R9GiE3KYD14BXdQ=
+github.com/go-openapi/jsonpointer v0.20.0/go.mod h1:6PGzBjjIIumbLYysB73Klnms1mwnU4G3YHOECG3CedA=
 github.com/go-openapi/jsonreference v0.19.6/go.mod h1:diGHMEHg2IqXZGKxqyvWdfWU/aim5Dprw5bqpKkTvns=
 github.com/go-openapi/jsonreference v0.20.0/go.mod h1:Ag74Ico3lPc+zR+qjn4XBUmXymS4zJbYVCZmcgkasdo=
 github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE=
@@ -701,10 +685,10 @@ github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Z
 github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/cel-go v0.12.6 h1:kjeKudqV0OygrAqA9fX6J55S8gj+Jre2tckIm5RoG4M=
 github.com/google/cel-go v0.12.6/go.mod h1:Jk7ljRzLBhkmiAwBoUxB1sZSCVBAzkqPF25olK/iRDw=
-github.com/google/certificate-transparency-go v1.1.6 h1:SW5K3sr7ptST/pIvNkSVWMiJqemRmkjJPPT0jzXdOOY=
-github.com/google/certificate-transparency-go v1.1.6/go.mod h1:0OJjOsOk+wj6aYQgP7FU0ioQ0AJUmnWPFMqTjQeazPQ=
-github.com/google/gnostic v0.6.9 h1:ZK/5VhkoX835RikCHpSUJV9a+S3e1zLh59YnyWeBW+0=
-github.com/google/gnostic v0.6.9/go.mod h1:Nm8234We1lq6iB9OmlgNv3nH91XLLVZHCDayfA3xq+E=
+github.com/google/certificate-transparency-go v1.1.7 h1:IASD+NtgSTJLPdzkthwvAG1ZVbF2WtFg4IvoA68XGSw=
+github.com/google/certificate-transparency-go v1.1.7/go.mod h1:FSSBo8fyMVgqptbfF6j5p/XNdgQftAhSmXcIxV9iphE=
+github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 h1:0VpGH+cDhbDtdcweoyCVsF3fhN8kejK6rFe/2FFX2nU=
+github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49/go.mod h1:BkkQ4L1KS1xMt2aWSPStnn55ChGC0DPOn2FQYj+f25M=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
@@ -728,8 +712,8 @@ github.com/google/go-containerregistry/pkg/authn/k8schain v0.0.0-20230625233257-
 github.com/google/go-containerregistry/pkg/authn/k8schain v0.0.0-20230625233257-b8504803389b/go.mod h1:Ek+8PQrShkA7aHEj3/zSW33wU0V/Bx3zW/gFh7l21xY=
 github.com/google/go-containerregistry/pkg/authn/kubernetes v0.0.0-20230516205744-dbecb1de8cfa h1:+MG+Q2Q7mtW6kCIbUPZ9ZMrj7xOWDKI1hhy1qp0ygI0=
 github.com/google/go-containerregistry/pkg/authn/kubernetes v0.0.0-20230516205744-dbecb1de8cfa/go.mod h1:KdL98/Va8Dy1irB6lTxIRIQ7bQj4lbrlvqUzKEQ+ZBU=
-github.com/google/go-github/v53 v53.2.0 h1:wvz3FyF53v4BK+AsnvCmeNhf8AkTaeh2SoYu/XUvTtI=
-github.com/google/go-github/v53 v53.2.0/go.mod h1:XhFRObz+m/l+UCm9b7KSIC3lT3NWSXGt7mOsAWEloao=
+github.com/google/go-github/v55 v55.0.0 h1:4pp/1tNMB9X/LuAhs5i0KQAE40NmiR/y6prLNb9x9cg=
+github.com/google/go-github/v55 v55.0.0/go.mod h1:JLahOTA1DnXzhxEymmFF5PP2tSS9JVNj68mSZNDwskA=
 github.com/google/go-licenses v1.6.0 h1:MM+VCXf0slYkpWO0mECvdYDVCxZXIQNal5wqUIXEZ/A=
 github.com/google/go-licenses v1.6.0/go.mod h1:Z8jgz2isEhdenOqd/00pq7I4y4k1xVVQJv415otjclo=
 github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=
@@ -815,12 +799,14 @@ github.com/gostaticanalysis/nilerr v0.1.1 h1:ThE+hJP0fEp4zWLkWHWcRyI2Od0p7DlgYG3
 github.com/gostaticanalysis/nilerr v0.1.1/go.mod h1:wZYb6YI5YAxxq0i1+VJbY0s2YONW0HU0GPE3+5PWN4A=
 github.com/gostaticanalysis/testutil v0.3.1-0.20210208050101-bfb5c8eec0e4/go.mod h1:D+FIZ+7OahH3ePw/izIEeH5I06eKs1IKI4Xr64/Am3M=
 github.com/gostaticanalysis/testutil v0.4.0 h1:nhdCmubdmDF6VEatUNjgUZBJKWRqugoISdUv3PPQgHY=
+github.com/gowebpki/jcs v1.0.1 h1:Qjzg8EOkrOTuWP7DqQ1FbYtcpEbeTzUoTN9bptp8FOU=
+github.com/gowebpki/jcs v1.0.1/go.mod h1:CID1cNZ+sHp1CCpAR8mPf6QRtagFBgPJE0FCUQ6+BrI=
 github.com/grafeas/grafeas v0.2.3 h1:B9Bgc3ZQjPhqXKmro95Dfyb+GlE6D1pMuExT+n66ChE=
 github.com/grafeas/grafeas v0.2.3/go.mod h1:O+UvNYn4LhdKR59XrxRDWwr2bbheR1KRRNdD8mJpxs4=
 github.com/grpc-ecosystem/grpc-gateway v1.14.6/go.mod h1:zdiPV4Yse/1gnckTHtghG4GkDEdKCRJduHpTxT3/jcw=
 github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 h1:YBftPWNWd4WwGqtY2yeZL2ef8rHAxPBD8KFhJpmcqms=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0/go.mod h1:YN5jB8ie0yfIUg6VvR9Kz84aCaG7AsGZnLjhHbUqwPg=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.18.0 h1:RtRsiaGvWxcwd8y3BiRZxsylPT8hLWZ5SPcfI+3IDNk=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.18.0/go.mod h1:TzP6duP4Py2pHLVPPQp42aoYI92+PCrVotyR5e8Vqlk=
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
 github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
@@ -840,8 +826,9 @@ github.com/hashicorp/go-secure-stdlib/parseutil v0.1.7/go.mod h1:QmrqtbKuxxSWTN3
 github.com/hashicorp/go-secure-stdlib/strutil v0.1.1/go.mod h1:gKOamz3EwoIoJq7mlMIRBpVTAUn8qPCrEclOKKWhD3U=
 github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 h1:kes8mmyCpxJsI7FTwtzRqEy9CdjCtrXrXGuOpxEA7Ts=
 github.com/hashicorp/go-secure-stdlib/strutil v0.1.2/go.mod h1:Gou2R9+il93BqX25LAKCLuM+y9U2T4hlwvT1yprcna4=
-github.com/hashicorp/go-sockaddr v1.0.2 h1:ztczhD1jLxIRjVejw8gFomI1BQZOe2WoVOu0SyteCQc=
 github.com/hashicorp/go-sockaddr v1.0.2/go.mod h1:rB4wwRAUzs07qva3c5SdrY/NEtAUjGlgmH/UkBUC97A=
+github.com/hashicorp/go-sockaddr v1.0.5 h1:dvk7TIXCZpmfOlM+9mlcrWmWjw/wlKT+VDq2wMvfPJU=
+github.com/hashicorp/go-sockaddr v1.0.5/go.mod h1:uoUUmtwU7n9Dv3O4SNLeFvg0SxQ3lyjsj6+CCykpaxI=
 github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
 github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8=
 github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
@@ -852,20 +839,18 @@ github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ
 github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v1.0.2 h1:dV3g9Z/unq5DpblPpw+Oqcv4dU/1omnb4Ok8iPY6p1c=
 github.com/hashicorp/golang-lru v1.0.2/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
-github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
-github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
+github.com/hashicorp/hcl v1.0.1-vault-5 h1:kI3hhbbyzr4dldA8UdTb7ZlVVlI2DACdCfz31RPDgJM=
+github.com/hashicorp/hcl v1.0.1-vault-5/go.mod h1:XYhtn6ijBSAj6n4YqAaf7RBPS4I06AItNorpy+MoQNM=
 github.com/hashicorp/vault/api v1.10.0 h1:/US7sIjWN6Imp4o/Rj1Ce2Nr5bki/AXi9vAW3p2tOJQ=
 github.com/hashicorp/vault/api v1.10.0/go.mod h1:jo5Y/ET+hNyz+JnKDt8XLAdKs+AM0G5W0Vp1IrFI8N8=
 github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM=
 github.com/hexops/gotextdiff v1.0.3/go.mod h1:pSWU5MAI3yDq+fZBTazCSJysOMbxWL1BSow5/V2vxeg=
-github.com/honeycombio/beeline-go v1.10.0 h1:cUDe555oqvw8oD76BQJ8alk7FP0JZ/M/zXpNvOEDLDc=
-github.com/honeycombio/libhoney-go v1.16.0 h1:kPpqoz6vbOzgp7jC6SR7SkNj7rua7rgxvznI6M3KdHc=
 github.com/howeyc/gopass v0.0.0-20210920133722-c8aef6fb66ef h1:A9HsByNhogrvm9cWb28sjiS3i7tcKCkflWFEkHfuAgM=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
-github.com/imdario/mergo v0.3.15 h1:M8XP7IuFNsqUx6VPK2P9OSmsYsI/YFaGil0uD21V3dM=
-github.com/imdario/mergo v0.3.15/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
+github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4=
+github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
 github.com/in-toto/in-toto-golang v0.9.0 h1:tHny7ac4KgtsfrG6ybU8gVOZux2H8jN05AXJ9EBM1XU=
 github.com/in-toto/in-toto-golang v0.9.0/go.mod h1:xsBVrVsHNsB61++S6Dy2vWosKhuA3lUTQd+eF9HdeMo=
 github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
@@ -890,8 +875,8 @@ github.com/jcmturner/rpc/v2 v2.0.3 h1:7FXXj8Ti1IaVFpSAziCZWNzbNuZmnvw/i6CqLNdWfZ
 github.com/jcmturner/rpc/v2 v2.0.3/go.mod h1:VUJYCIDm3PVOEHw8sgt091/20OJjskO/YJki3ELg/Hc=
 github.com/jdolitsky/glog v0.0.0-20220729172235-78744e90d087 h1:3yec2Rfyr8SpXbK1fcsclj+z/V28HfRHcgIHXbk5pLk=
 github.com/jdolitsky/glog v0.0.0-20220729172235-78744e90d087/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4=
-github.com/jedisct1/go-minisign v0.0.0-20211028175153-1c139d1cc84b h1:ZGiXF8sz7PDk6RgkP+A/SFfUD0ZR/AgG6SpRNEDKZy8=
-github.com/jedisct1/go-minisign v0.0.0-20211028175153-1c139d1cc84b/go.mod h1:hQmNrgofl+IY/8L+n20H6E6PWBBTokdsv+q49j0QhsU=
+github.com/jedisct1/go-minisign v0.0.0-20230811132847-661be99b8267 h1:TMtDYDHKYY15rFihtRfck/bfFqNfvcabqvXAFQfAUpY=
+github.com/jedisct1/go-minisign v0.0.0-20230811132847-661be99b8267/go.mod h1:h1nSAbGFqGVzn6Jyl1R/iCcBUHN4g+gW1u9CoBTrb9E=
 github.com/jellydator/ttlcache/v3 v3.1.0 h1:0gPFG0IHHP6xyUyXq+JaD8fwkDCqgqwohXNJBcYE71g=
 github.com/jellydator/ttlcache/v3 v3.1.0/go.mod h1:hi7MGFdMAwZna5n2tuvh63DvFLzVKySzCVW6+0gA2n4=
 github.com/jenkins-x/go-scm v1.14.14 h1:a4c3z4+FVPMWMl59hgdLZNbnbc0Z0/Ln6fHXS0hLAyY=
@@ -906,7 +891,7 @@ github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9Y
 github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
 github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
 github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
-github.com/jmhodges/clock v0.0.0-20160418191101-880ee4c33548 h1:dYTbLf4m0a5u0KLmPfB6mgxbcV7588bOCx79hxa5Sr4=
+github.com/jmhodges/clock v1.2.0 h1:eq4kys+NI0PLngzaHEe7AmPT90XMGIEySD1JfV1PDIs=
 github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg=
 github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
 github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
@@ -938,8 +923,8 @@ github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+o
 github.com/kkHAIKE/contextcheck v1.1.4 h1:B6zAaLhOEEcjvUgIYEqystmnFk1Oemn8bvJhbt0GMb8=
 github.com/kkHAIKE/contextcheck v1.1.4/go.mod h1:1+i/gWqokIa+dm31mqGLZhZJ7Uh44DJGZVmr6QRBNJg=
 github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
-github.com/klauspost/compress v1.17.0 h1:Rnbp4K9EjcDuVuHtd0dgA4qNuv9yKDYKK1ulpJwgrqM=
-github.com/klauspost/compress v1.17.0/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
+github.com/klauspost/compress v1.17.2 h1:RlWWUY/Dr4fL8qk9YG7DTZ7PDgME2V4csBXA8L/ixi4=
+github.com/klauspost/compress v1.17.2/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
@@ -970,21 +955,21 @@ github.com/leodido/go-urn v1.2.4 h1:XlAE/cm/ms7TE/VMVoduSpNBoyc2dOxHs5MZSwAN63Q=
 github.com/leodido/go-urn v1.2.4/go.mod h1:7ZrI8mTSeBSHl/UaRyKQW1qZeMgak41ANeCNaVckg+4=
 github.com/leonklingele/grouper v1.1.1 h1:suWXRU57D4/Enn6pXR0QVqqWWrnJ9Osrz+5rjt8ivzU=
 github.com/leonklingele/grouper v1.1.1/go.mod h1:uk3I3uDfi9B6PeUjsCKi6ndcf63Uy7snXgR4yDYQVDY=
-github.com/lestrrat-go/blackmagic v1.0.1 h1:lS5Zts+5HIC/8og6cGHb0uCcNCa3OUt1ygh3Qz2Fe80=
-github.com/lestrrat-go/blackmagic v1.0.1/go.mod h1:UrEqBzIR2U6CnzVyUtfM6oZNMt/7O7Vohk2J0OGSAtU=
+github.com/lestrrat-go/blackmagic v1.0.2 h1:Cg2gVSc9h7sz9NOByczrbUvLopQmXrfFx//N+AkAr5k=
+github.com/lestrrat-go/blackmagic v1.0.2/go.mod h1:UrEqBzIR2U6CnzVyUtfM6oZNMt/7O7Vohk2J0OGSAtU=
 github.com/lestrrat-go/httpcc v1.0.1 h1:ydWCStUeJLkpYyjLDHihupbn2tYmZ7m22BGkcvZZrIE=
 github.com/lestrrat-go/httpcc v1.0.1/go.mod h1:qiltp3Mt56+55GPVCbTdM9MlqhvzyuL6W/NMDA8vA5E=
 github.com/lestrrat-go/httprc v1.0.4 h1:bAZymwoZQb+Oq8MEbyipag7iSq6YIga8Wj6GOiJGdI8=
 github.com/lestrrat-go/httprc v1.0.4/go.mod h1:mwwz3JMTPBjHUkkDv/IGJ39aALInZLrhBp0X7KGUZlo=
 github.com/lestrrat-go/iter v1.0.2 h1:gMXo1q4c2pHmC3dn8LzRhJfP1ceCbgSiT9lUydIzltI=
 github.com/lestrrat-go/iter v1.0.2/go.mod h1:Momfcq3AnRlRjI5b5O8/G5/BvpzrhoFTZcn06fEOPt4=
-github.com/lestrrat-go/jwx/v2 v2.0.11 h1:ViHMnaMeaO0qV16RZWBHM7GTrAnX2aFLVKofc7FuKLQ=
-github.com/lestrrat-go/jwx/v2 v2.0.11/go.mod h1:ZtPtMFlrfDrH2Y0iwfa3dRFn8VzwBrB+cyrm3IBWdDg=
+github.com/lestrrat-go/jwx/v2 v2.0.16 h1:TuH3dBkYTy2giQg/9D8f20znS3JtMRuQJ372boS3lWk=
+github.com/lestrrat-go/jwx/v2 v2.0.16/go.mod h1:jBHyESp4e7QxfERM0UKkQ80/94paqNIEcdEfiUYz5zE=
 github.com/lestrrat-go/option v1.0.0/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I=
 github.com/lestrrat-go/option v1.0.1 h1:oAzP2fvZGQKWkvHa1/SAcFolBEca1oN+mQ7eooNBEYU=
 github.com/lestrrat-go/option v1.0.1/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I=
-github.com/letsencrypt/boulder v0.0.0-20221109233200-85aa52084eaf h1:ndns1qx/5dL43g16EQkPV/i8+b3l5bYQwLeoSBe7tS8=
-github.com/letsencrypt/boulder v0.0.0-20221109233200-85aa52084eaf/go.mod h1:aGkAgvWY/IUcVFfuly53REpfv5edu25oij+qHRFaraA=
+github.com/letsencrypt/boulder v0.0.0-20231026200631-000cd05d5491 h1:WGrKdjHtWC67RX96eTkYD2f53NDHhrq/7robWTAfk4s=
+github.com/letsencrypt/boulder v0.0.0-20231026200631-000cd05d5491/go.mod h1:o158RFmdEbYyIZmXAbrvmJWesbyxlLKee6X64VPVuOc=
 github.com/lufeee/execinquery v1.2.1 h1:hf0Ems4SHcUGBxpGN7Jz78z1ppVkP/837ZlETPCEtOM=
 github.com/lufeee/execinquery v1.2.1/go.mod h1:EC7DrEKView09ocscGHC+apXMIaorh4xqSxS/dy8SbM=
 github.com/macabu/inamedparam v0.1.2 h1:RR5cnayM6Q7cDhQol32DE2BGAPGMnffJ31LFE+UklaU=
@@ -1011,11 +996,11 @@ github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxec
 github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
 github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
 github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
-github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA=
-github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
+github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
-github.com/mattn/go-runewidth v0.0.14 h1:+xnbZSEeDbOIg5/mE6JF0w6n9duR1l3/WmbinWVwUuU=
-github.com/mattn/go-runewidth v0.0.14/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
+github.com/mattn/go-runewidth v0.0.15 h1:UNAjwbU9l54TA3KzvqLGxwWjHmMgBUVhBiTjelZgg3U=
+github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
 github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 h1:jWpvCLoY8Z/e3VKvlsiIGKtc+UG6U5vzxaoagmhXfyg=
 github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0/go.mod h1:QUyp042oQthUoa9bqDv0ER0wrtXnBruoNd7aNjkbP+k=
@@ -1077,18 +1062,15 @@ github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N
 github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
 github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk=
-github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY=
 github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0=
 github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
 github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU=
-github.com/onsi/ginkgo/v2 v2.0.0/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c=
 github.com/onsi/ginkgo/v2 v2.1.3/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c=
 github.com/onsi/ginkgo/v2 v2.13.0 h1:0jY9lJquiL8fcf3M4LAXN5aMlS/b2BV86HFFPCPMgE4=
 github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
 github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
 github.com/onsi/gomega v1.16.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY=
 github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY=
-github.com/onsi/gomega v1.18.1/go.mod h1:0q+aL8jAiMXy9hbwj2mr5GziHiwhAIQpFmmtT5hitRs=
 github.com/onsi/gomega v1.19.0/go.mod h1:LY+I3pBVzYsTBU1AnDwOSxaYi9WoWiqgwooUqq9yPro=
 github.com/onsi/gomega v1.28.1 h1:MijcGUbfYuznzK/5R4CPNoUP/9Xvuo20sXfEm6XxoTA=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
@@ -1107,8 +1089,8 @@ github.com/otiai10/curr v1.0.0/go.mod h1:LskTG5wDwr8Rs+nNQ+1LlxRjAtTZZjtJW4rMXl6
 github.com/otiai10/mint v1.3.0/go.mod h1:F5AjcsTsWUqX+Na9fpHb52P8pcRX2CI6A3ctIT91xUo=
 github.com/otiai10/mint v1.3.1/go.mod h1:/yxELlJQ0ufhjUwhshSj+wFjZ78CnZ48/1wtmBH1OTc=
 github.com/otiai10/mint v1.3.2/go.mod h1:/yxELlJQ0ufhjUwhshSj+wFjZ78CnZ48/1wtmBH1OTc=
-github.com/outcaste-io/ristretto v0.2.1 h1:KCItuNIGJZcursqHr3ghO7fc5ddZLEHspL9UR0cQM64=
-github.com/outcaste-io/ristretto v0.2.1/go.mod h1:W8HywhmtlopSB1jeMg3JtdIhf+DYkLAr0VN/s4+MHac=
+github.com/outcaste-io/ristretto v0.2.3 h1:AK4zt/fJ76kjlYObOeNwh4T3asEuaCmp26pOvUOL9w0=
+github.com/outcaste-io/ristretto v0.2.3/go.mod h1:W8HywhmtlopSB1jeMg3JtdIhf+DYkLAr0VN/s4+MHac=
 github.com/pborman/uuid v1.2.1 h1:+ZZIw58t/ozdjRaXh/3awHfmWRbzYxJoAdNJxe/3pvw=
 github.com/pborman/uuid v1.2.1/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k=
 github.com/pelletier/go-buffruneio v0.2.0/go.mod h1:JkE26KsDizTr40EUHkXVtNPvgGtbSNq5BcowyYOWdKo=
@@ -1164,8 +1146,8 @@ github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k
 github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo=
 github.com/prometheus/statsd_exporter v0.21.0 h1:hA05Q5RFeIjgwKIYEdFd59xu5Wwaznf33yKI+pyX6T8=
 github.com/prometheus/statsd_exporter v0.21.0/go.mod h1:rbT83sZq2V+p73lHhPZfMc3MLCHmSHelCh9hSGYNLTQ=
-github.com/puzpuzpuz/xsync/v2 v2.4.1 h1:aGdE1C/HaR/QC6YAFdtZXi60Df8/qBIrs8PKrzkItcM=
-github.com/puzpuzpuz/xsync/v2 v2.4.1/go.mod h1:gD2H2krq/w52MfPLE+Uy64TzJDVY7lP2znR9qmR35kU=
+github.com/puzpuzpuz/xsync/v2 v2.5.1 h1:mVGYAvzDSu52+zaGyNjC+24Xw2bQi3kTr4QJ6N9pIIU=
+github.com/puzpuzpuz/xsync/v2 v2.5.1/go.mod h1:gD2H2krq/w52MfPLE+Uy64TzJDVY7lP2znR9qmR35kU=
 github.com/quasilyte/go-ruleguard v0.4.0 h1:DyM6r+TKL+xbKB4Nm7Afd1IQh9kEUKQs2pboWGKtvQo=
 github.com/quasilyte/go-ruleguard v0.4.0/go.mod h1:Eu76Z/R8IXtViWUIHkE3p8gdH3/PKk1eh3YGfaEof10=
 github.com/quasilyte/gogrep v0.5.0 h1:eTKODPXbI8ffJMN+W2aE0+oL0z/nh8/5eNdiO34SOAo=
@@ -1178,8 +1160,9 @@ github.com/rabbitmq/amqp091-go v1.1.0/go.mod h1:ogQDLSOACsLPsIq0NpbtiifNZi2YOz0V
 github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 h1:N/ElC8H3+5XpJzTSTfLsJV/mx9Q9g7kxmchpfZyxgzM=
 github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
 github.com/richardartoul/molecule v1.0.1-0.20221107223329-32cfee06a052 h1:Qp27Idfgi6ACvFQat5+VJvlYToylpM/hcyLBI3WaKPA=
-github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
+github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis=
+github.com/rivo/uniseg v0.4.4/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
 github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
 github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/rogpeppe/go-internal v1.2.2/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
@@ -1207,7 +1190,6 @@ github.com/sashamelentyev/usestdlibvars v1.24.0/go.mod h1:9cYkq+gYJ+a5W2RPdhfaSC
 github.com/sassoftware/relic v7.2.1+incompatible h1:Pwyh1F3I0r4clFJXkSI8bOyJINGqpgjJU3DYAZeI05A=
 github.com/sassoftware/relic v7.2.1+incompatible/go.mod h1:CWfAxv73/iLZ17rbyhIEq3K9hs5w6FpNMdUT//qR+zk=
 github.com/sassoftware/relic/v7 v7.6.1 h1:O5s8ewCgq5QYNpv45dK4u6IpBmDM9RIcsbf/G1uXepQ=
-github.com/secure-systems-lab/go-securesystemslib v0.3.1/go.mod h1:o8hhjkbNl2gOamKUA/eNW3xUrntHT9L4W89W1nfj43U=
 github.com/secure-systems-lab/go-securesystemslib v0.7.0 h1:OwvJ5jQf9LnIAS83waAjPbcMsODrTQUpJ02eNLUoxBg=
 github.com/secure-systems-lab/go-securesystemslib v0.7.0/go.mod h1:/2gYnlnHVQ6xeGtfIqFy7Do03K4cdCY0A/GlJLDKLHI=
 github.com/securego/gosec/v2 v2.18.2 h1:DkDt3wCiOtAHf1XkiXZBhQ6m6mK/b9T/wD257R3/c+I=
@@ -1229,10 +1211,10 @@ github.com/shurcooL/go v0.0.0-20180423040247-9e1955d9fb6e/go.mod h1:TDJrrUr11Vxr
 github.com/shurcooL/go-goon v0.0.0-20170922171312-37c2f522c041/go.mod h1:N5mDOmsrJOB+vfqUK+7DmDyjhSLIIBnXo9lvZJj3MWQ=
 github.com/shurcooL/graphql v0.0.0-20181231061246-d48a9a75455f h1:tygelZueB1EtXkPI6mQ4o9DQ0+FKW41hTbunoXZCTqk=
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
-github.com/sigstore/cosign/v2 v2.2.0 h1:MV/ALD1/e/JgxXXCdCNxlIRk2NB3Irb4MKPozd8SPR8=
-github.com/sigstore/cosign/v2 v2.2.0/go.mod h1:Kcm7lTZbpiEpA3wPCqRygTUdLpX8CNT+36rODTCBr1M=
-github.com/sigstore/fulcio v1.4.0 h1:05+k8BFvwTQzfCkVxESWzCN4b70KIRliGYz0Upmdrs8=
-github.com/sigstore/fulcio v1.4.0/go.mod h1:wcjlktbhoy6+ZTxO3yXpvqUxsLV+JEH4FF3a5Jz4VPI=
+github.com/sigstore/cosign/v2 v2.2.1 h1:HauwPOMYYaVdQsnvUbF0P+ZsVPrkTB0G7Eq65+z1bQc=
+github.com/sigstore/cosign/v2 v2.2.1/go.mod h1:4l1hELKWoFYzZ/p7+umrK6dhdBoBW0JbQRCIjOZIM9g=
+github.com/sigstore/fulcio v1.4.3 h1:9JcUCZjjVhRF9fmhVuz6i1RyhCc/EGCD7MOl+iqCJLQ=
+github.com/sigstore/fulcio v1.4.3/go.mod h1:BQPWo7cfxmJwgaHlphUHUpFkp5+YxeJes82oo39m5og=
 github.com/sigstore/rekor v1.3.3 h1:pLZ0UjutL7SUdeiysmJCabnRqvI7DsIxnJj8c/+e0Fk=
 github.com/sigstore/rekor v1.3.3/go.mod h1:GO3udo2Xiu3/Uz4/U3vgjVq7w5Yq7eSpAFP1z7gE+yA=
 github.com/sigstore/sigstore v1.7.5 h1:ij55dBhLwjICmLTBJZm7SqoQLdsu/oowDanACcJNs48=
@@ -1245,8 +1227,8 @@ github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.7.5 h1:Ku3MD55VXR7+uezCS4L
 github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.7.5/go.mod h1:FsNzxmFGATZS5ynkJLLXm9g2zHD0Xw23iJs7lM/asPo=
 github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.7.5 h1:yWNBuL52Je3ukUGry1qwg00ujJF2UFWShzXFIAtmxZU=
 github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.7.5/go.mod h1:EI9vDWVGG8fQU9aFMY7Bd204xJiqmXcDMSkFifCf16Q=
-github.com/sigstore/timestamp-authority v1.1.2 h1:xgBs9Ct27sEgFb35GL1trKD2XOgYbtk0q2G0HLZHDDY=
-github.com/sigstore/timestamp-authority v1.1.2/go.mod h1:7rGe/e6ZJNMqPiwFiv7w+qNXT8GID9gL7nMcRwZ007I=
+github.com/sigstore/timestamp-authority v1.2.0 h1:Ffk10QsHxu6aLwySQ7WuaoWkD63QkmcKtozlEFot/VI=
+github.com/sigstore/timestamp-authority v1.2.0/go.mod h1:ojKaftH78Ovfow9DzuNl5WgTCEYSa4m5622UkKDHRXc=
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
 github.com/sirupsen/logrus v1.4.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
 github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
@@ -1254,7 +1236,6 @@ github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6Mwd
 github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
 github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
 github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
-github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
 github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/sivchari/containedctx v1.0.3 h1:x+etemjbsh2fB5ewm5FeLNi5bUjK0V8n0RB+Wwfd0XE=
@@ -1284,8 +1265,8 @@ github.com/spf13/cast v1.5.1 h1:R+kOtfhWQE6TVQzY+4D7wJLBgkdVasCEFxSUBYBYIlA=
 github.com/spf13/cast v1.5.1/go.mod h1:b9PdjNptOpzXr7Rq1q9gJML/2cdGQAo69NKzQ10KN48=
 github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
 github.com/spf13/cobra v1.6.0/go.mod h1:IOw/AERYS7UzyrGinqmz6HLUo219MORXGxhbaJUqzrY=
-github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I=
-github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0=
+github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0=
+github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho=
 github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
@@ -1306,8 +1287,9 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
-github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/objx v0.5.1 h1:4VhoImhV/Bm0ToFkXFi8hXNXwpDRZ/ynw3amt82mzq0=
+github.com/stretchr/objx v0.5.1/go.mod h1:/iHQpkQwBD6DLUmQ4pE+s1TXdob1mORJ4/UFdrifcy0=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
@@ -1323,7 +1305,6 @@ github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcU
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8=
 github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU=
-github.com/syndtr/goleveldb v1.0.1-0.20210819022825-2ae1ddf74ef7/go.mod h1:q4W45IWZaF22tdD+VEXcAWRA037jwmWEB5VWYORlTpc=
 github.com/syndtr/goleveldb v1.0.1-0.20220721030215-126854af5e6d h1:vfofYNRScrDdvS342BElfbETmL1Aiz3i2t0zfRj16Hs=
 github.com/syndtr/goleveldb v1.0.1-0.20220721030215-126854af5e6d/go.mod h1:RRCYJbIwD5jmqPI9XoAFR0OcDxqUctll6zUj/+B4S48=
 github.com/t-yuki/gocover-cobertura v0.0.0-20180217150009-aaee18c8195c h1:+aPplBwWcHBo6q9xrfWdMrT9o4kltkmmvpemgIjep/8=
@@ -1353,8 +1334,9 @@ github.com/tinylib/msgp v1.1.8 h1:FCXC1xanKO4I8plpHGH2P7koL/RzZs12l/+r7vakfm0=
 github.com/tinylib/msgp v1.1.8/go.mod h1:qkpG+2ldGg4xRFmx+jfTvZPxfGFhi64BcnL9vkCm/Tw=
 github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 h1:e/5i7d4oYZ+C1wj2THlRK+oAhjeS/TRQwMfkIuet3w0=
 github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399/go.mod h1:LdwHTNJT99C5fTAzDz0ud328OgXz+gierycbcIx2fRs=
-github.com/tjfoc/gmsm v1.3.2 h1:7JVkAn5bvUJ7HtU08iW6UiD+UTmJTIToHCfeFzkcCxM=
 github.com/tjfoc/gmsm v1.3.2/go.mod h1:HaUcFuY0auTiaHB9MHFGCPx5IaLhTUd2atbCFBQXn9w=
+github.com/tjfoc/gmsm v1.4.1 h1:aMe1GlZb+0bLjn+cKTPEvvn9oUEBlJitaZiiBwsbgho=
+github.com/tjfoc/gmsm v1.4.1/go.mod h1:j4INPkHWMrhJb38G+J6W4Tw0AbuN8Thu3PbdVYhVcTE=
 github.com/tomarrell/wrapcheck/v2 v2.8.1 h1:HxSqDSN0sAt0yJYsrcYVoEeyM4aI9yAm3KQpIXDJRhQ=
 github.com/tomarrell/wrapcheck/v2 v2.8.1/go.mod h1:/n2Q3NZ4XFT50ho6Hbxg+RV1uyo2Uow/Vdm9NQcl5SE=
 github.com/tommy-muehle/go-mnd/v2 v2.5.1 h1:NowYhSdyE/1zwK9QCLeRb6USWdoif80Ie+v+yU8u1Zw=
@@ -1365,18 +1347,14 @@ github.com/ultraware/funlen v0.1.0 h1:BuqclbkY6pO+cvxoq7OsktIXZpgBSkYTQtmwhAK81v
 github.com/ultraware/funlen v0.1.0/go.mod h1:XJqmOQja6DpxarLj6Jj1U7JuoS8PvL4nEqDaQhy22p4=
 github.com/ultraware/whitespace v0.0.5 h1:hh+/cpIcopyMYbZNVov9iSxvJU3OYQg78Sfaqzi/CzI=
 github.com/ultraware/whitespace v0.0.5/go.mod h1:aVMh/gQve5Maj9hQ/hg+F75lr/X5A89uZnzAmWSineA=
-github.com/urfave/cli v1.22.12/go.mod h1:sSBEIC79qR6OvcmsD4U3KABeOTxDqQtdDnaFuUN30b8=
 github.com/urfave/cli/v2 v2.3.0/go.mod h1:LJmUH05zAU44vOAcrfzZQKsZbVcdbOG8rtL3/XcUArI=
 github.com/uudashr/gocognit v1.1.2 h1:l6BAEKJqQH2UpKAPKdMfZf5kE4W/2xk8pfU1OVLvniI=
 github.com/uudashr/gocognit v1.1.2/go.mod h1:aAVdLURqcanke8h3vg35BC++eseDm66Z7KmchI5et4k=
 github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw=
-github.com/vbatts/tar-split v0.11.3 h1:hLFqsOLQ1SsppQNTMpkpPXClLDfC2A3Zgy9OUU+RVck=
-github.com/vbatts/tar-split v0.11.3/go.mod h1:9QlHN18E+fEH7RdG+QAJJcuya3rqT7eXSTY7wGrAokY=
-github.com/vmihailenco/msgpack/v5 v5.3.5 h1:5gO0H1iULLWGhs2H5tbAHIZTV8/cYafcFOr9znI5mJU=
-github.com/vmihailenco/tagparser v0.1.2 h1:gnjoVuB/kljJ5wICEEOpx98oXMWPLj22G67Vbd1qPqc=
-github.com/vmihailenco/tagparser/v2 v2.0.0 h1:y09buUbR+b5aycVFQs/g70pqKVZNBmxwAhO7/IwNM9g=
-github.com/xanzy/go-gitlab v0.90.0 h1:j8ZUHfLfXdnC+B8njeNaW/kM44c1zw8fiuNj7D+qQN8=
-github.com/xanzy/go-gitlab v0.90.0/go.mod h1:5ryv+MnpZStBH8I/77HuQBsMbBGANtVpLWC15qOjWAw=
+github.com/vbatts/tar-split v0.11.5 h1:3bHCTIheBm1qFTcgh9oPu+nNBtX+XJIupG/vacinCts=
+github.com/vbatts/tar-split v0.11.5/go.mod h1:yZbwRsSeGjusneWgA781EKej9HF8vme8okylkAeNKLk=
+github.com/xanzy/go-gitlab v0.93.2 h1:kNNf3BYNYn/Zkig0B89fma12l36VLcYSGu7OnaRlRDg=
+github.com/xanzy/go-gitlab v0.93.2/go.mod h1:5ryv+MnpZStBH8I/77HuQBsMbBGANtVpLWC15qOjWAw=
 github.com/xanzy/ssh-agent v0.2.1/go.mod h1:mLlQY/MoOhWBj+gOGMQkOeiEvkx+8pJSI+0Bx9h2kr4=
 github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM=
 github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw=
@@ -1390,9 +1368,6 @@ github.com/xdg-go/stringprep v1.0.2/go.mod h1:8F9zXuvzgwmyT5DUm4GUfZGDdT3W+LCvS6
 github.com/xdg-go/stringprep v1.0.3/go.mod h1:W3f5j4i+9rC0kuIEJL0ky1VpHXQU3ocBgklLGvcBnW8=
 github.com/xdg-go/stringprep v1.0.4 h1:XLI/Ng3O1Atzq0oBs3TWm+5ZVgkq2aqdlvP9JtoZ6c8=
 github.com/xdg-go/stringprep v1.0.4/go.mod h1:mPGuuIYwz7CmR2bT9j4GbQqutWS1zV24gijq1dTyGkM=
-github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
-github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
-github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y=
 github.com/xen0n/gosmopolitan v1.2.2 h1:/p2KTnMzwRexIW8GlKawsTWOxn7UHA+jCMF/V8HHtvU=
 github.com/xen0n/gosmopolitan v1.2.2/go.mod h1:7XX7Mj61uLYrj0qmeN0zi7XDon9JRAEhYQqAPLVNTeg=
 github.com/yagipy/maintidx v1.0.0 h1:h5NvIsCz+nRDapQ0exNv4aJ0yXSI0420omVANTv3GJM=
@@ -1428,8 +1403,8 @@ go-simpler.org/sloglint v0.1.2/go.mod h1:2LL+QImPfTslD5muNPydAEYmpXIj6o/WYcqnJjL
 go.mongodb.org/mongo-driver v1.7.3/go.mod h1:NqaYOwnXWr5Pm7AOpO5QFxKJ503nbMse/R79oO62zWg=
 go.mongodb.org/mongo-driver v1.7.5/go.mod h1:VXEWRZ6URJIkUq2SCAyapmhH0ZLRBP+FT4xhp5Zvxng=
 go.mongodb.org/mongo-driver v1.10.0/go.mod h1:wsihk0Kdgv8Kqu1Anit4sfK+22vSFbUrAVEYRhCXrA8=
-go.mongodb.org/mongo-driver v1.12.0 h1:aPx33jmn/rQuJXPQLZQ8NtfPQG8CaqgLThFtqRb0PiE=
-go.mongodb.org/mongo-driver v1.12.0/go.mod h1:AZkxhPnFJUoH7kZlFkVKucV20K387miPfm7oimrSmK0=
+go.mongodb.org/mongo-driver v1.12.1 h1:nLkghSU8fQNaK7oUmDhQFsnrtcoNy7Z6LVFKsEecqgE=
+go.mongodb.org/mongo-driver v1.12.1/go.mod h1:/rGBTebI3XYboVmgz+Wv3Bcbl3aD0QF9zl6kDDw18rQ=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
 go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
 go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
@@ -1454,7 +1429,6 @@ go.tmz.dev/musttag v0.7.2 h1:1J6S9ipDbalBSODNT5jCep8dhZyMr4ttnjQagmGYR5s=
 go.tmz.dev/musttag v0.7.2/go.mod h1:m6q5NiiSKMnQYokefa2xGoyoXnrswCbJ0AWYzf4Zs28=
 go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
-go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
 go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE=
 go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
 go.uber.org/automaxprocs v1.5.2 h1:2LxUOGiR3O6tw8ui5sZa2LAaHnsviZdVOUZw4fvbnME=
@@ -1466,11 +1440,12 @@ go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN8
 go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
 go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo=
 go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so=
-go4.org/intern v0.0.0-20211027215823-ae77deb06f29 h1:UXLjNohABv4S58tHmeuIZDO6e3mHpW2Dx33gaNt03LE=
 go4.org/intern v0.0.0-20211027215823-ae77deb06f29/go.mod h1:cS2ma+47FKrLPdXFpr7CuxiTW3eyJbWew4qx0qtQWDA=
+go4.org/intern v0.0.0-20230525184215-6c62f75575cb h1:ae7kzL5Cfdmcecbh22ll7lYP3iuUdnfnhiPcSaDgH/8=
+go4.org/intern v0.0.0-20230525184215-6c62f75575cb/go.mod h1:Ycrt6raEcnF5FTsLiLKkhBTO6DPX3RCUCUVnks3gFJU=
 go4.org/unsafe/assume-no-moving-gc v0.0.0-20211027215541-db492cf91b37/go.mod h1:FftLjUGFEDu5k8lt0ddY+HcrH/qU/0qk+H8j9/nTl3E=
-go4.org/unsafe/assume-no-moving-gc v0.0.0-20220617031537-928513b29760 h1:FyBZqvoA/jbNzuAWLQE2kG820zMAkcilx6BMjGbL/E4=
-go4.org/unsafe/assume-no-moving-gc v0.0.0-20220617031537-928513b29760/go.mod h1:FftLjUGFEDu5k8lt0ddY+HcrH/qU/0qk+H8j9/nTl3E=
+go4.org/unsafe/assume-no-moving-gc v0.0.0-20230525183740-e7c30c78aeb2 h1:WJhcL4p+YeDxmZWg141nRm7XC8IDmhz7lk5GpadO1Sg=
+go4.org/unsafe/assume-no-moving-gc v0.0.0-20230525183740-e7c30c78aeb2/go.mod h1:FftLjUGFEDu5k8lt0ddY+HcrH/qU/0qk+H8j9/nTl3E=
 gocloud.dev v0.34.0 h1:LzlQY+4l2cMtuNfwT2ht4+fiXwWf/NmPTnXUlLmGif4=
 gocloud.dev v0.34.0/go.mod h1:psKOachbnvY3DAOPbsFVmLIErwsbWPUG2H5i65D38vE=
 gocloud.dev/docstore/mongodocstore v0.34.0 h1:k/S3g4uM8YFDOElcxWtj7UWnbbtwRLQ2dCCCNw+Z+4g=
@@ -1490,11 +1465,11 @@ golang.org/x/crypto v0.0.0-20191219195013-becbf705a915/go.mod h1:LzIPMQfyMNhhGPh
 golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20201012173705-84dcc777aaee/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20201112155050-0c6587e931a9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/crypto v0.0.0-20210920023735-84f357641f63/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.0.0-20211117183948-ae814b36b871/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
@@ -1502,9 +1477,10 @@ golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw
 golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
 golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
-golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0=
-golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc=
+golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I=
 golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
+golang.org/x/crypto v0.15.0 h1:frVn1TEaCEaZcn3Tmd7Y2b5KKPaZ+I32Q2OA3kYp5TA=
+golang.org/x/crypto v0.15.0/go.mod h1:4ChreQoLWfG3xLDer1WdlH5NdlQ3+mwnQq1YTKY+72g=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -1584,8 +1560,8 @@ golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/
 golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.0.0-20200813134508-3edf25e44fcc/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
+golang.org/x/net v0.0.0-20201010224723-4f7140c49acb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
@@ -1599,7 +1575,6 @@ golang.org/x/net v0.0.0-20210421230115-4e50805a0758/go.mod h1:72T/g9IO56b78aLF+1
 golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk=
 golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210917221730-978cfadd31cf/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
@@ -1619,6 +1594,7 @@ golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
 golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
+golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ=
 golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
 golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@@ -1660,8 +1636,8 @@ golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.4.0 h1:zxkM55ReGkDlKSM+Fu41A+zmbZuaPVbGMzvvdUPznYQ=
-golang.org/x/sync v0.4.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
+golang.org/x/sync v0.5.0 h1:60k92dhOjHxJkrqnwsfl8KuaHbn/5dl0lUPUklKo3qE=
+golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -1700,12 +1676,10 @@ golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20200509044756-6aff5f38e54f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200814200057-3d37ad5750ed/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -1733,7 +1707,6 @@ golang.org/x/sys v0.0.0-20210616045830-e2b7044e8c71/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210819135213-f52c844e1c1c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -1757,9 +1730,6 @@ golang.org/x/sys v0.0.0-20220702020025-31831981b65f/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220825204002-c680a09ffe64/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220906165534-d0df966e6959/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -1767,8 +1737,10 @@ golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
+golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.14.0 h1:Vz7Qs629MkJkGyHxUlRHizWJRG2j8fbQKjELVSNhy7Q=
+golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@@ -1778,8 +1750,10 @@ golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
 golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
-golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek=
+golang.org/x/term v0.9.0/go.mod h1:M6DEAAIenWoTxdKrOltXcmDY3rSplQUkrvaDU5FcQyo=
 golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U=
+golang.org/x/term v0.14.0 h1:LGK9IlZ8T9jvdy6cTdfKUCltatMFOehAQo9SRC46UQ8=
+golang.org/x/term v0.14.0/go.mod h1:TySc+nGkYR6qt8km8wUhuFRTVSMIX3XPR58y2lC8vww=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -1796,8 +1770,10 @@ golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
-golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k=
+golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
+golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
+golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -2019,7 +1995,6 @@ google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1/go.mod h1:5CzLGKJ6
 google.golang.org/genproto v0.0.0-20211206160659-862468c7d6e0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
 google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
 google.golang.org/genproto v0.0.0-20211221195035-429b39de9b1c/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
 google.golang.org/genproto v0.0.0-20220126215142-9970aeb2e350/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
 google.golang.org/genproto v0.0.0-20220207164111-0872dc986b00/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
 google.golang.org/genproto v0.0.0-20220218161850-94dd64e39d7c/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI=
@@ -2099,10 +2074,9 @@ google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqw
 google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8=
 google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
-gopkg.in/DataDog/dd-trace-go.v1 v1.53.0 h1:Rc2Z3tspHI+PsspsfO4wZsSqL8l658yAUo7lFUSnPD0=
-gopkg.in/DataDog/dd-trace-go.v1 v1.53.0/go.mod h1:m0tVxCbhcuHsiHhhaw749KeQcVjRZOWBPMa6wHL6LBQ=
+gopkg.in/DataDog/dd-trace-go.v1 v1.56.1 h1:AUe/ZF7xm6vYnigPe+TY54DmfWYJxhMRaw/TfvrbzvE=
+gopkg.in/DataDog/dd-trace-go.v1 v1.56.1/go.mod h1:KDLJ3CWVOSuVVwu+0ZR5KZo2rP6c7YyBV3v387dIpUU=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
-gopkg.in/alexcesaro/statsd.v2 v2.0.0 h1:FXkZSCZIH17vLCO5sO2UucTHsH9pc+17F6pl3JVCwMc=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -2111,6 +2085,8 @@ gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntN
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
+gopkg.in/go-jose/go-jose.v2 v2.6.1 h1:qEzJlIDmG9q5VO0M/o8tGS65QMHMS1w01TQJB1VPJ4U=
+gopkg.in/go-jose/go-jose.v2 v2.6.1/go.mod h1:zzZDPkNNw/c9IE7Z9jr11mBZQhKQTMzoEEIoEdZlFBI=
 gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
 gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
 gopkg.in/ini.v1 v1.56.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
@@ -2143,7 +2119,7 @@ gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C
 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gotest.tools/v3 v3.5.0 h1:Ljk6PdHdOhAb5aDMWXjDLMMhph+BpztA4v1QdqEW2eY=
+gotest.tools/v3 v3.5.1 h1:EENdUnS3pdur5nybKYIh2Vfgc8IUNBjxDPSjtiJcOzU=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
@@ -2153,28 +2129,28 @@ honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.4.6 h1:oFEHCKeID7to/3autwsWfnuv69j3NsfcXbvJKuIcep8=
 honnef.co/go/tools v0.4.6/go.mod h1:+rnGS1THNh8zMwnd2oVOTL9QF6vmfyG6ZXBULae2uc0=
-inet.af/netaddr v0.0.0-20220811202034-502d2d690317 h1:U2fwK6P2EqmopP/hFLTOAjWTki0qgd4GMJn5X8wOleU=
-inet.af/netaddr v0.0.0-20220811202034-502d2d690317/go.mod h1:OIezDfdzOgFhuw4HuWapWq2e9l0H9tK4F1j+ETRtF3k=
-k8s.io/api v0.27.3 h1:yR6oQXXnUEBWEWcvPWS0jQL575KoAboQPfJAuKNrw5Y=
-k8s.io/api v0.27.3/go.mod h1:C4BNvZnQOF7JA/0Xed2S+aUyJSfTGkGFxLXz9MnpIpg=
+inet.af/netaddr v0.0.0-20230525184311-b8eac61e914a h1:1XCVEdxrvL6c0TGOhecLuB7U9zYNdxZEjvOqJreKZiM=
+inet.af/netaddr v0.0.0-20230525184311-b8eac61e914a/go.mod h1:e83i32mAQOW1LAqEIweALsuK2Uw4mhQadA5r7b0Wobo=
+k8s.io/api v0.28.3 h1:Gj1HtbSdB4P08C8rs9AR94MfSGpRhJgsS+GF9V26xMM=
+k8s.io/api v0.28.3/go.mod h1:MRCV/jr1dW87/qJnZ57U5Pak65LGmQVkKTzf3AtKFHc=
 k8s.io/apiextensions-apiserver v0.26.5 h1:VJ946z9RjyCPn3qiz4Kus/UYjCRrdn1xUvEsJFvN5Yo=
 k8s.io/apiextensions-apiserver v0.26.5/go.mod h1:Olsde7ZNWnyz9rsL13iXYXmL1h7kWujtKeC3yWVCDPo=
-k8s.io/apimachinery v0.27.3 h1:Ubye8oBufD04l9QnNtW05idcOe9Z3GQN8+7PqmuVcUM=
-k8s.io/apimachinery v0.27.3/go.mod h1:XNfZ6xklnMCOGGFNqXG7bUrQCoR04dh/E7FprV6pb+E=
-k8s.io/client-go v0.27.3 h1:7dnEGHZEJld3lYwxvLl7WoehK6lAq7GvgjxpA3nv1E8=
-k8s.io/client-go v0.27.3/go.mod h1:2MBEKuTo6V1lbKy3z1euEGnhPfGZLKTS9tiJ2xodM48=
+k8s.io/apimachinery v0.28.3 h1:B1wYx8txOaCQG0HmYF6nbpU8dg6HvA06x5tEffvOe7A=
+k8s.io/apimachinery v0.28.3/go.mod h1:uQTKmIqs+rAYaq+DFaoD2X7pcjLOqbQX2AOiO0nIpb8=
+k8s.io/client-go v0.28.3 h1:2OqNb72ZuTZPKCl+4gTKvqao0AMOl9f3o2ijbAj3LI4=
+k8s.io/client-go v0.28.3/go.mod h1:LTykbBp9gsA7SwqirlCXBWtK0guzfhpoW4qSm7i9dxo=
 k8s.io/code-generator v0.26.5 h1:0p350mqxkbs29h8/yF4AMilApLVUhnRx3EAfhTWR5fY=
 k8s.io/code-generator v0.26.5/go.mod h1:iWTVFxfBX+RYe0bXjKqSM83KJF8eimor/izQInvq/60=
-k8s.io/gengo v0.0.0-20221011193443-fad74ee6edd9 h1:iu3o/SxaHVI7tKPtkGzD3M9IzrE21j+CUKH98NQJ8Ms=
-k8s.io/gengo v0.0.0-20221011193443-fad74ee6edd9/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
+k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01 h1:pWEwq4Asjm4vjW7vcsmijwBhOr1/shsbSYiWXmNGlks=
+k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
 k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
 k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
 k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg=
 k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
-k8s.io/kube-openapi v0.0.0-20230515203736-54b630e78af5 h1:azYPdzztXxPSa8wb+hksEKayiz0o+PPisO/d+QhWnoo=
-k8s.io/kube-openapi v0.0.0-20230515203736-54b630e78af5/go.mod h1:kzo02I3kQ4BTtEfVLaPbjvCkX97YqGve33wzlb3fofQ=
-k8s.io/utils v0.0.0-20230505201702-9f6742963106 h1:EObNQ3TW2D+WptiYXlApGNLVy0zm/JIBVY9i+M4wpAU=
-k8s.io/utils v0.0.0-20230505201702-9f6742963106/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 h1:aVUu9fTY98ivBPKR9Y5w/AuzbMm96cd3YHRTU83I780=
+k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00/go.mod h1:AsvuZPBlUDVuCdzJ87iajxtXuR9oktsTctW/R9wwouA=
+k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI=
+k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 knative.dev/pkg v0.0.0-20231011193800-bd99f2f98be7 h1:y3qbfYX1SuSr/1ysXvKfpV8q/kCwWLWieCUgAhBUHmQ=
 knative.dev/pkg v0.0.0-20231011193800-bd99f2f98be7/go.mod h1:g+UCgSKQ2f15kHYu/V3CPtoKo5F1x/2Y1ot0NSK7gA0=
 mvdan.cc/gofumpt v0.5.0 h1:0EQ+Z56k8tXjj/6TQD25BFNKQXpCvT0rnansIc7Ug5E=
@@ -2192,8 +2168,8 @@ sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMm
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
 sigs.k8s.io/release-utils v0.7.6 h1:mQxQRAIulbyz6y7eOCzklAelcpYjBj8MMGFcxNnyqto=
 sigs.k8s.io/release-utils v0.7.6/go.mod h1:GZGWmbINwsLGKsoZKTeWUGp4F+Rbwhq4XDtJ45N+dLw=
-sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE=
-sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E=
+sigs.k8s.io/structured-merge-diff/v4 v4.3.0 h1:UZbZAZfX0wV2zr7YZorDz6GXROfDFj6LvqCRm4VUVKk=
+sigs.k8s.io/structured-merge-diff/v4 v4.3.0/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08=
 sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc=
 sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=
 sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY=
diff --git a/vendor/cloud.google.com/go/compute/internal/version.go b/vendor/cloud.google.com/go/compute/internal/version.go
index 783aa2b95b..5692fd4ade 100644
--- a/vendor/cloud.google.com/go/compute/internal/version.go
+++ b/vendor/cloud.google.com/go/compute/internal/version.go
@@ -15,4 +15,4 @@
 package internal
 
 // Version is the current tagged release of the library.
-const Version = "1.23.1"
+const Version = "1.23.2"
diff --git a/vendor/cloud.google.com/go/iam/CHANGES.md b/vendor/cloud.google.com/go/iam/CHANGES.md
index edcb5b5852..d9928402e6 100644
--- a/vendor/cloud.google.com/go/iam/CHANGES.md
+++ b/vendor/cloud.google.com/go/iam/CHANGES.md
@@ -1,6 +1,13 @@
 # Changes
 
 
+## [1.1.4](https://github.com/googleapis/google-cloud-go/compare/iam/v1.1.3...iam/v1.1.4) (2023-10-26)
+
+
+### Bug Fixes
+
+* **iam:** Update grpc-go to v1.59.0 ([81a97b0](https://github.com/googleapis/google-cloud-go/commit/81a97b06cb28b25432e4ece595c55a9857e960b7))
+
 ## [1.1.3](https://github.com/googleapis/google-cloud-go/compare/iam/v1.1.2...iam/v1.1.3) (2023-10-12)
 
 
diff --git a/vendor/cloud.google.com/go/kms/internal/version.go b/vendor/cloud.google.com/go/kms/internal/version.go
index a24582d3dc..b9ae78db7d 100644
--- a/vendor/cloud.google.com/go/kms/internal/version.go
+++ b/vendor/cloud.google.com/go/kms/internal/version.go
@@ -15,4 +15,4 @@
 package internal
 
 // Version is the current tagged release of the library.
-const Version = "1.15.3"
+const Version = "1.15.4"
diff --git a/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential/confidential.go b/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential/confidential.go
index 6612feb4bf..1841d146f5 100644
--- a/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential/confidential.go
+++ b/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential/confidential.go
@@ -59,6 +59,8 @@ added, it doesn't exist in real life. As such I've put a PEM decoder into here.
 // For details see https://aka.ms/msal-net-authenticationresult
 type AuthResult = base.AuthResult
 
+type AuthenticationScheme = authority.AuthenticationScheme
+
 type Account = shared.Account
 
 // CertFromPEM converts a PEM file (.pem or .key) for use with [NewCredFromCert]. The file
@@ -454,6 +456,33 @@ func WithClaims(claims string) interface {
 	}
 }
 
+// WithAuthenticationScheme is an extensibility mechanism designed to be used only by Azure Arc for proof of possession access tokens.
+func WithAuthenticationScheme(authnScheme AuthenticationScheme) interface {
+	AcquireSilentOption
+	AcquireByCredentialOption
+	options.CallOption
+} {
+	return struct {
+		AcquireSilentOption
+		AcquireByCredentialOption
+		options.CallOption
+	}{
+		CallOption: options.NewCallOption(
+			func(a any) error {
+				switch t := a.(type) {
+				case *acquireTokenSilentOptions:
+					t.authnScheme = authnScheme
+				case *acquireTokenByCredentialOptions:
+					t.authnScheme = authnScheme
+				default:
+					return fmt.Errorf("unexpected options type %T", a)
+				}
+				return nil
+			},
+		),
+	}
+}
+
 // WithTenantID specifies a tenant for a single authentication. It may be different than the tenant set in [New].
 // This option is valid for any token acquisition method.
 func WithTenantID(tenantID string) interface {
@@ -499,6 +528,7 @@ func WithTenantID(tenantID string) interface {
 type acquireTokenSilentOptions struct {
 	account          Account
 	claims, tenantID string
+	authnScheme      AuthenticationScheme
 }
 
 // AcquireSilentOption is implemented by options for AcquireTokenSilent
@@ -549,6 +579,7 @@ func (cca Client) AcquireTokenSilent(ctx context.Context, scopes []string, opts
 		Credential:  cca.cred,
 		IsAppCache:  o.account.IsZero(),
 		TenantID:    o.tenantID,
+		AuthnScheme: o.authnScheme,
 	}
 
 	return cca.base.AcquireTokenSilent(ctx, silentParameters)
@@ -614,6 +645,7 @@ func (cca Client) AcquireTokenByAuthCode(ctx context.Context, code string, redir
 // acquireTokenByCredentialOptions contains optional configuration for AcquireTokenByCredential
 type acquireTokenByCredentialOptions struct {
 	claims, tenantID string
+	authnScheme      AuthenticationScheme
 }
 
 // AcquireByCredentialOption is implemented by options for AcquireTokenByCredential
@@ -637,7 +669,9 @@ func (cca Client) AcquireTokenByCredential(ctx context.Context, scopes []string,
 	authParams.Scopes = scopes
 	authParams.AuthorizationType = authority.ATClientCredentials
 	authParams.Claims = o.claims
-
+	if o.authnScheme != nil {
+		authParams.AuthnScheme = o.authnScheme
+	}
 	token, err := cca.base.Token.Credential(ctx, authParams, cca.cred)
 	if err != nil {
 		return AuthResult{}, err
diff --git a/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/base/base.go b/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/base/base.go
index 5f68384f68..09a0d92f52 100644
--- a/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/base/base.go
+++ b/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/base/base.go
@@ -54,6 +54,7 @@ type AcquireTokenSilentParameters struct {
 	UserAssertion     string
 	AuthorizationType authority.AuthorizeType
 	Claims            string
+	AuthnScheme       authority.AuthenticationScheme
 }
 
 // AcquireTokenAuthCodeParameters contains the parameters required to acquire an access token using the auth code flow.
@@ -289,6 +290,9 @@ func (b Client) AcquireTokenSilent(ctx context.Context, silent AcquireTokenSilen
 	authParams.AuthorizationType = silent.AuthorizationType
 	authParams.Claims = silent.Claims
 	authParams.UserAssertion = silent.UserAssertion
+	if silent.AuthnScheme != nil {
+		authParams.AuthnScheme = silent.AuthnScheme
+	}
 
 	m := b.pmanager
 	if authParams.AuthorizationType != authority.ATOnBehalfOf {
@@ -313,6 +317,7 @@ func (b Client) AcquireTokenSilent(ctx context.Context, silent AcquireTokenSilen
 	if silent.Claims == "" {
 		ar, err = AuthResultFromStorage(storageTokenResponse)
 		if err == nil {
+			ar.AccessToken, err = authParams.AuthnScheme.FormatAccessToken(ar.AccessToken)
 			return ar, err
 		}
 	}
@@ -417,6 +422,11 @@ func (b Client) AuthResultFromToken(ctx context.Context, authParams authority.Au
 	if err == nil && b.cacheAccessor != nil {
 		err = b.cacheAccessor.Export(ctx, b.manager, cache.ExportHints{PartitionKey: key})
 	}
+	if err != nil {
+		return AuthResult{}, err
+	}
+
+	ar.AccessToken, err = authParams.AuthnScheme.FormatAccessToken(ar.AccessToken)
 	return ar, err
 }
 
diff --git a/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/base/internal/storage/items.go b/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/base/internal/storage/items.go
index 5d4c9f1d1f..f9be90276d 100644
--- a/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/base/internal/storage/items.go
+++ b/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/base/internal/storage/items.go
@@ -12,6 +12,7 @@ import (
 
 	internalTime "github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/json/types/time"
 	"github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/oauth/ops/accesstokens"
+	"github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/oauth/ops/authority"
 	"github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/shared"
 )
 
@@ -75,12 +76,14 @@ type AccessToken struct {
 	ExtendedExpiresOn internalTime.Unix `json:"extended_expires_on,omitempty"`
 	CachedAt          internalTime.Unix `json:"cached_at,omitempty"`
 	UserAssertionHash string            `json:"user_assertion_hash,omitempty"`
+	TokenType         string            `json:"token_type,omitempty"`
+	AuthnSchemeKeyID  string            `json:"keyid,omitempty"`
 
 	AdditionalFields map[string]interface{}
 }
 
 // NewAccessToken is the constructor for AccessToken.
-func NewAccessToken(homeID, env, realm, clientID string, cachedAt, expiresOn, extendedExpiresOn time.Time, scopes, token string) AccessToken {
+func NewAccessToken(homeID, env, realm, clientID string, cachedAt, expiresOn, extendedExpiresOn time.Time, scopes, token, tokenType, authnSchemeKeyID string) AccessToken {
 	return AccessToken{
 		HomeAccountID:     homeID,
 		Environment:       env,
@@ -92,6 +95,8 @@ func NewAccessToken(homeID, env, realm, clientID string, cachedAt, expiresOn, ex
 		CachedAt:          internalTime.Unix{T: cachedAt.UTC()},
 		ExpiresOn:         internalTime.Unix{T: expiresOn.UTC()},
 		ExtendedExpiresOn: internalTime.Unix{T: extendedExpiresOn.UTC()},
+		TokenType:         tokenType,
+		AuthnSchemeKeyID:  authnSchemeKeyID,
 	}
 }
 
@@ -101,6 +106,11 @@ func (a AccessToken) Key() string {
 		[]string{a.HomeAccountID, a.Environment, a.CredentialType, a.ClientID, a.Realm, a.Scopes},
 		shared.CacheKeySeparator,
 	)
+	// add token type to key for new access tokens types. skip for bearer token type to
+	// preserve fwd and back compat between a common cache and msal clients
+	if !strings.EqualFold(a.TokenType, authority.AccessTokenTypeBearer) {
+		key = strings.Join([]string{key, a.TokenType}, shared.CacheKeySeparator)
+	}
 	return strings.ToLower(key)
 }
 
diff --git a/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/base/internal/storage/partitioned_storage.go b/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/base/internal/storage/partitioned_storage.go
index 5e1cae0b8a..c093183306 100644
--- a/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/base/internal/storage/partitioned_storage.go
+++ b/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/base/internal/storage/partitioned_storage.go
@@ -41,6 +41,8 @@ func (m *PartitionedManager) Read(ctx context.Context, authParameters authority.
 	realm := authParameters.AuthorityInfo.Tenant
 	clientID := authParameters.ClientID
 	scopes := authParameters.Scopes
+	authnSchemeKeyID := authParameters.AuthnScheme.KeyID()
+	tokenType := authParameters.AuthnScheme.AccessTokenType()
 
 	// fetch metadata if instanceDiscovery is enabled
 	aliases := []string{authParameters.AuthorityInfo.Host}
@@ -57,7 +59,7 @@ func (m *PartitionedManager) Read(ctx context.Context, authParameters authority.
 
 	// errors returned by read* methods indicate a cache miss and are therefore non-fatal. We continue populating
 	// TokenResponse fields so that e.g. lack of an ID token doesn't prevent the caller from receiving a refresh token.
-	accessToken, err := m.readAccessToken(aliases, realm, clientID, userAssertionHash, scopes, partitionKeyFromRequest)
+	accessToken, err := m.readAccessToken(aliases, realm, clientID, userAssertionHash, scopes, partitionKeyFromRequest, tokenType, authnSchemeKeyID)
 	if err == nil {
 		tr.AccessToken = accessToken
 	}
@@ -92,7 +94,7 @@ func (m *PartitionedManager) Write(authParameters authority.AuthParams, tokenRes
 	target := strings.Join(tokenResponse.GrantedScopes.Slice, scopeSeparator)
 	userAssertionHash := authParameters.AssertionHash()
 	cachedAt := time.Now()
-
+	authnSchemeKeyID := authParameters.AuthnScheme.KeyID()
 	var account shared.Account
 
 	if len(tokenResponse.RefreshToken) > 0 {
@@ -116,6 +118,8 @@ func (m *PartitionedManager) Write(authParameters authority.AuthParams, tokenRes
 			tokenResponse.ExtExpiresOn.T,
 			target,
 			tokenResponse.AccessToken,
+			tokenResponse.TokenType,
+			authnSchemeKeyID,
 		)
 		if authParameters.AuthorizationType == authority.ATOnBehalfOf {
 			accessToken.UserAssertionHash = userAssertionHash // get Hash method on this
@@ -215,7 +219,7 @@ func (m *PartitionedManager) aadMetadata(ctx context.Context, authorityInfo auth
 	return m.aadCache[authorityInfo.Host], nil
 }
 
-func (m *PartitionedManager) readAccessToken(envAliases []string, realm, clientID, userAssertionHash string, scopes []string, partitionKey string) (AccessToken, error) {
+func (m *PartitionedManager) readAccessToken(envAliases []string, realm, clientID, userAssertionHash string, scopes []string, partitionKey, tokenType, authnSchemeKeyID string) (AccessToken, error) {
 	m.contractMu.RLock()
 	defer m.contractMu.RUnlock()
 	if accessTokens, ok := m.contract.AccessTokensPartition[partitionKey]; ok {
@@ -224,9 +228,11 @@ func (m *PartitionedManager) readAccessToken(envAliases []string, realm, clientI
 		// an issue, however if it does become a problem then we know where to look.
 		for _, at := range accessTokens {
 			if at.Realm == realm && at.ClientID == clientID && at.UserAssertionHash == userAssertionHash {
-				if checkAlias(at.Environment, envAliases) {
-					if isMatchingScopes(scopes, at.Scopes) {
-						return at, nil
+				if at.TokenType == tokenType && at.AuthnSchemeKeyID == authnSchemeKeyID {
+					if checkAlias(at.Environment, envAliases) {
+						if isMatchingScopes(scopes, at.Scopes) {
+							return at, nil
+						}
 					}
 				}
 			}
diff --git a/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/base/internal/storage/storage.go b/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/base/internal/storage/storage.go
index d3a39e005c..11263822be 100644
--- a/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/base/internal/storage/storage.go
+++ b/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/base/internal/storage/storage.go
@@ -89,6 +89,8 @@ func (m *Manager) Read(ctx context.Context, authParameters authority.AuthParams)
 	realm := authParameters.AuthorityInfo.Tenant
 	clientID := authParameters.ClientID
 	scopes := authParameters.Scopes
+	authnSchemeKeyID := authParameters.AuthnScheme.KeyID()
+	tokenType := authParameters.AuthnScheme.AccessTokenType()
 
 	// fetch metadata if instanceDiscovery is enabled
 	aliases := []string{authParameters.AuthorityInfo.Host}
@@ -100,7 +102,7 @@ func (m *Manager) Read(ctx context.Context, authParameters authority.AuthParams)
 		aliases = metadata.Aliases
 	}
 
-	accessToken := m.readAccessToken(homeAccountID, aliases, realm, clientID, scopes)
+	accessToken := m.readAccessToken(homeAccountID, aliases, realm, clientID, scopes, tokenType, authnSchemeKeyID)
 	tr.AccessToken = accessToken
 
 	if homeAccountID == "" {
@@ -140,6 +142,7 @@ func (m *Manager) Write(authParameters authority.AuthParams, tokenResponse acces
 	clientID := authParameters.ClientID
 	target := strings.Join(tokenResponse.GrantedScopes.Slice, scopeSeparator)
 	cachedAt := time.Now()
+	authnSchemeKeyID := authParameters.AuthnScheme.KeyID()
 
 	var account shared.Account
 
@@ -161,6 +164,8 @@ func (m *Manager) Write(authParameters authority.AuthParams, tokenResponse acces
 			tokenResponse.ExtExpiresOn.T,
 			target,
 			tokenResponse.AccessToken,
+			tokenResponse.TokenType,
+			authnSchemeKeyID,
 		)
 
 		// Since we have a valid access token, cache it before moving on.
@@ -248,7 +253,7 @@ func (m *Manager) aadMetadata(ctx context.Context, authorityInfo authority.Info)
 	return m.aadCache[authorityInfo.Host], nil
 }
 
-func (m *Manager) readAccessToken(homeID string, envAliases []string, realm, clientID string, scopes []string) AccessToken {
+func (m *Manager) readAccessToken(homeID string, envAliases []string, realm, clientID string, scopes []string, tokenType, authnSchemeKeyID string) AccessToken {
 	m.contractMu.RLock()
 	defer m.contractMu.RUnlock()
 	// TODO: linear search (over a map no less) is slow for a large number (thousands) of tokens.
@@ -256,9 +261,11 @@ func (m *Manager) readAccessToken(homeID string, envAliases []string, realm, cli
 	// an issue, however if it does become a problem then we know where to look.
 	for _, at := range m.contract.AccessTokens {
 		if at.HomeAccountID == homeID && at.Realm == realm && at.ClientID == clientID {
-			if checkAlias(at.Environment, envAliases) {
-				if isMatchingScopes(scopes, at.Scopes) {
-					return at
+			if (at.TokenType == tokenType && at.AuthnSchemeKeyID == authnSchemeKeyID) || (at.TokenType == "" && (tokenType == "" || tokenType == "Bearer")) {
+				if checkAlias(at.Environment, envAliases) {
+					if isMatchingScopes(scopes, at.Scopes) {
+						return at
+					}
 				}
 			}
 		}
diff --git a/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/oauth/oauth.go b/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/oauth/oauth.go
index ebd86e2baf..ef8d908a44 100644
--- a/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/oauth/oauth.go
+++ b/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/oauth/oauth.go
@@ -119,6 +119,7 @@ func (t *Client) Credential(ctx context.Context, authParams authority.AuthParams
 			return accesstokens.TokenResponse{}, err
 		}
 		return accesstokens.TokenResponse{
+			TokenType:   authParams.AuthnScheme.AccessTokenType(),
 			AccessToken: tr.AccessToken,
 			ExpiresOn: internalTime.DurationTime{
 				T: now.Add(time.Duration(tr.ExpiresInSeconds) * time.Second),
diff --git a/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/oauth/ops/accesstokens/accesstokens.go b/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/oauth/ops/accesstokens/accesstokens.go
index 003d38648a..a7b7b0742d 100644
--- a/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/oauth/ops/accesstokens/accesstokens.go
+++ b/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/oauth/ops/accesstokens/accesstokens.go
@@ -380,6 +380,12 @@ func (c Client) FromSamlGrant(ctx context.Context, authParameters authority.Auth
 
 func (c Client) doTokenResp(ctx context.Context, authParams authority.AuthParams, qv url.Values) (TokenResponse, error) {
 	resp := TokenResponse{}
+	if authParams.AuthnScheme != nil {
+		trParams := authParams.AuthnScheme.TokenRequestParams()
+		for k, v := range trParams {
+			qv.Set(k, v)
+		}
+	}
 	err := c.Comm.URLFormCall(ctx, authParams.Endpoints.TokenEndpoint, qv, &resp)
 	if err != nil {
 		return resp, err
diff --git a/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/oauth/ops/accesstokens/tokens.go b/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/oauth/ops/accesstokens/tokens.go
index 3dd61d5b5f..3107b45c11 100644
--- a/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/oauth/ops/accesstokens/tokens.go
+++ b/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/oauth/ops/accesstokens/tokens.go
@@ -168,6 +168,7 @@ type TokenResponse struct {
 
 	AccessToken  string `json:"access_token"`
 	RefreshToken string `json:"refresh_token"`
+	TokenType    string `json:"token_type"`
 
 	FamilyID       string                    `json:"foci"`
 	IDToken        IDToken                   `json:"id_token"`
diff --git a/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/oauth/ops/authority/authority.go b/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/oauth/ops/authority/authority.go
index 7b2ccb4f5d..9d60734f88 100644
--- a/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/oauth/ops/authority/authority.go
+++ b/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/oauth/ops/authority/authority.go
@@ -29,6 +29,7 @@ const (
 	defaultAPIVersion                 = "2021-10-01"
 	imdsEndpoint                      = "http://169.254.169.254/metadata/instance/compute/location?format=text&api-version=" + defaultAPIVersion
 	autoDetectRegion                  = "TryAutoDetect"
+	AccessTokenTypeBearer             = "Bearer"
 )
 
 // These are various hosts that host AAD Instance discovery endpoints.
@@ -138,6 +139,39 @@ const (
 	ADFS = "ADFS"
 )
 
+// AuthenticationScheme is an extensibility mechanism designed to be used only by Azure Arc for proof of possession access tokens.
+type AuthenticationScheme interface {
+	// Extra parameters that are added to the request to the /token endpoint.
+	TokenRequestParams() map[string]string
+	// Key ID of the public / private key pair used by the encryption algorithm, if any.
+	// Tokens obtained by authentication schemes that use this are bound to the KeyId, i.e.
+	// if a different kid is presented, the access token cannot be used.
+	KeyID() string
+	// Creates the access token that goes into an Authorization HTTP header.
+	FormatAccessToken(accessToken string) (string, error)
+	//Expected to match the token_type parameter returned by ESTS. Used to disambiguate
+	// between ATs of different types (e.g. Bearer and PoP) when loading from cache etc.
+	AccessTokenType() string
+}
+
+// default authn scheme realizing AuthenticationScheme for "Bearer" tokens
+type BearerAuthenticationScheme struct{}
+
+var bearerAuthnScheme BearerAuthenticationScheme
+
+func (ba *BearerAuthenticationScheme) TokenRequestParams() map[string]string {
+	return nil
+}
+func (ba *BearerAuthenticationScheme) KeyID() string {
+	return ""
+}
+func (ba *BearerAuthenticationScheme) FormatAccessToken(accessToken string) (string, error) {
+	return accessToken, nil
+}
+func (ba *BearerAuthenticationScheme) AccessTokenType() string {
+	return AccessTokenTypeBearer
+}
+
 // AuthParams represents the parameters used for authorization for token acquisition.
 type AuthParams struct {
 	AuthorityInfo Info
@@ -180,6 +214,8 @@ type AuthParams struct {
 	LoginHint string
 	// DomainHint is a directive that can be used to accelerate the user to their federated IdP sign-in page
 	DomainHint string
+	// AuthnScheme is an optional scheme for formatting access tokens
+	AuthnScheme AuthenticationScheme
 }
 
 // NewAuthParams creates an authorization parameters object.
@@ -188,6 +224,7 @@ func NewAuthParams(clientID string, authorityInfo Info) AuthParams {
 		ClientID:      clientID,
 		AuthorityInfo: authorityInfo,
 		CorrelationID: uuid.New().String(),
+		AuthnScheme:   &bearerAuthnScheme,
 	}
 }
 
diff --git a/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/version/version.go b/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/version/version.go
index 2ac2d09e4f..eb16b405c4 100644
--- a/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/version/version.go
+++ b/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/version/version.go
@@ -5,4 +5,4 @@
 package version
 
 // Version is the version of this client package that is communicated to the server.
-const Version = "1.1.1"
+const Version = "1.2.0"
diff --git a/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/public/public.go b/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/public/public.go
index 88b217dedd..2221b3d339 100644
--- a/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/public/public.go
+++ b/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/public/public.go
@@ -47,6 +47,8 @@ import (
 // For details see https://aka.ms/msal-net-authenticationresult
 type AuthResult = base.AuthResult
 
+type AuthenticationScheme = authority.AuthenticationScheme
+
 type Account = shared.Account
 
 var errNoAccount = errors.New("no account was specified with public.WithAccount(), or the specified account is invalid")
@@ -211,6 +213,33 @@ func WithClaims(claims string) interface {
 	}
 }
 
+// WithAuthenticationScheme is an extensibility mechanism designed to be used only by Azure Arc for proof of possession access tokens.
+func WithAuthenticationScheme(authnScheme AuthenticationScheme) interface {
+	AcquireSilentOption
+	AcquireInteractiveOption
+	options.CallOption
+} {
+	return struct {
+		AcquireSilentOption
+		AcquireInteractiveOption
+		options.CallOption
+	}{
+		CallOption: options.NewCallOption(
+			func(a any) error {
+				switch t := a.(type) {
+				case *acquireTokenSilentOptions:
+					t.authnScheme = authnScheme
+				case *interactiveAuthOptions:
+					t.authnScheme = authnScheme
+				default:
+					return fmt.Errorf("unexpected options type %T", a)
+				}
+				return nil
+			},
+		),
+	}
+}
+
 // WithTenantID specifies a tenant for a single authentication. It may be different than the tenant set in [New] by [WithAuthority].
 // This option is valid for any token acquisition method.
 func WithTenantID(tenantID string) interface {
@@ -260,6 +289,7 @@ func WithTenantID(tenantID string) interface {
 type acquireTokenSilentOptions struct {
 	account          Account
 	claims, tenantID string
+	authnScheme      AuthenticationScheme
 }
 
 // AcquireSilentOption is implemented by options for AcquireTokenSilent
@@ -310,6 +340,7 @@ func (pca Client) AcquireTokenSilent(ctx context.Context, scopes []string, opts
 		RequestType: accesstokens.ATPublic,
 		IsAppCache:  false,
 		TenantID:    o.tenantID,
+		AuthnScheme: o.authnScheme,
 	}
 
 	return pca.base.AcquireTokenSilent(ctx, silentParameters)
@@ -482,6 +513,7 @@ func (pca Client) RemoveAccount(ctx context.Context, account Account) error {
 type interactiveAuthOptions struct {
 	claims, domainHint, loginHint, redirectURI, tenantID string
 	openURL                                              func(url string) error
+	authnScheme                                          AuthenticationScheme
 }
 
 // AcquireInteractiveOption is implemented by options for AcquireTokenInteractive
@@ -628,6 +660,9 @@ func (pca Client) AcquireTokenInteractive(ctx context.Context, scopes []string,
 	authParams.DomainHint = o.domainHint
 	authParams.State = uuid.New().String()
 	authParams.Prompt = "select_account"
+	if o.authnScheme != nil {
+		authParams.AuthnScheme = o.authnScheme
+	}
 	res, err := pca.browserLogin(ctx, redirectURL, authParams, o.openURL)
 	if err != nil {
 		return AuthResult{}, err
diff --git a/vendor/github.com/DataDog/datadog-agent/pkg/obfuscate/json.go b/vendor/github.com/DataDog/datadog-agent/pkg/obfuscate/json.go
index aef236f312..8252a9f0f3 100644
--- a/vendor/github.com/DataDog/datadog-agent/pkg/obfuscate/json.go
+++ b/vendor/github.com/DataDog/datadog-agent/pkg/obfuscate/json.go
@@ -6,8 +6,10 @@
 package obfuscate
 
 import (
+	"bytes"
 	"strconv"
 	"strings"
+	"sync"
 )
 
 // ObfuscateMongoDBString obfuscates the given MongoDB JSON query.
@@ -35,18 +37,11 @@ func obfuscateJSONString(cmd string, obfuscator *jsonObfuscator) string {
 }
 
 type jsonObfuscator struct {
+	buffPool      sync.Pool       // pool for fixed-length buffers (50 showed to be the optimal running benchmarks with different length)
+	statePool     sync.Pool       // pool for jsonObfuscatorState values
 	keepKeys      map[string]bool // the values for these keys will not be obfuscated
 	transformKeys map[string]bool // the values for these keys pass through the transformer
 	transformer   func(string) string
-
-	scan     *scanner // scanner
-	closures []bool   // closure stack, true if object (e.g. {[{ => []bool{true, false, true})
-	key      bool     // true if scanning a key
-
-	wiped             bool // true if obfuscation string (`"?"`) was already written for current value
-	keeping           bool // true if not obfuscating
-	transformingValue bool // true if collecting the next literal for transformation
-	keepDepth         int  // the depth at which we've stopped obfuscating
 }
 
 func newJSONObfuscator(cfg *JSONConfig, o *Obfuscator) *jsonObfuscator {
@@ -66,11 +61,21 @@ func newJSONObfuscator(cfg *JSONConfig, o *Obfuscator) *jsonObfuscator {
 		}
 	}
 	return &jsonObfuscator{
-		closures:      []bool{},
 		keepKeys:      keepValue,
 		transformKeys: transformKeys,
 		transformer:   transformer,
-		scan:          &scanner{},
+		buffPool: sync.Pool{
+			New: func() any {
+				return new(bytes.Buffer)
+			},
+		},
+		statePool: sync.Pool{
+			New: func() any {
+				return &jsonObfuscatorState{
+					closures: []bool{},
+				}
+			},
+		},
 	}
 }
 
@@ -87,115 +92,138 @@ func sqlObfuscationTransformer(o *Obfuscator) func(string) string {
 	}
 }
 
+type jsonObfuscatorState struct {
+	scan              scanner // scanner
+	closures          []bool  // closure stack, true if object (e.g. {[{ => []bool{true, false, true})
+	keepDepth         int     // the depth at which we've stopped obfuscating
+	key               bool    // true if scanning a key
+	wiped             bool    // true if obfuscation string (`"?"`) was already written for current value
+	keeping           bool    // true if not obfuscating
+	transformingValue bool    // true if collecting the next literal for transformation
+}
+
+func (st *jsonObfuscatorState) reset() {
+	st.scan.reset()
+	st.closures = st.closures[0:0]
+	st.keepDepth = 0
+	st.key = false
+	st.wiped = false
+	st.keeping = false
+	st.transformingValue = false
+}
+
 // setKey verifies if we are currently scanning a key based on the current state
 // and updates the state accordingly. It must be called only after a closure or a
 // value scan has ended.
-func (p *jsonObfuscator) setKey() {
-	n := len(p.closures)
-	p.key = n == 0 || p.closures[n-1] // true if we are at top level or in an object
-	p.wiped = false
+func (st *jsonObfuscatorState) setKey() {
+	n := len(st.closures)
+	st.key = n == 0 || st.closures[n-1] // true if we are at top level or in an object
+	st.wiped = false
 }
 
 func (p *jsonObfuscator) obfuscate(data []byte) (string, error) {
-	var out strings.Builder
-
-	keyBuf := make([]byte, 0, 10) // recording key token
-	valBuf := make([]byte, 0, 10) // recording value
+	if len(data) == 0 {
+		return "", nil
+	}
 
-	p.scan.reset()
+	var out strings.Builder
+	st := p.statePool.Get().(*jsonObfuscatorState)
+	st.reset()
+
+	buf := p.buffPool.Get().(*bytes.Buffer) // recording current token
+	buf.Reset()
+	defer func() {
+		p.statePool.Put(st)
+		p.buffPool.Put(buf)
+	}()
+
+	out.Grow(len(data))
+	buf.Grow(len(data) / 10) // Benchmarks show that the optimal point is a tenth of the data length.
 	for _, c := range data {
-		p.scan.bytes++
-		op := p.scan.step(p.scan, c)
-		depth := len(p.closures)
+		st.scan.bytes++
+		op := st.scan.step(&st.scan, c)
+		depth := len(st.closures)
 		switch op {
 		case scanBeginObject:
 			// object begins: {
-			p.closures = append(p.closures, true)
-			p.setKey()
-			p.transformingValue = false
-
+			st.closures = append(st.closures, true)
+			st.setKey()
+			st.transformingValue = false
 		case scanBeginArray:
 			// array begins: [
-			p.closures = append(p.closures, false)
-			p.setKey()
-			p.transformingValue = false
-
+			st.closures = append(st.closures, false)
+			st.setKey()
+			st.transformingValue = false
 		case scanEndArray, scanEndObject:
 			// array or object closing
-			if n := len(p.closures) - 1; n > 0 {
-				p.closures = p.closures[:n]
+			if n := len(st.closures) - 1; n > 0 {
+				st.closures = st.closures[:n]
 			}
 			fallthrough
-
 		case scanObjectValue, scanArrayValue:
 			// done scanning value
-			p.setKey()
-			if p.transformingValue && p.transformer != nil {
-				v, err := strconv.Unquote(string(valBuf))
+			st.setKey()
+			if st.transformingValue && p.transformer != nil {
+				v, err := strconv.Unquote(buf.String())
 				if err != nil {
-					v = string(valBuf)
+					v = buf.String()
 				}
 				result := p.transformer(v)
 				out.WriteByte('"')
 				out.WriteString(result)
 				out.WriteByte('"')
-				p.transformingValue = false
-				valBuf = valBuf[:0]
-			} else if p.keeping && depth < p.keepDepth {
-				p.keeping = false
+				st.transformingValue = false
+				buf.Reset()
+			} else if st.keeping && depth < st.keepDepth {
+				st.keeping = false
 			}
-
 		case scanBeginLiteral, scanContinue:
 			// starting or continuing a literal
-			if p.transformingValue {
-				valBuf = append(valBuf, c)
+			if st.transformingValue {
+				buf.WriteByte(c)
 				continue
-			} else if p.key {
+			} else if st.key {
 				// it's a key
-				keyBuf = append(keyBuf, c)
-			} else if !p.keeping {
+				buf.WriteByte(c)
+			} else if !st.keeping {
 				// it's a value we're not keeping
-				if !p.wiped {
-					out.Write([]byte(`"?"`))
-					p.wiped = true
+				if !st.wiped {
+					out.WriteString(`"?"`)
+					st.wiped = true
 				}
 				continue
 			}
-
 		case scanObjectKey:
 			// done scanning key
-			k := strings.Trim(string(keyBuf), `"`)
-			if !p.keeping && p.keepKeys[k] {
+			k := string(bytes.Trim(buf.Bytes(), `"`))
+			if !st.keeping && p.keepKeys[k] {
 				// we should not obfuscate values of this key
-				p.keeping = true
-				p.keepDepth = depth + 1
-			} else if !p.transformingValue && p.transformer != nil && p.transformKeys[k] {
+				st.keeping = true
+				st.keepDepth = depth + 1
+			} else if !st.transformingValue && p.transformer != nil && p.transformKeys[k] {
 				// the string value immediately following this key will be passed through the value transformer
 				// if anything other than a literal is found then sql obfuscation is stopped and json obfuscation
 				// proceeds as usual
-				p.transformingValue = true
+				st.transformingValue = true
 			}
-
-			keyBuf = keyBuf[:0]
-			p.key = false
-
+			buf.Reset()
+			st.key = false
 		case scanSkipSpace:
 			continue
-
 		case scanError:
 			// we've encountered an error, mark that there might be more JSON
 			// using the ellipsis and return whatever we've managed to obfuscate
 			// thus far.
-			out.Write([]byte("..."))
-			return out.String(), p.scan.err
+			out.WriteString("...")
+			return out.String(), st.scan.err
 		}
 		out.WriteByte(c)
 	}
-	if p.scan.eof() == scanError {
+	if st.scan.eof() == scanError {
 		// if an error occurred it's fine, simply add the ellipsis to indicate
 		// that the input has been truncated.
 		out.Write([]byte("..."))
-		return out.String(), p.scan.err
+		return out.String(), st.scan.err
 	}
 	return out.String(), nil
 }
diff --git a/vendor/github.com/DataDog/datadog-agent/pkg/obfuscate/json_scanner.go b/vendor/github.com/DataDog/datadog-agent/pkg/obfuscate/json_scanner.go
index 9398632d81..e642aa2c98 100644
--- a/vendor/github.com/DataDog/datadog-agent/pkg/obfuscate/json_scanner.go
+++ b/vendor/github.com/DataDog/datadog-agent/pkg/obfuscate/json_scanner.go
@@ -53,9 +53,6 @@ type scanner struct {
 	// Error that happened, if any.
 	err error
 
-	// 1-byte redo (see undo method)
-	redo bool
-
 	// total bytes consumed, updated by decoder.Decode
 	bytes int64
 }
@@ -101,7 +98,6 @@ func (s *scanner) reset() {
 	s.step = stateBeginValue
 	s.parseState = s.parseState[0:0]
 	s.err = nil
-	s.redo = false
 	s.endTop = false
 }
 
@@ -133,14 +129,13 @@ func (s *scanner) pushParseState(p int) {
 // and updates s.step accordingly.
 func (s *scanner) popParseState() {
 	n := len(s.parseState) - 1
-	s.parseState = s.parseState[0:n]
-	s.redo = false
 	if n == 0 {
 		s.step = stateEndTop
 		s.endTop = true
-	} else {
-		s.step = stateEndValue
+		return
 	}
+	s.parseState = s.parseState[0:n]
+	s.step = stateEndValue
 }
 
 func isSpace(c byte) bool {
@@ -203,8 +198,8 @@ func stateBeginStringOrEmpty(s *scanner, c byte) int {
 	if c <= ' ' && isSpace(c) {
 		return scanSkipSpace
 	}
-	if c == '}' {
-		n := len(s.parseState)
+	n := len(s.parseState)
+	if c == '}' && n > 0 {
 		s.parseState[n-1] = parseObjectValue
 		return stateEndValue(s, c)
 	}
diff --git a/vendor/github.com/DataDog/datadog-agent/pkg/obfuscate/obfuscate.go b/vendor/github.com/DataDog/datadog-agent/pkg/obfuscate/obfuscate.go
index 0de91016de..62ad512bd1 100644
--- a/vendor/github.com/DataDog/datadog-agent/pkg/obfuscate/obfuscate.go
+++ b/vendor/github.com/DataDog/datadog-agent/pkg/obfuscate/obfuscate.go
@@ -82,6 +82,9 @@ type Config struct {
 	// HTTP holds the obfuscation settings for HTTP URLs.
 	HTTP HTTPConfig
 
+	// Redis holds the obfuscation settings for Redis commands.
+	Redis RedisConfig
+
 	// Statsd specifies the statsd client to use for reporting metrics.
 	Statsd StatsClient
 
@@ -152,6 +155,16 @@ type HTTPConfig struct {
 	RemovePathDigits bool
 }
 
+// RedisConfig holds the configuration settings for Redis obfuscation
+type RedisConfig struct {
+	// Enabled specifies whether this feature should be enabled.
+	Enabled bool
+
+	// RemoveAllArgs specifies whether all arguments to a given Redis
+	// command should be obfuscated.
+	RemoveAllArgs bool
+}
+
 // JSONConfig holds the obfuscation configuration for sensitive
 // data found in JSON objects.
 type JSONConfig struct {
diff --git a/vendor/github.com/DataDog/datadog-agent/pkg/obfuscate/redis.go b/vendor/github.com/DataDog/datadog-agent/pkg/obfuscate/redis.go
index 13591af68d..f1cacac15c 100644
--- a/vendor/github.com/DataDog/datadog-agent/pkg/obfuscate/redis.go
+++ b/vendor/github.com/DataDog/datadog-agent/pkg/obfuscate/redis.go
@@ -245,6 +245,45 @@ func obfuscateRedisCmd(out *strings.Builder, cmd string, args ...string) {
 	out.WriteString(strings.Join(args, " "))
 }
 
+// removeAllRedisArgs will take in a command and obfuscate all arguments following
+// the command, regardless of if the command is valid Redis or not
+func (*Obfuscator) RemoveAllRedisArgs(rediscmd string) string {
+	fullCmd := strings.Fields(rediscmd)
+	if len(fullCmd) == 0 {
+		return ""
+	}
+	cmd, args := fullCmd[0], fullCmd[1:]
+
+	var out strings.Builder
+	out.WriteString(cmd)
+	if len(args) == 0 {
+		return out.String()
+	}
+
+	out.WriteByte(' ')
+	switch strings.ToUpper(cmd) {
+	case "BITFIELD":
+		out.WriteString("?")
+		for _, a := range args {
+			arg := strings.ToUpper(a)
+			if arg == "SET" || arg == "GET" || arg == "INCRBY" {
+				out.WriteString(strings.Join([]string{"", a, "?"}, " "))
+			}
+		}
+	case "CONFIG":
+		arg := strings.ToUpper(args[0])
+		if arg == "GET" || arg == "SET" || arg == "RESETSTAT" || arg == "REWRITE" {
+			out.WriteString(strings.Join([]string{args[0], "?"}, " "))
+		} else {
+			out.WriteString("?")
+		}
+	default:
+		out.WriteString("?")
+	}
+
+	return out.String()
+}
+
 func obfuscateRedisArgN(args []string, n int) {
 	if len(args) > n {
 		args[n] = "?"
diff --git a/vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/README.md b/vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/README.md
new file mode 100644
index 0000000000..a42ffb54e4
--- /dev/null
+++ b/vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/README.md
@@ -0,0 +1,5 @@
+# Remote Config Go client
+
+This package powers the Remote Config client shipped in the Go tracer and in all the agent processes (core-agent, trace-agent, system-probe, ...).
+
+To add a new product simply add it to `products.go` as a constant and in the `validProducts` set.
diff --git a/vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/agent_config.go b/vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/agent_config.go
new file mode 100644
index 0000000000..f6df6a9375
--- /dev/null
+++ b/vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/agent_config.go
@@ -0,0 +1,159 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2023-present Datadog, Inc.
+
+package state
+
+import (
+	"encoding/json"
+	"fmt"
+	"regexp"
+
+	"github.com/pkg/errors"
+)
+
+const agentConfigOrderID = "configuration_order"
+
+var datadogConfigIDRegexp = regexp.MustCompile(`^datadog/\d+/AGENT_CONFIG/([^/]+)/[^/]+$`)
+
+// AgentConfig is a deserialized agent configuration file
+// along with the associated metadata
+type AgentConfig struct {
+	Config   agentConfigData
+	Metadata Metadata
+}
+
+// ConfigContent contains the configurations set by remote-config
+type ConfigContent struct {
+	LogLevel string `json:"log_level"`
+}
+
+type agentConfigData struct {
+	Name   string        `json:"name"`
+	Config ConfigContent `json:"config"`
+}
+
+// AgentConfigOrder is a deserialized agent configuration file
+// along with the associated metadata
+type AgentConfigOrder struct {
+	Config   agentConfigOrderData
+	Metadata Metadata
+}
+
+type agentConfigOrderData struct {
+	Order         []string `json:"order"`
+	InternalOrder []string `json:"internal_order"`
+}
+
+// AgentConfigState contains the state of the config in case of fallback or override
+type AgentConfigState struct {
+	FallbackLogLevel string
+	LatestLogLevel   string
+}
+
+// parseConfigAgentConfig parses an agent task config
+func parseConfigAgentConfig(data []byte, metadata Metadata) (AgentConfig, error) {
+	var d agentConfigData
+
+	err := json.Unmarshal(data, &d)
+	if err != nil {
+		return AgentConfig{}, fmt.Errorf("Unexpected AGENT_CONFIG received through remote-config: %s", err)
+	}
+
+	return AgentConfig{
+		Config:   d,
+		Metadata: metadata,
+	}, nil
+}
+
+// parseConfigAgentConfig parses an agent task config
+func parseConfigAgentConfigOrder(data []byte, metadata Metadata) (AgentConfigOrder, error) {
+	var d agentConfigOrderData
+
+	err := json.Unmarshal(data, &d)
+	if err != nil {
+		return AgentConfigOrder{}, fmt.Errorf("Unexpected AGENT_CONFIG received through remote-config: %s", err)
+	}
+
+	return AgentConfigOrder{
+		Config:   d,
+		Metadata: metadata,
+	}, nil
+}
+
+// MergeRCAgentConfig is the callback function called when there is an AGENT_CONFIG config update
+// The RCClient can directly call back listeners, because there would be no way to send back
+// RCTE2 configuration applied state to RC backend.
+func MergeRCAgentConfig(applyStatus func(cfgPath string, status ApplyStatus), updates map[string]RawConfig) (ConfigContent, error) {
+	var orderFile AgentConfigOrder
+	var hasError bool
+	var fullErr error
+	parsedLayers := map[string]AgentConfig{}
+
+	for configPath, c := range updates {
+		var err error
+		matched := datadogConfigIDRegexp.FindStringSubmatch(configPath)
+		if len(matched) != 2 {
+			err = fmt.Errorf("config file path '%s' has wrong format", configPath)
+			hasError = true
+			fullErr = errors.Wrap(fullErr, err.Error())
+			applyStatus(configPath, ApplyStatus{
+				State: ApplyStateError,
+				Error: err.Error(),
+			})
+			// If a layer is wrong, fail later to parse the rest and check them all
+			continue
+		}
+
+		parsedConfigID := matched[1]
+
+		// Ignore the configuration order file
+		if parsedConfigID == agentConfigOrderID {
+			orderFile, err = parseConfigAgentConfigOrder(c.Config, c.Metadata)
+			if err != nil {
+				hasError = true
+				fullErr = errors.Wrap(fullErr, err.Error())
+				applyStatus(configPath, ApplyStatus{
+					State: ApplyStateError,
+					Error: err.Error(),
+				})
+				// If a layer is wrong, fail later to parse the rest and check them all
+				continue
+			}
+		} else {
+			cfg, err := parseConfigAgentConfig(c.Config, c.Metadata)
+			if err != nil {
+				hasError = true
+				applyStatus(configPath, ApplyStatus{
+					State: ApplyStateError,
+					Error: err.Error(),
+				})
+				// If a layer is wrong, fail later to parse the rest and check them all
+				continue
+			}
+			parsedLayers[parsedConfigID] = cfg
+		}
+	}
+
+	// If there was at least one error, don't apply any config
+	if hasError || (len(orderFile.Config.Order) == 0 && len(orderFile.Config.InternalOrder) == 0) {
+		return ConfigContent{}, fullErr
+	}
+
+	// Go through all the layers that were sent, and apply them one by one to the merged structure
+	mergedConfig := ConfigContent{}
+	for i := len(orderFile.Config.Order) - 1; i >= 0; i-- {
+		if layer, found := parsedLayers[orderFile.Config.Order[i]]; found {
+			mergedConfig.LogLevel = layer.Config.Config.LogLevel
+		}
+	}
+	// Same for internal config
+	for i := len(orderFile.Config.InternalOrder) - 1; i >= 0; i-- {
+		if layer, found := parsedLayers[orderFile.Config.InternalOrder[i]]; found {
+			mergedConfig.LogLevel = layer.Config.Config.LogLevel
+		}
+	}
+
+	return mergedConfig, nil
+}
diff --git a/vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/configs.go b/vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/configs.go
index 0df551cc96..06fdb27309 100644
--- a/vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/configs.go
+++ b/vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/configs.go
@@ -13,308 +13,49 @@ import (
 	"github.com/DataDog/go-tuf/data"
 )
 
-/*
-	To add support for a new product:
-
-	1. Add the definition of the product to the const() block of products and the `allProducts` list.
-	2. Define the serialized configuration struct as well as a function to parse the config from a []byte.
-	3. Add the product to the `parseConfig` function
-	4. Add a method on the `Repository` to retrieved typed configs for the product.
-*/
-
-var allProducts = []string{ProductAPMSampling, ProductCWSDD, ProductCWSCustom, ProductCWSProfiles, ProductASM, ProductASMFeatures, ProductASMDD, ProductASMData, ProductAPMTracing}
-
-const (
-	// ProductAPMSampling is the apm sampling product
-	ProductAPMSampling = "APM_SAMPLING"
-	// ProductCWSDD is the cloud workload security product managed by datadog employees
-	ProductCWSDD = "CWS_DD"
-	// ProductCWSCustom is the cloud workload security product managed by datadog customers
-	ProductCWSCustom = "CWS_CUSTOM"
-	// ProductCWSProfile is the cloud workload security profile product
-	ProductCWSProfiles = "CWS_SECURITY_PROFILES"
-	// ProductASM is the ASM product used by customers to issue rules configurations
-	ProductASM = "ASM"
-	// ProductASMFeatures is the ASM product used form ASM activation through remote config
-	ProductASMFeatures = "ASM_FEATURES"
-	// ProductASMDD is the application security monitoring product managed by datadog employees
-	ProductASMDD = "ASM_DD"
-	// ProductASMData is the ASM product used to configure WAF rules data
-	ProductASMData = "ASM_DATA"
-	// ProductAPMTracing is the apm tracing product
-	ProductAPMTracing = "APM_TRACING"
-)
-
 // ErrNoConfigVersion occurs when a target file's custom meta is missing the config version
 var ErrNoConfigVersion = errors.New("version missing in custom file meta")
 
 func parseConfig(product string, raw []byte, metadata Metadata) (interface{}, error) {
-	var c interface{}
-	var err error
+	if _, validProduct := validProducts[product]; !validProduct {
+		return nil, fmt.Errorf("unknown product: %s", product)
+	}
+
 	switch product {
-	case ProductAPMSampling:
-		c, err = parseConfigAPMSampling(raw, metadata)
+	// ASM products are parsed directly in this client
 	case ProductASMFeatures:
-		c, err = parseASMFeaturesConfig(raw, metadata)
-	case ProductCWSDD:
-		c, err = parseConfigCWSDD(raw, metadata)
-	case ProductCWSCustom:
-		c, err = parseConfigCWSCustom(raw, metadata)
-	case ProductCWSProfiles:
-		c, err = parseConfigCWSProfiles(raw, metadata)
-	case ProductASM:
-		c, err = parseConfigASM(raw, metadata)
+		return parseASMFeaturesConfig(raw, metadata)
 	case ProductASMDD:
-		c, err = parseConfigASMDD(raw, metadata)
+		return parseConfigASMDD(raw, metadata)
 	case ProductASMData:
-		c, err = parseConfigASMData(raw, metadata)
-	case ProductAPMTracing:
-		c, err = parseConfigAPMTracing(raw, metadata)
+		return parseConfigASMData(raw, metadata)
+	// case ProductAgentTask:
+	// 	return ParseConfigAgentTask(raw, metadata)
+	// Other products are parsed separately
 	default:
-		return nil, fmt.Errorf("unknown product - %s", product)
-	}
-
-	return c, err
-}
-
-// APMSamplingConfig is a deserialized APM Sampling configuration file
-// along with its associated remote config metadata.
-type APMSamplingConfig struct {
-	Config   []byte
-	Metadata Metadata
-}
-
-func parseConfigAPMSampling(data []byte, metadata Metadata) (APMSamplingConfig, error) {
-	// We actually don't parse the payload here, we delegate this responsibility to the trace agent
-	return APMSamplingConfig{
-		Config:   data,
-		Metadata: metadata,
-	}, nil
-}
-
-// APMConfigs returns the currently active APM configs
-func (r *Repository) APMConfigs() map[string]APMSamplingConfig {
-	typedConfigs := make(map[string]APMSamplingConfig)
-
-	configs := r.getConfigs(ProductAPMSampling)
-
-	for path, conf := range configs {
-		// We control this, so if this has gone wrong something has gone horribly wrong
-		typed, ok := conf.(APMSamplingConfig)
-		if !ok {
-			panic("unexpected config stored as APMSamplingConfig")
-		}
-
-		typedConfigs[path] = typed
-	}
-
-	return typedConfigs
-}
-
-// ConfigCWSDD is a deserialized CWS DD configuration file along with its
-// associated remote config metadata
-type ConfigCWSDD struct {
-	Config   []byte
-	Metadata Metadata
-}
-
-func parseConfigCWSDD(data []byte, metadata Metadata) (ConfigCWSDD, error) {
-	return ConfigCWSDD{
-		Config:   data,
-		Metadata: metadata,
-	}, nil
-}
-
-// CWSDDConfigs returns the currently active CWSDD config files
-func (r *Repository) CWSDDConfigs() map[string]ConfigCWSDD {
-	typedConfigs := make(map[string]ConfigCWSDD)
-
-	configs := r.getConfigs(ProductCWSDD)
-
-	for path, conf := range configs {
-		// We control this, so if this has gone wrong something has gone horribly wrong
-		typed, ok := conf.(ConfigCWSDD)
-		if !ok {
-			panic("unexpected config stored as CWSDD Config")
-		}
-
-		typedConfigs[path] = typed
-	}
-
-	return typedConfigs
-}
-
-// ConfigCWSCustom is a deserialized CWS Custom configuration file along with its
-// associated remote config metadata
-type ConfigCWSCustom struct {
-	Config   []byte
-	Metadata Metadata
-}
-
-func parseConfigCWSCustom(data []byte, metadata Metadata) (ConfigCWSCustom, error) {
-	return ConfigCWSCustom{
-		Config:   data,
-		Metadata: metadata,
-	}, nil
-}
-
-// CWSCustomConfigs returns the currently active CWSCustom config files
-func (r *Repository) CWSCustomConfigs() map[string]ConfigCWSCustom {
-	typedConfigs := make(map[string]ConfigCWSCustom)
-
-	configs := r.getConfigs(ProductCWSCustom)
-
-	for path, conf := range configs {
-		// We control this, so if this has gone wrong something has gone horribly wrong
-		typed, ok := conf.(ConfigCWSCustom)
-		if !ok {
-			panic("unexpected config stored as CWS_CUSTOM Config")
-		}
-
-		typedConfigs[path] = typed
-	}
-
-	return typedConfigs
-}
-
-// ConfigCWSProfiles is a deserialized CWS Profile configuration file along with its
-// associated remote config metadata
-type ConfigCWSProfiles struct {
-	Config   []byte
-	Metadata Metadata
-}
-
-func parseConfigCWSProfiles(data []byte, metadata Metadata) (ConfigCWSProfiles, error) {
-	return ConfigCWSProfiles{
-		Config:   data,
-		Metadata: metadata,
-	}, nil
-}
-
-// CWSProfilesConfigs returns the currently active CWSProfiles config files
-func (r *Repository) CWSProfilesConfigs() map[string]ConfigCWSProfiles {
-	typedConfigs := make(map[string]ConfigCWSProfiles)
-
-	configs := r.getConfigs(ProductCWSProfiles)
-
-	for path, conf := range configs {
-		// We control this, so if this has gone wrong something has gone horribly wrong
-		typed, ok := conf.(ConfigCWSProfiles)
-		if !ok {
-			panic("unexpected config stored as CWS_SECURITY_PROFILES Config")
-		}
-
-		typedConfigs[path] = typed
-	}
-
-	return typedConfigs
-}
-
-// ConfigASM is a deserialized ASM configuration file along with its
-// associated remote config metadata
-type ConfigASM struct {
-	Config   []byte
-	Metadata Metadata
-}
-
-func parseConfigASM(data []byte, metadata Metadata) (ConfigASMDD, error) {
-	return ConfigASMDD{
-		Config:   data,
-		Metadata: metadata,
-	}, nil
-}
-
-// ASMConfigs returns the currently active ASM configs
-func (r *Repository) ASMConfigs() map[string]ConfigASM {
-	typedConfigs := make(map[string]ConfigASM)
-
-	configs := r.getConfigs(ProductASM)
-
-	for path, conf := range configs {
-		// We control this, so if this has gone wrong something has gone horribly wrong
-		typed, ok := conf.(ConfigASM)
-		if !ok {
-			panic("unexpected config stored as ASM Config")
-		}
-
-		typedConfigs[path] = typed
+		return RawConfig{
+			Config:   raw,
+			Metadata: metadata,
+		}, nil
 	}
-
-	return typedConfigs
 }
 
-// ConfigASMDD is a deserialized ASM DD configuration file along with its
-// associated remote config metadata
-type ConfigASMDD struct {
+// RawConfig holds a config that will be parsed separately
+type RawConfig struct {
 	Config   []byte
 	Metadata Metadata
 }
 
-func parseConfigASMDD(data []byte, metadata Metadata) (ConfigASMDD, error) {
-	return ConfigASMDD{
-		Config:   data,
-		Metadata: metadata,
-	}, nil
-}
-
-// ASMDDConfigs returns the currently active ASMDD configs
-func (r *Repository) ASMDDConfigs() map[string]ConfigASMDD {
-	typedConfigs := make(map[string]ConfigASMDD)
-
-	configs := r.getConfigs(ProductASMDD)
-
-	for path, conf := range configs {
-		// We control this, so if this has gone wrong something has gone horribly wrong
-		typed, ok := conf.(ConfigASMDD)
-		if !ok {
-			panic("unexpected config stored as ASMDD Config")
-		}
-
-		typedConfigs[path] = typed
-	}
-
-	return typedConfigs
-}
-
-// ASMFeaturesConfig is a deserialized configuration file that indicates whether ASM should be enabled
-// within a tracer, along with its associated remote config metadata.
-type ASMFeaturesConfig struct {
-	Config   ASMFeaturesData
-	Metadata Metadata
-}
-
-// ASMFeaturesData describes the enabled state of ASM features
-type ASMFeaturesData struct {
-	ASM struct {
-		Enabled bool `json:"enabled"`
-	} `json:"asm"`
-}
-
-func parseASMFeaturesConfig(data []byte, metadata Metadata) (ASMFeaturesConfig, error) {
-	var f ASMFeaturesData
-
-	err := json.Unmarshal(data, &f)
-	if err != nil {
-		return ASMFeaturesConfig{}, nil
-	}
-
-	return ASMFeaturesConfig{
-		Config:   f,
-		Metadata: metadata,
-	}, nil
-}
-
-// ASMFeaturesConfigs returns the currently active ASMFeatures configs
-func (r *Repository) ASMFeaturesConfigs() map[string]ASMFeaturesConfig {
-	typedConfigs := make(map[string]ASMFeaturesConfig)
-
-	configs := r.getConfigs(ProductASMFeatures)
+// GetConfigs returns the current configs of a given product
+func (r *Repository) GetConfigs(product string) map[string]RawConfig {
+	typedConfigs := make(map[string]RawConfig)
+	configs := r.getConfigs(product)
 
 	for path, conf := range configs {
 		// We control this, so if this has gone wrong something has gone horribly wrong
-		typed, ok := conf.(ASMFeaturesConfig)
+		typed, ok := conf.(RawConfig)
 		if !ok {
-			panic("unexpected config stored as ASMFeaturesConfig")
+			panic("unexpected config stored as RawConfig")
 		}
 
 		typedConfigs[path] = typed
@@ -323,103 +64,6 @@ func (r *Repository) ASMFeaturesConfigs() map[string]ASMFeaturesConfig {
 	return typedConfigs
 }
 
-// ApplyState represents the status of a configuration application by a remote configuration client
-// Clients need to either ack the correct application of received configurations, or communicate that
-// they haven't applied it yet, or communicate any error that may have happened while doing so
-type ApplyState uint64
-
-const (
-	ApplyStateUnknown ApplyState = iota
-	ApplyStateUnacknowledged
-	ApplyStateAcknowledged
-	ApplyStateError
-)
-
-// ApplyStatus is the processing status for a given configuration.
-// It basically represents whether a config was successfully processed and apply, or if an error occurred
-type ApplyStatus struct {
-	State ApplyState
-	Error string
-}
-
-// ASMDataConfig is a deserialized configuration file that holds rules data that can be used
-// by the ASM WAF for specific features (example: ip blocking).
-type ASMDataConfig struct {
-	Config   ASMDataRulesData
-	Metadata Metadata
-}
-
-// ASMDataRulesData is a serializable array of rules data entries
-type ASMDataRulesData struct {
-	RulesData []ASMDataRuleData `json:"rules_data"`
-}
-
-// ASMDataRuleData is an entry in the rules data list held by an ASMData configuration
-type ASMDataRuleData struct {
-	ID   string                 `json:"id"`
-	Type string                 `json:"type"`
-	Data []ASMDataRuleDataEntry `json:"data"`
-}
-
-// ASMDataRuleDataEntry represents a data entry in a rule data file
-type ASMDataRuleDataEntry struct {
-	Expiration int64  `json:"expiration,omitempty"`
-	Value      string `json:"value"`
-}
-
-func parseConfigASMData(data []byte, metadata Metadata) (ASMDataConfig, error) {
-	cfg := ASMDataConfig{
-		Metadata: metadata,
-	}
-	err := json.Unmarshal(data, &cfg.Config)
-	return cfg, err
-}
-
-// ASMDataConfigs returns the currently active ASMData configs
-func (r *Repository) ASMDataConfigs() map[string]ASMDataConfig {
-	typedConfigs := make(map[string]ASMDataConfig)
-	configs := r.getConfigs(ProductASMData)
-
-	for path, cfg := range configs {
-		// We control this, so if this has gone wrong something has gone horribly wrong
-		typed, ok := cfg.(ASMDataConfig)
-		if !ok {
-			panic("unexpected config stored as ASMDataConfig")
-		}
-		typedConfigs[path] = typed
-	}
-
-	return typedConfigs
-}
-
-type APMTracingConfig struct {
-	Config   []byte
-	Metadata Metadata
-}
-
-func parseConfigAPMTracing(data []byte, metadata Metadata) (APMTracingConfig, error) {
-	// Delegate the parsing responsibility to the cluster agent
-	return APMTracingConfig{
-		Config:   data,
-		Metadata: metadata,
-	}, nil
-}
-
-// APMTracingConfigs returns the currently active APMTracing configs
-func (r *Repository) APMTracingConfigs() map[string]APMTracingConfig {
-	typedConfigs := make(map[string]APMTracingConfig)
-	configs := r.getConfigs(ProductAPMTracing)
-	for path, conf := range configs {
-		// We control this, so if this has gone wrong something has gone horribly wrong
-		typed, ok := conf.(APMTracingConfig)
-		if !ok {
-			panic("unexpected config stored as APMTracingConfig")
-		}
-		typedConfigs[path] = typed
-	}
-	return typedConfigs
-}
-
 // Metadata stores remote config metadata for a given configuration
 type Metadata struct {
 	Product     string
diff --git a/vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/configs_agent_task.go b/vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/configs_agent_task.go
new file mode 100644
index 0000000000..618bf73354
--- /dev/null
+++ b/vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/configs_agent_task.go
@@ -0,0 +1,59 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2023-present Datadog, Inc.
+
+package state
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// AgentTaskConfig is a deserialized agent task configuration file
+// along with the associated metadata
+type AgentTaskConfig struct {
+	Config   AgentTaskData
+	Metadata Metadata
+}
+
+// AgentTaskData is the content of a agent task configuration file
+type AgentTaskData struct {
+	TaskType string            `json:"task_type"`
+	UUID     string            `json:"uuid"`
+	TaskArgs map[string]string `json:"args"`
+}
+
+// ParseConfigAgentTask parses an agent task config
+func ParseConfigAgentTask(data []byte, metadata Metadata) (AgentTaskConfig, error) {
+	var d AgentTaskData
+
+	err := json.Unmarshal(data, &d)
+	if err != nil {
+		return AgentTaskConfig{}, fmt.Errorf("Unexpected AGENT_TASK received through remote-config: %s", err)
+	}
+
+	return AgentTaskConfig{
+		Config:   d,
+		Metadata: metadata,
+	}, nil
+}
+
+// AgentTaskConfigs returns the currently active AGENT_TASK configs
+func (r *Repository) AgentTaskConfigs() map[string]AgentTaskConfig {
+	typedConfigs := make(map[string]AgentTaskConfig)
+
+	configs := r.getConfigs(ProductAgentTask)
+
+	for path, conf := range configs {
+		// We control this, so if this has gone wrong something has gone horribly wrong
+		typed, ok := conf.(AgentTaskConfig)
+		if !ok {
+			panic("unexpected config stored as AgentTaskConfigs")
+		}
+
+		typedConfigs[path] = typed
+	}
+
+	return typedConfigs
+}
diff --git a/vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/configs_asm.go b/vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/configs_asm.go
new file mode 100644
index 0000000000..ac7a918e8e
--- /dev/null
+++ b/vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/configs_asm.go
@@ -0,0 +1,159 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2022-present Datadog, Inc.
+
+package state
+
+import (
+	"encoding/json"
+)
+
+// ConfigASMDD is a deserialized ASM DD configuration file along with its
+// associated remote config metadata
+type ConfigASMDD struct {
+	Config   []byte
+	Metadata Metadata
+}
+
+func parseConfigASMDD(data []byte, metadata Metadata) (ConfigASMDD, error) {
+	return ConfigASMDD{
+		Config:   data,
+		Metadata: metadata,
+	}, nil
+}
+
+// ASMDDConfigs returns the currently active ASMDD configs
+func (r *Repository) ASMDDConfigs() map[string]ConfigASMDD {
+	typedConfigs := make(map[string]ConfigASMDD)
+
+	configs := r.getConfigs(ProductASMDD)
+
+	for path, conf := range configs {
+		// We control this, so if this has gone wrong something has gone horribly wrong
+		typed, ok := conf.(ConfigASMDD)
+		if !ok {
+			panic("unexpected config stored as ASMDD Config")
+		}
+
+		typedConfigs[path] = typed
+	}
+
+	return typedConfigs
+}
+
+// ASMFeaturesConfig is a deserialized configuration file that indicates whether ASM should be enabled
+// within a tracer, along with its associated remote config metadata.
+type ASMFeaturesConfig struct {
+	Config   ASMFeaturesData
+	Metadata Metadata
+}
+
+// ASMFeaturesData describes the enabled state of ASM features
+type ASMFeaturesData struct {
+	ASM struct {
+		Enabled bool `json:"enabled"`
+	} `json:"asm"`
+}
+
+func parseASMFeaturesConfig(data []byte, metadata Metadata) (ASMFeaturesConfig, error) {
+	var f ASMFeaturesData
+
+	err := json.Unmarshal(data, &f)
+	if err != nil {
+		return ASMFeaturesConfig{}, nil
+	}
+
+	return ASMFeaturesConfig{
+		Config:   f,
+		Metadata: metadata,
+	}, nil
+}
+
+// ASMFeaturesConfigs returns the currently active ASMFeatures configs
+func (r *Repository) ASMFeaturesConfigs() map[string]ASMFeaturesConfig {
+	typedConfigs := make(map[string]ASMFeaturesConfig)
+
+	configs := r.getConfigs(ProductASMFeatures)
+
+	for path, conf := range configs {
+		// We control this, so if this has gone wrong something has gone horribly wrong
+		typed, ok := conf.(ASMFeaturesConfig)
+		if !ok {
+			panic("unexpected config stored as ASMFeaturesConfig")
+		}
+
+		typedConfigs[path] = typed
+	}
+
+	return typedConfigs
+}
+
+// ApplyState represents the status of a configuration application by a remote configuration client
+// Clients need to either ack the correct application of received configurations, or communicate that
+// they haven't applied it yet, or communicate any error that may have happened while doing so
+type ApplyState uint64
+
+const (
+	ApplyStateUnknown ApplyState = iota
+	ApplyStateUnacknowledged
+	ApplyStateAcknowledged
+	ApplyStateError
+)
+
+// ApplyStatus is the processing status for a given configuration.
+// It basically represents whether a config was successfully processed and apply, or if an error occurred
+type ApplyStatus struct {
+	State ApplyState
+	Error string
+}
+
+// ASMDataConfig is a deserialized configuration file that holds rules data that can be used
+// by the ASM WAF for specific features (example: ip blocking).
+type ASMDataConfig struct {
+	Config   ASMDataRulesData
+	Metadata Metadata
+}
+
+// ASMDataRulesData is a serializable array of rules data entries
+type ASMDataRulesData struct {
+	RulesData []ASMDataRuleData `json:"rules_data"`
+}
+
+// ASMDataRuleData is an entry in the rules data list held by an ASMData configuration
+type ASMDataRuleData struct {
+	ID   string                 `json:"id"`
+	Type string                 `json:"type"`
+	Data []ASMDataRuleDataEntry `json:"data"`
+}
+
+// ASMDataRuleDataEntry represents a data entry in a rule data file
+type ASMDataRuleDataEntry struct {
+	Expiration int64  `json:"expiration,omitempty"`
+	Value      string `json:"value"`
+}
+
+func parseConfigASMData(data []byte, metadata Metadata) (ASMDataConfig, error) {
+	cfg := ASMDataConfig{
+		Metadata: metadata,
+	}
+	err := json.Unmarshal(data, &cfg.Config)
+	return cfg, err
+}
+
+// ASMDataConfigs returns the currently active ASMData configs
+func (r *Repository) ASMDataConfigs() map[string]ASMDataConfig {
+	typedConfigs := make(map[string]ASMDataConfig)
+	configs := r.getConfigs(ProductASMData)
+
+	for path, cfg := range configs {
+		// We control this, so if this has gone wrong something has gone horribly wrong
+		typed, ok := cfg.(ASMDataConfig)
+		if !ok {
+			panic("unexpected config stored as ASMDataConfig")
+		}
+		typedConfigs[path] = typed
+	}
+
+	return typedConfigs
+}
diff --git a/vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/products.go b/vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/products.go
new file mode 100644
index 0000000000..96f635df62
--- /dev/null
+++ b/vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/products.go
@@ -0,0 +1,45 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2022-present Datadog, Inc.
+
+package state
+
+var validProducts = map[string]struct{}{
+	ProductAgentConfig: {},
+	ProductAgentTask:   {},
+	ProductAPMSampling: {},
+	ProductCWSDD:       {},
+	ProductCWSCustom:   {},
+	ProductCWSProfiles: {},
+	ProductASM:         {},
+	ProductASMFeatures: {},
+	ProductASMDD:       {},
+	ProductASMData:     {},
+	ProductAPMTracing:  {},
+}
+
+const (
+	// ProductAgentConfig is to receive agent configurations, like the log level
+	ProductAgentConfig = "AGENT_CONFIG"
+	// ProductAgentTask is to receive agent task instruction, like a flare
+	ProductAgentTask = "AGENT_TASK"
+	// ProductAPMSampling is the apm sampling product
+	ProductAPMSampling = "APM_SAMPLING"
+	// ProductCWSDD is the cloud workload security product managed by datadog employees
+	ProductCWSDD = "CWS_DD"
+	// ProductCWSCustom is the cloud workload security product managed by datadog customers
+	ProductCWSCustom = "CWS_CUSTOM"
+	// ProductCWSProfiles is the cloud workload security profile product
+	ProductCWSProfiles = "CWS_SECURITY_PROFILES"
+	// ProductASM is the ASM product used by customers to issue rules configurations
+	ProductASM = "ASM"
+	// ProductASMFeatures is the ASM product used form ASM activation through remote config
+	ProductASMFeatures = "ASM_FEATURES"
+	// ProductASMDD is the application security monitoring product managed by datadog employees
+	ProductASMDD = "ASM_DD"
+	// ProductASMData is the ASM product used to configure WAF rules data
+	ProductASMData = "ASM_DATA"
+	// ProductAPMTracing is the apm tracing product
+	ProductAPMTracing = "APM_TRACING"
+)
diff --git a/vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/repository.go b/vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/repository.go
index 06758cc805..ced2a3db2d 100644
--- a/vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/repository.go
+++ b/vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/repository.go
@@ -92,7 +92,7 @@ func NewRepository(embeddedRoot []byte) (*Repository, error) {
 	}
 
 	configs := make(map[string]map[string]interface{})
-	for _, product := range allProducts {
+	for product := range validProducts {
 		configs[product] = make(map[string]interface{})
 	}
 
@@ -117,7 +117,7 @@ func NewRepository(embeddedRoot []byte) (*Repository, error) {
 // to not have to send the initial "embedded" root.
 func NewUnverifiedRepository() (*Repository, error) {
 	configs := make(map[string]map[string]interface{})
-	for _, product := range allProducts {
+	for product := range validProducts {
 		configs[product] = make(map[string]interface{})
 	}
 
@@ -364,8 +364,8 @@ type updateResult struct {
 func newUpdateResult() updateResult {
 	changed := make(map[string]map[string]interface{})
 
-	for _, p := range allProducts {
-		changed[p] = make(map[string]interface{})
+	for product := range validProducts {
+		changed[product] = make(map[string]interface{})
 	}
 
 	return updateResult{
diff --git a/vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/tuf.go b/vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/tuf.go
index 3cc712d9cc..f67ab9c198 100644
--- a/vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/tuf.go
+++ b/vendor/github.com/DataDog/datadog-agent/pkg/remoteconfig/state/tuf.go
@@ -30,7 +30,7 @@ func newTufRootsClient(root []byte) (*tufRootsClient, error) {
 	rootRemoteStore := &rootClientRemoteStore{}
 	rootClient := client.NewClient(rootLocalStore, rootRemoteStore)
 
-	err := rootClient.InitLocal(root)
+	err := rootClient.Init(root)
 	if err != nil {
 		return nil, err
 	}
diff --git a/vendor/github.com/DataDog/go-libddwaf/embed_darwin_amd64.go b/vendor/github.com/DataDog/go-libddwaf/embed_darwin_amd64.go
index 952d4130e4..272d90c90d 100644
--- a/vendor/github.com/DataDog/go-libddwaf/embed_darwin_amd64.go
+++ b/vendor/github.com/DataDog/go-libddwaf/embed_darwin_amd64.go
@@ -3,7 +3,7 @@
 // This product includes software developed at Datadog (https://www.datadoghq.com/).
 // Copyright 2016-present Datadog, Inc.
 
-//go:build darwin && amd64 && !go1.21
+//go:build darwin && amd64 && !go1.22
 
 package waf
 
diff --git a/vendor/github.com/DataDog/go-libddwaf/embed_darwin_arm64.go b/vendor/github.com/DataDog/go-libddwaf/embed_darwin_arm64.go
index 0a3bc72ac0..1d3f614bd8 100644
--- a/vendor/github.com/DataDog/go-libddwaf/embed_darwin_arm64.go
+++ b/vendor/github.com/DataDog/go-libddwaf/embed_darwin_arm64.go
@@ -3,7 +3,7 @@
 // This product includes software developed at Datadog (https://www.datadoghq.com/).
 // Copyright 2016-present Datadog, Inc.
 
-//go:build darwin && arm64 && !go1.21
+//go:build darwin && arm64 && !go1.22
 
 package waf
 
diff --git a/vendor/github.com/DataDog/go-libddwaf/embed_linux_amd64.go b/vendor/github.com/DataDog/go-libddwaf/embed_linux_amd64.go
index 55d6693b32..aea4478355 100644
--- a/vendor/github.com/DataDog/go-libddwaf/embed_linux_amd64.go
+++ b/vendor/github.com/DataDog/go-libddwaf/embed_linux_amd64.go
@@ -3,7 +3,7 @@
 // This product includes software developed at Datadog (https://www.datadoghq.com/).
 // Copyright 2016-present Datadog, Inc.
 
-//go:build linux && amd64 && !go1.21
+//go:build linux && amd64 && !go1.22
 
 package waf
 
diff --git a/vendor/github.com/DataDog/go-libddwaf/embed_linux_arm64.go b/vendor/github.com/DataDog/go-libddwaf/embed_linux_arm64.go
index fe55f81ebc..bdd2b37b84 100644
--- a/vendor/github.com/DataDog/go-libddwaf/embed_linux_arm64.go
+++ b/vendor/github.com/DataDog/go-libddwaf/embed_linux_arm64.go
@@ -3,7 +3,7 @@
 // This product includes software developed at Datadog (https://www.datadoghq.com/).
 // Copyright 2016-present Datadog, Inc.
 
-//go:build linux && arm64 && !go1.21
+//go:build linux && arm64 && !go1.22
 
 package waf
 
diff --git a/vendor/github.com/DataDog/go-libddwaf/handle.go b/vendor/github.com/DataDog/go-libddwaf/handle.go
index c7652a81ff..a77aa0e502 100644
--- a/vendor/github.com/DataDog/go-libddwaf/handle.go
+++ b/vendor/github.com/DataDog/go-libddwaf/handle.go
@@ -103,6 +103,43 @@ func (handle *Handle) Addresses() []string {
 	return wafLib.wafRequiredAddresses(handle.cHandle)
 }
 
+// Update the ruleset of a WAF instance into a new handle on its own
+// the previous handle still needs to be closed manually
+func (handle *Handle) Update(newRules any) (*Handle, error) {
+
+	encoder := newMaxEncoder()
+	obj, err := encoder.Encode(newRules)
+	if err != nil {
+		return nil, fmt.Errorf("could not encode the WAF ruleset into a WAF object: %w", err)
+	}
+
+	cRulesetInfo := new(wafRulesetInfo)
+
+	cHandle := wafLib.wafUpdate(handle.cHandle, obj, cRulesetInfo)
+	keepAlive(encoder.cgoRefs)
+	if cHandle == 0 {
+		return nil, errors.New("could not update the WAF instance")
+	}
+
+	defer wafLib.wafRulesetInfoFree(cRulesetInfo)
+
+	errorsMap, err := decodeErrors(&cRulesetInfo.errors)
+	if err != nil { // Something is very wrong
+		return nil, fmt.Errorf("could not decode the WAF ruleset errors: %w", err)
+	}
+
+	return &Handle{
+		cHandle:    cHandle,
+		refCounter: atomic.NewInt32(1), // We count the handle itself in the counter
+		rulesetInfo: RulesetInfo{
+			Loaded:  cRulesetInfo.loaded,
+			Failed:  cRulesetInfo.failed,
+			Errors:  errorsMap,
+			Version: gostring(cast[byte](cRulesetInfo.version)),
+		},
+	}, nil
+}
+
 // closeContext calls ddwaf_context_destroy and eventually ddwaf_destroy on the handle
 func (handle *Handle) closeContext(context *Context) {
 	wafLib.wafContextDestroy(context.cContext)
diff --git a/vendor/github.com/DataDog/go-libddwaf/lib_dl.go b/vendor/github.com/DataDog/go-libddwaf/lib_dl.go
index e68f043b69..64f63c4f05 100644
--- a/vendor/github.com/DataDog/go-libddwaf/lib_dl.go
+++ b/vendor/github.com/DataDog/go-libddwaf/lib_dl.go
@@ -4,7 +4,7 @@
 // Copyright 2016-present Datadog, Inc.
 
 // Purego only works on linux/macOS with amd64 and arm64 from now
-//go:build (linux || darwin) && (amd64 || arm64) && !go1.21
+//go:build (linux || darwin) && (amd64 || arm64) && !go1.22
 
 package waf
 
diff --git a/vendor/github.com/DataDog/go-libddwaf/symbols_linux_cgo.go b/vendor/github.com/DataDog/go-libddwaf/symbols_linux_cgo.go
index 86c57d010b..2675adb0e1 100644
--- a/vendor/github.com/DataDog/go-libddwaf/symbols_linux_cgo.go
+++ b/vendor/github.com/DataDog/go-libddwaf/symbols_linux_cgo.go
@@ -3,7 +3,7 @@
 // This product includes software developed at Datadog (https://www.datadoghq.com/).
 // Copyright 2016-present Datadog, Inc.
 
-//go:build cgo && linux && !go1.21
+//go:build cgo && linux && !go1.22
 
 package waf
 
diff --git a/vendor/github.com/DataDog/go-libddwaf/symbols_linux_purego.go b/vendor/github.com/DataDog/go-libddwaf/symbols_linux_purego.go
index 840bd7bf70..22e52dfef7 100644
--- a/vendor/github.com/DataDog/go-libddwaf/symbols_linux_purego.go
+++ b/vendor/github.com/DataDog/go-libddwaf/symbols_linux_purego.go
@@ -3,7 +3,7 @@
 // This product includes software developed at Datadog (https://www.datadoghq.com/).
 // Copyright 2016-present Datadog, Inc.
 
-//go:build !cgo && linux && !go1.21
+//go:build !cgo && linux && !go1.22
 
 package waf
 
diff --git a/vendor/github.com/DataDog/go-libddwaf/waf_dl.go b/vendor/github.com/DataDog/go-libddwaf/waf_dl.go
index 0867a38a54..700251d304 100644
--- a/vendor/github.com/DataDog/go-libddwaf/waf_dl.go
+++ b/vendor/github.com/DataDog/go-libddwaf/waf_dl.go
@@ -3,7 +3,7 @@
 // This product includes software developed at Datadog (https://www.datadoghq.com/).
 // Copyright 2016-present Datadog, Inc.
 
-//go:build (linux || darwin) && (amd64 || arm64) && !go1.21
+//go:build (linux || darwin) && (amd64 || arm64) && !go1.22
 
 package waf
 
@@ -21,6 +21,7 @@ type wafDl struct {
 
 	Ddwaf_ruleset_info_free  uintptr `dlsym:"ddwaf_ruleset_info_free"`
 	Ddwaf_init               uintptr `dlsym:"ddwaf_init"`
+	Ddwaf_update             uintptr `dlsym:"ddwaf_update"`
 	Ddwaf_destroy            uintptr `dlsym:"ddwaf_destroy"`
 	Ddwaf_required_addresses uintptr `dlsym:"ddwaf_required_addresses"`
 	Ddwaf_get_version        uintptr `dlsym:"ddwaf_get_version"`
@@ -99,14 +100,21 @@ func (waf *wafDl) wafGetVersion() string {
 	return gostring(cast[byte](waf.syscall(waf.Ddwaf_get_version)))
 }
 
-func (waf *wafDl) wafInit(obj *wafObject, config *wafConfig, info *wafRulesetInfo) wafHandle {
-	handle := wafHandle(waf.syscall(waf.Ddwaf_init, ptrToUintptr(obj), ptrToUintptr(config), ptrToUintptr(info)))
-	keepAlive(obj)
+func (waf *wafDl) wafInit(ruleset *wafObject, config *wafConfig, info *wafRulesetInfo) wafHandle {
+	handle := wafHandle(waf.syscall(waf.Ddwaf_init, ptrToUintptr(ruleset), ptrToUintptr(config), ptrToUintptr(info)))
+	keepAlive(ruleset)
 	keepAlive(config)
 	keepAlive(info)
 	return handle
 }
 
+func (waf *wafDl) wafUpdate(handle wafHandle, ruleset *wafObject, info *wafRulesetInfo) wafHandle {
+	newHandle := wafHandle(waf.syscall(waf.Ddwaf_update, uintptr(handle), ptrToUintptr(ruleset), ptrToUintptr(info)))
+	keepAlive(ruleset)
+	keepAlive(info)
+	return newHandle
+}
+
 func (waf *wafDl) wafRulesetInfoFree(info *wafRulesetInfo) {
 	waf.syscall(waf.Ddwaf_ruleset_info_free, ptrToUintptr(info))
 	keepAlive(info)
diff --git a/vendor/github.com/DataDog/go-libddwaf/waf_dl_unsupported.go b/vendor/github.com/DataDog/go-libddwaf/waf_dl_unsupported.go
index f603ec5f9a..af6739732e 100644
--- a/vendor/github.com/DataDog/go-libddwaf/waf_dl_unsupported.go
+++ b/vendor/github.com/DataDog/go-libddwaf/waf_dl_unsupported.go
@@ -4,7 +4,7 @@
 // Copyright 2016-present Datadog, Inc.
 
 // Build when the target OS or architecture are not supported
-//go:build (!linux && !darwin) || (!amd64 && !arm64) || go1.21
+//go:build (!linux && !darwin) || (!amd64 && !arm64) || go1.22
 
 package waf
 
@@ -22,6 +22,10 @@ func (waf *wafDl) wafInit(obj *wafObject, config *wafConfig, info *wafRulesetInf
 	return 0
 }
 
+func (waf *wafDl) wafUpdate(handle wafHandle, ruleset *wafObject, info *wafRulesetInfo) wafHandle {
+	return 0
+}
+
 func (waf *wafDl) wafRulesetInfoFree(info *wafRulesetInfo) {
 }
 
diff --git a/vendor/github.com/DataDog/go-libddwaf/waf_unsupported_go.go b/vendor/github.com/DataDog/go-libddwaf/waf_unsupported_go.go
index e47dd61498..1226847086 100644
--- a/vendor/github.com/DataDog/go-libddwaf/waf_unsupported_go.go
+++ b/vendor/github.com/DataDog/go-libddwaf/waf_unsupported_go.go
@@ -5,7 +5,7 @@
 
 // Supported OS/Arch but unsupported Go version
 //           Supported OS        Supported Arch     Bad Go Version
-//go:build (linux || darwin) && (amd64 || arm64) && go1.21
+//go:build (linux || darwin || windows) && (amd64 || arm64) && go1.22
 
 package waf
 
diff --git a/vendor/github.com/DataDog/go-libddwaf/waf_unsupported_target.go b/vendor/github.com/DataDog/go-libddwaf/waf_unsupported_target.go
index bd653e7661..59648a7a3b 100644
--- a/vendor/github.com/DataDog/go-libddwaf/waf_unsupported_target.go
+++ b/vendor/github.com/DataDog/go-libddwaf/waf_unsupported_target.go
@@ -5,7 +5,7 @@
 
 // Unsupported target OS or architecture on a supported Go version
 //            Unsupported OS        Unsupported Arch      Good Go Version
-//go:build ((!linux && !darwin) || (!amd64 && !arm64)) && !go1.21
+//go:build ((!linux && !darwin) || (!amd64 && !arm64)) && !go1.22
 
 package waf
 
diff --git a/vendor/github.com/DataDog/go-tuf/client/client.go b/vendor/github.com/DataDog/go-tuf/client/client.go
index 8715e0f285..b364648e7f 100644
--- a/vendor/github.com/DataDog/go-tuf/client/client.go
+++ b/vendor/github.com/DataDog/go-tuf/client/client.go
@@ -4,8 +4,8 @@ import (
 	"bytes"
 	"encoding/hex"
 	"encoding/json"
+	"errors"
 	"io"
-	"io/ioutil"
 
 	"github.com/DataDog/go-tuf/data"
 	"github.com/DataDog/go-tuf/internal/roles"
@@ -107,56 +107,13 @@ func NewClient(local LocalStore, remote RemoteStore) *Client {
 	}
 }
 
-// Init initializes a local repository.
-//
-// The latest root.json is fetched from remote storage, verified using rootKeys
-// and threshold, and then saved in local storage. It is expected that rootKeys
-// were securely distributed with the software being updated.
-//
-// Deprecated: Use c.InitLocal and c.Update to initialize a local repository.
-func (c *Client) Init(rootKeys []*data.PublicKey, threshold int) error {
-	if len(rootKeys) < threshold {
-		return ErrInsufficientKeys
-	}
-	rootJSON, err := c.downloadMetaUnsafe("root.json", defaultRootDownloadLimit)
-	if err != nil {
-		return err
-	}
-
-	// create a new key database, and add all the public `rootKeys` to it.
-	c.db = verify.NewDB()
-	rootKeyIDs := make([]string, 0, len(rootKeys))
-	for _, key := range rootKeys {
-		for _, id := range key.IDs() {
-			rootKeyIDs = append(rootKeyIDs, id)
-			if err := c.db.AddKey(id, key); err != nil {
-				return err
-			}
-		}
-	}
-
-	// add a mock "root" role that trusts the passed in key ids. These keys
-	// will be used to verify the `root.json` we just fetched.
-	role := &data.Role{Threshold: threshold, KeyIDs: rootKeyIDs}
-	if err := c.db.AddRole("root", role); err != nil {
-		return err
-	}
-
-	// verify that the new root is valid.
-	if err := c.decodeRoot(rootJSON); err != nil {
-		return err
-	}
-
-	return c.local.SetMeta("root.json", rootJSON)
-}
-
-// InitLocal initializes a local repository from root metadata.
+// Init initializes a local repository from root metadata.
 //
 // The root's keys are extracted from the root and saved in local storage.
 // Root expiration is not checked.
 // It is expected that rootJSON was securely distributed with the software
 // being updated.
-func (c *Client) InitLocal(rootJSON []byte) error {
+func (c *Client) Init(rootJSON []byte) error {
 	err := c.loadAndVerifyRootMeta(rootJSON, true /*ignoreExpiredCheck*/)
 	if err != nil {
 		return err
@@ -167,7 +124,7 @@ func (c *Client) InitLocal(rootJSON []byte) error {
 // Update downloads and verifies remote metadata and returns updated targets.
 // It always performs root update (5.2 and 5.3) section of the v1.0.19 spec.
 //
-// https://DataDog.github.io/specification/v1.0.19/index.html#load-trusted-root
+// https://theupdateframework.github.io/specification/v1.0.19/index.html#load-trusted-root
 func (c *Client) Update() (data.TargetFiles, error) {
 	if err := c.UpdateRoots(); err != nil {
 		if _, ok := err.(verify.ErrExpired); ok {
@@ -188,7 +145,13 @@ func (c *Client) Update() (data.TargetFiles, error) {
 	}
 	// 5.4.(2,3 and 4) - Verify timestamp against various attacks
 	// Returns the extracted snapshot metadata
-	snapshotMeta, err := c.decodeTimestamp(timestampJSON)
+	snapshotMeta, sameTimestampVersion, err := c.decodeTimestamp(timestampJSON)
+	if sameTimestampVersion {
+		// The new timestamp.json file had the same version; we don't need to
+		// update, so bail early.
+		return c.targets, nil
+	}
+
 	if err != nil {
 		return nil, err
 	}
@@ -240,7 +203,7 @@ func (c *Client) Update() (data.TargetFiles, error) {
 }
 
 func (c *Client) UpdateRoots() error {
-	// https://DataDog.github.io/specification/v1.0.19/index.html#load-trusted-root
+	// https://theupdateframework.github.io/specification/v1.0.19/index.html#load-trusted-root
 	// 5.2 Load the trusted root metadata file. We assume that a good,
 	// trusted copy of this file was shipped with the package manager
 	// or software updater using an out-of-band process.
@@ -286,7 +249,7 @@ func (c *Client) UpdateRoots() error {
 
 	nRootMetadata := m["root.json"]
 
-	// https://DataDog.github.io/specification/v1.0.19/index.html#update-root
+	// https://theupdateframework.github.io/specification/v1.0.19/index.html#update-root
 
 	// 5.3.1 Since it may now be signed using entirely different keys,
 	// the client MUST somehow be able to establish a trusted line of
@@ -438,8 +401,8 @@ func (c *Client) getLocalMeta() error {
 		}
 	}
 
+	snapshot := &data.Snapshot{}
 	if snapshotJSON, ok := meta["snapshot.json"]; ok {
-		snapshot := &data.Snapshot{}
 		if err := c.db.UnmarshalTrusted(snapshotJSON, snapshot, "snapshot"); err != nil {
 			loadFailed = true
 			retErr = err
@@ -463,9 +426,16 @@ func (c *Client) getLocalMeta() error {
 		}
 	}
 
-	for fileName := range meta {
+	if loadFailed {
+		// If any of the metadata failed to be verified, return the reason for that failure
+		// and fail fast before delegated targets
+		return retErr
+	}
+
+	// verifiedDelegatedTargets is a set of verified delegated targets
+	for fileName, fileContent := range meta {
 		if roles.IsDelegatedTargetsManifest(fileName) {
-			c.localMeta[fileName] = meta[fileName]
+			c.localMeta[fileName] = fileContent
 		}
 	}
 
@@ -476,6 +446,55 @@ func (c *Client) getLocalMeta() error {
 	return nil
 }
 
+// getDelegationPathFromRaw verifies a delegated targets against
+// a given snapshot and returns an error if it's invalid
+//
+// Delegation must have targets to get a path, else an empty list
+// will be returned: this is because the delegation iterator is leveraged.
+//
+// Concrete example:
+// targets
+// └── a.json
+//   └── b.json
+//      └── c.json
+//        └── target_file.txt
+//
+// If you try to use that function on "a.json" or "b.json", it'll return an empty list
+// with no error, as neither of them declare a target file
+// On the other hand, if you use that function on "c.json", it'll return & verify
+// [c.json, b.json, a.json]. Running that function on every delegated targets
+// guarantees that if a delegated targets is in the path of a target file, then it will
+// appear at least once in the result
+func (c *Client) getDelegationPathFromRaw(snapshot *data.Snapshot, delegatedTargetsJSON json.RawMessage) ([]string, error) {
+	// unmarshal the delegated targets first without verifying as
+	// we need at least one targets file name to leverage the
+	// getTargetFileMetaDelegationPath method
+	s := &data.Signed{}
+	if err := json.Unmarshal(delegatedTargetsJSON, s); err != nil {
+		return nil, err
+	}
+	targets := &data.Targets{}
+	if err := json.Unmarshal(s.Signed, targets); err != nil {
+		return nil, err
+	}
+	for targetPath := range targets.Targets {
+		// Gets target file from remote store
+		_, resp, err := c.getTargetFileMetaDelegationPath(targetPath, snapshot)
+		// We only need to test one targets file:
+		// - If it is valid, it means the delegated targets has been validated
+		// - If it is not, the delegated targets isn't valid
+		if errors.As(err, &ErrMissingRemoteMetadata{}) {
+			// As this function is used to fill the local store cache, the targets
+			// will be downloaded from the remote store as the local store cache is
+			// empty, meaning that the delegated targets may not exist anymore. In
+			// that case, ignore it.
+			return nil, nil
+		}
+		return resp, err
+	}
+	return nil, nil
+}
+
 // loadAndVerifyLocalRootMeta decodes and verifies root metadata from
 // local storage and loads the top-level keys. This method first clears
 // the DB for top-level keys and then loads the new keys.
@@ -507,15 +526,7 @@ func (c *Client) loadAndVerifyRootMeta(rootJSON []byte, ignoreExpiredCheck bool)
 	ndb := verify.NewDB()
 	for id, k := range root.Keys {
 		if err := ndb.AddKey(id, k); err != nil {
-			// TUF is considering in TAP-12 removing the
-			// requirement that the keyid hash algorithm be derived
-			// from the public key. So to be forwards compatible,
-			// we ignore `ErrWrongID` errors.
-			//
-			// TAP-12: https://github.com/DataDog/taps/blob/master/tap12.md
-			if _, ok := err.(verify.ErrWrongID); !ok {
-				return err
-			}
+			return err
 		}
 	}
 	for name, role := range root.Roles {
@@ -563,15 +574,7 @@ func (c *Client) verifyRoot(aJSON []byte, bJSON []byte) (*data.Root, error) {
 	ndb := verify.NewDB()
 	for id, k := range aRoot.Keys {
 		if err := ndb.AddKey(id, k); err != nil {
-			// TUF is considering in TAP-12 removing the
-			// requirement that the keyid hash algorithm be derived
-			// from the public key. So to be forwards compatible,
-			// we ignore `ErrWrongID` errors.
-			//
-			// TAP-12: https://github.com/DataDog/taps/blob/master/tap12.md
-			if _, ok := err.(verify.ErrWrongID); !ok {
-				return nil, err
-			}
+			return nil, err
 		}
 	}
 	for name, role := range aRoot.Roles {
@@ -618,7 +621,7 @@ func (c *Client) downloadMetaUnsafe(name string, maxMetaSize int64) ([]byte, err
 	// although the size has been checked above, use a LimitReader in case
 	// the reported size is inaccurate, or size is -1 which indicates an
 	// unknown length
-	return ioutil.ReadAll(io.LimitReader(r, maxMetaSize))
+	return io.ReadAll(io.LimitReader(r, maxMetaSize))
 }
 
 // remoteGetFunc is the type of function the download method uses to download
@@ -689,52 +692,55 @@ func (c *Client) downloadMeta(name string, version int64, m data.FileMeta) ([]by
 		stream = r
 	}
 
-	return ioutil.ReadAll(stream)
+	return io.ReadAll(stream)
 }
 
 func (c *Client) downloadMetaFromSnapshot(name string, m data.SnapshotFileMeta) ([]byte, error) {
-	b, err := c.downloadMeta(name, m.Version, m.FileMeta)
+	b, err := c.downloadMeta(name, m.Version, data.FileMeta{Length: m.Length, Hashes: m.Hashes})
 	if err != nil {
 		return nil, err
 	}
 
-	meta, err := util.GenerateSnapshotFileMeta(bytes.NewReader(b), m.HashAlgorithms()...)
+	// 5.6.2 – Check length and hashes of fetched bytes *before* parsing metadata
+	if err := util.BytesMatchLenAndHashes(b, m.Length, m.Hashes); err != nil {
+		return nil, ErrDownloadFailed{name, err}
+	}
+
+	meta, err := util.GenerateSnapshotFileMeta(bytes.NewReader(b), m.Hashes.HashAlgorithms()...)
 	if err != nil {
 		return nil, err
 	}
-	// 5.6.2 and 5.6.4 - Check against snapshot role's targets hash and version
-	if err := util.SnapshotFileMetaEqual(meta, m); err != nil {
+
+	// 5.6.4 - Check against snapshot role's version
+	if err := util.VersionEqual(meta.Version, m.Version); err != nil {
 		return nil, ErrDownloadFailed{name, err}
 	}
+
 	return b, nil
 }
 
 func (c *Client) downloadMetaFromTimestamp(name string, m data.TimestampFileMeta) ([]byte, error) {
-	b, err := c.downloadMeta(name, m.Version, m.FileMeta)
+	b, err := c.downloadMeta(name, m.Version, data.FileMeta{Length: m.Length, Hashes: m.Hashes})
 	if err != nil {
 		return nil, err
 	}
 
-	meta, err := util.GenerateTimestampFileMeta(bytes.NewReader(b), m.HashAlgorithms()...)
+	// 5.2.2. – Check length and hashes of fetched bytes *before* parsing metadata
+	if err := util.BytesMatchLenAndHashes(b, m.Length, m.Hashes); err != nil {
+		return nil, ErrDownloadFailed{name, err}
+	}
+
+	meta, err := util.GenerateTimestampFileMeta(bytes.NewReader(b), m.Hashes.HashAlgorithms()...)
 	if err != nil {
 		return nil, err
 	}
-	// 5.5.2 and 5.5.4 - Check against timestamp role's snapshot hash and version
-	if err := util.TimestampFileMetaEqual(meta, m); err != nil {
+
+	// 5.5.4 - Check against timestamp role's version
+	if err := util.VersionEqual(meta.Version, m.Version); err != nil {
 		return nil, ErrDownloadFailed{name, err}
 	}
-	return b, nil
-}
 
-// decodeRoot decodes and verifies root metadata.
-func (c *Client) decodeRoot(b json.RawMessage) error {
-	root := &data.Root{}
-	if err := c.db.Unmarshal(b, root, "root", c.rootVer); err != nil {
-		return ErrDecodeFailed{"root.json", err}
-	}
-	c.rootVer = root.Version
-	c.consistentSnapshot = root.ConsistentSnapshot
-	return nil
+	return b, nil
 }
 
 // decodeSnapshot decodes and verifies snapshot metadata, and returns the new
@@ -805,22 +811,31 @@ func (c *Client) decodeTargets(b json.RawMessage) (data.TargetFiles, error) {
 }
 
 // decodeTimestamp decodes and verifies timestamp metadata, and returns the
-// new snapshot file meta.
-func (c *Client) decodeTimestamp(b json.RawMessage) (data.TimestampFileMeta, error) {
+// new snapshot file meta and signals whether the update should be aborted early
+// (the new timestamp has the same version as the old one, so there's no need to
+// complete the update).
+func (c *Client) decodeTimestamp(b json.RawMessage) (data.TimestampFileMeta, bool, error) {
 	timestamp := &data.Timestamp{}
+
 	if err := c.db.Unmarshal(b, timestamp, "timestamp", c.timestampVer); err != nil {
-		return data.TimestampFileMeta{}, ErrDecodeFailed{"timestamp.json", err}
+		return data.TimestampFileMeta{}, false, ErrDecodeFailed{"timestamp.json", err}
+	}
+	// 5.4.3.1  - Check for timestamp rollback attack
+	// We already checked for timestamp.Version < c.timestampVer in the Unmarshal call above.
+	// Here, we're checking for version equality, which indicates that we can abandon this update.
+	if timestamp.Version == c.timestampVer {
+		return data.TimestampFileMeta{}, true, nil
 	}
 	// 5.4.3.2 - Check for snapshot rollback attack
 	// Verify that the current snapshot meta version is less than or equal to the new one
 	if timestamp.Meta["snapshot.json"].Version < c.snapshotVer {
-		return data.TimestampFileMeta{}, verify.ErrLowVersion{Actual: timestamp.Meta["snapshot.json"].Version, Current: c.snapshotVer}
+		return data.TimestampFileMeta{}, false, verify.ErrLowVersion{Actual: timestamp.Meta["snapshot.json"].Version, Current: c.snapshotVer}
 	}
-	// At this point we can trust the new timestamp and the snaphost version it refers to
+	// At this point we can trust the new timestamp and the snapshot version it refers to
 	// so we can update the client's trusted versions and proceed with persisting the new timestamp
 	c.timestampVer = timestamp.Version
 	c.snapshotVer = timestamp.Meta["snapshot.json"].Version
-	return timestamp.Meta["snapshot.json"], nil
+	return timestamp.Meta["snapshot.json"], false, nil
 }
 
 // hasMetaFromSnapshot checks whether local metadata has the given meta
@@ -835,7 +850,7 @@ func (c *Client) localMetaFromSnapshot(name string, m data.SnapshotFileMeta) (js
 	if !ok {
 		return nil, false
 	}
-	meta, err := util.GenerateSnapshotFileMeta(bytes.NewReader(b), m.HashAlgorithms()...)
+	meta, err := util.GenerateSnapshotFileMeta(bytes.NewReader(b), m.Hashes.HashAlgorithms()...)
 	if err != nil {
 		return nil, false
 	}
@@ -843,38 +858,6 @@ func (c *Client) localMetaFromSnapshot(name string, m data.SnapshotFileMeta) (js
 	return b, err == nil
 }
 
-// hasTargetsMeta checks whether local metadata has the given snapshot meta
-//
-//lint:ignore U1000 unused
-func (c *Client) hasTargetsMeta(m data.SnapshotFileMeta) bool {
-	b, ok := c.localMeta["targets.json"]
-	if !ok {
-		return false
-	}
-	meta, err := util.GenerateSnapshotFileMeta(bytes.NewReader(b), m.HashAlgorithms()...)
-	if err != nil {
-		return false
-	}
-	err = util.SnapshotFileMetaEqual(meta, m)
-	return err == nil
-}
-
-// hasSnapshotMeta checks whether local metadata has the given meta
-//
-//lint:ignore U1000 unused
-func (c *Client) hasMetaFromTimestamp(name string, m data.TimestampFileMeta) bool {
-	b, ok := c.localMeta[name]
-	if !ok {
-		return false
-	}
-	meta, err := util.GenerateTimestampFileMeta(bytes.NewReader(b), m.HashAlgorithms()...)
-	if err != nil {
-		return false
-	}
-	err = util.TimestampFileMetaEqual(meta, m)
-	return err == nil
-}
-
 type Destination interface {
 	io.Writer
 	Delete() error
@@ -889,6 +872,8 @@ type Destination interface {
 //   - The target does not exist in any targets
 //   - Metadata cannot be generated for the downloaded data
 //   - Generated metadata does not match local metadata for the given file
+//   - Size of the download does not match if the reported size is known and
+//     incorrect
 func (c *Client) Download(name string, dest Destination) (err error) {
 	// delete dest if there is an error
 	defer func() {
diff --git a/vendor/github.com/DataDog/go-tuf/client/delegations.go b/vendor/github.com/DataDog/go-tuf/client/delegations.go
index ac3a319146..4cf5404554 100644
--- a/vendor/github.com/DataDog/go-tuf/client/delegations.go
+++ b/vendor/github.com/DataDog/go-tuf/client/delegations.go
@@ -8,13 +8,23 @@ import (
 
 // getTargetFileMeta searches for a verified TargetFileMeta matching a target
 // Requires a local snapshot to be loaded and is locked to the snapshot versions.
-// Searches through delegated targets following TUF spec 1.0.19 section 5.6.
 func (c *Client) getTargetFileMeta(target string) (data.TargetFileMeta, error) {
 	snapshot, err := c.loadLocalSnapshot()
 	if err != nil {
 		return data.TargetFileMeta{}, err
 	}
 
+	targetFileMeta, _, err := c.getTargetFileMetaDelegationPath(target, snapshot)
+	if err != nil {
+		return data.TargetFileMeta{}, err
+	}
+	return targetFileMeta, nil
+}
+
+// getTargetFileMetaDelegationPath searches for a verified TargetFileMeta matching a target
+// Requires snapshot to be passed and is locked to that specific snapshot versions.
+// Searches through delegated targets following TUF spec 1.0.19 section 5.6.
+func (c *Client) getTargetFileMetaDelegationPath(target string, snapshot *data.Snapshot) (data.TargetFileMeta, []string, error) {
 	// delegationsIterator covers 5.6.7
 	// - pre-order depth-first search starting with the top targets
 	// - filter delegations with paths or path_hash_prefixes matching searched target
@@ -22,50 +32,75 @@ func (c *Client) getTargetFileMeta(target string) (data.TargetFileMeta, error) {
 	// - 5.6.7.2 terminations
 	delegations, err := targets.NewDelegationsIterator(target, c.db)
 	if err != nil {
-		return data.TargetFileMeta{}, err
+		return data.TargetFileMeta{}, nil, err
 	}
 
+	targetFileMeta := data.TargetFileMeta{}
+	delegationRole := ""
+
 	for i := 0; i < c.MaxDelegations; i++ {
 		d, ok := delegations.Next()
 		if !ok {
-			return data.TargetFileMeta{}, ErrUnknownTarget{target, snapshot.Version}
+			return data.TargetFileMeta{}, nil, ErrUnknownTarget{target, snapshot.Version}
 		}
 
 		// covers 5.6.{1,2,3,4,5,6}
 		targets, err := c.loadDelegatedTargets(snapshot, d.Delegatee.Name, d.DB)
 		if err != nil {
-			return data.TargetFileMeta{}, err
+			return data.TargetFileMeta{}, nil, err
 		}
 
 		// stop when the searched TargetFileMeta is found
 		if m, ok := targets.Targets[target]; ok {
-			return m, nil
+			delegationRole = d.Delegatee.Name
+			targetFileMeta = m
+			break
 		}
 
 		if targets.Delegations != nil {
 			delegationsDB, err := verify.NewDBFromDelegations(targets.Delegations)
 			if err != nil {
-				return data.TargetFileMeta{}, err
+				return data.TargetFileMeta{}, nil, err
 			}
 			err = delegations.Add(targets.Delegations.Roles, d.Delegatee.Name, delegationsDB)
 			if err != nil {
-				return data.TargetFileMeta{}, err
+				return data.TargetFileMeta{}, nil, err
 			}
 		}
 	}
 
-	return data.TargetFileMeta{}, ErrMaxDelegations{
+	if len(delegationRole) > 0 {
+		return targetFileMeta, buildPath(delegations.Parent, delegationRole, ""), nil
+	}
+
+	return data.TargetFileMeta{}, nil, ErrMaxDelegations{
 		Target:          target,
 		MaxDelegations:  c.MaxDelegations,
 		SnapshotVersion: snapshot.Version,
 	}
 }
 
+func buildPath(parent func(string) string, start string, end string) []string {
+	if start == end {
+		return nil
+	}
+
+	path := []string{start}
+	current := start
+	for {
+		current = parent(current)
+		if current == end {
+			break
+		}
+		path = append(path, current)
+	}
+	return path
+}
+
 func (c *Client) loadLocalSnapshot() (*data.Snapshot, error) {
 	if err := c.getLocalMeta(); err != nil {
 		return nil, err
 	}
-
 	rawS, ok := c.localMeta["snapshot.json"]
 	if !ok {
 		return nil, ErrNoLocalSnapshot
diff --git a/vendor/github.com/DataDog/go-tuf/client/file_store.go b/vendor/github.com/DataDog/go-tuf/client/file_store.go
new file mode 100644
index 0000000000..520bbe73a3
--- /dev/null
+++ b/vendor/github.com/DataDog/go-tuf/client/file_store.go
@@ -0,0 +1,90 @@
+package client
+
+import (
+	"bytes"
+	"errors"
+	"fmt"
+	"io"
+	"io/fs"
+)
+
+// FileRemoteStore provides a RemoteStore interface compatible
+// implementation that can be used where the RemoteStore is backed by a
+// fs.FS. This is useful for example in air-gapped environments where there's no
+// possibility to make outbound network connections.
+// By having this be a fs.FS instead of directories allows the repository to
+// be backed by something that's not persisted to disk.
+func NewFileRemoteStore(fsys fs.FS, targetDir string) (*FileRemoteStore, error) {
+	if fsys == nil {
+		return nil, errors.New("nil fs.FS")
+	}
+	t := targetDir
+	if t == "" {
+		t = "targets"
+	}
+	// Make sure directory exists
+	d, err := fsys.Open(t)
+	if err != nil {
+		return nil, fmt.Errorf("failed to open targets directory %s: %w", t, err)
+	}
+	fi, err := d.Stat()
+	if err != nil {
+		return nil, fmt.Errorf("failed to stat targets directory %s: %w", t, err)
+	}
+	if !fi.IsDir() {
+		return nil, fmt.Errorf("targets directory not a directory %s", t)
+	}
+
+	fsysT, err := fs.Sub(fsys, t)
+	if err != nil {
+		return nil, fmt.Errorf("failed to open targets directory %s: %w", t, err)
+	}
+	return &FileRemoteStore{fsys: fsys, targetDir: fsysT}, nil
+}
+
+type FileRemoteStore struct {
+	// Meta directory fs
+	fsys fs.FS
+	// Target directory fs.
+	targetDir fs.FS
+	// In order to be able to make write operations (create, delete) we can't
+	// use fs.FS for it (it's read only), so we have to know the underlying
+	// directory that add/delete test methods can use. This is only necessary
+	// for testing purposes.
+	testDir string
+}
+
+func (f *FileRemoteStore) GetMeta(name string) (io.ReadCloser, int64, error) {
+	rc, b, err := f.get(f.fsys, name)
+	return handleErrors(name, rc, b, err)
+}
+
+func (f *FileRemoteStore) GetTarget(name string) (io.ReadCloser, int64, error) {
+	rc, b, err := f.get(f.targetDir, name)
+	return handleErrors(name, rc, b, err)
+}
+
+func (f *FileRemoteStore) get(fsys fs.FS, s string) (io.ReadCloser, int64, error) {
+	if !fs.ValidPath(s) {
+		return nil, 0, fmt.Errorf("invalid path %s", s)
+	}
+
+	b, err := fs.ReadFile(fsys, s)
+	if err != nil {
+		return nil, -1, err
+	}
+	return io.NopCloser(bytes.NewReader(b)), int64(len(b)), nil
+}
+
+// handleErrors converts NotFound errors to something that TUF knows how to
+// handle properly. For example, when looking for n+1 root files, this is a
+// signal that it will stop looking.
+func handleErrors(name string, rc io.ReadCloser, b int64, err error) (io.ReadCloser, int64, error) {
+	if err == nil {
+		return rc, b, err
+	}
+	if errors.Is(err, fs.ErrNotExist) {
+		return rc, b, ErrNotFound{name}
+	}
+	return rc, b, err
+}
diff --git a/vendor/github.com/DataDog/go-tuf/data/types.go b/vendor/github.com/DataDog/go-tuf/data/types.go
index 44d9bf13cb..eb00489b67 100644
--- a/vendor/github.com/DataDog/go-tuf/data/types.go
+++ b/vendor/github.com/DataDog/go-tuf/data/types.go
@@ -1,12 +1,13 @@
 package data
 
 import (
+	"bytes"
 	"crypto/sha256"
 	"encoding/hex"
 	"encoding/json"
 	"errors"
 	"fmt"
-	"path/filepath"
+	"path"
 	"strings"
 	"sync"
 	"time"
@@ -14,18 +15,32 @@ import (
 	"github.com/secure-systems-lab/go-securesystemslib/cjson"
 )
 
+type KeyType string
+
+type KeyScheme string
+
+type HashAlgorithm string
+
 const (
-	KeyIDLength                = sha256.Size * 2
-	KeyTypeEd25519             = "ed25519"
-	KeyTypeECDSA_SHA2_P256     = "ecdsa-sha2-nistp256"
-	KeySchemeEd25519           = "ed25519"
-	KeySchemeECDSA_SHA2_P256   = "ecdsa-sha2-nistp256"
-	KeyTypeRSASSA_PSS_SHA256   = "rsa"
-	KeySchemeRSASSA_PSS_SHA256 = "rsassa-pss-sha256"
+	KeyIDLength = sha256.Size * 2
+
+	KeyTypeEd25519 KeyType = "ed25519"
+	// From version 1.0.32, the reference implementation defines 'ecdsa',
+	// not 'ecdsa-sha2-nistp256' for NIST P-256 curves.
+	KeyTypeECDSA_SHA2_P256         KeyType = "ecdsa"
+	KeyTypeECDSA_SHA2_P256_OLD_FMT KeyType = "ecdsa-sha2-nistp256"
+	KeyTypeRSASSA_PSS_SHA256       KeyType = "rsa"
+
+	KeySchemeEd25519           KeyScheme = "ed25519"
+	KeySchemeECDSA_SHA2_P256   KeyScheme = "ecdsa-sha2-nistp256"
+	KeySchemeRSASSA_PSS_SHA256 KeyScheme = "rsassa-pss-sha256"
+
+	HashAlgorithmSHA256 HashAlgorithm = "sha256"
+	HashAlgorithmSHA512 HashAlgorithm = "sha512"
 )
 
 var (
-	HashAlgorithms           = []string{"sha256", "sha512"}
+	HashAlgorithms           = []HashAlgorithm{HashAlgorithmSHA256, HashAlgorithmSHA512}
 	ErrPathsAndPathHashesSet = errors.New("tuf: failed validation of delegated target: paths and path_hash_prefixes are both set")
 )
 
@@ -40,9 +55,9 @@ type Signature struct {
 }
 
 type PublicKey struct {
-	Type       string          `json:"keytype"`
-	Scheme     string          `json:"scheme"`
-	Algorithms []string        `json:"keyid_hash_algorithms,omitempty"`
+	Type       KeyType         `json:"keytype"`
+	Scheme     KeyScheme       `json:"scheme"`
+	Algorithms []HashAlgorithm `json:"keyid_hash_algorithms,omitempty"`
 	Value      json.RawMessage `json:"keyval"`
 
 	ids    []string
@@ -50,9 +65,9 @@ type PublicKey struct {
 }
 
 type PrivateKey struct {
-	Type       string          `json:"keytype"`
-	Scheme     string          `json:"scheme,omitempty"`
-	Algorithms []string        `json:"keyid_hash_algorithms,omitempty"`
+	Type       KeyType         `json:"keytype"`
+	Scheme     KeyScheme       `json:"scheme,omitempty"`
+	Algorithms []HashAlgorithm `json:"keyid_hash_algorithms,omitempty"`
 	Value      json.RawMessage `json:"keyval"`
 }
 
@@ -147,29 +162,29 @@ func (r *Role) AddKeyIDs(ids []string) bool {
 	return changed
 }
 
-type Files map[string]FileMeta
-
-type FileMeta struct {
-	Length int64            `json:"length,omitempty"`
-	Hashes Hashes           `json:"hashes,omitempty"`
-	Custom *json.RawMessage `json:"custom,omitempty"`
-}
+type Files map[string]TargetFileMeta
 
 type Hashes map[string]HexBytes
 
-func (f FileMeta) HashAlgorithms() []string {
-	funcs := make([]string, 0, len(f.Hashes))
-	for name := range f.Hashes {
+func (f Hashes) HashAlgorithms() []string {
+	funcs := make([]string, 0, len(f))
+	for name := range f {
 		funcs = append(funcs, name)
 	}
 	return funcs
 }
 
-type SnapshotFileMeta struct {
-	FileMeta
-	Version int64 `json:"version"`
+type metapathFileMeta struct {
+	Length  int64            `json:"length,omitempty"`
+	Hashes  Hashes           `json:"hashes,omitempty"`
+	Version int64            `json:"version"`
+	Custom  *json.RawMessage `json:"custom,omitempty"`
 }
 
+// SnapshotFileMeta is the meta field of a snapshot
+// Note: Contains a `custom` field
+type SnapshotFileMeta metapathFileMeta
+
 type SnapshotFiles map[string]SnapshotFileMeta
 
 type Snapshot struct {
@@ -190,14 +205,20 @@ func NewSnapshot() *Snapshot {
 	}
 }
 
+type FileMeta struct {
+	Length int64  `json:"length"`
+	Hashes Hashes `json:"hashes"`
+}
+
 type TargetFiles map[string]TargetFileMeta
 
 type TargetFileMeta struct {
 	FileMeta
+	Custom *json.RawMessage `json:"custom,omitempty"`
 }
 
 func (f TargetFileMeta) HashAlgorithms() []string {
-	return f.FileMeta.HashAlgorithms()
+	return f.FileMeta.Hashes.HashAlgorithms()
 }
 
 type Targets struct {
@@ -237,7 +258,7 @@ func (d *DelegatedRole) MatchesPath(file string) (bool, error) {
 	}
 
 	for _, pattern := range d.Paths {
-		if matched, _ := filepath.Match(pattern, file); matched {
+		if matched, _ := path.Match(pattern, file); matched {
 			return true, nil
 		}
 	}
@@ -253,7 +274,7 @@ func (d *DelegatedRole) MatchesPath(file string) (bool, error) {
 }
 
 // validatePaths enforces the spec
-// https://DataDog.github.io/specification/v1.0.19/index.html#file-formats-targets
+// https://theupdateframework.github.io/specification/v1.0.19/index.html#file-formats-targets
 // 'role MUST specify only one of the "path_hash_prefixes" or "paths"'
 // Marshalling and unmarshalling JSON will fail and return
 // ErrPathsAndPathHashesSet if both fields are set and not empty.
@@ -284,7 +305,11 @@ func (d *DelegatedRole) MarshalJSON() ([]byte, error) {
 func (d *DelegatedRole) UnmarshalJSON(b []byte) error {
 	type delegatedRoleAlias DelegatedRole
 
-	if err := json.Unmarshal(b, (*delegatedRoleAlias)(d)); err != nil {
+	// Prepare decoder
+	dec := json.NewDecoder(bytes.NewReader(b))
+
+	// Unmarshal delegated role
+	if err := dec.Decode((*delegatedRoleAlias)(d)); err != nil {
 		return err
 	}
 
@@ -300,10 +325,7 @@ func NewTargets() *Targets {
 	}
 }
 
-type TimestampFileMeta struct {
-	FileMeta
-	Version int64 `json:"version"`
-}
+type TimestampFileMeta metapathFileMeta
 
 type TimestampFiles map[string]TimestampFileMeta
 
diff --git a/vendor/github.com/DataDog/go-tuf/internal/roles/roles.go b/vendor/github.com/DataDog/go-tuf/internal/roles/roles.go
index f7841c2681..0b134b2a00 100644
--- a/vendor/github.com/DataDog/go-tuf/internal/roles/roles.go
+++ b/vendor/github.com/DataDog/go-tuf/internal/roles/roles.go
@@ -22,6 +22,13 @@ func IsDelegatedTargetsRole(name string) bool {
 }
 
 func IsTopLevelManifest(name string) bool {
+	if IsVersionedManifest(name) {
+		var found bool
+		_, name, found = strings.Cut(name, ".")
+		if !found {
+			panic("expected a versioned manifest of the form x.role.json")
+		}
+	}
 	return IsTopLevelRole(strings.TrimSuffix(name, ".json"))
 }
 
diff --git a/vendor/github.com/DataDog/go-tuf/pkg/keys/deprecated_ecdsa.go b/vendor/github.com/DataDog/go-tuf/pkg/keys/deprecated_ecdsa.go
new file mode 100644
index 0000000000..6c4c206827
--- /dev/null
+++ b/vendor/github.com/DataDog/go-tuf/pkg/keys/deprecated_ecdsa.go
@@ -0,0 +1,101 @@
+package keys
+
+import (
+	"bytes"
+	"crypto/ecdsa"
+	"crypto/elliptic"
+	"crypto/sha256"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+
+	"github.com/DataDog/go-tuf/data"
+)
+
+func NewDeprecatedEcdsaVerifier() Verifier {
+	return &ecdsaVerifierWithDeprecatedSupport{}
+}
+
+type ecdsaVerifierWithDeprecatedSupport struct {
+	key *data.PublicKey
+	// This will switch based on whether this is a PEM-encoded key
+	// or a deprecated hex-encoded key.
+	Verifier
+}
+
+func (p *ecdsaVerifierWithDeprecatedSupport) UnmarshalPublicKey(key *data.PublicKey) error {
+	p.key = key
+	pemVerifier := &EcdsaVerifier{}
+	if err := pemVerifier.UnmarshalPublicKey(key); err != nil {
+		// Try the deprecated hex-encoded verifier
+		hexVerifier := &deprecatedP256Verifier{}
+		if err := hexVerifier.UnmarshalPublicKey(key); err != nil {
+			return err
+		}
+		p.Verifier = hexVerifier
+		return nil
+	}
+	p.Verifier = pemVerifier
+	return nil
+}
+
+/*
+   Deprecated ecdsaVerifier that used hex-encoded public keys.
+   This MAY be used to verify existing metadata that used this
+   old format. This will be deprecated soon, ensure that repositories
+   are re-signed and clients receieve a fully compliant root.
+*/
+
+type deprecatedP256Verifier struct {
+	PublicKey data.HexBytes `json:"public"`
+	key       *data.PublicKey
+}
+
+func (p *deprecatedP256Verifier) Public() string {
+	return p.PublicKey.String()
+}
+
+func (p *deprecatedP256Verifier) Verify(msg, sigBytes []byte) error {
+	x, y := elliptic.Unmarshal(elliptic.P256(), p.PublicKey)
+	k := &ecdsa.PublicKey{
+		Curve: elliptic.P256(),
+		X:     x,
+		Y:     y,
+	}
+
+	hash := sha256.Sum256(msg)
+
+	if !ecdsa.VerifyASN1(k, hash[:], sigBytes) {
+		return errors.New("tuf: deprecated ecdsa signature verification failed")
+	}
+	return nil
+}
+
+func (p *deprecatedP256Verifier) MarshalPublicKey() *data.PublicKey {
+	return p.key
+}
+
+func (p *deprecatedP256Verifier) UnmarshalPublicKey(key *data.PublicKey) error {
+	// Prepare decoder limited to 512Kb
+	dec := json.NewDecoder(io.LimitReader(bytes.NewReader(key.Value), MaxJSONKeySize))
+
+	// Unmarshal key value
+	if err := dec.Decode(p); err != nil {
+		if errors.Is(err, io.EOF) || errors.Is(err, io.ErrUnexpectedEOF) {
+			return fmt.Errorf("tuf: the public key is truncated or too large: %w", err)
+		}
+		return err
+	}
+
+	curve := elliptic.P256()
+
+	// Parse as uncompressed marshalled point.
+	x, _ := elliptic.Unmarshal(curve, p.PublicKey)
+	if x == nil {
+		return errors.New("tuf: invalid ecdsa public key point")
+	}
+
+	p.key = key
+	return nil
+}
diff --git a/vendor/github.com/DataDog/go-tuf/pkg/keys/ecdsa.go b/vendor/github.com/DataDog/go-tuf/pkg/keys/ecdsa.go
index bfd9b69c2e..ea75b97e87 100644
--- a/vendor/github.com/DataDog/go-tuf/pkg/keys/ecdsa.go
+++ b/vendor/github.com/DataDog/go-tuf/pkg/keys/ecdsa.go
@@ -1,71 +1,173 @@
 package keys
 
 import (
+	"bytes"
 	"crypto/ecdsa"
 	"crypto/elliptic"
+	"crypto/rand"
 	"crypto/sha256"
-	"encoding/asn1"
+	"crypto/x509"
 	"encoding/json"
+	"encoding/pem"
 	"errors"
-	"math/big"
+	"fmt"
+	"io"
 
 	"github.com/DataDog/go-tuf/data"
 )
 
 func init() {
-	VerifierMap.Store(data.KeyTypeECDSA_SHA2_P256, NewEcdsaVerifier)
+	// Note: we use LoadOrStore here to prevent accidentally overriding the
+	// an explicit deprecated ECDSA verifier.
+	// TODO: When deprecated ECDSA is removed, this can switch back to Store.
+	VerifierMap.LoadOrStore(data.KeyTypeECDSA_SHA2_P256_OLD_FMT, NewEcdsaVerifier)
+	VerifierMap.LoadOrStore(data.KeyTypeECDSA_SHA2_P256, NewEcdsaVerifier)
+	SignerMap.Store(data.KeyTypeECDSA_SHA2_P256_OLD_FMT, newEcdsaSigner)
+	SignerMap.Store(data.KeyTypeECDSA_SHA2_P256, newEcdsaSigner)
 }
 
 func NewEcdsaVerifier() Verifier {
-	return &p256Verifier{}
+	return &EcdsaVerifier{}
 }
 
-type ecdsaSignature struct {
-	R, S *big.Int
+func newEcdsaSigner() Signer {
+	return &ecdsaSigner{}
 }
 
-type p256Verifier struct {
-	PublicKey data.HexBytes `json:"public"`
+type EcdsaVerifier struct {
+	PublicKey *PKIXPublicKey `json:"public"`
+	ecdsaKey  *ecdsa.PublicKey
 	key       *data.PublicKey
 }
 
-func (p *p256Verifier) Public() string {
-	return p.PublicKey.String()
+func (p *EcdsaVerifier) Public() string {
+	// This is already verified to succeed when unmarshalling a public key.
+	r, err := x509.MarshalPKIXPublicKey(p.ecdsaKey)
+	if err != nil {
+		// TODO: Gracefully handle these errors.
+		// See https://github.com/DataDog/go-tuf/issues/363
+		panic(err)
+	}
+	return string(r)
 }
 
-func (p *p256Verifier) Verify(msg, sigBytes []byte) error {
-	x, y := elliptic.Unmarshal(elliptic.P256(), p.PublicKey)
-	k := &ecdsa.PublicKey{
-		Curve: elliptic.P256(),
-		X:     x,
-		Y:     y,
+func (p *EcdsaVerifier) Verify(msg, sigBytes []byte) error {
+	hash := sha256.Sum256(msg)
+
+	if !ecdsa.VerifyASN1(p.ecdsaKey, hash[:], sigBytes) {
+		return errors.New("tuf: ecdsa signature verification failed")
 	}
+	return nil
+}
+
+func (p *EcdsaVerifier) MarshalPublicKey() *data.PublicKey {
+	return p.key
+}
+
+func (p *EcdsaVerifier) UnmarshalPublicKey(key *data.PublicKey) error {
+	// Prepare decoder limited to 512Kb
+	dec := json.NewDecoder(io.LimitReader(bytes.NewReader(key.Value), MaxJSONKeySize))
 
-	var sig ecdsaSignature
-	if _, err := asn1.Unmarshal(sigBytes, &sig); err != nil {
+	// Unmarshal key value
+	if err := dec.Decode(p); err != nil {
+		if errors.Is(err, io.EOF) || errors.Is(err, io.ErrUnexpectedEOF) {
+			return fmt.Errorf("tuf: the public key is truncated or too large: %w", err)
+		}
 		return err
 	}
 
-	hash := sha256.Sum256(msg)
+	ecdsaKey, ok := p.PublicKey.PublicKey.(*ecdsa.PublicKey)
+	if !ok {
+		return fmt.Errorf("invalid public key")
+	}
 
-	if !ecdsa.Verify(k, hash[:], sig.R, sig.S) {
-		return errors.New("tuf: ecdsa signature verification failed")
+	if _, err := x509.MarshalPKIXPublicKey(ecdsaKey); err != nil {
+		return fmt.Errorf("marshalling to PKIX key: invalid public key")
 	}
+
+	p.ecdsaKey = ecdsaKey
+	p.key = key
 	return nil
 }
 
-func (p *p256Verifier) MarshalPublicKey() *data.PublicKey {
-	return p.key
+type ecdsaSigner struct {
+	*ecdsa.PrivateKey
+}
+
+type ecdsaPrivateKeyValue struct {
+	Private string         `json:"private"`
+	Public  *PKIXPublicKey `json:"public"`
 }
 
-func (p *p256Verifier) UnmarshalPublicKey(key *data.PublicKey) error {
-	if err := json.Unmarshal(key.Value, p); err != nil {
+func (s *ecdsaSigner) PublicData() *data.PublicKey {
+	// This uses a trusted public key JSON format with a trusted Public value.
+	keyValBytes, _ := json.Marshal(EcdsaVerifier{PublicKey: &PKIXPublicKey{PublicKey: s.Public()}})
+	return &data.PublicKey{
+		Type:       data.KeyTypeECDSA_SHA2_P256,
+		Scheme:     data.KeySchemeECDSA_SHA2_P256,
+		Algorithms: data.HashAlgorithms,
+		Value:      keyValBytes,
+	}
+}
+
+func (s *ecdsaSigner) SignMessage(message []byte) ([]byte, error) {
+	hash := sha256.Sum256(message)
+	return ecdsa.SignASN1(rand.Reader, s.PrivateKey, hash[:])
+}
+
+func (s *ecdsaSigner) MarshalPrivateKey() (*data.PrivateKey, error) {
+	priv, err := x509.MarshalECPrivateKey(s.PrivateKey)
+	if err != nil {
+		return nil, err
+	}
+	pemKey := pem.EncodeToMemory(&pem.Block{Type: "EC PRIVATE KEY", Bytes: priv})
+	val, err := json.Marshal(ecdsaPrivateKeyValue{
+		Private: string(pemKey),
+		Public:  &PKIXPublicKey{PublicKey: s.Public()},
+	})
+	if err != nil {
+		return nil, err
+	}
+	return &data.PrivateKey{
+		Type:       data.KeyTypeECDSA_SHA2_P256,
+		Scheme:     data.KeySchemeECDSA_SHA2_P256,
+		Algorithms: data.HashAlgorithms,
+		Value:      val,
+	}, nil
+}
+
+func (s *ecdsaSigner) UnmarshalPrivateKey(key *data.PrivateKey) error {
+	val := ecdsaPrivateKeyValue{}
+	if err := json.Unmarshal(key.Value, &val); err != nil {
 		return err
 	}
-	x, _ := elliptic.Unmarshal(elliptic.P256(), p.PublicKey)
-	if x == nil {
-		return errors.New("tuf: invalid ecdsa public key point")
+	block, _ := pem.Decode([]byte(val.Private))
+	if block == nil {
+		return errors.New("invalid PEM value")
 	}
-	p.key = key
+	if block.Type != "EC PRIVATE KEY" {
+		return fmt.Errorf("invalid block type: %s", block.Type)
+	}
+	k, err := x509.ParseECPrivateKey(block.Bytes)
+	if err != nil {
+		return err
+	}
+	if k.Curve != elliptic.P256() {
+		return errors.New("unsupported ecdsa curve")
+	}
+	if _, err := json.Marshal(EcdsaVerifier{
+		PublicKey: &PKIXPublicKey{PublicKey: k.Public()}}); err != nil {
+		return fmt.Errorf("invalid public key: %s", err)
+	}
+
+	s.PrivateKey = k
 	return nil
 }
+
+func GenerateEcdsaKey() (*ecdsaSigner, error) {
+	privkey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
+	if err != nil {
+		return nil, err
+	}
+	return &ecdsaSigner{privkey}, nil
+}
diff --git a/vendor/github.com/DataDog/go-tuf/pkg/keys/ed25519.go b/vendor/github.com/DataDog/go-tuf/pkg/keys/ed25519.go
index 130f786b74..4667147fda 100644
--- a/vendor/github.com/DataDog/go-tuf/pkg/keys/ed25519.go
+++ b/vendor/github.com/DataDog/go-tuf/pkg/keys/ed25519.go
@@ -1,25 +1,29 @@
 package keys
 
 import (
+	"bytes"
 	"crypto"
 	"crypto/ed25519"
 	"crypto/rand"
+	"crypto/subtle"
 	"encoding/json"
 	"errors"
+	"fmt"
+	"io"
 
 	"github.com/DataDog/go-tuf/data"
 )
 
 func init() {
-	SignerMap.Store(data.KeySchemeEd25519, NewP256Signer)
-	VerifierMap.Store(data.KeySchemeEd25519, NewP256Verifier)
+	SignerMap.Store(data.KeyTypeEd25519, NewEd25519Signer)
+	VerifierMap.Store(data.KeyTypeEd25519, NewEd25519Verifier)
 }
 
-func NewP256Signer() Signer {
+func NewEd25519Signer() Signer {
 	return &ed25519Signer{}
 }
 
-func NewP256Verifier() Verifier {
+func NewEd25519Verifier() Verifier {
 	return &ed25519Verifier{}
 }
 
@@ -45,11 +49,19 @@ func (e *ed25519Verifier) MarshalPublicKey() *data.PublicKey {
 
 func (e *ed25519Verifier) UnmarshalPublicKey(key *data.PublicKey) error {
 	e.key = key
-	if err := json.Unmarshal(key.Value, e); err != nil {
+
+	// Prepare decoder limited to 512Kb
+	dec := json.NewDecoder(io.LimitReader(bytes.NewReader(key.Value), MaxJSONKeySize))
+
+	// Unmarshal key value
+	if err := dec.Decode(e); err != nil {
+		if errors.Is(err, io.EOF) || errors.Is(err, io.ErrUnexpectedEOF) {
+			return fmt.Errorf("tuf: the public key is truncated or too large: %w", err)
+		}
 		return err
 	}
-	if len(e.PublicKey) != ed25519.PublicKeySize {
-		return errors.New("tuf: unexpected public key length for ed25519 key")
+	if n := len(e.PublicKey); n != ed25519.PublicKeySize {
+		return fmt.Errorf("tuf: unexpected public key length for ed25519 key, expected %d, got %d", ed25519.PublicKeySize, n)
 	}
 	return nil
 }
@@ -61,10 +73,6 @@ type Ed25519PrivateKeyValue struct {
 
 type ed25519Signer struct {
 	ed25519.PrivateKey
-
-	keyType       string
-	keyScheme     string
-	keyAlgorithms []string
 }
 
 func GenerateEd25519Key() (*ed25519Signer, error) {
@@ -76,19 +84,13 @@ func GenerateEd25519Key() (*ed25519Signer, error) {
 		return nil, err
 	}
 	return &ed25519Signer{
-		PrivateKey:    ed25519.PrivateKey(data.HexBytes(private)),
-		keyType:       data.KeyTypeEd25519,
-		keyScheme:     data.KeySchemeEd25519,
-		keyAlgorithms: data.HashAlgorithms,
+		PrivateKey: ed25519.PrivateKey(data.HexBytes(private)),
 	}, nil
 }
 
-func NewEd25519Signer(keyValue Ed25519PrivateKeyValue) *ed25519Signer {
+func NewEd25519SignerFromKey(keyValue Ed25519PrivateKeyValue) *ed25519Signer {
 	return &ed25519Signer{
-		PrivateKey:    ed25519.PrivateKey(data.HexBytes(keyValue.Private)),
-		keyType:       data.KeyTypeEd25519,
-		keyScheme:     data.KeySchemeEd25519,
-		keyAlgorithms: data.HashAlgorithms,
+		PrivateKey: ed25519.PrivateKey(data.HexBytes(keyValue.Private)),
 	}
 }
 
@@ -105,23 +107,45 @@ func (e *ed25519Signer) MarshalPrivateKey() (*data.PrivateKey, error) {
 		return nil, err
 	}
 	return &data.PrivateKey{
-		Type:       e.keyType,
-		Scheme:     e.keyScheme,
-		Algorithms: e.keyAlgorithms,
+		Type:       data.KeyTypeEd25519,
+		Scheme:     data.KeySchemeEd25519,
+		Algorithms: data.HashAlgorithms,
 		Value:      valueBytes,
 	}, nil
 }
 
 func (e *ed25519Signer) UnmarshalPrivateKey(key *data.PrivateKey) error {
 	keyValue := &Ed25519PrivateKeyValue{}
-	if err := json.Unmarshal(key.Value, keyValue); err != nil {
-		return err
+
+	// Prepare decoder limited to 512Kb
+	dec := json.NewDecoder(io.LimitReader(bytes.NewReader(key.Value), MaxJSONKeySize))
+
+	// Unmarshal key value
+	if err := dec.Decode(keyValue); err != nil {
+		if errors.Is(err, io.EOF) || errors.Is(err, io.ErrUnexpectedEOF) {
+			return fmt.Errorf("tuf: the private key is truncated or too large: %w", err)
+		}
+	}
+
+	// Check private key length
+	if n := len(keyValue.Private); n != ed25519.PrivateKeySize {
+		return fmt.Errorf("tuf: invalid ed25519 private key length, expected %d, got %d", ed25519.PrivateKeySize, n)
+	}
+
+	// Generate public key from private key
+	pub, _, err := ed25519.GenerateKey(bytes.NewReader(keyValue.Private))
+	if err != nil {
+		return fmt.Errorf("tuf: unable to derive public key from private key: %w", err)
 	}
+
+	// Compare keys
+	if subtle.ConstantTimeCompare(keyValue.Public, pub) != 1 {
+		return errors.New("tuf: public and private keys don't match")
+	}
+
+	// Prepare signer
 	*e = ed25519Signer{
-		PrivateKey:    ed25519.PrivateKey(data.HexBytes(keyValue.Private)),
-		keyType:       key.Type,
-		keyScheme:     key.Scheme,
-		keyAlgorithms: key.Algorithms,
+		PrivateKey: ed25519.PrivateKey(data.HexBytes(keyValue.Private)),
 	}
 	return nil
 }
@@ -129,9 +153,9 @@ func (e *ed25519Signer) UnmarshalPrivateKey(key *data.PrivateKey) error {
 func (e *ed25519Signer) PublicData() *data.PublicKey {
 	keyValBytes, _ := json.Marshal(ed25519Verifier{PublicKey: []byte(e.PrivateKey.Public().(ed25519.PublicKey))})
 	return &data.PublicKey{
-		Type:       e.keyType,
-		Scheme:     e.keyScheme,
-		Algorithms: e.keyAlgorithms,
+		Type:       data.KeyTypeEd25519,
+		Scheme:     data.KeySchemeEd25519,
+		Algorithms: data.HashAlgorithms,
 		Value:      keyValBytes,
 	}
 }
diff --git a/vendor/github.com/DataDog/go-tuf/pkg/keys/keys.go b/vendor/github.com/DataDog/go-tuf/pkg/keys/keys.go
index b8ef3f24c4..7fc25316e1 100644
--- a/vendor/github.com/DataDog/go-tuf/pkg/keys/keys.go
+++ b/vendor/github.com/DataDog/go-tuf/pkg/keys/keys.go
@@ -8,6 +8,9 @@ import (
 	"github.com/DataDog/go-tuf/data"
 )
 
+// MaxJSONKeySize defines the maximum length of a JSON payload.
+const MaxJSONKeySize = 512 * 1024 // 512Kb
+
 // SignerMap stores mapping between key type strings and signer constructors.
 var SignerMap sync.Map
 
diff --git a/vendor/github.com/DataDog/go-tuf/pkg/keys/pkix.go b/vendor/github.com/DataDog/go-tuf/pkg/keys/pkix.go
new file mode 100644
index 0000000000..e58d4c9f83
--- /dev/null
+++ b/vendor/github.com/DataDog/go-tuf/pkg/keys/pkix.go
@@ -0,0 +1,56 @@
+package keys
+
+import (
+	"bytes"
+	"crypto"
+	"crypto/x509"
+	"encoding/json"
+	"encoding/pem"
+	"errors"
+	"fmt"
+	"io"
+)
+
+type PKIXPublicKey struct {
+	crypto.PublicKey
+}
+
+func (p *PKIXPublicKey) MarshalJSON() ([]byte, error) {
+	bytes, err := x509.MarshalPKIXPublicKey(p.PublicKey)
+	if err != nil {
+		return nil, err
+	}
+	pemBytes := pem.EncodeToMemory(&pem.Block{
+		Type:  "PUBLIC KEY",
+		Bytes: bytes,
+	})
+	return json.Marshal(string(pemBytes))
+}
+
+func (p *PKIXPublicKey) UnmarshalJSON(b []byte) error {
+	var pemValue string
+	// Prepare decoder limited to 512Kb
+	dec := json.NewDecoder(io.LimitReader(bytes.NewReader(b), MaxJSONKeySize))
+
+	// Unmarshal key value
+	if err := dec.Decode(&pemValue); err != nil {
+		if errors.Is(err, io.EOF) || errors.Is(err, io.ErrUnexpectedEOF) {
+			return fmt.Errorf("tuf: the public key is truncated or too large: %w", err)
+		}
+		return err
+	}
+
+	block, _ := pem.Decode([]byte(pemValue))
+	if block == nil {
+		return errors.New("invalid PEM value")
+	}
+	if block.Type != "PUBLIC KEY" {
+		return fmt.Errorf("invalid block type: %s", block.Type)
+	}
+	pub, err := x509.ParsePKIXPublicKey(block.Bytes)
+	if err != nil {
+		return err
+	}
+	p.PublicKey = pub
+	return nil
+}
diff --git a/vendor/github.com/DataDog/go-tuf/pkg/keys/rsa.go b/vendor/github.com/DataDog/go-tuf/pkg/keys/rsa.go
index 3c73e6d80e..17d7690a7b 100644
--- a/vendor/github.com/DataDog/go-tuf/pkg/keys/rsa.go
+++ b/vendor/github.com/DataDog/go-tuf/pkg/keys/rsa.go
@@ -1,6 +1,7 @@
 package keys
 
 import (
+	"bytes"
 	"crypto"
 	"crypto/rand"
 	"crypto/rsa"
@@ -9,36 +10,38 @@ import (
 	"encoding/json"
 	"encoding/pem"
 	"errors"
+	"fmt"
+	"io"
 
 	"github.com/DataDog/go-tuf/data"
 )
 
 func init() {
-	VerifierMap.Store(data.KeyTypeRSASSA_PSS_SHA256, NewRsaVerifier)
-	SignerMap.Store(data.KeyTypeRSASSA_PSS_SHA256, NewRsaSigner)
+	VerifierMap.Store(data.KeyTypeRSASSA_PSS_SHA256, newRsaVerifier)
+	SignerMap.Store(data.KeyTypeRSASSA_PSS_SHA256, newRsaSigner)
 }
 
-func NewRsaVerifier() Verifier {
+func newRsaVerifier() Verifier {
 	return &rsaVerifier{}
 }
 
-func NewRsaSigner() Signer {
+func newRsaSigner() Signer {
 	return &rsaSigner{}
 }
 
 type rsaVerifier struct {
-	PublicKey string `json:"public"`
+	PublicKey *PKIXPublicKey `json:"public"`
 	rsaKey    *rsa.PublicKey
 	key       *data.PublicKey
 }
 
 func (p *rsaVerifier) Public() string {
-	// Unique public key identifier, use a uniform encodng
+	// This is already verified to succeed when unmarshalling a public key.
 	r, err := x509.MarshalPKIXPublicKey(p.rsaKey)
 	if err != nil {
-		// This shouldn't happen with a valid rsa key, but fallback on the
-		// JSON public key string
-		return string(p.PublicKey)
+		// TODO: Gracefully handle these errors.
+		// See https://github.com/DataDog/go-tuf/issues/363
+		panic(err)
 	}
 	return string(r)
 }
@@ -54,56 +57,42 @@ func (p *rsaVerifier) MarshalPublicKey() *data.PublicKey {
 }
 
 func (p *rsaVerifier) UnmarshalPublicKey(key *data.PublicKey) error {
-	if err := json.Unmarshal(key.Value, p); err != nil {
-		return err
-	}
-	var err error
-	p.rsaKey, err = parseKey(p.PublicKey)
-	if err != nil {
+	// Prepare decoder limited to 512Kb
+	dec := json.NewDecoder(io.LimitReader(bytes.NewReader(key.Value), MaxJSONKeySize))
+
+	// Unmarshal key value
+	if err := dec.Decode(p); err != nil {
+		if errors.Is(err, io.EOF) || errors.Is(err, io.ErrUnexpectedEOF) {
+			return fmt.Errorf("tuf: the public key is truncated or too large: %w", err)
+		}
 		return err
 	}
-	p.key = key
-	return nil
-}
 
-// parseKey tries to parse a PEM []byte slice by attempting PKCS1 and PKIX in order.
-func parseKey(data string) (*rsa.PublicKey, error) {
-	block, _ := pem.Decode([]byte(data))
-	if block == nil {
-		return nil, errors.New("tuf: pem decoding public key failed")
+	rsaKey, ok := p.PublicKey.PublicKey.(*rsa.PublicKey)
+	if !ok {
+		return fmt.Errorf("invalid public key")
 	}
-	rsaPub, err := x509.ParsePKCS1PublicKey(block.Bytes)
-	if err == nil {
-		return rsaPub, nil
-	}
-	key, err := x509.ParsePKIXPublicKey(block.Bytes)
-	if err == nil {
-		rsaPub, ok := key.(*rsa.PublicKey)
-		if !ok {
-			return nil, errors.New("tuf: invalid rsa key")
-		}
-		return rsaPub, nil
+
+	if _, err := x509.MarshalPKIXPublicKey(rsaKey); err != nil {
+		return fmt.Errorf("marshalling to PKIX key: invalid public key")
 	}
-	return nil, errors.New("tuf: error unmarshalling rsa key")
+
+	p.rsaKey = rsaKey
+	p.key = key
+	return nil
 }
 
 type rsaSigner struct {
 	*rsa.PrivateKey
 }
 
-type rsaPublic struct {
-	// PEM encoded public key.
-	PublicKey string `json:"public"`
+type rsaPrivateKeyValue struct {
+	Private string         `json:"private"`
+	Public  *PKIXPublicKey `json:"public"`
 }
 
 func (s *rsaSigner) PublicData() *data.PublicKey {
-	pub, _ := x509.MarshalPKIXPublicKey(s.Public().(*rsa.PublicKey))
-	pubBytes := pem.EncodeToMemory(&pem.Block{
-		Type:  "RSA PUBLIC KEY",
-		Bytes: pub,
-	})
-
-	keyValBytes, _ := json.Marshal(rsaPublic{PublicKey: string(pubBytes)})
+	keyValBytes, _ := json.Marshal(rsaVerifier{PublicKey: &PKIXPublicKey{PublicKey: s.Public()}})
 	return &data.PublicKey{
 		Type:       data.KeyTypeRSASSA_PSS_SHA256,
 		Scheme:     data.KeySchemeRSASSA_PSS_SHA256,
@@ -122,11 +111,46 @@ func (s *rsaSigner) ContainsID(id string) bool {
 }
 
 func (s *rsaSigner) MarshalPrivateKey() (*data.PrivateKey, error) {
-	return nil, errors.New("not implemented for test")
+	priv := x509.MarshalPKCS1PrivateKey(s.PrivateKey)
+	pemKey := pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: priv})
+	val, err := json.Marshal(rsaPrivateKeyValue{
+		Private: string(pemKey),
+		Public:  &PKIXPublicKey{PublicKey: s.Public()},
+	})
+	if err != nil {
+		return nil, err
+	}
+	return &data.PrivateKey{
+		Type:       data.KeyTypeRSASSA_PSS_SHA256,
+		Scheme:     data.KeySchemeRSASSA_PSS_SHA256,
+		Algorithms: data.HashAlgorithms,
+		Value:      val,
+	}, nil
 }
 
 func (s *rsaSigner) UnmarshalPrivateKey(key *data.PrivateKey) error {
-	return errors.New("not implemented for test")
+	val := rsaPrivateKeyValue{}
+	if err := json.Unmarshal(key.Value, &val); err != nil {
+		return err
+	}
+	block, _ := pem.Decode([]byte(val.Private))
+	if block == nil {
+		return errors.New("invalid PEM value")
+	}
+	if block.Type != "RSA PRIVATE KEY" {
+		return fmt.Errorf("invalid block type: %s", block.Type)
+	}
+	k, err := x509.ParsePKCS1PrivateKey(block.Bytes)
+	if err != nil {
+		return err
+	}
+	if _, err := json.Marshal(rsaVerifier{
+		PublicKey: &PKIXPublicKey{PublicKey: k.Public()}}); err != nil {
+		return fmt.Errorf("invalid public key: %s", err)
+	}
+
+	s.PrivateKey = k
+	return nil
 }
 
 func GenerateRsaKey() (*rsaSigner, error) {
diff --git a/vendor/github.com/DataDog/go-tuf/pkg/targets/delegation.go b/vendor/github.com/DataDog/go-tuf/pkg/targets/delegation.go
index 22d2ceeced..d155d070f4 100644
--- a/vendor/github.com/DataDog/go-tuf/pkg/targets/delegation.go
+++ b/vendor/github.com/DataDog/go-tuf/pkg/targets/delegation.go
@@ -18,6 +18,7 @@ type delegationsIterator struct {
 	stack        []Delegation
 	target       string
 	visitedRoles map[string]struct{}
+	parents      map[string]string
 }
 
 var ErrTopLevelTargetsRoleMissing = errors.New("tuf: top level targets role missing from top level keys DB")
@@ -43,6 +44,7 @@ func NewDelegationsIterator(target string, topLevelKeysDB *verify.DB) (*delegati
 			},
 		},
 		visitedRoles: make(map[string]struct{}),
+		parents:      make(map[string]string),
 	}
 	return i, nil
 }
@@ -64,7 +66,7 @@ func (d *delegationsIterator) Next() (value Delegation, ok bool) {
 
 	// 5.6.7.2 trim delegations to visit, only the current role and its delegations
 	// will be considered
-	// https://github.com/DataDog/specification/issues/168
+	// https://github.com/theupdateframework/specification/issues/168
 	if delegation.Delegatee.Terminating {
 		// Empty the stack.
 		d.stack = d.stack[0:0]
@@ -88,8 +90,13 @@ func (d *delegationsIterator) Add(roles []data.DelegatedRole, delegator string,
 				DB:        db,
 			}
 			d.stack = append(d.stack, delegation)
+			d.parents[r.Name] = delegator
 		}
 	}
 
 	return nil
 }
+
+func (d *delegationsIterator) Parent(role string) string {
+	return d.parents[role]
+}
diff --git a/vendor/github.com/DataDog/go-tuf/util/util.go b/vendor/github.com/DataDog/go-tuf/util/util.go
index 4c1c0dff40..a9b23b007d 100644
--- a/vendor/github.com/DataDog/go-tuf/util/util.go
+++ b/vendor/github.com/DataDog/go-tuf/util/util.go
@@ -10,7 +10,6 @@ import (
 	"fmt"
 	"hash"
 	"io"
-	"io/ioutil"
 	"os"
 	"path"
 	"path/filepath"
@@ -86,6 +85,32 @@ func FileMetaEqual(actual data.FileMeta, expected data.FileMeta) error {
 	return nil
 }
 
+func BytesMatchLenAndHashes(fetched []byte, length int64, hashes data.Hashes) error {
+	flen := int64(len(fetched))
+	if length != 0 && flen != length {
+		return ErrWrongLength{length, flen}
+	}
+
+	for alg, expected := range hashes {
+		var h hash.Hash
+		switch alg {
+		case "sha256":
+			h = sha256.New()
+		case "sha512":
+			h = sha512.New()
+		default:
+			return ErrUnknownHashAlgorithm{alg}
+		}
+		h.Write(fetched)
+		hash := h.Sum(nil)
+		if !hmac.Equal(hash, expected) {
+			return ErrWrongHash{alg, expected, hash}
+		}
+	}
+
+	return nil
+}
+
 func hashEqual(actual data.Hashes, expected data.Hashes) error {
 	hashChecked := false
 	for typ, hash := range expected {
@@ -102,7 +127,7 @@ func hashEqual(actual data.Hashes, expected data.Hashes) error {
 	return nil
 }
 
-func versionEqual(actual int64, expected int64) error {
+func VersionEqual(actual int64, expected int64) error {
 	if actual != expected {
 		return ErrWrongVersion{expected, actual}
 	}
@@ -114,7 +139,7 @@ func SnapshotFileMetaEqual(actual data.SnapshotFileMeta, expected data.SnapshotF
 	// member of snapshots. However they are considering requiring hashes
 	// for delegated roles to avoid an attack described in Section 5.6 of
 	// the Mercury paper:
-	// https://github.com/DataDog/specification/pull/40
+	// https://github.com/theupdateframework/specification/pull/40
 	if expected.Length != 0 && actual.Length != expected.Length {
 		return ErrWrongLength{expected.Length, actual.Length}
 	}
@@ -125,7 +150,7 @@ func SnapshotFileMetaEqual(actual data.SnapshotFileMeta, expected data.SnapshotF
 		}
 	}
 	// 5.6.4 - Check against snapshot role's snapshot version
-	if err := versionEqual(actual.Version, expected.Version); err != nil {
+	if err := VersionEqual(actual.Version, expected.Version); err != nil {
 		return err
 	}
 
@@ -149,7 +174,7 @@ func TimestampFileMetaEqual(actual data.TimestampFileMeta, expected data.Timesta
 		}
 	}
 	// 5.5.4 - Check against timestamp role's snapshot version
-	if err := versionEqual(actual.Version, expected.Version); err != nil {
+	if err := VersionEqual(actual.Version, expected.Version); err != nil {
 		return err
 	}
 
@@ -176,7 +201,7 @@ func GenerateFileMeta(r io.Reader, hashAlgorithms ...string) (data.FileMeta, err
 		hashes[hashAlgorithm] = h
 		r = io.TeeReader(r, h)
 	}
-	n, err := io.Copy(ioutil.Discard, r)
+	n, err := io.Copy(io.Discard, r)
 	if err != nil {
 		return data.FileMeta{}, err
 	}
@@ -192,7 +217,7 @@ type versionedMeta struct {
 }
 
 func generateVersionedFileMeta(r io.Reader, hashAlgorithms ...string) (data.FileMeta, int64, error) {
-	b, err := ioutil.ReadAll(r)
+	b, err := io.ReadAll(r)
 	if err != nil {
 		return data.FileMeta{}, 0, err
 	}
@@ -221,8 +246,9 @@ func GenerateSnapshotFileMeta(r io.Reader, hashAlgorithms ...string) (data.Snaps
 		return data.SnapshotFileMeta{}, err
 	}
 	return data.SnapshotFileMeta{
-		FileMeta: m,
-		Version:  v,
+		Length:  m.Length,
+		Hashes:  m.Hashes,
+		Version: v,
 	}, nil
 }
 
@@ -242,8 +268,9 @@ func GenerateTimestampFileMeta(r io.Reader, hashAlgorithms ...string) (data.Time
 		return data.TimestampFileMeta{}, err
 	}
 	return data.TimestampFileMeta{
-		FileMeta: m,
-		Version:  v,
+		Length:  m.Length,
+		Hashes:  m.Hashes,
+		Version: v,
 	}, nil
 }
 
@@ -273,7 +300,7 @@ func HashedPaths(p string, hashes data.Hashes) []string {
 
 func AtomicallyWriteFile(filename string, data []byte, perm os.FileMode) error {
 	dir, name := filepath.Split(filename)
-	f, err := ioutil.TempFile(dir, name)
+	f, err := os.CreateTemp(dir, name)
 	if err != nil {
 		return err
 	}
diff --git a/vendor/github.com/DataDog/go-tuf/verify/db.go b/vendor/github.com/DataDog/go-tuf/verify/db.go
index 02b20063a2..1961c98fb3 100644
--- a/vendor/github.com/DataDog/go-tuf/verify/db.go
+++ b/vendor/github.com/DataDog/go-tuf/verify/db.go
@@ -53,13 +53,23 @@ func NewDBFromDelegations(d *data.Delegations) (*DB, error) {
 }
 
 func (db *DB) AddKey(id string, k *data.PublicKey) error {
-	if !k.ContainsID(id) {
-		return ErrWrongID{}
-	}
 	verifier, err := keys.GetVerifier(k)
 	if err != nil {
-		return ErrInvalidKey
+		return err // ErrInvalidKey
+	}
+
+	// TUF is considering in TAP-12 removing the
+	// requirement that the keyid hash algorithm be derived
+	// from the public key. So to be forwards compatible,
+	// we allow any key ID, rather than checking k.ContainsID(id)
+	//
+	// AddKey should be idempotent, so we allow re-adding the same PublicKey.
+	//
+	// TAP-12: https://github.com/theupdateframework/taps/blob/master/tap12.md
+	if oldVerifier, exists := db.verifiers[id]; exists && oldVerifier.Public() != verifier.Public() {
+		return ErrRepeatID{id}
 	}
+
 	db.verifiers[id] = verifier
 	return nil
 }
@@ -74,9 +84,6 @@ func (db *DB) AddRole(name string, r *data.Role) error {
 		Threshold: r.Threshold,
 	}
 	for _, id := range r.KeyIDs {
-		if len(id) != data.KeyIDLength {
-			return ErrInvalidKeyID
-		}
 		role.KeyIDs[id] = struct{}{}
 	}
 
diff --git a/vendor/github.com/DataDog/go-tuf/verify/errors.go b/vendor/github.com/DataDog/go-tuf/verify/errors.go
index f94321e29d..f71d4bda94 100644
--- a/vendor/github.com/DataDog/go-tuf/verify/errors.go
+++ b/vendor/github.com/DataDog/go-tuf/verify/errors.go
@@ -21,10 +21,12 @@ var (
 	ErrMissingTargetFile    = errors.New("tuf: missing previously listed targets metadata file")
 )
 
-type ErrWrongID struct{}
+type ErrRepeatID struct {
+	KeyID string
+}
 
-func (ErrWrongID) Error() string {
-	return "tuf: key id mismatch"
+func (e ErrRepeatID) Error() string {
+	return fmt.Sprintf("tuf: duplicate key id (%s)", e.KeyID)
 }
 
 type ErrUnknownRole struct {
diff --git a/vendor/github.com/DataDog/go-tuf/verify/verify.go b/vendor/github.com/DataDog/go-tuf/verify/verify.go
index e892c537a8..b0cf333ca5 100644
--- a/vendor/github.com/DataDog/go-tuf/verify/verify.go
+++ b/vendor/github.com/DataDog/go-tuf/verify/verify.go
@@ -7,6 +7,7 @@ import (
 
 	"github.com/DataDog/go-tuf/data"
 	"github.com/DataDog/go-tuf/internal/roles"
+	"github.com/DataDog/go-tuf/pkg/keys"
 	"github.com/secure-systems-lab/go-securesystemslib/cjson"
 )
 
@@ -16,6 +17,22 @@ type signedMeta struct {
 	Version int64     `json:"version"`
 }
 
+// VerifySignature takes a signed JSON message, a signature, and a
+// verifier and verifies the given signature on the JSON message
+// using the verifier. It returns an error if verification fails.
+func VerifySignature(signed json.RawMessage, sig data.HexBytes,
+	verifier keys.Verifier) error {
+	var decoded map[string]interface{}
+	if err := json.Unmarshal(signed, &decoded); err != nil {
+		return err
+	}
+	msg, err := cjson.EncodeCanonical(decoded)
+	if err != nil {
+		return err
+	}
+	return verifier.Verify(msg, sig)
+}
+
 func (db *DB) VerifyIgnoreExpiredCheck(s *data.Signed, role string, minVersion int64) error {
 	if err := db.VerifySignatures(s, role); err != nil {
 		return err
@@ -80,20 +97,11 @@ func (db *DB) VerifySignatures(s *data.Signed, role string) error {
 		return ErrUnknownRole{role}
 	}
 
-	var decoded map[string]interface{}
-	if err := json.Unmarshal(s.Signed, &decoded); err != nil {
-		return err
-	}
-	msg, err := cjson.EncodeCanonical(decoded)
-	if err != nil {
-		return err
-	}
-
 	// Verify that a threshold of keys signed the data. Since keys can have
 	// multiple key ids, we need to protect against multiple attached
 	// signatures that just differ on the key id.
-	seen := make(map[string]struct{})
-	valid := 0
+	verifiedKeyIDs := make(map[string]struct{})
+	numVerifiedKeys := 0
 	for _, sig := range s.Signatures {
 		if !roleData.ValidKey(sig.KeyID) {
 			continue
@@ -103,22 +111,37 @@ func (db *DB) VerifySignatures(s *data.Signed, role string) error {
 			continue
 		}
 
-		if err := verifier.Verify(msg, sig.Signature); err != nil {
-			return ErrInvalid
+		if err := VerifySignature(s.Signed, sig.Signature, verifier); err != nil {
+			// If a signature fails verification, don't count it towards the
+			// threshold but also return early and error out immediately.
+			// Note: Because of this, it is impossible to distinguish between
+			// an error of an invalid signature and a threshold not achieved.
+			// Invalid signatures lead to not achieving the threshold.
+			continue
 		}
 
 		// Only consider this key valid if we haven't seen any of it's
 		// key ids before.
-		if _, ok := seen[sig.KeyID]; !ok {
-			for _, id := range verifier.MarshalPublicKey().IDs() {
-				seen[id] = struct{}{}
+		// Careful: we must not rely on the key IDs _declared in the file_,
+		// instead we get to decide what key IDs this key correspond to.
+		// XXX dangerous; better stop supporting multiple key IDs altogether.
+		keyIDs := verifier.MarshalPublicKey().IDs()
+		wasKeySeen := false
+		for _, keyID := range keyIDs {
+			if _, present := verifiedKeyIDs[keyID]; present {
+				wasKeySeen = true
+			}
+		}
+		if !wasKeySeen {
+			for _, id := range keyIDs {
+				verifiedKeyIDs[id] = struct{}{}
 			}
 
-			valid++
+			numVerifiedKeys++
 		}
 	}
-	if valid < roleData.Threshold {
-		return ErrRoleThreshold{roleData.Threshold, valid}
+	if numVerifiedKeys < roleData.Threshold {
+		return ErrRoleThreshold{roleData.Threshold, numVerifiedKeys}
 	}
 
 	return nil
diff --git a/vendor/github.com/DataDog/sketches-go/ddsketch/ddsketch.go b/vendor/github.com/DataDog/sketches-go/ddsketch/ddsketch.go
index 3f0f943c27..33a0ea5b2b 100644
--- a/vendor/github.com/DataDog/sketches-go/ddsketch/ddsketch.go
+++ b/vendor/github.com/DataDog/sketches-go/ddsketch/ddsketch.go
@@ -18,8 +18,12 @@ import (
 )
 
 var (
-	errEmptySketch error = errors.New("no such element exists")
-	errUnknownFlag error = errors.New("unknown encoding flag")
+	ErrUntrackableNaN     = errors.New("input value is NaN and cannot be tracked by the sketch")
+	ErrUntrackableTooLow  = errors.New("input value is too low and cannot be tracked by the sketch")
+	ErrUntrackableTooHigh = errors.New("input value is too high and cannot be tracked by the sketch")
+	ErrNegativeCount      = errors.New("count cannot be negative")
+	errEmptySketch        = errors.New("no such element exists")
+	errUnknownFlag        = errors.New("unknown encoding flag")
 )
 
 // Unexported to prevent usage and avoid the cost of dynamic dispatch
@@ -27,7 +31,10 @@ type quantileSketch interface {
 	RelativeAccuracy() float64
 	IsEmpty() bool
 	GetCount() float64
+	GetZeroCount() float64
 	GetSum() float64
+	GetPositiveValueStore() store.Store
+	GetNegativeValueStore() store.Store
 	GetMinValue() (float64, error)
 	GetMaxValue() (float64, error)
 	GetValueAtQuantile(quantile float64) (float64, error)
@@ -49,11 +56,9 @@ var _ quantileSketch = (*DDSketchWithExactSummaryStatistics)(nil)
 
 type DDSketch struct {
 	mapping.IndexMapping
-	positiveValueStore        store.Store
-	negativeValueStore        store.Store
-	zeroCount                 float64
-	minIndexableAbsoluteValue float64
-	maxIndexableValue         float64
+	positiveValueStore store.Store
+	negativeValueStore store.Store
+	zeroCount          float64
 }
 
 func NewDDSketchFromStoreProvider(indexMapping mapping.IndexMapping, storeProvider store.Provider) *DDSketch {
@@ -62,11 +67,9 @@ func NewDDSketchFromStoreProvider(indexMapping mapping.IndexMapping, storeProvid
 
 func NewDDSketch(indexMapping mapping.IndexMapping, positiveValueStore store.Store, negativeValueStore store.Store) *DDSketch {
 	return &DDSketch{
-		IndexMapping:              indexMapping,
-		positiveValueStore:        positiveValueStore,
-		negativeValueStore:        negativeValueStore,
-		minIndexableAbsoluteValue: indexMapping.MinIndexableValue(),
-		maxIndexableValue:         indexMapping.MaxIndexableValue(),
+		IndexMapping:       indexMapping,
+		positiveValueStore: positiveValueStore,
+		negativeValueStore: negativeValueStore,
 	}
 }
 
@@ -119,17 +122,22 @@ func (s *DDSketch) Add(value float64) error {
 
 // Adds a value to the sketch with a float64 count.
 func (s *DDSketch) AddWithCount(value, count float64) error {
-	if value < -s.maxIndexableValue || value > s.maxIndexableValue {
-		return errors.New("The input value is outside the range that is tracked by the sketch.")
-	}
 	if count < 0 {
-		return errors.New("The count cannot be negative.")
+		return ErrNegativeCount
 	}
 
-	if value > s.minIndexableAbsoluteValue {
+	if value > s.MinIndexableValue() {
+		if value > s.MaxIndexableValue() {
+			return ErrUntrackableTooHigh
+		}
 		s.positiveValueStore.AddWithCount(s.Index(value), count)
-	} else if value < -s.minIndexableAbsoluteValue {
+	} else if value < -s.MinIndexableValue() {
+		if value < -s.MaxIndexableValue() {
+			return ErrUntrackableTooLow
+		}
 		s.negativeValueStore.AddWithCount(s.Index(-value), count)
+	} else if math.IsNaN(value) {
+		return ErrUntrackableNaN
 	} else {
 		s.zeroCount += count
 	}
@@ -139,12 +147,10 @@ func (s *DDSketch) AddWithCount(value, count float64) error {
 // Return a (deep) copy of this sketch.
 func (s *DDSketch) Copy() *DDSketch {
 	return &DDSketch{
-		IndexMapping:              s.IndexMapping,
-		positiveValueStore:        s.positiveValueStore.Copy(),
-		negativeValueStore:        s.negativeValueStore.Copy(),
-		zeroCount:                 s.zeroCount,
-		minIndexableAbsoluteValue: s.minIndexableAbsoluteValue,
-		maxIndexableValue:         s.maxIndexableValue,
+		IndexMapping:       s.IndexMapping,
+		positiveValueStore: s.positiveValueStore.Copy(),
+		negativeValueStore: s.negativeValueStore.Copy(),
+		zeroCount:          s.zeroCount,
 	}
 }
 
@@ -197,6 +203,13 @@ func (s *DDSketch) GetCount() float64 {
 	return s.zeroCount + s.positiveValueStore.TotalCount() + s.negativeValueStore.TotalCount()
 }
 
+// GetZeroCount returns the number of zero values that have been added to this sketch.
+// Note: values that are very small (lower than MinIndexableValue if positive, or higher than -MinIndexableValue if negative)
+// are also mapped to the zero bucket.
+func (s *DDSketch) GetZeroCount() float64 {
+	return s.zeroCount
+}
+
 // Return true iff no value has been added to this sketch.
 func (s *DDSketch) IsEmpty() bool {
 	return s.zeroCount == 0 && s.positiveValueStore.IsEmpty() && s.negativeValueStore.IsEmpty()
@@ -247,6 +260,18 @@ func (s *DDSketch) GetSum() (sum float64) {
 	return sum
 }
 
+// GetPositiveValueStore returns the store.Store object that contains the positive
+// values of the sketch.
+func (s *DDSketch) GetPositiveValueStore() store.Store {
+	return s.positiveValueStore
+}
+
+// GetNegativeValueStore returns the store.Store object that contains the negative
+// values of the sketch.
+func (s *DDSketch) GetNegativeValueStore() store.Store {
+	return s.negativeValueStore
+}
+
 // ForEach applies f on the bins of the sketches until f returns true.
 // There is no guarantee on the bin iteration order.
 func (s *DDSketch) ForEach(f func(value, count float64) (stop bool)) {
@@ -295,20 +320,22 @@ func FromProto(pb *sketchpb.DDSketch) (*DDSketch, error) {
 
 func FromProtoWithStoreProvider(pb *sketchpb.DDSketch, storeProvider store.Provider) (*DDSketch, error) {
 	positiveValueStore := storeProvider()
-	store.MergeWithProto(positiveValueStore, pb.PositiveValues)
+	if pb.PositiveValues != nil {
+		store.MergeWithProto(positiveValueStore, pb.PositiveValues)
+	}
 	negativeValueStore := storeProvider()
-	store.MergeWithProto(negativeValueStore, pb.NegativeValues)
+	if pb.NegativeValues != nil {
+		store.MergeWithProto(negativeValueStore, pb.NegativeValues)
+	}
 	m, err := mapping.FromProto(pb.Mapping)
 	if err != nil {
 		return nil, err
 	}
 	return &DDSketch{
-		IndexMapping:              m,
-		positiveValueStore:        positiveValueStore,
-		negativeValueStore:        negativeValueStore,
-		zeroCount:                 pb.ZeroCount,
-		minIndexableAbsoluteValue: m.MinIndexableValue(),
-		maxIndexableValue:         m.MaxIndexableValue(),
+		IndexMapping:       m,
+		positiveValueStore: positiveValueStore,
+		negativeValueStore: negativeValueStore,
+		zeroCount:          pb.ZeroCount,
 	}, nil
 }
 
@@ -420,8 +447,6 @@ func (s *DDSketch) decodeAndMergeWith(bb []byte, fallbackDecode func(b *[]byte,
 	if s.IndexMapping == nil {
 		return errors.New("missing index mapping")
 	}
-	s.minIndexableAbsoluteValue = s.IndexMapping.MinIndexableValue()
-	s.maxIndexableValue = s.IndexMapping.MaxIndexableValue()
 	return nil
 }
 
@@ -484,7 +509,7 @@ func (s *DDSketch) Reweight(w float64) error {
 // statistics. Because of the need to track them exactly, adding and merging
 // operations are slightly more exepensive than those of DDSketch.
 type DDSketchWithExactSummaryStatistics struct {
-	sketch            *DDSketch
+	*DDSketch
 	summaryStatistics *stat.SummaryStatistics
 }
 
@@ -494,20 +519,27 @@ func NewDefaultDDSketchWithExactSummaryStatistics(relativeAccuracy float64) (*DD
 		return nil, err
 	}
 	return &DDSketchWithExactSummaryStatistics{
-		sketch:            sketch,
+		DDSketch:          sketch,
 		summaryStatistics: stat.NewSummaryStatistics(),
 	}, nil
 }
 
 func NewDDSketchWithExactSummaryStatistics(mapping mapping.IndexMapping, storeProvider store.Provider) *DDSketchWithExactSummaryStatistics {
 	return &DDSketchWithExactSummaryStatistics{
-		sketch:            NewDDSketchFromStoreProvider(mapping, storeProvider),
+		DDSketch:          NewDDSketchFromStoreProvider(mapping, storeProvider),
 		summaryStatistics: stat.NewSummaryStatistics(),
 	}
 }
 
-func (s *DDSketchWithExactSummaryStatistics) RelativeAccuracy() float64 {
-	return s.sketch.RelativeAccuracy()
+// NewDDSketchWithExactSummaryStatisticsFromData constructs DDSketchWithExactSummaryStatistics from the provided sketch and exact summary statistics.
+func NewDDSketchWithExactSummaryStatisticsFromData(sketch *DDSketch, summaryStatistics *stat.SummaryStatistics) (*DDSketchWithExactSummaryStatistics, error) {
+	if sketch.IsEmpty() != (summaryStatistics.Count() == 0) {
+		return nil, errors.New("sketch and summary statistics do not match")
+	}
+	return &DDSketchWithExactSummaryStatistics{
+		DDSketch:          sketch,
+		summaryStatistics: summaryStatistics,
+	}, nil
 }
 
 func (s *DDSketchWithExactSummaryStatistics) IsEmpty() bool {
@@ -518,26 +550,45 @@ func (s *DDSketchWithExactSummaryStatistics) GetCount() float64 {
 	return s.summaryStatistics.Count()
 }
 
+// GetZeroCount returns the number of zero values that have been added to this sketch.
+// Note: values that are very small (lower than MinIndexableValue if positive, or higher than -MinIndexableValue if negative)
+// are also mapped to the zero bucket.
+func (s *DDSketchWithExactSummaryStatistics) GetZeroCount() float64 {
+	return s.DDSketch.zeroCount
+}
+
 func (s *DDSketchWithExactSummaryStatistics) GetSum() float64 {
 	return s.summaryStatistics.Sum()
 }
 
+// GetPositiveValueStore returns the store.Store object that contains the positive
+// values of the sketch.
+func (s *DDSketchWithExactSummaryStatistics) GetPositiveValueStore() store.Store {
+	return s.DDSketch.positiveValueStore
+}
+
+// GetNegativeValueStore returns the store.Store object that contains the negative
+// values of the sketch.
+func (s *DDSketchWithExactSummaryStatistics) GetNegativeValueStore() store.Store {
+	return s.DDSketch.negativeValueStore
+}
+
 func (s *DDSketchWithExactSummaryStatistics) GetMinValue() (float64, error) {
-	if s.sketch.IsEmpty() {
+	if s.DDSketch.IsEmpty() {
 		return math.NaN(), errEmptySketch
 	}
 	return s.summaryStatistics.Min(), nil
 }
 
 func (s *DDSketchWithExactSummaryStatistics) GetMaxValue() (float64, error) {
-	if s.sketch.IsEmpty() {
+	if s.DDSketch.IsEmpty() {
 		return math.NaN(), errEmptySketch
 	}
 	return s.summaryStatistics.Max(), nil
 }
 
 func (s *DDSketchWithExactSummaryStatistics) GetValueAtQuantile(quantile float64) (float64, error) {
-	value, err := s.sketch.GetValueAtQuantile(quantile)
+	value, err := s.DDSketch.GetValueAtQuantile(quantile)
 	min := s.summaryStatistics.Min()
 	if value < min {
 		return min, err
@@ -550,7 +601,7 @@ func (s *DDSketchWithExactSummaryStatistics) GetValueAtQuantile(quantile float64
 }
 
 func (s *DDSketchWithExactSummaryStatistics) GetValuesAtQuantiles(quantiles []float64) ([]float64, error) {
-	values, err := s.sketch.GetValuesAtQuantiles(quantiles)
+	values, err := s.DDSketch.GetValuesAtQuantiles(quantiles)
 	min := s.summaryStatistics.Min()
 	max := s.summaryStatistics.Max()
 	for i := range values {
@@ -564,16 +615,16 @@ func (s *DDSketchWithExactSummaryStatistics) GetValuesAtQuantiles(quantiles []fl
 }
 
 func (s *DDSketchWithExactSummaryStatistics) ForEach(f func(value, count float64) (stop bool)) {
-	s.sketch.ForEach(f)
+	s.DDSketch.ForEach(f)
 }
 
 func (s *DDSketchWithExactSummaryStatistics) Clear() {
-	s.sketch.Clear()
+	s.DDSketch.Clear()
 	s.summaryStatistics.Clear()
 }
 
 func (s *DDSketchWithExactSummaryStatistics) Add(value float64) error {
-	err := s.sketch.Add(value)
+	err := s.DDSketch.Add(value)
 	if err != nil {
 		return err
 	}
@@ -585,7 +636,7 @@ func (s *DDSketchWithExactSummaryStatistics) AddWithCount(value, count float64)
 	if count == 0 {
 		return nil
 	}
-	err := s.sketch.AddWithCount(value, count)
+	err := s.DDSketch.AddWithCount(value, count)
 	if err != nil {
 		return err
 	}
@@ -594,7 +645,7 @@ func (s *DDSketchWithExactSummaryStatistics) AddWithCount(value, count float64)
 }
 
 func (s *DDSketchWithExactSummaryStatistics) MergeWith(o *DDSketchWithExactSummaryStatistics) error {
-	err := s.sketch.MergeWith(o.sketch)
+	err := s.DDSketch.MergeWith(o.DDSketch)
 	if err != nil {
 		return err
 	}
@@ -604,13 +655,13 @@ func (s *DDSketchWithExactSummaryStatistics) MergeWith(o *DDSketchWithExactSumma
 
 func (s *DDSketchWithExactSummaryStatistics) Copy() *DDSketchWithExactSummaryStatistics {
 	return &DDSketchWithExactSummaryStatistics{
-		sketch:            s.sketch.Copy(),
+		DDSketch:          s.DDSketch.Copy(),
 		summaryStatistics: s.summaryStatistics.Copy(),
 	}
 }
 
 func (s *DDSketchWithExactSummaryStatistics) Reweight(factor float64) error {
-	err := s.sketch.Reweight(factor)
+	err := s.DDSketch.Reweight(factor)
 	if err != nil {
 		return err
 	}
@@ -622,7 +673,7 @@ func (s *DDSketchWithExactSummaryStatistics) ChangeMapping(newMapping mapping.In
 	summaryStatisticsCopy := s.summaryStatistics.Copy()
 	summaryStatisticsCopy.Rescale(scaleFactor)
 	return &DDSketchWithExactSummaryStatistics{
-		sketch:            s.sketch.ChangeMapping(newMapping, storeProvider(), storeProvider(), scaleFactor),
+		DDSketch:          s.DDSketch.ChangeMapping(newMapping, storeProvider(), storeProvider(), scaleFactor),
 		summaryStatistics: summaryStatisticsCopy,
 	}
 }
@@ -644,7 +695,7 @@ func (s *DDSketchWithExactSummaryStatistics) Encode(b *[]byte, omitIndexMapping
 		enc.EncodeFlag(b, enc.FlagMax)
 		enc.EncodeFloat64LE(b, s.summaryStatistics.Max())
 	}
-	s.sketch.Encode(b, omitIndexMapping)
+	s.DDSketch.Encode(b, omitIndexMapping)
 }
 
 // DecodeDDSketchWithExactSummaryStatistics deserializes a sketch.
@@ -664,7 +715,7 @@ func (s *DDSketchWithExactSummaryStatistics) Encode(b *[]byte, omitIndexMapping
 // it is empty), because it does not track exact summary statistics
 func DecodeDDSketchWithExactSummaryStatistics(b []byte, storeProvider store.Provider, indexMapping mapping.IndexMapping) (*DDSketchWithExactSummaryStatistics, error) {
 	s := &DDSketchWithExactSummaryStatistics{
-		sketch: &DDSketch{
+		DDSketch: &DDSketch{
 			IndexMapping:       indexMapping,
 			positiveValueStore: storeProvider(),
 			negativeValueStore: storeProvider(),
@@ -677,7 +728,7 @@ func DecodeDDSketchWithExactSummaryStatistics(b []byte, storeProvider store.Prov
 }
 
 func (s *DDSketchWithExactSummaryStatistics) DecodeAndMergeWith(bb []byte) error {
-	err := s.sketch.decodeAndMergeWith(bb, func(b *[]byte, flag enc.Flag) error {
+	err := s.DDSketch.decodeAndMergeWith(bb, func(b *[]byte, flag enc.Flag) error {
 		switch flag {
 		case enc.FlagCount:
 			count, err := enc.DecodeVarfloat64(b)
@@ -709,7 +760,7 @@ func (s *DDSketchWithExactSummaryStatistics) DecodeAndMergeWith(bb []byte) error
 	}
 	// It is assumed that if the count is encoded, other exact summary
 	// statistics are encoded as well, which is the case if Encode is used.
-	if s.summaryStatistics.Count() == 0 && !s.sketch.IsEmpty() {
+	if s.summaryStatistics.Count() == 0 && !s.DDSketch.IsEmpty() {
 		return errors.New("missing exact summary statistics")
 	}
 	return nil
diff --git a/vendor/github.com/DataDog/sketches-go/ddsketch/mapping/cubically_interpolated_mapping.go b/vendor/github.com/DataDog/sketches-go/ddsketch/mapping/cubically_interpolated_mapping.go
index dbae9bb16b..933cdab667 100644
--- a/vendor/github.com/DataDog/sketches-go/ddsketch/mapping/cubically_interpolated_mapping.go
+++ b/vendor/github.com/DataDog/sketches-go/ddsketch/mapping/cubically_interpolated_mapping.go
@@ -21,36 +21,48 @@ const (
 	C = 10.0 / 7.0
 )
 
-// A fast IndexMapping that approximates the memory-optimal LogarithmicMapping by extracting the floor value
-// of the logarithm to the base 2 from the binary representations of floating-point values and cubically
-// interpolating the logarithm in-between.
-// More detailed documentation of this method can be found in:
-// <a href="https://github.com/DataDog/sketches-java/">sketches-java</a>
+// CubicallyInterpolatedMapping is a fast IndexMapping that approximates the
+// memory-optimal LogarithmicMapping by extracting the floor value of the
+// logarithm to the base 2 from the binary representations of floating-point
+// values and cubically interpolating the logarithm in-between. More detailed
+// documentation of this method can be found in: <a
+// href="https://github.com/DataDog/sketches-java/">sketches-java</a>
 type CubicallyInterpolatedMapping struct {
-	relativeAccuracy      float64
-	multiplier            float64
-	normalizedIndexOffset float64
+	gamma             float64 // base
+	indexOffset       float64
+	multiplier        float64 // precomputed for performance
+	minIndexableValue float64
+	maxIndexableValue float64
 }
 
 func NewCubicallyInterpolatedMapping(relativeAccuracy float64) (*CubicallyInterpolatedMapping, error) {
 	if relativeAccuracy <= 0 || relativeAccuracy >= 1 {
 		return nil, errors.New("The relative accuracy must be between 0 and 1.")
 	}
-	return &CubicallyInterpolatedMapping{
-		relativeAccuracy: relativeAccuracy,
-		multiplier:       7.0 / (10 * math.Log1p(2*relativeAccuracy/(1-relativeAccuracy))),
-	}, nil
+	gamma := math.Pow((1+relativeAccuracy)/(1-relativeAccuracy), 10*math.Ln2/7) // > 1
+	m, _ := NewCubicallyInterpolatedMappingWithGamma(gamma, 0)
+	return m, nil
 }
 
 func NewCubicallyInterpolatedMappingWithGamma(gamma, indexOffset float64) (*CubicallyInterpolatedMapping, error) {
 	if gamma <= 1 {
 		return nil, errors.New("Gamma must be greater than 1.")
 	}
+	multiplier := 1 / math.Log2(gamma)
+	adjustedGamma := math.Pow(gamma, 7/(10*math.Ln2))
 	m := CubicallyInterpolatedMapping{
-		relativeAccuracy: 1 - 2/(1+math.Exp(7.0/10*math.Log2(gamma))),
-		multiplier:       1 / math.Log2(gamma),
+		gamma:       gamma,
+		indexOffset: indexOffset,
+		multiplier:  multiplier,
+		minIndexableValue: math.Max(
+			math.Exp2((math.MinInt32-indexOffset)/multiplier+1), // so that index >= MinInt32
+			minNormalFloat64*adjustedGamma,
+		),
+		maxIndexableValue: math.Min(
+			math.Exp2((math.MaxInt32-indexOffset)/multiplier-1),       // so that index <= MaxInt32
+			math.Exp(expOverflow)/(2*adjustedGamma)*(adjustedGamma+1), // so that math.Exp does not overflow
+		),
 	}
-	m.normalizedIndexOffset = indexOffset - m.approximateLog(1)*m.multiplier
 	return &m, nil
 }
 
@@ -60,11 +72,11 @@ func (m *CubicallyInterpolatedMapping) Equals(other IndexMapping) bool {
 		return false
 	}
 	tol := 1e-12
-	return (withinTolerance(m.multiplier, o.multiplier, tol) && withinTolerance(m.normalizedIndexOffset, o.normalizedIndexOffset, tol))
+	return withinTolerance(m.gamma, o.gamma, tol) && withinTolerance(m.indexOffset, o.indexOffset, tol)
 }
 
 func (m *CubicallyInterpolatedMapping) Index(value float64) int {
-	index := m.approximateLog(value)*m.multiplier + m.normalizedIndexOffset
+	index := m.approximateLog(value)*m.multiplier + m.indexOffset
 	if index >= 0 {
 		return int(index)
 	} else {
@@ -73,14 +85,14 @@ func (m *CubicallyInterpolatedMapping) Index(value float64) int {
 }
 
 func (m *CubicallyInterpolatedMapping) Value(index int) float64 {
-	return m.LowerBound(index) * (1 + m.relativeAccuracy)
+	return m.LowerBound(index) * (1 + m.RelativeAccuracy())
 }
 
 func (m *CubicallyInterpolatedMapping) LowerBound(index int) float64 {
-	return m.approximateInverseLog((float64(index) - m.normalizedIndexOffset) / m.multiplier)
+	return m.approximateInverseLog((float64(index) - m.indexOffset) / m.multiplier)
 }
 
-// Return an approximation of log(1) + Math.log(x) / Math.log(base(2)).
+// Return an approximation of Math.log(x) / Math.log(base(2)).
 func (m *CubicallyInterpolatedMapping) approximateLog(x float64) float64 {
 	bits := math.Float64bits(x)
 	e := getExponent(bits)
@@ -100,44 +112,34 @@ func (m *CubicallyInterpolatedMapping) approximateInverseLog(x float64) float64
 }
 
 func (m *CubicallyInterpolatedMapping) MinIndexableValue() float64 {
-	return math.Max(
-		math.Exp2((math.MinInt32-m.normalizedIndexOffset)/m.multiplier-m.approximateLog(1)+1), // so that index >= MinInt32:w
-		minNormalFloat64*(1+m.relativeAccuracy)/(1-m.relativeAccuracy),
-	)
+	return m.minIndexableValue
 }
 
 func (m *CubicallyInterpolatedMapping) MaxIndexableValue() float64 {
-	return math.Min(
-		math.Exp2((math.MaxInt32-m.normalizedIndexOffset)/m.multiplier-m.approximateLog(float64(1))-1), // so that index <= MaxInt32
-		math.Exp(expOverflow)/(1+m.relativeAccuracy),                                                   // so that math.Exp does not overflow
-	)
+	return m.maxIndexableValue
 }
 
 func (m *CubicallyInterpolatedMapping) RelativeAccuracy() float64 {
-	return m.relativeAccuracy
-}
-
-func (m *CubicallyInterpolatedMapping) gamma() float64 {
-	return math.Exp2(1 / m.multiplier)
+	return 1 - 2/(1+math.Exp(7.0/10*math.Log2(m.gamma)))
 }
 
 func (m *CubicallyInterpolatedMapping) ToProto() *sketchpb.IndexMapping {
 	return &sketchpb.IndexMapping{
-		Gamma:         m.gamma(),
-		IndexOffset:   m.normalizedIndexOffset + m.approximateLog(1)*m.multiplier,
+		Gamma:         m.gamma,
+		IndexOffset:   m.indexOffset,
 		Interpolation: sketchpb.IndexMapping_CUBIC,
 	}
 }
 
 func (m *CubicallyInterpolatedMapping) Encode(b *[]byte) {
 	enc.EncodeFlag(b, enc.FlagIndexMappingBaseCubic)
-	enc.EncodeFloat64LE(b, m.gamma())
-	enc.EncodeFloat64LE(b, m.normalizedIndexOffset)
+	enc.EncodeFloat64LE(b, m.gamma)
+	enc.EncodeFloat64LE(b, m.indexOffset)
 }
 
 func (m *CubicallyInterpolatedMapping) string() string {
 	var buffer bytes.Buffer
-	buffer.WriteString(fmt.Sprintf("relativeAccuracy: %v, multiplier: %v, normalizedIndexOffset: %v\n", m.relativeAccuracy, m.multiplier, m.normalizedIndexOffset))
+	buffer.WriteString(fmt.Sprintf("gamma: %v, indexOffset: %v\n", m.gamma, m.indexOffset))
 	return buffer.String()
 }
 
diff --git a/vendor/github.com/DataDog/sketches-go/ddsketch/mapping/index_mapping.go b/vendor/github.com/DataDog/sketches-go/ddsketch/mapping/index_mapping.go
index d8cea77797..88b926592a 100644
--- a/vendor/github.com/DataDog/sketches-go/ddsketch/mapping/index_mapping.go
+++ b/vendor/github.com/DataDog/sketches-go/ddsketch/mapping/index_mapping.go
@@ -24,7 +24,9 @@ type IndexMapping interface {
 	Value(index int) float64
 	LowerBound(index int) float64
 	RelativeAccuracy() float64
+	// MinIndexableValue returns the minimum positive value that can be mapped to an index.
 	MinIndexableValue() float64
+	// MaxIndexableValue returns the maximum positive value that can be mapped to an index.
 	MaxIndexableValue() float64
 	ToProto() *sketchpb.IndexMapping
 	// Encode encodes a mapping and appends its content to the provided []byte.
@@ -37,6 +39,9 @@ func NewDefaultMapping(relativeAccuracy float64) (IndexMapping, error) {
 
 // FromProto returns an Index mapping from the protobuf definition of it
 func FromProto(m *sketchpb.IndexMapping) (IndexMapping, error) {
+	if m == nil {
+		return nil, errors.New("cannot create IndexMapping from nil protobuf index mapping")
+	}
 	switch m.Interpolation {
 	case sketchpb.IndexMapping_NONE:
 		return NewLogarithmicMappingWithGamma(m.Gamma, m.IndexOffset)
diff --git a/vendor/github.com/DataDog/sketches-go/ddsketch/mapping/linearly_interpolated_mapping.go b/vendor/github.com/DataDog/sketches-go/ddsketch/mapping/linearly_interpolated_mapping.go
index d17bb46612..d9b0b7408a 100644
--- a/vendor/github.com/DataDog/sketches-go/ddsketch/mapping/linearly_interpolated_mapping.go
+++ b/vendor/github.com/DataDog/sketches-go/ddsketch/mapping/linearly_interpolated_mapping.go
@@ -15,34 +15,47 @@ import (
 	"github.com/DataDog/sketches-go/ddsketch/pb/sketchpb"
 )
 
-// A fast IndexMapping that approximates the memory-optimal LogarithmicMapping by extracting the floor value
-// of the logarithm to the base 2 from the binary representations of floating-point values and linearly
-// interpolating the logarithm in-between.
+// LinearlyInterpolatedMapping is a fast IndexMapping that approximates the
+// memory-optimal LogarithmicMapping by extracting the floor value of the
+// logarithm to the base 2 from the binary representations of floating-point
+// values and linearly interpolating the logarithm in-between.
 type LinearlyInterpolatedMapping struct {
-	relativeAccuracy      float64
-	multiplier            float64
-	normalizedIndexOffset float64
+	gamma             float64 // base
+	indexOffset       float64
+	multiplier        float64 // precomputed for performance
+	minIndexableValue float64
+	maxIndexableValue float64
 }
 
 func NewLinearlyInterpolatedMapping(relativeAccuracy float64) (*LinearlyInterpolatedMapping, error) {
 	if relativeAccuracy <= 0 || relativeAccuracy >= 1 {
 		return nil, errors.New("The relative accuracy must be between 0 and 1.")
 	}
-	return &LinearlyInterpolatedMapping{
-		relativeAccuracy: relativeAccuracy,
-		multiplier:       1.0 / math.Log1p(2*relativeAccuracy/(1-relativeAccuracy)),
-	}, nil
+	gamma := math.Pow((1+relativeAccuracy)/(1-relativeAccuracy), math.Ln2) // > 1
+	indexOffset := 1 / math.Log2(gamma)                                    // for backward compatibility
+	m, _ := NewLinearlyInterpolatedMappingWithGamma(gamma, indexOffset)
+	return m, nil
 }
 
 func NewLinearlyInterpolatedMappingWithGamma(gamma, indexOffset float64) (*LinearlyInterpolatedMapping, error) {
 	if gamma <= 1 {
 		return nil, errors.New("Gamma must be greater than 1.")
 	}
+	multiplier := 1 / math.Log2(gamma)
+	adjustedGamma := math.Pow(gamma, 1/math.Ln2)
 	m := LinearlyInterpolatedMapping{
-		relativeAccuracy: 1 - 2/(1+math.Exp(math.Log2(gamma))),
-		multiplier:       1 / math.Log2(gamma),
+		gamma:       gamma,
+		indexOffset: indexOffset,
+		multiplier:  multiplier,
+		minIndexableValue: math.Max(
+			math.Exp2((math.MinInt32-indexOffset)/multiplier+1), // so that index >= MinInt32
+			minNormalFloat64*adjustedGamma,
+		),
+		maxIndexableValue: math.Min(
+			math.Exp2((math.MaxInt32-indexOffset)/multiplier-1),       // so that index <= MaxInt32
+			math.Exp(expOverflow)/(2*adjustedGamma)*(adjustedGamma+1), // so that math.Exp does not overflow
+		),
 	}
-	m.normalizedIndexOffset = indexOffset - m.approximateLog(1)*m.multiplier
 	return &m, nil
 }
 
@@ -52,11 +65,11 @@ func (m *LinearlyInterpolatedMapping) Equals(other IndexMapping) bool {
 		return false
 	}
 	tol := 1e-12
-	return (withinTolerance(m.multiplier, o.multiplier, tol) && withinTolerance(m.normalizedIndexOffset, o.normalizedIndexOffset, tol))
+	return withinTolerance(m.gamma, o.gamma, tol) && withinTolerance(m.indexOffset, o.indexOffset, tol)
 }
 
 func (m *LinearlyInterpolatedMapping) Index(value float64) int {
-	index := m.approximateLog(value)*m.multiplier + m.normalizedIndexOffset
+	index := m.approximateLog(value)*m.multiplier + m.indexOffset
 	if index >= 0 {
 		return int(index)
 	} else {
@@ -65,66 +78,56 @@ func (m *LinearlyInterpolatedMapping) Index(value float64) int {
 }
 
 func (m *LinearlyInterpolatedMapping) Value(index int) float64 {
-	return m.LowerBound(index) * (1 + m.relativeAccuracy)
+	return m.LowerBound(index) * (1 + m.RelativeAccuracy())
 }
 
 func (m *LinearlyInterpolatedMapping) LowerBound(index int) float64 {
-	return m.approximateInverseLog((float64(index) - m.normalizedIndexOffset) / m.multiplier)
+	return m.approximateInverseLog((float64(index) - m.indexOffset) / m.multiplier)
 }
 
-// Return an approximation of log(1) + Math.log(x) / Math.log(2)}
+// Return an approximation of Math.log(x) / Math.log(2)
 func (m *LinearlyInterpolatedMapping) approximateLog(x float64) float64 {
 	bits := math.Float64bits(x)
-	return getExponent(bits) + getSignificandPlusOne(bits)
+	return getExponent(bits) + getSignificandPlusOne(bits) - 1
 }
 
 // The exact inverse of approximateLog.
 func (m *LinearlyInterpolatedMapping) approximateInverseLog(x float64) float64 {
-	exponent := math.Floor(x - 1)
-	significandPlusOne := x - exponent
+	exponent := math.Floor(x)
+	significandPlusOne := x - exponent + 1
 	return buildFloat64(int(exponent), significandPlusOne)
 }
 
 func (m *LinearlyInterpolatedMapping) MinIndexableValue() float64 {
-	return math.Max(
-		math.Exp2((math.MinInt32-m.normalizedIndexOffset)/m.multiplier-m.approximateLog(1)+1), // so that index >= MinInt32
-		minNormalFloat64*(1+m.relativeAccuracy)/(1-m.relativeAccuracy),
-	)
+	return m.minIndexableValue
 }
 
 func (m *LinearlyInterpolatedMapping) MaxIndexableValue() float64 {
-	return math.Min(
-		math.Exp2((math.MaxInt32-m.normalizedIndexOffset)/m.multiplier-m.approximateLog(float64(1))-1), // so that index <= MaxInt32
-		math.Exp(expOverflow)/(1+m.relativeAccuracy),                                                   // so that math.Exp does not overflow
-	)
+	return m.maxIndexableValue
 }
 
 func (m *LinearlyInterpolatedMapping) RelativeAccuracy() float64 {
-	return m.relativeAccuracy
-}
-
-func (m *LinearlyInterpolatedMapping) gamma() float64 {
-	return math.Exp2(1 / m.multiplier)
+	return 1 - 2/(1+math.Exp(math.Log2(m.gamma)))
 }
 
 // Generates a protobuf representation of this LinearlyInterpolatedMapping.
 func (m *LinearlyInterpolatedMapping) ToProto() *sketchpb.IndexMapping {
 	return &sketchpb.IndexMapping{
-		Gamma:         m.gamma(),
-		IndexOffset:   m.normalizedIndexOffset + m.approximateLog(1)*m.multiplier,
+		Gamma:         m.gamma,
+		IndexOffset:   m.indexOffset,
 		Interpolation: sketchpb.IndexMapping_LINEAR,
 	}
 }
 
 func (m *LinearlyInterpolatedMapping) Encode(b *[]byte) {
 	enc.EncodeFlag(b, enc.FlagIndexMappingBaseLinear)
-	enc.EncodeFloat64LE(b, m.gamma())
-	enc.EncodeFloat64LE(b, m.normalizedIndexOffset+m.approximateLog(1)*m.multiplier)
+	enc.EncodeFloat64LE(b, m.gamma)
+	enc.EncodeFloat64LE(b, m.indexOffset)
 }
 
 func (m *LinearlyInterpolatedMapping) string() string {
 	var buffer bytes.Buffer
-	buffer.WriteString(fmt.Sprintf("relativeAccuracy: %v, multiplier: %v, normalizedIndexOffset: %v\n", m.relativeAccuracy, m.multiplier, m.normalizedIndexOffset))
+	buffer.WriteString(fmt.Sprintf("gamma: %v, indexOffset: %v\n", m.gamma, m.indexOffset))
 	return buffer.String()
 }
 
diff --git a/vendor/github.com/DataDog/sketches-go/ddsketch/mapping/logarithmic_mapping.go b/vendor/github.com/DataDog/sketches-go/ddsketch/mapping/logarithmic_mapping.go
index f7c33e4350..474e74d932 100644
--- a/vendor/github.com/DataDog/sketches-go/ddsketch/mapping/logarithmic_mapping.go
+++ b/vendor/github.com/DataDog/sketches-go/ddsketch/mapping/logarithmic_mapping.go
@@ -15,23 +15,24 @@ import (
 	"github.com/DataDog/sketches-go/ddsketch/pb/sketchpb"
 )
 
-// An IndexMapping that is memory-optimal, that is to say that given a targeted relative accuracy, it
-// requires the least number of indices to cover a given range of values. This is done by logarithmically
+// LogarithmicMapping is an IndexMapping that is memory-optimal, that is to say
+// that given a targeted relative accuracy, it requires the least number of
+// indices to cover a given range of values. This is done by logarithmically
 // mapping floating-point values to integers.
 type LogarithmicMapping struct {
-	relativeAccuracy      float64
-	multiplier            float64
-	normalizedIndexOffset float64
+	gamma             float64 // base
+	indexOffset       float64
+	multiplier        float64 // precomputed for performance
+	minIndexableValue float64
+	maxIndexableValue float64
 }
 
 func NewLogarithmicMapping(relativeAccuracy float64) (*LogarithmicMapping, error) {
 	if relativeAccuracy <= 0 || relativeAccuracy >= 1 {
 		return nil, errors.New("The relative accuracy must be between 0 and 1.")
 	}
-	m := &LogarithmicMapping{
-		relativeAccuracy: relativeAccuracy,
-		multiplier:       1 / math.Log1p(2*relativeAccuracy/(1-relativeAccuracy)),
-	}
+	gamma := (1 + relativeAccuracy) / (1 - relativeAccuracy) // > 1
+	m, _ := NewLogarithmicMappingWithGamma(gamma, 0)
 	return m, nil
 }
 
@@ -39,10 +40,19 @@ func NewLogarithmicMappingWithGamma(gamma, indexOffset float64) (*LogarithmicMap
 	if gamma <= 1 {
 		return nil, errors.New("Gamma must be greater than 1.")
 	}
+	multiplier := 1 / math.Log(gamma)
 	m := &LogarithmicMapping{
-		relativeAccuracy:      1 - 2/(1+gamma),
-		multiplier:            1 / math.Log(gamma),
-		normalizedIndexOffset: indexOffset,
+		gamma:       gamma,
+		indexOffset: indexOffset,
+		multiplier:  multiplier,
+		minIndexableValue: math.Max(
+			math.Exp((math.MinInt32-indexOffset)/multiplier+1), // so that index >= MinInt32
+			minNormalFloat64*gamma,
+		),
+		maxIndexableValue: math.Min(
+			math.Exp((math.MaxInt32-indexOffset)/multiplier-1), // so that index <= MaxInt32
+			math.Exp(expOverflow)/(2*gamma)*(gamma+1),          // so that math.Exp does not overflow
+		),
 	}
 	return m, nil
 }
@@ -53,11 +63,11 @@ func (m *LogarithmicMapping) Equals(other IndexMapping) bool {
 		return false
 	}
 	tol := 1e-12
-	return (withinTolerance(m.multiplier, o.multiplier, tol) && withinTolerance(m.normalizedIndexOffset, o.normalizedIndexOffset, tol))
+	return withinTolerance(m.gamma, o.gamma, tol) && withinTolerance(m.indexOffset, o.indexOffset, tol)
 }
 
 func (m *LogarithmicMapping) Index(value float64) int {
-	index := math.Log(value)*m.multiplier + m.normalizedIndexOffset
+	index := math.Log(value)*m.multiplier + m.indexOffset
 	if index >= 0 {
 		return int(index)
 	} else {
@@ -66,53 +76,43 @@ func (m *LogarithmicMapping) Index(value float64) int {
 }
 
 func (m *LogarithmicMapping) Value(index int) float64 {
-	return m.LowerBound(index) * (1 + m.relativeAccuracy)
+	return m.LowerBound(index) * (1 + m.RelativeAccuracy())
 }
 
 func (m *LogarithmicMapping) LowerBound(index int) float64 {
-	return math.Exp((float64(index) - m.normalizedIndexOffset) / m.multiplier)
+	return math.Exp((float64(index) - m.indexOffset) / m.multiplier)
 }
 
 func (m *LogarithmicMapping) MinIndexableValue() float64 {
-	return math.Max(
-		math.Exp((math.MinInt32-m.normalizedIndexOffset)/m.multiplier+1), // so that index >= MinInt32
-		minNormalFloat64*(1+m.relativeAccuracy)/(1-m.relativeAccuracy),
-	)
+	return m.minIndexableValue
 }
 
 func (m *LogarithmicMapping) MaxIndexableValue() float64 {
-	return math.Min(
-		math.Exp((math.MaxInt32-m.normalizedIndexOffset)/m.multiplier-1), // so that index <= MaxInt32
-		math.Exp(expOverflow)/(1+m.relativeAccuracy),                     // so that math.Exp does not overflow
-	)
+	return m.maxIndexableValue
 }
 
 func (m *LogarithmicMapping) RelativeAccuracy() float64 {
-	return m.relativeAccuracy
-}
-
-func (m *LogarithmicMapping) gamma() float64 {
-	return (1 + m.relativeAccuracy) / (1 - m.relativeAccuracy)
+	return 1 - 2/(1+m.gamma)
 }
 
 // Generates a protobuf representation of this LogarithicMapping.
 func (m *LogarithmicMapping) ToProto() *sketchpb.IndexMapping {
 	return &sketchpb.IndexMapping{
-		Gamma:         m.gamma(),
-		IndexOffset:   m.normalizedIndexOffset,
+		Gamma:         m.gamma,
+		IndexOffset:   m.indexOffset,
 		Interpolation: sketchpb.IndexMapping_NONE,
 	}
 }
 
 func (m *LogarithmicMapping) Encode(b *[]byte) {
 	enc.EncodeFlag(b, enc.FlagIndexMappingBaseLogarithmic)
-	enc.EncodeFloat64LE(b, m.gamma())
-	enc.EncodeFloat64LE(b, m.normalizedIndexOffset)
+	enc.EncodeFloat64LE(b, m.gamma)
+	enc.EncodeFloat64LE(b, m.indexOffset)
 }
 
 func (m *LogarithmicMapping) string() string {
 	var buffer bytes.Buffer
-	buffer.WriteString(fmt.Sprintf("relativeAccuracy: %v, multiplier: %v, normalizedIndexOffset: %v\n", m.relativeAccuracy, m.multiplier, m.normalizedIndexOffset))
+	buffer.WriteString(fmt.Sprintf("gamma: %v, indexOffset: %v\n", m.gamma, m.indexOffset))
 	return buffer.String()
 }
 
diff --git a/vendor/github.com/DataDog/sketches-go/ddsketch/pb/sketchpb/ddsketch.pb.go b/vendor/github.com/DataDog/sketches-go/ddsketch/pb/sketchpb/ddsketch.pb.go
index 424dedfed3..9dbd6f2930 100644
--- a/vendor/github.com/DataDog/sketches-go/ddsketch/pb/sketchpb/ddsketch.pb.go
+++ b/vendor/github.com/DataDog/sketches-go/ddsketch/pb/sketchpb/ddsketch.pb.go
@@ -4,8 +4,8 @@
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.25.0-devel
-// 	protoc        v3.14.0
+// 	protoc-gen-go v1.28.0
+// 	protoc        v3.19.4
 // source: ddsketch.proto
 
 package sketchpb
diff --git a/vendor/github.com/DataDog/sketches-go/ddsketch/stat/summary.go b/vendor/github.com/DataDog/sketches-go/ddsketch/stat/summary.go
index 0381a055b5..5d56f39445 100644
--- a/vendor/github.com/DataDog/sketches-go/ddsketch/stat/summary.go
+++ b/vendor/github.com/DataDog/sketches-go/ddsketch/stat/summary.go
@@ -5,7 +5,10 @@
 
 package stat
 
-import "math"
+import (
+	"fmt"
+	"math"
+)
 
 // SummaryStatistics keeps track of the count, the sum, the min and the max of
 // recorded values. We use a compensated sum to avoid accumulating rounding
@@ -30,6 +33,27 @@ func NewSummaryStatistics() *SummaryStatistics {
 	}
 }
 
+// NewSummaryStatisticsFromData constructs SummaryStatistics from the provided data.
+func NewSummaryStatisticsFromData(count, sum, min, max float64) (*SummaryStatistics, error) {
+	if !(count >= 0) {
+		return nil, fmt.Errorf("count (%g) must be positive or zero", count)
+	}
+	if count > 0 && min > max {
+		return nil, fmt.Errorf("min (%g) cannot be greater than max (%g) if count (%g) is positive", min, max, count)
+	}
+	if count == 0 && (min != math.Inf(1) || max != math.Inf(-1)) {
+		return nil, fmt.Errorf("empty summary statistics must have min (%g) and max (%g) equal to positive and negative infinities respectively", min, max)
+	}
+	return &SummaryStatistics{
+		count:           count,
+		sum:             sum,
+		sumCompensation: 0,
+		simpleSum:       sum,
+		min:             min,
+		max:             max,
+	}, nil
+}
+
 func (s *SummaryStatistics) Count() float64 {
 	return s.count
 }
diff --git a/vendor/github.com/DataDog/sketches-go/ddsketch/store/buffered_paginated.go b/vendor/github.com/DataDog/sketches-go/ddsketch/store/buffered_paginated.go
index f08bf555e5..11f43107d6 100644
--- a/vendor/github.com/DataDog/sketches-go/ddsketch/store/buffered_paginated.go
+++ b/vendor/github.com/DataDog/sketches-go/ddsketch/store/buffered_paginated.go
@@ -376,24 +376,29 @@ func (s *BufferedPaginatedStore) minIndexWithCumulCount(predicate func(float64)
 
 func (s *BufferedPaginatedStore) MergeWith(other Store) {
 	o, ok := other.(*BufferedPaginatedStore)
-	if ok && len(o.pages) == 0 {
-		// Optimized merging if the other store only has buffered data.
-		oBufferOffset := 0
-		for {
-			bufferCapOverhead := max(cap(s.buffer), s.bufferCompactionTriggerLen) - len(s.buffer)
-			if bufferCapOverhead >= len(o.buffer)-oBufferOffset {
-				s.buffer = append(s.buffer, o.buffer[oBufferOffset:]...)
-				return
+	if ok && s.pageLenLog2 == o.pageLenLog2 {
+		// Merge pages.
+		for oPageOffset, oPage := range o.pages {
+			if len(oPage) == 0 {
+				continue
+			}
+			oPageIndex := o.minPageIndex + oPageOffset
+			page := s.page(oPageIndex, true)
+			for i, oCount := range oPage {
+				page[i] += oCount
 			}
-			s.buffer = append(s.buffer, o.buffer[oBufferOffset:oBufferOffset+bufferCapOverhead]...)
-			oBufferOffset += bufferCapOverhead
-			s.compact()
 		}
-	}
 
-	// Fallback merging.
-	for bin := range other.Bins() {
-		s.AddBin(bin)
+		// Merge buffers.
+		for _, index := range o.buffer {
+			s.Add(index)
+		}
+	} else {
+		// Fallback merging.
+		other.ForEach(func(index int, count float64) (stop bool) {
+			s.AddWithCount(index, count)
+			return false
+		})
 	}
 }
 
@@ -541,9 +546,10 @@ func (s *BufferedPaginatedStore) ToProto() *sketchpb.Store {
 	}
 	// FIXME: add heuristic to use contiguousBinCounts when cheaper.
 	binCounts := make(map[int32]float64)
-	for bin := range s.Bins() {
-		binCounts[int32(bin.index)] = bin.count
-	}
+	s.ForEach(func(index int, count float64) (stop bool) {
+		binCounts[int32(index)] = count
+		return false
+	})
 	return &sketchpb.Store{
 		BinCounts: binCounts,
 	}
@@ -570,6 +576,7 @@ func (s *BufferedPaginatedStore) Reweight(w float64) error {
 }
 
 func (s *BufferedPaginatedStore) Encode(b *[]byte, t enc.FlagType) {
+	s.compact()
 	if len(s.buffer) > 0 {
 		enc.EncodeFlag(b, enc.NewFlag(t, enc.BinEncodingIndexDeltas))
 		enc.EncodeUvarint64(b, uint64(len(s.buffer)))
diff --git a/vendor/github.com/DataDog/sketches-go/ddsketch/store/collapsing_highest_dense_store.go b/vendor/github.com/DataDog/sketches-go/ddsketch/store/collapsing_highest_dense_store.go
index 4cc78324af..2a431a1766 100644
--- a/vendor/github.com/DataDog/sketches-go/ddsketch/store/collapsing_highest_dense_store.go
+++ b/vendor/github.com/DataDog/sketches-go/ddsketch/store/collapsing_highest_dense_store.go
@@ -136,9 +136,10 @@ func (s *CollapsingHighestDenseStore) MergeWith(other Store) {
 	}
 	o, ok := other.(*CollapsingHighestDenseStore)
 	if !ok {
-		for bin := range other.Bins() {
-			s.AddBin(bin)
-		}
+		other.ForEach(func(index int, count float64) (stop bool) {
+			s.AddWithCount(index, count)
+			return false
+		})
 		return
 	}
 	if o.minIndex < s.minIndex || o.maxIndex > s.maxIndex {
diff --git a/vendor/github.com/DataDog/sketches-go/ddsketch/store/collapsing_lowest_dense_store.go b/vendor/github.com/DataDog/sketches-go/ddsketch/store/collapsing_lowest_dense_store.go
index 7549083b64..80ae2a5076 100644
--- a/vendor/github.com/DataDog/sketches-go/ddsketch/store/collapsing_lowest_dense_store.go
+++ b/vendor/github.com/DataDog/sketches-go/ddsketch/store/collapsing_lowest_dense_store.go
@@ -141,9 +141,10 @@ func (s *CollapsingLowestDenseStore) MergeWith(other Store) {
 	}
 	o, ok := other.(*CollapsingLowestDenseStore)
 	if !ok {
-		for bin := range other.Bins() {
-			s.AddBin(bin)
-		}
+		other.ForEach(func(index int, count float64) (stop bool) {
+			s.AddWithCount(index, count)
+			return false
+		})
 		return
 	}
 	if o.minIndex < s.minIndex || o.maxIndex > s.maxIndex {
diff --git a/vendor/github.com/DataDog/sketches-go/ddsketch/store/dense_store.go b/vendor/github.com/DataDog/sketches-go/ddsketch/store/dense_store.go
index 5d77e487bc..2c4a3d4a08 100644
--- a/vendor/github.com/DataDog/sketches-go/ddsketch/store/dense_store.go
+++ b/vendor/github.com/DataDog/sketches-go/ddsketch/store/dense_store.go
@@ -170,9 +170,10 @@ func (s *DenseStore) MergeWith(other Store) {
 	}
 	o, ok := other.(*DenseStore)
 	if !ok {
-		for bin := range other.Bins() {
-			s.AddBin(bin)
-		}
+		other.ForEach(func(index int, count float64) (stop bool) {
+			s.AddWithCount(index, count)
+			return false
+		})
 		return
 	}
 	if o.minIndex < s.minIndex || o.maxIndex > s.maxIndex {
diff --git a/vendor/github.com/DataDog/sketches-go/ddsketch/store/sparse.go b/vendor/github.com/DataDog/sketches-go/ddsketch/store/sparse.go
index 310e4fc256..9a07836e91 100644
--- a/vendor/github.com/DataDog/sketches-go/ddsketch/store/sparse.go
+++ b/vendor/github.com/DataDog/sketches-go/ddsketch/store/sparse.go
@@ -136,9 +136,10 @@ func (s *SparseStore) KeyAtRank(rank float64) int {
 }
 
 func (s *SparseStore) MergeWith(store Store) {
-	for bin := range store.Bins() {
-		s.AddBin(bin)
-	}
+	store.ForEach(func(index int, count float64) (stop bool) {
+		s.AddWithCount(index, count)
+		return false
+	})
 }
 
 func (s *SparseStore) ToProto() *sketchpb.Store {
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/x448.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/x448.go
index ffdd51513b..df04262e9e 100644
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/x448.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/x448.go
@@ -73,7 +73,9 @@ func (c *x448) GenerateECDH(rand io.Reader) (point []byte, secret []byte, err er
 func (c *x448) Encaps(rand io.Reader, point []byte) (ephemeral, sharedSecret []byte, err error) {
 	var pk, ss x448lib.Key
 	seed, e, err := c.generateKeyPairBytes(rand)
-
+	if err != nil {
+		return nil, nil, err
+	}
 	copy(pk[:], point)
 	x448lib.Shared(&ss, &seed, &pk)
 
diff --git a/vendor/github.com/alibabacloud-go/darabonba-openapi/client/client.go b/vendor/github.com/alibabacloud-go/darabonba-openapi/client/client.go
index 6da3e1fdd1..e014c11ff8 100644
--- a/vendor/github.com/alibabacloud-go/darabonba-openapi/client/client.go
+++ b/vendor/github.com/alibabacloud-go/darabonba-openapi/client/client.go
@@ -15,6 +15,29 @@ import (
 	credential "github.com/aliyun/credentials-go/credentials"
 )
 
+type GlobalParameters struct {
+	Headers map[string]*string `json:"headers,omitempty" xml:"headers,omitempty"`
+	Queries map[string]*string `json:"queries,omitempty" xml:"queries,omitempty"`
+}
+
+func (s GlobalParameters) String() string {
+	return tea.Prettify(s)
+}
+
+func (s GlobalParameters) GoString() string {
+	return s.String()
+}
+
+func (s *GlobalParameters) SetHeaders(v map[string]*string) *GlobalParameters {
+	s.Headers = v
+	return s
+}
+
+func (s *GlobalParameters) SetQueries(v map[string]*string) *GlobalParameters {
+	s.Queries = v
+	return s
+}
+
 /**
  * Model for initing client
  */
@@ -68,6 +91,8 @@ type Config struct {
 	SignatureVersion *string `json:"signatureVersion,omitempty" xml:"signatureVersion,omitempty"`
 	// Signature Algorithm
 	SignatureAlgorithm *string `json:"signatureAlgorithm,omitempty" xml:"signatureAlgorithm,omitempty"`
+	// Global Parameters
+	GlobalParameters *GlobalParameters `json:"globalParameters,omitempty" xml:"globalParameters,omitempty"`
 }
 
 func (s Config) String() string {
@@ -198,6 +223,11 @@ func (s *Config) SetSignatureAlgorithm(v string) *Config {
 	return s
 }
 
+func (s *Config) SetGlobalParameters(v *GlobalParameters) *Config {
+	s.GlobalParameters = v
+	return s
+}
+
 type OpenApiRequest struct {
 	Headers          map[string]*string `json:"headers,omitempty" xml:"headers,omitempty"`
 	Query            map[string]*string `json:"query,omitempty" xml:"query,omitempty"`
@@ -336,6 +366,7 @@ type Client struct {
 	SignatureAlgorithm   *string
 	Headers              map[string]*string
 	Spi                  spi.ClientInterface
+	GlobalParameters     *GlobalParameters
 }
 
 /**
@@ -397,6 +428,7 @@ func (client *Client) Init(config *Config) (_err error) {
 	client.MaxIdleConns = config.MaxIdleConns
 	client.SignatureVersion = config.SignatureVersion
 	client.SignatureAlgorithm = config.SignatureAlgorithm
+	client.GlobalParameters = config.GlobalParameters
 	return nil
 }
 
@@ -1085,7 +1117,22 @@ func (client *Client) DoRequest(params *Params, request *OpenApiRequest, runtime
 			request_.Protocol = util.DefaultString(client.Protocol, params.Protocol)
 			request_.Method = params.Method
 			request_.Pathname = params.Pathname
-			request_.Query = request.Query
+			globalQueries := make(map[string]*string)
+			globalHeaders := make(map[string]*string)
+			if !tea.BoolValue(util.IsUnset(tea.ToMap(client.GlobalParameters))) {
+				globalParams := client.GlobalParameters
+				if !tea.BoolValue(util.IsUnset(globalParams.Queries)) {
+					globalQueries = globalParams.Queries
+				}
+
+				if !tea.BoolValue(util.IsUnset(globalParams.Headers)) {
+					globalHeaders = globalParams.Headers
+				}
+
+			}
+
+			request_.Query = tea.Merge(globalQueries,
+				request.Query)
 			// endpoint is setted in product client
 			request_.Headers = tea.Merge(map[string]*string{
 				"host":                  client.Endpoint,
@@ -1095,7 +1142,8 @@ func (client *Client) DoRequest(params *Params, request *OpenApiRequest, runtime
 				"x-acs-date":            openapiutil.GetTimestamp(),
 				"x-acs-signature-nonce": util.GetNonce(),
 				"accept":                tea.String("application/json"),
-			}, request.Headers)
+			}, globalHeaders,
+				request.Headers)
 			if tea.BoolValue(util.EqualString(params.Style, tea.String("RPC"))) {
 				headers, _err := client.GetRpcHeaders()
 				if _err != nil {
@@ -1213,8 +1261,9 @@ func (client *Client) DoRequest(params *Params, request *OpenApiRequest, runtime
 
 			if tea.BoolValue(util.EqualString(params.BodyType, tea.String("binary"))) {
 				resp := map[string]interface{}{
-					"body":    response_.Body,
-					"headers": response_.Headers,
+					"body":       response_.Body,
+					"headers":    response_.Headers,
+					"statusCode": tea.IntValue(response_.StatusCode),
 				}
 				_result = resp
 				return _result, _err
@@ -1226,8 +1275,9 @@ func (client *Client) DoRequest(params *Params, request *OpenApiRequest, runtime
 
 				_result = make(map[string]interface{})
 				_err = tea.Convert(map[string]interface{}{
-					"body":    byt,
-					"headers": response_.Headers,
+					"body":       byt,
+					"headers":    response_.Headers,
+					"statusCode": tea.IntValue(response_.StatusCode),
 				}, &_result)
 				return _result, _err
 			} else if tea.BoolValue(util.EqualString(params.BodyType, tea.String("string"))) {
@@ -1238,8 +1288,9 @@ func (client *Client) DoRequest(params *Params, request *OpenApiRequest, runtime
 
 				_result = make(map[string]interface{})
 				_err = tea.Convert(map[string]interface{}{
-					"body":    tea.StringValue(str),
-					"headers": response_.Headers,
+					"body":       tea.StringValue(str),
+					"headers":    response_.Headers,
+					"statusCode": tea.IntValue(response_.StatusCode),
 				}, &_result)
 				return _result, _err
 			} else if tea.BoolValue(util.EqualString(params.BodyType, tea.String("json"))) {
@@ -1251,8 +1302,9 @@ func (client *Client) DoRequest(params *Params, request *OpenApiRequest, runtime
 				res := util.AssertAsMap(obj)
 				_result = make(map[string]interface{})
 				_err = tea.Convert(map[string]interface{}{
-					"body":    res,
-					"headers": response_.Headers,
+					"body":       res,
+					"headers":    response_.Headers,
+					"statusCode": tea.IntValue(response_.StatusCode),
 				}, &_result)
 				return _result, _err
 			} else if tea.BoolValue(util.EqualString(params.BodyType, tea.String("array"))) {
@@ -1263,14 +1315,16 @@ func (client *Client) DoRequest(params *Params, request *OpenApiRequest, runtime
 
 				_result = make(map[string]interface{})
 				_err = tea.Convert(map[string]interface{}{
-					"body":    arr,
-					"headers": response_.Headers,
+					"body":       arr,
+					"headers":    response_.Headers,
+					"statusCode": tea.IntValue(response_.StatusCode),
 				}, &_result)
 				return _result, _err
 			} else {
 				_result = make(map[string]interface{})
-				_err = tea.Convert(map[string]map[string]*string{
-					"headers": response_.Headers,
+				_err = tea.Convert(map[string]interface{}{
+					"headers":    response_.Headers,
+					"statusCode": tea.IntValue(response_.StatusCode),
 				}, &_result)
 				return _result, _err
 			}
@@ -1347,10 +1401,26 @@ func (client *Client) Execute(params *Params, request *OpenApiRequest, runtime *
 				return _result, _err
 			}
 
+			globalQueries := make(map[string]*string)
+			globalHeaders := make(map[string]*string)
+			if !tea.BoolValue(util.IsUnset(tea.ToMap(client.GlobalParameters))) {
+				globalParams := client.GlobalParameters
+				if !tea.BoolValue(util.IsUnset(globalParams.Queries)) {
+					globalQueries = globalParams.Queries
+				}
+
+				if !tea.BoolValue(util.IsUnset(globalParams.Headers)) {
+					globalHeaders = globalParams.Headers
+				}
+
+			}
+
 			requestContext := &spi.InterceptorContextRequest{
-				Headers: tea.Merge(request.Headers,
+				Headers: tea.Merge(globalHeaders,
+					request.Headers,
 					headers),
-				Query:              request.Query,
+				Query: tea.Merge(globalQueries,
+					request.Query),
 				Body:               request.Body,
 				Stream:             request.Stream,
 				HostMap:            request.HostMap,
@@ -1416,8 +1486,9 @@ func (client *Client) Execute(params *Params, request *OpenApiRequest, runtime *
 			}
 			_result = make(map[string]interface{})
 			_err = tea.Convert(map[string]interface{}{
-				"headers": interceptorContext.Response.Headers,
-				"body":    interceptorContext.Response.DeserializedBody,
+				"headers":    interceptorContext.Response.Headers,
+				"statusCode": tea.IntValue(interceptorContext.Response.StatusCode),
+				"body":       interceptorContext.Response.DeserializedBody,
 			}, &_result)
 			return _result, _err
 		}()
diff --git a/vendor/github.com/alibabacloud-go/tea-utils/service/service.go b/vendor/github.com/alibabacloud-go/tea-utils/service/service.go
index 2b69357238..51ce5acc1f 100644
--- a/vendor/github.com/alibabacloud-go/tea-utils/service/service.go
+++ b/vendor/github.com/alibabacloud-go/tea-utils/service/service.go
@@ -34,6 +34,7 @@ type RuntimeOptions struct {
 	MaxIdleConns   *int    `json:"maxIdleConns" xml:"maxIdleConns"`
 	Socks5Proxy    *string `json:"socks5Proxy" xml:"socks5Proxy"`
 	Socks5NetWork  *string `json:"socks5NetWork" xml:"socks5NetWork"`
+	KeepAlive      *bool   `json:"keepAlive" xml:"keepAlive"`
 }
 
 func (s RuntimeOptions) String() string {
@@ -114,6 +115,11 @@ func (s *RuntimeOptions) SetSocks5NetWork(v string) *RuntimeOptions {
 	return s
 }
 
+func (s *RuntimeOptions) SetKeepAlive(v bool) *RuntimeOptions {
+	s.KeepAlive = &v
+	return s
+}
+
 func ReadAsString(body io.Reader) (*string, error) {
 	byt, err := ioutil.ReadAll(body)
 	if err != nil {
diff --git a/vendor/github.com/alibabacloud-go/tea-xml/LICENSE b/vendor/github.com/alibabacloud-go/tea-xml/LICENSE
new file mode 100644
index 0000000000..0c44dcefe3
--- /dev/null
+++ b/vendor/github.com/alibabacloud-go/tea-xml/LICENSE
@@ -0,0 +1,201 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright (c) 2009-present, Alibaba Cloud All rights reserved.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
diff --git a/vendor/github.com/alibabacloud-go/tea/tea/tea.go b/vendor/github.com/alibabacloud-go/tea/tea/tea.go
index 4fbddd3cbd..c984caf821 100644
--- a/vendor/github.com/alibabacloud-go/tea/tea/tea.go
+++ b/vendor/github.com/alibabacloud-go/tea/tea/tea.go
@@ -69,12 +69,14 @@ type Response struct {
 
 // SDKError struct is used save error code and message
 type SDKError struct {
-	Code       *string
-	StatusCode *int
-	Message    *string
-	Data       *string
-	Stack      *string
-	errMsg     *string
+	Code               *string
+	StatusCode         *int
+	Message            *string
+	Data               *string
+	Stack              *string
+	errMsg             *string
+	Description        *string
+	AccessDeniedDetail map[string]interface{}
 }
 
 // RuntimeObject is used for converting http configuration
@@ -181,6 +183,20 @@ func NewSDKError(obj map[string]interface{}) *SDKError {
 	if obj["message"] != nil {
 		err.Message = String(obj["message"].(string))
 	}
+	if obj["description"] != nil {
+		err.Description = String(obj["description"].(string))
+	}
+	if detail := obj["accessDeniedDetail"]; detail != nil {
+		r := reflect.ValueOf(detail)
+		if r.Kind().String() == "map" {
+			res := make(map[string]interface{})
+			tmp := r.MapKeys()
+			for _, key := range tmp {
+				res[key.String()] = r.MapIndex(key).Interface()
+			}
+			err.AccessDeniedDetail = res
+		}
+	}
 	if data := obj["data"]; data != nil {
 		r := reflect.ValueOf(data)
 		if r.Kind().String() == "map" {
@@ -197,6 +213,8 @@ func NewSDKError(obj map[string]interface{}) *SDKError {
 					if err_ == nil {
 						err.StatusCode = Int(code)
 					}
+				} else if code, ok := statusCode.(*int); ok {
+					err.StatusCode = code
 				}
 			}
 		}
@@ -244,7 +262,7 @@ func Convert(in interface{}, out interface{}) error {
 	return err
 }
 
-// Convert is use convert map[string]interface object to struct
+// Recover is used to format error
 func Recover(in interface{}) error {
 	if in == nil {
 		return nil
@@ -304,6 +322,9 @@ func DoRequest(request *Request, requestRuntime map[string]interface{}) (respons
 
 	requestURL := ""
 	request.Domain = request.Headers["host"]
+	if request.Port != nil {
+		request.Domain = String(fmt.Sprintf("%s:%d", StringValue(request.Domain), IntValue(request.Port)))
+	}
 	requestURL = fmt.Sprintf("%s://%s%s", StringValue(request.Protocol), StringValue(request.Domain), StringValue(request.Pathname))
 	queryParams := request.Query
 	// sort QueryParams by key
@@ -394,28 +415,30 @@ func getHttpTransport(req *Request, runtime *RuntimeObject) (*http.Transport, er
 	if err != nil {
 		return nil, err
 	}
-	if strings.ToLower(*req.Protocol) == "https" &&
-		runtime.Key != nil && runtime.Cert != nil {
-		cert, err := tls.X509KeyPair([]byte(StringValue(runtime.Cert)), []byte(StringValue(runtime.Key)))
-		if err != nil {
-			return nil, err
-		}
-
-		trans.TLSClientConfig = &tls.Config{
-			Certificates:       []tls.Certificate{cert},
-			InsecureSkipVerify: BoolValue(runtime.IgnoreSSL),
-		}
-		if runtime.CA != nil {
-			clientCertPool := x509.NewCertPool()
-			ok := clientCertPool.AppendCertsFromPEM([]byte(StringValue(runtime.CA)))
-			if !ok {
-				return nil, errors.New("Failed to parse root certificate")
+	if strings.ToLower(*req.Protocol) == "https" {
+		if BoolValue(runtime.IgnoreSSL) != true {
+			trans.TLSClientConfig = &tls.Config{
+				InsecureSkipVerify: false,
+			}
+			if runtime.Key != nil && runtime.Cert != nil && StringValue(runtime.Key) != "" && StringValue(runtime.Cert) != "" {
+				cert, err := tls.X509KeyPair([]byte(StringValue(runtime.Cert)), []byte(StringValue(runtime.Key)))
+				if err != nil {
+					return nil, err
+				}
+				trans.TLSClientConfig.Certificates = []tls.Certificate{cert}
+			}
+			if runtime.CA != nil && StringValue(runtime.CA) != "" {
+				clientCertPool := x509.NewCertPool()
+				ok := clientCertPool.AppendCertsFromPEM([]byte(StringValue(runtime.CA)))
+				if !ok {
+					return nil, errors.New("Failed to parse root certificate")
+				}
+				trans.TLSClientConfig.RootCAs = clientCertPool
+			}
+		} else {
+			trans.TLSClientConfig = &tls.Config{
+				InsecureSkipVerify: true,
 			}
-			trans.TLSClientConfig.RootCAs = clientCertPool
-		}
-	} else {
-		trans.TLSClientConfig = &tls.Config{
-			InsecureSkipVerify: BoolValue(runtime.IgnoreSSL),
 		}
 	}
 	if httpProxy != nil {
@@ -455,6 +478,10 @@ func getHttpTransport(req *Request, runtime *RuntimeObject) (*http.Transport, er
 	} else {
 		trans.DialContext = setDialContext(runtime)
 	}
+	if runtime.MaxIdleConns != nil && *runtime.MaxIdleConns > 0 {
+		trans.MaxIdleConns = IntValue(runtime.MaxIdleConns)
+		trans.MaxIdleConnsPerHost = IntValue(runtime.MaxIdleConns)
+	}
 	return trans, nil
 }
 
diff --git a/vendor/github.com/aliyun/credentials-go/credentials/access_key_credential.go b/vendor/github.com/aliyun/credentials-go/credentials/access_key_credential.go
index 7bcaa9740a..78530e6893 100644
--- a/vendor/github.com/aliyun/credentials-go/credentials/access_key_credential.go
+++ b/vendor/github.com/aliyun/credentials-go/credentials/access_key_credential.go
@@ -15,6 +15,15 @@ func newAccessKeyCredential(accessKeyId, accessKeySecret string) *AccessKeyCrede
 	}
 }
 
+func (s *AccessKeyCredential) GetCredential() (*CredentialModel, error) {
+	credential := &CredentialModel{
+		AccessKeyId:     tea.String(s.AccessKeyId),
+		AccessKeySecret: tea.String(s.AccessKeySecret),
+		Type:            tea.String("access_key"),
+	}
+	return credential, nil
+}
+
 // GetAccessKeyId reutrns  AccessKeyCreential's AccessKeyId
 func (a *AccessKeyCredential) GetAccessKeyId() (*string, error) {
 	return tea.String(a.AccessKeyId), nil
diff --git a/vendor/github.com/aliyun/credentials-go/credentials/bearer_token_credential.go b/vendor/github.com/aliyun/credentials-go/credentials/bearer_token_credential.go
index cca291621c..9df4d32026 100644
--- a/vendor/github.com/aliyun/credentials-go/credentials/bearer_token_credential.go
+++ b/vendor/github.com/aliyun/credentials-go/credentials/bearer_token_credential.go
@@ -14,6 +14,14 @@ func newBearerTokenCredential(token string) *BearerTokenCredential {
 	}
 }
 
+func (s *BearerTokenCredential) GetCredential() (*CredentialModel, error) {
+	credential := &CredentialModel{
+		BearerToken: tea.String(s.BearerToken),
+		Type:        tea.String("bearer"),
+	}
+	return credential, nil
+}
+
 // GetAccessKeyId is useless for BearerTokenCredential
 func (b *BearerTokenCredential) GetAccessKeyId() (*string, error) {
 	return tea.String(""), nil
diff --git a/vendor/github.com/aliyun/credentials-go/credentials/credential.go b/vendor/github.com/aliyun/credentials-go/credentials/credential.go
index 62e647541c..2603dc0c7d 100644
--- a/vendor/github.com/aliyun/credentials-go/credentials/credential.go
+++ b/vendor/github.com/aliyun/credentials-go/credentials/credential.go
@@ -30,6 +30,7 @@ type Credential interface {
 	GetSecurityToken() (*string, error)
 	GetBearerToken() *string
 	GetType() *string
+	GetCredential() (*CredentialModel, error)
 }
 
 // Config is important when call NewCredential
@@ -55,6 +56,8 @@ type Config struct {
 	Proxy                 *string  `json:"proxy"`
 	InAdvanceScale        *float64 `json:"inAdvanceScale"`
 	Url                   *string  `json:"url"`
+	STSEndpoint           *string  `json:"sts_endpoint"`
+	ExternalId            *string  `json:"external_id"`
 }
 
 func (s Config) String() string {
@@ -168,6 +171,11 @@ func (s *Config) SetURLCredential(v string) *Config {
 	return s
 }
 
+func (s *Config) SetSTSEndpoint(v string) *Config {
+	s.STSEndpoint = &v
+	return s
+}
+
 // NewCredential return a credential according to the type in config.
 // if config is nil, the function will use default provider chain to get credential.
 // please see README.md for detail.
@@ -192,6 +200,7 @@ func NewCredential(config *Config) (credential Credential, err error) {
 			Proxy:          tea.StringValue(config.Proxy),
 			ReadTimeout:    tea.IntValue(config.Timeout),
 			ConnectTimeout: tea.IntValue(config.ConnectTimeout),
+			STSEndpoint:    tea.StringValue(config.STSEndpoint),
 		}
 		credential = newOIDCRoleArnCredential(tea.StringValue(config.AccessKeyId), tea.StringValue(config.AccessKeySecret), tea.StringValue(config.RoleArn), tea.StringValue(config.OIDCProviderArn), tea.StringValue(config.OIDCTokenFilePath), tea.StringValue(config.RoleSessionName), tea.StringValue(config.Policy), tea.IntValue(config.RoleSessionExpiration), runtime)
 	case "access_key":
@@ -225,8 +234,17 @@ func NewCredential(config *Config) (credential Credential, err error) {
 			Proxy:          tea.StringValue(config.Proxy),
 			ReadTimeout:    tea.IntValue(config.Timeout),
 			ConnectTimeout: tea.IntValue(config.ConnectTimeout),
+			STSEndpoint:    tea.StringValue(config.STSEndpoint),
 		}
-		credential = newRAMRoleArnCredential(tea.StringValue(config.AccessKeyId), tea.StringValue(config.AccessKeySecret), tea.StringValue(config.RoleArn), tea.StringValue(config.RoleSessionName), tea.StringValue(config.Policy), tea.IntValue(config.RoleSessionExpiration), runtime)
+		credential = newRAMRoleArnWithExternalIdCredential(
+			tea.StringValue(config.AccessKeyId),
+			tea.StringValue(config.AccessKeySecret),
+			tea.StringValue(config.RoleArn),
+			tea.StringValue(config.RoleSessionName),
+			tea.StringValue(config.Policy),
+			tea.IntValue(config.RoleSessionExpiration),
+			tea.StringValue(config.ExternalId),
+			runtime)
 	case "rsa_key_pair":
 		err = checkRSAKeyPair(config)
 		if err != nil {
@@ -251,6 +269,7 @@ func NewCredential(config *Config) (credential Credential, err error) {
 			Proxy:          tea.StringValue(config.Proxy),
 			ReadTimeout:    tea.IntValue(config.Timeout),
 			ConnectTimeout: tea.IntValue(config.ConnectTimeout),
+			STSEndpoint:    tea.StringValue(config.STSEndpoint),
 		}
 		credential = newRsaKeyPairCredential(privateKey, tea.StringValue(config.PublicKeyId), tea.IntValue(config.SessionExpiration), runtime)
 	case "bearer":
diff --git a/vendor/github.com/aliyun/credentials-go/credentials/credential_model.go b/vendor/github.com/aliyun/credentials-go/credentials/credential_model.go
new file mode 100644
index 0000000000..7b46c30881
--- /dev/null
+++ b/vendor/github.com/aliyun/credentials-go/credentials/credential_model.go
@@ -0,0 +1,50 @@
+package credentials
+
+import "github.com/alibabacloud-go/tea/tea"
+
+// CredentialModel is a model
+type CredentialModel struct {
+	// accesskey id
+	AccessKeyId *string `json:"accessKeyId,omitempty" xml:"accessKeyId,omitempty"`
+	// accesskey secret
+	AccessKeySecret *string `json:"accessKeySecret,omitempty" xml:"accessKeySecret,omitempty"`
+	// security token
+	SecurityToken *string `json:"securityToken,omitempty" xml:"securityToken,omitempty"`
+	// bearer token
+	BearerToken *string `json:"bearerToken,omitempty" xml:"bearerToken,omitempty"`
+	// type
+	Type *string `json:"type,omitempty" xml:"type,omitempty"`
+}
+
+func (s CredentialModel) String() string {
+	return tea.Prettify(s)
+}
+
+func (s CredentialModel) GoString() string {
+	return s.String()
+}
+
+func (s *CredentialModel) SetAccessKeyId(v string) *CredentialModel {
+	s.AccessKeyId = &v
+	return s
+}
+
+func (s *CredentialModel) SetAccessKeySecret(v string) *CredentialModel {
+	s.AccessKeySecret = &v
+	return s
+}
+
+func (s *CredentialModel) SetSecurityToken(v string) *CredentialModel {
+	s.SecurityToken = &v
+	return s
+}
+
+func (s *CredentialModel) SetBearerToken(v string) *CredentialModel {
+	s.BearerToken = &v
+	return s
+}
+
+func (s *CredentialModel) SetType(v string) *CredentialModel {
+	s.Type = &v
+	return s
+}
diff --git a/vendor/github.com/aliyun/credentials-go/credentials/ecs_ram_role.go b/vendor/github.com/aliyun/credentials-go/credentials/ecs_ram_role.go
index 5e7ddf4dec..d86360fc5d 100644
--- a/vendor/github.com/aliyun/credentials-go/credentials/ecs_ram_role.go
+++ b/vendor/github.com/aliyun/credentials-go/credentials/ecs_ram_role.go
@@ -40,6 +40,22 @@ func newEcsRAMRoleCredential(roleName string, inAdvanceScale float64, runtime *u
 	}
 }
 
+func (e *EcsRAMRoleCredential) GetCredential() (*CredentialModel, error) {
+	if e.sessionCredential == nil || e.needUpdateCredential() {
+		err := e.updateCredential()
+		if err != nil {
+			return nil, err
+		}
+	}
+	credential := &CredentialModel{
+		AccessKeyId:     tea.String(e.sessionCredential.AccessKeyId),
+		AccessKeySecret: tea.String(e.sessionCredential.AccessKeySecret),
+		SecurityToken:   tea.String(e.sessionCredential.SecurityToken),
+		Type:            tea.String("ecs_ram_role"),
+	}
+	return credential, nil
+}
+
 // GetAccessKeyId reutrns  EcsRAMRoleCredential's AccessKeyId
 // if AccessKeyId is not exist or out of date, the function will update it.
 func (e *EcsRAMRoleCredential) GetAccessKeyId() (*string, error) {
diff --git a/vendor/github.com/aliyun/credentials-go/credentials/oidc_credential.go b/vendor/github.com/aliyun/credentials-go/credentials/oidc_credential.go
index 76192cbeef..7d960abaf1 100644
--- a/vendor/github.com/aliyun/credentials-go/credentials/oidc_credential.go
+++ b/vendor/github.com/aliyun/credentials-go/credentials/oidc_credential.go
@@ -55,6 +55,22 @@ func newOIDCRoleArnCredential(accessKeyId, accessKeySecret, roleArn, OIDCProvide
 	}
 }
 
+func (e *OIDCCredential) GetCredential() (*CredentialModel, error) {
+	if e.sessionCredential == nil || e.needUpdateCredential() {
+		err := e.updateCredential()
+		if err != nil {
+			return nil, err
+		}
+	}
+	credential := &CredentialModel{
+		AccessKeyId:     tea.String(e.sessionCredential.AccessKeyId),
+		AccessKeySecret: tea.String(e.sessionCredential.AccessKeySecret),
+		SecurityToken:   tea.String(e.sessionCredential.SecurityToken),
+		Type:            tea.String("oidc_role_arn"),
+	}
+	return credential, nil
+}
+
 // GetAccessKeyId reutrns OIDCCredential's AccessKeyId
 // if AccessKeyId is not exist or out of date, the function will update it.
 func (r *OIDCCredential) GetAccessKeyId() (*string, error) {
@@ -123,6 +139,9 @@ func (r *OIDCCredential) updateCredential() (err error) {
 	}
 	request := request.NewCommonRequest()
 	request.Domain = "sts.aliyuncs.com"
+	if r.runtime.STSEndpoint != "" {
+		request.Domain = r.runtime.STSEndpoint
+	}
 	request.Scheme = "HTTPS"
 	request.Method = "POST"
 	request.QueryParams["Timestamp"] = utils.GetTimeInFormatISO8601()
@@ -138,12 +157,6 @@ func (r *OIDCCredential) updateCredential() (err error) {
 	request.QueryParams["RoleSessionName"] = r.RoleSessionName
 	request.QueryParams["Version"] = "2015-04-01"
 	request.QueryParams["SignatureNonce"] = utils.GetUUID()
-	if r.AccessKeyId != "" && r.AccessKeySecret != "" {
-		signature := utils.ShaHmac1(request.BuildStringToSign(), r.AccessKeySecret+"&")
-		request.QueryParams["Signature"] = signature
-		request.QueryParams["AccessKeyId"] = r.AccessKeyId
-		request.QueryParams["AccessKeySecret"] = r.AccessKeySecret
-	}
 	request.Headers["Host"] = request.Domain
 	request.Headers["Accept-Encoding"] = "identity"
 	request.Headers["content-type"] = "application/x-www-form-urlencoded"
diff --git a/vendor/github.com/aliyun/credentials-go/credentials/oidc_credential_provider.go b/vendor/github.com/aliyun/credentials-go/credentials/oidc_credential_provider.go
new file mode 100644
index 0000000000..928eb93150
--- /dev/null
+++ b/vendor/github.com/aliyun/credentials-go/credentials/oidc_credential_provider.go
@@ -0,0 +1,37 @@
+package credentials
+
+import (
+	"os"
+
+	"github.com/alibabacloud-go/tea/tea"
+)
+
+type oidcCredentialsProvider struct{}
+
+var providerOIDC = new(oidcCredentialsProvider)
+
+func newOidcCredentialsProvider() Provider {
+	return &oidcCredentialsProvider{}
+}
+
+func (p *oidcCredentialsProvider) resolve() (*Config, error) {
+	roleArn, ok1 := os.LookupEnv(ENVRoleArn)
+	oidcProviderArn, ok2 := os.LookupEnv(ENVOIDCProviderArn)
+	oidcTokenFilePath, ok3 := os.LookupEnv(ENVOIDCTokenFile)
+	if !ok1 || !ok2 || !ok3 {
+		return nil, nil
+	}
+
+	config := &Config{
+		Type:              tea.String("oidc_role_arn"),
+		RoleArn:           tea.String(roleArn),
+		OIDCProviderArn:   tea.String(oidcProviderArn),
+		OIDCTokenFilePath: tea.String(oidcTokenFilePath),
+		RoleSessionName:   tea.String("defaultSessionName"),
+	}
+	roleSessionName, ok := os.LookupEnv(ENVRoleSessionName)
+	if ok {
+		config.RoleSessionName = tea.String(roleSessionName)
+	}
+	return config, nil
+}
diff --git a/vendor/github.com/aliyun/credentials-go/credentials/profile_provider.go b/vendor/github.com/aliyun/credentials-go/credentials/profile_provider.go
index d6292b0351..de02c3dc43 100644
--- a/vendor/github.com/aliyun/credentials-go/credentials/profile_provider.go
+++ b/vendor/github.com/aliyun/credentials-go/credentials/profile_provider.go
@@ -46,10 +46,11 @@ func newProfileProvider(name ...string) Provider {
 func (p *profileProvider) resolve() (*Config, error) {
 	path, ok := os.LookupEnv(ENVCredentialFile)
 	if !ok {
-		path, err := checkDefaultPath()
+		defaultPath, err := checkDefaultPath()
 		if err != nil {
 			return nil, err
 		}
+		path = defaultPath
 		if path == "" {
 			return nil, nil
 		}
diff --git a/vendor/github.com/aliyun/credentials-go/credentials/provider.go b/vendor/github.com/aliyun/credentials-go/credentials/provider.go
index f9d4ae5748..fe813db330 100644
--- a/vendor/github.com/aliyun/credentials-go/credentials/provider.go
+++ b/vendor/github.com/aliyun/credentials-go/credentials/provider.go
@@ -5,6 +5,10 @@ const (
 	ENVCredentialFile  = "ALIBABA_CLOUD_CREDENTIALS_FILE"
 	ENVEcsMetadata     = "ALIBABA_CLOUD_ECS_METADATA"
 	PATHCredentialFile = "~/.alibabacloud/credentials"
+	ENVRoleArn         = "ALIBABA_CLOUD_ROLE_ARN"
+	ENVOIDCProviderArn = "ALIBABA_CLOUD_OIDC_PROVIDER_ARN"
+	ENVOIDCTokenFile   = "ALIBABA_CLOUD_OIDC_TOKEN_FILE"
+	ENVRoleSessionName = "ALIBABA_CLOUD_ROLE_SESSION_NAME"
 )
 
 // Provider will be implemented When you want to customize the provider.
diff --git a/vendor/github.com/aliyun/credentials-go/credentials/provider_chain.go b/vendor/github.com/aliyun/credentials-go/credentials/provider_chain.go
index 2764a701cd..a694d5cb58 100644
--- a/vendor/github.com/aliyun/credentials-go/credentials/provider_chain.go
+++ b/vendor/github.com/aliyun/credentials-go/credentials/provider_chain.go
@@ -8,7 +8,7 @@ type providerChain struct {
 	Providers []Provider
 }
 
-var defaultproviders = []Provider{providerEnv, providerProfile, providerInstance}
+var defaultproviders = []Provider{providerEnv, providerOIDC, providerProfile, providerInstance}
 var defaultChain = newProviderChain(defaultproviders)
 
 func newProviderChain(providers []Provider) Provider {
diff --git a/vendor/github.com/aliyun/credentials-go/credentials/rsa_key_pair_credential.go b/vendor/github.com/aliyun/credentials-go/credentials/rsa_key_pair_credential.go
index 3e4310eca6..82988eca07 100644
--- a/vendor/github.com/aliyun/credentials-go/credentials/rsa_key_pair_credential.go
+++ b/vendor/github.com/aliyun/credentials-go/credentials/rsa_key_pair_credential.go
@@ -42,6 +42,22 @@ func newRsaKeyPairCredential(privateKey, publicKeyId string, sessionExpiration i
 	}
 }
 
+func (e *RsaKeyPairCredential) GetCredential() (*CredentialModel, error) {
+	if e.sessionCredential == nil || e.needUpdateCredential() {
+		err := e.updateCredential()
+		if err != nil {
+			return nil, err
+		}
+	}
+	credential := &CredentialModel{
+		AccessKeyId:     tea.String(e.sessionCredential.AccessKeyId),
+		AccessKeySecret: tea.String(e.sessionCredential.AccessKeySecret),
+		SecurityToken:   tea.String(e.sessionCredential.SecurityToken),
+		Type:            tea.String("rsa_key_pair"),
+	}
+	return credential, nil
+}
+
 // GetAccessKeyId reutrns RsaKeyPairCredential's AccessKeyId
 // if AccessKeyId is not exist or out of date, the function will update it.
 func (r *RsaKeyPairCredential) GetAccessKeyId() (*string, error) {
@@ -89,6 +105,8 @@ func (r *RsaKeyPairCredential) updateCredential() (err error) {
 	request.Domain = "sts.aliyuncs.com"
 	if r.runtime.Host != "" {
 		request.Domain = r.runtime.Host
+	} else if r.runtime.STSEndpoint != "" {
+		request.Domain = r.runtime.STSEndpoint
 	}
 	request.Scheme = "HTTPS"
 	request.Method = "GET"
diff --git a/vendor/github.com/aliyun/credentials-go/credentials/sts_credential.go b/vendor/github.com/aliyun/credentials-go/credentials/sts_credential.go
index ba07dab498..5a9973f21a 100644
--- a/vendor/github.com/aliyun/credentials-go/credentials/sts_credential.go
+++ b/vendor/github.com/aliyun/credentials-go/credentials/sts_credential.go
@@ -17,6 +17,16 @@ func newStsTokenCredential(accessKeyId, accessKeySecret, securityToken string) *
 	}
 }
 
+func (s *StsTokenCredential) GetCredential() (*CredentialModel, error) {
+	credential := &CredentialModel{
+		AccessKeyId:     tea.String(s.AccessKeyId),
+		AccessKeySecret: tea.String(s.AccessKeySecret),
+		SecurityToken:   tea.String(s.SecurityToken),
+		Type:            tea.String("sts"),
+	}
+	return credential, nil
+}
+
 // GetAccessKeyId reutrns  StsTokenCredential's AccessKeyId
 func (s *StsTokenCredential) GetAccessKeyId() (*string, error) {
 	return tea.String(s.AccessKeyId), nil
diff --git a/vendor/github.com/aliyun/credentials-go/credentials/sts_role_arn_credential.go b/vendor/github.com/aliyun/credentials-go/credentials/sts_role_arn_credential.go
index f31ba1e327..3ddf32fa21 100644
--- a/vendor/github.com/aliyun/credentials-go/credentials/sts_role_arn_credential.go
+++ b/vendor/github.com/aliyun/credentials-go/credentials/sts_role_arn_credential.go
@@ -23,6 +23,7 @@ type RAMRoleArnCredential struct {
 	RoleSessionName       string
 	RoleSessionExpiration int
 	Policy                string
+	ExternalId            string
 	sessionCredential     *sessionCredential
 	runtime               *utils.Runtime
 }
@@ -51,6 +52,36 @@ func newRAMRoleArnCredential(accessKeyId, accessKeySecret, roleArn, roleSessionN
 	}
 }
 
+func newRAMRoleArnWithExternalIdCredential(accessKeyId, accessKeySecret, roleArn, roleSessionName, policy string, roleSessionExpiration int, externalId string, runtime *utils.Runtime) *RAMRoleArnCredential {
+	return &RAMRoleArnCredential{
+		AccessKeyId:           accessKeyId,
+		AccessKeySecret:       accessKeySecret,
+		RoleArn:               roleArn,
+		RoleSessionName:       roleSessionName,
+		RoleSessionExpiration: roleSessionExpiration,
+		Policy:                policy,
+		ExternalId:            externalId,
+		credentialUpdater:     new(credentialUpdater),
+		runtime:               runtime,
+	}
+}
+
+func (e *RAMRoleArnCredential) GetCredential() (*CredentialModel, error) {
+	if e.sessionCredential == nil || e.needUpdateCredential() {
+		err := e.updateCredential()
+		if err != nil {
+			return nil, err
+		}
+	}
+	credential := &CredentialModel{
+		AccessKeyId:     tea.String(e.sessionCredential.AccessKeyId),
+		AccessKeySecret: tea.String(e.sessionCredential.AccessKeySecret),
+		SecurityToken:   tea.String(e.sessionCredential.SecurityToken),
+		Type:            tea.String("ram_role_arn"),
+	}
+	return credential, nil
+}
+
 // GetAccessKeyId reutrns RamRoleArnCredential's AccessKeyId
 // if AccessKeyId is not exist or out of date, the function will update it.
 func (r *RAMRoleArnCredential) GetAccessKeyId() (*string, error) {
@@ -103,6 +134,9 @@ func (r *RAMRoleArnCredential) updateCredential() (err error) {
 	}
 	request := request.NewCommonRequest()
 	request.Domain = "sts.aliyuncs.com"
+	if r.runtime.STSEndpoint != "" {
+		request.Domain = r.runtime.STSEndpoint
+	}
 	request.Scheme = "HTTPS"
 	request.Method = "GET"
 	request.QueryParams["AccessKeyId"] = r.AccessKeyId
@@ -122,6 +156,9 @@ func (r *RAMRoleArnCredential) updateCredential() (err error) {
 	if r.Policy != "" {
 		request.QueryParams["Policy"] = r.Policy
 	}
+	if r.ExternalId != "" {
+		request.QueryParams["ExternalId"] = r.ExternalId
+	}
 	request.QueryParams["RoleSessionName"] = r.RoleSessionName
 	request.QueryParams["SignatureMethod"] = "HMAC-SHA1"
 	request.QueryParams["SignatureVersion"] = "1.0"
diff --git a/vendor/github.com/aliyun/credentials-go/credentials/uri_credential.go b/vendor/github.com/aliyun/credentials-go/credentials/uri_credential.go
index e8f303fc76..d03006c9cd 100644
--- a/vendor/github.com/aliyun/credentials-go/credentials/uri_credential.go
+++ b/vendor/github.com/aliyun/credentials-go/credentials/uri_credential.go
@@ -37,6 +37,22 @@ func newURLCredential(URL string) *URLCredential {
 	}
 }
 
+func (e *URLCredential) GetCredential() (*CredentialModel, error) {
+	if e.sessionCredential == nil || e.needUpdateCredential() {
+		err := e.updateCredential()
+		if err != nil {
+			return nil, err
+		}
+	}
+	credential := &CredentialModel{
+		AccessKeyId:     tea.String(e.sessionCredential.AccessKeyId),
+		AccessKeySecret: tea.String(e.sessionCredential.AccessKeySecret),
+		SecurityToken:   tea.String(e.sessionCredential.SecurityToken),
+		Type:            tea.String("credential_uri"),
+	}
+	return credential, nil
+}
+
 // GetAccessKeyId reutrns  URLCredential's AccessKeyId
 // if AccessKeyId is not exist or out of date, the function will update it.
 func (e *URLCredential) GetAccessKeyId() (*string, error) {
diff --git a/vendor/github.com/aliyun/credentials-go/credentials/utils/runtime.go b/vendor/github.com/aliyun/credentials-go/credentials/utils/runtime.go
index d4a27c9cd9..432395cf4a 100644
--- a/vendor/github.com/aliyun/credentials-go/credentials/utils/runtime.go
+++ b/vendor/github.com/aliyun/credentials-go/credentials/utils/runtime.go
@@ -12,6 +12,7 @@ type Runtime struct {
 	ConnectTimeout int
 	Proxy          string
 	Host           string
+	STSEndpoint    string
 }
 
 // NewRuntime returns a Runtime
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/CHANGELOG.md
index 3d155118e3..ac06c36355 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/CHANGELOG.md
@@ -1,3 +1,56 @@
+# v1.20.2 (2023-10-12)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.20.1 (2023-10-06)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.20.0 (2023-09-11)
+
+* **Feature**: This release will have ValidationException be thrown from ECR LifecyclePolicy APIs in regions LifecyclePolicy is not supported, this includes existing Amazon Dedicated Cloud (ADC) regions. This release will also change Tag: TagValue and Tag: TagKey to required.
+
+# v1.19.5 (2023-08-21)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.19.4 (2023-08-18)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.19.3 (2023-08-17)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.19.2 (2023-08-07)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.19.1 (2023-08-01)
+
+* No change notes available for this release.
+
+# v1.19.0 (2023-07-31)
+
+* **Feature**: Adds support for smithy-modeled endpoint resolution. A new rules-based endpoint resolution will be added to the SDK which will supercede and deprecate existing endpoint resolution. Specifically, EndpointResolver will be deprecated while BaseEndpoint and EndpointResolverV2 will take its place. For more information, please see the Endpoints section in our Developer Guide.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.18.15 (2023-07-28)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.18.14 (2023-07-13)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.18.13 (2023-06-15)
+
+* No change notes available for this release.
+
+# v1.18.12 (2023-06-13)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.18.11 (2023-05-04)
 
 * No change notes available for this release.
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_client.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_client.go
index add37d360a..f1984dd44b 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_client.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_client.go
@@ -4,6 +4,7 @@ package ecr
 
 import (
 	"context"
+	"fmt"
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/aws/defaults"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
@@ -46,8 +47,6 @@ func New(options Options, optFns ...func(*Options)) *Client {
 
 	resolveHTTPSignerV4(&options)
 
-	resolveDefaultEndpointConfiguration(&options)
-
 	for _, fn := range optFns {
 		fn(&options)
 	}
@@ -65,6 +64,14 @@ type Options struct {
 	// modify this list for per operation behavior.
 	APIOptions []func(*middleware.Stack) error
 
+	// The optional application specific identifier appended to the User-Agent header.
+	AppID string
+
+	// This endpoint will be given as input to an EndpointResolverV2. It is used for
+	// providing a custom base endpoint that is subject to modifications by the
+	// processing EndpointResolverV2.
+	BaseEndpoint *string
+
 	// Configures the events that will be sent to the configured logger.
 	ClientLogMode aws.ClientLogMode
 
@@ -79,8 +86,18 @@ type Options struct {
 	EndpointOptions EndpointResolverOptions
 
 	// The service endpoint resolver.
+	//
+	// Deprecated: Deprecated: EndpointResolver and WithEndpointResolver. Providing a
+	// value for this field will likely prevent you from using any endpoint-related
+	// service features released after the introduction of EndpointResolverV2 and
+	// BaseEndpoint. To migrate an EndpointResolver implementation that uses a custom
+	// endpoint, set the client option BaseEndpoint instead.
 	EndpointResolver EndpointResolver
 
+	// Resolves the endpoint used for a particular service. This should be used over
+	// the deprecated EndpointResolver
+	EndpointResolverV2 EndpointResolverV2
+
 	// Signature Version 4 (SigV4) Signer
 	HTTPSignerV4 HTTPSignerV4
 
@@ -139,14 +156,25 @@ func WithAPIOptions(optFns ...func(*middleware.Stack) error) func(*Options) {
 	}
 }
 
-// WithEndpointResolver returns a functional option for setting the Client's
-// EndpointResolver option.
+// Deprecated: EndpointResolver and WithEndpointResolver. Providing a value for
+// this field will likely prevent you from using any endpoint-related service
+// features released after the introduction of EndpointResolverV2 and BaseEndpoint.
+// To migrate an EndpointResolver implementation that uses a custom endpoint, set
+// the client option BaseEndpoint instead.
 func WithEndpointResolver(v EndpointResolver) func(*Options) {
 	return func(o *Options) {
 		o.EndpointResolver = v
 	}
 }
 
+// WithEndpointResolverV2 returns a functional option for setting the Client's
+// EndpointResolverV2 option.
+func WithEndpointResolverV2(v EndpointResolverV2) func(*Options) {
+	return func(o *Options) {
+		o.EndpointResolverV2 = v
+	}
+}
+
 type HTTPClient interface {
 	Do(*http.Request) (*http.Response, error)
 }
@@ -163,6 +191,8 @@ func (c *Client) invokeOperation(ctx context.Context, opID string, params interf
 	ctx = middleware.ClearStackValues(ctx)
 	stack := middleware.NewStack(opID, smithyhttp.NewStackRequest)
 	options := c.options.Copy()
+	resolveEndpointResolverV2(&options)
+
 	for _, fn := range optFns {
 		fn(&options)
 	}
@@ -197,6 +227,30 @@ func (c *Client) invokeOperation(ctx context.Context, opID string, params interf
 
 type noSmithyDocumentSerde = smithydocument.NoSerde
 
+type legacyEndpointContextSetter struct {
+	LegacyResolver EndpointResolver
+}
+
+func (*legacyEndpointContextSetter) ID() string {
+	return "legacyEndpointContextSetter"
+}
+
+func (m *legacyEndpointContextSetter) HandleInitialize(ctx context.Context, in middleware.InitializeInput, next middleware.InitializeHandler) (
+	out middleware.InitializeOutput, metadata middleware.Metadata, err error,
+) {
+	if m.LegacyResolver != nil {
+		ctx = awsmiddleware.SetRequiresLegacyEndpoints(ctx, true)
+	}
+
+	return next.HandleInitialize(ctx, in)
+
+}
+func addlegacyEndpointContextSetter(stack *middleware.Stack, o Options) error {
+	return stack.Initialize.Add(&legacyEndpointContextSetter{
+		LegacyResolver: o.EndpointResolver,
+	}, middleware.Before)
+}
+
 func resolveDefaultLogger(o *Options) {
 	if o.Logger != nil {
 		return
@@ -234,6 +288,7 @@ func NewFromConfig(cfg aws.Config, optFns ...func(*Options)) *Client {
 		APIOptions:         cfg.APIOptions,
 		Logger:             cfg.Logger,
 		ClientLogMode:      cfg.ClientLogMode,
+		AppID:              cfg.AppID,
 	}
 	resolveAWSRetryerProvider(cfg, &opts)
 	resolveAWSRetryMaxAttempts(cfg, &opts)
@@ -344,11 +399,19 @@ func resolveAWSEndpointResolver(cfg aws.Config, o *Options) {
 	if cfg.EndpointResolver == nil && cfg.EndpointResolverWithOptions == nil {
 		return
 	}
-	o.EndpointResolver = withEndpointResolver(cfg.EndpointResolver, cfg.EndpointResolverWithOptions, NewDefaultEndpointResolver())
+	o.EndpointResolver = withEndpointResolver(cfg.EndpointResolver, cfg.EndpointResolverWithOptions)
 }
 
-func addClientUserAgent(stack *middleware.Stack) error {
-	return awsmiddleware.AddSDKAgentKeyValue(awsmiddleware.APIMetadata, "ecr", goModuleVersion)(stack)
+func addClientUserAgent(stack *middleware.Stack, options Options) error {
+	if err := awsmiddleware.AddSDKAgentKeyValue(awsmiddleware.APIMetadata, "ecr", goModuleVersion)(stack); err != nil {
+		return err
+	}
+
+	if len(options.AppID) > 0 {
+		return awsmiddleware.AddSDKAgentKey(awsmiddleware.ApplicationIdentifier, options.AppID)(stack)
+	}
+
+	return nil
 }
 
 func addHTTPSignerV4Middleware(stack *middleware.Stack, o Options) error {
@@ -432,3 +495,32 @@ func addRequestResponseLogging(stack *middleware.Stack, o Options) error {
 		LogResponseWithBody: o.ClientLogMode.IsResponseWithBody(),
 	}, middleware.After)
 }
+
+type endpointDisableHTTPSMiddleware struct {
+	EndpointDisableHTTPS bool
+}
+
+func (*endpointDisableHTTPSMiddleware) ID() string {
+	return "endpointDisableHTTPSMiddleware"
+}
+
+func (m *endpointDisableHTTPSMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointDisableHTTPS && !smithyhttp.GetHostnameImmutable(ctx) {
+		req.URL.Scheme = "http"
+	}
+
+	return next.HandleSerialize(ctx, in)
+
+}
+func addendpointDisableHTTPSMiddleware(stack *middleware.Stack, o Options) error {
+	return stack.Serialize.Insert(&endpointDisableHTTPSMiddleware{
+		EndpointDisableHTTPS: o.EndpointOptions.DisableHTTPS,
+	}, "OperationSerializer", middleware.Before)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_BatchCheckLayerAvailability.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_BatchCheckLayerAvailability.go
index 13489da617..8cc701c6f5 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_BatchCheckLayerAvailability.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_BatchCheckLayerAvailability.go
@@ -4,9 +4,14 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecr/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -76,6 +81,9 @@ func (c *Client) addOperationBatchCheckLayerAvailabilityMiddlewares(stack *middl
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -103,7 +111,7 @@ func (c *Client) addOperationBatchCheckLayerAvailabilityMiddlewares(stack *middl
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -112,6 +120,9 @@ func (c *Client) addOperationBatchCheckLayerAvailabilityMiddlewares(stack *middl
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addBatchCheckLayerAvailabilityResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpBatchCheckLayerAvailabilityValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -130,6 +141,9 @@ func (c *Client) addOperationBatchCheckLayerAvailabilityMiddlewares(stack *middl
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -141,3 +155,126 @@ func newServiceMetadataMiddleware_opBatchCheckLayerAvailability(region string) *
 		OperationName: "BatchCheckLayerAvailability",
 	}
 }
+
+type opBatchCheckLayerAvailabilityResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opBatchCheckLayerAvailabilityResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opBatchCheckLayerAvailabilityResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addBatchCheckLayerAvailabilityResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opBatchCheckLayerAvailabilityResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_BatchDeleteImage.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_BatchDeleteImage.go
index 646f46a004..53816800dd 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_BatchDeleteImage.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_BatchDeleteImage.go
@@ -4,9 +4,14 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecr/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -77,6 +82,9 @@ func (c *Client) addOperationBatchDeleteImageMiddlewares(stack *middleware.Stack
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -104,7 +112,7 @@ func (c *Client) addOperationBatchDeleteImageMiddlewares(stack *middleware.Stack
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -113,6 +121,9 @@ func (c *Client) addOperationBatchDeleteImageMiddlewares(stack *middleware.Stack
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addBatchDeleteImageResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpBatchDeleteImageValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -131,6 +142,9 @@ func (c *Client) addOperationBatchDeleteImageMiddlewares(stack *middleware.Stack
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -142,3 +156,126 @@ func newServiceMetadataMiddleware_opBatchDeleteImage(region string) *awsmiddlewa
 		OperationName: "BatchDeleteImage",
 	}
 }
+
+type opBatchDeleteImageResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opBatchDeleteImageResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opBatchDeleteImageResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addBatchDeleteImageResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opBatchDeleteImageResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_BatchGetImage.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_BatchGetImage.go
index ce9b83a3c1..d2f2d85f8e 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_BatchGetImage.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_BatchGetImage.go
@@ -4,9 +4,14 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecr/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -79,6 +84,9 @@ func (c *Client) addOperationBatchGetImageMiddlewares(stack *middleware.Stack, o
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -106,7 +114,7 @@ func (c *Client) addOperationBatchGetImageMiddlewares(stack *middleware.Stack, o
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -115,6 +123,9 @@ func (c *Client) addOperationBatchGetImageMiddlewares(stack *middleware.Stack, o
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addBatchGetImageResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpBatchGetImageValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -133,6 +144,9 @@ func (c *Client) addOperationBatchGetImageMiddlewares(stack *middleware.Stack, o
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -144,3 +158,126 @@ func newServiceMetadataMiddleware_opBatchGetImage(region string) *awsmiddleware.
 		OperationName: "BatchGetImage",
 	}
 }
+
+type opBatchGetImageResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opBatchGetImageResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opBatchGetImageResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addBatchGetImageResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opBatchGetImageResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_BatchGetRepositoryScanningConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_BatchGetRepositoryScanningConfiguration.go
index 3611dbe55e..30591dcdf9 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_BatchGetRepositoryScanningConfiguration.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_BatchGetRepositoryScanningConfiguration.go
@@ -4,9 +4,14 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecr/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -60,6 +65,9 @@ func (c *Client) addOperationBatchGetRepositoryScanningConfigurationMiddlewares(
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -87,7 +95,7 @@ func (c *Client) addOperationBatchGetRepositoryScanningConfigurationMiddlewares(
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -96,6 +104,9 @@ func (c *Client) addOperationBatchGetRepositoryScanningConfigurationMiddlewares(
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addBatchGetRepositoryScanningConfigurationResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpBatchGetRepositoryScanningConfigurationValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -114,6 +125,9 @@ func (c *Client) addOperationBatchGetRepositoryScanningConfigurationMiddlewares(
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -125,3 +139,126 @@ func newServiceMetadataMiddleware_opBatchGetRepositoryScanningConfiguration(regi
 		OperationName: "BatchGetRepositoryScanningConfiguration",
 	}
 }
+
+type opBatchGetRepositoryScanningConfigurationResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opBatchGetRepositoryScanningConfigurationResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opBatchGetRepositoryScanningConfigurationResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addBatchGetRepositoryScanningConfigurationResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opBatchGetRepositoryScanningConfigurationResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_CompleteLayerUpload.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_CompleteLayerUpload.go
index de6185b950..ee896d53e7 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_CompleteLayerUpload.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_CompleteLayerUpload.go
@@ -4,8 +4,13 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -87,6 +92,9 @@ func (c *Client) addOperationCompleteLayerUploadMiddlewares(stack *middleware.St
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -114,7 +122,7 @@ func (c *Client) addOperationCompleteLayerUploadMiddlewares(stack *middleware.St
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -123,6 +131,9 @@ func (c *Client) addOperationCompleteLayerUploadMiddlewares(stack *middleware.St
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addCompleteLayerUploadResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpCompleteLayerUploadValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -141,6 +152,9 @@ func (c *Client) addOperationCompleteLayerUploadMiddlewares(stack *middleware.St
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -152,3 +166,126 @@ func newServiceMetadataMiddleware_opCompleteLayerUpload(region string) *awsmiddl
 		OperationName: "CompleteLayerUpload",
 	}
 }
+
+type opCompleteLayerUploadResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opCompleteLayerUploadResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opCompleteLayerUploadResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addCompleteLayerUploadResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opCompleteLayerUploadResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_CreatePullThroughCacheRule.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_CreatePullThroughCacheRule.go
index 75c3ee4e71..a31b8bb468 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_CreatePullThroughCacheRule.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_CreatePullThroughCacheRule.go
@@ -4,8 +4,13 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 	"time"
@@ -80,6 +85,9 @@ func (c *Client) addOperationCreatePullThroughCacheRuleMiddlewares(stack *middle
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -107,7 +115,7 @@ func (c *Client) addOperationCreatePullThroughCacheRuleMiddlewares(stack *middle
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -116,6 +124,9 @@ func (c *Client) addOperationCreatePullThroughCacheRuleMiddlewares(stack *middle
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addCreatePullThroughCacheRuleResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpCreatePullThroughCacheRuleValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -134,6 +145,9 @@ func (c *Client) addOperationCreatePullThroughCacheRuleMiddlewares(stack *middle
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -145,3 +159,126 @@ func newServiceMetadataMiddleware_opCreatePullThroughCacheRule(region string) *a
 		OperationName: "CreatePullThroughCacheRule",
 	}
 }
+
+type opCreatePullThroughCacheRuleResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opCreatePullThroughCacheRuleResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opCreatePullThroughCacheRuleResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addCreatePullThroughCacheRuleResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opCreatePullThroughCacheRuleResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_CreateRepository.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_CreateRepository.go
index 362fe54b60..1fdf9b212b 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_CreateRepository.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_CreateRepository.go
@@ -4,9 +4,14 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecr/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -32,7 +37,9 @@ type CreateRepositoryInput struct {
 
 	// The name to use for the repository. The repository name may be specified on its
 	// own (such as nginx-web-app ) or it can be prepended with a namespace to group
-	// the repository into a category (such as project-a/nginx-web-app ).
+	// the repository into a category (such as project-a/nginx-web-app ). The
+	// repository name must start with a letter and can only contain lowercase letters,
+	// numbers, hyphens, underscores, and forward slashes.
 	//
 	// This member is required.
 	RepositoryName *string
@@ -85,6 +92,9 @@ func (c *Client) addOperationCreateRepositoryMiddlewares(stack *middleware.Stack
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -112,7 +122,7 @@ func (c *Client) addOperationCreateRepositoryMiddlewares(stack *middleware.Stack
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -121,6 +131,9 @@ func (c *Client) addOperationCreateRepositoryMiddlewares(stack *middleware.Stack
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addCreateRepositoryResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpCreateRepositoryValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -139,6 +152,9 @@ func (c *Client) addOperationCreateRepositoryMiddlewares(stack *middleware.Stack
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -150,3 +166,126 @@ func newServiceMetadataMiddleware_opCreateRepository(region string) *awsmiddlewa
 		OperationName: "CreateRepository",
 	}
 }
+
+type opCreateRepositoryResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opCreateRepositoryResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opCreateRepositoryResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addCreateRepositoryResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opCreateRepositoryResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DeleteLifecyclePolicy.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DeleteLifecyclePolicy.go
index 914a512cd4..53c4d53277 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DeleteLifecyclePolicy.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DeleteLifecyclePolicy.go
@@ -4,8 +4,13 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 	"time"
@@ -71,6 +76,9 @@ func (c *Client) addOperationDeleteLifecyclePolicyMiddlewares(stack *middleware.
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -98,7 +106,7 @@ func (c *Client) addOperationDeleteLifecyclePolicyMiddlewares(stack *middleware.
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -107,6 +115,9 @@ func (c *Client) addOperationDeleteLifecyclePolicyMiddlewares(stack *middleware.
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addDeleteLifecyclePolicyResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpDeleteLifecyclePolicyValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -125,6 +136,9 @@ func (c *Client) addOperationDeleteLifecyclePolicyMiddlewares(stack *middleware.
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -136,3 +150,126 @@ func newServiceMetadataMiddleware_opDeleteLifecyclePolicy(region string) *awsmid
 		OperationName: "DeleteLifecyclePolicy",
 	}
 }
+
+type opDeleteLifecyclePolicyResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opDeleteLifecyclePolicyResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opDeleteLifecyclePolicyResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addDeleteLifecyclePolicyResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opDeleteLifecyclePolicyResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DeletePullThroughCacheRule.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DeletePullThroughCacheRule.go
index 413c55a270..658c314c6a 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DeletePullThroughCacheRule.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DeletePullThroughCacheRule.go
@@ -4,8 +4,13 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 	"time"
@@ -72,6 +77,9 @@ func (c *Client) addOperationDeletePullThroughCacheRuleMiddlewares(stack *middle
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -99,7 +107,7 @@ func (c *Client) addOperationDeletePullThroughCacheRuleMiddlewares(stack *middle
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -108,6 +116,9 @@ func (c *Client) addOperationDeletePullThroughCacheRuleMiddlewares(stack *middle
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addDeletePullThroughCacheRuleResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpDeletePullThroughCacheRuleValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -126,6 +137,9 @@ func (c *Client) addOperationDeletePullThroughCacheRuleMiddlewares(stack *middle
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -137,3 +151,126 @@ func newServiceMetadataMiddleware_opDeletePullThroughCacheRule(region string) *a
 		OperationName: "DeletePullThroughCacheRule",
 	}
 }
+
+type opDeletePullThroughCacheRuleResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opDeletePullThroughCacheRuleResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opDeletePullThroughCacheRuleResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addDeletePullThroughCacheRuleResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opDeletePullThroughCacheRuleResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DeleteRegistryPolicy.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DeleteRegistryPolicy.go
index dceab652b1..2c1f886287 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DeleteRegistryPolicy.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DeleteRegistryPolicy.go
@@ -4,8 +4,13 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -53,6 +58,9 @@ func (c *Client) addOperationDeleteRegistryPolicyMiddlewares(stack *middleware.S
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -80,7 +88,7 @@ func (c *Client) addOperationDeleteRegistryPolicyMiddlewares(stack *middleware.S
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -89,6 +97,9 @@ func (c *Client) addOperationDeleteRegistryPolicyMiddlewares(stack *middleware.S
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addDeleteRegistryPolicyResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opDeleteRegistryPolicy(options.Region), middleware.Before); err != nil {
 		return err
 	}
@@ -104,6 +115,9 @@ func (c *Client) addOperationDeleteRegistryPolicyMiddlewares(stack *middleware.S
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -115,3 +129,126 @@ func newServiceMetadataMiddleware_opDeleteRegistryPolicy(region string) *awsmidd
 		OperationName: "DeleteRegistryPolicy",
 	}
 }
+
+type opDeleteRegistryPolicyResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opDeleteRegistryPolicyResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opDeleteRegistryPolicyResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addDeleteRegistryPolicyResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opDeleteRegistryPolicyResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DeleteRepository.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DeleteRepository.go
index 0b2b866ce3..622a861e11 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DeleteRepository.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DeleteRepository.go
@@ -4,9 +4,14 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecr/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -66,6 +71,9 @@ func (c *Client) addOperationDeleteRepositoryMiddlewares(stack *middleware.Stack
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -93,7 +101,7 @@ func (c *Client) addOperationDeleteRepositoryMiddlewares(stack *middleware.Stack
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -102,6 +110,9 @@ func (c *Client) addOperationDeleteRepositoryMiddlewares(stack *middleware.Stack
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addDeleteRepositoryResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpDeleteRepositoryValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -120,6 +131,9 @@ func (c *Client) addOperationDeleteRepositoryMiddlewares(stack *middleware.Stack
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -131,3 +145,126 @@ func newServiceMetadataMiddleware_opDeleteRepository(region string) *awsmiddlewa
 		OperationName: "DeleteRepository",
 	}
 }
+
+type opDeleteRepositoryResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opDeleteRepositoryResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opDeleteRepositoryResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addDeleteRepositoryResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opDeleteRepositoryResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DeleteRepositoryPolicy.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DeleteRepositoryPolicy.go
index 593901b8eb..6b7fb0bcf8 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DeleteRepositoryPolicy.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DeleteRepositoryPolicy.go
@@ -4,8 +4,13 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -68,6 +73,9 @@ func (c *Client) addOperationDeleteRepositoryPolicyMiddlewares(stack *middleware
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -95,7 +103,7 @@ func (c *Client) addOperationDeleteRepositoryPolicyMiddlewares(stack *middleware
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -104,6 +112,9 @@ func (c *Client) addOperationDeleteRepositoryPolicyMiddlewares(stack *middleware
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addDeleteRepositoryPolicyResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpDeleteRepositoryPolicyValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -122,6 +133,9 @@ func (c *Client) addOperationDeleteRepositoryPolicyMiddlewares(stack *middleware
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -133,3 +147,126 @@ func newServiceMetadataMiddleware_opDeleteRepositoryPolicy(region string) *awsmi
 		OperationName: "DeleteRepositoryPolicy",
 	}
 }
+
+type opDeleteRepositoryPolicyResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opDeleteRepositoryPolicyResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opDeleteRepositoryPolicyResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addDeleteRepositoryPolicyResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opDeleteRepositoryPolicyResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DescribeImageReplicationStatus.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DescribeImageReplicationStatus.go
index 0085efcf27..ba73c5f8ce 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DescribeImageReplicationStatus.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DescribeImageReplicationStatus.go
@@ -4,9 +4,14 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecr/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -72,6 +77,9 @@ func (c *Client) addOperationDescribeImageReplicationStatusMiddlewares(stack *mi
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -99,7 +107,7 @@ func (c *Client) addOperationDescribeImageReplicationStatusMiddlewares(stack *mi
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -108,6 +116,9 @@ func (c *Client) addOperationDescribeImageReplicationStatusMiddlewares(stack *mi
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addDescribeImageReplicationStatusResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpDescribeImageReplicationStatusValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -126,6 +137,9 @@ func (c *Client) addOperationDescribeImageReplicationStatusMiddlewares(stack *mi
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -137,3 +151,126 @@ func newServiceMetadataMiddleware_opDescribeImageReplicationStatus(region string
 		OperationName: "DescribeImageReplicationStatus",
 	}
 }
+
+type opDescribeImageReplicationStatusResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opDescribeImageReplicationStatusResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opDescribeImageReplicationStatusResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addDescribeImageReplicationStatusResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opDescribeImageReplicationStatusResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DescribeImageScanFindings.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DescribeImageScanFindings.go
index f75246f03f..63464be1ca 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DescribeImageScanFindings.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DescribeImageScanFindings.go
@@ -4,10 +4,14 @@ package ecr
 
 import (
 	"context"
+	"errors"
 	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecr/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithytime "github.com/aws/smithy-go/time"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
@@ -107,6 +111,9 @@ func (c *Client) addOperationDescribeImageScanFindingsMiddlewares(stack *middlew
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -134,7 +141,7 @@ func (c *Client) addOperationDescribeImageScanFindingsMiddlewares(stack *middlew
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -143,6 +150,9 @@ func (c *Client) addOperationDescribeImageScanFindingsMiddlewares(stack *middlew
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addDescribeImageScanFindingsResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpDescribeImageScanFindingsValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -161,6 +171,9 @@ func (c *Client) addOperationDescribeImageScanFindingsMiddlewares(stack *middlew
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -448,3 +461,126 @@ func newServiceMetadataMiddleware_opDescribeImageScanFindings(region string) *aw
 		OperationName: "DescribeImageScanFindings",
 	}
 }
+
+type opDescribeImageScanFindingsResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opDescribeImageScanFindingsResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opDescribeImageScanFindingsResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addDescribeImageScanFindingsResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opDescribeImageScanFindingsResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DescribeImages.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DescribeImages.go
index dd8e354bc2..788c7665e4 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DescribeImages.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DescribeImages.go
@@ -4,10 +4,14 @@ package ecr
 
 import (
 	"context"
+	"errors"
 	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecr/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -96,6 +100,9 @@ func (c *Client) addOperationDescribeImagesMiddlewares(stack *middleware.Stack,
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -123,7 +130,7 @@ func (c *Client) addOperationDescribeImagesMiddlewares(stack *middleware.Stack,
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -132,6 +139,9 @@ func (c *Client) addOperationDescribeImagesMiddlewares(stack *middleware.Stack,
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addDescribeImagesResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpDescribeImagesValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -150,6 +160,9 @@ func (c *Client) addOperationDescribeImagesMiddlewares(stack *middleware.Stack,
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -258,3 +271,126 @@ func newServiceMetadataMiddleware_opDescribeImages(region string) *awsmiddleware
 		OperationName: "DescribeImages",
 	}
 }
+
+type opDescribeImagesResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opDescribeImagesResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opDescribeImagesResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addDescribeImagesResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opDescribeImagesResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DescribePullThroughCacheRules.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DescribePullThroughCacheRules.go
index fc0b4f64e3..85d4842bde 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DescribePullThroughCacheRules.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DescribePullThroughCacheRules.go
@@ -4,10 +4,14 @@ package ecr
 
 import (
 	"context"
+	"errors"
 	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecr/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -87,6 +91,9 @@ func (c *Client) addOperationDescribePullThroughCacheRulesMiddlewares(stack *mid
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -114,7 +121,7 @@ func (c *Client) addOperationDescribePullThroughCacheRulesMiddlewares(stack *mid
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -123,6 +130,9 @@ func (c *Client) addOperationDescribePullThroughCacheRulesMiddlewares(stack *mid
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addDescribePullThroughCacheRulesResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opDescribePullThroughCacheRules(options.Region), middleware.Before); err != nil {
 		return err
 	}
@@ -138,6 +148,9 @@ func (c *Client) addOperationDescribePullThroughCacheRulesMiddlewares(stack *mid
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -250,3 +263,126 @@ func newServiceMetadataMiddleware_opDescribePullThroughCacheRules(region string)
 		OperationName: "DescribePullThroughCacheRules",
 	}
 }
+
+type opDescribePullThroughCacheRulesResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opDescribePullThroughCacheRulesResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opDescribePullThroughCacheRulesResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addDescribePullThroughCacheRulesResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opDescribePullThroughCacheRulesResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DescribeRegistry.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DescribeRegistry.go
index 79482a793b..e231a8f77c 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DescribeRegistry.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DescribeRegistry.go
@@ -4,9 +4,14 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecr/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -56,6 +61,9 @@ func (c *Client) addOperationDescribeRegistryMiddlewares(stack *middleware.Stack
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -83,7 +91,7 @@ func (c *Client) addOperationDescribeRegistryMiddlewares(stack *middleware.Stack
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -92,6 +100,9 @@ func (c *Client) addOperationDescribeRegistryMiddlewares(stack *middleware.Stack
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addDescribeRegistryResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opDescribeRegistry(options.Region), middleware.Before); err != nil {
 		return err
 	}
@@ -107,6 +118,9 @@ func (c *Client) addOperationDescribeRegistryMiddlewares(stack *middleware.Stack
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -118,3 +132,126 @@ func newServiceMetadataMiddleware_opDescribeRegistry(region string) *awsmiddlewa
 		OperationName: "DescribeRegistry",
 	}
 }
+
+type opDescribeRegistryResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opDescribeRegistryResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opDescribeRegistryResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addDescribeRegistryResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opDescribeRegistryResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DescribeRepositories.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DescribeRepositories.go
index ccf2a1b189..71fcebce6f 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DescribeRepositories.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_DescribeRepositories.go
@@ -4,10 +4,14 @@ package ecr
 
 import (
 	"context"
+	"errors"
 	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecr/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -89,6 +93,9 @@ func (c *Client) addOperationDescribeRepositoriesMiddlewares(stack *middleware.S
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -116,7 +123,7 @@ func (c *Client) addOperationDescribeRepositoriesMiddlewares(stack *middleware.S
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -125,6 +132,9 @@ func (c *Client) addOperationDescribeRepositoriesMiddlewares(stack *middleware.S
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addDescribeRepositoriesResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opDescribeRepositories(options.Region), middleware.Before); err != nil {
 		return err
 	}
@@ -140,6 +150,9 @@ func (c *Client) addOperationDescribeRepositoriesMiddlewares(stack *middleware.S
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -250,3 +263,126 @@ func newServiceMetadataMiddleware_opDescribeRepositories(region string) *awsmidd
 		OperationName: "DescribeRepositories",
 	}
 }
+
+type opDescribeRepositoriesResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opDescribeRepositoriesResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opDescribeRepositoriesResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addDescribeRepositoriesResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opDescribeRepositoriesResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_GetAuthorizationToken.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_GetAuthorizationToken.go
index da84860fb7..f630eef052 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_GetAuthorizationToken.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_GetAuthorizationToken.go
@@ -4,9 +4,14 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecr/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -70,6 +75,9 @@ func (c *Client) addOperationGetAuthorizationTokenMiddlewares(stack *middleware.
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -97,7 +105,7 @@ func (c *Client) addOperationGetAuthorizationTokenMiddlewares(stack *middleware.
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -106,6 +114,9 @@ func (c *Client) addOperationGetAuthorizationTokenMiddlewares(stack *middleware.
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addGetAuthorizationTokenResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opGetAuthorizationToken(options.Region), middleware.Before); err != nil {
 		return err
 	}
@@ -121,6 +132,9 @@ func (c *Client) addOperationGetAuthorizationTokenMiddlewares(stack *middleware.
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -132,3 +146,126 @@ func newServiceMetadataMiddleware_opGetAuthorizationToken(region string) *awsmid
 		OperationName: "GetAuthorizationToken",
 	}
 }
+
+type opGetAuthorizationTokenResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opGetAuthorizationTokenResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opGetAuthorizationTokenResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addGetAuthorizationTokenResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opGetAuthorizationTokenResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_GetDownloadUrlForLayer.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_GetDownloadUrlForLayer.go
index 1873ca1a01..26bb7b9f53 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_GetDownloadUrlForLayer.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_GetDownloadUrlForLayer.go
@@ -4,8 +4,13 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -74,6 +79,9 @@ func (c *Client) addOperationGetDownloadUrlForLayerMiddlewares(stack *middleware
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -101,7 +109,7 @@ func (c *Client) addOperationGetDownloadUrlForLayerMiddlewares(stack *middleware
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -110,6 +118,9 @@ func (c *Client) addOperationGetDownloadUrlForLayerMiddlewares(stack *middleware
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addGetDownloadUrlForLayerResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpGetDownloadUrlForLayerValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -128,6 +139,9 @@ func (c *Client) addOperationGetDownloadUrlForLayerMiddlewares(stack *middleware
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -139,3 +153,126 @@ func newServiceMetadataMiddleware_opGetDownloadUrlForLayer(region string) *awsmi
 		OperationName: "GetDownloadUrlForLayer",
 	}
 }
+
+type opGetDownloadUrlForLayerResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opGetDownloadUrlForLayerResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opGetDownloadUrlForLayerResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addGetDownloadUrlForLayerResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opGetDownloadUrlForLayerResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_GetLifecyclePolicy.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_GetLifecyclePolicy.go
index 43baec00a0..ee6b4b6f66 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_GetLifecyclePolicy.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_GetLifecyclePolicy.go
@@ -4,8 +4,13 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 	"time"
@@ -71,6 +76,9 @@ func (c *Client) addOperationGetLifecyclePolicyMiddlewares(stack *middleware.Sta
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -98,7 +106,7 @@ func (c *Client) addOperationGetLifecyclePolicyMiddlewares(stack *middleware.Sta
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -107,6 +115,9 @@ func (c *Client) addOperationGetLifecyclePolicyMiddlewares(stack *middleware.Sta
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addGetLifecyclePolicyResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpGetLifecyclePolicyValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -125,6 +136,9 @@ func (c *Client) addOperationGetLifecyclePolicyMiddlewares(stack *middleware.Sta
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -136,3 +150,126 @@ func newServiceMetadataMiddleware_opGetLifecyclePolicy(region string) *awsmiddle
 		OperationName: "GetLifecyclePolicy",
 	}
 }
+
+type opGetLifecyclePolicyResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opGetLifecyclePolicyResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opGetLifecyclePolicyResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addGetLifecyclePolicyResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opGetLifecyclePolicyResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_GetLifecyclePolicyPreview.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_GetLifecyclePolicyPreview.go
index 1b6c4c7dd6..5de6abc4f8 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_GetLifecyclePolicyPreview.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_GetLifecyclePolicyPreview.go
@@ -4,10 +4,14 @@ package ecr
 
 import (
 	"context"
+	"errors"
 	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecr/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithytime "github.com/aws/smithy-go/time"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
@@ -116,6 +120,9 @@ func (c *Client) addOperationGetLifecyclePolicyPreviewMiddlewares(stack *middlew
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -143,7 +150,7 @@ func (c *Client) addOperationGetLifecyclePolicyPreviewMiddlewares(stack *middlew
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -152,6 +159,9 @@ func (c *Client) addOperationGetLifecyclePolicyPreviewMiddlewares(stack *middlew
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addGetLifecyclePolicyPreviewResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpGetLifecyclePolicyPreviewValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -170,6 +180,9 @@ func (c *Client) addOperationGetLifecyclePolicyPreviewMiddlewares(stack *middlew
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -464,3 +477,126 @@ func newServiceMetadataMiddleware_opGetLifecyclePolicyPreview(region string) *aw
 		OperationName: "GetLifecyclePolicyPreview",
 	}
 }
+
+type opGetLifecyclePolicyPreviewResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opGetLifecyclePolicyPreviewResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opGetLifecyclePolicyPreviewResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addGetLifecyclePolicyPreviewResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opGetLifecyclePolicyPreviewResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_GetRegistryPolicy.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_GetRegistryPolicy.go
index 995a4c6d63..23c0a5788b 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_GetRegistryPolicy.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_GetRegistryPolicy.go
@@ -4,8 +4,13 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -53,6 +58,9 @@ func (c *Client) addOperationGetRegistryPolicyMiddlewares(stack *middleware.Stac
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -80,7 +88,7 @@ func (c *Client) addOperationGetRegistryPolicyMiddlewares(stack *middleware.Stac
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -89,6 +97,9 @@ func (c *Client) addOperationGetRegistryPolicyMiddlewares(stack *middleware.Stac
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addGetRegistryPolicyResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opGetRegistryPolicy(options.Region), middleware.Before); err != nil {
 		return err
 	}
@@ -104,6 +115,9 @@ func (c *Client) addOperationGetRegistryPolicyMiddlewares(stack *middleware.Stac
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -115,3 +129,126 @@ func newServiceMetadataMiddleware_opGetRegistryPolicy(region string) *awsmiddlew
 		OperationName: "GetRegistryPolicy",
 	}
 }
+
+type opGetRegistryPolicyResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opGetRegistryPolicyResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opGetRegistryPolicyResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addGetRegistryPolicyResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opGetRegistryPolicyResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_GetRegistryScanningConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_GetRegistryScanningConfiguration.go
index 46e3803fed..822c88c09a 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_GetRegistryScanningConfiguration.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_GetRegistryScanningConfiguration.go
@@ -4,9 +4,14 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecr/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -54,6 +59,9 @@ func (c *Client) addOperationGetRegistryScanningConfigurationMiddlewares(stack *
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -81,7 +89,7 @@ func (c *Client) addOperationGetRegistryScanningConfigurationMiddlewares(stack *
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -90,6 +98,9 @@ func (c *Client) addOperationGetRegistryScanningConfigurationMiddlewares(stack *
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addGetRegistryScanningConfigurationResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opGetRegistryScanningConfiguration(options.Region), middleware.Before); err != nil {
 		return err
 	}
@@ -105,6 +116,9 @@ func (c *Client) addOperationGetRegistryScanningConfigurationMiddlewares(stack *
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -116,3 +130,126 @@ func newServiceMetadataMiddleware_opGetRegistryScanningConfiguration(region stri
 		OperationName: "GetRegistryScanningConfiguration",
 	}
 }
+
+type opGetRegistryScanningConfigurationResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opGetRegistryScanningConfigurationResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opGetRegistryScanningConfigurationResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addGetRegistryScanningConfigurationResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opGetRegistryScanningConfigurationResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_GetRepositoryPolicy.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_GetRepositoryPolicy.go
index 0e87864b6a..f5c6bb6246 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_GetRepositoryPolicy.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_GetRepositoryPolicy.go
@@ -4,8 +4,13 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -67,6 +72,9 @@ func (c *Client) addOperationGetRepositoryPolicyMiddlewares(stack *middleware.St
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -94,7 +102,7 @@ func (c *Client) addOperationGetRepositoryPolicyMiddlewares(stack *middleware.St
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -103,6 +111,9 @@ func (c *Client) addOperationGetRepositoryPolicyMiddlewares(stack *middleware.St
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addGetRepositoryPolicyResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpGetRepositoryPolicyValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -121,6 +132,9 @@ func (c *Client) addOperationGetRepositoryPolicyMiddlewares(stack *middleware.St
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -132,3 +146,126 @@ func newServiceMetadataMiddleware_opGetRepositoryPolicy(region string) *awsmiddl
 		OperationName: "GetRepositoryPolicy",
 	}
 }
+
+type opGetRepositoryPolicyResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opGetRepositoryPolicyResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opGetRepositoryPolicyResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addGetRepositoryPolicyResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opGetRepositoryPolicyResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_InitiateLayerUpload.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_InitiateLayerUpload.go
index d00c727e24..dba5e3cce1 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_InitiateLayerUpload.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_InitiateLayerUpload.go
@@ -4,8 +4,13 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -71,6 +76,9 @@ func (c *Client) addOperationInitiateLayerUploadMiddlewares(stack *middleware.St
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -98,7 +106,7 @@ func (c *Client) addOperationInitiateLayerUploadMiddlewares(stack *middleware.St
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -107,6 +115,9 @@ func (c *Client) addOperationInitiateLayerUploadMiddlewares(stack *middleware.St
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addInitiateLayerUploadResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpInitiateLayerUploadValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -125,6 +136,9 @@ func (c *Client) addOperationInitiateLayerUploadMiddlewares(stack *middleware.St
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -136,3 +150,126 @@ func newServiceMetadataMiddleware_opInitiateLayerUpload(region string) *awsmiddl
 		OperationName: "InitiateLayerUpload",
 	}
 }
+
+type opInitiateLayerUploadResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opInitiateLayerUploadResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opInitiateLayerUploadResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addInitiateLayerUploadResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opInitiateLayerUploadResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_ListImages.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_ListImages.go
index f5cb17500d..785e83adc5 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_ListImages.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_ListImages.go
@@ -4,10 +4,14 @@ package ecr
 
 import (
 	"context"
+	"errors"
 	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecr/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -94,6 +98,9 @@ func (c *Client) addOperationListImagesMiddlewares(stack *middleware.Stack, opti
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -121,7 +128,7 @@ func (c *Client) addOperationListImagesMiddlewares(stack *middleware.Stack, opti
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -130,6 +137,9 @@ func (c *Client) addOperationListImagesMiddlewares(stack *middleware.Stack, opti
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addListImagesResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpListImagesValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -148,6 +158,9 @@ func (c *Client) addOperationListImagesMiddlewares(stack *middleware.Stack, opti
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -254,3 +267,126 @@ func newServiceMetadataMiddleware_opListImages(region string) *awsmiddleware.Reg
 		OperationName: "ListImages",
 	}
 }
+
+type opListImagesResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opListImagesResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opListImagesResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addListImagesResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opListImagesResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_ListTagsForResource.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_ListTagsForResource.go
index 850acd2600..80147049f0 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_ListTagsForResource.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_ListTagsForResource.go
@@ -4,9 +4,14 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecr/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -58,6 +63,9 @@ func (c *Client) addOperationListTagsForResourceMiddlewares(stack *middleware.St
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -85,7 +93,7 @@ func (c *Client) addOperationListTagsForResourceMiddlewares(stack *middleware.St
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -94,6 +102,9 @@ func (c *Client) addOperationListTagsForResourceMiddlewares(stack *middleware.St
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addListTagsForResourceResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpListTagsForResourceValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -112,6 +123,9 @@ func (c *Client) addOperationListTagsForResourceMiddlewares(stack *middleware.St
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -123,3 +137,126 @@ func newServiceMetadataMiddleware_opListTagsForResource(region string) *awsmiddl
 		OperationName: "ListTagsForResource",
 	}
 }
+
+type opListTagsForResourceResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opListTagsForResourceResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opListTagsForResourceResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addListTagsForResourceResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opListTagsForResourceResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_PutImage.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_PutImage.go
index 00269b087c..104ac9d2e2 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_PutImage.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_PutImage.go
@@ -4,9 +4,14 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecr/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -85,6 +90,9 @@ func (c *Client) addOperationPutImageMiddlewares(stack *middleware.Stack, option
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -112,7 +120,7 @@ func (c *Client) addOperationPutImageMiddlewares(stack *middleware.Stack, option
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -121,6 +129,9 @@ func (c *Client) addOperationPutImageMiddlewares(stack *middleware.Stack, option
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addPutImageResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpPutImageValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -139,6 +150,9 @@ func (c *Client) addOperationPutImageMiddlewares(stack *middleware.Stack, option
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -150,3 +164,126 @@ func newServiceMetadataMiddleware_opPutImage(region string) *awsmiddleware.Regis
 		OperationName: "PutImage",
 	}
 }
+
+type opPutImageResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opPutImageResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opPutImageResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addPutImageResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opPutImageResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_PutImageScanningConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_PutImageScanningConfiguration.go
index fbbc75cac3..cd0dd68d72 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_PutImageScanningConfiguration.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_PutImageScanningConfiguration.go
@@ -4,9 +4,14 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecr/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -79,6 +84,9 @@ func (c *Client) addOperationPutImageScanningConfigurationMiddlewares(stack *mid
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -106,7 +114,7 @@ func (c *Client) addOperationPutImageScanningConfigurationMiddlewares(stack *mid
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -115,6 +123,9 @@ func (c *Client) addOperationPutImageScanningConfigurationMiddlewares(stack *mid
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addPutImageScanningConfigurationResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpPutImageScanningConfigurationValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -133,6 +144,9 @@ func (c *Client) addOperationPutImageScanningConfigurationMiddlewares(stack *mid
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -144,3 +158,126 @@ func newServiceMetadataMiddleware_opPutImageScanningConfiguration(region string)
 		OperationName: "PutImageScanningConfiguration",
 	}
 }
+
+type opPutImageScanningConfigurationResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opPutImageScanningConfigurationResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opPutImageScanningConfigurationResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addPutImageScanningConfigurationResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opPutImageScanningConfigurationResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_PutImageTagMutability.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_PutImageTagMutability.go
index bd5a2f4f9b..4e0ed7e179 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_PutImageTagMutability.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_PutImageTagMutability.go
@@ -4,9 +4,14 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecr/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -77,6 +82,9 @@ func (c *Client) addOperationPutImageTagMutabilityMiddlewares(stack *middleware.
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -104,7 +112,7 @@ func (c *Client) addOperationPutImageTagMutabilityMiddlewares(stack *middleware.
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -113,6 +121,9 @@ func (c *Client) addOperationPutImageTagMutabilityMiddlewares(stack *middleware.
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addPutImageTagMutabilityResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpPutImageTagMutabilityValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -131,6 +142,9 @@ func (c *Client) addOperationPutImageTagMutabilityMiddlewares(stack *middleware.
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -142,3 +156,126 @@ func newServiceMetadataMiddleware_opPutImageTagMutability(region string) *awsmid
 		OperationName: "PutImageTagMutability",
 	}
 }
+
+type opPutImageTagMutabilityResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opPutImageTagMutabilityResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opPutImageTagMutabilityResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addPutImageTagMutabilityResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opPutImageTagMutabilityResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_PutLifecyclePolicy.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_PutLifecyclePolicy.go
index 8a46dfecf0..e1d71358d1 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_PutLifecyclePolicy.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_PutLifecyclePolicy.go
@@ -4,8 +4,13 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -74,6 +79,9 @@ func (c *Client) addOperationPutLifecyclePolicyMiddlewares(stack *middleware.Sta
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -101,7 +109,7 @@ func (c *Client) addOperationPutLifecyclePolicyMiddlewares(stack *middleware.Sta
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -110,6 +118,9 @@ func (c *Client) addOperationPutLifecyclePolicyMiddlewares(stack *middleware.Sta
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addPutLifecyclePolicyResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpPutLifecyclePolicyValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -128,6 +139,9 @@ func (c *Client) addOperationPutLifecyclePolicyMiddlewares(stack *middleware.Sta
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -139,3 +153,126 @@ func newServiceMetadataMiddleware_opPutLifecyclePolicy(region string) *awsmiddle
 		OperationName: "PutLifecyclePolicy",
 	}
 }
+
+type opPutLifecyclePolicyResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opPutLifecyclePolicyResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opPutLifecyclePolicyResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addPutLifecyclePolicyResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opPutLifecyclePolicyResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_PutRegistryPolicy.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_PutRegistryPolicy.go
index b02b9353a8..bbbba97642 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_PutRegistryPolicy.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_PutRegistryPolicy.go
@@ -4,8 +4,13 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -65,6 +70,9 @@ func (c *Client) addOperationPutRegistryPolicyMiddlewares(stack *middleware.Stac
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -92,7 +100,7 @@ func (c *Client) addOperationPutRegistryPolicyMiddlewares(stack *middleware.Stac
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -101,6 +109,9 @@ func (c *Client) addOperationPutRegistryPolicyMiddlewares(stack *middleware.Stac
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addPutRegistryPolicyResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpPutRegistryPolicyValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -119,6 +130,9 @@ func (c *Client) addOperationPutRegistryPolicyMiddlewares(stack *middleware.Stac
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -130,3 +144,126 @@ func newServiceMetadataMiddleware_opPutRegistryPolicy(region string) *awsmiddlew
 		OperationName: "PutRegistryPolicy",
 	}
 }
+
+type opPutRegistryPolicyResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opPutRegistryPolicyResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opPutRegistryPolicyResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addPutRegistryPolicyResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opPutRegistryPolicyResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_PutRegistryScanningConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_PutRegistryScanningConfiguration.go
index 4d0f207cfd..7261c89af4 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_PutRegistryScanningConfiguration.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_PutRegistryScanningConfiguration.go
@@ -4,9 +4,14 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecr/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -68,6 +73,9 @@ func (c *Client) addOperationPutRegistryScanningConfigurationMiddlewares(stack *
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -95,7 +103,7 @@ func (c *Client) addOperationPutRegistryScanningConfigurationMiddlewares(stack *
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -104,6 +112,9 @@ func (c *Client) addOperationPutRegistryScanningConfigurationMiddlewares(stack *
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addPutRegistryScanningConfigurationResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpPutRegistryScanningConfigurationValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -122,6 +133,9 @@ func (c *Client) addOperationPutRegistryScanningConfigurationMiddlewares(stack *
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -133,3 +147,126 @@ func newServiceMetadataMiddleware_opPutRegistryScanningConfiguration(region stri
 		OperationName: "PutRegistryScanningConfiguration",
 	}
 }
+
+type opPutRegistryScanningConfigurationResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opPutRegistryScanningConfigurationResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opPutRegistryScanningConfigurationResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addPutRegistryScanningConfigurationResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opPutRegistryScanningConfigurationResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_PutReplicationConfiguration.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_PutReplicationConfiguration.go
index 5f65524151..dc230e8127 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_PutReplicationConfiguration.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_PutReplicationConfiguration.go
@@ -4,9 +4,14 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecr/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -66,6 +71,9 @@ func (c *Client) addOperationPutReplicationConfigurationMiddlewares(stack *middl
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -93,7 +101,7 @@ func (c *Client) addOperationPutReplicationConfigurationMiddlewares(stack *middl
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -102,6 +110,9 @@ func (c *Client) addOperationPutReplicationConfigurationMiddlewares(stack *middl
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addPutReplicationConfigurationResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpPutReplicationConfigurationValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -120,6 +131,9 @@ func (c *Client) addOperationPutReplicationConfigurationMiddlewares(stack *middl
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -131,3 +145,126 @@ func newServiceMetadataMiddleware_opPutReplicationConfiguration(region string) *
 		OperationName: "PutReplicationConfiguration",
 	}
 }
+
+type opPutReplicationConfigurationResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opPutReplicationConfigurationResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opPutReplicationConfigurationResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addPutReplicationConfigurationResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opPutReplicationConfigurationResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_SetRepositoryPolicy.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_SetRepositoryPolicy.go
index 8f0eb1b57d..209df6c2d6 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_SetRepositoryPolicy.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_SetRepositoryPolicy.go
@@ -4,8 +4,13 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -82,6 +87,9 @@ func (c *Client) addOperationSetRepositoryPolicyMiddlewares(stack *middleware.St
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -109,7 +117,7 @@ func (c *Client) addOperationSetRepositoryPolicyMiddlewares(stack *middleware.St
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -118,6 +126,9 @@ func (c *Client) addOperationSetRepositoryPolicyMiddlewares(stack *middleware.St
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addSetRepositoryPolicyResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpSetRepositoryPolicyValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -136,6 +147,9 @@ func (c *Client) addOperationSetRepositoryPolicyMiddlewares(stack *middleware.St
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -147,3 +161,126 @@ func newServiceMetadataMiddleware_opSetRepositoryPolicy(region string) *awsmiddl
 		OperationName: "SetRepositoryPolicy",
 	}
 }
+
+type opSetRepositoryPolicyResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opSetRepositoryPolicyResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opSetRepositoryPolicyResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addSetRepositoryPolicyResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opSetRepositoryPolicyResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_StartImageScan.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_StartImageScan.go
index 81b58403eb..b1dc74c730 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_StartImageScan.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_StartImageScan.go
@@ -4,9 +4,14 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecr/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -79,6 +84,9 @@ func (c *Client) addOperationStartImageScanMiddlewares(stack *middleware.Stack,
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -106,7 +114,7 @@ func (c *Client) addOperationStartImageScanMiddlewares(stack *middleware.Stack,
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -115,6 +123,9 @@ func (c *Client) addOperationStartImageScanMiddlewares(stack *middleware.Stack,
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addStartImageScanResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpStartImageScanValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -133,6 +144,9 @@ func (c *Client) addOperationStartImageScanMiddlewares(stack *middleware.Stack,
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -144,3 +158,126 @@ func newServiceMetadataMiddleware_opStartImageScan(region string) *awsmiddleware
 		OperationName: "StartImageScan",
 	}
 }
+
+type opStartImageScanResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opStartImageScanResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opStartImageScanResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addStartImageScanResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opStartImageScanResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_StartLifecyclePolicyPreview.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_StartLifecyclePolicyPreview.go
index 69db5c084d..753970eae0 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_StartLifecyclePolicyPreview.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_StartLifecyclePolicyPreview.go
@@ -4,9 +4,14 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecr/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -77,6 +82,9 @@ func (c *Client) addOperationStartLifecyclePolicyPreviewMiddlewares(stack *middl
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -104,7 +112,7 @@ func (c *Client) addOperationStartLifecyclePolicyPreviewMiddlewares(stack *middl
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -113,6 +121,9 @@ func (c *Client) addOperationStartLifecyclePolicyPreviewMiddlewares(stack *middl
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addStartLifecyclePolicyPreviewResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpStartLifecyclePolicyPreviewValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -131,6 +142,9 @@ func (c *Client) addOperationStartLifecyclePolicyPreviewMiddlewares(stack *middl
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -142,3 +156,126 @@ func newServiceMetadataMiddleware_opStartLifecyclePolicyPreview(region string) *
 		OperationName: "StartLifecyclePolicyPreview",
 	}
 }
+
+type opStartLifecyclePolicyPreviewResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opStartLifecyclePolicyPreviewResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opStartLifecyclePolicyPreviewResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addStartLifecyclePolicyPreviewResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opStartLifecyclePolicyPreviewResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_TagResource.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_TagResource.go
index 84e860d571..cee2132685 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_TagResource.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_TagResource.go
@@ -4,9 +4,14 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecr/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -62,6 +67,9 @@ func (c *Client) addOperationTagResourceMiddlewares(stack *middleware.Stack, opt
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -89,7 +97,7 @@ func (c *Client) addOperationTagResourceMiddlewares(stack *middleware.Stack, opt
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -98,6 +106,9 @@ func (c *Client) addOperationTagResourceMiddlewares(stack *middleware.Stack, opt
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addTagResourceResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpTagResourceValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -116,6 +127,9 @@ func (c *Client) addOperationTagResourceMiddlewares(stack *middleware.Stack, opt
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -127,3 +141,126 @@ func newServiceMetadataMiddleware_opTagResource(region string) *awsmiddleware.Re
 		OperationName: "TagResource",
 	}
 }
+
+type opTagResourceResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opTagResourceResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opTagResourceResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addTagResourceResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opTagResourceResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_UntagResource.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_UntagResource.go
index 412384aa1e..74f12ad403 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_UntagResource.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_UntagResource.go
@@ -4,8 +4,13 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -58,6 +63,9 @@ func (c *Client) addOperationUntagResourceMiddlewares(stack *middleware.Stack, o
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -85,7 +93,7 @@ func (c *Client) addOperationUntagResourceMiddlewares(stack *middleware.Stack, o
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -94,6 +102,9 @@ func (c *Client) addOperationUntagResourceMiddlewares(stack *middleware.Stack, o
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addUntagResourceResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpUntagResourceValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -112,6 +123,9 @@ func (c *Client) addOperationUntagResourceMiddlewares(stack *middleware.Stack, o
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -123,3 +137,126 @@ func newServiceMetadataMiddleware_opUntagResource(region string) *awsmiddleware.
 		OperationName: "UntagResource",
 	}
 }
+
+type opUntagResourceResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opUntagResourceResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opUntagResourceResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addUntagResourceResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opUntagResourceResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_UploadLayerPart.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_UploadLayerPart.go
index 60abba0565..feb56bf09c 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_UploadLayerPart.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/api_op_UploadLayerPart.go
@@ -4,8 +4,13 @@ package ecr
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -96,6 +101,9 @@ func (c *Client) addOperationUploadLayerPartMiddlewares(stack *middleware.Stack,
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -123,7 +131,7 @@ func (c *Client) addOperationUploadLayerPartMiddlewares(stack *middleware.Stack,
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -132,6 +140,9 @@ func (c *Client) addOperationUploadLayerPartMiddlewares(stack *middleware.Stack,
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addUploadLayerPartResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpUploadLayerPartValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -150,6 +161,9 @@ func (c *Client) addOperationUploadLayerPartMiddlewares(stack *middleware.Stack,
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -161,3 +175,126 @@ func newServiceMetadataMiddleware_opUploadLayerPart(region string) *awsmiddlewar
 		OperationName: "UploadLayerPart",
 	}
 }
+
+type opUploadLayerPartResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opUploadLayerPartResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opUploadLayerPartResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addUploadLayerPartResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opUploadLayerPartResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/deserializers.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/deserializers.go
index 79c79b7aba..7d849ef541 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/deserializers.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/deserializers.go
@@ -991,6 +991,9 @@ func awsAwsjson11_deserializeOpErrorDeleteLifecyclePolicy(response *smithyhttp.R
 	case strings.EqualFold("ServerException", errorCode):
 		return awsAwsjson11_deserializeErrorServerException(response, errorBody)
 
+	case strings.EqualFold("ValidationException", errorCode):
+		return awsAwsjson11_deserializeErrorValidationException(response, errorBody)
+
 	default:
 		genericError := &smithy.GenericAPIError{
 			Code:    errorCode,
@@ -2554,6 +2557,9 @@ func awsAwsjson11_deserializeOpErrorGetLifecyclePolicy(response *smithyhttp.Resp
 	case strings.EqualFold("ServerException", errorCode):
 		return awsAwsjson11_deserializeErrorServerException(response, errorBody)
 
+	case strings.EqualFold("ValidationException", errorCode):
+		return awsAwsjson11_deserializeErrorValidationException(response, errorBody)
+
 	default:
 		genericError := &smithy.GenericAPIError{
 			Code:    errorCode,
@@ -2674,6 +2680,9 @@ func awsAwsjson11_deserializeOpErrorGetLifecyclePolicyPreview(response *smithyht
 	case strings.EqualFold("ServerException", errorCode):
 		return awsAwsjson11_deserializeErrorServerException(response, errorBody)
 
+	case strings.EqualFold("ValidationException", errorCode):
+		return awsAwsjson11_deserializeErrorValidationException(response, errorBody)
+
 	default:
 		genericError := &smithy.GenericAPIError{
 			Code:    errorCode,
@@ -3877,6 +3886,9 @@ func awsAwsjson11_deserializeOpErrorPutLifecyclePolicy(response *smithyhttp.Resp
 	case strings.EqualFold("ServerException", errorCode):
 		return awsAwsjson11_deserializeErrorServerException(response, errorBody)
 
+	case strings.EqualFold("ValidationException", errorCode):
+		return awsAwsjson11_deserializeErrorValidationException(response, errorBody)
+
 	default:
 		genericError := &smithy.GenericAPIError{
 			Code:    errorCode,
@@ -4597,6 +4609,9 @@ func awsAwsjson11_deserializeOpErrorStartLifecyclePolicyPreview(response *smithy
 	case strings.EqualFold("ServerException", errorCode):
 		return awsAwsjson11_deserializeErrorServerException(response, errorBody)
 
+	case strings.EqualFold("ValidationException", errorCode):
+		return awsAwsjson11_deserializeErrorValidationException(response, errorBody)
+
 	default:
 		genericError := &smithy.GenericAPIError{
 			Code:    errorCode,
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/endpoints.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/endpoints.go
index e255bc9d52..8d169bdb22 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/endpoints.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/endpoints.go
@@ -8,9 +8,13 @@ import (
 	"fmt"
 	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
+	"github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn"
 	internalendpoints "github.com/aws/aws-sdk-go-v2/service/ecr/internal/endpoints"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
+	"github.com/aws/smithy-go/ptr"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
+	"net/http"
 	"net/url"
 	"strings"
 )
@@ -39,13 +43,6 @@ func (fn EndpointResolverFunc) ResolveEndpoint(region string, options EndpointRe
 	return fn(region, options)
 }
 
-func resolveDefaultEndpointConfiguration(o *Options) {
-	if o.EndpointResolver != nil {
-		return
-	}
-	o.EndpointResolver = NewDefaultEndpointResolver()
-}
-
 // EndpointResolverFromURL returns an EndpointResolver configured using the
 // provided endpoint url. By default, the resolved endpoint resolver uses the
 // client region as signing region, and the endpoint source is set to
@@ -79,6 +76,10 @@ func (*ResolveEndpoint) ID() string {
 func (m *ResolveEndpoint) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
 	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
 ) {
+	if !awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
 	req, ok := in.Request.(*smithyhttp.Request)
 	if !ok {
 		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
@@ -94,6 +95,11 @@ func (m *ResolveEndpoint) HandleSerialize(ctx context.Context, in middleware.Ser
 	var endpoint aws.Endpoint
 	endpoint, err = m.Resolver.ResolveEndpoint(awsmiddleware.GetRegion(ctx), eo)
 	if err != nil {
+		nf := (&aws.EndpointNotFoundError{})
+		if errors.As(err, &nf) {
+			ctx = awsmiddleware.SetRequiresLegacyEndpoints(ctx, false)
+			return next.HandleSerialize(ctx, in)
+		}
 		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
 	}
 
@@ -129,27 +135,10 @@ func removeResolveEndpointMiddleware(stack *middleware.Stack) error {
 
 type wrappedEndpointResolver struct {
 	awsResolver aws.EndpointResolverWithOptions
-	resolver    EndpointResolver
 }
 
 func (w *wrappedEndpointResolver) ResolveEndpoint(region string, options EndpointResolverOptions) (endpoint aws.Endpoint, err error) {
-	if w.awsResolver == nil {
-		goto fallback
-	}
-	endpoint, err = w.awsResolver.ResolveEndpoint(ServiceID, region, options)
-	if err == nil {
-		return endpoint, nil
-	}
-
-	if nf := (&aws.EndpointNotFoundError{}); !errors.As(err, &nf) {
-		return endpoint, err
-	}
-
-fallback:
-	if w.resolver == nil {
-		return endpoint, fmt.Errorf("default endpoint resolver provided was nil")
-	}
-	return w.resolver.ResolveEndpoint(region, options)
+	return w.awsResolver.ResolveEndpoint(ServiceID, region, options)
 }
 
 type awsEndpointResolverAdaptor func(service, region string) (aws.Endpoint, error)
@@ -160,12 +149,13 @@ func (a awsEndpointResolverAdaptor) ResolveEndpoint(service, region string, opti
 
 var _ aws.EndpointResolverWithOptions = awsEndpointResolverAdaptor(nil)
 
-// withEndpointResolver returns an EndpointResolver that first delegates endpoint resolution to the awsResolver.
-// If awsResolver returns aws.EndpointNotFoundError error, the resolver will use the the provided
-// fallbackResolver for resolution.
+// withEndpointResolver returns an aws.EndpointResolverWithOptions that first delegates endpoint resolution to the awsResolver.
+// If awsResolver returns aws.EndpointNotFoundError error, the v1 resolver middleware will swallow the error,
+// and set an appropriate context flag such that fallback will occur when EndpointResolverV2 is invoked
+// via its middleware.
 //
-// fallbackResolver must not be nil
-func withEndpointResolver(awsResolver aws.EndpointResolver, awsResolverWithOptions aws.EndpointResolverWithOptions, fallbackResolver EndpointResolver) EndpointResolver {
+// If another error (besides aws.EndpointNotFoundError) is returned, then that error will be propagated.
+func withEndpointResolver(awsResolver aws.EndpointResolver, awsResolverWithOptions aws.EndpointResolverWithOptions) EndpointResolver {
 	var resolver aws.EndpointResolverWithOptions
 
 	if awsResolverWithOptions != nil {
@@ -176,7 +166,6 @@ func withEndpointResolver(awsResolver aws.EndpointResolver, awsResolverWithOptio
 
 	return &wrappedEndpointResolver{
 		awsResolver: resolver,
-		resolver:    fallbackResolver,
 	}
 }
 
@@ -198,3 +187,332 @@ func finalizeClientEndpointResolverOptions(options *Options) {
 	}
 
 }
+
+func resolveEndpointResolverV2(options *Options) {
+	if options.EndpointResolverV2 == nil {
+		options.EndpointResolverV2 = NewDefaultEndpointResolverV2()
+	}
+}
+
+// Utility function to aid with translating pseudo-regions to classical regions
+// with the appropriate setting indicated by the pseudo-region
+func mapPseudoRegion(pr string) (region string, fips aws.FIPSEndpointState) {
+	const fipsInfix = "-fips-"
+	const fipsPrefix = "fips-"
+	const fipsSuffix = "-fips"
+
+	if strings.Contains(pr, fipsInfix) ||
+		strings.Contains(pr, fipsPrefix) ||
+		strings.Contains(pr, fipsSuffix) {
+		region = strings.ReplaceAll(strings.ReplaceAll(strings.ReplaceAll(
+			pr, fipsInfix, "-"), fipsPrefix, ""), fipsSuffix, "")
+		fips = aws.FIPSEndpointStateEnabled
+	} else {
+		region = pr
+	}
+
+	return region, fips
+}
+
+// builtInParameterResolver is the interface responsible for resolving BuiltIn
+// values during the sourcing of EndpointParameters
+type builtInParameterResolver interface {
+	ResolveBuiltIns(*EndpointParameters) error
+}
+
+// builtInResolver resolves modeled BuiltIn values using only the members defined
+// below.
+type builtInResolver struct {
+	// The AWS region used to dispatch the request.
+	Region string
+
+	// Sourced BuiltIn value in a historical enabled or disabled state.
+	UseDualStack aws.DualStackEndpointState
+
+	// Sourced BuiltIn value in a historical enabled or disabled state.
+	UseFIPS aws.FIPSEndpointState
+
+	// Base endpoint that can potentially be modified during Endpoint resolution.
+	Endpoint *string
+}
+
+// Invoked at runtime to resolve BuiltIn Values. Only resolution code specific to
+// each BuiltIn value is generated.
+func (b *builtInResolver) ResolveBuiltIns(params *EndpointParameters) error {
+
+	region, _ := mapPseudoRegion(b.Region)
+	if len(region) == 0 {
+		return fmt.Errorf("Could not resolve AWS::Region")
+	} else {
+		params.Region = aws.String(region)
+	}
+	if b.UseDualStack == aws.DualStackEndpointStateEnabled {
+		params.UseDualStack = aws.Bool(true)
+	} else {
+		params.UseDualStack = aws.Bool(false)
+	}
+	if b.UseFIPS == aws.FIPSEndpointStateEnabled {
+		params.UseFIPS = aws.Bool(true)
+	} else {
+		params.UseFIPS = aws.Bool(false)
+	}
+	params.Endpoint = b.Endpoint
+	return nil
+}
+
+// EndpointParameters provides the parameters that influence how endpoints are
+// resolved.
+type EndpointParameters struct {
+	// The AWS region used to dispatch the request.
+	//
+	// Parameter is
+	// required.
+	//
+	// AWS::Region
+	Region *string
+
+	// When true, use the dual-stack endpoint. If the configured endpoint does not
+	// support dual-stack, dispatching the request MAY return an error.
+	//
+	// Defaults to
+	// false if no value is provided.
+	//
+	// AWS::UseDualStack
+	UseDualStack *bool
+
+	// When true, send this request to the FIPS-compliant regional endpoint. If the
+	// configured endpoint does not have a FIPS compliant endpoint, dispatching the
+	// request will return an error.
+	//
+	// Defaults to false if no value is
+	// provided.
+	//
+	// AWS::UseFIPS
+	UseFIPS *bool
+
+	// Override the endpoint used to send this request
+	//
+	// Parameter is
+	// required.
+	//
+	// SDK::Endpoint
+	Endpoint *string
+}
+
+// ValidateRequired validates required parameters are set.
+func (p EndpointParameters) ValidateRequired() error {
+	if p.UseDualStack == nil {
+		return fmt.Errorf("parameter UseDualStack is required")
+	}
+
+	if p.UseFIPS == nil {
+		return fmt.Errorf("parameter UseFIPS is required")
+	}
+
+	return nil
+}
+
+// WithDefaults returns a shallow copy of EndpointParameterswith default values
+// applied to members where applicable.
+func (p EndpointParameters) WithDefaults() EndpointParameters {
+	if p.UseDualStack == nil {
+		p.UseDualStack = ptr.Bool(false)
+	}
+
+	if p.UseFIPS == nil {
+		p.UseFIPS = ptr.Bool(false)
+	}
+	return p
+}
+
+// EndpointResolverV2 provides the interface for resolving service endpoints.
+type EndpointResolverV2 interface {
+	// ResolveEndpoint attempts to resolve the endpoint with the provided options,
+	// returning the endpoint if found. Otherwise an error is returned.
+	ResolveEndpoint(ctx context.Context, params EndpointParameters) (
+		smithyendpoints.Endpoint, error,
+	)
+}
+
+// resolver provides the implementation for resolving endpoints.
+type resolver struct{}
+
+func NewDefaultEndpointResolverV2() EndpointResolverV2 {
+	return &resolver{}
+}
+
+// ResolveEndpoint attempts to resolve the endpoint with the provided options,
+// returning the endpoint if found. Otherwise an error is returned.
+func (r *resolver) ResolveEndpoint(
+	ctx context.Context, params EndpointParameters,
+) (
+	endpoint smithyendpoints.Endpoint, err error,
+) {
+	params = params.WithDefaults()
+	if err = params.ValidateRequired(); err != nil {
+		return endpoint, fmt.Errorf("endpoint parameters are not valid, %w", err)
+	}
+	_UseDualStack := *params.UseDualStack
+	_UseFIPS := *params.UseFIPS
+
+	if exprVal := params.Endpoint; exprVal != nil {
+		_Endpoint := *exprVal
+		_ = _Endpoint
+		if _UseFIPS == true {
+			return endpoint, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: FIPS and custom endpoint are not supported")
+		}
+		if _UseDualStack == true {
+			return endpoint, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: Dualstack and custom endpoint are not supported")
+		}
+		uriString := _Endpoint
+
+		uri, err := url.Parse(uriString)
+		if err != nil {
+			return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+		}
+
+		return smithyendpoints.Endpoint{
+			URI:     *uri,
+			Headers: http.Header{},
+		}, nil
+	}
+	if exprVal := params.Region; exprVal != nil {
+		_Region := *exprVal
+		_ = _Region
+		if exprVal := awsrulesfn.GetPartition(_Region); exprVal != nil {
+			_PartitionResult := *exprVal
+			_ = _PartitionResult
+			if _UseFIPS == true {
+				if _UseDualStack == true {
+					if true == _PartitionResult.SupportsFIPS {
+						if true == _PartitionResult.SupportsDualStack {
+							uriString := func() string {
+								var out strings.Builder
+								out.WriteString("https://api.ecr-fips.")
+								out.WriteString(_Region)
+								out.WriteString(".")
+								out.WriteString(_PartitionResult.DualStackDnsSuffix)
+								return out.String()
+							}()
+
+							uri, err := url.Parse(uriString)
+							if err != nil {
+								return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+							}
+
+							return smithyendpoints.Endpoint{
+								URI:     *uri,
+								Headers: http.Header{},
+							}, nil
+						}
+					}
+					return endpoint, fmt.Errorf("endpoint rule error, %s", "FIPS and DualStack are enabled, but this partition does not support one or both")
+				}
+			}
+			if _UseFIPS == true {
+				if true == _PartitionResult.SupportsFIPS {
+					if "aws" == _PartitionResult.Name {
+						uriString := func() string {
+							var out strings.Builder
+							out.WriteString("https://ecr-fips.")
+							out.WriteString(_Region)
+							out.WriteString(".amazonaws.com")
+							return out.String()
+						}()
+
+						uri, err := url.Parse(uriString)
+						if err != nil {
+							return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+						}
+
+						return smithyendpoints.Endpoint{
+							URI:     *uri,
+							Headers: http.Header{},
+						}, nil
+					}
+					if "aws-us-gov" == _PartitionResult.Name {
+						uriString := func() string {
+							var out strings.Builder
+							out.WriteString("https://ecr-fips.")
+							out.WriteString(_Region)
+							out.WriteString(".amazonaws.com")
+							return out.String()
+						}()
+
+						uri, err := url.Parse(uriString)
+						if err != nil {
+							return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+						}
+
+						return smithyendpoints.Endpoint{
+							URI:     *uri,
+							Headers: http.Header{},
+						}, nil
+					}
+					uriString := func() string {
+						var out strings.Builder
+						out.WriteString("https://api.ecr-fips.")
+						out.WriteString(_Region)
+						out.WriteString(".")
+						out.WriteString(_PartitionResult.DnsSuffix)
+						return out.String()
+					}()
+
+					uri, err := url.Parse(uriString)
+					if err != nil {
+						return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+					}
+
+					return smithyendpoints.Endpoint{
+						URI:     *uri,
+						Headers: http.Header{},
+					}, nil
+				}
+				return endpoint, fmt.Errorf("endpoint rule error, %s", "FIPS is enabled but this partition does not support FIPS")
+			}
+			if _UseDualStack == true {
+				if true == _PartitionResult.SupportsDualStack {
+					uriString := func() string {
+						var out strings.Builder
+						out.WriteString("https://api.ecr.")
+						out.WriteString(_Region)
+						out.WriteString(".")
+						out.WriteString(_PartitionResult.DualStackDnsSuffix)
+						return out.String()
+					}()
+
+					uri, err := url.Parse(uriString)
+					if err != nil {
+						return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+					}
+
+					return smithyendpoints.Endpoint{
+						URI:     *uri,
+						Headers: http.Header{},
+					}, nil
+				}
+				return endpoint, fmt.Errorf("endpoint rule error, %s", "DualStack is enabled but this partition does not support DualStack")
+			}
+			uriString := func() string {
+				var out strings.Builder
+				out.WriteString("https://api.ecr.")
+				out.WriteString(_Region)
+				out.WriteString(".")
+				out.WriteString(_PartitionResult.DnsSuffix)
+				return out.String()
+			}()
+
+			uri, err := url.Parse(uriString)
+			if err != nil {
+				return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+			}
+
+			return smithyendpoints.Endpoint{
+				URI:     *uri,
+				Headers: http.Header{},
+			}, nil
+		}
+		return endpoint, fmt.Errorf("Endpoint resolution failed. Invalid operation or environment input.")
+	}
+	return endpoint, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: Missing Region")
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/generated.json b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/generated.json
index 631a65bbaf..0b78f9a898 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/generated.json
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/generated.json
@@ -4,6 +4,7 @@
         "github.com/aws/aws-sdk-go-v2/internal/configsources": "v0.0.0-00010101000000-000000000000",
         "github.com/aws/aws-sdk-go-v2/internal/endpoints/v2": "v2.0.0-00010101000000-000000000000",
         "github.com/aws/smithy-go": "v1.4.0",
+        "github.com/google/go-cmp": "v0.5.4",
         "github.com/jmespath/go-jmespath": "v0.4.0"
     },
     "files": [
@@ -53,6 +54,7 @@
         "deserializers.go",
         "doc.go",
         "endpoints.go",
+        "endpoints_test.go",
         "generated.json",
         "internal/endpoints/endpoints.go",
         "internal/endpoints/endpoints_test.go",
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/go_module_metadata.go
index 0e83ac5d00..f6cad4479b 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/go_module_metadata.go
@@ -3,4 +3,4 @@
 package ecr
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.18.11"
+const goModuleVersion = "1.20.2"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/internal/endpoints/endpoints.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/internal/endpoints/endpoints.go
index e2a8a78064..ca046cf69c 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/internal/endpoints/endpoints.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/internal/endpoints/endpoints.go
@@ -90,14 +90,16 @@ var partitionRegexp = struct {
 	AwsIso   *regexp.Regexp
 	AwsIsoB  *regexp.Regexp
 	AwsIsoE  *regexp.Regexp
+	AwsIsoF  *regexp.Regexp
 	AwsUsGov *regexp.Regexp
 }{
 
-	Aws:      regexp.MustCompile("^(us|eu|ap|sa|ca|me|af)\\-\\w+\\-\\d+$"),
+	Aws:      regexp.MustCompile("^(us|eu|ap|sa|ca|me|af|il)\\-\\w+\\-\\d+$"),
 	AwsCn:    regexp.MustCompile("^cn\\-\\w+\\-\\d+$"),
 	AwsIso:   regexp.MustCompile("^us\\-iso\\-\\w+\\-\\d+$"),
 	AwsIsoB:  regexp.MustCompile("^us\\-isob\\-\\w+\\-\\d+$"),
 	AwsIsoE:  regexp.MustCompile("^eu\\-isoe\\-\\w+\\-\\d+$"),
+	AwsIsoF:  regexp.MustCompile("^us\\-isof\\-\\w+\\-\\d+$"),
 	AwsUsGov: regexp.MustCompile("^us\\-gov\\-\\w+\\-\\d+$"),
 }
 
@@ -441,6 +443,14 @@ var defaultPartitions = endpoints.Partitions{
 				},
 				Deprecated: aws.TrueTernary,
 			},
+			endpoints.EndpointKey{
+				Region: "il-central-1",
+			}: endpoints.Endpoint{
+				Hostname: "api.ecr.il-central-1.amazonaws.com",
+				CredentialScope: endpoints.CredentialScope{
+					Region: "il-central-1",
+				},
+			},
 			endpoints.EndpointKey{
 				Region: "me-central-1",
 			}: endpoints.Endpoint{
@@ -679,6 +689,27 @@ var defaultPartitions = endpoints.Partitions{
 		RegionRegex:    partitionRegexp.AwsIsoE,
 		IsRegionalized: true,
 	},
+	{
+		ID: "aws-iso-f",
+		Defaults: map[endpoints.DefaultKey]endpoints.Endpoint{
+			{
+				Variant: endpoints.FIPSVariant,
+			}: {
+				Hostname:          "api.ecr-fips.{region}.csp.hci.ic.gov",
+				Protocols:         []string{"https"},
+				SignatureVersions: []string{"v4"},
+			},
+			{
+				Variant: 0,
+			}: {
+				Hostname:          "api.ecr.{region}.csp.hci.ic.gov",
+				Protocols:         []string{"https"},
+				SignatureVersions: []string{"v4"},
+			},
+		},
+		RegionRegex:    partitionRegexp.AwsIsoF,
+		IsRegionalized: true,
+	},
 	{
 		ID: "aws-us-gov",
 		Defaults: map[endpoints.DefaultKey]endpoints.Endpoint{
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/types/types.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/types/types.go
index 4250909400..1dbaf77259 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/types/types.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/types/types.go
@@ -612,7 +612,8 @@ type RegistryScanningRule struct {
 	// The frequency that scans are performed at for a private registry. When the
 	// ENHANCED scan type is specified, the supported scan frequencies are
 	// CONTINUOUS_SCAN and SCAN_ON_PUSH . When the BASIC scan type is specified, the
-	// SCAN_ON_PUSH and MANUAL scan frequencies are supported.
+	// SCAN_ON_PUSH scan frequency is supported. If scan on push is not specified, then
+	// the MANUAL scan frequency is set by default.
 	//
 	// This member is required.
 	ScanFrequency ScanFrequency
@@ -700,7 +701,8 @@ type Repository struct {
 	// The Amazon Resource Name (ARN) that identifies the repository. The ARN contains
 	// the arn:aws:ecr namespace, followed by the region of the repository, Amazon Web
 	// Services account ID of the repository owner, repository namespace, and
-	// repository name. For example, arn:aws:ecr:region:012345678910:repository/test .
+	// repository name. For example,
+	// arn:aws:ecr:region:012345678910:repository-namespace/repository-name .
 	RepositoryArn *string
 
 	// The name of the repository.
@@ -715,8 +717,8 @@ type Repository struct {
 
 // The filter settings used with image replication. Specifying a repository filter
 // to a replication rule provides a method for controlling which repositories in a
-// private registry are replicated. If no repository filter is specified, all
-// images in the repository are replicated.
+// private registry are replicated. If no filters are added, the contents of all
+// repositories are replicated.
 type RepositoryFilter struct {
 
 	// The repository filter details. When the PREFIX_MATCH filter type is specified,
@@ -835,9 +837,13 @@ type Tag struct {
 
 	// One part of a key-value pair that make up a tag. A key is a general label that
 	// acts like a category for more specific tag values.
+	//
+	// This member is required.
 	Key *string
 
 	// A value acts as a descriptor within a tag category (key).
+	//
+	// This member is required.
 	Value *string
 
 	noSmithyDocumentSerde
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/validators.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/validators.go
index 9baf8c8cff..754611f1c8 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/validators.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecr/validators.go
@@ -1045,6 +1045,41 @@ func validateScanningRepositoryFilterList(v []types.ScanningRepositoryFilter) er
 	}
 }
 
+func validateTag(v *types.Tag) error {
+	if v == nil {
+		return nil
+	}
+	invalidParams := smithy.InvalidParamsError{Context: "Tag"}
+	if v.Key == nil {
+		invalidParams.Add(smithy.NewErrParamRequired("Key"))
+	}
+	if v.Value == nil {
+		invalidParams.Add(smithy.NewErrParamRequired("Value"))
+	}
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	} else {
+		return nil
+	}
+}
+
+func validateTagList(v []types.Tag) error {
+	if v == nil {
+		return nil
+	}
+	invalidParams := smithy.InvalidParamsError{Context: "TagList"}
+	for i := range v {
+		if err := validateTag(&v[i]); err != nil {
+			invalidParams.AddNested(fmt.Sprintf("[%d]", i), err.(smithy.InvalidParamsError))
+		}
+	}
+	if invalidParams.Len() > 0 {
+		return invalidParams
+	} else {
+		return nil
+	}
+}
+
 func validateOpBatchCheckLayerAvailabilityInput(v *BatchCheckLayerAvailabilityInput) error {
 	if v == nil {
 		return nil
@@ -1161,6 +1196,11 @@ func validateOpCreateRepositoryInput(v *CreateRepositoryInput) error {
 	if v.RepositoryName == nil {
 		invalidParams.Add(smithy.NewErrParamRequired("RepositoryName"))
 	}
+	if v.Tags != nil {
+		if err := validateTagList(v.Tags); err != nil {
+			invalidParams.AddNested("Tags", err.(smithy.InvalidParamsError))
+		}
+	}
 	if v.EncryptionConfiguration != nil {
 		if err := validateEncryptionConfiguration(v.EncryptionConfiguration); err != nil {
 			invalidParams.AddNested("EncryptionConfiguration", err.(smithy.InvalidParamsError))
@@ -1576,6 +1616,10 @@ func validateOpTagResourceInput(v *TagResourceInput) error {
 	}
 	if v.Tags == nil {
 		invalidParams.Add(smithy.NewErrParamRequired("Tags"))
+	} else if v.Tags != nil {
+		if err := validateTagList(v.Tags); err != nil {
+			invalidParams.AddNested("Tags", err.(smithy.InvalidParamsError))
+		}
 	}
 	if invalidParams.Len() > 0 {
 		return invalidParams
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/CHANGELOG.md
index fb5b96f901..b3b5a57e6d 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/CHANGELOG.md
@@ -1,3 +1,57 @@
+# v1.18.2 (2023-10-12)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.18.1 (2023-10-06)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.18.0 (2023-09-18)
+
+* **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* **Feature**: Adds several endpoint ruleset changes across all models: smaller rulesets, removed non-unique regional endpoints, fixes FIPS and DualStack endpoints, and make region not required in SDK::Endpoint. Additional breakfix to cognito-sync field.
+
+# v1.17.5 (2023-08-21)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.4 (2023-08-18)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.3 (2023-08-17)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.2 (2023-08-07)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.1 (2023-08-01)
+
+* No change notes available for this release.
+
+# v1.17.0 (2023-07-31)
+
+* **Feature**: Adds support for smithy-modeled endpoint resolution. A new rules-based endpoint resolution will be added to the SDK which will supercede and deprecate existing endpoint resolution. Specifically, EndpointResolver will be deprecated while BaseEndpoint and EndpointResolverV2 will take its place. For more information, please see the Endpoints section in our Developer Guide.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.16.6 (2023-07-28)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.16.5 (2023-07-13)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.16.4 (2023-06-15)
+
+* No change notes available for this release.
+
+# v1.16.3 (2023-06-13)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.16.2 (2023-05-04)
 
 * No change notes available for this release.
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_client.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_client.go
index f6d7735433..a8264f47a9 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_client.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_client.go
@@ -4,6 +4,7 @@ package ecrpublic
 
 import (
 	"context"
+	"fmt"
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/aws/defaults"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
@@ -46,8 +47,6 @@ func New(options Options, optFns ...func(*Options)) *Client {
 
 	resolveHTTPSignerV4(&options)
 
-	resolveDefaultEndpointConfiguration(&options)
-
 	for _, fn := range optFns {
 		fn(&options)
 	}
@@ -65,6 +64,14 @@ type Options struct {
 	// modify this list for per operation behavior.
 	APIOptions []func(*middleware.Stack) error
 
+	// The optional application specific identifier appended to the User-Agent header.
+	AppID string
+
+	// This endpoint will be given as input to an EndpointResolverV2. It is used for
+	// providing a custom base endpoint that is subject to modifications by the
+	// processing EndpointResolverV2.
+	BaseEndpoint *string
+
 	// Configures the events that will be sent to the configured logger.
 	ClientLogMode aws.ClientLogMode
 
@@ -79,8 +86,18 @@ type Options struct {
 	EndpointOptions EndpointResolverOptions
 
 	// The service endpoint resolver.
+	//
+	// Deprecated: Deprecated: EndpointResolver and WithEndpointResolver. Providing a
+	// value for this field will likely prevent you from using any endpoint-related
+	// service features released after the introduction of EndpointResolverV2 and
+	// BaseEndpoint. To migrate an EndpointResolver implementation that uses a custom
+	// endpoint, set the client option BaseEndpoint instead.
 	EndpointResolver EndpointResolver
 
+	// Resolves the endpoint used for a particular service. This should be used over
+	// the deprecated EndpointResolver
+	EndpointResolverV2 EndpointResolverV2
+
 	// Signature Version 4 (SigV4) Signer
 	HTTPSignerV4 HTTPSignerV4
 
@@ -139,14 +156,25 @@ func WithAPIOptions(optFns ...func(*middleware.Stack) error) func(*Options) {
 	}
 }
 
-// WithEndpointResolver returns a functional option for setting the Client's
-// EndpointResolver option.
+// Deprecated: EndpointResolver and WithEndpointResolver. Providing a value for
+// this field will likely prevent you from using any endpoint-related service
+// features released after the introduction of EndpointResolverV2 and BaseEndpoint.
+// To migrate an EndpointResolver implementation that uses a custom endpoint, set
+// the client option BaseEndpoint instead.
 func WithEndpointResolver(v EndpointResolver) func(*Options) {
 	return func(o *Options) {
 		o.EndpointResolver = v
 	}
 }
 
+// WithEndpointResolverV2 returns a functional option for setting the Client's
+// EndpointResolverV2 option.
+func WithEndpointResolverV2(v EndpointResolverV2) func(*Options) {
+	return func(o *Options) {
+		o.EndpointResolverV2 = v
+	}
+}
+
 type HTTPClient interface {
 	Do(*http.Request) (*http.Response, error)
 }
@@ -163,6 +191,8 @@ func (c *Client) invokeOperation(ctx context.Context, opID string, params interf
 	ctx = middleware.ClearStackValues(ctx)
 	stack := middleware.NewStack(opID, smithyhttp.NewStackRequest)
 	options := c.options.Copy()
+	resolveEndpointResolverV2(&options)
+
 	for _, fn := range optFns {
 		fn(&options)
 	}
@@ -197,6 +227,30 @@ func (c *Client) invokeOperation(ctx context.Context, opID string, params interf
 
 type noSmithyDocumentSerde = smithydocument.NoSerde
 
+type legacyEndpointContextSetter struct {
+	LegacyResolver EndpointResolver
+}
+
+func (*legacyEndpointContextSetter) ID() string {
+	return "legacyEndpointContextSetter"
+}
+
+func (m *legacyEndpointContextSetter) HandleInitialize(ctx context.Context, in middleware.InitializeInput, next middleware.InitializeHandler) (
+	out middleware.InitializeOutput, metadata middleware.Metadata, err error,
+) {
+	if m.LegacyResolver != nil {
+		ctx = awsmiddleware.SetRequiresLegacyEndpoints(ctx, true)
+	}
+
+	return next.HandleInitialize(ctx, in)
+
+}
+func addlegacyEndpointContextSetter(stack *middleware.Stack, o Options) error {
+	return stack.Initialize.Add(&legacyEndpointContextSetter{
+		LegacyResolver: o.EndpointResolver,
+	}, middleware.Before)
+}
+
 func resolveDefaultLogger(o *Options) {
 	if o.Logger != nil {
 		return
@@ -234,6 +288,7 @@ func NewFromConfig(cfg aws.Config, optFns ...func(*Options)) *Client {
 		APIOptions:         cfg.APIOptions,
 		Logger:             cfg.Logger,
 		ClientLogMode:      cfg.ClientLogMode,
+		AppID:              cfg.AppID,
 	}
 	resolveAWSRetryerProvider(cfg, &opts)
 	resolveAWSRetryMaxAttempts(cfg, &opts)
@@ -344,11 +399,19 @@ func resolveAWSEndpointResolver(cfg aws.Config, o *Options) {
 	if cfg.EndpointResolver == nil && cfg.EndpointResolverWithOptions == nil {
 		return
 	}
-	o.EndpointResolver = withEndpointResolver(cfg.EndpointResolver, cfg.EndpointResolverWithOptions, NewDefaultEndpointResolver())
+	o.EndpointResolver = withEndpointResolver(cfg.EndpointResolver, cfg.EndpointResolverWithOptions)
 }
 
-func addClientUserAgent(stack *middleware.Stack) error {
-	return awsmiddleware.AddSDKAgentKeyValue(awsmiddleware.APIMetadata, "ecrpublic", goModuleVersion)(stack)
+func addClientUserAgent(stack *middleware.Stack, options Options) error {
+	if err := awsmiddleware.AddSDKAgentKeyValue(awsmiddleware.APIMetadata, "ecrpublic", goModuleVersion)(stack); err != nil {
+		return err
+	}
+
+	if len(options.AppID) > 0 {
+		return awsmiddleware.AddSDKAgentKey(awsmiddleware.ApplicationIdentifier, options.AppID)(stack)
+	}
+
+	return nil
 }
 
 func addHTTPSignerV4Middleware(stack *middleware.Stack, o Options) error {
@@ -432,3 +495,32 @@ func addRequestResponseLogging(stack *middleware.Stack, o Options) error {
 		LogResponseWithBody: o.ClientLogMode.IsResponseWithBody(),
 	}, middleware.After)
 }
+
+type endpointDisableHTTPSMiddleware struct {
+	EndpointDisableHTTPS bool
+}
+
+func (*endpointDisableHTTPSMiddleware) ID() string {
+	return "endpointDisableHTTPSMiddleware"
+}
+
+func (m *endpointDisableHTTPSMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointDisableHTTPS && !smithyhttp.GetHostnameImmutable(ctx) {
+		req.URL.Scheme = "http"
+	}
+
+	return next.HandleSerialize(ctx, in)
+
+}
+func addendpointDisableHTTPSMiddleware(stack *middleware.Stack, o Options) error {
+	return stack.Serialize.Insert(&endpointDisableHTTPSMiddleware{
+		EndpointDisableHTTPS: o.EndpointOptions.DisableHTTPS,
+	}, "OperationSerializer", middleware.Before)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_BatchCheckLayerAvailability.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_BatchCheckLayerAvailability.go
index 0962a06e07..d0d042e494 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_BatchCheckLayerAvailability.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_BatchCheckLayerAvailability.go
@@ -4,9 +4,14 @@ package ecrpublic
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecrpublic/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -76,6 +81,9 @@ func (c *Client) addOperationBatchCheckLayerAvailabilityMiddlewares(stack *middl
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -103,7 +111,7 @@ func (c *Client) addOperationBatchCheckLayerAvailabilityMiddlewares(stack *middl
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -112,6 +120,9 @@ func (c *Client) addOperationBatchCheckLayerAvailabilityMiddlewares(stack *middl
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addBatchCheckLayerAvailabilityResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpBatchCheckLayerAvailabilityValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -130,6 +141,9 @@ func (c *Client) addOperationBatchCheckLayerAvailabilityMiddlewares(stack *middl
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -141,3 +155,126 @@ func newServiceMetadataMiddleware_opBatchCheckLayerAvailability(region string) *
 		OperationName: "BatchCheckLayerAvailability",
 	}
 }
+
+type opBatchCheckLayerAvailabilityResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opBatchCheckLayerAvailabilityResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opBatchCheckLayerAvailabilityResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr-public"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr-public"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr-public")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addBatchCheckLayerAvailabilityResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opBatchCheckLayerAvailabilityResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_BatchDeleteImage.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_BatchDeleteImage.go
index 8ea3aa3653..1ec61e3f9c 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_BatchDeleteImage.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_BatchDeleteImage.go
@@ -4,9 +4,14 @@ package ecrpublic
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecrpublic/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -76,6 +81,9 @@ func (c *Client) addOperationBatchDeleteImageMiddlewares(stack *middleware.Stack
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -103,7 +111,7 @@ func (c *Client) addOperationBatchDeleteImageMiddlewares(stack *middleware.Stack
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -112,6 +120,9 @@ func (c *Client) addOperationBatchDeleteImageMiddlewares(stack *middleware.Stack
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addBatchDeleteImageResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpBatchDeleteImageValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -130,6 +141,9 @@ func (c *Client) addOperationBatchDeleteImageMiddlewares(stack *middleware.Stack
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -141,3 +155,126 @@ func newServiceMetadataMiddleware_opBatchDeleteImage(region string) *awsmiddlewa
 		OperationName: "BatchDeleteImage",
 	}
 }
+
+type opBatchDeleteImageResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opBatchDeleteImageResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opBatchDeleteImageResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr-public"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr-public"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr-public")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addBatchDeleteImageResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opBatchDeleteImageResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_CompleteLayerUpload.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_CompleteLayerUpload.go
index cf1bf511de..3e93650ab5 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_CompleteLayerUpload.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_CompleteLayerUpload.go
@@ -4,8 +4,13 @@ package ecrpublic
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -88,6 +93,9 @@ func (c *Client) addOperationCompleteLayerUploadMiddlewares(stack *middleware.St
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -115,7 +123,7 @@ func (c *Client) addOperationCompleteLayerUploadMiddlewares(stack *middleware.St
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -124,6 +132,9 @@ func (c *Client) addOperationCompleteLayerUploadMiddlewares(stack *middleware.St
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addCompleteLayerUploadResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpCompleteLayerUploadValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -142,6 +153,9 @@ func (c *Client) addOperationCompleteLayerUploadMiddlewares(stack *middleware.St
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -153,3 +167,126 @@ func newServiceMetadataMiddleware_opCompleteLayerUpload(region string) *awsmiddl
 		OperationName: "CompleteLayerUpload",
 	}
 }
+
+type opCompleteLayerUploadResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opCompleteLayerUploadResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opCompleteLayerUploadResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr-public"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr-public"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr-public")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addCompleteLayerUploadResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opCompleteLayerUploadResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_CreateRepository.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_CreateRepository.go
index 9586b3e388..082ffca473 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_CreateRepository.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_CreateRepository.go
@@ -4,9 +4,14 @@ package ecrpublic
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecrpublic/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -76,6 +81,9 @@ func (c *Client) addOperationCreateRepositoryMiddlewares(stack *middleware.Stack
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -103,7 +111,7 @@ func (c *Client) addOperationCreateRepositoryMiddlewares(stack *middleware.Stack
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -112,6 +120,9 @@ func (c *Client) addOperationCreateRepositoryMiddlewares(stack *middleware.Stack
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addCreateRepositoryResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpCreateRepositoryValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -130,6 +141,9 @@ func (c *Client) addOperationCreateRepositoryMiddlewares(stack *middleware.Stack
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -141,3 +155,126 @@ func newServiceMetadataMiddleware_opCreateRepository(region string) *awsmiddlewa
 		OperationName: "CreateRepository",
 	}
 }
+
+type opCreateRepositoryResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opCreateRepositoryResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opCreateRepositoryResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr-public"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr-public"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr-public")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addCreateRepositoryResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opCreateRepositoryResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_DeleteRepository.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_DeleteRepository.go
index 7fe23d70fa..6f25f9010c 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_DeleteRepository.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_DeleteRepository.go
@@ -4,9 +4,14 @@ package ecrpublic
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecrpublic/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -69,6 +74,9 @@ func (c *Client) addOperationDeleteRepositoryMiddlewares(stack *middleware.Stack
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -96,7 +104,7 @@ func (c *Client) addOperationDeleteRepositoryMiddlewares(stack *middleware.Stack
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -105,6 +113,9 @@ func (c *Client) addOperationDeleteRepositoryMiddlewares(stack *middleware.Stack
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addDeleteRepositoryResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpDeleteRepositoryValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -123,6 +134,9 @@ func (c *Client) addOperationDeleteRepositoryMiddlewares(stack *middleware.Stack
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -134,3 +148,126 @@ func newServiceMetadataMiddleware_opDeleteRepository(region string) *awsmiddlewa
 		OperationName: "DeleteRepository",
 	}
 }
+
+type opDeleteRepositoryResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opDeleteRepositoryResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opDeleteRepositoryResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr-public"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr-public"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr-public")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addDeleteRepositoryResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opDeleteRepositoryResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_DeleteRepositoryPolicy.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_DeleteRepositoryPolicy.go
index 20a8b70d43..a8f26b8374 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_DeleteRepositoryPolicy.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_DeleteRepositoryPolicy.go
@@ -4,8 +4,13 @@ package ecrpublic
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -68,6 +73,9 @@ func (c *Client) addOperationDeleteRepositoryPolicyMiddlewares(stack *middleware
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -95,7 +103,7 @@ func (c *Client) addOperationDeleteRepositoryPolicyMiddlewares(stack *middleware
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -104,6 +112,9 @@ func (c *Client) addOperationDeleteRepositoryPolicyMiddlewares(stack *middleware
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addDeleteRepositoryPolicyResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpDeleteRepositoryPolicyValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -122,6 +133,9 @@ func (c *Client) addOperationDeleteRepositoryPolicyMiddlewares(stack *middleware
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -133,3 +147,126 @@ func newServiceMetadataMiddleware_opDeleteRepositoryPolicy(region string) *awsmi
 		OperationName: "DeleteRepositoryPolicy",
 	}
 }
+
+type opDeleteRepositoryPolicyResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opDeleteRepositoryPolicyResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opDeleteRepositoryPolicyResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr-public"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr-public"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr-public")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addDeleteRepositoryPolicyResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opDeleteRepositoryPolicyResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_DescribeImageTags.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_DescribeImageTags.go
index b13ed17b9e..49847d27c5 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_DescribeImageTags.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_DescribeImageTags.go
@@ -4,10 +4,14 @@ package ecrpublic
 
 import (
 	"context"
+	"errors"
 	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecrpublic/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -86,6 +90,9 @@ func (c *Client) addOperationDescribeImageTagsMiddlewares(stack *middleware.Stac
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -113,7 +120,7 @@ func (c *Client) addOperationDescribeImageTagsMiddlewares(stack *middleware.Stac
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -122,6 +129,9 @@ func (c *Client) addOperationDescribeImageTagsMiddlewares(stack *middleware.Stac
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addDescribeImageTagsResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpDescribeImageTagsValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -140,6 +150,9 @@ func (c *Client) addOperationDescribeImageTagsMiddlewares(stack *middleware.Stac
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -248,3 +261,126 @@ func newServiceMetadataMiddleware_opDescribeImageTags(region string) *awsmiddlew
 		OperationName: "DescribeImageTags",
 	}
 }
+
+type opDescribeImageTagsResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opDescribeImageTagsResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opDescribeImageTagsResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr-public"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr-public"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr-public")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addDescribeImageTagsResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opDescribeImageTagsResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_DescribeImages.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_DescribeImages.go
index c070863e37..2060f6ed08 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_DescribeImages.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_DescribeImages.go
@@ -4,10 +4,14 @@ package ecrpublic
 
 import (
 	"context"
+	"errors"
 	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecrpublic/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -93,6 +97,9 @@ func (c *Client) addOperationDescribeImagesMiddlewares(stack *middleware.Stack,
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -120,7 +127,7 @@ func (c *Client) addOperationDescribeImagesMiddlewares(stack *middleware.Stack,
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -129,6 +136,9 @@ func (c *Client) addOperationDescribeImagesMiddlewares(stack *middleware.Stack,
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addDescribeImagesResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpDescribeImagesValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -147,6 +157,9 @@ func (c *Client) addOperationDescribeImagesMiddlewares(stack *middleware.Stack,
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -255,3 +268,126 @@ func newServiceMetadataMiddleware_opDescribeImages(region string) *awsmiddleware
 		OperationName: "DescribeImages",
 	}
 }
+
+type opDescribeImagesResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opDescribeImagesResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opDescribeImagesResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr-public"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr-public"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr-public")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addDescribeImagesResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opDescribeImagesResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_DescribeRegistries.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_DescribeRegistries.go
index 7c3c414416..6923ea084c 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_DescribeRegistries.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_DescribeRegistries.go
@@ -4,10 +4,14 @@ package ecrpublic
 
 import (
 	"context"
+	"errors"
 	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecrpublic/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -80,6 +84,9 @@ func (c *Client) addOperationDescribeRegistriesMiddlewares(stack *middleware.Sta
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -107,7 +114,7 @@ func (c *Client) addOperationDescribeRegistriesMiddlewares(stack *middleware.Sta
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -116,6 +123,9 @@ func (c *Client) addOperationDescribeRegistriesMiddlewares(stack *middleware.Sta
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addDescribeRegistriesResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opDescribeRegistries(options.Region), middleware.Before); err != nil {
 		return err
 	}
@@ -131,6 +141,9 @@ func (c *Client) addOperationDescribeRegistriesMiddlewares(stack *middleware.Sta
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -240,3 +253,126 @@ func newServiceMetadataMiddleware_opDescribeRegistries(region string) *awsmiddle
 		OperationName: "DescribeRegistries",
 	}
 }
+
+type opDescribeRegistriesResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opDescribeRegistriesResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opDescribeRegistriesResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr-public"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr-public"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr-public")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addDescribeRegistriesResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opDescribeRegistriesResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_DescribeRepositories.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_DescribeRepositories.go
index 1ad26cf7d0..4185abcc88 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_DescribeRepositories.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_DescribeRepositories.go
@@ -4,10 +4,14 @@ package ecrpublic
 
 import (
 	"context"
+	"errors"
 	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecrpublic/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -89,6 +93,9 @@ func (c *Client) addOperationDescribeRepositoriesMiddlewares(stack *middleware.S
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -116,7 +123,7 @@ func (c *Client) addOperationDescribeRepositoriesMiddlewares(stack *middleware.S
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -125,6 +132,9 @@ func (c *Client) addOperationDescribeRepositoriesMiddlewares(stack *middleware.S
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addDescribeRepositoriesResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opDescribeRepositories(options.Region), middleware.Before); err != nil {
 		return err
 	}
@@ -140,6 +150,9 @@ func (c *Client) addOperationDescribeRepositoriesMiddlewares(stack *middleware.S
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -250,3 +263,126 @@ func newServiceMetadataMiddleware_opDescribeRepositories(region string) *awsmidd
 		OperationName: "DescribeRepositories",
 	}
 }
+
+type opDescribeRepositoriesResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opDescribeRepositoriesResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opDescribeRepositoriesResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr-public"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr-public"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr-public")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addDescribeRepositoriesResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opDescribeRepositoriesResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_GetAuthorizationToken.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_GetAuthorizationToken.go
index 0b7eb72179..c7b8801b50 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_GetAuthorizationToken.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_GetAuthorizationToken.go
@@ -4,9 +4,14 @@ package ecrpublic
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecrpublic/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -55,6 +60,9 @@ func (c *Client) addOperationGetAuthorizationTokenMiddlewares(stack *middleware.
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -82,7 +90,7 @@ func (c *Client) addOperationGetAuthorizationTokenMiddlewares(stack *middleware.
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -91,6 +99,9 @@ func (c *Client) addOperationGetAuthorizationTokenMiddlewares(stack *middleware.
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addGetAuthorizationTokenResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opGetAuthorizationToken(options.Region), middleware.Before); err != nil {
 		return err
 	}
@@ -106,6 +117,9 @@ func (c *Client) addOperationGetAuthorizationTokenMiddlewares(stack *middleware.
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -117,3 +131,126 @@ func newServiceMetadataMiddleware_opGetAuthorizationToken(region string) *awsmid
 		OperationName: "GetAuthorizationToken",
 	}
 }
+
+type opGetAuthorizationTokenResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opGetAuthorizationTokenResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opGetAuthorizationTokenResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr-public"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr-public"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr-public")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addGetAuthorizationTokenResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opGetAuthorizationTokenResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_GetRegistryCatalogData.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_GetRegistryCatalogData.go
index 4f1b2d42c1..42758d2956 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_GetRegistryCatalogData.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_GetRegistryCatalogData.go
@@ -4,9 +4,14 @@ package ecrpublic
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecrpublic/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -53,6 +58,9 @@ func (c *Client) addOperationGetRegistryCatalogDataMiddlewares(stack *middleware
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -80,7 +88,7 @@ func (c *Client) addOperationGetRegistryCatalogDataMiddlewares(stack *middleware
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -89,6 +97,9 @@ func (c *Client) addOperationGetRegistryCatalogDataMiddlewares(stack *middleware
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addGetRegistryCatalogDataResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opGetRegistryCatalogData(options.Region), middleware.Before); err != nil {
 		return err
 	}
@@ -104,6 +115,9 @@ func (c *Client) addOperationGetRegistryCatalogDataMiddlewares(stack *middleware
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -115,3 +129,126 @@ func newServiceMetadataMiddleware_opGetRegistryCatalogData(region string) *awsmi
 		OperationName: "GetRegistryCatalogData",
 	}
 }
+
+type opGetRegistryCatalogDataResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opGetRegistryCatalogDataResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opGetRegistryCatalogDataResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr-public"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr-public"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr-public")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addGetRegistryCatalogDataResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opGetRegistryCatalogDataResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_GetRepositoryCatalogData.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_GetRepositoryCatalogData.go
index fd5877a415..7e2a74fb52 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_GetRepositoryCatalogData.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_GetRepositoryCatalogData.go
@@ -4,9 +4,14 @@ package ecrpublic
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecrpublic/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -63,6 +68,9 @@ func (c *Client) addOperationGetRepositoryCatalogDataMiddlewares(stack *middlewa
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -90,7 +98,7 @@ func (c *Client) addOperationGetRepositoryCatalogDataMiddlewares(stack *middlewa
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -99,6 +107,9 @@ func (c *Client) addOperationGetRepositoryCatalogDataMiddlewares(stack *middlewa
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addGetRepositoryCatalogDataResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpGetRepositoryCatalogDataValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -117,6 +128,9 @@ func (c *Client) addOperationGetRepositoryCatalogDataMiddlewares(stack *middlewa
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -128,3 +142,126 @@ func newServiceMetadataMiddleware_opGetRepositoryCatalogData(region string) *aws
 		OperationName: "GetRepositoryCatalogData",
 	}
 }
+
+type opGetRepositoryCatalogDataResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opGetRepositoryCatalogDataResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opGetRepositoryCatalogDataResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr-public"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr-public"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr-public")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addGetRepositoryCatalogDataResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opGetRepositoryCatalogDataResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_GetRepositoryPolicy.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_GetRepositoryPolicy.go
index 90fc829343..f104aada55 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_GetRepositoryPolicy.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_GetRepositoryPolicy.go
@@ -4,8 +4,13 @@ package ecrpublic
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -68,6 +73,9 @@ func (c *Client) addOperationGetRepositoryPolicyMiddlewares(stack *middleware.St
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -95,7 +103,7 @@ func (c *Client) addOperationGetRepositoryPolicyMiddlewares(stack *middleware.St
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -104,6 +112,9 @@ func (c *Client) addOperationGetRepositoryPolicyMiddlewares(stack *middleware.St
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addGetRepositoryPolicyResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpGetRepositoryPolicyValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -122,6 +133,9 @@ func (c *Client) addOperationGetRepositoryPolicyMiddlewares(stack *middleware.St
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -133,3 +147,126 @@ func newServiceMetadataMiddleware_opGetRepositoryPolicy(region string) *awsmiddl
 		OperationName: "GetRepositoryPolicy",
 	}
 }
+
+type opGetRepositoryPolicyResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opGetRepositoryPolicyResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opGetRepositoryPolicyResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr-public"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr-public"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr-public")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addGetRepositoryPolicyResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opGetRepositoryPolicyResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_InitiateLayerUpload.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_InitiateLayerUpload.go
index 42ca47b3d1..ee562fbadd 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_InitiateLayerUpload.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_InitiateLayerUpload.go
@@ -4,8 +4,13 @@ package ecrpublic
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -70,6 +75,9 @@ func (c *Client) addOperationInitiateLayerUploadMiddlewares(stack *middleware.St
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -97,7 +105,7 @@ func (c *Client) addOperationInitiateLayerUploadMiddlewares(stack *middleware.St
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -106,6 +114,9 @@ func (c *Client) addOperationInitiateLayerUploadMiddlewares(stack *middleware.St
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addInitiateLayerUploadResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpInitiateLayerUploadValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -124,6 +135,9 @@ func (c *Client) addOperationInitiateLayerUploadMiddlewares(stack *middleware.St
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -135,3 +149,126 @@ func newServiceMetadataMiddleware_opInitiateLayerUpload(region string) *awsmiddl
 		OperationName: "InitiateLayerUpload",
 	}
 }
+
+type opInitiateLayerUploadResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opInitiateLayerUploadResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opInitiateLayerUploadResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr-public"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr-public"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr-public")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addInitiateLayerUploadResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opInitiateLayerUploadResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_ListTagsForResource.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_ListTagsForResource.go
index 0ffad3cc04..34e23ec8cb 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_ListTagsForResource.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_ListTagsForResource.go
@@ -4,9 +4,14 @@ package ecrpublic
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecrpublic/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -58,6 +63,9 @@ func (c *Client) addOperationListTagsForResourceMiddlewares(stack *middleware.St
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -85,7 +93,7 @@ func (c *Client) addOperationListTagsForResourceMiddlewares(stack *middleware.St
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -94,6 +102,9 @@ func (c *Client) addOperationListTagsForResourceMiddlewares(stack *middleware.St
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addListTagsForResourceResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpListTagsForResourceValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -112,6 +123,9 @@ func (c *Client) addOperationListTagsForResourceMiddlewares(stack *middleware.St
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -123,3 +137,126 @@ func newServiceMetadataMiddleware_opListTagsForResource(region string) *awsmiddl
 		OperationName: "ListTagsForResource",
 	}
 }
+
+type opListTagsForResourceResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opListTagsForResourceResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opListTagsForResourceResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr-public"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr-public"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr-public")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addListTagsForResourceResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opListTagsForResourceResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_PutImage.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_PutImage.go
index 91d681d544..5aa1d530a1 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_PutImage.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_PutImage.go
@@ -4,9 +4,14 @@ package ecrpublic
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecrpublic/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -85,6 +90,9 @@ func (c *Client) addOperationPutImageMiddlewares(stack *middleware.Stack, option
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -112,7 +120,7 @@ func (c *Client) addOperationPutImageMiddlewares(stack *middleware.Stack, option
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -121,6 +129,9 @@ func (c *Client) addOperationPutImageMiddlewares(stack *middleware.Stack, option
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addPutImageResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpPutImageValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -139,6 +150,9 @@ func (c *Client) addOperationPutImageMiddlewares(stack *middleware.Stack, option
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -150,3 +164,126 @@ func newServiceMetadataMiddleware_opPutImage(region string) *awsmiddleware.Regis
 		OperationName: "PutImage",
 	}
 }
+
+type opPutImageResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opPutImageResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opPutImageResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr-public"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr-public"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr-public")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addPutImageResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opPutImageResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_PutRegistryCatalogData.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_PutRegistryCatalogData.go
index c6677f8110..bc2e24c79d 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_PutRegistryCatalogData.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_PutRegistryCatalogData.go
@@ -4,9 +4,14 @@ package ecrpublic
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecrpublic/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -59,6 +64,9 @@ func (c *Client) addOperationPutRegistryCatalogDataMiddlewares(stack *middleware
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -86,7 +94,7 @@ func (c *Client) addOperationPutRegistryCatalogDataMiddlewares(stack *middleware
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -95,6 +103,9 @@ func (c *Client) addOperationPutRegistryCatalogDataMiddlewares(stack *middleware
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addPutRegistryCatalogDataResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opPutRegistryCatalogData(options.Region), middleware.Before); err != nil {
 		return err
 	}
@@ -110,6 +121,9 @@ func (c *Client) addOperationPutRegistryCatalogDataMiddlewares(stack *middleware
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -121,3 +135,126 @@ func newServiceMetadataMiddleware_opPutRegistryCatalogData(region string) *awsmi
 		OperationName: "PutRegistryCatalogData",
 	}
 }
+
+type opPutRegistryCatalogDataResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opPutRegistryCatalogDataResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opPutRegistryCatalogDataResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr-public"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr-public"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr-public")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addPutRegistryCatalogDataResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opPutRegistryCatalogDataResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_PutRepositoryCatalogData.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_PutRepositoryCatalogData.go
index 70e5d3c3c1..c76c4cf1ca 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_PutRepositoryCatalogData.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_PutRepositoryCatalogData.go
@@ -4,9 +4,14 @@ package ecrpublic
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecrpublic/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -68,6 +73,9 @@ func (c *Client) addOperationPutRepositoryCatalogDataMiddlewares(stack *middlewa
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -95,7 +103,7 @@ func (c *Client) addOperationPutRepositoryCatalogDataMiddlewares(stack *middlewa
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -104,6 +112,9 @@ func (c *Client) addOperationPutRepositoryCatalogDataMiddlewares(stack *middlewa
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addPutRepositoryCatalogDataResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpPutRepositoryCatalogDataValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -122,6 +133,9 @@ func (c *Client) addOperationPutRepositoryCatalogDataMiddlewares(stack *middlewa
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -133,3 +147,126 @@ func newServiceMetadataMiddleware_opPutRepositoryCatalogData(region string) *aws
 		OperationName: "PutRepositoryCatalogData",
 	}
 }
+
+type opPutRepositoryCatalogDataResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opPutRepositoryCatalogDataResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opPutRepositoryCatalogDataResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr-public"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr-public"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr-public")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addPutRepositoryCatalogDataResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opPutRepositoryCatalogDataResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_SetRepositoryPolicy.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_SetRepositoryPolicy.go
index ff5cbd65da..72a968686f 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_SetRepositoryPolicy.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_SetRepositoryPolicy.go
@@ -4,8 +4,13 @@ package ecrpublic
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -81,6 +86,9 @@ func (c *Client) addOperationSetRepositoryPolicyMiddlewares(stack *middleware.St
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -108,7 +116,7 @@ func (c *Client) addOperationSetRepositoryPolicyMiddlewares(stack *middleware.St
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -117,6 +125,9 @@ func (c *Client) addOperationSetRepositoryPolicyMiddlewares(stack *middleware.St
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addSetRepositoryPolicyResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpSetRepositoryPolicyValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -135,6 +146,9 @@ func (c *Client) addOperationSetRepositoryPolicyMiddlewares(stack *middleware.St
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -146,3 +160,126 @@ func newServiceMetadataMiddleware_opSetRepositoryPolicy(region string) *awsmiddl
 		OperationName: "SetRepositoryPolicy",
 	}
 }
+
+type opSetRepositoryPolicyResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opSetRepositoryPolicyResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opSetRepositoryPolicyResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr-public"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr-public"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr-public")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addSetRepositoryPolicyResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opSetRepositoryPolicyResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_TagResource.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_TagResource.go
index b4cf870d56..94fe4edf11 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_TagResource.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_TagResource.go
@@ -4,9 +4,14 @@ package ecrpublic
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
 	"github.com/aws/aws-sdk-go-v2/service/ecrpublic/types"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -64,6 +69,9 @@ func (c *Client) addOperationTagResourceMiddlewares(stack *middleware.Stack, opt
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -91,7 +99,7 @@ func (c *Client) addOperationTagResourceMiddlewares(stack *middleware.Stack, opt
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -100,6 +108,9 @@ func (c *Client) addOperationTagResourceMiddlewares(stack *middleware.Stack, opt
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addTagResourceResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpTagResourceValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -118,6 +129,9 @@ func (c *Client) addOperationTagResourceMiddlewares(stack *middleware.Stack, opt
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -129,3 +143,126 @@ func newServiceMetadataMiddleware_opTagResource(region string) *awsmiddleware.Re
 		OperationName: "TagResource",
 	}
 }
+
+type opTagResourceResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opTagResourceResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opTagResourceResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr-public"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr-public"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr-public")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addTagResourceResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opTagResourceResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_UntagResource.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_UntagResource.go
index 66502ca4ac..bff2b1c3a4 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_UntagResource.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_UntagResource.go
@@ -4,8 +4,13 @@ package ecrpublic
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -58,6 +63,9 @@ func (c *Client) addOperationUntagResourceMiddlewares(stack *middleware.Stack, o
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -85,7 +93,7 @@ func (c *Client) addOperationUntagResourceMiddlewares(stack *middleware.Stack, o
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -94,6 +102,9 @@ func (c *Client) addOperationUntagResourceMiddlewares(stack *middleware.Stack, o
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addUntagResourceResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpUntagResourceValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -112,6 +123,9 @@ func (c *Client) addOperationUntagResourceMiddlewares(stack *middleware.Stack, o
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -123,3 +137,126 @@ func newServiceMetadataMiddleware_opUntagResource(region string) *awsmiddleware.
 		OperationName: "UntagResource",
 	}
 }
+
+type opUntagResourceResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opUntagResourceResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opUntagResourceResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr-public"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr-public"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr-public")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addUntagResourceResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opUntagResourceResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_UploadLayerPart.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_UploadLayerPart.go
index f194f0c1a1..dadc5f39cc 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_UploadLayerPart.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/api_op_UploadLayerPart.go
@@ -4,8 +4,13 @@ package ecrpublic
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	internalauth "github.com/aws/aws-sdk-go-v2/internal/auth"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
@@ -96,6 +101,9 @@ func (c *Client) addOperationUploadLayerPartMiddlewares(stack *middleware.Stack,
 	if err != nil {
 		return err
 	}
+	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
+		return err
+	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
@@ -123,7 +131,7 @@ func (c *Client) addOperationUploadLayerPartMiddlewares(stack *middleware.Stack,
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
-	if err = addClientUserAgent(stack); err != nil {
+	if err = addClientUserAgent(stack, options); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
@@ -132,6 +140,9 @@ func (c *Client) addOperationUploadLayerPartMiddlewares(stack *middleware.Stack,
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
+	if err = addUploadLayerPartResolveEndpointMiddleware(stack, options); err != nil {
+		return err
+	}
 	if err = addOpUploadLayerPartValidationMiddleware(stack); err != nil {
 		return err
 	}
@@ -150,6 +161,9 @@ func (c *Client) addOperationUploadLayerPartMiddlewares(stack *middleware.Stack,
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
+	if err = addendpointDisableHTTPSMiddleware(stack, options); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -161,3 +175,126 @@ func newServiceMetadataMiddleware_opUploadLayerPart(region string) *awsmiddlewar
 		OperationName: "UploadLayerPart",
 	}
 }
+
+type opUploadLayerPartResolveEndpointMiddleware struct {
+	EndpointResolver EndpointResolverV2
+	BuiltInResolver  builtInParameterResolver
+}
+
+func (*opUploadLayerPartResolveEndpointMiddleware) ID() string {
+	return "ResolveEndpointV2"
+}
+
+func (m *opUploadLayerPartResolveEndpointMiddleware) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
+	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
+) {
+	if awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
+	req, ok := in.Request.(*smithyhttp.Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	if m.EndpointResolver == nil {
+		return out, metadata, fmt.Errorf("expected endpoint resolver to not be nil")
+	}
+
+	params := EndpointParameters{}
+
+	m.BuiltInResolver.ResolveBuiltIns(&params)
+
+	var resolvedEndpoint smithyendpoints.Endpoint
+	resolvedEndpoint, err = m.EndpointResolver.ResolveEndpoint(ctx, params)
+	if err != nil {
+		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
+	}
+
+	req.URL = &resolvedEndpoint.URI
+
+	for k := range resolvedEndpoint.Headers {
+		req.Header.Set(
+			k,
+			resolvedEndpoint.Headers.Get(k),
+		)
+	}
+
+	authSchemes, err := internalauth.GetAuthenticationSchemes(&resolvedEndpoint.Properties)
+	if err != nil {
+		var nfe *internalauth.NoAuthenticationSchemesFoundError
+		if errors.As(err, &nfe) {
+			// if no auth scheme is found, default to sigv4
+			signingName := "ecr-public"
+			signingRegion := m.BuiltInResolver.(*builtInResolver).Region
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+
+		}
+		var ue *internalauth.UnSupportedAuthenticationSchemeSpecifiedError
+		if errors.As(err, &ue) {
+			return out, metadata, fmt.Errorf(
+				"This operation requests signer version(s) %v but the client only supports %v",
+				ue.UnsupportedSchemes,
+				internalauth.SupportedSchemes,
+			)
+		}
+	}
+
+	for _, authScheme := range authSchemes {
+		switch authScheme.(type) {
+		case *internalauth.AuthenticationSchemeV4:
+			v4Scheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4)
+			var signingName, signingRegion string
+			if v4Scheme.SigningName == nil {
+				signingName = "ecr-public"
+			} else {
+				signingName = *v4Scheme.SigningName
+			}
+			if v4Scheme.SigningRegion == nil {
+				signingRegion = m.BuiltInResolver.(*builtInResolver).Region
+			} else {
+				signingRegion = *v4Scheme.SigningRegion
+			}
+			if v4Scheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4Scheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, signingName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, signingRegion)
+			break
+		case *internalauth.AuthenticationSchemeV4A:
+			v4aScheme, _ := authScheme.(*internalauth.AuthenticationSchemeV4A)
+			if v4aScheme.SigningName == nil {
+				v4aScheme.SigningName = aws.String("ecr-public")
+			}
+			if v4aScheme.DisableDoubleEncoding != nil {
+				// The signer sets an equivalent value at client initialization time.
+				// Setting this context value will cause the signer to extract it
+				// and override the value set at client initialization time.
+				ctx = internalauth.SetDisableDoubleEncoding(ctx, *v4aScheme.DisableDoubleEncoding)
+			}
+			ctx = awsmiddleware.SetSigningName(ctx, *v4aScheme.SigningName)
+			ctx = awsmiddleware.SetSigningRegion(ctx, v4aScheme.SigningRegionSet[0])
+			break
+		case *internalauth.AuthenticationSchemeNone:
+			break
+		}
+	}
+
+	return next.HandleSerialize(ctx, in)
+}
+
+func addUploadLayerPartResolveEndpointMiddleware(stack *middleware.Stack, options Options) error {
+	return stack.Serialize.Insert(&opUploadLayerPartResolveEndpointMiddleware{
+		EndpointResolver: options.EndpointResolverV2,
+		BuiltInResolver: &builtInResolver{
+			Region:       options.Region,
+			UseDualStack: options.EndpointOptions.UseDualStackEndpoint,
+			UseFIPS:      options.EndpointOptions.UseFIPSEndpoint,
+			Endpoint:     options.BaseEndpoint,
+		},
+	}, "ResolveEndpoint", middleware.After)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/endpoints.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/endpoints.go
index 071eca69cb..b2ed730700 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/endpoints.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/endpoints.go
@@ -8,9 +8,13 @@ import (
 	"fmt"
 	"github.com/aws/aws-sdk-go-v2/aws"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
+	"github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn"
 	internalendpoints "github.com/aws/aws-sdk-go-v2/service/ecrpublic/internal/endpoints"
+	smithyendpoints "github.com/aws/smithy-go/endpoints"
 	"github.com/aws/smithy-go/middleware"
+	"github.com/aws/smithy-go/ptr"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
+	"net/http"
 	"net/url"
 	"strings"
 )
@@ -39,13 +43,6 @@ func (fn EndpointResolverFunc) ResolveEndpoint(region string, options EndpointRe
 	return fn(region, options)
 }
 
-func resolveDefaultEndpointConfiguration(o *Options) {
-	if o.EndpointResolver != nil {
-		return
-	}
-	o.EndpointResolver = NewDefaultEndpointResolver()
-}
-
 // EndpointResolverFromURL returns an EndpointResolver configured using the
 // provided endpoint url. By default, the resolved endpoint resolver uses the
 // client region as signing region, and the endpoint source is set to
@@ -79,6 +76,10 @@ func (*ResolveEndpoint) ID() string {
 func (m *ResolveEndpoint) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
 	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
 ) {
+	if !awsmiddleware.GetRequiresLegacyEndpoints(ctx) {
+		return next.HandleSerialize(ctx, in)
+	}
+
 	req, ok := in.Request.(*smithyhttp.Request)
 	if !ok {
 		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
@@ -94,6 +95,11 @@ func (m *ResolveEndpoint) HandleSerialize(ctx context.Context, in middleware.Ser
 	var endpoint aws.Endpoint
 	endpoint, err = m.Resolver.ResolveEndpoint(awsmiddleware.GetRegion(ctx), eo)
 	if err != nil {
+		nf := (&aws.EndpointNotFoundError{})
+		if errors.As(err, &nf) {
+			ctx = awsmiddleware.SetRequiresLegacyEndpoints(ctx, false)
+			return next.HandleSerialize(ctx, in)
+		}
 		return out, metadata, fmt.Errorf("failed to resolve service endpoint, %w", err)
 	}
 
@@ -129,27 +135,10 @@ func removeResolveEndpointMiddleware(stack *middleware.Stack) error {
 
 type wrappedEndpointResolver struct {
 	awsResolver aws.EndpointResolverWithOptions
-	resolver    EndpointResolver
 }
 
 func (w *wrappedEndpointResolver) ResolveEndpoint(region string, options EndpointResolverOptions) (endpoint aws.Endpoint, err error) {
-	if w.awsResolver == nil {
-		goto fallback
-	}
-	endpoint, err = w.awsResolver.ResolveEndpoint(ServiceID, region, options)
-	if err == nil {
-		return endpoint, nil
-	}
-
-	if nf := (&aws.EndpointNotFoundError{}); !errors.As(err, &nf) {
-		return endpoint, err
-	}
-
-fallback:
-	if w.resolver == nil {
-		return endpoint, fmt.Errorf("default endpoint resolver provided was nil")
-	}
-	return w.resolver.ResolveEndpoint(region, options)
+	return w.awsResolver.ResolveEndpoint(ServiceID, region, options)
 }
 
 type awsEndpointResolverAdaptor func(service, region string) (aws.Endpoint, error)
@@ -160,12 +149,13 @@ func (a awsEndpointResolverAdaptor) ResolveEndpoint(service, region string, opti
 
 var _ aws.EndpointResolverWithOptions = awsEndpointResolverAdaptor(nil)
 
-// withEndpointResolver returns an EndpointResolver that first delegates endpoint resolution to the awsResolver.
-// If awsResolver returns aws.EndpointNotFoundError error, the resolver will use the the provided
-// fallbackResolver for resolution.
+// withEndpointResolver returns an aws.EndpointResolverWithOptions that first delegates endpoint resolution to the awsResolver.
+// If awsResolver returns aws.EndpointNotFoundError error, the v1 resolver middleware will swallow the error,
+// and set an appropriate context flag such that fallback will occur when EndpointResolverV2 is invoked
+// via its middleware.
 //
-// fallbackResolver must not be nil
-func withEndpointResolver(awsResolver aws.EndpointResolver, awsResolverWithOptions aws.EndpointResolverWithOptions, fallbackResolver EndpointResolver) EndpointResolver {
+// If another error (besides aws.EndpointNotFoundError) is returned, then that error will be propagated.
+func withEndpointResolver(awsResolver aws.EndpointResolver, awsResolverWithOptions aws.EndpointResolverWithOptions) EndpointResolver {
 	var resolver aws.EndpointResolverWithOptions
 
 	if awsResolverWithOptions != nil {
@@ -176,7 +166,6 @@ func withEndpointResolver(awsResolver aws.EndpointResolver, awsResolverWithOptio
 
 	return &wrappedEndpointResolver{
 		awsResolver: resolver,
-		resolver:    fallbackResolver,
 	}
 }
 
@@ -198,3 +187,294 @@ func finalizeClientEndpointResolverOptions(options *Options) {
 	}
 
 }
+
+func resolveEndpointResolverV2(options *Options) {
+	if options.EndpointResolverV2 == nil {
+		options.EndpointResolverV2 = NewDefaultEndpointResolverV2()
+	}
+}
+
+// Utility function to aid with translating pseudo-regions to classical regions
+// with the appropriate setting indicated by the pseudo-region
+func mapPseudoRegion(pr string) (region string, fips aws.FIPSEndpointState) {
+	const fipsInfix = "-fips-"
+	const fipsPrefix = "fips-"
+	const fipsSuffix = "-fips"
+
+	if strings.Contains(pr, fipsInfix) ||
+		strings.Contains(pr, fipsPrefix) ||
+		strings.Contains(pr, fipsSuffix) {
+		region = strings.ReplaceAll(strings.ReplaceAll(strings.ReplaceAll(
+			pr, fipsInfix, "-"), fipsPrefix, ""), fipsSuffix, "")
+		fips = aws.FIPSEndpointStateEnabled
+	} else {
+		region = pr
+	}
+
+	return region, fips
+}
+
+// builtInParameterResolver is the interface responsible for resolving BuiltIn
+// values during the sourcing of EndpointParameters
+type builtInParameterResolver interface {
+	ResolveBuiltIns(*EndpointParameters) error
+}
+
+// builtInResolver resolves modeled BuiltIn values using only the members defined
+// below.
+type builtInResolver struct {
+	// The AWS region used to dispatch the request.
+	Region string
+
+	// Sourced BuiltIn value in a historical enabled or disabled state.
+	UseDualStack aws.DualStackEndpointState
+
+	// Sourced BuiltIn value in a historical enabled or disabled state.
+	UseFIPS aws.FIPSEndpointState
+
+	// Base endpoint that can potentially be modified during Endpoint resolution.
+	Endpoint *string
+}
+
+// Invoked at runtime to resolve BuiltIn Values. Only resolution code specific to
+// each BuiltIn value is generated.
+func (b *builtInResolver) ResolveBuiltIns(params *EndpointParameters) error {
+
+	region, _ := mapPseudoRegion(b.Region)
+	if len(region) == 0 {
+		return fmt.Errorf("Could not resolve AWS::Region")
+	} else {
+		params.Region = aws.String(region)
+	}
+	if b.UseDualStack == aws.DualStackEndpointStateEnabled {
+		params.UseDualStack = aws.Bool(true)
+	} else {
+		params.UseDualStack = aws.Bool(false)
+	}
+	if b.UseFIPS == aws.FIPSEndpointStateEnabled {
+		params.UseFIPS = aws.Bool(true)
+	} else {
+		params.UseFIPS = aws.Bool(false)
+	}
+	params.Endpoint = b.Endpoint
+	return nil
+}
+
+// EndpointParameters provides the parameters that influence how endpoints are
+// resolved.
+type EndpointParameters struct {
+	// The AWS region used to dispatch the request.
+	//
+	// Parameter is
+	// required.
+	//
+	// AWS::Region
+	Region *string
+
+	// When true, use the dual-stack endpoint. If the configured endpoint does not
+	// support dual-stack, dispatching the request MAY return an error.
+	//
+	// Defaults to
+	// false if no value is provided.
+	//
+	// AWS::UseDualStack
+	UseDualStack *bool
+
+	// When true, send this request to the FIPS-compliant regional endpoint. If the
+	// configured endpoint does not have a FIPS compliant endpoint, dispatching the
+	// request will return an error.
+	//
+	// Defaults to false if no value is
+	// provided.
+	//
+	// AWS::UseFIPS
+	UseFIPS *bool
+
+	// Override the endpoint used to send this request
+	//
+	// Parameter is
+	// required.
+	//
+	// SDK::Endpoint
+	Endpoint *string
+}
+
+// ValidateRequired validates required parameters are set.
+func (p EndpointParameters) ValidateRequired() error {
+	if p.UseDualStack == nil {
+		return fmt.Errorf("parameter UseDualStack is required")
+	}
+
+	if p.UseFIPS == nil {
+		return fmt.Errorf("parameter UseFIPS is required")
+	}
+
+	return nil
+}
+
+// WithDefaults returns a shallow copy of EndpointParameterswith default values
+// applied to members where applicable.
+func (p EndpointParameters) WithDefaults() EndpointParameters {
+	if p.UseDualStack == nil {
+		p.UseDualStack = ptr.Bool(false)
+	}
+
+	if p.UseFIPS == nil {
+		p.UseFIPS = ptr.Bool(false)
+	}
+	return p
+}
+
+// EndpointResolverV2 provides the interface for resolving service endpoints.
+type EndpointResolverV2 interface {
+	// ResolveEndpoint attempts to resolve the endpoint with the provided options,
+	// returning the endpoint if found. Otherwise an error is returned.
+	ResolveEndpoint(ctx context.Context, params EndpointParameters) (
+		smithyendpoints.Endpoint, error,
+	)
+}
+
+// resolver provides the implementation for resolving endpoints.
+type resolver struct{}
+
+func NewDefaultEndpointResolverV2() EndpointResolverV2 {
+	return &resolver{}
+}
+
+// ResolveEndpoint attempts to resolve the endpoint with the provided options,
+// returning the endpoint if found. Otherwise an error is returned.
+func (r *resolver) ResolveEndpoint(
+	ctx context.Context, params EndpointParameters,
+) (
+	endpoint smithyendpoints.Endpoint, err error,
+) {
+	params = params.WithDefaults()
+	if err = params.ValidateRequired(); err != nil {
+		return endpoint, fmt.Errorf("endpoint parameters are not valid, %w", err)
+	}
+	_UseDualStack := *params.UseDualStack
+	_UseFIPS := *params.UseFIPS
+
+	if exprVal := params.Endpoint; exprVal != nil {
+		_Endpoint := *exprVal
+		_ = _Endpoint
+		if _UseFIPS == true {
+			return endpoint, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: FIPS and custom endpoint are not supported")
+		}
+		if _UseDualStack == true {
+			return endpoint, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: Dualstack and custom endpoint are not supported")
+		}
+		uriString := _Endpoint
+
+		uri, err := url.Parse(uriString)
+		if err != nil {
+			return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+		}
+
+		return smithyendpoints.Endpoint{
+			URI:     *uri,
+			Headers: http.Header{},
+		}, nil
+	}
+	if exprVal := params.Region; exprVal != nil {
+		_Region := *exprVal
+		_ = _Region
+		if exprVal := awsrulesfn.GetPartition(_Region); exprVal != nil {
+			_PartitionResult := *exprVal
+			_ = _PartitionResult
+			if _UseFIPS == true {
+				if _UseDualStack == true {
+					if true == _PartitionResult.SupportsFIPS {
+						if true == _PartitionResult.SupportsDualStack {
+							uriString := func() string {
+								var out strings.Builder
+								out.WriteString("https://api.ecr-public-fips.")
+								out.WriteString(_Region)
+								out.WriteString(".")
+								out.WriteString(_PartitionResult.DualStackDnsSuffix)
+								return out.String()
+							}()
+
+							uri, err := url.Parse(uriString)
+							if err != nil {
+								return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+							}
+
+							return smithyendpoints.Endpoint{
+								URI:     *uri,
+								Headers: http.Header{},
+							}, nil
+						}
+					}
+					return endpoint, fmt.Errorf("endpoint rule error, %s", "FIPS and DualStack are enabled, but this partition does not support one or both")
+				}
+			}
+			if _UseFIPS == true {
+				if true == _PartitionResult.SupportsFIPS {
+					uriString := func() string {
+						var out strings.Builder
+						out.WriteString("https://api.ecr-public-fips.")
+						out.WriteString(_Region)
+						out.WriteString(".")
+						out.WriteString(_PartitionResult.DnsSuffix)
+						return out.String()
+					}()
+
+					uri, err := url.Parse(uriString)
+					if err != nil {
+						return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+					}
+
+					return smithyendpoints.Endpoint{
+						URI:     *uri,
+						Headers: http.Header{},
+					}, nil
+				}
+				return endpoint, fmt.Errorf("endpoint rule error, %s", "FIPS is enabled but this partition does not support FIPS")
+			}
+			if _UseDualStack == true {
+				if true == _PartitionResult.SupportsDualStack {
+					uriString := func() string {
+						var out strings.Builder
+						out.WriteString("https://api.ecr-public.")
+						out.WriteString(_Region)
+						out.WriteString(".")
+						out.WriteString(_PartitionResult.DualStackDnsSuffix)
+						return out.String()
+					}()
+
+					uri, err := url.Parse(uriString)
+					if err != nil {
+						return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+					}
+
+					return smithyendpoints.Endpoint{
+						URI:     *uri,
+						Headers: http.Header{},
+					}, nil
+				}
+				return endpoint, fmt.Errorf("endpoint rule error, %s", "DualStack is enabled but this partition does not support DualStack")
+			}
+			uriString := func() string {
+				var out strings.Builder
+				out.WriteString("https://api.ecr-public.")
+				out.WriteString(_Region)
+				out.WriteString(".")
+				out.WriteString(_PartitionResult.DnsSuffix)
+				return out.String()
+			}()
+
+			uri, err := url.Parse(uriString)
+			if err != nil {
+				return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+			}
+
+			return smithyendpoints.Endpoint{
+				URI:     *uri,
+				Headers: http.Header{},
+			}, nil
+		}
+		return endpoint, fmt.Errorf("Endpoint resolution failed. Invalid operation or environment input.")
+	}
+	return endpoint, fmt.Errorf("endpoint rule error, %s", "Invalid Configuration: Missing Region")
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/generated.json b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/generated.json
index a60655a86d..067ae4319e 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/generated.json
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/generated.json
@@ -3,7 +3,8 @@
         "github.com/aws/aws-sdk-go-v2": "v1.4.0",
         "github.com/aws/aws-sdk-go-v2/internal/configsources": "v0.0.0-00010101000000-000000000000",
         "github.com/aws/aws-sdk-go-v2/internal/endpoints/v2": "v2.0.0-00010101000000-000000000000",
-        "github.com/aws/smithy-go": "v1.4.0"
+        "github.com/aws/smithy-go": "v1.4.0",
+        "github.com/google/go-cmp": "v0.5.4"
     },
     "files": [
         "api_client.go",
@@ -34,6 +35,7 @@
         "deserializers.go",
         "doc.go",
         "endpoints.go",
+        "endpoints_test.go",
         "generated.json",
         "internal/endpoints/endpoints.go",
         "internal/endpoints/endpoints_test.go",
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/go_module_metadata.go
index 70b89eb763..10b100d2f1 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/go_module_metadata.go
@@ -3,4 +3,4 @@
 package ecrpublic
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.16.2"
+const goModuleVersion = "1.18.2"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/internal/endpoints/endpoints.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/internal/endpoints/endpoints.go
index 0f540b2c2d..7f12229598 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/internal/endpoints/endpoints.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ecrpublic/internal/endpoints/endpoints.go
@@ -90,14 +90,16 @@ var partitionRegexp = struct {
 	AwsIso   *regexp.Regexp
 	AwsIsoB  *regexp.Regexp
 	AwsIsoE  *regexp.Regexp
+	AwsIsoF  *regexp.Regexp
 	AwsUsGov *regexp.Regexp
 }{
 
-	Aws:      regexp.MustCompile("^(us|eu|ap|sa|ca|me|af)\\-\\w+\\-\\d+$"),
+	Aws:      regexp.MustCompile("^(us|eu|ap|sa|ca|me|af|il)\\-\\w+\\-\\d+$"),
 	AwsCn:    regexp.MustCompile("^cn\\-\\w+\\-\\d+$"),
 	AwsIso:   regexp.MustCompile("^us\\-iso\\-\\w+\\-\\d+$"),
 	AwsIsoB:  regexp.MustCompile("^us\\-isob\\-\\w+\\-\\d+$"),
 	AwsIsoE:  regexp.MustCompile("^eu\\-isoe\\-\\w+\\-\\d+$"),
+	AwsIsoF:  regexp.MustCompile("^us\\-isof\\-\\w+\\-\\d+$"),
 	AwsUsGov: regexp.MustCompile("^us\\-gov\\-\\w+\\-\\d+$"),
 }
 
@@ -253,6 +255,27 @@ var defaultPartitions = endpoints.Partitions{
 		RegionRegex:    partitionRegexp.AwsIsoE,
 		IsRegionalized: true,
 	},
+	{
+		ID: "aws-iso-f",
+		Defaults: map[endpoints.DefaultKey]endpoints.Endpoint{
+			{
+				Variant: endpoints.FIPSVariant,
+			}: {
+				Hostname:          "api.ecr-public-fips.{region}.csp.hci.ic.gov",
+				Protocols:         []string{"https"},
+				SignatureVersions: []string{"v4"},
+			},
+			{
+				Variant: 0,
+			}: {
+				Hostname:          "api.ecr-public.{region}.csp.hci.ic.gov",
+				Protocols:         []string{"https"},
+				SignatureVersions: []string{"v4"},
+			},
+		},
+		RegionRegex:    partitionRegexp.AwsIsoF,
+		IsRegionalized: true,
+	},
 	{
 		ID: "aws-us-gov",
 		Defaults: map[endpoints.DefaultKey]endpoints.Endpoint{
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go
index 6c26194f41..f2fffc40ec 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go
@@ -19175,6 +19175,9 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "ap-northeast-2",
 				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
 				endpointKey{
 					Region: "ap-south-1",
 				}: endpoint{},
@@ -19227,6 +19230,9 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "ap-northeast-2",
 				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
 				endpointKey{
 					Region: "ap-south-1",
 				}: endpoint{},
@@ -19279,6 +19285,9 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "ap-northeast-2",
 				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
 				endpointKey{
 					Region: "ap-south-1",
 				}: endpoint{},
@@ -26105,6 +26114,9 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "ap-northeast-2",
 				}: endpoint{},
+				endpointKey{
+					Region: "ap-northeast-3",
+				}: endpoint{},
 				endpointKey{
 					Region: "ap-south-1",
 				}: endpoint{},
@@ -26114,15 +26126,24 @@ var awsPartition = partition{
 				endpointKey{
 					Region: "ap-southeast-2",
 				}: endpoint{},
+				endpointKey{
+					Region: "ca-central-1",
+				}: endpoint{},
 				endpointKey{
 					Region: "eu-central-1",
 				}: endpoint{},
+				endpointKey{
+					Region: "eu-north-1",
+				}: endpoint{},
 				endpointKey{
 					Region: "eu-west-1",
 				}: endpoint{},
 				endpointKey{
 					Region: "eu-west-2",
 				}: endpoint{},
+				endpointKey{
+					Region: "eu-west-3",
+				}: endpoint{},
 				endpointKey{
 					Region: "sa-east-1",
 				}: endpoint{},
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/version.go b/vendor/github.com/aws/aws-sdk-go/aws/version.go
index 2a896f2b95..9b97972dfd 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/version.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/version.go
@@ -5,4 +5,4 @@ package aws
 const SDKName = "aws-sdk-go"
 
 // SDKVersion is the version of this SDK
-const SDKVersion = "1.46.3"
+const SDKVersion = "1.47.0"
diff --git a/vendor/github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cache/file.go b/vendor/github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cache/file.go
index bc70693b81..19dc33bb5e 100644
--- a/vendor/github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cache/file.go
+++ b/vendor/github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cache/file.go
@@ -16,7 +16,6 @@ package cache
 import (
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 
@@ -123,7 +122,7 @@ func (f *fileCredentialCache) fullFilePath() string {
 // This eliminates from reading partially written credential files, and reduces (but does not eliminate) concurrent
 // file access. There is not guarantee here for handling multiple writes at once since there is no out of process locking.
 func (f *fileCredentialCache) save(registryCache *RegistryCache) error {
-	file, err := ioutil.TempFile(f.path, ".config.json.tmp")
+	file, err := os.CreateTemp(f.path, ".config.json.tmp")
 	if err != nil {
 		return err
 	}
diff --git a/vendor/github.com/buildkite/agent/v3/api/annotations.go b/vendor/github.com/buildkite/agent/v3/api/annotations.go
index 31c7e9bea4..8bb0868823 100644
--- a/vendor/github.com/buildkite/agent/v3/api/annotations.go
+++ b/vendor/github.com/buildkite/agent/v3/api/annotations.go
@@ -15,7 +15,7 @@ type Annotation struct {
 
 // Annotate a build in the Buildkite UI
 func (c *Client) Annotate(ctx context.Context, jobId string, annotation *Annotation) (*Response, error) {
-	u := fmt.Sprintf("jobs/%s/annotations", jobId)
+	u := fmt.Sprintf("jobs/%s/annotations", railsPathEscape(jobId))
 
 	req, err := c.newRequest(ctx, "POST", u, annotation)
 	if err != nil {
@@ -27,7 +27,7 @@ func (c *Client) Annotate(ctx context.Context, jobId string, annotation *Annotat
 
 // Remove an annotation from a build
 func (c *Client) AnnotationRemove(ctx context.Context, jobId string, context string) (*Response, error) {
-	u := fmt.Sprintf("jobs/%s/annotations/%s", jobId, context)
+	u := fmt.Sprintf("jobs/%s/annotations/%s", railsPathEscape(jobId), railsPathEscape(context))
 
 	req, err := c.newRequest(ctx, "DELETE", u, nil)
 	if err != nil {
diff --git a/vendor/github.com/buildkite/agent/v3/api/artifacts.go b/vendor/github.com/buildkite/agent/v3/api/artifacts.go
index df2a84f86d..ffd9749ede 100644
--- a/vendor/github.com/buildkite/agent/v3/api/artifacts.go
+++ b/vendor/github.com/buildkite/agent/v3/api/artifacts.go
@@ -93,7 +93,7 @@ type ArtifactBatchUpdateRequest struct {
 
 // CreateArtifacts takes a slice of artifacts, and creates them on Buildkite as a batch.
 func (c *Client) CreateArtifacts(ctx context.Context, jobId string, batch *ArtifactBatch) (*ArtifactBatchCreateResponse, *Response, error) {
-	u := fmt.Sprintf("jobs/%s/artifacts", jobId)
+	u := fmt.Sprintf("jobs/%s/artifacts", railsPathEscape(jobId))
 
 	req, err := c.newRequest(ctx, "POST", u, batch)
 	if err != nil {
@@ -111,7 +111,7 @@ func (c *Client) CreateArtifacts(ctx context.Context, jobId string, batch *Artif
 
 // Updates a particular artifact
 func (c *Client) UpdateArtifacts(ctx context.Context, jobId string, artifactStates map[string]string) (*Response, error) {
-	u := fmt.Sprintf("jobs/%s/artifacts", jobId)
+	u := fmt.Sprintf("jobs/%s/artifacts", railsPathEscape(jobId))
 	payload := ArtifactBatchUpdateRequest{}
 
 	for id, state := range artifactStates {
@@ -133,7 +133,7 @@ func (c *Client) UpdateArtifacts(ctx context.Context, jobId string, artifactStat
 
 // SearchArtifacts searches Buildkite for a set of artifacts
 func (c *Client) SearchArtifacts(ctx context.Context, buildId string, opt *ArtifactSearchOptions) ([]*Artifact, *Response, error) {
-	u := fmt.Sprintf("builds/%s/artifacts/search", buildId)
+	u := fmt.Sprintf("builds/%s/artifacts/search", railsPathEscape(buildId))
 	u, err := addOptions(u, opt)
 	if err != nil {
 		return nil, nil, err
diff --git a/vendor/github.com/buildkite/agent/v3/api/chunks.go b/vendor/github.com/buildkite/agent/v3/api/chunks.go
index cc5fa97059..d238584b39 100644
--- a/vendor/github.com/buildkite/agent/v3/api/chunks.go
+++ b/vendor/github.com/buildkite/agent/v3/api/chunks.go
@@ -27,7 +27,7 @@ func (c *Client) UploadChunk(ctx context.Context, jobId string, chunk *Chunk) (*
 	}
 
 	// Pass most params as query
-	u := fmt.Sprintf("jobs/%s/chunks?sequence=%d&offset=%d&size=%d", jobId, chunk.Sequence, chunk.Offset, chunk.Size)
+	u := fmt.Sprintf("jobs/%s/chunks?sequence=%d&offset=%d&size=%d", railsPathEscape(jobId), chunk.Sequence, chunk.Offset, chunk.Size)
 	req, err := c.newFormRequest(ctx, "POST", u, body)
 	if err != nil {
 		return nil, err
diff --git a/vendor/github.com/buildkite/agent/v3/api/client.go b/vendor/github.com/buildkite/agent/v3/api/client.go
index b3c6d89a7f..42aa57bec0 100644
--- a/vendor/github.com/buildkite/agent/v3/api/client.go
+++ b/vendor/github.com/buildkite/agent/v3/api/client.go
@@ -364,3 +364,8 @@ func addOptions(s string, opt any) (string, error) {
 func joinURLPath(endpoint string, path string) string {
 	return strings.TrimRight(endpoint, "/") + "/" + strings.TrimLeft(path, "/")
 }
+
+// Rails doesn't accept dots in some path segments.
+func railsPathEscape(s string) string {
+	return strings.ReplaceAll(url.PathEscape(s), ".", "%2E")
+}
diff --git a/vendor/github.com/buildkite/agent/v3/api/header_times.go b/vendor/github.com/buildkite/agent/v3/api/header_times.go
index 5302d7b664..4a5283404c 100644
--- a/vendor/github.com/buildkite/agent/v3/api/header_times.go
+++ b/vendor/github.com/buildkite/agent/v3/api/header_times.go
@@ -13,7 +13,7 @@ type HeaderTimes struct {
 
 // SaveHeaderTimes saves the header times to the job
 func (c *Client) SaveHeaderTimes(ctx context.Context, jobId string, headerTimes *HeaderTimes) (*Response, error) {
-	u := fmt.Sprintf("jobs/%s/header_times", jobId)
+	u := fmt.Sprintf("jobs/%s/header_times", railsPathEscape(jobId))
 
 	req, err := c.newRequest(ctx, "POST", u, headerTimes)
 	if err != nil {
diff --git a/vendor/github.com/buildkite/agent/v3/api/jobs.go b/vendor/github.com/buildkite/agent/v3/api/jobs.go
index 58e0dbc885..1b98055192 100644
--- a/vendor/github.com/buildkite/agent/v3/api/jobs.go
+++ b/vendor/github.com/buildkite/agent/v3/api/jobs.go
@@ -3,51 +3,28 @@ package api
 import (
 	"context"
 	"fmt"
-	"strings"
 
 	"github.com/buildkite/agent/v3/internal/pipeline"
 )
 
 // Job represents a Buildkite Agent API Job
 type Job struct {
-	ID                 string               `json:"id,omitempty"`
-	Endpoint           string               `json:"endpoint"`
-	State              string               `json:"state,omitempty"`
-	Env                map[string]string    `json:"env,omitempty"`
-	Step               pipeline.CommandStep `json:"step,omitempty"`
-	ChunksMaxSizeBytes uint64               `json:"chunks_max_size_bytes,omitempty"`
-	LogMaxSizeBytes    uint64               `json:"log_max_size_bytes,omitempty"`
-	Token              string               `json:"token,omitempty"`
-	ExitStatus         string               `json:"exit_status,omitempty"`
-	Signal             string               `json:"signal,omitempty"`
-	SignalReason       string               `json:"signal_reason,omitempty"`
-	StartedAt          string               `json:"started_at,omitempty"`
-	FinishedAt         string               `json:"finished_at,omitempty"`
-	RunnableAt         string               `json:"runnable_at,omitempty"`
-	ChunksFailedCount  int                  `json:"chunks_failed_count,omitempty"`
-}
-
-func (j *Job) ValuesForFields(fields []string) (map[string]string, error) {
-	o := make(map[string]string, len(fields))
-	for _, f := range fields {
-		switch f {
-		case "command":
-			o[f] = j.Env["BUILDKITE_COMMAND"]
-
-		case "plugins":
-			o[f] = j.Env["BUILDKITE_PLUGINS"]
-
-		default:
-			if e, has := strings.CutPrefix(f, pipeline.EnvNamespacePrefix); has {
-				o[f] = j.Env[e]
-				break
-			}
-
-			return nil, fmt.Errorf("unknown or unsupported field on Job struct for signing/verification: %q", f)
-		}
-	}
-
-	return o, nil
+	ID                 string                     `json:"id,omitempty"`
+	Endpoint           string                     `json:"endpoint"`
+	State              string                     `json:"state,omitempty"`
+	Env                map[string]string          `json:"env,omitempty"`
+	Step               pipeline.CommandStep       `json:"step,omitempty"`
+	MatrixPermutation  pipeline.MatrixPermutation `json:"matrix_permutation,omitempty"`
+	ChunksMaxSizeBytes uint64                     `json:"chunks_max_size_bytes,omitempty"`
+	LogMaxSizeBytes    uint64                     `json:"log_max_size_bytes,omitempty"`
+	Token              string                     `json:"token,omitempty"`
+	ExitStatus         string                     `json:"exit_status,omitempty"`
+	Signal             string                     `json:"signal,omitempty"`
+	SignalReason       string                     `json:"signal_reason,omitempty"`
+	StartedAt          string                     `json:"started_at,omitempty"`
+	FinishedAt         string                     `json:"finished_at,omitempty"`
+	RunnableAt         string                     `json:"runnable_at,omitempty"`
+	ChunksFailedCount  int                        `json:"chunks_failed_count,omitempty"`
 }
 
 type JobState struct {
@@ -68,7 +45,7 @@ type jobFinishRequest struct {
 
 // GetJobState returns the state of a given job
 func (c *Client) GetJobState(ctx context.Context, id string) (*JobState, *Response, error) {
-	u := fmt.Sprintf("jobs/%s", id)
+	u := fmt.Sprintf("jobs/%s", railsPathEscape(id))
 
 	req, err := c.newRequest(ctx, "GET", u, nil)
 	if err != nil {
@@ -86,7 +63,7 @@ func (c *Client) GetJobState(ctx context.Context, id string) (*JobState, *Respon
 
 // Acquires a job using its ID
 func (c *Client) AcquireJob(ctx context.Context, id string, headers ...Header) (*Job, *Response, error) {
-	u := fmt.Sprintf("jobs/%s/acquire", id)
+	u := fmt.Sprintf("jobs/%s/acquire", railsPathEscape(id))
 
 	req, err := c.newRequest(ctx, "PUT", u, nil, headers...)
 	if err != nil {
@@ -106,7 +83,7 @@ func (c *Client) AcquireJob(ctx context.Context, id string, headers ...Header) (
 // environment variables (when a job is accepted, the agents environment is
 // applied to the job)
 func (c *Client) AcceptJob(ctx context.Context, job *Job) (*Job, *Response, error) {
-	u := fmt.Sprintf("jobs/%s/accept", job.ID)
+	u := fmt.Sprintf("jobs/%s/accept", railsPathEscape(job.ID))
 
 	req, err := c.newRequest(ctx, "PUT", u, nil)
 	if err != nil {
@@ -124,7 +101,7 @@ func (c *Client) AcceptJob(ctx context.Context, job *Job) (*Job, *Response, erro
 
 // StartJob starts the passed in job
 func (c *Client) StartJob(ctx context.Context, job *Job) (*Response, error) {
-	u := fmt.Sprintf("jobs/%s/start", job.ID)
+	u := fmt.Sprintf("jobs/%s/start", railsPathEscape(job.ID))
 
 	req, err := c.newRequest(ctx, "PUT", u, &jobStartRequest{
 		StartedAt: job.StartedAt,
@@ -138,7 +115,7 @@ func (c *Client) StartJob(ctx context.Context, job *Job) (*Response, error) {
 
 // FinishJob finishes the passed in job
 func (c *Client) FinishJob(ctx context.Context, job *Job) (*Response, error) {
-	u := fmt.Sprintf("jobs/%s/finish", job.ID)
+	u := fmt.Sprintf("jobs/%s/finish", railsPathEscape(job.ID))
 
 	req, err := c.newRequest(ctx, "PUT", u, &jobFinishRequest{
 		FinishedAt:        job.FinishedAt,
diff --git a/vendor/github.com/buildkite/agent/v3/api/meta_data.go b/vendor/github.com/buildkite/agent/v3/api/meta_data.go
index 384c2e7487..a9a591320b 100644
--- a/vendor/github.com/buildkite/agent/v3/api/meta_data.go
+++ b/vendor/github.com/buildkite/agent/v3/api/meta_data.go
@@ -20,7 +20,7 @@ type MetaDataExists struct {
 
 // Sets the meta data value
 func (c *Client) SetMetaData(ctx context.Context, jobId string, metaData *MetaData) (*Response, error) {
-	u := fmt.Sprintf("jobs/%s/data/set", jobId)
+	u := fmt.Sprintf("jobs/%s/data/set", railsPathEscape(jobId))
 
 	req, err := c.newRequest(ctx, "POST", u, metaData)
 	if err != nil {
@@ -36,7 +36,7 @@ func (c *Client) GetMetaData(ctx context.Context, scope, id, key string) (*MetaD
 		return nil, nil, errors.New("scope must either be job or build")
 	}
 
-	u := fmt.Sprintf("%ss/%s/data/get", scope, id)
+	u := fmt.Sprintf("%ss/%s/data/get", scope, railsPathEscape(id))
 	m := &MetaData{Key: key}
 
 	req, err := c.newRequest(ctx, "POST", u, m)
@@ -58,7 +58,7 @@ func (c *Client) ExistsMetaData(ctx context.Context, scope, id, key string) (*Me
 		return nil, nil, errors.New("scope must either be job or build")
 	}
 
-	u := fmt.Sprintf("%ss/%s/data/exists", scope, id)
+	u := fmt.Sprintf("%ss/%s/data/exists", scope, railsPathEscape(id))
 	m := &MetaData{Key: key}
 
 	req, err := c.newRequest(ctx, "POST", u, m)
@@ -80,7 +80,7 @@ func (c *Client) MetaDataKeys(ctx context.Context, scope, id string) ([]string,
 		return nil, nil, errors.New("scope must either be job or build")
 	}
 
-	u := fmt.Sprintf("%ss/%s/data/keys", scope, id)
+	u := fmt.Sprintf("%ss/%s/data/keys", scope, railsPathEscape(id))
 
 	req, err := c.newRequest(ctx, "POST", u, nil)
 	if err != nil {
diff --git a/vendor/github.com/buildkite/agent/v3/api/oidc.go b/vendor/github.com/buildkite/agent/v3/api/oidc.go
index a25f0302ba..d11e35726c 100644
--- a/vendor/github.com/buildkite/agent/v3/api/oidc.go
+++ b/vendor/github.com/buildkite/agent/v3/api/oidc.go
@@ -27,7 +27,7 @@ func (c *Client) OIDCToken(ctx context.Context, methodReq *OIDCTokenRequest) (*O
 		Claims:   methodReq.Claims,
 	}
 
-	u := fmt.Sprintf("jobs/%s/oidc/tokens", methodReq.Job)
+	u := fmt.Sprintf("jobs/%s/oidc/tokens", railsPathEscape(methodReq.Job))
 	httpReq, err := c.newRequest(ctx, "POST", u, m)
 	if err != nil {
 		return nil, nil, err
diff --git a/vendor/github.com/buildkite/agent/v3/api/pipelines.go b/vendor/github.com/buildkite/agent/v3/api/pipelines.go
index e585fb1cd3..323c8479f0 100644
--- a/vendor/github.com/buildkite/agent/v3/api/pipelines.go
+++ b/vendor/github.com/buildkite/agent/v3/api/pipelines.go
@@ -28,7 +28,7 @@ func (c *Client) UploadPipeline(
 	pipeline *PipelineChange,
 	headers ...Header,
 ) (*Response, error) {
-	u := fmt.Sprintf("jobs/%s/pipelines?async=true", jobId)
+	u := fmt.Sprintf("jobs/%s/pipelines?async=true", railsPathEscape(jobId))
 
 	req, err := c.newRequest(ctx, "POST", u, pipeline, headers...)
 	if err != nil {
@@ -44,7 +44,7 @@ func (c *Client) PipelineUploadStatus(
 	uuid string,
 	headers ...Header,
 ) (*PipelineUploadStatus, *Response, error) {
-	u := fmt.Sprintf("jobs/%s/pipelines/%s", jobId, uuid)
+	u := fmt.Sprintf("jobs/%s/pipelines/%s", railsPathEscape(jobId), railsPathEscape(uuid))
 
 	req, err := c.newRequest(ctx, "GET", u, nil, headers...)
 	if err != nil {
diff --git a/vendor/github.com/buildkite/agent/v3/api/steps.go b/vendor/github.com/buildkite/agent/v3/api/steps.go
index a428b2e1a2..b8ab745e79 100644
--- a/vendor/github.com/buildkite/agent/v3/api/steps.go
+++ b/vendor/github.com/buildkite/agent/v3/api/steps.go
@@ -18,7 +18,7 @@ type StepExportResponse struct {
 
 // StepExport gets an attribute from step
 func (c *Client) StepExport(ctx context.Context, stepIdOrKey string, stepGetRequest *StepExportRequest) (*StepExportResponse, *Response, error) {
-	u := fmt.Sprintf("steps/%s/export", stepIdOrKey)
+	u := fmt.Sprintf("steps/%s/export", railsPathEscape(stepIdOrKey))
 
 	req, err := c.newRequest(ctx, "POST", u, stepGetRequest)
 	if err != nil {
@@ -45,7 +45,7 @@ type StepUpdate struct {
 
 // StepUpdate updates a step
 func (c *Client) StepUpdate(ctx context.Context, stepIdOrKey string, stepUpdate *StepUpdate) (*Response, error) {
-	u := fmt.Sprintf("steps/%s", stepIdOrKey)
+	u := fmt.Sprintf("steps/%s", railsPathEscape(stepIdOrKey))
 
 	req, err := c.newRequest(ctx, "PUT", u, stepUpdate)
 	if err != nil {
diff --git a/vendor/github.com/buildkite/agent/v3/internal/ordered/map.go b/vendor/github.com/buildkite/agent/v3/internal/ordered/map.go
index a436796872..eb521d7469 100644
--- a/vendor/github.com/buildkite/agent/v3/internal/ordered/map.go
+++ b/vendor/github.com/buildkite/agent/v3/internal/ordered/map.go
@@ -184,6 +184,32 @@ func (m *Map[K, V]) ToMap() map[K]V {
 	return um
 }
 
+// ToMapRecursive converts a weakly typed nested structure consisting of
+// *Map[string, any], []any, and any (i.e. output from DecodeYAML),
+// into one containing the same data but where each *Map[string, any] is
+// map[string]any.
+func ToMapRecursive(src any) any {
+	switch tsrc := src.(type) {
+	case *Map[string, any]:
+		um := make(map[string]any, len(tsrc.index))
+		tsrc.Range(func(k string, v any) error {
+			um[k] = ToMapRecursive(v)
+			return nil
+		})
+		return um
+
+	case []any:
+		s := make([]any, len(tsrc))
+		for i, e := range tsrc {
+			s[i] = ToMapRecursive(e)
+		}
+		return s
+
+	default:
+		return src
+	}
+}
+
 // Equal reports if the two maps are equal (they contain the same items in the
 // same order). Keys are compared directly; values are compared using go-cmp
 // (provided with Equal[string, any] and Equal[string, string] as a comparers).
diff --git a/vendor/github.com/buildkite/agent/v3/internal/ordered/unmarshal.go b/vendor/github.com/buildkite/agent/v3/internal/ordered/unmarshal.go
index f316eb60ff..fb254093e0 100644
--- a/vendor/github.com/buildkite/agent/v3/internal/ordered/unmarshal.go
+++ b/vendor/github.com/buildkite/agent/v3/internal/ordered/unmarshal.go
@@ -32,8 +32,8 @@ type Unmarshaler interface {
 // of types under the hood, but some combinations don't work. Good luck!
 //
 //   - If dst is nil, then src must be nil.
-//   - If src is *yaml.Node, then DecodeYAML is called to translate the node
-//     into another type.
+//   - If src is yaml.Node or *yaml.Node, then DecodeYAML is called to translate
+//     the node into another type.
 //   - If dst is a pointer and src is nil, then the value dst points to is set
 //     to zero.
 //   - If dst is a pointer to a pointer, Unmarshal recursively calls Unmarshal
@@ -69,7 +69,16 @@ func Unmarshal(src, dst any) error {
 		return ErrIntoNil
 	}
 
-	if n, ok := src.(*yaml.Node); ok {
+	// Apply DecodeYAML to yaml.Node or *yaml.Node first.
+	switch n := src.(type) {
+	case yaml.Node:
+		o, err := DecodeYAML(&n)
+		if err != nil {
+			return err
+		}
+		src = o
+
+	case *yaml.Node:
 		o, err := DecodeYAML(n)
 		if err != nil {
 			return err
diff --git a/vendor/github.com/buildkite/agent/v3/internal/pipeline/interpolate.go b/vendor/github.com/buildkite/agent/v3/internal/pipeline/interpolate.go
index 3ef40a2e58..199e16433b 100644
--- a/vendor/github.com/buildkite/agent/v3/internal/pipeline/interpolate.go
+++ b/vendor/github.com/buildkite/agent/v3/internal/pipeline/interpolate.go
@@ -8,17 +8,33 @@ import (
 // This file contains helpers for recursively interpolating all the strings in
 // pipeline objects.
 
+// stringTransformer implementations mutate strings.
+type stringTransformer interface {
+	Transform(string) (string, error)
+}
+
+// envInterpolator returns a reusable string transform that replaces
+// variables (${FOO}) with their values from a map.
+type envInterpolator struct {
+	envMap interpolate.Env
+}
+
+// Transform calls interpolate.Interpolate to transform the string.
+func (e envInterpolator) Transform(s string) (string, error) {
+	return interpolate.Interpolate(e.envMap, s)
+}
+
 // selfInterpolater describes types that can interpolate themselves in-place.
-// They can call interpolate.Interpolate on strings, or
+// They can use the string transformer on string fields, or use
 // interpolate{Slice,Map,OrderedMap,Any} on their other contents, to do this.
 type selfInterpolater interface {
-	interpolate(interpolate.Env) error
+	interpolate(stringTransformer) error
 }
 
 // interpolateAny interpolates (almost) anything in-place. When passed a string,
 // it returns a new string. Anything it doesn't know how to interpolate is
 // returned unaltered.
-func interpolateAny[T any](env interpolate.Env, o T) (T, error) {
+func interpolateAny[T any](tf stringTransformer, o T) (T, error) {
 	// The box-typeswitch-unbox dance is required because the Go compiler
 	// has no type switch for type parameters.
 	var err error
@@ -26,38 +42,38 @@ func interpolateAny[T any](env interpolate.Env, o T) (T, error) {
 
 	switch t := a.(type) {
 	case selfInterpolater:
-		err = t.interpolate(env)
+		err = t.interpolate(tf)
 
 	case *string:
 		if t == nil {
 			return o, nil
 		}
-		*t, err = interpolate.Interpolate(env, *t)
+		*t, err = tf.Transform(*t)
 		a = t
 
 	case string:
-		a, err = interpolate.Interpolate(env, t)
+		a, err = tf.Transform(t)
 
 	case []any:
-		err = interpolateSlice(env, t)
+		err = interpolateSlice(tf, t)
 
 	case []string:
-		err = interpolateSlice(env, t)
+		err = interpolateSlice(tf, t)
 
 	case ordered.Slice:
-		err = interpolateSlice(env, t)
+		err = interpolateSlice(tf, t)
 
 	case map[string]any:
-		err = interpolateMap(env, t)
+		err = interpolateMap(tf, t)
 
 	case map[string]string:
-		err = interpolateMap(env, t)
+		err = interpolateMap(tf, t)
 
 	case *ordered.Map[string, any]:
-		err = interpolateOrderedMap(env, t)
+		err = interpolateOrderedMap(tf, t)
 
 	case *ordered.Map[string, string]:
-		err = interpolateOrderedMap(env, t)
+		err = interpolateOrderedMap(tf, t)
 
 	default:
 		return o, nil
@@ -74,10 +90,10 @@ func interpolateAny[T any](env interpolate.Env, o T) (T, error) {
 
 // interpolateSlice applies interpolateAny over any type of slice. Values in the
 // slice are updated in-place.
-func interpolateSlice[E any, S ~[]E](env interpolate.Env, s S) error {
+func interpolateSlice[E any, S ~[]E](tf stringTransformer, s S) error {
 	for i, e := range s {
 		// It could be a string, so replace the old value with the new.
-		inte, err := interpolateAny(env, e)
+		inte, err := interpolateAny(tf, e)
 		if err != nil {
 			return err
 		}
@@ -86,18 +102,32 @@ func interpolateSlice[E any, S ~[]E](env interpolate.Env, s S) error {
 	return nil
 }
 
-// interpolateMap applies interpolateAny over any type of map. The map is
-// altered in-place.
-func interpolateMap[K comparable, V any, M ~map[K]V](env interpolate.Env, m M) error {
+// interpolateMapValues applies interpolateAny over the values of any type of
+// map. The map is altered in-place.
+func interpolateMapValues[K comparable, V any, M ~map[K]V](tf stringTransformer, m M) error {
+	for k, v := range m {
+		// V could be string, so be sure to replace the old value with the new.
+		intv, err := interpolateAny(tf, v)
+		if err != nil {
+			return err
+		}
+		m[k] = intv
+	}
+	return nil
+}
+
+// interpolateMap applies interpolateAny over both keys and values of any type
+// of map. The map is altered in-place.
+func interpolateMap[K comparable, V any, M ~map[K]V](tf stringTransformer, m M) error {
 	for k, v := range m {
 		// We interpolate both keys and values.
-		intk, err := interpolateAny(env, k)
+		intk, err := interpolateAny(tf, k)
 		if err != nil {
 			return err
 		}
 
 		// V could be string, so be sure to replace the old value with the new.
-		intv, err := interpolateAny(env, v)
+		intv, err := interpolateAny(tf, v)
 		if err != nil {
 			return err
 		}
@@ -113,14 +143,14 @@ func interpolateMap[K comparable, V any, M ~map[K]V](env interpolate.Env, m M) e
 
 // interpolateOrderedMap applies interpolateAny over any type of ordered.Map.
 // The map is altered in-place.
-func interpolateOrderedMap[K comparable, V any](env interpolate.Env, m *ordered.Map[K, V]) error {
+func interpolateOrderedMap[K comparable, V any](tf stringTransformer, m *ordered.Map[K, V]) error {
 	return m.Range(func(k K, v V) error {
 		// We interpolate both keys and values.
-		intk, err := interpolateAny(env, k)
+		intk, err := interpolateAny(tf, k)
 		if err != nil {
 			return err
 		}
-		intv, err := interpolateAny(env, v)
+		intv, err := interpolateAny(tf, v)
 		if err != nil {
 			return err
 		}
diff --git a/vendor/github.com/buildkite/agent/v3/internal/pipeline/interpolate_matrix.go b/vendor/github.com/buildkite/agent/v3/internal/pipeline/interpolate_matrix.go
new file mode 100644
index 0000000000..f420db6a54
--- /dev/null
+++ b/vendor/github.com/buildkite/agent/v3/internal/pipeline/interpolate_matrix.go
@@ -0,0 +1,55 @@
+package pipeline
+
+import (
+	"fmt"
+	"regexp"
+	"strings"
+)
+
+// Match double curly bois containing any whitespace, "matrix", then maybe
+// a dot and a dimension name, ending with any whitespace and closing curlies.
+var matrixTokenRE = regexp.MustCompile(`\{\{\s*matrix(\.[\w-\.]+)?\s*\}\}`)
+
+// matrixInterpolator is a string transform that interpolates matrix tokens.
+type matrixInterpolator struct {
+	replacements map[string]string
+}
+
+// Transform interpolates matrix tokens.
+func (m matrixInterpolator) Transform(src string) (string, error) {
+	var unknown []string
+
+	out := matrixTokenRE.ReplaceAllStringFunc(src, func(s string) string {
+		sub := matrixTokenRE.FindStringSubmatch(s)
+		repl, ok := m.replacements[sub[1]]
+		if !ok {
+			unknown = append(unknown, sub[1])
+		}
+		return repl
+	})
+
+	if len(unknown) > 0 {
+		for i, f := range unknown {
+			unknown[i] = "matrix" + f
+		}
+		return out, fmt.Errorf("unknown matrix tokens in input: %s", strings.Join(unknown, ", "))
+	}
+	return out, nil
+}
+
+// newMatrixInterpolator creates a reusable string transformer that applies
+// matrix interpolation.
+func newMatrixInterpolator(mp MatrixPermutation) matrixInterpolator {
+	replacements := make(map[string]string)
+	for dim, val := range mp {
+		if dim == "" {
+			replacements[""] = val
+		} else {
+			replacements["."+dim] = val
+		}
+	}
+
+	return matrixInterpolator{
+		replacements: replacements,
+	}
+}
diff --git a/vendor/github.com/buildkite/agent/v3/internal/pipeline/pipeline.go b/vendor/github.com/buildkite/agent/v3/internal/pipeline/pipeline.go
index 69de4345a9..ae4e15599b 100644
--- a/vendor/github.com/buildkite/agent/v3/internal/pipeline/pipeline.go
+++ b/vendor/github.com/buildkite/agent/v3/internal/pipeline/pipeline.go
@@ -83,12 +83,14 @@ func (p *Pipeline) Interpolate(envMap *env.Environment) error {
 		return err
 	}
 
+	tf := envInterpolator{envMap: envMap}
+
 	// Recursively go through the rest of the pipeline and perform environment
 	// variable interpolation on strings. Interpolation is performed in-place.
-	if err := interpolateSlice(envMap, p.Steps); err != nil {
+	if err := interpolateSlice(tf, p.Steps); err != nil {
 		return err
 	}
-	return interpolateMap(envMap, p.RemainingFields)
+	return interpolateMap(tf, p.RemainingFields)
 }
 
 // interpolateEnvBlock runs interpolate.Interpolate on each pair in p.Env,
@@ -124,6 +126,6 @@ func (p *Pipeline) interpolateEnvBlock(envMap *env.Environment) error {
 // plugin configurations and the pipeline "env". Parts of the pipeline are
 // mutated directly, so an error part-way through may leave some steps
 // un-signed.
-func (p *Pipeline) Sign(key jwk.Key) error {
-	return p.Steps.sign(p.Env.ToMap(), key)
+func (p *Pipeline) Sign(key jwk.Key, inv *PipelineInvariants) error {
+	return p.Steps.sign(key, p.Env.ToMap(), inv)
 }
diff --git a/vendor/github.com/buildkite/agent/v3/internal/pipeline/pipeline_invariants.go b/vendor/github.com/buildkite/agent/v3/internal/pipeline/pipeline_invariants.go
new file mode 100644
index 0000000000..2ccf2a4b2e
--- /dev/null
+++ b/vendor/github.com/buildkite/agent/v3/internal/pipeline/pipeline_invariants.go
@@ -0,0 +1,82 @@
+package pipeline
+
+import (
+	"fmt"
+	"strings"
+)
+
+type PipelineInvariants struct {
+	OrganizationSlug string
+	PipelineSlug     string
+	Repository       string
+}
+
+var _ SignedFielder = (*CommandStepWithPipelineInvariants)(nil)
+
+type CommandStepWithPipelineInvariants struct {
+	CommandStep
+	PipelineInvariants
+}
+
+// SignedFields returns the default fields for signing.
+func (c *CommandStepWithPipelineInvariants) SignedFields() (map[string]any, error) {
+	return map[string]any{
+		"command":             c.Command,
+		"env":                 c.Env,
+		"plugins":             c.Plugins,
+		"matrix":              c.Matrix,
+		"pipeline_invariants": c.PipelineInvariants,
+	}, nil
+}
+
+// ValuesForFields returns the contents of fields to sign.
+func (c *CommandStepWithPipelineInvariants) ValuesForFields(fields []string) (map[string]any, error) {
+	// Make a set of required fields. As fields is processed, mark them off by
+	// deleting them.
+	required := map[string]struct{}{
+		"command":             {},
+		"env":                 {},
+		"plugins":             {},
+		"matrix":              {},
+		"pipeline_invariants": {},
+	}
+
+	out := make(map[string]any, len(fields))
+	for _, f := range fields {
+		delete(required, f)
+
+		switch f {
+		case "command":
+			out["command"] = c.Command
+
+		case "env":
+			out["env"] = c.Env
+
+		case "plugins":
+			out["plugins"] = c.Plugins
+
+		case "matrix":
+			out["matrix"] = c.Matrix
+
+		case "pipeline_invariants":
+			out["pipeline_invariants"] = c.PipelineInvariants
+
+		default:
+			// All env:: values come from outside the step.
+			if strings.HasPrefix(f, EnvNamespacePrefix) {
+				break
+			}
+
+			return nil, fmt.Errorf("unknown or unsupported field for signing %q", f)
+		}
+	}
+
+	if len(required) > 0 {
+		missing := make([]string, 0, len(required))
+		for k := range required {
+			missing = append(missing, k)
+		}
+		return nil, fmt.Errorf("one or more required fields are not present: %v", missing)
+	}
+	return out, nil
+}
diff --git a/vendor/github.com/buildkite/agent/v3/internal/pipeline/plugin.go b/vendor/github.com/buildkite/agent/v3/internal/pipeline/plugin.go
index 3c0ec4e47a..670c529027 100644
--- a/vendor/github.com/buildkite/agent/v3/internal/pipeline/plugin.go
+++ b/vendor/github.com/buildkite/agent/v3/internal/pipeline/plugin.go
@@ -2,8 +2,10 @@ package pipeline
 
 import (
 	"encoding/json"
+	"net/url"
+	"path"
+	"strings"
 
-	"github.com/buildkite/interpolate"
 	"gopkg.in/yaml.v3"
 )
 
@@ -19,12 +21,13 @@ var (
 //
 // Standard caveats apply - see the package comment.
 type Plugin struct {
-	Name   string
+	Source string
 	Config any
 }
 
 // MarshalJSON returns the plugin in "one-key object" form, or "single string"
-// form (no config, only plugin name).
+// form (no config, only plugin source). Plugin sources are marshalled into "full"
+// form.
 func (p *Plugin) MarshalJSON() ([]byte, error) {
 	// NB: MarshalYAML (as seen below) never returns an error.
 	o, _ := p.MarshalYAML()
@@ -32,27 +35,78 @@ func (p *Plugin) MarshalJSON() ([]byte, error) {
 }
 
 // MarshalYAML returns the plugin in either "one-item map" form, or "scalar"
-// form (no config, only plugin name).
+// form (no config, only plugin source). Plugin sources are marshalled into "full"
+// form.
 func (p *Plugin) MarshalYAML() (any, error) {
 	if p.Config == nil {
-		return p.Name, nil
+		return p.FullSource(), nil
 	}
 
 	return map[string]any{
-		p.Name: p.Config,
+		p.FullSource(): p.Config,
 	}, nil
 }
 
-func (p *Plugin) interpolate(env interpolate.Env) error {
-	name, err := interpolate.Interpolate(env, p.Name)
+// FullSource attempts to canonicalise Source. If it fails, it returns Source
+// unaltered. Otherwise, it resolves sources in a manner described at
+// https://buildkite.com/docs/plugins/using#plugin-sources.
+func (p *Plugin) FullSource() string {
+	if p.Source == "" {
+		return ""
+	}
+
+	// Looks like an absolute or relative file path.
+	if strings.HasPrefix(p.Source, "/") || strings.HasPrefix(p.Source, ".") || strings.HasPrefix(p.Source, `\`) {
+		return p.Source
+	}
+
+	u, err := url.Parse(p.Source)
+	if err != nil {
+		return p.Source
+	}
+
+	// They wrote something like ssh://..., https://..., or C:\...
+	// in which case they _mean it_.
+	if u.Scheme != "" || u.Opaque != "" {
+		return p.Source
+	}
+
+	// thing      => thing-buildkite-plugin
+	// thing#main => thing-buildkite-plugin#main
+	lastSegment := func(n, f string) string {
+		n += "-buildkite-plugin"
+		if f == "" {
+			return n
+		}
+		return n + "#" + f
+	}
+
+	paths := strings.Split(strings.TrimPrefix(u.Path, "/"), "/")
+	switch len(paths) {
+	case 1:
+		// trimmed path contained no slash
+		return path.Join("github.com", "buildkite-plugins", lastSegment(paths[0], u.Fragment))
+
+	case 2:
+		// trimmed path contained one slash
+		return path.Join("github.com", paths[0], lastSegment(paths[1], u.Fragment))
+
+	default:
+		// trimmed path contained more than one slash - apply no smarts
+		return p.Source
+	}
+}
+
+func (p *Plugin) interpolate(tf stringTransformer) error {
+	name, err := tf.Transform(p.Source)
 	if err != nil {
 		return err
 	}
-	cfg, err := interpolateAny(env, p.Config)
+	cfg, err := interpolateAny(tf, p.Config)
 	if err != nil {
 		return err
 	}
-	p.Name = name
+	p.Source = name
 	p.Config = cfg
 	return nil
 }
diff --git a/vendor/github.com/buildkite/agent/v3/internal/pipeline/plugins.go b/vendor/github.com/buildkite/agent/v3/internal/pipeline/plugins.go
index 7a9111072a..790cd595ff 100644
--- a/vendor/github.com/buildkite/agent/v3/internal/pipeline/plugins.go
+++ b/vendor/github.com/buildkite/agent/v3/internal/pipeline/plugins.go
@@ -1,11 +1,18 @@
 package pipeline
 
 import (
+	"encoding/json"
 	"fmt"
 
 	"github.com/buildkite/agent/v3/internal/ordered"
+	"gopkg.in/yaml.v3"
 )
 
+var _ interface {
+	json.Unmarshaler
+	ordered.Unmarshaler
+} = (*Plugins)(nil)
+
 // Plugins is a sequence of plugins. It is useful for unmarshaling.
 type Plugins []*Plugin
 
@@ -22,15 +29,24 @@ func (p *Plugins) UnmarshalOrdered(o any) error {
 	// Parse each "key: value" as "name: config", then append in order.
 	unmarshalMap := func(m *ordered.MapSA) error {
 		return m.Range(func(k string, v any) error {
-			*p = append(*p, &Plugin{
-				Name:   k,
-				Config: v,
-			})
+			// ToMapRecursive demolishes any ordering within the plugin config.
+			// This is needed because the backend likes to reorder the keys,
+			// and for signing we need the JSON form to be stable.
+			plugin := &Plugin{
+				Source: k,
+				Config: ordered.ToMapRecursive(v),
+			}
+			*p = append(*p, plugin)
 			return nil
 		})
 	}
 
 	switch o := o.(type) {
+	case nil:
+		// Someone wrote `plugins: null` (possibly us).
+		*p = nil
+		return nil
+
 	case []any:
 		for _, c := range o {
 			switch ct := c.(type) {
@@ -51,7 +67,7 @@ func (p *Plugins) UnmarshalOrdered(o any) error {
 				//   - plugin#1.0.0
 				// (no config, only plugin)
 				*p = append(*p, &Plugin{
-					Name:   ct,
+					Source: ct,
 					Config: nil,
 				})
 
@@ -78,3 +94,13 @@ func (p *Plugins) UnmarshalOrdered(o any) error {
 	}
 	return nil
 }
+
+// UnmarshalJSON is used mainly to normalise the BUILDKITE_PLUGINS env var.
+func (p *Plugins) UnmarshalJSON(b []byte) error {
+	// JSON is just a specific kind of YAML.
+	var n yaml.Node
+	if err := yaml.Unmarshal(b, &n); err != nil {
+		return err
+	}
+	return ordered.Unmarshal(&n, &p)
+}
diff --git a/vendor/github.com/buildkite/agent/v3/internal/pipeline/sign.go b/vendor/github.com/buildkite/agent/v3/internal/pipeline/sign.go
index 0a64e651af..6f26356f85 100644
--- a/vendor/github.com/buildkite/agent/v3/internal/pipeline/sign.go
+++ b/vendor/github.com/buildkite/agent/v3/internal/pipeline/sign.go
@@ -1,14 +1,12 @@
 package pipeline
 
 import (
-	"bytes"
-	"encoding/binary"
+	"encoding/json"
 	"errors"
 	"fmt"
-	"io"
 	"sort"
-	"strings"
 
+	"github.com/gowebpki/jcs"
 	"github.com/lestrrat-go/jwx/v2/jwk"
 	"github.com/lestrrat-go/jwx/v2/jws"
 )
@@ -25,9 +23,31 @@ type Signature struct {
 	Value        string   `json:"value" yaml:"value"`
 }
 
+// SignedFielder describes types that can be signed and have signatures
+// verified.
+// Converting non-string fields into strings (in a stable, canonical way) is an
+// exercise left to the implementer.
+type SignedFielder interface {
+	// SignedFields returns the default set of fields to sign, and their values.
+	// This is called by Sign.
+	SignedFields() (map[string]any, error)
+
+	// ValuesForFields looks up each field and produces a map of values. This is
+	// called by Verify. The set of fields might differ from the default, e.g.
+	// when verifying older signatures computed with fewer fields or deprecated
+	// field names. signedFielder implementations should reject requests for
+	// values if "mandatory" fields are missing (e.g. signing a command step
+	// should always sign the command).
+	ValuesForFields([]string) (map[string]any, error)
+}
+
 // Sign computes a new signature for an environment (env) combined with an
 // object containing values (sf) using a given key.
-func Sign(env map[string]string, sf SignedFielder, key jwk.Key) (*Signature, error) {
+func Sign(
+	key jwk.Key,
+	env map[string]string,
+	sf SignedFielder,
+) (*Signature, error) {
 	values, err := sf.SignedFields()
 	if err != nil {
 		return nil, err
@@ -36,23 +56,36 @@ func Sign(env map[string]string, sf SignedFielder, key jwk.Key) (*Signature, err
 		return nil, errors.New("no fields to sign")
 	}
 
-	// Namespace the env values.
-	env = prefixKeys(env, EnvNamespacePrefix)
+	// Step env overrides pipeline and build env:
+	// https://buildkite.com/docs/tutorials/pipeline-upgrade#what-is-the-yaml-steps-editor-compatibility-issues
+	// (Beware of inconsistent docs written in the time of legacy steps.)
+	// So if the thing we're signing has an env map, use it to exclude pipeline
+	// vars from signing.
+	objEnv, _ := values["env"].(map[string]string)
+
+	// Namespace the env values and include them in the values to sign.
+	for k, v := range env {
+		if _, has := objEnv[k]; has {
+			continue
+		}
+		values[EnvNamespacePrefix+k] = v
+	}
 
-	// NB: env overrides values from sf. This may seem backwards but it is
-	// our documented behaviour:
-	// https://buildkite.com/docs/pipelines/environment-variables#defining-your-own
-	// This override is handled by mapUnion.
+	// Extract the names of the fields.
+	fields := make([]string, 0, len(values))
+	for field := range values {
+		fields = append(fields, field)
+	}
+	sort.Strings(fields)
 
-	// Ensure this part writes the same data to the payload as in Verify...
-	payload := &bytes.Buffer{}
-	writeLengthPrefixed(payload, key.Algorithm().String())
-	fields := writeFields(payload, mapUnion(values, env))
-	// ...end
+	payload, err := canonicalPayload(key.Algorithm().String(), values)
+	if err != nil {
+		return nil, err
+	}
 
 	sig, err := jws.Sign(nil,
 		jws.WithKey(key.Algorithm(), key),
-		jws.WithDetachedPayload(payload.Bytes()),
+		jws.WithDetachedPayload(payload),
 		jws.WithCompact(),
 	)
 	if err != nil {
@@ -68,112 +101,73 @@ func Sign(env map[string]string, sf SignedFielder, key jwk.Key) (*Signature, err
 
 // Verify verifies an existing signature against environment (env) combined with
 // an object containing values (sf) using keys from a keySet.
-func (s *Signature) Verify(env map[string]string, sf SignedFielder, keySet jwk.Set) error {
+func (s *Signature) Verify(
+	keySet jwk.Set,
+	env map[string]string,
+	sf SignedFielder,
+) error {
 	if len(s.SignedFields) == 0 {
 		return errors.New("signature covers no fields")
 	}
 
-	// Ask the object for all fields, including env:: (which may be overridden
-	// by the pipeline env).
+	// Ask the object for values for all fields.
 	values, err := sf.ValuesForFields(s.SignedFields)
 	if err != nil {
 		return fmt.Errorf("obtaining values for fields: %w", err)
 	}
 
-	// env:: fields that were signed are all required in the env map.
+	// See Sign above for why we need special handling for step env.
+	objEnv, _ := values["env"].(map[string]string)
+
+	// Namespace the env values and include them in the values to sign.
+	for k, v := range env {
+		if _, has := objEnv[k]; has {
+			continue
+		}
+		values[EnvNamespacePrefix+k] = v
+	}
+
+	// env:: fields that were signed are all required from the env map.
 	// We can't verify other env vars though - they can vary for lots of reasons
 	// (e.g. Buildkite-provided vars added by the backend.)
 	// This is still strong enough for a user to enforce any particular env var
 	// exists and has a particular value - make it a part of the pipeline or
 	// step env.
-	envVars := filterPrefix(s.SignedFields, EnvNamespacePrefix)
-	env, err = requireKeys(prefixKeys(env, EnvNamespacePrefix), envVars)
+	required, err := requireKeys(values, s.SignedFields)
 	if err != nil {
-		return fmt.Errorf("obtaining values for env vars: %w", err)
+		return fmt.Errorf("obtaining required keys: %w", err)
 	}
 
-	// Ensure this part writes the same data to the payload as in Sign...
-	payload := &bytes.Buffer{}
-	writeLengthPrefixed(payload, s.Algorithm)
-	writeFields(payload, mapUnion(values, env))
-	// ...end
+	payload, err := canonicalPayload(s.Algorithm, required)
+	if err != nil {
+		return err
+	}
 
 	_, err = jws.Verify([]byte(s.Value),
 		jws.WithKeySet(keySet),
-		jws.WithDetachedPayload(payload.Bytes()),
+		jws.WithDetachedPayload(payload),
 	)
 	return err
 }
 
-// SignedFielder describes types that can be signed and have signatures
-// verified.
-// Converting non-string fields into strings (in a stable, canonical way) is an
-// exercise left to the implementer.
-type SignedFielder interface {
-	// SignedFields returns the default set of fields to sign, and their values.
-	// This is called by Sign.
-	SignedFields() (map[string]string, error)
-
-	// ValuesForFields looks up each field and produces a map of values. This is
-	// called by Verify. The set of fields might differ from the default, e.g.
-	// when verifying older signatures computed with fewer fields or deprecated
-	// field names. signedFielder implementations should reject requests for
-	// values if "mandatory" fields are missing (e.g. signing a command step
-	// should always sign the command).
-	ValuesForFields([]string) (map[string]string, error)
-}
-
-// writeFields writes the values (length-prefixed) into h. It also returns the
-// sorted field names it got from values (so that Sign doesn't end up extracting
-// them twice). It assumes writes to h never error (this is true of
-// bytes.Buffer, strings.Builder, and most hash.Hash implementations).
-// Passing a nil or empty map results in length 0 and no items being written.
-func writeFields(h io.Writer, values map[string]string) []string {
-	// Extract the field names and sort them.
-	fields := make([]string, 0, len(values))
-	for f := range values {
-		fields = append(fields, f)
-	}
-	sort.Strings(fields)
-
-	// If we blast strings at Write, then you could get the same hash for
-	// different fields that happen to have the same data when concatenated.
-	// So write length-prefixed fields, and length-prefix the whole map.
-	binary.Write(h, binary.LittleEndian, uint32(len(fields)))
-	for _, f := range fields {
-		writeLengthPrefixed(h, f)
-		writeLengthPrefixed(h, values[f])
-	}
-
-	return fields
-}
-
-// writeLengthPrefixed writes a length-prefixed string to h. It assumes writes
-// to h never error (this is true of bytes.Buffer, strings.Builder, and most
-// hash.Hash implementations).
-func writeLengthPrefixed(h io.Writer, s string) {
-	binary.Write(h, binary.LittleEndian, uint32(len(s)))
-	h.Write([]byte(s))
-}
-
-// prefixKeys returns a copy of a map with each key prefixed with a prefix.
-func prefixKeys[V any, M ~map[string]V](in M, prefix string) M {
-	out := make(M, len(in))
-	for k, v := range in {
-		out[prefix+k] = v
+// canonicalPayload returns a unique sequence of bytes representing the given
+// algorithm and values using JCS (RFC 8785).
+func canonicalPayload(alg string, values map[string]any) ([]byte, error) {
+	rawPayload, err := json.Marshal(struct {
+		Algorithm string         `json:"alg"`
+		Values    map[string]any `json:"values"`
+	}{
+		Algorithm: alg,
+		Values:    values,
+	})
+	if err != nil {
+		return nil, fmt.Errorf("marshaling JSON: %w", err)
 	}
-	return out
-}
-
-// filterPrefix returns values from the slice having the prefix.
-func filterPrefix(in []string, prefix string) []string {
-	out := make([]string, 0, len(in))
-	for _, s := range in {
-		if strings.HasPrefix(s, prefix) {
-			out = append(out, s)
-		}
+	payload, err := jcs.Transform(rawPayload)
+	if err != nil {
+		return nil, fmt.Errorf("canonicalising JSON: %w", err)
 	}
-	return out
+	return payload, nil
 }
 
 // requireKeys returns a copy of a map containing only keys from a []string.
@@ -189,19 +183,3 @@ func requireKeys[K comparable, V any, M ~map[K]V](in M, keys []K) (M, error) {
 	}
 	return out, nil
 }
-
-// mapUnion returns a new map with all elements from the given maps.
-// In case of key collisions, the last-most map containing the key "wins".
-func mapUnion[K comparable, V any, M ~map[K]V](ms ...M) M {
-	s := 0
-	for _, m := range ms {
-		s += len(m)
-	}
-	u := make(M, s)
-	for _, m := range ms {
-		for k, v := range m {
-			u[k] = v
-		}
-	}
-	return u
-}
diff --git a/vendor/github.com/buildkite/agent/v3/internal/pipeline/step_command.go b/vendor/github.com/buildkite/agent/v3/internal/pipeline/step_command.go
index 83d2dcc938..40b5c42c66 100644
--- a/vendor/github.com/buildkite/agent/v3/internal/pipeline/step_command.go
+++ b/vendor/github.com/buildkite/agent/v3/internal/pipeline/step_command.go
@@ -6,10 +6,14 @@ import (
 	"strings"
 
 	"github.com/buildkite/agent/v3/internal/ordered"
-	"github.com/buildkite/interpolate"
+	"gopkg.in/yaml.v3"
 )
 
-var _ SignedFielder = (*CommandStep)(nil)
+var _ interface {
+	json.Marshaler
+	json.Unmarshaler
+	ordered.Unmarshaler
+} = (*CommandStep)(nil)
 
 // CommandStep models a command step.
 //
@@ -19,7 +23,7 @@ type CommandStep struct {
 	Plugins   Plugins           `yaml:"plugins,omitempty"`
 	Env       map[string]string `yaml:"env,omitempty"`
 	Signature *Signature        `yaml:"signature,omitempty"`
-	Matrix    any               `yaml:"matrix,omitempty"`
+	Matrix    *Matrix           `yaml:"matrix,omitempty"`
 
 	// RemainingFields stores any other top-level mapping items so they at least
 	// survive an unmarshal-marshal round-trip.
@@ -32,6 +36,17 @@ func (c *CommandStep) MarshalJSON() ([]byte, error) {
 	return inlineFriendlyMarshalJSON(c)
 }
 
+// UnmarshalJSON is used when unmarshalling an individual step directly, e.g.
+// from the Agent API Accept Job.
+func (c *CommandStep) UnmarshalJSON(b []byte) error {
+	// JSON is just a specific kind of YAML.
+	var n yaml.Node
+	if err := yaml.Unmarshal(b, &n); err != nil {
+		return err
+	}
+	return ordered.Unmarshal(&n, &c)
+}
+
 // UnmarshalOrdered unmarshals a command step from an ordered map.
 func (c *CommandStep) UnmarshalOrdered(src any) error {
 	type wrappedCommand CommandStep
@@ -58,112 +73,52 @@ func (c *CommandStep) UnmarshalOrdered(src any) error {
 	return nil
 }
 
-// SignedFields returns the default fields for signing.
-func (c *CommandStep) SignedFields() (map[string]string, error) {
-	plugins := ""
-	if len(c.Plugins) > 0 {
-		// TODO: Reconsider using JSON here - is it stable enough?
-		pj, err := json.Marshal(c.Plugins)
-		if err != nil {
-			return nil, err
-		}
-		plugins = string(pj)
-	}
-	out := map[string]string{
-		"command": c.Command,
-		"plugins": plugins,
-	}
-	// Steps can have their own env. These can be overridden by the pipeline!
-	for e, v := range c.Env {
-		out[EnvNamespacePrefix+e] = v
-	}
-	return out, nil
-}
-
-// ValuesForFields returns the contents of fields to sign.
-func (c *CommandStep) ValuesForFields(fields []string) (map[string]string, error) {
-	// Make a set of required fields. As fields is processed, mark them off by
-	// deleting them.
-	required := map[string]struct{}{
-		"command": {},
-		"plugins": {},
-	}
-	// Env vars that the step has, but the pipeline doesn't have, are required.
-	// But we don't know what the pipeline has without passing it in, so treat
-	// all step env vars as required.
-	for e := range c.Env {
-		required[EnvNamespacePrefix+e] = struct{}{}
-	}
-
-	out := make(map[string]string, len(fields))
-	for _, f := range fields {
-		delete(required, f)
-
-		switch f {
-		case "command":
-			out["command"] = c.Command
-
-		case "plugins":
-			if len(c.Plugins) == 0 {
-				out["plugins"] = ""
-				break
-			}
-			// TODO: Reconsider using JSON here - is it stable enough?
-			val, err := json.Marshal(c.Plugins)
-			if err != nil {
-				return nil, err
-			}
-			out["plugins"] = string(val)
-
-		default:
-			if e, has := strings.CutPrefix(f, EnvNamespacePrefix); has {
-				// Env vars requested in `fields`, but are not in this step, are
-				// skipped.
-				if v, ok := c.Env[e]; ok {
-					out[f] = v
-				}
-				break
-			}
-
-			return nil, fmt.Errorf("unknown or unsupported field for signing %q", f)
-		}
+// InterpolateMatrixPermutation validates and then interpolates the choice of
+// matrix values into the step. This should only be used in order to validate
+// a job that's about to be run, and not used before pipeline upload.
+func (c *CommandStep) InterpolateMatrixPermutation(mp MatrixPermutation) error {
+	if err := c.Matrix.validatePermutation(mp); err != nil {
+		return err
 	}
-
-	if len(required) > 0 {
-		missing := make([]string, 0, len(required))
-		for k := range required {
-			missing = append(missing, k)
-		}
-		return nil, fmt.Errorf("one or more required fields are not present: %v", missing)
+	if len(mp) == 0 {
+		return nil
 	}
-	return out, nil
+	return c.interpolate(newMatrixInterpolator(mp))
 }
 
-func (c *CommandStep) interpolate(env interpolate.Env) error {
-	cmd, err := interpolate.Interpolate(env, c.Command)
+func (c *CommandStep) interpolate(tf stringTransformer) error {
+	cmd, err := tf.Transform(c.Command)
 	if err != nil {
 		return err
 	}
+	c.Command = cmd
 
-	if err := interpolateSlice(env, c.Plugins); err != nil {
+	if err := interpolateSlice(tf, c.Plugins); err != nil {
 		return err
 	}
 
-	if err := interpolateMap(env, c.Env); err != nil {
-		return err
+	switch tf.(type) {
+	case envInterpolator:
+		if err := interpolateMap(tf, c.Env); err != nil {
+			return err
+		}
+		if c.Matrix, err = interpolateAny(tf, c.Matrix); err != nil {
+			return err
+		}
+
+	case matrixInterpolator:
+		// Matrix interpolation doesn't apply to env keys.
+		if err := interpolateMapValues(tf, c.Env); err != nil {
+			return err
+		}
 	}
 
 	// NB: Do not interpolate Signature.
 
-	if c.Matrix, err = interpolateAny(env, c.Matrix); err != nil {
-		return err
-	}
-
-	if err := interpolateMap(env, c.RemainingFields); err != nil {
+	if err := interpolateMap(tf, c.RemainingFields); err != nil {
 		return err
 	}
 
-	c.Command = cmd
 	return nil
 }
 
diff --git a/vendor/github.com/buildkite/agent/v3/internal/pipeline/step_command_matrix.go b/vendor/github.com/buildkite/agent/v3/internal/pipeline/step_command_matrix.go
new file mode 100644
index 0000000000..a37c12ce78
--- /dev/null
+++ b/vendor/github.com/buildkite/agent/v3/internal/pipeline/step_command_matrix.go
@@ -0,0 +1,365 @@
+package pipeline
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+
+	"github.com/buildkite/agent/v3/internal/ordered"
+	"gopkg.in/yaml.v3"
+)
+
+var (
+	_ interface {
+		json.Marshaler
+		ordered.Unmarshaler
+		yaml.Marshaler
+		selfInterpolater
+	} = (*Matrix)(nil)
+
+	_ interface {
+		json.Marshaler
+		selfInterpolater
+	} = (*MatrixAdjustment)(nil)
+
+	_ = []interface {
+		json.Marshaler
+		ordered.Unmarshaler
+		yaml.Marshaler
+	}{
+		(*MatrixSetup)(nil),
+		(*MatrixAdjustmentWith)(nil),
+	}
+)
+
+var (
+	errNilMatrix                   = errors.New("non-empty permutation but matrix is nil")
+	errPermutationLengthMismatch   = errors.New("permutation has wrong length")
+	errPermutationUnknownDimension = errors.New("permutation has unknown dimension")
+	errAdjustmentLengthMismatch    = errors.New("adjustment has wrong length")
+	errAdjustmentUnknownDimension  = errors.New("adjustment has unknown dimension")
+	errPermutationSkipped          = errors.New("permutation is skipped by adjustment")
+	errPermutationNoMatch          = errors.New("permutation is neither a valid matrix combination nor an adjustment")
+)
+
+// Matrix models the matrix specification for command steps.
+type Matrix struct {
+	Setup       MatrixSetup       `yaml:"setup"`
+	Adjustments MatrixAdjustments `yaml:"adjustments,omitempty"`
+
+	RemainingFields map[string]any `yaml:",inline"`
+}
+
+// UnmarshalOrdererd unmarshals from either []any or *ordered.MapSA.
+func (m *Matrix) UnmarshalOrdered(o any) error {
+	switch src := o.(type) {
+	case []any:
+		// Single anonymous dimension matrix, no adjustments.
+		//
+		// matrix:
+		//   - apple
+		//   - 47
+		s := make([]string, 0, len(src))
+		if err := ordered.Unmarshal(src, &s); err != nil {
+			return err
+		}
+		m.Setup = MatrixSetup{"": s}
+
+	case *ordered.MapSA:
+		// Single anonymous dimension, or multiple named dimensions, with or
+		// without adjustments.
+		// Unmarshal into this secret wrapper type to avoid infinite recursion.
+		type wrappedMatrix Matrix
+		if err := ordered.Unmarshal(o, (*wrappedMatrix)(m)); err != nil {
+			return err
+		}
+
+	default:
+		return fmt.Errorf("unsupported src type for Matrix: %T", o)
+	}
+	return nil
+}
+
+// Reports if the matrix is a single anonymous dimension matrix with no
+// adjustments or any other fields. (It's a list of items.)
+func (m *Matrix) isSimple() bool {
+	return len(m.Setup) == 1 && len(m.Setup[""]) != 0 && len(m.Adjustments) == 0 && len(m.RemainingFields) == 0
+}
+
+// MarshalJSON is needed to use inlineFriendlyMarshalJSON, and reduces the
+// representation to a single list if the matrix is simple.
+func (m *Matrix) MarshalJSON() ([]byte, error) {
+	if m.isSimple() {
+		return json.Marshal(m.Setup[""])
+	}
+	return inlineFriendlyMarshalJSON(m)
+}
+
+// MarshalYAML is needed to reduce the representation to a single slice if
+// the matrix is simple.
+func (m *Matrix) MarshalYAML() (any, error) {
+	if m.isSimple() {
+		return m.Setup[""], nil
+	}
+	// Just in case the YAML marshaler tries to call MarshalYAML on the output,
+	// wrap m in a type without a MarshalYAML method.
+	type wrappedMatrix Matrix
+	return (*wrappedMatrix)(m), nil
+}
+
+func (m *Matrix) interpolate(tf stringTransformer) error {
+	if m == nil {
+		return nil
+	}
+	if _, is := tf.(matrixInterpolator); is {
+		// Don't interpolate matrixes into matrixes.
+		return nil
+	}
+	if err := interpolateMap(tf, m.Setup); err != nil {
+		return err
+	}
+	if err := interpolateSlice(tf, m.Adjustments); err != nil {
+		return err
+	}
+	return interpolateMap(tf, m.RemainingFields)
+}
+
+// validatePermutation checks that the permutation is a valid selection of
+// dimension values, including any non-skipped adjustments.
+func (m *Matrix) validatePermutation(p MatrixPermutation) error {
+	if m == nil {
+		if len(p) > 0 {
+			return errNilMatrix
+		}
+		// An empty permutation from a nil matrix...seems fine to me?
+		return nil
+	}
+	if len(p) != len(m.Setup) {
+		return fmt.Errorf("%w: %d != %d", errPermutationLengthMismatch, len(p), len(m.Setup))
+	}
+
+	// Check that the dimensions in the permutation are unique and defined in
+	// the matrix setup.
+	for dim := range p {
+		if len(m.Setup[dim]) == 0 {
+			return fmt.Errorf("%w: %q", errPermutationUnknownDimension, dim)
+		}
+	}
+
+	// Check that the permutation values are in the matrix setup (a basic
+	// permutation). Whether they are or are not, we still check adjustments.
+	valid := true
+	for dim, val := range p {
+		match := false
+		for _, v := range m.Setup[dim] {
+			if val == v {
+				match = true
+				break
+			}
+		}
+		if !match {
+			// Not a basic permutation. It could still be an adjustment though.
+			valid = false
+			break
+		}
+	}
+
+	// Check if the permutation matches any adjustment.
+	for _, adj := range m.Adjustments {
+		// Ensure adj.With has the same size and dimension names as m.Setup.
+		// adj.With is a map so no need to check for repetition.
+		// Because adjustments can introduce new dimension values, only the
+		// names of dimensions are checked.
+		if len(adj.With) != len(m.Setup) {
+			return fmt.Errorf("%w: %d != %d", errAdjustmentLengthMismatch, len(adj.With), len(m.Setup))
+		}
+		for dim := range adj.With {
+			if len(m.Setup[dim]) == 0 {
+				return fmt.Errorf("%w: %q", errAdjustmentUnknownDimension, dim)
+			}
+		}
+
+		// Now we can test whether p == adj.With.
+		match := true
+		for dim, val := range p {
+			if val != adj.With[dim] {
+				match = false
+				break
+			}
+		}
+		if !match {
+			continue
+		}
+
+		if adj.ShouldSkip() {
+			return errPermutationSkipped
+		}
+		// Not skipped, but is an adjustment, so it's valid.
+		// If multiple adjustments have the same permutation, and any of them
+		// have "skip: true", then that applies, so we can't bail early.
+		valid = true
+	}
+
+	if !valid {
+		return errPermutationNoMatch
+	}
+	return nil
+}
+
+// MatrixPermutation represents a possible permutation of a matrix.
+type MatrixPermutation map[string]string
+
+// MatrixSetup is the main setup of a matrix - one or more dimensions. The cross
+// product of the dimensions in the setup produces the base combinations of
+// matrix values.
+type MatrixSetup map[string][]string
+
+// MarshalJSON returns either a list (if the setup is a single anonymous
+// dimension) or an object (if it contains one or more (named) dimensions).
+func (ms MatrixSetup) MarshalJSON() ([]byte, error) {
+	// Note that MarshalYAML (below) always returns nil error.
+	o, _ := ms.MarshalYAML()
+	return json.Marshal(o)
+}
+
+// MarshalYAML returns either a Scalars (if the setup is a single anonymous
+// dimension) or a map (if it contains one or more (named) dimensions).
+func (ms MatrixSetup) MarshalYAML() (any, error) {
+	if len(ms) == 1 && len(ms[""]) > 0 {
+		return ms[""], nil
+	}
+	return map[string][]string(ms), nil
+}
+
+// UnmarshalOrdered unmarshals from either []any or *ordered.MapSA.
+func (ms *MatrixSetup) UnmarshalOrdered(o any) error {
+	if *ms == nil {
+		*ms = make(MatrixSetup)
+	}
+	switch src := o.(type) {
+	case []any:
+		// Single anonymous dimension, but we only get here if its under a setup
+		// key. (Maybe the user wants adjustments for their single dimension.)
+		//
+		// matrix:
+		//   setup:
+		//     - apple
+		//     - 47
+		s := make([]string, 0, len(src))
+		if err := ordered.Unmarshal(src, &s); err != nil {
+			return err
+		}
+		(*ms)[""] = s
+
+	case *ordered.MapSA:
+		// One or more (named) dimensions.
+		// Unmarshal into the underlying type to avoid infinite recursion.
+		if err := ordered.Unmarshal(src, (*map[string][]string)(ms)); err != nil {
+			return err
+		}
+
+	default:
+		return fmt.Errorf("unsupported src type for MatrixSetup: %T", o)
+	}
+	return nil
+}
+
+// MatrixAdjustments is a set of adjustments.
+type MatrixAdjustments []*MatrixAdjustment
+
+// MatrixAdjustment models an adjustment - a combination of (possibly new)
+// matrix values, and skip/soft fail configuration.
+type MatrixAdjustment struct {
+	With MatrixAdjustmentWith `yaml:"with"`
+	Skip any                  `yaml:"skip,omitempty"`
+
+	RemainingFields map[string]any `yaml:",inline"` // NB: soft_fail is in the remaining fields
+}
+
+func (ma *MatrixAdjustment) ShouldSkip() bool {
+	switch s := ma.Skip.(type) {
+	case bool:
+		return s
+
+	case nil:
+		return false
+
+	default:
+		return true
+	}
+}
+
+// MarshalJSON is needed to use inlineFriendlyMarshalJSON.
+func (ma *MatrixAdjustment) MarshalJSON() ([]byte, error) {
+	return inlineFriendlyMarshalJSON(ma)
+}
+
+func (ma *MatrixAdjustment) interpolate(tf stringTransformer) error {
+	if ma == nil {
+		return nil
+	}
+	if err := interpolateMap(tf, ma.With); err != nil {
+		return err
+	}
+	return interpolateMap(tf, ma.RemainingFields)
+}
+
+// MatrixAdjustmentWith is either a map of dimension key -> dimension value,
+// or a single value (for single anonymous dimension matrices).
+type MatrixAdjustmentWith map[string]string
+
+// MarshalJSON returns either a single scalar or an object.
+func (maw MatrixAdjustmentWith) MarshalJSON() ([]byte, error) {
+	// Note that MarshalYAML (below) always returns nil error.
+	o, _ := maw.MarshalYAML()
+	return json.Marshal(o)
+}
+
+// MarshalYAML returns either a single scalar or a map.
+func (maw MatrixAdjustmentWith) MarshalYAML() (any, error) {
+	if _, has := maw[""]; has && len(maw) == 1 {
+		return maw[""], nil
+	}
+	return map[string]string(maw), nil
+}
+
+// UnmarshalOrdered unmarshals from either a scalar value (string, bool, or int)
+// or *ordered.MapSA.
+func (maw *MatrixAdjustmentWith) UnmarshalOrdered(o any) error {
+	if *maw == nil {
+		*maw = make(MatrixAdjustmentWith)
+	}
+
+	switch src := o.(type) {
+	case bool, int, string:
+		// A single scalar.
+		// (This is how you can do adjustments on a single anonymous dimension.)
+		//
+		// matrix:
+		//   setup:
+		//     - apple
+		//     - 47
+		//   adjustments:
+		//     - with: banana
+		//       soft_fail: true
+		(*maw)[""] = fmt.Sprint(src)
+
+	case *ordered.MapSA:
+		// A map of dimension key -> dimension value. (Tuple of dimension value
+		// selections.)
+		return src.Range(func(k string, v any) error {
+			switch vt := v.(type) {
+			case bool, int, string:
+				(*maw)[k] = fmt.Sprint(vt)
+
+			default:
+				return fmt.Errorf("unsupported value type %T in key %q for MatrixAdjustmentsWith", v, k)
+			}
+			return nil
+		})
+
+	default:
+		return fmt.Errorf("unsupported src type for MatrixAdjustmentsWith: %T", o)
+	}
+	return nil
+}
diff --git a/vendor/github.com/buildkite/agent/v3/internal/pipeline/step_group.go b/vendor/github.com/buildkite/agent/v3/internal/pipeline/step_group.go
index 91b7690dd3..ee136c0a45 100644
--- a/vendor/github.com/buildkite/agent/v3/internal/pipeline/step_group.go
+++ b/vendor/github.com/buildkite/agent/v3/internal/pipeline/step_group.go
@@ -4,7 +4,6 @@ import (
 	"fmt"
 
 	"github.com/buildkite/agent/v3/internal/ordered"
-	"github.com/buildkite/interpolate"
 )
 
 // GroupStep models a group step.
@@ -36,17 +35,17 @@ func (g *GroupStep) UnmarshalOrdered(src any) error {
 	return nil
 }
 
-func (g *GroupStep) interpolate(env interpolate.Env) error {
-	grp, err := interpolateAny(env, g.Group)
+func (g *GroupStep) interpolate(tf stringTransformer) error {
+	grp, err := interpolateAny(tf, g.Group)
 	if err != nil {
 		return err
 	}
 	g.Group = grp
 
-	if err := g.Steps.interpolate(env); err != nil {
+	if err := g.Steps.interpolate(tf); err != nil {
 		return err
 	}
-	return interpolateMap(env, g.RemainingFields)
+	return interpolateMap(tf, g.RemainingFields)
 }
 
 func (GroupStep) stepTag() {}
diff --git a/vendor/github.com/buildkite/agent/v3/internal/pipeline/step_input.go b/vendor/github.com/buildkite/agent/v3/internal/pipeline/step_input.go
index ac2b24d1f9..cfe769be12 100644
--- a/vendor/github.com/buildkite/agent/v3/internal/pipeline/step_input.go
+++ b/vendor/github.com/buildkite/agent/v3/internal/pipeline/step_input.go
@@ -3,8 +3,6 @@ package pipeline
 import (
 	"encoding/json"
 	"errors"
-
-	"github.com/buildkite/interpolate"
 )
 
 // See the comment in step_scalar.go.
@@ -29,8 +27,8 @@ func (s *InputStep) MarshalJSON() ([]byte, error) {
 	return json.Marshal(s.Contents)
 }
 
-func (s InputStep) interpolate(env interpolate.Env) error {
-	return interpolateMap(env, s.Contents)
+func (s InputStep) interpolate(tf stringTransformer) error {
+	return interpolateMap(tf, s.Contents)
 }
 
 func (*InputStep) stepTag() {}
diff --git a/vendor/github.com/buildkite/agent/v3/internal/pipeline/step_trigger.go b/vendor/github.com/buildkite/agent/v3/internal/pipeline/step_trigger.go
index 02349afe49..7513b41716 100644
--- a/vendor/github.com/buildkite/agent/v3/internal/pipeline/step_trigger.go
+++ b/vendor/github.com/buildkite/agent/v3/internal/pipeline/step_trigger.go
@@ -2,8 +2,6 @@ package pipeline
 
 import (
 	"encoding/json"
-
-	"github.com/buildkite/interpolate"
 )
 
 // TriggerStep models a trigger step.
@@ -18,8 +16,8 @@ func (t TriggerStep) MarshalJSON() ([]byte, error) {
 	return json.Marshal(t.Contents)
 }
 
-func (s TriggerStep) interpolate(env interpolate.Env) error {
-	return interpolateMap(env, s.Contents)
+func (s TriggerStep) interpolate(tf stringTransformer) error {
+	return interpolateMap(tf, s.Contents)
 }
 
 func (TriggerStep) stepTag() {}
diff --git a/vendor/github.com/buildkite/agent/v3/internal/pipeline/step_unknown.go b/vendor/github.com/buildkite/agent/v3/internal/pipeline/step_unknown.go
index 6421fc746a..0b01615154 100644
--- a/vendor/github.com/buildkite/agent/v3/internal/pipeline/step_unknown.go
+++ b/vendor/github.com/buildkite/agent/v3/internal/pipeline/step_unknown.go
@@ -2,8 +2,6 @@ package pipeline
 
 import (
 	"encoding/json"
-
-	"github.com/buildkite/interpolate"
 )
 
 // UnknownStep models any step we don't know how to represent in this version.
@@ -30,8 +28,8 @@ func (u *UnknownStep) UnmarshalOrdered(src any) error {
 	return nil
 }
 
-func (u *UnknownStep) interpolate(env interpolate.Env) error {
-	c, err := interpolateAny(env, u.Contents)
+func (u *UnknownStep) interpolate(tf stringTransformer) error {
+	c, err := interpolateAny(tf, u.Contents)
 	if err != nil {
 		return err
 	}
diff --git a/vendor/github.com/buildkite/agent/v3/internal/pipeline/step_wait.go b/vendor/github.com/buildkite/agent/v3/internal/pipeline/step_wait.go
index 99a510dbab..5c7ad23213 100644
--- a/vendor/github.com/buildkite/agent/v3/internal/pipeline/step_wait.go
+++ b/vendor/github.com/buildkite/agent/v3/internal/pipeline/step_wait.go
@@ -2,8 +2,6 @@ package pipeline
 
 import (
 	"encoding/json"
-
-	"github.com/buildkite/interpolate"
 )
 
 // See the comment in step_scalar.go.
@@ -30,8 +28,8 @@ func (s *WaitStep) MarshalJSON() ([]byte, error) {
 	return json.Marshal(s.Contents)
 }
 
-func (s *WaitStep) interpolate(env interpolate.Env) error {
-	return interpolateMap(env, s.Contents)
+func (s *WaitStep) interpolate(tf stringTransformer) error {
+	return interpolateMap(tf, s.Contents)
 }
 
 func (*WaitStep) stepTag() {}
diff --git a/vendor/github.com/buildkite/agent/v3/internal/pipeline/steps.go b/vendor/github.com/buildkite/agent/v3/internal/pipeline/steps.go
index 74d732c42c..f0b896ed69 100644
--- a/vendor/github.com/buildkite/agent/v3/internal/pipeline/steps.go
+++ b/vendor/github.com/buildkite/agent/v3/internal/pipeline/steps.go
@@ -5,7 +5,6 @@ import (
 	"fmt"
 
 	"github.com/buildkite/agent/v3/internal/ordered"
-	"github.com/buildkite/interpolate"
 	"github.com/lestrrat-go/jwx/v2/jwk"
 )
 
@@ -42,8 +41,8 @@ func (s *Steps) UnmarshalOrdered(o any) error {
 	return nil
 }
 
-func (s Steps) interpolate(env interpolate.Env) error {
-	return interpolateSlice(env, s)
+func (s Steps) interpolate(tf stringTransformer) error {
+	return interpolateSlice(tf, s)
 }
 
 // unmarshalStep unmarshals into the right kind of Step.
@@ -138,23 +137,23 @@ func stepByKeyInference(o *ordered.MapSA) (Step, error) {
 // sign adds signatures to each command step (and recursively to any command
 // steps that are within group steps. The steps are mutated directly, so an
 // error part-way through may leave some steps un-signed.
-func (s Steps) sign(env map[string]string, key jwk.Key) error {
+func (s Steps) sign(key jwk.Key, env map[string]string, pInv *PipelineInvariants) error {
 	for _, step := range s {
 		switch step := step.(type) {
 		case *CommandStep:
-			if step.Matrix != nil {
-				// Don't sign matrix steps... yet
-				continue
+			stepWithInvariants := &CommandStepWithPipelineInvariants{
+				CommandStep:        *step,
+				PipelineInvariants: *pInv,
 			}
 
-			sig, err := Sign(env, step, key)
+			sig, err := Sign(key, env, stepWithInvariants)
 			if err != nil {
 				return fmt.Errorf("signing step with command %q: %w", step.Command, err)
 			}
 			step.Signature = sig
 
 		case *GroupStep:
-			if err := step.Steps.sign(env, key); err != nil {
+			if err := step.Steps.sign(key, env, pInv); err != nil {
 				return fmt.Errorf("signing group step: %w", err)
 			}
 
diff --git a/vendor/github.com/buildkite/agent/v3/logger/log.go b/vendor/github.com/buildkite/agent/v3/logger/log.go
index f291bb26ea..6807b5b8a9 100644
--- a/vendor/github.com/buildkite/agent/v3/logger/log.go
+++ b/vendor/github.com/buildkite/agent/v3/logger/log.go
@@ -81,10 +81,9 @@ func (l *ConsoleLogger) SetLevel(level Level) {
 
 func (l *ConsoleLogger) Debug(format string, v ...any) {
 	if l.level == DEBUG {
-		debugFields := make(Fields, 0, len(l.fields)+2)
+		debugFields := make(Fields, len(l.fields))
 		copy(debugFields, l.fields)
-		debugFields.Add(StringField("agent_version", version.Version()))
-		debugFields.Add(StringField("agent_build", version.BuildVersion()))
+		debugFields.Add(StringField("agent_version", version.FullVersion()))
 		l.printer.Print(DEBUG, fmt.Sprintf(format, v...), debugFields)
 	}
 }
diff --git a/vendor/github.com/buildkite/agent/v3/version/VERSION b/vendor/github.com/buildkite/agent/v3/version/VERSION
index 426d048447..69ef73e1dd 100644
--- a/vendor/github.com/buildkite/agent/v3/version/VERSION
+++ b/vendor/github.com/buildkite/agent/v3/version/VERSION
@@ -1 +1 @@
-3.52.1
+3.58.0
diff --git a/vendor/github.com/buildkite/agent/v3/version/version.go b/vendor/github.com/buildkite/agent/v3/version/version.go
index 7496fc60f8..09eefeda04 100644
--- a/vendor/github.com/buildkite/agent/v3/version/version.go
+++ b/vendor/github.com/buildkite/agent/v3/version/version.go
@@ -3,33 +3,79 @@ package version
 
 import (
 	_ "embed"
+	"fmt"
 	"runtime"
+	"runtime/debug"
 	"strings"
 )
 
-// You can overridden buildVersion at compile time by using:
-//
-//  go run -ldflags "-X github.com/buildkite/agent/v3/agent.buildVersion=abc" . --version
-//
-// On CI, the binaries are always build with the buildVersion variable set.
-//
 // Pre-release builds' versions must be in the format `x.y-beta`, `x.y-beta.z` or `x.y-beta.z.a`
 
-//go:embed VERSION
-var baseVersion string
-var buildVersion string
+var (
+	//go:embed VERSION
+	baseVersion string
+	buildNumber = "x"
+)
 
 func Version() string {
 	return strings.TrimSpace(baseVersion)
 }
 
-func BuildVersion() string {
-	if buildVersion == "" {
+// BuildNumber returns the build number of the CI pipeline that built the agent.
+// You can override buildVersion at compile time by using the ldflag:
+//
+// "-X github.com/buildkite/agent/v3/version.buildNumber=abc"
+//
+// An easy way to test this is:
+//
+// $ go run -buildvcs=true -ldflags "-X github.com/buildkite/agent/v3/version.buildNumber=abc" . --version
+//
+// On CI, the binaries are always built with the buildVersion variable set.
+func BuildNumber() string {
+	return buildNumber
+}
+
+// commitInfo returns a string consisting of the commit hash and whether the the build was made in a
+// `dirty` working directory or not. A dirty working directory is one that has uncommitted changes
+// to files that git would track.
+func commitInfo() string {
+	info, ok := debug.ReadBuildInfo()
+	if !ok {
 		return "x"
 	}
-	return buildVersion
+
+	dirty := ".dirty"
+	var commit string
+	for _, setting := range info.Settings {
+		switch setting.Key {
+		case "vcs.revision":
+			commit = setting.Value
+		case "vcs.modified":
+			if setting.Value == "false" {
+				dirty = ""
+			}
+		}
+	}
+
+	return commit + dirty
+}
+
+// FullVersion is a SemVer 2.0 compliant version string that includes
+// [build metadata](https://semver.org/#spec-item-10) consisting of the build
+// number (if any), the commit hash, and whether the build was made in a `dirty`
+// working directory or not.
+func FullVersion() string {
+	return fmt.Sprintf("%s+%s.%s", Version(), BuildNumber(), commitInfo())
 }
 
+// UserAgent returns a string suitable for use as a User-Agent header.
+// TODO-vNext: Include some prefix of the commit hash in the User-Agent header.
 func UserAgent() string {
-	return "buildkite-agent/" + Version() + "." + BuildVersion() + " (" + runtime.GOOS + "; " + runtime.GOARCH + ")"
+	return fmt.Sprintf(
+		"buildkite-agent/%s.%s (%s; %s)",
+		Version(),
+		BuildNumber(),
+		runtime.GOOS,
+		runtime.GOARCH,
+	)
 }
diff --git a/vendor/github.com/clbanning/mxj/v2/doc.go b/vendor/github.com/clbanning/mxj/v2/doc.go
index bede312651..07ac098e2e 100644
--- a/vendor/github.com/clbanning/mxj/v2/doc.go
+++ b/vendor/github.com/clbanning/mxj/v2/doc.go
@@ -14,6 +14,11 @@ Related Packages:
 	checkxml: github.com/clbanning/checkxml provides functions for validating XML data.
 
 Notes:
+	2022.11.28: v2.7 - add SetGlobalKeyMapPrefix to change default prefix, '#', for default keys
+	2022.11.20: v2.6 - add NewMapForattedXmlSeq for XML docs formatted with whitespace character
+	2021.02.02: v2.5 - add XmlCheckIsValid toggle to force checking that the encoded XML is valid
+	2020.12.14: v2.4 - add XMLEscapeCharsDecoder to preserve XML escaped characters in Map values
+	2020.10.28: v2.3 - add TrimWhiteSpace option
 	2020.05.01: v2.2 - optimize map to XML encoding for large XML docs.
 	2019.07.04: v2.0 - remove unnecessary methods - mv.XmlWriterRaw, mv.XmlIndentWriterRaw - for Map and MapSeq.
 	2019.07.04: Add MapSeq type and move associated functions and methods from Map to MapSeq.
diff --git a/vendor/github.com/clbanning/mxj/v2/leafnode.go b/vendor/github.com/clbanning/mxj/v2/leafnode.go
index cf413ebdd4..1bc814fdc3 100644
--- a/vendor/github.com/clbanning/mxj/v2/leafnode.go
+++ b/vendor/github.com/clbanning/mxj/v2/leafnode.go
@@ -44,7 +44,7 @@ func (mv Map) LeafNodes(no_attr ...bool) []LeafNode {
 
 func getLeafNodes(path, node string, mv interface{}, l *[]LeafNode, noattr bool) {
 	// if stripping attributes, then also strip "#text" key
-	if !noattr || node != "#text" {
+	if !noattr || node != textK {
 		if path != "" && node[:1] != "[" {
 			path += "."
 		}
diff --git a/vendor/github.com/clbanning/mxj/v2/readme.md b/vendor/github.com/clbanning/mxj/v2/readme.md
index 323a747d4d..0e0a09a420 100644
--- a/vendor/github.com/clbanning/mxj/v2/readme.md
+++ b/vendor/github.com/clbanning/mxj/v2/readme.md
@@ -6,7 +6,7 @@ mxj supplants the legacy x2j and j2x packages. If you want the old syntax, use m
 <h4>Installation</h4>
 Using go.mod:
 <pre>
-go get github.com/clbanning/mxj/v2@v2.3.2
+go get github.com/clbanning/mxj/v2@v2.7	
 </pre>
 
 <pre>
@@ -42,6 +42,8 @@ For over a year I've wanted to refactor the XML-to-map[string]interface{} decode
 
 <h4>Notices</h4>
 
+	2022.11.28: v2.7 - add SetGlobalKeyMapPrefix to change default prefix, '#', for default keys
+	2022.11.20: v2.6 - add NewMapForattedXmlSeq for XML docs formatted with whitespace character
 	2021.02.02: v2.5 - add XmlCheckIsValid toggle to force checking that the encoded XML is valid
 	2020.12.14: v2.4 - add XMLEscapeCharsDecoder to preserve XML escaped characters in Map values
 	2020.10.28: v2.3 - add TrimWhiteSpace option
diff --git a/vendor/github.com/clbanning/mxj/v2/xml.go b/vendor/github.com/clbanning/mxj/v2/xml.go
index 2ea1bc25a8..b72a1460f6 100644
--- a/vendor/github.com/clbanning/mxj/v2/xml.go
+++ b/vendor/github.com/clbanning/mxj/v2/xml.go
@@ -22,6 +22,30 @@ import (
 	"time"
 )
 
+var (
+	textK      = "#text"
+	seqK       = "#seq"
+	commentK   = "#comment"
+	attrK      = "#attr"
+	directiveK = "#directive"
+	procinstK  = "#procinst"
+	targetK    = "#target"
+	instK      = "#inst"
+)
+
+// Support overriding default Map keys prefix
+
+func SetGlobalKeyMapPrefix(s string) {
+	textK = strings.ReplaceAll(textK, textK[0:1], s)
+	seqK = strings.ReplaceAll(seqK, seqK[0:1], s)
+	commentK = strings.ReplaceAll(commentK, commentK[0:1], s)
+	directiveK = strings.ReplaceAll(directiveK, directiveK[0:1], s)
+	procinstK = strings.ReplaceAll(procinstK, procinstK[0:1], s)
+	targetK = strings.ReplaceAll(targetK, targetK[0:1], s)
+	instK = strings.ReplaceAll(instK, instK[0:1], s)
+	attrK = strings.ReplaceAll(attrK, attrK[0:1], s)
+}
+
 // ------------------- NewMapXml & NewMapXmlReader ... -------------------------
 
 // If XmlCharsetReader != nil, it will be used to decode the XML, if required.
@@ -441,7 +465,7 @@ func xmlToMapParser(skey string, a []xml.Attr, p *xml.Decoder, r bool) (map[stri
 					val.(map[string]interface{})["_seq"] = seq // will overwrite an "_seq" XML tag
 					seq++
 				case interface{}: // a non-nil simple element: string, float64, bool
-					v := map[string]interface{}{"#text": val}
+					v := map[string]interface{}{textK: val}
 					v["_seq"] = seq
 					seq++
 					val = v
@@ -479,7 +503,7 @@ func xmlToMapParser(skey string, a []xml.Attr, p *xml.Decoder, r bool) (map[stri
 			} else if len(n) == 1 && len(na) > 0 {
 				// it's a simple element w/ no attributes w/ subelements
 				for _, v := range n {
-					na["#text"] = v
+					na[textK] = v
 				}
 				n[skey] = na
 			}
@@ -492,7 +516,7 @@ func xmlToMapParser(skey string, a []xml.Attr, p *xml.Decoder, r bool) (map[stri
 			}
 			if len(tt) > 0 {
 				if len(na) > 0 || decodeSimpleValuesAsMap {
-					na["#text"] = cast(tt, r, "#text")
+					na[textK] = cast(tt, r, textK)
 				} else if skey != "" {
 					n[skey] = cast(tt, r, skey)
 				} else {
@@ -913,7 +937,8 @@ func (b *byteReader) Read(p []byte) (int, error) {
 func (b *byteReader) ReadByte() (byte, error) {
 	_, err := b.r.Read(b.b)
 	if len(b.b) > 0 {
-		return b.b[0], nil
+		// issue #38
+		return b.b[0], err
 	}
 	var c byte
 	return c, err
@@ -1038,6 +1063,7 @@ func marshalMapToXmlIndent(doIndent bool, b *bytes.Buffer, key string, value int
 	if doIndent {
 		switch value.(type) {
 		case []interface{}, []string:
+			// list processing handles indentation for all elements
 		default:
 			if _, err = b.WriteString(p.padding); err != nil {
 				return err
@@ -1113,7 +1139,7 @@ func marshalMapToXmlIndent(doIndent bool, b *bytes.Buffer, key string, value int
 
 		// simple element? Note: '#text" is an invalid XML tag.
 		isComplex := false
-		if v, ok := vv["#text"]; ok && n+1 == lenvv {
+		if v, ok := vv[textK]; ok && n+1 == lenvv {
 			// just the value and attributes
 			switch v.(type) {
 			case string:
@@ -1177,7 +1203,7 @@ func marshalMapToXmlIndent(doIndent bool, b *bytes.Buffer, key string, value int
 		elemlist := make([][2]interface{}, len(vv))
 		n = 0
 		for k, v := range vv {
-			if k == "#text" {
+			if k == textK {
 				// simple element handled above
 				continue
 			}
diff --git a/vendor/github.com/clbanning/mxj/v2/xmlseq.go b/vendor/github.com/clbanning/mxj/v2/xmlseq.go
index 80632bd3c3..9732dec399 100644
--- a/vendor/github.com/clbanning/mxj/v2/xmlseq.go
+++ b/vendor/github.com/clbanning/mxj/v2/xmlseq.go
@@ -13,6 +13,7 @@ import (
 	"errors"
 	"fmt"
 	"io"
+	"regexp"
 	"sort"
 	"strings"
 )
@@ -81,6 +82,8 @@ var NO_ROOT = NoRoot // maintain backwards compatibility
 //	ERRORS:
 //	   1. If a NoRoot error, "no root key," is returned, check the initial map key for a "#comment",
 //	      "#directive" or #procinst" key.
+//	   2. Unmarshaling an XML doc that is formatted using the whitespace character, " ", will error, since
+//	      Decoder.RawToken treats such occurances as significant. See NewMapFormattedXmlSeq().
 func NewMapXmlSeq(xmlVal []byte, cast ...bool) (MapSeq, error) {
 	var r bool
 	if len(cast) == 1 {
@@ -89,6 +92,28 @@ func NewMapXmlSeq(xmlVal []byte, cast ...bool) (MapSeq, error) {
 	return xmlSeqToMap(xmlVal, r)
 }
 
+// NewMapFormattedXmlSeq performs the same as NewMapXmlSeq but is useful for processing XML objects that
+// are formatted using the whitespace character, " ".  (The stdlib xml.Decoder, by default, treats all
+// whitespace as significant; Decoder.Token() and Decoder.RawToken() will return strings of one or more
+// whitespace characters and without alphanumeric or punctuation characters as xml.CharData values.)
+//
+// If you're processing such XML, then this will convert all occurrences of whitespace-only strings
+// into an empty string, "", prior to parsing the XML - irrespective of whether the occurrence is
+// formatting or is a actual element value.
+func NewMapFormattedXmlSeq(xmlVal []byte, cast ...bool) (MapSeq, error) {
+	var c bool
+	if len(cast) == 1 {
+		c = cast[0]
+	}
+
+	// Per PR #104 - clean out formatting characters so they don't show up in Decoder.RawToken() stream.
+	// NOTE: Also replaces element values that are solely comprised of formatting/whitespace characters
+	// with empty string, "".
+	r := regexp.MustCompile(`>[\n\t\r ]*<`)
+	xmlVal = r.ReplaceAll(xmlVal, []byte("><"))
+	return xmlSeqToMap(xmlVal, c)
+}
+
 // NewMpaXmlSeqReader returns next XML doc from an io.Reader as a MapSeq value.
 //	NOTES:
 //	   1. The 'xmlReader' will be parsed looking for an xml.StartElement, xml.Comment, etc., so BOM and other
@@ -212,12 +237,12 @@ func xmlSeqToMapParser(skey string, a []xml.Attr, p *xml.Decoder, r bool) (map[s
 					v.Value = escapeChars(v.Value)
 				}
 				if len(v.Name.Space) > 0 {
-					aa[v.Name.Space+`:`+v.Name.Local] = map[string]interface{}{"#text": cast(v.Value, r, ""), "#seq": i}
+					aa[v.Name.Space+`:`+v.Name.Local] = map[string]interface{}{textK: cast(v.Value, r, ""), seqK: i}
 				} else {
-					aa[v.Name.Local] = map[string]interface{}{"#text": cast(v.Value, r, ""), "#seq": i}
+					aa[v.Name.Local] = map[string]interface{}{textK: cast(v.Value, r, ""), seqK: i}
 				}
 			}
-			na["#attr"] = aa
+			na[attrK] = aa
 		}
 	}
 
@@ -285,10 +310,10 @@ func xmlSeqToMapParser(skey string, a []xml.Attr, p *xml.Decoder, r bool) (map[s
 			// where all the "list" subelements are decoded into an array.
 			switch val.(type) {
 			case map[string]interface{}:
-				val.(map[string]interface{})["#seq"] = seq
+				val.(map[string]interface{})[seqK] = seq
 				seq++
 			case interface{}: // a non-nil simple element: string, float64, bool
-				v := map[string]interface{}{"#text": val, "#seq": seq}
+				v := map[string]interface{}{textK: val, seqK: seq}
 				seq++
 				val = v
 			}
@@ -355,42 +380,42 @@ func xmlSeqToMapParser(skey string, a []xml.Attr, p *xml.Decoder, r bool) (map[s
 			}
 			if len(tt) > 0 {
 				// every simple element is a #text and has #seq associated with it
-				na["#text"] = cast(tt, r, "")
-				na["#seq"] = seq
+				na[textK] = cast(tt, r, "")
+				na[seqK] = seq
 				seq++
 			}
 		case xml.Comment:
 			if n == nil { // no root 'key'
-				n = map[string]interface{}{"#comment": string(t.(xml.Comment))}
+				n = map[string]interface{}{commentK: string(t.(xml.Comment))}
 				return n, NoRoot
 			}
 			cm := make(map[string]interface{}, 2)
-			cm["#text"] = string(t.(xml.Comment))
-			cm["#seq"] = seq
+			cm[textK] = string(t.(xml.Comment))
+			cm[seqK] = seq
 			seq++
-			na["#comment"] = cm
+			na[commentK] = cm
 		case xml.Directive:
 			if n == nil { // no root 'key'
-				n = map[string]interface{}{"#directive": string(t.(xml.Directive))}
+				n = map[string]interface{}{directiveK: string(t.(xml.Directive))}
 				return n, NoRoot
 			}
 			dm := make(map[string]interface{}, 2)
-			dm["#text"] = string(t.(xml.Directive))
-			dm["#seq"] = seq
+			dm[textK] = string(t.(xml.Directive))
+			dm[seqK] = seq
 			seq++
-			na["#directive"] = dm
+			na[directiveK] = dm
 		case xml.ProcInst:
 			if n == nil {
-				na = map[string]interface{}{"#target": t.(xml.ProcInst).Target, "#inst": string(t.(xml.ProcInst).Inst)}
-				n = map[string]interface{}{"#procinst": na}
+				na = map[string]interface{}{targetK: t.(xml.ProcInst).Target, instK: string(t.(xml.ProcInst).Inst)}
+				n = map[string]interface{}{procinstK: na}
 				return n, NoRoot
 			}
 			pm := make(map[string]interface{}, 3)
-			pm["#target"] = t.(xml.ProcInst).Target
-			pm["#inst"] = string(t.(xml.ProcInst).Inst)
-			pm["#seq"] = seq
+			pm[targetK] = t.(xml.ProcInst).Target
+			pm[instK] = string(t.(xml.ProcInst).Inst)
+			pm[seqK] = seq
 			seq++
-			na["#procinst"] = pm
+			na[procinstK] = pm
 		default:
 			// noop - shouldn't ever get here, now, since we handle all token types
 		}
@@ -580,7 +605,7 @@ func mapToXmlSeqIndent(doIndent bool, s *string, key string, value interface{},
 		if doIndent {
 			*s += p.padding
 		}
-		if key != "#comment" && key != "#directive" && key != "#procinst" {
+		if key != commentK && key != directiveK && key != procinstK {
 			*s += `<` + key
 		}
 	}
@@ -588,27 +613,27 @@ func mapToXmlSeqIndent(doIndent bool, s *string, key string, value interface{},
 	case map[string]interface{}:
 		val := value.(map[string]interface{})
 
-		if key == "#comment" {
-			*s += `<!--` + val["#text"].(string) + `-->`
+		if key == commentK {
+			*s += `<!--` + val[textK].(string) + `-->`
 			noEndTag = true
 			break
 		}
 
-		if key == "#directive" {
-			*s += `<!` + val["#text"].(string) + `>`
+		if key == directiveK {
+			*s += `<!` + val[textK].(string) + `>`
 			noEndTag = true
 			break
 		}
 
-		if key == "#procinst" {
-			*s += `<?` + val["#target"].(string) + ` ` + val["#inst"].(string) + `?>`
+		if key == procinstK {
+			*s += `<?` + val[targetK].(string) + ` ` + val[instK].(string) + `?>`
 			noEndTag = true
 			break
 		}
 
 		haveAttrs := false
 		// process attributes first
-		if v, ok := val["#attr"].(map[string]interface{}); ok {
+		if v, ok := val[attrK].(map[string]interface{}); ok {
 			// First, unroll the map[string]interface{} into a []keyval array.
 			// Then sequence it.
 			kv := make([]keyval, len(v))
@@ -621,21 +646,21 @@ func mapToXmlSeqIndent(doIndent bool, s *string, key string, value interface{},
 			// Now encode the attributes in original decoding sequence, using keyval array.
 			for _, a := range kv {
 				vv := a.v.(map[string]interface{})
-				switch vv["#text"].(type) {
+				switch vv[textK].(type) {
 				case string:
 					if xmlEscapeChars {
-						ss = escapeChars(vv["#text"].(string))
+						ss = escapeChars(vv[textK].(string))
 					} else {
-						ss = vv["#text"].(string)
+						ss = vv[textK].(string)
 					}
 					*s += ` ` + a.k + `="` + ss + `"`
 				case float64, bool, int, int32, int64, float32:
-					*s += ` ` + a.k + `="` + fmt.Sprintf("%v", vv["#text"]) + `"`
+					*s += ` ` + a.k + `="` + fmt.Sprintf("%v", vv[textK]) + `"`
 				case []byte:
 					if xmlEscapeChars {
-						ss = escapeChars(string(vv["#text"].([]byte)))
+						ss = escapeChars(string(vv[textK].([]byte)))
 					} else {
-						ss = string(vv["#text"].([]byte))
+						ss = string(vv[textK].([]byte))
 					}
 					*s += ` ` + a.k + `="` + ss + `"`
 				default:
@@ -647,8 +672,8 @@ func mapToXmlSeqIndent(doIndent bool, s *string, key string, value interface{},
 
 		// simple element?
 		// every map value has, at least, "#seq" and, perhaps, "#text" and/or "#attr"
-		_, seqOK := val["#seq"] // have key
-		if v, ok := val["#text"]; ok && ((len(val) == 3 && haveAttrs) || (len(val) == 2 && !haveAttrs)) && seqOK {
+		_, seqOK := val[seqK] // have key
+		if v, ok := val[textK]; ok && ((len(val) == 3 && haveAttrs) || (len(val) == 2 && !haveAttrs)) && seqOK {
 			if stmp, ok := v.(string); ok && stmp != "" {
 				if xmlEscapeChars {
 					stmp = escapeChars(stmp)
@@ -669,10 +694,10 @@ func mapToXmlSeqIndent(doIndent bool, s *string, key string, value interface{},
 		// 'kv' will hold everything that needs to be written
 		kv := make([]keyval, 0)
 		for k, v := range val {
-			if k == "#attr" { // already processed
+			if k == attrK { // already processed
 				continue
 			}
-			if k == "#seq" { // ignore - just for sorting
+			if k == seqK { // ignore - just for sorting
 				continue
 			}
 			switch v.(type) {
@@ -845,16 +870,16 @@ func (e elemListSeq) Less(i, j int) bool {
 	var iseq, jseq int
 	var fiseq, fjseq float64
 	var ok bool
-	if iseq, ok = e[i].v.(map[string]interface{})["#seq"].(int); !ok {
-		if fiseq, ok = e[i].v.(map[string]interface{})["#seq"].(float64); ok {
+	if iseq, ok = e[i].v.(map[string]interface{})[seqK].(int); !ok {
+		if fiseq, ok = e[i].v.(map[string]interface{})[seqK].(float64); ok {
 			iseq = int(fiseq)
 		} else {
 			iseq = 9999999
 		}
 	}
 
-	if jseq, ok = e[j].v.(map[string]interface{})["#seq"].(int); !ok {
-		if fjseq, ok = e[j].v.(map[string]interface{})["#seq"].(float64); ok {
+	if jseq, ok = e[j].v.(map[string]interface{})[seqK].(int); !ok {
+		if fjseq, ok = e[j].v.(map[string]interface{})[seqK].(float64); ok {
 			jseq = int(fjseq)
 		} else {
 			jseq = 9999999
diff --git a/vendor/github.com/cloudflare/circl/ecc/goldilocks/twist.go b/vendor/github.com/cloudflare/circl/ecc/goldilocks/twist.go
index 8cd4e333b9..83d7cdadd3 100644
--- a/vendor/github.com/cloudflare/circl/ecc/goldilocks/twist.go
+++ b/vendor/github.com/cloudflare/circl/ecc/goldilocks/twist.go
@@ -9,7 +9,7 @@ import (
 	fp "github.com/cloudflare/circl/math/fp448"
 )
 
-// twistCurve is -x^2+y^2=1-39082x^2y^2 and is 4-isogeneous to Goldilocks.
+// twistCurve is -x^2+y^2=1-39082x^2y^2 and is 4-isogenous to Goldilocks.
 type twistCurve struct{}
 
 // Identity returns the identity point.
diff --git a/vendor/github.com/cloudflare/circl/internal/sha3/keccakf.go b/vendor/github.com/cloudflare/circl/internal/sha3/keccakf.go
index ab19d0ad12..1755fd1e6d 100644
--- a/vendor/github.com/cloudflare/circl/internal/sha3/keccakf.go
+++ b/vendor/github.com/cloudflare/circl/internal/sha3/keccakf.go
@@ -6,13 +6,21 @@ package sha3
 
 // KeccakF1600 applies the Keccak permutation to a 1600b-wide
 // state represented as a slice of 25 uint64s.
+// If turbo is true, applies the 12-round variant instead of the
+// regular 24-round variant.
 // nolint:funlen
-func KeccakF1600(a *[25]uint64) {
+func KeccakF1600(a *[25]uint64, turbo bool) {
 	// Implementation translated from Keccak-inplace.c
 	// in the keccak reference code.
 	var t, bc0, bc1, bc2, bc3, bc4, d0, d1, d2, d3, d4 uint64
 
-	for i := 0; i < 24; i += 4 {
+	i := 0
+
+	if turbo {
+		i = 12
+	}
+
+	for ; i < 24; i += 4 {
 		// Combines the 5 steps in each round into 2 steps.
 		// Unrolls 4 rounds per loop and spreads some steps across rounds.
 
diff --git a/vendor/github.com/cloudflare/circl/internal/sha3/sha3.go b/vendor/github.com/cloudflare/circl/internal/sha3/sha3.go
index b35cd006b0..a0df5aa6c5 100644
--- a/vendor/github.com/cloudflare/circl/internal/sha3/sha3.go
+++ b/vendor/github.com/cloudflare/circl/internal/sha3/sha3.go
@@ -51,6 +51,7 @@ type State struct {
 	// Specific to SHA-3 and SHAKE.
 	outputLen int             // the default output size in bytes
 	state     spongeDirection // whether the sponge is absorbing or squeezing
+	turbo     bool            // Whether we're using 12 rounds instead of 24
 }
 
 // BlockSize returns the rate of sponge underlying this hash function.
@@ -86,11 +87,11 @@ func (d *State) permute() {
 		xorIn(d, d.buf())
 		d.bufe = 0
 		d.bufo = 0
-		KeccakF1600(&d.a)
+		KeccakF1600(&d.a, d.turbo)
 	case spongeSqueezing:
 		// If we're squeezing, we need to apply the permutation before
 		// copying more output.
-		KeccakF1600(&d.a)
+		KeccakF1600(&d.a, d.turbo)
 		d.bufe = d.rate
 		d.bufo = 0
 		copyOut(d, d.buf())
@@ -136,7 +137,7 @@ func (d *State) Write(p []byte) (written int, err error) {
 			// The fast path; absorb a full "rate" bytes of input and apply the permutation.
 			xorIn(d, p[:d.rate])
 			p = p[d.rate:]
-			KeccakF1600(&d.a)
+			KeccakF1600(&d.a, d.turbo)
 		} else {
 			// The slow path; buffer the input until we can fill the sponge, and then xor it in.
 			todo := d.rate - bufl
@@ -193,3 +194,7 @@ func (d *State) Sum(in []byte) []byte {
 	_, _ = dup.Read(hash)
 	return append(in, hash...)
 }
+
+func (d *State) IsAbsorbing() bool {
+	return d.state == spongeAbsorbing
+}
diff --git a/vendor/github.com/cloudflare/circl/internal/sha3/shake.go b/vendor/github.com/cloudflare/circl/internal/sha3/shake.go
index b92c5b7d78..77817f758c 100644
--- a/vendor/github.com/cloudflare/circl/internal/sha3/shake.go
+++ b/vendor/github.com/cloudflare/circl/internal/sha3/shake.go
@@ -57,6 +57,17 @@ func NewShake128() State {
 	return State{rate: rate128, dsbyte: dsbyteShake}
 }
 
+// NewTurboShake128 creates a new TurboSHAKE128 variable-output-length ShakeHash.
+// Its generic security strength is 128 bits against all attacks if at
+// least 32 bytes of its output are used.
+// D is the domain separation byte and must be between 0x01 and 0x7f inclusive.
+func NewTurboShake128(D byte) State {
+	if D == 0 || D > 0x7f {
+		panic("turboshake: D out of range")
+	}
+	return State{rate: rate128, dsbyte: D, turbo: true}
+}
+
 // NewShake256 creates a new SHAKE256 variable-output-length ShakeHash.
 // Its generic security strength is 256 bits against all attacks if
 // at least 64 bytes of its output are used.
@@ -64,6 +75,17 @@ func NewShake256() State {
 	return State{rate: rate256, dsbyte: dsbyteShake}
 }
 
+// NewTurboShake256 creates a new TurboSHAKE256 variable-output-length ShakeHash.
+// Its generic security strength is 256 bits against all attacks if
+// at least 64 bytes of its output are used.
+// D is the domain separation byte and must be between 0x01 and 0x7f inclusive.
+func NewTurboShake256(D byte) State {
+	if D == 0 || D > 0x7f {
+		panic("turboshake: D out of range")
+	}
+	return State{rate: rate256, dsbyte: D, turbo: true}
+}
+
 // ShakeSum128 writes an arbitrary-length digest of data into hash.
 func ShakeSum128(hash, data []byte) {
 	h := NewShake128()
@@ -77,3 +99,21 @@ func ShakeSum256(hash, data []byte) {
 	_, _ = h.Write(data)
 	_, _ = h.Read(hash)
 }
+
+// TurboShakeSum128 writes an arbitrary-length digest of data into hash.
+func TurboShakeSum128(hash, data []byte, D byte) {
+	h := NewTurboShake128(D)
+	_, _ = h.Write(data)
+	_, _ = h.Read(hash)
+}
+
+// TurboShakeSum256 writes an arbitrary-length digest of data into hash.
+func TurboShakeSum256(hash, data []byte, D byte) {
+	h := NewTurboShake256(D)
+	_, _ = h.Write(data)
+	_, _ = h.Read(hash)
+}
+
+func (d *State) SwitchDS(D byte) {
+	d.dsbyte = D
+}
diff --git a/vendor/github.com/cloudflare/circl/math/primes.go b/vendor/github.com/cloudflare/circl/math/primes.go
new file mode 100644
index 0000000000..158fd83a7a
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/math/primes.go
@@ -0,0 +1,34 @@
+package math
+
+import (
+	"crypto/rand"
+	"io"
+	"math/big"
+)
+
+// IsSafePrime reports whether p is (probably) a safe prime.
+// The prime p=2*q+1 is safe prime if both p and q are primes.
+// Note that ProbablyPrime is not suitable for judging primes
+// that an adversary may have crafted to fool the test.
+func IsSafePrime(p *big.Int) bool {
+	pdiv2 := new(big.Int).Rsh(p, 1)
+	return p.ProbablyPrime(20) && pdiv2.ProbablyPrime(20)
+}
+
+// SafePrime returns a number of the given bit length that is a safe prime with high probability.
+// The number returned p=2*q+1 is a safe prime if both p and q are primes.
+// SafePrime will return error for any error returned by rand.Read or if bits < 2.
+func SafePrime(random io.Reader, bits int) (*big.Int, error) {
+	one := big.NewInt(1)
+	p := new(big.Int)
+	for {
+		q, err := rand.Prime(random, bits-1)
+		if err != nil {
+			return nil, err
+		}
+		p.Lsh(q, 1).Add(p, one)
+		if p.ProbablyPrime(20) {
+			return p, nil
+		}
+	}
+}
diff --git a/vendor/github.com/cloudflare/circl/sign/ed25519/ed25519.go b/vendor/github.com/cloudflare/circl/sign/ed25519/ed25519.go
index 08ca65d799..2c73c26fb1 100644
--- a/vendor/github.com/cloudflare/circl/sign/ed25519/ed25519.go
+++ b/vendor/github.com/cloudflare/circl/sign/ed25519/ed25519.go
@@ -1,7 +1,7 @@
 // Package ed25519 implements Ed25519 signature scheme as described in RFC-8032.
 //
 // This package provides optimized implementations of the three signature
-// variants and maintaining closer compatiblilty with crypto/ed25519.
+// variants and maintaining closer compatibility with crypto/ed25519.
 //
 //	| Scheme Name | Sign Function     | Verification  | Context           |
 //	|-------------|-------------------|---------------|-------------------|
diff --git a/vendor/github.com/digitorus/timestamp/timestamp.go b/vendor/github.com/digitorus/timestamp/timestamp.go
index ba8c7517ec..9e6da2d92e 100644
--- a/vendor/github.com/digitorus/timestamp/timestamp.go
+++ b/vendor/github.com/digitorus/timestamp/timestamp.go
@@ -405,12 +405,12 @@ func CreateRequest(r io.Reader, opts *RequestOptions) ([]byte, error) {
 	return req.Marshal()
 }
 
-// CreateResponse returns a DER-encoded timestamp response with the specified contents.
+// CreateResponseWithOpts returns a DER-encoded timestamp response with the specified contents.
 // The fields in the response are populated as follows:
 //
 // The responder cert is used to populate the responder's name field, and the
 // certificate itself is provided alongside the timestamp response signature.
-func (t *Timestamp) CreateResponse(signingCert *x509.Certificate, priv crypto.Signer) ([]byte, error) {
+func (t *Timestamp) CreateResponseWithOpts(signingCert *x509.Certificate, priv crypto.Signer, opts crypto.SignerOpts) ([]byte, error) {
 	messageImprint := getMessageImprint(t.HashAlgorithm, t.HashedMessage)
 
 	tsaSerialNumber, err := generateTSASerialNumber()
@@ -421,7 +421,7 @@ func (t *Timestamp) CreateResponse(signingCert *x509.Certificate, priv crypto.Si
 	if err != nil {
 		return nil, err
 	}
-	signature, err := t.generateSignedData(tstInfo, priv, signingCert)
+	signature, err := t.generateSignedData(tstInfo, priv, signingCert, opts)
 	if err != nil {
 		return nil, err
 	}
@@ -438,6 +438,19 @@ func (t *Timestamp) CreateResponse(signingCert *x509.Certificate, priv crypto.Si
 	return tspResponseBytes, nil
 }
 
+// CreateResponse returns a DER-encoded timestamp response with the specified contents.
+// The fields in the response are populated as follows:
+//
+// The responder cert is used to populate the responder's name field, and the
+// certificate itself is provided alongside the timestamp response signature.
+//
+// This function is equivalent to CreateResponseWithOpts, using a SHA256 hash.
+//
+// Deprecated: Use CreateResponseWithOpts instead.
+func (t *Timestamp) CreateResponse(signingCert *x509.Certificate, priv crypto.Signer) ([]byte, error) {
+	return t.CreateResponseWithOpts(signingCert, priv, crypto.SHA256)
+}
+
 // CreateErrorResponse is used to create response other than granted and granted with mod status
 func CreateErrorResponse(pkiStatus Status, pkiFailureInfo FailureInfo) ([]byte, error) {
 	var bs asn1.BitString
@@ -591,18 +604,33 @@ func (t *Timestamp) populateSigningCertificateV2Ext(certificate *x509.Certificat
 	return signingCertV2Bytes, nil
 }
 
-func (t *Timestamp) generateSignedData(tstInfo []byte, signer crypto.Signer, certificate *x509.Certificate) ([]byte, error) {
+// digestAlgorithmToOID converts the hash func to the corresponding OID.
+// This should have parity with [pkcs7.getHashForOID].
+func digestAlgorithmToOID(hash crypto.Hash) (asn1.ObjectIdentifier, error) {
+	switch hash {
+	case crypto.SHA1:
+		return pkcs7.OIDDigestAlgorithmSHA1, nil
+	case crypto.SHA256:
+		return pkcs7.OIDDigestAlgorithmSHA256, nil
+	case crypto.SHA384:
+		return pkcs7.OIDDigestAlgorithmSHA384, nil
+	case crypto.SHA512:
+		return pkcs7.OIDDigestAlgorithmSHA512, nil
+	}
+	return nil, pkcs7.ErrUnsupportedAlgorithm
+}
+
+func (t *Timestamp) generateSignedData(tstInfo []byte, signer crypto.Signer, certificate *x509.Certificate, opts crypto.SignerOpts) ([]byte, error) {
 	signedData, err := pkcs7.NewSignedData(tstInfo)
 	if err != nil {
 		return nil, err
 	}
 
-	digestAlgOID, err := pkcs7.GetDigestOIDForSignatureAlgorithm(certificate.SignatureAlgorithm)
+	alg, err := digestAlgorithmToOID(opts.HashFunc())
 	if err != nil {
 		return nil, err
 	}
-
-	signedData.SetDigestAlgorithm(digestAlgOID)
+	signedData.SetDigestAlgorithm(alg)
 	signedData.SetContentType(asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 16, 1, 4})
 
 	signingCertV2Bytes, err := t.populateSigningCertificateV2Ext(certificate)
diff --git a/vendor/github.com/docker/cli/cli/config/configfile/file.go b/vendor/github.com/docker/cli/cli/config/configfile/file.go
index 5db7f8b827..442c31110b 100644
--- a/vendor/github.com/docker/cli/cli/config/configfile/file.go
+++ b/vendor/github.com/docker/cli/cli/config/configfile/file.go
@@ -94,6 +94,9 @@ func (configFile *ConfigFile) ContainsAuth() bool {
 
 // GetAuthConfigs returns the mapping of repo to auth configuration
 func (configFile *ConfigFile) GetAuthConfigs() map[string]types.AuthConfig {
+	if configFile.AuthConfigs == nil {
+		configFile.AuthConfigs = make(map[string]types.AuthConfig)
+	}
 	return configFile.AuthConfigs
 }
 
diff --git a/vendor/github.com/docker/cli/cli/config/credentials/file_store.go b/vendor/github.com/docker/cli/cli/config/credentials/file_store.go
index de1c676e50..ea30fc3006 100644
--- a/vendor/github.com/docker/cli/cli/config/credentials/file_store.go
+++ b/vendor/github.com/docker/cli/cli/config/credentials/file_store.go
@@ -52,7 +52,8 @@ func (c *fileStore) GetAll() (map[string]types.AuthConfig, error) {
 
 // Store saves the given credentials in the file store.
 func (c *fileStore) Store(authConfig types.AuthConfig) error {
-	c.file.GetAuthConfigs()[authConfig.ServerAddress] = authConfig
+	authConfigs := c.file.GetAuthConfigs()
+	authConfigs[authConfig.ServerAddress] = authConfig
 	return c.file.Save()
 }
 
diff --git a/vendor/github.com/docker/docker-credential-helpers/client/client.go b/vendor/github.com/docker/docker-credential-helpers/client/client.go
index d1d0434cb5..678153cf88 100644
--- a/vendor/github.com/docker/docker-credential-helpers/client/client.go
+++ b/vendor/github.com/docker/docker-credential-helpers/client/client.go
@@ -26,7 +26,7 @@ func isValidCredsMessage(msg string) error {
 
 // Store uses an external program to save credentials.
 func Store(program ProgramFunc, creds *credentials.Credentials) error {
-	cmd := program("store")
+	cmd := program(credentials.ActionStore)
 
 	buffer := new(bytes.Buffer)
 	if err := json.NewEncoder(buffer).Encode(creds); err != nil {
@@ -50,7 +50,7 @@ func Store(program ProgramFunc, creds *credentials.Credentials) error {
 
 // Get executes an external program to get the credentials from a native store.
 func Get(program ProgramFunc, serverURL string) (*credentials.Credentials, error) {
-	cmd := program("get")
+	cmd := program(credentials.ActionGet)
 	cmd.Input(strings.NewReader(serverURL))
 
 	out, err := cmd.Output()
@@ -81,7 +81,7 @@ func Get(program ProgramFunc, serverURL string) (*credentials.Credentials, error
 
 // Erase executes a program to remove the server credentials from the native store.
 func Erase(program ProgramFunc, serverURL string) error {
-	cmd := program("erase")
+	cmd := program(credentials.ActionErase)
 	cmd.Input(strings.NewReader(serverURL))
 	out, err := cmd.Output()
 	if err != nil {
@@ -99,7 +99,7 @@ func Erase(program ProgramFunc, serverURL string) error {
 
 // List executes a program to list server credentials in the native store.
 func List(program ProgramFunc) (map[string]string, error) {
-	cmd := program("list")
+	cmd := program(credentials.ActionList)
 	cmd.Input(strings.NewReader("unused"))
 	out, err := cmd.Output()
 	if err != nil {
diff --git a/vendor/github.com/docker/docker-credential-helpers/client/command.go b/vendor/github.com/docker/docker-credential-helpers/client/command.go
index 0183c06393..1936234bef 100644
--- a/vendor/github.com/docker/docker-credential-helpers/client/command.go
+++ b/vendor/github.com/docker/docker-credential-helpers/client/command.go
@@ -1,11 +1,9 @@
 package client
 
 import (
-	"fmt"
 	"io"
 	"os"
-
-	exec "golang.org/x/sys/execabs"
+	"os/exec"
 )
 
 // Program is an interface to execute external programs.
@@ -31,27 +29,26 @@ func NewShellProgramFuncWithEnv(name string, env *map[string]string) ProgramFunc
 
 func createProgramCmdRedirectErr(commandName string, args []string, env *map[string]string) *exec.Cmd {
 	programCmd := exec.Command(commandName, args...)
-	programCmd.Env = os.Environ()
 	if env != nil {
 		for k, v := range *env {
-			programCmd.Env = append(programCmd.Env, fmt.Sprintf("%s=%s", k, v))
+			programCmd.Env = append(programCmd.Environ(), k+"="+v)
 		}
 	}
 	programCmd.Stderr = os.Stderr
 	return programCmd
 }
 
-// Shell invokes shell commands to talk with a remote credentials helper.
+// Shell invokes shell commands to talk with a remote credentials-helper.
 type Shell struct {
 	cmd *exec.Cmd
 }
 
-// Output returns responses from the remote credentials helper.
+// Output returns responses from the remote credentials-helper.
 func (s *Shell) Output() ([]byte, error) {
 	return s.cmd.Output()
 }
 
-// Input sets the input to send to a remote credentials helper.
+// Input sets the input to send to a remote credentials-helper.
 func (s *Shell) Input(in io.Reader) {
 	s.cmd.Stdin = in
 }
diff --git a/vendor/github.com/docker/docker-credential-helpers/credentials/credentials.go b/vendor/github.com/docker/docker-credential-helpers/credentials/credentials.go
index 91d9d4bbae..eac5518849 100644
--- a/vendor/github.com/docker/docker-credential-helpers/credentials/credentials.go
+++ b/vendor/github.com/docker/docker-credential-helpers/credentials/credentials.go
@@ -10,6 +10,20 @@ import (
 	"strings"
 )
 
+// Action defines the name of an action (sub-command) supported by a
+// credential-helper binary. It is an alias for "string", and mostly
+// for convenience.
+type Action = string
+
+// List of actions (sub-commands) supported by credential-helper binaries.
+const (
+	ActionStore   Action = "store"
+	ActionGet     Action = "get"
+	ActionErase   Action = "erase"
+	ActionList    Action = "list"
+	ActionVersion Action = "version"
+)
+
 // Credentials holds the information shared between docker and the credentials store.
 type Credentials struct {
 	ServerURL string
@@ -43,42 +57,52 @@ func SetCredsLabel(label string) {
 	CredsLabel = label
 }
 
-// Serve initializes the credentials helper and parses the action argument.
+// Serve initializes the credentials-helper and parses the action argument.
 // This function is designed to be called from a command line interface.
 // It uses os.Args[1] as the key for the action.
 // It uses os.Stdin as input and os.Stdout as output.
 // This function terminates the program with os.Exit(1) if there is an error.
 func Serve(helper Helper) {
-	var err error
 	if len(os.Args) != 2 {
-		err = fmt.Errorf("Usage: %s <store|get|erase|list|version>", os.Args[0])
+		_, _ = fmt.Fprintln(os.Stdout, usage())
+		os.Exit(1)
 	}
 
-	if err == nil {
-		err = HandleCommand(helper, os.Args[1], os.Stdin, os.Stdout)
+	switch os.Args[1] {
+	case "--version", "-v":
+		_ = PrintVersion(os.Stdout)
+		os.Exit(0)
+	case "--help", "-h":
+		_, _ = fmt.Fprintln(os.Stdout, usage())
+		os.Exit(0)
 	}
 
-	if err != nil {
-		fmt.Fprintf(os.Stdout, "%v\n", err)
+	if err := HandleCommand(helper, os.Args[1], os.Stdin, os.Stdout); err != nil {
+		_, _ = fmt.Fprintln(os.Stdout, err)
 		os.Exit(1)
 	}
 }
 
-// HandleCommand uses a helper and a key to run a credential action.
-func HandleCommand(helper Helper, key string, in io.Reader, out io.Writer) error {
-	switch key {
-	case "store":
+func usage() string {
+	return fmt.Sprintf("Usage: %s <store|get|erase|list|version>", Name)
+}
+
+// HandleCommand runs a helper to execute a credential action.
+func HandleCommand(helper Helper, action Action, in io.Reader, out io.Writer) error {
+	switch action {
+	case ActionStore:
 		return Store(helper, in)
-	case "get":
+	case ActionGet:
 		return Get(helper, in, out)
-	case "erase":
+	case ActionErase:
 		return Erase(helper, in)
-	case "list":
+	case ActionList:
 		return List(helper, out)
-	case "version":
+	case ActionVersion:
 		return PrintVersion(out)
+	default:
+		return fmt.Errorf("%s: unknown action: %s", Name, action)
 	}
-	return fmt.Errorf("Unknown credential action `%s`", key)
 }
 
 // Store uses a helper and an input reader to save credentials.
@@ -132,18 +156,17 @@ func Get(helper Helper, reader io.Reader, writer io.Writer) error {
 		return err
 	}
 
-	resp := Credentials{
+	buffer.Reset()
+	err = json.NewEncoder(buffer).Encode(Credentials{
 		ServerURL: serverURL,
 		Username:  username,
 		Secret:    secret,
-	}
-
-	buffer.Reset()
-	if err := json.NewEncoder(buffer).Encode(resp); err != nil {
+	})
+	if err != nil {
 		return err
 	}
 
-	fmt.Fprint(writer, buffer.String())
+	_, _ = fmt.Fprint(writer, buffer.String())
 	return nil
 }
 
@@ -181,6 +204,6 @@ func List(helper Helper, writer io.Writer) error {
 
 // PrintVersion outputs the current version.
 func PrintVersion(writer io.Writer) error {
-	fmt.Fprintf(writer, "%s (%s) %s\n", Name, Package, Version)
+	_, _ = fmt.Fprintf(writer, "%s (%s) %s\n", Name, Package, Version)
 	return nil
 }
diff --git a/vendor/github.com/docker/docker-credential-helpers/credentials/error.go b/vendor/github.com/docker/docker-credential-helpers/credentials/error.go
index fe6a5aef45..8fa4d5d254 100644
--- a/vendor/github.com/docker/docker-credential-helpers/credentials/error.go
+++ b/vendor/github.com/docker/docker-credential-helpers/credentials/error.go
@@ -1,5 +1,7 @@
 package credentials
 
+import "errors"
+
 const (
 	// ErrCredentialsNotFound standardizes the not found error, so every helper returns
 	// the same message and docker can handle it properly.
@@ -21,6 +23,11 @@ func (errCredentialsNotFound) Error() string {
 	return errCredentialsNotFoundMessage
 }
 
+// NotFound implements the [ErrNotFound][errdefs.ErrNotFound] interface.
+//
+// [errdefs.ErrNotFound]: https://pkg.go.dev/github.com/docker/docker@v24.0.1+incompatible/errdefs#ErrNotFound
+func (errCredentialsNotFound) NotFound() {}
+
 // NewErrCredentialsNotFound creates a new error
 // for when the credentials are not in the store.
 func NewErrCredentialsNotFound() error {
@@ -30,8 +37,8 @@ func NewErrCredentialsNotFound() error {
 // IsErrCredentialsNotFound returns true if the error
 // was caused by not having a set of credentials in a store.
 func IsErrCredentialsNotFound(err error) bool {
-	_, ok := err.(errCredentialsNotFound)
-	return ok
+	var target errCredentialsNotFound
+	return errors.As(err, &target)
 }
 
 // IsErrCredentialsNotFoundMessage returns true if the error
@@ -53,6 +60,12 @@ func (errCredentialsMissingServerURL) Error() string {
 	return errCredentialsMissingServerURLMessage
 }
 
+// InvalidParameter implements the [ErrInvalidParameter][errdefs.ErrInvalidParameter]
+// interface.
+//
+// [errdefs.ErrInvalidParameter]: https://pkg.go.dev/github.com/docker/docker@v24.0.1+incompatible/errdefs#ErrInvalidParameter
+func (errCredentialsMissingServerURL) InvalidParameter() {}
+
 // errCredentialsMissingUsername represents an error raised
 // when the credentials object has no username or when no
 // username is provided to a credentials operation requiring
@@ -63,6 +76,12 @@ func (errCredentialsMissingUsername) Error() string {
 	return errCredentialsMissingUsernameMessage
 }
 
+// InvalidParameter implements the [ErrInvalidParameter][errdefs.ErrInvalidParameter]
+// interface.
+//
+// [errdefs.ErrInvalidParameter]: https://pkg.go.dev/github.com/docker/docker@v24.0.1+incompatible/errdefs#ErrInvalidParameter
+func (errCredentialsMissingUsername) InvalidParameter() {}
+
 // NewErrCredentialsMissingServerURL creates a new error for
 // errCredentialsMissingServerURL.
 func NewErrCredentialsMissingServerURL() error {
@@ -78,8 +97,8 @@ func NewErrCredentialsMissingUsername() error {
 // IsCredentialsMissingServerURL returns true if the error
 // was an errCredentialsMissingServerURL.
 func IsCredentialsMissingServerURL(err error) bool {
-	_, ok := err.(errCredentialsMissingServerURL)
-	return ok
+	var target errCredentialsMissingServerURL
+	return errors.As(err, &target)
 }
 
 // IsCredentialsMissingServerURLMessage checks for an
@@ -91,8 +110,8 @@ func IsCredentialsMissingServerURLMessage(err string) bool {
 // IsCredentialsMissingUsername returns true if the error
 // was an errCredentialsMissingUsername.
 func IsCredentialsMissingUsername(err error) bool {
-	_, ok := err.(errCredentialsMissingUsername)
-	return ok
+	var target errCredentialsMissingUsername
+	return errors.As(err, &target)
 }
 
 // IsCredentialsMissingUsernameMessage checks for an
diff --git a/vendor/github.com/eapache/go-resiliency/breaker/README.md b/vendor/github.com/eapache/go-resiliency/breaker/README.md
index 2d1b3d9322..76f5007397 100644
--- a/vendor/github.com/eapache/go-resiliency/breaker/README.md
+++ b/vendor/github.com/eapache/go-resiliency/breaker/README.md
@@ -1,7 +1,7 @@
 circuit-breaker
 ===============
 
-[![Build Status](https://travis-ci.org/eapache/go-resiliency.svg?branch=master)](https://travis-ci.org/eapache/go-resiliency)
+[![Golang CI](https://github.com/eapache/go-resiliency/actions/workflows/golang-ci.yml/badge.svg)](https://github.com/eapache/go-resiliency/actions/workflows/golang-ci.yml)
 [![GoDoc](https://godoc.org/github.com/eapache/go-resiliency/breaker?status.svg)](https://godoc.org/github.com/eapache/go-resiliency/breaker)
 [![Code of Conduct](https://img.shields.io/badge/code%20of%20conduct-active-blue.svg)](https://eapache.github.io/conduct.html)
 
diff --git a/vendor/github.com/ebitengine/purego/README.md b/vendor/github.com/ebitengine/purego/README.md
index b8480f4567..7115f72760 100644
--- a/vendor/github.com/ebitengine/purego/README.md
+++ b/vendor/github.com/ebitengine/purego/README.md
@@ -19,7 +19,7 @@ born to bring that same vision to the other platforms supported by Ebitengine.
 
 ## Example
 
-This example only works on macOS and Linux. For a complete example look at [libc](https://github.com/ebitengine/purego/tree/main/examples/libc) which supports Windows.
+This example only works on macOS and Linux. For a complete example look at [libc](https://github.com/ebitengine/purego/tree/main/examples/libc) which supports Windows and FreeBSD.
 
 ```go
 package main
@@ -61,10 +61,14 @@ Purego uses code that originates from the Go runtime. These files are under the
 License that can be found [in the Go Source](https://github.com/golang/go/blob/master/LICENSE).
 This is a list of the copied files:
 
+* `abi_*.h` from package `runtime/cgo`
 * `zcallback_darwin_*.s` from package `runtime`
-* `internal/abi/abi_*.h` from package `runtime/cgo`
+* `internal/fakecgo/abi_*.h` from package `runtime/cgo`
 * `internal/fakecgo/asm_GOARCH.s` from package `runtime/cgo`
 * `internal/fakecgo/callbacks.go` from package `runtime/cgo`
 * `internal/fakecgo/go_GOOS_GOARCH.go` from package `runtime/cgo`
 * `internal/fakecgo/iscgo.go` from package `runtime/cgo`
 * `internal/fakecgo/setenv.go` from package `runtime/cgo`
+* `internal/fakecgo/freebsd.go` from package `runtime/cgo`
+
+The files `abi_*.h` and `internal/fakecgo/abi_*.h` are the same because Bazel does not support cross-package use of `#include` so we need each one once per package. (cf. [issue](https://github.com/bazelbuild/rules_go/issues/3636))
diff --git a/vendor/github.com/ebitengine/purego/internal/abi/abi_amd64.h b/vendor/github.com/ebitengine/purego/abi_amd64.h
similarity index 100%
rename from vendor/github.com/ebitengine/purego/internal/abi/abi_amd64.h
rename to vendor/github.com/ebitengine/purego/abi_amd64.h
diff --git a/vendor/github.com/ebitengine/purego/internal/abi/abi_arm64.h b/vendor/github.com/ebitengine/purego/abi_arm64.h
similarity index 100%
rename from vendor/github.com/ebitengine/purego/internal/abi/abi_arm64.h
rename to vendor/github.com/ebitengine/purego/abi_arm64.h
diff --git a/vendor/github.com/ebitengine/purego/cgo.go b/vendor/github.com/ebitengine/purego/cgo.go
index ebe6912416..32fe782358 100644
--- a/vendor/github.com/ebitengine/purego/cgo.go
+++ b/vendor/github.com/ebitengine/purego/cgo.go
@@ -1,7 +1,7 @@
 // SPDX-License-Identifier: Apache-2.0
 // SPDX-FileCopyrightText: 2022 The Ebitengine Authors
 
-//go:build cgo && (darwin || linux)
+//go:build cgo && (darwin || freebsd || linux)
 
 package purego
 
diff --git a/vendor/github.com/ebitengine/purego/dlerror.go b/vendor/github.com/ebitengine/purego/dlerror.go
index e5ce708932..cf4c0505d2 100644
--- a/vendor/github.com/ebitengine/purego/dlerror.go
+++ b/vendor/github.com/ebitengine/purego/dlerror.go
@@ -1,7 +1,7 @@
 // SPDX-License-Identifier: Apache-2.0
 // SPDX-FileCopyrightText: 2023 The Ebitengine Authors
 
-//go:build darwin || linux
+//go:build darwin || freebsd || linux
 
 package purego
 
diff --git a/vendor/github.com/ebitengine/purego/dlfcn.go b/vendor/github.com/ebitengine/purego/dlfcn.go
index 5b535600bf..2ee6f34b3e 100644
--- a/vendor/github.com/ebitengine/purego/dlfcn.go
+++ b/vendor/github.com/ebitengine/purego/dlfcn.go
@@ -1,7 +1,7 @@
 // SPDX-License-Identifier: Apache-2.0
 // SPDX-FileCopyrightText: 2022 The Ebitengine Authors
 
-//go:build darwin || linux
+//go:build darwin || freebsd || linux
 
 package purego
 
diff --git a/vendor/github.com/ebitengine/purego/dlfcn_freebsd.go b/vendor/github.com/ebitengine/purego/dlfcn_freebsd.go
new file mode 100644
index 0000000000..b34b61f706
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/dlfcn_freebsd.go
@@ -0,0 +1,18 @@
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors
+
+package purego
+
+// Constants as defined in https://github.com/freebsd/freebsd-src/blob/main/include/dlfcn.h
+const (
+	RTLD_DEFAULT = ^uintptr(0) - 2 // Pseudo-handle for dlsym so search for any loaded symbol
+	RTLD_LAZY    = 0x00001         // Relocations are performed at an implementation-dependent time.
+	RTLD_NOW     = 0x00002         // Relocations are performed when the object is loaded.
+	RTLD_LOCAL   = 0x00000         // All symbols are not made available for relocation processing by other modules.
+	RTLD_GLOBAL  = 0x00100         // All symbols are available for relocation processing of other modules.
+)
+
+//go:cgo_import_dynamic purego_dlopen dlopen "libc.so.7"
+//go:cgo_import_dynamic purego_dlsym dlsym "libc.so.7"
+//go:cgo_import_dynamic purego_dlerror dlerror "libc.so.7"
+//go:cgo_import_dynamic purego_dlclose dlclose "libc.so.7"
diff --git a/vendor/github.com/ebitengine/purego/dlfcn_stubs.s b/vendor/github.com/ebitengine/purego/dlfcn_stubs.s
index c80116d7de..d8c6eea3c8 100644
--- a/vendor/github.com/ebitengine/purego/dlfcn_stubs.s
+++ b/vendor/github.com/ebitengine/purego/dlfcn_stubs.s
@@ -1,26 +1,26 @@
 // SPDX-License-Identifier: Apache-2.0
 // SPDX-FileCopyrightText: 2022 The Ebitengine Authors
 
-//go:build darwin || (linux && !cgo)
+//go:build darwin || freebsd || (linux && !cgo)
 
 #include "textflag.h"
 
 // func dlopen(path *byte, mode int) (ret uintptr)
-TEXT dlopen(SB), NOSPLIT, $0-0
+TEXT dlopen(SB), NOSPLIT|NOFRAME, $0-0
 	JMP purego_dlopen(SB)
 	RET
 
 // func dlsym(handle uintptr, symbol *byte) (ret uintptr)
-TEXT dlsym(SB), NOSPLIT, $0-0
+TEXT dlsym(SB), NOSPLIT|NOFRAME, $0-0
 	JMP purego_dlsym(SB)
 	RET
 
 // func dlerror() (ret *byte)
-TEXT dlerror(SB), NOSPLIT, $0-0
+TEXT dlerror(SB), NOSPLIT|NOFRAME, $0-0
 	JMP purego_dlerror(SB)
 	RET
 
 // func dlclose(handle uintptr) (ret int)
-TEXT dlclose(SB), NOSPLIT, $0-0
+TEXT dlclose(SB), NOSPLIT|NOFRAME, $0-0
 	JMP purego_dlclose(SB)
 	RET
diff --git a/vendor/github.com/ebitengine/purego/dummy.go b/vendor/github.com/ebitengine/purego/dummy.go
deleted file mode 100644
index 8ac52fc7f7..0000000000
--- a/vendor/github.com/ebitengine/purego/dummy.go
+++ /dev/null
@@ -1,14 +0,0 @@
-// SPDX-License-Identifier: Apache-2.0
-// SPDX-FileCopyrightText: 2022 The Ebitengine Authors
-
-//go:build dummy
-
-// This file exists purely to prevent the Go toolchain from stripping
-// away the C source directories and files when `go mod vendor` is used
-// to populate a `vendor/` directory of a project depending on this package.
-
-package purego
-
-import (
-	_ "github.com/ebitengine/purego/internal/abi"
-)
diff --git a/vendor/github.com/ebitengine/purego/func.go b/vendor/github.com/ebitengine/purego/func.go
index 8ddf76d6d9..48677850da 100644
--- a/vendor/github.com/ebitengine/purego/func.go
+++ b/vendor/github.com/ebitengine/purego/func.go
@@ -1,7 +1,7 @@
 // SPDX-License-Identifier: Apache-2.0
 // SPDX-FileCopyrightText: 2022 The Ebitengine Authors
 
-//go:build darwin || linux || windows
+//go:build darwin || freebsd || linux || windows
 
 package purego
 
@@ -35,7 +35,7 @@ func RegisterLibFunc(fptr interface{}, handle uintptr, name string) {
 // matches the C function. This also holds true for struct types where the padding
 // needs to be ensured to match that of C; RegisterFunc does not verify this.
 //
-// Type Conversions (Go => C)
+// # Type Conversions (Go <=> C)
 //
 //	string <=> char*
 //	bool <=> _Bool
@@ -65,6 +65,43 @@ func RegisterLibFunc(fptr interface{}, handle uintptr, name string) {
 // There are some limitations when using RegisterFunc on Linux. First, there is no support for function arguments.
 // Second, float32 and float64 arguments and return values do not work when CGO_ENABLED=1. Otherwise, Linux
 // has the same feature parity as Darwin.
+//
+// # Memory
+//
+// In general it is not possible for purego to guarantee the lifetimes of objects returned or received from
+// calling functions using RegisterFunc. For arguments to a C function it is important that the C function doesn't
+// hold onto a reference to Go memory. This is the same as the [Cgo rules].
+//
+// However, there are some special cases. When passing a string as an argument if the string does not end in a null
+// terminated byte (\x00) then the string will be copied into memory maintained by purego. The memory is only valid for
+// that specific call. Therefore, if the C code keeps a reference to that string it may become invalid at some
+// undefined time. However, if the string does already contain a null-terminated byte then no copy is done.
+// It is then the responsibility of the caller to ensure the string stays alive as long as it's needed in C memory.
+// This can be done using runtime.KeepAlive or allocating the string in C memory using malloc. When a C function
+// returns a null-terminated pointer to char a Go string can be used. Purego will allocate a new string in Go memory
+// and copy the data over. This string will be garbage collected whenever Go decides it's no longer referenced.
+// This C created string will not be freed by purego. If the pointer to char is not null-terminated or must continue
+// to point to C memory (because it's a buffer for example) then use a pointer to byte and then convert that to a slice
+// using unsafe.Slice. Doing this means that it becomes the responsibility of the caller to care about the lifetime
+// of the pointer
+//
+// # Example
+//
+// All functions below call this C function:
+//
+//	char *foo(char *str);
+//
+//	// Let purego convert types
+//	var foo func(s string) string
+//	goString := foo("copied")
+//	// Go will garbage collect this string
+//
+//	// Manually, handle allocations
+//	var foo2 func(b string) *byte
+//	mustFree := foo2("not copied\x00")
+//	defer free(mustFree)
+//
+// [Cgo rules]: https://pkg.go.dev/cmd/cgo#hdr-Go_references_to_C
 func RegisterFunc(fptr interface{}, cfn uintptr) {
 	fn := reflect.ValueOf(fptr).Elem()
 	ty := fn.Type()
diff --git a/vendor/github.com/ebitengine/purego/go_runtime.go b/vendor/github.com/ebitengine/purego/go_runtime.go
index d4347402df..9593dac90f 100644
--- a/vendor/github.com/ebitengine/purego/go_runtime.go
+++ b/vendor/github.com/ebitengine/purego/go_runtime.go
@@ -1,7 +1,7 @@
 // SPDX-License-Identifier: Apache-2.0
 // SPDX-FileCopyrightText: 2022 The Ebitengine Authors
 
-//go:build darwin || linux || windows
+//go:build darwin || freebsd || linux || windows
 
 package purego
 
diff --git a/vendor/github.com/ebitengine/purego/internal/abi/dummy.go b/vendor/github.com/ebitengine/purego/internal/abi/dummy.go
deleted file mode 100644
index 0f218f3a38..0000000000
--- a/vendor/github.com/ebitengine/purego/internal/abi/dummy.go
+++ /dev/null
@@ -1,7 +0,0 @@
-// SPDX-License-Identifier: Apache-2.0
-// SPDX-FileCopyrightText: 2022 The Ebitengine Authors
-
-//go:build dummy
-
-// Package abi is a dummy package that prevents go tooling from stripping the C dependencies.
-package abi
diff --git a/vendor/github.com/ebitengine/purego/internal/cgo/syscall_cgo_linux.go b/vendor/github.com/ebitengine/purego/internal/cgo/syscall_cgo_unix.go
similarity index 98%
rename from vendor/github.com/ebitengine/purego/internal/cgo/syscall_cgo_linux.go
rename to vendor/github.com/ebitengine/purego/internal/cgo/syscall_cgo_unix.go
index 89b9fca6c8..9a4538de87 100644
--- a/vendor/github.com/ebitengine/purego/internal/cgo/syscall_cgo_linux.go
+++ b/vendor/github.com/ebitengine/purego/internal/cgo/syscall_cgo_unix.go
@@ -1,6 +1,8 @@
 // SPDX-License-Identifier: Apache-2.0
 // SPDX-FileCopyrightText: 2022 The Ebitengine Authors
 
+//go:build freebsd || linux
+
 package cgo
 
 // this file is placed inside internal/cgo and not package purego
diff --git a/vendor/github.com/ebitengine/purego/internal/fakecgo/abi_amd64.h b/vendor/github.com/ebitengine/purego/internal/fakecgo/abi_amd64.h
new file mode 100644
index 0000000000..9949435fe9
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/internal/fakecgo/abi_amd64.h
@@ -0,0 +1,99 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Macros for transitioning from the host ABI to Go ABI0.
+//
+// These save the frame pointer, so in general, functions that use
+// these should have zero frame size to suppress the automatic frame
+// pointer, though it's harmless to not do this.
+
+#ifdef GOOS_windows
+
+// REGS_HOST_TO_ABI0_STACK is the stack bytes used by
+// PUSH_REGS_HOST_TO_ABI0.
+#define REGS_HOST_TO_ABI0_STACK (28*8 + 8)
+
+// PUSH_REGS_HOST_TO_ABI0 prepares for transitioning from
+// the host ABI to Go ABI0 code. It saves all registers that are
+// callee-save in the host ABI and caller-save in Go ABI0 and prepares
+// for entry to Go.
+//
+// Save DI SI BP BX R12 R13 R14 R15 X6-X15 registers and the DF flag.
+// Clear the DF flag for the Go ABI.
+// MXCSR matches the Go ABI, so we don't have to set that,
+// and Go doesn't modify it, so we don't have to save it.
+#define PUSH_REGS_HOST_TO_ABI0()	\
+	PUSHFQ			\
+	CLD			\
+	ADJSP	$(REGS_HOST_TO_ABI0_STACK - 8)	\
+	MOVQ	DI, (0*0)(SP)	\
+	MOVQ	SI, (1*8)(SP)	\
+	MOVQ	BP, (2*8)(SP)	\
+	MOVQ	BX, (3*8)(SP)	\
+	MOVQ	R12, (4*8)(SP)	\
+	MOVQ	R13, (5*8)(SP)	\
+	MOVQ	R14, (6*8)(SP)	\
+	MOVQ	R15, (7*8)(SP)	\
+	MOVUPS	X6, (8*8)(SP)	\
+	MOVUPS	X7, (10*8)(SP)	\
+	MOVUPS	X8, (12*8)(SP)	\
+	MOVUPS	X9, (14*8)(SP)	\
+	MOVUPS	X10, (16*8)(SP)	\
+	MOVUPS	X11, (18*8)(SP)	\
+	MOVUPS	X12, (20*8)(SP)	\
+	MOVUPS	X13, (22*8)(SP)	\
+	MOVUPS	X14, (24*8)(SP)	\
+	MOVUPS	X15, (26*8)(SP)
+
+#define POP_REGS_HOST_TO_ABI0()	\
+	MOVQ	(0*0)(SP), DI	\
+	MOVQ	(1*8)(SP), SI	\
+	MOVQ	(2*8)(SP), BP	\
+	MOVQ	(3*8)(SP), BX	\
+	MOVQ	(4*8)(SP), R12	\
+	MOVQ	(5*8)(SP), R13	\
+	MOVQ	(6*8)(SP), R14	\
+	MOVQ	(7*8)(SP), R15	\
+	MOVUPS	(8*8)(SP), X6	\
+	MOVUPS	(10*8)(SP), X7	\
+	MOVUPS	(12*8)(SP), X8	\
+	MOVUPS	(14*8)(SP), X9	\
+	MOVUPS	(16*8)(SP), X10	\
+	MOVUPS	(18*8)(SP), X11	\
+	MOVUPS	(20*8)(SP), X12	\
+	MOVUPS	(22*8)(SP), X13	\
+	MOVUPS	(24*8)(SP), X14	\
+	MOVUPS	(26*8)(SP), X15	\
+	ADJSP	$-(REGS_HOST_TO_ABI0_STACK - 8)	\
+	POPFQ
+
+#else
+// SysV ABI
+
+#define REGS_HOST_TO_ABI0_STACK (6*8)
+
+// SysV MXCSR matches the Go ABI, so we don't have to set that,
+// and Go doesn't modify it, so we don't have to save it.
+// Both SysV and Go require DF to be cleared, so that's already clear.
+// The SysV and Go frame pointer conventions are compatible.
+#define PUSH_REGS_HOST_TO_ABI0()	\
+	ADJSP	$(REGS_HOST_TO_ABI0_STACK)	\
+	MOVQ	BP, (5*8)(SP)	\
+	LEAQ	(5*8)(SP), BP	\
+	MOVQ	BX, (0*8)(SP)	\
+	MOVQ	R12, (1*8)(SP)	\
+	MOVQ	R13, (2*8)(SP)	\
+	MOVQ	R14, (3*8)(SP)	\
+	MOVQ	R15, (4*8)(SP)
+
+#define POP_REGS_HOST_TO_ABI0()	\
+	MOVQ	(0*8)(SP), BX	\
+	MOVQ	(1*8)(SP), R12	\
+	MOVQ	(2*8)(SP), R13	\
+	MOVQ	(3*8)(SP), R14	\
+	MOVQ	(4*8)(SP), R15	\
+	MOVQ	(5*8)(SP), BP	\
+	ADJSP	$-(REGS_HOST_TO_ABI0_STACK)
+
+#endif
diff --git a/vendor/github.com/ebitengine/purego/internal/fakecgo/abi_arm64.h b/vendor/github.com/ebitengine/purego/internal/fakecgo/abi_arm64.h
new file mode 100644
index 0000000000..5d5061ec1d
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/internal/fakecgo/abi_arm64.h
@@ -0,0 +1,39 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Macros for transitioning from the host ABI to Go ABI0.
+//
+// These macros save and restore the callee-saved registers
+// from the stack, but they don't adjust stack pointer, so
+// the user should prepare stack space in advance.
+// SAVE_R19_TO_R28(offset) saves R19 ~ R28 to the stack space
+// of ((offset)+0*8)(RSP) ~ ((offset)+9*8)(RSP).
+//
+// SAVE_F8_TO_F15(offset) saves F8 ~ F15 to the stack space
+// of ((offset)+0*8)(RSP) ~ ((offset)+7*8)(RSP).
+//
+// R29 is not saved because Go will save and restore it.
+
+#define SAVE_R19_TO_R28(offset) \
+	STP	(R19, R20), ((offset)+0*8)(RSP) \
+	STP	(R21, R22), ((offset)+2*8)(RSP) \
+	STP	(R23, R24), ((offset)+4*8)(RSP) \
+	STP	(R25, R26), ((offset)+6*8)(RSP) \
+	STP	(R27, g), ((offset)+8*8)(RSP)
+#define RESTORE_R19_TO_R28(offset) \
+	LDP	((offset)+0*8)(RSP), (R19, R20) \
+	LDP	((offset)+2*8)(RSP), (R21, R22) \
+	LDP	((offset)+4*8)(RSP), (R23, R24) \
+	LDP	((offset)+6*8)(RSP), (R25, R26) \
+	LDP	((offset)+8*8)(RSP), (R27, g) /* R28 */
+#define SAVE_F8_TO_F15(offset) \
+	FSTPD	(F8, F9), ((offset)+0*8)(RSP) \
+	FSTPD	(F10, F11), ((offset)+2*8)(RSP) \
+	FSTPD	(F12, F13), ((offset)+4*8)(RSP) \
+	FSTPD	(F14, F15), ((offset)+6*8)(RSP)
+#define RESTORE_F8_TO_F15(offset) \
+	FLDPD	((offset)+0*8)(RSP), (F8, F9) \
+	FLDPD	((offset)+2*8)(RSP), (F10, F11) \
+	FLDPD	((offset)+4*8)(RSP), (F12, F13) \
+	FLDPD	((offset)+6*8)(RSP), (F14, F15)
diff --git a/vendor/github.com/ebitengine/purego/internal/fakecgo/asm_amd64.s b/vendor/github.com/ebitengine/purego/internal/fakecgo/asm_amd64.s
index 4f02a5d62a..1ad9254757 100644
--- a/vendor/github.com/ebitengine/purego/internal/fakecgo/asm_amd64.s
+++ b/vendor/github.com/ebitengine/purego/internal/fakecgo/asm_amd64.s
@@ -3,74 +3,37 @@
 // license that can be found in the LICENSE file.
 
 #include "textflag.h"
+#include "abi_amd64.h"
 
 // Called by C code generated by cmd/cgo.
 // func crosscall2(fn, a unsafe.Pointer, n int32, ctxt uintptr)
 // Saves C callee-saved registers and calls cgocallback with three arguments.
 // fn is the PC of a func(a unsafe.Pointer) function.
 // This signature is known to SWIG, so we can't change it.
-#ifndef GOOS_windows
-TEXT crosscall2(SB), NOSPLIT, $0x50-0 // keeps stack pointer 32-byte aligned
-#else
-TEXT crosscall2(SB), NOSPLIT, $0x110-0 // also need to save xmm6 - xmm15
-#endif
-	MOVQ BX, 0x18(SP)
-	MOVQ R12, 0x28(SP)
-	MOVQ R13, 0x30(SP)
-	MOVQ R14, 0x38(SP)
-	MOVQ R15, 0x40(SP)
-
-#ifdef GOOS_windows
-	// Win64 save RBX, RBP, RDI, RSI, RSP, R12, R13, R14, R15 and XMM6 -- XMM15.
-	MOVQ   DI, 0x48(SP)
-	MOVQ   SI, 0x50(SP)
-	MOVUPS X6, 0x60(SP)
-	MOVUPS X7, 0x70(SP)
-	MOVUPS X8, 0x80(SP)
-	MOVUPS X9, 0x90(SP)
-	MOVUPS X10, 0xa0(SP)
-	MOVUPS X11, 0xb0(SP)
-	MOVUPS X12, 0xc0(SP)
-	MOVUPS X13, 0xd0(SP)
-	MOVUPS X14, 0xe0(SP)
-	MOVUPS X15, 0xf0(SP)
-
-	MOVQ CX, 0x0(SP) // fn
-	MOVQ DX, 0x8(SP) // arg
-
-	// Skip n in R8.
-	MOVQ R9, 0x10(SP) // ctxt
-
-	CALL runtime·cgocallback(SB)
+TEXT crosscall2(SB), NOSPLIT|NOFRAME, $0-0
+	PUSH_REGS_HOST_TO_ABI0()
 
-	MOVQ   0x48(SP), DI
-	MOVQ   0x50(SP), SI
-	MOVUPS 0x60(SP), X6
-	MOVUPS 0x70(SP), X7
-	MOVUPS 0x80(SP), X8
-	MOVUPS 0x90(SP), X9
-	MOVUPS 0xa0(SP), X10
-	MOVUPS 0xb0(SP), X11
-	MOVUPS 0xc0(SP), X12
-	MOVUPS 0xd0(SP), X13
-	MOVUPS 0xe0(SP), X14
-	MOVUPS 0xf0(SP), X15
+	// Make room for arguments to cgocallback.
+	ADJSP $0x18
 
-#else
+#ifndef GOOS_windows
 	MOVQ DI, 0x0(SP) // fn
 	MOVQ SI, 0x8(SP) // arg
 
 	// Skip n in DX.
 	MOVQ CX, 0x10(SP) // ctxt
 
-	CALL runtime·cgocallback(SB)
+#else
+	MOVQ CX, 0x0(SP) // fn
+	MOVQ DX, 0x8(SP) // arg
+
+	// Skip n in R8.
+	MOVQ R9, 0x10(SP) // ctxt
 
 #endif
 
-	MOVQ 0x18(SP), BX
-	MOVQ 0x28(SP), R12
-	MOVQ 0x30(SP), R13
-	MOVQ 0x38(SP), R14
-	MOVQ 0x40(SP), R15
+	CALL runtime·cgocallback(SB)
 
+	ADJSP $-0x18
+	POP_REGS_HOST_TO_ABI0()
 	RET
diff --git a/vendor/github.com/ebitengine/purego/internal/fakecgo/asm_arm64.s b/vendor/github.com/ebitengine/purego/internal/fakecgo/asm_arm64.s
index 3083b36bf0..50e5261d92 100644
--- a/vendor/github.com/ebitengine/purego/internal/fakecgo/asm_arm64.s
+++ b/vendor/github.com/ebitengine/purego/internal/fakecgo/asm_arm64.s
@@ -3,7 +3,7 @@
 // license that can be found in the LICENSE file.
 
 #include "textflag.h"
-#include "../abi/abi_arm64.h"
+#include "abi_arm64.h"
 
 // Called by C code generated by cmd/cgo.
 // func crosscall2(fn, a unsafe.Pointer, n int32, ctxt uintptr)
diff --git a/vendor/github.com/ebitengine/purego/internal/fakecgo/callbacks.go b/vendor/github.com/ebitengine/purego/internal/fakecgo/callbacks.go
index 84ee25b3e2..f6a079a7c2 100644
--- a/vendor/github.com/ebitengine/purego/internal/fakecgo/callbacks.go
+++ b/vendor/github.com/ebitengine/purego/internal/fakecgo/callbacks.go
@@ -2,11 +2,13 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-//go:build darwin || linux
+//go:build darwin || freebsd || linux
 
 package fakecgo
 
-import _ "unsafe"
+import (
+	_ "unsafe"
+)
 
 // TODO: decide if we need _runtime_cgo_panic_internal
 
@@ -39,6 +41,33 @@ var _cgo_thread_start = &x_cgo_thread_start_trampoline
 var x_cgo_notify_runtime_init_done_trampoline byte
 var _cgo_notify_runtime_init_done = &x_cgo_notify_runtime_init_done_trampoline
 
+// Indicates whether a dummy thread key has been created or not.
+//
+// When calling go exported function from C, we register a destructor
+// callback, for a dummy thread key, by using pthread_key_create.
+
+//go:linkname _cgo_pthread_key_created _cgo_pthread_key_created
+var x_cgo_pthread_key_created uintptr
+var _cgo_pthread_key_created = &x_cgo_pthread_key_created
+
+// Set the x_crosscall2_ptr C function pointer variable point to crosscall2.
+// It's for the runtime package to call at init time.
+func set_crosscall2() {
+	// nothing needs to be done here for fakecgo
+	// because it's possible to just call cgocallback directly
+}
+
+//go:linkname _set_crosscall2 runtime.set_crosscall2
+var _set_crosscall2 = set_crosscall2
+
+// Store the g into the thread-specific value.
+// So that pthread_key_destructor will dropm when the thread is exiting.
+
+//go:linkname x_cgo_bindm_trampoline x_cgo_bindm_trampoline
+//go:linkname _cgo_bindm _cgo_bindm
+var x_cgo_bindm_trampoline byte
+var _cgo_bindm = &x_cgo_bindm_trampoline
+
 // TODO: decide if we need x_cgo_set_context_function
 // TODO: decide if we need _cgo_yield
 
diff --git a/vendor/github.com/ebitengine/purego/internal/fakecgo/doc.go b/vendor/github.com/ebitengine/purego/internal/fakecgo/doc.go
index 7309b86ce8..efbe4212e2 100644
--- a/vendor/github.com/ebitengine/purego/internal/fakecgo/doc.go
+++ b/vendor/github.com/ebitengine/purego/internal/fakecgo/doc.go
@@ -1,7 +1,7 @@
 // SPDX-License-Identifier: Apache-2.0
 // SPDX-FileCopyrightText: 2022 The Ebitengine Authors
 
-//go:build darwin
+//go:build darwin || freebsd
 
 // Package fakecgo implements the Cgo runtime (runtime/cgo) entirely in Go.
 // This allows code that calls into C to function properly when CGO_ENABLED=0.
diff --git a/vendor/github.com/ebitengine/purego/internal/fakecgo/freebsd.go b/vendor/github.com/ebitengine/purego/internal/fakecgo/freebsd.go
new file mode 100644
index 0000000000..bb73a709e6
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/internal/fakecgo/freebsd.go
@@ -0,0 +1,27 @@
+// Copyright 2010 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build freebsd && !cgo
+
+package fakecgo
+
+import _ "unsafe" // for go:linkname
+
+// Supply environ and __progname, because we don't
+// link against the standard FreeBSD crt0.o and the
+// libc dynamic library needs them.
+
+// Note: when building with cross-compiling or CGO_ENABLED=0, add
+// the following argument to `go` so that these symbols are defined by
+// making fakecgo the Cgo.
+//   -gcflags="github.com/ebitengine/purego/internal/fakecgo=-std"
+
+//go:linkname _environ environ
+//go:linkname _progname __progname
+
+//go:cgo_export_dynamic environ
+//go:cgo_export_dynamic __progname
+
+var _environ uintptr
+var _progname uintptr
diff --git a/vendor/github.com/ebitengine/purego/internal/fakecgo/go_freebsd_amd64.go b/vendor/github.com/ebitengine/purego/internal/fakecgo/go_freebsd_amd64.go
new file mode 100644
index 0000000000..9aa57ef663
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/internal/fakecgo/go_freebsd_amd64.go
@@ -0,0 +1,93 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package fakecgo
+
+import "unsafe"
+
+//go:nosplit
+func _cgo_sys_thread_start(ts *ThreadStart) {
+	var attr pthread_attr_t
+	var ign, oset sigset_t
+	var p pthread_t
+	var size size_t
+	var err int
+
+	//fprintf(stderr, "runtime/cgo: _cgo_sys_thread_start: fn=%p, g=%p\n", ts->fn, ts->g); // debug
+	sigfillset(&ign)
+	pthread_sigmask(SIG_SETMASK, &ign, &oset)
+
+	pthread_attr_init(&attr)
+	pthread_attr_getstacksize(&attr, &size)
+	// Leave stacklo=0 and set stackhi=size; mstart will do the rest.
+	ts.g.stackhi = uintptr(size)
+
+	err = _cgo_try_pthread_create(&p, &attr, unsafe.Pointer(threadentry_trampolineABI0), ts)
+
+	pthread_sigmask(SIG_SETMASK, &oset, nil)
+
+	if err != 0 {
+		print("fakecgo: pthread_create failed: ")
+		println(err)
+		abort()
+	}
+}
+
+// threadentry_trampolineABI0 maps the C ABI to Go ABI then calls the Go function
+//
+//go:linkname x_threadentry_trampoline threadentry_trampoline
+var x_threadentry_trampoline byte
+var threadentry_trampolineABI0 = &x_threadentry_trampoline
+
+//go:nosplit
+func threadentry(v unsafe.Pointer) unsafe.Pointer {
+	ts := *(*ThreadStart)(v)
+	free(v)
+
+	setg_trampoline(setg_func, uintptr(unsafe.Pointer(ts.g)))
+
+	// faking funcs in go is a bit a... involved - but the following works :)
+	fn := uintptr(unsafe.Pointer(&ts.fn))
+	(*(*func())(unsafe.Pointer(&fn)))()
+
+	return nil
+}
+
+// here we will store a pointer to the provided setg func
+var setg_func uintptr
+
+//go:nosplit
+func x_cgo_init(g *G, setg uintptr) {
+	var size size_t
+	var attr *pthread_attr_t
+
+	/* The memory sanitizer distributed with versions of clang
+	   before 3.8 has a bug: if you call mmap before malloc, mmap
+	   may return an address that is later overwritten by the msan
+	   library.  Avoid this problem by forcing a call to malloc
+	   here, before we ever call malloc.
+
+	   This is only required for the memory sanitizer, so it's
+	   unfortunate that we always run it.  It should be possible
+	   to remove this when we no longer care about versions of
+	   clang before 3.8.  The test for this is
+	   misc/cgo/testsanitizers.
+
+	   GCC works hard to eliminate a seemingly unnecessary call to
+	   malloc, so we actually use the memory we allocate.  */
+
+	setg_func = setg
+	attr = (*pthread_attr_t)(malloc(unsafe.Sizeof(*attr)))
+	if attr == nil {
+		println("fakecgo: malloc failed")
+		abort()
+	}
+	pthread_attr_init(attr)
+	pthread_attr_getstacksize(attr, &size)
+	// runtime/cgo uses __builtin_frame_address(0) instead of `uintptr(unsafe.Pointer(&size))`
+	// but this should be OK since we are taking the address of the first variable in this function.
+	g.stacklo = uintptr(unsafe.Pointer(&size)) - uintptr(size) + 4096
+	pthread_attr_destroy(attr)
+	free(unsafe.Pointer(attr))
+}
diff --git a/vendor/github.com/ebitengine/purego/internal/fakecgo/go_freebsd_arm64.go b/vendor/github.com/ebitengine/purego/internal/fakecgo/go_freebsd_arm64.go
new file mode 100644
index 0000000000..1db518e3a6
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/internal/fakecgo/go_freebsd_arm64.go
@@ -0,0 +1,96 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package fakecgo
+
+import "unsafe"
+
+//go:nosplit
+func _cgo_sys_thread_start(ts *ThreadStart) {
+	var attr pthread_attr_t
+	var ign, oset sigset_t
+	var p pthread_t
+	var size size_t
+	var err int
+
+	//fprintf(stderr, "runtime/cgo: _cgo_sys_thread_start: fn=%p, g=%p\n", ts->fn, ts->g); // debug
+	sigfillset(&ign)
+	pthread_sigmask(SIG_SETMASK, &ign, &oset)
+
+	pthread_attr_init(&attr)
+	pthread_attr_getstacksize(&attr, &size)
+	// Leave stacklo=0 and set stackhi=size; mstart will do the rest.
+	ts.g.stackhi = uintptr(size)
+
+	err = _cgo_try_pthread_create(&p, &attr, unsafe.Pointer(threadentry_trampolineABI0), ts)
+
+	pthread_sigmask(SIG_SETMASK, &oset, nil)
+
+	if err != 0 {
+		print("fakecgo: pthread_create failed: ")
+		println(err)
+		abort()
+	}
+}
+
+// threadentry_trampolineABI0 maps the C ABI to Go ABI then calls the Go function
+//
+//go:linkname x_threadentry_trampoline threadentry_trampoline
+var x_threadentry_trampoline byte
+var threadentry_trampolineABI0 = &x_threadentry_trampoline
+
+//go:nosplit
+func threadentry(v unsafe.Pointer) unsafe.Pointer {
+	ts := *(*ThreadStart)(v)
+	free(v)
+
+	setg_trampoline(setg_func, uintptr(unsafe.Pointer(ts.g)))
+
+	// faking funcs in go is a bit a... involved - but the following works :)
+	fn := uintptr(unsafe.Pointer(&ts.fn))
+	(*(*func())(unsafe.Pointer(&fn)))()
+
+	return nil
+}
+
+// here we will store a pointer to the provided setg func
+var setg_func uintptr
+
+// x_cgo_init(G *g, void (*setg)(void*)) (runtime/cgo/gcc_linux_amd64.c)
+// This get's called during startup, adjusts stacklo, and provides a pointer to setg_gcc for us
+// Additionally, if we set _cgo_init to non-null, go won't do it's own TLS setup
+// This function can't be go:systemstack since go is not in a state where the systemcheck would work.
+//
+//go:nosplit
+func x_cgo_init(g *G, setg uintptr) {
+	var size size_t
+	var attr *pthread_attr_t
+
+	/* The memory sanitizer distributed with versions of clang
+	   before 3.8 has a bug: if you call mmap before malloc, mmap
+	   may return an address that is later overwritten by the msan
+	   library.  Avoid this problem by forcing a call to malloc
+	   here, before we ever call malloc.
+
+	   This is only required for the memory sanitizer, so it's
+	   unfortunate that we always run it.  It should be possible
+	   to remove this when we no longer care about versions of
+	   clang before 3.8.  The test for this is
+	   misc/cgo/testsanitizers.
+
+	   GCC works hard to eliminate a seemingly unnecessary call to
+	   malloc, so we actually use the memory we allocate.  */
+
+	setg_func = setg
+	attr = (*pthread_attr_t)(malloc(unsafe.Sizeof(*attr)))
+	if attr == nil {
+		println("fakecgo: malloc failed")
+		abort()
+	}
+	pthread_attr_init(attr)
+	pthread_attr_getstacksize(attr, &size)
+	g.stacklo = uintptr(unsafe.Pointer(&size)) - uintptr(size) + 4096
+	pthread_attr_destroy(attr)
+	free(unsafe.Pointer(attr))
+}
diff --git a/vendor/github.com/ebitengine/purego/internal/fakecgo/go_libinit.go b/vendor/github.com/ebitengine/purego/internal/fakecgo/go_libinit.go
index 16b0aac56f..71da112811 100644
--- a/vendor/github.com/ebitengine/purego/internal/fakecgo/go_libinit.go
+++ b/vendor/github.com/ebitengine/purego/internal/fakecgo/go_libinit.go
@@ -1,7 +1,7 @@
 // SPDX-License-Identifier: Apache-2.0
 // SPDX-FileCopyrightText: 2022 The Ebitengine Authors
 
-//go:build darwin || linux
+//go:build darwin || freebsd || linux
 
 package fakecgo
 
@@ -10,9 +10,30 @@ import (
 	"unsafe"
 )
 
+var (
+	pthread_g pthread_key_t
+
+	runtime_init_cond = PTHREAD_COND_INITIALIZER
+	runtime_init_mu   = PTHREAD_MUTEX_INITIALIZER
+	runtime_init_done int
+)
+
 //go:nosplit
 func x_cgo_notify_runtime_init_done() {
-	// we don't support being called as a library
+	pthread_mutex_lock(&runtime_init_mu)
+	runtime_init_done = 1
+	pthread_cond_broadcast(&runtime_init_cond)
+	pthread_mutex_unlock(&runtime_init_mu)
+}
+
+// Store the g into a thread-specific value associated with the pthread key pthread_g.
+// And pthread_key_destructor will dropm when the thread is exiting.
+func x_cgo_bindm(g unsafe.Pointer) {
+	// We assume this will always succeed, otherwise, there might be extra M leaking,
+	// when a C thread exits after a cgo call.
+	// We only invoke this function once per thread in runtime.needAndBindM,
+	// and the next calls just reuse the bound m.
+	pthread_setspecific(pthread_g, g)
 }
 
 // _cgo_try_pthread_create retries pthread_create if it fails with
@@ -25,7 +46,7 @@ func _cgo_try_pthread_create(thread *pthread_t, attr *pthread_attr_t, pfn unsafe
 	// tries needs to be the same type as syscall.Timespec.Nsec
 	// but the fields are int32 on 32bit and int64 on 64bit.
 	// tries is assigned to syscall.Timespec.Nsec in order to match its type.
-	var tries = ts.Nsec
+	tries := ts.Nsec
 	var err int
 
 	for tries = 0; tries < 20; tries++ {
diff --git a/vendor/github.com/ebitengine/purego/internal/fakecgo/go_setenv.go b/vendor/github.com/ebitengine/purego/internal/fakecgo/go_setenv.go
index 6ab42dbcfe..818372ea0c 100644
--- a/vendor/github.com/ebitengine/purego/internal/fakecgo/go_setenv.go
+++ b/vendor/github.com/ebitengine/purego/internal/fakecgo/go_setenv.go
@@ -1,7 +1,7 @@
 // SPDX-License-Identifier: Apache-2.0
 // SPDX-FileCopyrightText: 2022 The Ebitengine Authors
 
-//go:build darwin || linux
+//go:build darwin || freebsd || linux
 
 package fakecgo
 
diff --git a/vendor/github.com/ebitengine/purego/internal/fakecgo/go_util.go b/vendor/github.com/ebitengine/purego/internal/fakecgo/go_util.go
index daf12035f5..7a43b42b6d 100644
--- a/vendor/github.com/ebitengine/purego/internal/fakecgo/go_util.go
+++ b/vendor/github.com/ebitengine/purego/internal/fakecgo/go_util.go
@@ -1,7 +1,7 @@
 // SPDX-License-Identifier: Apache-2.0
 // SPDX-FileCopyrightText: 2022 The Ebitengine Authors
 
-//go:build darwin || linux
+//go:build darwin || freebsd || linux
 
 package fakecgo
 
diff --git a/vendor/github.com/ebitengine/purego/internal/fakecgo/iscgo.go b/vendor/github.com/ebitengine/purego/internal/fakecgo/iscgo.go
index d8493e1991..ce17d1828a 100644
--- a/vendor/github.com/ebitengine/purego/internal/fakecgo/iscgo.go
+++ b/vendor/github.com/ebitengine/purego/internal/fakecgo/iscgo.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-//go:build darwin || linux
+//go:build darwin || freebsd || linux
 
 // The runtime package contains an uninitialized definition
 // for runtime·iscgo. Override it to tell the runtime we're here.
diff --git a/vendor/github.com/ebitengine/purego/internal/fakecgo/libcgo.go b/vendor/github.com/ebitengine/purego/internal/fakecgo/libcgo.go
index 0414b27580..c12d403c3b 100644
--- a/vendor/github.com/ebitengine/purego/internal/fakecgo/libcgo.go
+++ b/vendor/github.com/ebitengine/purego/internal/fakecgo/libcgo.go
@@ -1,14 +1,17 @@
 // SPDX-License-Identifier: Apache-2.0
 // SPDX-FileCopyrightText: 2022 The Ebitengine Authors
 
-//go:build darwin || linux
+//go:build darwin || freebsd || linux
 
 package fakecgo
 
-type size_t uintptr
-type sigset_t [128]byte
-type pthread_attr_t [64]byte
-type pthread_t int
+type (
+	size_t         uintptr
+	sigset_t       [128]byte
+	pthread_attr_t [64]byte
+	pthread_t      int
+	pthread_key_t  uint64
+)
 
 // for pthread_sigmask:
 
diff --git a/vendor/github.com/ebitengine/purego/internal/fakecgo/libcgo_darwin.go b/vendor/github.com/ebitengine/purego/internal/fakecgo/libcgo_darwin.go
new file mode 100644
index 0000000000..03c917183d
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/internal/fakecgo/libcgo_darwin.go
@@ -0,0 +1,20 @@
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors
+
+package fakecgo
+
+type (
+	pthread_mutex_t struct {
+		sig    int64
+		opaque [56]byte
+	}
+	pthread_cond_t struct {
+		sig    int64
+		opaque [40]byte
+	}
+)
+
+var (
+	PTHREAD_COND_INITIALIZER  = pthread_cond_t{sig: 0x3CB0B1BB}
+	PTHREAD_MUTEX_INITIALIZER = pthread_mutex_t{sig: 0x32AAABA7}
+)
diff --git a/vendor/github.com/ebitengine/purego/internal/fakecgo/libcgo_freebsd.go b/vendor/github.com/ebitengine/purego/internal/fakecgo/libcgo_freebsd.go
new file mode 100644
index 0000000000..baf03fa85e
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/internal/fakecgo/libcgo_freebsd.go
@@ -0,0 +1,14 @@
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors
+
+package fakecgo
+
+type (
+	pthread_cond_t  uintptr
+	pthread_mutex_t uintptr
+)
+
+var (
+	PTHREAD_COND_INITIALIZER  = pthread_cond_t(0)
+	PTHREAD_MUTEX_INITIALIZER = pthread_mutex_t(0)
+)
diff --git a/vendor/github.com/ebitengine/purego/internal/fakecgo/libcgo_linux.go b/vendor/github.com/ebitengine/purego/internal/fakecgo/libcgo_linux.go
new file mode 100644
index 0000000000..93aa5b26e1
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/internal/fakecgo/libcgo_linux.go
@@ -0,0 +1,14 @@
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors
+
+package fakecgo
+
+type (
+	pthread_cond_t  [48]byte
+	pthread_mutex_t [48]byte
+)
+
+var (
+	PTHREAD_COND_INITIALIZER  = pthread_cond_t{}
+	PTHREAD_MUTEX_INITIALIZER = pthread_mutex_t{}
+)
diff --git a/vendor/github.com/ebitengine/purego/internal/fakecgo/setenv.go b/vendor/github.com/ebitengine/purego/internal/fakecgo/setenv.go
index 8e01ee524e..b69d4b39ff 100644
--- a/vendor/github.com/ebitengine/purego/internal/fakecgo/setenv.go
+++ b/vendor/github.com/ebitengine/purego/internal/fakecgo/setenv.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-//go:build darwin || linux
+//go:build darwin || freebsd || linux
 
 package fakecgo
 
diff --git a/vendor/github.com/ebitengine/purego/internal/fakecgo/symbols.go b/vendor/github.com/ebitengine/purego/internal/fakecgo/symbols.go
index 9dea763d0f..d7401f705a 100644
--- a/vendor/github.com/ebitengine/purego/internal/fakecgo/symbols.go
+++ b/vendor/github.com/ebitengine/purego/internal/fakecgo/symbols.go
@@ -3,7 +3,7 @@
 // SPDX-License-Identifier: Apache-2.0
 // SPDX-FileCopyrightText: 2022 The Ebitengine Authors
 
-//go:build darwin || linux
+//go:build darwin || freebsd || linux
 
 package fakecgo
 
@@ -39,6 +39,18 @@ func unsetenv(name *byte) int32 {
 	return int32(call5(unsetenvABI0, uintptr(unsafe.Pointer(name)), 0, 0, 0, 0))
 }
 
+func sigfillset(set *sigset_t) int32 {
+	return int32(call5(sigfillsetABI0, uintptr(unsafe.Pointer(set)), 0, 0, 0, 0))
+}
+
+func nanosleep(ts *syscall.Timespec, rem *syscall.Timespec) int32 {
+	return int32(call5(nanosleepABI0, uintptr(unsafe.Pointer(ts)), uintptr(unsafe.Pointer(rem)), 0, 0, 0))
+}
+
+func abort() {
+	call5(abortABI0, 0, 0, 0, 0, 0)
+}
+
 func pthread_attr_init(attr *pthread_attr_t) int32 {
 	return int32(call5(pthread_attr_initABI0, uintptr(unsafe.Pointer(attr)), 0, 0, 0, 0))
 }
@@ -75,16 +87,20 @@ func pthread_attr_destroy(attr *pthread_attr_t) int32 {
 	return int32(call5(pthread_attr_destroyABI0, uintptr(unsafe.Pointer(attr)), 0, 0, 0, 0))
 }
 
-func sigfillset(set *sigset_t) int32 {
-	return int32(call5(sigfillsetABI0, uintptr(unsafe.Pointer(set)), 0, 0, 0, 0))
+func pthread_mutex_lock(mutex *pthread_mutex_t) int32 {
+	return int32(call5(pthread_mutex_lockABI0, uintptr(unsafe.Pointer(mutex)), 0, 0, 0, 0))
 }
 
-func nanosleep(ts *syscall.Timespec, rem *syscall.Timespec) int32 {
-	return int32(call5(nanosleepABI0, uintptr(unsafe.Pointer(ts)), uintptr(unsafe.Pointer(rem)), 0, 0, 0))
+func pthread_mutex_unlock(mutex *pthread_mutex_t) int32 {
+	return int32(call5(pthread_mutex_unlockABI0, uintptr(unsafe.Pointer(mutex)), 0, 0, 0, 0))
 }
 
-func abort() {
-	call5(abortABI0, 0, 0, 0, 0, 0)
+func pthread_cond_broadcast(cond *pthread_cond_t) int32 {
+	return int32(call5(pthread_cond_broadcastABI0, uintptr(unsafe.Pointer(cond)), 0, 0, 0, 0))
+}
+
+func pthread_setspecific(key pthread_key_t, value unsafe.Pointer) int32 {
+	return int32(call5(pthread_setspecificABI0, uintptr(key), uintptr(value), 0, 0, 0))
 }
 
 //go:linkname _malloc _malloc
@@ -103,6 +119,18 @@ var setenvABI0 = uintptr(unsafe.Pointer(&_setenv))
 var _unsetenv uintptr
 var unsetenvABI0 = uintptr(unsafe.Pointer(&_unsetenv))
 
+//go:linkname _sigfillset _sigfillset
+var _sigfillset uintptr
+var sigfillsetABI0 = uintptr(unsafe.Pointer(&_sigfillset))
+
+//go:linkname _nanosleep _nanosleep
+var _nanosleep uintptr
+var nanosleepABI0 = uintptr(unsafe.Pointer(&_nanosleep))
+
+//go:linkname _abort _abort
+var _abort uintptr
+var abortABI0 = uintptr(unsafe.Pointer(&_abort))
+
 //go:linkname _pthread_attr_init _pthread_attr_init
 var _pthread_attr_init uintptr
 var pthread_attr_initABI0 = uintptr(unsafe.Pointer(&_pthread_attr_init))
@@ -139,14 +167,18 @@ var pthread_attr_setstacksizeABI0 = uintptr(unsafe.Pointer(&_pthread_attr_setsta
 var _pthread_attr_destroy uintptr
 var pthread_attr_destroyABI0 = uintptr(unsafe.Pointer(&_pthread_attr_destroy))
 
-//go:linkname _sigfillset _sigfillset
-var _sigfillset uintptr
-var sigfillsetABI0 = uintptr(unsafe.Pointer(&_sigfillset))
+//go:linkname _pthread_mutex_lock _pthread_mutex_lock
+var _pthread_mutex_lock uintptr
+var pthread_mutex_lockABI0 = uintptr(unsafe.Pointer(&_pthread_mutex_lock))
 
-//go:linkname _nanosleep _nanosleep
-var _nanosleep uintptr
-var nanosleepABI0 = uintptr(unsafe.Pointer(&_nanosleep))
+//go:linkname _pthread_mutex_unlock _pthread_mutex_unlock
+var _pthread_mutex_unlock uintptr
+var pthread_mutex_unlockABI0 = uintptr(unsafe.Pointer(&_pthread_mutex_unlock))
 
-//go:linkname _abort _abort
-var _abort uintptr
-var abortABI0 = uintptr(unsafe.Pointer(&_abort))
+//go:linkname _pthread_cond_broadcast _pthread_cond_broadcast
+var _pthread_cond_broadcast uintptr
+var pthread_cond_broadcastABI0 = uintptr(unsafe.Pointer(&_pthread_cond_broadcast))
+
+//go:linkname _pthread_setspecific _pthread_setspecific
+var _pthread_setspecific uintptr
+var pthread_setspecificABI0 = uintptr(unsafe.Pointer(&_pthread_setspecific))
diff --git a/vendor/github.com/ebitengine/purego/internal/fakecgo/symbols_darwin.go b/vendor/github.com/ebitengine/purego/internal/fakecgo/symbols_darwin.go
index d580873cbf..7341fecd42 100644
--- a/vendor/github.com/ebitengine/purego/internal/fakecgo/symbols_darwin.go
+++ b/vendor/github.com/ebitengine/purego/internal/fakecgo/symbols_darwin.go
@@ -1,3 +1,5 @@
+// Code generated by 'go generate' with gen.go. DO NOT EDIT.
+
 // SPDX-License-Identifier: Apache-2.0
 // SPDX-FileCopyrightText: 2022 The Ebitengine Authors
 
@@ -7,15 +9,19 @@ package fakecgo
 //go:cgo_import_dynamic purego_free free "/usr/lib/libSystem.B.dylib"
 //go:cgo_import_dynamic purego_setenv setenv "/usr/lib/libSystem.B.dylib"
 //go:cgo_import_dynamic purego_unsetenv unsetenv "/usr/lib/libSystem.B.dylib"
-//go:cgo_import_dynamic purego_pthread_self pthread_self "/usr/lib/libSystem.B.dylib"
-//go:cgo_import_dynamic purego_pthread_get_stacksize_np pthread_get_stacksize_np "/usr/lib/libSystem.B.dylib"
-//go:cgo_import_dynamic purego_pthread_attr_setstacksize pthread_attr_setstacksize "/usr/lib/libSystem.B.dylib"
+//go:cgo_import_dynamic purego_sigfillset sigfillset "/usr/lib/libSystem.B.dylib"
+//go:cgo_import_dynamic purego_nanosleep nanosleep "/usr/lib/libSystem.B.dylib"
+//go:cgo_import_dynamic purego_abort abort "/usr/lib/libSystem.B.dylib"
 //go:cgo_import_dynamic purego_pthread_attr_init pthread_attr_init "/usr/lib/libSystem.B.dylib"
 //go:cgo_import_dynamic purego_pthread_create pthread_create "/usr/lib/libSystem.B.dylib"
 //go:cgo_import_dynamic purego_pthread_detach pthread_detach "/usr/lib/libSystem.B.dylib"
-//go:cgo_import_dynamic purego_pthread_attr_destroy pthread_attr_destroy "/usr/lib/libSystem.B.dylib"
-//go:cgo_import_dynamic purego_pthread_attr_getstacksize pthread_attr_getstacksize "/usr/lib/libSystem.B.dylib"
 //go:cgo_import_dynamic purego_pthread_sigmask pthread_sigmask "/usr/lib/libSystem.B.dylib"
-//go:cgo_import_dynamic purego_abort abort "/usr/lib/libSystem.B.dylib"
-//go:cgo_import_dynamic purego_sigfillset sigfillset "/usr/lib/libSystem.B.dylib"
-//go:cgo_import_dynamic purego_nanosleep nanosleep "/usr/lib/libSystem.B.dylib"
+//go:cgo_import_dynamic purego_pthread_self pthread_self "/usr/lib/libSystem.B.dylib"
+//go:cgo_import_dynamic purego_pthread_get_stacksize_np pthread_get_stacksize_np "/usr/lib/libSystem.B.dylib"
+//go:cgo_import_dynamic purego_pthread_attr_getstacksize pthread_attr_getstacksize "/usr/lib/libSystem.B.dylib"
+//go:cgo_import_dynamic purego_pthread_attr_setstacksize pthread_attr_setstacksize "/usr/lib/libSystem.B.dylib"
+//go:cgo_import_dynamic purego_pthread_attr_destroy pthread_attr_destroy "/usr/lib/libSystem.B.dylib"
+//go:cgo_import_dynamic purego_pthread_mutex_lock pthread_mutex_lock "/usr/lib/libSystem.B.dylib"
+//go:cgo_import_dynamic purego_pthread_mutex_unlock pthread_mutex_unlock "/usr/lib/libSystem.B.dylib"
+//go:cgo_import_dynamic purego_pthread_cond_broadcast pthread_cond_broadcast "/usr/lib/libSystem.B.dylib"
+//go:cgo_import_dynamic purego_pthread_setspecific pthread_setspecific "/usr/lib/libSystem.B.dylib"
diff --git a/vendor/github.com/ebitengine/purego/internal/fakecgo/symbols_freebsd.go b/vendor/github.com/ebitengine/purego/internal/fakecgo/symbols_freebsd.go
new file mode 100644
index 0000000000..bff096d510
--- /dev/null
+++ b/vendor/github.com/ebitengine/purego/internal/fakecgo/symbols_freebsd.go
@@ -0,0 +1,27 @@
+// Code generated by 'go generate' with gen.go. DO NOT EDIT.
+
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-FileCopyrightText: 2022 The Ebitengine Authors
+
+package fakecgo
+
+//go:cgo_import_dynamic purego_malloc malloc "libc.so.7"
+//go:cgo_import_dynamic purego_free free "libc.so.7"
+//go:cgo_import_dynamic purego_setenv setenv "libc.so.7"
+//go:cgo_import_dynamic purego_unsetenv unsetenv "libc.so.7"
+//go:cgo_import_dynamic purego_sigfillset sigfillset "libc.so.7"
+//go:cgo_import_dynamic purego_nanosleep nanosleep "libc.so.7"
+//go:cgo_import_dynamic purego_abort abort "libc.so.7"
+//go:cgo_import_dynamic purego_pthread_attr_init pthread_attr_init "libpthread.so"
+//go:cgo_import_dynamic purego_pthread_create pthread_create "libpthread.so"
+//go:cgo_import_dynamic purego_pthread_detach pthread_detach "libpthread.so"
+//go:cgo_import_dynamic purego_pthread_sigmask pthread_sigmask "libpthread.so"
+//go:cgo_import_dynamic purego_pthread_self pthread_self "libpthread.so"
+//go:cgo_import_dynamic purego_pthread_get_stacksize_np pthread_get_stacksize_np "libpthread.so"
+//go:cgo_import_dynamic purego_pthread_attr_getstacksize pthread_attr_getstacksize "libpthread.so"
+//go:cgo_import_dynamic purego_pthread_attr_setstacksize pthread_attr_setstacksize "libpthread.so"
+//go:cgo_import_dynamic purego_pthread_attr_destroy pthread_attr_destroy "libpthread.so"
+//go:cgo_import_dynamic purego_pthread_mutex_lock pthread_mutex_lock "libpthread.so"
+//go:cgo_import_dynamic purego_pthread_mutex_unlock pthread_mutex_unlock "libpthread.so"
+//go:cgo_import_dynamic purego_pthread_cond_broadcast pthread_cond_broadcast "libpthread.so"
+//go:cgo_import_dynamic purego_pthread_setspecific pthread_setspecific "libpthread.so"
diff --git a/vendor/github.com/ebitengine/purego/internal/fakecgo/symbols_linux.go b/vendor/github.com/ebitengine/purego/internal/fakecgo/symbols_linux.go
index 8dbe8cf24d..ee3ab7aafa 100644
--- a/vendor/github.com/ebitengine/purego/internal/fakecgo/symbols_linux.go
+++ b/vendor/github.com/ebitengine/purego/internal/fakecgo/symbols_linux.go
@@ -1,27 +1,27 @@
+// Code generated by 'go generate' with gen.go. DO NOT EDIT.
+
 // SPDX-License-Identifier: Apache-2.0
 // SPDX-FileCopyrightText: 2022 The Ebitengine Authors
 
 package fakecgo
 
-// pthread_attr_init will get us the wrong version on glibc - but this doesn't matter, since the memory we
-// provide is zeroed - which will lead the correct result again
-
-//go:cgo_import_dynamic purego_pthread_attr_init pthread_attr_init "libpthread.so.0"
-//go:cgo_import_dynamic purego_pthread_attr_getstacksize pthread_attr_getstacksize "libpthread.so.0"
-//go:cgo_import_dynamic purego_pthread_attr_destroy pthread_attr_destroy "libpthread.so.0"
-//go:cgo_import_dynamic purego_pthread_sigmask pthread_sigmask "libpthread.so.0"
-//go:cgo_import_dynamic purego_pthread_create pthread_create "libpthread.so.0"
-//go:cgo_import_dynamic purego_pthread_detach pthread_detach "libpthread.so.0"
-//go:cgo_import_dynamic purego_setenv setenv "libc.so.6"
-//go:cgo_import_dynamic purego_unsetenv unsetenv "libc.so.6"
 //go:cgo_import_dynamic purego_malloc malloc "libc.so.6"
 //go:cgo_import_dynamic purego_free free "libc.so.6"
-//go:cgo_import_dynamic purego_nanosleep nanosleep "libc.so.6"
+//go:cgo_import_dynamic purego_setenv setenv "libc.so.6"
+//go:cgo_import_dynamic purego_unsetenv unsetenv "libc.so.6"
 //go:cgo_import_dynamic purego_sigfillset sigfillset "libc.so.6"
+//go:cgo_import_dynamic purego_nanosleep nanosleep "libc.so.6"
 //go:cgo_import_dynamic purego_abort abort "libc.so.6"
-
-// on amd64 we don't need the following lines - on 386 we do...
-// anyway - with those lines the output is better (but doesn't matter) - without it on amd64 we get multiple DT_NEEDED with "libc.so.6" etc
-
-//go:cgo_import_dynamic _ _ "libpthread.so.0"
-//go:cgo_import_dynamic _ _ "libc.so.6"
+//go:cgo_import_dynamic purego_pthread_attr_init pthread_attr_init "libpthread.so.0"
+//go:cgo_import_dynamic purego_pthread_create pthread_create "libpthread.so.0"
+//go:cgo_import_dynamic purego_pthread_detach pthread_detach "libpthread.so.0"
+//go:cgo_import_dynamic purego_pthread_sigmask pthread_sigmask "libpthread.so.0"
+//go:cgo_import_dynamic purego_pthread_self pthread_self "libpthread.so.0"
+//go:cgo_import_dynamic purego_pthread_get_stacksize_np pthread_get_stacksize_np "libpthread.so.0"
+//go:cgo_import_dynamic purego_pthread_attr_getstacksize pthread_attr_getstacksize "libpthread.so.0"
+//go:cgo_import_dynamic purego_pthread_attr_setstacksize pthread_attr_setstacksize "libpthread.so.0"
+//go:cgo_import_dynamic purego_pthread_attr_destroy pthread_attr_destroy "libpthread.so.0"
+//go:cgo_import_dynamic purego_pthread_mutex_lock pthread_mutex_lock "libpthread.so.0"
+//go:cgo_import_dynamic purego_pthread_mutex_unlock pthread_mutex_unlock "libpthread.so.0"
+//go:cgo_import_dynamic purego_pthread_cond_broadcast pthread_cond_broadcast "libpthread.so.0"
+//go:cgo_import_dynamic purego_pthread_setspecific pthread_setspecific "libpthread.so.0"
diff --git a/vendor/github.com/ebitengine/purego/internal/fakecgo/trampolines_amd64.s b/vendor/github.com/ebitengine/purego/internal/fakecgo/trampolines_amd64.s
index cfd8c441f9..24b6206062 100644
--- a/vendor/github.com/ebitengine/purego/internal/fakecgo/trampolines_amd64.s
+++ b/vendor/github.com/ebitengine/purego/internal/fakecgo/trampolines_amd64.s
@@ -1,7 +1,7 @@
 // SPDX-License-Identifier: Apache-2.0
 // SPDX-FileCopyrightText: 2022 The Ebitengine Authors
 
-//go:build darwin || linux
+//go:build darwin || linux || freebsd
 
 /*
 trampoline for emulating required C functions for cgo in go (see cgo.go)
@@ -61,6 +61,10 @@ TEXT x_cgo_notify_runtime_init_done_trampoline(SB), NOSPLIT, $0
 	CALL ·x_cgo_notify_runtime_init_done(SB)
 	RET
 
+TEXT x_cgo_bindm_trampoline(SB), NOSPLIT, $0
+	CALL ·x_cgo_bindm(SB)
+	RET
+
 // func setg_trampoline(setg uintptr, g uintptr)
 TEXT ·setg_trampoline(SB), NOSPLIT, $0-16
 	MOVQ G+8(FP), DI
diff --git a/vendor/github.com/ebitengine/purego/internal/fakecgo/trampolines_arm64.s b/vendor/github.com/ebitengine/purego/internal/fakecgo/trampolines_arm64.s
index 54f31983a1..9c80fe2f69 100644
--- a/vendor/github.com/ebitengine/purego/internal/fakecgo/trampolines_arm64.s
+++ b/vendor/github.com/ebitengine/purego/internal/fakecgo/trampolines_arm64.s
@@ -1,7 +1,7 @@
 // SPDX-License-Identifier: Apache-2.0
 // SPDX-FileCopyrightText: 2022 The Ebitengine Authors
 
-//go:build darwin || linux
+//go:build darwin || freebsd || linux
 
 #include "textflag.h"
 #include "go_asm.h"
@@ -41,6 +41,10 @@ TEXT x_cgo_notify_runtime_init_done_trampoline(SB), NOSPLIT, $0-0
 	CALL ·x_cgo_notify_runtime_init_done(SB)
 	RET
 
+TEXT x_cgo_bindm_trampoline(SB), NOSPLIT, $0
+	CALL ·x_cgo_bindm(SB)
+	RET
+
 // func setg_trampoline(setg uintptr, g uintptr)
 TEXT ·setg_trampoline(SB), NOSPLIT, $0-16
 	MOVD G+8(FP), R0
diff --git a/vendor/github.com/ebitengine/purego/internal/fakecgo/trampolines_stubs.s b/vendor/github.com/ebitengine/purego/internal/fakecgo/trampolines_stubs.s
index ada31ea83e..e8726376d5 100644
--- a/vendor/github.com/ebitengine/purego/internal/fakecgo/trampolines_stubs.s
+++ b/vendor/github.com/ebitengine/purego/internal/fakecgo/trampolines_stubs.s
@@ -3,72 +3,88 @@
 // SPDX-License-Identifier: Apache-2.0
 // SPDX-FileCopyrightText: 2022 The Ebitengine Authors
 
-//go:build darwin || linux
+//go:build darwin || freebsd || linux
 
 #include "textflag.h"
 
 // these stubs are here because it is not possible to go:linkname directly the C functions on darwin arm64
 
-TEXT _malloc(SB), NOSPLIT, $0-0
+TEXT _malloc(SB), NOSPLIT|NOFRAME, $0-0
 	JMP purego_malloc(SB)
 	RET
 
-TEXT _free(SB), NOSPLIT, $0-0
+TEXT _free(SB), NOSPLIT|NOFRAME, $0-0
 	JMP purego_free(SB)
 	RET
 
-TEXT _setenv(SB), NOSPLIT, $0-0
+TEXT _setenv(SB), NOSPLIT|NOFRAME, $0-0
 	JMP purego_setenv(SB)
 	RET
 
-TEXT _unsetenv(SB), NOSPLIT, $0-0
+TEXT _unsetenv(SB), NOSPLIT|NOFRAME, $0-0
 	JMP purego_unsetenv(SB)
 	RET
 
-TEXT _pthread_attr_init(SB), NOSPLIT, $0-0
+TEXT _sigfillset(SB), NOSPLIT|NOFRAME, $0-0
+	JMP purego_sigfillset(SB)
+	RET
+
+TEXT _nanosleep(SB), NOSPLIT|NOFRAME, $0-0
+	JMP purego_nanosleep(SB)
+	RET
+
+TEXT _abort(SB), NOSPLIT|NOFRAME, $0-0
+	JMP purego_abort(SB)
+	RET
+
+TEXT _pthread_attr_init(SB), NOSPLIT|NOFRAME, $0-0
 	JMP purego_pthread_attr_init(SB)
 	RET
 
-TEXT _pthread_create(SB), NOSPLIT, $0-0
+TEXT _pthread_create(SB), NOSPLIT|NOFRAME, $0-0
 	JMP purego_pthread_create(SB)
 	RET
 
-TEXT _pthread_detach(SB), NOSPLIT, $0-0
+TEXT _pthread_detach(SB), NOSPLIT|NOFRAME, $0-0
 	JMP purego_pthread_detach(SB)
 	RET
 
-TEXT _pthread_sigmask(SB), NOSPLIT, $0-0
+TEXT _pthread_sigmask(SB), NOSPLIT|NOFRAME, $0-0
 	JMP purego_pthread_sigmask(SB)
 	RET
 
-TEXT _pthread_self(SB), NOSPLIT, $0-0
+TEXT _pthread_self(SB), NOSPLIT|NOFRAME, $0-0
 	JMP purego_pthread_self(SB)
 	RET
 
-TEXT _pthread_get_stacksize_np(SB), NOSPLIT, $0-0
+TEXT _pthread_get_stacksize_np(SB), NOSPLIT|NOFRAME, $0-0
 	JMP purego_pthread_get_stacksize_np(SB)
 	RET
 
-TEXT _pthread_attr_getstacksize(SB), NOSPLIT, $0-0
+TEXT _pthread_attr_getstacksize(SB), NOSPLIT|NOFRAME, $0-0
 	JMP purego_pthread_attr_getstacksize(SB)
 	RET
 
-TEXT _pthread_attr_setstacksize(SB), NOSPLIT, $0-0
+TEXT _pthread_attr_setstacksize(SB), NOSPLIT|NOFRAME, $0-0
 	JMP purego_pthread_attr_setstacksize(SB)
 	RET
 
-TEXT _pthread_attr_destroy(SB), NOSPLIT, $0-0
+TEXT _pthread_attr_destroy(SB), NOSPLIT|NOFRAME, $0-0
 	JMP purego_pthread_attr_destroy(SB)
 	RET
 
-TEXT _sigfillset(SB), NOSPLIT, $0-0
-	JMP purego_sigfillset(SB)
+TEXT _pthread_mutex_lock(SB), NOSPLIT|NOFRAME, $0-0
+	JMP purego_pthread_mutex_lock(SB)
 	RET
 
-TEXT _nanosleep(SB), NOSPLIT, $0-0
-	JMP purego_nanosleep(SB)
+TEXT _pthread_mutex_unlock(SB), NOSPLIT|NOFRAME, $0-0
+	JMP purego_pthread_mutex_unlock(SB)
 	RET
 
-TEXT _abort(SB), NOSPLIT, $0-0
-	JMP purego_abort(SB)
+TEXT _pthread_cond_broadcast(SB), NOSPLIT|NOFRAME, $0-0
+	JMP purego_pthread_cond_broadcast(SB)
+	RET
+
+TEXT _pthread_setspecific(SB), NOSPLIT|NOFRAME, $0-0
+	JMP purego_pthread_setspecific(SB)
 	RET
diff --git a/vendor/github.com/ebitengine/purego/internal/strings/strings.go b/vendor/github.com/ebitengine/purego/internal/strings/strings.go
index e34b5a1e05..5b0d252255 100644
--- a/vendor/github.com/ebitengine/purego/internal/strings/strings.go
+++ b/vendor/github.com/ebitengine/purego/internal/strings/strings.go
@@ -17,12 +17,12 @@ func CString(name string) *byte {
 	if hasSuffix(name, "\x00") {
 		return &(*(*[]byte)(unsafe.Pointer(&name)))[0]
 	}
-	var b = make([]byte, len(name)+1)
+	b := make([]byte, len(name)+1)
 	copy(b, name)
 	return &b[0]
 }
 
-// GoString copies a char* to a Go string.
+// GoString copies a null-terminated char* to a Go string.
 func GoString(c uintptr) string {
 	// We take the address and then dereference it to trick go vet from creating a possible misuse of unsafe.Pointer
 	ptr := *(*unsafe.Pointer)(unsafe.Pointer(&c))
diff --git a/vendor/github.com/ebitengine/purego/nocgo.go b/vendor/github.com/ebitengine/purego/nocgo.go
index c7ee865ab8..5b989ea814 100644
--- a/vendor/github.com/ebitengine/purego/nocgo.go
+++ b/vendor/github.com/ebitengine/purego/nocgo.go
@@ -1,7 +1,7 @@
 // SPDX-License-Identifier: Apache-2.0
 // SPDX-FileCopyrightText: 2022 The Ebitengine Authors
 
-//go:build !cgo && (darwin || linux)
+//go:build !cgo && (darwin || freebsd || linux)
 
 package purego
 
diff --git a/vendor/github.com/ebitengine/purego/sys_amd64.s b/vendor/github.com/ebitengine/purego/sys_amd64.s
index 87e4f0f332..6daa298df9 100644
--- a/vendor/github.com/ebitengine/purego/sys_amd64.s
+++ b/vendor/github.com/ebitengine/purego/sys_amd64.s
@@ -1,10 +1,10 @@
 // SPDX-License-Identifier: Apache-2.0
 // SPDX-FileCopyrightText: 2022 The Ebitengine Authors
 
-//go:build darwin || (!cgo && linux)
+//go:build darwin || freebsd || (!cgo && linux)
 
 #include "textflag.h"
-#include "internal/abi/abi_amd64.h"
+#include "abi_amd64.h"
 #include "go_asm.h"
 #include "funcdata.h"
 
@@ -29,7 +29,7 @@
 // C calling convention (use libcCall).
 GLOBL ·syscall9XABI0(SB), NOPTR|RODATA, $8
 DATA ·syscall9XABI0(SB)/8, $syscall9X(SB)
-TEXT syscall9X(SB), NOSPLIT, $0
+TEXT syscall9X(SB), NOSPLIT|NOFRAME, $0
 	PUSHQ BP
 	MOVQ  SP, BP
 	SUBQ  $32, SP
@@ -73,7 +73,7 @@ TEXT syscall9X(SB), NOSPLIT, $0
 	POPQ BP
 	RET
 
-TEXT callbackasm1(SB), NOSPLIT, $0
+TEXT callbackasm1(SB), NOSPLIT|NOFRAME, $0
 	// remove return address from stack, we are not returning to callbackasm, but to its caller.
 	MOVQ 0(SP), AX
 	ADDQ $8, SP
diff --git a/vendor/github.com/ebitengine/purego/sys_arm64.s b/vendor/github.com/ebitengine/purego/sys_arm64.s
index 942fd56135..914ebb4e9e 100644
--- a/vendor/github.com/ebitengine/purego/sys_arm64.s
+++ b/vendor/github.com/ebitengine/purego/sys_arm64.s
@@ -1,12 +1,11 @@
 // SPDX-License-Identifier: Apache-2.0
 // SPDX-FileCopyrightText: 2022 The Ebitengine Authors
 
-//go:build darwin || (!cgo && linux) || windows
+//go:build darwin || freebsd || (!cgo && linux) || windows
 
 #include "textflag.h"
 #include "go_asm.h"
 #include "funcdata.h"
-#include "internal/abi/abi_arm64.h"
 
 // syscall9X calls a function in libc on behalf of the syscall package.
 // syscall9X takes a pointer to a struct like:
diff --git a/vendor/github.com/ebitengine/purego/sys_unix_arm64.s b/vendor/github.com/ebitengine/purego/sys_unix_arm64.s
index d4281f7b56..c1552d349e 100644
--- a/vendor/github.com/ebitengine/purego/sys_unix_arm64.s
+++ b/vendor/github.com/ebitengine/purego/sys_unix_arm64.s
@@ -1,12 +1,12 @@
 // SPDX-License-Identifier: Apache-2.0
 // SPDX-FileCopyrightText: 2023 The Ebitengine Authors
 
-//go:build darwin || (!cgo && linux)
+//go:build darwin || freebsd || (!cgo && linux)
 
 #include "textflag.h"
 #include "go_asm.h"
 #include "funcdata.h"
-#include "internal/abi/abi_arm64.h"
+#include "abi_arm64.h"
 
 TEXT callbackasm1(SB), NOSPLIT|NOFRAME, $0
 	NO_LOCAL_POINTERS
@@ -17,31 +17,37 @@ TEXT callbackasm1(SB), NOSPLIT|NOFRAME, $0
 	// Save callback register arguments R0-R7 and F0-F7.
 	// We do this at the top of the frame so they're contiguous with stack arguments.
 	SUB   $(16*8), RSP, R14
-	FMOVD F0, (0*8)(R14)
-	FMOVD F1, (1*8)(R14)
-	FMOVD F2, (2*8)(R14)
-	FMOVD F3, (3*8)(R14)
-	FMOVD F4, (4*8)(R14)
-	FMOVD F5, (5*8)(R14)
-	FMOVD F6, (6*8)(R14)
-	FMOVD F7, (7*8)(R14)
+	FSTPD (F0, F1), (0*8)(R14)
+	FSTPD (F2, F3), (2*8)(R14)
+	FSTPD (F4, F5), (4*8)(R14)
+	FSTPD (F6, F7), (6*8)(R14)
 	STP   (R0, R1), (8*8)(R14)
 	STP   (R2, R3), (10*8)(R14)
 	STP   (R4, R5), (12*8)(R14)
 	STP   (R6, R7), (14*8)(R14)
 
 	// Adjust SP by frame size.
-	// crosscall2 clobbers FP in the frame record so only save/restore SP.
-	SUB  $(28*8), RSP
-	MOVD R30, (RSP)
+	SUB $(26*8), RSP
+
+	// It is important to save R27 because the go assembler
+	// uses it for move instructions for a variable.
+	// This line:
+	// MOVD ·callbackWrap_call(SB), R0
+	// Creates the instructions:
+	// ADRP 14335(PC), R27
+	// MOVD 388(27), R0
+	// R27 is a callee saved register so we are responsible
+	// for ensuring its value doesn't change. So save it and
+	// restore it at the end of this function.
+	// R30 is the link register. crosscall2 doesn't save it
+	// so it's saved here.
+	STP (R27, R30), 0(RSP)
 
 	// Create a struct callbackArgs on our stack.
-	ADD  $(callbackArgs__size + 3*8), RSP, R13
-	MOVD R12, callbackArgs_index(R13)          // callback index
-	MOVD R14, R0
-	MOVD R0, callbackArgs_args(R13)            // address of args vector
-	MOVD $0, R0
-	MOVD R0, callbackArgs_result(R13)          // result
+	MOVD $(callbackArgs__size)(RSP), R13
+	MOVD R12, callbackArgs_index(R13)    // callback index
+	MOVD R14, callbackArgs_args(R13)     // address of args vector
+	MOVD ZR, callbackArgs_result(R13)    // result
 
 	// Move parameters into registers
 	// Get the ABIInternal function pointer
@@ -54,11 +60,11 @@ TEXT callbackasm1(SB), NOSPLIT|NOFRAME, $0
 	BL crosscall2(SB)
 
 	// Get callback result.
-	ADD  $(callbackArgs__size + 3*8), RSP, R13
+	MOVD $(callbackArgs__size)(RSP), R13
 	MOVD callbackArgs_result(R13), R0
 
-	// Restore SP
-	MOVD (RSP), R30
-	ADD  $(28*8), RSP
+	// Restore LR and R27
+	LDP 0(RSP), (R27, R30)
+	ADD $(26*8), RSP
 
 	RET
diff --git a/vendor/github.com/ebitengine/purego/syscall.go b/vendor/github.com/ebitengine/purego/syscall.go
index d14fdb0d3a..44176be2ad 100644
--- a/vendor/github.com/ebitengine/purego/syscall.go
+++ b/vendor/github.com/ebitengine/purego/syscall.go
@@ -1,7 +1,7 @@
 // SPDX-License-Identifier: Apache-2.0
 // SPDX-FileCopyrightText: 2022 The Ebitengine Authors
 
-//go:build darwin || windows || linux
+//go:build darwin || freebsd || linux || windows
 
 package purego
 
diff --git a/vendor/github.com/ebitengine/purego/syscall_sysv.go b/vendor/github.com/ebitengine/purego/syscall_sysv.go
index 695dda3328..2d295cb0ee 100644
--- a/vendor/github.com/ebitengine/purego/syscall_sysv.go
+++ b/vendor/github.com/ebitengine/purego/syscall_sysv.go
@@ -1,7 +1,7 @@
 // SPDX-License-Identifier: Apache-2.0
 // SPDX-FileCopyrightText: 2022 The Ebitengine Authors
 
-//go:build darwin || (!cgo && linux && (amd64 || arm64))
+//go:build darwin || freebsd || (!cgo && linux && (amd64 || arm64))
 
 package purego
 
@@ -117,8 +117,11 @@ const ptrSize = unsafe.Sizeof((*int)(nil))
 
 const callbackMaxFrame = 64 * ptrSize
 
-// callbackasmABI0 is implemented in zcallback_GOOS_GOARCH.s
-var callbackasmABI0 uintptr
+// callbackasm is implemented in zcallback_GOOS_GOARCH.s
+//
+//go:linkname __callbackasm callbackasm
+var __callbackasm byte
+var callbackasmABI0 = uintptr(unsafe.Pointer(&__callbackasm))
 
 // callbackWrap_call allows the calling of the ABIInternal wrapper
 // which is required for runtime.cgocallback without the
diff --git a/vendor/github.com/ebitengine/purego/zcallback_amd64.s b/vendor/github.com/ebitengine/purego/zcallback_amd64.s
index 0624563131..d2c7508285 100644
--- a/vendor/github.com/ebitengine/purego/zcallback_amd64.s
+++ b/vendor/github.com/ebitengine/purego/zcallback_amd64.s
@@ -1,6 +1,6 @@
 // Code generated by wincallback.go using 'go generate'. DO NOT EDIT.
 
-//go:build darwin || (!cgo && linux)
+//go:build darwin || freebsd || (!cgo && linux)
 
 // runtime·callbackasm is called by external code to
 // execute Go implemented callback function. It is not
@@ -11,9 +11,7 @@
 // which Go callback function is executed later on.
 #include "textflag.h"
 
-GLOBL ·callbackasmABI0(SB), NOPTR|RODATA, $8
-DATA ·callbackasmABI0(SB)/8, $callbackasm(SB)
-TEXT callbackasm(SB), 7, $0
+TEXT callbackasm(SB), NOSPLIT|NOFRAME, $0
 	CALL callbackasm1(SB)
 	CALL callbackasm1(SB)
 	CALL callbackasm1(SB)
diff --git a/vendor/github.com/ebitengine/purego/zcallback_arm64.s b/vendor/github.com/ebitengine/purego/zcallback_arm64.s
index 25e0bf79f1..fc3683d56b 100644
--- a/vendor/github.com/ebitengine/purego/zcallback_arm64.s
+++ b/vendor/github.com/ebitengine/purego/zcallback_arm64.s
@@ -1,6 +1,6 @@
 // Code generated by wincallback.go using 'go generate'. DO NOT EDIT.
 
-//go:build darwin || (!cgo && linux)
+//go:build darwin || freebsd || (!cgo && linux)
 
 // External code calls into callbackasm at an offset corresponding
 // to the callback index. Callbackasm is a table of MOV and B instructions.
@@ -11,8 +11,6 @@
 // It then calls the Go implementation for that callback.
 #include "textflag.h"
 
-GLOBL ·callbackasmABI0(SB), NOPTR|RODATA, $8
-DATA ·callbackasmABI0(SB)/8, $callbackasm(SB)
 TEXT callbackasm(SB), NOSPLIT|NOFRAME, $0
 	MOVD $0, R12
 	B    callbackasm1(SB)
diff --git a/vendor/github.com/emicklei/go-restful/v3/CHANGES.md b/vendor/github.com/emicklei/go-restful/v3/CHANGES.md
index 352018e703..5edd5a7ca9 100644
--- a/vendor/github.com/emicklei/go-restful/v3/CHANGES.md
+++ b/vendor/github.com/emicklei/go-restful/v3/CHANGES.md
@@ -1,11 +1,15 @@
 # Change history of go-restful
 
-## [v3.10.2] - 2023-03-09
+## [v3.11.0] - 2023-08-19
+
+- restored behavior as <= v3.9.0 with option to change path strategy using TrimRightSlashEnabled. 
+
+## [v3.10.2] - 2023-03-09 - DO NOT USE
 
 - introduced MergePathStrategy to be able to revert behaviour of path concatenation to 3.9.0
   see comment in Readme how to customize this behaviour.
 
-## [v3.10.1] - 2022-11-19
+## [v3.10.1] - 2022-11-19 - DO NOT USE
 
 - fix broken 3.10.0 by using path package for joining paths
 
diff --git a/vendor/github.com/emicklei/go-restful/v3/README.md b/vendor/github.com/emicklei/go-restful/v3/README.md
index 85da90128e..e3e30080ec 100644
--- a/vendor/github.com/emicklei/go-restful/v3/README.md
+++ b/vendor/github.com/emicklei/go-restful/v3/README.md
@@ -79,7 +79,7 @@ func (u UserResource) findUser(request *restful.Request, response *restful.Respo
 - Content encoding (gzip,deflate) of request and response payloads
 - Automatic responses on OPTIONS (using a filter)
 - Automatic CORS request handling (using a filter)
-- API declaration for Swagger UI ([go-restful-openapi](https://github.com/emicklei/go-restful-openapi), see [go-restful-swagger12](https://github.com/emicklei/go-restful-swagger12))
+- API declaration for Swagger UI ([go-restful-openapi](https://github.com/emicklei/go-restful-openapi))
 - Panic recovery to produce HTTP 500, customizable using RecoverHandler(...)
 - Route errors produce HTTP 404/405/406/415 errors, customizable using ServiceErrorHandler(...)
 - Configurable (trace) logging
@@ -96,10 +96,7 @@ There are several hooks to customize the behavior of the go-restful package.
 - Compression
 - Encoders for other serializers
 - Use [jsoniter](https://github.com/json-iterator/go) by building this package using a build tag, e.g. `go build -tags=jsoniter .` 
-- Use the variable `MergePathStrategy` to change the behaviour of composing the Route path given a root path and a local route path	
-	- versions >= 3.10.1 has set the value to `PathJoinStrategy` that fixes a reported [security issue](https://github.com/advisories/GHSA-r48q-9g5r-8q2h) but may cause your services not to work correctly anymore.
-	- versions <= 3.9 had the behaviour that can be restored in newer versions by setting the value to `TrimSlashStrategy`.
-	- you can set value to a custom implementation (must implement MergePathStrategyFunc)
+- Use the package variable `TrimRightSlashEnabled` (default true) to control the behavior of matching routes that end with a slash `/` 
 
 ## Resources
 
@@ -112,4 +109,4 @@ There are several hooks to customize the behavior of the go-restful package.
 
 Type ```git shortlog -s``` for a full list of contributors.
 
-© 2012 - 2022, http://ernestmicklei.com. MIT License. Contributions are welcome.
+© 2012 - 2023, http://ernestmicklei.com. MIT License. Contributions are welcome.
diff --git a/vendor/github.com/emicklei/go-restful/v3/route.go b/vendor/github.com/emicklei/go-restful/v3/route.go
index ea05b3da88..306c44be77 100644
--- a/vendor/github.com/emicklei/go-restful/v3/route.go
+++ b/vendor/github.com/emicklei/go-restful/v3/route.go
@@ -40,7 +40,8 @@ type Route struct {
 	ParameterDocs           []*Parameter
 	ResponseErrors          map[int]ResponseError
 	DefaultResponse         *ResponseError
-	ReadSample, WriteSample interface{} // structs that model an example request or response payload
+	ReadSample, WriteSample interface{}   // structs that model an example request or response payload
+	WriteSamples            []interface{} // if more than one return types is possible (oneof) then this will contain multiple values
 
 	// Extra information used to store custom information about the route.
 	Metadata map[string]interface{}
@@ -164,7 +165,13 @@ func tokenizePath(path string) []string {
 	if "/" == path {
 		return nil
 	}
-	return strings.Split(strings.TrimLeft(path, "/"), "/")
+	if TrimRightSlashEnabled {
+		// 3.9.0
+		return strings.Split(strings.Trim(path, "/"), "/")
+	} else {
+		// 3.10.2
+		return strings.Split(strings.TrimLeft(path, "/"), "/")
+	}
 }
 
 // for debugging
@@ -177,4 +184,8 @@ func (r *Route) EnableContentEncoding(enabled bool) {
 	r.contentEncodingEnabled = &enabled
 }
 
-var TrimRightSlashEnabled = false
+// TrimRightSlashEnabled controls whether
+// - path on route building is using path.Join
+// - the path of the incoming request is trimmed of its slash suffux.
+// Value of true matches the behavior of <= 3.9.0
+var TrimRightSlashEnabled = true
diff --git a/vendor/github.com/emicklei/go-restful/v3/route_builder.go b/vendor/github.com/emicklei/go-restful/v3/route_builder.go
index 827f471de0..75168c12e1 100644
--- a/vendor/github.com/emicklei/go-restful/v3/route_builder.go
+++ b/vendor/github.com/emicklei/go-restful/v3/route_builder.go
@@ -31,17 +31,18 @@ type RouteBuilder struct {
 	typeNameHandleFunc TypeNameHandleFunction // required
 
 	// documentation
-	doc                     string
-	notes                   string
-	operation               string
-	readSample, writeSample interface{}
-	parameters              []*Parameter
-	errorMap                map[int]ResponseError
-	defaultResponse         *ResponseError
-	metadata                map[string]interface{}
-	extensions              map[string]interface{}
-	deprecated              bool
-	contentEncodingEnabled  *bool
+	doc                    string
+	notes                  string
+	operation              string
+	readSample             interface{}
+	writeSamples           []interface{}
+	parameters             []*Parameter
+	errorMap               map[int]ResponseError
+	defaultResponse        *ResponseError
+	metadata               map[string]interface{}
+	extensions             map[string]interface{}
+	deprecated             bool
+	contentEncodingEnabled *bool
 }
 
 // Do evaluates each argument with the RouteBuilder itself.
@@ -135,9 +136,9 @@ func (b RouteBuilder) ParameterNamed(name string) (p *Parameter) {
 	return p
 }
 
-// Writes tells what resource type will be written as the response payload. Optional.
-func (b *RouteBuilder) Writes(sample interface{}) *RouteBuilder {
-	b.writeSample = sample
+// Writes tells which one of the resource types will be written as the response payload. Optional.
+func (b *RouteBuilder) Writes(samples ...interface{}) *RouteBuilder {
+	b.writeSamples = samples // oneof
 	return b
 }
 
@@ -342,39 +343,29 @@ func (b *RouteBuilder) Build() Route {
 		ResponseErrors:                   b.errorMap,
 		DefaultResponse:                  b.defaultResponse,
 		ReadSample:                       b.readSample,
-		WriteSample:                      b.writeSample,
+		WriteSamples:                     b.writeSamples,
 		Metadata:                         b.metadata,
 		Deprecated:                       b.deprecated,
 		contentEncodingEnabled:           b.contentEncodingEnabled,
 		allowedMethodsWithoutContentType: b.allowedMethodsWithoutContentType,
 	}
+	// set WriteSample if one specified
+	if len(b.writeSamples) == 1 {
+		route.WriteSample = b.writeSamples[0]
+	}
 	route.Extensions = b.extensions
 	route.postBuild()
 	return route
 }
 
-type MergePathStrategyFunc func(rootPath, routePath string) string
-
-var (
-	// behavior >= 3.10
-	PathJoinStrategy = func(rootPath, routePath string) string {
-		return path.Join(rootPath, routePath)
-	}
+// merge two paths using the current (package global) merge path strategy.
+func concatPath(rootPath, routePath string) string {
 
-	// behavior <= 3.9
-	TrimSlashStrategy = func(rootPath, routePath string) string {
+	if TrimRightSlashEnabled {
 		return strings.TrimRight(rootPath, "/") + "/" + strings.TrimLeft(routePath, "/")
+	} else {
+		return path.Join(rootPath, routePath)
 	}
-
-	// MergePathStrategy is the active strategy for merging a Route path when building the routing of all WebServices.
-	// The value is set to PathJoinStrategy
-	// PathJoinStrategy is a strategy that is more strict [Security - PRISMA-2022-0227]
-	MergePathStrategy = PathJoinStrategy
-)
-
-// merge two paths using the current (package global) merge path strategy.
-func concatPath(rootPath, routePath string) string {
-	return MergePathStrategy(rootPath, routePath)
 }
 
 var anonymousFuncCount int32
diff --git a/vendor/github.com/fsnotify/fsnotify/.cirrus.yml b/vendor/github.com/fsnotify/fsnotify/.cirrus.yml
new file mode 100644
index 0000000000..ffc7b992b3
--- /dev/null
+++ b/vendor/github.com/fsnotify/fsnotify/.cirrus.yml
@@ -0,0 +1,13 @@
+freebsd_task:
+  name: 'FreeBSD'
+  freebsd_instance:
+    image_family: freebsd-13-2
+  install_script:
+    - pkg update -f
+    - pkg install -y go
+  test_script:
+      # run tests as user "cirrus" instead of root
+    - pw useradd cirrus -m
+    - chown -R cirrus:cirrus .
+    - FSNOTIFY_BUFFER=4096 sudo --preserve-env=FSNOTIFY_BUFFER -u cirrus go test -parallel 1 -race ./...
+    -                      sudo --preserve-env=FSNOTIFY_BUFFER -u cirrus go test -parallel 1 -race ./...
diff --git a/vendor/github.com/fsnotify/fsnotify/.gitignore b/vendor/github.com/fsnotify/fsnotify/.gitignore
index 1d89d85ce4..391cc076b1 100644
--- a/vendor/github.com/fsnotify/fsnotify/.gitignore
+++ b/vendor/github.com/fsnotify/fsnotify/.gitignore
@@ -4,3 +4,4 @@
 
 # Output of go build ./cmd/fsnotify
 /fsnotify
+/fsnotify.exe
diff --git a/vendor/github.com/fsnotify/fsnotify/CHANGELOG.md b/vendor/github.com/fsnotify/fsnotify/CHANGELOG.md
index 77f9593bd5..e0e5757549 100644
--- a/vendor/github.com/fsnotify/fsnotify/CHANGELOG.md
+++ b/vendor/github.com/fsnotify/fsnotify/CHANGELOG.md
@@ -1,16 +1,87 @@
 # Changelog
 
-All notable changes to this project will be documented in this file.
+Unreleased
+----------
+Nothing yet.
 
-The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
-and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+1.7.0 - 2023-10-22
+------------------
+This version of fsnotify needs Go 1.17.
 
-## [Unreleased]
+### Additions
 
-Nothing yet.
+- illumos: add FEN backend to support illumos and Solaris. ([#371])
+
+- all: add `NewBufferedWatcher()` to use a buffered channel, which can be useful
+  in cases where you can't control the kernel buffer and receive a large number
+  of events in bursts. ([#550], [#572])
+
+- all: add `AddWith()`, which is identical to `Add()` but allows passing
+  options. ([#521])
+
+- windows: allow setting the ReadDirectoryChangesW() buffer size with
+  `fsnotify.WithBufferSize()`; the default of 64K is the highest value that
+  works on all platforms and is enough for most purposes, but in some cases a
+  highest buffer is needed. ([#521])
+
+### Changes and fixes
+
+- inotify: remove watcher if a watched path is renamed ([#518])
+
+  After a rename the reported name wasn't updated, or even an empty string.
+  Inotify doesn't provide any good facilities to update it, so just remove the
+  watcher. This is already how it worked on kqueue and FEN.
+
+  On Windows this does work, and remains working.
+
+- windows: don't listen for file attribute changes ([#520])
+
+  File attribute changes are sent as `FILE_ACTION_MODIFIED` by the Windows API,
+  with no way to see if they're a file write or attribute change, so would show
+  up as a fsnotify.Write event. This is never useful, and could result in many
+  spurious Write events.
+
+- windows: return `ErrEventOverflow` if the buffer is full ([#525])
+
+  Before it would merely return "short read", making it hard to detect this
+  error.
+
+- kqueue: make sure events for all files are delivered properly when removing a
+  watched directory ([#526])
+
+  Previously they would get sent with `""` (empty string) or `"."` as the path
+  name.
+
+- kqueue: don't emit spurious Create events for symbolic links ([#524])
+
+  The link would get resolved but kqueue would "forget" it already saw the link
+  itself, resulting on a Create for every Write event for the directory.
+
+- all: return `ErrClosed` on `Add()` when the watcher is closed ([#516])
+
+- other: add `Watcher.Errors` and `Watcher.Events` to the no-op `Watcher` in
+  `backend_other.go`, making it easier to use on unsupported platforms such as
+  WASM, AIX, etc. ([#528])
+
+- other: use the `backend_other.go` no-op if the `appengine` build tag is set;
+  Google AppEngine forbids usage of the unsafe package so the inotify backend
+  won't compile there.
 
-## [1.6.0] - 2022-10-13
+[#371]: https://github.com/fsnotify/fsnotify/pull/371
+[#516]: https://github.com/fsnotify/fsnotify/pull/516
+[#518]: https://github.com/fsnotify/fsnotify/pull/518
+[#520]: https://github.com/fsnotify/fsnotify/pull/520
+[#521]: https://github.com/fsnotify/fsnotify/pull/521
+[#524]: https://github.com/fsnotify/fsnotify/pull/524
+[#525]: https://github.com/fsnotify/fsnotify/pull/525
+[#526]: https://github.com/fsnotify/fsnotify/pull/526
+[#528]: https://github.com/fsnotify/fsnotify/pull/528
+[#537]: https://github.com/fsnotify/fsnotify/pull/537
+[#550]: https://github.com/fsnotify/fsnotify/pull/550
+[#572]: https://github.com/fsnotify/fsnotify/pull/572
 
+1.6.0 - 2022-10-13
+------------------
 This version of fsnotify needs Go 1.16 (this was already the case since 1.5.1,
 but not documented). It also increases the minimum Linux version to 2.6.32.
 
diff --git a/vendor/github.com/fsnotify/fsnotify/README.md b/vendor/github.com/fsnotify/fsnotify/README.md
index d4e6080feb..e480733d16 100644
--- a/vendor/github.com/fsnotify/fsnotify/README.md
+++ b/vendor/github.com/fsnotify/fsnotify/README.md
@@ -1,29 +1,31 @@
 fsnotify is a Go library to provide cross-platform filesystem notifications on
-Windows, Linux, macOS, and BSD systems.
+Windows, Linux, macOS, BSD, and illumos.
 
-Go 1.16 or newer is required; the full documentation is at
+Go 1.17 or newer is required; the full documentation is at
 https://pkg.go.dev/github.com/fsnotify/fsnotify
 
-**It's best to read the documentation at pkg.go.dev, as it's pinned to the last
-released version, whereas this README is for the last development version which
-may include additions/changes.**
-
 ---
 
 Platform support:
 
-| Adapter               | OS             | Status                                                       |
-| --------------------- | ---------------| -------------------------------------------------------------|
-| inotify               | Linux 2.6.32+  | Supported                                                    |
-| kqueue                | BSD, macOS     | Supported                                                    |
-| ReadDirectoryChangesW | Windows        | Supported                                                    |
-| FSEvents              | macOS          | [Planned](https://github.com/fsnotify/fsnotify/issues/11)    |
-| FEN                   | Solaris 11     | [In Progress](https://github.com/fsnotify/fsnotify/pull/371) |
-| fanotify              | Linux 5.9+     | [Maybe](https://github.com/fsnotify/fsnotify/issues/114)     |
-| USN Journals          | Windows        | [Maybe](https://github.com/fsnotify/fsnotify/issues/53)      |
-| Polling               | *All*          | [Maybe](https://github.com/fsnotify/fsnotify/issues/9)       |
-
-Linux and macOS should include Android and iOS, but these are currently untested.
+| Backend               | OS         | Status                                                                    |
+| :-------------------- | :--------- | :------------------------------------------------------------------------ |
+| inotify               | Linux      | Supported                                                                 |
+| kqueue                | BSD, macOS | Supported                                                                 |
+| ReadDirectoryChangesW | Windows    | Supported                                                                 |
+| FEN                   | illumos    | Supported                                                                 |
+| fanotify              | Linux 5.9+ | [Not yet](https://github.com/fsnotify/fsnotify/issues/114)                |
+| AHAFS                 | AIX        | [aix branch]; experimental due to lack of maintainer and test environment |
+| FSEvents              | macOS      | [Needs support in x/sys/unix][fsevents]                                   |
+| USN Journals          | Windows    | [Needs support in x/sys/windows][usn]                                     |
+| Polling               | *All*      | [Not yet](https://github.com/fsnotify/fsnotify/issues/9)                  |
+
+Linux and illumos should include Android and Solaris, but these are currently
+untested.
+
+[fsevents]:   https://github.com/fsnotify/fsnotify/issues/11#issuecomment-1279133120
+[usn]:        https://github.com/fsnotify/fsnotify/issues/53#issuecomment-1279829847
+[aix branch]: https://github.com/fsnotify/fsnotify/issues/353#issuecomment-1284590129
 
 Usage
 -----
@@ -83,20 +85,23 @@ run with:
 
     % go run ./cmd/fsnotify
 
+Further detailed documentation can be found in godoc:
+https://pkg.go.dev/github.com/fsnotify/fsnotify
+
 FAQ
 ---
 ### Will a file still be watched when it's moved to another directory?
 No, not unless you are watching the location it was moved to.
 
-### Are subdirectories watched too?
+### Are subdirectories watched?
 No, you must add watches for any directory you want to watch (a recursive
 watcher is on the roadmap: [#18]).
 
 [#18]: https://github.com/fsnotify/fsnotify/issues/18
 
 ### Do I have to watch the Error and Event channels in a goroutine?
-As of now, yes (you can read both channels in the same goroutine using `select`,
-you don't need a separate goroutine for both channels; see the example).
+Yes. You can read both channels in the same goroutine using `select` (you don't
+need a separate goroutine for both channels; see the example).
 
 ### Why don't notifications work with NFS, SMB, FUSE, /proc, or /sys?
 fsnotify requires support from underlying OS to work. The current NFS and SMB
@@ -107,6 +112,32 @@ This could be fixed with a polling watcher ([#9]), but it's not yet implemented.
 
 [#9]: https://github.com/fsnotify/fsnotify/issues/9
 
+### Why do I get many Chmod events?
+Some programs may generate a lot of attribute changes; for example Spotlight on
+macOS, anti-virus programs, backup applications, and some others are known to do
+this. As a rule, it's typically best to ignore Chmod events. They're often not
+useful, and tend to cause problems.
+
+Spotlight indexing on macOS can result in multiple events (see [#15]). A
+temporary workaround is to add your folder(s) to the *Spotlight Privacy
+settings* until we have a native FSEvents implementation (see [#11]).
+
+[#11]: https://github.com/fsnotify/fsnotify/issues/11
+[#15]: https://github.com/fsnotify/fsnotify/issues/15
+
+### Watching a file doesn't work well
+Watching individual files (rather than directories) is generally not recommended
+as many programs (especially editors) update files atomically: it will write to
+a temporary file which is then moved to to destination, overwriting the original
+(or some variant thereof). The watcher on the original file is now lost, as that
+no longer exists.
+
+The upshot of this is that a power failure or crash won't leave a half-written
+file.
+
+Watch the parent directory and use `Event.Name` to filter out files you're not
+interested in. There is an example of this in `cmd/fsnotify/file.go`.
+
 Platform-specific notes
 -----------------------
 ### Linux
@@ -151,11 +182,3 @@ these platforms.
 
 The sysctl variables `kern.maxfiles` and `kern.maxfilesperproc` can be used to
 control the maximum number of open files.
-
-### macOS
-Spotlight indexing on macOS can result in multiple events (see [#15]). A temporary
-workaround is to add your folder(s) to the *Spotlight Privacy settings* until we
-have a native FSEvents implementation (see [#11]).
-
-[#11]: https://github.com/fsnotify/fsnotify/issues/11
-[#15]: https://github.com/fsnotify/fsnotify/issues/15
diff --git a/vendor/github.com/fsnotify/fsnotify/backend_fen.go b/vendor/github.com/fsnotify/fsnotify/backend_fen.go
index 1a95ad8e7c..28497f1dd8 100644
--- a/vendor/github.com/fsnotify/fsnotify/backend_fen.go
+++ b/vendor/github.com/fsnotify/fsnotify/backend_fen.go
@@ -1,10 +1,19 @@
 //go:build solaris
 // +build solaris
 
+// Note: the documentation on the Watcher type and methods is generated from
+// mkdoc.zsh
+
 package fsnotify
 
 import (
 	"errors"
+	"fmt"
+	"os"
+	"path/filepath"
+	"sync"
+
+	"golang.org/x/sys/unix"
 )
 
 // Watcher watches a set of paths, delivering events on a channel.
@@ -17,9 +26,9 @@ import (
 // When a file is removed a Remove event won't be emitted until all file
 // descriptors are closed, and deletes will always emit a Chmod. For example:
 //
-//     fp := os.Open("file")
-//     os.Remove("file")        // Triggers Chmod
-//     fp.Close()               // Triggers Remove
+//	fp := os.Open("file")
+//	os.Remove("file")        // Triggers Chmod
+//	fp.Close()               // Triggers Remove
 //
 // This is the event that inotify sends, so not much can be changed about this.
 //
@@ -33,16 +42,16 @@ import (
 //
 // To increase them you can use sysctl or write the value to the /proc file:
 //
-//     # Default values on Linux 5.18
-//     sysctl fs.inotify.max_user_watches=124983
-//     sysctl fs.inotify.max_user_instances=128
+//	# Default values on Linux 5.18
+//	sysctl fs.inotify.max_user_watches=124983
+//	sysctl fs.inotify.max_user_instances=128
 //
 // To make the changes persist on reboot edit /etc/sysctl.conf or
 // /usr/lib/sysctl.d/50-default.conf (details differ per Linux distro; check
 // your distro's documentation):
 //
-//     fs.inotify.max_user_watches=124983
-//     fs.inotify.max_user_instances=128
+//	fs.inotify.max_user_watches=124983
+//	fs.inotify.max_user_instances=128
 //
 // Reaching the limit will result in a "no space left on device" or "too many open
 // files" error.
@@ -58,14 +67,20 @@ import (
 // control the maximum number of open files, as well as /etc/login.conf on BSD
 // systems.
 //
-// # macOS notes
+// # Windows notes
+//
+// Paths can be added as "C:\path\to\dir", but forward slashes
+// ("C:/path/to/dir") will also work.
 //
-// Spotlight indexing on macOS can result in multiple events (see [#15]). A
-// temporary workaround is to add your folder(s) to the "Spotlight Privacy
-// Settings" until we have a native FSEvents implementation (see [#11]).
+// When a watched directory is removed it will always send an event for the
+// directory itself, but may not send events for all files in that directory.
+// Sometimes it will send events for all times, sometimes it will send no
+// events, and often only for some files.
 //
-// [#11]: https://github.com/fsnotify/fsnotify/issues/11
-// [#15]: https://github.com/fsnotify/fsnotify/issues/15
+// The default ReadDirectoryChangesW() buffer size is 64K, which is the largest
+// value that is guaranteed to work with SMB filesystems. If you have many
+// events in quick succession this may not be enough, and you will have to use
+// [WithBufferSize] to increase the value.
 type Watcher struct {
 	// Events sends the filesystem change events.
 	//
@@ -92,44 +107,129 @@ type Watcher struct {
 	//                      initiated by the user may show up as one or multiple
 	//                      writes, depending on when the system syncs things to
 	//                      disk. For example when compiling a large Go program
-	//                      you may get hundreds of Write events, so you
-	//                      probably want to wait until you've stopped receiving
-	//                      them (see the dedup example in cmd/fsnotify).
+	//                      you may get hundreds of Write events, and you may
+	//                      want to wait until you've stopped receiving them
+	//                      (see the dedup example in cmd/fsnotify).
+	//
+	//                      Some systems may send Write event for directories
+	//                      when the directory content changes.
 	//
 	//   fsnotify.Chmod     Attributes were changed. On Linux this is also sent
 	//                      when a file is removed (or more accurately, when a
 	//                      link to an inode is removed). On kqueue it's sent
-	//                      and on kqueue when a file is truncated. On Windows
-	//                      it's never sent.
+	//                      when a file is truncated. On Windows it's never
+	//                      sent.
 	Events chan Event
 
 	// Errors sends any errors.
+	//
+	// ErrEventOverflow is used to indicate there are too many events:
+	//
+	//  - inotify:      There are too many queued events (fs.inotify.max_queued_events sysctl)
+	//  - windows:      The buffer size is too small; WithBufferSize() can be used to increase it.
+	//  - kqueue, fen:  Not used.
 	Errors chan error
+
+	mu      sync.Mutex
+	port    *unix.EventPort
+	done    chan struct{}       // Channel for sending a "quit message" to the reader goroutine
+	dirs    map[string]struct{} // Explicitly watched directories
+	watches map[string]struct{} // Explicitly watched non-directories
 }
 
 // NewWatcher creates a new Watcher.
 func NewWatcher() (*Watcher, error) {
-	return nil, errors.New("FEN based watcher not yet supported for fsnotify\n")
+	return NewBufferedWatcher(0)
 }
 
-// Close removes all watches and closes the events channel.
+// NewBufferedWatcher creates a new Watcher with a buffered Watcher.Events
+// channel.
+//
+// The main use case for this is situations with a very large number of events
+// where the kernel buffer size can't be increased (e.g. due to lack of
+// permissions). An unbuffered Watcher will perform better for almost all use
+// cases, and whenever possible you will be better off increasing the kernel
+// buffers instead of adding a large userspace buffer.
+func NewBufferedWatcher(sz uint) (*Watcher, error) {
+	w := &Watcher{
+		Events:  make(chan Event, sz),
+		Errors:  make(chan error),
+		dirs:    make(map[string]struct{}),
+		watches: make(map[string]struct{}),
+		done:    make(chan struct{}),
+	}
+
+	var err error
+	w.port, err = unix.NewEventPort()
+	if err != nil {
+		return nil, fmt.Errorf("fsnotify.NewWatcher: %w", err)
+	}
+
+	go w.readEvents()
+	return w, nil
+}
+
+// sendEvent attempts to send an event to the user, returning true if the event
+// was put in the channel successfully and false if the watcher has been closed.
+func (w *Watcher) sendEvent(name string, op Op) (sent bool) {
+	select {
+	case w.Events <- Event{Name: name, Op: op}:
+		return true
+	case <-w.done:
+		return false
+	}
+}
+
+// sendError attempts to send an error to the user, returning true if the error
+// was put in the channel successfully and false if the watcher has been closed.
+func (w *Watcher) sendError(err error) (sent bool) {
+	select {
+	case w.Errors <- err:
+		return true
+	case <-w.done:
+		return false
+	}
+}
+
+func (w *Watcher) isClosed() bool {
+	select {
+	case <-w.done:
+		return true
+	default:
+		return false
+	}
+}
+
+// Close removes all watches and closes the Events channel.
 func (w *Watcher) Close() error {
-	return nil
+	// Take the lock used by associateFile to prevent lingering events from
+	// being processed after the close
+	w.mu.Lock()
+	defer w.mu.Unlock()
+	if w.isClosed() {
+		return nil
+	}
+	close(w.done)
+	return w.port.Close()
 }
 
 // Add starts monitoring the path for changes.
 //
-// A path can only be watched once; attempting to watch it more than once will
-// return an error. Paths that do not yet exist on the filesystem cannot be
-// added. A watch will be automatically removed if the path is deleted.
+// A path can only be watched once; watching it more than once is a no-op and will
+// not return an error. Paths that do not yet exist on the filesystem cannot be
+// watched.
 //
-// A path will remain watched if it gets renamed to somewhere else on the same
-// filesystem, but the monitor will get removed if the path gets deleted and
-// re-created, or if it's moved to a different filesystem.
+// A watch will be automatically removed if the watched path is deleted or
+// renamed. The exception is the Windows backend, which doesn't remove the
+// watcher on renames.
 //
 // Notifications on network filesystems (NFS, SMB, FUSE, etc.) or special
 // filesystems (/proc, /sys, etc.) generally don't work.
 //
+// Returns [ErrClosed] if [Watcher.Close] was called.
+//
+// See [Watcher.AddWith] for a version that allows adding options.
+//
 // # Watching directories
 //
 // All files in a directory are monitored, including new files that are created
@@ -139,15 +239,63 @@ func (w *Watcher) Close() error {
 // # Watching files
 //
 // Watching individual files (rather than directories) is generally not
-// recommended as many tools update files atomically. Instead of "just" writing
-// to the file a temporary file will be written to first, and if successful the
-// temporary file is moved to to destination removing the original, or some
-// variant thereof. The watcher on the original file is now lost, as it no
-// longer exists.
-//
-// Instead, watch the parent directory and use Event.Name to filter out files
-// you're not interested in. There is an example of this in [cmd/fsnotify/file.go].
-func (w *Watcher) Add(name string) error {
+// recommended as many programs (especially editors) update files atomically: it
+// will write to a temporary file which is then moved to to destination,
+// overwriting the original (or some variant thereof). The watcher on the
+// original file is now lost, as that no longer exists.
+//
+// The upshot of this is that a power failure or crash won't leave a
+// half-written file.
+//
+// Watch the parent directory and use Event.Name to filter out files you're not
+// interested in. There is an example of this in cmd/fsnotify/file.go.
+func (w *Watcher) Add(name string) error { return w.AddWith(name) }
+
+// AddWith is like [Watcher.Add], but allows adding options. When using Add()
+// the defaults described below are used.
+//
+// Possible options are:
+//
+//   - [WithBufferSize] sets the buffer size for the Windows backend; no-op on
+//     other platforms. The default is 64K (65536 bytes).
+func (w *Watcher) AddWith(name string, opts ...addOpt) error {
+	if w.isClosed() {
+		return ErrClosed
+	}
+	if w.port.PathIsWatched(name) {
+		return nil
+	}
+
+	_ = getOptions(opts...)
+
+	// Currently we resolve symlinks that were explicitly requested to be
+	// watched. Otherwise we would use LStat here.
+	stat, err := os.Stat(name)
+	if err != nil {
+		return err
+	}
+
+	// Associate all files in the directory.
+	if stat.IsDir() {
+		err := w.handleDirectory(name, stat, true, w.associateFile)
+		if err != nil {
+			return err
+		}
+
+		w.mu.Lock()
+		w.dirs[name] = struct{}{}
+		w.mu.Unlock()
+		return nil
+	}
+
+	err = w.associateFile(name, stat, true)
+	if err != nil {
+		return err
+	}
+
+	w.mu.Lock()
+	w.watches[name] = struct{}{}
+	w.mu.Unlock()
 	return nil
 }
 
@@ -157,6 +305,336 @@ func (w *Watcher) Add(name string) error {
 // /tmp/dir and /tmp/dir/subdir then you will need to remove both.
 //
 // Removing a path that has not yet been added returns [ErrNonExistentWatch].
+//
+// Returns nil if [Watcher.Close] was called.
 func (w *Watcher) Remove(name string) error {
+	if w.isClosed() {
+		return nil
+	}
+	if !w.port.PathIsWatched(name) {
+		return fmt.Errorf("%w: %s", ErrNonExistentWatch, name)
+	}
+
+	// The user has expressed an intent. Immediately remove this name from
+	// whichever watch list it might be in. If it's not in there the delete
+	// doesn't cause harm.
+	w.mu.Lock()
+	delete(w.watches, name)
+	delete(w.dirs, name)
+	w.mu.Unlock()
+
+	stat, err := os.Stat(name)
+	if err != nil {
+		return err
+	}
+
+	// Remove associations for every file in the directory.
+	if stat.IsDir() {
+		err := w.handleDirectory(name, stat, false, w.dissociateFile)
+		if err != nil {
+			return err
+		}
+		return nil
+	}
+
+	err = w.port.DissociatePath(name)
+	if err != nil {
+		return err
+	}
+
 	return nil
 }
+
+// readEvents contains the main loop that runs in a goroutine watching for events.
+func (w *Watcher) readEvents() {
+	// If this function returns, the watcher has been closed and we can close
+	// these channels
+	defer func() {
+		close(w.Errors)
+		close(w.Events)
+	}()
+
+	pevents := make([]unix.PortEvent, 8)
+	for {
+		count, err := w.port.Get(pevents, 1, nil)
+		if err != nil && err != unix.ETIME {
+			// Interrupted system call (count should be 0) ignore and continue
+			if errors.Is(err, unix.EINTR) && count == 0 {
+				continue
+			}
+			// Get failed because we called w.Close()
+			if errors.Is(err, unix.EBADF) && w.isClosed() {
+				return
+			}
+			// There was an error not caused by calling w.Close()
+			if !w.sendError(err) {
+				return
+			}
+		}
+
+		p := pevents[:count]
+		for _, pevent := range p {
+			if pevent.Source != unix.PORT_SOURCE_FILE {
+				// Event from unexpected source received; should never happen.
+				if !w.sendError(errors.New("Event from unexpected source received")) {
+					return
+				}
+				continue
+			}
+
+			err = w.handleEvent(&pevent)
+			if err != nil {
+				if !w.sendError(err) {
+					return
+				}
+			}
+		}
+	}
+}
+
+func (w *Watcher) handleDirectory(path string, stat os.FileInfo, follow bool, handler func(string, os.FileInfo, bool) error) error {
+	files, err := os.ReadDir(path)
+	if err != nil {
+		return err
+	}
+
+	// Handle all children of the directory.
+	for _, entry := range files {
+		finfo, err := entry.Info()
+		if err != nil {
+			return err
+		}
+		err = handler(filepath.Join(path, finfo.Name()), finfo, false)
+		if err != nil {
+			return err
+		}
+	}
+
+	// And finally handle the directory itself.
+	return handler(path, stat, follow)
+}
+
+// handleEvent might need to emit more than one fsnotify event if the events
+// bitmap matches more than one event type (e.g. the file was both modified and
+// had the attributes changed between when the association was created and the
+// when event was returned)
+func (w *Watcher) handleEvent(event *unix.PortEvent) error {
+	var (
+		events     = event.Events
+		path       = event.Path
+		fmode      = event.Cookie.(os.FileMode)
+		reRegister = true
+	)
+
+	w.mu.Lock()
+	_, watchedDir := w.dirs[path]
+	_, watchedPath := w.watches[path]
+	w.mu.Unlock()
+	isWatched := watchedDir || watchedPath
+
+	if events&unix.FILE_DELETE != 0 {
+		if !w.sendEvent(path, Remove) {
+			return nil
+		}
+		reRegister = false
+	}
+	if events&unix.FILE_RENAME_FROM != 0 {
+		if !w.sendEvent(path, Rename) {
+			return nil
+		}
+		// Don't keep watching the new file name
+		reRegister = false
+	}
+	if events&unix.FILE_RENAME_TO != 0 {
+		// We don't report a Rename event for this case, because Rename events
+		// are interpreted as referring to the _old_ name of the file, and in
+		// this case the event would refer to the new name of the file. This
+		// type of rename event is not supported by fsnotify.
+
+		// inotify reports a Remove event in this case, so we simulate this
+		// here.
+		if !w.sendEvent(path, Remove) {
+			return nil
+		}
+		// Don't keep watching the file that was removed
+		reRegister = false
+	}
+
+	// The file is gone, nothing left to do.
+	if !reRegister {
+		if watchedDir {
+			w.mu.Lock()
+			delete(w.dirs, path)
+			w.mu.Unlock()
+		}
+		if watchedPath {
+			w.mu.Lock()
+			delete(w.watches, path)
+			w.mu.Unlock()
+		}
+		return nil
+	}
+
+	// If we didn't get a deletion the file still exists and we're going to have
+	// to watch it again. Let's Stat it now so that we can compare permissions
+	// and have what we need to continue watching the file
+
+	stat, err := os.Lstat(path)
+	if err != nil {
+		// This is unexpected, but we should still emit an event. This happens
+		// most often on "rm -r" of a subdirectory inside a watched directory We
+		// get a modify event of something happening inside, but by the time we
+		// get here, the sudirectory is already gone. Clearly we were watching
+		// this path but now it is gone. Let's tell the user that it was
+		// removed.
+		if !w.sendEvent(path, Remove) {
+			return nil
+		}
+		// Suppress extra write events on removed directories; they are not
+		// informative and can be confusing.
+		return nil
+	}
+
+	// resolve symlinks that were explicitly watched as we would have at Add()
+	// time. this helps suppress spurious Chmod events on watched symlinks
+	if isWatched {
+		stat, err = os.Stat(path)
+		if err != nil {
+			// The symlink still exists, but the target is gone. Report the
+			// Remove similar to above.
+			if !w.sendEvent(path, Remove) {
+				return nil
+			}
+			// Don't return the error
+		}
+	}
+
+	if events&unix.FILE_MODIFIED != 0 {
+		if fmode.IsDir() {
+			if watchedDir {
+				if err := w.updateDirectory(path); err != nil {
+					return err
+				}
+			} else {
+				if !w.sendEvent(path, Write) {
+					return nil
+				}
+			}
+		} else {
+			if !w.sendEvent(path, Write) {
+				return nil
+			}
+		}
+	}
+	if events&unix.FILE_ATTRIB != 0 && stat != nil {
+		// Only send Chmod if perms changed
+		if stat.Mode().Perm() != fmode.Perm() {
+			if !w.sendEvent(path, Chmod) {
+				return nil
+			}
+		}
+	}
+
+	if stat != nil {
+		// If we get here, it means we've hit an event above that requires us to
+		// continue watching the file or directory
+		return w.associateFile(path, stat, isWatched)
+	}
+	return nil
+}
+
+func (w *Watcher) updateDirectory(path string) error {
+	// The directory was modified, so we must find unwatched entities and watch
+	// them. If something was removed from the directory, nothing will happen,
+	// as everything else should still be watched.
+	files, err := os.ReadDir(path)
+	if err != nil {
+		return err
+	}
+
+	for _, entry := range files {
+		path := filepath.Join(path, entry.Name())
+		if w.port.PathIsWatched(path) {
+			continue
+		}
+
+		finfo, err := entry.Info()
+		if err != nil {
+			return err
+		}
+		err = w.associateFile(path, finfo, false)
+		if err != nil {
+			if !w.sendError(err) {
+				return nil
+			}
+		}
+		if !w.sendEvent(path, Create) {
+			return nil
+		}
+	}
+	return nil
+}
+
+func (w *Watcher) associateFile(path string, stat os.FileInfo, follow bool) error {
+	if w.isClosed() {
+		return ErrClosed
+	}
+	// This is primarily protecting the call to AssociatePath but it is
+	// important and intentional that the call to PathIsWatched is also
+	// protected by this mutex. Without this mutex, AssociatePath has been seen
+	// to error out that the path is already associated.
+	w.mu.Lock()
+	defer w.mu.Unlock()
+
+	if w.port.PathIsWatched(path) {
+		// Remove the old association in favor of this one If we get ENOENT,
+		// then while the x/sys/unix wrapper still thought that this path was
+		// associated, the underlying event port did not. This call will have
+		// cleared up that discrepancy. The most likely cause is that the event
+		// has fired but we haven't processed it yet.
+		err := w.port.DissociatePath(path)
+		if err != nil && err != unix.ENOENT {
+			return err
+		}
+	}
+	// FILE_NOFOLLOW means we watch symlinks themselves rather than their
+	// targets.
+	events := unix.FILE_MODIFIED | unix.FILE_ATTRIB | unix.FILE_NOFOLLOW
+	if follow {
+		// We *DO* follow symlinks for explicitly watched entries.
+		events = unix.FILE_MODIFIED | unix.FILE_ATTRIB
+	}
+	return w.port.AssociatePath(path, stat,
+		events,
+		stat.Mode())
+}
+
+func (w *Watcher) dissociateFile(path string, stat os.FileInfo, unused bool) error {
+	if !w.port.PathIsWatched(path) {
+		return nil
+	}
+	return w.port.DissociatePath(path)
+}
+
+// WatchList returns all paths explicitly added with [Watcher.Add] (and are not
+// yet removed).
+//
+// Returns nil if [Watcher.Close] was called.
+func (w *Watcher) WatchList() []string {
+	if w.isClosed() {
+		return nil
+	}
+
+	w.mu.Lock()
+	defer w.mu.Unlock()
+
+	entries := make([]string, 0, len(w.watches)+len(w.dirs))
+	for pathname := range w.dirs {
+		entries = append(entries, pathname)
+	}
+	for pathname := range w.watches {
+		entries = append(entries, pathname)
+	}
+
+	return entries
+}
diff --git a/vendor/github.com/fsnotify/fsnotify/backend_inotify.go b/vendor/github.com/fsnotify/fsnotify/backend_inotify.go
index 54c77fbb0e..921c1c1e40 100644
--- a/vendor/github.com/fsnotify/fsnotify/backend_inotify.go
+++ b/vendor/github.com/fsnotify/fsnotify/backend_inotify.go
@@ -1,5 +1,8 @@
-//go:build linux
-// +build linux
+//go:build linux && !appengine
+// +build linux,!appengine
+
+// Note: the documentation on the Watcher type and methods is generated from
+// mkdoc.zsh
 
 package fsnotify
 
@@ -26,9 +29,9 @@ import (
 // When a file is removed a Remove event won't be emitted until all file
 // descriptors are closed, and deletes will always emit a Chmod. For example:
 //
-//     fp := os.Open("file")
-//     os.Remove("file")        // Triggers Chmod
-//     fp.Close()               // Triggers Remove
+//	fp := os.Open("file")
+//	os.Remove("file")        // Triggers Chmod
+//	fp.Close()               // Triggers Remove
 //
 // This is the event that inotify sends, so not much can be changed about this.
 //
@@ -42,16 +45,16 @@ import (
 //
 // To increase them you can use sysctl or write the value to the /proc file:
 //
-//     # Default values on Linux 5.18
-//     sysctl fs.inotify.max_user_watches=124983
-//     sysctl fs.inotify.max_user_instances=128
+//	# Default values on Linux 5.18
+//	sysctl fs.inotify.max_user_watches=124983
+//	sysctl fs.inotify.max_user_instances=128
 //
 // To make the changes persist on reboot edit /etc/sysctl.conf or
 // /usr/lib/sysctl.d/50-default.conf (details differ per Linux distro; check
 // your distro's documentation):
 //
-//     fs.inotify.max_user_watches=124983
-//     fs.inotify.max_user_instances=128
+//	fs.inotify.max_user_watches=124983
+//	fs.inotify.max_user_instances=128
 //
 // Reaching the limit will result in a "no space left on device" or "too many open
 // files" error.
@@ -67,14 +70,20 @@ import (
 // control the maximum number of open files, as well as /etc/login.conf on BSD
 // systems.
 //
-// # macOS notes
+// # Windows notes
+//
+// Paths can be added as "C:\path\to\dir", but forward slashes
+// ("C:/path/to/dir") will also work.
 //
-// Spotlight indexing on macOS can result in multiple events (see [#15]). A
-// temporary workaround is to add your folder(s) to the "Spotlight Privacy
-// Settings" until we have a native FSEvents implementation (see [#11]).
+// When a watched directory is removed it will always send an event for the
+// directory itself, but may not send events for all files in that directory.
+// Sometimes it will send events for all times, sometimes it will send no
+// events, and often only for some files.
 //
-// [#11]: https://github.com/fsnotify/fsnotify/issues/11
-// [#15]: https://github.com/fsnotify/fsnotify/issues/15
+// The default ReadDirectoryChangesW() buffer size is 64K, which is the largest
+// value that is guaranteed to work with SMB filesystems. If you have many
+// events in quick succession this may not be enough, and you will have to use
+// [WithBufferSize] to increase the value.
 type Watcher struct {
 	// Events sends the filesystem change events.
 	//
@@ -101,36 +110,148 @@ type Watcher struct {
 	//                      initiated by the user may show up as one or multiple
 	//                      writes, depending on when the system syncs things to
 	//                      disk. For example when compiling a large Go program
-	//                      you may get hundreds of Write events, so you
-	//                      probably want to wait until you've stopped receiving
-	//                      them (see the dedup example in cmd/fsnotify).
+	//                      you may get hundreds of Write events, and you may
+	//                      want to wait until you've stopped receiving them
+	//                      (see the dedup example in cmd/fsnotify).
+	//
+	//                      Some systems may send Write event for directories
+	//                      when the directory content changes.
 	//
 	//   fsnotify.Chmod     Attributes were changed. On Linux this is also sent
 	//                      when a file is removed (or more accurately, when a
 	//                      link to an inode is removed). On kqueue it's sent
-	//                      and on kqueue when a file is truncated. On Windows
-	//                      it's never sent.
+	//                      when a file is truncated. On Windows it's never
+	//                      sent.
 	Events chan Event
 
 	// Errors sends any errors.
+	//
+	// ErrEventOverflow is used to indicate there are too many events:
+	//
+	//  - inotify:      There are too many queued events (fs.inotify.max_queued_events sysctl)
+	//  - windows:      The buffer size is too small; WithBufferSize() can be used to increase it.
+	//  - kqueue, fen:  Not used.
 	Errors chan error
 
 	// Store fd here as os.File.Read() will no longer return on close after
 	// calling Fd(). See: https://github.com/golang/go/issues/26439
 	fd          int
-	mu          sync.Mutex // Map access
 	inotifyFile *os.File
-	watches     map[string]*watch // Map of inotify watches (key: path)
-	paths       map[int]string    // Map of watched paths (key: watch descriptor)
-	done        chan struct{}     // Channel for sending a "quit message" to the reader goroutine
-	doneResp    chan struct{}     // Channel to respond to Close
+	watches     *watches
+	done        chan struct{} // Channel for sending a "quit message" to the reader goroutine
+	closeMu     sync.Mutex
+	doneResp    chan struct{} // Channel to respond to Close
+}
+
+type (
+	watches struct {
+		mu   sync.RWMutex
+		wd   map[uint32]*watch // wd → watch
+		path map[string]uint32 // pathname → wd
+	}
+	watch struct {
+		wd    uint32 // Watch descriptor (as returned by the inotify_add_watch() syscall)
+		flags uint32 // inotify flags of this watch (see inotify(7) for the list of valid flags)
+		path  string // Watch path.
+	}
+)
+
+func newWatches() *watches {
+	return &watches{
+		wd:   make(map[uint32]*watch),
+		path: make(map[string]uint32),
+	}
+}
+
+func (w *watches) len() int {
+	w.mu.RLock()
+	defer w.mu.RUnlock()
+	return len(w.wd)
+}
+
+func (w *watches) add(ww *watch) {
+	w.mu.Lock()
+	defer w.mu.Unlock()
+	w.wd[ww.wd] = ww
+	w.path[ww.path] = ww.wd
+}
+
+func (w *watches) remove(wd uint32) {
+	w.mu.Lock()
+	defer w.mu.Unlock()
+	delete(w.path, w.wd[wd].path)
+	delete(w.wd, wd)
+}
+
+func (w *watches) removePath(path string) (uint32, bool) {
+	w.mu.Lock()
+	defer w.mu.Unlock()
+
+	wd, ok := w.path[path]
+	if !ok {
+		return 0, false
+	}
+
+	delete(w.path, path)
+	delete(w.wd, wd)
+
+	return wd, true
+}
+
+func (w *watches) byPath(path string) *watch {
+	w.mu.RLock()
+	defer w.mu.RUnlock()
+	return w.wd[w.path[path]]
+}
+
+func (w *watches) byWd(wd uint32) *watch {
+	w.mu.RLock()
+	defer w.mu.RUnlock()
+	return w.wd[wd]
+}
+
+func (w *watches) updatePath(path string, f func(*watch) (*watch, error)) error {
+	w.mu.Lock()
+	defer w.mu.Unlock()
+
+	var existing *watch
+	wd, ok := w.path[path]
+	if ok {
+		existing = w.wd[wd]
+	}
+
+	upd, err := f(existing)
+	if err != nil {
+		return err
+	}
+	if upd != nil {
+		w.wd[upd.wd] = upd
+		w.path[upd.path] = upd.wd
+
+		if upd.wd != wd {
+			delete(w.wd, wd)
+		}
+	}
+
+	return nil
 }
 
 // NewWatcher creates a new Watcher.
 func NewWatcher() (*Watcher, error) {
-	// Create inotify fd
-	// Need to set the FD to nonblocking mode in order for SetDeadline methods to work
-	// Otherwise, blocking i/o operations won't terminate on close
+	return NewBufferedWatcher(0)
+}
+
+// NewBufferedWatcher creates a new Watcher with a buffered Watcher.Events
+// channel.
+//
+// The main use case for this is situations with a very large number of events
+// where the kernel buffer size can't be increased (e.g. due to lack of
+// permissions). An unbuffered Watcher will perform better for almost all use
+// cases, and whenever possible you will be better off increasing the kernel
+// buffers instead of adding a large userspace buffer.
+func NewBufferedWatcher(sz uint) (*Watcher, error) {
+	// Need to set nonblocking mode for SetDeadline to work, otherwise blocking
+	// I/O operations won't terminate on close.
 	fd, errno := unix.InotifyInit1(unix.IN_CLOEXEC | unix.IN_NONBLOCK)
 	if fd == -1 {
 		return nil, errno
@@ -139,9 +260,8 @@ func NewWatcher() (*Watcher, error) {
 	w := &Watcher{
 		fd:          fd,
 		inotifyFile: os.NewFile(uintptr(fd), ""),
-		watches:     make(map[string]*watch),
-		paths:       make(map[int]string),
-		Events:      make(chan Event),
+		watches:     newWatches(),
+		Events:      make(chan Event, sz),
 		Errors:      make(chan error),
 		done:        make(chan struct{}),
 		doneResp:    make(chan struct{}),
@@ -157,8 +277,8 @@ func (w *Watcher) sendEvent(e Event) bool {
 	case w.Events <- e:
 		return true
 	case <-w.done:
+		return false
 	}
-	return false
 }
 
 // Returns true if the error was sent, or false if watcher is closed.
@@ -180,17 +300,15 @@ func (w *Watcher) isClosed() bool {
 	}
 }
 
-// Close removes all watches and closes the events channel.
+// Close removes all watches and closes the Events channel.
 func (w *Watcher) Close() error {
-	w.mu.Lock()
+	w.closeMu.Lock()
 	if w.isClosed() {
-		w.mu.Unlock()
+		w.closeMu.Unlock()
 		return nil
 	}
-
-	// Send 'close' signal to goroutine, and set the Watcher to closed.
 	close(w.done)
-	w.mu.Unlock()
+	w.closeMu.Unlock()
 
 	// Causes any blocking reads to return with an error, provided the file
 	// still supports deadline operations.
@@ -207,17 +325,21 @@ func (w *Watcher) Close() error {
 
 // Add starts monitoring the path for changes.
 //
-// A path can only be watched once; attempting to watch it more than once will
-// return an error. Paths that do not yet exist on the filesystem cannot be
-// added. A watch will be automatically removed if the path is deleted.
+// A path can only be watched once; watching it more than once is a no-op and will
+// not return an error. Paths that do not yet exist on the filesystem cannot be
+// watched.
 //
-// A path will remain watched if it gets renamed to somewhere else on the same
-// filesystem, but the monitor will get removed if the path gets deleted and
-// re-created, or if it's moved to a different filesystem.
+// A watch will be automatically removed if the watched path is deleted or
+// renamed. The exception is the Windows backend, which doesn't remove the
+// watcher on renames.
 //
 // Notifications on network filesystems (NFS, SMB, FUSE, etc.) or special
 // filesystems (/proc, /sys, etc.) generally don't work.
 //
+// Returns [ErrClosed] if [Watcher.Close] was called.
+//
+// See [Watcher.AddWith] for a version that allows adding options.
+//
 // # Watching directories
 //
 // All files in a directory are monitored, including new files that are created
@@ -227,44 +349,59 @@ func (w *Watcher) Close() error {
 // # Watching files
 //
 // Watching individual files (rather than directories) is generally not
-// recommended as many tools update files atomically. Instead of "just" writing
-// to the file a temporary file will be written to first, and if successful the
-// temporary file is moved to to destination removing the original, or some
-// variant thereof. The watcher on the original file is now lost, as it no
-// longer exists.
-//
-// Instead, watch the parent directory and use Event.Name to filter out files
-// you're not interested in. There is an example of this in [cmd/fsnotify/file.go].
-func (w *Watcher) Add(name string) error {
-	name = filepath.Clean(name)
+// recommended as many programs (especially editors) update files atomically: it
+// will write to a temporary file which is then moved to to destination,
+// overwriting the original (or some variant thereof). The watcher on the
+// original file is now lost, as that no longer exists.
+//
+// The upshot of this is that a power failure or crash won't leave a
+// half-written file.
+//
+// Watch the parent directory and use Event.Name to filter out files you're not
+// interested in. There is an example of this in cmd/fsnotify/file.go.
+func (w *Watcher) Add(name string) error { return w.AddWith(name) }
+
+// AddWith is like [Watcher.Add], but allows adding options. When using Add()
+// the defaults described below are used.
+//
+// Possible options are:
+//
+//   - [WithBufferSize] sets the buffer size for the Windows backend; no-op on
+//     other platforms. The default is 64K (65536 bytes).
+func (w *Watcher) AddWith(name string, opts ...addOpt) error {
 	if w.isClosed() {
-		return errors.New("inotify instance already closed")
+		return ErrClosed
 	}
 
+	name = filepath.Clean(name)
+	_ = getOptions(opts...)
+
 	var flags uint32 = unix.IN_MOVED_TO | unix.IN_MOVED_FROM |
 		unix.IN_CREATE | unix.IN_ATTRIB | unix.IN_MODIFY |
 		unix.IN_MOVE_SELF | unix.IN_DELETE | unix.IN_DELETE_SELF
 
-	w.mu.Lock()
-	defer w.mu.Unlock()
-	watchEntry := w.watches[name]
-	if watchEntry != nil {
-		flags |= watchEntry.flags | unix.IN_MASK_ADD
-	}
-	wd, errno := unix.InotifyAddWatch(w.fd, name, flags)
-	if wd == -1 {
-		return errno
-	}
+	return w.watches.updatePath(name, func(existing *watch) (*watch, error) {
+		if existing != nil {
+			flags |= existing.flags | unix.IN_MASK_ADD
+		}
 
-	if watchEntry == nil {
-		w.watches[name] = &watch{wd: uint32(wd), flags: flags}
-		w.paths[wd] = name
-	} else {
-		watchEntry.wd = uint32(wd)
-		watchEntry.flags = flags
-	}
+		wd, err := unix.InotifyAddWatch(w.fd, name, flags)
+		if wd == -1 {
+			return nil, err
+		}
 
-	return nil
+		if existing == nil {
+			return &watch{
+				wd:    uint32(wd),
+				path:  name,
+				flags: flags,
+			}, nil
+		}
+
+		existing.wd = uint32(wd)
+		existing.flags = flags
+		return existing, nil
+	})
 }
 
 // Remove stops monitoring the path for changes.
@@ -273,32 +410,22 @@ func (w *Watcher) Add(name string) error {
 // /tmp/dir and /tmp/dir/subdir then you will need to remove both.
 //
 // Removing a path that has not yet been added returns [ErrNonExistentWatch].
+//
+// Returns nil if [Watcher.Close] was called.
 func (w *Watcher) Remove(name string) error {
-	name = filepath.Clean(name)
-
-	// Fetch the watch.
-	w.mu.Lock()
-	defer w.mu.Unlock()
-	watch, ok := w.watches[name]
+	if w.isClosed() {
+		return nil
+	}
+	return w.remove(filepath.Clean(name))
+}
 
-	// Remove it from inotify.
+func (w *Watcher) remove(name string) error {
+	wd, ok := w.watches.removePath(name)
 	if !ok {
 		return fmt.Errorf("%w: %s", ErrNonExistentWatch, name)
 	}
 
-	// We successfully removed the watch if InotifyRmWatch doesn't return an
-	// error, we need to clean up our internal state to ensure it matches
-	// inotify's kernel state.
-	delete(w.paths, int(watch.wd))
-	delete(w.watches, name)
-
-	// inotify_rm_watch will return EINVAL if the file has been deleted;
-	// the inotify will already have been removed.
-	// watches and pathes are deleted in ignoreLinux() implicitly and asynchronously
-	// by calling inotify_rm_watch() below. e.g. readEvents() goroutine receives IN_IGNORE
-	// so that EINVAL means that the wd is being rm_watch()ed or its file removed
-	// by another thread and we have not received IN_IGNORE event.
-	success, errno := unix.InotifyRmWatch(w.fd, watch.wd)
+	success, errno := unix.InotifyRmWatch(w.fd, wd)
 	if success == -1 {
 		// TODO: Perhaps it's not helpful to return an error here in every case;
 		//       The only two possible errors are:
@@ -312,28 +439,28 @@ func (w *Watcher) Remove(name string) error {
 		//         are watching is deleted.
 		return errno
 	}
-
 	return nil
 }
 
-// WatchList returns all paths added with [Add] (and are not yet removed).
+// WatchList returns all paths explicitly added with [Watcher.Add] (and are not
+// yet removed).
+//
+// Returns nil if [Watcher.Close] was called.
 func (w *Watcher) WatchList() []string {
-	w.mu.Lock()
-	defer w.mu.Unlock()
+	if w.isClosed() {
+		return nil
+	}
 
-	entries := make([]string, 0, len(w.watches))
-	for pathname := range w.watches {
+	entries := make([]string, 0, w.watches.len())
+	w.watches.mu.RLock()
+	for pathname := range w.watches.path {
 		entries = append(entries, pathname)
 	}
+	w.watches.mu.RUnlock()
 
 	return entries
 }
 
-type watch struct {
-	wd    uint32 // Watch descriptor (as returned by the inotify_add_watch() syscall)
-	flags uint32 // inotify flags of this watch (see inotify(7) for the list of valid flags)
-}
-
 // readEvents reads from the inotify file descriptor, converts the
 // received events into Event objects and sends them via the Events channel
 func (w *Watcher) readEvents() {
@@ -367,14 +494,11 @@ func (w *Watcher) readEvents() {
 		if n < unix.SizeofInotifyEvent {
 			var err error
 			if n == 0 {
-				// If EOF is received. This should really never happen.
-				err = io.EOF
+				err = io.EOF // If EOF is received. This should really never happen.
 			} else if n < 0 {
-				// If an error occurred while reading.
-				err = errno
+				err = errno // If an error occurred while reading.
 			} else {
-				// Read was too short.
-				err = errors.New("notify: short read in readEvents()")
+				err = errors.New("notify: short read in readEvents()") // Read was too short.
 			}
 			if !w.sendError(err) {
 				return
@@ -403,18 +527,29 @@ func (w *Watcher) readEvents() {
 			// doesn't append the filename to the event, but we would like to always fill the
 			// the "Name" field with a valid filename. We retrieve the path of the watch from
 			// the "paths" map.
-			w.mu.Lock()
-			name, ok := w.paths[int(raw.Wd)]
-			// IN_DELETE_SELF occurs when the file/directory being watched is removed.
-			// This is a sign to clean up the maps, otherwise we are no longer in sync
-			// with the inotify kernel state which has already deleted the watch
-			// automatically.
-			if ok && mask&unix.IN_DELETE_SELF == unix.IN_DELETE_SELF {
-				delete(w.paths, int(raw.Wd))
-				delete(w.watches, name)
+			watch := w.watches.byWd(uint32(raw.Wd))
+
+			// inotify will automatically remove the watch on deletes; just need
+			// to clean our state here.
+			if watch != nil && mask&unix.IN_DELETE_SELF == unix.IN_DELETE_SELF {
+				w.watches.remove(watch.wd)
+			}
+			// We can't really update the state when a watched path is moved;
+			// only IN_MOVE_SELF is sent and not IN_MOVED_{FROM,TO}. So remove
+			// the watch.
+			if watch != nil && mask&unix.IN_MOVE_SELF == unix.IN_MOVE_SELF {
+				err := w.remove(watch.path)
+				if err != nil && !errors.Is(err, ErrNonExistentWatch) {
+					if !w.sendError(err) {
+						return
+					}
+				}
 			}
-			w.mu.Unlock()
 
+			var name string
+			if watch != nil {
+				name = watch.path
+			}
 			if nameLen > 0 {
 				// Point "bytes" at the first byte of the filename
 				bytes := (*[unix.PathMax]byte)(unsafe.Pointer(&buf[offset+unix.SizeofInotifyEvent]))[:nameLen:nameLen]
diff --git a/vendor/github.com/fsnotify/fsnotify/backend_kqueue.go b/vendor/github.com/fsnotify/fsnotify/backend_kqueue.go
index 29087469bf..063a0915a0 100644
--- a/vendor/github.com/fsnotify/fsnotify/backend_kqueue.go
+++ b/vendor/github.com/fsnotify/fsnotify/backend_kqueue.go
@@ -1,12 +1,14 @@
 //go:build freebsd || openbsd || netbsd || dragonfly || darwin
 // +build freebsd openbsd netbsd dragonfly darwin
 
+// Note: the documentation on the Watcher type and methods is generated from
+// mkdoc.zsh
+
 package fsnotify
 
 import (
 	"errors"
 	"fmt"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"sync"
@@ -24,9 +26,9 @@ import (
 // When a file is removed a Remove event won't be emitted until all file
 // descriptors are closed, and deletes will always emit a Chmod. For example:
 //
-//     fp := os.Open("file")
-//     os.Remove("file")        // Triggers Chmod
-//     fp.Close()               // Triggers Remove
+//	fp := os.Open("file")
+//	os.Remove("file")        // Triggers Chmod
+//	fp.Close()               // Triggers Remove
 //
 // This is the event that inotify sends, so not much can be changed about this.
 //
@@ -40,16 +42,16 @@ import (
 //
 // To increase them you can use sysctl or write the value to the /proc file:
 //
-//     # Default values on Linux 5.18
-//     sysctl fs.inotify.max_user_watches=124983
-//     sysctl fs.inotify.max_user_instances=128
+//	# Default values on Linux 5.18
+//	sysctl fs.inotify.max_user_watches=124983
+//	sysctl fs.inotify.max_user_instances=128
 //
 // To make the changes persist on reboot edit /etc/sysctl.conf or
 // /usr/lib/sysctl.d/50-default.conf (details differ per Linux distro; check
 // your distro's documentation):
 //
-//     fs.inotify.max_user_watches=124983
-//     fs.inotify.max_user_instances=128
+//	fs.inotify.max_user_watches=124983
+//	fs.inotify.max_user_instances=128
 //
 // Reaching the limit will result in a "no space left on device" or "too many open
 // files" error.
@@ -65,14 +67,20 @@ import (
 // control the maximum number of open files, as well as /etc/login.conf on BSD
 // systems.
 //
-// # macOS notes
+// # Windows notes
+//
+// Paths can be added as "C:\path\to\dir", but forward slashes
+// ("C:/path/to/dir") will also work.
 //
-// Spotlight indexing on macOS can result in multiple events (see [#15]). A
-// temporary workaround is to add your folder(s) to the "Spotlight Privacy
-// Settings" until we have a native FSEvents implementation (see [#11]).
+// When a watched directory is removed it will always send an event for the
+// directory itself, but may not send events for all files in that directory.
+// Sometimes it will send events for all times, sometimes it will send no
+// events, and often only for some files.
 //
-// [#11]: https://github.com/fsnotify/fsnotify/issues/11
-// [#15]: https://github.com/fsnotify/fsnotify/issues/15
+// The default ReadDirectoryChangesW() buffer size is 64K, which is the largest
+// value that is guaranteed to work with SMB filesystems. If you have many
+// events in quick succession this may not be enough, and you will have to use
+// [WithBufferSize] to increase the value.
 type Watcher struct {
 	// Events sends the filesystem change events.
 	//
@@ -99,18 +107,27 @@ type Watcher struct {
 	//                      initiated by the user may show up as one or multiple
 	//                      writes, depending on when the system syncs things to
 	//                      disk. For example when compiling a large Go program
-	//                      you may get hundreds of Write events, so you
-	//                      probably want to wait until you've stopped receiving
-	//                      them (see the dedup example in cmd/fsnotify).
+	//                      you may get hundreds of Write events, and you may
+	//                      want to wait until you've stopped receiving them
+	//                      (see the dedup example in cmd/fsnotify).
+	//
+	//                      Some systems may send Write event for directories
+	//                      when the directory content changes.
 	//
 	//   fsnotify.Chmod     Attributes were changed. On Linux this is also sent
 	//                      when a file is removed (or more accurately, when a
 	//                      link to an inode is removed). On kqueue it's sent
-	//                      and on kqueue when a file is truncated. On Windows
-	//                      it's never sent.
+	//                      when a file is truncated. On Windows it's never
+	//                      sent.
 	Events chan Event
 
 	// Errors sends any errors.
+	//
+	// ErrEventOverflow is used to indicate there are too many events:
+	//
+	//  - inotify:      There are too many queued events (fs.inotify.max_queued_events sysctl)
+	//  - windows:      The buffer size is too small; WithBufferSize() can be used to increase it.
+	//  - kqueue, fen:  Not used.
 	Errors chan error
 
 	done         chan struct{}
@@ -133,6 +150,18 @@ type pathInfo struct {
 
 // NewWatcher creates a new Watcher.
 func NewWatcher() (*Watcher, error) {
+	return NewBufferedWatcher(0)
+}
+
+// NewBufferedWatcher creates a new Watcher with a buffered Watcher.Events
+// channel.
+//
+// The main use case for this is situations with a very large number of events
+// where the kernel buffer size can't be increased (e.g. due to lack of
+// permissions). An unbuffered Watcher will perform better for almost all use
+// cases, and whenever possible you will be better off increasing the kernel
+// buffers instead of adding a large userspace buffer.
+func NewBufferedWatcher(sz uint) (*Watcher, error) {
 	kq, closepipe, err := newKqueue()
 	if err != nil {
 		return nil, err
@@ -147,7 +176,7 @@ func NewWatcher() (*Watcher, error) {
 		paths:        make(map[int]pathInfo),
 		fileExists:   make(map[string]struct{}),
 		userWatches:  make(map[string]struct{}),
-		Events:       make(chan Event),
+		Events:       make(chan Event, sz),
 		Errors:       make(chan error),
 		done:         make(chan struct{}),
 	}
@@ -197,8 +226,8 @@ func (w *Watcher) sendEvent(e Event) bool {
 	case w.Events <- e:
 		return true
 	case <-w.done:
+		return false
 	}
-	return false
 }
 
 // Returns true if the error was sent, or false if watcher is closed.
@@ -207,11 +236,11 @@ func (w *Watcher) sendError(err error) bool {
 	case w.Errors <- err:
 		return true
 	case <-w.done:
+		return false
 	}
-	return false
 }
 
-// Close removes all watches and closes the events channel.
+// Close removes all watches and closes the Events channel.
 func (w *Watcher) Close() error {
 	w.mu.Lock()
 	if w.isClosed {
@@ -239,17 +268,21 @@ func (w *Watcher) Close() error {
 
 // Add starts monitoring the path for changes.
 //
-// A path can only be watched once; attempting to watch it more than once will
-// return an error. Paths that do not yet exist on the filesystem cannot be
-// added. A watch will be automatically removed if the path is deleted.
+// A path can only be watched once; watching it more than once is a no-op and will
+// not return an error. Paths that do not yet exist on the filesystem cannot be
+// watched.
 //
-// A path will remain watched if it gets renamed to somewhere else on the same
-// filesystem, but the monitor will get removed if the path gets deleted and
-// re-created, or if it's moved to a different filesystem.
+// A watch will be automatically removed if the watched path is deleted or
+// renamed. The exception is the Windows backend, which doesn't remove the
+// watcher on renames.
 //
 // Notifications on network filesystems (NFS, SMB, FUSE, etc.) or special
 // filesystems (/proc, /sys, etc.) generally don't work.
 //
+// Returns [ErrClosed] if [Watcher.Close] was called.
+//
+// See [Watcher.AddWith] for a version that allows adding options.
+//
 // # Watching directories
 //
 // All files in a directory are monitored, including new files that are created
@@ -259,15 +292,28 @@ func (w *Watcher) Close() error {
 // # Watching files
 //
 // Watching individual files (rather than directories) is generally not
-// recommended as many tools update files atomically. Instead of "just" writing
-// to the file a temporary file will be written to first, and if successful the
-// temporary file is moved to to destination removing the original, or some
-// variant thereof. The watcher on the original file is now lost, as it no
-// longer exists.
-//
-// Instead, watch the parent directory and use Event.Name to filter out files
-// you're not interested in. There is an example of this in [cmd/fsnotify/file.go].
-func (w *Watcher) Add(name string) error {
+// recommended as many programs (especially editors) update files atomically: it
+// will write to a temporary file which is then moved to to destination,
+// overwriting the original (or some variant thereof). The watcher on the
+// original file is now lost, as that no longer exists.
+//
+// The upshot of this is that a power failure or crash won't leave a
+// half-written file.
+//
+// Watch the parent directory and use Event.Name to filter out files you're not
+// interested in. There is an example of this in cmd/fsnotify/file.go.
+func (w *Watcher) Add(name string) error { return w.AddWith(name) }
+
+// AddWith is like [Watcher.Add], but allows adding options. When using Add()
+// the defaults described below are used.
+//
+// Possible options are:
+//
+//   - [WithBufferSize] sets the buffer size for the Windows backend; no-op on
+//     other platforms. The default is 64K (65536 bytes).
+func (w *Watcher) AddWith(name string, opts ...addOpt) error {
+	_ = getOptions(opts...)
+
 	w.mu.Lock()
 	w.userWatches[name] = struct{}{}
 	w.mu.Unlock()
@@ -281,9 +327,19 @@ func (w *Watcher) Add(name string) error {
 // /tmp/dir and /tmp/dir/subdir then you will need to remove both.
 //
 // Removing a path that has not yet been added returns [ErrNonExistentWatch].
+//
+// Returns nil if [Watcher.Close] was called.
 func (w *Watcher) Remove(name string) error {
+	return w.remove(name, true)
+}
+
+func (w *Watcher) remove(name string, unwatchFiles bool) error {
 	name = filepath.Clean(name)
 	w.mu.Lock()
+	if w.isClosed {
+		w.mu.Unlock()
+		return nil
+	}
 	watchfd, ok := w.watches[name]
 	w.mu.Unlock()
 	if !ok {
@@ -315,7 +371,7 @@ func (w *Watcher) Remove(name string) error {
 	w.mu.Unlock()
 
 	// Find all watched paths that are in this directory that are not external.
-	if isDir {
+	if unwatchFiles && isDir {
 		var pathsToRemove []string
 		w.mu.Lock()
 		for fd := range w.watchesByDir[name] {
@@ -326,20 +382,25 @@ func (w *Watcher) Remove(name string) error {
 		}
 		w.mu.Unlock()
 		for _, name := range pathsToRemove {
-			// Since these are internal, not much sense in propagating error
-			// to the user, as that will just confuse them with an error about
-			// a path they did not explicitly watch themselves.
+			// Since these are internal, not much sense in propagating error to
+			// the user, as that will just confuse them with an error about a
+			// path they did not explicitly watch themselves.
 			w.Remove(name)
 		}
 	}
-
 	return nil
 }
 
-// WatchList returns all paths added with [Add] (and are not yet removed).
+// WatchList returns all paths explicitly added with [Watcher.Add] (and are not
+// yet removed).
+//
+// Returns nil if [Watcher.Close] was called.
 func (w *Watcher) WatchList() []string {
 	w.mu.Lock()
 	defer w.mu.Unlock()
+	if w.isClosed {
+		return nil
+	}
 
 	entries := make([]string, 0, len(w.userWatches))
 	for pathname := range w.userWatches {
@@ -352,18 +413,18 @@ func (w *Watcher) WatchList() []string {
 // Watch all events (except NOTE_EXTEND, NOTE_LINK, NOTE_REVOKE)
 const noteAllEvents = unix.NOTE_DELETE | unix.NOTE_WRITE | unix.NOTE_ATTRIB | unix.NOTE_RENAME
 
-// addWatch adds name to the watched file set.
-// The flags are interpreted as described in kevent(2).
-// Returns the real path to the file which was added, if any, which may be different from the one passed in the case of symlinks.
+// addWatch adds name to the watched file set; the flags are interpreted as
+// described in kevent(2).
+//
+// Returns the real path to the file which was added, with symlinks resolved.
 func (w *Watcher) addWatch(name string, flags uint32) (string, error) {
 	var isDir bool
-	// Make ./name and name equivalent
 	name = filepath.Clean(name)
 
 	w.mu.Lock()
 	if w.isClosed {
 		w.mu.Unlock()
-		return "", errors.New("kevent instance already closed")
+		return "", ErrClosed
 	}
 	watchfd, alreadyWatching := w.watches[name]
 	// We already have a watch, but we can still override flags.
@@ -383,27 +444,30 @@ func (w *Watcher) addWatch(name string, flags uint32) (string, error) {
 			return "", nil
 		}
 
-		// Follow Symlinks
-		//
-		// Linux can add unresolvable symlinks to the watch list without issue,
-		// and Windows can't do symlinks period. To maintain consistency, we
-		// will act like everything is fine if the link can't be resolved.
-		// There will simply be no file events for broken symlinks. Hence the
-		// returns of nil on errors.
+		// Follow Symlinks.
 		if fi.Mode()&os.ModeSymlink == os.ModeSymlink {
-			name, err = filepath.EvalSymlinks(name)
+			link, err := os.Readlink(name)
 			if err != nil {
+				// Return nil because Linux can add unresolvable symlinks to the
+				// watch list without problems, so maintain consistency with
+				// that. There will be no file events for broken symlinks.
+				// TODO: more specific check; returns os.PathError; ENOENT?
 				return "", nil
 			}
 
 			w.mu.Lock()
-			_, alreadyWatching = w.watches[name]
+			_, alreadyWatching = w.watches[link]
 			w.mu.Unlock()
 
 			if alreadyWatching {
-				return name, nil
+				// Add to watches so we don't get spurious Create events later
+				// on when we diff the directories.
+				w.watches[name] = 0
+				w.fileExists[name] = struct{}{}
+				return link, nil
 			}
 
+			name = link
 			fi, err = os.Lstat(name)
 			if err != nil {
 				return "", nil
@@ -411,7 +475,7 @@ func (w *Watcher) addWatch(name string, flags uint32) (string, error) {
 		}
 
 		// Retry on EINTR; open() can return EINTR in practice on macOS.
-		// See #354, and go issues 11180 and 39237.
+		// See #354, and Go issues 11180 and 39237.
 		for {
 			watchfd, err = unix.Open(name, openMode, 0)
 			if err == nil {
@@ -444,14 +508,13 @@ func (w *Watcher) addWatch(name string, flags uint32) (string, error) {
 			w.watchesByDir[parentName] = watchesByDir
 		}
 		watchesByDir[watchfd] = struct{}{}
-
 		w.paths[watchfd] = pathInfo{name: name, isDir: isDir}
 		w.mu.Unlock()
 	}
 
 	if isDir {
-		// Watch the directory if it has not been watched before,
-		// or if it was watched before, but perhaps only a NOTE_DELETE (watchDirectoryFiles)
+		// Watch the directory if it has not been watched before, or if it was
+		// watched before, but perhaps only a NOTE_DELETE (watchDirectoryFiles)
 		w.mu.Lock()
 
 		watchDir := (flags&unix.NOTE_WRITE) == unix.NOTE_WRITE &&
@@ -473,13 +536,10 @@ func (w *Watcher) addWatch(name string, flags uint32) (string, error) {
 // Event values that it sends down the Events channel.
 func (w *Watcher) readEvents() {
 	defer func() {
-		err := unix.Close(w.kq)
-		if err != nil {
-			w.Errors <- err
-		}
-		unix.Close(w.closepipe[0])
 		close(w.Events)
 		close(w.Errors)
+		_ = unix.Close(w.kq)
+		unix.Close(w.closepipe[0])
 	}()
 
 	eventBuffer := make([]unix.Kevent_t, 10)
@@ -513,18 +573,8 @@ func (w *Watcher) readEvents() {
 
 			event := w.newEvent(path.name, mask)
 
-			if path.isDir && !event.Has(Remove) {
-				// Double check to make sure the directory exists. This can
-				// happen when we do a rm -fr on a recursively watched folders
-				// and we receive a modification event first but the folder has
-				// been deleted and later receive the delete event.
-				if _, err := os.Lstat(event.Name); os.IsNotExist(err) {
-					event.Op |= Remove
-				}
-			}
-
 			if event.Has(Rename) || event.Has(Remove) {
-				w.Remove(event.Name)
+				w.remove(event.Name, false)
 				w.mu.Lock()
 				delete(w.fileExists, event.Name)
 				w.mu.Unlock()
@@ -540,26 +590,30 @@ func (w *Watcher) readEvents() {
 			}
 
 			if event.Has(Remove) {
-				// Look for a file that may have overwritten this.
-				// For example, mv f1 f2 will delete f2, then create f2.
+				// Look for a file that may have overwritten this; for example,
+				// mv f1 f2 will delete f2, then create f2.
 				if path.isDir {
 					fileDir := filepath.Clean(event.Name)
 					w.mu.Lock()
 					_, found := w.watches[fileDir]
 					w.mu.Unlock()
 					if found {
-						// make sure the directory exists before we watch for changes. When we
-						// do a recursive watch and perform rm -fr, the parent directory might
-						// have gone missing, ignore the missing directory and let the
-						// upcoming delete event remove the watch from the parent directory.
-						if _, err := os.Lstat(fileDir); err == nil {
-							w.sendDirectoryChangeEvents(fileDir)
+						err := w.sendDirectoryChangeEvents(fileDir)
+						if err != nil {
+							if !w.sendError(err) {
+								closed = true
+							}
 						}
 					}
 				} else {
 					filePath := filepath.Clean(event.Name)
-					if fileInfo, err := os.Lstat(filePath); err == nil {
-						w.sendFileCreatedEventIfNew(filePath, fileInfo)
+					if fi, err := os.Lstat(filePath); err == nil {
+						err := w.sendFileCreatedEventIfNew(filePath, fi)
+						if err != nil {
+							if !w.sendError(err) {
+								closed = true
+							}
+						}
 					}
 				}
 			}
@@ -582,21 +636,31 @@ func (w *Watcher) newEvent(name string, mask uint32) Event {
 	if mask&unix.NOTE_ATTRIB == unix.NOTE_ATTRIB {
 		e.Op |= Chmod
 	}
+	// No point sending a write and delete event at the same time: if it's gone,
+	// then it's gone.
+	if e.Op.Has(Write) && e.Op.Has(Remove) {
+		e.Op &^= Write
+	}
 	return e
 }
 
 // watchDirectoryFiles to mimic inotify when adding a watch on a directory
 func (w *Watcher) watchDirectoryFiles(dirPath string) error {
 	// Get all files
-	files, err := ioutil.ReadDir(dirPath)
+	files, err := os.ReadDir(dirPath)
 	if err != nil {
 		return err
 	}
 
-	for _, fileInfo := range files {
-		path := filepath.Join(dirPath, fileInfo.Name())
+	for _, f := range files {
+		path := filepath.Join(dirPath, f.Name())
+
+		fi, err := f.Info()
+		if err != nil {
+			return fmt.Errorf("%q: %w", path, err)
+		}
 
-		cleanPath, err := w.internalWatch(path, fileInfo)
+		cleanPath, err := w.internalWatch(path, fi)
 		if err != nil {
 			// No permission to read the file; that's not a problem: just skip.
 			// But do add it to w.fileExists to prevent it from being picked up
@@ -606,7 +670,7 @@ func (w *Watcher) watchDirectoryFiles(dirPath string) error {
 			case errors.Is(err, unix.EACCES) || errors.Is(err, unix.EPERM):
 				cleanPath = filepath.Clean(path)
 			default:
-				return fmt.Errorf("%q: %w", filepath.Join(dirPath, fileInfo.Name()), err)
+				return fmt.Errorf("%q: %w", path, err)
 			}
 		}
 
@@ -622,26 +686,37 @@ func (w *Watcher) watchDirectoryFiles(dirPath string) error {
 //
 // This functionality is to have the BSD watcher match the inotify, which sends
 // a create event for files created in a watched directory.
-func (w *Watcher) sendDirectoryChangeEvents(dir string) {
-	// Get all files
-	files, err := ioutil.ReadDir(dir)
+func (w *Watcher) sendDirectoryChangeEvents(dir string) error {
+	files, err := os.ReadDir(dir)
 	if err != nil {
-		if !w.sendError(fmt.Errorf("fsnotify.sendDirectoryChangeEvents: %w", err)) {
-			return
+		// Directory no longer exists: we can ignore this safely. kqueue will
+		// still give us the correct events.
+		if errors.Is(err, os.ErrNotExist) {
+			return nil
 		}
+		return fmt.Errorf("fsnotify.sendDirectoryChangeEvents: %w", err)
 	}
 
-	// Search for new files
-	for _, fi := range files {
-		err := w.sendFileCreatedEventIfNew(filepath.Join(dir, fi.Name()), fi)
+	for _, f := range files {
+		fi, err := f.Info()
 		if err != nil {
-			return
+			return fmt.Errorf("fsnotify.sendDirectoryChangeEvents: %w", err)
+		}
+
+		err = w.sendFileCreatedEventIfNew(filepath.Join(dir, fi.Name()), fi)
+		if err != nil {
+			// Don't need to send an error if this file isn't readable.
+			if errors.Is(err, unix.EACCES) || errors.Is(err, unix.EPERM) {
+				return nil
+			}
+			return fmt.Errorf("fsnotify.sendDirectoryChangeEvents: %w", err)
 		}
 	}
+	return nil
 }
 
 // sendFileCreatedEvent sends a create event if the file isn't already being tracked.
-func (w *Watcher) sendFileCreatedEventIfNew(filePath string, fileInfo os.FileInfo) (err error) {
+func (w *Watcher) sendFileCreatedEventIfNew(filePath string, fi os.FileInfo) (err error) {
 	w.mu.Lock()
 	_, doesExist := w.fileExists[filePath]
 	w.mu.Unlock()
@@ -652,7 +727,7 @@ func (w *Watcher) sendFileCreatedEventIfNew(filePath string, fileInfo os.FileInf
 	}
 
 	// like watchDirectoryFiles (but without doing another ReadDir)
-	filePath, err = w.internalWatch(filePath, fileInfo)
+	filePath, err = w.internalWatch(filePath, fi)
 	if err != nil {
 		return err
 	}
@@ -664,10 +739,10 @@ func (w *Watcher) sendFileCreatedEventIfNew(filePath string, fileInfo os.FileInf
 	return nil
 }
 
-func (w *Watcher) internalWatch(name string, fileInfo os.FileInfo) (string, error) {
-	if fileInfo.IsDir() {
-		// mimic Linux providing delete events for subdirectories
-		// but preserve the flags used if currently watching subdirectory
+func (w *Watcher) internalWatch(name string, fi os.FileInfo) (string, error) {
+	if fi.IsDir() {
+		// mimic Linux providing delete events for subdirectories, but preserve
+		// the flags used if currently watching subdirectory
 		w.mu.Lock()
 		flags := w.dirFlags[name]
 		w.mu.Unlock()
diff --git a/vendor/github.com/fsnotify/fsnotify/backend_other.go b/vendor/github.com/fsnotify/fsnotify/backend_other.go
index a9bb1c3c4d..d34a23c015 100644
--- a/vendor/github.com/fsnotify/fsnotify/backend_other.go
+++ b/vendor/github.com/fsnotify/fsnotify/backend_other.go
@@ -1,39 +1,169 @@
-//go:build !darwin && !dragonfly && !freebsd && !openbsd && !linux && !netbsd && !solaris && !windows
-// +build !darwin,!dragonfly,!freebsd,!openbsd,!linux,!netbsd,!solaris,!windows
+//go:build appengine || (!darwin && !dragonfly && !freebsd && !openbsd && !linux && !netbsd && !solaris && !windows)
+// +build appengine !darwin,!dragonfly,!freebsd,!openbsd,!linux,!netbsd,!solaris,!windows
+
+// Note: the documentation on the Watcher type and methods is generated from
+// mkdoc.zsh
 
 package fsnotify
 
-import (
-	"fmt"
-	"runtime"
-)
+import "errors"
 
-// Watcher watches a set of files, delivering events to a channel.
-type Watcher struct{}
+// Watcher watches a set of paths, delivering events on a channel.
+//
+// A watcher should not be copied (e.g. pass it by pointer, rather than by
+// value).
+//
+// # Linux notes
+//
+// When a file is removed a Remove event won't be emitted until all file
+// descriptors are closed, and deletes will always emit a Chmod. For example:
+//
+//	fp := os.Open("file")
+//	os.Remove("file")        // Triggers Chmod
+//	fp.Close()               // Triggers Remove
+//
+// This is the event that inotify sends, so not much can be changed about this.
+//
+// The fs.inotify.max_user_watches sysctl variable specifies the upper limit
+// for the number of watches per user, and fs.inotify.max_user_instances
+// specifies the maximum number of inotify instances per user. Every Watcher you
+// create is an "instance", and every path you add is a "watch".
+//
+// These are also exposed in /proc as /proc/sys/fs/inotify/max_user_watches and
+// /proc/sys/fs/inotify/max_user_instances
+//
+// To increase them you can use sysctl or write the value to the /proc file:
+//
+//	# Default values on Linux 5.18
+//	sysctl fs.inotify.max_user_watches=124983
+//	sysctl fs.inotify.max_user_instances=128
+//
+// To make the changes persist on reboot edit /etc/sysctl.conf or
+// /usr/lib/sysctl.d/50-default.conf (details differ per Linux distro; check
+// your distro's documentation):
+//
+//	fs.inotify.max_user_watches=124983
+//	fs.inotify.max_user_instances=128
+//
+// Reaching the limit will result in a "no space left on device" or "too many open
+// files" error.
+//
+// # kqueue notes (macOS, BSD)
+//
+// kqueue requires opening a file descriptor for every file that's being watched;
+// so if you're watching a directory with five files then that's six file
+// descriptors. You will run in to your system's "max open files" limit faster on
+// these platforms.
+//
+// The sysctl variables kern.maxfiles and kern.maxfilesperproc can be used to
+// control the maximum number of open files, as well as /etc/login.conf on BSD
+// systems.
+//
+// # Windows notes
+//
+// Paths can be added as "C:\path\to\dir", but forward slashes
+// ("C:/path/to/dir") will also work.
+//
+// When a watched directory is removed it will always send an event for the
+// directory itself, but may not send events for all files in that directory.
+// Sometimes it will send events for all times, sometimes it will send no
+// events, and often only for some files.
+//
+// The default ReadDirectoryChangesW() buffer size is 64K, which is the largest
+// value that is guaranteed to work with SMB filesystems. If you have many
+// events in quick succession this may not be enough, and you will have to use
+// [WithBufferSize] to increase the value.
+type Watcher struct {
+	// Events sends the filesystem change events.
+	//
+	// fsnotify can send the following events; a "path" here can refer to a
+	// file, directory, symbolic link, or special file like a FIFO.
+	//
+	//   fsnotify.Create    A new path was created; this may be followed by one
+	//                      or more Write events if data also gets written to a
+	//                      file.
+	//
+	//   fsnotify.Remove    A path was removed.
+	//
+	//   fsnotify.Rename    A path was renamed. A rename is always sent with the
+	//                      old path as Event.Name, and a Create event will be
+	//                      sent with the new name. Renames are only sent for
+	//                      paths that are currently watched; e.g. moving an
+	//                      unmonitored file into a monitored directory will
+	//                      show up as just a Create. Similarly, renaming a file
+	//                      to outside a monitored directory will show up as
+	//                      only a Rename.
+	//
+	//   fsnotify.Write     A file or named pipe was written to. A Truncate will
+	//                      also trigger a Write. A single "write action"
+	//                      initiated by the user may show up as one or multiple
+	//                      writes, depending on when the system syncs things to
+	//                      disk. For example when compiling a large Go program
+	//                      you may get hundreds of Write events, and you may
+	//                      want to wait until you've stopped receiving them
+	//                      (see the dedup example in cmd/fsnotify).
+	//
+	//                      Some systems may send Write event for directories
+	//                      when the directory content changes.
+	//
+	//   fsnotify.Chmod     Attributes were changed. On Linux this is also sent
+	//                      when a file is removed (or more accurately, when a
+	//                      link to an inode is removed). On kqueue it's sent
+	//                      when a file is truncated. On Windows it's never
+	//                      sent.
+	Events chan Event
+
+	// Errors sends any errors.
+	//
+	// ErrEventOverflow is used to indicate there are too many events:
+	//
+	//  - inotify:      There are too many queued events (fs.inotify.max_queued_events sysctl)
+	//  - windows:      The buffer size is too small; WithBufferSize() can be used to increase it.
+	//  - kqueue, fen:  Not used.
+	Errors chan error
+}
 
 // NewWatcher creates a new Watcher.
 func NewWatcher() (*Watcher, error) {
-	return nil, fmt.Errorf("fsnotify not supported on %s", runtime.GOOS)
+	return nil, errors.New("fsnotify not supported on the current platform")
 }
 
-// Close removes all watches and closes the events channel.
-func (w *Watcher) Close() error {
-	return nil
-}
+// NewBufferedWatcher creates a new Watcher with a buffered Watcher.Events
+// channel.
+//
+// The main use case for this is situations with a very large number of events
+// where the kernel buffer size can't be increased (e.g. due to lack of
+// permissions). An unbuffered Watcher will perform better for almost all use
+// cases, and whenever possible you will be better off increasing the kernel
+// buffers instead of adding a large userspace buffer.
+func NewBufferedWatcher(sz uint) (*Watcher, error) { return NewWatcher() }
+
+// Close removes all watches and closes the Events channel.
+func (w *Watcher) Close() error { return nil }
+
+// WatchList returns all paths explicitly added with [Watcher.Add] (and are not
+// yet removed).
+//
+// Returns nil if [Watcher.Close] was called.
+func (w *Watcher) WatchList() []string { return nil }
 
 // Add starts monitoring the path for changes.
 //
-// A path can only be watched once; attempting to watch it more than once will
-// return an error. Paths that do not yet exist on the filesystem cannot be
-// added. A watch will be automatically removed if the path is deleted.
+// A path can only be watched once; watching it more than once is a no-op and will
+// not return an error. Paths that do not yet exist on the filesystem cannot be
+// watched.
 //
-// A path will remain watched if it gets renamed to somewhere else on the same
-// filesystem, but the monitor will get removed if the path gets deleted and
-// re-created, or if it's moved to a different filesystem.
+// A watch will be automatically removed if the watched path is deleted or
+// renamed. The exception is the Windows backend, which doesn't remove the
+// watcher on renames.
 //
 // Notifications on network filesystems (NFS, SMB, FUSE, etc.) or special
 // filesystems (/proc, /sys, etc.) generally don't work.
 //
+// Returns [ErrClosed] if [Watcher.Close] was called.
+//
+// See [Watcher.AddWith] for a version that allows adding options.
+//
 // # Watching directories
 //
 // All files in a directory are monitored, including new files that are created
@@ -43,17 +173,26 @@ func (w *Watcher) Close() error {
 // # Watching files
 //
 // Watching individual files (rather than directories) is generally not
-// recommended as many tools update files atomically. Instead of "just" writing
-// to the file a temporary file will be written to first, and if successful the
-// temporary file is moved to to destination removing the original, or some
-// variant thereof. The watcher on the original file is now lost, as it no
-// longer exists.
-//
-// Instead, watch the parent directory and use Event.Name to filter out files
-// you're not interested in. There is an example of this in [cmd/fsnotify/file.go].
-func (w *Watcher) Add(name string) error {
-	return nil
-}
+// recommended as many programs (especially editors) update files atomically: it
+// will write to a temporary file which is then moved to to destination,
+// overwriting the original (or some variant thereof). The watcher on the
+// original file is now lost, as that no longer exists.
+//
+// The upshot of this is that a power failure or crash won't leave a
+// half-written file.
+//
+// Watch the parent directory and use Event.Name to filter out files you're not
+// interested in. There is an example of this in cmd/fsnotify/file.go.
+func (w *Watcher) Add(name string) error { return nil }
+
+// AddWith is like [Watcher.Add], but allows adding options. When using Add()
+// the defaults described below are used.
+//
+// Possible options are:
+//
+//   - [WithBufferSize] sets the buffer size for the Windows backend; no-op on
+//     other platforms. The default is 64K (65536 bytes).
+func (w *Watcher) AddWith(name string, opts ...addOpt) error { return nil }
 
 // Remove stops monitoring the path for changes.
 //
@@ -61,6 +200,6 @@ func (w *Watcher) Add(name string) error {
 // /tmp/dir and /tmp/dir/subdir then you will need to remove both.
 //
 // Removing a path that has not yet been added returns [ErrNonExistentWatch].
-func (w *Watcher) Remove(name string) error {
-	return nil
-}
+//
+// Returns nil if [Watcher.Close] was called.
+func (w *Watcher) Remove(name string) error { return nil }
diff --git a/vendor/github.com/fsnotify/fsnotify/backend_windows.go b/vendor/github.com/fsnotify/fsnotify/backend_windows.go
index ae392867c0..9bc91e5d61 100644
--- a/vendor/github.com/fsnotify/fsnotify/backend_windows.go
+++ b/vendor/github.com/fsnotify/fsnotify/backend_windows.go
@@ -1,6 +1,13 @@
 //go:build windows
 // +build windows
 
+// Windows backend based on ReadDirectoryChangesW()
+//
+// https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-readdirectorychangesw
+//
+// Note: the documentation on the Watcher type and methods is generated from
+// mkdoc.zsh
+
 package fsnotify
 
 import (
@@ -27,9 +34,9 @@ import (
 // When a file is removed a Remove event won't be emitted until all file
 // descriptors are closed, and deletes will always emit a Chmod. For example:
 //
-//     fp := os.Open("file")
-//     os.Remove("file")        // Triggers Chmod
-//     fp.Close()               // Triggers Remove
+//	fp := os.Open("file")
+//	os.Remove("file")        // Triggers Chmod
+//	fp.Close()               // Triggers Remove
 //
 // This is the event that inotify sends, so not much can be changed about this.
 //
@@ -43,16 +50,16 @@ import (
 //
 // To increase them you can use sysctl or write the value to the /proc file:
 //
-//     # Default values on Linux 5.18
-//     sysctl fs.inotify.max_user_watches=124983
-//     sysctl fs.inotify.max_user_instances=128
+//	# Default values on Linux 5.18
+//	sysctl fs.inotify.max_user_watches=124983
+//	sysctl fs.inotify.max_user_instances=128
 //
 // To make the changes persist on reboot edit /etc/sysctl.conf or
 // /usr/lib/sysctl.d/50-default.conf (details differ per Linux distro; check
 // your distro's documentation):
 //
-//     fs.inotify.max_user_watches=124983
-//     fs.inotify.max_user_instances=128
+//	fs.inotify.max_user_watches=124983
+//	fs.inotify.max_user_instances=128
 //
 // Reaching the limit will result in a "no space left on device" or "too many open
 // files" error.
@@ -68,14 +75,20 @@ import (
 // control the maximum number of open files, as well as /etc/login.conf on BSD
 // systems.
 //
-// # macOS notes
+// # Windows notes
 //
-// Spotlight indexing on macOS can result in multiple events (see [#15]). A
-// temporary workaround is to add your folder(s) to the "Spotlight Privacy
-// Settings" until we have a native FSEvents implementation (see [#11]).
+// Paths can be added as "C:\path\to\dir", but forward slashes
+// ("C:/path/to/dir") will also work.
 //
-// [#11]: https://github.com/fsnotify/fsnotify/issues/11
-// [#15]: https://github.com/fsnotify/fsnotify/issues/15
+// When a watched directory is removed it will always send an event for the
+// directory itself, but may not send events for all files in that directory.
+// Sometimes it will send events for all times, sometimes it will send no
+// events, and often only for some files.
+//
+// The default ReadDirectoryChangesW() buffer size is 64K, which is the largest
+// value that is guaranteed to work with SMB filesystems. If you have many
+// events in quick succession this may not be enough, and you will have to use
+// [WithBufferSize] to increase the value.
 type Watcher struct {
 	// Events sends the filesystem change events.
 	//
@@ -102,31 +115,52 @@ type Watcher struct {
 	//                      initiated by the user may show up as one or multiple
 	//                      writes, depending on when the system syncs things to
 	//                      disk. For example when compiling a large Go program
-	//                      you may get hundreds of Write events, so you
-	//                      probably want to wait until you've stopped receiving
-	//                      them (see the dedup example in cmd/fsnotify).
+	//                      you may get hundreds of Write events, and you may
+	//                      want to wait until you've stopped receiving them
+	//                      (see the dedup example in cmd/fsnotify).
+	//
+	//                      Some systems may send Write event for directories
+	//                      when the directory content changes.
 	//
 	//   fsnotify.Chmod     Attributes were changed. On Linux this is also sent
 	//                      when a file is removed (or more accurately, when a
 	//                      link to an inode is removed). On kqueue it's sent
-	//                      and on kqueue when a file is truncated. On Windows
-	//                      it's never sent.
+	//                      when a file is truncated. On Windows it's never
+	//                      sent.
 	Events chan Event
 
 	// Errors sends any errors.
+	//
+	// ErrEventOverflow is used to indicate there are too many events:
+	//
+	//  - inotify:      There are too many queued events (fs.inotify.max_queued_events sysctl)
+	//  - windows:      The buffer size is too small; WithBufferSize() can be used to increase it.
+	//  - kqueue, fen:  Not used.
 	Errors chan error
 
 	port  windows.Handle // Handle to completion port
 	input chan *input    // Inputs to the reader are sent on this channel
 	quit  chan chan<- error
 
-	mu       sync.Mutex // Protects access to watches, isClosed
-	watches  watchMap   // Map of watches (key: i-number)
-	isClosed bool       // Set to true when Close() is first called
+	mu      sync.Mutex // Protects access to watches, closed
+	watches watchMap   // Map of watches (key: i-number)
+	closed  bool       // Set to true when Close() is first called
 }
 
 // NewWatcher creates a new Watcher.
 func NewWatcher() (*Watcher, error) {
+	return NewBufferedWatcher(50)
+}
+
+// NewBufferedWatcher creates a new Watcher with a buffered Watcher.Events
+// channel.
+//
+// The main use case for this is situations with a very large number of events
+// where the kernel buffer size can't be increased (e.g. due to lack of
+// permissions). An unbuffered Watcher will perform better for almost all use
+// cases, and whenever possible you will be better off increasing the kernel
+// buffers instead of adding a large userspace buffer.
+func NewBufferedWatcher(sz uint) (*Watcher, error) {
 	port, err := windows.CreateIoCompletionPort(windows.InvalidHandle, 0, 0, 0)
 	if err != nil {
 		return nil, os.NewSyscallError("CreateIoCompletionPort", err)
@@ -135,7 +169,7 @@ func NewWatcher() (*Watcher, error) {
 		port:    port,
 		watches: make(watchMap),
 		input:   make(chan *input, 1),
-		Events:  make(chan Event, 50),
+		Events:  make(chan Event, sz),
 		Errors:  make(chan error),
 		quit:    make(chan chan<- error, 1),
 	}
@@ -143,6 +177,12 @@ func NewWatcher() (*Watcher, error) {
 	return w, nil
 }
 
+func (w *Watcher) isClosed() bool {
+	w.mu.Lock()
+	defer w.mu.Unlock()
+	return w.closed
+}
+
 func (w *Watcher) sendEvent(name string, mask uint64) bool {
 	if mask == 0 {
 		return false
@@ -167,14 +207,14 @@ func (w *Watcher) sendError(err error) bool {
 	return false
 }
 
-// Close removes all watches and closes the events channel.
+// Close removes all watches and closes the Events channel.
 func (w *Watcher) Close() error {
-	w.mu.Lock()
-	if w.isClosed {
-		w.mu.Unlock()
+	if w.isClosed() {
 		return nil
 	}
-	w.isClosed = true
+
+	w.mu.Lock()
+	w.closed = true
 	w.mu.Unlock()
 
 	// Send "quit" message to the reader goroutine
@@ -188,17 +228,21 @@ func (w *Watcher) Close() error {
 
 // Add starts monitoring the path for changes.
 //
-// A path can only be watched once; attempting to watch it more than once will
-// return an error. Paths that do not yet exist on the filesystem cannot be
-// added. A watch will be automatically removed if the path is deleted.
+// A path can only be watched once; watching it more than once is a no-op and will
+// not return an error. Paths that do not yet exist on the filesystem cannot be
+// watched.
 //
-// A path will remain watched if it gets renamed to somewhere else on the same
-// filesystem, but the monitor will get removed if the path gets deleted and
-// re-created, or if it's moved to a different filesystem.
+// A watch will be automatically removed if the watched path is deleted or
+// renamed. The exception is the Windows backend, which doesn't remove the
+// watcher on renames.
 //
 // Notifications on network filesystems (NFS, SMB, FUSE, etc.) or special
 // filesystems (/proc, /sys, etc.) generally don't work.
 //
+// Returns [ErrClosed] if [Watcher.Close] was called.
+//
+// See [Watcher.AddWith] for a version that allows adding options.
+//
 // # Watching directories
 //
 // All files in a directory are monitored, including new files that are created
@@ -208,27 +252,41 @@ func (w *Watcher) Close() error {
 // # Watching files
 //
 // Watching individual files (rather than directories) is generally not
-// recommended as many tools update files atomically. Instead of "just" writing
-// to the file a temporary file will be written to first, and if successful the
-// temporary file is moved to to destination removing the original, or some
-// variant thereof. The watcher on the original file is now lost, as it no
-// longer exists.
-//
-// Instead, watch the parent directory and use Event.Name to filter out files
-// you're not interested in. There is an example of this in [cmd/fsnotify/file.go].
-func (w *Watcher) Add(name string) error {
-	w.mu.Lock()
-	if w.isClosed {
-		w.mu.Unlock()
-		return errors.New("watcher already closed")
+// recommended as many programs (especially editors) update files atomically: it
+// will write to a temporary file which is then moved to to destination,
+// overwriting the original (or some variant thereof). The watcher on the
+// original file is now lost, as that no longer exists.
+//
+// The upshot of this is that a power failure or crash won't leave a
+// half-written file.
+//
+// Watch the parent directory and use Event.Name to filter out files you're not
+// interested in. There is an example of this in cmd/fsnotify/file.go.
+func (w *Watcher) Add(name string) error { return w.AddWith(name) }
+
+// AddWith is like [Watcher.Add], but allows adding options. When using Add()
+// the defaults described below are used.
+//
+// Possible options are:
+//
+//   - [WithBufferSize] sets the buffer size for the Windows backend; no-op on
+//     other platforms. The default is 64K (65536 bytes).
+func (w *Watcher) AddWith(name string, opts ...addOpt) error {
+	if w.isClosed() {
+		return ErrClosed
+	}
+
+	with := getOptions(opts...)
+	if with.bufsize < 4096 {
+		return fmt.Errorf("fsnotify.WithBufferSize: buffer size cannot be smaller than 4096 bytes")
 	}
-	w.mu.Unlock()
 
 	in := &input{
-		op:    opAddWatch,
-		path:  filepath.Clean(name),
-		flags: sysFSALLEVENTS,
-		reply: make(chan error),
+		op:      opAddWatch,
+		path:    filepath.Clean(name),
+		flags:   sysFSALLEVENTS,
+		reply:   make(chan error),
+		bufsize: with.bufsize,
 	}
 	w.input <- in
 	if err := w.wakeupReader(); err != nil {
@@ -243,7 +301,13 @@ func (w *Watcher) Add(name string) error {
 // /tmp/dir and /tmp/dir/subdir then you will need to remove both.
 //
 // Removing a path that has not yet been added returns [ErrNonExistentWatch].
+//
+// Returns nil if [Watcher.Close] was called.
 func (w *Watcher) Remove(name string) error {
+	if w.isClosed() {
+		return nil
+	}
+
 	in := &input{
 		op:    opRemoveWatch,
 		path:  filepath.Clean(name),
@@ -256,8 +320,15 @@ func (w *Watcher) Remove(name string) error {
 	return <-in.reply
 }
 
-// WatchList returns all paths added with [Add] (and are not yet removed).
+// WatchList returns all paths explicitly added with [Watcher.Add] (and are not
+// yet removed).
+//
+// Returns nil if [Watcher.Close] was called.
 func (w *Watcher) WatchList() []string {
+	if w.isClosed() {
+		return nil
+	}
+
 	w.mu.Lock()
 	defer w.mu.Unlock()
 
@@ -279,7 +350,6 @@ func (w *Watcher) WatchList() []string {
 // This should all be removed at some point, and just use windows.FILE_NOTIFY_*
 const (
 	sysFSALLEVENTS  = 0xfff
-	sysFSATTRIB     = 0x4
 	sysFSCREATE     = 0x100
 	sysFSDELETE     = 0x200
 	sysFSDELETESELF = 0x400
@@ -305,9 +375,6 @@ func (w *Watcher) newEvent(name string, mask uint32) Event {
 	if mask&sysFSMOVE == sysFSMOVE || mask&sysFSMOVESELF == sysFSMOVESELF || mask&sysFSMOVEDFROM == sysFSMOVEDFROM {
 		e.Op |= Rename
 	}
-	if mask&sysFSATTRIB == sysFSATTRIB {
-		e.Op |= Chmod
-	}
 	return e
 }
 
@@ -321,10 +388,11 @@ const (
 )
 
 type input struct {
-	op    int
-	path  string
-	flags uint32
-	reply chan error
+	op      int
+	path    string
+	flags   uint32
+	bufsize int
+	reply   chan error
 }
 
 type inode struct {
@@ -334,13 +402,14 @@ type inode struct {
 }
 
 type watch struct {
-	ov     windows.Overlapped
-	ino    *inode            // i-number
-	path   string            // Directory path
-	mask   uint64            // Directory itself is being watched with these notify flags
-	names  map[string]uint64 // Map of names being watched and their notify flags
-	rename string            // Remembers the old name while renaming a file
-	buf    [65536]byte       // 64K buffer
+	ov      windows.Overlapped
+	ino     *inode            // i-number
+	recurse bool              // Recursive watch?
+	path    string            // Directory path
+	mask    uint64            // Directory itself is being watched with these notify flags
+	names   map[string]uint64 // Map of names being watched and their notify flags
+	rename  string            // Remembers the old name while renaming a file
+	buf     []byte            // buffer, allocated later
 }
 
 type (
@@ -413,7 +482,10 @@ func (m watchMap) set(ino *inode, watch *watch) {
 }
 
 // Must run within the I/O thread.
-func (w *Watcher) addWatch(pathname string, flags uint64) error {
+func (w *Watcher) addWatch(pathname string, flags uint64, bufsize int) error {
+	//pathname, recurse := recursivePath(pathname)
+	recurse := false
+
 	dir, err := w.getDir(pathname)
 	if err != nil {
 		return err
@@ -433,9 +505,11 @@ func (w *Watcher) addWatch(pathname string, flags uint64) error {
 			return os.NewSyscallError("CreateIoCompletionPort", err)
 		}
 		watchEntry = &watch{
-			ino:   ino,
-			path:  dir,
-			names: make(map[string]uint64),
+			ino:     ino,
+			path:    dir,
+			names:   make(map[string]uint64),
+			recurse: recurse,
+			buf:     make([]byte, bufsize),
 		}
 		w.mu.Lock()
 		w.watches.set(ino, watchEntry)
@@ -465,6 +539,8 @@ func (w *Watcher) addWatch(pathname string, flags uint64) error {
 
 // Must run within the I/O thread.
 func (w *Watcher) remWatch(pathname string) error {
+	pathname, recurse := recursivePath(pathname)
+
 	dir, err := w.getDir(pathname)
 	if err != nil {
 		return err
@@ -478,6 +554,10 @@ func (w *Watcher) remWatch(pathname string) error {
 	watch := w.watches.get(ino)
 	w.mu.Unlock()
 
+	if recurse && !watch.recurse {
+		return fmt.Errorf("can't use \\... with non-recursive watch %q", pathname)
+	}
+
 	err = windows.CloseHandle(ino.handle)
 	if err != nil {
 		w.sendError(os.NewSyscallError("CloseHandle", err))
@@ -535,8 +615,11 @@ func (w *Watcher) startRead(watch *watch) error {
 		return nil
 	}
 
-	rdErr := windows.ReadDirectoryChanges(watch.ino.handle, &watch.buf[0],
-		uint32(unsafe.Sizeof(watch.buf)), false, mask, nil, &watch.ov, 0)
+	// We need to pass the array, rather than the slice.
+	hdr := (*reflect.SliceHeader)(unsafe.Pointer(&watch.buf))
+	rdErr := windows.ReadDirectoryChanges(watch.ino.handle,
+		(*byte)(unsafe.Pointer(hdr.Data)), uint32(hdr.Len),
+		watch.recurse, mask, nil, &watch.ov, 0)
 	if rdErr != nil {
 		err := os.NewSyscallError("ReadDirectoryChanges", rdErr)
 		if rdErr == windows.ERROR_ACCESS_DENIED && watch.mask&provisional == 0 {
@@ -563,9 +646,8 @@ func (w *Watcher) readEvents() {
 	runtime.LockOSThread()
 
 	for {
+		// This error is handled after the watch == nil check below.
 		qErr := windows.GetQueuedCompletionStatus(w.port, &n, &key, &ov, windows.INFINITE)
-		// This error is handled after the watch == nil check below. NOTE: this
-		// seems odd, note sure if it's correct.
 
 		watch := (*watch)(unsafe.Pointer(ov))
 		if watch == nil {
@@ -595,7 +677,7 @@ func (w *Watcher) readEvents() {
 			case in := <-w.input:
 				switch in.op {
 				case opAddWatch:
-					in.reply <- w.addWatch(in.path, uint64(in.flags))
+					in.reply <- w.addWatch(in.path, uint64(in.flags), in.bufsize)
 				case opRemoveWatch:
 					in.reply <- w.remWatch(in.path)
 				}
@@ -605,6 +687,8 @@ func (w *Watcher) readEvents() {
 		}
 
 		switch qErr {
+		case nil:
+			// No error
 		case windows.ERROR_MORE_DATA:
 			if watch == nil {
 				w.sendError(errors.New("ERROR_MORE_DATA has unexpectedly null lpOverlapped buffer"))
@@ -626,13 +710,12 @@ func (w *Watcher) readEvents() {
 		default:
 			w.sendError(os.NewSyscallError("GetQueuedCompletionPort", qErr))
 			continue
-		case nil:
 		}
 
 		var offset uint32
 		for {
 			if n == 0 {
-				w.sendError(errors.New("short read in readEvents()"))
+				w.sendError(ErrEventOverflow)
 				break
 			}
 
@@ -703,8 +786,9 @@ func (w *Watcher) readEvents() {
 
 			// Error!
 			if offset >= n {
+				//lint:ignore ST1005 Windows should be capitalized
 				w.sendError(errors.New(
-					"Windows system assumed buffer larger than it is, events have likely been missed."))
+					"Windows system assumed buffer larger than it is, events have likely been missed"))
 				break
 			}
 		}
@@ -720,9 +804,6 @@ func (w *Watcher) toWindowsFlags(mask uint64) uint32 {
 	if mask&sysFSMODIFY != 0 {
 		m |= windows.FILE_NOTIFY_CHANGE_LAST_WRITE
 	}
-	if mask&sysFSATTRIB != 0 {
-		m |= windows.FILE_NOTIFY_CHANGE_ATTRIBUTES
-	}
 	if mask&(sysFSMOVE|sysFSCREATE|sysFSDELETE) != 0 {
 		m |= windows.FILE_NOTIFY_CHANGE_FILE_NAME | windows.FILE_NOTIFY_CHANGE_DIR_NAME
 	}
diff --git a/vendor/github.com/fsnotify/fsnotify/fsnotify.go b/vendor/github.com/fsnotify/fsnotify/fsnotify.go
index 30a5bf0f07..24c99cc499 100644
--- a/vendor/github.com/fsnotify/fsnotify/fsnotify.go
+++ b/vendor/github.com/fsnotify/fsnotify/fsnotify.go
@@ -1,13 +1,18 @@
-//go:build !plan9
-// +build !plan9
-
 // Package fsnotify provides a cross-platform interface for file system
 // notifications.
+//
+// Currently supported systems:
+//
+//	Linux 2.6.32+    via inotify
+//	BSD, macOS       via kqueue
+//	Windows          via ReadDirectoryChangesW
+//	illumos          via FEN
 package fsnotify
 
 import (
 	"errors"
 	"fmt"
+	"path/filepath"
 	"strings"
 )
 
@@ -33,34 +38,52 @@ type Op uint32
 // The operations fsnotify can trigger; see the documentation on [Watcher] for a
 // full description, and check them with [Event.Has].
 const (
+	// A new pathname was created.
 	Create Op = 1 << iota
+
+	// The pathname was written to; this does *not* mean the write has finished,
+	// and a write can be followed by more writes.
 	Write
+
+	// The path was removed; any watches on it will be removed. Some "remove"
+	// operations may trigger a Rename if the file is actually moved (for
+	// example "remove to trash" is often a rename).
 	Remove
+
+	// The path was renamed to something else; any watched on it will be
+	// removed.
 	Rename
+
+	// File attributes were changed.
+	//
+	// It's generally not recommended to take action on this event, as it may
+	// get triggered very frequently by some software. For example, Spotlight
+	// indexing on macOS, anti-virus software, backup software, etc.
 	Chmod
 )
 
-// Common errors that can be reported by a watcher
+// Common errors that can be reported.
 var (
-	ErrNonExistentWatch = errors.New("can't remove non-existent watcher")
-	ErrEventOverflow    = errors.New("fsnotify queue overflow")
+	ErrNonExistentWatch = errors.New("fsnotify: can't remove non-existent watch")
+	ErrEventOverflow    = errors.New("fsnotify: queue or buffer overflow")
+	ErrClosed           = errors.New("fsnotify: watcher already closed")
 )
 
-func (op Op) String() string {
+func (o Op) String() string {
 	var b strings.Builder
-	if op.Has(Create) {
+	if o.Has(Create) {
 		b.WriteString("|CREATE")
 	}
-	if op.Has(Remove) {
+	if o.Has(Remove) {
 		b.WriteString("|REMOVE")
 	}
-	if op.Has(Write) {
+	if o.Has(Write) {
 		b.WriteString("|WRITE")
 	}
-	if op.Has(Rename) {
+	if o.Has(Rename) {
 		b.WriteString("|RENAME")
 	}
-	if op.Has(Chmod) {
+	if o.Has(Chmod) {
 		b.WriteString("|CHMOD")
 	}
 	if b.Len() == 0 {
@@ -70,7 +93,7 @@ func (op Op) String() string {
 }
 
 // Has reports if this operation has the given operation.
-func (o Op) Has(h Op) bool { return o&h == h }
+func (o Op) Has(h Op) bool { return o&h != 0 }
 
 // Has reports if this event has the given operation.
 func (e Event) Has(op Op) bool { return e.Op.Has(op) }
@@ -79,3 +102,45 @@ func (e Event) Has(op Op) bool { return e.Op.Has(op) }
 func (e Event) String() string {
 	return fmt.Sprintf("%-13s %q", e.Op.String(), e.Name)
 }
+
+type (
+	addOpt   func(opt *withOpts)
+	withOpts struct {
+		bufsize int
+	}
+)
+
+var defaultOpts = withOpts{
+	bufsize: 65536, // 64K
+}
+
+func getOptions(opts ...addOpt) withOpts {
+	with := defaultOpts
+	for _, o := range opts {
+		o(&with)
+	}
+	return with
+}
+
+// WithBufferSize sets the [ReadDirectoryChangesW] buffer size.
+//
+// This only has effect on Windows systems, and is a no-op for other backends.
+//
+// The default value is 64K (65536 bytes) which is the highest value that works
+// on all filesystems and should be enough for most applications, but if you
+// have a large burst of events it may not be enough. You can increase it if
+// you're hitting "queue or buffer overflow" errors ([ErrEventOverflow]).
+//
+// [ReadDirectoryChangesW]: https://learn.microsoft.com/en-gb/windows/win32/api/winbase/nf-winbase-readdirectorychangesw
+func WithBufferSize(bytes int) addOpt {
+	return func(opt *withOpts) { opt.bufsize = bytes }
+}
+
+// Check if this path is recursive (ends with "/..." or "\..."), and return the
+// path with the /... stripped.
+func recursivePath(path string) (string, bool) {
+	if filepath.Base(path) == "..." {
+		return filepath.Dir(path), true
+	}
+	return path, false
+}
diff --git a/vendor/github.com/fsnotify/fsnotify/mkdoc.zsh b/vendor/github.com/fsnotify/fsnotify/mkdoc.zsh
index b09ef76834..99012ae653 100644
--- a/vendor/github.com/fsnotify/fsnotify/mkdoc.zsh
+++ b/vendor/github.com/fsnotify/fsnotify/mkdoc.zsh
@@ -2,8 +2,8 @@
 [ "${ZSH_VERSION:-}" = "" ] && echo >&2 "Only works with zsh" && exit 1
 setopt err_exit no_unset pipefail extended_glob
 
-# Simple script to update the godoc comments on all watchers. Probably took me
-# more time to write this than doing it manually, but ah well 🙃
+# Simple script to update the godoc comments on all watchers so you don't need
+# to update the same comment 5 times.
 
 watcher=$(<<EOF
 // Watcher watches a set of paths, delivering events on a channel.
@@ -16,9 +16,9 @@ watcher=$(<<EOF
 // When a file is removed a Remove event won't be emitted until all file
 // descriptors are closed, and deletes will always emit a Chmod. For example:
 //
-//     fp := os.Open("file")
-//     os.Remove("file")        // Triggers Chmod
-//     fp.Close()               // Triggers Remove
+//	fp := os.Open("file")
+//	os.Remove("file")        // Triggers Chmod
+//	fp.Close()               // Triggers Remove
 //
 // This is the event that inotify sends, so not much can be changed about this.
 //
@@ -32,16 +32,16 @@ watcher=$(<<EOF
 //
 // To increase them you can use sysctl or write the value to the /proc file:
 //
-//     # Default values on Linux 5.18
-//     sysctl fs.inotify.max_user_watches=124983
-//     sysctl fs.inotify.max_user_instances=128
+//	# Default values on Linux 5.18
+//	sysctl fs.inotify.max_user_watches=124983
+//	sysctl fs.inotify.max_user_instances=128
 //
 // To make the changes persist on reboot edit /etc/sysctl.conf or
 // /usr/lib/sysctl.d/50-default.conf (details differ per Linux distro; check
 // your distro's documentation):
 //
-//     fs.inotify.max_user_watches=124983
-//     fs.inotify.max_user_instances=128
+//	fs.inotify.max_user_watches=124983
+//	fs.inotify.max_user_instances=128
 //
 // Reaching the limit will result in a "no space left on device" or "too many open
 // files" error.
@@ -57,14 +57,20 @@ watcher=$(<<EOF
 // control the maximum number of open files, as well as /etc/login.conf on BSD
 // systems.
 //
-// # macOS notes
+// # Windows notes
 //
-// Spotlight indexing on macOS can result in multiple events (see [#15]). A
-// temporary workaround is to add your folder(s) to the "Spotlight Privacy
-// Settings" until we have a native FSEvents implementation (see [#11]).
+// Paths can be added as "C:\\path\\to\\dir", but forward slashes
+// ("C:/path/to/dir") will also work.
 //
-// [#11]: https://github.com/fsnotify/fsnotify/issues/11
-// [#15]: https://github.com/fsnotify/fsnotify/issues/15
+// When a watched directory is removed it will always send an event for the
+// directory itself, but may not send events for all files in that directory.
+// Sometimes it will send events for all times, sometimes it will send no
+// events, and often only for some files.
+//
+// The default ReadDirectoryChangesW() buffer size is 64K, which is the largest
+// value that is guaranteed to work with SMB filesystems. If you have many
+// events in quick succession this may not be enough, and you will have to use
+// [WithBufferSize] to increase the value.
 EOF
 )
 
@@ -73,20 +79,36 @@ new=$(<<EOF
 EOF
 )
 
+newbuffered=$(<<EOF
+// NewBufferedWatcher creates a new Watcher with a buffered Watcher.Events
+// channel.
+//
+// The main use case for this is situations with a very large number of events
+// where the kernel buffer size can't be increased (e.g. due to lack of
+// permissions). An unbuffered Watcher will perform better for almost all use
+// cases, and whenever possible you will be better off increasing the kernel
+// buffers instead of adding a large userspace buffer.
+EOF
+)
+
 add=$(<<EOF
 // Add starts monitoring the path for changes.
 //
-// A path can only be watched once; attempting to watch it more than once will
-// return an error. Paths that do not yet exist on the filesystem cannot be
-// added. A watch will be automatically removed if the path is deleted.
+// A path can only be watched once; watching it more than once is a no-op and will
+// not return an error. Paths that do not yet exist on the filesystem cannot be
+// watched.
 //
-// A path will remain watched if it gets renamed to somewhere else on the same
-// filesystem, but the monitor will get removed if the path gets deleted and
-// re-created, or if it's moved to a different filesystem.
+// A watch will be automatically removed if the watched path is deleted or
+// renamed. The exception is the Windows backend, which doesn't remove the
+// watcher on renames.
 //
 // Notifications on network filesystems (NFS, SMB, FUSE, etc.) or special
 // filesystems (/proc, /sys, etc.) generally don't work.
 //
+// Returns [ErrClosed] if [Watcher.Close] was called.
+//
+// See [Watcher.AddWith] for a version that allows adding options.
+//
 // # Watching directories
 //
 // All files in a directory are monitored, including new files that are created
@@ -96,14 +118,27 @@ add=$(<<EOF
 // # Watching files
 //
 // Watching individual files (rather than directories) is generally not
-// recommended as many tools update files atomically. Instead of "just" writing
-// to the file a temporary file will be written to first, and if successful the
-// temporary file is moved to to destination removing the original, or some
-// variant thereof. The watcher on the original file is now lost, as it no
-// longer exists.
-//
-// Instead, watch the parent directory and use Event.Name to filter out files
-// you're not interested in. There is an example of this in [cmd/fsnotify/file.go].
+// recommended as many programs (especially editors) update files atomically: it
+// will write to a temporary file which is then moved to to destination,
+// overwriting the original (or some variant thereof). The watcher on the
+// original file is now lost, as that no longer exists.
+//
+// The upshot of this is that a power failure or crash won't leave a
+// half-written file.
+//
+// Watch the parent directory and use Event.Name to filter out files you're not
+// interested in. There is an example of this in cmd/fsnotify/file.go.
+EOF
+)
+
+addwith=$(<<EOF
+// AddWith is like [Watcher.Add], but allows adding options. When using Add()
+// the defaults described below are used.
+//
+// Possible options are:
+//
+//   - [WithBufferSize] sets the buffer size for the Windows backend; no-op on
+//     other platforms. The default is 64K (65536 bytes).
 EOF
 )
 
@@ -114,16 +149,21 @@ remove=$(<<EOF
 // /tmp/dir and /tmp/dir/subdir then you will need to remove both.
 //
 // Removing a path that has not yet been added returns [ErrNonExistentWatch].
+//
+// Returns nil if [Watcher.Close] was called.
 EOF
 )
 
 close=$(<<EOF
-// Close removes all watches and closes the events channel.
+// Close removes all watches and closes the Events channel.
 EOF
 )
 
 watchlist=$(<<EOF
-// WatchList returns all paths added with [Add] (and are not yet removed).
+// WatchList returns all paths explicitly added with [Watcher.Add] (and are not
+// yet removed).
+//
+// Returns nil if [Watcher.Close] was called.
 EOF
 )
 
@@ -153,20 +193,29 @@ events=$(<<EOF
 	//                      initiated by the user may show up as one or multiple
 	//                      writes, depending on when the system syncs things to
 	//                      disk. For example when compiling a large Go program
-	//                      you may get hundreds of Write events, so you
-	//                      probably want to wait until you've stopped receiving
-	//                      them (see the dedup example in cmd/fsnotify).
+	//                      you may get hundreds of Write events, and you may
+	//                      want to wait until you've stopped receiving them
+	//                      (see the dedup example in cmd/fsnotify).
+	//
+	//                      Some systems may send Write event for directories
+	//                      when the directory content changes.
 	//
 	//   fsnotify.Chmod     Attributes were changed. On Linux this is also sent
 	//                      when a file is removed (or more accurately, when a
 	//                      link to an inode is removed). On kqueue it's sent
-	//                      and on kqueue when a file is truncated. On Windows
-	//                      it's never sent.
+	//                      when a file is truncated. On Windows it's never
+	//                      sent.
 EOF
 )
 
 errors=$(<<EOF
 	// Errors sends any errors.
+	//
+	// ErrEventOverflow is used to indicate there are too many events:
+	//
+	//  - inotify:      There are too many queued events (fs.inotify.max_queued_events sysctl)
+	//  - windows:      The buffer size is too small; WithBufferSize() can be used to increase it.
+	//  - kqueue, fen:  Not used.
 EOF
 )
 
@@ -200,7 +249,9 @@ set-cmt() {
 
 set-cmt '^type Watcher struct '             $watcher
 set-cmt '^func NewWatcher('                 $new
+set-cmt '^func NewBufferedWatcher('         $newbuffered
 set-cmt '^func (w \*Watcher) Add('          $add
+set-cmt '^func (w \*Watcher) AddWith('      $addwith
 set-cmt '^func (w \*Watcher) Remove('       $remove
 set-cmt '^func (w \*Watcher) Close('        $close
 set-cmt '^func (w \*Watcher) WatchList('    $watchlist
diff --git a/vendor/github.com/gabriel-vasile/mimetype/README.md b/vendor/github.com/gabriel-vasile/mimetype/README.md
index d310928dea..231b29190f 100644
--- a/vendor/github.com/gabriel-vasile/mimetype/README.md
+++ b/vendor/github.com/gabriel-vasile/mimetype/README.md
@@ -10,9 +10,6 @@
 </h6>
 
 <p align="center">
-  <a href="https://travis-ci.org/gabriel-vasile/mimetype">
-    <img alt="Build Status" src="https://travis-ci.org/gabriel-vasile/mimetype.svg?branch=master">
-  </a>
   <a href="https://pkg.go.dev/github.com/gabriel-vasile/mimetype">
     <img alt="Go Reference" src="https://pkg.go.dev/badge/github.com/gabriel-vasile/mimetype.svg">
   </a>
diff --git a/vendor/github.com/gabriel-vasile/mimetype/internal/magic/binary.go b/vendor/github.com/gabriel-vasile/mimetype/internal/magic/binary.go
index 29bdded3e8..f1e944987c 100644
--- a/vendor/github.com/gabriel-vasile/mimetype/internal/magic/binary.go
+++ b/vendor/github.com/gabriel-vasile/mimetype/internal/magic/binary.go
@@ -150,32 +150,34 @@ func Marc(raw []byte, limit uint32) bool {
 }
 
 // Glb matches a glTF model format file.
-// GLB is the binary file format representation of 3D models save in
+// GLB is the binary file format representation of 3D models saved in
 // the GL transmission Format (glTF).
-// see more: https://docs.fileformat.com/3d/glb/
-//           https://www.iana.org/assignments/media-types/model/gltf-binary
-// GLB file format is based on little endian and its header structure
-// show  below:
+// GLB uses little endian and its header structure is as follows:
 //
-// <-- 12-byte header                             -->
-// | magic            | version          | length   |
-// | (uint32)         | (uint32)         | (uint32) |
-// | \x67\x6C\x54\x46 | \x01\x00\x00\x00 | ...      |
-// | g   l   T   F    | 1                | ...      |
+// 	<-- 12-byte header                             -->
+// 	| magic            | version          | length   |
+// 	| (uint32)         | (uint32)         | (uint32) |
+// 	| \x67\x6C\x54\x46 | \x01\x00\x00\x00 | ...      |
+// 	| g   l   T   F    | 1                | ...      |
+//
+// Visit [glTF specification] and [IANA glTF entry] for more details.
+//
+// [glTF specification]: https://registry.khronos.org/glTF/specs/2.0/glTF-2.0.html
+// [IANA glTF entry]: https://www.iana.org/assignments/media-types/model/gltf-binary
 var Glb = prefix([]byte("\x67\x6C\x54\x46\x02\x00\x00\x00"),
 	[]byte("\x67\x6C\x54\x46\x01\x00\x00\x00"))
 
 // TzIf matches a Time Zone Information Format (TZif) file.
 // See more: https://tools.ietf.org/id/draft-murchison-tzdist-tzif-00.html#rfc.section.3
 // Its header structure is shown below:
-// +---------------+---+
-// |  magic    (4) | <-+-- version (1)
-// +---------------+---+---------------------------------------+
-// |           [unused - reserved for future use] (15)         |
-// +---------------+---------------+---------------+-----------+
-// |  isutccnt (4) |  isstdcnt (4) |  leapcnt  (4) |
-// +---------------+---------------+---------------+
-// |  timecnt  (4) |  typecnt  (4) |  charcnt  (4) |
+// 	+---------------+---+
+// 	|  magic    (4) | <-+-- version (1)
+// 	+---------------+---+---------------------------------------+
+// 	|           [unused - reserved for future use] (15)         |
+// 	+---------------+---------------+---------------+-----------+
+// 	|  isutccnt (4) |  isstdcnt (4) |  leapcnt  (4) |
+// 	+---------------+---------------+---------------+
+// 	|  timecnt  (4) |  typecnt  (4) |  charcnt  (4) |
 func TzIf(raw []byte, limit uint32) bool {
 	// File is at least 44 bytes (header size).
 	if len(raw) < 44 {
diff --git a/vendor/github.com/gabriel-vasile/mimetype/internal/magic/magic.go b/vendor/github.com/gabriel-vasile/mimetype/internal/magic/magic.go
index 466058fbe2..34b84f401b 100644
--- a/vendor/github.com/gabriel-vasile/mimetype/internal/magic/magic.go
+++ b/vendor/github.com/gabriel-vasile/mimetype/internal/magic/magic.go
@@ -177,7 +177,9 @@ func newXMLSig(localName, xmlns string) xmlSig {
 // and, optionally, followed by the arguments for the interpreter.
 //
 // Ex:
-//  #! /usr/bin/env php
+//
+//	#! /usr/bin/env php
+//
 // /usr/bin/env is the interpreter, php is the first and only argument.
 func shebang(sigs ...[]byte) Detector {
 	return func(raw []byte, limit uint32) bool {
diff --git a/vendor/github.com/gabriel-vasile/mimetype/internal/magic/text_csv.go b/vendor/github.com/gabriel-vasile/mimetype/internal/magic/text_csv.go
index 6a1561923c..84ed649284 100644
--- a/vendor/github.com/gabriel-vasile/mimetype/internal/magic/text_csv.go
+++ b/vendor/github.com/gabriel-vasile/mimetype/internal/magic/text_csv.go
@@ -3,6 +3,7 @@ package magic
 import (
 	"bytes"
 	"encoding/csv"
+	"errors"
 	"io"
 )
 
@@ -19,12 +20,23 @@ func Tsv(raw []byte, limit uint32) bool {
 func sv(in []byte, comma rune, limit uint32) bool {
 	r := csv.NewReader(dropLastLine(in, limit))
 	r.Comma = comma
-	r.TrimLeadingSpace = true
+	r.ReuseRecord = true
 	r.LazyQuotes = true
 	r.Comment = '#'
 
-	lines, err := r.ReadAll()
-	return err == nil && r.FieldsPerRecord > 1 && len(lines) > 1
+	lines := 0
+	for {
+		_, err := r.Read()
+		if errors.Is(err, io.EOF) {
+			break
+		}
+		if err != nil {
+			return false
+		}
+		lines++
+	}
+
+	return r.FieldsPerRecord > 1 && lines > 1
 }
 
 // dropLastLine drops the last incomplete line from b.
diff --git a/vendor/github.com/gabriel-vasile/mimetype/mimetype.go b/vendor/github.com/gabriel-vasile/mimetype/mimetype.go
index 08e68e334a..1b5909b751 100644
--- a/vendor/github.com/gabriel-vasile/mimetype/mimetype.go
+++ b/vendor/github.com/gabriel-vasile/mimetype/mimetype.go
@@ -39,7 +39,8 @@ func Detect(in []byte) *MIME {
 //
 // DetectReader assumes the reader offset is at the start. If the input is an
 // io.ReadSeeker you previously read from, it should be rewinded before detection:
-//  reader.Seek(0, io.SeekStart)
+//
+//	reader.Seek(0, io.SeekStart)
 func DetectReader(r io.Reader) (*MIME, error) {
 	var in []byte
 	var err error
diff --git a/vendor/github.com/gabriel-vasile/mimetype/supported_mimes.md b/vendor/github.com/gabriel-vasile/mimetype/supported_mimes.md
index cdec4e674e..5ec6f6b650 100644
--- a/vendor/github.com/gabriel-vasile/mimetype/supported_mimes.md
+++ b/vendor/github.com/gabriel-vasile/mimetype/supported_mimes.md
@@ -1,4 +1,4 @@
-## 172 Supported MIME types
+## 173 Supported MIME types
 This file is automatically generated when running tests. Do not edit manually.
 
 Extension | MIME type | Aliases
diff --git a/vendor/github.com/go-logr/logr/README.md b/vendor/github.com/go-logr/logr/README.md
index ab59311813..a8c29bfbd5 100644
--- a/vendor/github.com/go-logr/logr/README.md
+++ b/vendor/github.com/go-logr/logr/README.md
@@ -1,6 +1,7 @@
 # A minimal logging API for Go
 
 [![Go Reference](https://pkg.go.dev/badge/github.com/go-logr/logr.svg)](https://pkg.go.dev/github.com/go-logr/logr)
+[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/go-logr/logr/badge)](https://securityscorecards.dev/viewer/?platform=github.com&org=go-logr&repo=logr)
 
 logr offers an(other) opinion on how Go programs and libraries can do logging
 without becoming coupled to a particular logging implementation.  This is not
@@ -73,6 +74,29 @@ received:
 If the Go standard library had defined an interface for logging, this project
 probably would not be needed.  Alas, here we are.
 
+When the Go developers started developing such an interface with
+[slog](https://github.com/golang/go/issues/56345), they adopted some of the
+logr design but also left out some parts and changed others:
+
+| Feature | logr | slog |
+|---------|------|------|
+| High-level API | `Logger` (passed by value) | `Logger` (passed by [pointer](https://github.com/golang/go/issues/59126)) |
+| Low-level API | `LogSink` | `Handler` |
+| Stack unwinding | done by `LogSink` | done by `Logger` |
+| Skipping helper functions | `WithCallDepth`, `WithCallStackHelper` | [not supported by Logger](https://github.com/golang/go/issues/59145) |
+| Generating a value for logging on demand | `Marshaler` | `LogValuer` |
+| Log levels | >= 0, higher meaning "less important" | positive and negative, with 0 for "info" and higher meaning "more important" |
+| Error log entries | always logged, don't have a verbosity level | normal log entries with level >= `LevelError` |
+| Passing logger via context | `NewContext`, `FromContext` | no API |
+| Adding a name to a logger | `WithName` | no API |
+| Modify verbosity of log entries in a call chain | `V` | no API |
+| Grouping of key/value pairs | not supported | `WithGroup`, `GroupValue` |
+
+The high-level slog API is explicitly meant to be one of many different APIs
+that can be layered on top of a shared `slog.Handler`. logr is one such
+alternative API, with [interoperability](#slog-interoperability) provided by the [`slogr`](slogr)
+package.
+
 ### Inspiration
 
 Before you consider this package, please read [this blog post by the
@@ -118,6 +142,91 @@ There are implementations for the following logging libraries:
 - **github.com/go-kit/log**: [gokitlogr](https://github.com/tonglil/gokitlogr) (also compatible with github.com/go-kit/kit/log since v0.12.0)
 - **bytes.Buffer** (writing to a buffer): [bufrlogr](https://github.com/tonglil/buflogr) (useful for ensuring values were logged, like during testing)
 
+## slog interoperability
+
+Interoperability goes both ways, using the `logr.Logger` API with a `slog.Handler`
+and using the `slog.Logger` API with a `logr.LogSink`. [slogr](./slogr) provides `NewLogr` and
+`NewSlogHandler` API calls to convert between a `logr.Logger` and a `slog.Handler`.
+As usual, `slog.New` can be used to wrap such a `slog.Handler` in the high-level
+slog API. `slogr` itself leaves that to the caller.
+
+## Using a `logr.Sink` as backend for slog
+
+Ideally, a logr sink implementation should support both logr and slog by
+implementing both the normal logr interface(s) and `slogr.SlogSink`.  Because
+of a conflict in the parameters of the common `Enabled` method, it is [not
+possible to implement both slog.Handler and logr.Sink in the same
+type](https://github.com/golang/go/issues/59110).
+
+If both are supported, log calls can go from the high-level APIs to the backend
+without the need to convert parameters. `NewLogr` and `NewSlogHandler` can
+convert back and forth without adding additional wrappers, with one exception:
+when `Logger.V` was used to adjust the verbosity for a `slog.Handler`, then
+`NewSlogHandler` has to use a wrapper which adjusts the verbosity for future
+log calls.
+
+Such an implementation should also support values that implement specific
+interfaces from both packages for logging (`logr.Marshaler`, `slog.LogValuer`,
+`slog.GroupValue`). logr does not convert those.
+
+Not supporting slog has several drawbacks:
+- Recording source code locations works correctly if the handler gets called
+  through `slog.Logger`, but may be wrong in other cases. That's because a
+  `logr.Sink` does its own stack unwinding instead of using the program counter
+  provided by the high-level API.
+- slog levels <= 0 can be mapped to logr levels by negating the level without a
+  loss of information. But all slog levels > 0 (e.g. `slog.LevelWarning` as
+  used by `slog.Logger.Warn`) must be mapped to 0 before calling the sink
+  because logr does not support "more important than info" levels.
+- The slog group concept is supported by prefixing each key in a key/value
+  pair with the group names, separated by a dot. For structured output like
+  JSON it would be better to group the key/value pairs inside an object.
+- Special slog values and interfaces don't work as expected.
+- The overhead is likely to be higher.
+
+These drawbacks are severe enough that applications using a mixture of slog and
+logr should switch to a different backend.
+
+## Using a `slog.Handler` as backend for logr
+
+Using a plain `slog.Handler` without support for logr works better than the
+other direction:
+- All logr verbosity levels can be mapped 1:1 to their corresponding slog level
+  by negating them.
+- Stack unwinding is done by the `slogr.SlogSink` and the resulting program
+  counter is passed to the `slog.Handler`.
+- Names added via `Logger.WithName` are gathered and recorded in an additional
+  attribute with `logger` as key and the names separated by slash as value.
+- `Logger.Error` is turned into a log record with `slog.LevelError` as level
+  and an additional attribute with `err` as key, if an error was provided.
+
+The main drawback is that `logr.Marshaler` will not be supported. Types should
+ideally support both `logr.Marshaler` and `slog.Valuer`. If compatibility
+with logr implementations without slog support is not important, then
+`slog.Valuer` is sufficient.
+
+## Context support for slog
+
+Storing a logger in a `context.Context` is not supported by
+slog. `logr.NewContext` and `logr.FromContext` can be used with slog like this
+to fill this gap:
+
+    func HandlerFromContext(ctx context.Context) slog.Handler {
+        logger, err := logr.FromContext(ctx)
+        if err == nil {
+            return slogr.NewSlogHandler(logger)
+        }
+        return slog.Default().Handler()
+    }
+
+    func ContextWithHandler(ctx context.Context, handler slog.Handler) context.Context {
+        return logr.NewContext(ctx, slogr.NewLogr(handler))
+    }
+
+The downside is that storing and retrieving a `slog.Handler` needs more
+allocations compared to using a `logr.Logger`. Therefore the recommendation is
+to use the `logr.Logger` API in code which uses contextual logging.
+
 ## FAQ
 
 ### Conceptual
@@ -241,7 +350,9 @@ Otherwise, you can start out with `0` as "you always want to see this",
 
 Then gradually choose levels in between as you need them, working your way
 down from 10 (for debug and trace style logs) and up from 1 (for chattier
-info-type logs.)
+info-type logs). For reference, slog pre-defines -4 for debug logs
+(corresponds to 4 in logr), which matches what is
+[recommended for Kubernetes](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-instrumentation/logging.md#what-method-to-use).
 
 #### How do I choose my keys?
 
diff --git a/vendor/github.com/go-logr/logr/SECURITY.md b/vendor/github.com/go-logr/logr/SECURITY.md
new file mode 100644
index 0000000000..1ca756fc7b
--- /dev/null
+++ b/vendor/github.com/go-logr/logr/SECURITY.md
@@ -0,0 +1,18 @@
+# Security Policy
+
+If you have discovered a security vulnerability in this project, please report it
+privately. **Do not disclose it as a public issue.** This gives us time to work with you
+to fix the issue before public exposure, reducing the chance that the exploit will be
+used before a patch is released.
+
+You may submit the report in the following ways:
+
+- send an email to go-logr-security@googlegroups.com
+- send us a [private vulnerability report](https://github.com/go-logr/logr/security/advisories/new)
+
+Please provide the following information in your report:
+
+- A description of the vulnerability and its impact
+- How to reproduce the issue
+
+We ask that you give us 90 days to work on a fix before public exposure.
diff --git a/vendor/github.com/go-logr/logr/funcr/funcr.go b/vendor/github.com/go-logr/logr/funcr/funcr.go
index e52f0cd01e..12e5807cc5 100644
--- a/vendor/github.com/go-logr/logr/funcr/funcr.go
+++ b/vendor/github.com/go-logr/logr/funcr/funcr.go
@@ -116,17 +116,17 @@ type Options struct {
 	// Equivalent hooks are offered for key-value pairs saved via
 	// logr.Logger.WithValues or Formatter.AddValues (see RenderValuesHook) and
 	// for user-provided pairs (see RenderArgsHook).
-	RenderBuiltinsHook func(kvList []interface{}) []interface{}
+	RenderBuiltinsHook func(kvList []any) []any
 
 	// RenderValuesHook is the same as RenderBuiltinsHook, except that it is
 	// only called for key-value pairs saved via logr.Logger.WithValues.  See
 	// RenderBuiltinsHook for more details.
-	RenderValuesHook func(kvList []interface{}) []interface{}
+	RenderValuesHook func(kvList []any) []any
 
 	// RenderArgsHook is the same as RenderBuiltinsHook, except that it is only
 	// called for key-value pairs passed directly to Info and Error.  See
 	// RenderBuiltinsHook for more details.
-	RenderArgsHook func(kvList []interface{}) []interface{}
+	RenderArgsHook func(kvList []any) []any
 
 	// MaxLogDepth tells funcr how many levels of nested fields (e.g. a struct
 	// that contains a struct, etc.) it may log.  Every time it finds a struct,
@@ -163,7 +163,7 @@ func (l fnlogger) WithName(name string) logr.LogSink {
 	return &l
 }
 
-func (l fnlogger) WithValues(kvList ...interface{}) logr.LogSink {
+func (l fnlogger) WithValues(kvList ...any) logr.LogSink {
 	l.Formatter.AddValues(kvList)
 	return &l
 }
@@ -173,12 +173,12 @@ func (l fnlogger) WithCallDepth(depth int) logr.LogSink {
 	return &l
 }
 
-func (l fnlogger) Info(level int, msg string, kvList ...interface{}) {
+func (l fnlogger) Info(level int, msg string, kvList ...any) {
 	prefix, args := l.FormatInfo(level, msg, kvList)
 	l.write(prefix, args)
 }
 
-func (l fnlogger) Error(err error, msg string, kvList ...interface{}) {
+func (l fnlogger) Error(err error, msg string, kvList ...any) {
 	prefix, args := l.FormatError(err, msg, kvList)
 	l.write(prefix, args)
 }
@@ -229,7 +229,7 @@ func newFormatter(opts Options, outfmt outputFormat) Formatter {
 type Formatter struct {
 	outputFormat outputFormat
 	prefix       string
-	values       []interface{}
+	values       []any
 	valuesStr    string
 	depth        int
 	opts         *Options
@@ -246,10 +246,10 @@ const (
 )
 
 // PseudoStruct is a list of key-value pairs that gets logged as a struct.
-type PseudoStruct []interface{}
+type PseudoStruct []any
 
 // render produces a log line, ready to use.
-func (f Formatter) render(builtins, args []interface{}) string {
+func (f Formatter) render(builtins, args []any) string {
 	// Empirically bytes.Buffer is faster than strings.Builder for this.
 	buf := bytes.NewBuffer(make([]byte, 0, 1024))
 	if f.outputFormat == outputJSON {
@@ -292,7 +292,7 @@ func (f Formatter) render(builtins, args []interface{}) string {
 // This function returns a potentially modified version of kvList, which
 // ensures that there is a value for every key (adding a value if needed) and
 // that each key is a string (substituting a key if needed).
-func (f Formatter) flatten(buf *bytes.Buffer, kvList []interface{}, continuing bool, escapeKeys bool) []interface{} {
+func (f Formatter) flatten(buf *bytes.Buffer, kvList []any, continuing bool, escapeKeys bool) []any {
 	// This logic overlaps with sanitize() but saves one type-cast per key,
 	// which can be measurable.
 	if len(kvList)%2 != 0 {
@@ -334,7 +334,7 @@ func (f Formatter) flatten(buf *bytes.Buffer, kvList []interface{}, continuing b
 	return kvList
 }
 
-func (f Formatter) pretty(value interface{}) string {
+func (f Formatter) pretty(value any) string {
 	return f.prettyWithFlags(value, 0, 0)
 }
 
@@ -343,7 +343,7 @@ const (
 )
 
 // TODO: This is not fast. Most of the overhead goes here.
-func (f Formatter) prettyWithFlags(value interface{}, flags uint32, depth int) string {
+func (f Formatter) prettyWithFlags(value any, flags uint32, depth int) string {
 	if depth > f.opts.MaxLogDepth {
 		return `"<max-log-depth-exceeded>"`
 	}
@@ -614,7 +614,7 @@ func isEmpty(v reflect.Value) bool {
 	return false
 }
 
-func invokeMarshaler(m logr.Marshaler) (ret interface{}) {
+func invokeMarshaler(m logr.Marshaler) (ret any) {
 	defer func() {
 		if r := recover(); r != nil {
 			ret = fmt.Sprintf("<panic: %s>", r)
@@ -675,12 +675,12 @@ func (f Formatter) caller() Caller {
 
 const noValue = "<no-value>"
 
-func (f Formatter) nonStringKey(v interface{}) string {
+func (f Formatter) nonStringKey(v any) string {
 	return fmt.Sprintf("<non-string-key: %s>", f.snippet(v))
 }
 
 // snippet produces a short snippet string of an arbitrary value.
-func (f Formatter) snippet(v interface{}) string {
+func (f Formatter) snippet(v any) string {
 	const snipLen = 16
 
 	snip := f.pretty(v)
@@ -693,7 +693,7 @@ func (f Formatter) snippet(v interface{}) string {
 // sanitize ensures that a list of key-value pairs has a value for every key
 // (adding a value if needed) and that each key is a string (substituting a key
 // if needed).
-func (f Formatter) sanitize(kvList []interface{}) []interface{} {
+func (f Formatter) sanitize(kvList []any) []any {
 	if len(kvList)%2 != 0 {
 		kvList = append(kvList, noValue)
 	}
@@ -727,8 +727,8 @@ func (f Formatter) GetDepth() int {
 // FormatInfo renders an Info log message into strings.  The prefix will be
 // empty when no names were set (via AddNames), or when the output is
 // configured for JSON.
-func (f Formatter) FormatInfo(level int, msg string, kvList []interface{}) (prefix, argsStr string) {
-	args := make([]interface{}, 0, 64) // using a constant here impacts perf
+func (f Formatter) FormatInfo(level int, msg string, kvList []any) (prefix, argsStr string) {
+	args := make([]any, 0, 64) // using a constant here impacts perf
 	prefix = f.prefix
 	if f.outputFormat == outputJSON {
 		args = append(args, "logger", prefix)
@@ -745,10 +745,10 @@ func (f Formatter) FormatInfo(level int, msg string, kvList []interface{}) (pref
 }
 
 // FormatError renders an Error log message into strings.  The prefix will be
-// empty when no names were set (via AddNames),  or when the output is
+// empty when no names were set (via AddNames), or when the output is
 // configured for JSON.
-func (f Formatter) FormatError(err error, msg string, kvList []interface{}) (prefix, argsStr string) {
-	args := make([]interface{}, 0, 64) // using a constant here impacts perf
+func (f Formatter) FormatError(err error, msg string, kvList []any) (prefix, argsStr string) {
+	args := make([]any, 0, 64) // using a constant here impacts perf
 	prefix = f.prefix
 	if f.outputFormat == outputJSON {
 		args = append(args, "logger", prefix)
@@ -761,12 +761,12 @@ func (f Formatter) FormatError(err error, msg string, kvList []interface{}) (pre
 		args = append(args, "caller", f.caller())
 	}
 	args = append(args, "msg", msg)
-	var loggableErr interface{}
+	var loggableErr any
 	if err != nil {
 		loggableErr = err.Error()
 	}
 	args = append(args, "error", loggableErr)
-	return f.prefix, f.render(args, kvList)
+	return prefix, f.render(args, kvList)
 }
 
 // AddName appends the specified name.  funcr uses '/' characters to separate
@@ -781,7 +781,7 @@ func (f *Formatter) AddName(name string) {
 
 // AddValues adds key-value pairs to the set of saved values to be logged with
 // each log line.
-func (f *Formatter) AddValues(kvList []interface{}) {
+func (f *Formatter) AddValues(kvList []any) {
 	// Three slice args forces a copy.
 	n := len(f.values)
 	f.values = append(f.values[:n:n], kvList...)
diff --git a/vendor/github.com/go-logr/logr/logr.go b/vendor/github.com/go-logr/logr/logr.go
index e027aea3fd..2a5075a180 100644
--- a/vendor/github.com/go-logr/logr/logr.go
+++ b/vendor/github.com/go-logr/logr/logr.go
@@ -127,9 +127,9 @@ limitations under the License.
 // such a value can call its methods without having to check whether the
 // instance is ready for use.
 //
-// Calling methods with the null logger (Logger{}) as instance will crash
-// because it has no LogSink. Therefore this null logger should never be passed
-// around. For cases where passing a logger is optional, a pointer to Logger
+// The zero logger (= Logger{}) is identical to Discard() and discards all log
+// entries. Code that receives a Logger by value can simply call it, the methods
+// will never crash. For cases where passing a logger is optional, a pointer to Logger
 // should be used.
 //
 // # Key Naming Conventions
@@ -258,6 +258,12 @@ type Logger struct {
 // Enabled tests whether this Logger is enabled.  For example, commandline
 // flags might be used to set the logging verbosity and disable some info logs.
 func (l Logger) Enabled() bool {
+	// Some implementations of LogSink look at the caller in Enabled (e.g.
+	// different verbosity levels per package or file), but we only pass one
+	// CallDepth in (via Init).  This means that all calls from Logger to the
+	// LogSink's Enabled, Info, and Error methods must have the same number of
+	// frames.  In other words, Logger methods can't call other Logger methods
+	// which call these LogSink methods unless we do it the same in all paths.
 	return l.sink != nil && l.sink.Enabled(l.level)
 }
 
@@ -267,11 +273,11 @@ func (l Logger) Enabled() bool {
 // line.  The key/value pairs can then be used to add additional variable
 // information.  The key/value pairs must alternate string keys and arbitrary
 // values.
-func (l Logger) Info(msg string, keysAndValues ...interface{}) {
+func (l Logger) Info(msg string, keysAndValues ...any) {
 	if l.sink == nil {
 		return
 	}
-	if l.Enabled() {
+	if l.sink.Enabled(l.level) { // see comment in Enabled
 		if withHelper, ok := l.sink.(CallStackHelperLogSink); ok {
 			withHelper.GetCallStackHelper()()
 		}
@@ -289,7 +295,7 @@ func (l Logger) Info(msg string, keysAndValues ...interface{}) {
 // while the err argument should be used to attach the actual error that
 // triggered this log line, if present. The err parameter is optional
 // and nil may be passed instead of an error instance.
-func (l Logger) Error(err error, msg string, keysAndValues ...interface{}) {
+func (l Logger) Error(err error, msg string, keysAndValues ...any) {
 	if l.sink == nil {
 		return
 	}
@@ -314,9 +320,16 @@ func (l Logger) V(level int) Logger {
 	return l
 }
 
+// GetV returns the verbosity level of the logger. If the logger's LogSink is
+// nil as in the Discard logger, this will always return 0.
+func (l Logger) GetV() int {
+	// 0 if l.sink nil because of the if check in V above.
+	return l.level
+}
+
 // WithValues returns a new Logger instance with additional key/value pairs.
 // See Info for documentation on how key/value pairs work.
-func (l Logger) WithValues(keysAndValues ...interface{}) Logger {
+func (l Logger) WithValues(keysAndValues ...any) Logger {
 	if l.sink == nil {
 		return l
 	}
@@ -467,15 +480,15 @@ type LogSink interface {
 	// The level argument is provided for optional logging.  This method will
 	// only be called when Enabled(level) is true. See Logger.Info for more
 	// details.
-	Info(level int, msg string, keysAndValues ...interface{})
+	Info(level int, msg string, keysAndValues ...any)
 
 	// Error logs an error, with the given message and key/value pairs as
 	// context.  See Logger.Error for more details.
-	Error(err error, msg string, keysAndValues ...interface{})
+	Error(err error, msg string, keysAndValues ...any)
 
 	// WithValues returns a new LogSink with additional key/value pairs.  See
 	// Logger.WithValues for more details.
-	WithValues(keysAndValues ...interface{}) LogSink
+	WithValues(keysAndValues ...any) LogSink
 
 	// WithName returns a new LogSink with the specified name appended.  See
 	// Logger.WithName for more details.
@@ -546,5 +559,5 @@ type Marshaler interface {
 	//     with exported fields
 	//
 	// It may return any value of any type.
-	MarshalLog() interface{}
+	MarshalLog() any
 }
diff --git a/vendor/github.com/go-openapi/jsonpointer/pointer.go b/vendor/github.com/go-openapi/jsonpointer/pointer.go
index 7df9853def..de60dc7dd2 100644
--- a/vendor/github.com/go-openapi/jsonpointer/pointer.go
+++ b/vendor/github.com/go-openapi/jsonpointer/pointer.go
@@ -26,6 +26,7 @@
 package jsonpointer
 
 import (
+	"encoding/json"
 	"errors"
 	"fmt"
 	"reflect"
@@ -40,6 +41,7 @@ const (
 	pointerSeparator = `/`
 
 	invalidStart = `JSON pointer must be empty or start with a "` + pointerSeparator
+	notFound     = `Can't find the pointer in the document`
 )
 
 var jsonPointableType = reflect.TypeOf(new(JSONPointable)).Elem()
@@ -48,13 +50,13 @@ var jsonSetableType = reflect.TypeOf(new(JSONSetable)).Elem()
 // JSONPointable is an interface for structs to implement when they need to customize the
 // json pointer process
 type JSONPointable interface {
-	JSONLookup(string) (interface{}, error)
+	JSONLookup(string) (any, error)
 }
 
 // JSONSetable is an interface for structs to implement when they need to customize the
 // json pointer process
 type JSONSetable interface {
-	JSONSet(string, interface{}) error
+	JSONSet(string, any) error
 }
 
 // New creates a new json pointer for the given string
@@ -81,9 +83,7 @@ func (p *Pointer) parse(jsonPointerString string) error {
 			err = errors.New(invalidStart)
 		} else {
 			referenceTokens := strings.Split(jsonPointerString, pointerSeparator)
-			for _, referenceToken := range referenceTokens[1:] {
-				p.referenceTokens = append(p.referenceTokens, referenceToken)
-			}
+			p.referenceTokens = append(p.referenceTokens, referenceTokens[1:]...)
 		}
 	}
 
@@ -91,26 +91,26 @@ func (p *Pointer) parse(jsonPointerString string) error {
 }
 
 // Get uses the pointer to retrieve a value from a JSON document
-func (p *Pointer) Get(document interface{}) (interface{}, reflect.Kind, error) {
+func (p *Pointer) Get(document any) (any, reflect.Kind, error) {
 	return p.get(document, swag.DefaultJSONNameProvider)
 }
 
 // Set uses the pointer to set a value from a JSON document
-func (p *Pointer) Set(document interface{}, value interface{}) (interface{}, error) {
+func (p *Pointer) Set(document any, value any) (any, error) {
 	return document, p.set(document, value, swag.DefaultJSONNameProvider)
 }
 
 // GetForToken gets a value for a json pointer token 1 level deep
-func GetForToken(document interface{}, decodedToken string) (interface{}, reflect.Kind, error) {
+func GetForToken(document any, decodedToken string) (any, reflect.Kind, error) {
 	return getSingleImpl(document, decodedToken, swag.DefaultJSONNameProvider)
 }
 
 // SetForToken gets a value for a json pointer token 1 level deep
-func SetForToken(document interface{}, decodedToken string, value interface{}) (interface{}, error) {
+func SetForToken(document any, decodedToken string, value any) (any, error) {
 	return document, setSingleImpl(document, value, decodedToken, swag.DefaultJSONNameProvider)
 }
 
-func getSingleImpl(node interface{}, decodedToken string, nameProvider *swag.NameProvider) (interface{}, reflect.Kind, error) {
+func getSingleImpl(node any, decodedToken string, nameProvider *swag.NameProvider) (any, reflect.Kind, error) {
 	rValue := reflect.Indirect(reflect.ValueOf(node))
 	kind := rValue.Kind()
 
@@ -159,7 +159,7 @@ func getSingleImpl(node interface{}, decodedToken string, nameProvider *swag.Nam
 
 }
 
-func setSingleImpl(node, data interface{}, decodedToken string, nameProvider *swag.NameProvider) error {
+func setSingleImpl(node, data any, decodedToken string, nameProvider *swag.NameProvider) error {
 	rValue := reflect.Indirect(reflect.ValueOf(node))
 
 	if ns, ok := node.(JSONSetable); ok { // pointer impl
@@ -210,7 +210,7 @@ func setSingleImpl(node, data interface{}, decodedToken string, nameProvider *sw
 
 }
 
-func (p *Pointer) get(node interface{}, nameProvider *swag.NameProvider) (interface{}, reflect.Kind, error) {
+func (p *Pointer) get(node any, nameProvider *swag.NameProvider) (any, reflect.Kind, error) {
 
 	if nameProvider == nil {
 		nameProvider = swag.DefaultJSONNameProvider
@@ -241,7 +241,7 @@ func (p *Pointer) get(node interface{}, nameProvider *swag.NameProvider) (interf
 	return node, kind, nil
 }
 
-func (p *Pointer) set(node, data interface{}, nameProvider *swag.NameProvider) error {
+func (p *Pointer) set(node, data any, nameProvider *swag.NameProvider) error {
 	knd := reflect.ValueOf(node).Kind()
 
 	if knd != reflect.Ptr && knd != reflect.Struct && knd != reflect.Map && knd != reflect.Slice && knd != reflect.Array {
@@ -363,6 +363,127 @@ func (p *Pointer) String() string {
 	return pointerString
 }
 
+func (p *Pointer) Offset(document string) (int64, error) {
+	dec := json.NewDecoder(strings.NewReader(document))
+	var offset int64
+	for _, ttk := range p.DecodedTokens() {
+		tk, err := dec.Token()
+		if err != nil {
+			return 0, err
+		}
+		switch tk := tk.(type) {
+		case json.Delim:
+			switch tk {
+			case '{':
+				offset, err = offsetSingleObject(dec, ttk)
+				if err != nil {
+					return 0, err
+				}
+			case '[':
+				offset, err = offsetSingleArray(dec, ttk)
+				if err != nil {
+					return 0, err
+				}
+			default:
+				return 0, fmt.Errorf("invalid token %#v", tk)
+			}
+		default:
+			return 0, fmt.Errorf("invalid token %#v", tk)
+		}
+	}
+	return offset, nil
+}
+
+func offsetSingleObject(dec *json.Decoder, decodedToken string) (int64, error) {
+	for dec.More() {
+		offset := dec.InputOffset()
+		tk, err := dec.Token()
+		if err != nil {
+			return 0, err
+		}
+		switch tk := tk.(type) {
+		case json.Delim:
+			switch tk {
+			case '{':
+				if err := drainSingle(dec); err != nil {
+					return 0, err
+				}
+			case '[':
+				if err := drainSingle(dec); err != nil {
+					return 0, err
+				}
+			}
+		case string:
+			if tk == decodedToken {
+				return offset, nil
+			}
+		default:
+			return 0, fmt.Errorf("invalid token %#v", tk)
+		}
+	}
+	return 0, fmt.Errorf("token reference %q not found", decodedToken)
+}
+
+func offsetSingleArray(dec *json.Decoder, decodedToken string) (int64, error) {
+	idx, err := strconv.Atoi(decodedToken)
+	if err != nil {
+		return 0, fmt.Errorf("token reference %q is not a number: %v", decodedToken, err)
+	}
+	var i int
+	for i = 0; i < idx && dec.More(); i++ {
+		tk, err := dec.Token()
+		if err != nil {
+			return 0, err
+		}
+		switch tk := tk.(type) {
+		case json.Delim:
+			switch tk {
+			case '{':
+				if err := drainSingle(dec); err != nil {
+					return 0, err
+				}
+			case '[':
+				if err := drainSingle(dec); err != nil {
+					return 0, err
+				}
+			}
+		}
+	}
+	if !dec.More() {
+		return 0, fmt.Errorf("token reference %q not found", decodedToken)
+	}
+	return dec.InputOffset(), nil
+}
+
+// drainSingle drains a single level of object or array.
+// The decoder has to guarantee the begining delim (i.e. '{' or '[') has been consumed.
+func drainSingle(dec *json.Decoder) error {
+	for dec.More() {
+		tk, err := dec.Token()
+		if err != nil {
+			return err
+		}
+		switch tk := tk.(type) {
+		case json.Delim:
+			switch tk {
+			case '{':
+				if err := drainSingle(dec); err != nil {
+					return err
+				}
+			case '[':
+				if err := drainSingle(dec); err != nil {
+					return err
+				}
+			}
+		}
+	}
+	// Consumes the ending delim
+	if _, err := dec.Token(); err != nil {
+		return err
+	}
+	return nil
+}
+
 // Specific JSON pointer encoding here
 // ~0 => ~
 // ~1 => /
diff --git a/vendor/github.com/google/certificate-transparency-go/CHANGELOG.md b/vendor/github.com/google/certificate-transparency-go/CHANGELOG.md
index 4bff3ed0f1..3c56553dc4 100644
--- a/vendor/github.com/google/certificate-transparency-go/CHANGELOG.md
+++ b/vendor/github.com/google/certificate-transparency-go/CHANGELOG.md
@@ -2,12 +2,143 @@
 
 ## HEAD
 
+## v1.1.7
+
+* Recommended Go version for development: 1.20
+  * This is the version used by the Cloud Build presubmits. Using a different version can lead to presubmits failing due to unexpected diffs.
+
+* Bump golangci-lint from 1.51.1 to 1.55.1 (developers should update to this version).
+
+### Add support for WASI port
+
+* Add build tags for wasip1 GOOS by @flavio in https://github.com/google/certificate-transparency-go/pull/1089
+
+### Add support for IBM Z operating system z/OS
+
+* Add build tags for zOS by @onlywork1984 in https://github.com/google/certificate-transparency-go/pull/1088
+
+### Log List
+
+* Add support for "is_all_logs" field in loglist3 by @phbnf in https://github.com/google/certificate-transparency-go/pull/1095
+
+### Documentation
+
+* Improve Dockerized Test Deployment documentation by @roger2hk in https://github.com/google/certificate-transparency-go/pull/1179
+
+### Misc
+
+* Escape forward slashes in certificate Subject names when used as user quota id strings by @robstradling in https://github.com/google/certificate-transparency-go/pull/1059
+* Search whole chain looking for issuer match by @mhutchinson in https://github.com/google/certificate-transparency-go/pull/1112
+* Use proper check per @AGWA instead of buggy check introduced in #1112 by @mhutchinson in https://github.com/google/certificate-transparency-go/pull/1114
+* Build the ctfe/ct_server binary without depending on glibc by @roger2hk in https://github.com/google/certificate-transparency-go/pull/1119
+* Migrate CTFE Ingress manifest to support GKE version 1.23 by @roger2hk in https://github.com/google/certificate-transparency-go/pull/1086
+* Remove Dependabot ignore configuration by @roger2hk in https://github.com/google/certificate-transparency-go/pull/1097
+* Add "github-actions" and "docker" Dependabot config by @roger2hk in https://github.com/google/certificate-transparency-go/pull/1101
+* Add top level permission in CodeQL workflow by @roger2hk in https://github.com/google/certificate-transparency-go/pull/1102
+* Pin Docker image dependencies by @roger2hk in https://github.com/google/certificate-transparency-go/pull/1110
+* Remove GO111MODULE from Dockerfile and Cloud Build yaml files by @roger2hk in https://github.com/google/certificate-transparency-go/pull/1113
+* Add docker Dependabot config by @roger2hk in https://github.com/google/certificate-transparency-go/pull/1126
+* Export is_mirror = 0.0 for non mirror instead of nothing by @phbnf in https://github.com/google/certificate-transparency-go/pull/1133
+* Add govulncheck GitHub action by @roger2hk in https://github.com/google/certificate-transparency-go/pull/1145
+* Spelling by @jsoref in https://github.com/google/certificate-transparency-go/pull/1144
+
+### Dependency update
+
+* Bump Go from 1.19 to 1.20 by @roger2hk in https://github.com/google/certificate-transparency-go/pull/1146
+* Bump golangci-lint from 1.51.1 to 1.55.1 by @roger2hk in https://github.com/google/certificate-transparency-go/pull/1214
+* Bump go.etcd.io/etcd/v3 from 3.5.8 to 3.5.9 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1083
+* Bump golang.org/x/crypto from 0.8.0 to 0.9.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/108
+* Bump github.com/mattn/go-sqlite3 from 1.14.16 to 1.14.17 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1092
+* Bump golang.org/x/net from 0.10.0 to 0.11.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1094
+* Bump github.com/prometheus/client_golang from 1.15.1 to 1.16.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1098
+* Bump google.golang.org/protobuf from 1.30.0 to 1.31.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1099
+* Bump golang.org/x/net from 0.11.0 to 0.12.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1108
+* Bump actions/checkout from 3.1.0 to 3.5.3 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1103
+* Bump github/codeql-action from 2.1.27 to 2.20.3 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1104
+* Bump ossf/scorecard-action from 2.0.6 to 2.2.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1105
+* Bump actions/upload-artifact from 3.1.0 to 3.1.2 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1106
+* Bump github/codeql-action from 2.20.3 to 2.20.4 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1115
+* Bump github/codeql-action from 2.20.4 to 2.21.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1117
+* Bump golang.org/x/net from 0.12.0 to 0.14.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1124
+* Bump github/codeql-action from 2.21.0 to 2.21.2 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1121
+* Bump github/codeql-action from 2.21.2 to 2.21.4 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1125
+* Bump golang from `fd9306e` to `eb3f9ac` in /integration by @dependabot in https://github.com/google/certificate-transparency-go/pull/1127
+* Bump alpine from 3.8 to 3.18 in /trillian/examples/deployment/docker/envsubst by @dependabot in https://github.com/google/certificate-transparency-go/pull/1129
+* Bump golang from `fd9306e` to `eb3f9ac` in /trillian/examples/deployment/docker/ctfe by @dependabot in https://github.com/google/certificate-transparency-go/pull/1128
+* Bump alpine from `82d1e9d` to `7144f7b` in /internal/witness/cmd/feeder by @dependabot in https://github.com/google/certificate-transparency-go/pull/1130
+* Bump golang from `fd9306e` to `eb3f9ac` in /internal/witness/cmd/witness by @dependabot in https://github.com/google/certificate-transparency-go/pull/1131
+* Bump golang from 1.19-alpine to 1.21-alpine in /internal/witness/cmd/feeder by @dependabot in https://github.com/google/certificate-transparency-go/pull/1132
+* Bump actions/checkout from 3.5.3 to 3.6.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1134
+* Bump github/codeql-action from 2.21.4 to 2.21.5 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1135
+* Bump distroless/base from `73deaaf` to `46c5b9b` in /trillian/examples/deployment/docker/ctfe by @dependabot in https://github.com/google/certificate-transparency-go/pull/1136
+* Bump actions/checkout from 3.6.0 to 4.0.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1137
+* Bump golang.org/x/net from 0.14.0 to 0.15.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1139
+* Bump github.com/rs/cors from 1.9.0 to 1.10.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1140
+* Bump actions/upload-artifact from 3.1.2 to 3.1.3 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1141
+* Bump golang from `445f340` to `96634e5` in /internal/witness/cmd/feeder by @dependabot in https://github.com/google/certificate-transparency-go/pull/1142
+* Bump github/codeql-action from 2.21.5 to 2.21.6 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1149
+* Bump Docker golang base images to 1.21.1 by @roger2hk in https://github.com/google/certificate-transparency-go/pull/1147
+* Bump github/codeql-action from 2.21.6 to 2.21.7 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1150
+* Bump github/codeql-action from 2.21.7 to 2.21.8 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1152
+* Bump golang from `d3114db` to `a0b3bc4` in /internal/witness/cmd/feeder by @dependabot in https://github.com/google/certificate-transparency-go/pull/1155
+* Bump golang from `d3114db` to `a0b3bc4` in /internal/witness/cmd/witness by @dependabot in https://github.com/google/certificate-transparency-go/pull/1157
+* Bump golang from `d3114db` to `a0b3bc4` in /integration by @dependabot in https://github.com/google/certificate-transparency-go/pull/1156
+* Bump golang from `d3114db` to `a0b3bc4` in /trillian/examples/deployment/docker/ctfe by @dependabot in https://github.com/google/certificate-transparency-go/pull/1158
+* Bump golang from `e06b3a4` to `114b9cc` in /integration by @dependabot in https://github.com/google/certificate-transparency-go/pull/1159
+* Bump golang from `a0b3bc4` to `114b9cc` in /internal/witness/cmd/feeder by @dependabot in https://github.com/google/certificate-transparency-go/pull/1160
+* Bump golang from `a0b3bc4` to `114b9cc` in /internal/witness/cmd/witness by @dependabot in https://github.com/google/certificate-transparency-go/pull/1161
+* Bump actions/checkout from 4.0.0 to 4.1.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1162
+* Bump golang from `114b9cc` to `9c7ea4a` in /internal/witness/cmd/feeder by @dependabot in https://github.com/google/certificate-transparency-go/pull/1163
+* Bump golang from `114b9cc` to `9c7ea4a` in /integration by @dependabot in https://github.com/google/certificate-transparency-go/pull/1166
+* Bump golang from `114b9cc` to `9c7ea4a` in /trillian/examples/deployment/docker/ctfe by @dependabot in https://github.com/google/certificate-transparency-go/pull/1165
+* Bump golang from `114b9cc` to `9c7ea4a` in /internal/witness/cmd/witness by @dependabot in https://github.com/google/certificate-transparency-go/pull/1164
+* Bump github/codeql-action from 2.21.8 to 2.21.9 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1169
+* Bump golang from `9c7ea4a` to `61f84bc` in /integration by @dependabot in https://github.com/google/certificate-transparency-go/pull/1168
+* Bump github.com/prometheus/client_golang from 1.16.0 to 1.17.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1172
+* Bump golang from `9c7ea4a` to `61f84bc` in /trillian/examples/deployment/docker/ctfe by @dependabot in https://github.com/google/certificate-transparency-go/pull/1170
+* Bump github.com/rs/cors from 1.10.0 to 1.10.1 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1176
+* Bump alpine from `7144f7b` to `eece025` in /trillian/examples/deployment/docker/envsubst by @dependabot in https://github.com/google/certificate-transparency-go/pull/1174
+* Bump alpine from `7144f7b` to `eece025` in /internal/witness/cmd/feeder by @dependabot in https://github.com/google/certificate-transparency-go/pull/1175
+* Bump golang from `9c7ea4a` to `61f84bc` in /internal/witness/cmd/witness by @dependabot in https://github.com/google/certificate-transparency-go/pull/1171
+* Bump golang from `9c7ea4a` to `61f84bc` in /internal/witness/cmd/feeder by @dependabot in https://github.com/google/certificate-transparency-go/pull/1173
+* Bump distroless/base from `46c5b9b` to `a35b652` in /trillian/examples/deployment/docker/ctfe by @dependabot in https://github.com/google/certificate-transparency-go/pull/1177
+* Bump golang.org/x/crypto from 0.13.0 to 0.14.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1178
+* Bump github/codeql-action from 2.21.9 to 2.22.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1180
+* Bump golang from 1.21.1-bookworm to 1.21.2-bookworm in /integration by @dependabot in https://github.com/google/certificate-transparency-go/pull/1181
+* Bump golang.org/x/net from 0.15.0 to 0.16.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1184
+* Bump golang from 1.21.1-bookworm to 1.21.2-bookworm in /internal/witness/cmd/witness by @dependabot in https://github.com/google/certificate-transparency-go/pull/1182
+* Bump golang from 1.21.1-bookworm to 1.21.2-bookworm in /internal/witness/cmd/feeder by @dependabot in https://github.com/google/certificate-transparency-go/pull/1185
+* Bump golang from 1.21.1-bookworm to 1.21.2-bookworm in /trillian/examples/deployment/docker/ctfe by @dependabot in https://github.com/google/certificate-transparency-go/pull/1183
+* Bump github/codeql-action from 2.22.0 to 2.22.1 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1186
+* Bump distroless/base from `a35b652` to `b31a6e0` in /trillian/examples/deployment/docker/ctfe by @dependabot in https://github.com/google/certificate-transparency-go/pull/1188
+* Bump ossf/scorecard-action from 2.2.0 to 2.3.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1187
+* Bump github.com/google/go-cmp from 0.5.9 to 0.6.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1189
+* Bump golang.org/x/net from 0.16.0 to 0.17.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1190
+* Bump go-version-input from 1.20.8 to 1.20.10 in govulncheck by @roger2hk in https://github.com/google/certificate-transparency-go/pull/1195
+* Bump golang from 1.21.2-bookworm to 1.21.3-bookworm in /internal/witness/cmd/witness by @dependabot in https://github.com/google/certificate-transparency-go/pull/1193
+* Bump golang from 1.21.2-bookworm to 1.21.3-bookworm in /internal/witness/cmd/feeder by @dependabot in https://github.com/google/certificate-transparency-go/pull/1191
+* Bump golang from 1.21.2-bookworm to 1.21.3-bookworm in /integration by @dependabot in https://github.com/google/certificate-transparency-go/pull/1194
+* Bump golang from 1.21.2-bookworm to 1.21.3-bookworm in /trillian/examples/deployment/docker/ctfe by @dependabot in https://github.com/google/certificate-transparency-go/pull/1192
+* Bump golang from `a94b089` to `8f9a1ec` in /internal/witness/cmd/feeder by @dependabot in https://github.com/google/certificate-transparency-go/pull/1196
+* Bump github/codeql-action from 2.22.1 to 2.22.2 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1197
+* Bump golang from `a94b089` to `5cc7ddc` in /integration by @dependabot in https://github.com/google/certificate-transparency-go/pull/1200
+* Bump golang from `a94b089` to `5cc7ddc` in /internal/witness/cmd/witness by @dependabot in https://github.com/google/certificate-transparency-go/pull/1199
+* Bump github/codeql-action from 2.22.2 to 2.22.3 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1202
+* Bump golang from `5cc7ddc` to `20f9ab5` in /integration by @dependabot in https://github.com/google/certificate-transparency-go/pull/1203
+* Bump golang from `a94b089` to `20f9ab5` in /trillian/examples/deployment/docker/ctfe by @dependabot in https://github.com/google/certificate-transparency-go/pull/1198
+* Bump golang from `8f9a1ec` to `20f9ab5` in /internal/witness/cmd/feeder by @dependabot in https://github.com/google/certificate-transparency-go/pull/1201
+* Bump actions/checkout from 4.1.0 to 4.1.1 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1204
+* Bump github/codeql-action from 2.22.3 to 2.22.4 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1206
+* Bump ossf/scorecard-action from 2.3.0 to 2.3.1 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1207
+* Bump github/codeql-action from 2.22.4 to 2.22.5 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1209
+* Bump multiple Go module dependencies by @roger2hk in https://github.com/google/certificate-transparency-go/pull/1213
+
 ## v1.1.6
 
-## Dependency update
+### Dependency update
 
- * Bump Trillian to v1.5.2
- * Bump Prometheus to v0.43.1
+* Bump Trillian to v1.5.2
+* Bump Prometheus to v0.43.1
 
 ## v1.1.5
 
@@ -20,7 +151,7 @@
 
  * Remove v2 log list package files.
 
- ### Misc
+### Misc
 
  * Updated golangci-lint to v1.51.1 (developers should update to this version).
  * Bump Go version from 1.17 to 1.19.
@@ -146,7 +277,7 @@ entries whose `start` parameter does not fall on a multiple of the maximum
 permitted number of entries, will have their responses truncated such that
 subsequent requests will align with this boundary.
 This is intended to coerce callers of `get-entries` into all using the same
-`start` and `end` parameters and thereby increase the cachability of
+`start` and `end` parameters and thereby increase the cacheability of
 these requests.
 
 e.g.:
@@ -582,7 +713,7 @@ Commit [3955e4a00c42e83ff17ce25003976159c5d0f0f9](https://api.github.com/repos/g
 
 Published 2018-06-01 14:02:58 +0000 UTC
 
-This release is mostly fixes to the `x509` and `asn1` packages. Some command line utilties were also updated.
+This release is mostly fixes to the `x509` and `asn1` packages. Some command line utilities were also updated.
 
 Commit [ae40d07cce12f1227c6e658e61c9dddb7646f97b](https://api.github.com/repos/google/certificate-transparency-go/commits/ae40d07cce12f1227c6e658e61c9dddb7646f97b) Download [zip](https://api.github.com/repos/google/certificate-transparency-go/zipball/v1.0.5)
 
diff --git a/vendor/github.com/google/certificate-transparency-go/README.md b/vendor/github.com/google/certificate-transparency-go/README.md
index fc015ed702..a7b9ccea5c 100644
--- a/vendor/github.com/google/certificate-transparency-go/README.md
+++ b/vendor/github.com/google/certificate-transparency-go/README.md
@@ -6,7 +6,7 @@
 
 This repository holds Go code related to
 [Certificate Transparency](https://www.certificate-transparency.org/) (CT).  The
-repository requires Go version 1.19.
+repository requires Go version 1.20.
 
  - [Repository Structure](#repository-structure)
  - [Trillian CT Personality](#trillian-ct-personality)
@@ -81,7 +81,7 @@ pull requests for review.
 
 ```bash
 # Install golangci-lint
-go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.51.1
+go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.55.1
 
 # Run code generation, build, test and linters
 ./scripts/presubmit.sh
diff --git a/vendor/github.com/google/certificate-transparency-go/cloudbuild.yaml b/vendor/github.com/google/certificate-transparency-go/cloudbuild.yaml
index 93888a209e..1c3ee20bf2 100644
--- a/vendor/github.com/google/certificate-transparency-go/cloudbuild.yaml
+++ b/vendor/github.com/google/certificate-transparency-go/cloudbuild.yaml
@@ -14,7 +14,6 @@ options:
   - name: go-modules
     path: /go
   env:
-  - GO111MODULE=on
   - GOPROXY=https://proxy.golang.org
   - PROJECT_ROOT=github.com/google/certificate-transparency-go
   - GOPATH=/go
diff --git a/vendor/github.com/google/certificate-transparency-go/cloudbuild_master.yaml b/vendor/github.com/google/certificate-transparency-go/cloudbuild_master.yaml
index 238c8eda45..9cb105e576 100644
--- a/vendor/github.com/google/certificate-transparency-go/cloudbuild_master.yaml
+++ b/vendor/github.com/google/certificate-transparency-go/cloudbuild_master.yaml
@@ -14,7 +14,6 @@ options:
   - name: go-modules
     path: /go
   env:
-  - GO111MODULE=on
   - GOPROXY=https://proxy.golang.org
   - PROJECT_ROOT=github.com/google/certificate-transparency-go
   - GOPATH=/go
diff --git a/vendor/github.com/google/certificate-transparency-go/cloudbuild_tag.yaml b/vendor/github.com/google/certificate-transparency-go/cloudbuild_tag.yaml
index f1182ecd9b..2cd19f9107 100644
--- a/vendor/github.com/google/certificate-transparency-go/cloudbuild_tag.yaml
+++ b/vendor/github.com/google/certificate-transparency-go/cloudbuild_tag.yaml
@@ -14,7 +14,6 @@ options:
   - name: go-modules
     path: /go
   env:
-  - GO111MODULE=on
   - GOPROXY=https://proxy.golang.org
   - PROJECT_ROOT=github.com/google/certificate-transparency-go
   - GOPATH=/go
diff --git a/vendor/github.com/google/certificate-transparency-go/tls/tls.go b/vendor/github.com/google/certificate-transparency-go/tls/tls.go
index 030074c19a..a48c998f48 100644
--- a/vendor/github.com/google/certificate-transparency-go/tls/tls.go
+++ b/vendor/github.com/google/certificate-transparency-go/tls/tls.go
@@ -638,7 +638,7 @@ func marshalField(out *bytes.Buffer, v reflect.Value, info *fieldInfo) error {
 			}
 		}
 		// Now we have seen all fields in the structure, check that all select(Enum) {..} selector
-		// fields found a source field get get their data from.
+		// fields found a source field to get their data from.
 		for selector, seen := range selectorSeen {
 			if !seen {
 				return syntaxError{info.fieldName(), selector + ": unhandled value for selector"}
diff --git a/vendor/github.com/google/certificate-transparency-go/types.go b/vendor/github.com/google/certificate-transparency-go/types.go
index c797d9ceb6..b6af606bff 100644
--- a/vendor/github.com/google/certificate-transparency-go/types.go
+++ b/vendor/github.com/google/certificate-transparency-go/types.go
@@ -555,7 +555,7 @@ type LeafEntry struct {
 	ExtraData []byte `json:"extra_data"`
 }
 
-// GetEntriesResponse respresents the JSON response to the get-entries GET method
+// GetEntriesResponse represents the JSON response to the get-entries GET method
 // from section 4.6.
 type GetEntriesResponse struct {
 	Entries []LeafEntry `json:"entries"` // the list of returned entries
diff --git a/vendor/github.com/google/certificate-transparency-go/x509/root_unix.go b/vendor/github.com/google/certificate-transparency-go/x509/root_unix.go
index d00842a81d..8f2821b1d8 100644
--- a/vendor/github.com/google/certificate-transparency-go/x509/root_unix.go
+++ b/vendor/github.com/google/certificate-transparency-go/x509/root_unix.go
@@ -2,8 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-//go:build dragonfly || freebsd || linux || netbsd || openbsd || solaris
-// +build dragonfly freebsd linux netbsd openbsd solaris
+//go:build dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
+// +build dragonfly freebsd linux netbsd openbsd solaris zos
 
 package x509
 
diff --git a/vendor/github.com/google/certificate-transparency-go/x509/root_wasip1.go b/vendor/github.com/google/certificate-transparency-go/x509/root_wasip1.go
new file mode 100644
index 0000000000..e5cf98e0af
--- /dev/null
+++ b/vendor/github.com/google/certificate-transparency-go/x509/root_wasip1.go
@@ -0,0 +1,19 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build wasip1
+// +build wasip1
+
+package x509
+
+// Possible certificate files; stop after finding one.
+var certFiles = []string{}
+
+func loadSystemRoots() (*CertPool, error) {
+	return NewCertPool(), nil
+}
+
+func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate, err error) {
+	return nil, nil
+}
diff --git a/vendor/github.com/google/certificate-transparency-go/x509/root_zos.go b/vendor/github.com/google/certificate-transparency-go/x509/root_zos.go
new file mode 100644
index 0000000000..54f240af07
--- /dev/null
+++ b/vendor/github.com/google/certificate-transparency-go/x509/root_zos.go
@@ -0,0 +1,13 @@
+// Copyright 2015 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build zos
+// +build zos
+
+package x509
+
+// Possible certificate files; stop after finding one.
+var certFiles = []string{
+	"/etc/cacert.pem", // IBM zOS default
+}
diff --git a/vendor/github.com/google/gnostic/LICENSE b/vendor/github.com/google/gnostic-models/LICENSE
similarity index 100%
rename from vendor/github.com/google/gnostic/LICENSE
rename to vendor/github.com/google/gnostic-models/LICENSE
diff --git a/vendor/github.com/google/gnostic/compiler/README.md b/vendor/github.com/google/gnostic-models/compiler/README.md
similarity index 100%
rename from vendor/github.com/google/gnostic/compiler/README.md
rename to vendor/github.com/google/gnostic-models/compiler/README.md
diff --git a/vendor/github.com/google/gnostic/compiler/context.go b/vendor/github.com/google/gnostic-models/compiler/context.go
similarity index 100%
rename from vendor/github.com/google/gnostic/compiler/context.go
rename to vendor/github.com/google/gnostic-models/compiler/context.go
diff --git a/vendor/github.com/google/gnostic/compiler/error.go b/vendor/github.com/google/gnostic-models/compiler/error.go
similarity index 100%
rename from vendor/github.com/google/gnostic/compiler/error.go
rename to vendor/github.com/google/gnostic-models/compiler/error.go
diff --git a/vendor/github.com/google/gnostic/compiler/extensions.go b/vendor/github.com/google/gnostic-models/compiler/extensions.go
similarity index 90%
rename from vendor/github.com/google/gnostic/compiler/extensions.go
rename to vendor/github.com/google/gnostic-models/compiler/extensions.go
index 5b5a916d2e..16ae66faa3 100644
--- a/vendor/github.com/google/gnostic/compiler/extensions.go
+++ b/vendor/github.com/google/gnostic-models/compiler/extensions.go
@@ -20,11 +20,11 @@ import (
 	"os/exec"
 	"strings"
 
-	"github.com/golang/protobuf/proto"
-	"github.com/golang/protobuf/ptypes/any"
+	"google.golang.org/protobuf/proto"
+	"google.golang.org/protobuf/types/known/anypb"
 	yaml "gopkg.in/yaml.v3"
 
-	extensions "github.com/google/gnostic/extensions"
+	extensions "github.com/google/gnostic-models/extensions"
 )
 
 // ExtensionHandler describes a binary that is called by the compiler to handle specification extensions.
@@ -33,7 +33,7 @@ type ExtensionHandler struct {
 }
 
 // CallExtension calls a binary extension handler.
-func CallExtension(context *Context, in *yaml.Node, extensionName string) (handled bool, response *any.Any, err error) {
+func CallExtension(context *Context, in *yaml.Node, extensionName string) (handled bool, response *anypb.Any, err error) {
 	if context == nil || context.ExtensionHandlers == nil {
 		return false, nil, nil
 	}
@@ -50,7 +50,7 @@ func CallExtension(context *Context, in *yaml.Node, extensionName string) (handl
 	return handled, response, err
 }
 
-func (extensionHandlers *ExtensionHandler) handle(in *yaml.Node, extensionName string) (*any.Any, error) {
+func (extensionHandlers *ExtensionHandler) handle(in *yaml.Node, extensionName string) (*anypb.Any, error) {
 	if extensionHandlers.Name != "" {
 		yamlData, _ := yaml.Marshal(in)
 		request := &extensions.ExtensionHandlerRequest{
diff --git a/vendor/github.com/google/gnostic/compiler/helpers.go b/vendor/github.com/google/gnostic-models/compiler/helpers.go
similarity index 99%
rename from vendor/github.com/google/gnostic/compiler/helpers.go
rename to vendor/github.com/google/gnostic-models/compiler/helpers.go
index 97ffaa5131..975d65e8f8 100644
--- a/vendor/github.com/google/gnostic/compiler/helpers.go
+++ b/vendor/github.com/google/gnostic-models/compiler/helpers.go
@@ -22,7 +22,7 @@ import (
 
 	"gopkg.in/yaml.v3"
 
-	"github.com/google/gnostic/jsonschema"
+	"github.com/google/gnostic-models/jsonschema"
 )
 
 // compiler helper functions, usually called from generated code
diff --git a/vendor/github.com/google/gnostic/compiler/main.go b/vendor/github.com/google/gnostic-models/compiler/main.go
similarity index 100%
rename from vendor/github.com/google/gnostic/compiler/main.go
rename to vendor/github.com/google/gnostic-models/compiler/main.go
diff --git a/vendor/github.com/google/gnostic/compiler/reader.go b/vendor/github.com/google/gnostic-models/compiler/reader.go
similarity index 100%
rename from vendor/github.com/google/gnostic/compiler/reader.go
rename to vendor/github.com/google/gnostic-models/compiler/reader.go
diff --git a/vendor/github.com/google/gnostic/extensions/README.md b/vendor/github.com/google/gnostic-models/extensions/README.md
similarity index 100%
rename from vendor/github.com/google/gnostic/extensions/README.md
rename to vendor/github.com/google/gnostic-models/extensions/README.md
diff --git a/vendor/github.com/google/gnostic/extensions/extension.pb.go b/vendor/github.com/google/gnostic-models/extensions/extension.pb.go
similarity index 99%
rename from vendor/github.com/google/gnostic/extensions/extension.pb.go
rename to vendor/github.com/google/gnostic-models/extensions/extension.pb.go
index a6a4ccca6c..a71df8abec 100644
--- a/vendor/github.com/google/gnostic/extensions/extension.pb.go
+++ b/vendor/github.com/google/gnostic-models/extensions/extension.pb.go
@@ -14,8 +14,8 @@
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.26.0
-// 	protoc        v3.18.1
+// 	protoc-gen-go v1.27.1
+// 	protoc        v3.19.3
 // source: extensions/extension.proto
 
 package gnostic_extension_v1
diff --git a/vendor/github.com/google/gnostic/extensions/extension.proto b/vendor/github.com/google/gnostic-models/extensions/extension.proto
similarity index 100%
rename from vendor/github.com/google/gnostic/extensions/extension.proto
rename to vendor/github.com/google/gnostic-models/extensions/extension.proto
diff --git a/vendor/github.com/google/gnostic/extensions/extensions.go b/vendor/github.com/google/gnostic-models/extensions/extensions.go
similarity index 93%
rename from vendor/github.com/google/gnostic/extensions/extensions.go
rename to vendor/github.com/google/gnostic-models/extensions/extensions.go
index ec8afd0092..0768163e5a 100644
--- a/vendor/github.com/google/gnostic/extensions/extensions.go
+++ b/vendor/github.com/google/gnostic-models/extensions/extensions.go
@@ -19,8 +19,8 @@ import (
 	"log"
 	"os"
 
-	"github.com/golang/protobuf/proto"
-	"github.com/golang/protobuf/ptypes"
+	"google.golang.org/protobuf/proto"
+	"google.golang.org/protobuf/types/known/anypb"
 )
 
 type extensionHandler func(name string, yamlInput string) (bool, proto.Message, error)
@@ -54,7 +54,7 @@ func Main(handler extensionHandler) {
 		response.Errors = append(response.Errors, err.Error())
 	} else if handled {
 		response.Handled = true
-		response.Value, err = ptypes.MarshalAny(output)
+		response.Value, err = anypb.New(output)
 		if err != nil {
 			response.Errors = append(response.Errors, err.Error())
 		}
diff --git a/vendor/github.com/google/gnostic/jsonschema/README.md b/vendor/github.com/google/gnostic-models/jsonschema/README.md
similarity index 100%
rename from vendor/github.com/google/gnostic/jsonschema/README.md
rename to vendor/github.com/google/gnostic-models/jsonschema/README.md
diff --git a/vendor/github.com/google/gnostic/jsonschema/base.go b/vendor/github.com/google/gnostic-models/jsonschema/base.go
similarity index 90%
rename from vendor/github.com/google/gnostic/jsonschema/base.go
rename to vendor/github.com/google/gnostic-models/jsonschema/base.go
index 0af8b148b9..5fcc4885a0 100644
--- a/vendor/github.com/google/gnostic/jsonschema/base.go
+++ b/vendor/github.com/google/gnostic-models/jsonschema/base.go
@@ -1,3 +1,16 @@
+// Copyright 2017 Google LLC. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
 
 // THIS FILE IS AUTOMATICALLY GENERATED.
 
@@ -81,4 +94,4 @@ YXkiIH0sCiAgICAgICAgImFueU9mIjogeyAiJHJlZiI6ICIjL2RlZmluaXRpb25zL3NjaGVtYUFycmF5
 IiB9LAogICAgICAgICJvbmVPZiI6IHsgIiRyZWYiOiAiIy9kZWZpbml0aW9ucy9zY2hlbWFBcnJheSIg
 fSwKICAgICAgICAibm90IjogeyAiJHJlZiI6ICIjIiB9CiAgICB9LAogICAgImRlcGVuZGVuY2llcyI6
 IHsKICAgICAgICAiZXhjbHVzaXZlTWF4aW11bSI6IFsgIm1heGltdW0iIF0sCiAgICAgICAgImV4Y2x1
-c2l2ZU1pbmltdW0iOiBbICJtaW5pbXVtIiBdCiAgICB9LAogICAgImRlZmF1bHQiOiB7fQp9Cg==`)}
\ No newline at end of file
+c2l2ZU1pbmltdW0iOiBbICJtaW5pbXVtIiBdCiAgICB9LAogICAgImRlZmF1bHQiOiB7fQp9Cg==`)}
diff --git a/vendor/github.com/google/gnostic/jsonschema/display.go b/vendor/github.com/google/gnostic-models/jsonschema/display.go
similarity index 92%
rename from vendor/github.com/google/gnostic/jsonschema/display.go
rename to vendor/github.com/google/gnostic-models/jsonschema/display.go
index 8677ed49a0..028a760a91 100644
--- a/vendor/github.com/google/gnostic/jsonschema/display.go
+++ b/vendor/github.com/google/gnostic-models/jsonschema/display.go
@@ -46,23 +46,8 @@ func (schema *Schema) describeSchema(indent string) string {
 	if schema.Schema != nil {
 		result += indent + "$schema: " + *(schema.Schema) + "\n"
 	}
-	if schema.ReadOnly != nil && *schema.ReadOnly {
-		result += indent + fmt.Sprintf("readOnly: %+v\n", *(schema.ReadOnly))
-	}
-	if schema.WriteOnly != nil && *schema.WriteOnly {
-		result += indent + fmt.Sprintf("writeOnly: %+v\n", *(schema.WriteOnly))
-	}
 	if schema.ID != nil {
-		switch strings.TrimSuffix(*schema.Schema, "#") {
-		case "http://json-schema.org/draft-04/schema#":
-			fallthrough
-		case "#":
-			fallthrough
-		case "":
-			result += indent + "id: " + *(schema.ID) + "\n"
-		default:
-			result += indent + "$id: " + *(schema.ID) + "\n"
-		}
+		result += indent + "id: " + *(schema.ID) + "\n"
 	}
 	if schema.MultipleOf != nil {
 		result += indent + fmt.Sprintf("multipleOf: %+v\n", *(schema.MultipleOf))
diff --git a/vendor/github.com/google/gnostic/jsonschema/models.go b/vendor/github.com/google/gnostic-models/jsonschema/models.go
similarity index 97%
rename from vendor/github.com/google/gnostic/jsonschema/models.go
rename to vendor/github.com/google/gnostic-models/jsonschema/models.go
index 0d877249ab..4781bdc5f5 100644
--- a/vendor/github.com/google/gnostic/jsonschema/models.go
+++ b/vendor/github.com/google/gnostic-models/jsonschema/models.go
@@ -23,11 +23,9 @@ import "gopkg.in/yaml.v3"
 // All fields are pointers and are nil if the associated values
 // are not specified.
 type Schema struct {
-	Schema    *string // $schema
-	ID        *string // id keyword used for $ref resolution scope
-	Ref       *string // $ref, i.e. JSON Pointers
-	ReadOnly  *bool
-	WriteOnly *bool
+	Schema *string // $schema
+	ID     *string // id keyword used for $ref resolution scope
+	Ref    *string // $ref, i.e. JSON Pointers
 
 	// http://json-schema.org/latest/json-schema-validation.html
 	// 5.1.  Validation keywords for numeric instances (number and integer)
diff --git a/vendor/github.com/google/gnostic/jsonschema/operations.go b/vendor/github.com/google/gnostic-models/jsonschema/operations.go
similarity index 100%
rename from vendor/github.com/google/gnostic/jsonschema/operations.go
rename to vendor/github.com/google/gnostic-models/jsonschema/operations.go
diff --git a/vendor/github.com/google/gnostic/jsonschema/reader.go b/vendor/github.com/google/gnostic-models/jsonschema/reader.go
similarity index 99%
rename from vendor/github.com/google/gnostic/jsonschema/reader.go
rename to vendor/github.com/google/gnostic-models/jsonschema/reader.go
index a909a34128..b8583d4660 100644
--- a/vendor/github.com/google/gnostic/jsonschema/reader.go
+++ b/vendor/github.com/google/gnostic-models/jsonschema/reader.go
@@ -165,6 +165,7 @@ func NewSchemaFromObject(jsonData *yaml.Node) *Schema {
 
 	default:
 		fmt.Printf("schemaValue: unexpected node %+v\n", jsonData)
+		return nil
 	}
 
 	return nil
diff --git a/vendor/github.com/google/gnostic/jsonschema/schema.json b/vendor/github.com/google/gnostic-models/jsonschema/schema.json
similarity index 100%
rename from vendor/github.com/google/gnostic/jsonschema/schema.json
rename to vendor/github.com/google/gnostic-models/jsonschema/schema.json
diff --git a/vendor/github.com/google/gnostic/jsonschema/writer.go b/vendor/github.com/google/gnostic-models/jsonschema/writer.go
similarity index 92%
rename from vendor/github.com/google/gnostic/jsonschema/writer.go
rename to vendor/github.com/google/gnostic-models/jsonschema/writer.go
index 15b1f90506..340dc5f933 100644
--- a/vendor/github.com/google/gnostic/jsonschema/writer.go
+++ b/vendor/github.com/google/gnostic-models/jsonschema/writer.go
@@ -16,7 +16,6 @@ package jsonschema
 
 import (
 	"fmt"
-	"strings"
 
 	"gopkg.in/yaml.v3"
 )
@@ -34,11 +33,7 @@ func renderMappingNode(node *yaml.Node, indent string) (result string) {
 		value := node.Content[i+1]
 		switch value.Kind {
 		case yaml.ScalarNode:
-			if value.Tag == "!!bool" {
-				result += value.Value
-			} else {
-				result += "\"" + value.Value + "\""
-			}
+			result += "\"" + value.Value + "\""
 		case yaml.MappingNode:
 			result += renderMappingNode(value, innerIndent)
 		case yaml.SequenceNode:
@@ -63,11 +58,7 @@ func renderSequenceNode(node *yaml.Node, indent string) (result string) {
 		item := node.Content[i]
 		switch item.Kind {
 		case yaml.ScalarNode:
-			if item.Tag == "!!bool" {
-				result += innerIndent + item.Value
-			} else {
-				result += innerIndent + "\"" + item.Value + "\""
-			}
+			result += innerIndent + "\"" + item.Value + "\""
 		case yaml.MappingNode:
 			result += innerIndent + renderMappingNode(item, innerIndent) + ""
 		default:
@@ -269,26 +260,11 @@ func (schema *Schema) nodeValue() *yaml.Node {
 		content = appendPair(content, "title", nodeForString(*schema.Title))
 	}
 	if schema.ID != nil {
-		switch strings.TrimSuffix(*schema.Schema, "#") {
-		case "http://json-schema.org/draft-04/schema":
-			fallthrough
-		case "#":
-			fallthrough
-		case "":
-			content = appendPair(content, "id", nodeForString(*schema.ID))
-		default:
-			content = appendPair(content, "$id", nodeForString(*schema.ID))
-		}
+		content = appendPair(content, "id", nodeForString(*schema.ID))
 	}
 	if schema.Schema != nil {
 		content = appendPair(content, "$schema", nodeForString(*schema.Schema))
 	}
-	if schema.ReadOnly != nil && *schema.ReadOnly {
-		content = appendPair(content, "readOnly", nodeForBoolean(*schema.ReadOnly))
-	}
-	if schema.WriteOnly != nil && *schema.WriteOnly {
-		content = appendPair(content, "writeOnly", nodeForBoolean(*schema.WriteOnly))
-	}
 	if schema.Type != nil {
 		content = appendPair(content, "type", schema.Type.nodeValue())
 	}
diff --git a/vendor/github.com/google/gnostic/openapiv2/OpenAPIv2.go b/vendor/github.com/google/gnostic-models/openapiv2/OpenAPIv2.go
similarity index 99%
rename from vendor/github.com/google/gnostic/openapiv2/OpenAPIv2.go
rename to vendor/github.com/google/gnostic-models/openapiv2/OpenAPIv2.go
index 28c2777d51..d71fe6d545 100644
--- a/vendor/github.com/google/gnostic/openapiv2/OpenAPIv2.go
+++ b/vendor/github.com/google/gnostic-models/openapiv2/OpenAPIv2.go
@@ -23,7 +23,7 @@ import (
 
 	"gopkg.in/yaml.v3"
 
-	"github.com/google/gnostic/compiler"
+	"github.com/google/gnostic-models/compiler"
 )
 
 // Version returns the package name (and OpenAPI version).
@@ -7887,12 +7887,7 @@ func (m *Oauth2Scopes) ToRawInfo() *yaml.Node {
 	if m == nil {
 		return info
 	}
-	if m.AdditionalProperties != nil {
-		for _, item := range m.AdditionalProperties {
-			info.Content = append(info.Content, compiler.NewScalarNodeForString(item.Name))
-			info.Content = append(info.Content, compiler.NewScalarNodeForString(item.Value))
-		}
-	}
+	// &{Name:additionalProperties Type:NamedString StringEnumValues:[] MapType:string Repeated:true Pattern: Implicit:true Description:}
 	return info
 }
 
diff --git a/vendor/github.com/google/gnostic/openapiv2/OpenAPIv2.pb.go b/vendor/github.com/google/gnostic-models/openapiv2/OpenAPIv2.pb.go
similarity index 99%
rename from vendor/github.com/google/gnostic/openapiv2/OpenAPIv2.pb.go
rename to vendor/github.com/google/gnostic-models/openapiv2/OpenAPIv2.pb.go
index 06b60157c1..65c4c913ce 100644
--- a/vendor/github.com/google/gnostic/openapiv2/OpenAPIv2.pb.go
+++ b/vendor/github.com/google/gnostic-models/openapiv2/OpenAPIv2.pb.go
@@ -16,8 +16,8 @@
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.26.0
-// 	protoc        v3.18.1
+// 	protoc-gen-go v1.27.1
+// 	protoc        v3.19.3
 // source: openapiv2/OpenAPIv2.proto
 
 package openapi_v2
diff --git a/vendor/github.com/google/gnostic/openapiv2/OpenAPIv2.proto b/vendor/github.com/google/gnostic-models/openapiv2/OpenAPIv2.proto
similarity index 100%
rename from vendor/github.com/google/gnostic/openapiv2/OpenAPIv2.proto
rename to vendor/github.com/google/gnostic-models/openapiv2/OpenAPIv2.proto
diff --git a/vendor/github.com/google/gnostic/openapiv2/README.md b/vendor/github.com/google/gnostic-models/openapiv2/README.md
similarity index 100%
rename from vendor/github.com/google/gnostic/openapiv2/README.md
rename to vendor/github.com/google/gnostic-models/openapiv2/README.md
diff --git a/vendor/github.com/google/gnostic/openapiv2/document.go b/vendor/github.com/google/gnostic-models/openapiv2/document.go
similarity index 96%
rename from vendor/github.com/google/gnostic/openapiv2/document.go
rename to vendor/github.com/google/gnostic-models/openapiv2/document.go
index 0021ae871a..e96ac0d6da 100644
--- a/vendor/github.com/google/gnostic/openapiv2/document.go
+++ b/vendor/github.com/google/gnostic-models/openapiv2/document.go
@@ -17,7 +17,7 @@ package openapi_v2
 import (
 	"gopkg.in/yaml.v3"
 
-	"github.com/google/gnostic/compiler"
+	"github.com/google/gnostic-models/compiler"
 )
 
 // ParseDocument reads an OpenAPI v2 description from a YAML/JSON representation.
diff --git a/vendor/github.com/google/gnostic/openapiv2/openapi-2.0.json b/vendor/github.com/google/gnostic-models/openapiv2/openapi-2.0.json
similarity index 100%
rename from vendor/github.com/google/gnostic/openapiv2/openapi-2.0.json
rename to vendor/github.com/google/gnostic-models/openapiv2/openapi-2.0.json
diff --git a/vendor/github.com/google/gnostic/openapiv3/OpenAPIv3.go b/vendor/github.com/google/gnostic-models/openapiv3/OpenAPIv3.go
similarity index 99%
rename from vendor/github.com/google/gnostic/openapiv3/OpenAPIv3.go
rename to vendor/github.com/google/gnostic-models/openapiv3/OpenAPIv3.go
index d54a84db7c..4b1131ce1c 100644
--- a/vendor/github.com/google/gnostic/openapiv3/OpenAPIv3.go
+++ b/vendor/github.com/google/gnostic-models/openapiv3/OpenAPIv3.go
@@ -23,7 +23,7 @@ import (
 
 	"gopkg.in/yaml.v3"
 
-	"github.com/google/gnostic/compiler"
+	"github.com/google/gnostic-models/compiler"
 )
 
 // Version returns the package name (and OpenAPI version).
@@ -8560,12 +8560,7 @@ func (m *Strings) ToRawInfo() *yaml.Node {
 	if m == nil {
 		return info
 	}
-	if m.AdditionalProperties != nil {
-		for _, item := range m.AdditionalProperties {
-			info.Content = append(info.Content, compiler.NewScalarNodeForString(item.Name))
-			info.Content = append(info.Content, compiler.NewScalarNodeForString(item.Value))
-		}
-	}
+	// &{Name:additionalProperties Type:NamedString StringEnumValues:[] MapType:string Repeated:true Pattern: Implicit:true Description:}
 	return info
 }
 
diff --git a/vendor/github.com/google/gnostic/openapiv3/OpenAPIv3.pb.go b/vendor/github.com/google/gnostic-models/openapiv3/OpenAPIv3.pb.go
similarity index 99%
rename from vendor/github.com/google/gnostic/openapiv3/OpenAPIv3.pb.go
rename to vendor/github.com/google/gnostic-models/openapiv3/OpenAPIv3.pb.go
index 90a56f5526..945b8d11ff 100644
--- a/vendor/github.com/google/gnostic/openapiv3/OpenAPIv3.pb.go
+++ b/vendor/github.com/google/gnostic-models/openapiv3/OpenAPIv3.pb.go
@@ -16,8 +16,8 @@
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.28.0
-// 	protoc        v3.19.4
+// 	protoc-gen-go v1.27.1
+// 	protoc        v3.19.3
 // source: openapiv3/OpenAPIv3.proto
 
 package openapi_v3
@@ -6760,13 +6760,12 @@ var file_openapiv3_OpenAPIv3_proto_rawDesc = []byte{
 	0x5f, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b,
 	0x32, 0x14, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x33, 0x2e, 0x4e, 0x61,
 	0x6d, 0x65, 0x64, 0x41, 0x6e, 0x79, 0x52, 0x16, 0x73, 0x70, 0x65, 0x63, 0x69, 0x66, 0x69, 0x63,
-	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x42, 0x56,
+	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x42, 0x3e,
 	0x0a, 0x0e, 0x6f, 0x72, 0x67, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x5f, 0x76, 0x33,
 	0x42, 0x0c, 0x4f, 0x70, 0x65, 0x6e, 0x41, 0x50, 0x49, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01,
-	0x5a, 0x2e, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x6f, 0x6f,
-	0x67, 0x6c, 0x65, 0x2f, 0x67, 0x6e, 0x6f, 0x73, 0x74, 0x69, 0x63, 0x2f, 0x6f, 0x70, 0x65, 0x6e,
-	0x61, 0x70, 0x69, 0x76, 0x33, 0x3b, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x5f, 0x76, 0x33,
-	0xa2, 0x02, 0x03, 0x4f, 0x41, 0x53, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x5a, 0x16, 0x2e, 0x2f, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x76, 0x33, 0x3b, 0x6f, 0x70,
+	0x65, 0x6e, 0x61, 0x70, 0x69, 0x5f, 0x76, 0x33, 0xa2, 0x02, 0x03, 0x4f, 0x41, 0x53, 0x62, 0x06,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (
diff --git a/vendor/github.com/google/gnostic/openapiv3/OpenAPIv3.proto b/vendor/github.com/google/gnostic-models/openapiv3/OpenAPIv3.proto
similarity index 99%
rename from vendor/github.com/google/gnostic/openapiv3/OpenAPIv3.proto
rename to vendor/github.com/google/gnostic-models/openapiv3/OpenAPIv3.proto
index 7aede5ed90..1be335b89b 100644
--- a/vendor/github.com/google/gnostic/openapiv3/OpenAPIv3.proto
+++ b/vendor/github.com/google/gnostic-models/openapiv3/OpenAPIv3.proto
@@ -42,7 +42,7 @@ option java_package = "org.openapi_v3";
 option objc_class_prefix = "OAS";
 
 // The Go package name.
-option go_package = "github.com/google/gnostic/openapiv3;openapi_v3";
+option go_package = "./openapiv3;openapi_v3";
 
 message AdditionalPropertiesItem {
   oneof oneof {
diff --git a/vendor/github.com/google/gnostic/openapiv3/README.md b/vendor/github.com/google/gnostic-models/openapiv3/README.md
similarity index 89%
rename from vendor/github.com/google/gnostic/openapiv3/README.md
rename to vendor/github.com/google/gnostic-models/openapiv3/README.md
index 83603b82aa..5ee12d92e2 100644
--- a/vendor/github.com/google/gnostic/openapiv3/README.md
+++ b/vendor/github.com/google/gnostic-models/openapiv3/README.md
@@ -19,7 +19,3 @@ for OpenAPI.
 
 The schema-generator directory contains support code which generates
 openapi-3.1.json from the OpenAPI 3.1 specification document (Markdown).
-
-### How to rebuild
-
-`protoc -I=. -I=third_party --go_out=. --go_opt=paths=source_relative openapiv3/*.proto`
\ No newline at end of file
diff --git a/vendor/github.com/google/gnostic/openapiv3/annotations.pb.go b/vendor/github.com/google/gnostic-models/openapiv3/annotations.pb.go
similarity index 90%
rename from vendor/github.com/google/gnostic/openapiv3/annotations.pb.go
rename to vendor/github.com/google/gnostic-models/openapiv3/annotations.pb.go
index ae242f3043..5c2b63e262 100644
--- a/vendor/github.com/google/gnostic/openapiv3/annotations.pb.go
+++ b/vendor/github.com/google/gnostic-models/openapiv3/annotations.pb.go
@@ -14,8 +14,8 @@
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.28.0
-// 	protoc        v3.19.4
+// 	protoc-gen-go v1.27.1
+// 	protoc        v3.19.3
 // source: openapiv3/annotations.proto
 
 package openapi_v3
@@ -98,10 +98,10 @@ var File_openapiv3_annotations_proto protoreflect.FileDescriptor
 var file_openapiv3_annotations_proto_rawDesc = []byte{
 	0x0a, 0x1b, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x76, 0x33, 0x2f, 0x61, 0x6e, 0x6e, 0x6f,
 	0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0a, 0x6f,
-	0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x33, 0x1a, 0x19, 0x6f, 0x70, 0x65, 0x6e, 0x61,
-	0x70, 0x69, 0x76, 0x33, 0x2f, 0x4f, 0x70, 0x65, 0x6e, 0x41, 0x50, 0x49, 0x76, 0x33, 0x2e, 0x70,
-	0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x20, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72,
+	0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x33, 0x1a, 0x20, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x65, 0x73, 0x63, 0x72,
+	0x69, 0x70, 0x74, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x19, 0x6f, 0x70, 0x65,
+	0x6e, 0x61, 0x70, 0x69, 0x76, 0x33, 0x2f, 0x4f, 0x70, 0x65, 0x6e, 0x41, 0x50, 0x49, 0x76, 0x33,
 	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x3a, 0x4f, 0x0a, 0x08, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65,
 	0x6e, 0x74, 0x12, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
 	0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x6c, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73,
@@ -122,13 +122,12 @@ var file_openapiv3_annotations_proto_rawDesc = []byte{
 	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4f,
 	0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0xf7, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x12, 0x2e,
 	0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x33, 0x2e, 0x53, 0x63, 0x68, 0x65, 0x6d,
-	0x61, 0x52, 0x08, 0x70, 0x72, 0x6f, 0x70, 0x65, 0x72, 0x74, 0x79, 0x42, 0x5a, 0x0a, 0x0e, 0x6f,
+	0x61, 0x52, 0x08, 0x70, 0x72, 0x6f, 0x70, 0x65, 0x72, 0x74, 0x79, 0x42, 0x42, 0x0a, 0x0e, 0x6f,
 	0x72, 0x67, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x5f, 0x76, 0x33, 0x42, 0x10, 0x41,
 	0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50,
-	0x01, 0x5a, 0x2e, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x6f,
-	0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x67, 0x6e, 0x6f, 0x73, 0x74, 0x69, 0x63, 0x2f, 0x6f, 0x70, 0x65,
-	0x6e, 0x61, 0x70, 0x69, 0x76, 0x33, 0x3b, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x5f, 0x76,
-	0x33, 0xa2, 0x02, 0x03, 0x4f, 0x41, 0x53, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x01, 0x5a, 0x16, 0x2e, 0x2f, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x76, 0x33, 0x3b, 0x6f,
+	0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x5f, 0x76, 0x33, 0xa2, 0x02, 0x03, 0x4f, 0x41, 0x53, 0x62,
+	0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 
 var file_openapiv3_annotations_proto_goTypes = []interface{}{
diff --git a/vendor/github.com/google/gnostic/openapiv3/annotations.proto b/vendor/github.com/google/gnostic-models/openapiv3/annotations.proto
similarity index 96%
rename from vendor/github.com/google/gnostic/openapiv3/annotations.proto
rename to vendor/github.com/google/gnostic-models/openapiv3/annotations.proto
index 0bd87810db..09ee0aac51 100644
--- a/vendor/github.com/google/gnostic/openapiv3/annotations.proto
+++ b/vendor/github.com/google/gnostic-models/openapiv3/annotations.proto
@@ -16,23 +16,22 @@ syntax = "proto3";
 
 package openapi.v3;
 
-import "openapiv3/OpenAPIv3.proto";
 import "google/protobuf/descriptor.proto";
+import "openapiv3/OpenAPIv3.proto";
 
+// The Go package name.
+option go_package = "./openapiv3;openapi_v3";
 // This option lets the proto compiler generate Java code inside the package
 // name (see below) instead of inside an outer class. It creates a simpler
 // developer experience by reducing one-level of name nesting and be
 // consistent with most programming languages that don't support outer classes.
 option java_multiple_files = true;
-
 // The Java outer classname should be the filename in UpperCamelCase. This
 // class is only used to hold proto descriptor, so developers don't need to
 // work with it directly.
 option java_outer_classname = "AnnotationsProto";
-
 // The Java package name must be proto package name with proper prefix.
 option java_package = "org.openapi_v3";
-
 // A reasonable prefix for the Objective-C symbols generated from the package.
 // It should at a minimum be 3 characters long, all uppercase, and convention
 // is to use an abbreviation of the package name. Something short, but
@@ -40,9 +39,6 @@ option java_package = "org.openapi_v3";
 // the future. 'GPB' is reserved for the protocol buffer implementation itself.
 option objc_class_prefix = "OAS";
 
-// The Go package name.
-option go_package = "github.com/google/gnostic/openapiv3;openapi_v3";
-
 extend google.protobuf.FileOptions {
   Document document = 1143;
 }
@@ -57,4 +53,4 @@ extend google.protobuf.MessageOptions {
 
 extend google.protobuf.FieldOptions {
   Schema property = 1143;
-}
\ No newline at end of file
+}
diff --git a/vendor/github.com/google/gnostic/openapiv3/document.go b/vendor/github.com/google/gnostic-models/openapiv3/document.go
similarity index 96%
rename from vendor/github.com/google/gnostic/openapiv3/document.go
rename to vendor/github.com/google/gnostic-models/openapiv3/document.go
index ef10d1d909..1cee467735 100644
--- a/vendor/github.com/google/gnostic/openapiv3/document.go
+++ b/vendor/github.com/google/gnostic-models/openapiv3/document.go
@@ -17,7 +17,7 @@ package openapi_v3
 import (
 	"gopkg.in/yaml.v3"
 
-	"github.com/google/gnostic/compiler"
+	"github.com/google/gnostic-models/compiler"
 )
 
 // ParseDocument reads an OpenAPI v3 description from a YAML/JSON representation.
diff --git a/vendor/github.com/google/gnostic/openapiv3/openapi-3.0.json b/vendor/github.com/google/gnostic/openapiv3/openapi-3.0.json
deleted file mode 100644
index d5caed162d..0000000000
--- a/vendor/github.com/google/gnostic/openapiv3/openapi-3.0.json
+++ /dev/null
@@ -1,1251 +0,0 @@
-{
-  "title": "A JSON Schema for OpenAPI 3.0.",
-  "id": "http://openapis.org/v3/schema.json#",
-  "$schema": "http://json-schema.org/draft-04/schema#",
-  "type": "object",
-  "description": "This is the root document object of the OpenAPI document.",
-  "required": [
-    "openapi",
-    "info",
-    "paths"
-  ],
-  "additionalProperties": false,
-  "patternProperties": {
-    "^x-": {
-      "$ref": "#/definitions/specificationExtension"
-    }
-  },
-  "properties": {
-    "openapi": {
-      "type": "string"
-    },
-    "info": {
-      "$ref": "#/definitions/info"
-    },
-    "servers": {
-      "type": "array",
-      "items": {
-        "$ref": "#/definitions/server"
-      },
-      "uniqueItems": true
-    },
-    "paths": {
-      "$ref": "#/definitions/paths"
-    },
-    "components": {
-      "$ref": "#/definitions/components"
-    },
-    "security": {
-      "type": "array",
-      "items": {
-        "$ref": "#/definitions/securityRequirement"
-      },
-      "uniqueItems": true
-    },
-    "tags": {
-      "type": "array",
-      "items": {
-        "$ref": "#/definitions/tag"
-      },
-      "uniqueItems": true
-    },
-    "externalDocs": {
-      "$ref": "#/definitions/externalDocs"
-    }
-  },
-  "definitions": {
-    "info": {
-      "type": "object",
-      "description": "The object provides metadata about the API. The metadata MAY be used by the clients if needed, and MAY be presented in editing or documentation generation tools for convenience.",
-      "required": [
-        "title",
-        "version"
-      ],
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "title": {
-          "type": "string"
-        },
-        "description": {
-          "type": "string"
-        },
-        "termsOfService": {
-          "type": "string"
-        },
-        "contact": {
-          "$ref": "#/definitions/contact"
-        },
-        "license": {
-          "$ref": "#/definitions/license"
-        },
-        "version": {
-          "type": "string"
-        }
-      }
-    },
-    "contact": {
-      "type": "object",
-      "description": "Contact information for the exposed API.",
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "name": {
-          "type": "string"
-        },
-        "url": {
-          "type": "string",
-          "format": "uri"
-        },
-        "email": {
-          "type": "string",
-          "format": "email"
-        }
-      }
-    },
-    "license": {
-      "type": "object",
-      "description": "License information for the exposed API.",
-      "required": [
-        "name"
-      ],
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "name": {
-          "type": "string"
-        },
-        "url": {
-          "type": "string"
-        }
-      }
-    },
-    "server": {
-      "type": "object",
-      "description": "An object representing a Server.",
-      "required": [
-        "url"
-      ],
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "url": {
-          "type": "string"
-        },
-        "description": {
-          "type": "string"
-        },
-        "variables": {
-          "$ref": "#/definitions/serverVariables"
-        }
-      }
-    },
-    "serverVariable": {
-      "type": "object",
-      "description": "An object representing a Server Variable for server URL template substitution.",
-      "required": [
-        "default"
-      ],
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "enum": {
-          "type": "array",
-          "items": {
-            "type": "string"
-          },
-          "uniqueItems": true
-        },
-        "default": {
-          "type": "string"
-        },
-        "description": {
-          "type": "string"
-        }
-      }
-    },
-    "components": {
-      "type": "object",
-      "description": "Holds a set of reusable objects for different aspects of the OAS. All objects defined within the components object will have no effect on the API unless they are explicitly referenced from properties outside the components object.",
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "schemas": {
-          "$ref": "#/definitions/schemasOrReferences"
-        },
-        "responses": {
-          "$ref": "#/definitions/responsesOrReferences"
-        },
-        "parameters": {
-          "$ref": "#/definitions/parametersOrReferences"
-        },
-        "examples": {
-          "$ref": "#/definitions/examplesOrReferences"
-        },
-        "requestBodies": {
-          "$ref": "#/definitions/requestBodiesOrReferences"
-        },
-        "headers": {
-          "$ref": "#/definitions/headersOrReferences"
-        },
-        "securitySchemes": {
-          "$ref": "#/definitions/securitySchemesOrReferences"
-        },
-        "links": {
-          "$ref": "#/definitions/linksOrReferences"
-        },
-        "callbacks": {
-          "$ref": "#/definitions/callbacksOrReferences"
-        }
-      }
-    },
-    "paths": {
-      "type": "object",
-      "description": "Holds the relative paths to the individual endpoints and their operations. The path is appended to the URL from the `Server Object` in order to construct the full URL.  The Paths MAY be empty, due to ACL constraints.",
-      "additionalProperties": false,
-      "patternProperties": {
-        "^/": {
-          "$ref": "#/definitions/pathItem"
-        },
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      }
-    },
-    "pathItem": {
-      "type": "object",
-      "description": "Describes the operations available on a single path. A Path Item MAY be empty, due to ACL constraints. The path itself is still exposed to the documentation viewer but they will not know which operations and parameters are available.",
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "$ref": {
-          "type": "string"
-        },
-        "summary": {
-          "type": "string"
-        },
-        "description": {
-          "type": "string"
-        },
-        "get": {
-          "$ref": "#/definitions/operation"
-        },
-        "put": {
-          "$ref": "#/definitions/operation"
-        },
-        "post": {
-          "$ref": "#/definitions/operation"
-        },
-        "delete": {
-          "$ref": "#/definitions/operation"
-        },
-        "options": {
-          "$ref": "#/definitions/operation"
-        },
-        "head": {
-          "$ref": "#/definitions/operation"
-        },
-        "patch": {
-          "$ref": "#/definitions/operation"
-        },
-        "trace": {
-          "$ref": "#/definitions/operation"
-        },
-        "servers": {
-          "type": "array",
-          "items": {
-            "$ref": "#/definitions/server"
-          },
-          "uniqueItems": true
-        },
-        "parameters": {
-          "type": "array",
-          "items": {
-            "$ref": "#/definitions/parameterOrReference"
-          },
-          "uniqueItems": true
-        }
-      }
-    },
-    "operation": {
-      "type": "object",
-      "description": "Describes a single API operation on a path.",
-      "required": [
-        "responses"
-      ],
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "tags": {
-          "type": "array",
-          "items": {
-            "type": "string"
-          },
-          "uniqueItems": true
-        },
-        "summary": {
-          "type": "string"
-        },
-        "description": {
-          "type": "string"
-        },
-        "externalDocs": {
-          "$ref": "#/definitions/externalDocs"
-        },
-        "operationId": {
-          "type": "string"
-        },
-        "parameters": {
-          "type": "array",
-          "items": {
-            "$ref": "#/definitions/parameterOrReference"
-          },
-          "uniqueItems": true
-        },
-        "requestBody": {
-          "$ref": "#/definitions/requestBodyOrReference"
-        },
-        "responses": {
-          "$ref": "#/definitions/responses"
-        },
-        "callbacks": {
-          "$ref": "#/definitions/callbacksOrReferences"
-        },
-        "deprecated": {
-          "type": "boolean"
-        },
-        "security": {
-          "type": "array",
-          "items": {
-            "$ref": "#/definitions/securityRequirement"
-          },
-          "uniqueItems": true
-        },
-        "servers": {
-          "type": "array",
-          "items": {
-            "$ref": "#/definitions/server"
-          },
-          "uniqueItems": true
-        }
-      }
-    },
-    "externalDocs": {
-      "type": "object",
-      "description": "Allows referencing an external resource for extended documentation.",
-      "required": [
-        "url"
-      ],
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "description": {
-          "type": "string"
-        },
-        "url": {
-          "type": "string"
-        }
-      }
-    },
-    "parameter": {
-      "type": "object",
-      "description": "Describes a single operation parameter.  A unique parameter is defined by a combination of a name and location.",
-      "required": [
-        "name",
-        "in"
-      ],
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "name": {
-          "type": "string"
-        },
-        "in": {
-          "type": "string"
-        },
-        "description": {
-          "type": "string"
-        },
-        "required": {
-          "type": "boolean"
-        },
-        "deprecated": {
-          "type": "boolean"
-        },
-        "allowEmptyValue": {
-          "type": "boolean"
-        },
-        "style": {
-          "type": "string"
-        },
-        "explode": {
-          "type": "boolean"
-        },
-        "allowReserved": {
-          "type": "boolean"
-        },
-        "schema": {
-          "$ref": "#/definitions/schemaOrReference"
-        },
-        "example": {
-          "$ref": "#/definitions/any"
-        },
-        "examples": {
-          "$ref": "#/definitions/examplesOrReferences"
-        },
-        "content": {
-          "$ref": "#/definitions/mediaTypes"
-        }
-      }
-    },
-    "requestBody": {
-      "type": "object",
-      "description": "Describes a single request body.",
-      "required": [
-        "content"
-      ],
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "description": {
-          "type": "string"
-        },
-        "content": {
-          "$ref": "#/definitions/mediaTypes"
-        },
-        "required": {
-          "type": "boolean"
-        }
-      }
-    },
-    "mediaType": {
-      "type": "object",
-      "description": "Each Media Type Object provides schema and examples for the media type identified by its key.",
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "schema": {
-          "$ref": "#/definitions/schemaOrReference"
-        },
-        "example": {
-          "$ref": "#/definitions/any"
-        },
-        "examples": {
-          "$ref": "#/definitions/examplesOrReferences"
-        },
-        "encoding": {
-          "$ref": "#/definitions/encodings"
-        }
-      }
-    },
-    "encoding": {
-      "type": "object",
-      "description": "A single encoding definition applied to a single schema property.",
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "contentType": {
-          "type": "string"
-        },
-        "headers": {
-          "$ref": "#/definitions/headersOrReferences"
-        },
-        "style": {
-          "type": "string"
-        },
-        "explode": {
-          "type": "boolean"
-        },
-        "allowReserved": {
-          "type": "boolean"
-        }
-      }
-    },
-    "responses": {
-      "type": "object",
-      "description": "A container for the expected responses of an operation. The container maps a HTTP response code to the expected response.  The documentation is not necessarily expected to cover all possible HTTP response codes because they may not be known in advance. However, documentation is expected to cover a successful operation response and any known errors.  The `default` MAY be used as a default response object for all HTTP codes  that are not covered individually by the specification.  The `Responses Object` MUST contain at least one response code, and it  SHOULD be the response for a successful operation call.",
-      "additionalProperties": false,
-      "patternProperties": {
-        "^([0-9X]{3})$": {
-          "$ref": "#/definitions/responseOrReference"
-        },
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "default": {
-          "$ref": "#/definitions/responseOrReference"
-        }
-      }
-    },
-    "response": {
-      "type": "object",
-      "description": "Describes a single response from an API Operation, including design-time, static  `links` to operations based on the response.",
-      "required": [
-        "description"
-      ],
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "description": {
-          "type": "string"
-        },
-        "headers": {
-          "$ref": "#/definitions/headersOrReferences"
-        },
-        "content": {
-          "$ref": "#/definitions/mediaTypes"
-        },
-        "links": {
-          "$ref": "#/definitions/linksOrReferences"
-        }
-      }
-    },
-    "callback": {
-      "type": "object",
-      "description": "A map of possible out-of band callbacks related to the parent operation. Each value in the map is a Path Item Object that describes a set of requests that may be initiated by the API provider and the expected responses. The key value used to identify the callback object is an expression, evaluated at runtime, that identifies a URL to use for the callback operation.",
-      "additionalProperties": false,
-      "patternProperties": {
-        "^": {
-          "$ref": "#/definitions/pathItem"
-        },
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      }
-    },
-    "example": {
-      "type": "object",
-      "description": "",
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "summary": {
-          "type": "string"
-        },
-        "description": {
-          "type": "string"
-        },
-        "value": {
-          "$ref": "#/definitions/any"
-        },
-        "externalValue": {
-          "type": "string"
-        }
-      }
-    },
-    "link": {
-      "type": "object",
-      "description": "The `Link object` represents a possible design-time link for a response. The presence of a link does not guarantee the caller's ability to successfully invoke it, rather it provides a known relationship and traversal mechanism between responses and other operations.  Unlike _dynamic_ links (i.e. links provided **in** the response payload), the OAS linking mechanism does not require link information in the runtime response.  For computing links, and providing instructions to execute them, a runtime expression is used for accessing values in an operation and using them as parameters while invoking the linked operation.",
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "operationRef": {
-          "type": "string"
-        },
-        "operationId": {
-          "type": "string"
-        },
-        "parameters": {
-          "$ref": "#/definitions/anysOrExpressions"
-        },
-        "requestBody": {
-          "$ref": "#/definitions/anyOrExpression"
-        },
-        "description": {
-          "type": "string"
-        },
-        "server": {
-          "$ref": "#/definitions/server"
-        }
-      }
-    },
-    "header": {
-      "type": "object",
-      "description": "The Header Object follows the structure of the Parameter Object with the following changes:  1. `name` MUST NOT be specified, it is given in the corresponding `headers` map. 1. `in` MUST NOT be specified, it is implicitly in `header`. 1. All traits that are affected by the location MUST be applicable to a location of `header` (for example, `style`).",
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "description": {
-          "type": "string"
-        },
-        "required": {
-          "type": "boolean"
-        },
-        "deprecated": {
-          "type": "boolean"
-        },
-        "allowEmptyValue": {
-          "type": "boolean"
-        },
-        "style": {
-          "type": "string"
-        },
-        "explode": {
-          "type": "boolean"
-        },
-        "allowReserved": {
-          "type": "boolean"
-        },
-        "schema": {
-          "$ref": "#/definitions/schemaOrReference"
-        },
-        "example": {
-          "$ref": "#/definitions/any"
-        },
-        "examples": {
-          "$ref": "#/definitions/examplesOrReferences"
-        },
-        "content": {
-          "$ref": "#/definitions/mediaTypes"
-        }
-      }
-    },
-    "tag": {
-      "type": "object",
-      "description": "Adds metadata to a single tag that is used by the Operation Object. It is not mandatory to have a Tag Object per tag defined in the Operation Object instances.",
-      "required": [
-        "name"
-      ],
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "name": {
-          "type": "string"
-        },
-        "description": {
-          "type": "string"
-        },
-        "externalDocs": {
-          "$ref": "#/definitions/externalDocs"
-        }
-      }
-    },
-    "reference": {
-      "type": "object",
-      "description": "A simple object to allow referencing other components in the specification, internally and externally.  The Reference Object is defined by JSON Reference and follows the same structure, behavior and rules.   For this specification, reference resolution is accomplished as defined by the JSON Reference specification and not by the JSON Schema specification.",
-      "required": [
-        "$ref"
-      ],
-      "additionalProperties": false,
-      "properties": {
-        "$ref": {
-          "type": "string"
-        },
-        "summary": {
-          "type": "string"
-        },
-        "description": {
-          "type": "string"
-        }
-      }
-    },
-    "schema": {
-      "type": "object",
-      "description": "The Schema Object allows the definition of input and output data types. These types can be objects, but also primitives and arrays. This object is an extended subset of the JSON Schema Specification Wright Draft 00.  For more information about the properties, see JSON Schema Core and JSON Schema Validation. Unless stated otherwise, the property definitions follow the JSON Schema.",
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "nullable": {
-          "type": "boolean"
-        },
-        "discriminator": {
-          "$ref": "#/definitions/discriminator"
-        },
-        "readOnly": {
-          "type": "boolean"
-        },
-        "writeOnly": {
-          "type": "boolean"
-        },
-        "xml": {
-          "$ref": "#/definitions/xml"
-        },
-        "externalDocs": {
-          "$ref": "#/definitions/externalDocs"
-        },
-        "example": {
-          "$ref": "#/definitions/any"
-        },
-        "deprecated": {
-          "type": "boolean"
-        },
-        "title": {
-          "$ref": "http://json-schema.org/draft-04/schema#/properties/title"
-        },
-        "multipleOf": {
-          "$ref": "http://json-schema.org/draft-04/schema#/properties/multipleOf"
-        },
-        "maximum": {
-          "$ref": "http://json-schema.org/draft-04/schema#/properties/maximum"
-        },
-        "exclusiveMaximum": {
-          "$ref": "http://json-schema.org/draft-04/schema#/properties/exclusiveMaximum"
-        },
-        "minimum": {
-          "$ref": "http://json-schema.org/draft-04/schema#/properties/minimum"
-        },
-        "exclusiveMinimum": {
-          "$ref": "http://json-schema.org/draft-04/schema#/properties/exclusiveMinimum"
-        },
-        "maxLength": {
-          "$ref": "http://json-schema.org/draft-04/schema#/properties/maxLength"
-        },
-        "minLength": {
-          "$ref": "http://json-schema.org/draft-04/schema#/properties/minLength"
-        },
-        "pattern": {
-          "$ref": "http://json-schema.org/draft-04/schema#/properties/pattern"
-        },
-        "maxItems": {
-          "$ref": "http://json-schema.org/draft-04/schema#/properties/maxItems"
-        },
-        "minItems": {
-          "$ref": "http://json-schema.org/draft-04/schema#/properties/minItems"
-        },
-        "uniqueItems": {
-          "$ref": "http://json-schema.org/draft-04/schema#/properties/uniqueItems"
-        },
-        "maxProperties": {
-          "$ref": "http://json-schema.org/draft-04/schema#/properties/maxProperties"
-        },
-        "minProperties": {
-          "$ref": "http://json-schema.org/draft-04/schema#/properties/minProperties"
-        },
-        "required": {
-          "$ref": "http://json-schema.org/draft-04/schema#/properties/required"
-        },
-        "enum": {
-          "$ref": "http://json-schema.org/draft-04/schema#/properties/enum"
-        },
-        "type": {
-          "type": "string"
-        },
-        "allOf": {
-          "type": "array",
-          "items": {
-            "$ref": "#/definitions/schemaOrReference"
-          },
-          "minItems": 1
-        },
-        "oneOf": {
-          "type": "array",
-          "items": {
-            "$ref": "#/definitions/schemaOrReference"
-          },
-          "minItems": 1
-        },
-        "anyOf": {
-          "type": "array",
-          "items": {
-            "$ref": "#/definitions/schemaOrReference"
-          },
-          "minItems": 1
-        },
-        "not": {
-          "$ref": "#/definitions/schema"
-        },
-        "items": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/schemaOrReference"
-            },
-            {
-              "type": "array",
-              "items": {
-                "$ref": "#/definitions/schemaOrReference"
-              },
-              "minItems": 1
-            }
-          ]
-        },
-        "properties": {
-          "type": "object",
-          "additionalProperties": {
-            "$ref": "#/definitions/schemaOrReference"
-          }
-        },
-        "additionalProperties": {
-          "oneOf": [
-            {
-              "$ref": "#/definitions/schemaOrReference"
-            },
-            {
-              "type": "boolean"
-            }
-          ]
-        },
-        "default": {
-          "$ref": "#/definitions/defaultType"
-        },
-        "description": {
-          "type": "string"
-        },
-        "format": {
-          "type": "string"
-        }
-      }
-    },
-    "discriminator": {
-      "type": "object",
-      "description": "When request bodies or response payloads may be one of a number of different schemas, a `discriminator` object can be used to aid in serialization, deserialization, and validation.  The discriminator is a specific object in a schema which is used to inform the consumer of the specification of an alternative schema based on the value associated with it.  When using the discriminator, _inline_ schemas will not be considered.",
-      "required": [
-        "propertyName"
-      ],
-      "additionalProperties": false,
-      "properties": {
-        "propertyName": {
-          "type": "string"
-        },
-        "mapping": {
-          "$ref": "#/definitions/strings"
-        }
-      }
-    },
-    "xml": {
-      "type": "object",
-      "description": "A metadata object that allows for more fine-tuned XML model definitions.  When using arrays, XML element names are *not* inferred (for singular/plural forms) and the `name` property SHOULD be used to add that information. See examples for expected behavior.",
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "name": {
-          "type": "string"
-        },
-        "namespace": {
-          "type": "string"
-        },
-        "prefix": {
-          "type": "string"
-        },
-        "attribute": {
-          "type": "boolean"
-        },
-        "wrapped": {
-          "type": "boolean"
-        }
-      }
-    },
-    "securityScheme": {
-      "type": "object",
-      "description": "Defines a security scheme that can be used by the operations. Supported schemes are HTTP authentication, an API key (either as a header or as a query parameter), OAuth2's common flows (implicit, password, application and access code) as defined in RFC6749, and OpenID Connect Discovery.",
-      "required": [
-        "type"
-      ],
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "type": {
-          "type": "string"
-        },
-        "description": {
-          "type": "string"
-        },
-        "name": {
-          "type": "string"
-        },
-        "in": {
-          "type": "string"
-        },
-        "scheme": {
-          "type": "string"
-        },
-        "bearerFormat": {
-          "type": "string"
-        },
-        "flows": {
-          "$ref": "#/definitions/oauthFlows"
-        },
-        "openIdConnectUrl": {
-          "type": "string"
-        }
-      }
-    },
-    "oauthFlows": {
-      "type": "object",
-      "description": "Allows configuration of the supported OAuth Flows.",
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "implicit": {
-          "$ref": "#/definitions/oauthFlow"
-        },
-        "password": {
-          "$ref": "#/definitions/oauthFlow"
-        },
-        "clientCredentials": {
-          "$ref": "#/definitions/oauthFlow"
-        },
-        "authorizationCode": {
-          "$ref": "#/definitions/oauthFlow"
-        }
-      }
-    },
-    "oauthFlow": {
-      "type": "object",
-      "description": "Configuration details for a supported OAuth Flow",
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "authorizationUrl": {
-          "type": "string"
-        },
-        "tokenUrl": {
-          "type": "string"
-        },
-        "refreshUrl": {
-          "type": "string"
-        },
-        "scopes": {
-          "$ref": "#/definitions/strings"
-        }
-      }
-    },
-    "securityRequirement": {
-      "type": "object",
-      "description": "Lists the required security schemes to execute this operation. The name used for each property MUST correspond to a security scheme declared in the Security Schemes under the Components Object.  Security Requirement Objects that contain multiple schemes require that all schemes MUST be satisfied for a request to be authorized. This enables support for scenarios where multiple query parameters or HTTP headers are required to convey security information.  When a list of Security Requirement Objects is defined on the Open API object or Operation Object, only one of Security Requirement Objects in the list needs to be satisfied to authorize the request.",
-      "additionalProperties": false,
-      "patternProperties": {
-        "^[a-zA-Z0-9\\.\\-_]+$": {
-          "type": "array",
-          "items": {
-            "type": "string"
-          },
-          "uniqueItems": true
-        }
-      }
-    },
-    "anyOrExpression": {
-      "oneOf": [
-        {
-          "$ref": "#/definitions/any"
-        },
-        {
-          "$ref": "#/definitions/expression"
-        }
-      ]
-    },
-    "callbackOrReference": {
-      "oneOf": [
-        {
-          "$ref": "#/definitions/callback"
-        },
-        {
-          "$ref": "#/definitions/reference"
-        }
-      ]
-    },
-    "exampleOrReference": {
-      "oneOf": [
-        {
-          "$ref": "#/definitions/example"
-        },
-        {
-          "$ref": "#/definitions/reference"
-        }
-      ]
-    },
-    "headerOrReference": {
-      "oneOf": [
-        {
-          "$ref": "#/definitions/header"
-        },
-        {
-          "$ref": "#/definitions/reference"
-        }
-      ]
-    },
-    "linkOrReference": {
-      "oneOf": [
-        {
-          "$ref": "#/definitions/link"
-        },
-        {
-          "$ref": "#/definitions/reference"
-        }
-      ]
-    },
-    "parameterOrReference": {
-      "oneOf": [
-        {
-          "$ref": "#/definitions/parameter"
-        },
-        {
-          "$ref": "#/definitions/reference"
-        }
-      ]
-    },
-    "requestBodyOrReference": {
-      "oneOf": [
-        {
-          "$ref": "#/definitions/requestBody"
-        },
-        {
-          "$ref": "#/definitions/reference"
-        }
-      ]
-    },
-    "responseOrReference": {
-      "oneOf": [
-        {
-          "$ref": "#/definitions/response"
-        },
-        {
-          "$ref": "#/definitions/reference"
-        }
-      ]
-    },
-    "schemaOrReference": {
-      "oneOf": [
-        {
-          "$ref": "#/definitions/schema"
-        },
-        {
-          "$ref": "#/definitions/reference"
-        }
-      ]
-    },
-    "securitySchemeOrReference": {
-      "oneOf": [
-        {
-          "$ref": "#/definitions/securityScheme"
-        },
-        {
-          "$ref": "#/definitions/reference"
-        }
-      ]
-    },
-    "anysOrExpressions": {
-      "type": "object",
-      "additionalProperties": {
-        "$ref": "#/definitions/anyOrExpression"
-      }
-    },
-    "callbacksOrReferences": {
-      "type": "object",
-      "additionalProperties": {
-        "$ref": "#/definitions/callbackOrReference"
-      }
-    },
-    "encodings": {
-      "type": "object",
-      "additionalProperties": {
-        "$ref": "#/definitions/encoding"
-      }
-    },
-    "examplesOrReferences": {
-      "type": "object",
-      "additionalProperties": {
-        "$ref": "#/definitions/exampleOrReference"
-      }
-    },
-    "headersOrReferences": {
-      "type": "object",
-      "additionalProperties": {
-        "$ref": "#/definitions/headerOrReference"
-      }
-    },
-    "linksOrReferences": {
-      "type": "object",
-      "additionalProperties": {
-        "$ref": "#/definitions/linkOrReference"
-      }
-    },
-    "mediaTypes": {
-      "type": "object",
-      "additionalProperties": {
-        "$ref": "#/definitions/mediaType"
-      }
-    },
-    "parametersOrReferences": {
-      "type": "object",
-      "additionalProperties": {
-        "$ref": "#/definitions/parameterOrReference"
-      }
-    },
-    "requestBodiesOrReferences": {
-      "type": "object",
-      "additionalProperties": {
-        "$ref": "#/definitions/requestBodyOrReference"
-      }
-    },
-    "responsesOrReferences": {
-      "type": "object",
-      "additionalProperties": {
-        "$ref": "#/definitions/responseOrReference"
-      }
-    },
-    "schemasOrReferences": {
-      "type": "object",
-      "additionalProperties": {
-        "$ref": "#/definitions/schemaOrReference"
-      }
-    },
-    "securitySchemesOrReferences": {
-      "type": "object",
-      "additionalProperties": {
-        "$ref": "#/definitions/securitySchemeOrReference"
-      }
-    },
-    "serverVariables": {
-      "type": "object",
-      "additionalProperties": {
-        "$ref": "#/definitions/serverVariable"
-      }
-    },
-    "strings": {
-      "type": "object",
-      "additionalProperties": {
-        "type": "string"
-      }
-    },
-    "object": {
-      "type": "object",
-      "additionalProperties": true
-    },
-    "any": {
-      "additionalProperties": true
-    },
-    "expression": {
-      "type": "object",
-      "additionalProperties": true
-    },
-    "specificationExtension": {
-      "description": "Any property starting with x- is valid.",
-      "oneOf": [
-        {
-          "type": "null"
-        },
-        {
-          "type": "number"
-        },
-        {
-          "type": "boolean"
-        },
-        {
-          "type": "string"
-        },
-        {
-          "type": "object"
-        },
-        {
-          "type": "array"
-        }
-      ]
-    },
-    "defaultType": {
-      "oneOf": [
-        {
-          "type": "null"
-        },
-        {
-          "type": "array"
-        },
-        {
-          "type": "object"
-        },
-        {
-          "type": "number"
-        },
-        {
-          "type": "boolean"
-        },
-        {
-          "type": "string"
-        }
-      ]
-    }
-  }
-}
diff --git a/vendor/github.com/google/gnostic/openapiv3/openapi-3.1.json b/vendor/github.com/google/gnostic/openapiv3/openapi-3.1.json
deleted file mode 100644
index ed0b83adf4..0000000000
--- a/vendor/github.com/google/gnostic/openapiv3/openapi-3.1.json
+++ /dev/null
@@ -1,1250 +0,0 @@
-{
-  "title": "A JSON Schema for OpenAPI 3.0.",
-  "id": "http://openapis.org/v3/schema.json#",
-  "$schema": "http://json-schema.org/draft-04/schema#",
-  "type": "object",
-  "description": "This is the root document object of the OpenAPI document.",
-  "required": [
-    "openapi",
-    "info",
-    "paths"
-  ],
-  "additionalProperties": false,
-  "patternProperties": {
-    "^x-": {
-      "$ref": "#/definitions/specificationExtension"
-    }
-  },
-  "properties": {
-    "openapi": {
-      "type": "string"
-    },
-    "info": {
-      "$ref": "#/definitions/info"
-    },
-    "servers": {
-      "type": "array",
-      "items": {
-        "$ref": "#/definitions/server"
-      },
-      "uniqueItems": true
-    },
-    "paths": {
-      "$ref": "#/definitions/paths"
-    },
-    "components": {
-      "$ref": "#/definitions/components"
-    },
-    "security": {
-      "type": "array",
-      "items": {
-        "$ref": "#/definitions/securityRequirement"
-      },
-      "uniqueItems": true
-    },
-    "tags": {
-      "type": "array",
-      "items": {
-        "$ref": "#/definitions/tag"
-      },
-      "uniqueItems": true
-    },
-    "externalDocs": {
-      "$ref": "#/definitions/externalDocs"
-    }
-  },
-  "definitions": {
-    "info": {
-      "type": "object",
-      "description": "The object provides metadata about the API. The metadata MAY be used by the clients if needed, and MAY be presented in editing or documentation generation tools for convenience.",
-      "required": [
-        "title",
-        "version"
-      ],
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "title": {
-          "type": "string"
-        },
-        "description": {
-          "type": "string"
-        },
-        "termsOfService": {
-          "type": "string"
-        },
-        "contact": {
-          "$ref": "#/definitions/contact"
-        },
-        "license": {
-          "$ref": "#/definitions/license"
-        },
-        "version": {
-          "type": "string"
-        },
-        "summary": {
-          "type": "string"
-        }
-      }
-    },
-    "contact": {
-      "type": "object",
-      "description": "Contact information for the exposed API.",
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "name": {
-          "type": "string"
-        },
-        "url": {
-          "type": "string",
-          "format": "uri"
-        },
-        "email": {
-          "type": "string",
-          "format": "email"
-        }
-      }
-    },
-    "license": {
-      "type": "object",
-      "description": "License information for the exposed API.",
-      "required": [
-        "name"
-      ],
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "name": {
-          "type": "string"
-        },
-        "url": {
-          "type": "string"
-        }
-      }
-    },
-    "server": {
-      "type": "object",
-      "description": "An object representing a Server.",
-      "required": [
-        "url"
-      ],
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "url": {
-          "type": "string"
-        },
-        "description": {
-          "type": "string"
-        },
-        "variables": {
-          "$ref": "#/definitions/serverVariables"
-        }
-      }
-    },
-    "serverVariable": {
-      "type": "object",
-      "description": "An object representing a Server Variable for server URL template substitution.",
-      "required": [
-        "default"
-      ],
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "enum": {
-          "type": "array",
-          "items": {
-            "type": "string"
-          },
-          "uniqueItems": true
-        },
-        "default": {
-          "type": "string"
-        },
-        "description": {
-          "type": "string"
-        }
-      }
-    },
-    "components": {
-      "type": "object",
-      "description": "Holds a set of reusable objects for different aspects of the OAS. All objects defined within the components object will have no effect on the API unless they are explicitly referenced from properties outside the components object.",
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "schemas": {
-          "$ref": "#/definitions/schemasOrReferences"
-        },
-        "responses": {
-          "$ref": "#/definitions/responsesOrReferences"
-        },
-        "parameters": {
-          "$ref": "#/definitions/parametersOrReferences"
-        },
-        "examples": {
-          "$ref": "#/definitions/examplesOrReferences"
-        },
-        "requestBodies": {
-          "$ref": "#/definitions/requestBodiesOrReferences"
-        },
-        "headers": {
-          "$ref": "#/definitions/headersOrReferences"
-        },
-        "securitySchemes": {
-          "$ref": "#/definitions/securitySchemesOrReferences"
-        },
-        "links": {
-          "$ref": "#/definitions/linksOrReferences"
-        },
-        "callbacks": {
-          "$ref": "#/definitions/callbacksOrReferences"
-        }
-      }
-    },
-    "paths": {
-      "type": "object",
-      "description": "Holds the relative paths to the individual endpoints and their operations. The path is appended to the URL from the `Server Object` in order to construct the full URL.  The Paths MAY be empty, due to ACL constraints.",
-      "additionalProperties": false,
-      "patternProperties": {
-        "^/": {
-          "$ref": "#/definitions/pathItem"
-        },
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      }
-    },
-    "pathItem": {
-      "type": "object",
-      "description": "Describes the operations available on a single path. A Path Item MAY be empty, due to ACL constraints. The path itself is still exposed to the documentation viewer but they will not know which operations and parameters are available.",
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "$ref": {
-          "type": "string"
-        },
-        "summary": {
-          "type": "string"
-        },
-        "description": {
-          "type": "string"
-        },
-        "get": {
-          "$ref": "#/definitions/operation"
-        },
-        "put": {
-          "$ref": "#/definitions/operation"
-        },
-        "post": {
-          "$ref": "#/definitions/operation"
-        },
-        "delete": {
-          "$ref": "#/definitions/operation"
-        },
-        "options": {
-          "$ref": "#/definitions/operation"
-        },
-        "head": {
-          "$ref": "#/definitions/operation"
-        },
-        "patch": {
-          "$ref": "#/definitions/operation"
-        },
-        "trace": {
-          "$ref": "#/definitions/operation"
-        },
-        "servers": {
-          "type": "array",
-          "items": {
-            "$ref": "#/definitions/server"
-          },
-          "uniqueItems": true
-        },
-        "parameters": {
-          "type": "array",
-          "items": {
-            "$ref": "#/definitions/parameterOrReference"
-          },
-          "uniqueItems": true
-        }
-      }
-    },
-    "operation": {
-      "type": "object",
-      "description": "Describes a single API operation on a path.",
-      "required": [
-        "responses"
-      ],
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "tags": {
-          "type": "array",
-          "items": {
-            "type": "string"
-          },
-          "uniqueItems": true
-        },
-        "summary": {
-          "type": "string"
-        },
-        "description": {
-          "type": "string"
-        },
-        "externalDocs": {
-          "$ref": "#/definitions/externalDocs"
-        },
-        "operationId": {
-          "type": "string"
-        },
-        "parameters": {
-          "type": "array",
-          "items": {
-            "$ref": "#/definitions/parameterOrReference"
-          },
-          "uniqueItems": true
-        },
-        "requestBody": {
-          "$ref": "#/definitions/requestBodyOrReference"
-        },
-        "responses": {
-          "$ref": "#/definitions/responses"
-        },
-        "callbacks": {
-          "$ref": "#/definitions/callbacksOrReferences"
-        },
-        "deprecated": {
-          "type": "boolean"
-        },
-        "security": {
-          "type": "array",
-          "items": {
-            "$ref": "#/definitions/securityRequirement"
-          },
-          "uniqueItems": true
-        },
-        "servers": {
-          "type": "array",
-          "items": {
-            "$ref": "#/definitions/server"
-          },
-          "uniqueItems": true
-        }
-      }
-    },
-    "externalDocs": {
-      "type": "object",
-      "description": "Allows referencing an external resource for extended documentation.",
-      "required": [
-        "url"
-      ],
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "description": {
-          "type": "string"
-        },
-        "url": {
-          "type": "string"
-        }
-      }
-    },
-    "parameter": {
-      "type": "object",
-      "description": "Describes a single operation parameter.  A unique parameter is defined by a combination of a name and location.",
-      "required": [
-        "name",
-        "in"
-      ],
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "name": {
-          "type": "string"
-        },
-        "in": {
-          "type": "string"
-        },
-        "description": {
-          "type": "string"
-        },
-        "required": {
-          "type": "boolean"
-        },
-        "deprecated": {
-          "type": "boolean"
-        },
-        "allowEmptyValue": {
-          "type": "boolean"
-        },
-        "style": {
-          "type": "string"
-        },
-        "explode": {
-          "type": "boolean"
-        },
-        "allowReserved": {
-          "type": "boolean"
-        },
-        "schema": {
-          "$ref": "#/definitions/schemaOrReference"
-        },
-        "example": {
-          "$ref": "#/definitions/any"
-        },
-        "examples": {
-          "$ref": "#/definitions/examplesOrReferences"
-        },
-        "content": {
-          "$ref": "#/definitions/mediaTypes"
-        }
-      }
-    },
-    "requestBody": {
-      "type": "object",
-      "description": "Describes a single request body.",
-      "required": [
-        "content"
-      ],
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "description": {
-          "type": "string"
-        },
-        "content": {
-          "$ref": "#/definitions/mediaTypes"
-        },
-        "required": {
-          "type": "boolean"
-        }
-      }
-    },
-    "mediaType": {
-      "type": "object",
-      "description": "Each Media Type Object provides schema and examples for the media type identified by its key.",
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "schema": {
-          "$ref": "#/definitions/schemaOrReference"
-        },
-        "example": {
-          "$ref": "#/definitions/any"
-        },
-        "examples": {
-          "$ref": "#/definitions/examplesOrReferences"
-        },
-        "encoding": {
-          "$ref": "#/definitions/encodings"
-        }
-      }
-    },
-    "encoding": {
-      "type": "object",
-      "description": "A single encoding definition applied to a single schema property.",
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "contentType": {
-          "type": "string"
-        },
-        "headers": {
-          "$ref": "#/definitions/headersOrReferences"
-        },
-        "style": {
-          "type": "string"
-        },
-        "explode": {
-          "type": "boolean"
-        },
-        "allowReserved": {
-          "type": "boolean"
-        }
-      }
-    },
-    "responses": {
-      "type": "object",
-      "description": "A container for the expected responses of an operation. The container maps a HTTP response code to the expected response.  The documentation is not necessarily expected to cover all possible HTTP response codes because they may not be known in advance. However, documentation is expected to cover a successful operation response and any known errors.  The `default` MAY be used as a default response object for all HTTP codes  that are not covered individually by the specification.  The `Responses Object` MUST contain at least one response code, and it  SHOULD be the response for a successful operation call.",
-      "additionalProperties": false,
-      "patternProperties": {
-        "^([0-9X]{3})$": {
-          "$ref": "#/definitions/responseOrReference"
-        },
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "default": {
-          "$ref": "#/definitions/responseOrReference"
-        }
-      }
-    },
-    "response": {
-      "type": "object",
-      "description": "Describes a single response from an API Operation, including design-time, static  `links` to operations based on the response.",
-      "required": [
-        "description"
-      ],
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "description": {
-          "type": "string"
-        },
-        "headers": {
-          "$ref": "#/definitions/headersOrReferences"
-        },
-        "content": {
-          "$ref": "#/definitions/mediaTypes"
-        },
-        "links": {
-          "$ref": "#/definitions/linksOrReferences"
-        }
-      }
-    },
-    "callback": {
-      "type": "object",
-      "description": "A map of possible out-of band callbacks related to the parent operation. Each value in the map is a Path Item Object that describes a set of requests that may be initiated by the API provider and the expected responses. The key value used to identify the callback object is an expression, evaluated at runtime, that identifies a URL to use for the callback operation.",
-      "additionalProperties": false,
-      "patternProperties": {
-        "^": {
-          "$ref": "#/definitions/pathItem"
-        },
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      }
-    },
-    "example": {
-      "type": "object",
-      "description": "",
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "summary": {
-          "type": "string"
-        },
-        "description": {
-          "type": "string"
-        },
-        "value": {
-          "$ref": "#/definitions/any"
-        },
-        "externalValue": {
-          "type": "string"
-        }
-      }
-    },
-    "link": {
-      "type": "object",
-      "description": "The `Link object` represents a possible design-time link for a response. The presence of a link does not guarantee the caller's ability to successfully invoke it, rather it provides a known relationship and traversal mechanism between responses and other operations.  Unlike _dynamic_ links (i.e. links provided **in** the response payload), the OAS linking mechanism does not require link information in the runtime response.  For computing links, and providing instructions to execute them, a runtime expression is used for accessing values in an operation and using them as parameters while invoking the linked operation.",
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "operationRef": {
-          "type": "string"
-        },
-        "operationId": {
-          "type": "string"
-        },
-        "parameters": {
-          "$ref": "#/definitions/anyOrExpression"
-        },
-        "requestBody": {
-          "$ref": "#/definitions/anyOrExpression"
-        },
-        "description": {
-          "type": "string"
-        },
-        "server": {
-          "$ref": "#/definitions/server"
-        }
-      }
-    },
-    "header": {
-      "type": "object",
-      "description": "The Header Object follows the structure of the Parameter Object with the following changes:  1. `name` MUST NOT be specified, it is given in the corresponding `headers` map. 1. `in` MUST NOT be specified, it is implicitly in `header`. 1. All traits that are affected by the location MUST be applicable to a location of `header` (for example, `style`).",
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "description": {
-          "type": "string"
-        },
-        "required": {
-          "type": "boolean"
-        },
-        "deprecated": {
-          "type": "boolean"
-        },
-        "allowEmptyValue": {
-          "type": "boolean"
-        },
-        "style": {
-          "type": "string"
-        },
-        "explode": {
-          "type": "boolean"
-        },
-        "allowReserved": {
-          "type": "boolean"
-        },
-        "schema": {
-          "$ref": "#/definitions/schemaOrReference"
-        },
-        "example": {
-          "$ref": "#/definitions/any"
-        },
-        "examples": {
-          "$ref": "#/definitions/examplesOrReferences"
-        },
-        "content": {
-          "$ref": "#/definitions/mediaTypes"
-        }
-      }
-    },
-    "tag": {
-      "type": "object",
-      "description": "Adds metadata to a single tag that is used by the Operation Object. It is not mandatory to have a Tag Object per tag defined in the Operation Object instances.",
-      "required": [
-        "name"
-      ],
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "name": {
-          "type": "string"
-        },
-        "description": {
-          "type": "string"
-        },
-        "externalDocs": {
-          "$ref": "#/definitions/externalDocs"
-        }
-      }
-    },
-    "reference": {
-      "type": "object",
-      "description": "A simple object to allow referencing other components in the specification, internally and externally.  The Reference Object is defined by JSON Reference and follows the same structure, behavior and rules.   For this specification, reference resolution is accomplished as defined by the JSON Reference specification and not by the JSON Schema specification.",
-      "required": [
-        "$ref"
-      ],
-      "additionalProperties": false,
-      "properties": {
-        "$ref": {
-          "type": "string"
-        },
-        "summary": {
-          "type": "string"
-        },
-        "description": {
-          "type": "string"
-        }
-      }
-    },
-    "schema": {
-      "type": "object",
-      "description": "The Schema Object allows the definition of input and output data types. These types can be objects, but also primitives and arrays. This object is an extended subset of the JSON Schema Specification Wright Draft 00.  For more information about the properties, see JSON Schema Core and JSON Schema Validation. Unless stated otherwise, the property definitions follow the JSON Schema.",
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "nullable": {
-          "type": "boolean"
-        },
-        "discriminator": {
-          "$ref": "#/definitions/discriminator"
-        },
-        "readOnly": {
-          "type": "boolean"
-        },
-        "writeOnly": {
-          "type": "boolean"
-        },
-        "xml": {
-          "$ref": "#/definitions/xml"
-        },
-        "externalDocs": {
-          "$ref": "#/definitions/externalDocs"
-        },
-        "example": {
-          "$ref": "#/definitions/any"
-        },
-        "deprecated": {
-          "type": "boolean"
-        },
-        "title": {
-          "$ref": "http://json-schema.org/draft-04/schema#/properties/title"
-        },
-        "multipleOf": {
-          "$ref": "http://json-schema.org/draft-04/schema#/properties/multipleOf"
-        },
-        "maximum": {
-          "$ref": "http://json-schema.org/draft-04/schema#/properties/maximum"
-        },
-        "exclusiveMaximum": {
-          "$ref": "http://json-schema.org/draft-04/schema#/properties/exclusiveMaximum"
-        },
-        "minimum": {
-          "$ref": "http://json-schema.org/draft-04/schema#/properties/minimum"
-        },
-        "exclusiveMinimum": {
-          "$ref": "http://json-schema.org/draft-04/schema#/properties/exclusiveMinimum"
-        },
-        "maxLength": {
-          "$ref": "http://json-schema.org/draft-04/schema#/properties/maxLength"
-        },
-        "minLength": {
-          "$ref": "http://json-schema.org/draft-04/schema#/properties/minLength"
-        },
-        "pattern": {
-          "$ref": "http://json-schema.org/draft-04/schema#/properties/pattern"
-        },
-        "maxItems": {
-          "$ref": "http://json-schema.org/draft-04/schema#/properties/maxItems"
-        },
-        "minItems": {
-          "$ref": "http://json-schema.org/draft-04/schema#/properties/minItems"
-        },
-        "uniqueItems": {
-          "$ref": "http://json-schema.org/draft-04/schema#/properties/uniqueItems"
-        },
-        "maxProperties": {
-          "$ref": "http://json-schema.org/draft-04/schema#/properties/maxProperties"
-        },
-        "minProperties": {
-          "$ref": "http://json-schema.org/draft-04/schema#/properties/minProperties"
-        },
-        "required": {
-          "$ref": "http://json-schema.org/draft-04/schema#/properties/required"
-        },
-        "enum": {
-          "$ref": "http://json-schema.org/draft-04/schema#/properties/enum"
-        },
-        "type": {
-          "type": "string"
-        },
-        "allOf": {
-          "type": "array",
-          "items": {
-            "$ref": "#/definitions/schemaOrReference"
-          },
-          "minItems": 1
-        },
-        "oneOf": {
-          "type": "array",
-          "items": {
-            "$ref": "#/definitions/schemaOrReference"
-          },
-          "minItems": 1
-        },
-        "anyOf": {
-          "type": "array",
-          "items": {
-            "$ref": "#/definitions/schemaOrReference"
-          },
-          "minItems": 1
-        },
-        "not": {
-          "$ref": "#/definitions/schema"
-        },
-        "items": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/schemaOrReference"
-            },
-            {
-              "type": "array",
-              "items": {
-                "$ref": "#/definitions/schemaOrReference"
-              },
-              "minItems": 1
-            }
-          ]
-        },
-        "properties": {
-          "type": "object",
-          "additionalProperties": {
-            "$ref": "#/definitions/schemaOrReference"
-          }
-        },
-        "additionalProperties": {
-          "oneOf": [
-            {
-              "$ref": "#/definitions/schemaOrReference"
-            },
-            {
-              "type": "boolean"
-            }
-          ]
-        },
-        "default": {
-          "$ref": "#/definitions/defaultType"
-        },
-        "description": {
-          "type": "string"
-        },
-        "format": {
-          "type": "string"
-        }
-      }
-    },
-    "discriminator": {
-      "type": "object",
-      "description": "When request bodies or response payloads may be one of a number of different schemas, a `discriminator` object can be used to aid in serialization, deserialization, and validation.  The discriminator is a specific object in a schema which is used to inform the consumer of the specification of an alternative schema based on the value associated with it.  When using the discriminator, _inline_ schemas will not be considered.",
-      "required": [
-        "propertyName"
-      ],
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "propertyName": {
-          "type": "string"
-        },
-        "mapping": {
-          "$ref": "#/definitions/strings"
-        }
-      }
-    },
-    "xml": {
-      "type": "object",
-      "description": "A metadata object that allows for more fine-tuned XML model definitions.  When using arrays, XML element names are *not* inferred (for singular/plural forms) and the `name` property SHOULD be used to add that information. See examples for expected behavior.",
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "name": {
-          "type": "string"
-        },
-        "namespace": {
-          "type": "string"
-        },
-        "prefix": {
-          "type": "string"
-        },
-        "attribute": {
-          "type": "boolean"
-        },
-        "wrapped": {
-          "type": "boolean"
-        }
-      }
-    },
-    "securityScheme": {
-      "type": "object",
-      "description": "Defines a security scheme that can be used by the operations. Supported schemes are HTTP authentication, an API key (either as a header, a cookie parameter or as a query parameter), mutual TLS (use of a client certificate), OAuth2's common flows (implicit, password, application and access code) as defined in RFC6749, and OpenID Connect.   Please note that currently (2019) the implicit flow is about to be deprecated OAuth 2.0 Security Best Current Practice. Recommended for most use case is Authorization Code Grant flow with PKCE.",
-      "required": [
-        "type"
-      ],
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "type": {
-          "type": "string"
-        },
-        "description": {
-          "type": "string"
-        },
-        "name": {
-          "type": "string"
-        },
-        "in": {
-          "type": "string"
-        },
-        "scheme": {
-          "type": "string"
-        },
-        "bearerFormat": {
-          "type": "string"
-        },
-        "flows": {
-          "$ref": "#/definitions/oauthFlows"
-        },
-        "openIdConnectUrl": {
-          "type": "string"
-        }
-      }
-    },
-    "oauthFlows": {
-      "type": "object",
-      "description": "Allows configuration of the supported OAuth Flows.",
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "implicit": {
-          "$ref": "#/definitions/oauthFlow"
-        },
-        "password": {
-          "$ref": "#/definitions/oauthFlow"
-        },
-        "clientCredentials": {
-          "$ref": "#/definitions/oauthFlow"
-        },
-        "authorizationCode": {
-          "$ref": "#/definitions/oauthFlow"
-        }
-      }
-    },
-    "oauthFlow": {
-      "type": "object",
-      "description": "Configuration details for a supported OAuth Flow",
-      "additionalProperties": false,
-      "patternProperties": {
-        "^x-": {
-          "$ref": "#/definitions/specificationExtension"
-        }
-      },
-      "properties": {
-        "authorizationUrl": {
-          "type": "string"
-        },
-        "tokenUrl": {
-          "type": "string"
-        },
-        "refreshUrl": {
-          "type": "string"
-        },
-        "scopes": {
-          "$ref": "#/definitions/strings"
-        }
-      }
-    },
-    "securityRequirement": {
-      "type": "object",
-      "description": "Lists the required security schemes to execute this operation. The name used for each property MUST correspond to a security scheme declared in the Security Schemes under the Components Object.  Security Requirement Objects that contain multiple schemes require that all schemes MUST be satisfied for a request to be authorized. This enables support for scenarios where multiple query parameters or HTTP headers are required to convey security information.  When a list of Security Requirement Objects is defined on the OpenAPI Object or Operation Object, only one of the Security Requirement Objects in the list needs to be satisfied to authorize the request.",
-      "additionalProperties": {
-        "type": "array",
-        "items": {
-          "type": "string"
-        },
-        "uniqueItems": true
-      }
-    },
-    "anyOrExpression": {
-      "oneOf": [
-        {
-          "$ref": "#/definitions/any"
-        },
-        {
-          "$ref": "#/definitions/expression"
-        }
-      ]
-    },
-    "callbackOrReference": {
-      "oneOf": [
-        {
-          "$ref": "#/definitions/callback"
-        },
-        {
-          "$ref": "#/definitions/reference"
-        }
-      ]
-    },
-    "exampleOrReference": {
-      "oneOf": [
-        {
-          "$ref": "#/definitions/example"
-        },
-        {
-          "$ref": "#/definitions/reference"
-        }
-      ]
-    },
-    "headerOrReference": {
-      "oneOf": [
-        {
-          "$ref": "#/definitions/header"
-        },
-        {
-          "$ref": "#/definitions/reference"
-        }
-      ]
-    },
-    "linkOrReference": {
-      "oneOf": [
-        {
-          "$ref": "#/definitions/link"
-        },
-        {
-          "$ref": "#/definitions/reference"
-        }
-      ]
-    },
-    "parameterOrReference": {
-      "oneOf": [
-        {
-          "$ref": "#/definitions/parameter"
-        },
-        {
-          "$ref": "#/definitions/reference"
-        }
-      ]
-    },
-    "requestBodyOrReference": {
-      "oneOf": [
-        {
-          "$ref": "#/definitions/requestBody"
-        },
-        {
-          "$ref": "#/definitions/reference"
-        }
-      ]
-    },
-    "responseOrReference": {
-      "oneOf": [
-        {
-          "$ref": "#/definitions/response"
-        },
-        {
-          "$ref": "#/definitions/reference"
-        }
-      ]
-    },
-    "schemaOrReference": {
-      "oneOf": [
-        {
-          "$ref": "#/definitions/schema"
-        },
-        {
-          "$ref": "#/definitions/reference"
-        }
-      ]
-    },
-    "securitySchemeOrReference": {
-      "oneOf": [
-        {
-          "$ref": "#/definitions/securityScheme"
-        },
-        {
-          "$ref": "#/definitions/reference"
-        }
-      ]
-    },
-    "callbacksOrReferences": {
-      "type": "object",
-      "additionalProperties": {
-        "$ref": "#/definitions/callbackOrReference"
-      }
-    },
-    "encodings": {
-      "type": "object",
-      "additionalProperties": {
-        "$ref": "#/definitions/encoding"
-      }
-    },
-    "examplesOrReferences": {
-      "type": "object",
-      "additionalProperties": {
-        "$ref": "#/definitions/exampleOrReference"
-      }
-    },
-    "headersOrReferences": {
-      "type": "object",
-      "additionalProperties": {
-        "$ref": "#/definitions/headerOrReference"
-      }
-    },
-    "linksOrReferences": {
-      "type": "object",
-      "additionalProperties": {
-        "$ref": "#/definitions/linkOrReference"
-      }
-    },
-    "mediaTypes": {
-      "type": "object",
-      "additionalProperties": {
-        "$ref": "#/definitions/mediaType"
-      }
-    },
-    "parametersOrReferences": {
-      "type": "object",
-      "additionalProperties": {
-        "$ref": "#/definitions/parameterOrReference"
-      }
-    },
-    "requestBodiesOrReferences": {
-      "type": "object",
-      "additionalProperties": {
-        "$ref": "#/definitions/requestBodyOrReference"
-      }
-    },
-    "responsesOrReferences": {
-      "type": "object",
-      "additionalProperties": {
-        "$ref": "#/definitions/responseOrReference"
-      }
-    },
-    "schemasOrReferences": {
-      "type": "object",
-      "additionalProperties": {
-        "$ref": "#/definitions/schemaOrReference"
-      }
-    },
-    "securitySchemesOrReferences": {
-      "type": "object",
-      "additionalProperties": {
-        "$ref": "#/definitions/securitySchemeOrReference"
-      }
-    },
-    "serverVariables": {
-      "type": "object",
-      "additionalProperties": {
-        "$ref": "#/definitions/serverVariable"
-      }
-    },
-    "strings": {
-      "type": "object",
-      "additionalProperties": {
-        "type": "string"
-      }
-    },
-    "object": {
-      "type": "object",
-      "additionalProperties": true
-    },
-    "any": {
-      "additionalProperties": true
-    },
-    "expression": {
-      "type": "object",
-      "additionalProperties": true
-    },
-    "specificationExtension": {
-      "description": "Any property starting with x- is valid.",
-      "oneOf": [
-        {
-          "type": "null"
-        },
-        {
-          "type": "number"
-        },
-        {
-          "type": "boolean"
-        },
-        {
-          "type": "string"
-        },
-        {
-          "type": "object"
-        },
-        {
-          "type": "array"
-        }
-      ]
-    },
-    "defaultType": {
-      "oneOf": [
-        {
-          "type": "null"
-        },
-        {
-          "type": "array"
-        },
-        {
-          "type": "object"
-        },
-        {
-          "type": "number"
-        },
-        {
-          "type": "boolean"
-        },
-        {
-          "type": "string"
-        }
-      ]
-    }
-  }
-}
diff --git a/vendor/github.com/google/go-github/v53/github/event.go b/vendor/github.com/google/go-github/v53/github/event.go
deleted file mode 100644
index 4ee25603a8..0000000000
--- a/vendor/github.com/google/go-github/v53/github/event.go
+++ /dev/null
@@ -1,167 +0,0 @@
-// Copyright 2018 The go-github AUTHORS. All rights reserved.
-//
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package github
-
-import (
-	"encoding/json"
-)
-
-// Event represents a GitHub event.
-type Event struct {
-	Type       *string          `json:"type,omitempty"`
-	Public     *bool            `json:"public,omitempty"`
-	RawPayload *json.RawMessage `json:"payload,omitempty"`
-	Repo       *Repository      `json:"repo,omitempty"`
-	Actor      *User            `json:"actor,omitempty"`
-	Org        *Organization    `json:"org,omitempty"`
-	CreatedAt  *Timestamp       `json:"created_at,omitempty"`
-	ID         *string          `json:"id,omitempty"`
-}
-
-func (e Event) String() string {
-	return Stringify(e)
-}
-
-// ParsePayload parses the event payload. For recognized event types,
-// a value of the corresponding struct type will be returned.
-func (e *Event) ParsePayload() (payload interface{}, err error) {
-	switch *e.Type {
-	case "BranchProtectionRuleEvent":
-		payload = &BranchProtectionRuleEvent{}
-	case "CheckRunEvent":
-		payload = &CheckRunEvent{}
-	case "CheckSuiteEvent":
-		payload = &CheckSuiteEvent{}
-	case "CodeScanningAlertEvent":
-		payload = &CodeScanningAlertEvent{}
-	case "CommitCommentEvent":
-		payload = &CommitCommentEvent{}
-	case "ContentReferenceEvent":
-		payload = &ContentReferenceEvent{}
-	case "CreateEvent":
-		payload = &CreateEvent{}
-	case "DeleteEvent":
-		payload = &DeleteEvent{}
-	case "DeployKeyEvent":
-		payload = &DeployKeyEvent{}
-	case "DeploymentEvent":
-		payload = &DeploymentEvent{}
-	case "DeploymentProtectionRuleEvent":
-		payload = &DeploymentProtectionRuleEvent{}
-	case "DeploymentStatusEvent":
-		payload = &DeploymentStatusEvent{}
-	case "DiscussionEvent":
-		payload = &DiscussionEvent{}
-	case "DiscussionCommentEvent":
-		payload = &DiscussionCommentEvent{}
-	case "ForkEvent":
-		payload = &ForkEvent{}
-	case "GitHubAppAuthorizationEvent":
-		payload = &GitHubAppAuthorizationEvent{}
-	case "GollumEvent":
-		payload = &GollumEvent{}
-	case "InstallationEvent":
-		payload = &InstallationEvent{}
-	case "InstallationRepositoriesEvent":
-		payload = &InstallationRepositoriesEvent{}
-	case "IssueCommentEvent":
-		payload = &IssueCommentEvent{}
-	case "IssuesEvent":
-		payload = &IssuesEvent{}
-	case "LabelEvent":
-		payload = &LabelEvent{}
-	case "MarketplacePurchaseEvent":
-		payload = &MarketplacePurchaseEvent{}
-	case "MemberEvent":
-		payload = &MemberEvent{}
-	case "MembershipEvent":
-		payload = &MembershipEvent{}
-	case "MergeGroupEvent":
-		payload = &MergeGroupEvent{}
-	case "MetaEvent":
-		payload = &MetaEvent{}
-	case "MilestoneEvent":
-		payload = &MilestoneEvent{}
-	case "OrganizationEvent":
-		payload = &OrganizationEvent{}
-	case "OrgBlockEvent":
-		payload = &OrgBlockEvent{}
-	case "PackageEvent":
-		payload = &PackageEvent{}
-	case "PageBuildEvent":
-		payload = &PageBuildEvent{}
-	case "PingEvent":
-		payload = &PingEvent{}
-	case "ProjectEvent":
-		payload = &ProjectEvent{}
-	case "ProjectCardEvent":
-		payload = &ProjectCardEvent{}
-	case "ProjectColumnEvent":
-		payload = &ProjectColumnEvent{}
-	case "PublicEvent":
-		payload = &PublicEvent{}
-	case "PullRequestEvent":
-		payload = &PullRequestEvent{}
-	case "PullRequestReviewEvent":
-		payload = &PullRequestReviewEvent{}
-	case "PullRequestReviewCommentEvent":
-		payload = &PullRequestReviewCommentEvent{}
-	case "PullRequestReviewThreadEvent":
-		payload = &PullRequestReviewThreadEvent{}
-	case "PullRequestTargetEvent":
-		payload = &PullRequestTargetEvent{}
-	case "PushEvent":
-		payload = &PushEvent{}
-	case "ReleaseEvent":
-		payload = &ReleaseEvent{}
-	case "RepositoryEvent":
-		payload = &RepositoryEvent{}
-	case "RepositoryDispatchEvent":
-		payload = &RepositoryDispatchEvent{}
-	case "RepositoryImportEvent":
-		payload = &RepositoryImportEvent{}
-	case "RepositoryVulnerabilityAlertEvent":
-		payload = &RepositoryVulnerabilityAlertEvent{}
-	case "SecretScanningAlertEvent":
-		payload = &SecretScanningAlertEvent{}
-	case "SecurityAdvisoryEvent":
-		payload = &SecurityAdvisoryEvent{}
-	case "StarEvent":
-		payload = &StarEvent{}
-	case "StatusEvent":
-		payload = &StatusEvent{}
-	case "TeamEvent":
-		payload = &TeamEvent{}
-	case "TeamAddEvent":
-		payload = &TeamAddEvent{}
-	case "UserEvent":
-		payload = &UserEvent{}
-	case "WatchEvent":
-		payload = &WatchEvent{}
-	case "WorkflowDispatchEvent":
-		payload = &WorkflowDispatchEvent{}
-	case "WorkflowJobEvent":
-		payload = &WorkflowJobEvent{}
-	case "WorkflowRunEvent":
-		payload = &WorkflowRunEvent{}
-	}
-	err = json.Unmarshal(*e.RawPayload, &payload)
-	return payload, err
-}
-
-// Payload returns the parsed event payload. For recognized event types,
-// a value of the corresponding struct type will be returned.
-//
-// Deprecated: Use ParsePayload instead, which returns an error
-// rather than panics if JSON unmarshaling raw payload fails.
-func (e *Event) Payload() (payload interface{}) {
-	var err error
-	payload, err = e.ParsePayload()
-	if err != nil {
-		panic(err)
-	}
-	return payload
-}
diff --git a/vendor/github.com/google/go-github/v53/AUTHORS b/vendor/github.com/google/go-github/v55/AUTHORS
similarity index 89%
rename from vendor/github.com/google/go-github/v53/AUTHORS
rename to vendor/github.com/google/go-github/v55/AUTHORS
index 5e40cd1f38..74a21dc604 100644
--- a/vendor/github.com/google/go-github/v53/AUTHORS
+++ b/vendor/github.com/google/go-github/v55/AUTHORS
@@ -11,13 +11,17 @@
 178inaba <masahiro.furudate@gmail.com>
 2BFL <imqksl@gmail.com>
 413x <dedifferentiator@gmail.com>
+6543 <6543@obermui.de>
 Abed Kibbe <abed.kibbe@gmail.com>
 Abhinav Gupta <mail@abhinavg.net>
 Abhishek Veeramalla <abhishek.veeramalla@gmail.com>
 aboy <b1011211@gmail.com>
+Adam Kohring <ajkohring@gmail.com>
 adrienzieba <adrien.zieba@appdirect.com>
 afdesk <work@afdesk.com>
+Ahmad Nurus S <ahmadnurus.sh@gmail.com>
 Ahmed Hagy <a.akram93@gmail.com>
+Aidan <aidan@artificial.com>
 Aidan Steele <aidan.steele@glassechidna.com.au>
 Ainsley Chong <ainsley.chong@gmail.com>
 ajz01 <azdenek@yahoo.com>
@@ -26,6 +30,7 @@ Akhil Mohan <akhilerm@gmail.com>
 Alec Thomas <alec@swapoff.org>
 Aleks Clark <aleks.clark@gmail.com>
 Alex Bramley <a.bramley@gmail.com>
+Alex Ellis <alexellis2@gmail.com>
 Alex Orr <Alexorr.CSE@gmail.com>
 Alex Su <alexsu@17.media>
 Alex Unger <zyxancf@gmail.com>
@@ -51,6 +56,7 @@ Anton Nguyen <afnguyen85@gmail.com>
 Anubha Kushwaha <anubha_bt2k14@dtu.ac.in>
 appilon <apilon@hashicorp.com>
 aprp <doelaudi@gmail.com>
+apurwaj2 <apurwaj2@gmail.com>
 Aravind <aravindkp@outlook.in>
 Arda Kuyumcu <kuyumcuarda@gmail.com>
 Arıl Bozoluk <arilbozoluk@hotmail.com>
@@ -60,12 +66,15 @@ Austin Dizzy <dizzy@wow.com>
 Azuka Okuleye <azuka@zatechcorp.com>
 Ben Batha <bhbatha@gmail.com>
 Benjamen Keroack <benjamen@dollarshaveclub.com>
+Berkay Tacyildiz <berkaytacyildiz@gmail.com>
 Beshr Kayali <beshrkayali@gmail.com>
 Beyang Liu <beyang.liu@gmail.com>
 Billy Keyes <bluekeyes@gmail.com>
 Billy Lynch <wlynch92@gmail.com>
+Bingtan Lu <lubingtan@126.com>
 Bjorn Neergaard <bjorn@neersighted.com>
 Björn Häuser <b.haeuser@rebuy.de>
+Bo Huang <bo.huang@datadoghq.com>
 boljen <bol.christophe@gmail.com>
 Bracken <abdawson@gmail.com>
 Brad Harris <bmharris@gmail.com>
@@ -74,6 +83,7 @@ Bradley Falzon <brad@teambrad.net>
 Bradley McAllister <brad.mcallister@hotmail.com>
 Brandon Butler <b.butler@chia.net>
 Brandon Cook <phylake@gmail.com>
+Brandon Stubbs <brstubbs1@gmail.com>
 Brett Kuhlman <kuhlman-labs@github.com>
 Brett Logan <lindluni@github.com>
 Brian Egizi <brian@mojotech.com>
@@ -96,6 +106,7 @@ Chris Schaefer <chris@dtzq.com>
 chrisforrette <chris@chrisforrette.com>
 Christian Bargmann <chris@cbrgm.net>
 Christian Muehlhaeuser <muesli@gmail.com>
+Christoph Jerolimov <jerolimov@gmail.com>
 Christoph Sassenberg <defsprite@gmail.com>
 CI Monk <ci-monk@protonmail.com>
 Colin Misare <github.com/cmisare>
@@ -125,12 +136,14 @@ Derek Jobst <derekjobst@gmail.com>
 DeviousLab <deviouslab@gmail.com>
 Dhi Aurrahman <diorahman@rockybars.com>
 Diego Lapiduz <diego.lapiduz@cfpb.gov>
+Diogo Vilela <be0x74a@gmail.com>
 Dmitri Shuralyov <shurcooL@gmail.com>
 dmnlk <seikima2demon@gmail.com>
 Don Petersen <don@donpetersen.net>
 Doug Turner <doug.turner@gmail.com>
 Drew Fradette <drew.fradette@gmail.com>
 Dustin Deus <deusdustin@gmail.com>
+Dustin Lish <dustin.lish@onepeloton.com>
 Eivind <eivindkn@gmail.com>
 Eli Uriegas <seemethere101@gmail.com>
 Elliott Beach <elliott2.71828@gmail.com>
@@ -141,10 +154,12 @@ eperm <staffordworrell@gmail.com>
 Erick Fejta <erick@fejta.com>
 Erik Nobel <hendrik.nobel@transferwise.com>
 erwinvaneyk <erwinvaneyk@gmail.com>
+Evan Anderson <evan.k.anderson@gmail.com>
 Evan Elias <evanjelias@gmail.com>
 Fabian Holler <fabian.holler@simplesurance.de>
 Fabrice <fabrice.vaillant@student.ecp.fr>
 Fatema-Moaiyadi <fatema.i.moaiyadi@gmail.com>
+Federico Di Pierro <nierro92@gmail.com>
 Felix Geisendörfer <felix@debuggable.com>
 Filippo Valsorda <hi@filippo.io>
 Florian Forster <ff@octo.it>
@@ -155,6 +170,7 @@ Francisco Guimarães <francisco.cpg@gmail.com>
 François de Metz <francois@2metz.fr>
 Fredrik Jönsson <fredrik.jonsson@izettle.com>
 Gabriel <samfiragabriel@gmail.com>
+Gal Ofri <galmenashofri@gmail.com>
 Garrett Squire <garrettsquire@gmail.com>
 George Kontridze <george.kontridze@gmail.com>
 Georgy Buranov <gburanov@gmail.com>
@@ -163,6 +179,7 @@ Gnahz <p@oath.pl>
 Google Inc.
 Grachev Mikhail <work@mgrachev.com>
 griffin_stewie <panterathefamilyguy@gmail.com>
+guangwu <guoguangwu@magic-shield.com>
 Guillaume Jacquet <guillaume.jacquet@gmail.com>
 Guz Alexander <kalimatas@gmail.com>
 Guðmundur Bjarni Ólafsson <gudmundur@github.com>
@@ -178,6 +195,7 @@ huydx <doxuanhuy@gmail.com>
 i2bskn <i2bskn@gmail.com>
 Iain Steers <iainsteers@gmail.com>
 Ikko Ashimine <eltociear@gmail.com>
+Ilia Choly <ilia.choly@gmail.com>
 Ioannis Georgoulas <igeorgoulas21@gmail.com>
 Isao Jonas <isao.jonas@gmail.com>
 ishan upadhyay <ishanupadhyay412@gmail.com>
@@ -189,11 +207,15 @@ Jameel Haffejee <RC1140@republiccommandos.co.za>
 James Bowes <jbowes@repl.ca>
 James Cockbain <james.cockbain@ibm.com>
 James Loh <github@jloh.co>
+James Maguire <jvm986@gmail.com>
+James Turley <jamesturley1905@googlemail.com>
 Jamie West <jamieianwest@hotmail.com>
 Jan Kosecki <jan.kosecki91@gmail.com>
 Jan Švábík <jansvabik@jansvabik.cz>
+Jason Field <Jason@avon-lea.co.uk>
 Javier Campanini <jcampanini@palantir.com>
 Jef LeCompte <jeffreylec@gmail.com>
+Jeff Wenzbauer <jeff.wenzbauer@niceincontact.com>
 Jens Rantil <jens.rantil@gmail.com>
 Jeremy Morris <jeremylevanmorris@gmail.com>
 Jesse Haka <haka.jesse@gmail.com>
@@ -208,7 +230,9 @@ John Engelman <john.r.engelman@gmail.com>
 John Jones <john@exthilion.org>
 John Liu <john.liu@mongodb.com>
 Jordan Brockopp <jdbro94@gmail.com>
+Jordan Burandt <jordanburandt@gmail.com>
 Jordan Sussman <jordansail22@gmail.com>
+Jorge Gómez Reus <j-g1996@live.com>
 Joshua Bezaleel Abednego <joshua.bezaleel@gmail.com>
 João Cerqueira <joao@cerqueira.io>
 JP Phillips <jonphill9@gmail.com>
@@ -222,14 +246,17 @@ Justin Abrahms <justin@abrah.ms>
 Justin Toh <tohjustin@hotmail.com>
 Jusung Lee <e.jusunglee@gmail.com>
 jzhoucliqr <jzhou@cliqr.com>
+k0ral <mail@cmoreau.info>
 k1rnt <eru08tera15mora@gmail.com>
 kadern0 <kaderno@gmail.com>
+Karthik Sundari <karthiksundari2315@gmail.com>
 Katrina Owen <kytrinyx@github.com>
 Kautilya Tripathi <tripathi.kautilya@gmail.com>
 Keita Urashima <ursm@ursm.jp>
 Kevin Burke <kev@inburke.com>
 Kevin Wang <kwangsan@gmail.com>
 Kevin Zhao <kzhao@lyft.com>
+kgalli <mail@kgalli.de>
 Kirill <g4s8.public@gmail.com>
 Konrad Malawski <konrad.malawski@project13.pl>
 Kookheon Kwon <kucuny@gmail.com>
@@ -239,19 +266,24 @@ Kshitij Saraogi <KshitijSaraogi@gmail.com>
 Kumar Saurabh <itsksaurabh@gmail.com>
 Kyle Kurz <kyle@doublekaudio.com>
 kyokomi <kyoko1220adword@gmail.com>
+Lars Lehtonen <lars.lehtonen@gmail.com>
 Laurent Verdoïa <verdoialaurent@gmail.com>
 leopoldwang <leopold.wang@gmail.com>
 Liam Galvin <liam@liam-galvin.co.uk>
 Lluis Campos <lluis.campos@northern.tech>
 Lovro Mažgon <lovro.mazgon@gmail.com>
+Loïs Postula <lois@postu.la>
 Luca Campese <me@campesel.net>
 Lucas Alcantara <lucasalcantaraf@gmail.com>
+Lucas Martin-King <lmartinking@gmail.com>
 Luis Davim <luis.davim@sendoso.com>
 Luke Evers <me@lukevers.com>
+Luke Hinds <luke@stacklok.com>
 Luke Kysow <lkysow@gmail.com>
 Luke Roberts <email@luke-roberts.co.uk>
 Luke Young <luke@hydrantlabs.org>
 lynn [they] <lynncyrin@gmail.com>
+Magnus Kulke <mkulke@gmail.com>
 Maksim Zhylinski <uzzable@gmail.com>
 Marc Binder <marcandrebinder@gmail.com>
 Marcelo Carlos <marcelo@permutive.com>
@@ -266,9 +298,11 @@ Matija Horvat <horvat2112@gmail.com>
 Matin Rahmanian <itsmatinx@gmail.com>
 Matt <alpmatthew@gmail.com>
 Matt Brender <mjbrender@gmail.com>
+Matt Dainty <matt@bodgit-n-scarper.com>
 Matt Gaunt <matt@gauntface.co.uk>
 Matt Landis <landis.matt@gmail.com>
 Matt Moore <mattmoor@vmware.com>
+Matt Simons <mattsimons@ntlworld.com>
 Maxime Bury <maxime.bury@gmail.com>
 Michael Meng <mmeng@lyft.com>
 Michael Spiegel <michael.m.spiegel@gmail.com>
@@ -277,26 +311,33 @@ Michał Glapa <michal.glapa@gmail.com>
 Michelangelo Morrillo <michelangelo@morrillo.it>
 Miguel Elias dos Santos <migueleliasweb@gmail.com>
 Mike Chen <mchen300@gmail.com>
+mohammad ali <2018cs92@student.uet.edu.pk>
 Mohammed AlDujaili <avainer11@gmail.com>
 Mukundan Senthil <mukundan314@gmail.com>
 Munia Balayil <munia.247@gmail.com>
 Mustafa Abban <mustafaabban@utexas.edu>
 Nadav Kaner <nadavkaner1@gmail.com>
+Naoki Kanatani <k12naoki@gmail.com>
 Nathan VanBenschoten <nvanbenschoten@gmail.com>
 Navaneeth Suresh <navaneeths1998@gmail.com>
+Neal Caffery <neal1991@sina.com>
 Neil O'Toole <neilotoole@apache.org>
 Nick Miyake <nmiyake@palantir.com>
 Nick Platt <hello@nickplatt.co.uk>
 Nick Spragg <nick.spragg@bbc.co.uk>
+Nicolas Chapurlat <nc@coorganix.com>
 Nikhita Raghunath <nikitaraghunath@gmail.com>
 Nilesh Singh <nilesh.singh24@outlook.com>
 Noah Hanjun Lee <noah.lee@buzzvil.com>
 Noah Zoschke <noah+sso2@convox.com>
 ns-cweber <cweber@narrativescience.com>
+nxya <nathacutlan@gmail.com>
 Ole Orhagen <ole.orhagen@northern.tech>
 Oleg Kovalov <iamolegkovalov@gmail.com>
 Ondřej Kupka <ondra.cap@gmail.com>
 Ori Talmor <talmorori@gmail.com>
+Osama Faqhruldin <onfaqhru@gmail.com>
+oslowalk <den.cs@pm.me>
 Pablo Pérez Schröder <pablo.perezschroder@wetransfer.com>
 Palash Nigam <npalash25@gmail.com>
 Panagiotis Moustafellos <pmoust@gmail.com>
@@ -307,6 +348,7 @@ parkhyukjun89 <park.hyukjun89@gmail.com>
 Pat Alwell <pat.alwell@gmail.com>
 Patrick DeVivo <patrick.devivo@gmail.com>
 Patrick Marabeas <patrick@marabeas.io>
+Patrik Nordlén <patriki@gmail.com>
 Pavel Dvoinos <pavel.dvoinos@transferwise.com>
 Pavel Shtanko <pavel.shtanko@gmail.com>
 Pete Wagner <thepwagner@github.com>
@@ -323,6 +365,7 @@ Quinn Slack <qslack@qslack.com>
 Rackspace US, Inc.
 Radek Simko <radek.simko@gmail.com>
 Radliński Ignacy <radlinsk@student.agh.edu.pl>
+Rafael Aramizu Gomes <rafael.aramizu@mercadolivre.com>
 Rajat Jindal <rajatjindal83@gmail.com>
 Rajendra arora <rajendraarora16@yahoo.com>
 Rajkumar <princegosavi12@gmail.com>
@@ -351,6 +394,7 @@ Ryo Nakao <nakabonne@gmail.com>
 Saaarah <sarah.liusy@gmail.com>
 Safwan Olaimat <safwan.olaimat@gmail.com>
 Sahil Dua <sahildua2305@gmail.com>
+Sai Ravi Teja Chintakrindi <srt2712@gmail.com>
 saisi <saisi@users.noreply.github.com>
 Sam Minnée <sam@silverstripe.com>
 Sandeep Sukhani <sandeep.d.sukhani@gmail.com>
@@ -377,6 +421,7 @@ Sho Okada <shokada3@gmail.com>
 Shrikrishna Singh <krishnasingh.ss30@gmail.com>
 Simon Davis <sdavis@hashicorp.com>
 sona-tar <sona.zip@gmail.com>
+soniachikh <sonia.chikh@gmail.com>
 SoundCloud, Ltd.
 Sridhar Mocherla <srmocher@microsoft.com>
 SriVignessh Pss <sriknowledge@gmail.com>
@@ -387,6 +432,7 @@ Suhaib Mujahid <suhaibmujahid@gmail.com>
 sushmita wable <sw09007@gmail.com>
 Szymon Kodrebski <simonkey007@gmail.com>
 Søren Hansen <soren@dinero.dk>
+T.J. Corrigan <tjcorr@github.com>
 Takashi Yoneuchi <takashi.yoneuchi@shift-js.info>
 Takayuki Watanabe <takanabe.w@gmail.com>
 Taketoshi Fujiwara <fujiwara@leapmind.io>
@@ -398,6 +444,7 @@ Theofilos Petsios <theofilos.pe@gmail.com>
 Thomas Aidan Curran <thomas@ory.sh>
 Thomas Bruyelle <thomas.bruyelle@gmail.com>
 Tim Rogers <timrogers@github.com>
+Timothy O'Brien <obrien.timothy.a@gmail.com>
 Timothée Peignier <timothee.peignier@tryphon.org>
 Tingluo Huang <tingluohuang@github.com>
 tkhandel <tarunkhandelwal.iitr@gmail.com>
@@ -410,11 +457,15 @@ Vaibhav Singh <vaibhav.singh.14cse@bml.edu.in>
 Varadarajan Aravamudhan <varadaraajan@gmail.com>
 Victor Castell <victor@victorcastell.com>
 Victor Vrantchan <vrancean+github@gmail.com>
+Victory Osikwemhe <osikwemhev@gmail.com>
 vikkyomkar <vikky.omkar@samsung.com>
+Vivek <y.vivekanand@gmail.com>
 Vlad Ungureanu <vladu@palantir.com>
 Wasim Thabraze <wasim@thabraze.me>
 Weslei Juan Moser Pereira <wesleimsr@gmail.com>
+Wheeler Law <wheeler.law@outlook.com>
 Will Maier <wcmaier@gmail.com>
+Will Norris <will@tailscale.com>
 Willem D'Haeseleer <dhwillem@gmail.com>
 William Bailey <mail@williambailey.org.uk>
 William Cooke <pipeston@gmail.com>
@@ -422,12 +473,15 @@ Xabi <xmartinez1702@gmail.com>
 xibz <impactbchang@gmail.com>
 Yann Malet <yann.malet@gmail.com>
 Yannick Utard <yannickutard@gmail.com>
+Yarden Shoham <git@yardenshoham.com>
 Yicheng Qin <qycqycqycqycqyc@gmail.com>
 Yosuke Akatsuka <yosuke.akatsuka@access-company.com>
 Yumikiyo Osanai <yumios.art@gmail.com>
+Yurii Soldak <ysoldak@gmail.com>
 Yusef Mohamadi <yuseferi@gmail.com>
 Yusuke Kuoka <ykuoka@gmail.com>
 Zach Latta <zach@zachlatta.com>
 zhouhaibing089 <zhouhaibing089@gmail.com>
 六开箱 <lkxed@outlook.com>
 缘生 <i@ysicing.me>
+蒋航 <hang.jiang@daocloud.io>
diff --git a/vendor/github.com/google/go-github/v53/LICENSE b/vendor/github.com/google/go-github/v55/LICENSE
similarity index 100%
rename from vendor/github.com/google/go-github/v53/LICENSE
rename to vendor/github.com/google/go-github/v55/LICENSE
diff --git a/vendor/github.com/google/go-github/v53/github/actions.go b/vendor/github.com/google/go-github/v55/github/actions.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/actions.go
rename to vendor/github.com/google/go-github/v55/github/actions.go
diff --git a/vendor/github.com/google/go-github/v53/github/actions_artifacts.go b/vendor/github.com/google/go-github/v55/github/actions_artifacts.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/actions_artifacts.go
rename to vendor/github.com/google/go-github/v55/github/actions_artifacts.go
diff --git a/vendor/github.com/google/go-github/v53/github/actions_cache.go b/vendor/github.com/google/go-github/v55/github/actions_cache.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/actions_cache.go
rename to vendor/github.com/google/go-github/v55/github/actions_cache.go
diff --git a/vendor/github.com/google/go-github/v53/github/actions_oidc.go b/vendor/github.com/google/go-github/v55/github/actions_oidc.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/actions_oidc.go
rename to vendor/github.com/google/go-github/v55/github/actions_oidc.go
diff --git a/vendor/github.com/google/go-github/v53/github/actions_required_workflows.go b/vendor/github.com/google/go-github/v55/github/actions_required_workflows.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/actions_required_workflows.go
rename to vendor/github.com/google/go-github/v55/github/actions_required_workflows.go
diff --git a/vendor/github.com/google/go-github/v53/github/actions_runner_groups.go b/vendor/github.com/google/go-github/v55/github/actions_runner_groups.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/actions_runner_groups.go
rename to vendor/github.com/google/go-github/v55/github/actions_runner_groups.go
diff --git a/vendor/github.com/google/go-github/v53/github/actions_runners.go b/vendor/github.com/google/go-github/v55/github/actions_runners.go
similarity index 99%
rename from vendor/github.com/google/go-github/v53/github/actions_runners.go
rename to vendor/github.com/google/go-github/v55/github/actions_runners.go
index 3990a5a90f..7427451ccf 100644
--- a/vendor/github.com/google/go-github/v53/github/actions_runners.go
+++ b/vendor/github.com/google/go-github/v55/github/actions_runners.go
@@ -58,6 +58,7 @@ type GenerateJITConfigRequest struct {
 
 // JITRunnerConfig represents encoded JIT configuration that can be used to bootstrap a self-hosted runner.
 type JITRunnerConfig struct {
+	Runner           *Runner `json:"runner,omitempty"`
 	EncodedJITConfig *string `json:"encoded_jit_config,omitempty"`
 }
 
diff --git a/vendor/github.com/google/go-github/v53/github/actions_secrets.go b/vendor/github.com/google/go-github/v55/github/actions_secrets.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/actions_secrets.go
rename to vendor/github.com/google/go-github/v55/github/actions_secrets.go
diff --git a/vendor/github.com/google/go-github/v53/github/actions_variables.go b/vendor/github.com/google/go-github/v55/github/actions_variables.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/actions_variables.go
rename to vendor/github.com/google/go-github/v55/github/actions_variables.go
diff --git a/vendor/github.com/google/go-github/v53/github/actions_workflow_jobs.go b/vendor/github.com/google/go-github/v55/github/actions_workflow_jobs.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/actions_workflow_jobs.go
rename to vendor/github.com/google/go-github/v55/github/actions_workflow_jobs.go
diff --git a/vendor/github.com/google/go-github/v53/github/actions_workflow_runs.go b/vendor/github.com/google/go-github/v55/github/actions_workflow_runs.go
similarity index 99%
rename from vendor/github.com/google/go-github/v53/github/actions_workflow_runs.go
rename to vendor/github.com/google/go-github/v55/github/actions_workflow_runs.go
index 61f736be4f..0022108611 100644
--- a/vendor/github.com/google/go-github/v53/github/actions_workflow_runs.go
+++ b/vendor/github.com/google/go-github/v55/github/actions_workflow_runs.go
@@ -46,6 +46,7 @@ type WorkflowRun struct {
 	Repository         *Repository    `json:"repository,omitempty"`
 	HeadRepository     *Repository    `json:"head_repository,omitempty"`
 	Actor              *User          `json:"actor,omitempty"`
+	TriggeringActor    *User          `json:"triggering_actor,omitempty"`
 }
 
 // WorkflowRuns represents a slice of repository action workflow run.
diff --git a/vendor/github.com/google/go-github/v53/github/actions_workflows.go b/vendor/github.com/google/go-github/v55/github/actions_workflows.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/actions_workflows.go
rename to vendor/github.com/google/go-github/v55/github/actions_workflows.go
diff --git a/vendor/github.com/google/go-github/v53/github/activity.go b/vendor/github.com/google/go-github/v55/github/activity.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/activity.go
rename to vendor/github.com/google/go-github/v55/github/activity.go
diff --git a/vendor/github.com/google/go-github/v53/github/activity_events.go b/vendor/github.com/google/go-github/v55/github/activity_events.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/activity_events.go
rename to vendor/github.com/google/go-github/v55/github/activity_events.go
diff --git a/vendor/github.com/google/go-github/v53/github/activity_notifications.go b/vendor/github.com/google/go-github/v55/github/activity_notifications.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/activity_notifications.go
rename to vendor/github.com/google/go-github/v55/github/activity_notifications.go
diff --git a/vendor/github.com/google/go-github/v53/github/activity_star.go b/vendor/github.com/google/go-github/v55/github/activity_star.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/activity_star.go
rename to vendor/github.com/google/go-github/v55/github/activity_star.go
diff --git a/vendor/github.com/google/go-github/v53/github/activity_watching.go b/vendor/github.com/google/go-github/v55/github/activity_watching.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/activity_watching.go
rename to vendor/github.com/google/go-github/v55/github/activity_watching.go
diff --git a/vendor/github.com/google/go-github/v53/github/admin.go b/vendor/github.com/google/go-github/v55/github/admin.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/admin.go
rename to vendor/github.com/google/go-github/v55/github/admin.go
diff --git a/vendor/github.com/google/go-github/v53/github/admin_orgs.go b/vendor/github.com/google/go-github/v55/github/admin_orgs.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/admin_orgs.go
rename to vendor/github.com/google/go-github/v55/github/admin_orgs.go
diff --git a/vendor/github.com/google/go-github/v53/github/admin_stats.go b/vendor/github.com/google/go-github/v55/github/admin_stats.go
similarity index 99%
rename from vendor/github.com/google/go-github/v53/github/admin_stats.go
rename to vendor/github.com/google/go-github/v55/github/admin_stats.go
index ef294f4479..17e568f62b 100644
--- a/vendor/github.com/google/go-github/v53/github/admin_stats.go
+++ b/vendor/github.com/google/go-github/v55/github/admin_stats.go
@@ -7,7 +7,6 @@ package github
 
 import (
 	"context"
-	"fmt"
 )
 
 // AdminStats represents a variety of stats of a GitHub Enterprise
@@ -155,7 +154,7 @@ func (s RepoStats) String() string {
 //
 // GitHub API docs: https://docs.github.com/en/rest/enterprise-admin/admin_stats/
 func (s *AdminService) GetAdminStats(ctx context.Context) (*AdminStats, *Response, error) {
-	u := fmt.Sprintf("enterprise/stats/all")
+	u := "enterprise/stats/all"
 	req, err := s.client.NewRequest("GET", u, nil)
 	if err != nil {
 		return nil, nil, err
diff --git a/vendor/github.com/google/go-github/v53/github/admin_users.go b/vendor/github.com/google/go-github/v55/github/admin_users.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/admin_users.go
rename to vendor/github.com/google/go-github/v55/github/admin_users.go
diff --git a/vendor/github.com/google/go-github/v53/github/apps.go b/vendor/github.com/google/go-github/v55/github/apps.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/apps.go
rename to vendor/github.com/google/go-github/v55/github/apps.go
diff --git a/vendor/github.com/google/go-github/v53/github/apps_hooks.go b/vendor/github.com/google/go-github/v55/github/apps_hooks.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/apps_hooks.go
rename to vendor/github.com/google/go-github/v55/github/apps_hooks.go
diff --git a/vendor/github.com/google/go-github/v53/github/apps_hooks_deliveries.go b/vendor/github.com/google/go-github/v55/github/apps_hooks_deliveries.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/apps_hooks_deliveries.go
rename to vendor/github.com/google/go-github/v55/github/apps_hooks_deliveries.go
diff --git a/vendor/github.com/google/go-github/v53/github/apps_installation.go b/vendor/github.com/google/go-github/v55/github/apps_installation.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/apps_installation.go
rename to vendor/github.com/google/go-github/v55/github/apps_installation.go
diff --git a/vendor/github.com/google/go-github/v53/github/apps_manifest.go b/vendor/github.com/google/go-github/v55/github/apps_manifest.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/apps_manifest.go
rename to vendor/github.com/google/go-github/v55/github/apps_manifest.go
diff --git a/vendor/github.com/google/go-github/v53/github/apps_marketplace.go b/vendor/github.com/google/go-github/v55/github/apps_marketplace.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/apps_marketplace.go
rename to vendor/github.com/google/go-github/v55/github/apps_marketplace.go
diff --git a/vendor/github.com/google/go-github/v53/github/authorizations.go b/vendor/github.com/google/go-github/v55/github/authorizations.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/authorizations.go
rename to vendor/github.com/google/go-github/v55/github/authorizations.go
diff --git a/vendor/github.com/google/go-github/v53/github/billing.go b/vendor/github.com/google/go-github/v55/github/billing.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/billing.go
rename to vendor/github.com/google/go-github/v55/github/billing.go
diff --git a/vendor/github.com/google/go-github/v53/github/checks.go b/vendor/github.com/google/go-github/v55/github/checks.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/checks.go
rename to vendor/github.com/google/go-github/v55/github/checks.go
diff --git a/vendor/github.com/google/go-github/v53/github/code-scanning.go b/vendor/github.com/google/go-github/v55/github/code-scanning.go
similarity index 69%
rename from vendor/github.com/google/go-github/v53/github/code-scanning.go
rename to vendor/github.com/google/go-github/v55/github/code-scanning.go
index e4a6abeba3..0ae269be67 100644
--- a/vendor/github.com/google/go-github/v53/github/code-scanning.go
+++ b/vendor/github.com/google/go-github/v55/github/code-scanning.go
@@ -48,11 +48,13 @@ type Message struct {
 type MostRecentInstance struct {
 	Ref             *string   `json:"ref,omitempty"`
 	AnalysisKey     *string   `json:"analysis_key,omitempty"`
+	Category        *string   `json:"category,omitempty"`
 	Environment     *string   `json:"environment,omitempty"`
 	State           *string   `json:"state,omitempty"`
 	CommitSHA       *string   `json:"commit_sha,omitempty"`
 	Message         *Message  `json:"message,omitempty"`
 	Location        *Location `json:"location,omitempty"`
+	HTMLURL         *string   `json:"html_url,omitempty"`
 	Classifications []string  `json:"classifications,omitempty"`
 }
 
@@ -113,15 +115,30 @@ func (a *Alert) ID() int64 {
 	return id
 }
 
-// AlertListOptions specifies optional parameters to the CodeScanningService.ListAlerts
-// method.
+// AlertInstancesListOptions specifies optional parameters to the CodeScanningService.ListAlertInstances method.
+type AlertInstancesListOptions struct {
+	// Return code scanning alert instances for a specific branch reference.
+	// The ref can be formatted as refs/heads/<branch name> or simply <branch name>. To reference a pull request use refs/pull/<number>/merge
+	Ref string `url:"ref,omitempty"`
+
+	ListOptions
+}
+
+// AlertListOptions specifies optional parameters to the CodeScanningService.ListAlerts method.
 type AlertListOptions struct {
 	// State of the code scanning alerts to list. Set to closed to list only closed code scanning alerts. Default: open
 	State string `url:"state,omitempty"`
 
-	// Return code scanning alerts for a specific branch reference. The ref must be formatted as heads/<branch name>.
+	// Return code scanning alerts for a specific branch reference.
+	// The ref can be formatted as refs/heads/<branch name> or simply <branch name>. To reference a pull request use refs/pull/<number>/merge
 	Ref string `url:"ref,omitempty"`
 
+	// If specified, only code scanning alerts with this severity will be returned. Possible values are: critical, high, medium, low, warning, note, error.
+	Severity string `url:"severity,omitempty"`
+
+	// The name of a code scanning tool. Only results by this tool will be listed.
+	ToolName string `url:"tool_name,omitempty"`
+
 	ListCursorOptions
 
 	// Add ListOptions so offset pagination with integer type "page" query parameter is accepted
@@ -134,12 +151,28 @@ type AnalysesListOptions struct {
 	// Return code scanning analyses belonging to the same SARIF upload.
 	SarifID *string `url:"sarif_id,omitempty"`
 
-	// Return code scanning analyses for a specific branch reference. The ref can be formatted as refs/heads/<branch name> or simply <branch name>.
+	// Return code scanning analyses for a specific branch reference.
+	// The ref can be formatted as refs/heads/<branch name> or simply <branch name>. To reference a pull request use refs/pull/<number>/merge
 	Ref *string `url:"ref,omitempty"`
 
 	ListOptions
 }
 
+// CodeQLDatabase represents a metadata about the CodeQL database.
+//
+// GitHub API docs: https://docs.github.com/en/rest/code-scanning
+type CodeQLDatabase struct {
+	ID          *int64     `json:"id,omitempty"`
+	Name        *string    `json:"name,omitempty"`
+	Language    *string    `json:"language,omitempty"`
+	Uploader    *User      `json:"uploader,omitempty"`
+	ContentType *string    `json:"content_type,omitempty"`
+	Size        *int64     `json:"size,omitempty"`
+	CreatedAt   *Timestamp `json:"created_at,omitempty"`
+	UpdatedAt   *Timestamp `json:"updated_at,omitempty"`
+	URL         *string    `json:"url,omitempty"`
+}
+
 // ScanningAnalysis represents an individual GitHub Code Scanning ScanningAnalysis on a single repository.
 //
 // GitHub API docs: https://docs.github.com/en/rest/code-scanning
@@ -202,7 +235,7 @@ type SarifID struct {
 // You must use an access token with the security_events scope to use this endpoint. GitHub Apps must have the security_events
 // read permission to use this endpoint.
 //
-// GitHub API docs: https://docs.github.com/en/rest/code-scanning#list-code-scanning-alerts-for-an-organization
+// GitHub API docs: https://docs.github.com/en/rest/code-scanning/code-scanning#list-code-scanning-alerts-for-an-organization
 func (s *CodeScanningService) ListAlertsForOrg(ctx context.Context, org string, opts *AlertListOptions) ([]*Alert, *Response, error) {
 	u := fmt.Sprintf("orgs/%v/code-scanning/alerts", org)
 	u, err := addOptions(u, opts)
@@ -230,7 +263,7 @@ func (s *CodeScanningService) ListAlertsForOrg(ctx context.Context, org string,
 // You must use an access token with the security_events scope to use this endpoint. GitHub Apps must have the security_events
 // read permission to use this endpoint.
 //
-// GitHub API docs: https://docs.github.com/en/rest/code-scanning#list-code-scanning-alerts-for-a-repository
+// GitHub API docs: https://docs.github.com/en/rest/code-scanning/code-scanning#list-code-scanning-alerts-for-a-repository
 func (s *CodeScanningService) ListAlertsForRepo(ctx context.Context, owner, repo string, opts *AlertListOptions) ([]*Alert, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/code-scanning/alerts", owner, repo)
 	u, err := addOptions(u, opts)
@@ -259,7 +292,7 @@ func (s *CodeScanningService) ListAlertsForRepo(ctx context.Context, owner, repo
 //
 // The security alert_id is the number at the end of the security alert's URL.
 //
-// GitHub API docs: https://docs.github.com/en/rest/code-scanning#get-a-code-scanning-alert
+// GitHub API docs: https://docs.github.com/en/rest/code-scanning/code-scanning#get-a-code-scanning-alert
 func (s *CodeScanningService) GetAlert(ctx context.Context, owner, repo string, id int64) (*Alert, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/code-scanning/alerts/%v", owner, repo, id)
 
@@ -302,13 +335,40 @@ func (s *CodeScanningService) UpdateAlert(ctx context.Context, owner, repo strin
 	return a, resp, nil
 }
 
+// ListAlertInstances lists instances of a code scanning alert.
+//
+// You must use an access token with the security_events scope to use this endpoint.
+// GitHub Apps must have the security_events read permission to use this endpoint.
+//
+// GitHub API docs: https://docs.github.com/en/rest/code-scanning/code-scanning#list-instances-of-a-code-scanning-alert
+func (s *CodeScanningService) ListAlertInstances(ctx context.Context, owner, repo string, id int64, opts *AlertInstancesListOptions) ([]*MostRecentInstance, *Response, error) {
+	u := fmt.Sprintf("repos/%v/%v/code-scanning/alerts/%v/instances", owner, repo, id)
+	u, err := addOptions(u, opts)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	req, err := s.client.NewRequest("GET", u, nil)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var alertInstances []*MostRecentInstance
+	resp, err := s.client.Do(ctx, req, &alertInstances)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return alertInstances, resp, nil
+}
+
 // UploadSarif uploads the result of code scanning job to GitHub.
 //
 // For the parameter sarif, you must first compress your SARIF file using gzip and then translate the contents of the file into a Base64 encoding string.
 // You must use an access token with the security_events scope to use this endpoint. GitHub Apps must have the security_events
 // write permission to use this endpoint.
 //
-// GitHub API docs: https://docs.github.com/en/rest/code-scanning#upload-an-analysis-as-sarif-data
+// GitHub API docs: https://docs.github.com/en/rest/code-scanning/code-scanning#upload-an-analysis-as-sarif-data
 func (s *CodeScanningService) UploadSarif(ctx context.Context, owner, repo string, sarif *SarifAnalysis) (*SarifID, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/code-scanning/sarifs", owner, repo)
 
@@ -326,13 +386,45 @@ func (s *CodeScanningService) UploadSarif(ctx context.Context, owner, repo strin
 	return sarifID, resp, nil
 }
 
+// SARIFUpload represents information about a SARIF upload.
+type SARIFUpload struct {
+	// `pending` files have not yet been processed, while `complete` means results from the SARIF have been stored.
+	// `failed` files have either not been processed at all, or could only be partially processed.
+	ProcessingStatus *string `json:"processing_status,omitempty"`
+	// The REST API URL for getting the analyses associated with the upload.
+	AnalysesURL *string `json:"analyses_url,omitempty"`
+}
+
+// GetSARIF gets information about a SARIF upload.
+//
+// You must use an access token with the security_events scope to use this endpoint.
+// GitHub Apps must have the security_events read permission to use this endpoint.
+//
+// GitHub API docs: https://docs.github.com/en/rest/code-scanning/code-scanning#get-information-about-a-sarif-upload
+func (s *CodeScanningService) GetSARIF(ctx context.Context, owner, repo, sarifID string) (*SARIFUpload, *Response, error) {
+	u := fmt.Sprintf("repos/%v/%v/code-scanning/sarifs/%v", owner, repo, sarifID)
+
+	req, err := s.client.NewRequest("GET", u, nil)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	sarifUpload := new(SARIFUpload)
+	resp, err := s.client.Do(ctx, req, sarifUpload)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return sarifUpload, resp, nil
+}
+
 // ListAnalysesForRepo lists code scanning analyses for a repository.
 //
 // Lists the details of all code scanning analyses for a repository, starting with the most recent.
 // You must use an access token with the security_events scope to use this endpoint.
 // GitHub Apps must have the security_events read permission to use this endpoint.
 //
-// GitHub API docs: https://docs.github.com/en/rest/code-scanning#list-code-scanning-analyses-for-a-repository
+// GitHub API docs: https://docs.github.com/en/rest/code-scanning/code-scanning#list-code-scanning-analyses-for-a-repository
 func (s *CodeScanningService) ListAnalysesForRepo(ctx context.Context, owner, repo string, opts *AnalysesListOptions) ([]*ScanningAnalysis, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/code-scanning/analyses", owner, repo)
 	u, err := addOptions(u, opts)
@@ -361,7 +453,7 @@ func (s *CodeScanningService) ListAnalysesForRepo(ctx context.Context, owner, re
 //
 // The security analysis_id is the ID of the analysis, as returned from the ListAnalysesForRepo operation.
 //
-// GitHub API docs: https://docs.github.com/en/rest/code-scanning#get-a-code-scanning-analysis-for-a-repository
+// GitHub API docs: https://docs.github.com/en/rest/code-scanning/code-scanning#get-a-code-scanning-analysis-for-a-repository
 func (s *CodeScanningService) GetAnalysis(ctx context.Context, owner, repo string, id int64) (*ScanningAnalysis, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/code-scanning/analyses/%v", owner, repo, id)
 
@@ -379,6 +471,85 @@ func (s *CodeScanningService) GetAnalysis(ctx context.Context, owner, repo strin
 	return analysis, resp, nil
 }
 
+// DeleteAnalysis represents a successful deletion of a code scanning analysis.
+type DeleteAnalysis struct {
+	// Next deletable analysis in chain, without last analysis deletion confirmation
+	NextAnalysisURL *string `json:"next_analysis_url,omitempty"`
+	// Next deletable analysis in chain, with last analysis deletion confirmation
+	ConfirmDeleteURL *string `json:"confirm_delete_url,omitempty"`
+}
+
+// DeleteAnalysis deletes a single code scanning analysis from a repository.
+//
+// You must use an access token with the repo scope to use this endpoint.
+// GitHub Apps must have the security_events read permission to use this endpoint.
+//
+// The security analysis_id is the ID of the analysis, as returned from the ListAnalysesForRepo operation.
+//
+// GitHub API docs: https://docs.github.com/en/rest/code-scanning/code-scanning#delete-a-code-scanning-analysis-from-a-repository
+func (s *CodeScanningService) DeleteAnalysis(ctx context.Context, owner, repo string, id int64) (*DeleteAnalysis, *Response, error) {
+	u := fmt.Sprintf("repos/%v/%v/code-scanning/analyses/%v", owner, repo, id)
+
+	req, err := s.client.NewRequest("DELETE", u, nil)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	deleteAnalysis := new(DeleteAnalysis)
+	resp, err := s.client.Do(ctx, req, deleteAnalysis)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return deleteAnalysis, resp, nil
+}
+
+// ListCodeQLDatabases lists the CodeQL databases that are available in a repository.
+//
+// You must use an access token with the security_events scope to use this endpoint.
+// GitHub Apps must have the contents read permission to use this endpoint.
+//
+// GitHub API docs: https://docs.github.com/en/rest/code-scanning/code-scanning#list-codeql-databases-for-a-repository
+func (s *CodeScanningService) ListCodeQLDatabases(ctx context.Context, owner, repo string) ([]*CodeQLDatabase, *Response, error) {
+	u := fmt.Sprintf("repos/%v/%v/code-scanning/codeql/databases", owner, repo)
+
+	req, err := s.client.NewRequest("GET", u, nil)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var codeqlDatabases []*CodeQLDatabase
+	resp, err := s.client.Do(ctx, req, &codeqlDatabases)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return codeqlDatabases, resp, nil
+}
+
+// GetCodeQLDatabase gets a CodeQL database for a language in a repository.
+//
+// You must use an access token with the security_events scope to use this endpoint.
+// GitHub Apps must have the contents read permission to use this endpoint.
+//
+// GitHub API docs: https://docs.github.com/en/rest/code-scanning/code-scanning#get-a-codeql-database-for-a-repository
+func (s *CodeScanningService) GetCodeQLDatabase(ctx context.Context, owner, repo, language string) (*CodeQLDatabase, *Response, error) {
+	u := fmt.Sprintf("repos/%v/%v/code-scanning/codeql/databases/%v", owner, repo, language)
+
+	req, err := s.client.NewRequest("GET", u, nil)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	codeqlDatabase := new(CodeQLDatabase)
+	resp, err := s.client.Do(ctx, req, codeqlDatabase)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return codeqlDatabase, resp, nil
+}
+
 // DefaultSetupConfiguration represents a code scanning default setup configuration.
 type DefaultSetupConfiguration struct {
 	State      *string    `json:"state,omitempty"`
@@ -393,7 +564,7 @@ type DefaultSetupConfiguration struct {
 // endpoint with private repos or the public_repo scope for public repos. GitHub Apps must have the repo write
 // permission to use this endpoint.
 //
-// GitHub API docs: https://docs.github.com/en/rest/code-scanning#get-a-code-scanning-default-setup-configuration
+// GitHub API docs: https://docs.github.com/en/rest/code-scanning/code-scanning#get-a-code-scanning-default-setup-configuration
 func (s *CodeScanningService) GetDefaultSetupConfiguration(ctx context.Context, owner, repo string) (*DefaultSetupConfiguration, *Response, error) {
 	u := fmt.Sprintf("repos/%s/%s/code-scanning/default-setup", owner, repo)
 
@@ -434,7 +605,7 @@ type UpdateDefaultSetupConfigurationResponse struct {
 // This method might return an AcceptedError and a status code of 202. This is because this is the status that GitHub
 // returns to signify that it has now scheduled the update of the pull request branch in a background task.
 //
-// GitHub API docs: https://docs.github.com/en/rest/code-scanning#update-a-code-scanning-default-setup-configuration
+// GitHub API docs: https://docs.github.com/en/rest/code-scanning/code-scanning#update-a-code-scanning-default-setup-configuration
 func (s *CodeScanningService) UpdateDefaultSetupConfiguration(ctx context.Context, owner, repo string, options *UpdateDefaultSetupConfigurationOptions) (*UpdateDefaultSetupConfigurationResponse, *Response, error) {
 	u := fmt.Sprintf("repos/%s/%s/code-scanning/default-setup", owner, repo)
 
diff --git a/vendor/github.com/google/go-github/v53/github/codespaces.go b/vendor/github.com/google/go-github/v55/github/codespaces.go
similarity index 99%
rename from vendor/github.com/google/go-github/v53/github/codespaces.go
rename to vendor/github.com/google/go-github/v55/github/codespaces.go
index a260c227de..cd8b0e5bee 100644
--- a/vendor/github.com/google/go-github/v53/github/codespaces.go
+++ b/vendor/github.com/google/go-github/v55/github/codespaces.go
@@ -126,7 +126,7 @@ type ListCodespacesOptions struct {
 //
 // GitHub API docs: https://docs.github.com/en/rest/codespaces/codespaces?apiVersion=2022-11-28#list-codespaces-for-the-authenticated-user
 func (s *CodespacesService) List(ctx context.Context, opts *ListCodespacesOptions) (*ListCodespaces, *Response, error) {
-	u := fmt.Sprint("user/codespaces")
+	u := "user/codespaces"
 	u, err := addOptions(u, opts)
 	if err != nil {
 		return nil, nil, err
diff --git a/vendor/github.com/google/go-github/v53/github/codespaces_secrets.go b/vendor/github.com/google/go-github/v55/github/codespaces_secrets.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/codespaces_secrets.go
rename to vendor/github.com/google/go-github/v55/github/codespaces_secrets.go
diff --git a/vendor/github.com/google/go-github/v53/github/dependabot.go b/vendor/github.com/google/go-github/v55/github/dependabot.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/dependabot.go
rename to vendor/github.com/google/go-github/v55/github/dependabot.go
diff --git a/vendor/github.com/google/go-github/v53/github/dependabot_alerts.go b/vendor/github.com/google/go-github/v55/github/dependabot_alerts.go
similarity index 93%
rename from vendor/github.com/google/go-github/v53/github/dependabot_alerts.go
rename to vendor/github.com/google/go-github/v55/github/dependabot_alerts.go
index 7b5d53b393..177316b1dc 100644
--- a/vendor/github.com/google/go-github/v53/github/dependabot_alerts.go
+++ b/vendor/github.com/google/go-github/v55/github/dependabot_alerts.go
@@ -17,8 +17,8 @@ type Dependency struct {
 	Scope        *string               `json:"scope,omitempty"`
 }
 
-// AdvisoryCVSs represents the advisory pertaining to the Common Vulnerability Scoring System.
-type AdvisoryCVSs struct {
+// AdvisoryCVSS represents the advisory pertaining to the Common Vulnerability Scoring System.
+type AdvisoryCVSS struct {
 	Score        *float64 `json:"score,omitempty"`
 	VectorString *string  `json:"vector_string,omitempty"`
 }
@@ -37,7 +37,7 @@ type DependabotSecurityAdvisory struct {
 	Description     *string                  `json:"description,omitempty"`
 	Vulnerabilities []*AdvisoryVulnerability `json:"vulnerabilities,omitempty"`
 	Severity        *string                  `json:"severity,omitempty"`
-	CVSs            *AdvisoryCVSs            `json:"cvss,omitempty"`
+	CVSS            *AdvisoryCVSS            `json:"cvss,omitempty"`
 	CWEs            []*AdvisoryCWEs          `json:"cwes,omitempty"`
 	Identifiers     []*AdvisoryIdentifier    `json:"identifiers,omitempty"`
 	References      []*AdvisoryReference     `json:"references,omitempty"`
@@ -62,7 +62,9 @@ type DependabotAlert struct {
 	DismissedReason       *string                     `json:"dismissed_reason,omitempty"`
 	DismissedComment      *string                     `json:"dismissed_comment,omitempty"`
 	FixedAt               *Timestamp                  `json:"fixed_at,omitempty"`
-	Repository            *Repository                 `json:"repository,omitempty"`
+	AutoDismissedAt       *Timestamp                  `json:"auto_dismissed_at,omitempty"`
+	// The repository is always empty for events
+	Repository *Repository `json:"repository,omitempty"`
 }
 
 // ListAlertsOptions specifies the optional parameters to the DependabotService.ListRepoAlerts
@@ -76,6 +78,7 @@ type ListAlertsOptions struct {
 	Sort      *string `url:"sort,omitempty"`
 	Direction *string `url:"direction,omitempty"`
 
+	ListOptions
 	ListCursorOptions
 }
 
diff --git a/vendor/github.com/google/go-github/v53/github/dependabot_secrets.go b/vendor/github.com/google/go-github/v55/github/dependabot_secrets.go
similarity index 95%
rename from vendor/github.com/google/go-github/v53/github/dependabot_secrets.go
rename to vendor/github.com/google/go-github/v55/github/dependabot_secrets.go
index f87ab42c39..685f7bea8e 100644
--- a/vendor/github.com/google/go-github/v53/github/dependabot_secrets.go
+++ b/vendor/github.com/google/go-github/v55/github/dependabot_secrets.go
@@ -144,8 +144,25 @@ func (s *DependabotService) CreateOrUpdateRepoSecret(ctx context.Context, owner,
 //
 // GitHub API docs: https://docs.github.com/en/rest/dependabot/secrets#create-or-update-an-organization-secret
 func (s *DependabotService) CreateOrUpdateOrgSecret(ctx context.Context, org string, eSecret *DependabotEncryptedSecret) (*Response, error) {
+	repoIDs := make([]string, len(eSecret.SelectedRepositoryIDs))
+	for i, secret := range eSecret.SelectedRepositoryIDs {
+		repoIDs[i] = fmt.Sprintf("%v", secret)
+	}
+	params := struct {
+		*DependabotEncryptedSecret
+		SelectedRepositoryIDs []string `json:"selected_repository_ids,omitempty"`
+	}{
+		DependabotEncryptedSecret: eSecret,
+		SelectedRepositoryIDs:     repoIDs,
+	}
+
 	url := fmt.Sprintf("orgs/%v/dependabot/secrets/%v", org, eSecret.Name)
-	return s.putSecret(ctx, url, eSecret)
+	req, err := s.client.NewRequest("PUT", url, params)
+	if err != nil {
+		return nil, err
+	}
+
+	return s.client.Do(ctx, req, nil)
 }
 
 func (s *DependabotService) deleteSecret(ctx context.Context, url string) (*Response, error) {
diff --git a/vendor/github.com/google/go-github/v55/github/dependency_graph.go b/vendor/github.com/google/go-github/v55/github/dependency_graph.go
new file mode 100644
index 0000000000..e578965cc1
--- /dev/null
+++ b/vendor/github.com/google/go-github/v55/github/dependency_graph.go
@@ -0,0 +1,80 @@
+// Copyright 2023 The go-github AUTHORS. All rights reserved.
+//
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package github
+
+import (
+	"context"
+	"fmt"
+)
+
+type DependencyGraphService service
+
+// SBOM represents a software bill of materials, which describes the
+// packages/libraries that a repository depends on.
+type SBOM struct {
+	SBOM *SBOMInfo `json:"sbom,omitempty"`
+}
+
+// CreationInfo represents when the SBOM was created and who created it.
+type CreationInfo struct {
+	Created  *Timestamp `json:"created,omitempty"`
+	Creators []string   `json:"creators,omitempty"`
+}
+
+// RepoDependencies represents the dependencies of a repo.
+type RepoDependencies struct {
+	SPDXID *string `json:"SPDXID,omitempty"`
+	// Package name
+	Name             *string `json:"name,omitempty"`
+	VersionInfo      *string `json:"versionInfo,omitempty"`
+	DownloadLocation *string `json:"downloadLocation,omitempty"`
+	FilesAnalyzed    *bool   `json:"filesAnalyzed,omitempty"`
+	LicenseConcluded *string `json:"licenseConcluded,omitempty"`
+	LicenseDeclared  *string `json:"licenseDeclared,omitempty"`
+}
+
+// SBOMInfo represents a software bill of materials (SBOM) using SPDX.
+// SPDX is an open standard for SBOMs that
+// identifies and catalogs components, licenses, copyrights, security
+// references, and other metadata relating to software.
+type SBOMInfo struct {
+	SPDXID       *string       `json:"SPDXID,omitempty"`
+	SPDXVersion  *string       `json:"spdxVersion,omitempty"`
+	CreationInfo *CreationInfo `json:"creationInfo,omitempty"`
+
+	// Repo name
+	Name              *string  `json:"name,omitempty"`
+	DataLicense       *string  `json:"dataLicense,omitempty"`
+	DocumentDescribes []string `json:"documentDescribes,omitempty"`
+	DocumentNamespace *string  `json:"documentNamespace,omitempty"`
+
+	// List of packages dependencies
+	Packages []*RepoDependencies `json:"packages,omitempty"`
+}
+
+func (s SBOM) String() string {
+	return Stringify(s)
+}
+
+// GetSBOM fetches the software bill of materials for a repository.
+//
+// GitHub API docs: https://docs.github.com/en/rest/dependency-graph/sboms
+func (s *DependencyGraphService) GetSBOM(ctx context.Context, owner, repo string) (*SBOM, *Response, error) {
+	u := fmt.Sprintf("repos/%v/%v/dependency-graph/sbom", owner, repo)
+
+	req, err := s.client.NewRequest("GET", u, nil)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var sbom *SBOM
+	resp, err := s.client.Do(ctx, req, &sbom)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return sbom, resp, nil
+}
diff --git a/vendor/github.com/google/go-github/v53/github/doc.go b/vendor/github.com/google/go-github/v55/github/doc.go
similarity index 87%
rename from vendor/github.com/google/go-github/v53/github/doc.go
rename to vendor/github.com/google/go-github/v55/github/doc.go
index af2847111a..bace6fb3c6 100644
--- a/vendor/github.com/google/go-github/v53/github/doc.go
+++ b/vendor/github.com/google/go-github/v55/github/doc.go
@@ -8,7 +8,7 @@ Package github provides a client for using the GitHub API.
 
 Usage:
 
-	import "github.com/google/go-github/v53/github"	// with go modules enabled (GO111MODULE=on or outside GOPATH)
+	import "github.com/google/go-github/v55/github"	// with go modules enabled (GO111MODULE=on or outside GOPATH)
 	import "github.com/google/go-github/github"     // with go modules disabled
 
 Construct a new GitHub client, then use the various services on the client to
@@ -40,34 +40,16 @@ For more sample code snippets, head over to the https://github.com/google/go-git
 
 # Authentication
 
-The go-github library does not directly handle authentication. Instead, when
-creating a new client, pass an http.Client that can handle authentication for
-you. The easiest and recommended way to do this is using the golang.org/x/oauth2
-library, but you can always use any other library that provides an http.Client.
-If you have an OAuth2 access token (for example, a personal API token), you can
-use it with the oauth2 library using:
+Use Client.WithAuthToken to configure your client to authenticate using an Oauth token
+(for example, a personal access token). This is what is needed for a majority of use cases
+aside from GitHub Apps.
 
-	import "golang.org/x/oauth2"
-
-	func main() {
-		ctx := context.Background()
-		ts := oauth2.StaticTokenSource(
-			&oauth2.Token{AccessToken: "... your access token ..."},
-		)
-		tc := oauth2.NewClient(ctx, ts)
-
-		client := github.NewClient(tc)
-
-		// list all repositories for the authenticated user
-		repos, _, err := client.Repositories.List(ctx, "", nil)
-	}
+	client := github.NewClient(nil).WithAuthToken("... your access token ...")
 
 Note that when using an authenticated Client, all calls made by the client will
 include the specified OAuth token. Therefore, authenticated clients should
 almost never be shared between different users.
 
-See the oauth2 docs for complete instructions on using that library.
-
 For API methods that require HTTP Basic Authentication, use the
 BasicAuthTransport.
 
diff --git a/vendor/github.com/google/go-github/v53/github/enterprise.go b/vendor/github.com/google/go-github/v55/github/enterprise.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/enterprise.go
rename to vendor/github.com/google/go-github/v55/github/enterprise.go
diff --git a/vendor/github.com/google/go-github/v53/github/enterprise_actions_runners.go b/vendor/github.com/google/go-github/v55/github/enterprise_actions_runners.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/enterprise_actions_runners.go
rename to vendor/github.com/google/go-github/v55/github/enterprise_actions_runners.go
diff --git a/vendor/github.com/google/go-github/v53/github/enterprise_audit_log.go b/vendor/github.com/google/go-github/v55/github/enterprise_audit_log.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/enterprise_audit_log.go
rename to vendor/github.com/google/go-github/v55/github/enterprise_audit_log.go
diff --git a/vendor/github.com/google/go-github/v53/github/enterprise_code_security_and_analysis.go b/vendor/github.com/google/go-github/v55/github/enterprise_code_security_and_analysis.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/enterprise_code_security_and_analysis.go
rename to vendor/github.com/google/go-github/v55/github/enterprise_code_security_and_analysis.go
diff --git a/vendor/github.com/google/go-github/v55/github/event.go b/vendor/github.com/google/go-github/v55/github/event.go
new file mode 100644
index 0000000000..e98606bce5
--- /dev/null
+++ b/vendor/github.com/google/go-github/v55/github/event.go
@@ -0,0 +1,54 @@
+// Copyright 2018 The go-github AUTHORS. All rights reserved.
+//
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package github
+
+import (
+	"encoding/json"
+)
+
+// Event represents a GitHub event.
+type Event struct {
+	Type       *string          `json:"type,omitempty"`
+	Public     *bool            `json:"public,omitempty"`
+	RawPayload *json.RawMessage `json:"payload,omitempty"`
+	Repo       *Repository      `json:"repo,omitempty"`
+	Actor      *User            `json:"actor,omitempty"`
+	Org        *Organization    `json:"org,omitempty"`
+	CreatedAt  *Timestamp       `json:"created_at,omitempty"`
+	ID         *string          `json:"id,omitempty"`
+}
+
+func (e Event) String() string {
+	return Stringify(e)
+}
+
+// ParsePayload parses the event payload. For recognized event types,
+// a value of the corresponding struct type will be returned.
+func (e *Event) ParsePayload() (interface{}, error) {
+	// It would be nice if e.Type were the snake_case name of the event,
+	// but the existing interface uses the struct name instead.
+	payload := EventForType(typeToMessageMapping[e.GetType()])
+
+	if err := json.Unmarshal(e.GetRawPayload(), &payload); err != nil {
+		return nil, err
+	}
+
+	return payload, nil
+}
+
+// Payload returns the parsed event payload. For recognized event types,
+// a value of the corresponding struct type will be returned.
+//
+// Deprecated: Use ParsePayload instead, which returns an error
+// rather than panics if JSON unmarshaling raw payload fails.
+func (e *Event) Payload() (payload interface{}) {
+	var err error
+	payload, err = e.ParsePayload()
+	if err != nil {
+		panic(err)
+	}
+	return payload
+}
diff --git a/vendor/github.com/google/go-github/v53/github/event_types.go b/vendor/github.com/google/go-github/v55/github/event_types.go
similarity index 85%
rename from vendor/github.com/google/go-github/v53/github/event_types.go
rename to vendor/github.com/google/go-github/v55/github/event_types.go
index 6a13b286bd..1a403da9b9 100644
--- a/vendor/github.com/google/go-github/v53/github/event_types.go
+++ b/vendor/github.com/google/go-github/v55/github/event_types.go
@@ -134,6 +134,25 @@ type DeleteEvent struct {
 	Installation *Installation `json:"installation,omitempty"`
 }
 
+// DependabotAlertEvent is triggered when there is activity relating to Dependabot alerts.
+// The Webhook event name is "dependabot_alert".
+//
+// GitHub API docs: https://docs.github.com/en/webhooks-and-events/webhooks/webhook-events-and-payloads#dependabot_alert
+type DependabotAlertEvent struct {
+	Action *string          `json:"action,omitempty"`
+	Alert  *DependabotAlert `json:"alert,omitempty"`
+
+	// The following fields are only populated by Webhook events.
+	Installation *Installation `json:"installation,omitempty"`
+	Enterprise   *Enterprise   `json:"enterprise,omitempty"`
+	Repo         *Repository   `json:"repository,omitempty"`
+	Sender       *User         `json:"sender,omitempty"`
+
+	// The following field is only present when the webhook is triggered on
+	// a repository belonging to an organization.
+	Organization *Organization `json:"organization,omitempty"`
+}
+
 // DeployKeyEvent is triggered when a deploy key is added or removed from a repository.
 // The Webhook event name is "deploy_key".
 //
@@ -165,8 +184,10 @@ type DeployKeyEvent struct {
 //
 // GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/webhook-events-and-payloads#deployment
 type DeploymentEvent struct {
-	Deployment *Deployment `json:"deployment,omitempty"`
-	Repo       *Repository `json:"repository,omitempty"`
+	Deployment  *Deployment  `json:"deployment,omitempty"`
+	Repo        *Repository  `json:"repository,omitempty"`
+	Workflow    *Workflow    `json:"workflow,omitempty"`
+	WorkflowRun *WorkflowRun `json:"workflow_run,omitempty"`
 
 	// The following fields are only populated by Webhook events.
 	Sender       *User         `json:"sender,omitempty"`
@@ -505,6 +526,38 @@ type InstallationRepositoriesEvent struct {
 	Installation        *Installation `json:"installation,omitempty"`
 }
 
+// InstallationLoginChange represents a change in login on an installation.
+type InstallationLoginChange struct {
+	From *string `json:"from,omitempty"`
+}
+
+// InstallationSlugChange represents a change in slug on an installation.
+type InstallationSlugChange struct {
+	From *string `json:"from,omitempty"`
+}
+
+// InstallationChanges represents a change in slug or login on an installation.
+type InstallationChanges struct {
+	Login *InstallationLoginChange `json:"login,omitempty"`
+	Slug  *InstallationSlugChange  `json:"slug,omitempty"`
+}
+
+// InstallationTargetEvent is triggered when there is activity on an installation from a user or organization account.
+// The Webhook event name is "installation_target".
+//
+// GitHub API docs: https://docs.github.com/en/webhooks-and-events/webhooks/webhook-events-and-payloads#installation_target
+type InstallationTargetEvent struct {
+	Account      *User                `json:"account,omitempty"`
+	Action       *string              `json:"action,omitempty"`
+	Changes      *InstallationChanges `json:"changes,omitempty"`
+	Enterprise   *Enterprise          `json:"enterprise,omitempty"`
+	Installation *Installation        `json:"installation,omitempty"`
+	Organization *Organization        `json:"organization,omitempty"`
+	Repository   *Repository          `json:"repository,omitempty"`
+	Sender       *User                `json:"sender,omitempty"`
+	TargetType   *string              `json:"target_type,omitempty"`
+}
+
 // IssueCommentEvent is triggered when an issue comment is created on an issue
 // or pull request.
 // The Webhook event name is "issue_comment".
@@ -774,6 +827,74 @@ type PageBuildEvent struct {
 	Installation *Installation `json:"installation,omitempty"`
 }
 
+// PersonalAccessTokenRequestEvent occurs when there is activity relating to a
+// request for a fine-grained personal access token to access resources that
+// belong to a resource owner that requires approval for token access.
+// The webhook event name is "personal_access_token_request".
+//
+// GitHub API docs: https://docs.github.com/en/webhooks-and-events/webhooks/webhook-events-and-payloads#personal_access_token_request
+type PersonalAccessTokenRequestEvent struct {
+	// Action is the action that was performed. Possible values are:
+	// "approved", "cancelled", "created" or "denied"
+	Action                     *string                     `json:"action,omitempty"`
+	PersonalAccessTokenRequest *PersonalAccessTokenRequest `json:"personal_access_token_request,omitempty"`
+	Org                        *Organization               `json:"organization,omitempty"`
+	Sender                     *User                       `json:"sender,omitempty"`
+	Installation               *Installation               `json:"installation,omitempty"`
+}
+
+// PersonalAccessTokenRequest contains the details of a PersonalAccessTokenRequestEvent.
+type PersonalAccessTokenRequest struct {
+	// Unique identifier of the request for access via fine-grained personal
+	// access token. Used as the pat_request_id parameter in the list and review
+	// API calls.
+	ID    *int64 `json:"id,omitempty"`
+	Owner *User  `json:"owner,omitempty"`
+
+	// New requested permissions, categorized by type of permission.
+	PermissionsAdded *PersonalAccessTokenPermissions `json:"permissions_added,omitempty"`
+
+	// Requested permissions that elevate access for a previously approved
+	// request for access, categorized by type of permission.
+	PermissionsUpgraded *PersonalAccessTokenPermissions `json:"permissions_upgraded,omitempty"`
+
+	// Permissions requested, categorized by type of permission.
+	// This field incorporates permissions_added and permissions_upgraded.
+	PermissionsResult *PersonalAccessTokenPermissions `json:"permissions_result,omitempty"`
+
+	// Type of repository selection requested. Possible values are:
+	// "none", "all" or "subset"
+	RepositorySelection *string `json:"repository_selection,omitempty"`
+
+	// The number of repositories the token is requesting access to.
+	// This field is only populated when repository_selection is subset.
+	RepositoryCount *int64 `json:"repository_count,omitempty"`
+
+	// An array of repository objects the token is requesting access to.
+	// This field is only populated when repository_selection is subset.
+	Repositories []*Repository `json:"repositories,omitempty"`
+
+	// Date and time when the request for access was created.
+	CreatedAt *Timestamp `json:"created_at,omitempty"`
+
+	// Whether the associated fine-grained personal access token has expired.
+	TokenExpired *bool `json:"token_expired,omitempty"`
+
+	// Date and time when the associated fine-grained personal access token expires.
+	TokenExpiresAt *Timestamp `json:"token_expires_at,omitempty"`
+
+	// Date and time when the associated fine-grained personal access token was last used for authentication.
+	TokenLastUsedAt *Timestamp `json:"token_last_used_at,omitempty"`
+}
+
+// PersonalAccessTokenPermissions represents the original or newly requested
+// scope of permissions for a fine-grained personal access token within a PersonalAccessTokenRequest.
+type PersonalAccessTokenPermissions struct {
+	Org   map[string]string `json:"organization,omitempty"`
+	Repo  map[string]string `json:"repository,omitempty"`
+	Other map[string]string `json:"other,omitempty"`
+}
+
 // PingEvent is triggered when a Webhook is added to GitHub.
 //
 // GitHub API docs: https://developer.github.com/webhooks/#ping-event
@@ -842,6 +963,77 @@ type ProjectColumnEvent struct {
 	Installation *Installation `json:"installation,omitempty"`
 }
 
+// ProjectV2Event is triggered when there is activity relating to an organization-level project.
+// The Webhook event name is "projects_v2".
+//
+// GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#projects_v2
+type ProjectV2Event struct {
+	Action     *string     `json:"action,omitempty"`
+	ProjectsV2 *ProjectsV2 `json:"projects_v2,omitempty"`
+
+	// The following fields are only populated by Webhook events.
+	Installation *Installation `json:"installation,omitempty"`
+	Org          *Organization `json:"organization,omitempty"`
+	Sender       *User         `json:"sender,omitempty"`
+}
+
+// ProjectsV2 represents a projects v2 project.
+type ProjectsV2 struct {
+	ID               *int64     `json:"id,omitempty"`
+	NodeID           *string    `json:"node_id,omitempty"`
+	Owner            *User      `json:"owner,omitempty"`
+	Creator          *User      `json:"creator,omitempty"`
+	Title            *string    `json:"title,omitempty"`
+	Description      *string    `json:"description,omitempty"`
+	Public           *bool      `json:"public,omitempty"`
+	ClosedAt         *Timestamp `json:"closed_at,omitempty"`
+	CreatedAt        *Timestamp `json:"created_at,omitempty"`
+	UpdatedAt        *Timestamp `json:"updated_at,omitempty"`
+	DeletedAt        *Timestamp `json:"deleted_at,omitempty"`
+	Number           *int       `json:"number,omitempty"`
+	ShortDescription *string    `json:"short_description,omitempty"`
+	DeletedBy        *User      `json:"deleted_by,omitempty"`
+}
+
+// ProjectV2ItemEvent is triggered when there is activity relating to an item on an organization-level project.
+// The Webhook event name is "projects_v2_item".
+//
+// GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#projects_v2_item
+type ProjectV2ItemEvent struct {
+	Action        *string              `json:"action,omitempty"`
+	Changes       *ProjectV2ItemChange `json:"changes,omitempty"`
+	ProjectV2Item *ProjectV2Item       `json:"projects_v2_item,omitempty"`
+
+	// The following fields are only populated by Webhook events.
+	Installation *Installation `json:"installation,omitempty"`
+	Org          *Organization `json:"organization,omitempty"`
+	Sender       *User         `json:"sender,omitempty"`
+}
+
+// ProjectV2ItemChange represents a project v2 item change.
+type ProjectV2ItemChange struct {
+	ArchivedAt *ArchivedAt `json:"archived_at,omitempty"`
+}
+
+// ArchivedAt represents an archiving date change.
+type ArchivedAt struct {
+	From *Timestamp `json:"from,omitempty"`
+	To   *Timestamp `json:"to,omitempty"`
+}
+
+// ProjectsV2 represents an item belonging to a project.
+type ProjectV2Item struct {
+	ID            *int64     `json:"id,omitempty"`
+	NodeID        *string    `json:"node_id,omitempty"`
+	ProjectNodeID *string    `json:"project_node_id,omitempty"`
+	ContentNodeID *string    `json:"content_node_id,omitempty"`
+	ContentType   *string    `json:"content_type,omitempty"`
+	Creator       *User      `json:"creator,omitempty"`
+	CreatedAt     *Timestamp `json:"created_at,omitempty"`
+	UpdatedAt     *Timestamp `json:"updated_at,omitempty"`
+	ArchivedAt    *Timestamp `json:"archived_at,omitempty"`
+}
+
 // PublicEvent is triggered when a private repository is open sourced.
 // According to GitHub: "Without a doubt: the best GitHub event."
 // The Webhook event name is "public".
@@ -1225,6 +1417,31 @@ type SecretScanningAlertEvent struct {
 	Installation *Installation `json:"installation,omitempty"`
 }
 
+// SecurityAndAnalysisEvent is triggered when code security and analysis features
+// are enabled or disabled for a repository.
+//
+// GitHub API docs: https://docs.github.com/en/webhooks-and-events/webhooks/webhook-events-and-payloads#security_and_analysis
+type SecurityAndAnalysisEvent struct {
+	Changes      *SecurityAndAnalysisChange `json:"changes,omitempty"`
+	Enterprise   *Enterprise                `json:"enterprise,omitempty"`
+	Installation *Installation              `json:"installation,omitempty"`
+	Organization *Organization              `json:"organization,omitempty"`
+	Repository   *Repository                `json:"repository,omitempty"`
+	Sender       *User                      `json:"sender,omitempty"`
+}
+
+// SecurityAndAnalysisChange represents the changes when security and analysis
+// features are enabled or disabled for a repository.
+type SecurityAndAnalysisChange struct {
+	From *SecurityAndAnalysisChangeFrom `json:"from,omitempty"`
+}
+
+// SecurityAndAnalysisChangeFrom represents which change was made when security
+// and analysis features are enabled or disabled for a repository.
+type SecurityAndAnalysisChangeFrom struct {
+	SecurityAndAnalysis *SecurityAndAnalysis `json:"security_and_analysis,omitempty"`
+}
+
 // StarEvent is triggered when a star is added or removed from a repository.
 // The Webhook event name is "star".
 //
@@ -1393,6 +1610,8 @@ type WorkflowRunEvent struct {
 //
 // GitHub API docs: https://docs.github.com/en/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#security_advisory
 type SecurityAdvisory struct {
+	CVSS            *AdvisoryCVSS            `json:"cvss,omitempty"`
+	CWEs            []*AdvisoryCWEs          `json:"cwes,omitempty"`
 	GHSAID          *string                  `json:"ghsa_id,omitempty"`
 	Summary         *string                  `json:"summary,omitempty"`
 	Description     *string                  `json:"description,omitempty"`
@@ -1441,6 +1660,13 @@ type FirstPatchedVersion struct {
 type SecurityAdvisoryEvent struct {
 	Action           *string           `json:"action,omitempty"`
 	SecurityAdvisory *SecurityAdvisory `json:"security_advisory,omitempty"`
+
+	// The following fields are only populated by Webhook events.
+	Enterprise   *Enterprise   `json:"enterprise,omitempty"`
+	Installation *Installation `json:"installation,omitempty"`
+	Organization *Organization `json:"organization,omitempty"`
+	Repository   *Repository   `json:"repository,omitempty"`
+	Sender       *User         `json:"sender,omitempty"`
 }
 
 // CodeScanningAlertEvent is triggered when a code scanning finds a potential vulnerability or error in your code.
diff --git a/vendor/github.com/google/go-github/v53/github/gists.go b/vendor/github.com/google/go-github/v55/github/gists.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/gists.go
rename to vendor/github.com/google/go-github/v55/github/gists.go
diff --git a/vendor/github.com/google/go-github/v53/github/gists_comments.go b/vendor/github.com/google/go-github/v55/github/gists_comments.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/gists_comments.go
rename to vendor/github.com/google/go-github/v55/github/gists_comments.go
diff --git a/vendor/github.com/google/go-github/v53/github/git.go b/vendor/github.com/google/go-github/v55/github/git.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/git.go
rename to vendor/github.com/google/go-github/v55/github/git.go
diff --git a/vendor/github.com/google/go-github/v53/github/git_blobs.go b/vendor/github.com/google/go-github/v55/github/git_blobs.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/git_blobs.go
rename to vendor/github.com/google/go-github/v55/github/git_blobs.go
diff --git a/vendor/github.com/google/go-github/v53/github/git_commits.go b/vendor/github.com/google/go-github/v55/github/git_commits.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/git_commits.go
rename to vendor/github.com/google/go-github/v55/github/git_commits.go
diff --git a/vendor/github.com/google/go-github/v53/github/git_refs.go b/vendor/github.com/google/go-github/v55/github/git_refs.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/git_refs.go
rename to vendor/github.com/google/go-github/v55/github/git_refs.go
diff --git a/vendor/github.com/google/go-github/v53/github/git_tags.go b/vendor/github.com/google/go-github/v55/github/git_tags.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/git_tags.go
rename to vendor/github.com/google/go-github/v55/github/git_tags.go
diff --git a/vendor/github.com/google/go-github/v53/github/git_trees.go b/vendor/github.com/google/go-github/v55/github/git_trees.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/git_trees.go
rename to vendor/github.com/google/go-github/v55/github/git_trees.go
diff --git a/vendor/github.com/google/go-github/v53/github/github-accessors.go b/vendor/github.com/google/go-github/v55/github/github-accessors.go
similarity index 94%
rename from vendor/github.com/google/go-github/v53/github/github-accessors.go
rename to vendor/github.com/google/go-github/v55/github/github-accessors.go
index 8acb72b042..560e0892ed 100644
--- a/vendor/github.com/google/go-github/v53/github/github-accessors.go
+++ b/vendor/github.com/google/go-github/v55/github/github-accessors.go
@@ -343,7 +343,7 @@ func (a *AdvancedSecurityCommittersBreakdown) GetUserLogin() string {
 }
 
 // GetScore returns the Score field.
-func (a *AdvisoryCVSs) GetScore() *float64 {
+func (a *AdvisoryCVSS) GetScore() *float64 {
 	if a == nil {
 		return nil
 	}
@@ -351,7 +351,7 @@ func (a *AdvisoryCVSs) GetScore() *float64 {
 }
 
 // GetVectorString returns the VectorString field if it's non-nil, zero value otherwise.
-func (a *AdvisoryCVSs) GetVectorString() string {
+func (a *AdvisoryCVSS) GetVectorString() string {
 	if a == nil || a.VectorString == nil {
 		return ""
 	}
@@ -854,6 +854,22 @@ func (a *AppConfig) GetWebhookSecret() string {
 	return *a.WebhookSecret
 }
 
+// GetFrom returns the From field if it's non-nil, zero value otherwise.
+func (a *ArchivedAt) GetFrom() Timestamp {
+	if a == nil || a.From == nil {
+		return Timestamp{}
+	}
+	return *a.From
+}
+
+// GetTo returns the To field if it's non-nil, zero value otherwise.
+func (a *ArchivedAt) GetTo() Timestamp {
+	if a == nil || a.To == nil {
+		return Timestamp{}
+	}
+	return *a.To
+}
+
 // GetArchiveDownloadURL returns the ArchiveDownloadURL field if it's non-nil, zero value otherwise.
 func (a *Artifact) GetArchiveDownloadURL() string {
 	if a == nil || a.ArchiveDownloadURL == nil {
@@ -1134,6 +1150,14 @@ func (a *AuditEntry) GetCreatedAt() Timestamp {
 	return *a.CreatedAt
 }
 
+// GetData returns the Data field.
+func (a *AuditEntry) GetData() *AuditEntryData {
+	if a == nil {
+		return nil
+	}
+	return a.Data
+}
+
 // GetDeployKeyFingerprint returns the DeployKeyFingerprint field if it's non-nil, zero value otherwise.
 func (a *AuditEntry) GetDeployKeyFingerprint() string {
 	if a == nil || a.DeployKeyFingerprint == nil {
@@ -1590,6 +1614,22 @@ func (a *AuditEntry) GetWorkflowRunID() int64 {
 	return *a.WorkflowRunID
 }
 
+// GetOldLogin returns the OldLogin field if it's non-nil, zero value otherwise.
+func (a *AuditEntryData) GetOldLogin() string {
+	if a == nil || a.OldLogin == nil {
+		return ""
+	}
+	return *a.OldLogin
+}
+
+// GetOldName returns the OldName field if it's non-nil, zero value otherwise.
+func (a *AuditEntryData) GetOldName() string {
+	if a == nil || a.OldName == nil {
+		return ""
+	}
+	return *a.OldName
+}
+
 // GetApp returns the App field.
 func (a *Authorization) GetApp() *AuthorizationApp {
 	if a == nil {
@@ -1846,6 +1886,22 @@ func (a *AutolinkOptions) GetURLTemplate() string {
 	return *a.URLTemplate
 }
 
+// GetEnabled returns the Enabled field if it's non-nil, zero value otherwise.
+func (a *AutomatedSecurityFixes) GetEnabled() bool {
+	if a == nil || a.Enabled == nil {
+		return false
+	}
+	return *a.Enabled
+}
+
+// GetPaused returns the Paused field if it's non-nil, zero value otherwise.
+func (a *AutomatedSecurityFixes) GetPaused() bool {
+	if a == nil || a.Paused == nil {
+		return false
+	}
+	return *a.Paused
+}
+
 // GetAppID returns the AppID field if it's non-nil, zero value otherwise.
 func (a *AutoTriggerCheck) GetAppID() int64 {
 	if a == nil || a.AppID == nil {
@@ -2238,6 +2294,14 @@ func (b *BypassActor) GetActorType() string {
 	return *b.ActorType
 }
 
+// GetBypassMode returns the BypassMode field if it's non-nil, zero value otherwise.
+func (b *BypassActor) GetBypassMode() string {
+	if b == nil || b.BypassMode == nil {
+		return ""
+	}
+	return *b.BypassMode
+}
+
 // GetApp returns the App field.
 func (c *CheckRun) GetApp() *App {
 	if c == nil {
@@ -2766,6 +2830,78 @@ func (c *CodeownersError) GetSuggestion() string {
 	return *c.Suggestion
 }
 
+// GetContentType returns the ContentType field if it's non-nil, zero value otherwise.
+func (c *CodeQLDatabase) GetContentType() string {
+	if c == nil || c.ContentType == nil {
+		return ""
+	}
+	return *c.ContentType
+}
+
+// GetCreatedAt returns the CreatedAt field if it's non-nil, zero value otherwise.
+func (c *CodeQLDatabase) GetCreatedAt() Timestamp {
+	if c == nil || c.CreatedAt == nil {
+		return Timestamp{}
+	}
+	return *c.CreatedAt
+}
+
+// GetID returns the ID field if it's non-nil, zero value otherwise.
+func (c *CodeQLDatabase) GetID() int64 {
+	if c == nil || c.ID == nil {
+		return 0
+	}
+	return *c.ID
+}
+
+// GetLanguage returns the Language field if it's non-nil, zero value otherwise.
+func (c *CodeQLDatabase) GetLanguage() string {
+	if c == nil || c.Language == nil {
+		return ""
+	}
+	return *c.Language
+}
+
+// GetName returns the Name field if it's non-nil, zero value otherwise.
+func (c *CodeQLDatabase) GetName() string {
+	if c == nil || c.Name == nil {
+		return ""
+	}
+	return *c.Name
+}
+
+// GetSize returns the Size field if it's non-nil, zero value otherwise.
+func (c *CodeQLDatabase) GetSize() int64 {
+	if c == nil || c.Size == nil {
+		return 0
+	}
+	return *c.Size
+}
+
+// GetUpdatedAt returns the UpdatedAt field if it's non-nil, zero value otherwise.
+func (c *CodeQLDatabase) GetUpdatedAt() Timestamp {
+	if c == nil || c.UpdatedAt == nil {
+		return Timestamp{}
+	}
+	return *c.UpdatedAt
+}
+
+// GetUploader returns the Uploader field.
+func (c *CodeQLDatabase) GetUploader() *User {
+	if c == nil {
+		return nil
+	}
+	return c.Uploader
+}
+
+// GetURL returns the URL field if it's non-nil, zero value otherwise.
+func (c *CodeQLDatabase) GetURL() string {
+	if c == nil || c.URL == nil {
+		return ""
+	}
+	return *c.URL
+}
+
 // GetHTMLURL returns the HTMLURL field if it's non-nil, zero value otherwise.
 func (c *CodeResult) GetHTMLURL() string {
 	if c == nil || c.HTMLURL == nil {
@@ -4662,6 +4798,102 @@ func (c *CreateUserProjectOptions) GetBody() string {
 	return *c.Body
 }
 
+// GetCreated returns the Created field if it's non-nil, zero value otherwise.
+func (c *CreationInfo) GetCreated() Timestamp {
+	if c == nil || c.Created == nil {
+		return Timestamp{}
+	}
+	return *c.Created
+}
+
+// GetAuthorizedCredentialExpiresAt returns the AuthorizedCredentialExpiresAt field if it's non-nil, zero value otherwise.
+func (c *CredentialAuthorization) GetAuthorizedCredentialExpiresAt() Timestamp {
+	if c == nil || c.AuthorizedCredentialExpiresAt == nil {
+		return Timestamp{}
+	}
+	return *c.AuthorizedCredentialExpiresAt
+}
+
+// GetAuthorizedCredentialID returns the AuthorizedCredentialID field if it's non-nil, zero value otherwise.
+func (c *CredentialAuthorization) GetAuthorizedCredentialID() int64 {
+	if c == nil || c.AuthorizedCredentialID == nil {
+		return 0
+	}
+	return *c.AuthorizedCredentialID
+}
+
+// GetAuthorizedCredentialNote returns the AuthorizedCredentialNote field if it's non-nil, zero value otherwise.
+func (c *CredentialAuthorization) GetAuthorizedCredentialNote() string {
+	if c == nil || c.AuthorizedCredentialNote == nil {
+		return ""
+	}
+	return *c.AuthorizedCredentialNote
+}
+
+// GetAuthorizedCredentialTitle returns the AuthorizedCredentialTitle field if it's non-nil, zero value otherwise.
+func (c *CredentialAuthorization) GetAuthorizedCredentialTitle() string {
+	if c == nil || c.AuthorizedCredentialTitle == nil {
+		return ""
+	}
+	return *c.AuthorizedCredentialTitle
+}
+
+// GetCredentialAccessedAt returns the CredentialAccessedAt field if it's non-nil, zero value otherwise.
+func (c *CredentialAuthorization) GetCredentialAccessedAt() Timestamp {
+	if c == nil || c.CredentialAccessedAt == nil {
+		return Timestamp{}
+	}
+	return *c.CredentialAccessedAt
+}
+
+// GetCredentialAuthorizedAt returns the CredentialAuthorizedAt field if it's non-nil, zero value otherwise.
+func (c *CredentialAuthorization) GetCredentialAuthorizedAt() Timestamp {
+	if c == nil || c.CredentialAuthorizedAt == nil {
+		return Timestamp{}
+	}
+	return *c.CredentialAuthorizedAt
+}
+
+// GetCredentialID returns the CredentialID field if it's non-nil, zero value otherwise.
+func (c *CredentialAuthorization) GetCredentialID() int64 {
+	if c == nil || c.CredentialID == nil {
+		return 0
+	}
+	return *c.CredentialID
+}
+
+// GetCredentialType returns the CredentialType field if it's non-nil, zero value otherwise.
+func (c *CredentialAuthorization) GetCredentialType() string {
+	if c == nil || c.CredentialType == nil {
+		return ""
+	}
+	return *c.CredentialType
+}
+
+// GetFingerprint returns the Fingerprint field if it's non-nil, zero value otherwise.
+func (c *CredentialAuthorization) GetFingerprint() string {
+	if c == nil || c.Fingerprint == nil {
+		return ""
+	}
+	return *c.Fingerprint
+}
+
+// GetLogin returns the Login field if it's non-nil, zero value otherwise.
+func (c *CredentialAuthorization) GetLogin() string {
+	if c == nil || c.Login == nil {
+		return ""
+	}
+	return *c.Login
+}
+
+// GetTokenLastEight returns the TokenLastEight field if it's non-nil, zero value otherwise.
+func (c *CredentialAuthorization) GetTokenLastEight() string {
+	if c == nil || c.TokenLastEight == nil {
+		return ""
+	}
+	return *c.TokenLastEight
+}
+
 // GetBaseRole returns the BaseRole field if it's non-nil, zero value otherwise.
 func (c *CustomRepoRoles) GetBaseRole() string {
 	if c == nil || c.BaseRole == nil {
@@ -4718,6 +4950,22 @@ func (d *DefaultSetupConfiguration) GetUpdatedAt() Timestamp {
 	return *d.UpdatedAt
 }
 
+// GetConfirmDeleteURL returns the ConfirmDeleteURL field if it's non-nil, zero value otherwise.
+func (d *DeleteAnalysis) GetConfirmDeleteURL() string {
+	if d == nil || d.ConfirmDeleteURL == nil {
+		return ""
+	}
+	return *d.ConfirmDeleteURL
+}
+
+// GetNextAnalysisURL returns the NextAnalysisURL field if it's non-nil, zero value otherwise.
+func (d *DeleteAnalysis) GetNextAnalysisURL() string {
+	if d == nil || d.NextAnalysisURL == nil {
+		return ""
+	}
+	return *d.NextAnalysisURL
+}
+
 // GetInstallation returns the Installation field.
 func (d *DeleteEvent) GetInstallation() *Installation {
 	if d == nil {
@@ -4766,6 +5014,14 @@ func (d *DeleteEvent) GetSender() *User {
 	return d.Sender
 }
 
+// GetAutoDismissedAt returns the AutoDismissedAt field if it's non-nil, zero value otherwise.
+func (d *DependabotAlert) GetAutoDismissedAt() Timestamp {
+	if d == nil || d.AutoDismissedAt == nil {
+		return Timestamp{}
+	}
+	return *d.AutoDismissedAt
+}
+
 // GetCreatedAt returns the CreatedAt field if it's non-nil, zero value otherwise.
 func (d *DependabotAlert) GetCreatedAt() Timestamp {
 	if d == nil || d.CreatedAt == nil {
@@ -4886,6 +5142,62 @@ func (d *DependabotAlert) GetURL() string {
 	return *d.URL
 }
 
+// GetAction returns the Action field if it's non-nil, zero value otherwise.
+func (d *DependabotAlertEvent) GetAction() string {
+	if d == nil || d.Action == nil {
+		return ""
+	}
+	return *d.Action
+}
+
+// GetAlert returns the Alert field.
+func (d *DependabotAlertEvent) GetAlert() *DependabotAlert {
+	if d == nil {
+		return nil
+	}
+	return d.Alert
+}
+
+// GetEnterprise returns the Enterprise field.
+func (d *DependabotAlertEvent) GetEnterprise() *Enterprise {
+	if d == nil {
+		return nil
+	}
+	return d.Enterprise
+}
+
+// GetInstallation returns the Installation field.
+func (d *DependabotAlertEvent) GetInstallation() *Installation {
+	if d == nil {
+		return nil
+	}
+	return d.Installation
+}
+
+// GetOrganization returns the Organization field.
+func (d *DependabotAlertEvent) GetOrganization() *Organization {
+	if d == nil {
+		return nil
+	}
+	return d.Organization
+}
+
+// GetRepo returns the Repo field.
+func (d *DependabotAlertEvent) GetRepo() *Repository {
+	if d == nil {
+		return nil
+	}
+	return d.Repo
+}
+
+// GetSender returns the Sender field.
+func (d *DependabotAlertEvent) GetSender() *User {
+	if d == nil {
+		return nil
+	}
+	return d.Sender
+}
+
 // GetCVEID returns the CVEID field if it's non-nil, zero value otherwise.
 func (d *DependabotSecurityAdvisory) GetCVEID() string {
 	if d == nil || d.CVEID == nil {
@@ -4894,12 +5206,12 @@ func (d *DependabotSecurityAdvisory) GetCVEID() string {
 	return *d.CVEID
 }
 
-// GetCVSs returns the CVSs field.
-func (d *DependabotSecurityAdvisory) GetCVSs() *AdvisoryCVSs {
+// GetCVSS returns the CVSS field.
+func (d *DependabotSecurityAdvisory) GetCVSS() *AdvisoryCVSS {
 	if d == nil {
 		return nil
 	}
-	return d.CVSs
+	return d.CVSS
 }
 
 // GetDescription returns the Description field if it's non-nil, zero value otherwise.
@@ -4958,6 +5270,14 @@ func (d *DependabotSecurityAdvisory) GetWithdrawnAt() Timestamp {
 	return *d.WithdrawnAt
 }
 
+// GetStatus returns the Status field if it's non-nil, zero value otherwise.
+func (d *DependabotSecurityUpdates) GetStatus() string {
+	if d == nil || d.Status == nil {
+		return ""
+	}
+	return *d.Status
+}
+
 // GetManifestPath returns the ManifestPath field if it's non-nil, zero value otherwise.
 func (d *Dependency) GetManifestPath() string {
 	if d == nil || d.ManifestPath == nil {
@@ -5206,6 +5526,22 @@ func (d *DeploymentEvent) GetSender() *User {
 	return d.Sender
 }
 
+// GetWorkflow returns the Workflow field.
+func (d *DeploymentEvent) GetWorkflow() *Workflow {
+	if d == nil {
+		return nil
+	}
+	return d.Workflow
+}
+
+// GetWorkflowRun returns the WorkflowRun field.
+func (d *DeploymentEvent) GetWorkflowRun() *WorkflowRun {
+	if d == nil {
+		return nil
+	}
+	return d.WorkflowRun
+}
+
 // GetAction returns the Action field if it's non-nil, zero value otherwise.
 func (d *DeploymentProtectionRuleEvent) GetAction() string {
 	if d == nil || d.Action == nil {
@@ -8030,6 +8366,22 @@ func (i *Installation) GetUpdatedAt() Timestamp {
 	return *i.UpdatedAt
 }
 
+// GetLogin returns the Login field.
+func (i *InstallationChanges) GetLogin() *InstallationLoginChange {
+	if i == nil {
+		return nil
+	}
+	return i.Login
+}
+
+// GetSlug returns the Slug field.
+func (i *InstallationChanges) GetSlug() *InstallationSlugChange {
+	if i == nil {
+		return nil
+	}
+	return i.Slug
+}
+
 // GetAction returns the Action field if it's non-nil, zero value otherwise.
 func (i *InstallationEvent) GetAction() string {
 	if i == nil || i.Action == nil {
@@ -8062,6 +8414,14 @@ func (i *InstallationEvent) GetSender() *User {
 	return i.Sender
 }
 
+// GetFrom returns the From field if it's non-nil, zero value otherwise.
+func (i *InstallationLoginChange) GetFrom() string {
+	if i == nil || i.From == nil {
+		return ""
+	}
+	return *i.From
+}
+
 // GetActions returns the Actions field if it's non-nil, zero value otherwise.
 func (i *InstallationPermissions) GetActions() string {
 	if i == nil || i.Actions == nil {
@@ -8390,24 +8750,104 @@ func (i *InstallationRepositoriesEvent) GetSender() *User {
 	return i.Sender
 }
 
-// GetExpiresAt returns the ExpiresAt field if it's non-nil, zero value otherwise.
-func (i *InstallationToken) GetExpiresAt() Timestamp {
-	if i == nil || i.ExpiresAt == nil {
-		return Timestamp{}
+// GetFrom returns the From field if it's non-nil, zero value otherwise.
+func (i *InstallationSlugChange) GetFrom() string {
+	if i == nil || i.From == nil {
+		return ""
 	}
-	return *i.ExpiresAt
+	return *i.From
 }
 
-// GetPermissions returns the Permissions field.
-func (i *InstallationToken) GetPermissions() *InstallationPermissions {
+// GetAccount returns the Account field.
+func (i *InstallationTargetEvent) GetAccount() *User {
 	if i == nil {
 		return nil
 	}
-	return i.Permissions
+	return i.Account
 }
 
-// GetToken returns the Token field if it's non-nil, zero value otherwise.
-func (i *InstallationToken) GetToken() string {
+// GetAction returns the Action field if it's non-nil, zero value otherwise.
+func (i *InstallationTargetEvent) GetAction() string {
+	if i == nil || i.Action == nil {
+		return ""
+	}
+	return *i.Action
+}
+
+// GetChanges returns the Changes field.
+func (i *InstallationTargetEvent) GetChanges() *InstallationChanges {
+	if i == nil {
+		return nil
+	}
+	return i.Changes
+}
+
+// GetEnterprise returns the Enterprise field.
+func (i *InstallationTargetEvent) GetEnterprise() *Enterprise {
+	if i == nil {
+		return nil
+	}
+	return i.Enterprise
+}
+
+// GetInstallation returns the Installation field.
+func (i *InstallationTargetEvent) GetInstallation() *Installation {
+	if i == nil {
+		return nil
+	}
+	return i.Installation
+}
+
+// GetOrganization returns the Organization field.
+func (i *InstallationTargetEvent) GetOrganization() *Organization {
+	if i == nil {
+		return nil
+	}
+	return i.Organization
+}
+
+// GetRepository returns the Repository field.
+func (i *InstallationTargetEvent) GetRepository() *Repository {
+	if i == nil {
+		return nil
+	}
+	return i.Repository
+}
+
+// GetSender returns the Sender field.
+func (i *InstallationTargetEvent) GetSender() *User {
+	if i == nil {
+		return nil
+	}
+	return i.Sender
+}
+
+// GetTargetType returns the TargetType field if it's non-nil, zero value otherwise.
+func (i *InstallationTargetEvent) GetTargetType() string {
+	if i == nil || i.TargetType == nil {
+		return ""
+	}
+	return *i.TargetType
+}
+
+// GetExpiresAt returns the ExpiresAt field if it's non-nil, zero value otherwise.
+func (i *InstallationToken) GetExpiresAt() Timestamp {
+	if i == nil || i.ExpiresAt == nil {
+		return Timestamp{}
+	}
+	return *i.ExpiresAt
+}
+
+// GetPermissions returns the Permissions field.
+func (i *InstallationToken) GetPermissions() *InstallationPermissions {
+	if i == nil {
+		return nil
+	}
+	return i.Permissions
+}
+
+// GetToken returns the Token field if it's non-nil, zero value otherwise.
+func (i *InstallationToken) GetToken() string {
 	if i == nil || i.Token == nil {
 		return ""
 	}
@@ -9406,6 +9846,14 @@ func (j *JITRunnerConfig) GetEncodedJITConfig() string {
 	return *j.EncodedJITConfig
 }
 
+// GetRunner returns the Runner field.
+func (j *JITRunnerConfig) GetRunner() *Runner {
+	if j == nil {
+		return nil
+	}
+	return j.Runner
+}
+
 // GetTotalCount returns the TotalCount field if it's non-nil, zero value otherwise.
 func (j *Jobs) GetTotalCount() int {
 	if j == nil || j.TotalCount == nil {
@@ -11022,6 +11470,14 @@ func (m *MostRecentInstance) GetAnalysisKey() string {
 	return *m.AnalysisKey
 }
 
+// GetCategory returns the Category field if it's non-nil, zero value otherwise.
+func (m *MostRecentInstance) GetCategory() string {
+	if m == nil || m.Category == nil {
+		return ""
+	}
+	return *m.Category
+}
+
 // GetCommitSHA returns the CommitSHA field if it's non-nil, zero value otherwise.
 func (m *MostRecentInstance) GetCommitSHA() string {
 	if m == nil || m.CommitSHA == nil {
@@ -11038,6 +11494,14 @@ func (m *MostRecentInstance) GetEnvironment() string {
 	return *m.Environment
 }
 
+// GetHTMLURL returns the HTMLURL field if it's non-nil, zero value otherwise.
+func (m *MostRecentInstance) GetHTMLURL() string {
+	if m == nil || m.HTMLURL == nil {
+		return ""
+	}
+	return *m.HTMLURL
+}
+
 // GetLocation returns the Location field.
 func (m *MostRecentInstance) GetLocation() *Location {
 	if m == nil {
@@ -11102,6 +11566,14 @@ func (n *NewPullRequest) GetHead() string {
 	return *n.Head
 }
 
+// GetHeadRepo returns the HeadRepo field if it's non-nil, zero value otherwise.
+func (n *NewPullRequest) GetHeadRepo() string {
+	if n == nil || n.HeadRepo == nil {
+		return ""
+	}
+	return *n.HeadRepo
+}
+
 // GetIssue returns the Issue field if it's non-nil, zero value otherwise.
 func (n *NewPullRequest) GetIssue() int {
 	if n == nil || n.Issue == nil {
@@ -13126,6 +13598,158 @@ func (p *PagesUpdate) GetSource() *PagesSource {
 	return p.Source
 }
 
+// GetOrg returns the Org map if it's non-nil, an empty map otherwise.
+func (p *PersonalAccessTokenPermissions) GetOrg() map[string]string {
+	if p == nil || p.Org == nil {
+		return map[string]string{}
+	}
+	return p.Org
+}
+
+// GetOther returns the Other map if it's non-nil, an empty map otherwise.
+func (p *PersonalAccessTokenPermissions) GetOther() map[string]string {
+	if p == nil || p.Other == nil {
+		return map[string]string{}
+	}
+	return p.Other
+}
+
+// GetRepo returns the Repo map if it's non-nil, an empty map otherwise.
+func (p *PersonalAccessTokenPermissions) GetRepo() map[string]string {
+	if p == nil || p.Repo == nil {
+		return map[string]string{}
+	}
+	return p.Repo
+}
+
+// GetCreatedAt returns the CreatedAt field if it's non-nil, zero value otherwise.
+func (p *PersonalAccessTokenRequest) GetCreatedAt() Timestamp {
+	if p == nil || p.CreatedAt == nil {
+		return Timestamp{}
+	}
+	return *p.CreatedAt
+}
+
+// GetID returns the ID field if it's non-nil, zero value otherwise.
+func (p *PersonalAccessTokenRequest) GetID() int64 {
+	if p == nil || p.ID == nil {
+		return 0
+	}
+	return *p.ID
+}
+
+// GetOwner returns the Owner field.
+func (p *PersonalAccessTokenRequest) GetOwner() *User {
+	if p == nil {
+		return nil
+	}
+	return p.Owner
+}
+
+// GetPermissionsAdded returns the PermissionsAdded field.
+func (p *PersonalAccessTokenRequest) GetPermissionsAdded() *PersonalAccessTokenPermissions {
+	if p == nil {
+		return nil
+	}
+	return p.PermissionsAdded
+}
+
+// GetPermissionsResult returns the PermissionsResult field.
+func (p *PersonalAccessTokenRequest) GetPermissionsResult() *PersonalAccessTokenPermissions {
+	if p == nil {
+		return nil
+	}
+	return p.PermissionsResult
+}
+
+// GetPermissionsUpgraded returns the PermissionsUpgraded field.
+func (p *PersonalAccessTokenRequest) GetPermissionsUpgraded() *PersonalAccessTokenPermissions {
+	if p == nil {
+		return nil
+	}
+	return p.PermissionsUpgraded
+}
+
+// GetRepositoryCount returns the RepositoryCount field if it's non-nil, zero value otherwise.
+func (p *PersonalAccessTokenRequest) GetRepositoryCount() int64 {
+	if p == nil || p.RepositoryCount == nil {
+		return 0
+	}
+	return *p.RepositoryCount
+}
+
+// GetRepositorySelection returns the RepositorySelection field if it's non-nil, zero value otherwise.
+func (p *PersonalAccessTokenRequest) GetRepositorySelection() string {
+	if p == nil || p.RepositorySelection == nil {
+		return ""
+	}
+	return *p.RepositorySelection
+}
+
+// GetTokenExpired returns the TokenExpired field if it's non-nil, zero value otherwise.
+func (p *PersonalAccessTokenRequest) GetTokenExpired() bool {
+	if p == nil || p.TokenExpired == nil {
+		return false
+	}
+	return *p.TokenExpired
+}
+
+// GetTokenExpiresAt returns the TokenExpiresAt field if it's non-nil, zero value otherwise.
+func (p *PersonalAccessTokenRequest) GetTokenExpiresAt() Timestamp {
+	if p == nil || p.TokenExpiresAt == nil {
+		return Timestamp{}
+	}
+	return *p.TokenExpiresAt
+}
+
+// GetTokenLastUsedAt returns the TokenLastUsedAt field if it's non-nil, zero value otherwise.
+func (p *PersonalAccessTokenRequest) GetTokenLastUsedAt() Timestamp {
+	if p == nil || p.TokenLastUsedAt == nil {
+		return Timestamp{}
+	}
+	return *p.TokenLastUsedAt
+}
+
+// GetAction returns the Action field if it's non-nil, zero value otherwise.
+func (p *PersonalAccessTokenRequestEvent) GetAction() string {
+	if p == nil || p.Action == nil {
+		return ""
+	}
+	return *p.Action
+}
+
+// GetInstallation returns the Installation field.
+func (p *PersonalAccessTokenRequestEvent) GetInstallation() *Installation {
+	if p == nil {
+		return nil
+	}
+	return p.Installation
+}
+
+// GetOrg returns the Org field.
+func (p *PersonalAccessTokenRequestEvent) GetOrg() *Organization {
+	if p == nil {
+		return nil
+	}
+	return p.Org
+}
+
+// GetPersonalAccessTokenRequest returns the PersonalAccessTokenRequest field.
+func (p *PersonalAccessTokenRequestEvent) GetPersonalAccessTokenRequest() *PersonalAccessTokenRequest {
+	if p == nil {
+		return nil
+	}
+	return p.PersonalAccessTokenRequest
+}
+
+// GetSender returns the Sender field.
+func (p *PersonalAccessTokenRequestEvent) GetSender() *User {
+	if p == nil {
+		return nil
+	}
+	return p.Sender
+}
+
 // GetHook returns the Hook field.
 func (p *PingEvent) GetHook() *Hook {
 	if p == nil {
@@ -13947,39 +14571,319 @@ func (p *ProjectOptions) GetOrganizationPermission() string {
 	if p == nil || p.OrganizationPermission == nil {
 		return ""
 	}
-	return *p.OrganizationPermission
+	return *p.OrganizationPermission
+}
+
+// GetPrivate returns the Private field if it's non-nil, zero value otherwise.
+func (p *ProjectOptions) GetPrivate() bool {
+	if p == nil || p.Private == nil {
+		return false
+	}
+	return *p.Private
+}
+
+// GetState returns the State field if it's non-nil, zero value otherwise.
+func (p *ProjectOptions) GetState() string {
+	if p == nil || p.State == nil {
+		return ""
+	}
+	return *p.State
+}
+
+// GetPermission returns the Permission field if it's non-nil, zero value otherwise.
+func (p *ProjectPermissionLevel) GetPermission() string {
+	if p == nil || p.Permission == nil {
+		return ""
+	}
+	return *p.Permission
+}
+
+// GetUser returns the User field.
+func (p *ProjectPermissionLevel) GetUser() *User {
+	if p == nil {
+		return nil
+	}
+	return p.User
+}
+
+// GetClosedAt returns the ClosedAt field if it's non-nil, zero value otherwise.
+func (p *ProjectsV2) GetClosedAt() Timestamp {
+	if p == nil || p.ClosedAt == nil {
+		return Timestamp{}
+	}
+	return *p.ClosedAt
+}
+
+// GetCreatedAt returns the CreatedAt field if it's non-nil, zero value otherwise.
+func (p *ProjectsV2) GetCreatedAt() Timestamp {
+	if p == nil || p.CreatedAt == nil {
+		return Timestamp{}
+	}
+	return *p.CreatedAt
+}
+
+// GetCreator returns the Creator field.
+func (p *ProjectsV2) GetCreator() *User {
+	if p == nil {
+		return nil
+	}
+	return p.Creator
+}
+
+// GetDeletedAt returns the DeletedAt field if it's non-nil, zero value otherwise.
+func (p *ProjectsV2) GetDeletedAt() Timestamp {
+	if p == nil || p.DeletedAt == nil {
+		return Timestamp{}
+	}
+	return *p.DeletedAt
+}
+
+// GetDeletedBy returns the DeletedBy field.
+func (p *ProjectsV2) GetDeletedBy() *User {
+	if p == nil {
+		return nil
+	}
+	return p.DeletedBy
+}
+
+// GetDescription returns the Description field if it's non-nil, zero value otherwise.
+func (p *ProjectsV2) GetDescription() string {
+	if p == nil || p.Description == nil {
+		return ""
+	}
+	return *p.Description
+}
+
+// GetID returns the ID field if it's non-nil, zero value otherwise.
+func (p *ProjectsV2) GetID() int64 {
+	if p == nil || p.ID == nil {
+		return 0
+	}
+	return *p.ID
+}
+
+// GetNodeID returns the NodeID field if it's non-nil, zero value otherwise.
+func (p *ProjectsV2) GetNodeID() string {
+	if p == nil || p.NodeID == nil {
+		return ""
+	}
+	return *p.NodeID
+}
+
+// GetNumber returns the Number field if it's non-nil, zero value otherwise.
+func (p *ProjectsV2) GetNumber() int {
+	if p == nil || p.Number == nil {
+		return 0
+	}
+	return *p.Number
+}
+
+// GetOwner returns the Owner field.
+func (p *ProjectsV2) GetOwner() *User {
+	if p == nil {
+		return nil
+	}
+	return p.Owner
+}
+
+// GetPublic returns the Public field if it's non-nil, zero value otherwise.
+func (p *ProjectsV2) GetPublic() bool {
+	if p == nil || p.Public == nil {
+		return false
+	}
+	return *p.Public
+}
+
+// GetShortDescription returns the ShortDescription field if it's non-nil, zero value otherwise.
+func (p *ProjectsV2) GetShortDescription() string {
+	if p == nil || p.ShortDescription == nil {
+		return ""
+	}
+	return *p.ShortDescription
+}
+
+// GetTitle returns the Title field if it's non-nil, zero value otherwise.
+func (p *ProjectsV2) GetTitle() string {
+	if p == nil || p.Title == nil {
+		return ""
+	}
+	return *p.Title
+}
+
+// GetUpdatedAt returns the UpdatedAt field if it's non-nil, zero value otherwise.
+func (p *ProjectsV2) GetUpdatedAt() Timestamp {
+	if p == nil || p.UpdatedAt == nil {
+		return Timestamp{}
+	}
+	return *p.UpdatedAt
+}
+
+// GetAction returns the Action field if it's non-nil, zero value otherwise.
+func (p *ProjectV2Event) GetAction() string {
+	if p == nil || p.Action == nil {
+		return ""
+	}
+	return *p.Action
+}
+
+// GetInstallation returns the Installation field.
+func (p *ProjectV2Event) GetInstallation() *Installation {
+	if p == nil {
+		return nil
+	}
+	return p.Installation
+}
+
+// GetOrg returns the Org field.
+func (p *ProjectV2Event) GetOrg() *Organization {
+	if p == nil {
+		return nil
+	}
+	return p.Org
+}
+
+// GetProjectsV2 returns the ProjectsV2 field.
+func (p *ProjectV2Event) GetProjectsV2() *ProjectsV2 {
+	if p == nil {
+		return nil
+	}
+	return p.ProjectsV2
+}
+
+// GetSender returns the Sender field.
+func (p *ProjectV2Event) GetSender() *User {
+	if p == nil {
+		return nil
+	}
+	return p.Sender
+}
+
+// GetArchivedAt returns the ArchivedAt field if it's non-nil, zero value otherwise.
+func (p *ProjectV2Item) GetArchivedAt() Timestamp {
+	if p == nil || p.ArchivedAt == nil {
+		return Timestamp{}
+	}
+	return *p.ArchivedAt
+}
+
+// GetContentNodeID returns the ContentNodeID field if it's non-nil, zero value otherwise.
+func (p *ProjectV2Item) GetContentNodeID() string {
+	if p == nil || p.ContentNodeID == nil {
+		return ""
+	}
+	return *p.ContentNodeID
+}
+
+// GetContentType returns the ContentType field if it's non-nil, zero value otherwise.
+func (p *ProjectV2Item) GetContentType() string {
+	if p == nil || p.ContentType == nil {
+		return ""
+	}
+	return *p.ContentType
+}
+
+// GetCreatedAt returns the CreatedAt field if it's non-nil, zero value otherwise.
+func (p *ProjectV2Item) GetCreatedAt() Timestamp {
+	if p == nil || p.CreatedAt == nil {
+		return Timestamp{}
+	}
+	return *p.CreatedAt
+}
+
+// GetCreator returns the Creator field.
+func (p *ProjectV2Item) GetCreator() *User {
+	if p == nil {
+		return nil
+	}
+	return p.Creator
+}
+
+// GetID returns the ID field if it's non-nil, zero value otherwise.
+func (p *ProjectV2Item) GetID() int64 {
+	if p == nil || p.ID == nil {
+		return 0
+	}
+	return *p.ID
+}
+
+// GetNodeID returns the NodeID field if it's non-nil, zero value otherwise.
+func (p *ProjectV2Item) GetNodeID() string {
+	if p == nil || p.NodeID == nil {
+		return ""
+	}
+	return *p.NodeID
+}
+
+// GetProjectNodeID returns the ProjectNodeID field if it's non-nil, zero value otherwise.
+func (p *ProjectV2Item) GetProjectNodeID() string {
+	if p == nil || p.ProjectNodeID == nil {
+		return ""
+	}
+	return *p.ProjectNodeID
+}
+
+// GetUpdatedAt returns the UpdatedAt field if it's non-nil, zero value otherwise.
+func (p *ProjectV2Item) GetUpdatedAt() Timestamp {
+	if p == nil || p.UpdatedAt == nil {
+		return Timestamp{}
+	}
+	return *p.UpdatedAt
+}
+
+// GetArchivedAt returns the ArchivedAt field.
+func (p *ProjectV2ItemChange) GetArchivedAt() *ArchivedAt {
+	if p == nil {
+		return nil
+	}
+	return p.ArchivedAt
+}
+
+// GetAction returns the Action field if it's non-nil, zero value otherwise.
+func (p *ProjectV2ItemEvent) GetAction() string {
+	if p == nil || p.Action == nil {
+		return ""
+	}
+	return *p.Action
+}
+
+// GetChanges returns the Changes field.
+func (p *ProjectV2ItemEvent) GetChanges() *ProjectV2ItemChange {
+	if p == nil {
+		return nil
+	}
+	return p.Changes
 }
 
-// GetPrivate returns the Private field if it's non-nil, zero value otherwise.
-func (p *ProjectOptions) GetPrivate() bool {
-	if p == nil || p.Private == nil {
-		return false
+// GetInstallation returns the Installation field.
+func (p *ProjectV2ItemEvent) GetInstallation() *Installation {
+	if p == nil {
+		return nil
 	}
-	return *p.Private
+	return p.Installation
 }
 
-// GetState returns the State field if it's non-nil, zero value otherwise.
-func (p *ProjectOptions) GetState() string {
-	if p == nil || p.State == nil {
-		return ""
+// GetOrg returns the Org field.
+func (p *ProjectV2ItemEvent) GetOrg() *Organization {
+	if p == nil {
+		return nil
 	}
-	return *p.State
+	return p.Org
 }
 
-// GetPermission returns the Permission field if it's non-nil, zero value otherwise.
-func (p *ProjectPermissionLevel) GetPermission() string {
-	if p == nil || p.Permission == nil {
-		return ""
+// GetProjectV2Item returns the ProjectV2Item field.
+func (p *ProjectV2ItemEvent) GetProjectV2Item() *ProjectV2Item {
+	if p == nil {
+		return nil
 	}
-	return *p.Permission
+	return p.ProjectV2Item
 }
 
-// GetUser returns the User field.
-func (p *ProjectPermissionLevel) GetUser() *User {
+// GetSender returns the Sender field.
+func (p *ProjectV2ItemEvent) GetSender() *User {
 	if p == nil {
 		return nil
 	}
-	return p.User
+	return p.Sender
 }
 
 // GetAllowDeletions returns the AllowDeletions field.
@@ -14982,6 +15886,14 @@ func (p *PullRequestComment) GetStartSide() string {
 	return *p.StartSide
 }
 
+// GetSubjectType returns the SubjectType field if it's non-nil, zero value otherwise.
+func (p *PullRequestComment) GetSubjectType() string {
+	if p == nil || p.SubjectType == nil {
+		return ""
+	}
+	return *p.SubjectType
+}
+
 // GetUpdatedAt returns the UpdatedAt field if it's non-nil, zero value otherwise.
 func (p *PullRequestComment) GetUpdatedAt() Timestamp {
 	if p == nil || p.UpdatedAt == nil {
@@ -16606,6 +17518,62 @@ func (r *RenameOrgResponse) GetURL() string {
 	return *r.URL
 }
 
+// GetDownloadLocation returns the DownloadLocation field if it's non-nil, zero value otherwise.
+func (r *RepoDependencies) GetDownloadLocation() string {
+	if r == nil || r.DownloadLocation == nil {
+		return ""
+	}
+	return *r.DownloadLocation
+}
+
+// GetFilesAnalyzed returns the FilesAnalyzed field if it's non-nil, zero value otherwise.
+func (r *RepoDependencies) GetFilesAnalyzed() bool {
+	if r == nil || r.FilesAnalyzed == nil {
+		return false
+	}
+	return *r.FilesAnalyzed
+}
+
+// GetLicenseConcluded returns the LicenseConcluded field if it's non-nil, zero value otherwise.
+func (r *RepoDependencies) GetLicenseConcluded() string {
+	if r == nil || r.LicenseConcluded == nil {
+		return ""
+	}
+	return *r.LicenseConcluded
+}
+
+// GetLicenseDeclared returns the LicenseDeclared field if it's non-nil, zero value otherwise.
+func (r *RepoDependencies) GetLicenseDeclared() string {
+	if r == nil || r.LicenseDeclared == nil {
+		return ""
+	}
+	return *r.LicenseDeclared
+}
+
+// GetName returns the Name field if it's non-nil, zero value otherwise.
+func (r *RepoDependencies) GetName() string {
+	if r == nil || r.Name == nil {
+		return ""
+	}
+	return *r.Name
+}
+
+// GetSPDXID returns the SPDXID field if it's non-nil, zero value otherwise.
+func (r *RepoDependencies) GetSPDXID() string {
+	if r == nil || r.SPDXID == nil {
+		return ""
+	}
+	return *r.SPDXID
+}
+
+// GetVersionInfo returns the VersionInfo field if it's non-nil, zero value otherwise.
+func (r *RepoDependencies) GetVersionInfo() string {
+	if r == nil || r.VersionInfo == nil {
+		return ""
+	}
+	return *r.VersionInfo
+}
+
 // GetBranch returns the Branch field if it's non-nil, zero value otherwise.
 func (r *RepoMergeUpstreamRequest) GetBranch() string {
 	if r == nil || r.Branch == nil {
@@ -17838,6 +18806,14 @@ func (r *RepositoryContent) GetSize() int {
 	return *r.Size
 }
 
+// GetSubmoduleGitURL returns the SubmoduleGitURL field if it's non-nil, zero value otherwise.
+func (r *RepositoryContent) GetSubmoduleGitURL() string {
+	if r == nil || r.SubmoduleGitURL == nil {
+		return ""
+	}
+	return *r.SubmoduleGitURL
+}
+
 // GetTarget returns the Target field if it's non-nil, zero value otherwise.
 func (r *RepositoryContent) GetTarget() string {
 	if r == nil || r.Target == nil {
@@ -18798,6 +19774,14 @@ func (r *ReviewersRequest) GetNodeID() string {
 	return *r.NodeID
 }
 
+// GetReason returns the Reason field if it's non-nil, zero value otherwise.
+func (r *ReviewPersonalAccessTokenRequestOptions) GetReason() string {
+	if r == nil || r.Reason == nil {
+		return ""
+	}
+	return *r.Reason
+}
+
 // GetDescription returns the Description field if it's non-nil, zero value otherwise.
 func (r *Rule) GetDescription() string {
 	if r == nil || r.Description == nil {
@@ -18878,14 +19862,6 @@ func (r *RuleRequiredStatusChecks) GetIntegrationID() int64 {
 	return *r.IntegrationID
 }
 
-// GetBypassMode returns the BypassMode field if it's non-nil, zero value otherwise.
-func (r *Ruleset) GetBypassMode() string {
-	if r == nil || r.BypassMode == nil {
-		return ""
-	}
-	return *r.BypassMode
-}
-
 // GetConditions returns the Conditions field.
 func (r *Ruleset) GetConditions() *RulesetConditions {
 	if r == nil {
@@ -18894,6 +19870,14 @@ func (r *Ruleset) GetConditions() *RulesetConditions {
 	return r.Conditions
 }
 
+// GetID returns the ID field if it's non-nil, zero value otherwise.
+func (r *Ruleset) GetID() int64 {
+	if r == nil || r.ID == nil {
+		return 0
+	}
+	return *r.ID
+}
+
 // GetLinks returns the Links field.
 func (r *Ruleset) GetLinks() *RulesetLinks {
 	if r == nil {
@@ -18934,8 +19918,16 @@ func (r *RulesetConditions) GetRefName() *RulesetRefConditionParameters {
 	return r.RefName
 }
 
+// GetRepositoryID returns the RepositoryID field.
+func (r *RulesetConditions) GetRepositoryID() *RulesetRepositoryIDsConditionParameters {
+	if r == nil {
+		return nil
+	}
+	return r.RepositoryID
+}
+
 // GetRepositoryName returns the RepositoryName field.
-func (r *RulesetConditions) GetRepositoryName() *RulesetRepositoryConditionParameters {
+func (r *RulesetConditions) GetRepositoryName() *RulesetRepositoryNamesConditionParameters {
 	if r == nil {
 		return nil
 	}
@@ -18959,7 +19951,7 @@ func (r *RulesetLinks) GetSelf() *RulesetLink {
 }
 
 // GetProtected returns the Protected field if it's non-nil, zero value otherwise.
-func (r *RulesetRepositoryConditionParameters) GetProtected() bool {
+func (r *RulesetRepositoryNamesConditionParameters) GetProtected() bool {
 	if r == nil || r.Protected == nil {
 		return false
 	}
@@ -19222,6 +20214,78 @@ func (s *SarifID) GetURL() string {
 	return *s.URL
 }
 
+// GetAnalysesURL returns the AnalysesURL field if it's non-nil, zero value otherwise.
+func (s *SARIFUpload) GetAnalysesURL() string {
+	if s == nil || s.AnalysesURL == nil {
+		return ""
+	}
+	return *s.AnalysesURL
+}
+
+// GetProcessingStatus returns the ProcessingStatus field if it's non-nil, zero value otherwise.
+func (s *SARIFUpload) GetProcessingStatus() string {
+	if s == nil || s.ProcessingStatus == nil {
+		return ""
+	}
+	return *s.ProcessingStatus
+}
+
+// GetSBOM returns the SBOM field.
+func (s *SBOM) GetSBOM() *SBOMInfo {
+	if s == nil {
+		return nil
+	}
+	return s.SBOM
+}
+
+// GetCreationInfo returns the CreationInfo field.
+func (s *SBOMInfo) GetCreationInfo() *CreationInfo {
+	if s == nil {
+		return nil
+	}
+	return s.CreationInfo
+}
+
+// GetDataLicense returns the DataLicense field if it's non-nil, zero value otherwise.
+func (s *SBOMInfo) GetDataLicense() string {
+	if s == nil || s.DataLicense == nil {
+		return ""
+	}
+	return *s.DataLicense
+}
+
+// GetDocumentNamespace returns the DocumentNamespace field if it's non-nil, zero value otherwise.
+func (s *SBOMInfo) GetDocumentNamespace() string {
+	if s == nil || s.DocumentNamespace == nil {
+		return ""
+	}
+	return *s.DocumentNamespace
+}
+
+// GetName returns the Name field if it's non-nil, zero value otherwise.
+func (s *SBOMInfo) GetName() string {
+	if s == nil || s.Name == nil {
+		return ""
+	}
+	return *s.Name
+}
+
+// GetSPDXID returns the SPDXID field if it's non-nil, zero value otherwise.
+func (s *SBOMInfo) GetSPDXID() string {
+	if s == nil || s.SPDXID == nil {
+		return ""
+	}
+	return *s.SPDXID
+}
+
+// GetSPDXVersion returns the SPDXVersion field if it's non-nil, zero value otherwise.
+func (s *SBOMInfo) GetSPDXVersion() string {
+	if s == nil || s.SPDXVersion == nil {
+		return ""
+	}
+	return *s.SPDXVersion
+}
+
 // GetAnalysisKey returns the AnalysisKey field if it's non-nil, zero value otherwise.
 func (s *ScanningAnalysis) GetAnalysisKey() string {
 	if s == nil || s.AnalysisKey == nil {
@@ -19502,6 +20566,14 @@ func (s *SecretScanningAlert) GetNumber() int {
 	return *s.Number
 }
 
+// GetRepository returns the Repository field.
+func (s *SecretScanningAlert) GetRepository() *Repository {
+	if s == nil {
+		return nil
+	}
+	return s.Repository
+}
+
 // GetResolution returns the Resolution field if it's non-nil, zero value otherwise.
 func (s *SecretScanningAlert) GetResolution() string {
 	if s == nil || s.Resolution == nil {
@@ -19542,6 +20614,14 @@ func (s *SecretScanningAlert) GetSecretType() string {
 	return *s.SecretType
 }
 
+// GetSecretTypeDisplayName returns the SecretTypeDisplayName field if it's non-nil, zero value otherwise.
+func (s *SecretScanningAlert) GetSecretTypeDisplayName() string {
+	if s == nil || s.SecretTypeDisplayName == nil {
+		return ""
+	}
+	return *s.SecretTypeDisplayName
+}
+
 // GetState returns the State field if it's non-nil, zero value otherwise.
 func (s *SecretScanningAlert) GetState() string {
 	if s == nil || s.State == nil {
@@ -19734,6 +20814,14 @@ func (s *SecretScanningPushProtection) GetStatus() string {
 	return *s.Status
 }
 
+// GetCVSS returns the CVSS field.
+func (s *SecurityAdvisory) GetCVSS() *AdvisoryCVSS {
+	if s == nil {
+		return nil
+	}
+	return s.CVSS
+}
+
 // GetDescription returns the Description field if it's non-nil, zero value otherwise.
 func (s *SecurityAdvisory) GetDescription() string {
 	if s == nil || s.Description == nil {
@@ -19798,6 +20886,38 @@ func (s *SecurityAdvisoryEvent) GetAction() string {
 	return *s.Action
 }
 
+// GetEnterprise returns the Enterprise field.
+func (s *SecurityAdvisoryEvent) GetEnterprise() *Enterprise {
+	if s == nil {
+		return nil
+	}
+	return s.Enterprise
+}
+
+// GetInstallation returns the Installation field.
+func (s *SecurityAdvisoryEvent) GetInstallation() *Installation {
+	if s == nil {
+		return nil
+	}
+	return s.Installation
+}
+
+// GetOrganization returns the Organization field.
+func (s *SecurityAdvisoryEvent) GetOrganization() *Organization {
+	if s == nil {
+		return nil
+	}
+	return s.Organization
+}
+
+// GetRepository returns the Repository field.
+func (s *SecurityAdvisoryEvent) GetRepository() *Repository {
+	if s == nil {
+		return nil
+	}
+	return s.Repository
+}
+
 // GetSecurityAdvisory returns the SecurityAdvisory field.
 func (s *SecurityAdvisoryEvent) GetSecurityAdvisory() *SecurityAdvisory {
 	if s == nil {
@@ -19806,6 +20926,14 @@ func (s *SecurityAdvisoryEvent) GetSecurityAdvisory() *SecurityAdvisory {
 	return s.SecurityAdvisory
 }
 
+// GetSender returns the Sender field.
+func (s *SecurityAdvisoryEvent) GetSender() *User {
+	if s == nil {
+		return nil
+	}
+	return s.Sender
+}
+
 // GetAdvancedSecurity returns the AdvancedSecurity field.
 func (s *SecurityAndAnalysis) GetAdvancedSecurity() *AdvancedSecurity {
 	if s == nil {
@@ -19814,6 +20942,14 @@ func (s *SecurityAndAnalysis) GetAdvancedSecurity() *AdvancedSecurity {
 	return s.AdvancedSecurity
 }
 
+// GetDependabotSecurityUpdates returns the DependabotSecurityUpdates field.
+func (s *SecurityAndAnalysis) GetDependabotSecurityUpdates() *DependabotSecurityUpdates {
+	if s == nil {
+		return nil
+	}
+	return s.DependabotSecurityUpdates
+}
+
 // GetSecretScanning returns the SecretScanning field.
 func (s *SecurityAndAnalysis) GetSecretScanning() *SecretScanning {
 	if s == nil {
@@ -19830,6 +20966,70 @@ func (s *SecurityAndAnalysis) GetSecretScanningPushProtection() *SecretScanningP
 	return s.SecretScanningPushProtection
 }
 
+// GetFrom returns the From field.
+func (s *SecurityAndAnalysisChange) GetFrom() *SecurityAndAnalysisChangeFrom {
+	if s == nil {
+		return nil
+	}
+	return s.From
+}
+
+// GetSecurityAndAnalysis returns the SecurityAndAnalysis field.
+func (s *SecurityAndAnalysisChangeFrom) GetSecurityAndAnalysis() *SecurityAndAnalysis {
+	if s == nil {
+		return nil
+	}
+	return s.SecurityAndAnalysis
+}
+
+// GetChanges returns the Changes field.
+func (s *SecurityAndAnalysisEvent) GetChanges() *SecurityAndAnalysisChange {
+	if s == nil {
+		return nil
+	}
+	return s.Changes
+}
+
+// GetEnterprise returns the Enterprise field.
+func (s *SecurityAndAnalysisEvent) GetEnterprise() *Enterprise {
+	if s == nil {
+		return nil
+	}
+	return s.Enterprise
+}
+
+// GetInstallation returns the Installation field.
+func (s *SecurityAndAnalysisEvent) GetInstallation() *Installation {
+	if s == nil {
+		return nil
+	}
+	return s.Installation
+}
+
+// GetOrganization returns the Organization field.
+func (s *SecurityAndAnalysisEvent) GetOrganization() *Organization {
+	if s == nil {
+		return nil
+	}
+	return s.Organization
+}
+
+// GetRepository returns the Repository field.
+func (s *SecurityAndAnalysisEvent) GetRepository() *Repository {
+	if s == nil {
+		return nil
+	}
+	return s.Repository
+}
+
+// GetSender returns the Sender field.
+func (s *SecurityAndAnalysisEvent) GetSender() *User {
+	if s == nil {
+		return nil
+	}
+	return s.Sender
+}
+
 // GetTotalCount returns the TotalCount field if it's non-nil, zero value otherwise.
 func (s *SelectedReposList) GetTotalCount() int {
 	if s == nil || s.TotalCount == nil {
@@ -23086,6 +24286,14 @@ func (w *WorkflowRun) GetStatus() string {
 	return *w.Status
 }
 
+// GetTriggeringActor returns the TriggeringActor field.
+func (w *WorkflowRun) GetTriggeringActor() *User {
+	if w == nil {
+		return nil
+	}
+	return w.TriggeringActor
+}
+
 // GetUpdatedAt returns the UpdatedAt field if it's non-nil, zero value otherwise.
 func (w *WorkflowRun) GetUpdatedAt() Timestamp {
 	if w == nil || w.UpdatedAt == nil {
diff --git a/vendor/github.com/google/go-github/v53/github/github.go b/vendor/github.com/google/go-github/v55/github/github.go
similarity index 91%
rename from vendor/github.com/google/go-github/v53/github/github.go
rename to vendor/github.com/google/go-github/v55/github/github.go
index 34a27282f0..df01144460 100644
--- a/vendor/github.com/google/go-github/v53/github/github.go
+++ b/vendor/github.com/google/go-github/v55/github/github.go
@@ -24,11 +24,10 @@ import (
 	"time"
 
 	"github.com/google/go-querystring/query"
-	"golang.org/x/oauth2"
 )
 
 const (
-	Version = "v53.2.0"
+	Version = "v55.0.0"
 
 	defaultAPIVersion = "2022-11-28"
 	defaultBaseURL    = "https://api.github.com/"
@@ -126,9 +125,6 @@ const (
 	// https://developer.github.com/changes/2019-04-24-vulnerability-alerts/
 	mediaTypeRequiredVulnerabilityAlertsPreview = "application/vnd.github.dorian-preview+json"
 
-	// https://developer.github.com/changes/2019-06-04-automated-security-fixes/
-	mediaTypeRequiredAutomatedSecurityFixesPreview = "application/vnd.github.london-preview+json"
-
 	// https://developer.github.com/changes/2019-05-29-update-branch-api/
 	mediaTypeUpdatePullRequestBranchPreview = "application/vnd.github.lydian-preview+json"
 
@@ -179,36 +175,38 @@ type Client struct {
 	common service // Reuse a single struct instead of allocating one for each service on the heap.
 
 	// Services used for talking to different parts of the GitHub API.
-	Actions        *ActionsService
-	Activity       *ActivityService
-	Admin          *AdminService
-	Apps           *AppsService
-	Authorizations *AuthorizationsService
-	Billing        *BillingService
-	Checks         *ChecksService
-	CodeScanning   *CodeScanningService
-	Codespaces     *CodespacesService
-	Dependabot     *DependabotService
-	Enterprise     *EnterpriseService
-	Gists          *GistsService
-	Git            *GitService
-	Gitignores     *GitignoresService
-	Interactions   *InteractionsService
-	IssueImport    *IssueImportService
-	Issues         *IssuesService
-	Licenses       *LicensesService
-	Marketplace    *MarketplaceService
-	Migrations     *MigrationService
-	Organizations  *OrganizationsService
-	Projects       *ProjectsService
-	PullRequests   *PullRequestsService
-	Reactions      *ReactionsService
-	Repositories   *RepositoriesService
-	SCIM           *SCIMService
-	Search         *SearchService
-	SecretScanning *SecretScanningService
-	Teams          *TeamsService
-	Users          *UsersService
+	Actions            *ActionsService
+	Activity           *ActivityService
+	Admin              *AdminService
+	Apps               *AppsService
+	Authorizations     *AuthorizationsService
+	Billing            *BillingService
+	Checks             *ChecksService
+	CodeScanning       *CodeScanningService
+	Codespaces         *CodespacesService
+	Dependabot         *DependabotService
+	DependencyGraph    *DependencyGraphService
+	Enterprise         *EnterpriseService
+	Gists              *GistsService
+	Git                *GitService
+	Gitignores         *GitignoresService
+	Interactions       *InteractionsService
+	IssueImport        *IssueImportService
+	Issues             *IssuesService
+	Licenses           *LicensesService
+	Marketplace        *MarketplaceService
+	Migrations         *MigrationService
+	Organizations      *OrganizationsService
+	Projects           *ProjectsService
+	PullRequests       *PullRequestsService
+	Reactions          *ReactionsService
+	Repositories       *RepositoriesService
+	SCIM               *SCIMService
+	Search             *SearchService
+	SecretScanning     *SecretScanningService
+	SecurityAdvisories *SecurityAdvisoriesService
+	Teams              *TeamsService
+	Users              *UsersService
 }
 
 type service struct {
@@ -307,16 +305,92 @@ func addOptions(s string, opts interface{}) (string, error) {
 
 // NewClient returns a new GitHub API client. If a nil httpClient is
 // provided, a new http.Client will be used. To use API methods which require
-// authentication, provide an http.Client that will perform the authentication
-// for you (such as that provided by the golang.org/x/oauth2 library).
+// authentication, either use Client.WithAuthToken or provide NewClient with
+// an http.Client that will perform the authentication for you (such as that
+// provided by the golang.org/x/oauth2 library).
 func NewClient(httpClient *http.Client) *Client {
-	if httpClient == nil {
-		httpClient = &http.Client{}
+	c := &Client{client: httpClient}
+	c.initialize()
+	return c
+}
+
+// WithAuthToken returns a copy of the client configured to use the provided token for the Authorization header.
+func (c *Client) WithAuthToken(token string) *Client {
+	c2 := c.copy()
+	defer c2.initialize()
+	transport := c2.client.Transport
+	if transport == nil {
+		transport = http.DefaultTransport
+	}
+	c2.client.Transport = roundTripperFunc(
+		func(req *http.Request) (*http.Response, error) {
+			req = req.Clone(req.Context())
+			req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token))
+			return transport.RoundTrip(req)
+		},
+	)
+	return c2
+}
+
+// WithEnterpriseURLs returns a copy of the client configured to use the provided base and
+// upload URLs. If the base URL does not have the suffix "/api/v3/", it will be added
+// automatically. If the upload URL does not have the suffix "/api/uploads", it will be
+// added automatically.
+//
+// Note that WithEnterpriseURLs is a convenience helper only;
+// its behavior is equivalent to setting the BaseURL and UploadURL fields.
+//
+// Another important thing is that by default, the GitHub Enterprise URL format
+// should be http(s)://[hostname]/api/v3/ or you will always receive the 406 status code.
+// The upload URL format should be http(s)://[hostname]/api/uploads/.
+func (c *Client) WithEnterpriseURLs(baseURL, uploadURL string) (*Client, error) {
+	c2 := c.copy()
+	defer c2.initialize()
+	var err error
+	c2.BaseURL, err = url.Parse(baseURL)
+	if err != nil {
+		return nil, err
+	}
+
+	if !strings.HasSuffix(c2.BaseURL.Path, "/") {
+		c2.BaseURL.Path += "/"
+	}
+	if !strings.HasSuffix(c2.BaseURL.Path, "/api/v3/") &&
+		!strings.HasPrefix(c2.BaseURL.Host, "api.") &&
+		!strings.Contains(c2.BaseURL.Host, ".api.") {
+		c2.BaseURL.Path += "api/v3/"
+	}
+
+	c2.UploadURL, err = url.Parse(uploadURL)
+	if err != nil {
+		return nil, err
+	}
+
+	if !strings.HasSuffix(c2.UploadURL.Path, "/") {
+		c2.UploadURL.Path += "/"
+	}
+	if !strings.HasSuffix(c2.UploadURL.Path, "/api/uploads/") &&
+		!strings.HasPrefix(c2.UploadURL.Host, "api.") &&
+		!strings.Contains(c2.UploadURL.Host, ".api.") {
+		c2.UploadURL.Path += "api/uploads/"
 	}
-	baseURL, _ := url.Parse(defaultBaseURL)
-	uploadURL, _ := url.Parse(uploadBaseURL)
+	return c2, nil
+}
 
-	c := &Client{client: httpClient, BaseURL: baseURL, UserAgent: defaultUserAgent, UploadURL: uploadURL}
+// initialize sets default values and initializes services.
+func (c *Client) initialize() {
+	if c.client == nil {
+		c.client = &http.Client{}
+	}
+	if c.BaseURL == nil {
+		c.BaseURL, _ = url.Parse(defaultBaseURL)
+	}
+	if c.UploadURL == nil {
+		c.UploadURL, _ = url.Parse(uploadBaseURL)
+	}
+	if c.UserAgent == "" {
+		c.UserAgent = defaultUserAgent
+	}
 	c.common.client = c
 	c.Actions = (*ActionsService)(&c.common)
 	c.Activity = (*ActivityService)(&c.common)
@@ -328,6 +402,7 @@ func NewClient(httpClient *http.Client) *Client {
 	c.CodeScanning = (*CodeScanningService)(&c.common)
 	c.Codespaces = (*CodespacesService)(&c.common)
 	c.Dependabot = (*DependabotService)(&c.common)
+	c.DependencyGraph = (*DependencyGraphService)(&c.common)
 	c.Enterprise = (*EnterpriseService)(&c.common)
 	c.Gists = (*GistsService)(&c.common)
 	c.Git = (*GitService)(&c.common)
@@ -346,9 +421,30 @@ func NewClient(httpClient *http.Client) *Client {
 	c.SCIM = (*SCIMService)(&c.common)
 	c.Search = (*SearchService)(&c.common)
 	c.SecretScanning = (*SecretScanningService)(&c.common)
+	c.SecurityAdvisories = (*SecurityAdvisoriesService)(&c.common)
 	c.Teams = (*TeamsService)(&c.common)
 	c.Users = (*UsersService)(&c.common)
-	return c
+}
+
+// copy returns a copy of the current client. It must be initialized before use.
+func (c *Client) copy() *Client {
+	c.clientMu.Lock()
+	// can't use *c here because that would copy mutexes by value.
+	clone := Client{
+		client:                  c.client,
+		UserAgent:               c.UserAgent,
+		BaseURL:                 c.BaseURL,
+		UploadURL:               c.UploadURL,
+		secondaryRateLimitReset: c.secondaryRateLimitReset,
+	}
+	c.clientMu.Unlock()
+	if clone.client == nil {
+		clone.client = &http.Client{}
+	}
+	c.rateMu.Lock()
+	copy(clone.rateLimits[:], c.rateLimits[:])
+	c.rateMu.Unlock()
+	return &clone
 }
 
 // NewClientWithEnvProxy enhances NewClient with the HttpProxy env.
@@ -357,56 +453,18 @@ func NewClientWithEnvProxy() *Client {
 }
 
 // NewTokenClient returns a new GitHub API client authenticated with the provided token.
-func NewTokenClient(ctx context.Context, token string) *Client {
-	return NewClient(oauth2.NewClient(ctx, oauth2.StaticTokenSource(&oauth2.Token{AccessToken: token})))
+// Deprecated: Use NewClient(nil).WithAuthToken(token) instead.
+func NewTokenClient(_ context.Context, token string) *Client {
+	// This always returns a nil error.
+	return NewClient(nil).WithAuthToken(token)
 }
 
 // NewEnterpriseClient returns a new GitHub API client with provided
 // base URL and upload URL (often is your GitHub Enterprise hostname).
-// If the base URL does not have the suffix "/api/v3/", it will be added automatically.
-// If the upload URL does not have the suffix "/api/uploads", it will be added automatically.
-// If a nil httpClient is provided, a new http.Client will be used.
 //
-// Note that NewEnterpriseClient is a convenience helper only;
-// its behavior is equivalent to using NewClient, followed by setting
-// the BaseURL and UploadURL fields.
-//
-// Another important thing is that by default, the GitHub Enterprise URL format
-// should be http(s)://[hostname]/api/v3/ or you will always receive the 406 status code.
-// The upload URL format should be http(s)://[hostname]/api/uploads/.
+// Deprecated: Use NewClient(httpClient).WithOptions(WithEnterpriseURLs(baseURL, uploadURL)) instead.
 func NewEnterpriseClient(baseURL, uploadURL string, httpClient *http.Client) (*Client, error) {
-	baseEndpoint, err := url.Parse(baseURL)
-	if err != nil {
-		return nil, err
-	}
-
-	if !strings.HasSuffix(baseEndpoint.Path, "/") {
-		baseEndpoint.Path += "/"
-	}
-	if !strings.HasSuffix(baseEndpoint.Path, "/api/v3/") &&
-		!strings.HasPrefix(baseEndpoint.Host, "api.") &&
-		!strings.Contains(baseEndpoint.Host, ".api.") {
-		baseEndpoint.Path += "api/v3/"
-	}
-
-	uploadEndpoint, err := url.Parse(uploadURL)
-	if err != nil {
-		return nil, err
-	}
-
-	if !strings.HasSuffix(uploadEndpoint.Path, "/") {
-		uploadEndpoint.Path += "/"
-	}
-	if !strings.HasSuffix(uploadEndpoint.Path, "/api/uploads/") &&
-		!strings.HasPrefix(uploadEndpoint.Host, "api.") &&
-		!strings.Contains(uploadEndpoint.Host, ".api.") {
-		uploadEndpoint.Path += "api/uploads/"
-	}
-
-	c := NewClient(httpClient)
-	c.BaseURL = baseEndpoint
-	c.UploadURL = uploadEndpoint
-	return c, nil
+	return NewClient(httpClient).WithEnterpriseURLs(baseURL, uploadURL)
 }
 
 // RequestOption represents an option that can modify an http.Request.
@@ -1052,7 +1110,7 @@ func (ae *AcceptedError) Is(target error) bool {
 	if !ok {
 		return false
 	}
-	return bytes.Compare(ae.Raw, v.Raw) == 0
+	return bytes.Equal(ae.Raw, v.Raw)
 }
 
 // AbuseRateLimitError occurs when GitHub returns 403 Forbidden response with the
@@ -1538,3 +1596,10 @@ func Int64(v int64) *int64 { return &v }
 // String is a helper routine that allocates a new string value
 // to store v and returns a pointer to it.
 func String(v string) *string { return &v }
+
+// roundTripperFunc creates a RoundTripper (transport)
+type roundTripperFunc func(*http.Request) (*http.Response, error)
+
+func (fn roundTripperFunc) RoundTrip(r *http.Request) (*http.Response, error) {
+	return fn(r)
+}
diff --git a/vendor/github.com/google/go-github/v53/github/gitignore.go b/vendor/github.com/google/go-github/v55/github/gitignore.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/gitignore.go
rename to vendor/github.com/google/go-github/v55/github/gitignore.go
diff --git a/vendor/github.com/google/go-github/v53/github/interactions.go b/vendor/github.com/google/go-github/v55/github/interactions.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/interactions.go
rename to vendor/github.com/google/go-github/v55/github/interactions.go
diff --git a/vendor/github.com/google/go-github/v53/github/interactions_orgs.go b/vendor/github.com/google/go-github/v55/github/interactions_orgs.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/interactions_orgs.go
rename to vendor/github.com/google/go-github/v55/github/interactions_orgs.go
diff --git a/vendor/github.com/google/go-github/v53/github/interactions_repos.go b/vendor/github.com/google/go-github/v55/github/interactions_repos.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/interactions_repos.go
rename to vendor/github.com/google/go-github/v55/github/interactions_repos.go
diff --git a/vendor/github.com/google/go-github/v53/github/issue_import.go b/vendor/github.com/google/go-github/v55/github/issue_import.go
similarity index 97%
rename from vendor/github.com/google/go-github/v53/github/issue_import.go
rename to vendor/github.com/google/go-github/v55/github/issue_import.go
index 4bc8d5f1d2..04899772bd 100644
--- a/vendor/github.com/google/go-github/v53/github/issue_import.go
+++ b/vendor/github.com/google/go-github/v55/github/issue_import.go
@@ -86,14 +86,11 @@ func (s *IssueImportService) Create(ctx context.Context, owner, repo string, iss
 	if err != nil {
 		aerr, ok := err.(*AcceptedError)
 		if ok {
-			decErr := json.Unmarshal(aerr.Raw, i)
-			if decErr != nil {
-				err = decErr
+			if err := json.Unmarshal(aerr.Raw, i); err != nil {
+				return i, resp, err
 			}
-
-			return i, resp, nil
+			return i, resp, err
 		}
-
 		return nil, resp, err
 	}
 
diff --git a/vendor/github.com/google/go-github/v53/github/issues.go b/vendor/github.com/google/go-github/v55/github/issues.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/issues.go
rename to vendor/github.com/google/go-github/v55/github/issues.go
diff --git a/vendor/github.com/google/go-github/v53/github/issues_assignees.go b/vendor/github.com/google/go-github/v55/github/issues_assignees.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/issues_assignees.go
rename to vendor/github.com/google/go-github/v55/github/issues_assignees.go
diff --git a/vendor/github.com/google/go-github/v53/github/issues_comments.go b/vendor/github.com/google/go-github/v55/github/issues_comments.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/issues_comments.go
rename to vendor/github.com/google/go-github/v55/github/issues_comments.go
diff --git a/vendor/github.com/google/go-github/v53/github/issues_events.go b/vendor/github.com/google/go-github/v55/github/issues_events.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/issues_events.go
rename to vendor/github.com/google/go-github/v55/github/issues_events.go
diff --git a/vendor/github.com/google/go-github/v53/github/issues_labels.go b/vendor/github.com/google/go-github/v55/github/issues_labels.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/issues_labels.go
rename to vendor/github.com/google/go-github/v55/github/issues_labels.go
diff --git a/vendor/github.com/google/go-github/v53/github/issues_milestones.go b/vendor/github.com/google/go-github/v55/github/issues_milestones.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/issues_milestones.go
rename to vendor/github.com/google/go-github/v55/github/issues_milestones.go
diff --git a/vendor/github.com/google/go-github/v53/github/issues_timeline.go b/vendor/github.com/google/go-github/v55/github/issues_timeline.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/issues_timeline.go
rename to vendor/github.com/google/go-github/v55/github/issues_timeline.go
diff --git a/vendor/github.com/google/go-github/v53/github/licenses.go b/vendor/github.com/google/go-github/v55/github/licenses.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/licenses.go
rename to vendor/github.com/google/go-github/v55/github/licenses.go
diff --git a/vendor/github.com/google/go-github/v53/github/messages.go b/vendor/github.com/google/go-github/v55/github/messages.go
similarity index 61%
rename from vendor/github.com/google/go-github/v53/github/messages.go
rename to vendor/github.com/google/go-github/v55/github/messages.go
index bb5ae3f389..c16b601528 100644
--- a/vendor/github.com/google/go-github/v53/github/messages.go
+++ b/vendor/github.com/google/go-github/v55/github/messages.go
@@ -22,6 +22,8 @@ import (
 	"mime"
 	"net/http"
 	"net/url"
+	"reflect"
+	"sort"
 	"strings"
 )
 
@@ -43,69 +45,87 @@ const (
 
 var (
 	// eventTypeMapping maps webhooks types to their corresponding go-github struct types.
-	eventTypeMapping = map[string]string{
-		"branch_protection_rule":         "BranchProtectionRuleEvent",
-		"check_run":                      "CheckRunEvent",
-		"check_suite":                    "CheckSuiteEvent",
-		"code_scanning_alert":            "CodeScanningAlertEvent",
-		"commit_comment":                 "CommitCommentEvent",
-		"content_reference":              "ContentReferenceEvent",
-		"create":                         "CreateEvent",
-		"delete":                         "DeleteEvent",
-		"deploy_key":                     "DeployKeyEvent",
-		"deployment":                     "DeploymentEvent",
-		"deployment_status":              "DeploymentStatusEvent",
-		"deployment_protection_rule":     "DeploymentProtectionRuleEvent",
-		"discussion":                     "DiscussionEvent",
-		"discussion_comment":             "DiscussionCommentEvent",
-		"fork":                           "ForkEvent",
-		"github_app_authorization":       "GitHubAppAuthorizationEvent",
-		"gollum":                         "GollumEvent",
-		"installation":                   "InstallationEvent",
-		"installation_repositories":      "InstallationRepositoriesEvent",
-		"issue_comment":                  "IssueCommentEvent",
-		"issues":                         "IssuesEvent",
-		"label":                          "LabelEvent",
-		"marketplace_purchase":           "MarketplacePurchaseEvent",
-		"member":                         "MemberEvent",
-		"membership":                     "MembershipEvent",
-		"merge_group":                    "MergeGroupEvent",
-		"meta":                           "MetaEvent",
-		"milestone":                      "MilestoneEvent",
-		"organization":                   "OrganizationEvent",
-		"org_block":                      "OrgBlockEvent",
-		"package":                        "PackageEvent",
-		"page_build":                     "PageBuildEvent",
-		"ping":                           "PingEvent",
-		"project":                        "ProjectEvent",
-		"project_card":                   "ProjectCardEvent",
-		"project_column":                 "ProjectColumnEvent",
-		"public":                         "PublicEvent",
-		"pull_request":                   "PullRequestEvent",
-		"pull_request_review":            "PullRequestReviewEvent",
-		"pull_request_review_comment":    "PullRequestReviewCommentEvent",
-		"pull_request_review_thread":     "PullRequestReviewThreadEvent",
-		"pull_request_target":            "PullRequestTargetEvent",
-		"push":                           "PushEvent",
-		"repository":                     "RepositoryEvent",
-		"repository_dispatch":            "RepositoryDispatchEvent",
-		"repository_import":              "RepositoryImportEvent",
-		"repository_vulnerability_alert": "RepositoryVulnerabilityAlertEvent",
-		"release":                        "ReleaseEvent",
-		"secret_scanning_alert":          "SecretScanningAlertEvent",
-		"security_advisory":              "SecurityAdvisoryEvent",
-		"star":                           "StarEvent",
-		"status":                         "StatusEvent",
-		"team":                           "TeamEvent",
-		"team_add":                       "TeamAddEvent",
-		"user":                           "UserEvent",
-		"watch":                          "WatchEvent",
-		"workflow_dispatch":              "WorkflowDispatchEvent",
-		"workflow_job":                   "WorkflowJobEvent",
-		"workflow_run":                   "WorkflowRunEvent",
+	eventTypeMapping = map[string]interface{}{
+		"branch_protection_rule":         &BranchProtectionRuleEvent{},
+		"check_run":                      &CheckRunEvent{},
+		"check_suite":                    &CheckSuiteEvent{},
+		"code_scanning_alert":            &CodeScanningAlertEvent{},
+		"commit_comment":                 &CommitCommentEvent{},
+		"content_reference":              &ContentReferenceEvent{},
+		"create":                         &CreateEvent{},
+		"delete":                         &DeleteEvent{},
+		"dependabot_alert":               &DependabotAlertEvent{},
+		"deploy_key":                     &DeployKeyEvent{},
+		"deployment":                     &DeploymentEvent{},
+		"deployment_status":              &DeploymentStatusEvent{},
+		"deployment_protection_rule":     &DeploymentProtectionRuleEvent{},
+		"discussion":                     &DiscussionEvent{},
+		"discussion_comment":             &DiscussionCommentEvent{},
+		"fork":                           &ForkEvent{},
+		"github_app_authorization":       &GitHubAppAuthorizationEvent{},
+		"gollum":                         &GollumEvent{},
+		"installation":                   &InstallationEvent{},
+		"installation_repositories":      &InstallationRepositoriesEvent{},
+		"installation_target":            &InstallationTargetEvent{},
+		"issue_comment":                  &IssueCommentEvent{},
+		"issues":                         &IssuesEvent{},
+		"label":                          &LabelEvent{},
+		"marketplace_purchase":           &MarketplacePurchaseEvent{},
+		"member":                         &MemberEvent{},
+		"membership":                     &MembershipEvent{},
+		"merge_group":                    &MergeGroupEvent{},
+		"meta":                           &MetaEvent{},
+		"milestone":                      &MilestoneEvent{},
+		"organization":                   &OrganizationEvent{},
+		"org_block":                      &OrgBlockEvent{},
+		"package":                        &PackageEvent{},
+		"page_build":                     &PageBuildEvent{},
+		"personal_access_token_request":  &PersonalAccessTokenRequestEvent{},
+		"ping":                           &PingEvent{},
+		"project":                        &ProjectEvent{},
+		"project_card":                   &ProjectCardEvent{},
+		"project_column":                 &ProjectColumnEvent{},
+		"projects_v2":                    &ProjectV2Event{},
+		"projects_v2_item":               &ProjectV2ItemEvent{},
+		"public":                         &PublicEvent{},
+		"pull_request":                   &PullRequestEvent{},
+		"pull_request_review":            &PullRequestReviewEvent{},
+		"pull_request_review_comment":    &PullRequestReviewCommentEvent{},
+		"pull_request_review_thread":     &PullRequestReviewThreadEvent{},
+		"pull_request_target":            &PullRequestTargetEvent{},
+		"push":                           &PushEvent{},
+		"repository":                     &RepositoryEvent{},
+		"repository_dispatch":            &RepositoryDispatchEvent{},
+		"repository_import":              &RepositoryImportEvent{},
+		"repository_vulnerability_alert": &RepositoryVulnerabilityAlertEvent{},
+		"release":                        &ReleaseEvent{},
+		"secret_scanning_alert":          &SecretScanningAlertEvent{},
+		"security_advisory":              &SecurityAdvisoryEvent{},
+		"security_and_analysis":          &SecurityAndAnalysisEvent{},
+		"star":                           &StarEvent{},
+		"status":                         &StatusEvent{},
+		"team":                           &TeamEvent{},
+		"team_add":                       &TeamAddEvent{},
+		"user":                           &UserEvent{},
+		"watch":                          &WatchEvent{},
+		"workflow_dispatch":              &WorkflowDispatchEvent{},
+		"workflow_job":                   &WorkflowJobEvent{},
+		"workflow_run":                   &WorkflowRunEvent{},
 	}
+	// forward mapping of event types to the string names of the structs
+	messageToTypeName = make(map[string]string, len(eventTypeMapping))
+	// Inverse map of the above
+	typeToMessageMapping = make(map[string]string, len(eventTypeMapping))
 )
 
+func init() {
+	for k, v := range eventTypeMapping {
+		typename := reflect.TypeOf(v).Elem().Name()
+		messageToTypeName[k] = typename
+		typeToMessageMapping[typename] = k
+	}
+}
+
 // genMAC generates the HMAC signature for a message provided the secret key
 // and hashFunc.
 func genMAC(message, key []byte, hashFunc func() hash.Hash) []byte {
@@ -294,7 +314,7 @@ func DeliveryID(r *http.Request) string {
 //	  }
 //	}
 func ParseWebHook(messageType string, payload []byte) (interface{}, error) {
-	eventType, ok := eventTypeMapping[messageType]
+	eventType, ok := messageToTypeName[messageType]
 	if !ok {
 		return nil, fmt.Errorf("unknown X-Github-Event in message: %v", messageType)
 	}
@@ -305,3 +325,28 @@ func ParseWebHook(messageType string, payload []byte) (interface{}, error) {
 	}
 	return event.ParsePayload()
 }
+
+// WebhookTypes returns a sorted list of all the known GitHub event type strings
+// supported by go-github.
+func MessageTypes() []string {
+	types := make([]string, 0, len(eventTypeMapping))
+	for t := range eventTypeMapping {
+		types = append(types, t)
+	}
+	sort.Strings(types)
+	return types
+}
+
+// EventForType returns an empty struct matching the specified GitHub event type.
+// If messageType does not match any known event types, it returns nil.
+func EventForType(messageType string) interface{} {
+	prototype := eventTypeMapping[messageType]
+	if prototype == nil {
+		return nil
+	}
+	// return a _copy_ of the pointed-to-object.  Unfortunately, for this we
+	// need to use reflection.  If we store the actual objects in the map,
+	// we still need to use reflection to convert from `any` to the actual
+	// type, so this was deemed the lesser of two evils. (#2865)
+	return reflect.New(reflect.TypeOf(prototype).Elem()).Interface()
+}
diff --git a/vendor/github.com/google/go-github/v53/github/migrations.go b/vendor/github.com/google/go-github/v55/github/migrations.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/migrations.go
rename to vendor/github.com/google/go-github/v55/github/migrations.go
diff --git a/vendor/github.com/google/go-github/v53/github/migrations_source_import.go b/vendor/github.com/google/go-github/v55/github/migrations_source_import.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/migrations_source_import.go
rename to vendor/github.com/google/go-github/v55/github/migrations_source_import.go
diff --git a/vendor/github.com/google/go-github/v53/github/migrations_user.go b/vendor/github.com/google/go-github/v55/github/migrations_user.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/migrations_user.go
rename to vendor/github.com/google/go-github/v55/github/migrations_user.go
diff --git a/vendor/github.com/google/go-github/v53/github/misc.go b/vendor/github.com/google/go-github/v55/github/misc.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/misc.go
rename to vendor/github.com/google/go-github/v55/github/misc.go
diff --git a/vendor/github.com/google/go-github/v53/github/orgs.go b/vendor/github.com/google/go-github/v55/github/orgs.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/orgs.go
rename to vendor/github.com/google/go-github/v55/github/orgs.go
diff --git a/vendor/github.com/google/go-github/v53/github/orgs_actions_allowed.go b/vendor/github.com/google/go-github/v55/github/orgs_actions_allowed.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/orgs_actions_allowed.go
rename to vendor/github.com/google/go-github/v55/github/orgs_actions_allowed.go
diff --git a/vendor/github.com/google/go-github/v53/github/orgs_actions_permissions.go b/vendor/github.com/google/go-github/v55/github/orgs_actions_permissions.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/orgs_actions_permissions.go
rename to vendor/github.com/google/go-github/v55/github/orgs_actions_permissions.go
diff --git a/vendor/github.com/google/go-github/v53/github/orgs_audit_log.go b/vendor/github.com/google/go-github/v55/github/orgs_audit_log.go
similarity index 96%
rename from vendor/github.com/google/go-github/v53/github/orgs_audit_log.go
rename to vendor/github.com/google/go-github/v55/github/orgs_audit_log.go
index e2e4692e57..4c34445fa1 100644
--- a/vendor/github.com/google/go-github/v53/github/orgs_audit_log.go
+++ b/vendor/github.com/google/go-github/v55/github/orgs_audit_log.go
@@ -121,6 +121,14 @@ type AuditEntry struct {
 	Visibility             *string                 `json:"visibility,omitempty"` // The repository visibility, for example `public` or `private`.
 	WorkflowID             *int64                  `json:"workflow_id,omitempty"`
 	WorkflowRunID          *int64                  `json:"workflow_run_id,omitempty"`
+
+	Data *AuditEntryData `json:"data,omitempty"`
+}
+
+// AuditEntryData represents additional information stuffed into a `data` field.
+type AuditEntryData struct {
+	OldName  *string `json:"old_name,omitempty"`  // The previous name of the repository, for a name change
+	OldLogin *string `json:"old_login,omitempty"` // The previous name of the organization, for a name change
 }
 
 // GetAuditLog gets the audit-log entries for an organization.
diff --git a/vendor/github.com/google/go-github/v55/github/orgs_credential_authorizations.go b/vendor/github.com/google/go-github/v55/github/orgs_credential_authorizations.go
new file mode 100644
index 0000000000..6d56fe8f79
--- /dev/null
+++ b/vendor/github.com/google/go-github/v55/github/orgs_credential_authorizations.go
@@ -0,0 +1,95 @@
+// Copyright 2023 The go-github AUTHORS. All rights reserved.
+//
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package github
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+)
+
+// CredentialAuthorization represents a credential authorized through SAML SSO.
+type CredentialAuthorization struct {
+	// User login that owns the underlying credential.
+	Login *string `json:"login,omitempty"`
+
+	// Unique identifier for the credential.
+	CredentialID *int64 `json:"credential_id,omitempty"`
+
+	// Human-readable description of the credential type.
+	CredentialType *string `json:"credential_type,omitempty"`
+
+	// Last eight characters of the credential.
+	// Only included in responses with credential_type of personal access token.
+	TokenLastEight *string `json:"token_last_eight,omitempty"`
+
+	// Date when the credential was authorized for use.
+	CredentialAuthorizedAt *Timestamp `json:"credential_authorized_at,omitempty"`
+
+	// Date when the credential was last accessed.
+	// May be null if it was never accessed.
+	CredentialAccessedAt *Timestamp `json:"credential_accessed_at,omitempty"`
+
+	// List of oauth scopes the token has been granted.
+	Scopes []string `json:"scopes,omitempty"`
+
+	// Unique string to distinguish the credential.
+	// Only included in responses with credential_type of SSH Key.
+	Fingerprint *string `json:"fingerprint,omitempty"`
+
+	AuthorizedCredentialID *int64 `json:"authorized_credential_id,omitempty"`
+
+	// The title given to the ssh key.
+	// This will only be present when the credential is an ssh key.
+	AuthorizedCredentialTitle *string `json:"authorized_credential_title,omitempty"`
+
+	// The note given to the token.
+	// This will only be present when the credential is a token.
+	AuthorizedCredentialNote *string `json:"authorized_credential_note,omitempty"`
+
+	// The expiry for the token.
+	// This will only be present when the credential is a token.
+	AuthorizedCredentialExpiresAt *Timestamp `json:"authorized_credential_expires_at,omitempty"`
+}
+
+// ListCredentialAuthorizations lists credentials authorized through SAML SSO
+// for a given organization. Only available with GitHub Enterprise Cloud.
+//
+// GitHub API docs: https://docs.github.com/en/enterprise-cloud@latest/rest/orgs/orgs?apiVersion=2022-11-28#list-saml-sso-authorizations-for-an-organization
+func (s *OrganizationsService) ListCredentialAuthorizations(ctx context.Context, org string, opts *ListOptions) ([]*CredentialAuthorization, *Response, error) {
+	u := fmt.Sprintf("orgs/%v/credential-authorizations", org)
+	u, err := addOptions(u, opts)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	req, err := s.client.NewRequest(http.MethodGet, u, nil)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var creds []*CredentialAuthorization
+	resp, err := s.client.Do(ctx, req, &creds)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return creds, resp, nil
+}
+
+// RemoveCredentialAuthorization revokes the SAML SSO authorization for a given
+// credential within an organization. Only available with GitHub Enterprise Cloud.
+//
+// GitHub API docs: https://docs.github.com/en/enterprise-cloud@latest/rest/orgs/orgs?apiVersion=2022-11-28#remove-a-saml-sso-authorization-for-an-organization
+func (s *OrganizationsService) RemoveCredentialAuthorization(ctx context.Context, org string, credentialID int64) (*Response, error) {
+	u := fmt.Sprintf("orgs/%v/credential-authorizations/%v", org, credentialID)
+	req, err := s.client.NewRequest(http.MethodDelete, u, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	return s.client.Do(ctx, req, nil)
+}
diff --git a/vendor/github.com/google/go-github/v53/github/orgs_custom_roles.go b/vendor/github.com/google/go-github/v55/github/orgs_custom_roles.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/orgs_custom_roles.go
rename to vendor/github.com/google/go-github/v55/github/orgs_custom_roles.go
diff --git a/vendor/github.com/google/go-github/v53/github/orgs_hooks.go b/vendor/github.com/google/go-github/v55/github/orgs_hooks.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/orgs_hooks.go
rename to vendor/github.com/google/go-github/v55/github/orgs_hooks.go
diff --git a/vendor/github.com/google/go-github/v55/github/orgs_hooks_configuration.go b/vendor/github.com/google/go-github/v55/github/orgs_hooks_configuration.go
new file mode 100644
index 0000000000..953a2329c3
--- /dev/null
+++ b/vendor/github.com/google/go-github/v55/github/orgs_hooks_configuration.go
@@ -0,0 +1,49 @@
+// Copyright 2023 The go-github AUTHORS. All rights reserved.
+//
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package github
+
+import (
+	"context"
+	"fmt"
+)
+
+// GetHookConfiguration returns the configuration for the specified organization webhook.
+//
+// GitHub API docs: https://docs.github.com/en/rest/orgs/webhooks?apiVersion=2022-11-28#get-a-webhook-configuration-for-an-organization
+func (s *OrganizationsService) GetHookConfiguration(ctx context.Context, org string, id int64) (*HookConfig, *Response, error) {
+	u := fmt.Sprintf("orgs/%v/hooks/%v/config", org, id)
+	req, err := s.client.NewRequest("GET", u, nil)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	config := new(HookConfig)
+	resp, err := s.client.Do(ctx, req, config)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return config, resp, nil
+}
+
+// EditHookConfiguration updates the configuration for the specified organization webhook.
+//
+// GitHub API docs: https://docs.github.com/en/rest/orgs/webhooks?apiVersion=2022-11-28#update-a-webhook-configuration-for-an-organization
+func (s *OrganizationsService) EditHookConfiguration(ctx context.Context, org string, id int64, config *HookConfig) (*HookConfig, *Response, error) {
+	u := fmt.Sprintf("orgs/%v/hooks/%v/config", org, id)
+	req, err := s.client.NewRequest("PATCH", u, config)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	c := new(HookConfig)
+	resp, err := s.client.Do(ctx, req, c)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return c, resp, nil
+}
diff --git a/vendor/github.com/google/go-github/v53/github/orgs_hooks_deliveries.go b/vendor/github.com/google/go-github/v55/github/orgs_hooks_deliveries.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/orgs_hooks_deliveries.go
rename to vendor/github.com/google/go-github/v55/github/orgs_hooks_deliveries.go
diff --git a/vendor/github.com/google/go-github/v53/github/orgs_members.go b/vendor/github.com/google/go-github/v55/github/orgs_members.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/orgs_members.go
rename to vendor/github.com/google/go-github/v55/github/orgs_members.go
diff --git a/vendor/github.com/google/go-github/v53/github/orgs_outside_collaborators.go b/vendor/github.com/google/go-github/v55/github/orgs_outside_collaborators.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/orgs_outside_collaborators.go
rename to vendor/github.com/google/go-github/v55/github/orgs_outside_collaborators.go
diff --git a/vendor/github.com/google/go-github/v53/github/orgs_packages.go b/vendor/github.com/google/go-github/v55/github/orgs_packages.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/orgs_packages.go
rename to vendor/github.com/google/go-github/v55/github/orgs_packages.go
diff --git a/vendor/github.com/google/go-github/v55/github/orgs_personal_access_tokens.go b/vendor/github.com/google/go-github/v55/github/orgs_personal_access_tokens.go
new file mode 100644
index 0000000000..c30ff2843e
--- /dev/null
+++ b/vendor/github.com/google/go-github/v55/github/orgs_personal_access_tokens.go
@@ -0,0 +1,34 @@
+// Copyright 2023 The go-github AUTHORS. All rights reserved.
+//
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package github
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+)
+
+// ReviewPersonalAccessTokenRequestOptions specifies the parameters to the ReviewPersonalAccessTokenRequest method.
+type ReviewPersonalAccessTokenRequestOptions struct {
+	Action string  `json:"action"`
+	Reason *string `json:"reason,omitempty"`
+}
+
+// ReviewPersonalAccessTokenRequest approves or denies a pending request to access organization resources via a fine-grained personal access token.
+// Only GitHub Apps can call this API, using the `organization_personal_access_token_requests: write` permission.
+// `action` can be one of `approve` or `deny`.
+//
+// GitHub API docs: https://docs.github.com/en/rest/orgs/personal-access-tokens?apiVersion=2022-11-28#review-a-request-to-access-organization-resources-with-a-fine-grained-personal-access-token
+func (s *OrganizationsService) ReviewPersonalAccessTokenRequest(ctx context.Context, org string, requestID int64, opts ReviewPersonalAccessTokenRequestOptions) (*Response, error) {
+	u := fmt.Sprintf("orgs/%v/personal-access-token-requests/%v", org, requestID)
+
+	req, err := s.client.NewRequest(http.MethodPost, u, &opts)
+	if err != nil {
+		return nil, err
+	}
+
+	return s.client.Do(ctx, req, nil)
+}
diff --git a/vendor/github.com/google/go-github/v53/github/orgs_projects.go b/vendor/github.com/google/go-github/v55/github/orgs_projects.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/orgs_projects.go
rename to vendor/github.com/google/go-github/v55/github/orgs_projects.go
diff --git a/vendor/github.com/google/go-github/v53/github/orgs_rules.go b/vendor/github.com/google/go-github/v55/github/orgs_rules.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/orgs_rules.go
rename to vendor/github.com/google/go-github/v55/github/orgs_rules.go
diff --git a/vendor/github.com/google/go-github/v53/github/orgs_security_managers.go b/vendor/github.com/google/go-github/v55/github/orgs_security_managers.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/orgs_security_managers.go
rename to vendor/github.com/google/go-github/v55/github/orgs_security_managers.go
diff --git a/vendor/github.com/google/go-github/v53/github/orgs_users_blocking.go b/vendor/github.com/google/go-github/v55/github/orgs_users_blocking.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/orgs_users_blocking.go
rename to vendor/github.com/google/go-github/v55/github/orgs_users_blocking.go
diff --git a/vendor/github.com/google/go-github/v53/github/packages.go b/vendor/github.com/google/go-github/v55/github/packages.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/packages.go
rename to vendor/github.com/google/go-github/v55/github/packages.go
diff --git a/vendor/github.com/google/go-github/v53/github/projects.go b/vendor/github.com/google/go-github/v55/github/projects.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/projects.go
rename to vendor/github.com/google/go-github/v55/github/projects.go
diff --git a/vendor/github.com/google/go-github/v53/github/pulls.go b/vendor/github.com/google/go-github/v55/github/pulls.go
similarity index 99%
rename from vendor/github.com/google/go-github/v53/github/pulls.go
rename to vendor/github.com/google/go-github/v55/github/pulls.go
index 6e49eba2f9..29549e24b8 100644
--- a/vendor/github.com/google/go-github/v53/github/pulls.go
+++ b/vendor/github.com/google/go-github/v55/github/pulls.go
@@ -170,7 +170,7 @@ func (s *PullRequestsService) List(ctx context.Context, owner string, repo strin
 // By default, the PullRequestListOptions State filters for "open".
 //
 // GitHub API docs: https://docs.github.com/en/rest/commits/commits#list-pull-requests-associated-with-a-commit
-func (s *PullRequestsService) ListPullRequestsWithCommit(ctx context.Context, owner, repo, sha string, opts *PullRequestListOptions) ([]*PullRequest, *Response, error) {
+func (s *PullRequestsService) ListPullRequestsWithCommit(ctx context.Context, owner, repo, sha string, opts *ListOptions) ([]*PullRequest, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/commits/%v/pulls", owner, repo, sha)
 	u, err := addOptions(u, opts)
 	if err != nil {
@@ -244,6 +244,7 @@ func (s *PullRequestsService) GetRaw(ctx context.Context, owner string, repo str
 type NewPullRequest struct {
 	Title               *string `json:"title,omitempty"`
 	Head                *string `json:"head,omitempty"`
+	HeadRepo            *string `json:"head_repo,omitempty"`
 	Base                *string `json:"base,omitempty"`
 	Body                *string `json:"body,omitempty"`
 	Issue               *int    `json:"issue,omitempty"`
diff --git a/vendor/github.com/google/go-github/v53/github/pulls_comments.go b/vendor/github.com/google/go-github/v55/github/pulls_comments.go
similarity index 97%
rename from vendor/github.com/google/go-github/v53/github/pulls_comments.go
rename to vendor/github.com/google/go-github/v55/github/pulls_comments.go
index 1f6b726d85..ea1cf45d1e 100644
--- a/vendor/github.com/google/go-github/v53/github/pulls_comments.go
+++ b/vendor/github.com/google/go-github/v55/github/pulls_comments.go
@@ -41,6 +41,8 @@ type PullRequestComment struct {
 	URL               *string `json:"url,omitempty"`
 	HTMLURL           *string `json:"html_url,omitempty"`
 	PullRequestURL    *string `json:"pull_request_url,omitempty"`
+	// Can be one of: LINE, FILE from https://docs.github.com/en/rest/pulls/comments?apiVersion=2022-11-28#create-a-review-comment-for-a-pull-request
+	SubjectType *string `json:"subject_type,omitempty"`
 }
 
 func (p PullRequestComment) String() string {
diff --git a/vendor/github.com/google/go-github/v53/github/pulls_reviewers.go b/vendor/github.com/google/go-github/v55/github/pulls_reviewers.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/pulls_reviewers.go
rename to vendor/github.com/google/go-github/v55/github/pulls_reviewers.go
diff --git a/vendor/github.com/google/go-github/v53/github/pulls_reviews.go b/vendor/github.com/google/go-github/v55/github/pulls_reviews.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/pulls_reviews.go
rename to vendor/github.com/google/go-github/v55/github/pulls_reviews.go
diff --git a/vendor/github.com/google/go-github/v53/github/pulls_threads.go b/vendor/github.com/google/go-github/v55/github/pulls_threads.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/pulls_threads.go
rename to vendor/github.com/google/go-github/v55/github/pulls_threads.go
diff --git a/vendor/github.com/google/go-github/v53/github/reactions.go b/vendor/github.com/google/go-github/v55/github/reactions.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/reactions.go
rename to vendor/github.com/google/go-github/v55/github/reactions.go
diff --git a/vendor/github.com/google/go-github/v53/github/repos.go b/vendor/github.com/google/go-github/v55/github/repos.go
similarity index 97%
rename from vendor/github.com/google/go-github/v53/github/repos.go
rename to vendor/github.com/google/go-github/v55/github/repos.go
index 5ffad6dd3c..83fc3f8e73 100644
--- a/vendor/github.com/google/go-github/v53/github/repos.go
+++ b/vendor/github.com/google/go-github/v55/github/repos.go
@@ -210,6 +210,7 @@ type SecurityAndAnalysis struct {
 	AdvancedSecurity             *AdvancedSecurity             `json:"advanced_security,omitempty"`
 	SecretScanning               *SecretScanning               `json:"secret_scanning,omitempty"`
 	SecretScanningPushProtection *SecretScanningPushProtection `json:"secret_scanning_push_protection,omitempty"`
+	DependabotSecurityUpdates    *DependabotSecurityUpdates    `json:"dependabot_security_updates,omitempty"`
 }
 
 func (s SecurityAndAnalysis) String() string {
@@ -245,6 +246,21 @@ type SecretScanningPushProtection struct {
 	Status *string `json:"status,omitempty"`
 }
 
+func (s SecretScanningPushProtection) String() string {
+	return Stringify(s)
+}
+
+// DependabotSecurityUpdates specifies the state of Dependabot security updates on a repository.
+//
+// GitHub API docs: https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates
+type DependabotSecurityUpdates struct {
+	Status *string `json:"status,omitempty"`
+}
+
+func (d DependabotSecurityUpdates) String() string {
+	return Stringify(d)
+}
+
 // List the repositories for a user. Passing the empty string will list
 // repositories for the authenticated user.
 //
@@ -687,6 +703,25 @@ func (s *RepositoriesService) DisableVulnerabilityAlerts(ctx context.Context, ow
 	return s.client.Do(ctx, req, nil)
 }
 
+// GetAutomatedSecurityFixes checks if the automated security fixes for a repository are enabled.
+//
+// GitHub API docs: https://docs.github.com/en/rest/repos/repos?apiVersion=2022-11-28#check-if-automated-security-fixes-are-enabled-for-a-repository
+func (s *RepositoriesService) GetAutomatedSecurityFixes(ctx context.Context, owner, repository string) (*AutomatedSecurityFixes, *Response, error) {
+	u := fmt.Sprintf("repos/%v/%v/automated-security-fixes", owner, repository)
+
+	req, err := s.client.NewRequest("GET", u, nil)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	p := new(AutomatedSecurityFixes)
+	resp, err := s.client.Do(ctx, req, p)
+	if err != nil {
+		return nil, resp, err
+	}
+	return p, resp, nil
+}
+
 // EnableAutomatedSecurityFixes enables the automated security fixes for a repository.
 //
 // GitHub API docs: https://docs.github.com/en/rest/repos/repos#enable-automated-security-fixes
@@ -698,9 +733,6 @@ func (s *RepositoriesService) EnableAutomatedSecurityFixes(ctx context.Context,
 		return nil, err
 	}
 
-	// TODO: remove custom Accept header when this API fully launches
-	req.Header.Set("Accept", mediaTypeRequiredAutomatedSecurityFixesPreview)
-
 	return s.client.Do(ctx, req, nil)
 }
 
@@ -715,9 +747,6 @@ func (s *RepositoriesService) DisableAutomatedSecurityFixes(ctx context.Context,
 		return nil, err
 	}
 
-	// TODO: remove custom Accept header when this API fully launches
-	req.Header.Set("Accept", mediaTypeRequiredAutomatedSecurityFixesPreview)
-
 	return s.client.Do(ctx, req, nil)
 }
 
@@ -1212,6 +1241,12 @@ type SignaturesProtectedBranch struct {
 	Enabled *bool `json:"enabled,omitempty"`
 }
 
+// AutomatedSecurityFixes represents their status.
+type AutomatedSecurityFixes struct {
+	Enabled *bool `json:"enabled"`
+	Paused  *bool `json:"paused"`
+}
+
 // ListBranches lists branches for the specified repository.
 //
 // GitHub API docs: https://docs.github.com/en/rest/branches/branches#list-branches
@@ -2034,3 +2069,43 @@ func isBranchNotProtected(err error) bool {
 	errorResponse, ok := err.(*ErrorResponse)
 	return ok && errorResponse.Message == githubBranchNotProtected
 }
+
+// EnablePrivateReporting enables private reporting of vulnerabilities for a
+// repository.
+//
+// GitHub API docs: https://docs.github.com/en/rest/repos/repos#enable-private-vulnerability-reporting-for-a-repository
+func (s *RepositoriesService) EnablePrivateReporting(ctx context.Context, owner, repo string) (*Response, error) {
+	u := fmt.Sprintf("repos/%v/%v/private-vulnerability-reporting", owner, repo)
+
+	req, err := s.client.NewRequest("PUT", u, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	resp, err := s.client.Do(ctx, req, nil)
+	if err != nil {
+		return resp, err
+	}
+
+	return resp, nil
+}
+
+// DisablePrivateReporting disables private reporting of vulnerabilities for a
+// repository.
+//
+// GitHub API docs: https://docs.github.com/en/rest/repos/repos#disable-private-vulnerability-reporting-for-a-repository
+func (s *RepositoriesService) DisablePrivateReporting(ctx context.Context, owner, repo string) (*Response, error) {
+	u := fmt.Sprintf("repos/%v/%v/private-vulnerability-reporting", owner, repo)
+
+	req, err := s.client.NewRequest("DELETE", u, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	resp, err := s.client.Do(ctx, req, nil)
+	if err != nil {
+		return resp, err
+	}
+
+	return resp, nil
+}
diff --git a/vendor/github.com/google/go-github/v53/github/repos_actions_access.go b/vendor/github.com/google/go-github/v55/github/repos_actions_access.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/repos_actions_access.go
rename to vendor/github.com/google/go-github/v55/github/repos_actions_access.go
diff --git a/vendor/github.com/google/go-github/v53/github/repos_actions_allowed.go b/vendor/github.com/google/go-github/v55/github/repos_actions_allowed.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/repos_actions_allowed.go
rename to vendor/github.com/google/go-github/v55/github/repos_actions_allowed.go
diff --git a/vendor/github.com/google/go-github/v53/github/repos_actions_permissions.go b/vendor/github.com/google/go-github/v55/github/repos_actions_permissions.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/repos_actions_permissions.go
rename to vendor/github.com/google/go-github/v55/github/repos_actions_permissions.go
diff --git a/vendor/github.com/google/go-github/v53/github/repos_autolinks.go b/vendor/github.com/google/go-github/v55/github/repos_autolinks.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/repos_autolinks.go
rename to vendor/github.com/google/go-github/v55/github/repos_autolinks.go
diff --git a/vendor/github.com/google/go-github/v53/github/repos_codeowners.go b/vendor/github.com/google/go-github/v55/github/repos_codeowners.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/repos_codeowners.go
rename to vendor/github.com/google/go-github/v55/github/repos_codeowners.go
diff --git a/vendor/github.com/google/go-github/v53/github/repos_collaborators.go b/vendor/github.com/google/go-github/v55/github/repos_collaborators.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/repos_collaborators.go
rename to vendor/github.com/google/go-github/v55/github/repos_collaborators.go
diff --git a/vendor/github.com/google/go-github/v53/github/repos_comments.go b/vendor/github.com/google/go-github/v55/github/repos_comments.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/repos_comments.go
rename to vendor/github.com/google/go-github/v55/github/repos_comments.go
diff --git a/vendor/github.com/google/go-github/v53/github/repos_commits.go b/vendor/github.com/google/go-github/v55/github/repos_commits.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/repos_commits.go
rename to vendor/github.com/google/go-github/v55/github/repos_commits.go
diff --git a/vendor/github.com/google/go-github/v53/github/repos_community_health.go b/vendor/github.com/google/go-github/v55/github/repos_community_health.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/repos_community_health.go
rename to vendor/github.com/google/go-github/v55/github/repos_community_health.go
diff --git a/vendor/github.com/google/go-github/v53/github/repos_contents.go b/vendor/github.com/google/go-github/v55/github/repos_contents.go
similarity index 95%
rename from vendor/github.com/google/go-github/v53/github/repos_contents.go
rename to vendor/github.com/google/go-github/v55/github/repos_contents.go
index 874a327728..de7a0d5b82 100644
--- a/vendor/github.com/google/go-github/v53/github/repos_contents.go
+++ b/vendor/github.com/google/go-github/v55/github/repos_contents.go
@@ -21,6 +21,8 @@ import (
 	"strings"
 )
 
+var ErrPathForbidden = errors.New("path must not contain '..' due to auth vulnerability issue")
+
 // RepositoryContent represents a file or directory in a github repository.
 type RepositoryContent struct {
 	Type *string `json:"type,omitempty"`
@@ -34,12 +36,13 @@ type RepositoryContent struct {
 	// Content contains the actual file content, which may be encoded.
 	// Callers should call GetContent which will decode the content if
 	// necessary.
-	Content     *string `json:"content,omitempty"`
-	SHA         *string `json:"sha,omitempty"`
-	URL         *string `json:"url,omitempty"`
-	GitURL      *string `json:"git_url,omitempty"`
-	HTMLURL     *string `json:"html_url,omitempty"`
-	DownloadURL *string `json:"download_url,omitempty"`
+	Content         *string `json:"content,omitempty"`
+	SHA             *string `json:"sha,omitempty"`
+	URL             *string `json:"url,omitempty"`
+	GitURL          *string `json:"git_url,omitempty"`
+	HTMLURL         *string `json:"html_url,omitempty"`
+	DownloadURL     *string `json:"download_url,omitempty"`
+	SubmoduleGitURL *string `json:"submodule_git_url,omitempty"`
 }
 
 // RepositoryContentResponse holds the parsed response from CreateFile, UpdateFile, and DeleteFile.
@@ -198,7 +201,7 @@ func (s *RepositoriesService) DownloadContentsWithMeta(ctx context.Context, owne
 // GitHub API docs: https://docs.github.com/en/rest/repos/contents#get-repository-content
 func (s *RepositoriesService) GetContents(ctx context.Context, owner, repo, path string, opts *RepositoryContentGetOptions) (fileContent *RepositoryContent, directoryContent []*RepositoryContent, resp *Response, err error) {
 	if strings.Contains(path, "..") {
-		return nil, nil, nil, errors.New("path must not contain '..' due to auth vulnerability issue")
+		return nil, nil, nil, ErrPathForbidden
 	}
 
 	escapedPath := (&url.URL{Path: strings.TrimSuffix(path, "/")}).String()
diff --git a/vendor/github.com/google/go-github/v53/github/repos_deployment_branch_policies.go b/vendor/github.com/google/go-github/v55/github/repos_deployment_branch_policies.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/repos_deployment_branch_policies.go
rename to vendor/github.com/google/go-github/v55/github/repos_deployment_branch_policies.go
diff --git a/vendor/github.com/google/go-github/v53/github/repos_deployments.go b/vendor/github.com/google/go-github/v55/github/repos_deployments.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/repos_deployments.go
rename to vendor/github.com/google/go-github/v55/github/repos_deployments.go
diff --git a/vendor/github.com/google/go-github/v53/github/repos_environments.go b/vendor/github.com/google/go-github/v55/github/repos_environments.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/repos_environments.go
rename to vendor/github.com/google/go-github/v55/github/repos_environments.go
diff --git a/vendor/github.com/google/go-github/v53/github/repos_forks.go b/vendor/github.com/google/go-github/v55/github/repos_forks.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/repos_forks.go
rename to vendor/github.com/google/go-github/v55/github/repos_forks.go
diff --git a/vendor/github.com/google/go-github/v53/github/repos_hooks.go b/vendor/github.com/google/go-github/v55/github/repos_hooks.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/repos_hooks.go
rename to vendor/github.com/google/go-github/v55/github/repos_hooks.go
diff --git a/vendor/github.com/google/go-github/v55/github/repos_hooks_configuration.go b/vendor/github.com/google/go-github/v55/github/repos_hooks_configuration.go
new file mode 100644
index 0000000000..5aadfb645e
--- /dev/null
+++ b/vendor/github.com/google/go-github/v55/github/repos_hooks_configuration.go
@@ -0,0 +1,49 @@
+// Copyright 2023 The go-github AUTHORS. All rights reserved.
+//
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package github
+
+import (
+	"context"
+	"fmt"
+)
+
+// GetHookConfiguration returns the configuration for the specified repository webhook.
+//
+// GitHub API docs: https://docs.github.com/en/rest/webhooks/repo-config?apiVersion=2022-11-28#get-a-webhook-configuration-for-a-repository
+func (s *RepositoriesService) GetHookConfiguration(ctx context.Context, owner, repo string, id int64) (*HookConfig, *Response, error) {
+	u := fmt.Sprintf("repos/%v/%v/hooks/%v/config", owner, repo, id)
+	req, err := s.client.NewRequest("GET", u, nil)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	config := new(HookConfig)
+	resp, err := s.client.Do(ctx, req, config)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return config, resp, nil
+}
+
+// EditHookConfiguration updates the configuration for the specified repository webhook.
+//
+// GitHub API docs: https://docs.github.com/en/rest/webhooks/repo-config?apiVersion=2022-11-28#update-a-webhook-configuration-for-a-repository
+func (s *RepositoriesService) EditHookConfiguration(ctx context.Context, owner, repo string, id int64, config *HookConfig) (*HookConfig, *Response, error) {
+	u := fmt.Sprintf("repos/%v/%v/hooks/%v/config", owner, repo, id)
+	req, err := s.client.NewRequest("PATCH", u, config)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	c := new(HookConfig)
+	resp, err := s.client.Do(ctx, req, c)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return c, resp, nil
+}
diff --git a/vendor/github.com/google/go-github/v53/github/repos_hooks_deliveries.go b/vendor/github.com/google/go-github/v55/github/repos_hooks_deliveries.go
similarity index 97%
rename from vendor/github.com/google/go-github/v53/github/repos_hooks_deliveries.go
rename to vendor/github.com/google/go-github/v55/github/repos_hooks_deliveries.go
index cbd2d3819a..5f2f8807e4 100644
--- a/vendor/github.com/google/go-github/v53/github/repos_hooks_deliveries.go
+++ b/vendor/github.com/google/go-github/v55/github/repos_hooks_deliveries.go
@@ -126,9 +126,9 @@ func (s *RepositoriesService) RedeliverHookDelivery(ctx context.Context, owner,
 // ParseRequestPayload parses the request payload. For recognized event types,
 // a value of the corresponding struct type will be returned.
 func (d *HookDelivery) ParseRequestPayload() (interface{}, error) {
-	eType, ok := eventTypeMapping[*d.Event]
+	eType, ok := messageToTypeName[d.GetEvent()]
 	if !ok {
-		return nil, fmt.Errorf("unsupported event type %q", *d.Event)
+		return nil, fmt.Errorf("unsupported event type %q", d.GetEvent())
 	}
 
 	e := &Event{Type: &eType, RawPayload: d.Request.RawPayload}
diff --git a/vendor/github.com/google/go-github/v53/github/repos_invitations.go b/vendor/github.com/google/go-github/v55/github/repos_invitations.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/repos_invitations.go
rename to vendor/github.com/google/go-github/v55/github/repos_invitations.go
diff --git a/vendor/github.com/google/go-github/v53/github/repos_keys.go b/vendor/github.com/google/go-github/v55/github/repos_keys.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/repos_keys.go
rename to vendor/github.com/google/go-github/v55/github/repos_keys.go
diff --git a/vendor/github.com/google/go-github/v53/github/repos_lfs.go b/vendor/github.com/google/go-github/v55/github/repos_lfs.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/repos_lfs.go
rename to vendor/github.com/google/go-github/v55/github/repos_lfs.go
diff --git a/vendor/github.com/google/go-github/v53/github/repos_merging.go b/vendor/github.com/google/go-github/v55/github/repos_merging.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/repos_merging.go
rename to vendor/github.com/google/go-github/v55/github/repos_merging.go
diff --git a/vendor/github.com/google/go-github/v53/github/repos_pages.go b/vendor/github.com/google/go-github/v55/github/repos_pages.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/repos_pages.go
rename to vendor/github.com/google/go-github/v55/github/repos_pages.go
diff --git a/vendor/github.com/google/go-github/v53/github/repos_prereceive_hooks.go b/vendor/github.com/google/go-github/v55/github/repos_prereceive_hooks.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/repos_prereceive_hooks.go
rename to vendor/github.com/google/go-github/v55/github/repos_prereceive_hooks.go
diff --git a/vendor/github.com/google/go-github/v53/github/repos_projects.go b/vendor/github.com/google/go-github/v55/github/repos_projects.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/repos_projects.go
rename to vendor/github.com/google/go-github/v55/github/repos_projects.go
diff --git a/vendor/github.com/google/go-github/v53/github/repos_releases.go b/vendor/github.com/google/go-github/v55/github/repos_releases.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/repos_releases.go
rename to vendor/github.com/google/go-github/v55/github/repos_releases.go
diff --git a/vendor/github.com/google/go-github/v53/github/repos_rules.go b/vendor/github.com/google/go-github/v55/github/repos_rules.go
similarity index 91%
rename from vendor/github.com/google/go-github/v53/github/repos_rules.go
rename to vendor/github.com/google/go-github/v55/github/repos_rules.go
index 9299d3e7f3..7f964fe665 100644
--- a/vendor/github.com/google/go-github/v53/github/repos_rules.go
+++ b/vendor/github.com/google/go-github/v55/github/repos_rules.go
@@ -14,8 +14,10 @@ import (
 // BypassActor represents the bypass actors from a ruleset.
 type BypassActor struct {
 	ActorID *int64 `json:"actor_id,omitempty"`
-	// Possible values for ActorType are: Team, Integration
+	// Possible values for ActorType are: RepositoryRole, Team, Integration, OrganizationAdmin
 	ActorType *string `json:"actor_type,omitempty"`
+	// Possible values for BypassMode are: always, pull_request
+	BypassMode *string `json:"bypass_mode,omitempty"`
 }
 
 // RulesetLink represents a single link object from GitHub ruleset request _links.
@@ -34,17 +36,24 @@ type RulesetRefConditionParameters struct {
 	Exclude []string `json:"exclude"`
 }
 
-// RulesetRepositoryConditionParameters represents the conditions object for repository_names.
-type RulesetRepositoryConditionParameters struct {
-	Include   []string `json:"include,omitempty"`
-	Exclude   []string `json:"exclude,omitempty"`
+// RulesetRepositoryNamesConditionParameters represents the conditions object for repository_names.
+type RulesetRepositoryNamesConditionParameters struct {
+	Include   []string `json:"include"`
+	Exclude   []string `json:"exclude"`
 	Protected *bool    `json:"protected,omitempty"`
 }
 
+// RulesetRepositoryIDsConditionParameters represents the conditions object for repository_ids.
+type RulesetRepositoryIDsConditionParameters struct {
+	RepositoryIDs []int64 `json:"repository_ids,omitempty"`
+}
+
 // RulesetCondition represents the conditions object in a ruleset.
+// Set either RepositoryName or RepositoryID, not both.
 type RulesetConditions struct {
-	RefName        *RulesetRefConditionParameters        `json:"ref_name,omitempty"`
-	RepositoryName *RulesetRepositoryConditionParameters `json:"repository_name,omitempty"`
+	RefName        *RulesetRefConditionParameters             `json:"ref_name,omitempty"`
+	RepositoryName *RulesetRepositoryNamesConditionParameters `json:"repository_name,omitempty"`
+	RepositoryID   *RulesetRepositoryIDsConditionParameters   `json:"repository_id,omitempty"`
 }
 
 // RulePatternParameters represents the rule pattern parameters.
@@ -109,6 +118,10 @@ func (r *RepositoryRule) UnmarshalJSON(data []byte) error {
 	case "creation", "deletion", "required_linear_history", "required_signatures", "non_fast_forward":
 		r.Parameters = nil
 	case "update":
+		if RepositoryRule.Parameters == nil {
+			r.Parameters = nil
+			return nil
+		}
 		params := UpdateAllowsFetchAndMergeRuleParameters{}
 		if err := json.Unmarshal(*RepositoryRule.Parameters, &params); err != nil {
 			return err
@@ -118,6 +131,7 @@ func (r *RepositoryRule) UnmarshalJSON(data []byte) error {
 		rawParams := json.RawMessage(bytes)
 
 		r.Parameters = &rawParams
+
 	case "required_deployments":
 		params := RequiredDeploymentEnvironmentsRuleParameters{}
 		if err := json.Unmarshal(*RepositoryRule.Parameters, &params); err != nil {
@@ -176,13 +190,18 @@ func NewCreationRule() (rule *RepositoryRule) {
 
 // NewUpdateRule creates a rule to only allow users with bypass permission to update matching refs.
 func NewUpdateRule(params *UpdateAllowsFetchAndMergeRuleParameters) (rule *RepositoryRule) {
-	bytes, _ := json.Marshal(params)
+	if params != nil {
+		bytes, _ := json.Marshal(params)
 
-	rawParams := json.RawMessage(bytes)
+		rawParams := json.RawMessage(bytes)
 
+		return &RepositoryRule{
+			Type:       "update",
+			Parameters: &rawParams,
+		}
+	}
 	return &RepositoryRule{
-		Type:       "update",
-		Parameters: &rawParams,
+		Type: "update",
 	}
 }
 
@@ -312,7 +331,7 @@ func NewTagNamePatternRule(params *RulePatternParameters) (rule *RepositoryRule)
 
 // Ruleset represents a GitHub ruleset object.
 type Ruleset struct {
-	ID   int64  `json:"id"`
+	ID   *int64 `json:"id,omitempty"`
 	Name string `json:"name"`
 	// Possible values for Target are branch, tag
 	Target *string `json:"target,omitempty"`
@@ -320,9 +339,7 @@ type Ruleset struct {
 	SourceType *string `json:"source_type,omitempty"`
 	Source     string  `json:"source"`
 	// Possible values for Enforcement are: disabled, active, evaluate
-	Enforcement string `json:"enforcement"`
-	// Possible values for BypassMode are: none, repository, organization
-	BypassMode   *string            `json:"bypass_mode,omitempty"`
+	Enforcement  string             `json:"enforcement"`
 	BypassActors []*BypassActor     `json:"bypass_actors,omitempty"`
 	NodeID       *string            `json:"node_id,omitempty"`
 	Links        *RulesetLinks      `json:"_links,omitempty"`
diff --git a/vendor/github.com/google/go-github/v53/github/repos_stats.go b/vendor/github.com/google/go-github/v55/github/repos_stats.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/repos_stats.go
rename to vendor/github.com/google/go-github/v55/github/repos_stats.go
diff --git a/vendor/github.com/google/go-github/v53/github/repos_statuses.go b/vendor/github.com/google/go-github/v55/github/repos_statuses.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/repos_statuses.go
rename to vendor/github.com/google/go-github/v55/github/repos_statuses.go
diff --git a/vendor/github.com/google/go-github/v53/github/repos_tags.go b/vendor/github.com/google/go-github/v55/github/repos_tags.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/repos_tags.go
rename to vendor/github.com/google/go-github/v55/github/repos_tags.go
diff --git a/vendor/github.com/google/go-github/v53/github/repos_traffic.go b/vendor/github.com/google/go-github/v55/github/repos_traffic.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/repos_traffic.go
rename to vendor/github.com/google/go-github/v55/github/repos_traffic.go
diff --git a/vendor/github.com/google/go-github/v53/github/scim.go b/vendor/github.com/google/go-github/v55/github/scim.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/scim.go
rename to vendor/github.com/google/go-github/v55/github/scim.go
diff --git a/vendor/github.com/google/go-github/v53/github/search.go b/vendor/github.com/google/go-github/v55/github/search.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/search.go
rename to vendor/github.com/google/go-github/v55/github/search.go
diff --git a/vendor/github.com/google/go-github/v53/github/secret_scanning.go b/vendor/github.com/google/go-github/v55/github/secret_scanning.go
similarity index 91%
rename from vendor/github.com/google/go-github/v53/github/secret_scanning.go
rename to vendor/github.com/google/go-github/v55/github/secret_scanning.go
index d512560d9f..b8295cbf79 100644
--- a/vendor/github.com/google/go-github/v53/github/secret_scanning.go
+++ b/vendor/github.com/google/go-github/v55/github/secret_scanning.go
@@ -16,17 +16,19 @@ type SecretScanningService service
 
 // SecretScanningAlert represents a GitHub secret scanning alert.
 type SecretScanningAlert struct {
-	Number       *int       `json:"number,omitempty"`
-	CreatedAt    *Timestamp `json:"created_at,omitempty"`
-	URL          *string    `json:"url,omitempty"`
-	HTMLURL      *string    `json:"html_url,omitempty"`
-	LocationsURL *string    `json:"locations_url,omitempty"`
-	State        *string    `json:"state,omitempty"`
-	Resolution   *string    `json:"resolution,omitempty"`
-	ResolvedAt   *Timestamp `json:"resolved_at,omitempty"`
-	ResolvedBy   *User      `json:"resolved_by,omitempty"`
-	SecretType   *string    `json:"secret_type,omitempty"`
-	Secret       *string    `json:"secret,omitempty"`
+	Number                *int        `json:"number,omitempty"`
+	CreatedAt             *Timestamp  `json:"created_at,omitempty"`
+	URL                   *string     `json:"url,omitempty"`
+	HTMLURL               *string     `json:"html_url,omitempty"`
+	LocationsURL          *string     `json:"locations_url,omitempty"`
+	State                 *string     `json:"state,omitempty"`
+	Resolution            *string     `json:"resolution,omitempty"`
+	ResolvedAt            *Timestamp  `json:"resolved_at,omitempty"`
+	ResolvedBy            *User       `json:"resolved_by,omitempty"`
+	SecretType            *string     `json:"secret_type,omitempty"`
+	SecretTypeDisplayName *string     `json:"secret_type_display_name,omitempty"`
+	Secret                *string     `json:"secret,omitempty"`
+	Repository            *Repository `json:"repository,omitempty"`
 }
 
 // SecretScanningAlertLocation represents the location for a secret scanning alert.
diff --git a/vendor/github.com/google/go-github/v55/github/security_advisories.go b/vendor/github.com/google/go-github/v55/github/security_advisories.go
new file mode 100644
index 0000000000..a75fce54d9
--- /dev/null
+++ b/vendor/github.com/google/go-github/v55/github/security_advisories.go
@@ -0,0 +1,37 @@
+// Copyright 2023 The go-github AUTHORS. All rights reserved.
+//
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package github
+
+import (
+	"context"
+	"fmt"
+)
+
+type SecurityAdvisoriesService service
+
+// RequestCVE requests a Common Vulnerabilities and Exposures (CVE) for a repository security advisory.
+// The ghsaID is the GitHub Security Advisory identifier of the advisory.
+//
+// GitHub API docs: https://docs.github.com/en/rest/security-advisories/repository-advisories#request-a-cve-for-a-repository-security-advisory
+func (s *SecurityAdvisoriesService) RequestCVE(ctx context.Context, owner, repo, ghsaID string) (*Response, error) {
+	url := fmt.Sprintf("repos/%v/%v/security-advisories/%v/cve", owner, repo, ghsaID)
+
+	req, err := s.client.NewRequest("POST", url, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	resp, err := s.client.Do(ctx, req, nil)
+	if err != nil {
+		if _, ok := err.(*AcceptedError); ok {
+			return resp, nil
+		}
+
+		return resp, err
+	}
+
+	return resp, nil
+}
diff --git a/vendor/github.com/google/go-github/v53/github/strings.go b/vendor/github.com/google/go-github/v55/github/strings.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/strings.go
rename to vendor/github.com/google/go-github/v55/github/strings.go
diff --git a/vendor/github.com/google/go-github/v53/github/teams.go b/vendor/github.com/google/go-github/v55/github/teams.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/teams.go
rename to vendor/github.com/google/go-github/v55/github/teams.go
diff --git a/vendor/github.com/google/go-github/v53/github/teams_discussion_comments.go b/vendor/github.com/google/go-github/v55/github/teams_discussion_comments.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/teams_discussion_comments.go
rename to vendor/github.com/google/go-github/v55/github/teams_discussion_comments.go
diff --git a/vendor/github.com/google/go-github/v53/github/teams_discussions.go b/vendor/github.com/google/go-github/v55/github/teams_discussions.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/teams_discussions.go
rename to vendor/github.com/google/go-github/v55/github/teams_discussions.go
diff --git a/vendor/github.com/google/go-github/v53/github/teams_members.go b/vendor/github.com/google/go-github/v55/github/teams_members.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/teams_members.go
rename to vendor/github.com/google/go-github/v55/github/teams_members.go
diff --git a/vendor/github.com/google/go-github/v53/github/timestamp.go b/vendor/github.com/google/go-github/v55/github/timestamp.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/timestamp.go
rename to vendor/github.com/google/go-github/v55/github/timestamp.go
diff --git a/vendor/github.com/google/go-github/v53/github/users.go b/vendor/github.com/google/go-github/v55/github/users.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/users.go
rename to vendor/github.com/google/go-github/v55/github/users.go
diff --git a/vendor/github.com/google/go-github/v53/github/users_administration.go b/vendor/github.com/google/go-github/v55/github/users_administration.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/users_administration.go
rename to vendor/github.com/google/go-github/v55/github/users_administration.go
diff --git a/vendor/github.com/google/go-github/v53/github/users_blocking.go b/vendor/github.com/google/go-github/v55/github/users_blocking.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/users_blocking.go
rename to vendor/github.com/google/go-github/v55/github/users_blocking.go
diff --git a/vendor/github.com/google/go-github/v53/github/users_emails.go b/vendor/github.com/google/go-github/v55/github/users_emails.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/users_emails.go
rename to vendor/github.com/google/go-github/v55/github/users_emails.go
diff --git a/vendor/github.com/google/go-github/v53/github/users_followers.go b/vendor/github.com/google/go-github/v55/github/users_followers.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/users_followers.go
rename to vendor/github.com/google/go-github/v55/github/users_followers.go
diff --git a/vendor/github.com/google/go-github/v53/github/users_gpg_keys.go b/vendor/github.com/google/go-github/v55/github/users_gpg_keys.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/users_gpg_keys.go
rename to vendor/github.com/google/go-github/v55/github/users_gpg_keys.go
diff --git a/vendor/github.com/google/go-github/v53/github/users_keys.go b/vendor/github.com/google/go-github/v55/github/users_keys.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/users_keys.go
rename to vendor/github.com/google/go-github/v55/github/users_keys.go
diff --git a/vendor/github.com/google/go-github/v53/github/users_packages.go b/vendor/github.com/google/go-github/v55/github/users_packages.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/users_packages.go
rename to vendor/github.com/google/go-github/v55/github/users_packages.go
diff --git a/vendor/github.com/google/go-github/v53/github/users_projects.go b/vendor/github.com/google/go-github/v55/github/users_projects.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/users_projects.go
rename to vendor/github.com/google/go-github/v55/github/users_projects.go
diff --git a/vendor/github.com/google/go-github/v53/github/users_ssh_signing_keys.go b/vendor/github.com/google/go-github/v55/github/users_ssh_signing_keys.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/users_ssh_signing_keys.go
rename to vendor/github.com/google/go-github/v55/github/users_ssh_signing_keys.go
diff --git a/vendor/github.com/google/go-github/v53/github/with_appengine.go b/vendor/github.com/google/go-github/v55/github/with_appengine.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/with_appengine.go
rename to vendor/github.com/google/go-github/v55/github/with_appengine.go
diff --git a/vendor/github.com/google/go-github/v53/github/without_appengine.go b/vendor/github.com/google/go-github/v55/github/without_appengine.go
similarity index 100%
rename from vendor/github.com/google/go-github/v53/github/without_appengine.go
rename to vendor/github.com/google/go-github/v55/github/without_appengine.go
diff --git a/vendor/github.com/gowebpki/jcs/.gitignore b/vendor/github.com/gowebpki/jcs/.gitignore
new file mode 100644
index 0000000000..a692565e11
--- /dev/null
+++ b/vendor/github.com/gowebpki/jcs/.gitignore
@@ -0,0 +1,34 @@
+# Compiled Object files, Static and Dynamic libs (Shared Objects)
+*.o
+*.a
+*.so
+
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+
+# Test binary, built with `go test -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+coverageout
+coverage.html
+goreportcard.db
+
+# Dependency directories (remove the comment below to include it)
+# vendor/
+
+# vscode
+*/.vscode
+*.code-workspace
+
+# sublime text
+*.sublime-workspace
+*.sublime-project
+
+# Mac files
+.DS_Store
diff --git a/vendor/github.com/gowebpki/jcs/LICENSE b/vendor/github.com/gowebpki/jcs/LICENSE
new file mode 100644
index 0000000000..d645695673
--- /dev/null
+++ b/vendor/github.com/gowebpki/jcs/LICENSE
@@ -0,0 +1,202 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
diff --git a/vendor/github.com/gowebpki/jcs/README.md b/vendor/github.com/gowebpki/jcs/README.md
new file mode 100644
index 0000000000..c2c976784e
--- /dev/null
+++ b/vendor/github.com/gowebpki/jcs/README.md
@@ -0,0 +1,72 @@
+![JCS](https://cyberphone.github.io/doc/security/jcs.svg)
+
+# JSON Canonicalization
+
+[![Go Report Card](https://goreportcard.com/badge/github.com/gowebpki/jcs)](https://goreportcard.com/report/github.com/gowebpki/jcs) 
+[![godoc](https://img.shields.io/badge/godoc-reference-blue.svg?style=flat)](https://pkg.go.dev/github.com/gowebpki/jcs)
+[![GitHub license](https://img.shields.io/github/license/gowebpki/jcs.svg?style=flat)](https://github.com/gowebpki/jcs/blob/master/LICENSE)
+[![GitHub go.mod Go version of a Go module](https://img.shields.io/github/go-mod/go-version/gowebpki/jcs.svg?style=flat)](https://github.com/gowebpki/jcs)
+
+Cryptographic operations like hashing and signing depend on that the target 
+data does not change during serialization, transport, or parsing. 
+By applying the rules defined by JCS (JSON Canonicalization Scheme), 
+data provided in the JSON [[RFC8259](https://tools.ietf.org/html/rfc8259)]
+format can be exchanged "as is", while still being subject to secure cryptographic operations.
+JCS achieves this by building on the serialization formats for JSON
+primitives as defined by ECMAScript [[ES](https://ecma-international.org/ecma-262/)],
+constraining JSON data to the I-JSON [[RFC7493](https://tools.ietf.org/html//rfc7493)] subset,
+and through a platform independent property sorting scheme.
+
+Public RFC: https://tools.ietf.org/html/rfc8785
+
+The JSON Canonicalization Scheme concept in a nutshell:
+- Serialization of primitive JSON data types using methods compatible with ECMAScript's `JSON.stringify()`
+- Lexicographic sorting of JSON `Object` properties in a *recursive* process
+- JSON `Array` data is also subject to canonicalization, *but element order remains untouched*
+
+### Original Work
+
+This code was originally created by Anders Rundgren aka cyberphone and can be found here: 
+https://github.com/cyberphone/json-canonicalization. This fork and work is done with Anders' 
+permission and is an attempt to clean up the Golang version. 
+
+
+### Sample Input
+```code
+{
+  "numbers": [333333333.33333329, 1E30, 4.50, 2e-3, 0.000000000000000000000000001],
+  "string": "\u20ac$\u000F\u000aA'\u0042\u0022\u005c\\\"\/",
+  "literals": [null, true, false]
+}
+```
+### Expected Output
+```code
+{"literals":[null,true,false],"numbers":[333333333.3333333,1e+30,4.5,0.002,1e-27],"string":"€$\u000f\nA'B\"\\\\\"/"}
+```
+
+Note: for platform interoperable canonicalization, the output must be converted to UTF-8
+as well, here shown in hexadecimal notation:
+
+```code
+7b 22 6c 69 74 65 72 61 6c 73 22 3a 5b 6e 75 6c 6c 2c 74 72 75 65 2c 66 61 6c 73 65 5d 2c 22 6e
+75 6d 62 65 72 73 22 3a 5b 33 33 33 33 33 33 33 33 33 2e 33 33 33 33 33 33 33 2c 31 65 2b 33 30
+2c 34 2e 35 2c 30 2e 30 30 32 2c 31 65 2d 32 37 5d 2c 22 73 74 72 69 6e 67 22 3a 22 e2 82 ac 24
+5c 75 30 30 30 66 5c 6e 41 27 42 5c 22 5c 5c 5c 5c 5c 22 2f 22 7d
+```
+### Combining JCS and JWS (RFC7515)
+[JWS-JCS](https://github.com/cyberphone/jws-jcs#combining-detached-jws-with-jcs-json-canonicalization-scheme)
+
+### On-line Browser JCS Test
+https://cyberphone.github.io/doc/security/browser-json-canonicalization.html
+
+### ECMAScript Proposal: JSON.canonify()
+[JSON.canonify()](https://github.com/cyberphone/json-canonicalization/blob/master/JSON.canonify.md)
+
+### Other Canonicalization Efforts
+https://tools.ietf.org/html/draft-staykov-hu-json-canonical-form-00
+
+http://wiki.laptop.org/go/Canonical_JSON
+
+https://gibson042.github.io/canonicaljson-spec/
+
+https://gist.github.com/mikesamuel/20710f94a53e440691f04bf79bc3d756
diff --git a/vendor/github.com/gowebpki/jcs/es6numfmt.go b/vendor/github.com/gowebpki/jcs/es6numfmt.go
new file mode 100644
index 0000000000..011e1df554
--- /dev/null
+++ b/vendor/github.com/gowebpki/jcs/es6numfmt.go
@@ -0,0 +1,59 @@
+// Copyright 2021 Bret Jordan & Benedikt Thoma, All rights reserved.
+// Copyright 2006-2019 WebPKI.org (http://webpki.org).
+//
+// Use of this source code is governed by an Apache 2.0 license that can be
+// found in the LICENSE file in the root of the source tree.
+
+package jcs
+
+import (
+	"errors"
+	"math"
+	"strconv"
+	"strings"
+)
+
+const invalidPattern uint64 = 0x7ff0000000000000
+
+// NumberToJSON converts numbers in IEEE-754 double precision into the
+// format specified for JSON in EcmaScript Version 6 and forward.
+// The core application for this is canonicalization per RFC 8785:
+func NumberToJSON(ieeeF64 float64) (res string, err error) {
+	ieeeU64 := math.Float64bits(ieeeF64)
+
+	// Special case: NaN and Infinity are invalid in JSON
+	if (ieeeU64 & invalidPattern) == invalidPattern {
+		return "null", errors.New("Invalid JSON number: " + strconv.FormatUint(ieeeU64, 16))
+	}
+
+	// Special case: eliminate "-0" as mandated by the ES6-JSON/JCS specifications
+	if ieeeF64 == 0 { // Right, this line takes both -0 and 0
+		return "0", nil
+	}
+
+	// Deal with the sign separately
+	var sign string = ""
+	if ieeeF64 < 0 {
+		ieeeF64 = -ieeeF64
+		sign = "-"
+	}
+
+	// ES6 has a unique "g" format
+	var format byte = 'e'
+	if ieeeF64 < 1e+21 && ieeeF64 >= 1e-6 {
+		format = 'f'
+	}
+
+	// The following should (in "theory") do the trick:
+	es6Formatted := strconv.FormatFloat(ieeeF64, format, -1, 64)
+
+	// Ryu version
+	exponent := strings.IndexByte(es6Formatted, 'e')
+	if exponent > 0 {
+		// Go outputs "1e+09" which must be rewritten as "1e+9"
+		if es6Formatted[exponent+2] == '0' {
+			es6Formatted = es6Formatted[:exponent+2] + es6Formatted[exponent+3:]
+		}
+	}
+	return sign + es6Formatted, nil
+}
diff --git a/vendor/github.com/gowebpki/jcs/jcs.go b/vendor/github.com/gowebpki/jcs/jcs.go
new file mode 100644
index 0000000000..f67524c544
--- /dev/null
+++ b/vendor/github.com/gowebpki/jcs/jcs.go
@@ -0,0 +1,489 @@
+// Copyright 2021 Bret Jordan & Benedikt Thoma, All rights reserved.
+// Copyright 2006-2019 WebPKI.org (http://webpki.org).
+//
+// Use of this source code is governed by an Apache 2.0 license that can be
+// found in the LICENSE file in the root of the source tree.
+
+// Package jcs transforms UTF-8 JSON data into a canonicalized version according RFC 8785
+package jcs
+
+import (
+	"container/list"
+	"errors"
+	"fmt"
+	"strconv"
+	"strings"
+	"unicode/utf16"
+)
+
+type nameValueType struct {
+	name    string
+	sortKey []uint16
+	value   string
+}
+
+type jcsData struct {
+	// JSON data MUST be UTF-8 encoded
+	jsonData []byte
+	// Current pointer in jsonData
+	index int
+}
+
+// JSON standard escapes (modulo \u)
+var (
+	asciiEscapes  = []byte{'\\', '"', 'b', 'f', 'n', 'r', 't'}
+	binaryEscapes = []byte{'\\', '"', '\b', '\f', '\n', '\r', '\t'}
+)
+
+// JSON literals
+var literals = []string{"true", "false", "null"}
+
+// Transform converts raw JSON data from a []byte array into a canonicalized version according RFC 8785
+func Transform(jsonData []byte) ([]byte, error) {
+	if jsonData == nil {
+		return nil, errors.New("No JSON data provided")
+	}
+
+	// Create a JCS Data struct to store the JSON Data and the index.
+	var jd jcsData
+	jd.jsonData = jsonData
+	j := &jd
+
+	transformed, err := j.parseEntry()
+	if err != nil {
+		return nil, err
+	}
+
+	for j.index < len(j.jsonData) {
+		if !j.isWhiteSpace(j.jsonData[j.index]) {
+			return nil, errors.New("Improperly terminated JSON object")
+		}
+		j.index++
+	}
+	return []byte(transformed), err
+}
+
+func (j *jcsData) isWhiteSpace(c byte) bool {
+	return c == 0x20 || c == 0x0a || c == 0x0d || c == 0x09
+}
+
+func (j *jcsData) nextChar() (byte, error) {
+	if j.index < len(j.jsonData) {
+		c := j.jsonData[j.index]
+		if c > 0x7f {
+			return 0, errors.New("Unexpected non-ASCII character")
+		}
+		j.index++
+		return c, nil
+	}
+	return 0, errors.New("Unexpected EOF reached")
+}
+
+// scan advances index on jsonData to the first non whitespace character and returns it.
+func (j *jcsData) scan() (byte, error) {
+	for {
+		c, err := j.nextChar()
+		if err != nil {
+			return 0, err
+		}
+
+		if j.isWhiteSpace(c) {
+			continue
+		}
+
+		return c, nil
+	}
+}
+
+func (j *jcsData) scanFor(expected byte) error {
+	c, err := j.scan()
+	if err != nil {
+		return err
+	}
+	if c != expected {
+		return fmt.Errorf("Expected %s but got %s", string(expected), string(c))
+	}
+	return nil
+}
+
+func (j *jcsData) getUEscape() (rune, error) {
+	start := j.index
+	for i := 0; i < 4; i++ {
+		_, err := j.nextChar()
+		if err != nil {
+			return 0, err
+		}
+	}
+
+	u16, err := strconv.ParseUint(string(j.jsonData[start:j.index]), 16, 64)
+	if err != nil {
+		return 0, err
+	}
+	return rune(u16), nil
+}
+
+func (j *jcsData) decorateString(rawUTF8 string) string {
+	var quotedString strings.Builder
+	quotedString.WriteByte('"')
+
+CoreLoop:
+	for _, c := range []byte(rawUTF8) {
+		// Is this within the JSON standard escapes?
+		for i, esc := range binaryEscapes {
+			if esc == c {
+				quotedString.WriteByte('\\')
+				quotedString.WriteByte(asciiEscapes[i])
+
+				continue CoreLoop
+			}
+		}
+		if c < 0x20 {
+			// Other ASCII control characters must be escaped with \uhhhh
+			quotedString.WriteString(fmt.Sprintf("\\u%04x", c))
+		} else {
+			quotedString.WriteByte(c)
+		}
+	}
+	quotedString.WriteByte('"')
+
+	return quotedString.String()
+}
+
+// parseEntry is the entrypoint into the parsing control flow
+func (j *jcsData) parseEntry() (string, error) {
+	c, err := j.scan()
+	if err != nil {
+		return "", err
+	}
+	j.index--
+
+	switch c {
+	case '{', '"', '[':
+		return j.parseElement()
+	default:
+		value, err := parseLiteral(string(j.jsonData))
+		if err != nil {
+			return "", err
+		}
+
+		j.index = len(j.jsonData)
+		return value, nil
+	}
+}
+
+func (j *jcsData) parseQuotedString() (string, error) {
+	var rawString strings.Builder
+
+CoreLoop:
+	for {
+		var c byte
+		if j.index < len(j.jsonData) {
+			c = j.jsonData[j.index]
+			j.index++
+		} else {
+			return "", errors.New("Unexpected EOF reached")
+		}
+
+		if c == '"' {
+			break
+		}
+
+		if c < ' ' {
+			return "", errors.New("Unterminated string literal")
+		} else if c == '\\' {
+			// Escape sequence
+			c, err := j.nextChar()
+			if err != nil {
+				return "", err
+			}
+
+			if c == 'u' {
+				// The \u escape
+				firstUTF16, err := j.getUEscape()
+				if err != nil {
+					return "", err
+				}
+
+				if utf16.IsSurrogate(firstUTF16) {
+					// If the first UTF-16 code unit has a certain value there must be
+					// another succeeding UTF-16 code unit as well
+					backslash, err := j.nextChar()
+					if err != nil {
+						return "", err
+					}
+					u, err := j.nextChar()
+					if err != nil {
+						return "", err
+					}
+
+					if backslash != '\\' || u != 'u' {
+						return "", errors.New("Missing surrogate")
+					}
+
+					// Output the UTF-32 code point as UTF-8
+					uEscape, err := j.getUEscape()
+					if err != nil {
+						return "", err
+					}
+					rawString.WriteRune(utf16.DecodeRune(firstUTF16, uEscape))
+
+				} else {
+					// Single UTF-16 code identical to UTF-32.  Output as UTF-8
+					rawString.WriteRune(firstUTF16)
+				}
+			} else if c == '/' {
+				// Benign but useless escape
+				rawString.WriteByte('/')
+			} else {
+				// The JSON standard escapes
+				for i, esc := range asciiEscapes {
+					if esc == c {
+						rawString.WriteByte(binaryEscapes[i])
+						continue CoreLoop
+					}
+				}
+				return "", fmt.Errorf("Unexpected escape: \\%s", string(c))
+			}
+		} else {
+			// Just an ordinary ASCII character alternatively a UTF-8 byte
+			// outside of ASCII.
+			// Note that properly formatted UTF-8 never clashes with ASCII
+			// making byte per byte search for ASCII break characters work
+			// as expected.
+			rawString.WriteByte(c)
+		}
+	}
+
+	return rawString.String(), nil
+}
+
+func (j *jcsData) parseSimpleType() (string, error) {
+	var token strings.Builder
+
+	j.index--
+
+	// no condition is needed here.
+	// if the buffer reaches EOF scan returns an error, or we terminate because the
+	// json simple type terminates
+	for {
+		c, err := j.scan()
+		if err != nil {
+			return "", err
+		}
+
+		if c == ',' || c == ']' || c == '}' {
+			j.index--
+			break
+		}
+
+		token.WriteByte(c)
+	}
+
+	if token.Len() == 0 {
+		return "", errors.New("Missing argument")
+	}
+
+	return parseLiteral(token.String())
+}
+
+func parseLiteral(value string) (string, error) {
+	// Is it a JSON literal?
+	for _, literal := range literals {
+		if literal == value {
+			return literal, nil
+		}
+	}
+
+	// Apparently not so we assume that it is a I-JSON number
+	ieeeF64, err := strconv.ParseFloat(value, 64)
+	if err != nil {
+		return "", err
+	}
+
+	value, err = NumberToJSON(ieeeF64)
+	if err != nil {
+		return "", err
+	}
+
+	return value, nil
+}
+
+func (j *jcsData) parseElement() (string, error) {
+	c, err := j.scan()
+	if err != nil {
+		return "", err
+	}
+
+	switch c {
+	case '{':
+		return j.parseObject()
+	case '"':
+		str, err := j.parseQuotedString()
+		if err != nil {
+			return "", err
+		}
+		return j.decorateString(str), nil
+	case '[':
+		return j.parseArray()
+	default:
+		return j.parseSimpleType()
+	}
+}
+
+func (j *jcsData) peek() (byte, error) {
+	c, err := j.scan()
+	if err != nil {
+		return 0, err
+	}
+
+	j.index--
+	return c, nil
+}
+
+func (j *jcsData) parseArray() (string, error) {
+	var arrayData strings.Builder
+	var next bool
+
+	arrayData.WriteByte('[')
+
+	for {
+		c, err := j.peek()
+		if err != nil {
+			return "", err
+		}
+
+		if c == ']' {
+			j.index++
+			break
+		}
+
+		if next {
+			err = j.scanFor(',')
+			if err != nil {
+				return "", err
+			}
+			arrayData.WriteByte(',')
+		} else {
+			next = true
+		}
+
+		element, err := j.parseElement()
+		if err != nil {
+			return "", err
+		}
+		arrayData.WriteString(element)
+	}
+
+	arrayData.WriteByte(']')
+	return arrayData.String(), nil
+}
+
+func (j *jcsData) lexicographicallyPrecedes(sortKey []uint16, e *list.Element) (bool, error) {
+	// Find the minimum length of the sortKeys
+	oldSortKey := e.Value.(nameValueType).sortKey
+	minLength := len(oldSortKey)
+	if minLength > len(sortKey) {
+		minLength = len(sortKey)
+	}
+	for q := 0; q < minLength; q++ {
+		diff := int(sortKey[q]) - int(oldSortKey[q])
+		if diff < 0 {
+			// Smaller => Precedes
+			return true, nil
+		} else if diff > 0 {
+			// Bigger => No match
+			return false, nil
+		}
+		// Still equal => Continue
+	}
+	// The sortKeys compared equal up to minLength
+	if len(sortKey) < len(oldSortKey) {
+		// Shorter => Precedes
+		return true, nil
+	}
+	if len(sortKey) == len(oldSortKey) {
+		return false, fmt.Errorf("Duplicate key: %s", e.Value.(nameValueType).name)
+	}
+	// Longer => No match
+	return false, nil
+}
+
+func (j *jcsData) parseObject() (string, error) {
+	nameValueList := list.New()
+	var next bool = false
+CoreLoop:
+	for {
+		c, err := j.peek()
+		if err != nil {
+			return "", err
+		}
+
+		if c == '}' {
+			// advance index because of peeked '}'
+			j.index++
+			break
+		}
+
+		if next {
+			err = j.scanFor(',')
+			if err != nil {
+				return "", err
+			}
+		}
+		next = true
+
+		err = j.scanFor('"')
+		if err != nil {
+			return "", err
+		}
+		rawUTF8, err := j.parseQuotedString()
+		if err != nil {
+			break
+		}
+		// Sort keys on UTF-16 code units
+		// Since UTF-8 doesn't have endianess this is just a value transformation
+		// In the Go case the transformation is UTF-8 => UTF-32 => UTF-16
+		sortKey := utf16.Encode([]rune(rawUTF8))
+		err = j.scanFor(':')
+		if err != nil {
+			return "", err
+		}
+
+		element, err := j.parseElement()
+		if err != nil {
+			return "", err
+		}
+		nameValue := nameValueType{rawUTF8, sortKey, element}
+		for e := nameValueList.Front(); e != nil; e = e.Next() {
+			// Check if the key is smaller than a previous key
+			if precedes, err := j.lexicographicallyPrecedes(sortKey, e); err != nil {
+				return "", err
+			} else if precedes {
+				// Precedes => Insert before and exit sorting
+				nameValueList.InsertBefore(nameValue, e)
+				continue CoreLoop
+			}
+			// Continue searching for a possibly succeeding sortKey
+			// (which is straightforward since the list is ordered)
+		}
+		// The sortKey is either the first or is succeeding all previous sortKeys
+		nameValueList.PushBack(nameValue)
+	}
+
+	// Now everything is sorted so we can properly serialize the object
+	var objectData strings.Builder
+	objectData.WriteByte('{')
+	next = false
+	for e := nameValueList.Front(); e != nil; e = e.Next() {
+		if next {
+			objectData.WriteByte(',')
+		}
+		next = true
+		nameValue := e.Value.(nameValueType)
+		objectData.WriteString(j.decorateString(nameValue.name))
+		objectData.WriteByte(':')
+		objectData.WriteString(nameValue.value)
+	}
+	objectData.WriteByte('}')
+	return objectData.String(), nil
+}
diff --git a/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/LICENSE.txt b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/LICENSE
similarity index 100%
rename from vendor/github.com/grpc-ecosystem/grpc-gateway/v2/LICENSE.txt
rename to vendor/github.com/grpc-ecosystem/grpc-gateway/v2/LICENSE
diff --git a/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/BUILD.bazel b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/BUILD.bazel
index a8789f1702..78d7c9f5c8 100644
--- a/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/BUILD.bazel
+++ b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/BUILD.bazel
@@ -26,7 +26,7 @@ go_library(
     deps = [
         "//internal/httprule",
         "//utilities",
-        "@go_googleapis//google/api:httpbody_go_proto",
+        "@org_golang_google_genproto_googleapis_api//httpbody",
         "@org_golang_google_grpc//codes",
         "@org_golang_google_grpc//grpclog",
         "@org_golang_google_grpc//health/grpc_health_v1",
@@ -70,9 +70,9 @@ go_test(
         "//utilities",
         "@com_github_google_go_cmp//cmp",
         "@com_github_google_go_cmp//cmp/cmpopts",
-        "@go_googleapis//google/api:httpbody_go_proto",
-        "@go_googleapis//google/rpc:errdetails_go_proto",
-        "@go_googleapis//google/rpc:status_go_proto",
+        "@org_golang_google_genproto_googleapis_api//httpbody",
+        "@org_golang_google_genproto_googleapis_rpc//errdetails",
+        "@org_golang_google_genproto_googleapis_rpc//status",
         "@org_golang_google_grpc//:go_default_library",
         "@org_golang_google_grpc//codes",
         "@org_golang_google_grpc//health/grpc_health_v1",
diff --git a/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/fieldmask.go b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/fieldmask.go
index a03dd166bd..19d9d37fff 100644
--- a/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/fieldmask.go
+++ b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/fieldmask.go
@@ -27,7 +27,7 @@ func FieldMaskFromRequestBody(r io.Reader, msg proto.Message) (*field_mask.Field
 	var root interface{}
 
 	if err := json.NewDecoder(r).Decode(&root); err != nil {
-		if err == io.EOF {
+		if errors.Is(err, io.EOF) {
 			return fm, nil
 		}
 		return nil, err
diff --git a/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/handler.go b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/handler.go
index 945f3a5ebf..305b1458b3 100644
--- a/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/handler.go
+++ b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/handler.go
@@ -2,6 +2,7 @@ package runtime
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"io"
 	"net/http"
@@ -48,7 +49,7 @@ func ForwardResponseStream(ctx context.Context, mux *ServeMux, marshaler Marshal
 	var wroteHeader bool
 	for {
 		resp, err := recv()
-		if err == io.EOF {
+		if errors.Is(err, io.EOF) {
 			return
 		}
 		if err != nil {
diff --git a/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/marshal_httpbodyproto.go b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/marshal_httpbodyproto.go
index b86135c889..6de2e220c7 100644
--- a/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/marshal_httpbodyproto.go
+++ b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/marshal_httpbodyproto.go
@@ -26,7 +26,7 @@ func (h *HTTPBodyMarshaler) ContentType(v interface{}) string {
 // google.api.HttpBody message, otherwise it falls back to the default Marshaler.
 func (h *HTTPBodyMarshaler) Marshal(v interface{}) ([]byte, error) {
 	if httpBody, ok := v.(*httpbody.HttpBody); ok {
-		return httpBody.Data, nil
+		return httpBody.GetData(), nil
 	}
 	return h.Marshaler.Marshal(v)
 }
diff --git a/vendor/github.com/hashicorp/go-sockaddr/LICENSE b/vendor/github.com/hashicorp/go-sockaddr/LICENSE
index a612ad9813..be467e386b 100644
--- a/vendor/github.com/hashicorp/go-sockaddr/LICENSE
+++ b/vendor/github.com/hashicorp/go-sockaddr/LICENSE
@@ -1,3 +1,5 @@
+Copyright (c) 2016 HashiCorp, Inc.
+
 Mozilla Public License Version 2.0
 ==================================
 
diff --git a/vendor/github.com/hashicorp/go-sockaddr/ifaddrs.go b/vendor/github.com/hashicorp/go-sockaddr/ifaddrs.go
index 80f61bef68..d2713afbf7 100644
--- a/vendor/github.com/hashicorp/go-sockaddr/ifaddrs.go
+++ b/vendor/github.com/hashicorp/go-sockaddr/ifaddrs.go
@@ -16,8 +16,10 @@ var (
 	// Centralize all regexps and regexp.Copy() where necessary.
 	signRE       *regexp.Regexp = regexp.MustCompile(`^[\s]*[+-]`)
 	whitespaceRE *regexp.Regexp = regexp.MustCompile(`[\s]+`)
-	ifNameRE     *regexp.Regexp = regexp.MustCompile(`^(?:Ethernet|Wireless LAN) adapter ([^:]+):`)
-	ipAddrRE     *regexp.Regexp = regexp.MustCompile(`^   IPv[46] Address\. \. \. \. \. \. \. \. \. \. \. : ([^\s]+)`)
+	// These regular expressions enable the deprecated parseDefaultIfNameWindows
+	// and should be removed when those functions are.
+	ifNameRE *regexp.Regexp = regexp.MustCompile(`^(?:Ethernet|Wireless LAN) adapter ([^:]+):`)
+	ipAddrRE *regexp.Regexp = regexp.MustCompile(`^   IPv[46] Address\. \. \. \. \. \. \. \. \. \. \. : ([^\s]+)`)
 )
 
 // IfAddrs is a slice of IfAddr
@@ -1214,7 +1216,7 @@ func parseDefaultIfNameFromIPCmd(routeOut string) (string, error) {
 // Android.
 func parseDefaultIfNameFromIPCmdAndroid(routeOut string) (string, error) {
 	parsedLines := parseIfNameFromIPCmd(routeOut)
-	if (len(parsedLines) > 0) {
+	if len(parsedLines) > 0 {
 		ifName := strings.TrimSpace(parsedLines[0][4])
 		return ifName, nil
 	}
@@ -1222,7 +1224,6 @@ func parseDefaultIfNameFromIPCmdAndroid(routeOut string) (string, error) {
 	return "", errors.New("No default interface found")
 }
 
-
 // parseIfNameFromIPCmd parses interfaces from ip(8) for
 // Linux.
 func parseIfNameFromIPCmd(routeOut string) [][]string {
@@ -1241,6 +1242,10 @@ func parseIfNameFromIPCmd(routeOut string) [][]string {
 
 // parseDefaultIfNameWindows parses the default interface from `netstat -rn` and
 // `ipconfig` on Windows.
+//
+// This has been deprecated in favor of a Powershell-based solution because of
+// issues with localized Windows versions, but is currently retained for backward
+// compatibility
 func parseDefaultIfNameWindows(routeOut, ipconfigOut string) (string, error) {
 	defaultIPAddr, err := parseDefaultIPAddrWindowsRoute(routeOut)
 	if err != nil {
@@ -1262,6 +1267,10 @@ func parseDefaultIfNameWindows(routeOut, ipconfigOut string) (string, error) {
 // IPv6 connected host, submit an issue on github.com/hashicorp/go-sockaddr with
 // the output from `netstat -rn`, `ipconfig`, and version of Windows to see IPv6
 // support added.
+//
+// This has been deprecated in favor of a Powershell-based solution because of
+// issues with localized Windows versions, but is currently retained for backward
+// compatibility.
 func parseDefaultIPAddrWindowsRoute(routeOut string) (string, error) {
 	lines := strings.Split(routeOut, "\n")
 	re := whitespaceRE.Copy()
@@ -1282,6 +1291,10 @@ func parseDefaultIPAddrWindowsRoute(routeOut string) (string, error) {
 
 // parseDefaultIfNameWindowsIPConfig parses the output of `ipconfig` to find the
 // interface name forwarding traffic to the default gateway.
+//
+// This has been deprecated in favor of a Powershell-based solution because of
+// issues with localized Windows versions, but is currently retained for backward
+// compatibility
 func parseDefaultIfNameWindowsIPConfig(defaultIPAddr, routeOut string) (string, error) {
 	lines := strings.Split(routeOut, "\n")
 	ifNameRe := ifNameRE.Copy()
diff --git a/vendor/github.com/hashicorp/go-sockaddr/route_info_test_windows.go b/vendor/github.com/hashicorp/go-sockaddr/route_info_test_windows.go
new file mode 100644
index 0000000000..a6eacdb2cf
--- /dev/null
+++ b/vendor/github.com/hashicorp/go-sockaddr/route_info_test_windows.go
@@ -0,0 +1,25 @@
+package sockaddr
+
+import "testing"
+
+func Test_parseWindowsDefaultIfName_new_vs_old(t *testing.T) {
+	if !hasPowershell() {
+		t.Skip("this test requires powershell.")
+		return
+	}
+	ri, err := NewRouteInfo()
+	if err != nil {
+		t.Fatalf("bad: %v", err)
+	}
+	psVer, err1 := ri.GetDefaultInterfaceName()
+	legacyVer, err2 := ri.GetDefaultInterfaceNameLegacy()
+	if err1 != nil {
+		t.Errorf("err != nil for GetDefaultInterfaceName - %v", err1)
+	}
+	if err2 != nil {
+		t.Errorf("err != nil for GetDefaultInterfaceNameLegacy - %v", err2)
+	}
+	if psVer != legacyVer {
+		t.Errorf("got %s; want %s", psVer, legacyVer)
+	}
+}
diff --git a/vendor/github.com/hashicorp/go-sockaddr/route_info_windows.go b/vendor/github.com/hashicorp/go-sockaddr/route_info_windows.go
index 3da972883e..087fad95e0 100644
--- a/vendor/github.com/hashicorp/go-sockaddr/route_info_windows.go
+++ b/vendor/github.com/hashicorp/go-sockaddr/route_info_windows.go
@@ -1,8 +1,14 @@
 package sockaddr
 
-import "os/exec"
+import (
+	"os/exec"
+	"strings"
+)
 
 var cmds map[string][]string = map[string][]string{
+	"defaultInterface": {"powershell", "Get-NetRoute -DestinationPrefix '0.0.0.0/0' | select -ExpandProperty InterfaceAlias"},
+	// These commands enable GetDefaultInterfaceNameLegacy and should be removed
+	// when it is.
 	"netstat":  {"netstat", "-rn"},
 	"ipconfig": {"ipconfig"},
 }
@@ -22,6 +28,23 @@ func NewRouteInfo() (routeInfo, error) {
 // GetDefaultInterfaceName returns the interface name attached to the default
 // route on the default interface.
 func (ri routeInfo) GetDefaultInterfaceName() (string, error) {
+	if !hasPowershell() {
+		// No powershell, fallback to legacy method
+		return ri.GetDefaultInterfaceNameLegacy()
+	}
+
+	ifNameOut, err := exec.Command(cmds["defaultInterface"][0], cmds["defaultInterface"][1:]...).Output()
+	if err != nil {
+		return "", err
+	}
+
+	ifName := strings.TrimSpace(string(ifNameOut[:]))
+	return ifName, nil
+}
+
+// GetDefaultInterfaceNameLegacy provides legacy behavior for GetDefaultInterfaceName
+// on Windows machines without powershell.
+func (ri routeInfo) GetDefaultInterfaceNameLegacy() (string, error) {
 	ifNameOut, err := exec.Command(cmds["netstat"][0], cmds["netstat"][1:]...).Output()
 	if err != nil {
 		return "", err
@@ -39,3 +62,8 @@ func (ri routeInfo) GetDefaultInterfaceName() (string, error) {
 
 	return ifName, nil
 }
+
+func hasPowershell() bool {
+	_, err := exec.LookPath("powershell")
+	return (err != nil)
+}
diff --git a/vendor/github.com/hashicorp/go-sockaddr/unixsock.go b/vendor/github.com/hashicorp/go-sockaddr/unixsock.go
index f3be3f67e7..17aed98adf 100644
--- a/vendor/github.com/hashicorp/go-sockaddr/unixsock.go
+++ b/vendor/github.com/hashicorp/go-sockaddr/unixsock.go
@@ -27,6 +27,16 @@ func NewUnixSock(s string) (ret UnixSock, err error) {
 	return ret, nil
 }
 
+// Contains returns true if sa and us have the same path
+func (us UnixSock) Contains(sa SockAddr) bool {
+	usb, ok := sa.(UnixSock)
+	if !ok {
+		return false
+	}
+
+	return usb.path == us.path
+}
+
 // CmpAddress follows the Cmp() standard protocol and returns:
 //
 // - -1 If the receiver should sort first because its name lexically sorts before arg
@@ -41,6 +51,9 @@ func (us UnixSock) CmpAddress(sa SockAddr) int {
 	return strings.Compare(us.Path(), usb.Path())
 }
 
+// CmpRFC doesn't make sense for a Unix socket, so just return defer decision
+func (us UnixSock) CmpRFC(rfcNum uint, sa SockAddr) int { return sortDeferDecision }
+
 // DialPacketArgs returns the arguments required to be passed to net.DialUnix()
 // with the `unixgram` network type.
 func (us UnixSock) DialPacketArgs() (network, dialArgs string) {
diff --git a/vendor/github.com/hashicorp/hcl/decoder.go b/vendor/github.com/hashicorp/hcl/decoder.go
index bed9ebbe14..d9a00f21d4 100644
--- a/vendor/github.com/hashicorp/hcl/decoder.go
+++ b/vendor/github.com/hashicorp/hcl/decoder.go
@@ -505,7 +505,7 @@ func expandObject(node ast.Node, result reflect.Value) ast.Node {
 	// we need to un-flatten the ast enough to decode
 	newNode := &ast.ObjectItem{
 		Keys: []*ast.ObjectKey{
-			&ast.ObjectKey{
+			{
 				Token: keyToken,
 			},
 		},
@@ -628,6 +628,24 @@ func (d *decoder) decodeStruct(name string, node ast.Node, result reflect.Value)
 	decodedFields := make([]string, 0, len(fields))
 	decodedFieldsVal := make([]reflect.Value, 0)
 	unusedKeysVal := make([]reflect.Value, 0)
+
+	// fill unusedNodeKeys with keys from the AST
+	// a slice because we have to do equals case fold to match Filter
+	unusedNodeKeys := make(map[string][]token.Pos, 0)
+	for i, item := range list.Items {
+		for _, k := range item.Keys {
+			// isNestedJSON returns true for e.g. bar in
+			// { "foo": { "bar": {...} } }
+			// This isn't an unused node key, so we want to skip it
+			isNestedJSON := i > 0 && len(item.Keys) > 1
+			if !isNestedJSON && (k.Token.JSON || k.Token.Type == token.IDENT) {
+				fn := k.Token.Value().(string)
+				sl := unusedNodeKeys[fn]
+				unusedNodeKeys[fn] = append(sl, k.Token.Pos)
+			}
+		}
+	}
+
 	for _, f := range fields {
 		field, fieldValue := f.field, f.val
 		if !fieldValue.IsValid() {
@@ -661,7 +679,7 @@ func (d *decoder) decodeStruct(name string, node ast.Node, result reflect.Value)
 
 				fieldValue.SetString(item.Keys[0].Token.Value().(string))
 				continue
-			case "unusedKeys":
+			case "unusedKeyPositions":
 				unusedKeysVal = append(unusedKeysVal, fieldValue)
 				continue
 			}
@@ -682,8 +700,9 @@ func (d *decoder) decodeStruct(name string, node ast.Node, result reflect.Value)
 			continue
 		}
 
-		// Track the used key
+		// Track the used keys
 		usedKeys[fieldName] = struct{}{}
+		unusedNodeKeys = removeCaseFold(unusedNodeKeys, fieldName)
 
 		// Create the field name and decode. We range over the elements
 		// because we actually want the value.
@@ -716,6 +735,13 @@ func (d *decoder) decodeStruct(name string, node ast.Node, result reflect.Value)
 		}
 	}
 
+	if len(unusedNodeKeys) > 0 {
+		// like decodedFields, populated the unusedKeys field(s)
+		for _, v := range unusedKeysVal {
+			v.Set(reflect.ValueOf(unusedNodeKeys))
+		}
+	}
+
 	return nil
 }
 
@@ -727,3 +753,17 @@ func findNodeType() reflect.Type {
 	value := reflect.ValueOf(nodeContainer).FieldByName("Node")
 	return value.Type()
 }
+
+func removeCaseFold(xs map[string][]token.Pos, y string) map[string][]token.Pos {
+	var toDel []string
+
+	for i := range xs {
+		if strings.EqualFold(i, y) {
+			toDel = append(toDel, i)
+		}
+	}
+	for _, i := range toDel {
+		delete(xs, i)
+	}
+	return xs
+}
diff --git a/vendor/github.com/hashicorp/hcl/hcl/ast/ast.go b/vendor/github.com/hashicorp/hcl/hcl/ast/ast.go
index 6e5ef654bb..f5b6b93b94 100644
--- a/vendor/github.com/hashicorp/hcl/hcl/ast/ast.go
+++ b/vendor/github.com/hashicorp/hcl/hcl/ast/ast.go
@@ -25,6 +25,8 @@ func (ObjectType) node()   {}
 func (LiteralType) node()  {}
 func (ListType) node()     {}
 
+var unknownPos token.Pos
+
 // File represents a single HCL file
 type File struct {
 	Node     Node            // usually a *ObjectList
@@ -108,7 +110,12 @@ func (o *ObjectList) Elem() *ObjectList {
 }
 
 func (o *ObjectList) Pos() token.Pos {
-	// always returns the uninitiliazed position
+	// If an Object has no members, it won't have a first item
+	// to use as position
+	if len(o.Items) == 0 {
+		return unknownPos
+	}
+	// Return the uninitialized position
 	return o.Items[0].Pos()
 }
 
@@ -133,10 +140,10 @@ type ObjectItem struct {
 }
 
 func (o *ObjectItem) Pos() token.Pos {
-	// I'm not entirely sure what causes this, but removing this causes
-	// a test failure. We should investigate at some point.
+	// If a parsed object has no keys, there is no position
+	// for its first element.
 	if len(o.Keys) == 0 {
-		return token.Pos{}
+		return unknownPos
 	}
 
 	return o.Keys[0].Pos()
diff --git a/vendor/github.com/imdario/mergo/README.md b/vendor/github.com/imdario/mergo/README.md
index 4f02874985..ffbbb62c70 100644
--- a/vendor/github.com/imdario/mergo/README.md
+++ b/vendor/github.com/imdario/mergo/README.md
@@ -1,17 +1,20 @@
 # Mergo
 
-[![GoDoc][3]][4]
 [![GitHub release][5]][6]
 [![GoCard][7]][8]
-[![Build Status][1]][2]
-[![Coverage Status][9]][10]
+[![Test status][1]][2]
+[![OpenSSF Scorecard][21]][22]
+[![OpenSSF Best Practices][19]][20]
+[![Coverage status][9]][10]
 [![Sourcegraph][11]][12]
-[![FOSSA Status][13]][14]
+[![FOSSA status][13]][14]
+
+[![GoDoc][3]][4]
 [![Become my sponsor][15]][16]
 [![Tidelift][17]][18]
 
-[1]: https://travis-ci.org/imdario/mergo.png
-[2]: https://travis-ci.org/imdario/mergo
+[1]: https://github.com/imdario/mergo/workflows/tests/badge.svg?branch=master
+[2]: https://github.com/imdario/mergo/actions/workflows/tests.yml
 [3]: https://godoc.org/github.com/imdario/mergo?status.svg
 [4]: https://godoc.org/github.com/imdario/mergo
 [5]: https://img.shields.io/github/release/imdario/mergo.svg
@@ -28,6 +31,10 @@
 [16]: https://github.com/sponsors/imdario
 [17]: https://tidelift.com/badges/package/go/github.com%2Fimdario%2Fmergo
 [18]: https://tidelift.com/subscription/pkg/go-github.com-imdario-mergo
+[19]: https://bestpractices.coreinfrastructure.org/projects/7177/badge
+[20]: https://bestpractices.coreinfrastructure.org/projects/7177
+[21]: https://api.securityscorecards.dev/projects/github.com/imdario/mergo/badge
+[22]: https://api.securityscorecards.dev/projects/github.com/imdario/mergo
 
 A helper to merge structs and maps in Golang. Useful for configuration default values, avoiding messy if-statements.
 
@@ -232,5 +239,4 @@ Written by [Dario Castañé](http://dario.im).
 
 [BSD 3-Clause](http://opensource.org/licenses/BSD-3-Clause) license, as [Go language](http://golang.org/LICENSE).
 
-
 [![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Fimdario%2Fmergo.svg?type=large)](https://app.fossa.io/projects/git%2Bgithub.com%2Fimdario%2Fmergo?ref=badge_large)
diff --git a/vendor/github.com/jedisct1/go-minisign/LICENSE b/vendor/github.com/jedisct1/go-minisign/LICENSE
index 010ad6e7a4..06c6cdbb99 100644
--- a/vendor/github.com/jedisct1/go-minisign/LICENSE
+++ b/vendor/github.com/jedisct1/go-minisign/LICENSE
@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2018-2021 Frank Denis
+Copyright (c) 2018-2023 Frank Denis
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
diff --git a/vendor/github.com/klauspost/compress/README.md b/vendor/github.com/klauspost/compress/README.md
index dde75389f1..43de486775 100644
--- a/vendor/github.com/klauspost/compress/README.md
+++ b/vendor/github.com/klauspost/compress/README.md
@@ -16,6 +16,14 @@ This package provides various compression algorithms.
 
 # changelog
 
+* Sept 19th, 2023 - [v1.17.0](https://github.com/klauspost/compress/releases/tag/v1.17.0)
+	* Add experimental dictionary builder  https://github.com/klauspost/compress/pull/853
+	* Add xerial snappy read/writer https://github.com/klauspost/compress/pull/838
+	* flate: Add limited window compression https://github.com/klauspost/compress/pull/843
+	* s2: Do 2 overlapping match checks https://github.com/klauspost/compress/pull/839
+	* flate: Add amd64 assembly matchlen https://github.com/klauspost/compress/pull/837
+	* gzip: Copy bufio.Reader on Reset by @thatguystone in https://github.com/klauspost/compress/pull/860
+   
 * July 1st, 2023 - [v1.16.7](https://github.com/klauspost/compress/releases/tag/v1.16.7)
 	* zstd: Fix default level first dictionary encode https://github.com/klauspost/compress/pull/829
 	* s2: add GetBufferCapacity() method by @GiedriusS in https://github.com/klauspost/compress/pull/832
@@ -646,6 +654,7 @@ Here are other packages of good quality and pure Go (no cgo wrappers or autoconv
 * [github.com/ronanh/intcomp](https://github.com/ronanh/intcomp) - Integer compression.
 * [github.com/spenczar/fpc](https://github.com/spenczar/fpc) - Float compression.
 * [github.com/minio/zipindex](https://github.com/minio/zipindex) - External ZIP directory index.
+* [github.com/ybirader/pzip](https://github.com/ybirader/pzip) - Fast concurrent zip archiver and extractor.
 
 # license
 
diff --git a/vendor/github.com/klauspost/compress/zstd/enc_best.go b/vendor/github.com/klauspost/compress/zstd/enc_best.go
index 9819d41453..858f8f43a5 100644
--- a/vendor/github.com/klauspost/compress/zstd/enc_best.go
+++ b/vendor/github.com/klauspost/compress/zstd/enc_best.go
@@ -197,12 +197,13 @@ encodeLoop:
 
 		// Set m to a match at offset if it looks like that will improve compression.
 		improve := func(m *match, offset int32, s int32, first uint32, rep int32) {
-			if s-offset >= e.maxMatchOff || load3232(src, offset) != first {
+			delta := s - offset
+			if delta >= e.maxMatchOff || delta <= 0 || load3232(src, offset) != first {
 				return
 			}
 			if debugAsserts {
-				if offset <= 0 {
-					panic(offset)
+				if offset >= s {
+					panic(fmt.Sprintf("offset: %d - s:%d - rep: %d - cur :%d - max: %d", offset, s, rep, e.cur, e.maxMatchOff))
 				}
 				if !bytes.Equal(src[s:s+4], src[offset:offset+4]) {
 					panic(fmt.Sprintf("first match mismatch: %v != %v, first: %08x", src[s:s+4], src[offset:offset+4], first))
@@ -343,8 +344,8 @@ encodeLoop:
 		if best.rep > 0 {
 			var seq seq
 			seq.matchLen = uint32(best.length - zstdMinMatch)
-			if debugAsserts && s <= nextEmit {
-				panic("s <= nextEmit")
+			if debugAsserts && s < nextEmit {
+				panic("s < nextEmit")
 			}
 			addLiterals(&seq, best.s)
 
diff --git a/vendor/github.com/lestrrat-go/blackmagic/blackmagic.go b/vendor/github.com/lestrrat-go/blackmagic/blackmagic.go
index 8d1d468543..aa5704a21a 100644
--- a/vendor/github.com/lestrrat-go/blackmagic/blackmagic.go
+++ b/vendor/github.com/lestrrat-go/blackmagic/blackmagic.go
@@ -5,6 +5,43 @@ import (
 	"reflect"
 )
 
+// AssignField is a convenience function to assign a value to
+// an optional struct field. In Go, an optional struct field is
+// usually denoted by a pointer to T instead of T:
+//
+//	type Object struct {
+//	  Optional *T
+//	}
+//
+// This gets a bit cumbersome when you want to assign literals
+// or you do not want to worry about taking the address of a
+// variable.
+//
+//	Object.Optional = &"foo" // doesn't compile!
+//
+// Instead you can use this function to do it in one line:
+//
+//	blackmagic.AssignOptionalField(&Object.Optionl, "foo")
+func AssignOptionalField(dst, src interface{}) error {
+	dstRV := reflect.ValueOf(dst)
+	srcRV := reflect.ValueOf(src)
+	if dstRV.Kind() != reflect.Pointer || dstRV.Elem().Kind() != reflect.Pointer {
+		return fmt.Errorf(`dst must be a pointer to a field that is turn a pointer of src (%T)`, src)
+	}
+
+	if !dstRV.Elem().CanSet() {
+		return fmt.Errorf(`dst (%T) is not assignable`, dstRV.Elem().Interface())
+	}
+	if !reflect.PtrTo(srcRV.Type()).AssignableTo(dstRV.Elem().Type()) {
+		return fmt.Errorf(`cannot assign src (%T) to dst (%T)`, src, dst)
+	}
+
+	ptr := reflect.New(srcRV.Type())
+	ptr.Elem().Set(srcRV)
+	dstRV.Elem().Set(ptr)
+	return nil
+}
+
 // AssignIfCompatible is a convenience function to safely
 // assign arbitrary values. dst must be a pointer to an
 // empty interface, or it must be a pointer to a compatible
@@ -15,19 +52,18 @@ func AssignIfCompatible(dst, src interface{}) error {
 
 	// t can be a pointer or a slice, and the code will slightly change
 	// depending on this
+	var isPtr bool
 	var isSlice bool
 	switch result.Kind() {
 	case reflect.Ptr:
-		// no op
+		isPtr = true
 	case reflect.Slice:
 		isSlice = true
-	default:
-		return fmt.Errorf("argument t to AssignIfCompatible must be a pointer or a slice: %T", src)
 	}
 
 	rv := reflect.ValueOf(dst)
 	if rv.Kind() != reflect.Ptr {
-		return fmt.Errorf(`argument to AssignIfCompatible() must be a pointer: %T`, dst)
+		return fmt.Errorf(`destination argument to AssignIfCompatible() must be a pointer: %T`, dst)
 	}
 
 	actualDst := rv.Elem()
@@ -37,7 +73,7 @@ func AssignIfCompatible(dst, src interface{}) error {
 	default:
 		// If it's a pointer to the struct we're looking for, we need to set
 		// the de-referenced struct
-		if !isSlice {
+		if !isSlice && isPtr {
 			result = result.Elem()
 		}
 	}
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/internal/ecutil/ecutil.go b/vendor/github.com/lestrrat-go/jwx/v2/internal/ecutil/ecutil.go
index e70f81659d..348636f676 100644
--- a/vendor/github.com/lestrrat-go/jwx/v2/internal/ecutil/ecutil.go
+++ b/vendor/github.com/lestrrat-go/jwx/v2/internal/ecutil/ecutil.go
@@ -80,10 +80,7 @@ func ReleaseECPointBuffer(buf []byte) {
 	ecpointBufferPool.Put(&buf)
 }
 
-// AllocECPointBuffer allocates a buffer for the given point in the given
-// curve. This buffer should be released using the ReleaseECPointBuffer
-// function.
-func AllocECPointBuffer(v *big.Int, crv elliptic.Curve) []byte {
+func CalculateKeySize(crv elliptic.Curve) int {
 	// We need to create a buffer that fits the entire curve.
 	// If the curve size is 66, that fits in 9 bytes. If the curve
 	// size is 64, it fits in 8 bytes.
@@ -104,7 +101,14 @@ func AllocECPointBuffer(v *big.Int, crv elliptic.Curve) []byte {
 		}
 	}
 
-	buf := getCrvFixedBuffer(inBytes)
+	return inBytes
+}
+
+// AllocECPointBuffer allocates a buffer for the given point in the given
+// curve. This buffer should be released using the ReleaseECPointBuffer
+// function.
+func AllocECPointBuffer(v *big.Int, crv elliptic.Curve) []byte {
+	buf := getCrvFixedBuffer(CalculateKeySize(crv))
 	v.FillBytes(buf)
 	return buf
 }
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jwk/README.md b/vendor/github.com/lestrrat-go/jwx/v2/jwk/README.md
index 85fb0a4b4a..6115857872 100644
--- a/vendor/github.com/lestrrat-go/jwx/v2/jwk/README.md
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jwk/README.md
@@ -137,7 +137,7 @@ func ExampleJWK_Usage() {
     log.Printf("%s", jsonbuf)
   }
 
-  for it := set.Iterate(context.Background()); it.Next(context.Background()); {
+  for it := set.Keys(context.Background()); it.Next(context.Background()); {
     pair := it.Pair()
     key := pair.Value.(jwk.Key)
 
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jwk/ecdsa.go b/vendor/github.com/lestrrat-go/jwx/v2/jwk/ecdsa.go
index 67a14ba63e..dcbe2ca6cf 100644
--- a/vendor/github.com/lestrrat-go/jwx/v2/jwk/ecdsa.go
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jwk/ecdsa.go
@@ -226,3 +226,48 @@ func (k ecdsaPrivateKey) Thumbprint(hash crypto.Hash) ([]byte, error) {
 		base64.EncodeToString(ybuf),
 	), nil
 }
+
+func ecdsaValidateKey(k interface {
+	Crv() jwa.EllipticCurveAlgorithm
+	X() []byte
+	Y() []byte
+}, checkPrivate bool) error {
+	crv, ok := ecutil.CurveForAlgorithm(k.Crv())
+	if !ok {
+		return fmt.Errorf(`invalid curve algorithm %q`, k.Crv())
+	}
+
+	keySize := ecutil.CalculateKeySize(crv)
+	if x := k.X(); len(x) != keySize {
+		return fmt.Errorf(`invalid "x" length (%d) for curve %q`, len(x), crv.Params().Name)
+	}
+
+	if y := k.Y(); len(y) != keySize {
+		return fmt.Errorf(`invalid "y" length (%d) for curve %q`, len(y), crv.Params().Name)
+	}
+
+	if checkPrivate {
+		if priv, ok := k.(interface{ D() []byte }); ok {
+			if len(priv.D()) != keySize {
+				return fmt.Errorf(`invalid "d" length (%d) for curve %q`, len(priv.D()), crv.Params().Name)
+			}
+		} else {
+			return fmt.Errorf(`missing "d" value`)
+		}
+	}
+	return nil
+}
+
+func (k *ecdsaPrivateKey) Validate() error {
+	if err := ecdsaValidateKey(k, true); err != nil {
+		return NewKeyValidationError(fmt.Errorf(`jwk.ECDSAPrivateKey: %w`, err))
+	}
+	return nil
+}
+
+func (k *ecdsaPublicKey) Validate() error {
+	if err := ecdsaValidateKey(k, false); err != nil {
+		return NewKeyValidationError(fmt.Errorf(`jwk.ECDSAPublicKey: %w`, err))
+	}
+	return nil
+}
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jwk/ecdsa_gen.go b/vendor/github.com/lestrrat-go/jwx/v2/jwk/ecdsa_gen.go
index 95a2995175..537ee24cf1 100644
--- a/vendor/github.com/lestrrat-go/jwx/v2/jwk/ecdsa_gen.go
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jwk/ecdsa_gen.go
@@ -65,6 +65,10 @@ func (h ecdsaPublicKey) KeyType() jwa.KeyType {
 	return jwa.EC
 }
 
+func (h ecdsaPublicKey) IsPrivate() bool {
+	return false
+}
+
 func (h *ecdsaPublicKey) Algorithm() jwa.KeyAlgorithm {
 	if h.algorithm != nil {
 		return *(h.algorithm)
@@ -629,6 +633,10 @@ func (h ecdsaPrivateKey) KeyType() jwa.KeyType {
 	return jwa.EC
 }
 
+func (h ecdsaPrivateKey) IsPrivate() bool {
+	return true
+}
+
 func (h *ecdsaPrivateKey) Algorithm() jwa.KeyAlgorithm {
 	if h.algorithm != nil {
 		return *(h.algorithm)
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jwk/fetch.go b/vendor/github.com/lestrrat-go/jwx/v2/jwk/fetch.go
index ddc75cd838..a4315a562b 100644
--- a/vendor/github.com/lestrrat-go/jwx/v2/jwk/fetch.go
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jwk/fetch.go
@@ -60,7 +60,7 @@ func getGlobalFetcher() httprc.Fetcher {
 }
 
 // SetGlobalFetcher allows users to specify a custom global fetcher,
-// which is used by the `Fetch` function. Assigning `nil` forces the
+// which is used by the `Fetch` function. Assigning `nil` forces
 // the default fetcher to be (re)created when the next call to
 // `jwk.Fetch` occurs
 //
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jwk/interface.go b/vendor/github.com/lestrrat-go/jwx/v2/jwk/interface.go
index 729a0ec6c5..1b9598a44f 100644
--- a/vendor/github.com/lestrrat-go/jwx/v2/jwk/interface.go
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jwk/interface.go
@@ -10,6 +10,13 @@ import (
 	"github.com/lestrrat-go/jwx/v2/internal/json"
 )
 
+// AsymmetricKey describes a Key that represents an key in an asymmetric key pair,
+// which in turn can be either a private or a public key. This interface
+// allows those keys to be queried if they are one or the other.
+type AsymmetricKey interface {
+	IsPrivate() bool
+}
+
 // KeyUsageType is used to denote what this key should be used for
 type KeyUsageType string
 
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jwk/interface_gen.go b/vendor/github.com/lestrrat-go/jwx/v2/jwk/interface_gen.go
index 6e4e79a047..9ee50516c6 100644
--- a/vendor/github.com/lestrrat-go/jwx/v2/jwk/interface_gen.go
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jwk/interface_gen.go
@@ -46,6 +46,20 @@ type Key interface {
 	// Remove removes the field associated with the specified key.
 	// There is no way to remove the `kty` (key type). You will ALWAYS be left with one field in a jwk.Key.
 	Remove(string) error
+	// Validate performs _minimal_ checks if the data stored in the key are valid.
+	// By minimal, we mean that it does not check if the key is valid for use in
+	// cryptographic operations. For example, it does not check if an RSA key's
+	// `e` field is a valid exponent, or if the `n` field is a valid modulus.
+	// Instead, it checks for things such as the _presence_ of some required fields,
+	// or if certain keys' values are of particular length.
+	//
+	// Note that depending on th underlying key type, use of this method requires
+	// that multiple fields in the key are properly populated. For example, an EC
+	// key's "x", "y" fields cannot be validated unless the "crv" field is populated first.
+	//
+	// Validate is never called by `UnmarshalJSON()` or `Set`. It must explicitly be
+	// called by the user
+	Validate() error
 
 	// Raw creates the corresponding raw key. For example,
 	// EC types would create *ecdsa.PublicKey or *ecdsa.PrivateKey,
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jwk/jwk.go b/vendor/github.com/lestrrat-go/jwx/v2/jwk/jwk.go
index 8521ba6e9f..bf129e8c60 100644
--- a/vendor/github.com/lestrrat-go/jwx/v2/jwk/jwk.go
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jwk/jwk.go
@@ -12,6 +12,7 @@ import (
 	"crypto/rsa"
 	"crypto/x509"
 	"encoding/pem"
+	"errors"
 	"fmt"
 	"io"
 	"math/big"
@@ -727,3 +728,62 @@ func AvailableCurves() []elliptic.Curve {
 func CurveForAlgorithm(alg jwa.EllipticCurveAlgorithm) (elliptic.Curve, bool) {
 	return ecutil.CurveForAlgorithm(alg)
 }
+
+// Equal compares two keys and returns true if they are equal. The comparison
+// is solely done against the thumbprints of k1 and k2. It is possible for keys
+// that have, for example, different key IDs, key usage, etc, to be considered equal.
+func Equal(k1, k2 Key) bool {
+	h := crypto.SHA256
+	tp1, err := k1.Thumbprint(h)
+	if err != nil {
+		return false // can't report error
+	}
+	tp2, err := k2.Thumbprint(h)
+	if err != nil {
+		return false // can't report error
+	}
+
+	return bytes.Equal(tp1, tp2)
+}
+
+// IsPrivateKey returns true if the supplied key is a private key of an
+// asymmetric key pair. The argument `k` must implement the `AsymmetricKey`
+// interface.
+//
+// An error is returned if the supplied key is not an `AsymmetricKey`.
+func IsPrivateKey(k Key) (bool, error) {
+	asymmetric, ok := k.(AsymmetricKey)
+	if ok {
+		return asymmetric.IsPrivate(), nil
+	}
+	return false, fmt.Errorf("jwk.IsPrivateKey: %T is not an asymmetric key", k)
+}
+
+type keyValidationError struct {
+	err error
+}
+
+func (e *keyValidationError) Error() string {
+	return fmt.Sprintf(`key validation failed: %s`, e.err)
+}
+
+func (e *keyValidationError) Unwrap() error {
+	return e.err
+}
+
+func (e *keyValidationError) Is(target error) bool {
+	_, ok := target.(*keyValidationError)
+	return ok
+}
+
+// NewKeyValidationError wraps the given error with an error that denotes
+// `key.Validate()` has failed. This error type should ONLY be used as
+// return value from the `Validate()` method.
+func NewKeyValidationError(err error) error {
+	return &keyValidationError{err: err}
+}
+
+func IsKeyValidationError(err error) bool {
+	var kve keyValidationError
+	return errors.Is(err, &kve)
+}
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jwk/okp.go b/vendor/github.com/lestrrat-go/jwx/v2/jwk/okp.go
index 2686ba516d..7754bf2a04 100644
--- a/vendor/github.com/lestrrat-go/jwx/v2/jwk/okp.go
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jwk/okp.go
@@ -81,8 +81,14 @@ func (k *okpPublicKey) Raw(v interface{}) error {
 }
 
 func buildOKPPrivateKey(alg jwa.EllipticCurveAlgorithm, xbuf []byte, dbuf []byte) (interface{}, error) {
+	if len(dbuf) == 0 {
+		return nil, fmt.Errorf(`cannot use empty seed`)
+	}
 	switch alg {
 	case jwa.Ed25519:
+		if len(dbuf) != ed25519.SeedSize {
+			return nil, fmt.Errorf(`wrong private key size`)
+		}
 		ret := ed25519.NewKeyFromSeed(dbuf)
 		//nolint:forcetypeassert
 		if !bytes.Equal(xbuf, ret.Public().(ed25519.PublicKey)) {
@@ -181,3 +187,41 @@ func (k okpPrivateKey) Thumbprint(hash crypto.Hash) ([]byte, error) {
 		base64.EncodeToString(k.x),
 	), nil
 }
+
+func validateOKPKey(key interface {
+	Crv() jwa.EllipticCurveAlgorithm
+	X() []byte
+}) error {
+	if key.Crv() == jwa.InvalidEllipticCurve {
+		return fmt.Errorf(`invalid curve algorithm`)
+	}
+
+	if len(key.X()) == 0 {
+		return fmt.Errorf(`missing "x" field`)
+	}
+
+	if priv, ok := key.(interface{ D() []byte }); ok {
+		if len(priv.D()) == 0 {
+			return fmt.Errorf(`missing "d" field`)
+		}
+	}
+	return nil
+}
+
+func (k *okpPublicKey) Validate() error {
+	k.mu.RLock()
+	defer k.mu.RUnlock()
+	if err := validateOKPKey(k); err != nil {
+		return NewKeyValidationError(fmt.Errorf(`jwk.OKPPublicKey: %w`, err))
+	}
+	return nil
+}
+
+func (k *okpPrivateKey) Validate() error {
+	k.mu.RLock()
+	defer k.mu.RUnlock()
+	if err := validateOKPKey(k); err != nil {
+		return NewKeyValidationError(fmt.Errorf(`jwk.OKPPrivateKey: %w`, err))
+	}
+	return nil
+}
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jwk/okp_gen.go b/vendor/github.com/lestrrat-go/jwx/v2/jwk/okp_gen.go
index 832dc912d9..72cdf57a12 100644
--- a/vendor/github.com/lestrrat-go/jwx/v2/jwk/okp_gen.go
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jwk/okp_gen.go
@@ -61,6 +61,10 @@ func (h okpPublicKey) KeyType() jwa.KeyType {
 	return jwa.OKP
 }
 
+func (h okpPublicKey) IsPrivate() bool {
+	return false
+}
+
 func (h *okpPublicKey) Algorithm() jwa.KeyAlgorithm {
 	if h.algorithm != nil {
 		return *(h.algorithm)
@@ -595,6 +599,10 @@ func (h okpPrivateKey) KeyType() jwa.KeyType {
 	return jwa.OKP
 }
 
+func (h okpPrivateKey) IsPrivate() bool {
+	return true
+}
+
 func (h *okpPrivateKey) Algorithm() jwa.KeyAlgorithm {
 	if h.algorithm != nil {
 		return *(h.algorithm)
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jwk/options.yaml b/vendor/github.com/lestrrat-go/jwx/v2/jwk/options.yaml
index 3f7b6e2a16..6dfbded424 100644
--- a/vendor/github.com/lestrrat-go/jwx/v2/jwk/options.yaml
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jwk/options.yaml
@@ -4,7 +4,7 @@ interfaces:
   - name: CacheOption
     comment: |
       CacheOption is a type of Option that can be passed to the
-      `jwk.Cache` object.
+      the `jwk.NewCache()` function.
   - name: AssignKeyIDOption
   - name: FetchOption
     methods:
@@ -13,8 +13,8 @@ interfaces:
       - registerOption
     comment: |
       FetchOption is a type of Option that can be passed to `jwk.Fetch()`
-      FetchOption also implements the `CacheOption`, and thus can
-      safely be passed to `(*jwk.Cache).Configure()`
+      FetchOption also implements the `RegisterOption`, and thus can
+      safely be passed to `(*jwk.Cache).Register()`
   - name: ParseOption
     methods:
       - fetchOption
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jwk/options_gen.go b/vendor/github.com/lestrrat-go/jwx/v2/jwk/options_gen.go
index 644b247114..2aac86fc63 100644
--- a/vendor/github.com/lestrrat-go/jwx/v2/jwk/options_gen.go
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jwk/options_gen.go
@@ -25,7 +25,7 @@ type assignKeyIDOption struct {
 func (*assignKeyIDOption) assignKeyIDOption() {}
 
 // CacheOption is a type of Option that can be passed to the
-// `jwk.Cache` object.
+// the `jwk.NewCache()` function.
 type CacheOption interface {
 	Option
 	cacheOption()
@@ -38,8 +38,8 @@ type cacheOption struct {
 func (*cacheOption) cacheOption() {}
 
 // FetchOption is a type of Option that can be passed to `jwk.Fetch()`
-// FetchOption also implements the `CacheOption`, and thus can
-// safely be passed to `(*jwk.Cache).Configure()`
+// FetchOption also implements the `RegisterOption`, and thus can
+// safely be passed to `(*jwk.Cache).Register()`
 type FetchOption interface {
 	Option
 	fetchOption()
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jwk/rsa.go b/vendor/github.com/lestrrat-go/jwx/v2/jwk/rsa.go
index 5de6b6358e..89c1a534e1 100644
--- a/vendor/github.com/lestrrat-go/jwx/v2/jwk/rsa.go
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jwk/rsa.go
@@ -241,3 +241,43 @@ func rsaThumbprint(hash crypto.Hash, key *rsa.PublicKey) ([]byte, error) {
 	}
 	return h.Sum(nil), nil
 }
+
+func validateRSAKey(key interface {
+	N() []byte
+	E() []byte
+}, checkPrivate bool) error {
+	if len(key.N()) == 0 {
+		// Ideally we would like to check for the actual length, but unlike
+		// EC keys, we have nothing in the key itself that will tell us
+		// how many bits this key should have.
+		return fmt.Errorf(`missing "n" value`)
+	}
+	if len(key.E()) == 0 {
+		return fmt.Errorf(`missing "e" value`)
+	}
+	if checkPrivate {
+		if priv, ok := key.(interface{ D() []byte }); ok {
+			if len(priv.D()) == 0 {
+				return fmt.Errorf(`missing "d" value`)
+			}
+		} else {
+			return fmt.Errorf(`missing "d" value`)
+		}
+	}
+
+	return nil
+}
+
+func (k *rsaPrivateKey) Validate() error {
+	if err := validateRSAKey(k, true); err != nil {
+		return NewKeyValidationError(fmt.Errorf(`jwk.RSAPrivateKey: %w`, err))
+	}
+	return nil
+}
+
+func (k *rsaPublicKey) Validate() error {
+	if err := validateRSAKey(k, false); err != nil {
+		return NewKeyValidationError(fmt.Errorf(`jwk.RSAPublicKey: %w`, err))
+	}
+	return nil
+}
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jwk/rsa_gen.go b/vendor/github.com/lestrrat-go/jwx/v2/jwk/rsa_gen.go
index 659624297f..633b301039 100644
--- a/vendor/github.com/lestrrat-go/jwx/v2/jwk/rsa_gen.go
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jwk/rsa_gen.go
@@ -67,6 +67,10 @@ func (h rsaPublicKey) KeyType() jwa.KeyType {
 	return jwa.RSA
 }
 
+func (h rsaPublicKey) IsPrivate() bool {
+	return false
+}
+
 func (h *rsaPublicKey) Algorithm() jwa.KeyAlgorithm {
 	if h.algorithm != nil {
 		return *(h.algorithm)
@@ -606,6 +610,10 @@ func (h rsaPrivateKey) KeyType() jwa.KeyType {
 	return jwa.RSA
 }
 
+func (h rsaPrivateKey) IsPrivate() bool {
+	return true
+}
+
 func (h *rsaPrivateKey) Algorithm() jwa.KeyAlgorithm {
 	if h.algorithm != nil {
 		return *(h.algorithm)
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jwk/symmetric.go b/vendor/github.com/lestrrat-go/jwx/v2/jwk/symmetric.go
index d2498e3341..378f9c738e 100644
--- a/vendor/github.com/lestrrat-go/jwx/v2/jwk/symmetric.go
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jwk/symmetric.go
@@ -58,3 +58,10 @@ func (k *symmetricKey) PublicKey() (Key, error) {
 	}
 	return newKey, nil
 }
+
+func (k *symmetricKey) Validate() error {
+	if len(k.Octets()) == 0 {
+		return NewKeyValidationError(fmt.Errorf(`jwk.SymmetricKey: missing "k" field`))
+	}
+	return nil
+}
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jws/BUILD.bazel b/vendor/github.com/lestrrat-go/jwx/v2/jws/BUILD.bazel
index 859c183b36..00e8c13987 100644
--- a/vendor/github.com/lestrrat-go/jwx/v2/jws/BUILD.bazel
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jws/BUILD.bazel
@@ -24,6 +24,7 @@ go_library(
     deps = [
         "//cert",
         "//internal/base64",
+        "//internal/ecutil",
         "//internal/iter",
         "//internal/json",
         "//internal/keyconv",
@@ -50,6 +51,7 @@ go_test(
     deps = [
         "//cert",
         "//internal/base64",
+        "//internal/ecutil",
         "//internal/json",
         "//internal/jwxtest",
         "//jwa",
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jws/ecdsa.go b/vendor/github.com/lestrrat-go/jwx/v2/jws/ecdsa.go
index a2d644e438..8edf23ab07 100644
--- a/vendor/github.com/lestrrat-go/jwx/v2/jws/ecdsa.go
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jws/ecdsa.go
@@ -8,6 +8,7 @@ import (
 	"fmt"
 	"math/big"
 
+	"github.com/lestrrat-go/jwx/v2/internal/ecutil"
 	"github.com/lestrrat-go/jwx/v2/internal/keyconv"
 	"github.com/lestrrat-go/jwx/v2/internal/pool"
 	"github.com/lestrrat-go/jwx/v2/jwa"
@@ -64,6 +65,9 @@ func (es *ecdsaSigner) Sign(payload []byte, key interface{}) ([]byte, error) {
 
 	signer, ok := key.(crypto.Signer)
 	if ok {
+		if !isValidECDSAKey(key) {
+			return nil, fmt.Errorf(`cannot use key of type %T to generate ECDSA based signatures`, key)
+		}
 		switch key.(type) {
 		case ecdsa.PrivateKey, *ecdsa.PrivateKey:
 			// if it's a ecdsa.PrivateKey, it's more efficient to
@@ -133,6 +137,7 @@ func (es *ecdsaSigner) Sign(payload []byte, key interface{}) ([]byte, error) {
 	copy(sBytesPadded[keyBytes-len(sBytes):], sBytes)
 
 	out := append(rBytesPadded, sBytesPadded...)
+
 	return out, nil
 }
 
@@ -181,9 +186,13 @@ func (v *ecdsaVerifier) Verify(payload []byte, signature []byte, key interface{}
 	defer pool.ReleaseBigInt(r)
 	defer pool.ReleaseBigInt(s)
 
-	n := len(signature) / 2
-	r.SetBytes(signature[:n])
-	s.SetBytes(signature[n:])
+	keySize := ecutil.CalculateKeySize(pubkey.Curve)
+	if len(signature) != keySize*2 {
+		return fmt.Errorf(`invalid signature length for curve %q`, pubkey.Curve.Params().Name)
+	}
+
+	r.SetBytes(signature[:keySize])
+	s.SetBytes(signature[keySize:])
 
 	h := v.hash.New()
 	if _, err := h.Write(payload); err != nil {
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jws/eddsa.go b/vendor/github.com/lestrrat-go/jwx/v2/jws/eddsa.go
index 78c1a2d68d..643698701d 100644
--- a/vendor/github.com/lestrrat-go/jwx/v2/jws/eddsa.go
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jws/eddsa.go
@@ -28,7 +28,11 @@ func (s eddsaSigner) Sign(payload []byte, key interface{}) ([]byte, error) {
 	// The ed25519.PrivateKey object implements crypto.Signer, so we should
 	// simply accept a crypto.Signer here.
 	signer, ok := key.(crypto.Signer)
-	if !ok {
+	if ok {
+		if !isValidEDDSAKey(key) {
+			return nil, fmt.Errorf(`cannot use key of type %T to generate EdDSA based signatures`, key)
+		}
+	} else {
 		// This fallback exists for cases when jwk.Key was passed, or
 		// users gave us a pointer instead of non-pointer, etc.
 		var privkey ed25519.PrivateKey
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jws/headers.go b/vendor/github.com/lestrrat-go/jwx/v2/jws/headers.go
index dce72895e8..36251259ea 100644
--- a/vendor/github.com/lestrrat-go/jwx/v2/jws/headers.go
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jws/headers.go
@@ -34,7 +34,7 @@ func (h *stdHeaders) AsMap(ctx context.Context) (map[string]interface{}, error)
 	return iter.AsMap(ctx, h)
 }
 
-func (h *stdHeaders) Copy(ctx context.Context, dst Headers) error {
+func (h *stdHeaders) Copy(_ context.Context, dst Headers) error {
 	for _, pair := range h.makePairs() {
 		//nolint:forcetypeassert
 		key := pair.Key.(string)
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jws/jws.go b/vendor/github.com/lestrrat-go/jwx/v2/jws/jws.go
index 09100ec17d..a348c6186d 100644
--- a/vendor/github.com/lestrrat-go/jwx/v2/jws/jws.go
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jws/jws.go
@@ -28,6 +28,7 @@ import (
 	"crypto/ecdsa"
 	"crypto/ed25519"
 	"crypto/rsa"
+	"errors"
 	"fmt"
 	"io"
 	"reflect"
@@ -107,6 +108,18 @@ const (
 var _ = fmtInvalid
 var _ = fmtMax
 
+func validateKeyBeforeUse(key interface{}) error {
+	jwkKey, ok := key.(jwk.Key)
+	if !ok {
+		converted, err := jwk.FromRaw(key)
+		if err != nil {
+			return fmt.Errorf(`could not convert key of type %T to jwk.Key for validation: %w`, key, err)
+		}
+		jwkKey = converted
+	}
+	return jwkKey.Validate()
+}
+
 // Sign generates a JWS message for the given payload and returns
 // it in serialized form, which can be in either compact or
 // JSON format. Default is compact.
@@ -149,6 +162,7 @@ func Sign(payload []byte, options ...SignOption) ([]byte, error) {
 	var signers []*payloadSigner
 	var detached bool
 	var noneSignature *payloadSigner
+	var validateKey bool
 	for _, option := range options {
 		//nolint:forcetypeassert
 		switch option.Ident() {
@@ -185,6 +199,8 @@ func Sign(payload []byte, options ...SignOption) ([]byte, error) {
 				return nil, fmt.Errorf(`jws.Sign: payload must be nil when jws.WithDetachedPayload() is specified`)
 			}
 			payload = option.Value().([]byte)
+		case identValidateKey{}:
+			validateKey = option.Value().(bool)
 		}
 	}
 
@@ -239,6 +255,12 @@ func Sign(payload []byte, options ...SignOption) ([]byte, error) {
 			// cheat. FIXXXXXXMEEEEEE
 			detached: detached,
 		}
+
+		if validateKey {
+			if err := validateKeyBeforeUse(signer.key); err != nil {
+				return nil, fmt.Errorf(`jws.Verify: %w`, err)
+			}
+		}
 		_, _, err := sig.Sign(payload, signer.signer, signer.key)
 		if err != nil {
 			return nil, fmt.Errorf(`failed to generate signature for signer #%d (alg=%s): %w`, i, signer.Algorithm(), err)
@@ -290,6 +312,7 @@ func Verify(buf []byte, options ...VerifyOption) ([]byte, error) {
 	var detachedPayload []byte
 	var keyProviders []KeyProvider
 	var keyUsed interface{}
+	var validateKey bool
 
 	ctx := context.Background()
 
@@ -316,6 +339,8 @@ func Verify(buf []byte, options ...VerifyOption) ([]byte, error) {
 			keyUsed = option.Value()
 		case identContext{}:
 			ctx = option.Value().(context.Context)
+		case identValidateKey{}:
+			validateKey = option.Value().(bool)
 		default:
 			return nil, fmt.Errorf(`invalid jws.VerifyOption %q passed`, `With`+strings.TrimPrefix(fmt.Sprintf(`%T`, option.Ident()), `jws.ident`))
 		}
@@ -350,6 +375,7 @@ func Verify(buf []byte, options ...VerifyOption) ([]byte, error) {
 	verifyBuf := pool.GetBytesBuffer()
 	defer pool.ReleaseBytesBuffer(verifyBuf)
 
+	var errs []error
 	for i, sig := range msg.signatures {
 		verifyBuf.Reset()
 
@@ -386,12 +412,19 @@ func Verify(buf []byte, options ...VerifyOption) ([]byte, error) {
 				//nolint:forcetypeassert
 				alg := pair.alg.(jwa.SignatureAlgorithm)
 				key := pair.key
+
+				if validateKey {
+					if err := validateKeyBeforeUse(key); err != nil {
+						return nil, fmt.Errorf(`jws.Verify: %w`, err)
+					}
+				}
 				verifier, err := NewVerifier(alg)
 				if err != nil {
 					return nil, fmt.Errorf(`failed to create verifier for algorithm %q: %w`, alg, err)
 				}
 
 				if err := verifier.Verify(verifyBuf.Bytes(), sig.signature, key); err != nil {
+					errs = append(errs, err)
 					continue
 				}
 
@@ -409,7 +442,33 @@ func Verify(buf []byte, options ...VerifyOption) ([]byte, error) {
 			}
 		}
 	}
-	return nil, fmt.Errorf(`could not verify message using any of the signatures or keys`)
+	return nil, &verifyError{errs: errs}
+}
+
+type verifyError struct {
+	// Note: when/if we can ditch Go < 1.20, we can change this to a simple
+	// `err error`, where the value is the result of `errors.Join()`
+	//
+	// We also need to implement Unwrap:
+	// func (e *verifyError) Unwrap() error {
+	//	return e.err
+	//}
+	//
+	// And finally, As() can go away
+	errs []error
+}
+
+func (e *verifyError) Error() string {
+	return `could not verify message using any of the signatures or keys`
+}
+
+func (e *verifyError) As(target interface{}) bool {
+	for _, err := range e.errs {
+		if errors.As(err, target) {
+			return true
+		}
+	}
+	return false
 }
 
 // get the value of b64 header field.
@@ -747,3 +806,51 @@ func AlgorithmsForKey(key interface{}) ([]jwa.SignatureAlgorithm, error) {
 	}
 	return algs, nil
 }
+
+// Because the keys defined in github.com/lestrrat-go/jwx/jwk may also implement
+// crypto.Signer, it would be possible for to mix up key types when signing/verifying
+// for example, when we specify jws.WithKey(jwa.RSA256, cryptoSigner), the cryptoSigner
+// can be for RSA, or any other type that implements crypto.Signer... even if it's for the
+// wrong algorithm.
+//
+// These functions are there to differentiate between the valid KNOWN key types.
+// For any other key type that is outside of the Go std library and our own code,
+// we must rely on the user to be vigilant.
+//
+// Notes: symmetric keys are obviously not part of this. for v2 OKP keys,
+// x25519 does not implement Sign()
+func isValidRSAKey(key interface{}) bool {
+	switch key.(type) {
+	case
+		ecdsa.PrivateKey, *ecdsa.PrivateKey,
+		ed25519.PrivateKey,
+		jwk.ECDSAPrivateKey, jwk.OKPPrivateKey:
+		// these are NOT ok
+		return false
+	}
+	return true
+}
+
+func isValidECDSAKey(key interface{}) bool {
+	switch key.(type) {
+	case
+		ed25519.PrivateKey,
+		rsa.PrivateKey, *rsa.PrivateKey,
+		jwk.RSAPrivateKey, jwk.OKPPrivateKey:
+		// these are NOT ok
+		return false
+	}
+	return true
+}
+
+func isValidEDDSAKey(key interface{}) bool {
+	switch key.(type) {
+	case
+		ecdsa.PrivateKey, *ecdsa.PrivateKey,
+		rsa.PrivateKey, *rsa.PrivateKey,
+		jwk.RSAPrivateKey, jwk.ECDSAPrivateKey:
+		// these are NOT ok
+		return false
+	}
+	return true
+}
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jws/options.go b/vendor/github.com/lestrrat-go/jwx/v2/jws/options.go
index 9eb04e8371..e374a85d0c 100644
--- a/vendor/github.com/lestrrat-go/jwx/v2/jws/options.go
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jws/options.go
@@ -64,7 +64,7 @@ func (w *withKey) Protected(v Headers) Headers {
 // You will have to use a separate, more explicit option to allow the use of "none"
 // algorithm.
 //
-// The algorithm specified in the `alg` parameter must be able to support
+// The algorithm specified in the `alg` parameter MUST be able to support
 // the type of key you provided, otherwise an error is returned.
 //
 // Any of the followin is accepted for the `key` parameter:
@@ -72,6 +72,16 @@ func (w *withKey) Protected(v Headers) Headers {
 // * A crypto.Signer
 // * A jwk.Key
 //
+// Note that due to technical reasons, this library is NOT able to differentiate
+// between a valid/invalid key for given algorithm if the key implements crypto.Signer
+// and the key is from an external library. For example, while we can tell that it is
+// invalid to use `jwk.WithKey(jwa.RSA256, ecdsaPrivateKey)` because the key is
+// presumably from `crypto/ecdsa` or this library, if you use a KMS wrapper
+// that implements crypto.Signer that is outside of the go standard library or this
+// library, we will not be able to properly catch the misuse of such keys --
+// the output will happily generate an ECDSA signature even in the presence of
+// `jwa.RSA256`
+//
 // A `crypto.Signer` is used when the private part of a key is
 // kept in an inaccessible location, such as hardware.
 // `crypto.Signer` is currently supported for RSA, ECDSA, and EdDSA
@@ -89,7 +99,7 @@ func (w *withKey) Protected(v Headers) Headers {
 // is respected when serializing. That is, if you specify a header with
 // `{"b64": false}`, then the payload is not base64 encoded.
 //
-// These suboptions are ignored whe the `jws.WithKey()` option is used with `jws.Verify()`.
+// These suboptions are ignored when the `jws.WithKey()` option is used with `jws.Verify()`.
 func WithKey(alg jwa.KeyAlgorithm, key interface{}, options ...WithKeySuboption) SignVerifyOption {
 	// Implementation note: this option is shared between Sign() and
 	// Verify(). As such we don't create a KeyProvider here because
@@ -117,11 +127,23 @@ func WithKey(alg jwa.KeyAlgorithm, key interface{}, options ...WithKeySuboption)
 
 // WithKeySet specifies a JWKS (jwk.Set) to use for verification.
 //
-// By default both `alg` and `kid` fields in the JWS _and_ the
-// key must match for a key in the JWKS to be considered to be used.
+// Because a JWKS can contain multiple keys and this library cannot tell
+// which one of the keys should be used for verification, we by default
+// require that both `alg` and `kid` fields in the JWS _and_ the
+// key match before a key is considered to be used.
+//
+// There are ways to override this behavior, but they must be explicitly
+// specified by the caller.
+//
+// To work with keys/JWS messages not having a `kid` field, you may specify
+// the suboption `WithKeySetRequired` via `jws.WithKeySetSuboption(jws.WithKeySetRequireKid(false))`.
+// This will allow the library to proceed without having to match the `kid` field.
+//
+// However, it will still check if the `alg` fields in the JWS message and the key(s)
+// match. If you must work with JWS messages that do not have an `alg` field,
+// you will need to use `jws.WithKeySetSuboption(jws.WithInferAlgorithm(true))`.
 //
-// The behavior can be tweaked by using the `jws.WithKeySetSuboption`
-// suboption types.
+// See the documentation for `WithInferAlgorithm()` for more details.
 func WithKeySet(set jwk.Set, options ...WithKeySetSuboption) VerifyOption {
 	requireKid := true
 	var useDefault, inferAlgorithm, multipleKeysPerKeyID bool
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jws/options.yaml b/vendor/github.com/lestrrat-go/jwx/v2/jws/options.yaml
index 5e1b5b2adc..65b5352c16 100644
--- a/vendor/github.com/lestrrat-go/jwx/v2/jws/options.yaml
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jws/options.yaml
@@ -88,6 +88,27 @@ options:
       `jwk.Key` here unless you are 100% sure that all keys that you
       have provided are instances of `jwk.Key` (remember that the
       jwx API allows users to specify a raw key such as *rsa.PublicKey)
+  - ident: ValidateKey
+    interface: SignVerifyOption
+    argument_type: bool
+    comment: |
+      WithValidateKey specifies whether the key used for signing or verification
+      should be validated before using. Note that this means calling
+      `key.Validate()` on the key, which in turn means that your key
+      must be a `jwk.Key` instance, or a key that can be converted to
+      a `jwk.Key` by calling `jwk.FromRaw()`. This means that your
+      custom hardware-backed keys will probably not work.
+
+      You can directly call `key.Validate()` yourself if you need to
+      mix keys that cannot be converted to `jwk.Key`.
+
+      Please also note that use of this option will also result in
+      one extra conversion of raw keys to a `jwk.Key` instance. If you
+      care about shaving off as much as possible, consider using a
+      pre-validated key instead of using this option to validate
+      the key on-demand each time.
+
+      By default, the key is not validated.
   - ident: InferAlgorithmFromKey
     interface: WithKeySetSuboption
     argument_type: bool
@@ -95,9 +116,14 @@ options:
       WithInferAlgorithmFromKey specifies whether the JWS signing algorithm name
       should be inferred by looking at the provided key, in case the JWS
       message or the key does not have a proper `alg` header.
-      
+
+      When this option is set to true, a list of algorithm(s) that is compatible
+      with the key type will be enumerated, and _ALL_ of them will be tried
+      against the key/message pair. If any of them succeeds, the verification
+      will be considered successful.
+
       Compared to providing explicit `alg` from the key this is slower, and 
-      verification may fail to verify if some how our heuristics are wrong
+      verification may fail to verify if somehow our heuristics are wrong
       or outdated.
       
       Also, automatic detection of signature verification methods are always
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jws/options_gen.go b/vendor/github.com/lestrrat-go/jwx/v2/jws/options_gen.go
index 3a7df7e4e5..ca834e1037 100644
--- a/vendor/github.com/lestrrat-go/jwx/v2/jws/options_gen.go
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jws/options_gen.go
@@ -139,6 +139,7 @@ type identPublicHeaders struct{}
 type identRequireKid struct{}
 type identSerialization struct{}
 type identUseDefault struct{}
+type identValidateKey struct{}
 
 func (identContext) String() string {
 	return "WithContext"
@@ -204,6 +205,10 @@ func (identUseDefault) String() string {
 	return "WithUseDefault"
 }
 
+func (identValidateKey) String() string {
+	return "WithValidateKey"
+}
+
 func WithContext(v context.Context) VerifyOption {
 	return &verifyOption{option.New(identContext{}, v)}
 }
@@ -235,8 +240,13 @@ func WithFS(v fs.FS) ReadFileOption {
 // should be inferred by looking at the provided key, in case the JWS
 // message or the key does not have a proper `alg` header.
 //
+// When this option is set to true, a list of algorithm(s) that is compatible
+// with the key type will be enumerated, and _ALL_ of them will be tried
+// against the key/message pair. If any of them succeeds, the verification
+// will be considered successful.
+//
 // Compared to providing explicit `alg` from the key this is slower, and
-// verification may fail to verify if some how our heuristics are wrong
+// verification may fail to verify if somehow our heuristics are wrong
 // or outdated.
 //
 // Also, automatic detection of signature verification methods are always
@@ -329,3 +339,24 @@ func WithCompact() SignOption {
 func WithUseDefault(v bool) WithKeySetSuboption {
 	return &withKeySetSuboption{option.New(identUseDefault{}, v)}
 }
+
+// WithValidateKey specifies whether the key used for signing or verification
+// should be validated before using. Note that this means calling
+// `key.Validate()` on the key, which in turn means that your key
+// must be a `jwk.Key` instance, or a key that can be converted to
+// a `jwk.Key` by calling `jwk.FromRaw()`. This means that your
+// custom hardware-backed keys will probably not work.
+//
+// You can directly call `key.Validate()` yourself if you need to
+// mix keys that cannot be converted to `jwk.Key`.
+//
+// Please also note that use of this option will also result in
+// one extra conversion of raw keys to a `jwk.Key` instance. If you
+// care about shaving off as much as possible, consider using a
+// pre-validated key instead of using this option to validate
+// the key on-demand each time.
+//
+// By default, the key is not validated.
+func WithValidateKey(v bool) SignVerifyOption {
+	return &signVerifyOption{option.New(identValidateKey{}, v)}
+}
diff --git a/vendor/github.com/lestrrat-go/jwx/v2/jws/rsa.go b/vendor/github.com/lestrrat-go/jwx/v2/jws/rsa.go
index e239330a23..35c450184a 100644
--- a/vendor/github.com/lestrrat-go/jwx/v2/jws/rsa.go
+++ b/vendor/github.com/lestrrat-go/jwx/v2/jws/rsa.go
@@ -77,7 +77,11 @@ func (rs *rsaSigner) Sign(payload []byte, key interface{}) ([]byte, error) {
 	}
 
 	signer, ok := key.(crypto.Signer)
-	if !ok {
+	if ok {
+		if !isValidRSAKey(key) {
+			return nil, fmt.Errorf(`cannot use key of type %T to generate RSA based signatures`, key)
+		}
+	} else {
 		var privkey rsa.PrivateKey
 		if err := keyconv.RSAPrivateKey(&privkey, key); err != nil {
 			return nil, fmt.Errorf(`failed to retrieve rsa.PrivateKey out of %T: %w`, key, err)
diff --git a/vendor/github.com/letsencrypt/boulder/core/challenges.go b/vendor/github.com/letsencrypt/boulder/core/challenges.go
index 4b4a67c486..1d7e2408d5 100644
--- a/vendor/github.com/letsencrypt/boulder/core/challenges.go
+++ b/vendor/github.com/letsencrypt/boulder/core/challenges.go
@@ -1,5 +1,7 @@
 package core
 
+import "fmt"
+
 func newChallenge(challengeType AcmeChallenge, token string) Challenge {
 	return Challenge{
 		Type:   challengeType,
@@ -25,3 +27,19 @@ func DNSChallenge01(token string) Challenge {
 func TLSALPNChallenge01(token string) Challenge {
 	return newChallenge(ChallengeTypeTLSALPN01, token)
 }
+
+// NewChallenge constructs a random challenge of the given kind. It returns an
+// error if the challenge type is unrecognized. If token is empty a random token
+// will be generated, otherwise the provided token is used.
+func NewChallenge(kind AcmeChallenge, token string) (Challenge, error) {
+	switch kind {
+	case ChallengeTypeHTTP01:
+		return HTTPChallenge01(token), nil
+	case ChallengeTypeDNS01:
+		return DNSChallenge01(token), nil
+	case ChallengeTypeTLSALPN01:
+		return TLSALPNChallenge01(token), nil
+	default:
+		return Challenge{}, fmt.Errorf("unrecognized challenge type %q", kind)
+	}
+}
diff --git a/vendor/github.com/letsencrypt/boulder/core/interfaces.go b/vendor/github.com/letsencrypt/boulder/core/interfaces.go
index 6846bf8880..003329c3f5 100644
--- a/vendor/github.com/letsencrypt/boulder/core/interfaces.go
+++ b/vendor/github.com/letsencrypt/boulder/core/interfaces.go
@@ -7,7 +7,8 @@ import (
 // PolicyAuthority defines the public interface for the Boulder PA
 // TODO(#5891): Move this interface to a more appropriate location.
 type PolicyAuthority interface {
-	WillingToIssueWildcards(identifiers []identifier.ACMEIdentifier) error
-	ChallengesFor(domain identifier.ACMEIdentifier) ([]Challenge, error)
-	ChallengeTypeEnabled(t AcmeChallenge) bool
+	WillingToIssueWildcards([]identifier.ACMEIdentifier) error
+	ChallengesFor(identifier.ACMEIdentifier) ([]Challenge, error)
+	ChallengeTypeEnabled(AcmeChallenge) bool
+	CheckAuthz(*Authorization) error
 }
diff --git a/vendor/github.com/letsencrypt/boulder/core/objects.go b/vendor/github.com/letsencrypt/boulder/core/objects.go
index 47ba4b70c1..b52f0f5e0a 100644
--- a/vendor/github.com/letsencrypt/boulder/core/objects.go
+++ b/vendor/github.com/letsencrypt/boulder/core/objects.go
@@ -2,7 +2,6 @@ package core
 
 import (
 	"crypto"
-	"crypto/x509"
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
@@ -12,7 +11,7 @@ import (
 	"time"
 
 	"golang.org/x/crypto/ocsp"
-	"gopkg.in/square/go-jose.v2"
+	"gopkg.in/go-jose/go-jose.v2"
 
 	"github.com/letsencrypt/boulder/identifier"
 	"github.com/letsencrypt/boulder/probs"
@@ -53,7 +52,6 @@ const (
 type AcmeChallenge string
 
 // These types are the available challenges
-// TODO(#5009): Make this a custom type as well.
 const (
 	ChallengeTypeHTTP01    = AcmeChallenge("http-01")
 	ChallengeTypeDNS01     = AcmeChallenge("dns-01")
@@ -77,54 +75,25 @@ type OCSPStatus string
 const (
 	OCSPStatusGood    = OCSPStatus("good")
 	OCSPStatusRevoked = OCSPStatus("revoked")
+	// Not a real OCSP status. This is a placeholder we write before the
+	// actual precertificate is issued, to ensure we never return "good" before
+	// issuance succeeds, for BR compliance reasons.
+	OCSPStatusNotReady = OCSPStatus("wait")
 )
 
 var OCSPStatusToInt = map[OCSPStatus]int{
-	OCSPStatusGood:    ocsp.Good,
-	OCSPStatusRevoked: ocsp.Revoked,
+	OCSPStatusGood:     ocsp.Good,
+	OCSPStatusRevoked:  ocsp.Revoked,
+	OCSPStatusNotReady: -1,
 }
 
 // DNSPrefix is attached to DNS names in DNS challenges
 const DNSPrefix = "_acme-challenge"
 
-// CertificateRequest is just a CSR
-//
-// This data is unmarshalled from JSON by way of RawCertificateRequest, which
-// represents the actual structure received from the client.
-type CertificateRequest struct {
-	CSR   *x509.CertificateRequest // The CSR
-	Bytes []byte                   // The original bytes of the CSR, for logging.
-}
-
 type RawCertificateRequest struct {
 	CSR JSONBuffer `json:"csr"` // The encoded CSR
 }
 
-// UnmarshalJSON provides an implementation for decoding CertificateRequest objects.
-func (cr *CertificateRequest) UnmarshalJSON(data []byte) error {
-	var raw RawCertificateRequest
-	err := json.Unmarshal(data, &raw)
-	if err != nil {
-		return err
-	}
-
-	csr, err := x509.ParseCertificateRequest(raw.CSR)
-	if err != nil {
-		return err
-	}
-
-	cr.CSR = csr
-	cr.Bytes = raw.CSR
-	return nil
-}
-
-// MarshalJSON provides an implementation for encoding CertificateRequest objects.
-func (cr CertificateRequest) MarshalJSON() ([]byte, error) {
-	return json.Marshal(RawCertificateRequest{
-		CSR: cr.CSR.Raw,
-	})
-}
-
 // Registration objects represent non-public metadata attached
 // to account keys.
 type Registration struct {
@@ -156,7 +125,7 @@ type ValidationRecord struct {
 	URL string `json:"url,omitempty"`
 
 	// Shared
-	Hostname          string   `json:"hostname"`
+	Hostname          string   `json:"hostname,omitempty"`
 	Port              string   `json:"port,omitempty"`
 	AddressesResolved []net.IP `json:"addressesResolved,omitempty"`
 	AddressUsed       net.IP   `json:"addressUsed,omitempty"`
@@ -373,14 +342,18 @@ type Authorization struct {
 	// slice and the order of these challenges may not be predictable.
 	Challenges []Challenge `json:"challenges,omitempty" db:"-"`
 
-	// This field is deprecated. It's filled in by WFE for the ACMEv1 API.
-	Combinations [][]int `json:"combinations,omitempty" db:"combinations"`
-
-	// Wildcard is a Boulder-specific Authorization field that indicates the
-	// authorization was created as a result of an order containing a name with
-	// a `*.`wildcard prefix. This will help convey to users that an
-	// Authorization with the identifier `example.com` and one DNS-01 challenge
-	// corresponds to a name `*.example.com` from an associated order.
+	// https://datatracker.ietf.org/doc/html/rfc8555#page-29
+	//
+	// wildcard (optional, boolean):  This field MUST be present and true
+	//   for authorizations created as a result of a newOrder request
+	//   containing a DNS identifier with a value that was a wildcard
+	//   domain name.  For other authorizations, it MUST be absent.
+	//   Wildcard domain names are described in Section 7.1.3.
+	//
+	// This is not represented in the database because we calculate it from
+	// the identifier stored in the database. Unlike the identifier returned
+	// as part of the authorization, the identifier we store in the database
+	// can contain an asterisk.
 	Wildcard bool `json:"wildcard,omitempty" db:"-"`
 }
 
@@ -399,38 +372,25 @@ func (authz *Authorization) FindChallengeByStringID(id string) int {
 // SolvedBy will look through the Authorizations challenges, returning the type
 // of the *first* challenge it finds with Status: valid, or an error if no
 // challenge is valid.
-func (authz *Authorization) SolvedBy() (*AcmeChallenge, error) {
+func (authz *Authorization) SolvedBy() (AcmeChallenge, error) {
 	if len(authz.Challenges) == 0 {
-		return nil, fmt.Errorf("Authorization has no challenges")
+		return "", fmt.Errorf("Authorization has no challenges")
 	}
 	for _, chal := range authz.Challenges {
 		if chal.Status == StatusValid {
-			return &chal.Type, nil
+			return chal.Type, nil
 		}
 	}
-	return nil, fmt.Errorf("Authorization not solved by any challenge")
+	return "", fmt.Errorf("Authorization not solved by any challenge")
 }
 
 // JSONBuffer fields get encoded and decoded JOSE-style, in base64url encoding
 // with stripped padding.
 type JSONBuffer []byte
 
-// URL-safe base64 encode that strips padding
-func base64URLEncode(data []byte) string {
-	var result = base64.URLEncoding.EncodeToString(data)
-	return strings.TrimRight(result, "=")
-}
-
-// URL-safe base64 decoder that adds padding
-func base64URLDecode(data string) ([]byte, error) {
-	var missing = (4 - len(data)%4) % 4
-	data += strings.Repeat("=", missing)
-	return base64.URLEncoding.DecodeString(data)
-}
-
 // MarshalJSON encodes a JSONBuffer for transmission.
 func (jb JSONBuffer) MarshalJSON() (result []byte, err error) {
-	return json.Marshal(base64URLEncode(jb))
+	return json.Marshal(base64.RawURLEncoding.EncodeToString(jb))
 }
 
 // UnmarshalJSON decodes a JSONBuffer to an object.
@@ -440,7 +400,7 @@ func (jb *JSONBuffer) UnmarshalJSON(data []byte) (err error) {
 	if err != nil {
 		return err
 	}
-	*jb, err = base64URLDecode(str)
+	*jb, err = base64.RawURLEncoding.DecodeString(strings.TrimRight(str, "="))
 	return
 }
 
@@ -458,53 +418,46 @@ type Certificate struct {
 }
 
 // CertificateStatus structs are internal to the server. They represent the
-// latest data about the status of the certificate, required for OCSP updating
-// and for validating that the subscriber has accepted the certificate.
+// latest data about the status of the certificate, required for generating new
+// OCSP responses and determining if a certificate has been revoked.
 type CertificateStatus struct {
 	ID int64 `db:"id"`
 
 	Serial string `db:"serial"`
 
 	// status: 'good' or 'revoked'. Note that good, expired certificates remain
-	//   with status 'good' but don't necessarily get fresh OCSP responses.
+	// with status 'good' but don't necessarily get fresh OCSP responses.
 	Status OCSPStatus `db:"status"`
 
 	// ocspLastUpdated: The date and time of the last time we generated an OCSP
-	//   response. If we have never generated one, this has the zero value of
-	//   time.Time, i.e. Jan 1 1970.
+	// response. If we have never generated one, this has the zero value of
+	// time.Time, i.e. Jan 1 1970.
 	OCSPLastUpdated time.Time `db:"ocspLastUpdated"`
 
 	// revokedDate: If status is 'revoked', this is the date and time it was
-	//   revoked. Otherwise it has the zero value of time.Time, i.e. Jan 1 1970.
+	// revoked. Otherwise it has the zero value of time.Time, i.e. Jan 1 1970.
 	RevokedDate time.Time `db:"revokedDate"`
 
 	// revokedReason: If status is 'revoked', this is the reason code for the
-	//   revocation. Otherwise it is zero (which happens to be the reason
-	//   code for 'unspecified').
+	// revocation. Otherwise it is zero (which happens to be the reason
+	// code for 'unspecified').
 	RevokedReason revocation.Reason `db:"revokedReason"`
 
 	LastExpirationNagSent time.Time `db:"lastExpirationNagSent"`
 
-	// The encoded and signed OCSP response.
-	OCSPResponse []byte `db:"ocspResponse"`
-
-	// For performance reasons[0] we duplicate the `Expires` field of the
-	// `Certificates` object/table in `CertificateStatus` to avoid a costly `JOIN`
-	// later on just to retrieve this `Time` value. This helps both the OCSP
-	// updater and the expiration-mailer stay performant.
-	//
-	// Similarly, we add an explicit `IsExpired` boolean to `CertificateStatus`
-	// table that the OCSP updater so that the database can create a meaningful
-	// index on `(isExpired, ocspLastUpdated)` without a `JOIN` on `certificates`.
-	// For more detail see Boulder #1864[0].
-	//
-	// [0]: https://github.com/letsencrypt/boulder/issues/1864
+	// NotAfter and IsExpired are convenience columns which allow expensive
+	// queries to quickly filter out certificates that we don't need to care about
+	// anymore. These are particularly useful for the expiration mailer and CRL
+	// updater. See https://github.com/letsencrypt/boulder/issues/1864.
 	NotAfter  time.Time `db:"notAfter"`
 	IsExpired bool      `db:"isExpired"`
 
-	// TODO(#5152): Change this to an issuance.Issuer(Name)ID after it no longer
-	// has to support both IssuerNameIDs and IssuerIDs.
-	IssuerID int64
+	// Note: this is not an issuance.IssuerNameID because that would create an
+	// import cycle between core and issuance.
+	// Note2: This field used to be called `issuerID`. We keep the old name in
+	// the DB, but update the Go field name to be clear which type of ID this
+	// is.
+	IssuerNameID int64 `db:"issuerID"`
 }
 
 // FQDNSet contains the SHA256 hash of the lowercased, comma joined dNSNames
@@ -553,7 +506,7 @@ func RenewalInfoSimple(issued time.Time, expires time.Time) RenewalInfo {
 }
 
 // RenewalInfoImmediate constructs a `RenewalInfo` object with a suggested
-// window in the past. Per the draft-ietf-acme-ari-00 spec, clients should
+// window in the past. Per the draft-ietf-acme-ari-01 spec, clients should
 // attempt to renew immediately if the suggested window is in the past. The
 // passed `now` is assumed to be a timestamp representing the current moment in
 // time.
diff --git a/vendor/github.com/letsencrypt/boulder/core/proto/core.pb.go b/vendor/github.com/letsencrypt/boulder/core/proto/core.pb.go
deleted file mode 100644
index 02b3515bdc..0000000000
--- a/vendor/github.com/letsencrypt/boulder/core/proto/core.pb.go
+++ /dev/null
@@ -1,1182 +0,0 @@
-// Code generated by protoc-gen-go. DO NOT EDIT.
-// versions:
-// 	protoc-gen-go v1.28.0
-// 	protoc        v3.20.1
-// source: core.proto
-
-package proto
-
-import (
-	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
-	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
-	reflect "reflect"
-	sync "sync"
-)
-
-const (
-	// Verify that this generated code is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
-	// Verify that runtime/protoimpl is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
-)
-
-type Challenge struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Id                int64               `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"`
-	Type              string              `protobuf:"bytes,2,opt,name=type,proto3" json:"type,omitempty"`
-	Status            string              `protobuf:"bytes,6,opt,name=status,proto3" json:"status,omitempty"`
-	Uri               string              `protobuf:"bytes,9,opt,name=uri,proto3" json:"uri,omitempty"`
-	Token             string              `protobuf:"bytes,3,opt,name=token,proto3" json:"token,omitempty"`
-	KeyAuthorization  string              `protobuf:"bytes,5,opt,name=keyAuthorization,proto3" json:"keyAuthorization,omitempty"`
-	Validationrecords []*ValidationRecord `protobuf:"bytes,10,rep,name=validationrecords,proto3" json:"validationrecords,omitempty"`
-	Error             *ProblemDetails     `protobuf:"bytes,7,opt,name=error,proto3" json:"error,omitempty"`
-	Validated         int64               `protobuf:"varint,11,opt,name=validated,proto3" json:"validated,omitempty"`
-}
-
-func (x *Challenge) Reset() {
-	*x = Challenge{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_core_proto_msgTypes[0]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *Challenge) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*Challenge) ProtoMessage() {}
-
-func (x *Challenge) ProtoReflect() protoreflect.Message {
-	mi := &file_core_proto_msgTypes[0]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use Challenge.ProtoReflect.Descriptor instead.
-func (*Challenge) Descriptor() ([]byte, []int) {
-	return file_core_proto_rawDescGZIP(), []int{0}
-}
-
-func (x *Challenge) GetId() int64 {
-	if x != nil {
-		return x.Id
-	}
-	return 0
-}
-
-func (x *Challenge) GetType() string {
-	if x != nil {
-		return x.Type
-	}
-	return ""
-}
-
-func (x *Challenge) GetStatus() string {
-	if x != nil {
-		return x.Status
-	}
-	return ""
-}
-
-func (x *Challenge) GetUri() string {
-	if x != nil {
-		return x.Uri
-	}
-	return ""
-}
-
-func (x *Challenge) GetToken() string {
-	if x != nil {
-		return x.Token
-	}
-	return ""
-}
-
-func (x *Challenge) GetKeyAuthorization() string {
-	if x != nil {
-		return x.KeyAuthorization
-	}
-	return ""
-}
-
-func (x *Challenge) GetValidationrecords() []*ValidationRecord {
-	if x != nil {
-		return x.Validationrecords
-	}
-	return nil
-}
-
-func (x *Challenge) GetError() *ProblemDetails {
-	if x != nil {
-		return x.Error
-	}
-	return nil
-}
-
-func (x *Challenge) GetValidated() int64 {
-	if x != nil {
-		return x.Validated
-	}
-	return 0
-}
-
-type ValidationRecord struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Hostname          string   `protobuf:"bytes,1,opt,name=hostname,proto3" json:"hostname,omitempty"`
-	Port              string   `protobuf:"bytes,2,opt,name=port,proto3" json:"port,omitempty"`
-	AddressesResolved [][]byte `protobuf:"bytes,3,rep,name=addressesResolved,proto3" json:"addressesResolved,omitempty"` // net.IP.MarshalText()
-	AddressUsed       []byte   `protobuf:"bytes,4,opt,name=addressUsed,proto3" json:"addressUsed,omitempty"`             // net.IP.MarshalText()
-	Authorities       []string `protobuf:"bytes,5,rep,name=authorities,proto3" json:"authorities,omitempty"`
-	Url               string   `protobuf:"bytes,6,opt,name=url,proto3" json:"url,omitempty"`
-	// A list of addresses tried before the address used (see
-	// core/objects.go and the comment on the ValidationRecord structure
-	// definition for more information.
-	AddressesTried [][]byte `protobuf:"bytes,7,rep,name=addressesTried,proto3" json:"addressesTried,omitempty"` // net.IP.MarshalText()
-}
-
-func (x *ValidationRecord) Reset() {
-	*x = ValidationRecord{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_core_proto_msgTypes[1]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *ValidationRecord) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*ValidationRecord) ProtoMessage() {}
-
-func (x *ValidationRecord) ProtoReflect() protoreflect.Message {
-	mi := &file_core_proto_msgTypes[1]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use ValidationRecord.ProtoReflect.Descriptor instead.
-func (*ValidationRecord) Descriptor() ([]byte, []int) {
-	return file_core_proto_rawDescGZIP(), []int{1}
-}
-
-func (x *ValidationRecord) GetHostname() string {
-	if x != nil {
-		return x.Hostname
-	}
-	return ""
-}
-
-func (x *ValidationRecord) GetPort() string {
-	if x != nil {
-		return x.Port
-	}
-	return ""
-}
-
-func (x *ValidationRecord) GetAddressesResolved() [][]byte {
-	if x != nil {
-		return x.AddressesResolved
-	}
-	return nil
-}
-
-func (x *ValidationRecord) GetAddressUsed() []byte {
-	if x != nil {
-		return x.AddressUsed
-	}
-	return nil
-}
-
-func (x *ValidationRecord) GetAuthorities() []string {
-	if x != nil {
-		return x.Authorities
-	}
-	return nil
-}
-
-func (x *ValidationRecord) GetUrl() string {
-	if x != nil {
-		return x.Url
-	}
-	return ""
-}
-
-func (x *ValidationRecord) GetAddressesTried() [][]byte {
-	if x != nil {
-		return x.AddressesTried
-	}
-	return nil
-}
-
-type ProblemDetails struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	ProblemType string `protobuf:"bytes,1,opt,name=problemType,proto3" json:"problemType,omitempty"`
-	Detail      string `protobuf:"bytes,2,opt,name=detail,proto3" json:"detail,omitempty"`
-	HttpStatus  int32  `protobuf:"varint,3,opt,name=httpStatus,proto3" json:"httpStatus,omitempty"`
-}
-
-func (x *ProblemDetails) Reset() {
-	*x = ProblemDetails{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_core_proto_msgTypes[2]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *ProblemDetails) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*ProblemDetails) ProtoMessage() {}
-
-func (x *ProblemDetails) ProtoReflect() protoreflect.Message {
-	mi := &file_core_proto_msgTypes[2]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use ProblemDetails.ProtoReflect.Descriptor instead.
-func (*ProblemDetails) Descriptor() ([]byte, []int) {
-	return file_core_proto_rawDescGZIP(), []int{2}
-}
-
-func (x *ProblemDetails) GetProblemType() string {
-	if x != nil {
-		return x.ProblemType
-	}
-	return ""
-}
-
-func (x *ProblemDetails) GetDetail() string {
-	if x != nil {
-		return x.Detail
-	}
-	return ""
-}
-
-func (x *ProblemDetails) GetHttpStatus() int32 {
-	if x != nil {
-		return x.HttpStatus
-	}
-	return 0
-}
-
-type Certificate struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	RegistrationID int64  `protobuf:"varint,1,opt,name=registrationID,proto3" json:"registrationID,omitempty"`
-	Serial         string `protobuf:"bytes,2,opt,name=serial,proto3" json:"serial,omitempty"`
-	Digest         string `protobuf:"bytes,3,opt,name=digest,proto3" json:"digest,omitempty"`
-	Der            []byte `protobuf:"bytes,4,opt,name=der,proto3" json:"der,omitempty"`
-	Issued         int64  `protobuf:"varint,5,opt,name=issued,proto3" json:"issued,omitempty"`   // Unix timestamp (nanoseconds)
-	Expires        int64  `protobuf:"varint,6,opt,name=expires,proto3" json:"expires,omitempty"` // Unix timestamp (nanoseconds)
-}
-
-func (x *Certificate) Reset() {
-	*x = Certificate{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_core_proto_msgTypes[3]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *Certificate) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*Certificate) ProtoMessage() {}
-
-func (x *Certificate) ProtoReflect() protoreflect.Message {
-	mi := &file_core_proto_msgTypes[3]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use Certificate.ProtoReflect.Descriptor instead.
-func (*Certificate) Descriptor() ([]byte, []int) {
-	return file_core_proto_rawDescGZIP(), []int{3}
-}
-
-func (x *Certificate) GetRegistrationID() int64 {
-	if x != nil {
-		return x.RegistrationID
-	}
-	return 0
-}
-
-func (x *Certificate) GetSerial() string {
-	if x != nil {
-		return x.Serial
-	}
-	return ""
-}
-
-func (x *Certificate) GetDigest() string {
-	if x != nil {
-		return x.Digest
-	}
-	return ""
-}
-
-func (x *Certificate) GetDer() []byte {
-	if x != nil {
-		return x.Der
-	}
-	return nil
-}
-
-func (x *Certificate) GetIssued() int64 {
-	if x != nil {
-		return x.Issued
-	}
-	return 0
-}
-
-func (x *Certificate) GetExpires() int64 {
-	if x != nil {
-		return x.Expires
-	}
-	return 0
-}
-
-type CertificateStatus struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Serial                string `protobuf:"bytes,1,opt,name=serial,proto3" json:"serial,omitempty"`
-	Status                string `protobuf:"bytes,3,opt,name=status,proto3" json:"status,omitempty"`
-	OcspLastUpdated       int64  `protobuf:"varint,4,opt,name=ocspLastUpdated,proto3" json:"ocspLastUpdated,omitempty"`
-	RevokedDate           int64  `protobuf:"varint,5,opt,name=revokedDate,proto3" json:"revokedDate,omitempty"`
-	RevokedReason         int64  `protobuf:"varint,6,opt,name=revokedReason,proto3" json:"revokedReason,omitempty"`
-	LastExpirationNagSent int64  `protobuf:"varint,7,opt,name=lastExpirationNagSent,proto3" json:"lastExpirationNagSent,omitempty"`
-	OcspResponse          []byte `protobuf:"bytes,8,opt,name=ocspResponse,proto3" json:"ocspResponse,omitempty"`
-	NotAfter              int64  `protobuf:"varint,9,opt,name=notAfter,proto3" json:"notAfter,omitempty"`
-	IsExpired             bool   `protobuf:"varint,10,opt,name=isExpired,proto3" json:"isExpired,omitempty"`
-	IssuerID              int64  `protobuf:"varint,11,opt,name=issuerID,proto3" json:"issuerID,omitempty"`
-}
-
-func (x *CertificateStatus) Reset() {
-	*x = CertificateStatus{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_core_proto_msgTypes[4]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *CertificateStatus) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*CertificateStatus) ProtoMessage() {}
-
-func (x *CertificateStatus) ProtoReflect() protoreflect.Message {
-	mi := &file_core_proto_msgTypes[4]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use CertificateStatus.ProtoReflect.Descriptor instead.
-func (*CertificateStatus) Descriptor() ([]byte, []int) {
-	return file_core_proto_rawDescGZIP(), []int{4}
-}
-
-func (x *CertificateStatus) GetSerial() string {
-	if x != nil {
-		return x.Serial
-	}
-	return ""
-}
-
-func (x *CertificateStatus) GetStatus() string {
-	if x != nil {
-		return x.Status
-	}
-	return ""
-}
-
-func (x *CertificateStatus) GetOcspLastUpdated() int64 {
-	if x != nil {
-		return x.OcspLastUpdated
-	}
-	return 0
-}
-
-func (x *CertificateStatus) GetRevokedDate() int64 {
-	if x != nil {
-		return x.RevokedDate
-	}
-	return 0
-}
-
-func (x *CertificateStatus) GetRevokedReason() int64 {
-	if x != nil {
-		return x.RevokedReason
-	}
-	return 0
-}
-
-func (x *CertificateStatus) GetLastExpirationNagSent() int64 {
-	if x != nil {
-		return x.LastExpirationNagSent
-	}
-	return 0
-}
-
-func (x *CertificateStatus) GetOcspResponse() []byte {
-	if x != nil {
-		return x.OcspResponse
-	}
-	return nil
-}
-
-func (x *CertificateStatus) GetNotAfter() int64 {
-	if x != nil {
-		return x.NotAfter
-	}
-	return 0
-}
-
-func (x *CertificateStatus) GetIsExpired() bool {
-	if x != nil {
-		return x.IsExpired
-	}
-	return false
-}
-
-func (x *CertificateStatus) GetIssuerID() int64 {
-	if x != nil {
-		return x.IssuerID
-	}
-	return 0
-}
-
-type Registration struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Id              int64    `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"`
-	Key             []byte   `protobuf:"bytes,2,opt,name=key,proto3" json:"key,omitempty"`
-	Contact         []string `protobuf:"bytes,3,rep,name=contact,proto3" json:"contact,omitempty"`
-	ContactsPresent bool     `protobuf:"varint,4,opt,name=contactsPresent,proto3" json:"contactsPresent,omitempty"`
-	Agreement       string   `protobuf:"bytes,5,opt,name=agreement,proto3" json:"agreement,omitempty"`
-	InitialIP       []byte   `protobuf:"bytes,6,opt,name=initialIP,proto3" json:"initialIP,omitempty"`
-	CreatedAt       int64    `protobuf:"varint,7,opt,name=createdAt,proto3" json:"createdAt,omitempty"` // Unix timestamp (nanoseconds)
-	Status          string   `protobuf:"bytes,8,opt,name=status,proto3" json:"status,omitempty"`
-}
-
-func (x *Registration) Reset() {
-	*x = Registration{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_core_proto_msgTypes[5]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *Registration) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*Registration) ProtoMessage() {}
-
-func (x *Registration) ProtoReflect() protoreflect.Message {
-	mi := &file_core_proto_msgTypes[5]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use Registration.ProtoReflect.Descriptor instead.
-func (*Registration) Descriptor() ([]byte, []int) {
-	return file_core_proto_rawDescGZIP(), []int{5}
-}
-
-func (x *Registration) GetId() int64 {
-	if x != nil {
-		return x.Id
-	}
-	return 0
-}
-
-func (x *Registration) GetKey() []byte {
-	if x != nil {
-		return x.Key
-	}
-	return nil
-}
-
-func (x *Registration) GetContact() []string {
-	if x != nil {
-		return x.Contact
-	}
-	return nil
-}
-
-func (x *Registration) GetContactsPresent() bool {
-	if x != nil {
-		return x.ContactsPresent
-	}
-	return false
-}
-
-func (x *Registration) GetAgreement() string {
-	if x != nil {
-		return x.Agreement
-	}
-	return ""
-}
-
-func (x *Registration) GetInitialIP() []byte {
-	if x != nil {
-		return x.InitialIP
-	}
-	return nil
-}
-
-func (x *Registration) GetCreatedAt() int64 {
-	if x != nil {
-		return x.CreatedAt
-	}
-	return 0
-}
-
-func (x *Registration) GetStatus() string {
-	if x != nil {
-		return x.Status
-	}
-	return ""
-}
-
-type Authorization struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Id             string       `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
-	Identifier     string       `protobuf:"bytes,2,opt,name=identifier,proto3" json:"identifier,omitempty"`
-	RegistrationID int64        `protobuf:"varint,3,opt,name=registrationID,proto3" json:"registrationID,omitempty"`
-	Status         string       `protobuf:"bytes,4,opt,name=status,proto3" json:"status,omitempty"`
-	Expires        int64        `protobuf:"varint,5,opt,name=expires,proto3" json:"expires,omitempty"` // Unix timestamp (nanoseconds)
-	Challenges     []*Challenge `protobuf:"bytes,6,rep,name=challenges,proto3" json:"challenges,omitempty"`
-}
-
-func (x *Authorization) Reset() {
-	*x = Authorization{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_core_proto_msgTypes[6]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *Authorization) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*Authorization) ProtoMessage() {}
-
-func (x *Authorization) ProtoReflect() protoreflect.Message {
-	mi := &file_core_proto_msgTypes[6]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use Authorization.ProtoReflect.Descriptor instead.
-func (*Authorization) Descriptor() ([]byte, []int) {
-	return file_core_proto_rawDescGZIP(), []int{6}
-}
-
-func (x *Authorization) GetId() string {
-	if x != nil {
-		return x.Id
-	}
-	return ""
-}
-
-func (x *Authorization) GetIdentifier() string {
-	if x != nil {
-		return x.Identifier
-	}
-	return ""
-}
-
-func (x *Authorization) GetRegistrationID() int64 {
-	if x != nil {
-		return x.RegistrationID
-	}
-	return 0
-}
-
-func (x *Authorization) GetStatus() string {
-	if x != nil {
-		return x.Status
-	}
-	return ""
-}
-
-func (x *Authorization) GetExpires() int64 {
-	if x != nil {
-		return x.Expires
-	}
-	return 0
-}
-
-func (x *Authorization) GetChallenges() []*Challenge {
-	if x != nil {
-		return x.Challenges
-	}
-	return nil
-}
-
-type Order struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Id                int64           `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"`
-	RegistrationID    int64           `protobuf:"varint,2,opt,name=registrationID,proto3" json:"registrationID,omitempty"`
-	Expires           int64           `protobuf:"varint,3,opt,name=expires,proto3" json:"expires,omitempty"`
-	Error             *ProblemDetails `protobuf:"bytes,4,opt,name=error,proto3" json:"error,omitempty"`
-	CertificateSerial string          `protobuf:"bytes,5,opt,name=certificateSerial,proto3" json:"certificateSerial,omitempty"`
-	Status            string          `protobuf:"bytes,7,opt,name=status,proto3" json:"status,omitempty"`
-	Names             []string        `protobuf:"bytes,8,rep,name=names,proto3" json:"names,omitempty"`
-	BeganProcessing   bool            `protobuf:"varint,9,opt,name=beganProcessing,proto3" json:"beganProcessing,omitempty"`
-	Created           int64           `protobuf:"varint,10,opt,name=created,proto3" json:"created,omitempty"`
-	V2Authorizations  []int64         `protobuf:"varint,11,rep,packed,name=v2Authorizations,proto3" json:"v2Authorizations,omitempty"`
-}
-
-func (x *Order) Reset() {
-	*x = Order{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_core_proto_msgTypes[7]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *Order) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*Order) ProtoMessage() {}
-
-func (x *Order) ProtoReflect() protoreflect.Message {
-	mi := &file_core_proto_msgTypes[7]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use Order.ProtoReflect.Descriptor instead.
-func (*Order) Descriptor() ([]byte, []int) {
-	return file_core_proto_rawDescGZIP(), []int{7}
-}
-
-func (x *Order) GetId() int64 {
-	if x != nil {
-		return x.Id
-	}
-	return 0
-}
-
-func (x *Order) GetRegistrationID() int64 {
-	if x != nil {
-		return x.RegistrationID
-	}
-	return 0
-}
-
-func (x *Order) GetExpires() int64 {
-	if x != nil {
-		return x.Expires
-	}
-	return 0
-}
-
-func (x *Order) GetError() *ProblemDetails {
-	if x != nil {
-		return x.Error
-	}
-	return nil
-}
-
-func (x *Order) GetCertificateSerial() string {
-	if x != nil {
-		return x.CertificateSerial
-	}
-	return ""
-}
-
-func (x *Order) GetStatus() string {
-	if x != nil {
-		return x.Status
-	}
-	return ""
-}
-
-func (x *Order) GetNames() []string {
-	if x != nil {
-		return x.Names
-	}
-	return nil
-}
-
-func (x *Order) GetBeganProcessing() bool {
-	if x != nil {
-		return x.BeganProcessing
-	}
-	return false
-}
-
-func (x *Order) GetCreated() int64 {
-	if x != nil {
-		return x.Created
-	}
-	return 0
-}
-
-func (x *Order) GetV2Authorizations() []int64 {
-	if x != nil {
-		return x.V2Authorizations
-	}
-	return nil
-}
-
-type CRLEntry struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Serial    string `protobuf:"bytes,1,opt,name=serial,proto3" json:"serial,omitempty"`
-	Reason    int32  `protobuf:"varint,2,opt,name=reason,proto3" json:"reason,omitempty"`
-	RevokedAt int64  `protobuf:"varint,3,opt,name=revokedAt,proto3" json:"revokedAt,omitempty"` // Unix timestamp (nanoseconds)
-}
-
-func (x *CRLEntry) Reset() {
-	*x = CRLEntry{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_core_proto_msgTypes[8]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *CRLEntry) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*CRLEntry) ProtoMessage() {}
-
-func (x *CRLEntry) ProtoReflect() protoreflect.Message {
-	mi := &file_core_proto_msgTypes[8]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use CRLEntry.ProtoReflect.Descriptor instead.
-func (*CRLEntry) Descriptor() ([]byte, []int) {
-	return file_core_proto_rawDescGZIP(), []int{8}
-}
-
-func (x *CRLEntry) GetSerial() string {
-	if x != nil {
-		return x.Serial
-	}
-	return ""
-}
-
-func (x *CRLEntry) GetReason() int32 {
-	if x != nil {
-		return x.Reason
-	}
-	return 0
-}
-
-func (x *CRLEntry) GetRevokedAt() int64 {
-	if x != nil {
-		return x.RevokedAt
-	}
-	return 0
-}
-
-var File_core_proto protoreflect.FileDescriptor
-
-var file_core_proto_rawDesc = []byte{
-	0x0a, 0x0a, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x63, 0x6f,
-	0x72, 0x65, 0x22, 0xab, 0x02, 0x0a, 0x09, 0x43, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65,
-	0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x02, 0x69, 0x64,
-	0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04,
-	0x74, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x06,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x10, 0x0a, 0x03,
-	0x75, 0x72, 0x69, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x75, 0x72, 0x69, 0x12, 0x14,
-	0x0a, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x74,
-	0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x2a, 0x0a, 0x10, 0x6b, 0x65, 0x79, 0x41, 0x75, 0x74, 0x68, 0x6f,
-	0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x10,
-	0x6b, 0x65, 0x79, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-	0x12, 0x44, 0x0a, 0x11, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x72, 0x65,
-	0x63, 0x6f, 0x72, 0x64, 0x73, 0x18, 0x0a, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x63, 0x6f,
-	0x72, 0x65, 0x2e, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x63,
-	0x6f, 0x72, 0x64, 0x52, 0x11, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x72,
-	0x65, 0x63, 0x6f, 0x72, 0x64, 0x73, 0x12, 0x2a, 0x0a, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x18,
-	0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x50, 0x72, 0x6f,
-	0x62, 0x6c, 0x65, 0x6d, 0x44, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x52, 0x05, 0x65, 0x72, 0x72,
-	0x6f, 0x72, 0x12, 0x1c, 0x0a, 0x09, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x64, 0x18,
-	0x0b, 0x20, 0x01, 0x28, 0x03, 0x52, 0x09, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x64,
-	0x22, 0xee, 0x01, 0x0a, 0x10, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52,
-	0x65, 0x63, 0x6f, 0x72, 0x64, 0x12, 0x1a, 0x0a, 0x08, 0x68, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d,
-	0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x68, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d,
-	0x65, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x2c, 0x0a, 0x11, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73,
-	0x65, 0x73, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x64, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0c,
-	0x52, 0x11, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x52, 0x65, 0x73, 0x6f, 0x6c,
-	0x76, 0x65, 0x64, 0x12, 0x20, 0x0a, 0x0b, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x55, 0x73,
-	0x65, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0b, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73,
-	0x73, 0x55, 0x73, 0x65, 0x64, 0x12, 0x20, 0x0a, 0x0b, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69,
-	0x74, 0x69, 0x65, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0b, 0x61, 0x75, 0x74, 0x68,
-	0x6f, 0x72, 0x69, 0x74, 0x69, 0x65, 0x73, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x72, 0x6c, 0x18, 0x06,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x75, 0x72, 0x6c, 0x12, 0x26, 0x0a, 0x0e, 0x61, 0x64, 0x64,
-	0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x54, 0x72, 0x69, 0x65, 0x64, 0x18, 0x07, 0x20, 0x03, 0x28,
-	0x0c, 0x52, 0x0e, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x54, 0x72, 0x69, 0x65,
-	0x64, 0x22, 0x6a, 0x0a, 0x0e, 0x50, 0x72, 0x6f, 0x62, 0x6c, 0x65, 0x6d, 0x44, 0x65, 0x74, 0x61,
-	0x69, 0x6c, 0x73, 0x12, 0x20, 0x0a, 0x0b, 0x70, 0x72, 0x6f, 0x62, 0x6c, 0x65, 0x6d, 0x54, 0x79,
-	0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x70, 0x72, 0x6f, 0x62, 0x6c, 0x65,
-	0x6d, 0x54, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x18,
-	0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x12, 0x1e, 0x0a,
-	0x0a, 0x68, 0x74, 0x74, 0x70, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28,
-	0x05, 0x52, 0x0a, 0x68, 0x74, 0x74, 0x70, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x22, 0xa9, 0x01,
-	0x0a, 0x0b, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x26, 0x0a,
-	0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x18,
-	0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x49, 0x44, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x18,
-	0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x12, 0x16, 0x0a,
-	0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x64,
-	0x69, 0x67, 0x65, 0x73, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x64, 0x65, 0x72, 0x18, 0x04, 0x20, 0x01,
-	0x28, 0x0c, 0x52, 0x03, 0x64, 0x65, 0x72, 0x12, 0x16, 0x0a, 0x06, 0x69, 0x73, 0x73, 0x75, 0x65,
-	0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x03, 0x52, 0x06, 0x69, 0x73, 0x73, 0x75, 0x65, 0x64, 0x12,
-	0x18, 0x0a, 0x07, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x18, 0x06, 0x20, 0x01, 0x28, 0x03,
-	0x52, 0x07, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x22, 0xeb, 0x02, 0x0a, 0x11, 0x43, 0x65,
-	0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12,
-	0x16, 0x0a, 0x06, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x06, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75,
-	0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12,
-	0x28, 0x0a, 0x0f, 0x6f, 0x63, 0x73, 0x70, 0x4c, 0x61, 0x73, 0x74, 0x55, 0x70, 0x64, 0x61, 0x74,
-	0x65, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0f, 0x6f, 0x63, 0x73, 0x70, 0x4c, 0x61,
-	0x73, 0x74, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64, 0x12, 0x20, 0x0a, 0x0b, 0x72, 0x65, 0x76,
-	0x6f, 0x6b, 0x65, 0x64, 0x44, 0x61, 0x74, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0b,
-	0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x44, 0x61, 0x74, 0x65, 0x12, 0x24, 0x0a, 0x0d, 0x72,
-	0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x52, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x18, 0x06, 0x20, 0x01,
-	0x28, 0x03, 0x52, 0x0d, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x52, 0x65, 0x61, 0x73, 0x6f,
-	0x6e, 0x12, 0x34, 0x0a, 0x15, 0x6c, 0x61, 0x73, 0x74, 0x45, 0x78, 0x70, 0x69, 0x72, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x4e, 0x61, 0x67, 0x53, 0x65, 0x6e, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, 0x03,
-	0x52, 0x15, 0x6c, 0x61, 0x73, 0x74, 0x45, 0x78, 0x70, 0x69, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-	0x4e, 0x61, 0x67, 0x53, 0x65, 0x6e, 0x74, 0x12, 0x22, 0x0a, 0x0c, 0x6f, 0x63, 0x73, 0x70, 0x52,
-	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0c, 0x6f,
-	0x63, 0x73, 0x70, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x6e,
-	0x6f, 0x74, 0x41, 0x66, 0x74, 0x65, 0x72, 0x18, 0x09, 0x20, 0x01, 0x28, 0x03, 0x52, 0x08, 0x6e,
-	0x6f, 0x74, 0x41, 0x66, 0x74, 0x65, 0x72, 0x12, 0x1c, 0x0a, 0x09, 0x69, 0x73, 0x45, 0x78, 0x70,
-	0x69, 0x72, 0x65, 0x64, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x69, 0x73, 0x45, 0x78,
-	0x70, 0x69, 0x72, 0x65, 0x64, 0x12, 0x1a, 0x0a, 0x08, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x49,
-	0x44, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x03, 0x52, 0x08, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x49,
-	0x44, 0x4a, 0x04, 0x08, 0x02, 0x10, 0x03, 0x22, 0xe6, 0x01, 0x0a, 0x0c, 0x52, 0x65, 0x67, 0x69,
-	0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x03, 0x52, 0x02, 0x69, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18,
-	0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x18, 0x0a, 0x07, 0x63, 0x6f,
-	0x6e, 0x74, 0x61, 0x63, 0x74, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x63, 0x6f, 0x6e,
-	0x74, 0x61, 0x63, 0x74, 0x12, 0x28, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x63, 0x74, 0x73,
-	0x50, 0x72, 0x65, 0x73, 0x65, 0x6e, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0f, 0x63,
-	0x6f, 0x6e, 0x74, 0x61, 0x63, 0x74, 0x73, 0x50, 0x72, 0x65, 0x73, 0x65, 0x6e, 0x74, 0x12, 0x1c,
-	0x0a, 0x09, 0x61, 0x67, 0x72, 0x65, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x09, 0x61, 0x67, 0x72, 0x65, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x12, 0x1c, 0x0a, 0x09,
-	0x69, 0x6e, 0x69, 0x74, 0x69, 0x61, 0x6c, 0x49, 0x50, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0c, 0x52,
-	0x09, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x61, 0x6c, 0x49, 0x50, 0x12, 0x1c, 0x0a, 0x09, 0x63, 0x72,
-	0x65, 0x61, 0x74, 0x65, 0x64, 0x41, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, 0x03, 0x52, 0x09, 0x63,
-	0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x41, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74,
-	0x75, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73,
-	0x22, 0xd6, 0x01, 0x0a, 0x0d, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69,
-	0x6f, 0x6e, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02,
-	0x69, 0x64, 0x12, 0x1e, 0x0a, 0x0a, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72,
-	0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69,
-	0x65, 0x72, 0x12, 0x26, 0x0a, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69,
-	0x6f, 0x6e, 0x49, 0x44, 0x18, 0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x72, 0x65, 0x67, 0x69,
-	0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x74,
-	0x61, 0x74, 0x75, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74,
-	0x75, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x18, 0x05, 0x20,
-	0x01, 0x28, 0x03, 0x52, 0x07, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x12, 0x2f, 0x0a, 0x0a,
-	0x63, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b,
-	0x32, 0x0f, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x43, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67,
-	0x65, 0x52, 0x0a, 0x63, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x73, 0x4a, 0x04, 0x08,
-	0x07, 0x10, 0x08, 0x4a, 0x04, 0x08, 0x08, 0x10, 0x09, 0x22, 0xd7, 0x02, 0x0a, 0x05, 0x4f, 0x72,
-	0x64, 0x65, 0x72, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52,
-	0x02, 0x69, 0x64, 0x12, 0x26, 0x0a, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x49, 0x44, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x72, 0x65, 0x67,
-	0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x12, 0x18, 0x0a, 0x07, 0x65,
-	0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x07, 0x65, 0x78,
-	0x70, 0x69, 0x72, 0x65, 0x73, 0x12, 0x2a, 0x0a, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x18, 0x04,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x50, 0x72, 0x6f, 0x62,
-	0x6c, 0x65, 0x6d, 0x44, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x52, 0x05, 0x65, 0x72, 0x72, 0x6f,
-	0x72, 0x12, 0x2c, 0x0a, 0x11, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65,
-	0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x63, 0x65,
-	0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x12,
-	0x16, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x14, 0x0a, 0x05, 0x6e, 0x61, 0x6d, 0x65, 0x73,
-	0x18, 0x08, 0x20, 0x03, 0x28, 0x09, 0x52, 0x05, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x28, 0x0a,
-	0x0f, 0x62, 0x65, 0x67, 0x61, 0x6e, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x69, 0x6e, 0x67,
-	0x18, 0x09, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0f, 0x62, 0x65, 0x67, 0x61, 0x6e, 0x50, 0x72, 0x6f,
-	0x63, 0x65, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x12, 0x18, 0x0a, 0x07, 0x63, 0x72, 0x65, 0x61, 0x74,
-	0x65, 0x64, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x03, 0x52, 0x07, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65,
-	0x64, 0x12, 0x2a, 0x0a, 0x10, 0x76, 0x32, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61,
-	0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x0b, 0x20, 0x03, 0x28, 0x03, 0x52, 0x10, 0x76, 0x32, 0x41,
-	0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x4a, 0x04, 0x08,
-	0x06, 0x10, 0x07, 0x22, 0x58, 0x0a, 0x08, 0x43, 0x52, 0x4c, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12,
-	0x16, 0x0a, 0x06, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x06, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x12, 0x16, 0x0a, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f,
-	0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x12,
-	0x1c, 0x0a, 0x09, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x41, 0x74, 0x18, 0x03, 0x20, 0x01,
-	0x28, 0x03, 0x52, 0x09, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x41, 0x74, 0x42, 0x2b, 0x5a,
-	0x29, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6c, 0x65, 0x74, 0x73,
-	0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x2f, 0x62, 0x6f, 0x75, 0x6c, 0x64, 0x65, 0x72, 0x2f,
-	0x63, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74,
-	0x6f, 0x33,
-}
-
-var (
-	file_core_proto_rawDescOnce sync.Once
-	file_core_proto_rawDescData = file_core_proto_rawDesc
-)
-
-func file_core_proto_rawDescGZIP() []byte {
-	file_core_proto_rawDescOnce.Do(func() {
-		file_core_proto_rawDescData = protoimpl.X.CompressGZIP(file_core_proto_rawDescData)
-	})
-	return file_core_proto_rawDescData
-}
-
-var file_core_proto_msgTypes = make([]protoimpl.MessageInfo, 9)
-var file_core_proto_goTypes = []interface{}{
-	(*Challenge)(nil),         // 0: core.Challenge
-	(*ValidationRecord)(nil),  // 1: core.ValidationRecord
-	(*ProblemDetails)(nil),    // 2: core.ProblemDetails
-	(*Certificate)(nil),       // 3: core.Certificate
-	(*CertificateStatus)(nil), // 4: core.CertificateStatus
-	(*Registration)(nil),      // 5: core.Registration
-	(*Authorization)(nil),     // 6: core.Authorization
-	(*Order)(nil),             // 7: core.Order
-	(*CRLEntry)(nil),          // 8: core.CRLEntry
-}
-var file_core_proto_depIdxs = []int32{
-	1, // 0: core.Challenge.validationrecords:type_name -> core.ValidationRecord
-	2, // 1: core.Challenge.error:type_name -> core.ProblemDetails
-	0, // 2: core.Authorization.challenges:type_name -> core.Challenge
-	2, // 3: core.Order.error:type_name -> core.ProblemDetails
-	4, // [4:4] is the sub-list for method output_type
-	4, // [4:4] is the sub-list for method input_type
-	4, // [4:4] is the sub-list for extension type_name
-	4, // [4:4] is the sub-list for extension extendee
-	0, // [0:4] is the sub-list for field type_name
-}
-
-func init() { file_core_proto_init() }
-func file_core_proto_init() {
-	if File_core_proto != nil {
-		return
-	}
-	if !protoimpl.UnsafeEnabled {
-		file_core_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Challenge); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_core_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*ValidationRecord); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_core_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*ProblemDetails); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_core_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Certificate); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_core_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*CertificateStatus); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_core_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Registration); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_core_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Authorization); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_core_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Order); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_core_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*CRLEntry); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-	}
-	type x struct{}
-	out := protoimpl.TypeBuilder{
-		File: protoimpl.DescBuilder{
-			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
-			RawDescriptor: file_core_proto_rawDesc,
-			NumEnums:      0,
-			NumMessages:   9,
-			NumExtensions: 0,
-			NumServices:   0,
-		},
-		GoTypes:           file_core_proto_goTypes,
-		DependencyIndexes: file_core_proto_depIdxs,
-		MessageInfos:      file_core_proto_msgTypes,
-	}.Build()
-	File_core_proto = out.File
-	file_core_proto_rawDesc = nil
-	file_core_proto_goTypes = nil
-	file_core_proto_depIdxs = nil
-}
diff --git a/vendor/github.com/letsencrypt/boulder/core/proto/core.proto b/vendor/github.com/letsencrypt/boulder/core/proto/core.proto
deleted file mode 100644
index 946bb16c87..0000000000
--- a/vendor/github.com/letsencrypt/boulder/core/proto/core.proto
+++ /dev/null
@@ -1,101 +0,0 @@
-syntax = "proto3";
-
-package core;
-option go_package = "github.com/letsencrypt/boulder/core/proto";
-
-message Challenge {
-  int64 id = 1;
-  string type = 2;
-  string status = 6;
-  string uri = 9;
-  string token = 3;
-  string keyAuthorization = 5;
-  repeated ValidationRecord validationrecords = 10;
-  ProblemDetails error = 7;
-  int64 validated = 11;
-}
-
-message ValidationRecord {
-  string hostname = 1;
-  string port = 2;
-  repeated bytes addressesResolved = 3; // net.IP.MarshalText()
-  bytes addressUsed = 4; // net.IP.MarshalText()
-
-  repeated string authorities = 5;
-  string url = 6;
-  // A list of addresses tried before the address used (see
-  // core/objects.go and the comment on the ValidationRecord structure
-  // definition for more information.
-  repeated bytes addressesTried = 7; // net.IP.MarshalText()
-}
-
-message ProblemDetails {
-  string problemType = 1;
-  string detail = 2;
-  int32 httpStatus = 3;
-}
-
-message Certificate {
-  int64 registrationID = 1;
-  string serial = 2;
-  string digest = 3;
-  bytes der = 4;
-  int64 issued = 5;  // Unix timestamp (nanoseconds)
-  int64 expires = 6; // Unix timestamp (nanoseconds)
-}
-
-message CertificateStatus {
-  string serial = 1;
-  reserved 2; // previously subscriberApproved
-  string status = 3;
-  int64 ocspLastUpdated = 4;
-  int64 revokedDate = 5;
-  int64 revokedReason = 6;
-  int64 lastExpirationNagSent = 7;
-  bytes ocspResponse = 8;
-  int64 notAfter = 9;
-  bool isExpired = 10;
-  int64 issuerID = 11;
-}
-
-message Registration {
-  int64 id = 1;
-  bytes key = 2;
-  repeated string contact = 3;
-  bool contactsPresent = 4;
-  string agreement = 5;
-  bytes initialIP = 6;
-  int64 createdAt = 7; // Unix timestamp (nanoseconds)
-  string status = 8;
-}
-
-message Authorization {
-  string id = 1;
-  string identifier = 2;
-  int64 registrationID = 3;
-  string status = 4;
-  int64 expires = 5; // Unix timestamp (nanoseconds)
-  repeated core.Challenge challenges = 6;
-  reserved 7; // previously combinations
-  reserved 8; // previously v2
-}
-
-message Order {
-  int64 id = 1;
-  int64 registrationID = 2;
-  int64 expires = 3;
-  ProblemDetails error = 4;
-  string certificateSerial = 5;
-  reserved 6; // previously authorizations, deprecated in favor of v2Authorizations
-  string status = 7;
-  repeated string names = 8;
-  bool beganProcessing = 9;
-  int64 created = 10;
-  repeated int64 v2Authorizations = 11;
-}
-
-message CRLEntry {
-  string serial = 1;
-  int32 reason = 2;
-  int64 revokedAt = 3; // Unix timestamp (nanoseconds)
-}
diff --git a/vendor/github.com/letsencrypt/boulder/core/util.go b/vendor/github.com/letsencrypt/boulder/core/util.go
index b9ac7047aa..d7fe026689 100644
--- a/vendor/github.com/letsencrypt/boulder/core/util.go
+++ b/vendor/github.com/letsencrypt/boulder/core/util.go
@@ -1,9 +1,10 @@
 package core
 
 import (
-	"bytes"
 	"crypto"
+	"crypto/ecdsa"
 	"crypto/rand"
+	"crypto/rsa"
 	"crypto/sha256"
 	"crypto/x509"
 	"encoding/base64"
@@ -16,6 +17,7 @@ import (
 	"math/big"
 	mrand "math/rand"
 	"os"
+	"path"
 	"reflect"
 	"regexp"
 	"sort"
@@ -23,7 +25,7 @@ import (
 	"time"
 	"unicode"
 
-	jose "gopkg.in/square/go-jose.v2"
+	"gopkg.in/go-jose/go-jose.v2"
 )
 
 const Unspecified = "Unspecified"
@@ -96,7 +98,7 @@ func KeyDigest(key crypto.PublicKey) (Sha256Digest, error) {
 	switch t := key.(type) {
 	case *jose.JSONWebKey:
 		if t == nil {
-			return Sha256Digest{}, fmt.Errorf("Cannot compute digest of nil key")
+			return Sha256Digest{}, errors.New("cannot compute digest of nil key")
 		}
 		return KeyDigest(t.Key)
 	case jose.JSONWebKey:
@@ -132,21 +134,16 @@ func KeyDigestEquals(j, k crypto.PublicKey) bool {
 	return digestJ == digestK
 }
 
-// PublicKeysEqual determines whether two public keys have the same marshalled
-// bytes as one another
-func PublicKeysEqual(a, b interface{}) (bool, error) {
-	if a == nil || b == nil {
-		return false, errors.New("One or more nil arguments to PublicKeysEqual")
-	}
-	aBytes, err := x509.MarshalPKIXPublicKey(a)
-	if err != nil {
-		return false, err
-	}
-	bBytes, err := x509.MarshalPKIXPublicKey(b)
-	if err != nil {
-		return false, err
+// PublicKeysEqual determines whether two public keys are identical.
+func PublicKeysEqual(a, b crypto.PublicKey) (bool, error) {
+	switch ak := a.(type) {
+	case *rsa.PublicKey:
+		return ak.Equal(b), nil
+	case *ecdsa.PublicKey:
+		return ak.Equal(b), nil
+	default:
+		return false, fmt.Errorf("unsupported public key type %T", ak)
 	}
-	return bytes.Equal(aBytes, bBytes), nil
 }
 
 // SerialToString converts a certificate serial number (big.Int) to a String
@@ -160,7 +157,7 @@ func SerialToString(serial *big.Int) string {
 func StringToSerial(serial string) (*big.Int, error) {
 	var serialNum big.Int
 	if !ValidSerial(serial) {
-		return &serialNum, errors.New("Invalid serial number")
+		return &serialNum, fmt.Errorf("invalid serial number %q", serial)
 	}
 	_, err := fmt.Sscanf(serial, "%036x", &serialNum)
 	return &serialNum, err
@@ -245,6 +242,14 @@ func UniqueLowerNames(names []string) (unique []string) {
 	return
 }
 
+// HashNames returns a hash of the names requested. This is intended for use
+// when interacting with the orderFqdnSets table and rate limiting.
+func HashNames(names []string) []byte {
+	names = UniqueLowerNames(names)
+	hash := sha256.Sum256([]byte(strings.Join(names, ",")))
+	return hash[:]
+}
+
 // LoadCert loads a PEM certificate specified by filename or returns an error
 func LoadCert(filename string) (*x509.Certificate, error) {
 	certPEM, err := os.ReadFile(filename)
@@ -253,7 +258,7 @@ func LoadCert(filename string) (*x509.Certificate, error) {
 	}
 	block, _ := pem.Decode(certPEM)
 	if block == nil {
-		return nil, fmt.Errorf("No data in cert PEM file %s", filename)
+		return nil, fmt.Errorf("no data in cert PEM file %q", filename)
 	}
 	cert, err := x509.ParseCertificate(block.Bytes)
 	if err != nil {
@@ -298,3 +303,7 @@ func IsASCII(str string) bool {
 	}
 	return true
 }
+
+func Command() string {
+	return path.Base(os.Args[0])
+}
diff --git a/vendor/github.com/letsencrypt/boulder/errors/errors.go b/vendor/github.com/letsencrypt/boulder/errors/errors.go
deleted file mode 100644
index 50be1087a0..0000000000
--- a/vendor/github.com/letsencrypt/boulder/errors/errors.go
+++ /dev/null
@@ -1,194 +0,0 @@
-// Package errors provides internal-facing error types for use in Boulder. Many
-// of these are transformed directly into Problem Details documents by the WFE.
-// Some, like NotFound, may be handled internally. We avoid using Problem
-// Details documents as part of our internal error system to avoid layering
-// confusions.
-//
-// These errors are specifically for use in errors that cross RPC boundaries.
-// An error type that does not need to be passed through an RPC can use a plain
-// Go type locally. Our gRPC code is aware of these error types and will
-// serialize and deserialize them automatically.
-package errors
-
-import (
-	"fmt"
-	"time"
-
-	"github.com/letsencrypt/boulder/identifier"
-)
-
-// ErrorType provides a coarse category for BoulderErrors.
-// Objects of type ErrorType should never be directly returned by other
-// functions; instead use the methods below to create an appropriate
-// BoulderError wrapping one of these types.
-type ErrorType int
-
-// These numeric constants are used when sending berrors through gRPC.
-const (
-	// InternalServer is deprecated. Instead, pass a plain Go error. That will get
-	// turned into a probs.InternalServerError by the WFE.
-	InternalServer ErrorType = iota
-	_
-	Malformed
-	Unauthorized
-	NotFound
-	RateLimit
-	RejectedIdentifier
-	InvalidEmail
-	ConnectionFailure
-	_ // Reserved, previously WrongAuthorizationState
-	CAA
-	MissingSCTs
-	Duplicate
-	OrderNotReady
-	DNS
-	BadPublicKey
-	BadCSR
-	AlreadyRevoked
-	BadRevocationReason
-)
-
-func (ErrorType) Error() string {
-	return "urn:ietf:params:acme:error"
-}
-
-// BoulderError represents internal Boulder errors
-type BoulderError struct {
-	Type      ErrorType
-	Detail    string
-	SubErrors []SubBoulderError
-
-	// RetryAfter the duration a client should wait before retrying the request
-	// which resulted in this error.
-	RetryAfter time.Duration
-}
-
-// SubBoulderError represents sub-errors specific to an identifier that are
-// related to a top-level internal Boulder error.
-type SubBoulderError struct {
-	*BoulderError
-	Identifier identifier.ACMEIdentifier
-}
-
-func (be *BoulderError) Error() string {
-	return be.Detail
-}
-
-func (be *BoulderError) Unwrap() error {
-	return be.Type
-}
-
-// WithSubErrors returns a new BoulderError instance created by adding the
-// provided subErrs to the existing BoulderError.
-func (be *BoulderError) WithSubErrors(subErrs []SubBoulderError) *BoulderError {
-	return &BoulderError{
-		Type:       be.Type,
-		Detail:     be.Detail,
-		SubErrors:  append(be.SubErrors, subErrs...),
-		RetryAfter: be.RetryAfter,
-	}
-}
-
-// New is a convenience function for creating a new BoulderError
-func New(errType ErrorType, msg string, args ...interface{}) error {
-	return &BoulderError{
-		Type:   errType,
-		Detail: fmt.Sprintf(msg, args...),
-	}
-}
-
-func InternalServerError(msg string, args ...interface{}) error {
-	return New(InternalServer, msg, args...)
-}
-
-func MalformedError(msg string, args ...interface{}) error {
-	return New(Malformed, msg, args...)
-}
-
-func UnauthorizedError(msg string, args ...interface{}) error {
-	return New(Unauthorized, msg, args...)
-}
-
-func NotFoundError(msg string, args ...interface{}) error {
-	return New(NotFound, msg, args...)
-}
-
-func RateLimitError(retryAfter time.Duration, msg string, args ...interface{}) error {
-	return &BoulderError{
-		Type:       RateLimit,
-		Detail:     fmt.Sprintf(msg+": see https://letsencrypt.org/docs/rate-limits/", args...),
-		RetryAfter: retryAfter,
-	}
-}
-
-func DuplicateCertificateError(retryAfter time.Duration, msg string, args ...interface{}) error {
-	return &BoulderError{
-		Type:       RateLimit,
-		Detail:     fmt.Sprintf(msg+": see https://letsencrypt.org/docs/duplicate-certificate-limit/", args...),
-		RetryAfter: retryAfter,
-	}
-}
-
-func FailedValidationError(retryAfter time.Duration, msg string, args ...interface{}) error {
-	return &BoulderError{
-		Type:       RateLimit,
-		Detail:     fmt.Sprintf(msg+": see https://letsencrypt.org/docs/failed-validation-limit/", args...),
-		RetryAfter: retryAfter,
-	}
-}
-
-func RegistrationsPerIPError(retryAfter time.Duration, msg string, args ...interface{}) error {
-	return &BoulderError{
-		Type:       RateLimit,
-		Detail:     fmt.Sprintf(msg+": see https://letsencrypt.org/docs/too-many-registrations-for-this-ip/", args...),
-		RetryAfter: retryAfter,
-	}
-}
-
-func RejectedIdentifierError(msg string, args ...interface{}) error {
-	return New(RejectedIdentifier, msg, args...)
-}
-
-func InvalidEmailError(msg string, args ...interface{}) error {
-	return New(InvalidEmail, msg, args...)
-}
-
-func ConnectionFailureError(msg string, args ...interface{}) error {
-	return New(ConnectionFailure, msg, args...)
-}
-
-func CAAError(msg string, args ...interface{}) error {
-	return New(CAA, msg, args...)
-}
-
-func MissingSCTsError(msg string, args ...interface{}) error {
-	return New(MissingSCTs, msg, args...)
-}
-
-func DuplicateError(msg string, args ...interface{}) error {
-	return New(Duplicate, msg, args...)
-}
-
-func OrderNotReadyError(msg string, args ...interface{}) error {
-	return New(OrderNotReady, msg, args...)
-}
-
-func DNSError(msg string, args ...interface{}) error {
-	return New(DNS, msg, args...)
-}
-
-func BadPublicKeyError(msg string, args ...interface{}) error {
-	return New(BadPublicKey, msg, args...)
-}
-
-func BadCSRError(msg string, args ...interface{}) error {
-	return New(BadCSR, msg, args...)
-}
-
-func AlreadyRevokedError(msg string, args ...interface{}) error {
-	return New(AlreadyRevoked, msg, args...)
-}
-
-func BadRevocationReasonError(reason int64) error {
-	return New(BadRevocationReason, "disallowed revocation reason: %d", reason)
-}
diff --git a/vendor/github.com/letsencrypt/boulder/features/featureflag_string.go b/vendor/github.com/letsencrypt/boulder/features/featureflag_string.go
deleted file mode 100644
index 7eadc1f9bf..0000000000
--- a/vendor/github.com/letsencrypt/boulder/features/featureflag_string.go
+++ /dev/null
@@ -1,56 +0,0 @@
-// Code generated by "stringer -type=FeatureFlag"; DO NOT EDIT.
-
-package features
-
-import "strconv"
-
-func _() {
-	// An "invalid array index" compiler error signifies that the constant values have changed.
-	// Re-run the stringer command to generate them again.
-	var x [1]struct{}
-	_ = x[unused-0]
-	_ = x[PrecertificateRevocation-1]
-	_ = x[StripDefaultSchemePort-2]
-	_ = x[NonCFSSLSigner-3]
-	_ = x[StoreIssuerInfo-4]
-	_ = x[StreamlineOrderAndAuthzs-5]
-	_ = x[V1DisableNewValidations-6]
-	_ = x[ExpirationMailerDontLookTwice-7]
-	_ = x[OldTLSInbound-8]
-	_ = x[OldTLSOutbound-9]
-	_ = x[ROCSPStage1-10]
-	_ = x[ROCSPStage2-11]
-	_ = x[ROCSPStage3-12]
-	_ = x[CAAValidationMethods-13]
-	_ = x[CAAAccountURI-14]
-	_ = x[EnforceMultiVA-15]
-	_ = x[MultiVAFullResults-16]
-	_ = x[MandatoryPOSTAsGET-17]
-	_ = x[AllowV1Registration-18]
-	_ = x[StoreRevokerInfo-19]
-	_ = x[RestrictRSAKeySizes-20]
-	_ = x[FasterNewOrdersRateLimit-21]
-	_ = x[ECDSAForAll-22]
-	_ = x[ServeRenewalInfo-23]
-	_ = x[GetAuthzReadOnly-24]
-	_ = x[GetAuthzUseIndex-25]
-	_ = x[CheckFailedAuthorizationsFirst-26]
-	_ = x[AllowReRevocation-27]
-	_ = x[MozRevocationReasons-28]
-	_ = x[SHA1CSRs-29]
-	_ = x[AllowUnrecognizedFeatures-30]
-	_ = x[RejectDuplicateCSRExtensions-31]
-	_ = x[ROCSPStage6-32]
-	_ = x[ROCSPStage7-33]
-}
-
-const _FeatureFlag_name = "unusedPrecertificateRevocationStripDefaultSchemePortNonCFSSLSignerStoreIssuerInfoStreamlineOrderAndAuthzsV1DisableNewValidationsExpirationMailerDontLookTwiceOldTLSInboundOldTLSOutboundROCSPStage1ROCSPStage2ROCSPStage3CAAValidationMethodsCAAAccountURIEnforceMultiVAMultiVAFullResultsMandatoryPOSTAsGETAllowV1RegistrationStoreRevokerInfoRestrictRSAKeySizesFasterNewOrdersRateLimitECDSAForAllServeRenewalInfoGetAuthzReadOnlyGetAuthzUseIndexCheckFailedAuthorizationsFirstAllowReRevocationMozRevocationReasonsSHA1CSRsAllowUnrecognizedFeaturesRejectDuplicateCSRExtensionsROCSPStage6ROCSPStage7"
-
-var _FeatureFlag_index = [...]uint16{0, 6, 30, 52, 66, 81, 105, 128, 157, 170, 184, 195, 206, 217, 237, 250, 264, 282, 300, 319, 335, 354, 378, 389, 405, 421, 437, 467, 484, 504, 512, 537, 565, 576, 587}
-
-func (i FeatureFlag) String() string {
-	if i < 0 || i >= FeatureFlag(len(_FeatureFlag_index)-1) {
-		return "FeatureFlag(" + strconv.FormatInt(int64(i), 10) + ")"
-	}
-	return _FeatureFlag_name[_FeatureFlag_index[i]:_FeatureFlag_index[i+1]]
-}
diff --git a/vendor/github.com/letsencrypt/boulder/features/features.go b/vendor/github.com/letsencrypt/boulder/features/features.go
deleted file mode 100644
index 6db20d7dea..0000000000
--- a/vendor/github.com/letsencrypt/boulder/features/features.go
+++ /dev/null
@@ -1,203 +0,0 @@
-//go:generate stringer -type=FeatureFlag
-
-package features
-
-import (
-	"fmt"
-	"strings"
-	"sync"
-)
-
-type FeatureFlag int
-
-const (
-	unused FeatureFlag = iota // unused is used for testing
-	//   Deprecated features, these can be removed once stripped from production configs
-	PrecertificateRevocation
-	StripDefaultSchemePort
-	NonCFSSLSigner
-	StoreIssuerInfo
-	StreamlineOrderAndAuthzs
-	V1DisableNewValidations
-	ExpirationMailerDontLookTwice
-	OldTLSInbound
-	OldTLSOutbound
-	ROCSPStage1
-	ROCSPStage2
-	ROCSPStage3
-
-	//   Currently in-use features
-	// Check CAA and respect validationmethods parameter.
-	CAAValidationMethods
-	// Check CAA and respect accounturi parameter.
-	CAAAccountURI
-	// EnforceMultiVA causes the VA to block on remote VA PerformValidation
-	// requests in order to make a valid/invalid decision with the results.
-	EnforceMultiVA
-	// MultiVAFullResults will cause the main VA to wait for all of the remote VA
-	// results, not just the threshold required to make a decision.
-	MultiVAFullResults
-	// MandatoryPOSTAsGET forbids legacy unauthenticated GET requests for ACME
-	// resources.
-	MandatoryPOSTAsGET
-	// Allow creation of new registrations in ACMEv1.
-	AllowV1Registration
-	// StoreRevokerInfo enables storage of the revoker and a bool indicating if the row
-	// was checked for extant unrevoked certificates in the blockedKeys table.
-	StoreRevokerInfo
-	// RestrictRSAKeySizes enables restriction of acceptable RSA public key moduli to
-	// the common sizes (2048, 3072, and 4096 bits).
-	RestrictRSAKeySizes
-	// FasterNewOrdersRateLimit enables use of a separate table for counting the
-	// new orders rate limit.
-	FasterNewOrdersRateLimit
-	// ECDSAForAll enables all accounts, regardless of their presence in the CA's
-	// ecdsaAllowedAccounts config value, to get issuance from ECDSA issuers.
-	ECDSAForAll
-	// ServeRenewalInfo exposes the renewalInfo endpoint in the directory and for
-	// GET requests. WARNING: This feature is a draft and highly unstable.
-	ServeRenewalInfo
-	// GetAuthzReadOnly causes the SA to use its read-only database connection
-	// (which is generally pointed at a replica rather than the primary db) when
-	// querying the authz2 table.
-	GetAuthzReadOnly
-	// GetAuthzUseIndex causes the SA to use to add a USE INDEX hint when it
-	// queries the authz2 table.
-	GetAuthzUseIndex
-	// Check the failed authorization limit before doing authz reuse.
-	CheckFailedAuthorizationsFirst
-	// AllowReRevocation causes the RA to allow the revocation reason of an
-	// already-revoked certificate to be updated to `keyCompromise` from any
-	// other reason if that compromise is demonstrated by making the second
-	// revocation request signed by the certificate keypair.
-	AllowReRevocation
-	// MozRevocationReasons causes the RA to enforce the following upcoming
-	// Mozilla policies regarding revocation:
-	// - A subscriber can request that their certificate be revoked with reason
-	//   keyCompromise, even without demonstrating that compromise at the time.
-	//   However, the cert's pubkey will not be added to the blocked keys list.
-	// - When an applicant other than the original subscriber requests that a
-	//   certificate be revoked (by demonstrating control over all names in it),
-	//   the cert will be revoked with reason cessationOfOperation, regardless of
-	//   what revocation reason they request.
-	// - When anyone requests that a certificate be revoked by signing the request
-	//   with the certificate's keypair, the cert will be revoked with reason
-	//   keyCompromise, regardless of what revocation reason they request.
-	MozRevocationReasons
-	// SHA1CSRs controls whether the /acme/finalize endpoint rejects CSRs that
-	// are self-signed using SHA1.
-	SHA1CSRs
-	// AllowUnrecognizedFeatures is internal to the features package: if true,
-	// skip error when unrecognized feature flag names are passed.
-	AllowUnrecognizedFeatures
-	// RejectDuplicateCSRExtensions enables verification that submitted CSRs do
-	// not contain duplicate extensions. This behavior will be on by default in
-	// go1.19.
-	RejectDuplicateCSRExtensions
-
-	// ROCSPStage6 disables writing full OCSP Responses to MariaDB during
-	// (pre)certificate issuance and during revocation. Because Stage 4 involved
-	// disabling ocsp-updater, this means that no ocsp response bytes will be
-	// written to the database anymore.
-	ROCSPStage6
-	// ROCSPStage7 disables generating OCSP responses during issuance and
-	// revocation. This affects codepaths in both the RA (revocation) and the CA
-	// (precert "birth certificates").
-	ROCSPStage7
-)
-
-// List of features and their default value, protected by fMu
-var features = map[FeatureFlag]bool{
-	unused:                         false,
-	CAAValidationMethods:           false,
-	CAAAccountURI:                  false,
-	EnforceMultiVA:                 false,
-	MultiVAFullResults:             false,
-	MandatoryPOSTAsGET:             false,
-	AllowV1Registration:            true,
-	V1DisableNewValidations:        false,
-	PrecertificateRevocation:       false,
-	StripDefaultSchemePort:         false,
-	StoreIssuerInfo:                false,
-	StoreRevokerInfo:               false,
-	RestrictRSAKeySizes:            false,
-	FasterNewOrdersRateLimit:       false,
-	NonCFSSLSigner:                 false,
-	ECDSAForAll:                    false,
-	StreamlineOrderAndAuthzs:       false,
-	ServeRenewalInfo:               false,
-	GetAuthzReadOnly:               false,
-	GetAuthzUseIndex:               false,
-	CheckFailedAuthorizationsFirst: false,
-	AllowReRevocation:              false,
-	MozRevocationReasons:           false,
-	OldTLSOutbound:                 true,
-	OldTLSInbound:                  true,
-	SHA1CSRs:                       true,
-	AllowUnrecognizedFeatures:      false,
-	ExpirationMailerDontLookTwice:  false,
-	RejectDuplicateCSRExtensions:   false,
-	ROCSPStage1:                    false,
-	ROCSPStage2:                    false,
-	ROCSPStage3:                    false,
-	ROCSPStage6:                    false,
-	ROCSPStage7:                    false,
-}
-
-var fMu = new(sync.RWMutex)
-
-var initial = map[FeatureFlag]bool{}
-
-var nameToFeature = make(map[string]FeatureFlag, len(features))
-
-func init() {
-	for f, v := range features {
-		nameToFeature[f.String()] = f
-		initial[f] = v
-	}
-}
-
-// Set accepts a list of features and whether they should
-// be enabled or disabled. In the presence of unrecognized
-// flags, it will return an error or not depending on the
-// value of AllowUnrecognizedFeatures.
-func Set(featureSet map[string]bool) error {
-	fMu.Lock()
-	defer fMu.Unlock()
-	var unknown []string
-	for n, v := range featureSet {
-		f, present := nameToFeature[n]
-		if present {
-			features[f] = v
-		} else {
-			unknown = append(unknown, n)
-		}
-	}
-	if len(unknown) > 0 && !features[AllowUnrecognizedFeatures] {
-		return fmt.Errorf("unrecognized feature flag names: %s",
-			strings.Join(unknown, ", "))
-	}
-	return nil
-}
-
-// Enabled returns true if the feature is enabled or false
-// if it isn't, it will panic if passed a feature that it
-// doesn't know.
-func Enabled(n FeatureFlag) bool {
-	fMu.RLock()
-	defer fMu.RUnlock()
-	v, present := features[n]
-	if !present {
-		panic(fmt.Sprintf("feature '%s' doesn't exist", n.String()))
-	}
-	return v
-}
-
-// Reset resets the features to their initial state
-func Reset() {
-	fMu.Lock()
-	defer fMu.Unlock()
-	for k, v := range initial {
-		features[k] = v
-	}
-}
diff --git a/vendor/github.com/letsencrypt/boulder/goodkey/blocked.go b/vendor/github.com/letsencrypt/boulder/goodkey/blocked.go
index fdcfe9a181..198c09db4e 100644
--- a/vendor/github.com/letsencrypt/boulder/goodkey/blocked.go
+++ b/vendor/github.com/letsencrypt/boulder/goodkey/blocked.go
@@ -9,8 +9,7 @@ import (
 	"os"
 
 	"github.com/letsencrypt/boulder/core"
-
-	yaml "gopkg.in/yaml.v3"
+	"github.com/letsencrypt/boulder/strictyaml"
 )
 
 // blockedKeys is a type for maintaining a map of SHA256 hashes
@@ -58,7 +57,7 @@ func loadBlockedKeysList(filename string) (*blockedKeys, error) {
 		BlockedHashes    []string `yaml:"blocked"`
 		BlockedHashesHex []string `yaml:"blockedHashesHex"`
 	}
-	err = yaml.Unmarshal(yamlBytes, &list)
+	err = strictyaml.Unmarshal(yamlBytes, &list)
 	if err != nil {
 		return nil, err
 	}
diff --git a/vendor/github.com/letsencrypt/boulder/goodkey/good_key.go b/vendor/github.com/letsencrypt/boulder/goodkey/good_key.go
index b751c376cd..087a018123 100644
--- a/vendor/github.com/letsencrypt/boulder/goodkey/good_key.go
+++ b/vendor/github.com/letsencrypt/boulder/goodkey/good_key.go
@@ -12,10 +12,6 @@ import (
 	"sync"
 
 	"github.com/letsencrypt/boulder/core"
-	berrors "github.com/letsencrypt/boulder/errors"
-	"github.com/letsencrypt/boulder/features"
-	sapb "github.com/letsencrypt/boulder/sa/proto"
-	"google.golang.org/grpc"
 
 	"github.com/titanous/rocacheck"
 )
@@ -68,10 +64,12 @@ func badKey(msg string, args ...interface{}) error {
 	return fmt.Errorf("%w%s", ErrBadKey, fmt.Errorf(msg, args...))
 }
 
-// BlockedKeyCheckFunc is used to pass in the sa.BlockedKey method to KeyPolicy,
-// rather than storing a full sa.SQLStorageAuthority. This makes testing
+// BlockedKeyCheckFunc is used to pass in the sa.BlockedKey functionality to KeyPolicy,
+// rather than storing a full sa.SQLStorageAuthority. This allows external
+// users who don’t want to import all of boulder/sa, and makes testing
 // significantly simpler.
-type BlockedKeyCheckFunc func(context.Context, *sapb.KeyBlockedRequest, ...grpc.CallOption) (*sapb.Exists, error)
+// On success, the function returns a boolean which is true if the key is blocked.
+type BlockedKeyCheckFunc func(ctx context.Context, keyHash []byte) (bool, error)
 
 // KeyPolicy determines which types of key may be used with various boulder
 // operations.
@@ -82,7 +80,7 @@ type KeyPolicy struct {
 	weakRSAList        *WeakRSAKeys
 	blockedList        *blockedKeys
 	fermatRounds       int
-	dbCheck            BlockedKeyCheckFunc
+	blockedCheck       BlockedKeyCheckFunc
 }
 
 // NewKeyPolicy returns a KeyPolicy that allows RSA, ECDSA256 and ECDSA384.
@@ -97,7 +95,7 @@ func NewKeyPolicy(config *Config, bkc BlockedKeyCheckFunc) (KeyPolicy, error) {
 		AllowRSA:           true,
 		AllowECDSANISTP256: true,
 		AllowECDSANISTP384: true,
-		dbCheck:            bkc,
+		blockedCheck:       bkc,
 	}
 	if config.WeakKeyFile != "" {
 		keyList, err := LoadWeakRSASuffixes(config.WeakKeyFile)
@@ -137,20 +135,20 @@ func (policy *KeyPolicy) GoodKey(ctx context.Context, key crypto.PublicKey) erro
 	// that has been administratively blocked.
 	if policy.blockedList != nil {
 		if blocked, err := policy.blockedList.blocked(key); err != nil {
-			return berrors.InternalServerError("error checking blocklist for key: %v", key)
+			return fmt.Errorf("error checking blocklist for key: %v", key)
 		} else if blocked {
 			return badKey("public key is forbidden")
 		}
 	}
-	if policy.dbCheck != nil {
+	if policy.blockedCheck != nil {
 		digest, err := core.KeyDigest(key)
 		if err != nil {
 			return badKey("%w", err)
 		}
-		exists, err := policy.dbCheck(ctx, &sapb.KeyBlockedRequest{KeyHash: digest[:]})
+		exists, err := policy.blockedCheck(ctx, digest[:])
 		if err != nil {
 			return err
-		} else if exists.Exists {
+		} else if exists {
 			return badKey("public key is forbidden")
 		}
 	}
@@ -275,6 +273,12 @@ func (policy *KeyPolicy) goodCurve(c elliptic.Curve) (err error) {
 	}
 }
 
+// Baseline Requirements, Section 6.1.5 requires key size >= 2048 and a multiple
+// of 8 bits: https://github.com/cabforum/servercert/blob/main/docs/BR.md#615-key-sizes
+// Baseline Requirements, Section 6.1.1.3 requires that we reject any keys which
+// have a known method to easily compute their private key, such as Debian Weak
+// Keys. Our enforcement mechanism relies on enumerating all Debian Weak Keys at
+// common key sizes, so we restrict all issuance to those common key sizes.
 var acceptableRSAKeySizes = map[int]bool{
 	2048: true,
 	3072: true,
@@ -290,27 +294,12 @@ func (policy *KeyPolicy) goodKeyRSA(key *rsa.PublicKey) (err error) {
 		return badKey("key is on a known weak RSA key list")
 	}
 
-	// Baseline Requirements Appendix A
-	// Modulus must be >= 2048 bits and <= 4096 bits
 	modulus := key.N
+
+	// See comment on acceptableRSAKeySizes above.
 	modulusBitLen := modulus.BitLen()
-	if features.Enabled(features.RestrictRSAKeySizes) {
-		if !acceptableRSAKeySizes[modulusBitLen] {
-			return badKey("key size not supported: %d", modulusBitLen)
-		}
-	} else {
-		const maxKeySize = 4096
-		if modulusBitLen < 2048 {
-			return badKey("key too small: %d", modulusBitLen)
-		}
-		if modulusBitLen > maxKeySize {
-			return badKey("key too large: %d > %d", modulusBitLen, maxKeySize)
-		}
-		// Bit lengths that are not a multiple of 8 may cause problems on some
-		// client implementations.
-		if modulusBitLen%8 != 0 {
-			return badKey("key length wasn't a multiple of 8: %d", modulusBitLen)
-		}
+	if !acceptableRSAKeySizes[modulusBitLen] {
+		return badKey("key size not supported: %d", modulusBitLen)
 	}
 
 	// Rather than support arbitrary exponents, which significantly increases
diff --git a/vendor/github.com/letsencrypt/boulder/probs/probs.go b/vendor/github.com/letsencrypt/boulder/probs/probs.go
index 3736e8d391..2cc766237d 100644
--- a/vendor/github.com/letsencrypt/boulder/probs/probs.go
+++ b/vendor/github.com/letsencrypt/boulder/probs/probs.go
@@ -7,29 +7,33 @@ import (
 	"github.com/letsencrypt/boulder/identifier"
 )
 
-// Error types that can be used in ACME payloads
 const (
+	// Error types that can be used in ACME payloads. These are sorted in the
+	// same order as they are defined in RFC8555 Section 6.7. We do not implement
+	// the `compound`, `externalAccountRequired`, or `userActionRequired` errors,
+	// because we have no path that would return them.
+	AccountDoesNotExistProblem   = ProblemType("accountDoesNotExist")
+	AlreadyRevokedProblem        = ProblemType("alreadyRevoked")
+	BadCSRProblem                = ProblemType("badCSR")
+	BadNonceProblem              = ProblemType("badNonce")
+	BadPublicKeyProblem          = ProblemType("badPublicKey")
+	BadRevocationReasonProblem   = ProblemType("badRevocationReason")
+	BadSignatureAlgorithmProblem = ProblemType("badSignatureAlgorithm")
+	CAAProblem                   = ProblemType("caa")
 	ConnectionProblem            = ProblemType("connection")
+	DNSProblem                   = ProblemType("dns")
+	InvalidContactProblem        = ProblemType("invalidContact")
 	MalformedProblem             = ProblemType("malformed")
+	OrderNotReadyProblem         = ProblemType("orderNotReady")
+	RateLimitedProblem           = ProblemType("rateLimited")
+	RejectedIdentifierProblem    = ProblemType("rejectedIdentifier")
 	ServerInternalProblem        = ProblemType("serverInternal")
 	TLSProblem                   = ProblemType("tls")
 	UnauthorizedProblem          = ProblemType("unauthorized")
-	RateLimitedProblem           = ProblemType("rateLimited")
-	BadNonceProblem              = ProblemType("badNonce")
-	InvalidEmailProblem          = ProblemType("invalidEmail")
-	RejectedIdentifierProblem    = ProblemType("rejectedIdentifier")
-	AccountDoesNotExistProblem   = ProblemType("accountDoesNotExist")
-	CAAProblem                   = ProblemType("caa")
-	DNSProblem                   = ProblemType("dns")
-	AlreadyRevokedProblem        = ProblemType("alreadyRevoked")
-	OrderNotReadyProblem         = ProblemType("orderNotReady")
-	BadSignatureAlgorithmProblem = ProblemType("badSignatureAlgorithm")
-	BadPublicKeyProblem          = ProblemType("badPublicKey")
-	BadRevocationReasonProblem   = ProblemType("badRevocationReason")
-	BadCSRProblem                = ProblemType("badCSR")
+	UnsupportedContactProblem    = ProblemType("unsupportedContact")
+	UnsupportedIdentifierProblem = ProblemType("unsupportedIdentifier")
 
-	V1ErrorNS = "urn:acme:error:"
-	V2ErrorNS = "urn:ietf:params:acme:error:"
+	ErrorNS = "urn:ietf:params:acme:error:"
 )
 
 // ProblemType defines the error types in the ACME protocol
@@ -71,112 +75,71 @@ func (pd *ProblemDetails) WithSubProblems(subProbs []SubProblemDetails) *Problem
 	}
 }
 
-// statusTooManyRequests is the HTTP status code meant for rate limiting
-// errors. It's not currently in the net/http library so we add it here.
-const statusTooManyRequests = 429
+// Helper functions which construct the basic RFC8555 Problem Documents, with
+// the Type already set and the Details supplied by the caller.
 
-// ProblemDetailsToStatusCode inspects the given ProblemDetails to figure out
-// what HTTP status code it should represent. It should only be used by the WFE
-// but is included in this package because of its reliance on ProblemTypes.
-func ProblemDetailsToStatusCode(prob *ProblemDetails) int {
-	if prob.HTTPStatus != 0 {
-		return prob.HTTPStatus
-	}
-	switch prob.Type {
-	case
-		ConnectionProblem,
-		MalformedProblem,
-		BadSignatureAlgorithmProblem,
-		BadPublicKeyProblem,
-		TLSProblem,
-		BadNonceProblem,
-		InvalidEmailProblem,
-		RejectedIdentifierProblem,
-		AccountDoesNotExistProblem,
-		BadRevocationReasonProblem:
-		return http.StatusBadRequest
-	case ServerInternalProblem:
-		return http.StatusInternalServerError
-	case
-		UnauthorizedProblem,
-		CAAProblem:
-		return http.StatusForbidden
-	case RateLimitedProblem:
-		return statusTooManyRequests
-	default:
-		return http.StatusInternalServerError
-	}
-}
-
-// BadNonce returns a ProblemDetails with a BadNonceProblem and a 400 Bad
-// Request status code.
-func BadNonce(detail string) *ProblemDetails {
+// AccountDoesNotExist returns a ProblemDetails representing an
+// AccountDoesNotExistProblem error
+func AccountDoesNotExist(detail string) *ProblemDetails {
 	return &ProblemDetails{
-		Type:       BadNonceProblem,
+		Type:       AccountDoesNotExistProblem,
 		Detail:     detail,
 		HTTPStatus: http.StatusBadRequest,
 	}
 }
 
-// RejectedIdentifier returns a ProblemDetails with a RejectedIdentifierProblem and a 400 Bad
+// AlreadyRevoked returns a ProblemDetails with a AlreadyRevokedProblem and a 400 Bad
 // Request status code.
-func RejectedIdentifier(detail string) *ProblemDetails {
+func AlreadyRevoked(detail string, a ...any) *ProblemDetails {
 	return &ProblemDetails{
-		Type:       RejectedIdentifierProblem,
-		Detail:     detail,
+		Type:       AlreadyRevokedProblem,
+		Detail:     fmt.Sprintf(detail, a...),
 		HTTPStatus: http.StatusBadRequest,
 	}
 }
 
-// Conflict returns a ProblemDetails with a MalformedProblem and a 409 Conflict
-// status code.
-func Conflict(detail string) *ProblemDetails {
+// BadCSR returns a ProblemDetails representing a BadCSRProblem.
+func BadCSR(detail string, a ...any) *ProblemDetails {
 	return &ProblemDetails{
-		Type:       MalformedProblem,
-		Detail:     detail,
-		HTTPStatus: http.StatusConflict,
+		Type:       BadCSRProblem,
+		Detail:     fmt.Sprintf(detail, a...),
+		HTTPStatus: http.StatusBadRequest,
 	}
 }
 
-// AlreadyRevoked returns a ProblemDetails with a AlreadyRevokedProblem and a 400 Bad
+// BadNonce returns a ProblemDetails with a BadNonceProblem and a 400 Bad
 // Request status code.
-func AlreadyRevoked(detail string, a ...interface{}) *ProblemDetails {
+func BadNonce(detail string) *ProblemDetails {
 	return &ProblemDetails{
-		Type:       AlreadyRevokedProblem,
-		Detail:     fmt.Sprintf(detail, a...),
+		Type:       BadNonceProblem,
+		Detail:     detail,
 		HTTPStatus: http.StatusBadRequest,
 	}
 }
 
-// Malformed returns a ProblemDetails with a MalformedProblem and a 400 Bad
+// BadPublicKey returns a ProblemDetails with a BadPublicKeyProblem and a 400 Bad
 // Request status code.
-func Malformed(detail string, args ...interface{}) *ProblemDetails {
-	if len(args) > 0 {
-		detail = fmt.Sprintf(detail, args...)
-	}
+func BadPublicKey(detail string, a ...any) *ProblemDetails {
 	return &ProblemDetails{
-		Type:       MalformedProblem,
-		Detail:     detail,
+		Type:       BadPublicKeyProblem,
+		Detail:     fmt.Sprintf(detail, a...),
 		HTTPStatus: http.StatusBadRequest,
 	}
 }
 
-// Canceled returns a ProblemDetails with a MalformedProblem and a 408 Request
-// Timeout status code.
-func Canceled(detail string, args ...interface{}) *ProblemDetails {
-	if len(args) > 0 {
-		detail = fmt.Sprintf(detail, args...)
-	}
+// BadRevocationReason returns a ProblemDetails representing
+// a BadRevocationReasonProblem
+func BadRevocationReason(detail string, a ...any) *ProblemDetails {
 	return &ProblemDetails{
-		Type:       MalformedProblem,
-		Detail:     detail,
-		HTTPStatus: http.StatusRequestTimeout,
+		Type:       BadRevocationReasonProblem,
+		Detail:     fmt.Sprintf(detail, a...),
+		HTTPStatus: http.StatusBadRequest,
 	}
 }
 
 // BadSignatureAlgorithm returns a ProblemDetails with a BadSignatureAlgorithmProblem
 // and a 400 Bad Request status code.
-func BadSignatureAlgorithm(detail string, a ...interface{}) *ProblemDetails {
+func BadSignatureAlgorithm(detail string, a ...any) *ProblemDetails {
 	return &ProblemDetails{
 		Type:       BadSignatureAlgorithmProblem,
 		Detail:     fmt.Sprintf(detail, a...),
@@ -184,166 +147,195 @@ func BadSignatureAlgorithm(detail string, a ...interface{}) *ProblemDetails {
 	}
 }
 
-// BadPublicKey returns a ProblemDetails with a BadPublicKeyProblem and a 400 Bad
-// Request status code.
-func BadPublicKey(detail string, a ...interface{}) *ProblemDetails {
+// CAA returns a ProblemDetails representing a CAAProblem
+func CAA(detail string) *ProblemDetails {
 	return &ProblemDetails{
-		Type:       BadPublicKeyProblem,
-		Detail:     fmt.Sprintf(detail, a...),
-		HTTPStatus: http.StatusBadRequest,
+		Type:       CAAProblem,
+		Detail:     detail,
+		HTTPStatus: http.StatusForbidden,
 	}
 }
 
-// NotFound returns a ProblemDetails with a MalformedProblem and a 404 Not Found
-// status code.
-func NotFound(detail string) *ProblemDetails {
+// Connection returns a ProblemDetails representing a ConnectionProblem
+// error
+func Connection(detail string) *ProblemDetails {
 	return &ProblemDetails{
-		Type:       MalformedProblem,
+		Type:       ConnectionProblem,
 		Detail:     detail,
-		HTTPStatus: http.StatusNotFound,
+		HTTPStatus: http.StatusBadRequest,
 	}
 }
 
-// ServerInternal returns a ProblemDetails with a ServerInternalProblem and a
-// 500 Internal Server Failure status code.
-func ServerInternal(detail string) *ProblemDetails {
+// DNS returns a ProblemDetails representing a DNSProblem
+func DNS(detail string) *ProblemDetails {
 	return &ProblemDetails{
-		Type:       ServerInternalProblem,
+		Type:       DNSProblem,
 		Detail:     detail,
-		HTTPStatus: http.StatusInternalServerError,
+		HTTPStatus: http.StatusBadRequest,
 	}
 }
 
-// Unauthorized returns a ProblemDetails with an UnauthorizedProblem and a 403
-// Forbidden status code.
-func Unauthorized(detail string) *ProblemDetails {
+// InvalidContact returns a ProblemDetails representing an InvalidContactProblem.
+func InvalidContact(detail string) *ProblemDetails {
 	return &ProblemDetails{
-		Type:       UnauthorizedProblem,
+		Type:       InvalidContactProblem,
 		Detail:     detail,
-		HTTPStatus: http.StatusForbidden,
+		HTTPStatus: http.StatusBadRequest,
 	}
 }
 
-// MethodNotAllowed returns a ProblemDetails representing a disallowed HTTP
-// method error.
-func MethodNotAllowed() *ProblemDetails {
+// Malformed returns a ProblemDetails with a MalformedProblem and a 400 Bad
+// Request status code.
+func Malformed(detail string, a ...any) *ProblemDetails {
+	if len(a) > 0 {
+		detail = fmt.Sprintf(detail, a...)
+	}
 	return &ProblemDetails{
 		Type:       MalformedProblem,
-		Detail:     "Method not allowed",
-		HTTPStatus: http.StatusMethodNotAllowed,
+		Detail:     detail,
+		HTTPStatus: http.StatusBadRequest,
 	}
 }
 
-// ContentLengthRequired returns a ProblemDetails representing a missing
-// Content-Length header error
-func ContentLengthRequired() *ProblemDetails {
+// OrderNotReady returns a ProblemDetails representing a OrderNotReadyProblem
+func OrderNotReady(detail string, a ...any) *ProblemDetails {
 	return &ProblemDetails{
-		Type:       MalformedProblem,
-		Detail:     "missing Content-Length header",
-		HTTPStatus: http.StatusLengthRequired,
+		Type:       OrderNotReadyProblem,
+		Detail:     fmt.Sprintf(detail, a...),
+		HTTPStatus: http.StatusForbidden,
 	}
 }
 
-// InvalidContentType returns a ProblemDetails suitable for a missing
-// ContentType header, or an incorrect ContentType header
-func InvalidContentType(detail string) *ProblemDetails {
+// RateLimited returns a ProblemDetails representing a RateLimitedProblem error
+func RateLimited(detail string) *ProblemDetails {
 	return &ProblemDetails{
-		Type:       MalformedProblem,
+		Type:       RateLimitedProblem,
 		Detail:     detail,
-		HTTPStatus: http.StatusUnsupportedMediaType,
+		HTTPStatus: http.StatusTooManyRequests,
 	}
 }
 
-// InvalidEmail returns a ProblemDetails representing an invalid email address
-// error
-func InvalidEmail(detail string) *ProblemDetails {
+// RejectedIdentifier returns a ProblemDetails with a RejectedIdentifierProblem and a 400 Bad
+// Request status code.
+func RejectedIdentifier(detail string) *ProblemDetails {
 	return &ProblemDetails{
-		Type:       InvalidEmailProblem,
+		Type:       RejectedIdentifierProblem,
 		Detail:     detail,
 		HTTPStatus: http.StatusBadRequest,
 	}
 }
 
-// ConnectionFailure returns a ProblemDetails representing a ConnectionProblem
-// error
-func ConnectionFailure(detail string) *ProblemDetails {
+// ServerInternal returns a ProblemDetails with a ServerInternalProblem and a
+// 500 Internal Server Failure status code.
+func ServerInternal(detail string) *ProblemDetails {
 	return &ProblemDetails{
-		Type:       ConnectionProblem,
+		Type:       ServerInternalProblem,
+		Detail:     detail,
+		HTTPStatus: http.StatusInternalServerError,
+	}
+}
+
+// TLS returns a ProblemDetails representing a TLSProblem error
+func TLS(detail string) *ProblemDetails {
+	return &ProblemDetails{
+		Type:       TLSProblem,
 		Detail:     detail,
 		HTTPStatus: http.StatusBadRequest,
 	}
 }
 
-// RateLimited returns a ProblemDetails representing a RateLimitedProblem error
-func RateLimited(detail string) *ProblemDetails {
+// Unauthorized returns a ProblemDetails with an UnauthorizedProblem and a 403
+// Forbidden status code.
+func Unauthorized(detail string) *ProblemDetails {
 	return &ProblemDetails{
-		Type:       RateLimitedProblem,
+		Type:       UnauthorizedProblem,
 		Detail:     detail,
-		HTTPStatus: statusTooManyRequests,
+		HTTPStatus: http.StatusForbidden,
 	}
 }
 
-// TLSError returns a ProblemDetails representing a TLSProblem error
-func TLSError(detail string) *ProblemDetails {
+// UnsupportedContact returns a ProblemDetails representing an
+// UnsupportedContactProblem
+func UnsupportedContact(detail string) *ProblemDetails {
 	return &ProblemDetails{
-		Type:       TLSProblem,
+		Type:       UnsupportedContactProblem,
 		Detail:     detail,
 		HTTPStatus: http.StatusBadRequest,
 	}
 }
 
-// AccountDoesNotExist returns a ProblemDetails representing an
-// AccountDoesNotExistProblem error
-func AccountDoesNotExist(detail string) *ProblemDetails {
+// UnsupportedIdentifier returns a ProblemDetails representing an
+// UnsupportedIdentifierProblem
+func UnsupportedIdentifier(detail string, a ...any) *ProblemDetails {
 	return &ProblemDetails{
-		Type:       AccountDoesNotExistProblem,
-		Detail:     detail,
+		Type:       UnsupportedIdentifierProblem,
+		Detail:     fmt.Sprintf(detail, a...),
 		HTTPStatus: http.StatusBadRequest,
 	}
 }
 
-// CAA returns a ProblemDetails representing a CAAProblem
-func CAA(detail string) *ProblemDetails {
+// Additional helper functions that return variations on MalformedProblem with
+// different HTTP status codes set.
+
+// Canceled returns a ProblemDetails with a MalformedProblem and a 408 Request
+// Timeout status code.
+func Canceled(detail string, a ...any) *ProblemDetails {
+	if len(a) > 0 {
+		detail = fmt.Sprintf(detail, a...)
+	}
 	return &ProblemDetails{
-		Type:       CAAProblem,
+		Type:       MalformedProblem,
 		Detail:     detail,
-		HTTPStatus: http.StatusForbidden,
+		HTTPStatus: http.StatusRequestTimeout,
 	}
 }
 
-// DNS returns a ProblemDetails representing a DNSProblem
-func DNS(detail string) *ProblemDetails {
+// Conflict returns a ProblemDetails with a MalformedProblem and a 409 Conflict
+// status code.
+func Conflict(detail string) *ProblemDetails {
 	return &ProblemDetails{
-		Type:       DNSProblem,
+		Type:       MalformedProblem,
 		Detail:     detail,
-		HTTPStatus: http.StatusBadRequest,
+		HTTPStatus: http.StatusConflict,
 	}
 }
 
-// OrderNotReady returns a ProblemDetails representing a OrderNotReadyProblem
-func OrderNotReady(detail string, a ...interface{}) *ProblemDetails {
+// ContentLengthRequired returns a ProblemDetails representing a missing
+// Content-Length header error
+func ContentLengthRequired() *ProblemDetails {
 	return &ProblemDetails{
-		Type:       OrderNotReadyProblem,
-		Detail:     fmt.Sprintf(detail, a...),
-		HTTPStatus: http.StatusForbidden,
+		Type:       MalformedProblem,
+		Detail:     "missing Content-Length header",
+		HTTPStatus: http.StatusLengthRequired,
 	}
 }
 
-// BadRevocationReason returns a ProblemDetails representing
-// a BadRevocationReasonProblem
-func BadRevocationReason(detail string, a ...interface{}) *ProblemDetails {
+// InvalidContentType returns a ProblemDetails suitable for a missing
+// ContentType header, or an incorrect ContentType header
+func InvalidContentType(detail string) *ProblemDetails {
 	return &ProblemDetails{
-		Type:       BadRevocationReasonProblem,
-		Detail:     fmt.Sprintf(detail, a...),
-		HTTPStatus: http.StatusBadRequest,
+		Type:       MalformedProblem,
+		Detail:     detail,
+		HTTPStatus: http.StatusUnsupportedMediaType,
 	}
 }
 
-// BadCSR returns a ProblemDetails representing a BadCSRProblem.
-func BadCSR(detail string, a ...interface{}) *ProblemDetails {
+// MethodNotAllowed returns a ProblemDetails representing a disallowed HTTP
+// method error.
+func MethodNotAllowed() *ProblemDetails {
 	return &ProblemDetails{
-		Type:       BadCSRProblem,
-		Detail:     fmt.Sprintf(detail, a...),
-		HTTPStatus: http.StatusBadRequest,
+		Type:       MalformedProblem,
+		Detail:     "Method not allowed",
+		HTTPStatus: http.StatusMethodNotAllowed,
+	}
+}
+
+// NotFound returns a ProblemDetails with a MalformedProblem and a 404 Not Found
+// status code.
+func NotFound(detail string) *ProblemDetails {
+	return &ProblemDetails{
+		Type:       MalformedProblem,
+		Detail:     detail,
+		HTTPStatus: http.StatusNotFound,
 	}
 }
diff --git a/vendor/github.com/letsencrypt/boulder/sa/proto/sa.pb.go b/vendor/github.com/letsencrypt/boulder/sa/proto/sa.pb.go
deleted file mode 100644
index 27c5d18b07..0000000000
--- a/vendor/github.com/letsencrypt/boulder/sa/proto/sa.pb.go
+++ /dev/null
@@ -1,4261 +0,0 @@
-// Code generated by protoc-gen-go. DO NOT EDIT.
-// versions:
-// 	protoc-gen-go v1.28.0
-// 	protoc        v3.20.1
-// source: sa.proto
-
-package proto
-
-import (
-	proto "github.com/letsencrypt/boulder/core/proto"
-	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
-	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
-	emptypb "google.golang.org/protobuf/types/known/emptypb"
-	timestamppb "google.golang.org/protobuf/types/known/timestamppb"
-	reflect "reflect"
-	sync "sync"
-)
-
-const (
-	// Verify that this generated code is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
-	// Verify that runtime/protoimpl is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
-)
-
-type RegistrationID struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Id int64 `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"`
-}
-
-func (x *RegistrationID) Reset() {
-	*x = RegistrationID{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[0]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *RegistrationID) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*RegistrationID) ProtoMessage() {}
-
-func (x *RegistrationID) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[0]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use RegistrationID.ProtoReflect.Descriptor instead.
-func (*RegistrationID) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{0}
-}
-
-func (x *RegistrationID) GetId() int64 {
-	if x != nil {
-		return x.Id
-	}
-	return 0
-}
-
-type JSONWebKey struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Jwk []byte `protobuf:"bytes,1,opt,name=jwk,proto3" json:"jwk,omitempty"`
-}
-
-func (x *JSONWebKey) Reset() {
-	*x = JSONWebKey{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[1]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *JSONWebKey) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*JSONWebKey) ProtoMessage() {}
-
-func (x *JSONWebKey) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[1]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use JSONWebKey.ProtoReflect.Descriptor instead.
-func (*JSONWebKey) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{1}
-}
-
-func (x *JSONWebKey) GetJwk() []byte {
-	if x != nil {
-		return x.Jwk
-	}
-	return nil
-}
-
-type AuthorizationID struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
-}
-
-func (x *AuthorizationID) Reset() {
-	*x = AuthorizationID{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[2]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *AuthorizationID) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*AuthorizationID) ProtoMessage() {}
-
-func (x *AuthorizationID) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[2]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use AuthorizationID.ProtoReflect.Descriptor instead.
-func (*AuthorizationID) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{2}
-}
-
-func (x *AuthorizationID) GetId() string {
-	if x != nil {
-		return x.Id
-	}
-	return ""
-}
-
-type GetPendingAuthorizationRequest struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	RegistrationID  int64  `protobuf:"varint,1,opt,name=registrationID,proto3" json:"registrationID,omitempty"`
-	IdentifierType  string `protobuf:"bytes,2,opt,name=identifierType,proto3" json:"identifierType,omitempty"`
-	IdentifierValue string `protobuf:"bytes,3,opt,name=identifierValue,proto3" json:"identifierValue,omitempty"`
-	// Result must be valid until at least this Unix timestamp (nanos)
-	ValidUntil int64 `protobuf:"varint,4,opt,name=validUntil,proto3" json:"validUntil,omitempty"`
-}
-
-func (x *GetPendingAuthorizationRequest) Reset() {
-	*x = GetPendingAuthorizationRequest{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[3]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *GetPendingAuthorizationRequest) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*GetPendingAuthorizationRequest) ProtoMessage() {}
-
-func (x *GetPendingAuthorizationRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[3]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use GetPendingAuthorizationRequest.ProtoReflect.Descriptor instead.
-func (*GetPendingAuthorizationRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{3}
-}
-
-func (x *GetPendingAuthorizationRequest) GetRegistrationID() int64 {
-	if x != nil {
-		return x.RegistrationID
-	}
-	return 0
-}
-
-func (x *GetPendingAuthorizationRequest) GetIdentifierType() string {
-	if x != nil {
-		return x.IdentifierType
-	}
-	return ""
-}
-
-func (x *GetPendingAuthorizationRequest) GetIdentifierValue() string {
-	if x != nil {
-		return x.IdentifierValue
-	}
-	return ""
-}
-
-func (x *GetPendingAuthorizationRequest) GetValidUntil() int64 {
-	if x != nil {
-		return x.ValidUntil
-	}
-	return 0
-}
-
-type GetValidAuthorizationsRequest struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	RegistrationID int64    `protobuf:"varint,1,opt,name=registrationID,proto3" json:"registrationID,omitempty"`
-	Domains        []string `protobuf:"bytes,2,rep,name=domains,proto3" json:"domains,omitempty"`
-	Now            int64    `protobuf:"varint,3,opt,name=now,proto3" json:"now,omitempty"` // Unix timestamp (nanoseconds)
-}
-
-func (x *GetValidAuthorizationsRequest) Reset() {
-	*x = GetValidAuthorizationsRequest{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[4]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *GetValidAuthorizationsRequest) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*GetValidAuthorizationsRequest) ProtoMessage() {}
-
-func (x *GetValidAuthorizationsRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[4]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use GetValidAuthorizationsRequest.ProtoReflect.Descriptor instead.
-func (*GetValidAuthorizationsRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{4}
-}
-
-func (x *GetValidAuthorizationsRequest) GetRegistrationID() int64 {
-	if x != nil {
-		return x.RegistrationID
-	}
-	return 0
-}
-
-func (x *GetValidAuthorizationsRequest) GetDomains() []string {
-	if x != nil {
-		return x.Domains
-	}
-	return nil
-}
-
-func (x *GetValidAuthorizationsRequest) GetNow() int64 {
-	if x != nil {
-		return x.Now
-	}
-	return 0
-}
-
-type ValidAuthorizations struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Valid []*ValidAuthorizations_MapElement `protobuf:"bytes,1,rep,name=valid,proto3" json:"valid,omitempty"`
-}
-
-func (x *ValidAuthorizations) Reset() {
-	*x = ValidAuthorizations{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[5]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *ValidAuthorizations) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*ValidAuthorizations) ProtoMessage() {}
-
-func (x *ValidAuthorizations) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[5]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use ValidAuthorizations.ProtoReflect.Descriptor instead.
-func (*ValidAuthorizations) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{5}
-}
-
-func (x *ValidAuthorizations) GetValid() []*ValidAuthorizations_MapElement {
-	if x != nil {
-		return x.Valid
-	}
-	return nil
-}
-
-type Serial struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Serial string `protobuf:"bytes,1,opt,name=serial,proto3" json:"serial,omitempty"`
-}
-
-func (x *Serial) Reset() {
-	*x = Serial{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[6]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *Serial) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*Serial) ProtoMessage() {}
-
-func (x *Serial) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[6]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use Serial.ProtoReflect.Descriptor instead.
-func (*Serial) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{6}
-}
-
-func (x *Serial) GetSerial() string {
-	if x != nil {
-		return x.Serial
-	}
-	return ""
-}
-
-type SerialMetadata struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Serial         string `protobuf:"bytes,1,opt,name=serial,proto3" json:"serial,omitempty"`
-	RegistrationID int64  `protobuf:"varint,2,opt,name=registrationID,proto3" json:"registrationID,omitempty"`
-	Created        int64  `protobuf:"varint,3,opt,name=created,proto3" json:"created,omitempty"` // Unix timestamp (nanoseconds)
-	Expires        int64  `protobuf:"varint,4,opt,name=expires,proto3" json:"expires,omitempty"` // Unix timestamp (nanoseconds)
-}
-
-func (x *SerialMetadata) Reset() {
-	*x = SerialMetadata{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[7]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *SerialMetadata) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*SerialMetadata) ProtoMessage() {}
-
-func (x *SerialMetadata) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[7]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use SerialMetadata.ProtoReflect.Descriptor instead.
-func (*SerialMetadata) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{7}
-}
-
-func (x *SerialMetadata) GetSerial() string {
-	if x != nil {
-		return x.Serial
-	}
-	return ""
-}
-
-func (x *SerialMetadata) GetRegistrationID() int64 {
-	if x != nil {
-		return x.RegistrationID
-	}
-	return 0
-}
-
-func (x *SerialMetadata) GetCreated() int64 {
-	if x != nil {
-		return x.Created
-	}
-	return 0
-}
-
-func (x *SerialMetadata) GetExpires() int64 {
-	if x != nil {
-		return x.Expires
-	}
-	return 0
-}
-
-type Range struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Earliest int64 `protobuf:"varint,1,opt,name=earliest,proto3" json:"earliest,omitempty"` // Unix timestamp (nanoseconds)
-	Latest   int64 `protobuf:"varint,2,opt,name=latest,proto3" json:"latest,omitempty"`     // Unix timestamp (nanoseconds)
-}
-
-func (x *Range) Reset() {
-	*x = Range{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[8]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *Range) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*Range) ProtoMessage() {}
-
-func (x *Range) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[8]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use Range.ProtoReflect.Descriptor instead.
-func (*Range) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{8}
-}
-
-func (x *Range) GetEarliest() int64 {
-	if x != nil {
-		return x.Earliest
-	}
-	return 0
-}
-
-func (x *Range) GetLatest() int64 {
-	if x != nil {
-		return x.Latest
-	}
-	return 0
-}
-
-type Count struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Count int64 `protobuf:"varint,1,opt,name=count,proto3" json:"count,omitempty"`
-}
-
-func (x *Count) Reset() {
-	*x = Count{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[9]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *Count) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*Count) ProtoMessage() {}
-
-func (x *Count) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[9]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use Count.ProtoReflect.Descriptor instead.
-func (*Count) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{9}
-}
-
-func (x *Count) GetCount() int64 {
-	if x != nil {
-		return x.Count
-	}
-	return 0
-}
-
-type Timestamps struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Timestamps []int64 `protobuf:"varint,1,rep,packed,name=timestamps,proto3" json:"timestamps,omitempty"` // Unix timestamp (nanoseconds)
-}
-
-func (x *Timestamps) Reset() {
-	*x = Timestamps{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[10]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *Timestamps) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*Timestamps) ProtoMessage() {}
-
-func (x *Timestamps) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[10]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use Timestamps.ProtoReflect.Descriptor instead.
-func (*Timestamps) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{10}
-}
-
-func (x *Timestamps) GetTimestamps() []int64 {
-	if x != nil {
-		return x.Timestamps
-	}
-	return nil
-}
-
-type CountCertificatesByNamesRequest struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Range *Range   `protobuf:"bytes,1,opt,name=range,proto3" json:"range,omitempty"`
-	Names []string `protobuf:"bytes,2,rep,name=names,proto3" json:"names,omitempty"`
-}
-
-func (x *CountCertificatesByNamesRequest) Reset() {
-	*x = CountCertificatesByNamesRequest{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[11]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *CountCertificatesByNamesRequest) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*CountCertificatesByNamesRequest) ProtoMessage() {}
-
-func (x *CountCertificatesByNamesRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[11]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use CountCertificatesByNamesRequest.ProtoReflect.Descriptor instead.
-func (*CountCertificatesByNamesRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{11}
-}
-
-func (x *CountCertificatesByNamesRequest) GetRange() *Range {
-	if x != nil {
-		return x.Range
-	}
-	return nil
-}
-
-func (x *CountCertificatesByNamesRequest) GetNames() []string {
-	if x != nil {
-		return x.Names
-	}
-	return nil
-}
-
-type CountByNames struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Counts   map[string]int64       `protobuf:"bytes,1,rep,name=counts,proto3" json:"counts,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"varint,2,opt,name=value,proto3"`
-	Earliest *timestamppb.Timestamp `protobuf:"bytes,2,opt,name=earliest,proto3" json:"earliest,omitempty"` // Unix timestamp (nanoseconds)
-}
-
-func (x *CountByNames) Reset() {
-	*x = CountByNames{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[12]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *CountByNames) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*CountByNames) ProtoMessage() {}
-
-func (x *CountByNames) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[12]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use CountByNames.ProtoReflect.Descriptor instead.
-func (*CountByNames) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{12}
-}
-
-func (x *CountByNames) GetCounts() map[string]int64 {
-	if x != nil {
-		return x.Counts
-	}
-	return nil
-}
-
-func (x *CountByNames) GetEarliest() *timestamppb.Timestamp {
-	if x != nil {
-		return x.Earliest
-	}
-	return nil
-}
-
-type CountRegistrationsByIPRequest struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Ip    []byte `protobuf:"bytes,1,opt,name=ip,proto3" json:"ip,omitempty"`
-	Range *Range `protobuf:"bytes,2,opt,name=range,proto3" json:"range,omitempty"`
-}
-
-func (x *CountRegistrationsByIPRequest) Reset() {
-	*x = CountRegistrationsByIPRequest{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[13]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *CountRegistrationsByIPRequest) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*CountRegistrationsByIPRequest) ProtoMessage() {}
-
-func (x *CountRegistrationsByIPRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[13]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use CountRegistrationsByIPRequest.ProtoReflect.Descriptor instead.
-func (*CountRegistrationsByIPRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{13}
-}
-
-func (x *CountRegistrationsByIPRequest) GetIp() []byte {
-	if x != nil {
-		return x.Ip
-	}
-	return nil
-}
-
-func (x *CountRegistrationsByIPRequest) GetRange() *Range {
-	if x != nil {
-		return x.Range
-	}
-	return nil
-}
-
-type CountInvalidAuthorizationsRequest struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	RegistrationID int64  `protobuf:"varint,1,opt,name=registrationID,proto3" json:"registrationID,omitempty"`
-	Hostname       string `protobuf:"bytes,2,opt,name=hostname,proto3" json:"hostname,omitempty"`
-	// Count authorizations that expire in this range.
-	Range *Range `protobuf:"bytes,3,opt,name=range,proto3" json:"range,omitempty"`
-}
-
-func (x *CountInvalidAuthorizationsRequest) Reset() {
-	*x = CountInvalidAuthorizationsRequest{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[14]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *CountInvalidAuthorizationsRequest) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*CountInvalidAuthorizationsRequest) ProtoMessage() {}
-
-func (x *CountInvalidAuthorizationsRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[14]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use CountInvalidAuthorizationsRequest.ProtoReflect.Descriptor instead.
-func (*CountInvalidAuthorizationsRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{14}
-}
-
-func (x *CountInvalidAuthorizationsRequest) GetRegistrationID() int64 {
-	if x != nil {
-		return x.RegistrationID
-	}
-	return 0
-}
-
-func (x *CountInvalidAuthorizationsRequest) GetHostname() string {
-	if x != nil {
-		return x.Hostname
-	}
-	return ""
-}
-
-func (x *CountInvalidAuthorizationsRequest) GetRange() *Range {
-	if x != nil {
-		return x.Range
-	}
-	return nil
-}
-
-type CountOrdersRequest struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	AccountID int64  `protobuf:"varint,1,opt,name=accountID,proto3" json:"accountID,omitempty"`
-	Range     *Range `protobuf:"bytes,2,opt,name=range,proto3" json:"range,omitempty"`
-}
-
-func (x *CountOrdersRequest) Reset() {
-	*x = CountOrdersRequest{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[15]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *CountOrdersRequest) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*CountOrdersRequest) ProtoMessage() {}
-
-func (x *CountOrdersRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[15]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use CountOrdersRequest.ProtoReflect.Descriptor instead.
-func (*CountOrdersRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{15}
-}
-
-func (x *CountOrdersRequest) GetAccountID() int64 {
-	if x != nil {
-		return x.AccountID
-	}
-	return 0
-}
-
-func (x *CountOrdersRequest) GetRange() *Range {
-	if x != nil {
-		return x.Range
-	}
-	return nil
-}
-
-type CountFQDNSetsRequest struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Window  int64    `protobuf:"varint,1,opt,name=window,proto3" json:"window,omitempty"`
-	Domains []string `protobuf:"bytes,2,rep,name=domains,proto3" json:"domains,omitempty"`
-}
-
-func (x *CountFQDNSetsRequest) Reset() {
-	*x = CountFQDNSetsRequest{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[16]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *CountFQDNSetsRequest) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*CountFQDNSetsRequest) ProtoMessage() {}
-
-func (x *CountFQDNSetsRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[16]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use CountFQDNSetsRequest.ProtoReflect.Descriptor instead.
-func (*CountFQDNSetsRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{16}
-}
-
-func (x *CountFQDNSetsRequest) GetWindow() int64 {
-	if x != nil {
-		return x.Window
-	}
-	return 0
-}
-
-func (x *CountFQDNSetsRequest) GetDomains() []string {
-	if x != nil {
-		return x.Domains
-	}
-	return nil
-}
-
-type FQDNSetExistsRequest struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Domains []string `protobuf:"bytes,1,rep,name=domains,proto3" json:"domains,omitempty"`
-}
-
-func (x *FQDNSetExistsRequest) Reset() {
-	*x = FQDNSetExistsRequest{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[17]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *FQDNSetExistsRequest) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*FQDNSetExistsRequest) ProtoMessage() {}
-
-func (x *FQDNSetExistsRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[17]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use FQDNSetExistsRequest.ProtoReflect.Descriptor instead.
-func (*FQDNSetExistsRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{17}
-}
-
-func (x *FQDNSetExistsRequest) GetDomains() []string {
-	if x != nil {
-		return x.Domains
-	}
-	return nil
-}
-
-type PreviousCertificateExistsRequest struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Domain string `protobuf:"bytes,1,opt,name=domain,proto3" json:"domain,omitempty"`
-	RegID  int64  `protobuf:"varint,2,opt,name=regID,proto3" json:"regID,omitempty"`
-}
-
-func (x *PreviousCertificateExistsRequest) Reset() {
-	*x = PreviousCertificateExistsRequest{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[18]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *PreviousCertificateExistsRequest) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*PreviousCertificateExistsRequest) ProtoMessage() {}
-
-func (x *PreviousCertificateExistsRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[18]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use PreviousCertificateExistsRequest.ProtoReflect.Descriptor instead.
-func (*PreviousCertificateExistsRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{18}
-}
-
-func (x *PreviousCertificateExistsRequest) GetDomain() string {
-	if x != nil {
-		return x.Domain
-	}
-	return ""
-}
-
-func (x *PreviousCertificateExistsRequest) GetRegID() int64 {
-	if x != nil {
-		return x.RegID
-	}
-	return 0
-}
-
-type Exists struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Exists bool `protobuf:"varint,1,opt,name=exists,proto3" json:"exists,omitempty"`
-}
-
-func (x *Exists) Reset() {
-	*x = Exists{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[19]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *Exists) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*Exists) ProtoMessage() {}
-
-func (x *Exists) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[19]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use Exists.ProtoReflect.Descriptor instead.
-func (*Exists) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{19}
-}
-
-func (x *Exists) GetExists() bool {
-	if x != nil {
-		return x.Exists
-	}
-	return false
-}
-
-type AddSerialRequest struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	RegID   int64  `protobuf:"varint,1,opt,name=regID,proto3" json:"regID,omitempty"`
-	Serial  string `protobuf:"bytes,2,opt,name=serial,proto3" json:"serial,omitempty"`
-	Created int64  `protobuf:"varint,3,opt,name=created,proto3" json:"created,omitempty"` // Unix timestamp (nanoseconds)
-	Expires int64  `protobuf:"varint,4,opt,name=expires,proto3" json:"expires,omitempty"` // Unix timestamp (nanoseconds)
-}
-
-func (x *AddSerialRequest) Reset() {
-	*x = AddSerialRequest{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[20]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *AddSerialRequest) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*AddSerialRequest) ProtoMessage() {}
-
-func (x *AddSerialRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[20]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use AddSerialRequest.ProtoReflect.Descriptor instead.
-func (*AddSerialRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{20}
-}
-
-func (x *AddSerialRequest) GetRegID() int64 {
-	if x != nil {
-		return x.RegID
-	}
-	return 0
-}
-
-func (x *AddSerialRequest) GetSerial() string {
-	if x != nil {
-		return x.Serial
-	}
-	return ""
-}
-
-func (x *AddSerialRequest) GetCreated() int64 {
-	if x != nil {
-		return x.Created
-	}
-	return 0
-}
-
-func (x *AddSerialRequest) GetExpires() int64 {
-	if x != nil {
-		return x.Expires
-	}
-	return 0
-}
-
-type AddCertificateRequest struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Der   []byte `protobuf:"bytes,1,opt,name=der,proto3" json:"der,omitempty"`
-	RegID int64  `protobuf:"varint,2,opt,name=regID,proto3" json:"regID,omitempty"`
-	// A signed OCSP response for the certificate contained in "der".
-	// Note: The certificate status in the OCSP response is assumed to be 0 (good).
-	Ocsp []byte `protobuf:"bytes,3,opt,name=ocsp,proto3" json:"ocsp,omitempty"`
-	// An issued time. When not present the SA defaults to using
-	// the current time. The orphan-finder uses this parameter to add
-	// certificates with the correct historic issued date
-	Issued   int64 `protobuf:"varint,4,opt,name=issued,proto3" json:"issued,omitempty"`
-	IssuerID int64 `protobuf:"varint,5,opt,name=issuerID,proto3" json:"issuerID,omitempty"`
-}
-
-func (x *AddCertificateRequest) Reset() {
-	*x = AddCertificateRequest{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[21]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *AddCertificateRequest) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*AddCertificateRequest) ProtoMessage() {}
-
-func (x *AddCertificateRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[21]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use AddCertificateRequest.ProtoReflect.Descriptor instead.
-func (*AddCertificateRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{21}
-}
-
-func (x *AddCertificateRequest) GetDer() []byte {
-	if x != nil {
-		return x.Der
-	}
-	return nil
-}
-
-func (x *AddCertificateRequest) GetRegID() int64 {
-	if x != nil {
-		return x.RegID
-	}
-	return 0
-}
-
-func (x *AddCertificateRequest) GetOcsp() []byte {
-	if x != nil {
-		return x.Ocsp
-	}
-	return nil
-}
-
-func (x *AddCertificateRequest) GetIssued() int64 {
-	if x != nil {
-		return x.Issued
-	}
-	return 0
-}
-
-func (x *AddCertificateRequest) GetIssuerID() int64 {
-	if x != nil {
-		return x.IssuerID
-	}
-	return 0
-}
-
-type AddCertificateResponse struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Digest string `protobuf:"bytes,1,opt,name=digest,proto3" json:"digest,omitempty"`
-}
-
-func (x *AddCertificateResponse) Reset() {
-	*x = AddCertificateResponse{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[22]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *AddCertificateResponse) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*AddCertificateResponse) ProtoMessage() {}
-
-func (x *AddCertificateResponse) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[22]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use AddCertificateResponse.ProtoReflect.Descriptor instead.
-func (*AddCertificateResponse) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{22}
-}
-
-func (x *AddCertificateResponse) GetDigest() string {
-	if x != nil {
-		return x.Digest
-	}
-	return ""
-}
-
-type OrderRequest struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Id int64 `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"`
-}
-
-func (x *OrderRequest) Reset() {
-	*x = OrderRequest{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[23]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *OrderRequest) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*OrderRequest) ProtoMessage() {}
-
-func (x *OrderRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[23]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use OrderRequest.ProtoReflect.Descriptor instead.
-func (*OrderRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{23}
-}
-
-func (x *OrderRequest) GetId() int64 {
-	if x != nil {
-		return x.Id
-	}
-	return 0
-}
-
-type NewOrderRequest struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	RegistrationID   int64    `protobuf:"varint,1,opt,name=registrationID,proto3" json:"registrationID,omitempty"`
-	Expires          int64    `protobuf:"varint,2,opt,name=expires,proto3" json:"expires,omitempty"`
-	Names            []string `protobuf:"bytes,3,rep,name=names,proto3" json:"names,omitempty"`
-	V2Authorizations []int64  `protobuf:"varint,4,rep,packed,name=v2Authorizations,proto3" json:"v2Authorizations,omitempty"`
-}
-
-func (x *NewOrderRequest) Reset() {
-	*x = NewOrderRequest{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[24]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *NewOrderRequest) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*NewOrderRequest) ProtoMessage() {}
-
-func (x *NewOrderRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[24]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use NewOrderRequest.ProtoReflect.Descriptor instead.
-func (*NewOrderRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{24}
-}
-
-func (x *NewOrderRequest) GetRegistrationID() int64 {
-	if x != nil {
-		return x.RegistrationID
-	}
-	return 0
-}
-
-func (x *NewOrderRequest) GetExpires() int64 {
-	if x != nil {
-		return x.Expires
-	}
-	return 0
-}
-
-func (x *NewOrderRequest) GetNames() []string {
-	if x != nil {
-		return x.Names
-	}
-	return nil
-}
-
-func (x *NewOrderRequest) GetV2Authorizations() []int64 {
-	if x != nil {
-		return x.V2Authorizations
-	}
-	return nil
-}
-
-type NewOrderAndAuthzsRequest struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	NewOrder  *NewOrderRequest       `protobuf:"bytes,1,opt,name=newOrder,proto3" json:"newOrder,omitempty"`
-	NewAuthzs []*proto.Authorization `protobuf:"bytes,2,rep,name=newAuthzs,proto3" json:"newAuthzs,omitempty"`
-}
-
-func (x *NewOrderAndAuthzsRequest) Reset() {
-	*x = NewOrderAndAuthzsRequest{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[25]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *NewOrderAndAuthzsRequest) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*NewOrderAndAuthzsRequest) ProtoMessage() {}
-
-func (x *NewOrderAndAuthzsRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[25]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use NewOrderAndAuthzsRequest.ProtoReflect.Descriptor instead.
-func (*NewOrderAndAuthzsRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{25}
-}
-
-func (x *NewOrderAndAuthzsRequest) GetNewOrder() *NewOrderRequest {
-	if x != nil {
-		return x.NewOrder
-	}
-	return nil
-}
-
-func (x *NewOrderAndAuthzsRequest) GetNewAuthzs() []*proto.Authorization {
-	if x != nil {
-		return x.NewAuthzs
-	}
-	return nil
-}
-
-type SetOrderErrorRequest struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Id    int64                 `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"`
-	Error *proto.ProblemDetails `protobuf:"bytes,2,opt,name=error,proto3" json:"error,omitempty"`
-}
-
-func (x *SetOrderErrorRequest) Reset() {
-	*x = SetOrderErrorRequest{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[26]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *SetOrderErrorRequest) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*SetOrderErrorRequest) ProtoMessage() {}
-
-func (x *SetOrderErrorRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[26]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use SetOrderErrorRequest.ProtoReflect.Descriptor instead.
-func (*SetOrderErrorRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{26}
-}
-
-func (x *SetOrderErrorRequest) GetId() int64 {
-	if x != nil {
-		return x.Id
-	}
-	return 0
-}
-
-func (x *SetOrderErrorRequest) GetError() *proto.ProblemDetails {
-	if x != nil {
-		return x.Error
-	}
-	return nil
-}
-
-type GetValidOrderAuthorizationsRequest struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Id     int64 `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"`
-	AcctID int64 `protobuf:"varint,2,opt,name=acctID,proto3" json:"acctID,omitempty"`
-}
-
-func (x *GetValidOrderAuthorizationsRequest) Reset() {
-	*x = GetValidOrderAuthorizationsRequest{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[27]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *GetValidOrderAuthorizationsRequest) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*GetValidOrderAuthorizationsRequest) ProtoMessage() {}
-
-func (x *GetValidOrderAuthorizationsRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[27]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use GetValidOrderAuthorizationsRequest.ProtoReflect.Descriptor instead.
-func (*GetValidOrderAuthorizationsRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{27}
-}
-
-func (x *GetValidOrderAuthorizationsRequest) GetId() int64 {
-	if x != nil {
-		return x.Id
-	}
-	return 0
-}
-
-func (x *GetValidOrderAuthorizationsRequest) GetAcctID() int64 {
-	if x != nil {
-		return x.AcctID
-	}
-	return 0
-}
-
-type GetOrderForNamesRequest struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	AcctID int64    `protobuf:"varint,1,opt,name=acctID,proto3" json:"acctID,omitempty"`
-	Names  []string `protobuf:"bytes,2,rep,name=names,proto3" json:"names,omitempty"`
-}
-
-func (x *GetOrderForNamesRequest) Reset() {
-	*x = GetOrderForNamesRequest{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[28]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *GetOrderForNamesRequest) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*GetOrderForNamesRequest) ProtoMessage() {}
-
-func (x *GetOrderForNamesRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[28]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use GetOrderForNamesRequest.ProtoReflect.Descriptor instead.
-func (*GetOrderForNamesRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{28}
-}
-
-func (x *GetOrderForNamesRequest) GetAcctID() int64 {
-	if x != nil {
-		return x.AcctID
-	}
-	return 0
-}
-
-func (x *GetOrderForNamesRequest) GetNames() []string {
-	if x != nil {
-		return x.Names
-	}
-	return nil
-}
-
-type FinalizeOrderRequest struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Id                int64  `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"`
-	CertificateSerial string `protobuf:"bytes,2,opt,name=certificateSerial,proto3" json:"certificateSerial,omitempty"`
-}
-
-func (x *FinalizeOrderRequest) Reset() {
-	*x = FinalizeOrderRequest{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[29]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *FinalizeOrderRequest) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*FinalizeOrderRequest) ProtoMessage() {}
-
-func (x *FinalizeOrderRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[29]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use FinalizeOrderRequest.ProtoReflect.Descriptor instead.
-func (*FinalizeOrderRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{29}
-}
-
-func (x *FinalizeOrderRequest) GetId() int64 {
-	if x != nil {
-		return x.Id
-	}
-	return 0
-}
-
-func (x *FinalizeOrderRequest) GetCertificateSerial() string {
-	if x != nil {
-		return x.CertificateSerial
-	}
-	return ""
-}
-
-type GetAuthorizationsRequest struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	RegistrationID int64    `protobuf:"varint,1,opt,name=registrationID,proto3" json:"registrationID,omitempty"`
-	Domains        []string `protobuf:"bytes,2,rep,name=domains,proto3" json:"domains,omitempty"`
-	Now            int64    `protobuf:"varint,3,opt,name=now,proto3" json:"now,omitempty"` // Unix timestamp (nanoseconds)
-}
-
-func (x *GetAuthorizationsRequest) Reset() {
-	*x = GetAuthorizationsRequest{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[30]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *GetAuthorizationsRequest) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*GetAuthorizationsRequest) ProtoMessage() {}
-
-func (x *GetAuthorizationsRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[30]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use GetAuthorizationsRequest.ProtoReflect.Descriptor instead.
-func (*GetAuthorizationsRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{30}
-}
-
-func (x *GetAuthorizationsRequest) GetRegistrationID() int64 {
-	if x != nil {
-		return x.RegistrationID
-	}
-	return 0
-}
-
-func (x *GetAuthorizationsRequest) GetDomains() []string {
-	if x != nil {
-		return x.Domains
-	}
-	return nil
-}
-
-func (x *GetAuthorizationsRequest) GetNow() int64 {
-	if x != nil {
-		return x.Now
-	}
-	return 0
-}
-
-type Authorizations struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Authz []*Authorizations_MapElement `protobuf:"bytes,1,rep,name=authz,proto3" json:"authz,omitempty"`
-}
-
-func (x *Authorizations) Reset() {
-	*x = Authorizations{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[31]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *Authorizations) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*Authorizations) ProtoMessage() {}
-
-func (x *Authorizations) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[31]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use Authorizations.ProtoReflect.Descriptor instead.
-func (*Authorizations) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{31}
-}
-
-func (x *Authorizations) GetAuthz() []*Authorizations_MapElement {
-	if x != nil {
-		return x.Authz
-	}
-	return nil
-}
-
-type AddPendingAuthorizationsRequest struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Authz []*proto.Authorization `protobuf:"bytes,1,rep,name=authz,proto3" json:"authz,omitempty"`
-}
-
-func (x *AddPendingAuthorizationsRequest) Reset() {
-	*x = AddPendingAuthorizationsRequest{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[32]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *AddPendingAuthorizationsRequest) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*AddPendingAuthorizationsRequest) ProtoMessage() {}
-
-func (x *AddPendingAuthorizationsRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[32]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use AddPendingAuthorizationsRequest.ProtoReflect.Descriptor instead.
-func (*AddPendingAuthorizationsRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{32}
-}
-
-func (x *AddPendingAuthorizationsRequest) GetAuthz() []*proto.Authorization {
-	if x != nil {
-		return x.Authz
-	}
-	return nil
-}
-
-type AuthorizationIDs struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Ids []string `protobuf:"bytes,1,rep,name=ids,proto3" json:"ids,omitempty"`
-}
-
-func (x *AuthorizationIDs) Reset() {
-	*x = AuthorizationIDs{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[33]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *AuthorizationIDs) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*AuthorizationIDs) ProtoMessage() {}
-
-func (x *AuthorizationIDs) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[33]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use AuthorizationIDs.ProtoReflect.Descriptor instead.
-func (*AuthorizationIDs) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{33}
-}
-
-func (x *AuthorizationIDs) GetIds() []string {
-	if x != nil {
-		return x.Ids
-	}
-	return nil
-}
-
-type AuthorizationID2 struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Id int64 `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"`
-}
-
-func (x *AuthorizationID2) Reset() {
-	*x = AuthorizationID2{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[34]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *AuthorizationID2) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*AuthorizationID2) ProtoMessage() {}
-
-func (x *AuthorizationID2) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[34]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use AuthorizationID2.ProtoReflect.Descriptor instead.
-func (*AuthorizationID2) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{34}
-}
-
-func (x *AuthorizationID2) GetId() int64 {
-	if x != nil {
-		return x.Id
-	}
-	return 0
-}
-
-type Authorization2IDs struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Ids []int64 `protobuf:"varint,1,rep,packed,name=ids,proto3" json:"ids,omitempty"`
-}
-
-func (x *Authorization2IDs) Reset() {
-	*x = Authorization2IDs{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[35]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *Authorization2IDs) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*Authorization2IDs) ProtoMessage() {}
-
-func (x *Authorization2IDs) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[35]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use Authorization2IDs.ProtoReflect.Descriptor instead.
-func (*Authorization2IDs) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{35}
-}
-
-func (x *Authorization2IDs) GetIds() []int64 {
-	if x != nil {
-		return x.Ids
-	}
-	return nil
-}
-
-type RevokeCertificateRequest struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Serial   string `protobuf:"bytes,1,opt,name=serial,proto3" json:"serial,omitempty"`
-	Reason   int64  `protobuf:"varint,2,opt,name=reason,proto3" json:"reason,omitempty"`
-	Date     int64  `protobuf:"varint,3,opt,name=date,proto3" json:"date,omitempty"`         // Unix timestamp (nanoseconds)
-	Backdate int64  `protobuf:"varint,5,opt,name=backdate,proto3" json:"backdate,omitempty"` // Unix timestamp (nanoseconds)
-	Response []byte `protobuf:"bytes,4,opt,name=response,proto3" json:"response,omitempty"`
-	IssuerID int64  `protobuf:"varint,6,opt,name=issuerID,proto3" json:"issuerID,omitempty"`
-}
-
-func (x *RevokeCertificateRequest) Reset() {
-	*x = RevokeCertificateRequest{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[36]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *RevokeCertificateRequest) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*RevokeCertificateRequest) ProtoMessage() {}
-
-func (x *RevokeCertificateRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[36]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use RevokeCertificateRequest.ProtoReflect.Descriptor instead.
-func (*RevokeCertificateRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{36}
-}
-
-func (x *RevokeCertificateRequest) GetSerial() string {
-	if x != nil {
-		return x.Serial
-	}
-	return ""
-}
-
-func (x *RevokeCertificateRequest) GetReason() int64 {
-	if x != nil {
-		return x.Reason
-	}
-	return 0
-}
-
-func (x *RevokeCertificateRequest) GetDate() int64 {
-	if x != nil {
-		return x.Date
-	}
-	return 0
-}
-
-func (x *RevokeCertificateRequest) GetBackdate() int64 {
-	if x != nil {
-		return x.Backdate
-	}
-	return 0
-}
-
-func (x *RevokeCertificateRequest) GetResponse() []byte {
-	if x != nil {
-		return x.Response
-	}
-	return nil
-}
-
-func (x *RevokeCertificateRequest) GetIssuerID() int64 {
-	if x != nil {
-		return x.IssuerID
-	}
-	return 0
-}
-
-type FinalizeAuthorizationRequest struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Id                int64                     `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"`
-	Status            string                    `protobuf:"bytes,2,opt,name=status,proto3" json:"status,omitempty"`
-	Expires           int64                     `protobuf:"varint,3,opt,name=expires,proto3" json:"expires,omitempty"` // Unix timestamp (nanoseconds)
-	Attempted         string                    `protobuf:"bytes,4,opt,name=attempted,proto3" json:"attempted,omitempty"`
-	ValidationRecords []*proto.ValidationRecord `protobuf:"bytes,5,rep,name=validationRecords,proto3" json:"validationRecords,omitempty"`
-	ValidationError   *proto.ProblemDetails     `protobuf:"bytes,6,opt,name=validationError,proto3" json:"validationError,omitempty"`
-	AttemptedAt       int64                     `protobuf:"varint,7,opt,name=attemptedAt,proto3" json:"attemptedAt,omitempty"` // Unix timestamp (nanoseconds)
-}
-
-func (x *FinalizeAuthorizationRequest) Reset() {
-	*x = FinalizeAuthorizationRequest{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[37]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *FinalizeAuthorizationRequest) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*FinalizeAuthorizationRequest) ProtoMessage() {}
-
-func (x *FinalizeAuthorizationRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[37]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use FinalizeAuthorizationRequest.ProtoReflect.Descriptor instead.
-func (*FinalizeAuthorizationRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{37}
-}
-
-func (x *FinalizeAuthorizationRequest) GetId() int64 {
-	if x != nil {
-		return x.Id
-	}
-	return 0
-}
-
-func (x *FinalizeAuthorizationRequest) GetStatus() string {
-	if x != nil {
-		return x.Status
-	}
-	return ""
-}
-
-func (x *FinalizeAuthorizationRequest) GetExpires() int64 {
-	if x != nil {
-		return x.Expires
-	}
-	return 0
-}
-
-func (x *FinalizeAuthorizationRequest) GetAttempted() string {
-	if x != nil {
-		return x.Attempted
-	}
-	return ""
-}
-
-func (x *FinalizeAuthorizationRequest) GetValidationRecords() []*proto.ValidationRecord {
-	if x != nil {
-		return x.ValidationRecords
-	}
-	return nil
-}
-
-func (x *FinalizeAuthorizationRequest) GetValidationError() *proto.ProblemDetails {
-	if x != nil {
-		return x.ValidationError
-	}
-	return nil
-}
-
-func (x *FinalizeAuthorizationRequest) GetAttemptedAt() int64 {
-	if x != nil {
-		return x.AttemptedAt
-	}
-	return 0
-}
-
-type AddBlockedKeyRequest struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	KeyHash   []byte `protobuf:"bytes,1,opt,name=keyHash,proto3" json:"keyHash,omitempty"`
-	Added     int64  `protobuf:"varint,2,opt,name=added,proto3" json:"added,omitempty"` // Unix timestamp (nanoseconds)
-	Source    string `protobuf:"bytes,3,opt,name=source,proto3" json:"source,omitempty"`
-	Comment   string `protobuf:"bytes,4,opt,name=comment,proto3" json:"comment,omitempty"`
-	RevokedBy int64  `protobuf:"varint,5,opt,name=revokedBy,proto3" json:"revokedBy,omitempty"`
-}
-
-func (x *AddBlockedKeyRequest) Reset() {
-	*x = AddBlockedKeyRequest{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[38]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *AddBlockedKeyRequest) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*AddBlockedKeyRequest) ProtoMessage() {}
-
-func (x *AddBlockedKeyRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[38]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use AddBlockedKeyRequest.ProtoReflect.Descriptor instead.
-func (*AddBlockedKeyRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{38}
-}
-
-func (x *AddBlockedKeyRequest) GetKeyHash() []byte {
-	if x != nil {
-		return x.KeyHash
-	}
-	return nil
-}
-
-func (x *AddBlockedKeyRequest) GetAdded() int64 {
-	if x != nil {
-		return x.Added
-	}
-	return 0
-}
-
-func (x *AddBlockedKeyRequest) GetSource() string {
-	if x != nil {
-		return x.Source
-	}
-	return ""
-}
-
-func (x *AddBlockedKeyRequest) GetComment() string {
-	if x != nil {
-		return x.Comment
-	}
-	return ""
-}
-
-func (x *AddBlockedKeyRequest) GetRevokedBy() int64 {
-	if x != nil {
-		return x.RevokedBy
-	}
-	return 0
-}
-
-type KeyBlockedRequest struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	KeyHash []byte `protobuf:"bytes,1,opt,name=keyHash,proto3" json:"keyHash,omitempty"`
-}
-
-func (x *KeyBlockedRequest) Reset() {
-	*x = KeyBlockedRequest{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[39]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *KeyBlockedRequest) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*KeyBlockedRequest) ProtoMessage() {}
-
-func (x *KeyBlockedRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[39]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use KeyBlockedRequest.ProtoReflect.Descriptor instead.
-func (*KeyBlockedRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{39}
-}
-
-func (x *KeyBlockedRequest) GetKeyHash() []byte {
-	if x != nil {
-		return x.KeyHash
-	}
-	return nil
-}
-
-type Incident struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Id          int64  `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"`
-	SerialTable string `protobuf:"bytes,2,opt,name=serialTable,proto3" json:"serialTable,omitempty"`
-	Url         string `protobuf:"bytes,3,opt,name=url,proto3" json:"url,omitempty"`
-	RenewBy     int64  `protobuf:"varint,4,opt,name=renewBy,proto3" json:"renewBy,omitempty"` // Unix timestamp (nanoseconds)
-	Enabled     bool   `protobuf:"varint,5,opt,name=enabled,proto3" json:"enabled,omitempty"`
-}
-
-func (x *Incident) Reset() {
-	*x = Incident{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[40]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *Incident) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*Incident) ProtoMessage() {}
-
-func (x *Incident) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[40]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use Incident.ProtoReflect.Descriptor instead.
-func (*Incident) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{40}
-}
-
-func (x *Incident) GetId() int64 {
-	if x != nil {
-		return x.Id
-	}
-	return 0
-}
-
-func (x *Incident) GetSerialTable() string {
-	if x != nil {
-		return x.SerialTable
-	}
-	return ""
-}
-
-func (x *Incident) GetUrl() string {
-	if x != nil {
-		return x.Url
-	}
-	return ""
-}
-
-func (x *Incident) GetRenewBy() int64 {
-	if x != nil {
-		return x.RenewBy
-	}
-	return 0
-}
-
-func (x *Incident) GetEnabled() bool {
-	if x != nil {
-		return x.Enabled
-	}
-	return false
-}
-
-type Incidents struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Incidents []*Incident `protobuf:"bytes,1,rep,name=incidents,proto3" json:"incidents,omitempty"`
-}
-
-func (x *Incidents) Reset() {
-	*x = Incidents{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[41]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *Incidents) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*Incidents) ProtoMessage() {}
-
-func (x *Incidents) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[41]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use Incidents.ProtoReflect.Descriptor instead.
-func (*Incidents) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{41}
-}
-
-func (x *Incidents) GetIncidents() []*Incident {
-	if x != nil {
-		return x.Incidents
-	}
-	return nil
-}
-
-type SerialsForIncidentRequest struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	IncidentTable string `protobuf:"bytes,1,opt,name=incidentTable,proto3" json:"incidentTable,omitempty"`
-}
-
-func (x *SerialsForIncidentRequest) Reset() {
-	*x = SerialsForIncidentRequest{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[42]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *SerialsForIncidentRequest) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*SerialsForIncidentRequest) ProtoMessage() {}
-
-func (x *SerialsForIncidentRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[42]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use SerialsForIncidentRequest.ProtoReflect.Descriptor instead.
-func (*SerialsForIncidentRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{42}
-}
-
-func (x *SerialsForIncidentRequest) GetIncidentTable() string {
-	if x != nil {
-		return x.IncidentTable
-	}
-	return ""
-}
-
-type IncidentSerial struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Serial         string `protobuf:"bytes,1,opt,name=serial,proto3" json:"serial,omitempty"`
-	RegistrationID int64  `protobuf:"varint,2,opt,name=registrationID,proto3" json:"registrationID,omitempty"`
-	OrderID        int64  `protobuf:"varint,3,opt,name=orderID,proto3" json:"orderID,omitempty"`
-	LastNoticeSent int64  `protobuf:"varint,4,opt,name=lastNoticeSent,proto3" json:"lastNoticeSent,omitempty"` // Unix timestamp (nanoseconds)
-}
-
-func (x *IncidentSerial) Reset() {
-	*x = IncidentSerial{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[43]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *IncidentSerial) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*IncidentSerial) ProtoMessage() {}
-
-func (x *IncidentSerial) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[43]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use IncidentSerial.ProtoReflect.Descriptor instead.
-func (*IncidentSerial) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{43}
-}
-
-func (x *IncidentSerial) GetSerial() string {
-	if x != nil {
-		return x.Serial
-	}
-	return ""
-}
-
-func (x *IncidentSerial) GetRegistrationID() int64 {
-	if x != nil {
-		return x.RegistrationID
-	}
-	return 0
-}
-
-func (x *IncidentSerial) GetOrderID() int64 {
-	if x != nil {
-		return x.OrderID
-	}
-	return 0
-}
-
-func (x *IncidentSerial) GetLastNoticeSent() int64 {
-	if x != nil {
-		return x.LastNoticeSent
-	}
-	return 0
-}
-
-type GetRevokedCertsRequest struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	IssuerNameID  int64 `protobuf:"varint,1,opt,name=issuerNameID,proto3" json:"issuerNameID,omitempty"`
-	ExpiresAfter  int64 `protobuf:"varint,2,opt,name=expiresAfter,proto3" json:"expiresAfter,omitempty"`   // Unix timestamp (nanoseconds), inclusive
-	ExpiresBefore int64 `protobuf:"varint,3,opt,name=expiresBefore,proto3" json:"expiresBefore,omitempty"` // Unix timestamp (nanoseconds), exclusive
-	RevokedBefore int64 `protobuf:"varint,4,opt,name=revokedBefore,proto3" json:"revokedBefore,omitempty"` // Unix timestamp (nanoseconds)
-}
-
-func (x *GetRevokedCertsRequest) Reset() {
-	*x = GetRevokedCertsRequest{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[44]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *GetRevokedCertsRequest) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*GetRevokedCertsRequest) ProtoMessage() {}
-
-func (x *GetRevokedCertsRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[44]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use GetRevokedCertsRequest.ProtoReflect.Descriptor instead.
-func (*GetRevokedCertsRequest) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{44}
-}
-
-func (x *GetRevokedCertsRequest) GetIssuerNameID() int64 {
-	if x != nil {
-		return x.IssuerNameID
-	}
-	return 0
-}
-
-func (x *GetRevokedCertsRequest) GetExpiresAfter() int64 {
-	if x != nil {
-		return x.ExpiresAfter
-	}
-	return 0
-}
-
-func (x *GetRevokedCertsRequest) GetExpiresBefore() int64 {
-	if x != nil {
-		return x.ExpiresBefore
-	}
-	return 0
-}
-
-func (x *GetRevokedCertsRequest) GetRevokedBefore() int64 {
-	if x != nil {
-		return x.RevokedBefore
-	}
-	return 0
-}
-
-type RevocationStatus struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Status        int64                  `protobuf:"varint,1,opt,name=status,proto3" json:"status,omitempty"`
-	RevokedReason int64                  `protobuf:"varint,2,opt,name=revokedReason,proto3" json:"revokedReason,omitempty"`
-	RevokedDate   *timestamppb.Timestamp `protobuf:"bytes,3,opt,name=revokedDate,proto3" json:"revokedDate,omitempty"` // Unix timestamp (nanoseconds)
-}
-
-func (x *RevocationStatus) Reset() {
-	*x = RevocationStatus{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[45]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *RevocationStatus) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*RevocationStatus) ProtoMessage() {}
-
-func (x *RevocationStatus) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[45]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use RevocationStatus.ProtoReflect.Descriptor instead.
-func (*RevocationStatus) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{45}
-}
-
-func (x *RevocationStatus) GetStatus() int64 {
-	if x != nil {
-		return x.Status
-	}
-	return 0
-}
-
-func (x *RevocationStatus) GetRevokedReason() int64 {
-	if x != nil {
-		return x.RevokedReason
-	}
-	return 0
-}
-
-func (x *RevocationStatus) GetRevokedDate() *timestamppb.Timestamp {
-	if x != nil {
-		return x.RevokedDate
-	}
-	return nil
-}
-
-type ValidAuthorizations_MapElement struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Domain string               `protobuf:"bytes,1,opt,name=domain,proto3" json:"domain,omitempty"`
-	Authz  *proto.Authorization `protobuf:"bytes,2,opt,name=authz,proto3" json:"authz,omitempty"`
-}
-
-func (x *ValidAuthorizations_MapElement) Reset() {
-	*x = ValidAuthorizations_MapElement{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[46]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *ValidAuthorizations_MapElement) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*ValidAuthorizations_MapElement) ProtoMessage() {}
-
-func (x *ValidAuthorizations_MapElement) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[46]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use ValidAuthorizations_MapElement.ProtoReflect.Descriptor instead.
-func (*ValidAuthorizations_MapElement) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{5, 0}
-}
-
-func (x *ValidAuthorizations_MapElement) GetDomain() string {
-	if x != nil {
-		return x.Domain
-	}
-	return ""
-}
-
-func (x *ValidAuthorizations_MapElement) GetAuthz() *proto.Authorization {
-	if x != nil {
-		return x.Authz
-	}
-	return nil
-}
-
-type Authorizations_MapElement struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Domain string               `protobuf:"bytes,1,opt,name=domain,proto3" json:"domain,omitempty"`
-	Authz  *proto.Authorization `protobuf:"bytes,2,opt,name=authz,proto3" json:"authz,omitempty"`
-}
-
-func (x *Authorizations_MapElement) Reset() {
-	*x = Authorizations_MapElement{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_sa_proto_msgTypes[48]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *Authorizations_MapElement) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*Authorizations_MapElement) ProtoMessage() {}
-
-func (x *Authorizations_MapElement) ProtoReflect() protoreflect.Message {
-	mi := &file_sa_proto_msgTypes[48]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use Authorizations_MapElement.ProtoReflect.Descriptor instead.
-func (*Authorizations_MapElement) Descriptor() ([]byte, []int) {
-	return file_sa_proto_rawDescGZIP(), []int{31, 0}
-}
-
-func (x *Authorizations_MapElement) GetDomain() string {
-	if x != nil {
-		return x.Domain
-	}
-	return ""
-}
-
-func (x *Authorizations_MapElement) GetAuthz() *proto.Authorization {
-	if x != nil {
-		return x.Authz
-	}
-	return nil
-}
-
-var File_sa_proto protoreflect.FileDescriptor
-
-var file_sa_proto_rawDesc = []byte{
-	0x0a, 0x08, 0x73, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x02, 0x73, 0x61, 0x1a, 0x15,
-	0x63, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x63, 0x6f, 0x72, 0x65, 0x2e,
-	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1b, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x65, 0x6d, 0x70, 0x74, 0x79, 0x2e, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x62, 0x75, 0x66, 0x2f, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x2e, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x22, 0x20, 0x0a, 0x0e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x49, 0x44, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x03, 0x52, 0x02, 0x69, 0x64, 0x22, 0x1e, 0x0a, 0x0a, 0x4a, 0x53, 0x4f, 0x4e, 0x57, 0x65, 0x62,
-	0x4b, 0x65, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6a, 0x77, 0x6b, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c,
-	0x52, 0x03, 0x6a, 0x77, 0x6b, 0x22, 0x21, 0x0a, 0x0f, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69,
-	0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x22, 0xba, 0x01, 0x0a, 0x1e, 0x47, 0x65, 0x74,
-	0x50, 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61,
-	0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x26, 0x0a, 0x0e, 0x72,
-	0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x18, 0x01, 0x20,
-	0x01, 0x28, 0x03, 0x52, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f,
-	0x6e, 0x49, 0x44, 0x12, 0x26, 0x0a, 0x0e, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65,
-	0x72, 0x54, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x69, 0x64, 0x65,
-	0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x54, 0x79, 0x70, 0x65, 0x12, 0x28, 0x0a, 0x0f, 0x69,
-	0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x03,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72,
-	0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x1e, 0x0a, 0x0a, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x55, 0x6e,
-	0x74, 0x69, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0a, 0x76, 0x61, 0x6c, 0x69, 0x64,
-	0x55, 0x6e, 0x74, 0x69, 0x6c, 0x22, 0x73, 0x0a, 0x1d, 0x47, 0x65, 0x74, 0x56, 0x61, 0x6c, 0x69,
-	0x64, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52,
-	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x26, 0x0a, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74,
-	0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e,
-	0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x12, 0x18,
-	0x0a, 0x07, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52,
-	0x07, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x73, 0x12, 0x10, 0x0a, 0x03, 0x6e, 0x6f, 0x77, 0x18,
-	0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x03, 0x6e, 0x6f, 0x77, 0x22, 0xa0, 0x01, 0x0a, 0x13, 0x56,
-	0x61, 0x6c, 0x69, 0x64, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f,
-	0x6e, 0x73, 0x12, 0x38, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x18, 0x01, 0x20, 0x03, 0x28,
-	0x0b, 0x32, 0x22, 0x2e, 0x73, 0x61, 0x2e, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x41, 0x75, 0x74, 0x68,
-	0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x4d, 0x61, 0x70, 0x45, 0x6c,
-	0x65, 0x6d, 0x65, 0x6e, 0x74, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x1a, 0x4f, 0x0a, 0x0a,
-	0x4d, 0x61, 0x70, 0x45, 0x6c, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x6f,
-	0x6d, 0x61, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x64, 0x6f, 0x6d, 0x61,
-	0x69, 0x6e, 0x12, 0x29, 0x0a, 0x05, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x18, 0x02, 0x20, 0x01, 0x28,
-	0x0b, 0x32, 0x13, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69,
-	0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x05, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x22, 0x20, 0x0a,
-	0x06, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x65, 0x72, 0x69, 0x61,
-	0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x22,
-	0x84, 0x01, 0x0a, 0x0e, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61,
-	0x74, 0x61, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x06, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x12, 0x26, 0x0a, 0x0e, 0x72, 0x65,
-	0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x18, 0x02, 0x20, 0x01,
-	0x28, 0x03, 0x52, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-	0x49, 0x44, 0x12, 0x18, 0x0a, 0x07, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x18, 0x03, 0x20,
-	0x01, 0x28, 0x03, 0x52, 0x07, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x12, 0x18, 0x0a, 0x07,
-	0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x03, 0x52, 0x07, 0x65,
-	0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x22, 0x3b, 0x0a, 0x05, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x12,
-	0x1a, 0x0a, 0x08, 0x65, 0x61, 0x72, 0x6c, 0x69, 0x65, 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x03, 0x52, 0x08, 0x65, 0x61, 0x72, 0x6c, 0x69, 0x65, 0x73, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x6c,
-	0x61, 0x74, 0x65, 0x73, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x06, 0x6c, 0x61, 0x74,
-	0x65, 0x73, 0x74, 0x22, 0x1d, 0x0a, 0x05, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x14, 0x0a, 0x05,
-	0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x05, 0x63, 0x6f, 0x75,
-	0x6e, 0x74, 0x22, 0x2c, 0x0a, 0x0a, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x73,
-	0x12, 0x1e, 0x0a, 0x0a, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x73, 0x18, 0x01,
-	0x20, 0x03, 0x28, 0x03, 0x52, 0x0a, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x73,
-	0x22, 0x58, 0x0a, 0x1f, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69,
-	0x63, 0x61, 0x74, 0x65, 0x73, 0x42, 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75,
-	0x65, 0x73, 0x74, 0x12, 0x1f, 0x0a, 0x05, 0x72, 0x61, 0x6e, 0x67, 0x65, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x0b, 0x32, 0x09, 0x2e, 0x73, 0x61, 0x2e, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x52, 0x05, 0x72,
-	0x61, 0x6e, 0x67, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x02, 0x20,
-	0x03, 0x28, 0x09, 0x52, 0x05, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x22, 0xb7, 0x01, 0x0a, 0x0c, 0x43,
-	0x6f, 0x75, 0x6e, 0x74, 0x42, 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x34, 0x0a, 0x06, 0x63,
-	0x6f, 0x75, 0x6e, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x73, 0x61,
-	0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x42, 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x2e, 0x43, 0x6f,
-	0x75, 0x6e, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x06, 0x63, 0x6f, 0x75, 0x6e, 0x74,
-	0x73, 0x12, 0x36, 0x0a, 0x08, 0x65, 0x61, 0x72, 0x6c, 0x69, 0x65, 0x73, 0x74, 0x18, 0x02, 0x20,
-	0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52,
-	0x08, 0x65, 0x61, 0x72, 0x6c, 0x69, 0x65, 0x73, 0x74, 0x1a, 0x39, 0x0a, 0x0b, 0x43, 0x6f, 0x75,
-	0x6e, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18,
-	0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61,
-	0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65,
-	0x3a, 0x02, 0x38, 0x01, 0x22, 0x50, 0x0a, 0x1d, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x65, 0x67,
-	0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x42, 0x79, 0x49, 0x50, 0x52, 0x65,
-	0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x70, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x0c, 0x52, 0x02, 0x69, 0x70, 0x12, 0x1f, 0x0a, 0x05, 0x72, 0x61, 0x6e, 0x67, 0x65, 0x18, 0x02,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x09, 0x2e, 0x73, 0x61, 0x2e, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x52,
-	0x05, 0x72, 0x61, 0x6e, 0x67, 0x65, 0x22, 0x88, 0x01, 0x0a, 0x21, 0x43, 0x6f, 0x75, 0x6e, 0x74,
-	0x49, 0x6e, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61,
-	0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x26, 0x0a, 0x0e,
-	0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69,
-	0x6f, 0x6e, 0x49, 0x44, 0x12, 0x1a, 0x0a, 0x08, 0x68, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65,
-	0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x68, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65,
-	0x12, 0x1f, 0x0a, 0x05, 0x72, 0x61, 0x6e, 0x67, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32,
-	0x09, 0x2e, 0x73, 0x61, 0x2e, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x52, 0x05, 0x72, 0x61, 0x6e, 0x67,
-	0x65, 0x22, 0x53, 0x0a, 0x12, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x73,
-	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1c, 0x0a, 0x09, 0x61, 0x63, 0x63, 0x6f, 0x75,
-	0x6e, 0x74, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x09, 0x61, 0x63, 0x63, 0x6f,
-	0x75, 0x6e, 0x74, 0x49, 0x44, 0x12, 0x1f, 0x0a, 0x05, 0x72, 0x61, 0x6e, 0x67, 0x65, 0x18, 0x02,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x09, 0x2e, 0x73, 0x61, 0x2e, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x52,
-	0x05, 0x72, 0x61, 0x6e, 0x67, 0x65, 0x22, 0x48, 0x0a, 0x14, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x46,
-	0x51, 0x44, 0x4e, 0x53, 0x65, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x16,
-	0x0a, 0x06, 0x77, 0x69, 0x6e, 0x64, 0x6f, 0x77, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x06,
-	0x77, 0x69, 0x6e, 0x64, 0x6f, 0x77, 0x12, 0x18, 0x0a, 0x07, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e,
-	0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x73,
-	0x22, 0x30, 0x0a, 0x14, 0x46, 0x51, 0x44, 0x4e, 0x53, 0x65, 0x74, 0x45, 0x78, 0x69, 0x73, 0x74,
-	0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x18, 0x0a, 0x07, 0x64, 0x6f, 0x6d, 0x61,
-	0x69, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x64, 0x6f, 0x6d, 0x61, 0x69,
-	0x6e, 0x73, 0x22, 0x50, 0x0a, 0x20, 0x50, 0x72, 0x65, 0x76, 0x69, 0x6f, 0x75, 0x73, 0x43, 0x65,
-	0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x45, 0x78, 0x69, 0x73, 0x74, 0x73, 0x52,
-	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e,
-	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x12, 0x14,
-	0x0a, 0x05, 0x72, 0x65, 0x67, 0x49, 0x44, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x05, 0x72,
-	0x65, 0x67, 0x49, 0x44, 0x22, 0x20, 0x0a, 0x06, 0x45, 0x78, 0x69, 0x73, 0x74, 0x73, 0x12, 0x16,
-	0x0a, 0x06, 0x65, 0x78, 0x69, 0x73, 0x74, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06,
-	0x65, 0x78, 0x69, 0x73, 0x74, 0x73, 0x22, 0x74, 0x0a, 0x10, 0x41, 0x64, 0x64, 0x53, 0x65, 0x72,
-	0x69, 0x61, 0x6c, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x14, 0x0a, 0x05, 0x72, 0x65,
-	0x67, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x05, 0x72, 0x65, 0x67, 0x49, 0x44,
-	0x12, 0x16, 0x0a, 0x06, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x06, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x12, 0x18, 0x0a, 0x07, 0x63, 0x72, 0x65, 0x61,
-	0x74, 0x65, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x07, 0x63, 0x72, 0x65, 0x61, 0x74,
-	0x65, 0x64, 0x12, 0x18, 0x0a, 0x07, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x18, 0x04, 0x20,
-	0x01, 0x28, 0x03, 0x52, 0x07, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x22, 0x87, 0x01, 0x0a,
-	0x15, 0x41, 0x64, 0x64, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52,
-	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x64, 0x65, 0x72, 0x18, 0x01, 0x20,
-	0x01, 0x28, 0x0c, 0x52, 0x03, 0x64, 0x65, 0x72, 0x12, 0x14, 0x0a, 0x05, 0x72, 0x65, 0x67, 0x49,
-	0x44, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x05, 0x72, 0x65, 0x67, 0x49, 0x44, 0x12, 0x12,
-	0x0a, 0x04, 0x6f, 0x63, 0x73, 0x70, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x04, 0x6f, 0x63,
-	0x73, 0x70, 0x12, 0x16, 0x0a, 0x06, 0x69, 0x73, 0x73, 0x75, 0x65, 0x64, 0x18, 0x04, 0x20, 0x01,
-	0x28, 0x03, 0x52, 0x06, 0x69, 0x73, 0x73, 0x75, 0x65, 0x64, 0x12, 0x1a, 0x0a, 0x08, 0x69, 0x73,
-	0x73, 0x75, 0x65, 0x72, 0x49, 0x44, 0x18, 0x05, 0x20, 0x01, 0x28, 0x03, 0x52, 0x08, 0x69, 0x73,
-	0x73, 0x75, 0x65, 0x72, 0x49, 0x44, 0x22, 0x30, 0x0a, 0x16, 0x41, 0x64, 0x64, 0x43, 0x65, 0x72,
-	0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
-	0x12, 0x16, 0x0a, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x22, 0x1e, 0x0a, 0x0c, 0x4f, 0x72, 0x64, 0x65,
-	0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x03, 0x52, 0x02, 0x69, 0x64, 0x22, 0x95, 0x01, 0x0a, 0x0f, 0x4e, 0x65, 0x77,
-	0x4f, 0x72, 0x64, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x26, 0x0a, 0x0e,
-	0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69,
-	0x6f, 0x6e, 0x49, 0x44, 0x12, 0x18, 0x0a, 0x07, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x18,
-	0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x07, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x12, 0x14,
-	0x0a, 0x05, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x05, 0x6e,
-	0x61, 0x6d, 0x65, 0x73, 0x12, 0x2a, 0x0a, 0x10, 0x76, 0x32, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72,
-	0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x03, 0x52, 0x10,
-	0x76, 0x32, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73,
-	0x22, 0x7e, 0x0a, 0x18, 0x4e, 0x65, 0x77, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x41, 0x6e, 0x64, 0x41,
-	0x75, 0x74, 0x68, 0x7a, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x2f, 0x0a, 0x08,
-	0x6e, 0x65, 0x77, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13,
-	0x2e, 0x73, 0x61, 0x2e, 0x4e, 0x65, 0x77, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75,
-	0x65, 0x73, 0x74, 0x52, 0x08, 0x6e, 0x65, 0x77, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x12, 0x31, 0x0a,
-	0x09, 0x6e, 0x65, 0x77, 0x41, 0x75, 0x74, 0x68, 0x7a, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b,
-	0x32, 0x13, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a,
-	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x09, 0x6e, 0x65, 0x77, 0x41, 0x75, 0x74, 0x68, 0x7a, 0x73,
-	0x22, 0x52, 0x0a, 0x14, 0x53, 0x65, 0x74, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x45, 0x72, 0x72, 0x6f,
-	0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x03, 0x52, 0x02, 0x69, 0x64, 0x12, 0x2a, 0x0a, 0x05, 0x65, 0x72, 0x72, 0x6f,
-	0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x50,
-	0x72, 0x6f, 0x62, 0x6c, 0x65, 0x6d, 0x44, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x52, 0x05, 0x65,
-	0x72, 0x72, 0x6f, 0x72, 0x22, 0x4c, 0x0a, 0x22, 0x47, 0x65, 0x74, 0x56, 0x61, 0x6c, 0x69, 0x64,
-	0x4f, 0x72, 0x64, 0x65, 0x72, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69,
-	0x6f, 0x6e, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64,
-	0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x02, 0x69, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x61, 0x63,
-	0x63, 0x74, 0x49, 0x44, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x06, 0x61, 0x63, 0x63, 0x74,
-	0x49, 0x44, 0x22, 0x47, 0x0a, 0x17, 0x47, 0x65, 0x74, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x46, 0x6f,
-	0x72, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x16, 0x0a,
-	0x06, 0x61, 0x63, 0x63, 0x74, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x06, 0x61,
-	0x63, 0x63, 0x74, 0x49, 0x44, 0x12, 0x14, 0x0a, 0x05, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x02,
-	0x20, 0x03, 0x28, 0x09, 0x52, 0x05, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x22, 0x54, 0x0a, 0x14, 0x46,
-	0x69, 0x6e, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75,
-	0x65, 0x73, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52,
-	0x02, 0x69, 0x64, 0x12, 0x2c, 0x0a, 0x11, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61,
-	0x74, 0x65, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11,
-	0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x69, 0x61,
-	0x6c, 0x22, 0x6e, 0x0a, 0x18, 0x47, 0x65, 0x74, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a,
-	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x26, 0x0a,
-	0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x18,
-	0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x49, 0x44, 0x12, 0x18, 0x0a, 0x07, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x73,
-	0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x73, 0x12,
-	0x10, 0x0a, 0x03, 0x6e, 0x6f, 0x77, 0x18, 0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x03, 0x6e, 0x6f,
-	0x77, 0x22, 0x96, 0x01, 0x0a, 0x0e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x73, 0x12, 0x33, 0x0a, 0x05, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x18, 0x01, 0x20,
-	0x03, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x73, 0x61, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69,
-	0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x4d, 0x61, 0x70, 0x45, 0x6c, 0x65, 0x6d, 0x65,
-	0x6e, 0x74, 0x52, 0x05, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x1a, 0x4f, 0x0a, 0x0a, 0x4d, 0x61, 0x70,
-	0x45, 0x6c, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x6f, 0x6d, 0x61, 0x69,
-	0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x12,
-	0x29, 0x0a, 0x05, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13,
-	0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x52, 0x05, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x22, 0x4c, 0x0a, 0x1f, 0x41, 0x64,
-	0x64, 0x50, 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a,
-	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x29, 0x0a,
-	0x05, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x63,
-	0x6f, 0x72, 0x65, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f,
-	0x6e, 0x52, 0x05, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x22, 0x24, 0x0a, 0x10, 0x41, 0x75, 0x74, 0x68,
-	0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x73, 0x12, 0x10, 0x0a, 0x03,
-	0x69, 0x64, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x03, 0x69, 0x64, 0x73, 0x22, 0x22,
-	0x0a, 0x10, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49,
-	0x44, 0x32, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x02,
-	0x69, 0x64, 0x22, 0x25, 0x0a, 0x11, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x32, 0x49, 0x44, 0x73, 0x12, 0x10, 0x0a, 0x03, 0x69, 0x64, 0x73, 0x18, 0x01,
-	0x20, 0x03, 0x28, 0x03, 0x52, 0x03, 0x69, 0x64, 0x73, 0x22, 0xb2, 0x01, 0x0a, 0x18, 0x52, 0x65,
-	0x76, 0x6f, 0x6b, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52,
-	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c,
-	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x12, 0x16,
-	0x0a, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x06,
-	0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x64, 0x61, 0x74, 0x65, 0x18, 0x03,
-	0x20, 0x01, 0x28, 0x03, 0x52, 0x04, 0x64, 0x61, 0x74, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x62, 0x61,
-	0x63, 0x6b, 0x64, 0x61, 0x74, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x03, 0x52, 0x08, 0x62, 0x61,
-	0x63, 0x6b, 0x64, 0x61, 0x74, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e,
-	0x73, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x08, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e,
-	0x73, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x49, 0x44, 0x18, 0x06,
-	0x20, 0x01, 0x28, 0x03, 0x52, 0x08, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x49, 0x44, 0x22, 0xa6,
-	0x02, 0x0a, 0x1c, 0x46, 0x69, 0x6e, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f,
-	0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12,
-	0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x02, 0x69, 0x64, 0x12,
-	0x16, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x65, 0x78, 0x70, 0x69, 0x72,
-	0x65, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x07, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65,
-	0x73, 0x12, 0x1c, 0x0a, 0x09, 0x61, 0x74, 0x74, 0x65, 0x6d, 0x70, 0x74, 0x65, 0x64, 0x18, 0x04,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x61, 0x74, 0x74, 0x65, 0x6d, 0x70, 0x74, 0x65, 0x64, 0x12,
-	0x44, 0x0a, 0x11, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x63,
-	0x6f, 0x72, 0x64, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x63, 0x6f, 0x72,
-	0x65, 0x2e, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x63, 0x6f,
-	0x72, 0x64, 0x52, 0x11, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65,
-	0x63, 0x6f, 0x72, 0x64, 0x73, 0x12, 0x3e, 0x0a, 0x0f, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14,
-	0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x50, 0x72, 0x6f, 0x62, 0x6c, 0x65, 0x6d, 0x44, 0x65, 0x74,
-	0x61, 0x69, 0x6c, 0x73, 0x52, 0x0f, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-	0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x20, 0x0a, 0x0b, 0x61, 0x74, 0x74, 0x65, 0x6d, 0x70, 0x74,
-	0x65, 0x64, 0x41, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0b, 0x61, 0x74, 0x74, 0x65,
-	0x6d, 0x70, 0x74, 0x65, 0x64, 0x41, 0x74, 0x22, 0x96, 0x01, 0x0a, 0x14, 0x41, 0x64, 0x64, 0x42,
-	0x6c, 0x6f, 0x63, 0x6b, 0x65, 0x64, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
-	0x12, 0x18, 0x0a, 0x07, 0x6b, 0x65, 0x79, 0x48, 0x61, 0x73, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x0c, 0x52, 0x07, 0x6b, 0x65, 0x79, 0x48, 0x61, 0x73, 0x68, 0x12, 0x14, 0x0a, 0x05, 0x61, 0x64,
-	0x64, 0x65, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x05, 0x61, 0x64, 0x64, 0x65, 0x64,
-	0x12, 0x16, 0x0a, 0x06, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x06, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x63, 0x6f, 0x6d, 0x6d,
-	0x65, 0x6e, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x63, 0x6f, 0x6d, 0x6d, 0x65,
-	0x6e, 0x74, 0x12, 0x1c, 0x0a, 0x09, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x42, 0x79, 0x18,
-	0x05, 0x20, 0x01, 0x28, 0x03, 0x52, 0x09, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x42, 0x79,
-	0x22, 0x2d, 0x0a, 0x11, 0x4b, 0x65, 0x79, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x65, 0x64, 0x52, 0x65,
-	0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x18, 0x0a, 0x07, 0x6b, 0x65, 0x79, 0x48, 0x61, 0x73, 0x68,
-	0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x07, 0x6b, 0x65, 0x79, 0x48, 0x61, 0x73, 0x68, 0x22,
-	0x82, 0x01, 0x0a, 0x08, 0x49, 0x6e, 0x63, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x12, 0x0e, 0x0a, 0x02,
-	0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x02, 0x69, 0x64, 0x12, 0x20, 0x0a, 0x0b,
-	0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x54, 0x61, 0x62, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x0b, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x54, 0x61, 0x62, 0x6c, 0x65, 0x12, 0x10,
-	0x0a, 0x03, 0x75, 0x72, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x75, 0x72, 0x6c,
-	0x12, 0x18, 0x0a, 0x07, 0x72, 0x65, 0x6e, 0x65, 0x77, 0x42, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28,
-	0x03, 0x52, 0x07, 0x72, 0x65, 0x6e, 0x65, 0x77, 0x42, 0x79, 0x12, 0x18, 0x0a, 0x07, 0x65, 0x6e,
-	0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x65, 0x6e, 0x61,
-	0x62, 0x6c, 0x65, 0x64, 0x22, 0x37, 0x0a, 0x09, 0x49, 0x6e, 0x63, 0x69, 0x64, 0x65, 0x6e, 0x74,
-	0x73, 0x12, 0x2a, 0x0a, 0x09, 0x69, 0x6e, 0x63, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x01,
-	0x20, 0x03, 0x28, 0x0b, 0x32, 0x0c, 0x2e, 0x73, 0x61, 0x2e, 0x49, 0x6e, 0x63, 0x69, 0x64, 0x65,
-	0x6e, 0x74, 0x52, 0x09, 0x69, 0x6e, 0x63, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x73, 0x22, 0x41, 0x0a,
-	0x19, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x73, 0x46, 0x6f, 0x72, 0x49, 0x6e, 0x63, 0x69, 0x64,
-	0x65, 0x6e, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x24, 0x0a, 0x0d, 0x69, 0x6e,
-	0x63, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x54, 0x61, 0x62, 0x6c, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x0d, 0x69, 0x6e, 0x63, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x54, 0x61, 0x62, 0x6c, 0x65,
-	0x22, 0x92, 0x01, 0x0a, 0x0e, 0x49, 0x6e, 0x63, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x53, 0x65, 0x72,
-	0x69, 0x61, 0x6c, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x18, 0x01, 0x20,
-	0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x12, 0x26, 0x0a, 0x0e, 0x72,
-	0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x18, 0x02, 0x20,
-	0x01, 0x28, 0x03, 0x52, 0x0e, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f,
-	0x6e, 0x49, 0x44, 0x12, 0x18, 0x0a, 0x07, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x49, 0x44, 0x18, 0x03,
-	0x20, 0x01, 0x28, 0x03, 0x52, 0x07, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x49, 0x44, 0x12, 0x26, 0x0a,
-	0x0e, 0x6c, 0x61, 0x73, 0x74, 0x4e, 0x6f, 0x74, 0x69, 0x63, 0x65, 0x53, 0x65, 0x6e, 0x74, 0x18,
-	0x04, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x6c, 0x61, 0x73, 0x74, 0x4e, 0x6f, 0x74, 0x69, 0x63,
-	0x65, 0x53, 0x65, 0x6e, 0x74, 0x22, 0xac, 0x01, 0x0a, 0x16, 0x47, 0x65, 0x74, 0x52, 0x65, 0x76,
-	0x6f, 0x6b, 0x65, 0x64, 0x43, 0x65, 0x72, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
-	0x12, 0x22, 0x0a, 0x0c, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x49, 0x44,
-	0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0c, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x4e, 0x61,
-	0x6d, 0x65, 0x49, 0x44, 0x12, 0x22, 0x0a, 0x0c, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x41,
-	0x66, 0x74, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0c, 0x65, 0x78, 0x70, 0x69,
-	0x72, 0x65, 0x73, 0x41, 0x66, 0x74, 0x65, 0x72, 0x12, 0x24, 0x0a, 0x0d, 0x65, 0x78, 0x70, 0x69,
-	0x72, 0x65, 0x73, 0x42, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x03, 0x52,
-	0x0d, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x42, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x12, 0x24,
-	0x0a, 0x0d, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x42, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x18,
-	0x04, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0d, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x42, 0x65,
-	0x66, 0x6f, 0x72, 0x65, 0x22, 0x8e, 0x01, 0x0a, 0x10, 0x52, 0x65, 0x76, 0x6f, 0x63, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x74, 0x61,
-	0x74, 0x75, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75,
-	0x73, 0x12, 0x24, 0x0a, 0x0d, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x52, 0x65, 0x61, 0x73,
-	0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0d, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65,
-	0x64, 0x52, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x12, 0x3c, 0x0a, 0x0b, 0x72, 0x65, 0x76, 0x6f, 0x6b,
-	0x65, 0x64, 0x44, 0x61, 0x74, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67,
-	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54,
-	0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x0b, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65,
-	0x64, 0x44, 0x61, 0x74, 0x65, 0x32, 0xb2, 0x0f, 0x0a, 0x18, 0x53, 0x74, 0x6f, 0x72, 0x61, 0x67,
-	0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x61, 0x64, 0x4f, 0x6e,
-	0x6c, 0x79, 0x12, 0x53, 0x0a, 0x18, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x43, 0x65, 0x72, 0x74, 0x69,
-	0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x42, 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x23,
-	0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69,
-	0x63, 0x61, 0x74, 0x65, 0x73, 0x42, 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75,
-	0x65, 0x73, 0x74, 0x1a, 0x10, 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x42, 0x79,
-	0x4e, 0x61, 0x6d, 0x65, 0x73, 0x22, 0x00, 0x12, 0x36, 0x0a, 0x0d, 0x43, 0x6f, 0x75, 0x6e, 0x74,
-	0x46, 0x51, 0x44, 0x4e, 0x53, 0x65, 0x74, 0x73, 0x12, 0x18, 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f,
-	0x75, 0x6e, 0x74, 0x46, 0x51, 0x44, 0x4e, 0x53, 0x65, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65,
-	0x73, 0x74, 0x1a, 0x09, 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x22, 0x00, 0x12,
-	0x51, 0x0a, 0x1b, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x49, 0x6e, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x41,
-	0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x32, 0x12, 0x25,
-	0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x49, 0x6e, 0x76, 0x61, 0x6c, 0x69, 0x64,
-	0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65,
-	0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x09, 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74,
-	0x22, 0x00, 0x12, 0x32, 0x0a, 0x0b, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x4f, 0x72, 0x64, 0x65, 0x72,
-	0x73, 0x12, 0x16, 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x4f, 0x72, 0x64, 0x65,
-	0x72, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x09, 0x2e, 0x73, 0x61, 0x2e, 0x43,
-	0x6f, 0x75, 0x6e, 0x74, 0x22, 0x00, 0x12, 0x3e, 0x0a, 0x1b, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x50,
-	0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x73, 0x32, 0x12, 0x12, 0x2e, 0x73, 0x61, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73,
-	0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x1a, 0x09, 0x2e, 0x73, 0x61, 0x2e, 0x43,
-	0x6f, 0x75, 0x6e, 0x74, 0x22, 0x00, 0x12, 0x48, 0x0a, 0x16, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x52,
-	0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x42, 0x79, 0x49, 0x50,
-	0x12, 0x21, 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x65, 0x67, 0x69, 0x73,
-	0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x42, 0x79, 0x49, 0x50, 0x52, 0x65, 0x71, 0x75,
-	0x65, 0x73, 0x74, 0x1a, 0x09, 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x22, 0x00,
-	0x12, 0x4d, 0x0a, 0x1b, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72,
-	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x42, 0x79, 0x49, 0x50, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x12,
-	0x21, 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74,
-	0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x42, 0x79, 0x49, 0x50, 0x52, 0x65, 0x71, 0x75, 0x65,
-	0x73, 0x74, 0x1a, 0x09, 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x22, 0x00, 0x12,
-	0x37, 0x0a, 0x0d, 0x46, 0x51, 0x44, 0x4e, 0x53, 0x65, 0x74, 0x45, 0x78, 0x69, 0x73, 0x74, 0x73,
-	0x12, 0x18, 0x2e, 0x73, 0x61, 0x2e, 0x46, 0x51, 0x44, 0x4e, 0x53, 0x65, 0x74, 0x45, 0x78, 0x69,
-	0x73, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0a, 0x2e, 0x73, 0x61, 0x2e,
-	0x45, 0x78, 0x69, 0x73, 0x74, 0x73, 0x22, 0x00, 0x12, 0x48, 0x0a, 0x1a, 0x46, 0x51, 0x44, 0x4e,
-	0x53, 0x65, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x73, 0x46, 0x6f, 0x72,
-	0x57, 0x69, 0x6e, 0x64, 0x6f, 0x77, 0x12, 0x18, 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e,
-	0x74, 0x46, 0x51, 0x44, 0x4e, 0x53, 0x65, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
-	0x1a, 0x0e, 0x2e, 0x73, 0x61, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x73,
-	0x22, 0x00, 0x12, 0x40, 0x0a, 0x11, 0x47, 0x65, 0x74, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69,
-	0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x32, 0x12, 0x14, 0x2e, 0x73, 0x61, 0x2e, 0x41, 0x75, 0x74,
-	0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x32, 0x1a, 0x13, 0x2e,
-	0x63, 0x6f, 0x72, 0x65, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69,
-	0x6f, 0x6e, 0x22, 0x00, 0x12, 0x48, 0x0a, 0x12, 0x47, 0x65, 0x74, 0x41, 0x75, 0x74, 0x68, 0x6f,
-	0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x32, 0x12, 0x1c, 0x2e, 0x73, 0x61, 0x2e,
-	0x47, 0x65, 0x74, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-	0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x12, 0x2e, 0x73, 0x61, 0x2e, 0x41, 0x75,
-	0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0x00, 0x12, 0x31,
-	0x0a, 0x0e, 0x47, 0x65, 0x74, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65,
-	0x12, 0x0a, 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x1a, 0x11, 0x2e, 0x63,
-	0x6f, 0x72, 0x65, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x22,
-	0x00, 0x12, 0x3d, 0x0a, 0x14, 0x47, 0x65, 0x74, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
-	0x61, 0x74, 0x65, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x0a, 0x2e, 0x73, 0x61, 0x2e, 0x53,
-	0x65, 0x72, 0x69, 0x61, 0x6c, 0x1a, 0x17, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x43, 0x65, 0x72,
-	0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x22, 0x00,
-	0x12, 0x48, 0x0a, 0x10, 0x47, 0x65, 0x74, 0x4d, 0x61, 0x78, 0x45, 0x78, 0x70, 0x69, 0x72, 0x61,
-	0x74, 0x69, 0x6f, 0x6e, 0x12, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x1a, 0x1a, 0x2e, 0x67,
-	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54,
-	0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x22, 0x00, 0x12, 0x2b, 0x0a, 0x08, 0x47, 0x65,
-	0x74, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x12, 0x10, 0x2e, 0x73, 0x61, 0x2e, 0x4f, 0x72, 0x64, 0x65,
-	0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0b, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e,
-	0x4f, 0x72, 0x64, 0x65, 0x72, 0x22, 0x00, 0x12, 0x3e, 0x0a, 0x10, 0x47, 0x65, 0x74, 0x4f, 0x72,
-	0x64, 0x65, 0x72, 0x46, 0x6f, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x1b, 0x2e, 0x73, 0x61,
-	0x2e, 0x47, 0x65, 0x74, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x46, 0x6f, 0x72, 0x4e, 0x61, 0x6d, 0x65,
-	0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0b, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e,
-	0x4f, 0x72, 0x64, 0x65, 0x72, 0x22, 0x00, 0x12, 0x55, 0x0a, 0x18, 0x47, 0x65, 0x74, 0x50, 0x65,
-	0x6e, 0x64, 0x69, 0x6e, 0x67, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69,
-	0x6f, 0x6e, 0x32, 0x12, 0x22, 0x2e, 0x73, 0x61, 0x2e, 0x47, 0x65, 0x74, 0x50, 0x65, 0x6e, 0x64,
-	0x69, 0x6e, 0x67, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x13, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x41,
-	0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x00, 0x12, 0x34,
-	0x0a, 0x11, 0x47, 0x65, 0x74, 0x50, 0x72, 0x65, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
-	0x61, 0x74, 0x65, 0x12, 0x0a, 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x1a,
-	0x11, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61,
-	0x74, 0x65, 0x22, 0x00, 0x12, 0x3b, 0x0a, 0x0f, 0x47, 0x65, 0x74, 0x52, 0x65, 0x67, 0x69, 0x73,
-	0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x2e, 0x73, 0x61, 0x2e, 0x52, 0x65, 0x67,
-	0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x1a, 0x12, 0x2e, 0x63, 0x6f,
-	0x72, 0x65, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22,
-	0x00, 0x12, 0x3c, 0x0a, 0x14, 0x47, 0x65, 0x74, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61,
-	0x74, 0x69, 0x6f, 0x6e, 0x42, 0x79, 0x4b, 0x65, 0x79, 0x12, 0x0e, 0x2e, 0x73, 0x61, 0x2e, 0x4a,
-	0x53, 0x4f, 0x4e, 0x57, 0x65, 0x62, 0x4b, 0x65, 0x79, 0x1a, 0x12, 0x2e, 0x63, 0x6f, 0x72, 0x65,
-	0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x00, 0x12,
-	0x39, 0x0a, 0x13, 0x47, 0x65, 0x74, 0x52, 0x65, 0x76, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-	0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x0a, 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, 0x72, 0x69,
-	0x61, 0x6c, 0x1a, 0x14, 0x2e, 0x73, 0x61, 0x2e, 0x52, 0x65, 0x76, 0x6f, 0x63, 0x61, 0x74, 0x69,
-	0x6f, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x22, 0x00, 0x12, 0x41, 0x0a, 0x0f, 0x47, 0x65,
-	0x74, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x43, 0x65, 0x72, 0x74, 0x73, 0x12, 0x1a, 0x2e,
-	0x73, 0x61, 0x2e, 0x47, 0x65, 0x74, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x43, 0x65, 0x72,
-	0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0e, 0x2e, 0x63, 0x6f, 0x72, 0x65,
-	0x2e, 0x43, 0x52, 0x4c, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x22, 0x00, 0x30, 0x01, 0x12, 0x35, 0x0a,
-	0x11, 0x47, 0x65, 0x74, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61,
-	0x74, 0x61, 0x12, 0x0a, 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x1a, 0x12,
-	0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61,
-	0x74, 0x61, 0x22, 0x00, 0x12, 0x52, 0x0a, 0x17, 0x47, 0x65, 0x74, 0x56, 0x61, 0x6c, 0x69, 0x64,
-	0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x32, 0x12,
-	0x21, 0x2e, 0x73, 0x61, 0x2e, 0x47, 0x65, 0x74, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x41, 0x75, 0x74,
-	0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65,
-	0x73, 0x74, 0x1a, 0x12, 0x2e, 0x73, 0x61, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a,
-	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0x00, 0x12, 0x5c, 0x0a, 0x1c, 0x47, 0x65, 0x74, 0x56,
-	0x61, 0x6c, 0x69, 0x64, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69,
-	0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x32, 0x12, 0x26, 0x2e, 0x73, 0x61, 0x2e, 0x47, 0x65,
-	0x74, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x41, 0x75, 0x74, 0x68, 0x6f,
-	0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
-	0x1a, 0x12, 0x2e, 0x73, 0x61, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x73, 0x22, 0x00, 0x12, 0x31, 0x0a, 0x12, 0x49, 0x6e, 0x63, 0x69, 0x64, 0x65,
-	0x6e, 0x74, 0x73, 0x46, 0x6f, 0x72, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x12, 0x0a, 0x2e, 0x73,
-	0x61, 0x2e, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x1a, 0x0d, 0x2e, 0x73, 0x61, 0x2e, 0x49, 0x6e,
-	0x63, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x73, 0x22, 0x00, 0x12, 0x31, 0x0a, 0x0a, 0x4b, 0x65, 0x79,
-	0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x65, 0x64, 0x12, 0x15, 0x2e, 0x73, 0x61, 0x2e, 0x4b, 0x65, 0x79,
-	0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x65, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0a,
-	0x2e, 0x73, 0x61, 0x2e, 0x45, 0x78, 0x69, 0x73, 0x74, 0x73, 0x22, 0x00, 0x12, 0x4f, 0x0a, 0x19,
-	0x50, 0x72, 0x65, 0x76, 0x69, 0x6f, 0x75, 0x73, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
-	0x61, 0x74, 0x65, 0x45, 0x78, 0x69, 0x73, 0x74, 0x73, 0x12, 0x24, 0x2e, 0x73, 0x61, 0x2e, 0x50,
-	0x72, 0x65, 0x76, 0x69, 0x6f, 0x75, 0x73, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61,
-	0x74, 0x65, 0x45, 0x78, 0x69, 0x73, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
-	0x0a, 0x2e, 0x73, 0x61, 0x2e, 0x45, 0x78, 0x69, 0x73, 0x74, 0x73, 0x22, 0x00, 0x12, 0x4b, 0x0a,
-	0x12, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x73, 0x46, 0x6f, 0x72, 0x49, 0x6e, 0x63, 0x69, 0x64,
-	0x65, 0x6e, 0x74, 0x12, 0x1d, 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x73,
-	0x46, 0x6f, 0x72, 0x49, 0x6e, 0x63, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65,
-	0x73, 0x74, 0x1a, 0x12, 0x2e, 0x73, 0x61, 0x2e, 0x49, 0x6e, 0x63, 0x69, 0x64, 0x65, 0x6e, 0x74,
-	0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x22, 0x00, 0x30, 0x01, 0x32, 0xdf, 0x18, 0x0a, 0x10, 0x53,
-	0x74, 0x6f, 0x72, 0x61, 0x67, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12,
-	0x53, 0x0a, 0x18, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
-	0x61, 0x74, 0x65, 0x73, 0x42, 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x23, 0x2e, 0x73, 0x61,
-	0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74,
-	0x65, 0x73, 0x42, 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
-	0x1a, 0x10, 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x42, 0x79, 0x4e, 0x61, 0x6d,
-	0x65, 0x73, 0x22, 0x00, 0x12, 0x36, 0x0a, 0x0d, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x46, 0x51, 0x44,
-	0x4e, 0x53, 0x65, 0x74, 0x73, 0x12, 0x18, 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74,
-	0x46, 0x51, 0x44, 0x4e, 0x53, 0x65, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
-	0x09, 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x22, 0x00, 0x12, 0x51, 0x0a, 0x1b,
-	0x43, 0x6f, 0x75, 0x6e, 0x74, 0x49, 0x6e, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x41, 0x75, 0x74, 0x68,
-	0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x32, 0x12, 0x25, 0x2e, 0x73, 0x61,
-	0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x49, 0x6e, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x41, 0x75, 0x74,
-	0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65,
-	0x73, 0x74, 0x1a, 0x09, 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x22, 0x00, 0x12,
-	0x32, 0x0a, 0x0b, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x73, 0x12, 0x16,
-	0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x73, 0x52,
-	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x09, 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e,
-	0x74, 0x22, 0x00, 0x12, 0x3e, 0x0a, 0x1b, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x50, 0x65, 0x6e, 0x64,
-	0x69, 0x6e, 0x67, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-	0x73, 0x32, 0x12, 0x12, 0x2e, 0x73, 0x61, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61,
-	0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x1a, 0x09, 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e,
-	0x74, 0x22, 0x00, 0x12, 0x48, 0x0a, 0x16, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x65, 0x67, 0x69,
-	0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x42, 0x79, 0x49, 0x50, 0x12, 0x21, 0x2e,
-	0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61,
-	0x74, 0x69, 0x6f, 0x6e, 0x73, 0x42, 0x79, 0x49, 0x50, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
-	0x1a, 0x09, 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x22, 0x00, 0x12, 0x4d, 0x0a,
-	0x1b, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69,
-	0x6f, 0x6e, 0x73, 0x42, 0x79, 0x49, 0x50, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x12, 0x21, 0x2e, 0x73,
-	0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x73, 0x42, 0x79, 0x49, 0x50, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
-	0x09, 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x22, 0x00, 0x12, 0x37, 0x0a, 0x0d,
-	0x46, 0x51, 0x44, 0x4e, 0x53, 0x65, 0x74, 0x45, 0x78, 0x69, 0x73, 0x74, 0x73, 0x12, 0x18, 0x2e,
-	0x73, 0x61, 0x2e, 0x46, 0x51, 0x44, 0x4e, 0x53, 0x65, 0x74, 0x45, 0x78, 0x69, 0x73, 0x74, 0x73,
-	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0a, 0x2e, 0x73, 0x61, 0x2e, 0x45, 0x78, 0x69,
-	0x73, 0x74, 0x73, 0x22, 0x00, 0x12, 0x48, 0x0a, 0x1a, 0x46, 0x51, 0x44, 0x4e, 0x53, 0x65, 0x74,
-	0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x73, 0x46, 0x6f, 0x72, 0x57, 0x69, 0x6e,
-	0x64, 0x6f, 0x77, 0x12, 0x18, 0x2e, 0x73, 0x61, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x46, 0x51,
-	0x44, 0x4e, 0x53, 0x65, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0e, 0x2e,
-	0x73, 0x61, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x73, 0x22, 0x00, 0x12,
-	0x40, 0x0a, 0x11, 0x47, 0x65, 0x74, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x32, 0x12, 0x14, 0x2e, 0x73, 0x61, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72,
-	0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x32, 0x1a, 0x13, 0x2e, 0x63, 0x6f, 0x72,
-	0x65, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22,
-	0x00, 0x12, 0x48, 0x0a, 0x12, 0x47, 0x65, 0x74, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a,
-	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x32, 0x12, 0x1c, 0x2e, 0x73, 0x61, 0x2e, 0x47, 0x65, 0x74,
-	0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65,
-	0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x12, 0x2e, 0x73, 0x61, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f,
-	0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0x00, 0x12, 0x31, 0x0a, 0x0e, 0x47,
-	0x65, 0x74, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x0a, 0x2e,
-	0x73, 0x61, 0x2e, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x1a, 0x11, 0x2e, 0x63, 0x6f, 0x72, 0x65,
-	0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x22, 0x00, 0x12, 0x3d,
-	0x0a, 0x14, 0x47, 0x65, 0x74, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65,
-	0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x0a, 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, 0x72, 0x69,
-	0x61, 0x6c, 0x1a, 0x17, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66,
-	0x69, 0x63, 0x61, 0x74, 0x65, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x22, 0x00, 0x12, 0x48, 0x0a,
-	0x10, 0x47, 0x65, 0x74, 0x4d, 0x61, 0x78, 0x45, 0x78, 0x70, 0x69, 0x72, 0x61, 0x74, 0x69, 0x6f,
-	0x6e, 0x12, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x1a, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
-	0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65,
-	0x73, 0x74, 0x61, 0x6d, 0x70, 0x22, 0x00, 0x12, 0x2b, 0x0a, 0x08, 0x47, 0x65, 0x74, 0x4f, 0x72,
-	0x64, 0x65, 0x72, 0x12, 0x10, 0x2e, 0x73, 0x61, 0x2e, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x52, 0x65,
-	0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0b, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x4f, 0x72, 0x64,
-	0x65, 0x72, 0x22, 0x00, 0x12, 0x3e, 0x0a, 0x10, 0x47, 0x65, 0x74, 0x4f, 0x72, 0x64, 0x65, 0x72,
-	0x46, 0x6f, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x1b, 0x2e, 0x73, 0x61, 0x2e, 0x47, 0x65,
-	0x74, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x46, 0x6f, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x52, 0x65,
-	0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0b, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x4f, 0x72, 0x64,
-	0x65, 0x72, 0x22, 0x00, 0x12, 0x55, 0x0a, 0x18, 0x47, 0x65, 0x74, 0x50, 0x65, 0x6e, 0x64, 0x69,
-	0x6e, 0x67, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x32,
-	0x12, 0x22, 0x2e, 0x73, 0x61, 0x2e, 0x47, 0x65, 0x74, 0x50, 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67,
-	0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71,
-	0x75, 0x65, 0x73, 0x74, 0x1a, 0x13, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x41, 0x75, 0x74, 0x68,
-	0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x00, 0x12, 0x34, 0x0a, 0x11, 0x47,
-	0x65, 0x74, 0x50, 0x72, 0x65, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65,
-	0x12, 0x0a, 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x1a, 0x11, 0x2e, 0x63,
-	0x6f, 0x72, 0x65, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x22,
-	0x00, 0x12, 0x3b, 0x0a, 0x0f, 0x47, 0x65, 0x74, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61,
-	0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x2e, 0x73, 0x61, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74,
-	0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x1a, 0x12, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e,
-	0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x00, 0x12, 0x3c,
-	0x0a, 0x14, 0x47, 0x65, 0x74, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f,
-	0x6e, 0x42, 0x79, 0x4b, 0x65, 0x79, 0x12, 0x0e, 0x2e, 0x73, 0x61, 0x2e, 0x4a, 0x53, 0x4f, 0x4e,
-	0x57, 0x65, 0x62, 0x4b, 0x65, 0x79, 0x1a, 0x12, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x52, 0x65,
-	0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x00, 0x12, 0x39, 0x0a, 0x13,
-	0x47, 0x65, 0x74, 0x52, 0x65, 0x76, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x74, 0x61,
-	0x74, 0x75, 0x73, 0x12, 0x0a, 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x1a,
-	0x14, 0x2e, 0x73, 0x61, 0x2e, 0x52, 0x65, 0x76, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53,
-	0x74, 0x61, 0x74, 0x75, 0x73, 0x22, 0x00, 0x12, 0x41, 0x0a, 0x0f, 0x47, 0x65, 0x74, 0x52, 0x65,
-	0x76, 0x6f, 0x6b, 0x65, 0x64, 0x43, 0x65, 0x72, 0x74, 0x73, 0x12, 0x1a, 0x2e, 0x73, 0x61, 0x2e,
-	0x47, 0x65, 0x74, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x43, 0x65, 0x72, 0x74, 0x73, 0x52,
-	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0e, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x43, 0x52,
-	0x4c, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x22, 0x00, 0x30, 0x01, 0x12, 0x35, 0x0a, 0x11, 0x47, 0x65,
-	0x74, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12,
-	0x0a, 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x1a, 0x12, 0x2e, 0x73, 0x61,
-	0x2e, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x22,
-	0x00, 0x12, 0x52, 0x0a, 0x17, 0x47, 0x65, 0x74, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x41, 0x75, 0x74,
-	0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x32, 0x12, 0x21, 0x2e, 0x73,
-	0x61, 0x2e, 0x47, 0x65, 0x74, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72,
-	0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
-	0x12, 0x2e, 0x73, 0x61, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69,
-	0x6f, 0x6e, 0x73, 0x22, 0x00, 0x12, 0x5c, 0x0a, 0x1c, 0x47, 0x65, 0x74, 0x56, 0x61, 0x6c, 0x69,
-	0x64, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x73, 0x32, 0x12, 0x26, 0x2e, 0x73, 0x61, 0x2e, 0x47, 0x65, 0x74, 0x56, 0x61,
-	0x6c, 0x69, 0x64, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a,
-	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x12, 0x2e,
-	0x73, 0x61, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-	0x73, 0x22, 0x00, 0x12, 0x31, 0x0a, 0x12, 0x49, 0x6e, 0x63, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x73,
-	0x46, 0x6f, 0x72, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x12, 0x0a, 0x2e, 0x73, 0x61, 0x2e, 0x53,
-	0x65, 0x72, 0x69, 0x61, 0x6c, 0x1a, 0x0d, 0x2e, 0x73, 0x61, 0x2e, 0x49, 0x6e, 0x63, 0x69, 0x64,
-	0x65, 0x6e, 0x74, 0x73, 0x22, 0x00, 0x12, 0x31, 0x0a, 0x0a, 0x4b, 0x65, 0x79, 0x42, 0x6c, 0x6f,
-	0x63, 0x6b, 0x65, 0x64, 0x12, 0x15, 0x2e, 0x73, 0x61, 0x2e, 0x4b, 0x65, 0x79, 0x42, 0x6c, 0x6f,
-	0x63, 0x6b, 0x65, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0a, 0x2e, 0x73, 0x61,
-	0x2e, 0x45, 0x78, 0x69, 0x73, 0x74, 0x73, 0x22, 0x00, 0x12, 0x4f, 0x0a, 0x19, 0x50, 0x72, 0x65,
-	0x76, 0x69, 0x6f, 0x75, 0x73, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65,
-	0x45, 0x78, 0x69, 0x73, 0x74, 0x73, 0x12, 0x24, 0x2e, 0x73, 0x61, 0x2e, 0x50, 0x72, 0x65, 0x76,
-	0x69, 0x6f, 0x75, 0x73, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x45,
-	0x78, 0x69, 0x73, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0a, 0x2e, 0x73,
-	0x61, 0x2e, 0x45, 0x78, 0x69, 0x73, 0x74, 0x73, 0x22, 0x00, 0x12, 0x4b, 0x0a, 0x12, 0x53, 0x65,
-	0x72, 0x69, 0x61, 0x6c, 0x73, 0x46, 0x6f, 0x72, 0x49, 0x6e, 0x63, 0x69, 0x64, 0x65, 0x6e, 0x74,
-	0x12, 0x1d, 0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x73, 0x46, 0x6f, 0x72,
-	0x49, 0x6e, 0x63, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
-	0x12, 0x2e, 0x73, 0x61, 0x2e, 0x49, 0x6e, 0x63, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x53, 0x65, 0x72,
-	0x69, 0x61, 0x6c, 0x22, 0x00, 0x30, 0x01, 0x12, 0x43, 0x0a, 0x0d, 0x41, 0x64, 0x64, 0x42, 0x6c,
-	0x6f, 0x63, 0x6b, 0x65, 0x64, 0x4b, 0x65, 0x79, 0x12, 0x18, 0x2e, 0x73, 0x61, 0x2e, 0x41, 0x64,
-	0x64, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x65, 0x64, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65,
-	0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
-	0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x49, 0x0a, 0x0e,
-	0x41, 0x64, 0x64, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x19,
-	0x2e, 0x73, 0x61, 0x2e, 0x41, 0x64, 0x64, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61,
-	0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1a, 0x2e, 0x73, 0x61, 0x2e, 0x41,
-	0x64, 0x64, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x73,
-	0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x48, 0x0a, 0x11, 0x41, 0x64, 0x64, 0x50, 0x72,
-	0x65, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x19, 0x2e, 0x73,
-	0x61, 0x2e, 0x41, 0x64, 0x64, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65,
-	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
-	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22,
-	0x00, 0x12, 0x3b, 0x0a, 0x09, 0x41, 0x64, 0x64, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x12, 0x14,
-	0x2e, 0x73, 0x61, 0x2e, 0x41, 0x64, 0x64, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x52, 0x65, 0x71,
-	0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x4a,
-	0x0a, 0x18, 0x44, 0x65, 0x61, 0x63, 0x74, 0x69, 0x76, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68,
-	0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x32, 0x12, 0x14, 0x2e, 0x73, 0x61, 0x2e,
-	0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x32,
-	0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
-	0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x46, 0x0a, 0x16, 0x44, 0x65,
-	0x61, 0x63, 0x74, 0x69, 0x76, 0x61, 0x74, 0x65, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61,
-	0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x2e, 0x73, 0x61, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74,
-	0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x44, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
-	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79,
-	0x22, 0x00, 0x12, 0x54, 0x0a, 0x16, 0x46, 0x69, 0x6e, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x41, 0x75,
-	0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x32, 0x12, 0x20, 0x2e, 0x73,
-	0x61, 0x2e, 0x46, 0x69, 0x6e, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72,
-	0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16,
-	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
-	0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x43, 0x0a, 0x0d, 0x46, 0x69, 0x6e, 0x61,
-	0x6c, 0x69, 0x7a, 0x65, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x12, 0x18, 0x2e, 0x73, 0x61, 0x2e, 0x46,
-	0x69, 0x6e, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75,
-	0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x52, 0x0a,
-	0x12, 0x4e, 0x65, 0x77, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f,
-	0x6e, 0x73, 0x32, 0x12, 0x23, 0x2e, 0x73, 0x61, 0x2e, 0x41, 0x64, 0x64, 0x50, 0x65, 0x6e, 0x64,
-	0x69, 0x6e, 0x67, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-	0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x15, 0x2e, 0x73, 0x61, 0x2e, 0x41, 0x75,
-	0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x32, 0x49, 0x44, 0x73, 0x22,
-	0x00, 0x12, 0x2e, 0x0a, 0x08, 0x4e, 0x65, 0x77, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x12, 0x13, 0x2e,
-	0x73, 0x61, 0x2e, 0x4e, 0x65, 0x77, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65,
-	0x73, 0x74, 0x1a, 0x0b, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x22,
-	0x00, 0x12, 0x40, 0x0a, 0x11, 0x4e, 0x65, 0x77, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x41, 0x6e, 0x64,
-	0x41, 0x75, 0x74, 0x68, 0x7a, 0x73, 0x12, 0x1c, 0x2e, 0x73, 0x61, 0x2e, 0x4e, 0x65, 0x77, 0x4f,
-	0x72, 0x64, 0x65, 0x72, 0x41, 0x6e, 0x64, 0x41, 0x75, 0x74, 0x68, 0x7a, 0x73, 0x52, 0x65, 0x71,
-	0x75, 0x65, 0x73, 0x74, 0x1a, 0x0b, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x4f, 0x72, 0x64, 0x65,
-	0x72, 0x22, 0x00, 0x12, 0x3b, 0x0a, 0x0f, 0x4e, 0x65, 0x77, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74,
-	0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x52, 0x65,
-	0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0x12, 0x2e, 0x63, 0x6f, 0x72,
-	0x65, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x00,
-	0x12, 0x4b, 0x0a, 0x11, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66,
-	0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x1c, 0x2e, 0x73, 0x61, 0x2e, 0x52, 0x65, 0x76, 0x6f, 0x6b,
-	0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75,
-	0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x43, 0x0a,
-	0x0d, 0x53, 0x65, 0x74, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x18,
-	0x2e, 0x73, 0x61, 0x2e, 0x53, 0x65, 0x74, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x45, 0x72, 0x72, 0x6f,
-	0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
-	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79,
-	0x22, 0x00, 0x12, 0x40, 0x0a, 0x12, 0x53, 0x65, 0x74, 0x4f, 0x72, 0x64, 0x65, 0x72, 0x50, 0x72,
-	0x6f, 0x63, 0x65, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x12, 0x10, 0x2e, 0x73, 0x61, 0x2e, 0x4f, 0x72,
-	0x64, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f,
-	0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70,
-	0x74, 0x79, 0x22, 0x00, 0x12, 0x42, 0x0a, 0x12, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x52, 0x65,
-	0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x2e, 0x63, 0x6f, 0x72,
-	0x65, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0x16,
-	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
-	0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x52, 0x0a, 0x18, 0x55, 0x70, 0x64, 0x61,
-	0x74, 0x65, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69,
-	0x63, 0x61, 0x74, 0x65, 0x12, 0x1c, 0x2e, 0x73, 0x61, 0x2e, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65,
-	0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65,
-	0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
-	0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x42, 0x29, 0x5a, 0x27,
-	0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6c, 0x65, 0x74, 0x73, 0x65,
-	0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x2f, 0x62, 0x6f, 0x75, 0x6c, 0x64, 0x65, 0x72, 0x2f, 0x73,
-	0x61, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
-}
-
-var (
-	file_sa_proto_rawDescOnce sync.Once
-	file_sa_proto_rawDescData = file_sa_proto_rawDesc
-)
-
-func file_sa_proto_rawDescGZIP() []byte {
-	file_sa_proto_rawDescOnce.Do(func() {
-		file_sa_proto_rawDescData = protoimpl.X.CompressGZIP(file_sa_proto_rawDescData)
-	})
-	return file_sa_proto_rawDescData
-}
-
-var file_sa_proto_msgTypes = make([]protoimpl.MessageInfo, 49)
-var file_sa_proto_goTypes = []interface{}{
-	(*RegistrationID)(nil),                     // 0: sa.RegistrationID
-	(*JSONWebKey)(nil),                         // 1: sa.JSONWebKey
-	(*AuthorizationID)(nil),                    // 2: sa.AuthorizationID
-	(*GetPendingAuthorizationRequest)(nil),     // 3: sa.GetPendingAuthorizationRequest
-	(*GetValidAuthorizationsRequest)(nil),      // 4: sa.GetValidAuthorizationsRequest
-	(*ValidAuthorizations)(nil),                // 5: sa.ValidAuthorizations
-	(*Serial)(nil),                             // 6: sa.Serial
-	(*SerialMetadata)(nil),                     // 7: sa.SerialMetadata
-	(*Range)(nil),                              // 8: sa.Range
-	(*Count)(nil),                              // 9: sa.Count
-	(*Timestamps)(nil),                         // 10: sa.Timestamps
-	(*CountCertificatesByNamesRequest)(nil),    // 11: sa.CountCertificatesByNamesRequest
-	(*CountByNames)(nil),                       // 12: sa.CountByNames
-	(*CountRegistrationsByIPRequest)(nil),      // 13: sa.CountRegistrationsByIPRequest
-	(*CountInvalidAuthorizationsRequest)(nil),  // 14: sa.CountInvalidAuthorizationsRequest
-	(*CountOrdersRequest)(nil),                 // 15: sa.CountOrdersRequest
-	(*CountFQDNSetsRequest)(nil),               // 16: sa.CountFQDNSetsRequest
-	(*FQDNSetExistsRequest)(nil),               // 17: sa.FQDNSetExistsRequest
-	(*PreviousCertificateExistsRequest)(nil),   // 18: sa.PreviousCertificateExistsRequest
-	(*Exists)(nil),                             // 19: sa.Exists
-	(*AddSerialRequest)(nil),                   // 20: sa.AddSerialRequest
-	(*AddCertificateRequest)(nil),              // 21: sa.AddCertificateRequest
-	(*AddCertificateResponse)(nil),             // 22: sa.AddCertificateResponse
-	(*OrderRequest)(nil),                       // 23: sa.OrderRequest
-	(*NewOrderRequest)(nil),                    // 24: sa.NewOrderRequest
-	(*NewOrderAndAuthzsRequest)(nil),           // 25: sa.NewOrderAndAuthzsRequest
-	(*SetOrderErrorRequest)(nil),               // 26: sa.SetOrderErrorRequest
-	(*GetValidOrderAuthorizationsRequest)(nil), // 27: sa.GetValidOrderAuthorizationsRequest
-	(*GetOrderForNamesRequest)(nil),            // 28: sa.GetOrderForNamesRequest
-	(*FinalizeOrderRequest)(nil),               // 29: sa.FinalizeOrderRequest
-	(*GetAuthorizationsRequest)(nil),           // 30: sa.GetAuthorizationsRequest
-	(*Authorizations)(nil),                     // 31: sa.Authorizations
-	(*AddPendingAuthorizationsRequest)(nil),    // 32: sa.AddPendingAuthorizationsRequest
-	(*AuthorizationIDs)(nil),                   // 33: sa.AuthorizationIDs
-	(*AuthorizationID2)(nil),                   // 34: sa.AuthorizationID2
-	(*Authorization2IDs)(nil),                  // 35: sa.Authorization2IDs
-	(*RevokeCertificateRequest)(nil),           // 36: sa.RevokeCertificateRequest
-	(*FinalizeAuthorizationRequest)(nil),       // 37: sa.FinalizeAuthorizationRequest
-	(*AddBlockedKeyRequest)(nil),               // 38: sa.AddBlockedKeyRequest
-	(*KeyBlockedRequest)(nil),                  // 39: sa.KeyBlockedRequest
-	(*Incident)(nil),                           // 40: sa.Incident
-	(*Incidents)(nil),                          // 41: sa.Incidents
-	(*SerialsForIncidentRequest)(nil),          // 42: sa.SerialsForIncidentRequest
-	(*IncidentSerial)(nil),                     // 43: sa.IncidentSerial
-	(*GetRevokedCertsRequest)(nil),             // 44: sa.GetRevokedCertsRequest
-	(*RevocationStatus)(nil),                   // 45: sa.RevocationStatus
-	(*ValidAuthorizations_MapElement)(nil),     // 46: sa.ValidAuthorizations.MapElement
-	nil,                                        // 47: sa.CountByNames.CountsEntry
-	(*Authorizations_MapElement)(nil),          // 48: sa.Authorizations.MapElement
-	(*timestamppb.Timestamp)(nil),              // 49: google.protobuf.Timestamp
-	(*proto.Authorization)(nil),                // 50: core.Authorization
-	(*proto.ProblemDetails)(nil),               // 51: core.ProblemDetails
-	(*proto.ValidationRecord)(nil),             // 52: core.ValidationRecord
-	(*emptypb.Empty)(nil),                      // 53: google.protobuf.Empty
-	(*proto.Registration)(nil),                 // 54: core.Registration
-	(*proto.Certificate)(nil),                  // 55: core.Certificate
-	(*proto.CertificateStatus)(nil),            // 56: core.CertificateStatus
-	(*proto.Order)(nil),                        // 57: core.Order
-	(*proto.CRLEntry)(nil),                     // 58: core.CRLEntry
-}
-var file_sa_proto_depIdxs = []int32{
-	46, // 0: sa.ValidAuthorizations.valid:type_name -> sa.ValidAuthorizations.MapElement
-	8,  // 1: sa.CountCertificatesByNamesRequest.range:type_name -> sa.Range
-	47, // 2: sa.CountByNames.counts:type_name -> sa.CountByNames.CountsEntry
-	49, // 3: sa.CountByNames.earliest:type_name -> google.protobuf.Timestamp
-	8,  // 4: sa.CountRegistrationsByIPRequest.range:type_name -> sa.Range
-	8,  // 5: sa.CountInvalidAuthorizationsRequest.range:type_name -> sa.Range
-	8,  // 6: sa.CountOrdersRequest.range:type_name -> sa.Range
-	24, // 7: sa.NewOrderAndAuthzsRequest.newOrder:type_name -> sa.NewOrderRequest
-	50, // 8: sa.NewOrderAndAuthzsRequest.newAuthzs:type_name -> core.Authorization
-	51, // 9: sa.SetOrderErrorRequest.error:type_name -> core.ProblemDetails
-	48, // 10: sa.Authorizations.authz:type_name -> sa.Authorizations.MapElement
-	50, // 11: sa.AddPendingAuthorizationsRequest.authz:type_name -> core.Authorization
-	52, // 12: sa.FinalizeAuthorizationRequest.validationRecords:type_name -> core.ValidationRecord
-	51, // 13: sa.FinalizeAuthorizationRequest.validationError:type_name -> core.ProblemDetails
-	40, // 14: sa.Incidents.incidents:type_name -> sa.Incident
-	49, // 15: sa.RevocationStatus.revokedDate:type_name -> google.protobuf.Timestamp
-	50, // 16: sa.ValidAuthorizations.MapElement.authz:type_name -> core.Authorization
-	50, // 17: sa.Authorizations.MapElement.authz:type_name -> core.Authorization
-	11, // 18: sa.StorageAuthorityReadOnly.CountCertificatesByNames:input_type -> sa.CountCertificatesByNamesRequest
-	16, // 19: sa.StorageAuthorityReadOnly.CountFQDNSets:input_type -> sa.CountFQDNSetsRequest
-	14, // 20: sa.StorageAuthorityReadOnly.CountInvalidAuthorizations2:input_type -> sa.CountInvalidAuthorizationsRequest
-	15, // 21: sa.StorageAuthorityReadOnly.CountOrders:input_type -> sa.CountOrdersRequest
-	0,  // 22: sa.StorageAuthorityReadOnly.CountPendingAuthorizations2:input_type -> sa.RegistrationID
-	13, // 23: sa.StorageAuthorityReadOnly.CountRegistrationsByIP:input_type -> sa.CountRegistrationsByIPRequest
-	13, // 24: sa.StorageAuthorityReadOnly.CountRegistrationsByIPRange:input_type -> sa.CountRegistrationsByIPRequest
-	17, // 25: sa.StorageAuthorityReadOnly.FQDNSetExists:input_type -> sa.FQDNSetExistsRequest
-	16, // 26: sa.StorageAuthorityReadOnly.FQDNSetTimestampsForWindow:input_type -> sa.CountFQDNSetsRequest
-	34, // 27: sa.StorageAuthorityReadOnly.GetAuthorization2:input_type -> sa.AuthorizationID2
-	30, // 28: sa.StorageAuthorityReadOnly.GetAuthorizations2:input_type -> sa.GetAuthorizationsRequest
-	6,  // 29: sa.StorageAuthorityReadOnly.GetCertificate:input_type -> sa.Serial
-	6,  // 30: sa.StorageAuthorityReadOnly.GetCertificateStatus:input_type -> sa.Serial
-	53, // 31: sa.StorageAuthorityReadOnly.GetMaxExpiration:input_type -> google.protobuf.Empty
-	23, // 32: sa.StorageAuthorityReadOnly.GetOrder:input_type -> sa.OrderRequest
-	28, // 33: sa.StorageAuthorityReadOnly.GetOrderForNames:input_type -> sa.GetOrderForNamesRequest
-	3,  // 34: sa.StorageAuthorityReadOnly.GetPendingAuthorization2:input_type -> sa.GetPendingAuthorizationRequest
-	6,  // 35: sa.StorageAuthorityReadOnly.GetPrecertificate:input_type -> sa.Serial
-	0,  // 36: sa.StorageAuthorityReadOnly.GetRegistration:input_type -> sa.RegistrationID
-	1,  // 37: sa.StorageAuthorityReadOnly.GetRegistrationByKey:input_type -> sa.JSONWebKey
-	6,  // 38: sa.StorageAuthorityReadOnly.GetRevocationStatus:input_type -> sa.Serial
-	44, // 39: sa.StorageAuthorityReadOnly.GetRevokedCerts:input_type -> sa.GetRevokedCertsRequest
-	6,  // 40: sa.StorageAuthorityReadOnly.GetSerialMetadata:input_type -> sa.Serial
-	4,  // 41: sa.StorageAuthorityReadOnly.GetValidAuthorizations2:input_type -> sa.GetValidAuthorizationsRequest
-	27, // 42: sa.StorageAuthorityReadOnly.GetValidOrderAuthorizations2:input_type -> sa.GetValidOrderAuthorizationsRequest
-	6,  // 43: sa.StorageAuthorityReadOnly.IncidentsForSerial:input_type -> sa.Serial
-	39, // 44: sa.StorageAuthorityReadOnly.KeyBlocked:input_type -> sa.KeyBlockedRequest
-	18, // 45: sa.StorageAuthorityReadOnly.PreviousCertificateExists:input_type -> sa.PreviousCertificateExistsRequest
-	42, // 46: sa.StorageAuthorityReadOnly.SerialsForIncident:input_type -> sa.SerialsForIncidentRequest
-	11, // 47: sa.StorageAuthority.CountCertificatesByNames:input_type -> sa.CountCertificatesByNamesRequest
-	16, // 48: sa.StorageAuthority.CountFQDNSets:input_type -> sa.CountFQDNSetsRequest
-	14, // 49: sa.StorageAuthority.CountInvalidAuthorizations2:input_type -> sa.CountInvalidAuthorizationsRequest
-	15, // 50: sa.StorageAuthority.CountOrders:input_type -> sa.CountOrdersRequest
-	0,  // 51: sa.StorageAuthority.CountPendingAuthorizations2:input_type -> sa.RegistrationID
-	13, // 52: sa.StorageAuthority.CountRegistrationsByIP:input_type -> sa.CountRegistrationsByIPRequest
-	13, // 53: sa.StorageAuthority.CountRegistrationsByIPRange:input_type -> sa.CountRegistrationsByIPRequest
-	17, // 54: sa.StorageAuthority.FQDNSetExists:input_type -> sa.FQDNSetExistsRequest
-	16, // 55: sa.StorageAuthority.FQDNSetTimestampsForWindow:input_type -> sa.CountFQDNSetsRequest
-	34, // 56: sa.StorageAuthority.GetAuthorization2:input_type -> sa.AuthorizationID2
-	30, // 57: sa.StorageAuthority.GetAuthorizations2:input_type -> sa.GetAuthorizationsRequest
-	6,  // 58: sa.StorageAuthority.GetCertificate:input_type -> sa.Serial
-	6,  // 59: sa.StorageAuthority.GetCertificateStatus:input_type -> sa.Serial
-	53, // 60: sa.StorageAuthority.GetMaxExpiration:input_type -> google.protobuf.Empty
-	23, // 61: sa.StorageAuthority.GetOrder:input_type -> sa.OrderRequest
-	28, // 62: sa.StorageAuthority.GetOrderForNames:input_type -> sa.GetOrderForNamesRequest
-	3,  // 63: sa.StorageAuthority.GetPendingAuthorization2:input_type -> sa.GetPendingAuthorizationRequest
-	6,  // 64: sa.StorageAuthority.GetPrecertificate:input_type -> sa.Serial
-	0,  // 65: sa.StorageAuthority.GetRegistration:input_type -> sa.RegistrationID
-	1,  // 66: sa.StorageAuthority.GetRegistrationByKey:input_type -> sa.JSONWebKey
-	6,  // 67: sa.StorageAuthority.GetRevocationStatus:input_type -> sa.Serial
-	44, // 68: sa.StorageAuthority.GetRevokedCerts:input_type -> sa.GetRevokedCertsRequest
-	6,  // 69: sa.StorageAuthority.GetSerialMetadata:input_type -> sa.Serial
-	4,  // 70: sa.StorageAuthority.GetValidAuthorizations2:input_type -> sa.GetValidAuthorizationsRequest
-	27, // 71: sa.StorageAuthority.GetValidOrderAuthorizations2:input_type -> sa.GetValidOrderAuthorizationsRequest
-	6,  // 72: sa.StorageAuthority.IncidentsForSerial:input_type -> sa.Serial
-	39, // 73: sa.StorageAuthority.KeyBlocked:input_type -> sa.KeyBlockedRequest
-	18, // 74: sa.StorageAuthority.PreviousCertificateExists:input_type -> sa.PreviousCertificateExistsRequest
-	42, // 75: sa.StorageAuthority.SerialsForIncident:input_type -> sa.SerialsForIncidentRequest
-	38, // 76: sa.StorageAuthority.AddBlockedKey:input_type -> sa.AddBlockedKeyRequest
-	21, // 77: sa.StorageAuthority.AddCertificate:input_type -> sa.AddCertificateRequest
-	21, // 78: sa.StorageAuthority.AddPrecertificate:input_type -> sa.AddCertificateRequest
-	20, // 79: sa.StorageAuthority.AddSerial:input_type -> sa.AddSerialRequest
-	34, // 80: sa.StorageAuthority.DeactivateAuthorization2:input_type -> sa.AuthorizationID2
-	0,  // 81: sa.StorageAuthority.DeactivateRegistration:input_type -> sa.RegistrationID
-	37, // 82: sa.StorageAuthority.FinalizeAuthorization2:input_type -> sa.FinalizeAuthorizationRequest
-	29, // 83: sa.StorageAuthority.FinalizeOrder:input_type -> sa.FinalizeOrderRequest
-	32, // 84: sa.StorageAuthority.NewAuthorizations2:input_type -> sa.AddPendingAuthorizationsRequest
-	24, // 85: sa.StorageAuthority.NewOrder:input_type -> sa.NewOrderRequest
-	25, // 86: sa.StorageAuthority.NewOrderAndAuthzs:input_type -> sa.NewOrderAndAuthzsRequest
-	54, // 87: sa.StorageAuthority.NewRegistration:input_type -> core.Registration
-	36, // 88: sa.StorageAuthority.RevokeCertificate:input_type -> sa.RevokeCertificateRequest
-	26, // 89: sa.StorageAuthority.SetOrderError:input_type -> sa.SetOrderErrorRequest
-	23, // 90: sa.StorageAuthority.SetOrderProcessing:input_type -> sa.OrderRequest
-	54, // 91: sa.StorageAuthority.UpdateRegistration:input_type -> core.Registration
-	36, // 92: sa.StorageAuthority.UpdateRevokedCertificate:input_type -> sa.RevokeCertificateRequest
-	12, // 93: sa.StorageAuthorityReadOnly.CountCertificatesByNames:output_type -> sa.CountByNames
-	9,  // 94: sa.StorageAuthorityReadOnly.CountFQDNSets:output_type -> sa.Count
-	9,  // 95: sa.StorageAuthorityReadOnly.CountInvalidAuthorizations2:output_type -> sa.Count
-	9,  // 96: sa.StorageAuthorityReadOnly.CountOrders:output_type -> sa.Count
-	9,  // 97: sa.StorageAuthorityReadOnly.CountPendingAuthorizations2:output_type -> sa.Count
-	9,  // 98: sa.StorageAuthorityReadOnly.CountRegistrationsByIP:output_type -> sa.Count
-	9,  // 99: sa.StorageAuthorityReadOnly.CountRegistrationsByIPRange:output_type -> sa.Count
-	19, // 100: sa.StorageAuthorityReadOnly.FQDNSetExists:output_type -> sa.Exists
-	10, // 101: sa.StorageAuthorityReadOnly.FQDNSetTimestampsForWindow:output_type -> sa.Timestamps
-	50, // 102: sa.StorageAuthorityReadOnly.GetAuthorization2:output_type -> core.Authorization
-	31, // 103: sa.StorageAuthorityReadOnly.GetAuthorizations2:output_type -> sa.Authorizations
-	55, // 104: sa.StorageAuthorityReadOnly.GetCertificate:output_type -> core.Certificate
-	56, // 105: sa.StorageAuthorityReadOnly.GetCertificateStatus:output_type -> core.CertificateStatus
-	49, // 106: sa.StorageAuthorityReadOnly.GetMaxExpiration:output_type -> google.protobuf.Timestamp
-	57, // 107: sa.StorageAuthorityReadOnly.GetOrder:output_type -> core.Order
-	57, // 108: sa.StorageAuthorityReadOnly.GetOrderForNames:output_type -> core.Order
-	50, // 109: sa.StorageAuthorityReadOnly.GetPendingAuthorization2:output_type -> core.Authorization
-	55, // 110: sa.StorageAuthorityReadOnly.GetPrecertificate:output_type -> core.Certificate
-	54, // 111: sa.StorageAuthorityReadOnly.GetRegistration:output_type -> core.Registration
-	54, // 112: sa.StorageAuthorityReadOnly.GetRegistrationByKey:output_type -> core.Registration
-	45, // 113: sa.StorageAuthorityReadOnly.GetRevocationStatus:output_type -> sa.RevocationStatus
-	58, // 114: sa.StorageAuthorityReadOnly.GetRevokedCerts:output_type -> core.CRLEntry
-	7,  // 115: sa.StorageAuthorityReadOnly.GetSerialMetadata:output_type -> sa.SerialMetadata
-	31, // 116: sa.StorageAuthorityReadOnly.GetValidAuthorizations2:output_type -> sa.Authorizations
-	31, // 117: sa.StorageAuthorityReadOnly.GetValidOrderAuthorizations2:output_type -> sa.Authorizations
-	41, // 118: sa.StorageAuthorityReadOnly.IncidentsForSerial:output_type -> sa.Incidents
-	19, // 119: sa.StorageAuthorityReadOnly.KeyBlocked:output_type -> sa.Exists
-	19, // 120: sa.StorageAuthorityReadOnly.PreviousCertificateExists:output_type -> sa.Exists
-	43, // 121: sa.StorageAuthorityReadOnly.SerialsForIncident:output_type -> sa.IncidentSerial
-	12, // 122: sa.StorageAuthority.CountCertificatesByNames:output_type -> sa.CountByNames
-	9,  // 123: sa.StorageAuthority.CountFQDNSets:output_type -> sa.Count
-	9,  // 124: sa.StorageAuthority.CountInvalidAuthorizations2:output_type -> sa.Count
-	9,  // 125: sa.StorageAuthority.CountOrders:output_type -> sa.Count
-	9,  // 126: sa.StorageAuthority.CountPendingAuthorizations2:output_type -> sa.Count
-	9,  // 127: sa.StorageAuthority.CountRegistrationsByIP:output_type -> sa.Count
-	9,  // 128: sa.StorageAuthority.CountRegistrationsByIPRange:output_type -> sa.Count
-	19, // 129: sa.StorageAuthority.FQDNSetExists:output_type -> sa.Exists
-	10, // 130: sa.StorageAuthority.FQDNSetTimestampsForWindow:output_type -> sa.Timestamps
-	50, // 131: sa.StorageAuthority.GetAuthorization2:output_type -> core.Authorization
-	31, // 132: sa.StorageAuthority.GetAuthorizations2:output_type -> sa.Authorizations
-	55, // 133: sa.StorageAuthority.GetCertificate:output_type -> core.Certificate
-	56, // 134: sa.StorageAuthority.GetCertificateStatus:output_type -> core.CertificateStatus
-	49, // 135: sa.StorageAuthority.GetMaxExpiration:output_type -> google.protobuf.Timestamp
-	57, // 136: sa.StorageAuthority.GetOrder:output_type -> core.Order
-	57, // 137: sa.StorageAuthority.GetOrderForNames:output_type -> core.Order
-	50, // 138: sa.StorageAuthority.GetPendingAuthorization2:output_type -> core.Authorization
-	55, // 139: sa.StorageAuthority.GetPrecertificate:output_type -> core.Certificate
-	54, // 140: sa.StorageAuthority.GetRegistration:output_type -> core.Registration
-	54, // 141: sa.StorageAuthority.GetRegistrationByKey:output_type -> core.Registration
-	45, // 142: sa.StorageAuthority.GetRevocationStatus:output_type -> sa.RevocationStatus
-	58, // 143: sa.StorageAuthority.GetRevokedCerts:output_type -> core.CRLEntry
-	7,  // 144: sa.StorageAuthority.GetSerialMetadata:output_type -> sa.SerialMetadata
-	31, // 145: sa.StorageAuthority.GetValidAuthorizations2:output_type -> sa.Authorizations
-	31, // 146: sa.StorageAuthority.GetValidOrderAuthorizations2:output_type -> sa.Authorizations
-	41, // 147: sa.StorageAuthority.IncidentsForSerial:output_type -> sa.Incidents
-	19, // 148: sa.StorageAuthority.KeyBlocked:output_type -> sa.Exists
-	19, // 149: sa.StorageAuthority.PreviousCertificateExists:output_type -> sa.Exists
-	43, // 150: sa.StorageAuthority.SerialsForIncident:output_type -> sa.IncidentSerial
-	53, // 151: sa.StorageAuthority.AddBlockedKey:output_type -> google.protobuf.Empty
-	22, // 152: sa.StorageAuthority.AddCertificate:output_type -> sa.AddCertificateResponse
-	53, // 153: sa.StorageAuthority.AddPrecertificate:output_type -> google.protobuf.Empty
-	53, // 154: sa.StorageAuthority.AddSerial:output_type -> google.protobuf.Empty
-	53, // 155: sa.StorageAuthority.DeactivateAuthorization2:output_type -> google.protobuf.Empty
-	53, // 156: sa.StorageAuthority.DeactivateRegistration:output_type -> google.protobuf.Empty
-	53, // 157: sa.StorageAuthority.FinalizeAuthorization2:output_type -> google.protobuf.Empty
-	53, // 158: sa.StorageAuthority.FinalizeOrder:output_type -> google.protobuf.Empty
-	35, // 159: sa.StorageAuthority.NewAuthorizations2:output_type -> sa.Authorization2IDs
-	57, // 160: sa.StorageAuthority.NewOrder:output_type -> core.Order
-	57, // 161: sa.StorageAuthority.NewOrderAndAuthzs:output_type -> core.Order
-	54, // 162: sa.StorageAuthority.NewRegistration:output_type -> core.Registration
-	53, // 163: sa.StorageAuthority.RevokeCertificate:output_type -> google.protobuf.Empty
-	53, // 164: sa.StorageAuthority.SetOrderError:output_type -> google.protobuf.Empty
-	53, // 165: sa.StorageAuthority.SetOrderProcessing:output_type -> google.protobuf.Empty
-	53, // 166: sa.StorageAuthority.UpdateRegistration:output_type -> google.protobuf.Empty
-	53, // 167: sa.StorageAuthority.UpdateRevokedCertificate:output_type -> google.protobuf.Empty
-	93, // [93:168] is the sub-list for method output_type
-	18, // [18:93] is the sub-list for method input_type
-	18, // [18:18] is the sub-list for extension type_name
-	18, // [18:18] is the sub-list for extension extendee
-	0,  // [0:18] is the sub-list for field type_name
-}
-
-func init() { file_sa_proto_init() }
-func file_sa_proto_init() {
-	if File_sa_proto != nil {
-		return
-	}
-	if !protoimpl.UnsafeEnabled {
-		file_sa_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*RegistrationID); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*JSONWebKey); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*AuthorizationID); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*GetPendingAuthorizationRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*GetValidAuthorizationsRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*ValidAuthorizations); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Serial); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*SerialMetadata); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Range); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Count); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Timestamps); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*CountCertificatesByNamesRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*CountByNames); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*CountRegistrationsByIPRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*CountInvalidAuthorizationsRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[15].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*CountOrdersRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[16].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*CountFQDNSetsRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[17].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*FQDNSetExistsRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[18].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*PreviousCertificateExistsRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[19].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Exists); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[20].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*AddSerialRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[21].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*AddCertificateRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[22].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*AddCertificateResponse); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[23].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*OrderRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[24].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*NewOrderRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[25].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*NewOrderAndAuthzsRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[26].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*SetOrderErrorRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[27].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*GetValidOrderAuthorizationsRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[28].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*GetOrderForNamesRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[29].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*FinalizeOrderRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[30].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*GetAuthorizationsRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[31].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Authorizations); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[32].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*AddPendingAuthorizationsRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[33].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*AuthorizationIDs); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[34].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*AuthorizationID2); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[35].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Authorization2IDs); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[36].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*RevokeCertificateRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[37].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*FinalizeAuthorizationRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[38].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*AddBlockedKeyRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[39].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*KeyBlockedRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[40].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Incident); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[41].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Incidents); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[42].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*SerialsForIncidentRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[43].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*IncidentSerial); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[44].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*GetRevokedCertsRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[45].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*RevocationStatus); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[46].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*ValidAuthorizations_MapElement); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_sa_proto_msgTypes[48].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Authorizations_MapElement); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-	}
-	type x struct{}
-	out := protoimpl.TypeBuilder{
-		File: protoimpl.DescBuilder{
-			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
-			RawDescriptor: file_sa_proto_rawDesc,
-			NumEnums:      0,
-			NumMessages:   49,
-			NumExtensions: 0,
-			NumServices:   2,
-		},
-		GoTypes:           file_sa_proto_goTypes,
-		DependencyIndexes: file_sa_proto_depIdxs,
-		MessageInfos:      file_sa_proto_msgTypes,
-	}.Build()
-	File_sa_proto = out.File
-	file_sa_proto_rawDesc = nil
-	file_sa_proto_goTypes = nil
-	file_sa_proto_depIdxs = nil
-}
diff --git a/vendor/github.com/letsencrypt/boulder/sa/proto/sa.proto b/vendor/github.com/letsencrypt/boulder/sa/proto/sa.proto
deleted file mode 100644
index 1e4ad6fb87..0000000000
--- a/vendor/github.com/letsencrypt/boulder/sa/proto/sa.proto
+++ /dev/null
@@ -1,353 +0,0 @@
-syntax = "proto3";
-
-package sa;
-option go_package = "github.com/letsencrypt/boulder/sa/proto";
-
-import "core/proto/core.proto";
-import "google/protobuf/empty.proto";
-import "google/protobuf/timestamp.proto";
-
-// StorageAuthorityReadOnly exposes only those SA methods which are read-only.
-service StorageAuthorityReadOnly {
-  rpc CountCertificatesByNames(CountCertificatesByNamesRequest) returns (CountByNames) {}
-  rpc CountFQDNSets(CountFQDNSetsRequest) returns (Count) {}
-  rpc CountInvalidAuthorizations2(CountInvalidAuthorizationsRequest) returns (Count) {}
-  rpc CountOrders(CountOrdersRequest) returns (Count) {}
-  rpc CountPendingAuthorizations2(RegistrationID) returns (Count) {}
-  rpc CountRegistrationsByIP(CountRegistrationsByIPRequest) returns (Count) {}
-  rpc CountRegistrationsByIPRange(CountRegistrationsByIPRequest) returns (Count) {}
-  rpc FQDNSetExists(FQDNSetExistsRequest) returns (Exists) {}
-  rpc FQDNSetTimestampsForWindow(CountFQDNSetsRequest) returns (Timestamps) {}
-  rpc GetAuthorization2(AuthorizationID2) returns (core.Authorization) {}
-  rpc GetAuthorizations2(GetAuthorizationsRequest) returns (Authorizations) {}
-  rpc GetCertificate(Serial) returns (core.Certificate) {}
-  rpc GetCertificateStatus(Serial) returns (core.CertificateStatus) {}
-  rpc GetMaxExpiration(google.protobuf.Empty) returns (google.protobuf.Timestamp) {}
-  rpc GetOrder(OrderRequest) returns (core.Order) {}
-  rpc GetOrderForNames(GetOrderForNamesRequest) returns (core.Order) {}
-  rpc GetPendingAuthorization2(GetPendingAuthorizationRequest) returns (core.Authorization) {}
-  rpc GetPrecertificate(Serial) returns (core.Certificate) {}
-  rpc GetRegistration(RegistrationID) returns (core.Registration) {}
-  rpc GetRegistrationByKey(JSONWebKey) returns (core.Registration) {}
-  rpc GetRevocationStatus(Serial) returns (RevocationStatus) {}
-  rpc GetRevokedCerts(GetRevokedCertsRequest) returns (stream core.CRLEntry) {}
-  rpc GetSerialMetadata(Serial) returns (SerialMetadata) {}
-  rpc GetValidAuthorizations2(GetValidAuthorizationsRequest) returns (Authorizations) {}
-  rpc GetValidOrderAuthorizations2(GetValidOrderAuthorizationsRequest) returns (Authorizations) {}
-  rpc IncidentsForSerial(Serial) returns (Incidents) {}
-  rpc KeyBlocked(KeyBlockedRequest) returns (Exists) {}
-  rpc PreviousCertificateExists(PreviousCertificateExistsRequest) returns (Exists) {}
-  rpc SerialsForIncident (SerialsForIncidentRequest) returns (stream IncidentSerial) {}
-}
-
-// StorageAuthority provides full read/write access to the database.
-service StorageAuthority {
-  // Getters: this list must be identical to the StorageAuthorityReadOnly rpcs.
-  rpc CountCertificatesByNames(CountCertificatesByNamesRequest) returns (CountByNames) {}
-  rpc CountFQDNSets(CountFQDNSetsRequest) returns (Count) {}
-  rpc CountInvalidAuthorizations2(CountInvalidAuthorizationsRequest) returns (Count) {}
-  rpc CountOrders(CountOrdersRequest) returns (Count) {}
-  rpc CountPendingAuthorizations2(RegistrationID) returns (Count) {}
-  rpc CountRegistrationsByIP(CountRegistrationsByIPRequest) returns (Count) {}
-  rpc CountRegistrationsByIPRange(CountRegistrationsByIPRequest) returns (Count) {}
-  rpc FQDNSetExists(FQDNSetExistsRequest) returns (Exists) {}
-  rpc FQDNSetTimestampsForWindow(CountFQDNSetsRequest) returns (Timestamps) {}
-  rpc GetAuthorization2(AuthorizationID2) returns (core.Authorization) {}
-  rpc GetAuthorizations2(GetAuthorizationsRequest) returns (Authorizations) {}
-  rpc GetCertificate(Serial) returns (core.Certificate) {}
-  rpc GetCertificateStatus(Serial) returns (core.CertificateStatus) {}
-  rpc GetMaxExpiration(google.protobuf.Empty) returns (google.protobuf.Timestamp) {}
-  rpc GetOrder(OrderRequest) returns (core.Order) {}
-  rpc GetOrderForNames(GetOrderForNamesRequest) returns (core.Order) {}
-  rpc GetPendingAuthorization2(GetPendingAuthorizationRequest) returns (core.Authorization) {}
-  rpc GetPrecertificate(Serial) returns (core.Certificate) {}
-  rpc GetRegistration(RegistrationID) returns (core.Registration) {}
-  rpc GetRegistrationByKey(JSONWebKey) returns (core.Registration) {}
-  rpc GetRevocationStatus(Serial) returns (RevocationStatus) {}
-  rpc GetRevokedCerts(GetRevokedCertsRequest) returns (stream core.CRLEntry) {}
-  rpc GetSerialMetadata(Serial) returns (SerialMetadata) {}
-  rpc GetValidAuthorizations2(GetValidAuthorizationsRequest) returns (Authorizations) {}
-  rpc GetValidOrderAuthorizations2(GetValidOrderAuthorizationsRequest) returns (Authorizations) {}
-  rpc IncidentsForSerial(Serial) returns (Incidents) {}
-  rpc KeyBlocked(KeyBlockedRequest) returns (Exists) {}
-  rpc PreviousCertificateExists(PreviousCertificateExistsRequest) returns (Exists) {}
-  rpc SerialsForIncident (SerialsForIncidentRequest) returns (stream IncidentSerial) {}
-  // Adders
-  rpc AddBlockedKey(AddBlockedKeyRequest) returns (google.protobuf.Empty) {}
-  rpc AddCertificate(AddCertificateRequest) returns (AddCertificateResponse) {}
-  rpc AddPrecertificate(AddCertificateRequest) returns (google.protobuf.Empty) {}
-  rpc AddSerial(AddSerialRequest) returns (google.protobuf.Empty) {}
-  rpc DeactivateAuthorization2(AuthorizationID2) returns (google.protobuf.Empty) {}
-  rpc DeactivateRegistration(RegistrationID) returns (google.protobuf.Empty) {}
-  rpc FinalizeAuthorization2(FinalizeAuthorizationRequest) returns (google.protobuf.Empty) {}
-  rpc FinalizeOrder(FinalizeOrderRequest) returns (google.protobuf.Empty) {}
-  rpc NewAuthorizations2(AddPendingAuthorizationsRequest) returns (Authorization2IDs) {}
-  rpc NewOrder(NewOrderRequest) returns (core.Order) {}
-  rpc NewOrderAndAuthzs(NewOrderAndAuthzsRequest) returns (core.Order) {}
-  rpc NewRegistration(core.Registration) returns (core.Registration) {}
-  rpc RevokeCertificate(RevokeCertificateRequest) returns (google.protobuf.Empty) {}
-  rpc SetOrderError(SetOrderErrorRequest) returns (google.protobuf.Empty) {}
-  rpc SetOrderProcessing(OrderRequest) returns (google.protobuf.Empty) {}
-  rpc UpdateRegistration(core.Registration) returns (google.protobuf.Empty) {}
-  rpc UpdateRevokedCertificate(RevokeCertificateRequest) returns (google.protobuf.Empty) {}
-}
-
-message RegistrationID {
-  int64 id = 1;
-}
-
-message JSONWebKey {
-  bytes jwk = 1; 
-}
-
-message AuthorizationID {
-  string id = 1;
-}
-
-message GetPendingAuthorizationRequest {
-  int64 registrationID = 1;
-  string identifierType = 2;
-  string identifierValue = 3;
-  // Result must be valid until at least this Unix timestamp (nanos)
-  int64 validUntil = 4;
-}
-
-message GetValidAuthorizationsRequest {
-  int64 registrationID = 1;
-  repeated string domains = 2;
-  int64 now = 3; // Unix timestamp (nanoseconds)
-}
-
-message ValidAuthorizations {
-  message MapElement {
-          string domain = 1;
-          core.Authorization authz = 2;
-  }
-  repeated MapElement valid = 1;
-}
-
-message Serial {
-  string serial = 1;
-}
-
-message SerialMetadata {
-  string serial = 1;
-  int64 registrationID = 2;
-  int64 created = 3; // Unix timestamp (nanoseconds)
-  int64 expires = 4; // Unix timestamp (nanoseconds)
-}
-
-message Range {
-  int64 earliest = 1; // Unix timestamp (nanoseconds)
-  int64 latest = 2;   // Unix timestamp (nanoseconds)
-}
-
-message Count {
-  int64 count = 1;
-}
-
-message Timestamps {
-	repeated int64 timestamps = 1; // Unix timestamp (nanoseconds)
-}
-
-message CountCertificatesByNamesRequest {
-  Range range = 1;
-  repeated string names = 2;
-}
-
-message CountByNames {
-  map<string, int64> counts = 1;
-  google.protobuf.Timestamp earliest = 2; // Unix timestamp (nanoseconds)
-}
-
-message CountRegistrationsByIPRequest {
-  bytes ip = 1;
-  Range range = 2;
-}
-
-message CountInvalidAuthorizationsRequest {
-  int64 registrationID = 1;
-  string hostname = 2;
-  // Count authorizations that expire in this range.
-  Range range = 3;
-}
-
-message CountOrdersRequest {
-  int64 accountID = 1;
-  Range range = 2;
-}
-
-message CountFQDNSetsRequest {
-  int64 window = 1;
-  repeated string domains = 2;
-}
-
-message FQDNSetExistsRequest {
-  repeated string domains = 1;
-}
-
-message PreviousCertificateExistsRequest {
-  string domain = 1;
-  int64 regID = 2;
-}
-
-message Exists {
-  bool exists = 1;
-}
-
-message AddSerialRequest {
-  int64 regID = 1;
-  string serial = 2;
-  int64 created = 3; // Unix timestamp (nanoseconds)
-  int64 expires = 4; // Unix timestamp (nanoseconds)
-}
-
-message AddCertificateRequest {
-  bytes der = 1;
-  int64 regID = 2;
-  // A signed OCSP response for the certificate contained in "der".
-  // Note: The certificate status in the OCSP response is assumed to be 0 (good).
-  bytes ocsp = 3;
-  // An issued time. When not present the SA defaults to using
-  // the current time. The orphan-finder uses this parameter to add
-  // certificates with the correct historic issued date
-  int64 issued = 4;
-  int64 issuerID = 5;
-}
-
-message AddCertificateResponse {
-  string digest = 1;
-}
-
-message OrderRequest {
-  int64 id = 1;
-}
-
-message NewOrderRequest {
-  int64 registrationID = 1;
-  int64 expires = 2;
-  repeated string names = 3;
-  repeated int64 v2Authorizations = 4;
-}
-
-message NewOrderAndAuthzsRequest {
-  NewOrderRequest newOrder = 1;
-  repeated core.Authorization newAuthzs = 2;
-}
-
-message SetOrderErrorRequest {
-  int64 id = 1;
-  core.ProblemDetails error = 2;
-}
-
-message GetValidOrderAuthorizationsRequest {
-  int64 id = 1;
-  int64 acctID = 2;
-}
-
-message GetOrderForNamesRequest {
-  int64 acctID = 1;
-  repeated string names = 2;
-}
-
-message FinalizeOrderRequest {
-  int64 id = 1;
-  string certificateSerial = 2;
-}
-
-message GetAuthorizationsRequest {
-  int64 registrationID = 1;
-  repeated string domains = 2;
-  int64 now = 3; // Unix timestamp (nanoseconds)
-}
-
-message Authorizations {
-  message MapElement {
-          string domain = 1;
-          core.Authorization authz = 2;
-  }
-  repeated MapElement authz = 1;
-}
-
-message AddPendingAuthorizationsRequest {
-  repeated core.Authorization authz = 1;
-}
-
-message AuthorizationIDs {
-  repeated string ids = 1;
-}
-
-message AuthorizationID2 {
-  int64 id = 1;
-}
-
-message Authorization2IDs {
-  repeated int64 ids = 1;
-}
-
-message RevokeCertificateRequest {
-  string serial = 1;
-  int64 reason = 2;
-  int64 date = 3; // Unix timestamp (nanoseconds)
-  int64 backdate = 5; // Unix timestamp (nanoseconds)
-  bytes response = 4;
-  int64 issuerID = 6;
-}
-
-message FinalizeAuthorizationRequest {
-  int64 id = 1;
-  string status = 2;
-  int64 expires = 3; // Unix timestamp (nanoseconds)
-  string attempted = 4;
-  repeated core.ValidationRecord validationRecords = 5;
-  core.ProblemDetails validationError = 6;
-  int64 attemptedAt = 7; // Unix timestamp (nanoseconds)
-}
-
-message AddBlockedKeyRequest {
-  bytes keyHash = 1;
-  int64 added = 2; // Unix timestamp (nanoseconds)
-  string source = 3;
-  string comment = 4;
-  int64 revokedBy = 5;
-}
-
-message KeyBlockedRequest {
-  bytes keyHash = 1;
-}
-
-message Incident {
-  int64 id = 1;
-  string serialTable = 2;
-  string url = 3;
-  int64 renewBy = 4; // Unix timestamp (nanoseconds)
-  bool enabled = 5;
-}
-
-message Incidents {
-  repeated Incident incidents = 1;
-}
-
-message SerialsForIncidentRequest {
-  string incidentTable = 1;
-}
-
-message IncidentSerial {
-  string serial = 1;
-  int64 registrationID = 2;
-  int64 orderID = 3;
-  int64 lastNoticeSent = 4; // Unix timestamp (nanoseconds)
-}
-
-message GetRevokedCertsRequest {
-  int64 issuerNameID = 1;
-  int64 expiresAfter = 2; // Unix timestamp (nanoseconds), inclusive
-  int64 expiresBefore = 3; // Unix timestamp (nanoseconds), exclusive
-  int64 revokedBefore = 4; // Unix timestamp (nanoseconds)
-}
-
-message RevocationStatus {
-  int64 status = 1;
-  int64 revokedReason = 2;
-  google.protobuf.Timestamp revokedDate = 3; // Unix timestamp (nanoseconds)
-}
diff --git a/vendor/github.com/letsencrypt/boulder/sa/proto/sa_grpc.pb.go b/vendor/github.com/letsencrypt/boulder/sa/proto/sa_grpc.pb.go
deleted file mode 100644
index 37a4e026a6..0000000000
--- a/vendor/github.com/letsencrypt/boulder/sa/proto/sa_grpc.pb.go
+++ /dev/null
@@ -1,2937 +0,0 @@
-// Code generated by protoc-gen-go-grpc. DO NOT EDIT.
-// versions:
-// - protoc-gen-go-grpc v1.2.0
-// - protoc             v3.20.1
-// source: sa.proto
-
-package proto
-
-import (
-	context "context"
-	proto "github.com/letsencrypt/boulder/core/proto"
-	grpc "google.golang.org/grpc"
-	codes "google.golang.org/grpc/codes"
-	status "google.golang.org/grpc/status"
-	emptypb "google.golang.org/protobuf/types/known/emptypb"
-	timestamppb "google.golang.org/protobuf/types/known/timestamppb"
-)
-
-// This is a compile-time assertion to ensure that this generated file
-// is compatible with the grpc package it is being compiled against.
-// Requires gRPC-Go v1.32.0 or later.
-const _ = grpc.SupportPackageIsVersion7
-
-// StorageAuthorityReadOnlyClient is the client API for StorageAuthorityReadOnly service.
-//
-// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
-type StorageAuthorityReadOnlyClient interface {
-	CountCertificatesByNames(ctx context.Context, in *CountCertificatesByNamesRequest, opts ...grpc.CallOption) (*CountByNames, error)
-	CountFQDNSets(ctx context.Context, in *CountFQDNSetsRequest, opts ...grpc.CallOption) (*Count, error)
-	CountInvalidAuthorizations2(ctx context.Context, in *CountInvalidAuthorizationsRequest, opts ...grpc.CallOption) (*Count, error)
-	CountOrders(ctx context.Context, in *CountOrdersRequest, opts ...grpc.CallOption) (*Count, error)
-	CountPendingAuthorizations2(ctx context.Context, in *RegistrationID, opts ...grpc.CallOption) (*Count, error)
-	CountRegistrationsByIP(ctx context.Context, in *CountRegistrationsByIPRequest, opts ...grpc.CallOption) (*Count, error)
-	CountRegistrationsByIPRange(ctx context.Context, in *CountRegistrationsByIPRequest, opts ...grpc.CallOption) (*Count, error)
-	FQDNSetExists(ctx context.Context, in *FQDNSetExistsRequest, opts ...grpc.CallOption) (*Exists, error)
-	FQDNSetTimestampsForWindow(ctx context.Context, in *CountFQDNSetsRequest, opts ...grpc.CallOption) (*Timestamps, error)
-	GetAuthorization2(ctx context.Context, in *AuthorizationID2, opts ...grpc.CallOption) (*proto.Authorization, error)
-	GetAuthorizations2(ctx context.Context, in *GetAuthorizationsRequest, opts ...grpc.CallOption) (*Authorizations, error)
-	GetCertificate(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*proto.Certificate, error)
-	GetCertificateStatus(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*proto.CertificateStatus, error)
-	GetMaxExpiration(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*timestamppb.Timestamp, error)
-	GetOrder(ctx context.Context, in *OrderRequest, opts ...grpc.CallOption) (*proto.Order, error)
-	GetOrderForNames(ctx context.Context, in *GetOrderForNamesRequest, opts ...grpc.CallOption) (*proto.Order, error)
-	GetPendingAuthorization2(ctx context.Context, in *GetPendingAuthorizationRequest, opts ...grpc.CallOption) (*proto.Authorization, error)
-	GetPrecertificate(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*proto.Certificate, error)
-	GetRegistration(ctx context.Context, in *RegistrationID, opts ...grpc.CallOption) (*proto.Registration, error)
-	GetRegistrationByKey(ctx context.Context, in *JSONWebKey, opts ...grpc.CallOption) (*proto.Registration, error)
-	GetRevocationStatus(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*RevocationStatus, error)
-	GetRevokedCerts(ctx context.Context, in *GetRevokedCertsRequest, opts ...grpc.CallOption) (StorageAuthorityReadOnly_GetRevokedCertsClient, error)
-	GetSerialMetadata(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*SerialMetadata, error)
-	GetValidAuthorizations2(ctx context.Context, in *GetValidAuthorizationsRequest, opts ...grpc.CallOption) (*Authorizations, error)
-	GetValidOrderAuthorizations2(ctx context.Context, in *GetValidOrderAuthorizationsRequest, opts ...grpc.CallOption) (*Authorizations, error)
-	IncidentsForSerial(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*Incidents, error)
-	KeyBlocked(ctx context.Context, in *KeyBlockedRequest, opts ...grpc.CallOption) (*Exists, error)
-	PreviousCertificateExists(ctx context.Context, in *PreviousCertificateExistsRequest, opts ...grpc.CallOption) (*Exists, error)
-	SerialsForIncident(ctx context.Context, in *SerialsForIncidentRequest, opts ...grpc.CallOption) (StorageAuthorityReadOnly_SerialsForIncidentClient, error)
-}
-
-type storageAuthorityReadOnlyClient struct {
-	cc grpc.ClientConnInterface
-}
-
-func NewStorageAuthorityReadOnlyClient(cc grpc.ClientConnInterface) StorageAuthorityReadOnlyClient {
-	return &storageAuthorityReadOnlyClient{cc}
-}
-
-func (c *storageAuthorityReadOnlyClient) CountCertificatesByNames(ctx context.Context, in *CountCertificatesByNamesRequest, opts ...grpc.CallOption) (*CountByNames, error) {
-	out := new(CountByNames)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthorityReadOnly/CountCertificatesByNames", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityReadOnlyClient) CountFQDNSets(ctx context.Context, in *CountFQDNSetsRequest, opts ...grpc.CallOption) (*Count, error) {
-	out := new(Count)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthorityReadOnly/CountFQDNSets", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityReadOnlyClient) CountInvalidAuthorizations2(ctx context.Context, in *CountInvalidAuthorizationsRequest, opts ...grpc.CallOption) (*Count, error) {
-	out := new(Count)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthorityReadOnly/CountInvalidAuthorizations2", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityReadOnlyClient) CountOrders(ctx context.Context, in *CountOrdersRequest, opts ...grpc.CallOption) (*Count, error) {
-	out := new(Count)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthorityReadOnly/CountOrders", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityReadOnlyClient) CountPendingAuthorizations2(ctx context.Context, in *RegistrationID, opts ...grpc.CallOption) (*Count, error) {
-	out := new(Count)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthorityReadOnly/CountPendingAuthorizations2", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityReadOnlyClient) CountRegistrationsByIP(ctx context.Context, in *CountRegistrationsByIPRequest, opts ...grpc.CallOption) (*Count, error) {
-	out := new(Count)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthorityReadOnly/CountRegistrationsByIP", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityReadOnlyClient) CountRegistrationsByIPRange(ctx context.Context, in *CountRegistrationsByIPRequest, opts ...grpc.CallOption) (*Count, error) {
-	out := new(Count)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthorityReadOnly/CountRegistrationsByIPRange", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityReadOnlyClient) FQDNSetExists(ctx context.Context, in *FQDNSetExistsRequest, opts ...grpc.CallOption) (*Exists, error) {
-	out := new(Exists)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthorityReadOnly/FQDNSetExists", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityReadOnlyClient) FQDNSetTimestampsForWindow(ctx context.Context, in *CountFQDNSetsRequest, opts ...grpc.CallOption) (*Timestamps, error) {
-	out := new(Timestamps)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthorityReadOnly/FQDNSetTimestampsForWindow", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityReadOnlyClient) GetAuthorization2(ctx context.Context, in *AuthorizationID2, opts ...grpc.CallOption) (*proto.Authorization, error) {
-	out := new(proto.Authorization)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthorityReadOnly/GetAuthorization2", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityReadOnlyClient) GetAuthorizations2(ctx context.Context, in *GetAuthorizationsRequest, opts ...grpc.CallOption) (*Authorizations, error) {
-	out := new(Authorizations)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthorityReadOnly/GetAuthorizations2", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityReadOnlyClient) GetCertificate(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*proto.Certificate, error) {
-	out := new(proto.Certificate)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthorityReadOnly/GetCertificate", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityReadOnlyClient) GetCertificateStatus(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*proto.CertificateStatus, error) {
-	out := new(proto.CertificateStatus)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthorityReadOnly/GetCertificateStatus", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityReadOnlyClient) GetMaxExpiration(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*timestamppb.Timestamp, error) {
-	out := new(timestamppb.Timestamp)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthorityReadOnly/GetMaxExpiration", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityReadOnlyClient) GetOrder(ctx context.Context, in *OrderRequest, opts ...grpc.CallOption) (*proto.Order, error) {
-	out := new(proto.Order)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthorityReadOnly/GetOrder", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityReadOnlyClient) GetOrderForNames(ctx context.Context, in *GetOrderForNamesRequest, opts ...grpc.CallOption) (*proto.Order, error) {
-	out := new(proto.Order)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthorityReadOnly/GetOrderForNames", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityReadOnlyClient) GetPendingAuthorization2(ctx context.Context, in *GetPendingAuthorizationRequest, opts ...grpc.CallOption) (*proto.Authorization, error) {
-	out := new(proto.Authorization)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthorityReadOnly/GetPendingAuthorization2", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityReadOnlyClient) GetPrecertificate(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*proto.Certificate, error) {
-	out := new(proto.Certificate)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthorityReadOnly/GetPrecertificate", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityReadOnlyClient) GetRegistration(ctx context.Context, in *RegistrationID, opts ...grpc.CallOption) (*proto.Registration, error) {
-	out := new(proto.Registration)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthorityReadOnly/GetRegistration", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityReadOnlyClient) GetRegistrationByKey(ctx context.Context, in *JSONWebKey, opts ...grpc.CallOption) (*proto.Registration, error) {
-	out := new(proto.Registration)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthorityReadOnly/GetRegistrationByKey", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityReadOnlyClient) GetRevocationStatus(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*RevocationStatus, error) {
-	out := new(RevocationStatus)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthorityReadOnly/GetRevocationStatus", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityReadOnlyClient) GetRevokedCerts(ctx context.Context, in *GetRevokedCertsRequest, opts ...grpc.CallOption) (StorageAuthorityReadOnly_GetRevokedCertsClient, error) {
-	stream, err := c.cc.NewStream(ctx, &StorageAuthorityReadOnly_ServiceDesc.Streams[0], "/sa.StorageAuthorityReadOnly/GetRevokedCerts", opts...)
-	if err != nil {
-		return nil, err
-	}
-	x := &storageAuthorityReadOnlyGetRevokedCertsClient{stream}
-	if err := x.ClientStream.SendMsg(in); err != nil {
-		return nil, err
-	}
-	if err := x.ClientStream.CloseSend(); err != nil {
-		return nil, err
-	}
-	return x, nil
-}
-
-type StorageAuthorityReadOnly_GetRevokedCertsClient interface {
-	Recv() (*proto.CRLEntry, error)
-	grpc.ClientStream
-}
-
-type storageAuthorityReadOnlyGetRevokedCertsClient struct {
-	grpc.ClientStream
-}
-
-func (x *storageAuthorityReadOnlyGetRevokedCertsClient) Recv() (*proto.CRLEntry, error) {
-	m := new(proto.CRLEntry)
-	if err := x.ClientStream.RecvMsg(m); err != nil {
-		return nil, err
-	}
-	return m, nil
-}
-
-func (c *storageAuthorityReadOnlyClient) GetSerialMetadata(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*SerialMetadata, error) {
-	out := new(SerialMetadata)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthorityReadOnly/GetSerialMetadata", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityReadOnlyClient) GetValidAuthorizations2(ctx context.Context, in *GetValidAuthorizationsRequest, opts ...grpc.CallOption) (*Authorizations, error) {
-	out := new(Authorizations)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthorityReadOnly/GetValidAuthorizations2", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityReadOnlyClient) GetValidOrderAuthorizations2(ctx context.Context, in *GetValidOrderAuthorizationsRequest, opts ...grpc.CallOption) (*Authorizations, error) {
-	out := new(Authorizations)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthorityReadOnly/GetValidOrderAuthorizations2", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityReadOnlyClient) IncidentsForSerial(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*Incidents, error) {
-	out := new(Incidents)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthorityReadOnly/IncidentsForSerial", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityReadOnlyClient) KeyBlocked(ctx context.Context, in *KeyBlockedRequest, opts ...grpc.CallOption) (*Exists, error) {
-	out := new(Exists)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthorityReadOnly/KeyBlocked", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityReadOnlyClient) PreviousCertificateExists(ctx context.Context, in *PreviousCertificateExistsRequest, opts ...grpc.CallOption) (*Exists, error) {
-	out := new(Exists)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthorityReadOnly/PreviousCertificateExists", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityReadOnlyClient) SerialsForIncident(ctx context.Context, in *SerialsForIncidentRequest, opts ...grpc.CallOption) (StorageAuthorityReadOnly_SerialsForIncidentClient, error) {
-	stream, err := c.cc.NewStream(ctx, &StorageAuthorityReadOnly_ServiceDesc.Streams[1], "/sa.StorageAuthorityReadOnly/SerialsForIncident", opts...)
-	if err != nil {
-		return nil, err
-	}
-	x := &storageAuthorityReadOnlySerialsForIncidentClient{stream}
-	if err := x.ClientStream.SendMsg(in); err != nil {
-		return nil, err
-	}
-	if err := x.ClientStream.CloseSend(); err != nil {
-		return nil, err
-	}
-	return x, nil
-}
-
-type StorageAuthorityReadOnly_SerialsForIncidentClient interface {
-	Recv() (*IncidentSerial, error)
-	grpc.ClientStream
-}
-
-type storageAuthorityReadOnlySerialsForIncidentClient struct {
-	grpc.ClientStream
-}
-
-func (x *storageAuthorityReadOnlySerialsForIncidentClient) Recv() (*IncidentSerial, error) {
-	m := new(IncidentSerial)
-	if err := x.ClientStream.RecvMsg(m); err != nil {
-		return nil, err
-	}
-	return m, nil
-}
-
-// StorageAuthorityReadOnlyServer is the server API for StorageAuthorityReadOnly service.
-// All implementations must embed UnimplementedStorageAuthorityReadOnlyServer
-// for forward compatibility
-type StorageAuthorityReadOnlyServer interface {
-	CountCertificatesByNames(context.Context, *CountCertificatesByNamesRequest) (*CountByNames, error)
-	CountFQDNSets(context.Context, *CountFQDNSetsRequest) (*Count, error)
-	CountInvalidAuthorizations2(context.Context, *CountInvalidAuthorizationsRequest) (*Count, error)
-	CountOrders(context.Context, *CountOrdersRequest) (*Count, error)
-	CountPendingAuthorizations2(context.Context, *RegistrationID) (*Count, error)
-	CountRegistrationsByIP(context.Context, *CountRegistrationsByIPRequest) (*Count, error)
-	CountRegistrationsByIPRange(context.Context, *CountRegistrationsByIPRequest) (*Count, error)
-	FQDNSetExists(context.Context, *FQDNSetExistsRequest) (*Exists, error)
-	FQDNSetTimestampsForWindow(context.Context, *CountFQDNSetsRequest) (*Timestamps, error)
-	GetAuthorization2(context.Context, *AuthorizationID2) (*proto.Authorization, error)
-	GetAuthorizations2(context.Context, *GetAuthorizationsRequest) (*Authorizations, error)
-	GetCertificate(context.Context, *Serial) (*proto.Certificate, error)
-	GetCertificateStatus(context.Context, *Serial) (*proto.CertificateStatus, error)
-	GetMaxExpiration(context.Context, *emptypb.Empty) (*timestamppb.Timestamp, error)
-	GetOrder(context.Context, *OrderRequest) (*proto.Order, error)
-	GetOrderForNames(context.Context, *GetOrderForNamesRequest) (*proto.Order, error)
-	GetPendingAuthorization2(context.Context, *GetPendingAuthorizationRequest) (*proto.Authorization, error)
-	GetPrecertificate(context.Context, *Serial) (*proto.Certificate, error)
-	GetRegistration(context.Context, *RegistrationID) (*proto.Registration, error)
-	GetRegistrationByKey(context.Context, *JSONWebKey) (*proto.Registration, error)
-	GetRevocationStatus(context.Context, *Serial) (*RevocationStatus, error)
-	GetRevokedCerts(*GetRevokedCertsRequest, StorageAuthorityReadOnly_GetRevokedCertsServer) error
-	GetSerialMetadata(context.Context, *Serial) (*SerialMetadata, error)
-	GetValidAuthorizations2(context.Context, *GetValidAuthorizationsRequest) (*Authorizations, error)
-	GetValidOrderAuthorizations2(context.Context, *GetValidOrderAuthorizationsRequest) (*Authorizations, error)
-	IncidentsForSerial(context.Context, *Serial) (*Incidents, error)
-	KeyBlocked(context.Context, *KeyBlockedRequest) (*Exists, error)
-	PreviousCertificateExists(context.Context, *PreviousCertificateExistsRequest) (*Exists, error)
-	SerialsForIncident(*SerialsForIncidentRequest, StorageAuthorityReadOnly_SerialsForIncidentServer) error
-	mustEmbedUnimplementedStorageAuthorityReadOnlyServer()
-}
-
-// UnimplementedStorageAuthorityReadOnlyServer must be embedded to have forward compatible implementations.
-type UnimplementedStorageAuthorityReadOnlyServer struct {
-}
-
-func (UnimplementedStorageAuthorityReadOnlyServer) CountCertificatesByNames(context.Context, *CountCertificatesByNamesRequest) (*CountByNames, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method CountCertificatesByNames not implemented")
-}
-func (UnimplementedStorageAuthorityReadOnlyServer) CountFQDNSets(context.Context, *CountFQDNSetsRequest) (*Count, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method CountFQDNSets not implemented")
-}
-func (UnimplementedStorageAuthorityReadOnlyServer) CountInvalidAuthorizations2(context.Context, *CountInvalidAuthorizationsRequest) (*Count, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method CountInvalidAuthorizations2 not implemented")
-}
-func (UnimplementedStorageAuthorityReadOnlyServer) CountOrders(context.Context, *CountOrdersRequest) (*Count, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method CountOrders not implemented")
-}
-func (UnimplementedStorageAuthorityReadOnlyServer) CountPendingAuthorizations2(context.Context, *RegistrationID) (*Count, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method CountPendingAuthorizations2 not implemented")
-}
-func (UnimplementedStorageAuthorityReadOnlyServer) CountRegistrationsByIP(context.Context, *CountRegistrationsByIPRequest) (*Count, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method CountRegistrationsByIP not implemented")
-}
-func (UnimplementedStorageAuthorityReadOnlyServer) CountRegistrationsByIPRange(context.Context, *CountRegistrationsByIPRequest) (*Count, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method CountRegistrationsByIPRange not implemented")
-}
-func (UnimplementedStorageAuthorityReadOnlyServer) FQDNSetExists(context.Context, *FQDNSetExistsRequest) (*Exists, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method FQDNSetExists not implemented")
-}
-func (UnimplementedStorageAuthorityReadOnlyServer) FQDNSetTimestampsForWindow(context.Context, *CountFQDNSetsRequest) (*Timestamps, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method FQDNSetTimestampsForWindow not implemented")
-}
-func (UnimplementedStorageAuthorityReadOnlyServer) GetAuthorization2(context.Context, *AuthorizationID2) (*proto.Authorization, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method GetAuthorization2 not implemented")
-}
-func (UnimplementedStorageAuthorityReadOnlyServer) GetAuthorizations2(context.Context, *GetAuthorizationsRequest) (*Authorizations, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method GetAuthorizations2 not implemented")
-}
-func (UnimplementedStorageAuthorityReadOnlyServer) GetCertificate(context.Context, *Serial) (*proto.Certificate, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method GetCertificate not implemented")
-}
-func (UnimplementedStorageAuthorityReadOnlyServer) GetCertificateStatus(context.Context, *Serial) (*proto.CertificateStatus, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method GetCertificateStatus not implemented")
-}
-func (UnimplementedStorageAuthorityReadOnlyServer) GetMaxExpiration(context.Context, *emptypb.Empty) (*timestamppb.Timestamp, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method GetMaxExpiration not implemented")
-}
-func (UnimplementedStorageAuthorityReadOnlyServer) GetOrder(context.Context, *OrderRequest) (*proto.Order, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method GetOrder not implemented")
-}
-func (UnimplementedStorageAuthorityReadOnlyServer) GetOrderForNames(context.Context, *GetOrderForNamesRequest) (*proto.Order, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method GetOrderForNames not implemented")
-}
-func (UnimplementedStorageAuthorityReadOnlyServer) GetPendingAuthorization2(context.Context, *GetPendingAuthorizationRequest) (*proto.Authorization, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method GetPendingAuthorization2 not implemented")
-}
-func (UnimplementedStorageAuthorityReadOnlyServer) GetPrecertificate(context.Context, *Serial) (*proto.Certificate, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method GetPrecertificate not implemented")
-}
-func (UnimplementedStorageAuthorityReadOnlyServer) GetRegistration(context.Context, *RegistrationID) (*proto.Registration, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method GetRegistration not implemented")
-}
-func (UnimplementedStorageAuthorityReadOnlyServer) GetRegistrationByKey(context.Context, *JSONWebKey) (*proto.Registration, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method GetRegistrationByKey not implemented")
-}
-func (UnimplementedStorageAuthorityReadOnlyServer) GetRevocationStatus(context.Context, *Serial) (*RevocationStatus, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method GetRevocationStatus not implemented")
-}
-func (UnimplementedStorageAuthorityReadOnlyServer) GetRevokedCerts(*GetRevokedCertsRequest, StorageAuthorityReadOnly_GetRevokedCertsServer) error {
-	return status.Errorf(codes.Unimplemented, "method GetRevokedCerts not implemented")
-}
-func (UnimplementedStorageAuthorityReadOnlyServer) GetSerialMetadata(context.Context, *Serial) (*SerialMetadata, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method GetSerialMetadata not implemented")
-}
-func (UnimplementedStorageAuthorityReadOnlyServer) GetValidAuthorizations2(context.Context, *GetValidAuthorizationsRequest) (*Authorizations, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method GetValidAuthorizations2 not implemented")
-}
-func (UnimplementedStorageAuthorityReadOnlyServer) GetValidOrderAuthorizations2(context.Context, *GetValidOrderAuthorizationsRequest) (*Authorizations, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method GetValidOrderAuthorizations2 not implemented")
-}
-func (UnimplementedStorageAuthorityReadOnlyServer) IncidentsForSerial(context.Context, *Serial) (*Incidents, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method IncidentsForSerial not implemented")
-}
-func (UnimplementedStorageAuthorityReadOnlyServer) KeyBlocked(context.Context, *KeyBlockedRequest) (*Exists, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method KeyBlocked not implemented")
-}
-func (UnimplementedStorageAuthorityReadOnlyServer) PreviousCertificateExists(context.Context, *PreviousCertificateExistsRequest) (*Exists, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method PreviousCertificateExists not implemented")
-}
-func (UnimplementedStorageAuthorityReadOnlyServer) SerialsForIncident(*SerialsForIncidentRequest, StorageAuthorityReadOnly_SerialsForIncidentServer) error {
-	return status.Errorf(codes.Unimplemented, "method SerialsForIncident not implemented")
-}
-func (UnimplementedStorageAuthorityReadOnlyServer) mustEmbedUnimplementedStorageAuthorityReadOnlyServer() {
-}
-
-// UnsafeStorageAuthorityReadOnlyServer may be embedded to opt out of forward compatibility for this service.
-// Use of this interface is not recommended, as added methods to StorageAuthorityReadOnlyServer will
-// result in compilation errors.
-type UnsafeStorageAuthorityReadOnlyServer interface {
-	mustEmbedUnimplementedStorageAuthorityReadOnlyServer()
-}
-
-func RegisterStorageAuthorityReadOnlyServer(s grpc.ServiceRegistrar, srv StorageAuthorityReadOnlyServer) {
-	s.RegisterService(&StorageAuthorityReadOnly_ServiceDesc, srv)
-}
-
-func _StorageAuthorityReadOnly_CountCertificatesByNames_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(CountCertificatesByNamesRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityReadOnlyServer).CountCertificatesByNames(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthorityReadOnly/CountCertificatesByNames",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityReadOnlyServer).CountCertificatesByNames(ctx, req.(*CountCertificatesByNamesRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthorityReadOnly_CountFQDNSets_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(CountFQDNSetsRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityReadOnlyServer).CountFQDNSets(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthorityReadOnly/CountFQDNSets",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityReadOnlyServer).CountFQDNSets(ctx, req.(*CountFQDNSetsRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthorityReadOnly_CountInvalidAuthorizations2_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(CountInvalidAuthorizationsRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityReadOnlyServer).CountInvalidAuthorizations2(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthorityReadOnly/CountInvalidAuthorizations2",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityReadOnlyServer).CountInvalidAuthorizations2(ctx, req.(*CountInvalidAuthorizationsRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthorityReadOnly_CountOrders_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(CountOrdersRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityReadOnlyServer).CountOrders(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthorityReadOnly/CountOrders",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityReadOnlyServer).CountOrders(ctx, req.(*CountOrdersRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthorityReadOnly_CountPendingAuthorizations2_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(RegistrationID)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityReadOnlyServer).CountPendingAuthorizations2(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthorityReadOnly/CountPendingAuthorizations2",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityReadOnlyServer).CountPendingAuthorizations2(ctx, req.(*RegistrationID))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthorityReadOnly_CountRegistrationsByIP_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(CountRegistrationsByIPRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityReadOnlyServer).CountRegistrationsByIP(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthorityReadOnly/CountRegistrationsByIP",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityReadOnlyServer).CountRegistrationsByIP(ctx, req.(*CountRegistrationsByIPRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthorityReadOnly_CountRegistrationsByIPRange_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(CountRegistrationsByIPRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityReadOnlyServer).CountRegistrationsByIPRange(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthorityReadOnly/CountRegistrationsByIPRange",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityReadOnlyServer).CountRegistrationsByIPRange(ctx, req.(*CountRegistrationsByIPRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthorityReadOnly_FQDNSetExists_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(FQDNSetExistsRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityReadOnlyServer).FQDNSetExists(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthorityReadOnly/FQDNSetExists",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityReadOnlyServer).FQDNSetExists(ctx, req.(*FQDNSetExistsRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthorityReadOnly_FQDNSetTimestampsForWindow_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(CountFQDNSetsRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityReadOnlyServer).FQDNSetTimestampsForWindow(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthorityReadOnly/FQDNSetTimestampsForWindow",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityReadOnlyServer).FQDNSetTimestampsForWindow(ctx, req.(*CountFQDNSetsRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthorityReadOnly_GetAuthorization2_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(AuthorizationID2)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityReadOnlyServer).GetAuthorization2(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthorityReadOnly/GetAuthorization2",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityReadOnlyServer).GetAuthorization2(ctx, req.(*AuthorizationID2))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthorityReadOnly_GetAuthorizations2_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(GetAuthorizationsRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityReadOnlyServer).GetAuthorizations2(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthorityReadOnly/GetAuthorizations2",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityReadOnlyServer).GetAuthorizations2(ctx, req.(*GetAuthorizationsRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthorityReadOnly_GetCertificate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(Serial)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityReadOnlyServer).GetCertificate(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthorityReadOnly/GetCertificate",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityReadOnlyServer).GetCertificate(ctx, req.(*Serial))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthorityReadOnly_GetCertificateStatus_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(Serial)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityReadOnlyServer).GetCertificateStatus(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthorityReadOnly/GetCertificateStatus",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityReadOnlyServer).GetCertificateStatus(ctx, req.(*Serial))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthorityReadOnly_GetMaxExpiration_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(emptypb.Empty)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityReadOnlyServer).GetMaxExpiration(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthorityReadOnly/GetMaxExpiration",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityReadOnlyServer).GetMaxExpiration(ctx, req.(*emptypb.Empty))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthorityReadOnly_GetOrder_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(OrderRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityReadOnlyServer).GetOrder(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthorityReadOnly/GetOrder",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityReadOnlyServer).GetOrder(ctx, req.(*OrderRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthorityReadOnly_GetOrderForNames_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(GetOrderForNamesRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityReadOnlyServer).GetOrderForNames(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthorityReadOnly/GetOrderForNames",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityReadOnlyServer).GetOrderForNames(ctx, req.(*GetOrderForNamesRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthorityReadOnly_GetPendingAuthorization2_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(GetPendingAuthorizationRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityReadOnlyServer).GetPendingAuthorization2(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthorityReadOnly/GetPendingAuthorization2",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityReadOnlyServer).GetPendingAuthorization2(ctx, req.(*GetPendingAuthorizationRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthorityReadOnly_GetPrecertificate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(Serial)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityReadOnlyServer).GetPrecertificate(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthorityReadOnly/GetPrecertificate",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityReadOnlyServer).GetPrecertificate(ctx, req.(*Serial))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthorityReadOnly_GetRegistration_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(RegistrationID)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityReadOnlyServer).GetRegistration(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthorityReadOnly/GetRegistration",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityReadOnlyServer).GetRegistration(ctx, req.(*RegistrationID))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthorityReadOnly_GetRegistrationByKey_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(JSONWebKey)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityReadOnlyServer).GetRegistrationByKey(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthorityReadOnly/GetRegistrationByKey",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityReadOnlyServer).GetRegistrationByKey(ctx, req.(*JSONWebKey))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthorityReadOnly_GetRevocationStatus_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(Serial)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityReadOnlyServer).GetRevocationStatus(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthorityReadOnly/GetRevocationStatus",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityReadOnlyServer).GetRevocationStatus(ctx, req.(*Serial))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthorityReadOnly_GetRevokedCerts_Handler(srv interface{}, stream grpc.ServerStream) error {
-	m := new(GetRevokedCertsRequest)
-	if err := stream.RecvMsg(m); err != nil {
-		return err
-	}
-	return srv.(StorageAuthorityReadOnlyServer).GetRevokedCerts(m, &storageAuthorityReadOnlyGetRevokedCertsServer{stream})
-}
-
-type StorageAuthorityReadOnly_GetRevokedCertsServer interface {
-	Send(*proto.CRLEntry) error
-	grpc.ServerStream
-}
-
-type storageAuthorityReadOnlyGetRevokedCertsServer struct {
-	grpc.ServerStream
-}
-
-func (x *storageAuthorityReadOnlyGetRevokedCertsServer) Send(m *proto.CRLEntry) error {
-	return x.ServerStream.SendMsg(m)
-}
-
-func _StorageAuthorityReadOnly_GetSerialMetadata_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(Serial)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityReadOnlyServer).GetSerialMetadata(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthorityReadOnly/GetSerialMetadata",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityReadOnlyServer).GetSerialMetadata(ctx, req.(*Serial))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthorityReadOnly_GetValidAuthorizations2_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(GetValidAuthorizationsRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityReadOnlyServer).GetValidAuthorizations2(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthorityReadOnly/GetValidAuthorizations2",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityReadOnlyServer).GetValidAuthorizations2(ctx, req.(*GetValidAuthorizationsRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthorityReadOnly_GetValidOrderAuthorizations2_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(GetValidOrderAuthorizationsRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityReadOnlyServer).GetValidOrderAuthorizations2(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthorityReadOnly/GetValidOrderAuthorizations2",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityReadOnlyServer).GetValidOrderAuthorizations2(ctx, req.(*GetValidOrderAuthorizationsRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthorityReadOnly_IncidentsForSerial_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(Serial)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityReadOnlyServer).IncidentsForSerial(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthorityReadOnly/IncidentsForSerial",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityReadOnlyServer).IncidentsForSerial(ctx, req.(*Serial))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthorityReadOnly_KeyBlocked_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(KeyBlockedRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityReadOnlyServer).KeyBlocked(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthorityReadOnly/KeyBlocked",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityReadOnlyServer).KeyBlocked(ctx, req.(*KeyBlockedRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthorityReadOnly_PreviousCertificateExists_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(PreviousCertificateExistsRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityReadOnlyServer).PreviousCertificateExists(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthorityReadOnly/PreviousCertificateExists",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityReadOnlyServer).PreviousCertificateExists(ctx, req.(*PreviousCertificateExistsRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthorityReadOnly_SerialsForIncident_Handler(srv interface{}, stream grpc.ServerStream) error {
-	m := new(SerialsForIncidentRequest)
-	if err := stream.RecvMsg(m); err != nil {
-		return err
-	}
-	return srv.(StorageAuthorityReadOnlyServer).SerialsForIncident(m, &storageAuthorityReadOnlySerialsForIncidentServer{stream})
-}
-
-type StorageAuthorityReadOnly_SerialsForIncidentServer interface {
-	Send(*IncidentSerial) error
-	grpc.ServerStream
-}
-
-type storageAuthorityReadOnlySerialsForIncidentServer struct {
-	grpc.ServerStream
-}
-
-func (x *storageAuthorityReadOnlySerialsForIncidentServer) Send(m *IncidentSerial) error {
-	return x.ServerStream.SendMsg(m)
-}
-
-// StorageAuthorityReadOnly_ServiceDesc is the grpc.ServiceDesc for StorageAuthorityReadOnly service.
-// It's only intended for direct use with grpc.RegisterService,
-// and not to be introspected or modified (even as a copy)
-var StorageAuthorityReadOnly_ServiceDesc = grpc.ServiceDesc{
-	ServiceName: "sa.StorageAuthorityReadOnly",
-	HandlerType: (*StorageAuthorityReadOnlyServer)(nil),
-	Methods: []grpc.MethodDesc{
-		{
-			MethodName: "CountCertificatesByNames",
-			Handler:    _StorageAuthorityReadOnly_CountCertificatesByNames_Handler,
-		},
-		{
-			MethodName: "CountFQDNSets",
-			Handler:    _StorageAuthorityReadOnly_CountFQDNSets_Handler,
-		},
-		{
-			MethodName: "CountInvalidAuthorizations2",
-			Handler:    _StorageAuthorityReadOnly_CountInvalidAuthorizations2_Handler,
-		},
-		{
-			MethodName: "CountOrders",
-			Handler:    _StorageAuthorityReadOnly_CountOrders_Handler,
-		},
-		{
-			MethodName: "CountPendingAuthorizations2",
-			Handler:    _StorageAuthorityReadOnly_CountPendingAuthorizations2_Handler,
-		},
-		{
-			MethodName: "CountRegistrationsByIP",
-			Handler:    _StorageAuthorityReadOnly_CountRegistrationsByIP_Handler,
-		},
-		{
-			MethodName: "CountRegistrationsByIPRange",
-			Handler:    _StorageAuthorityReadOnly_CountRegistrationsByIPRange_Handler,
-		},
-		{
-			MethodName: "FQDNSetExists",
-			Handler:    _StorageAuthorityReadOnly_FQDNSetExists_Handler,
-		},
-		{
-			MethodName: "FQDNSetTimestampsForWindow",
-			Handler:    _StorageAuthorityReadOnly_FQDNSetTimestampsForWindow_Handler,
-		},
-		{
-			MethodName: "GetAuthorization2",
-			Handler:    _StorageAuthorityReadOnly_GetAuthorization2_Handler,
-		},
-		{
-			MethodName: "GetAuthorizations2",
-			Handler:    _StorageAuthorityReadOnly_GetAuthorizations2_Handler,
-		},
-		{
-			MethodName: "GetCertificate",
-			Handler:    _StorageAuthorityReadOnly_GetCertificate_Handler,
-		},
-		{
-			MethodName: "GetCertificateStatus",
-			Handler:    _StorageAuthorityReadOnly_GetCertificateStatus_Handler,
-		},
-		{
-			MethodName: "GetMaxExpiration",
-			Handler:    _StorageAuthorityReadOnly_GetMaxExpiration_Handler,
-		},
-		{
-			MethodName: "GetOrder",
-			Handler:    _StorageAuthorityReadOnly_GetOrder_Handler,
-		},
-		{
-			MethodName: "GetOrderForNames",
-			Handler:    _StorageAuthorityReadOnly_GetOrderForNames_Handler,
-		},
-		{
-			MethodName: "GetPendingAuthorization2",
-			Handler:    _StorageAuthorityReadOnly_GetPendingAuthorization2_Handler,
-		},
-		{
-			MethodName: "GetPrecertificate",
-			Handler:    _StorageAuthorityReadOnly_GetPrecertificate_Handler,
-		},
-		{
-			MethodName: "GetRegistration",
-			Handler:    _StorageAuthorityReadOnly_GetRegistration_Handler,
-		},
-		{
-			MethodName: "GetRegistrationByKey",
-			Handler:    _StorageAuthorityReadOnly_GetRegistrationByKey_Handler,
-		},
-		{
-			MethodName: "GetRevocationStatus",
-			Handler:    _StorageAuthorityReadOnly_GetRevocationStatus_Handler,
-		},
-		{
-			MethodName: "GetSerialMetadata",
-			Handler:    _StorageAuthorityReadOnly_GetSerialMetadata_Handler,
-		},
-		{
-			MethodName: "GetValidAuthorizations2",
-			Handler:    _StorageAuthorityReadOnly_GetValidAuthorizations2_Handler,
-		},
-		{
-			MethodName: "GetValidOrderAuthorizations2",
-			Handler:    _StorageAuthorityReadOnly_GetValidOrderAuthorizations2_Handler,
-		},
-		{
-			MethodName: "IncidentsForSerial",
-			Handler:    _StorageAuthorityReadOnly_IncidentsForSerial_Handler,
-		},
-		{
-			MethodName: "KeyBlocked",
-			Handler:    _StorageAuthorityReadOnly_KeyBlocked_Handler,
-		},
-		{
-			MethodName: "PreviousCertificateExists",
-			Handler:    _StorageAuthorityReadOnly_PreviousCertificateExists_Handler,
-		},
-	},
-	Streams: []grpc.StreamDesc{
-		{
-			StreamName:    "GetRevokedCerts",
-			Handler:       _StorageAuthorityReadOnly_GetRevokedCerts_Handler,
-			ServerStreams: true,
-		},
-		{
-			StreamName:    "SerialsForIncident",
-			Handler:       _StorageAuthorityReadOnly_SerialsForIncident_Handler,
-			ServerStreams: true,
-		},
-	},
-	Metadata: "sa.proto",
-}
-
-// StorageAuthorityClient is the client API for StorageAuthority service.
-//
-// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
-type StorageAuthorityClient interface {
-	// Getters: this list must be identical to the StorageAuthorityReadOnly rpcs.
-	CountCertificatesByNames(ctx context.Context, in *CountCertificatesByNamesRequest, opts ...grpc.CallOption) (*CountByNames, error)
-	CountFQDNSets(ctx context.Context, in *CountFQDNSetsRequest, opts ...grpc.CallOption) (*Count, error)
-	CountInvalidAuthorizations2(ctx context.Context, in *CountInvalidAuthorizationsRequest, opts ...grpc.CallOption) (*Count, error)
-	CountOrders(ctx context.Context, in *CountOrdersRequest, opts ...grpc.CallOption) (*Count, error)
-	CountPendingAuthorizations2(ctx context.Context, in *RegistrationID, opts ...grpc.CallOption) (*Count, error)
-	CountRegistrationsByIP(ctx context.Context, in *CountRegistrationsByIPRequest, opts ...grpc.CallOption) (*Count, error)
-	CountRegistrationsByIPRange(ctx context.Context, in *CountRegistrationsByIPRequest, opts ...grpc.CallOption) (*Count, error)
-	FQDNSetExists(ctx context.Context, in *FQDNSetExistsRequest, opts ...grpc.CallOption) (*Exists, error)
-	FQDNSetTimestampsForWindow(ctx context.Context, in *CountFQDNSetsRequest, opts ...grpc.CallOption) (*Timestamps, error)
-	GetAuthorization2(ctx context.Context, in *AuthorizationID2, opts ...grpc.CallOption) (*proto.Authorization, error)
-	GetAuthorizations2(ctx context.Context, in *GetAuthorizationsRequest, opts ...grpc.CallOption) (*Authorizations, error)
-	GetCertificate(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*proto.Certificate, error)
-	GetCertificateStatus(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*proto.CertificateStatus, error)
-	GetMaxExpiration(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*timestamppb.Timestamp, error)
-	GetOrder(ctx context.Context, in *OrderRequest, opts ...grpc.CallOption) (*proto.Order, error)
-	GetOrderForNames(ctx context.Context, in *GetOrderForNamesRequest, opts ...grpc.CallOption) (*proto.Order, error)
-	GetPendingAuthorization2(ctx context.Context, in *GetPendingAuthorizationRequest, opts ...grpc.CallOption) (*proto.Authorization, error)
-	GetPrecertificate(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*proto.Certificate, error)
-	GetRegistration(ctx context.Context, in *RegistrationID, opts ...grpc.CallOption) (*proto.Registration, error)
-	GetRegistrationByKey(ctx context.Context, in *JSONWebKey, opts ...grpc.CallOption) (*proto.Registration, error)
-	GetRevocationStatus(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*RevocationStatus, error)
-	GetRevokedCerts(ctx context.Context, in *GetRevokedCertsRequest, opts ...grpc.CallOption) (StorageAuthority_GetRevokedCertsClient, error)
-	GetSerialMetadata(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*SerialMetadata, error)
-	GetValidAuthorizations2(ctx context.Context, in *GetValidAuthorizationsRequest, opts ...grpc.CallOption) (*Authorizations, error)
-	GetValidOrderAuthorizations2(ctx context.Context, in *GetValidOrderAuthorizationsRequest, opts ...grpc.CallOption) (*Authorizations, error)
-	IncidentsForSerial(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*Incidents, error)
-	KeyBlocked(ctx context.Context, in *KeyBlockedRequest, opts ...grpc.CallOption) (*Exists, error)
-	PreviousCertificateExists(ctx context.Context, in *PreviousCertificateExistsRequest, opts ...grpc.CallOption) (*Exists, error)
-	SerialsForIncident(ctx context.Context, in *SerialsForIncidentRequest, opts ...grpc.CallOption) (StorageAuthority_SerialsForIncidentClient, error)
-	// Adders
-	AddBlockedKey(ctx context.Context, in *AddBlockedKeyRequest, opts ...grpc.CallOption) (*emptypb.Empty, error)
-	AddCertificate(ctx context.Context, in *AddCertificateRequest, opts ...grpc.CallOption) (*AddCertificateResponse, error)
-	AddPrecertificate(ctx context.Context, in *AddCertificateRequest, opts ...grpc.CallOption) (*emptypb.Empty, error)
-	AddSerial(ctx context.Context, in *AddSerialRequest, opts ...grpc.CallOption) (*emptypb.Empty, error)
-	DeactivateAuthorization2(ctx context.Context, in *AuthorizationID2, opts ...grpc.CallOption) (*emptypb.Empty, error)
-	DeactivateRegistration(ctx context.Context, in *RegistrationID, opts ...grpc.CallOption) (*emptypb.Empty, error)
-	FinalizeAuthorization2(ctx context.Context, in *FinalizeAuthorizationRequest, opts ...grpc.CallOption) (*emptypb.Empty, error)
-	FinalizeOrder(ctx context.Context, in *FinalizeOrderRequest, opts ...grpc.CallOption) (*emptypb.Empty, error)
-	NewAuthorizations2(ctx context.Context, in *AddPendingAuthorizationsRequest, opts ...grpc.CallOption) (*Authorization2IDs, error)
-	NewOrder(ctx context.Context, in *NewOrderRequest, opts ...grpc.CallOption) (*proto.Order, error)
-	NewOrderAndAuthzs(ctx context.Context, in *NewOrderAndAuthzsRequest, opts ...grpc.CallOption) (*proto.Order, error)
-	NewRegistration(ctx context.Context, in *proto.Registration, opts ...grpc.CallOption) (*proto.Registration, error)
-	RevokeCertificate(ctx context.Context, in *RevokeCertificateRequest, opts ...grpc.CallOption) (*emptypb.Empty, error)
-	SetOrderError(ctx context.Context, in *SetOrderErrorRequest, opts ...grpc.CallOption) (*emptypb.Empty, error)
-	SetOrderProcessing(ctx context.Context, in *OrderRequest, opts ...grpc.CallOption) (*emptypb.Empty, error)
-	UpdateRegistration(ctx context.Context, in *proto.Registration, opts ...grpc.CallOption) (*emptypb.Empty, error)
-	UpdateRevokedCertificate(ctx context.Context, in *RevokeCertificateRequest, opts ...grpc.CallOption) (*emptypb.Empty, error)
-}
-
-type storageAuthorityClient struct {
-	cc grpc.ClientConnInterface
-}
-
-func NewStorageAuthorityClient(cc grpc.ClientConnInterface) StorageAuthorityClient {
-	return &storageAuthorityClient{cc}
-}
-
-func (c *storageAuthorityClient) CountCertificatesByNames(ctx context.Context, in *CountCertificatesByNamesRequest, opts ...grpc.CallOption) (*CountByNames, error) {
-	out := new(CountByNames)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/CountCertificatesByNames", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) CountFQDNSets(ctx context.Context, in *CountFQDNSetsRequest, opts ...grpc.CallOption) (*Count, error) {
-	out := new(Count)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/CountFQDNSets", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) CountInvalidAuthorizations2(ctx context.Context, in *CountInvalidAuthorizationsRequest, opts ...grpc.CallOption) (*Count, error) {
-	out := new(Count)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/CountInvalidAuthorizations2", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) CountOrders(ctx context.Context, in *CountOrdersRequest, opts ...grpc.CallOption) (*Count, error) {
-	out := new(Count)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/CountOrders", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) CountPendingAuthorizations2(ctx context.Context, in *RegistrationID, opts ...grpc.CallOption) (*Count, error) {
-	out := new(Count)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/CountPendingAuthorizations2", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) CountRegistrationsByIP(ctx context.Context, in *CountRegistrationsByIPRequest, opts ...grpc.CallOption) (*Count, error) {
-	out := new(Count)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/CountRegistrationsByIP", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) CountRegistrationsByIPRange(ctx context.Context, in *CountRegistrationsByIPRequest, opts ...grpc.CallOption) (*Count, error) {
-	out := new(Count)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/CountRegistrationsByIPRange", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) FQDNSetExists(ctx context.Context, in *FQDNSetExistsRequest, opts ...grpc.CallOption) (*Exists, error) {
-	out := new(Exists)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/FQDNSetExists", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) FQDNSetTimestampsForWindow(ctx context.Context, in *CountFQDNSetsRequest, opts ...grpc.CallOption) (*Timestamps, error) {
-	out := new(Timestamps)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/FQDNSetTimestampsForWindow", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) GetAuthorization2(ctx context.Context, in *AuthorizationID2, opts ...grpc.CallOption) (*proto.Authorization, error) {
-	out := new(proto.Authorization)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/GetAuthorization2", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) GetAuthorizations2(ctx context.Context, in *GetAuthorizationsRequest, opts ...grpc.CallOption) (*Authorizations, error) {
-	out := new(Authorizations)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/GetAuthorizations2", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) GetCertificate(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*proto.Certificate, error) {
-	out := new(proto.Certificate)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/GetCertificate", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) GetCertificateStatus(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*proto.CertificateStatus, error) {
-	out := new(proto.CertificateStatus)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/GetCertificateStatus", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) GetMaxExpiration(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*timestamppb.Timestamp, error) {
-	out := new(timestamppb.Timestamp)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/GetMaxExpiration", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) GetOrder(ctx context.Context, in *OrderRequest, opts ...grpc.CallOption) (*proto.Order, error) {
-	out := new(proto.Order)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/GetOrder", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) GetOrderForNames(ctx context.Context, in *GetOrderForNamesRequest, opts ...grpc.CallOption) (*proto.Order, error) {
-	out := new(proto.Order)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/GetOrderForNames", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) GetPendingAuthorization2(ctx context.Context, in *GetPendingAuthorizationRequest, opts ...grpc.CallOption) (*proto.Authorization, error) {
-	out := new(proto.Authorization)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/GetPendingAuthorization2", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) GetPrecertificate(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*proto.Certificate, error) {
-	out := new(proto.Certificate)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/GetPrecertificate", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) GetRegistration(ctx context.Context, in *RegistrationID, opts ...grpc.CallOption) (*proto.Registration, error) {
-	out := new(proto.Registration)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/GetRegistration", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) GetRegistrationByKey(ctx context.Context, in *JSONWebKey, opts ...grpc.CallOption) (*proto.Registration, error) {
-	out := new(proto.Registration)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/GetRegistrationByKey", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) GetRevocationStatus(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*RevocationStatus, error) {
-	out := new(RevocationStatus)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/GetRevocationStatus", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) GetRevokedCerts(ctx context.Context, in *GetRevokedCertsRequest, opts ...grpc.CallOption) (StorageAuthority_GetRevokedCertsClient, error) {
-	stream, err := c.cc.NewStream(ctx, &StorageAuthority_ServiceDesc.Streams[0], "/sa.StorageAuthority/GetRevokedCerts", opts...)
-	if err != nil {
-		return nil, err
-	}
-	x := &storageAuthorityGetRevokedCertsClient{stream}
-	if err := x.ClientStream.SendMsg(in); err != nil {
-		return nil, err
-	}
-	if err := x.ClientStream.CloseSend(); err != nil {
-		return nil, err
-	}
-	return x, nil
-}
-
-type StorageAuthority_GetRevokedCertsClient interface {
-	Recv() (*proto.CRLEntry, error)
-	grpc.ClientStream
-}
-
-type storageAuthorityGetRevokedCertsClient struct {
-	grpc.ClientStream
-}
-
-func (x *storageAuthorityGetRevokedCertsClient) Recv() (*proto.CRLEntry, error) {
-	m := new(proto.CRLEntry)
-	if err := x.ClientStream.RecvMsg(m); err != nil {
-		return nil, err
-	}
-	return m, nil
-}
-
-func (c *storageAuthorityClient) GetSerialMetadata(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*SerialMetadata, error) {
-	out := new(SerialMetadata)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/GetSerialMetadata", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) GetValidAuthorizations2(ctx context.Context, in *GetValidAuthorizationsRequest, opts ...grpc.CallOption) (*Authorizations, error) {
-	out := new(Authorizations)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/GetValidAuthorizations2", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) GetValidOrderAuthorizations2(ctx context.Context, in *GetValidOrderAuthorizationsRequest, opts ...grpc.CallOption) (*Authorizations, error) {
-	out := new(Authorizations)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/GetValidOrderAuthorizations2", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) IncidentsForSerial(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*Incidents, error) {
-	out := new(Incidents)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/IncidentsForSerial", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) KeyBlocked(ctx context.Context, in *KeyBlockedRequest, opts ...grpc.CallOption) (*Exists, error) {
-	out := new(Exists)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/KeyBlocked", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) PreviousCertificateExists(ctx context.Context, in *PreviousCertificateExistsRequest, opts ...grpc.CallOption) (*Exists, error) {
-	out := new(Exists)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/PreviousCertificateExists", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) SerialsForIncident(ctx context.Context, in *SerialsForIncidentRequest, opts ...grpc.CallOption) (StorageAuthority_SerialsForIncidentClient, error) {
-	stream, err := c.cc.NewStream(ctx, &StorageAuthority_ServiceDesc.Streams[1], "/sa.StorageAuthority/SerialsForIncident", opts...)
-	if err != nil {
-		return nil, err
-	}
-	x := &storageAuthoritySerialsForIncidentClient{stream}
-	if err := x.ClientStream.SendMsg(in); err != nil {
-		return nil, err
-	}
-	if err := x.ClientStream.CloseSend(); err != nil {
-		return nil, err
-	}
-	return x, nil
-}
-
-type StorageAuthority_SerialsForIncidentClient interface {
-	Recv() (*IncidentSerial, error)
-	grpc.ClientStream
-}
-
-type storageAuthoritySerialsForIncidentClient struct {
-	grpc.ClientStream
-}
-
-func (x *storageAuthoritySerialsForIncidentClient) Recv() (*IncidentSerial, error) {
-	m := new(IncidentSerial)
-	if err := x.ClientStream.RecvMsg(m); err != nil {
-		return nil, err
-	}
-	return m, nil
-}
-
-func (c *storageAuthorityClient) AddBlockedKey(ctx context.Context, in *AddBlockedKeyRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) {
-	out := new(emptypb.Empty)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/AddBlockedKey", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) AddCertificate(ctx context.Context, in *AddCertificateRequest, opts ...grpc.CallOption) (*AddCertificateResponse, error) {
-	out := new(AddCertificateResponse)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/AddCertificate", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) AddPrecertificate(ctx context.Context, in *AddCertificateRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) {
-	out := new(emptypb.Empty)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/AddPrecertificate", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) AddSerial(ctx context.Context, in *AddSerialRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) {
-	out := new(emptypb.Empty)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/AddSerial", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) DeactivateAuthorization2(ctx context.Context, in *AuthorizationID2, opts ...grpc.CallOption) (*emptypb.Empty, error) {
-	out := new(emptypb.Empty)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/DeactivateAuthorization2", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) DeactivateRegistration(ctx context.Context, in *RegistrationID, opts ...grpc.CallOption) (*emptypb.Empty, error) {
-	out := new(emptypb.Empty)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/DeactivateRegistration", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) FinalizeAuthorization2(ctx context.Context, in *FinalizeAuthorizationRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) {
-	out := new(emptypb.Empty)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/FinalizeAuthorization2", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) FinalizeOrder(ctx context.Context, in *FinalizeOrderRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) {
-	out := new(emptypb.Empty)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/FinalizeOrder", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) NewAuthorizations2(ctx context.Context, in *AddPendingAuthorizationsRequest, opts ...grpc.CallOption) (*Authorization2IDs, error) {
-	out := new(Authorization2IDs)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/NewAuthorizations2", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) NewOrder(ctx context.Context, in *NewOrderRequest, opts ...grpc.CallOption) (*proto.Order, error) {
-	out := new(proto.Order)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/NewOrder", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) NewOrderAndAuthzs(ctx context.Context, in *NewOrderAndAuthzsRequest, opts ...grpc.CallOption) (*proto.Order, error) {
-	out := new(proto.Order)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/NewOrderAndAuthzs", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) NewRegistration(ctx context.Context, in *proto.Registration, opts ...grpc.CallOption) (*proto.Registration, error) {
-	out := new(proto.Registration)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/NewRegistration", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) RevokeCertificate(ctx context.Context, in *RevokeCertificateRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) {
-	out := new(emptypb.Empty)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/RevokeCertificate", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) SetOrderError(ctx context.Context, in *SetOrderErrorRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) {
-	out := new(emptypb.Empty)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/SetOrderError", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) SetOrderProcessing(ctx context.Context, in *OrderRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) {
-	out := new(emptypb.Empty)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/SetOrderProcessing", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) UpdateRegistration(ctx context.Context, in *proto.Registration, opts ...grpc.CallOption) (*emptypb.Empty, error) {
-	out := new(emptypb.Empty)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/UpdateRegistration", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *storageAuthorityClient) UpdateRevokedCertificate(ctx context.Context, in *RevokeCertificateRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) {
-	out := new(emptypb.Empty)
-	err := c.cc.Invoke(ctx, "/sa.StorageAuthority/UpdateRevokedCertificate", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-// StorageAuthorityServer is the server API for StorageAuthority service.
-// All implementations must embed UnimplementedStorageAuthorityServer
-// for forward compatibility
-type StorageAuthorityServer interface {
-	// Getters: this list must be identical to the StorageAuthorityReadOnly rpcs.
-	CountCertificatesByNames(context.Context, *CountCertificatesByNamesRequest) (*CountByNames, error)
-	CountFQDNSets(context.Context, *CountFQDNSetsRequest) (*Count, error)
-	CountInvalidAuthorizations2(context.Context, *CountInvalidAuthorizationsRequest) (*Count, error)
-	CountOrders(context.Context, *CountOrdersRequest) (*Count, error)
-	CountPendingAuthorizations2(context.Context, *RegistrationID) (*Count, error)
-	CountRegistrationsByIP(context.Context, *CountRegistrationsByIPRequest) (*Count, error)
-	CountRegistrationsByIPRange(context.Context, *CountRegistrationsByIPRequest) (*Count, error)
-	FQDNSetExists(context.Context, *FQDNSetExistsRequest) (*Exists, error)
-	FQDNSetTimestampsForWindow(context.Context, *CountFQDNSetsRequest) (*Timestamps, error)
-	GetAuthorization2(context.Context, *AuthorizationID2) (*proto.Authorization, error)
-	GetAuthorizations2(context.Context, *GetAuthorizationsRequest) (*Authorizations, error)
-	GetCertificate(context.Context, *Serial) (*proto.Certificate, error)
-	GetCertificateStatus(context.Context, *Serial) (*proto.CertificateStatus, error)
-	GetMaxExpiration(context.Context, *emptypb.Empty) (*timestamppb.Timestamp, error)
-	GetOrder(context.Context, *OrderRequest) (*proto.Order, error)
-	GetOrderForNames(context.Context, *GetOrderForNamesRequest) (*proto.Order, error)
-	GetPendingAuthorization2(context.Context, *GetPendingAuthorizationRequest) (*proto.Authorization, error)
-	GetPrecertificate(context.Context, *Serial) (*proto.Certificate, error)
-	GetRegistration(context.Context, *RegistrationID) (*proto.Registration, error)
-	GetRegistrationByKey(context.Context, *JSONWebKey) (*proto.Registration, error)
-	GetRevocationStatus(context.Context, *Serial) (*RevocationStatus, error)
-	GetRevokedCerts(*GetRevokedCertsRequest, StorageAuthority_GetRevokedCertsServer) error
-	GetSerialMetadata(context.Context, *Serial) (*SerialMetadata, error)
-	GetValidAuthorizations2(context.Context, *GetValidAuthorizationsRequest) (*Authorizations, error)
-	GetValidOrderAuthorizations2(context.Context, *GetValidOrderAuthorizationsRequest) (*Authorizations, error)
-	IncidentsForSerial(context.Context, *Serial) (*Incidents, error)
-	KeyBlocked(context.Context, *KeyBlockedRequest) (*Exists, error)
-	PreviousCertificateExists(context.Context, *PreviousCertificateExistsRequest) (*Exists, error)
-	SerialsForIncident(*SerialsForIncidentRequest, StorageAuthority_SerialsForIncidentServer) error
-	// Adders
-	AddBlockedKey(context.Context, *AddBlockedKeyRequest) (*emptypb.Empty, error)
-	AddCertificate(context.Context, *AddCertificateRequest) (*AddCertificateResponse, error)
-	AddPrecertificate(context.Context, *AddCertificateRequest) (*emptypb.Empty, error)
-	AddSerial(context.Context, *AddSerialRequest) (*emptypb.Empty, error)
-	DeactivateAuthorization2(context.Context, *AuthorizationID2) (*emptypb.Empty, error)
-	DeactivateRegistration(context.Context, *RegistrationID) (*emptypb.Empty, error)
-	FinalizeAuthorization2(context.Context, *FinalizeAuthorizationRequest) (*emptypb.Empty, error)
-	FinalizeOrder(context.Context, *FinalizeOrderRequest) (*emptypb.Empty, error)
-	NewAuthorizations2(context.Context, *AddPendingAuthorizationsRequest) (*Authorization2IDs, error)
-	NewOrder(context.Context, *NewOrderRequest) (*proto.Order, error)
-	NewOrderAndAuthzs(context.Context, *NewOrderAndAuthzsRequest) (*proto.Order, error)
-	NewRegistration(context.Context, *proto.Registration) (*proto.Registration, error)
-	RevokeCertificate(context.Context, *RevokeCertificateRequest) (*emptypb.Empty, error)
-	SetOrderError(context.Context, *SetOrderErrorRequest) (*emptypb.Empty, error)
-	SetOrderProcessing(context.Context, *OrderRequest) (*emptypb.Empty, error)
-	UpdateRegistration(context.Context, *proto.Registration) (*emptypb.Empty, error)
-	UpdateRevokedCertificate(context.Context, *RevokeCertificateRequest) (*emptypb.Empty, error)
-	mustEmbedUnimplementedStorageAuthorityServer()
-}
-
-// UnimplementedStorageAuthorityServer must be embedded to have forward compatible implementations.
-type UnimplementedStorageAuthorityServer struct {
-}
-
-func (UnimplementedStorageAuthorityServer) CountCertificatesByNames(context.Context, *CountCertificatesByNamesRequest) (*CountByNames, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method CountCertificatesByNames not implemented")
-}
-func (UnimplementedStorageAuthorityServer) CountFQDNSets(context.Context, *CountFQDNSetsRequest) (*Count, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method CountFQDNSets not implemented")
-}
-func (UnimplementedStorageAuthorityServer) CountInvalidAuthorizations2(context.Context, *CountInvalidAuthorizationsRequest) (*Count, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method CountInvalidAuthorizations2 not implemented")
-}
-func (UnimplementedStorageAuthorityServer) CountOrders(context.Context, *CountOrdersRequest) (*Count, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method CountOrders not implemented")
-}
-func (UnimplementedStorageAuthorityServer) CountPendingAuthorizations2(context.Context, *RegistrationID) (*Count, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method CountPendingAuthorizations2 not implemented")
-}
-func (UnimplementedStorageAuthorityServer) CountRegistrationsByIP(context.Context, *CountRegistrationsByIPRequest) (*Count, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method CountRegistrationsByIP not implemented")
-}
-func (UnimplementedStorageAuthorityServer) CountRegistrationsByIPRange(context.Context, *CountRegistrationsByIPRequest) (*Count, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method CountRegistrationsByIPRange not implemented")
-}
-func (UnimplementedStorageAuthorityServer) FQDNSetExists(context.Context, *FQDNSetExistsRequest) (*Exists, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method FQDNSetExists not implemented")
-}
-func (UnimplementedStorageAuthorityServer) FQDNSetTimestampsForWindow(context.Context, *CountFQDNSetsRequest) (*Timestamps, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method FQDNSetTimestampsForWindow not implemented")
-}
-func (UnimplementedStorageAuthorityServer) GetAuthorization2(context.Context, *AuthorizationID2) (*proto.Authorization, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method GetAuthorization2 not implemented")
-}
-func (UnimplementedStorageAuthorityServer) GetAuthorizations2(context.Context, *GetAuthorizationsRequest) (*Authorizations, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method GetAuthorizations2 not implemented")
-}
-func (UnimplementedStorageAuthorityServer) GetCertificate(context.Context, *Serial) (*proto.Certificate, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method GetCertificate not implemented")
-}
-func (UnimplementedStorageAuthorityServer) GetCertificateStatus(context.Context, *Serial) (*proto.CertificateStatus, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method GetCertificateStatus not implemented")
-}
-func (UnimplementedStorageAuthorityServer) GetMaxExpiration(context.Context, *emptypb.Empty) (*timestamppb.Timestamp, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method GetMaxExpiration not implemented")
-}
-func (UnimplementedStorageAuthorityServer) GetOrder(context.Context, *OrderRequest) (*proto.Order, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method GetOrder not implemented")
-}
-func (UnimplementedStorageAuthorityServer) GetOrderForNames(context.Context, *GetOrderForNamesRequest) (*proto.Order, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method GetOrderForNames not implemented")
-}
-func (UnimplementedStorageAuthorityServer) GetPendingAuthorization2(context.Context, *GetPendingAuthorizationRequest) (*proto.Authorization, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method GetPendingAuthorization2 not implemented")
-}
-func (UnimplementedStorageAuthorityServer) GetPrecertificate(context.Context, *Serial) (*proto.Certificate, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method GetPrecertificate not implemented")
-}
-func (UnimplementedStorageAuthorityServer) GetRegistration(context.Context, *RegistrationID) (*proto.Registration, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method GetRegistration not implemented")
-}
-func (UnimplementedStorageAuthorityServer) GetRegistrationByKey(context.Context, *JSONWebKey) (*proto.Registration, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method GetRegistrationByKey not implemented")
-}
-func (UnimplementedStorageAuthorityServer) GetRevocationStatus(context.Context, *Serial) (*RevocationStatus, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method GetRevocationStatus not implemented")
-}
-func (UnimplementedStorageAuthorityServer) GetRevokedCerts(*GetRevokedCertsRequest, StorageAuthority_GetRevokedCertsServer) error {
-	return status.Errorf(codes.Unimplemented, "method GetRevokedCerts not implemented")
-}
-func (UnimplementedStorageAuthorityServer) GetSerialMetadata(context.Context, *Serial) (*SerialMetadata, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method GetSerialMetadata not implemented")
-}
-func (UnimplementedStorageAuthorityServer) GetValidAuthorizations2(context.Context, *GetValidAuthorizationsRequest) (*Authorizations, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method GetValidAuthorizations2 not implemented")
-}
-func (UnimplementedStorageAuthorityServer) GetValidOrderAuthorizations2(context.Context, *GetValidOrderAuthorizationsRequest) (*Authorizations, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method GetValidOrderAuthorizations2 not implemented")
-}
-func (UnimplementedStorageAuthorityServer) IncidentsForSerial(context.Context, *Serial) (*Incidents, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method IncidentsForSerial not implemented")
-}
-func (UnimplementedStorageAuthorityServer) KeyBlocked(context.Context, *KeyBlockedRequest) (*Exists, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method KeyBlocked not implemented")
-}
-func (UnimplementedStorageAuthorityServer) PreviousCertificateExists(context.Context, *PreviousCertificateExistsRequest) (*Exists, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method PreviousCertificateExists not implemented")
-}
-func (UnimplementedStorageAuthorityServer) SerialsForIncident(*SerialsForIncidentRequest, StorageAuthority_SerialsForIncidentServer) error {
-	return status.Errorf(codes.Unimplemented, "method SerialsForIncident not implemented")
-}
-func (UnimplementedStorageAuthorityServer) AddBlockedKey(context.Context, *AddBlockedKeyRequest) (*emptypb.Empty, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method AddBlockedKey not implemented")
-}
-func (UnimplementedStorageAuthorityServer) AddCertificate(context.Context, *AddCertificateRequest) (*AddCertificateResponse, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method AddCertificate not implemented")
-}
-func (UnimplementedStorageAuthorityServer) AddPrecertificate(context.Context, *AddCertificateRequest) (*emptypb.Empty, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method AddPrecertificate not implemented")
-}
-func (UnimplementedStorageAuthorityServer) AddSerial(context.Context, *AddSerialRequest) (*emptypb.Empty, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method AddSerial not implemented")
-}
-func (UnimplementedStorageAuthorityServer) DeactivateAuthorization2(context.Context, *AuthorizationID2) (*emptypb.Empty, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method DeactivateAuthorization2 not implemented")
-}
-func (UnimplementedStorageAuthorityServer) DeactivateRegistration(context.Context, *RegistrationID) (*emptypb.Empty, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method DeactivateRegistration not implemented")
-}
-func (UnimplementedStorageAuthorityServer) FinalizeAuthorization2(context.Context, *FinalizeAuthorizationRequest) (*emptypb.Empty, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method FinalizeAuthorization2 not implemented")
-}
-func (UnimplementedStorageAuthorityServer) FinalizeOrder(context.Context, *FinalizeOrderRequest) (*emptypb.Empty, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method FinalizeOrder not implemented")
-}
-func (UnimplementedStorageAuthorityServer) NewAuthorizations2(context.Context, *AddPendingAuthorizationsRequest) (*Authorization2IDs, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method NewAuthorizations2 not implemented")
-}
-func (UnimplementedStorageAuthorityServer) NewOrder(context.Context, *NewOrderRequest) (*proto.Order, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method NewOrder not implemented")
-}
-func (UnimplementedStorageAuthorityServer) NewOrderAndAuthzs(context.Context, *NewOrderAndAuthzsRequest) (*proto.Order, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method NewOrderAndAuthzs not implemented")
-}
-func (UnimplementedStorageAuthorityServer) NewRegistration(context.Context, *proto.Registration) (*proto.Registration, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method NewRegistration not implemented")
-}
-func (UnimplementedStorageAuthorityServer) RevokeCertificate(context.Context, *RevokeCertificateRequest) (*emptypb.Empty, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method RevokeCertificate not implemented")
-}
-func (UnimplementedStorageAuthorityServer) SetOrderError(context.Context, *SetOrderErrorRequest) (*emptypb.Empty, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method SetOrderError not implemented")
-}
-func (UnimplementedStorageAuthorityServer) SetOrderProcessing(context.Context, *OrderRequest) (*emptypb.Empty, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method SetOrderProcessing not implemented")
-}
-func (UnimplementedStorageAuthorityServer) UpdateRegistration(context.Context, *proto.Registration) (*emptypb.Empty, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method UpdateRegistration not implemented")
-}
-func (UnimplementedStorageAuthorityServer) UpdateRevokedCertificate(context.Context, *RevokeCertificateRequest) (*emptypb.Empty, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method UpdateRevokedCertificate not implemented")
-}
-func (UnimplementedStorageAuthorityServer) mustEmbedUnimplementedStorageAuthorityServer() {}
-
-// UnsafeStorageAuthorityServer may be embedded to opt out of forward compatibility for this service.
-// Use of this interface is not recommended, as added methods to StorageAuthorityServer will
-// result in compilation errors.
-type UnsafeStorageAuthorityServer interface {
-	mustEmbedUnimplementedStorageAuthorityServer()
-}
-
-func RegisterStorageAuthorityServer(s grpc.ServiceRegistrar, srv StorageAuthorityServer) {
-	s.RegisterService(&StorageAuthority_ServiceDesc, srv)
-}
-
-func _StorageAuthority_CountCertificatesByNames_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(CountCertificatesByNamesRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).CountCertificatesByNames(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/CountCertificatesByNames",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).CountCertificatesByNames(ctx, req.(*CountCertificatesByNamesRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_CountFQDNSets_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(CountFQDNSetsRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).CountFQDNSets(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/CountFQDNSets",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).CountFQDNSets(ctx, req.(*CountFQDNSetsRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_CountInvalidAuthorizations2_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(CountInvalidAuthorizationsRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).CountInvalidAuthorizations2(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/CountInvalidAuthorizations2",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).CountInvalidAuthorizations2(ctx, req.(*CountInvalidAuthorizationsRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_CountOrders_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(CountOrdersRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).CountOrders(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/CountOrders",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).CountOrders(ctx, req.(*CountOrdersRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_CountPendingAuthorizations2_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(RegistrationID)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).CountPendingAuthorizations2(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/CountPendingAuthorizations2",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).CountPendingAuthorizations2(ctx, req.(*RegistrationID))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_CountRegistrationsByIP_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(CountRegistrationsByIPRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).CountRegistrationsByIP(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/CountRegistrationsByIP",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).CountRegistrationsByIP(ctx, req.(*CountRegistrationsByIPRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_CountRegistrationsByIPRange_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(CountRegistrationsByIPRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).CountRegistrationsByIPRange(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/CountRegistrationsByIPRange",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).CountRegistrationsByIPRange(ctx, req.(*CountRegistrationsByIPRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_FQDNSetExists_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(FQDNSetExistsRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).FQDNSetExists(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/FQDNSetExists",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).FQDNSetExists(ctx, req.(*FQDNSetExistsRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_FQDNSetTimestampsForWindow_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(CountFQDNSetsRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).FQDNSetTimestampsForWindow(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/FQDNSetTimestampsForWindow",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).FQDNSetTimestampsForWindow(ctx, req.(*CountFQDNSetsRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_GetAuthorization2_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(AuthorizationID2)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).GetAuthorization2(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/GetAuthorization2",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).GetAuthorization2(ctx, req.(*AuthorizationID2))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_GetAuthorizations2_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(GetAuthorizationsRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).GetAuthorizations2(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/GetAuthorizations2",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).GetAuthorizations2(ctx, req.(*GetAuthorizationsRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_GetCertificate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(Serial)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).GetCertificate(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/GetCertificate",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).GetCertificate(ctx, req.(*Serial))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_GetCertificateStatus_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(Serial)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).GetCertificateStatus(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/GetCertificateStatus",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).GetCertificateStatus(ctx, req.(*Serial))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_GetMaxExpiration_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(emptypb.Empty)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).GetMaxExpiration(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/GetMaxExpiration",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).GetMaxExpiration(ctx, req.(*emptypb.Empty))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_GetOrder_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(OrderRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).GetOrder(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/GetOrder",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).GetOrder(ctx, req.(*OrderRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_GetOrderForNames_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(GetOrderForNamesRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).GetOrderForNames(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/GetOrderForNames",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).GetOrderForNames(ctx, req.(*GetOrderForNamesRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_GetPendingAuthorization2_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(GetPendingAuthorizationRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).GetPendingAuthorization2(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/GetPendingAuthorization2",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).GetPendingAuthorization2(ctx, req.(*GetPendingAuthorizationRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_GetPrecertificate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(Serial)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).GetPrecertificate(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/GetPrecertificate",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).GetPrecertificate(ctx, req.(*Serial))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_GetRegistration_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(RegistrationID)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).GetRegistration(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/GetRegistration",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).GetRegistration(ctx, req.(*RegistrationID))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_GetRegistrationByKey_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(JSONWebKey)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).GetRegistrationByKey(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/GetRegistrationByKey",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).GetRegistrationByKey(ctx, req.(*JSONWebKey))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_GetRevocationStatus_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(Serial)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).GetRevocationStatus(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/GetRevocationStatus",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).GetRevocationStatus(ctx, req.(*Serial))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_GetRevokedCerts_Handler(srv interface{}, stream grpc.ServerStream) error {
-	m := new(GetRevokedCertsRequest)
-	if err := stream.RecvMsg(m); err != nil {
-		return err
-	}
-	return srv.(StorageAuthorityServer).GetRevokedCerts(m, &storageAuthorityGetRevokedCertsServer{stream})
-}
-
-type StorageAuthority_GetRevokedCertsServer interface {
-	Send(*proto.CRLEntry) error
-	grpc.ServerStream
-}
-
-type storageAuthorityGetRevokedCertsServer struct {
-	grpc.ServerStream
-}
-
-func (x *storageAuthorityGetRevokedCertsServer) Send(m *proto.CRLEntry) error {
-	return x.ServerStream.SendMsg(m)
-}
-
-func _StorageAuthority_GetSerialMetadata_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(Serial)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).GetSerialMetadata(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/GetSerialMetadata",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).GetSerialMetadata(ctx, req.(*Serial))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_GetValidAuthorizations2_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(GetValidAuthorizationsRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).GetValidAuthorizations2(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/GetValidAuthorizations2",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).GetValidAuthorizations2(ctx, req.(*GetValidAuthorizationsRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_GetValidOrderAuthorizations2_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(GetValidOrderAuthorizationsRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).GetValidOrderAuthorizations2(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/GetValidOrderAuthorizations2",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).GetValidOrderAuthorizations2(ctx, req.(*GetValidOrderAuthorizationsRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_IncidentsForSerial_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(Serial)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).IncidentsForSerial(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/IncidentsForSerial",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).IncidentsForSerial(ctx, req.(*Serial))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_KeyBlocked_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(KeyBlockedRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).KeyBlocked(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/KeyBlocked",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).KeyBlocked(ctx, req.(*KeyBlockedRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_PreviousCertificateExists_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(PreviousCertificateExistsRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).PreviousCertificateExists(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/PreviousCertificateExists",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).PreviousCertificateExists(ctx, req.(*PreviousCertificateExistsRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_SerialsForIncident_Handler(srv interface{}, stream grpc.ServerStream) error {
-	m := new(SerialsForIncidentRequest)
-	if err := stream.RecvMsg(m); err != nil {
-		return err
-	}
-	return srv.(StorageAuthorityServer).SerialsForIncident(m, &storageAuthoritySerialsForIncidentServer{stream})
-}
-
-type StorageAuthority_SerialsForIncidentServer interface {
-	Send(*IncidentSerial) error
-	grpc.ServerStream
-}
-
-type storageAuthoritySerialsForIncidentServer struct {
-	grpc.ServerStream
-}
-
-func (x *storageAuthoritySerialsForIncidentServer) Send(m *IncidentSerial) error {
-	return x.ServerStream.SendMsg(m)
-}
-
-func _StorageAuthority_AddBlockedKey_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(AddBlockedKeyRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).AddBlockedKey(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/AddBlockedKey",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).AddBlockedKey(ctx, req.(*AddBlockedKeyRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_AddCertificate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(AddCertificateRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).AddCertificate(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/AddCertificate",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).AddCertificate(ctx, req.(*AddCertificateRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_AddPrecertificate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(AddCertificateRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).AddPrecertificate(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/AddPrecertificate",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).AddPrecertificate(ctx, req.(*AddCertificateRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_AddSerial_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(AddSerialRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).AddSerial(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/AddSerial",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).AddSerial(ctx, req.(*AddSerialRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_DeactivateAuthorization2_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(AuthorizationID2)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).DeactivateAuthorization2(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/DeactivateAuthorization2",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).DeactivateAuthorization2(ctx, req.(*AuthorizationID2))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_DeactivateRegistration_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(RegistrationID)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).DeactivateRegistration(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/DeactivateRegistration",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).DeactivateRegistration(ctx, req.(*RegistrationID))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_FinalizeAuthorization2_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(FinalizeAuthorizationRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).FinalizeAuthorization2(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/FinalizeAuthorization2",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).FinalizeAuthorization2(ctx, req.(*FinalizeAuthorizationRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_FinalizeOrder_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(FinalizeOrderRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).FinalizeOrder(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/FinalizeOrder",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).FinalizeOrder(ctx, req.(*FinalizeOrderRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_NewAuthorizations2_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(AddPendingAuthorizationsRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).NewAuthorizations2(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/NewAuthorizations2",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).NewAuthorizations2(ctx, req.(*AddPendingAuthorizationsRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_NewOrder_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(NewOrderRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).NewOrder(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/NewOrder",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).NewOrder(ctx, req.(*NewOrderRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_NewOrderAndAuthzs_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(NewOrderAndAuthzsRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).NewOrderAndAuthzs(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/NewOrderAndAuthzs",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).NewOrderAndAuthzs(ctx, req.(*NewOrderAndAuthzsRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_NewRegistration_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(proto.Registration)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).NewRegistration(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/NewRegistration",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).NewRegistration(ctx, req.(*proto.Registration))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_RevokeCertificate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(RevokeCertificateRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).RevokeCertificate(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/RevokeCertificate",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).RevokeCertificate(ctx, req.(*RevokeCertificateRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_SetOrderError_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(SetOrderErrorRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).SetOrderError(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/SetOrderError",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).SetOrderError(ctx, req.(*SetOrderErrorRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_SetOrderProcessing_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(OrderRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).SetOrderProcessing(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/SetOrderProcessing",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).SetOrderProcessing(ctx, req.(*OrderRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_UpdateRegistration_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(proto.Registration)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).UpdateRegistration(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/UpdateRegistration",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).UpdateRegistration(ctx, req.(*proto.Registration))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _StorageAuthority_UpdateRevokedCertificate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(RevokeCertificateRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(StorageAuthorityServer).UpdateRevokedCertificate(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/sa.StorageAuthority/UpdateRevokedCertificate",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(StorageAuthorityServer).UpdateRevokedCertificate(ctx, req.(*RevokeCertificateRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-// StorageAuthority_ServiceDesc is the grpc.ServiceDesc for StorageAuthority service.
-// It's only intended for direct use with grpc.RegisterService,
-// and not to be introspected or modified (even as a copy)
-var StorageAuthority_ServiceDesc = grpc.ServiceDesc{
-	ServiceName: "sa.StorageAuthority",
-	HandlerType: (*StorageAuthorityServer)(nil),
-	Methods: []grpc.MethodDesc{
-		{
-			MethodName: "CountCertificatesByNames",
-			Handler:    _StorageAuthority_CountCertificatesByNames_Handler,
-		},
-		{
-			MethodName: "CountFQDNSets",
-			Handler:    _StorageAuthority_CountFQDNSets_Handler,
-		},
-		{
-			MethodName: "CountInvalidAuthorizations2",
-			Handler:    _StorageAuthority_CountInvalidAuthorizations2_Handler,
-		},
-		{
-			MethodName: "CountOrders",
-			Handler:    _StorageAuthority_CountOrders_Handler,
-		},
-		{
-			MethodName: "CountPendingAuthorizations2",
-			Handler:    _StorageAuthority_CountPendingAuthorizations2_Handler,
-		},
-		{
-			MethodName: "CountRegistrationsByIP",
-			Handler:    _StorageAuthority_CountRegistrationsByIP_Handler,
-		},
-		{
-			MethodName: "CountRegistrationsByIPRange",
-			Handler:    _StorageAuthority_CountRegistrationsByIPRange_Handler,
-		},
-		{
-			MethodName: "FQDNSetExists",
-			Handler:    _StorageAuthority_FQDNSetExists_Handler,
-		},
-		{
-			MethodName: "FQDNSetTimestampsForWindow",
-			Handler:    _StorageAuthority_FQDNSetTimestampsForWindow_Handler,
-		},
-		{
-			MethodName: "GetAuthorization2",
-			Handler:    _StorageAuthority_GetAuthorization2_Handler,
-		},
-		{
-			MethodName: "GetAuthorizations2",
-			Handler:    _StorageAuthority_GetAuthorizations2_Handler,
-		},
-		{
-			MethodName: "GetCertificate",
-			Handler:    _StorageAuthority_GetCertificate_Handler,
-		},
-		{
-			MethodName: "GetCertificateStatus",
-			Handler:    _StorageAuthority_GetCertificateStatus_Handler,
-		},
-		{
-			MethodName: "GetMaxExpiration",
-			Handler:    _StorageAuthority_GetMaxExpiration_Handler,
-		},
-		{
-			MethodName: "GetOrder",
-			Handler:    _StorageAuthority_GetOrder_Handler,
-		},
-		{
-			MethodName: "GetOrderForNames",
-			Handler:    _StorageAuthority_GetOrderForNames_Handler,
-		},
-		{
-			MethodName: "GetPendingAuthorization2",
-			Handler:    _StorageAuthority_GetPendingAuthorization2_Handler,
-		},
-		{
-			MethodName: "GetPrecertificate",
-			Handler:    _StorageAuthority_GetPrecertificate_Handler,
-		},
-		{
-			MethodName: "GetRegistration",
-			Handler:    _StorageAuthority_GetRegistration_Handler,
-		},
-		{
-			MethodName: "GetRegistrationByKey",
-			Handler:    _StorageAuthority_GetRegistrationByKey_Handler,
-		},
-		{
-			MethodName: "GetRevocationStatus",
-			Handler:    _StorageAuthority_GetRevocationStatus_Handler,
-		},
-		{
-			MethodName: "GetSerialMetadata",
-			Handler:    _StorageAuthority_GetSerialMetadata_Handler,
-		},
-		{
-			MethodName: "GetValidAuthorizations2",
-			Handler:    _StorageAuthority_GetValidAuthorizations2_Handler,
-		},
-		{
-			MethodName: "GetValidOrderAuthorizations2",
-			Handler:    _StorageAuthority_GetValidOrderAuthorizations2_Handler,
-		},
-		{
-			MethodName: "IncidentsForSerial",
-			Handler:    _StorageAuthority_IncidentsForSerial_Handler,
-		},
-		{
-			MethodName: "KeyBlocked",
-			Handler:    _StorageAuthority_KeyBlocked_Handler,
-		},
-		{
-			MethodName: "PreviousCertificateExists",
-			Handler:    _StorageAuthority_PreviousCertificateExists_Handler,
-		},
-		{
-			MethodName: "AddBlockedKey",
-			Handler:    _StorageAuthority_AddBlockedKey_Handler,
-		},
-		{
-			MethodName: "AddCertificate",
-			Handler:    _StorageAuthority_AddCertificate_Handler,
-		},
-		{
-			MethodName: "AddPrecertificate",
-			Handler:    _StorageAuthority_AddPrecertificate_Handler,
-		},
-		{
-			MethodName: "AddSerial",
-			Handler:    _StorageAuthority_AddSerial_Handler,
-		},
-		{
-			MethodName: "DeactivateAuthorization2",
-			Handler:    _StorageAuthority_DeactivateAuthorization2_Handler,
-		},
-		{
-			MethodName: "DeactivateRegistration",
-			Handler:    _StorageAuthority_DeactivateRegistration_Handler,
-		},
-		{
-			MethodName: "FinalizeAuthorization2",
-			Handler:    _StorageAuthority_FinalizeAuthorization2_Handler,
-		},
-		{
-			MethodName: "FinalizeOrder",
-			Handler:    _StorageAuthority_FinalizeOrder_Handler,
-		},
-		{
-			MethodName: "NewAuthorizations2",
-			Handler:    _StorageAuthority_NewAuthorizations2_Handler,
-		},
-		{
-			MethodName: "NewOrder",
-			Handler:    _StorageAuthority_NewOrder_Handler,
-		},
-		{
-			MethodName: "NewOrderAndAuthzs",
-			Handler:    _StorageAuthority_NewOrderAndAuthzs_Handler,
-		},
-		{
-			MethodName: "NewRegistration",
-			Handler:    _StorageAuthority_NewRegistration_Handler,
-		},
-		{
-			MethodName: "RevokeCertificate",
-			Handler:    _StorageAuthority_RevokeCertificate_Handler,
-		},
-		{
-			MethodName: "SetOrderError",
-			Handler:    _StorageAuthority_SetOrderError_Handler,
-		},
-		{
-			MethodName: "SetOrderProcessing",
-			Handler:    _StorageAuthority_SetOrderProcessing_Handler,
-		},
-		{
-			MethodName: "UpdateRegistration",
-			Handler:    _StorageAuthority_UpdateRegistration_Handler,
-		},
-		{
-			MethodName: "UpdateRevokedCertificate",
-			Handler:    _StorageAuthority_UpdateRevokedCertificate_Handler,
-		},
-	},
-	Streams: []grpc.StreamDesc{
-		{
-			StreamName:    "GetRevokedCerts",
-			Handler:       _StorageAuthority_GetRevokedCerts_Handler,
-			ServerStreams: true,
-		},
-		{
-			StreamName:    "SerialsForIncident",
-			Handler:       _StorageAuthority_SerialsForIncident_Handler,
-			ServerStreams: true,
-		},
-	},
-	Metadata: "sa.proto",
-}
diff --git a/vendor/github.com/letsencrypt/boulder/sa/proto/subsets.go b/vendor/github.com/letsencrypt/boulder/sa/proto/subsets.go
deleted file mode 100644
index 5e2221f3f2..0000000000
--- a/vendor/github.com/letsencrypt/boulder/sa/proto/subsets.go
+++ /dev/null
@@ -1,47 +0,0 @@
-// Copied from the auto-generated sa_grpc.pb.go
-
-package proto
-
-import (
-	context "context"
-
-	proto "github.com/letsencrypt/boulder/core/proto"
-	grpc "google.golang.org/grpc"
-	emptypb "google.golang.org/protobuf/types/known/emptypb"
-)
-
-// StorageAuthorityGetterClient is a read-only subset of the sapb.StorageAuthorityClient interface
-type StorageAuthorityGetterClient interface {
-	GetRegistration(ctx context.Context, in *RegistrationID, opts ...grpc.CallOption) (*proto.Registration, error)
-	GetRegistrationByKey(ctx context.Context, in *JSONWebKey, opts ...grpc.CallOption) (*proto.Registration, error)
-	GetCertificate(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*proto.Certificate, error)
-	GetPrecertificate(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*proto.Certificate, error)
-	GetCertificateStatus(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*proto.CertificateStatus, error)
-	CountCertificatesByNames(ctx context.Context, in *CountCertificatesByNamesRequest, opts ...grpc.CallOption) (*CountByNames, error)
-	CountRegistrationsByIP(ctx context.Context, in *CountRegistrationsByIPRequest, opts ...grpc.CallOption) (*Count, error)
-	CountRegistrationsByIPRange(ctx context.Context, in *CountRegistrationsByIPRequest, opts ...grpc.CallOption) (*Count, error)
-	CountOrders(ctx context.Context, in *CountOrdersRequest, opts ...grpc.CallOption) (*Count, error)
-	CountFQDNSets(ctx context.Context, in *CountFQDNSetsRequest, opts ...grpc.CallOption) (*Count, error)
-	FQDNSetExists(ctx context.Context, in *FQDNSetExistsRequest, opts ...grpc.CallOption) (*Exists, error)
-	PreviousCertificateExists(ctx context.Context, in *PreviousCertificateExistsRequest, opts ...grpc.CallOption) (*Exists, error)
-	GetAuthorization2(ctx context.Context, in *AuthorizationID2, opts ...grpc.CallOption) (*proto.Authorization, error)
-	GetAuthorizations2(ctx context.Context, in *GetAuthorizationsRequest, opts ...grpc.CallOption) (*Authorizations, error)
-	GetPendingAuthorization2(ctx context.Context, in *GetPendingAuthorizationRequest, opts ...grpc.CallOption) (*proto.Authorization, error)
-	CountPendingAuthorizations2(ctx context.Context, in *RegistrationID, opts ...grpc.CallOption) (*Count, error)
-	GetValidOrderAuthorizations2(ctx context.Context, in *GetValidOrderAuthorizationsRequest, opts ...grpc.CallOption) (*Authorizations, error)
-	CountInvalidAuthorizations2(ctx context.Context, in *CountInvalidAuthorizationsRequest, opts ...grpc.CallOption) (*Count, error)
-	GetValidAuthorizations2(ctx context.Context, in *GetValidAuthorizationsRequest, opts ...grpc.CallOption) (*Authorizations, error)
-	KeyBlocked(ctx context.Context, in *KeyBlockedRequest, opts ...grpc.CallOption) (*Exists, error)
-	GetOrder(ctx context.Context, in *OrderRequest, opts ...grpc.CallOption) (*proto.Order, error)
-	GetOrderForNames(ctx context.Context, in *GetOrderForNamesRequest, opts ...grpc.CallOption) (*proto.Order, error)
-	IncidentsForSerial(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*Incidents, error)
-}
-
-// StorageAuthorityCertificateClient is a subset of the sapb.StorageAuthorityClient interface that only reads and writes certificates
-type StorageAuthorityCertificateClient interface {
-	AddSerial(ctx context.Context, in *AddSerialRequest, opts ...grpc.CallOption) (*emptypb.Empty, error)
-	AddPrecertificate(ctx context.Context, in *AddCertificateRequest, opts ...grpc.CallOption) (*emptypb.Empty, error)
-	GetPrecertificate(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*proto.Certificate, error)
-	AddCertificate(ctx context.Context, in *AddCertificateRequest, opts ...grpc.CallOption) (*AddCertificateResponse, error)
-	GetCertificate(ctx context.Context, in *Serial, opts ...grpc.CallOption) (*proto.Certificate, error)
-}
diff --git a/vendor/github.com/letsencrypt/boulder/strictyaml/yaml.go b/vendor/github.com/letsencrypt/boulder/strictyaml/yaml.go
new file mode 100644
index 0000000000..8e3bae9965
--- /dev/null
+++ b/vendor/github.com/letsencrypt/boulder/strictyaml/yaml.go
@@ -0,0 +1,46 @@
+// Package strictyaml provides a strict YAML unmarshaller based on `go-yaml/yaml`
+package strictyaml
+
+import (
+	"bytes"
+	"errors"
+	"fmt"
+	"io"
+
+	"gopkg.in/yaml.v3"
+)
+
+// Unmarshal takes a byte array and an interface passed by reference. The
+// d.Decode will read the next YAML-encoded value from its input and store it in
+// the value pointed to by yamlObj. Any config keys from the incoming YAML
+// document which do not correspond to expected keys in the config struct will
+// result in errors.
+//
+// TODO(https://github.com/go-yaml/yaml/issues/639): Replace this function with
+// yaml.Unmarshal once a more ergonomic way to set unmarshal options is added
+// upstream.
+func Unmarshal(b []byte, yamlObj interface{}) error {
+	r := bytes.NewReader(b)
+
+	d := yaml.NewDecoder(r)
+	d.KnownFields(true)
+
+	// d.Decode will mutate yamlObj
+	err := d.Decode(yamlObj)
+
+	if err != nil {
+		// io.EOF is returned when the YAML document is empty.
+		if errors.Is(err, io.EOF) {
+			return fmt.Errorf("unmarshalling YAML, bytes cannot be nil: %w", err)
+		}
+		return fmt.Errorf("unmarshalling YAML: %w", err)
+	}
+
+	// As bytes are read by the decoder, the length of the byte buffer should
+	// decrease. If it doesn't, there's a problem.
+	if r.Len() != 0 {
+		return fmt.Errorf("yaml object of size %d bytes had %d bytes of unexpected unconsumed trailers", r.Size(), r.Len())
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/mattn/go-isatty/isatty_bsd.go b/vendor/github.com/mattn/go-isatty/isatty_bsd.go
index d569c0c949..d0ea68f408 100644
--- a/vendor/github.com/mattn/go-isatty/isatty_bsd.go
+++ b/vendor/github.com/mattn/go-isatty/isatty_bsd.go
@@ -1,6 +1,7 @@
-//go:build (darwin || freebsd || openbsd || netbsd || dragonfly || hurd) && !appengine
+//go:build (darwin || freebsd || openbsd || netbsd || dragonfly || hurd) && !appengine && !tinygo
 // +build darwin freebsd openbsd netbsd dragonfly hurd
 // +build !appengine
+// +build !tinygo
 
 package isatty
 
diff --git a/vendor/github.com/mattn/go-isatty/isatty_others.go b/vendor/github.com/mattn/go-isatty/isatty_others.go
index 31503226f6..7402e0618a 100644
--- a/vendor/github.com/mattn/go-isatty/isatty_others.go
+++ b/vendor/github.com/mattn/go-isatty/isatty_others.go
@@ -1,5 +1,6 @@
-//go:build appengine || js || nacl || wasm
-// +build appengine js nacl wasm
+//go:build (appengine || js || nacl || tinygo || wasm) && !windows
+// +build appengine js nacl tinygo wasm
+// +build !windows
 
 package isatty
 
diff --git a/vendor/github.com/mattn/go-isatty/isatty_tcgets.go b/vendor/github.com/mattn/go-isatty/isatty_tcgets.go
index 67787657fb..0337d8cf6d 100644
--- a/vendor/github.com/mattn/go-isatty/isatty_tcgets.go
+++ b/vendor/github.com/mattn/go-isatty/isatty_tcgets.go
@@ -1,6 +1,7 @@
-//go:build (linux || aix || zos) && !appengine
+//go:build (linux || aix || zos) && !appengine && !tinygo
 // +build linux aix zos
 // +build !appengine
+// +build !tinygo
 
 package isatty
 
diff --git a/vendor/github.com/outcaste-io/ristretto/z/flags.go b/vendor/github.com/outcaste-io/ristretto/z/flags.go
index 9e0e79804b..4aca58f305 100644
--- a/vendor/github.com/outcaste-io/ristretto/z/flags.go
+++ b/vendor/github.com/outcaste-io/ristretto/z/flags.go
@@ -140,6 +140,20 @@ func (sf *SuperFlag) MergeAndCheckDefault(flag string) *SuperFlag {
 	return sf
 }
 
+func (sf *SuperFlag) Merge(flag string) *SuperFlag {
+	src, err := parseFlag(flag)
+	if err != nil {
+		fatal(err)
+	}
+	for k, v := range src {
+		if _, ok := sf.m[k]; !ok {
+			fatal("Unable to find the flag in SuperFlag")
+		}
+		sf.m[k] = v
+	}
+	return sf
+}
+
 func (sf *SuperFlag) MergeWithDefault(flag string) (*SuperFlag, error) {
 	if sf == nil {
 		m, err := parseFlag(flag)
diff --git a/vendor/github.com/outcaste-io/ristretto/z/mmap_unix.go b/vendor/github.com/outcaste-io/ristretto/z/mmap_unix.go
index e8b2699cf9..629449f9d3 100644
--- a/vendor/github.com/outcaste-io/ristretto/z/mmap_unix.go
+++ b/vendor/github.com/outcaste-io/ristretto/z/mmap_unix.go
@@ -1,4 +1,5 @@
-// +build !windows,!darwin,!plan9,!linux
+//go:build !windows && !darwin && !plan9 && !linux && !wasip1
+// +build !windows,!darwin,!plan9,!linux,!wasip1
 
 /*
  * Copyright 2019 Dgraph Labs, Inc. and Contributors
diff --git a/vendor/github.com/outcaste-io/ristretto/z/mmap_wasip1.go b/vendor/github.com/outcaste-io/ristretto/z/mmap_wasip1.go
new file mode 100644
index 0000000000..94f7148451
--- /dev/null
+++ b/vendor/github.com/outcaste-io/ristretto/z/mmap_wasip1.go
@@ -0,0 +1,40 @@
+//go:build wasip1
+
+/*
+ * Copyright 2023 Dgraph Labs, Inc. and Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package z
+
+import (
+	"os"
+	"syscall"
+)
+
+func mmap(fd *os.File, writeable bool, size int64) ([]byte, error) {
+	return nil, syscall.ENOSYS
+}
+
+func munmap(b []byte) error {
+	return syscall.ENOSYS
+}
+
+func madvise(b []byte, readahead bool) error {
+	return syscall.ENOSYS
+}
+
+func msync(b []byte) error {
+	return syscall.ENOSYS
+}
diff --git a/vendor/github.com/puzpuzpuz/xsync/v2/README.md b/vendor/github.com/puzpuzpuz/xsync/v2/README.md
index a941d26d22..94dca04e70 100644
--- a/vendor/github.com/puzpuzpuz/xsync/v2/README.md
+++ b/vendor/github.com/puzpuzpuz/xsync/v2/README.md
@@ -24,6 +24,8 @@ import (
 )
 ```
 
+*Note for v1 users*: v1 support is discontinued, so please upgrade to v2. While the API has some breaking changes, the migration should be trivial.
+
 ### Counter
 
 A `Counter` is a striped `int64` counter inspired by the `j.u.c.a.LongAdder` class from Java standard library.
@@ -97,12 +99,20 @@ q.Enqueue("foo")
 // optimistic insertion attempt; doesn't block
 inserted := q.TryEnqueue("bar")
 // consumer obtains an item from the queue
-item := q.Dequeue()
+item := q.Dequeue() // interface{} pointing to a string
 // optimistic obtain attempt; doesn't block
 item, ok := q.TryDequeue()
 ```
 
-Based on the algorithm from the [MPMCQueue](https://github.com/rigtorp/MPMCQueue) C++ library which in its turn references D.Vyukov's [MPMC queue](https://www.1024cores.net/home/lock-free-algorithms/queues/bounded-mpmc-queue). According to the following [classification](https://www.1024cores.net/home/lock-free-algorithms/queues), the queue is array-based, fails on overflow, provides causal FIFO, has blocking producers and consumers.
+`MPMCQueueOf[I]` is an implementation with parametrized item type. It is available for Go 1.19 or later.
+
+```go
+q := xsync.NewMPMCQueueOf[string](1024)
+q.Enqueue("foo")
+item := q.Dequeue() // string
+```
+
+The queue is based on the algorithm from the [MPMCQueue](https://github.com/rigtorp/MPMCQueue) C++ library which in its turn references D.Vyukov's [MPMC queue](https://www.1024cores.net/home/lock-free-algorithms/queues/bounded-mpmc-queue). According to the following [classification](https://www.1024cores.net/home/lock-free-algorithms/queues), the queue is array-based, fails on overflow, provides causal FIFO, has blocking producers and consumers.
 
 The idea of the algorithm is to allow parallelism for concurrent producers and consumers by introducing the notion of tickets, i.e. values of two counters, one per producers/consumers. An atomic increment of one of those counters is the only noticeable contention point in queue operations. The rest of the operation avoids contention on writes thanks to the turn-based read/write access for each of the queue items.
 
diff --git a/vendor/github.com/puzpuzpuz/xsync/v2/mpmcqueueof.go b/vendor/github.com/puzpuzpuz/xsync/v2/mpmcqueueof.go
new file mode 100644
index 0000000000..38a8fa3c68
--- /dev/null
+++ b/vendor/github.com/puzpuzpuz/xsync/v2/mpmcqueueof.go
@@ -0,0 +1,150 @@
+//go:build go1.19
+// +build go1.19
+
+package xsync
+
+import (
+	"runtime"
+	"sync/atomic"
+	"unsafe"
+)
+
+// A MPMCQueueOf is a bounded multi-producer multi-consumer concurrent
+// queue. It's a generic version of MPMCQueue.
+//
+// MPMCQueue instances must be created with NewMPMCQueueOf function.
+// A MPMCQueueOf must not be copied after first use.
+//
+// Based on the data structure from the following C++ library:
+// https://github.com/rigtorp/MPMCQueue
+type MPMCQueueOf[I any] struct {
+	cap  uint64
+	head uint64
+	//lint:ignore U1000 prevents false sharing
+	hpad [cacheLineSize - 8]byte
+	tail uint64
+	//lint:ignore U1000 prevents false sharing
+	tpad  [cacheLineSize - 8]byte
+	slots []slotOfPadded[I]
+}
+
+type slotOfPadded[I any] struct {
+	slotOf[I]
+	// Unfortunately, proper padding like the below one:
+	//
+	// pad [cacheLineSize - (unsafe.Sizeof(slotOf[I]{}) % cacheLineSize)]byte
+	//
+	// won't compile, so here we add a best-effort padding for items up to
+	// 56 bytes size.
+	//lint:ignore U1000 prevents false sharing
+	pad [cacheLineSize - unsafe.Sizeof(atomic.Uint64{})]byte
+}
+
+type slotOf[I any] struct {
+	// atomic.Uint64 is used here to get proper 8 byte alignment on
+	// 32-bit archs.
+	turn atomic.Uint64
+	item I
+}
+
+// NewMPMCQueueOf creates a new MPMCQueueOf instance with the given
+// capacity.
+func NewMPMCQueueOf[I any](capacity int) *MPMCQueueOf[I] {
+	if capacity < 1 {
+		panic("capacity must be positive number")
+	}
+	return &MPMCQueueOf[I]{
+		cap:   uint64(capacity),
+		slots: make([]slotOfPadded[I], capacity),
+	}
+}
+
+// Enqueue inserts the given item into the queue.
+// Blocks, if the queue is full.
+func (q *MPMCQueueOf[I]) Enqueue(item I) {
+	head := atomic.AddUint64(&q.head, 1) - 1
+	slot := &q.slots[q.idx(head)]
+	turn := q.turn(head) * 2
+	for slot.turn.Load() != turn {
+		runtime.Gosched()
+	}
+	slot.item = item
+	slot.turn.Store(turn + 1)
+}
+
+// Dequeue retrieves and removes the item from the head of the queue.
+// Blocks, if the queue is empty.
+func (q *MPMCQueueOf[I]) Dequeue() I {
+	var zeroedI I
+	tail := atomic.AddUint64(&q.tail, 1) - 1
+	slot := &q.slots[q.idx(tail)]
+	turn := q.turn(tail)*2 + 1
+	for slot.turn.Load() != turn {
+		runtime.Gosched()
+	}
+	item := slot.item
+	slot.item = zeroedI
+	slot.turn.Store(turn + 1)
+	return item
+}
+
+// TryEnqueue inserts the given item into the queue. Does not block
+// and returns immediately. The result indicates that the queue isn't
+// full and the item was inserted.
+func (q *MPMCQueueOf[I]) TryEnqueue(item I) bool {
+	head := atomic.LoadUint64(&q.head)
+	for {
+		slot := &q.slots[q.idx(head)]
+		turn := q.turn(head) * 2
+		if slot.turn.Load() == turn {
+			if atomic.CompareAndSwapUint64(&q.head, head, head+1) {
+				slot.item = item
+				slot.turn.Store(turn + 1)
+				return true
+			}
+		} else {
+			prevHead := head
+			head = atomic.LoadUint64(&q.head)
+			if head == prevHead {
+				return false
+			}
+		}
+		runtime.Gosched()
+	}
+}
+
+// TryDequeue retrieves and removes the item from the head of the
+// queue. Does not block and returns immediately. The ok result
+// indicates that the queue isn't empty and an item was retrieved.
+func (q *MPMCQueueOf[I]) TryDequeue() (item I, ok bool) {
+	tail := atomic.LoadUint64(&q.tail)
+	for {
+		slot := &q.slots[q.idx(tail)]
+		turn := q.turn(tail)*2 + 1
+		if slot.turn.Load() == turn {
+			if atomic.CompareAndSwapUint64(&q.tail, tail, tail+1) {
+				var zeroedI I
+				item = slot.item
+				ok = true
+				slot.item = zeroedI
+				slot.turn.Store(turn + 1)
+				return
+			}
+		} else {
+			prevTail := tail
+			tail = atomic.LoadUint64(&q.tail)
+			if tail == prevTail {
+				return
+			}
+		}
+		runtime.Gosched()
+	}
+}
+
+func (q *MPMCQueueOf[I]) idx(i uint64) uint64 {
+	return i % q.cap
+}
+
+func (q *MPMCQueueOf[I]) turn(i uint64) uint64 {
+	return i / q.cap
+}
diff --git a/vendor/github.com/puzpuzpuz/xsync/v2/util.go b/vendor/github.com/puzpuzpuz/xsync/v2/util.go
index 81a596a1d1..d8a64f8f83 100644
--- a/vendor/github.com/puzpuzpuz/xsync/v2/util.go
+++ b/vendor/github.com/puzpuzpuz/xsync/v2/util.go
@@ -2,7 +2,9 @@ package xsync
 
 import (
 	"hash/maphash"
+	"reflect"
 	"runtime"
+	"unsafe"
 	_ "unsafe"
 )
 
@@ -44,12 +46,18 @@ func parallelism() uint32 {
 
 // hashString calculates a hash of s with the given seed.
 func hashString(seed maphash.Seed, s string) uint64 {
-	var h maphash.Hash
-	h.SetSeed(seed)
-	h.WriteString(s)
-	return h.Sum64()
+	seed64 := *(*uint64)(unsafe.Pointer(&seed))
+	if s == "" {
+		return seed64
+	}
+	strh := (*reflect.StringHeader)(unsafe.Pointer(&s))
+	return uint64(memhash(unsafe.Pointer(strh.Data), uintptr(seed64), uintptr(strh.Len)))
 }
 
+//go:noescape
+//go:linkname memhash runtime.memhash
+func memhash(p unsafe.Pointer, h, s uintptr) uintptr
+
 //go:noescape
 //go:linkname fastrand runtime.fastrand
 func fastrand() uint32
diff --git a/vendor/github.com/rivo/uniseg/README.md b/vendor/github.com/rivo/uniseg/README.md
index f8da293e15..25e9346874 100644
--- a/vendor/github.com/rivo/uniseg/README.md
+++ b/vendor/github.com/rivo/uniseg/README.md
@@ -1,15 +1,15 @@
 # Unicode Text Segmentation for Go
 
-[![Godoc Reference](https://img.shields.io/badge/godoc-reference-blue.svg)](https://godoc.org/github.com/rivo/uniseg)
+[![Go Reference](https://pkg.go.dev/badge/github.com/rivo/uniseg.svg)](https://pkg.go.dev/github.com/rivo/uniseg)
 [![Go Report](https://img.shields.io/badge/go%20report-A%2B-brightgreen.svg)](https://goreportcard.com/report/github.com/rivo/uniseg)
 
-This Go package implements Unicode Text Segmentation according to [Unicode Standard Annex #29](http://unicode.org/reports/tr29/) (Unicode version 12.0.0).
-
-At this point, only the determination of grapheme cluster boundaries is implemented.
+This Go package implements Unicode Text Segmentation according to [Unicode Standard Annex #29](https://unicode.org/reports/tr29/), Unicode Line Breaking according to [Unicode Standard Annex #14](https://unicode.org/reports/tr14/) (Unicode version 14.0.0), and monospace font string width calculation similar to [wcwidth](https://man7.org/linux/man-pages/man3/wcwidth.3.html).
 
 ## Background
 
-In Go, [strings are read-only slices of bytes](https://blog.golang.org/strings). They can be turned into Unicode code points using the `for` loop or by casting: `[]rune(str)`. However, multiple code points may be combined into one user-perceived character or what the Unicode specification calls "grapheme cluster". Here are some examples:
+### Grapheme Clusters
+
+In Go, [strings are read-only slices of bytes](https://go.dev/blog/strings). They can be turned into Unicode code points using the `for` loop or by casting: `[]rune(str)`. However, multiple code points may be combined into one user-perceived character or what the Unicode specification calls "grapheme cluster". Here are some examples:
 
 |String|Bytes (UTF-8)|Code points (runes)|Grapheme clusters|
 |-|-|-|-|
@@ -17,7 +17,23 @@ In Go, [strings are read-only slices of bytes](https://blog.golang.org/strings).
 |���🌈|14 bytes: `f0 9f 8f b3 ef b8 8f e2 80 8d f0 9f 8c 88`|4 code points: `1f3f3 fe0f 200d 1f308`|1 cluster: `[1f3f3 fe0f 200d 1f308]`|
 |🇩🇪|8 bytes: `f0 9f 87 a9 f0 9f 87 aa`|2 code points: `1f1e9 1f1ea`|1 cluster: `[1f1e9 1f1ea]`|
 
-This package provides a tool to iterate over these grapheme clusters. This may be used to determine the number of user-perceived characters, to split strings in their intended places, or to extract individual characters which form a unit.
+This package provides tools to iterate over these grapheme clusters. This may be used to determine the number of user-perceived characters, to split strings in their intended places, or to extract individual characters which form a unit.
+
+### Word Boundaries
+
+Word boundaries are used in a number of different contexts. The most familiar ones are selection (double-click mouse selection), cursor movement ("move to next word" control-arrow keys), and the dialog option "Whole Word Search" for search and replace. They are also used in database queries, to determine whether elements are within a certain number of words of one another. Searching may also use word boundaries in determining matching items. This package provides tools to determine word boundaries within strings.
+
+### Sentence Boundaries
+
+Sentence boundaries are often used for triple-click or some other method of selecting or iterating through blocks of text that are larger than single words. They are also used to determine whether words occur within the same sentence in database queries. This package provides tools to determine sentence boundaries within strings.
+
+### Line Breaking
+
+Line breaking, also known as word wrapping, is the process of breaking a section of text into lines such that it will fit in the available width of a page, window or other display area. This package provides tools to determine where a string may or may not be broken and where it must be broken (for example after newline characters).
+
+### Monospace Width
+
+Most terminals or text displays / text editors using a monospace font (for example source code editors) use a fixed width for each character. Some characters such as emojis or characters found in Asian and other languages may take up more than one character cell. This package provides tools to determine the number of cells a string will take up when displayed in a monospace font. See [here](https://pkg.go.dev/github.com/rivo/uniseg#hdr-Monospace_Width) for more information.
 
 ## Installation
 
@@ -25,38 +41,117 @@ This package provides a tool to iterate over these grapheme clusters. This may b
 go get github.com/rivo/uniseg
 ```
 
-## Basic Example
+## Examples
+
+### Counting Characters in a String
+
+```go
+n := uniseg.GraphemeClusterCount("🇩🇪���🌈")
+fmt.Println(n)
+// 2
+```
+
+### Calculating the Monospace String Width
 
 ```go
-package uniseg
+width := uniseg.StringWidth("🇩🇪���🌈!")
+fmt.Println(width)
+// 5
+```
 
-import (
-	"fmt"
+### Using the [`Graphemes`](https://pkg.go.dev/github.com/rivo/uniseg#Graphemes) Class
 
-	"github.com/rivo/uniseg"
-)
+This is the most convenient method of iterating over grapheme clusters:
+
+```go
+gr := uniseg.NewGraphemes("��!")
+for gr.Next() {
+	fmt.Printf("%x ", gr.Runes())
+}
+// [1f44d 1f3fc] [21]
+```
+
+### Using the [`Step`](https://pkg.go.dev/github.com/rivo/uniseg#Step) or [`StepString`](https://pkg.go.dev/github.com/rivo/uniseg#StepString) Function
 
-func main() {
-	gr := uniseg.NewGraphemes("��!")
-	for gr.Next() {
-		fmt.Printf("%x ", gr.Runes())
+This is orders of magnitude faster than the `Graphemes` class, but it requires the handling of states and boundaries:
+
+```go
+str := "🇩🇪���🌈"
+state := -1
+var c string
+for len(str) > 0 {
+	c, str, _, state = uniseg.StepString(str, state)
+	fmt.Printf("%x ", []rune(c))
+}
+// [1f1e9 1f1ea] [1f3f3 fe0f 200d 1f308]
+```
+
+### Advanced Examples
+
+Breaking into grapheme clusters and evaluating line breaks:
+
+```go
+str := "First line.\nSecond line."
+state := -1
+var (
+	c          string
+	boundaries int
+)
+for len(str) > 0 {
+	c, str, boundaries, state = uniseg.StepString(str, state)
+	fmt.Print(c)
+	if boundaries&uniseg.MaskLine == uniseg.LineCanBreak {
+		fmt.Print("|")
+	} else if boundaries&uniseg.MaskLine == uniseg.LineMustBreak {
+		fmt.Print("‖")
 	}
-	// Output: [1f44d 1f3fc] [21]
 }
+// First |line.
+// ‖Second |line.‖
+```
+
+If you're only interested in word segmentation, use [`FirstWord`](https://pkg.go.dev/github.com/rivo/uniseg#FirstWord) or [`FirstWordInString`](https://pkg.go.dev/github.com/rivo/uniseg#FirstWordInString):
+
+```go
+str := "Hello, world!"
+state := -1
+var c string
+for len(str) > 0 {
+	c, str, state = uniseg.FirstWordInString(str, state)
+	fmt.Printf("(%s)\n", c)
+}
+// (Hello)
+// (,)
+// ( )
+// (world)
+// (!)
+```
+
+Similarly, use
+
+- [`FirstGraphemeCluster`](https://pkg.go.dev/github.com/rivo/uniseg#FirstGraphemeCluster) or [`FirstGraphemeClusterInString`](https://pkg.go.dev/github.com/rivo/uniseg#FirstGraphemeClusterInString) for grapheme cluster determination only,
+- [`FirstSentence`](https://pkg.go.dev/github.com/rivo/uniseg#FirstSentence) or [`FirstSentenceInString`](https://pkg.go.dev/github.com/rivo/uniseg#FirstSentenceInString) for sentence segmentation only, and
+- [`FirstLineSegment`](https://pkg.go.dev/github.com/rivo/uniseg#FirstLineSegment) or [`FirstLineSegmentInString`](https://pkg.go.dev/github.com/rivo/uniseg#FirstLineSegmentInString) for line breaking / word wrapping (although using [`Step`](https://pkg.go.dev/github.com/rivo/uniseg#Step) or [`StepString`](https://pkg.go.dev/github.com/rivo/uniseg#StepString) is preferred as it will observe grapheme cluster boundaries).
+
+Finally, if you need to reverse a string while preserving grapheme clusters, use [`ReverseString`](https://pkg.go.dev/github.com/rivo/uniseg#ReverseString):
+
+```go
+fmt.Println(uniseg.ReverseString("🇩🇪���🌈"))
+// ���🌈🇩🇪
 ```
 
 ## Documentation
 
-Refer to https://godoc.org/github.com/rivo/uniseg for the package's documentation.
+Refer to https://pkg.go.dev/github.com/rivo/uniseg for the package's documentation.
 
 ## Dependencies
 
 This package does not depend on any packages outside the standard library.
 
-## Your Feedback
+## Sponsor this Project
 
-Add your issue here on GitHub. Feel free to get in touch if you have any questions.
+[Become a Sponsor on GitHub](https://github.com/sponsors/rivo?metadata_source=uniseg_readme) to support this project!
 
-## Version
+## Your Feedback
 
-Version tags will be introduced once Golang modules are official. Consider this version 0.1.
+Add your issue here on GitHub, preferably before submitting any PR's. Feel free to get in touch if you have any questions.
\ No newline at end of file
diff --git a/vendor/github.com/rivo/uniseg/doc.go b/vendor/github.com/rivo/uniseg/doc.go
index 60c737d7b3..11224ae22d 100644
--- a/vendor/github.com/rivo/uniseg/doc.go
+++ b/vendor/github.com/rivo/uniseg/doc.go
@@ -1,8 +1,108 @@
 /*
-Package uniseg implements Unicode Text Segmentation according to Unicode
-Standard Annex #29 (http://unicode.org/reports/tr29/).
+Package uniseg implements Unicode Text Segmentation, Unicode Line Breaking, and
+string width calculation for monospace fonts. Unicode Text Segmentation conforms
+to Unicode Standard Annex #29 (https://unicode.org/reports/tr29/) and Unicode
+Line Breaking conforms to Unicode Standard Annex #14
+(https://unicode.org/reports/tr14/).
 
-At this point, only the determination of grapheme cluster boundaries is
-implemented.
+In short, using this package, you can split a string into grapheme clusters
+(what people would usually refer to as a "character"), into words, and into
+sentences. Or, in its simplest case, this package allows you to count the number
+of characters in a string, especially when it contains complex characters such
+as emojis, combining characters, or characters from Asian, Arabic, Hebrew, or
+other languages. Additionally, you can use it to implement line breaking (or
+"word wrapping"), that is, to determine where text can be broken over to the
+next line when the width of the line is not big enough to fit the entire text.
+Finally, you can use it to calculate the display width of a string for monospace
+fonts.
+
+# Getting Started
+
+If you just want to count the number of characters in a string, you can use
+[GraphemeClusterCount]. If you want to determine the display width of a string,
+you can use [StringWidth]. If you want to iterate over a string, you can use
+[Step], [StepString], or the [Graphemes] class (more convenient but less
+performant). This will provide you with all information: grapheme clusters,
+word boundaries, sentence boundaries, line breaks, and monospace character
+widths. The specialized functions [FirstGraphemeCluster],
+[FirstGraphemeClusterInString], [FirstWord], [FirstWordInString],
+[FirstSentence], and [FirstSentenceInString] can be used if only one type of
+information is needed.
+
+# Grapheme Clusters
+
+Consider the rainbow flag emoji: ���🌈. On most modern systems, it appears as one
+character. But its string representation actually has 14 bytes, so counting
+bytes (or using len("���🌈")) will not work as expected. Counting runes won't,
+either: The flag has 4 Unicode code points, thus 4 runes. The stdlib function
+utf8.RuneCountInString("���🌈") and len([]rune("���🌈")) will both return 4.
+
+The [GraphemeClusterCount] function will return 1 for the rainbow flag emoji.
+The Graphemes class and a variety of functions in this package will allow you to
+split strings into its grapheme clusters.
+
+# Word Boundaries
+
+Word boundaries are used in a number of different contexts. The most familiar
+ones are selection (double-click mouse selection), cursor movement ("move to
+next word" control-arrow keys), and the dialog option "Whole Word Search" for
+search and replace. This package provides methods for determining word
+boundaries.
+
+# Sentence Boundaries
+
+Sentence boundaries are often used for triple-click or some other method of
+selecting or iterating through blocks of text that are larger than single words.
+They are also used to determine whether words occur within the same sentence in
+database queries. This package provides methods for determining sentence
+boundaries.
+
+# Line Breaking
+
+Line breaking, also known as word wrapping, is the process of breaking a section
+of text into lines such that it will fit in the available width of a page,
+window or other display area. This package provides methods to determine the
+positions in a string where a line must be broken, may be broken, or must not be
+broken.
+
+# Monospace Width
+
+Monospace width, as referred to in this package, is the width of a string in a
+monospace font. This is commonly used in terminal user interfaces or text
+displays or editors that don't support proportional fonts. A width of 1
+corresponds to a single character cell. The C function [wcswidth()] and its
+implementation in other programming languages is in widespread use for the same
+purpose. However, there is no standard for the calculation of such widths, and
+this package differs from wcswidth() in a number of ways, presumably to generate
+more visually pleasing results.
+
+To start, we assume that every code point has a width of 1, with the following
+exceptions:
+
+  - Code points with grapheme cluster break properties Control, CR, LF, Extend,
+    and ZWJ have a width of 0.
+  - U+2E3A, Two-Em Dash, has a width of 3.
+  - U+2E3B, Three-Em Dash, has a width of 4.
+  - Characters with the East-Asian Width properties "Fullwidth" (F) and "Wide"
+    (W) have a width of 2. (Properties "Ambiguous" (A) and "Neutral" (N) both
+    have a width of 1.)
+  - Code points with grapheme cluster break property Regional Indicator have a
+    width of 2.
+  - Code points with grapheme cluster break property Extended Pictographic have
+    a width of 2, unless their Emoji Presentation flag is "No", in which case
+    the width is 1.
+
+For Hangul grapheme clusters composed of conjoining Jamo and for Regional
+Indicators (flags), all code points except the first one have a width of 0. For
+grapheme clusters starting with an Extended Pictographic, any additional code
+point will force a total width of 2, except if the Variation Selector-15
+(U+FE0E) is included, in which case the total width is always 1. Grapheme
+clusters ending with Variation Selector-16 (U+FE0F) have a width of 2.
+
+Note that whether these widths appear correct depends on your application's
+render engine, to which extent it conforms to the Unicode Standard, and its
+choice of font.
+
+[wcswidth()]: https://man7.org/linux/man-pages/man3/wcswidth.3.html
 */
 package uniseg
diff --git a/vendor/github.com/rivo/uniseg/eastasianwidth.go b/vendor/github.com/rivo/uniseg/eastasianwidth.go
new file mode 100644
index 0000000000..661934ac2d
--- /dev/null
+++ b/vendor/github.com/rivo/uniseg/eastasianwidth.go
@@ -0,0 +1,2556 @@
+package uniseg
+
+// Code generated via go generate from gen_properties.go. DO NOT EDIT.
+
+// eastAsianWidth are taken from
+// https://www.unicode.org/Public/14.0.0/ucd/EastAsianWidth.txt
+// and
+// https://unicode.org/Public/14.0.0/ucd/emoji/emoji-data.txt
+// ("Extended_Pictographic" only)
+// on September 10, 2022. See https://www.unicode.org/license.html for the Unicode
+// license agreement.
+var eastAsianWidth = [][3]int{
+	{0x0000, 0x001F, prN},     // Cc    [32] <control-0000>..<control-001F>
+	{0x0020, 0x0020, prNa},    // Zs         SPACE
+	{0x0021, 0x0023, prNa},    // Po     [3] EXCLAMATION MARK..NUMBER SIGN
+	{0x0024, 0x0024, prNa},    // Sc         DOLLAR SIGN
+	{0x0025, 0x0027, prNa},    // Po     [3] PERCENT SIGN..APOSTROPHE
+	{0x0028, 0x0028, prNa},    // Ps         LEFT PARENTHESIS
+	{0x0029, 0x0029, prNa},    // Pe         RIGHT PARENTHESIS
+	{0x002A, 0x002A, prNa},    // Po         ASTERISK
+	{0x002B, 0x002B, prNa},    // Sm         PLUS SIGN
+	{0x002C, 0x002C, prNa},    // Po         COMMA
+	{0x002D, 0x002D, prNa},    // Pd         HYPHEN-MINUS
+	{0x002E, 0x002F, prNa},    // Po     [2] FULL STOP..SOLIDUS
+	{0x0030, 0x0039, prNa},    // Nd    [10] DIGIT ZERO..DIGIT NINE
+	{0x003A, 0x003B, prNa},    // Po     [2] COLON..SEMICOLON
+	{0x003C, 0x003E, prNa},    // Sm     [3] LESS-THAN SIGN..GREATER-THAN SIGN
+	{0x003F, 0x0040, prNa},    // Po     [2] QUESTION MARK..COMMERCIAL AT
+	{0x0041, 0x005A, prNa},    // Lu    [26] LATIN CAPITAL LETTER A..LATIN CAPITAL LETTER Z
+	{0x005B, 0x005B, prNa},    // Ps         LEFT SQUARE BRACKET
+	{0x005C, 0x005C, prNa},    // Po         REVERSE SOLIDUS
+	{0x005D, 0x005D, prNa},    // Pe         RIGHT SQUARE BRACKET
+	{0x005E, 0x005E, prNa},    // Sk         CIRCUMFLEX ACCENT
+	{0x005F, 0x005F, prNa},    // Pc         LOW LINE
+	{0x0060, 0x0060, prNa},    // Sk         GRAVE ACCENT
+	{0x0061, 0x007A, prNa},    // Ll    [26] LATIN SMALL LETTER A..LATIN SMALL LETTER Z
+	{0x007B, 0x007B, prNa},    // Ps         LEFT CURLY BRACKET
+	{0x007C, 0x007C, prNa},    // Sm         VERTICAL LINE
+	{0x007D, 0x007D, prNa},    // Pe         RIGHT CURLY BRACKET
+	{0x007E, 0x007E, prNa},    // Sm         TILDE
+	{0x007F, 0x007F, prN},     // Cc         <control-007F>
+	{0x0080, 0x009F, prN},     // Cc    [32] <control-0080>..<control-009F>
+	{0x00A0, 0x00A0, prN},     // Zs         NO-BREAK SPACE
+	{0x00A1, 0x00A1, prA},     // Po         INVERTED EXCLAMATION MARK
+	{0x00A2, 0x00A3, prNa},    // Sc     [2] CENT SIGN..POUND SIGN
+	{0x00A4, 0x00A4, prA},     // Sc         CURRENCY SIGN
+	{0x00A5, 0x00A5, prNa},    // Sc         YEN SIGN
+	{0x00A6, 0x00A6, prNa},    // So         BROKEN BAR
+	{0x00A7, 0x00A7, prA},     // Po         SECTION SIGN
+	{0x00A8, 0x00A8, prA},     // Sk         DIAERESIS
+	{0x00A9, 0x00A9, prN},     // So         COPYRIGHT SIGN
+	{0x00AA, 0x00AA, prA},     // Lo         FEMININE ORDINAL INDICATOR
+	{0x00AB, 0x00AB, prN},     // Pi         LEFT-POINTING DOUBLE ANGLE QUOTATION MARK
+	{0x00AC, 0x00AC, prNa},    // Sm         NOT SIGN
+	{0x00AD, 0x00AD, prA},     // Cf         SOFT HYPHEN
+	{0x00AE, 0x00AE, prA},     // So         REGISTERED SIGN
+	{0x00AF, 0x00AF, prNa},    // Sk         MACRON
+	{0x00B0, 0x00B0, prA},     // So         DEGREE SIGN
+	{0x00B1, 0x00B1, prA},     // Sm         PLUS-MINUS SIGN
+	{0x00B2, 0x00B3, prA},     // No     [2] SUPERSCRIPT TWO..SUPERSCRIPT THREE
+	{0x00B4, 0x00B4, prA},     // Sk         ACUTE ACCENT
+	{0x00B5, 0x00B5, prN},     // Ll         MICRO SIGN
+	{0x00B6, 0x00B7, prA},     // Po     [2] PILCROW SIGN..MIDDLE DOT
+	{0x00B8, 0x00B8, prA},     // Sk         CEDILLA
+	{0x00B9, 0x00B9, prA},     // No         SUPERSCRIPT ONE
+	{0x00BA, 0x00BA, prA},     // Lo         MASCULINE ORDINAL INDICATOR
+	{0x00BB, 0x00BB, prN},     // Pf         RIGHT-POINTING DOUBLE ANGLE QUOTATION MARK
+	{0x00BC, 0x00BE, prA},     // No     [3] VULGAR FRACTION ONE QUARTER..VULGAR FRACTION THREE QUARTERS
+	{0x00BF, 0x00BF, prA},     // Po         INVERTED QUESTION MARK
+	{0x00C0, 0x00C5, prN},     // Lu     [6] LATIN CAPITAL LETTER A WITH GRAVE..LATIN CAPITAL LETTER A WITH RING ABOVE
+	{0x00C6, 0x00C6, prA},     // Lu         LATIN CAPITAL LETTER AE
+	{0x00C7, 0x00CF, prN},     // Lu     [9] LATIN CAPITAL LETTER C WITH CEDILLA..LATIN CAPITAL LETTER I WITH DIAERESIS
+	{0x00D0, 0x00D0, prA},     // Lu         LATIN CAPITAL LETTER ETH
+	{0x00D1, 0x00D6, prN},     // Lu     [6] LATIN CAPITAL LETTER N WITH TILDE..LATIN CAPITAL LETTER O WITH DIAERESIS
+	{0x00D7, 0x00D7, prA},     // Sm         MULTIPLICATION SIGN
+	{0x00D8, 0x00D8, prA},     // Lu         LATIN CAPITAL LETTER O WITH STROKE
+	{0x00D9, 0x00DD, prN},     // Lu     [5] LATIN CAPITAL LETTER U WITH GRAVE..LATIN CAPITAL LETTER Y WITH ACUTE
+	{0x00DE, 0x00E1, prA},     // L&     [4] LATIN CAPITAL LETTER THORN..LATIN SMALL LETTER A WITH ACUTE
+	{0x00E2, 0x00E5, prN},     // Ll     [4] LATIN SMALL LETTER A WITH CIRCUMFLEX..LATIN SMALL LETTER A WITH RING ABOVE
+	{0x00E6, 0x00E6, prA},     // Ll         LATIN SMALL LETTER AE
+	{0x00E7, 0x00E7, prN},     // Ll         LATIN SMALL LETTER C WITH CEDILLA
+	{0x00E8, 0x00EA, prA},     // Ll     [3] LATIN SMALL LETTER E WITH GRAVE..LATIN SMALL LETTER E WITH CIRCUMFLEX
+	{0x00EB, 0x00EB, prN},     // Ll         LATIN SMALL LETTER E WITH DIAERESIS
+	{0x00EC, 0x00ED, prA},     // Ll     [2] LATIN SMALL LETTER I WITH GRAVE..LATIN SMALL LETTER I WITH ACUTE
+	{0x00EE, 0x00EF, prN},     // Ll     [2] LATIN SMALL LETTER I WITH CIRCUMFLEX..LATIN SMALL LETTER I WITH DIAERESIS
+	{0x00F0, 0x00F0, prA},     // Ll         LATIN SMALL LETTER ETH
+	{0x00F1, 0x00F1, prN},     // Ll         LATIN SMALL LETTER N WITH TILDE
+	{0x00F2, 0x00F3, prA},     // Ll     [2] LATIN SMALL LETTER O WITH GRAVE..LATIN SMALL LETTER O WITH ACUTE
+	{0x00F4, 0x00F6, prN},     // Ll     [3] LATIN SMALL LETTER O WITH CIRCUMFLEX..LATIN SMALL LETTER O WITH DIAERESIS
+	{0x00F7, 0x00F7, prA},     // Sm         DIVISION SIGN
+	{0x00F8, 0x00FA, prA},     // Ll     [3] LATIN SMALL LETTER O WITH STROKE..LATIN SMALL LETTER U WITH ACUTE
+	{0x00FB, 0x00FB, prN},     // Ll         LATIN SMALL LETTER U WITH CIRCUMFLEX
+	{0x00FC, 0x00FC, prA},     // Ll         LATIN SMALL LETTER U WITH DIAERESIS
+	{0x00FD, 0x00FD, prN},     // Ll         LATIN SMALL LETTER Y WITH ACUTE
+	{0x00FE, 0x00FE, prA},     // Ll         LATIN SMALL LETTER THORN
+	{0x00FF, 0x00FF, prN},     // Ll         LATIN SMALL LETTER Y WITH DIAERESIS
+	{0x0100, 0x0100, prN},     // Lu         LATIN CAPITAL LETTER A WITH MACRON
+	{0x0101, 0x0101, prA},     // Ll         LATIN SMALL LETTER A WITH MACRON
+	{0x0102, 0x0110, prN},     // L&    [15] LATIN CAPITAL LETTER A WITH BREVE..LATIN CAPITAL LETTER D WITH STROKE
+	{0x0111, 0x0111, prA},     // Ll         LATIN SMALL LETTER D WITH STROKE
+	{0x0112, 0x0112, prN},     // Lu         LATIN CAPITAL LETTER E WITH MACRON
+	{0x0113, 0x0113, prA},     // Ll         LATIN SMALL LETTER E WITH MACRON
+	{0x0114, 0x011A, prN},     // L&     [7] LATIN CAPITAL LETTER E WITH BREVE..LATIN CAPITAL LETTER E WITH CARON
+	{0x011B, 0x011B, prA},     // Ll         LATIN SMALL LETTER E WITH CARON
+	{0x011C, 0x0125, prN},     // L&    [10] LATIN CAPITAL LETTER G WITH CIRCUMFLEX..LATIN SMALL LETTER H WITH CIRCUMFLEX
+	{0x0126, 0x0127, prA},     // L&     [2] LATIN CAPITAL LETTER H WITH STROKE..LATIN SMALL LETTER H WITH STROKE
+	{0x0128, 0x012A, prN},     // L&     [3] LATIN CAPITAL LETTER I WITH TILDE..LATIN CAPITAL LETTER I WITH MACRON
+	{0x012B, 0x012B, prA},     // Ll         LATIN SMALL LETTER I WITH MACRON
+	{0x012C, 0x0130, prN},     // L&     [5] LATIN CAPITAL LETTER I WITH BREVE..LATIN CAPITAL LETTER I WITH DOT ABOVE
+	{0x0131, 0x0133, prA},     // L&     [3] LATIN SMALL LETTER DOTLESS I..LATIN SMALL LIGATURE IJ
+	{0x0134, 0x0137, prN},     // L&     [4] LATIN CAPITAL LETTER J WITH CIRCUMFLEX..LATIN SMALL LETTER K WITH CEDILLA
+	{0x0138, 0x0138, prA},     // Ll         LATIN SMALL LETTER KRA
+	{0x0139, 0x013E, prN},     // L&     [6] LATIN CAPITAL LETTER L WITH ACUTE..LATIN SMALL LETTER L WITH CARON
+	{0x013F, 0x0142, prA},     // L&     [4] LATIN CAPITAL LETTER L WITH MIDDLE DOT..LATIN SMALL LETTER L WITH STROKE
+	{0x0143, 0x0143, prN},     // Lu         LATIN CAPITAL LETTER N WITH ACUTE
+	{0x0144, 0x0144, prA},     // Ll         LATIN SMALL LETTER N WITH ACUTE
+	{0x0145, 0x0147, prN},     // L&     [3] LATIN CAPITAL LETTER N WITH CEDILLA..LATIN CAPITAL LETTER N WITH CARON
+	{0x0148, 0x014B, prA},     // L&     [4] LATIN SMALL LETTER N WITH CARON..LATIN SMALL LETTER ENG
+	{0x014C, 0x014C, prN},     // Lu         LATIN CAPITAL LETTER O WITH MACRON
+	{0x014D, 0x014D, prA},     // Ll         LATIN SMALL LETTER O WITH MACRON
+	{0x014E, 0x0151, prN},     // L&     [4] LATIN CAPITAL LETTER O WITH BREVE..LATIN SMALL LETTER O WITH DOUBLE ACUTE
+	{0x0152, 0x0153, prA},     // L&     [2] LATIN CAPITAL LIGATURE OE..LATIN SMALL LIGATURE OE
+	{0x0154, 0x0165, prN},     // L&    [18] LATIN CAPITAL LETTER R WITH ACUTE..LATIN SMALL LETTER T WITH CARON
+	{0x0166, 0x0167, prA},     // L&     [2] LATIN CAPITAL LETTER T WITH STROKE..LATIN SMALL LETTER T WITH STROKE
+	{0x0168, 0x016A, prN},     // L&     [3] LATIN CAPITAL LETTER U WITH TILDE..LATIN CAPITAL LETTER U WITH MACRON
+	{0x016B, 0x016B, prA},     // Ll         LATIN SMALL LETTER U WITH MACRON
+	{0x016C, 0x017F, prN},     // L&    [20] LATIN CAPITAL LETTER U WITH BREVE..LATIN SMALL LETTER LONG S
+	{0x0180, 0x01BA, prN},     // L&    [59] LATIN SMALL LETTER B WITH STROKE..LATIN SMALL LETTER EZH WITH TAIL
+	{0x01BB, 0x01BB, prN},     // Lo         LATIN LETTER TWO WITH STROKE
+	{0x01BC, 0x01BF, prN},     // L&     [4] LATIN CAPITAL LETTER TONE FIVE..LATIN LETTER WYNN
+	{0x01C0, 0x01C3, prN},     // Lo     [4] LATIN LETTER DENTAL CLICK..LATIN LETTER RETROFLEX CLICK
+	{0x01C4, 0x01CD, prN},     // L&    [10] LATIN CAPITAL LETTER DZ WITH CARON..LATIN CAPITAL LETTER A WITH CARON
+	{0x01CE, 0x01CE, prA},     // Ll         LATIN SMALL LETTER A WITH CARON
+	{0x01CF, 0x01CF, prN},     // Lu         LATIN CAPITAL LETTER I WITH CARON
+	{0x01D0, 0x01D0, prA},     // Ll         LATIN SMALL LETTER I WITH CARON
+	{0x01D1, 0x01D1, prN},     // Lu         LATIN CAPITAL LETTER O WITH CARON
+	{0x01D2, 0x01D2, prA},     // Ll         LATIN SMALL LETTER O WITH CARON
+	{0x01D3, 0x01D3, prN},     // Lu         LATIN CAPITAL LETTER U WITH CARON
+	{0x01D4, 0x01D4, prA},     // Ll         LATIN SMALL LETTER U WITH CARON
+	{0x01D5, 0x01D5, prN},     // Lu         LATIN CAPITAL LETTER U WITH DIAERESIS AND MACRON
+	{0x01D6, 0x01D6, prA},     // Ll         LATIN SMALL LETTER U WITH DIAERESIS AND MACRON
+	{0x01D7, 0x01D7, prN},     // Lu         LATIN CAPITAL LETTER U WITH DIAERESIS AND ACUTE
+	{0x01D8, 0x01D8, prA},     // Ll         LATIN SMALL LETTER U WITH DIAERESIS AND ACUTE
+	{0x01D9, 0x01D9, prN},     // Lu         LATIN CAPITAL LETTER U WITH DIAERESIS AND CARON
+	{0x01DA, 0x01DA, prA},     // Ll         LATIN SMALL LETTER U WITH DIAERESIS AND CARON
+	{0x01DB, 0x01DB, prN},     // Lu         LATIN CAPITAL LETTER U WITH DIAERESIS AND GRAVE
+	{0x01DC, 0x01DC, prA},     // Ll         LATIN SMALL LETTER U WITH DIAERESIS AND GRAVE
+	{0x01DD, 0x024F, prN},     // L&   [115] LATIN SMALL LETTER TURNED E..LATIN SMALL LETTER Y WITH STROKE
+	{0x0250, 0x0250, prN},     // Ll         LATIN SMALL LETTER TURNED A
+	{0x0251, 0x0251, prA},     // Ll         LATIN SMALL LETTER ALPHA
+	{0x0252, 0x0260, prN},     // Ll    [15] LATIN SMALL LETTER TURNED ALPHA..LATIN SMALL LETTER G WITH HOOK
+	{0x0261, 0x0261, prA},     // Ll         LATIN SMALL LETTER SCRIPT G
+	{0x0262, 0x0293, prN},     // Ll    [50] LATIN LETTER SMALL CAPITAL G..LATIN SMALL LETTER EZH WITH CURL
+	{0x0294, 0x0294, prN},     // Lo         LATIN LETTER GLOTTAL STOP
+	{0x0295, 0x02AF, prN},     // Ll    [27] LATIN LETTER PHARYNGEAL VOICED FRICATIVE..LATIN SMALL LETTER TURNED H WITH FISHHOOK AND TAIL
+	{0x02B0, 0x02C1, prN},     // Lm    [18] MODIFIER LETTER SMALL H..MODIFIER LETTER REVERSED GLOTTAL STOP
+	{0x02C2, 0x02C3, prN},     // Sk     [2] MODIFIER LETTER LEFT ARROWHEAD..MODIFIER LETTER RIGHT ARROWHEAD
+	{0x02C4, 0x02C4, prA},     // Sk         MODIFIER LETTER UP ARROWHEAD
+	{0x02C5, 0x02C5, prN},     // Sk         MODIFIER LETTER DOWN ARROWHEAD
+	{0x02C6, 0x02C6, prN},     // Lm         MODIFIER LETTER CIRCUMFLEX ACCENT
+	{0x02C7, 0x02C7, prA},     // Lm         CARON
+	{0x02C8, 0x02C8, prN},     // Lm         MODIFIER LETTER VERTICAL LINE
+	{0x02C9, 0x02CB, prA},     // Lm     [3] MODIFIER LETTER MACRON..MODIFIER LETTER GRAVE ACCENT
+	{0x02CC, 0x02CC, prN},     // Lm         MODIFIER LETTER LOW VERTICAL LINE
+	{0x02CD, 0x02CD, prA},     // Lm         MODIFIER LETTER LOW MACRON
+	{0x02CE, 0x02CF, prN},     // Lm     [2] MODIFIER LETTER LOW GRAVE ACCENT..MODIFIER LETTER LOW ACUTE ACCENT
+	{0x02D0, 0x02D0, prA},     // Lm         MODIFIER LETTER TRIANGULAR COLON
+	{0x02D1, 0x02D1, prN},     // Lm         MODIFIER LETTER HALF TRIANGULAR COLON
+	{0x02D2, 0x02D7, prN},     // Sk     [6] MODIFIER LETTER CENTRED RIGHT HALF RING..MODIFIER LETTER MINUS SIGN
+	{0x02D8, 0x02DB, prA},     // Sk     [4] BREVE..OGONEK
+	{0x02DC, 0x02DC, prN},     // Sk         SMALL TILDE
+	{0x02DD, 0x02DD, prA},     // Sk         DOUBLE ACUTE ACCENT
+	{0x02DE, 0x02DE, prN},     // Sk         MODIFIER LETTER RHOTIC HOOK
+	{0x02DF, 0x02DF, prA},     // Sk         MODIFIER LETTER CROSS ACCENT
+	{0x02E0, 0x02E4, prN},     // Lm     [5] MODIFIER LETTER SMALL GAMMA..MODIFIER LETTER SMALL REVERSED GLOTTAL STOP
+	{0x02E5, 0x02EB, prN},     // Sk     [7] MODIFIER LETTER EXTRA-HIGH TONE BAR..MODIFIER LETTER YANG DEPARTING TONE MARK
+	{0x02EC, 0x02EC, prN},     // Lm         MODIFIER LETTER VOICING
+	{0x02ED, 0x02ED, prN},     // Sk         MODIFIER LETTER UNASPIRATED
+	{0x02EE, 0x02EE, prN},     // Lm         MODIFIER LETTER DOUBLE APOSTROPHE
+	{0x02EF, 0x02FF, prN},     // Sk    [17] MODIFIER LETTER LOW DOWN ARROWHEAD..MODIFIER LETTER LOW LEFT ARROW
+	{0x0300, 0x036F, prA},     // Mn   [112] COMBINING GRAVE ACCENT..COMBINING LATIN SMALL LETTER X
+	{0x0370, 0x0373, prN},     // L&     [4] GREEK CAPITAL LETTER HETA..GREEK SMALL LETTER ARCHAIC SAMPI
+	{0x0374, 0x0374, prN},     // Lm         GREEK NUMERAL SIGN
+	{0x0375, 0x0375, prN},     // Sk         GREEK LOWER NUMERAL SIGN
+	{0x0376, 0x0377, prN},     // L&     [2] GREEK CAPITAL LETTER PAMPHYLIAN DIGAMMA..GREEK SMALL LETTER PAMPHYLIAN DIGAMMA
+	{0x037A, 0x037A, prN},     // Lm         GREEK YPOGEGRAMMENI
+	{0x037B, 0x037D, prN},     // Ll     [3] GREEK SMALL REVERSED LUNATE SIGMA SYMBOL..GREEK SMALL REVERSED DOTTED LUNATE SIGMA SYMBOL
+	{0x037E, 0x037E, prN},     // Po         GREEK QUESTION MARK
+	{0x037F, 0x037F, prN},     // Lu         GREEK CAPITAL LETTER YOT
+	{0x0384, 0x0385, prN},     // Sk     [2] GREEK TONOS..GREEK DIALYTIKA TONOS
+	{0x0386, 0x0386, prN},     // Lu         GREEK CAPITAL LETTER ALPHA WITH TONOS
+	{0x0387, 0x0387, prN},     // Po         GREEK ANO TELEIA
+	{0x0388, 0x038A, prN},     // Lu     [3] GREEK CAPITAL LETTER EPSILON WITH TONOS..GREEK CAPITAL LETTER IOTA WITH TONOS
+	{0x038C, 0x038C, prN},     // Lu         GREEK CAPITAL LETTER OMICRON WITH TONOS
+	{0x038E, 0x0390, prN},     // L&     [3] GREEK CAPITAL LETTER UPSILON WITH TONOS..GREEK SMALL LETTER IOTA WITH DIALYTIKA AND TONOS
+	{0x0391, 0x03A1, prA},     // Lu    [17] GREEK CAPITAL LETTER ALPHA..GREEK CAPITAL LETTER RHO
+	{0x03A3, 0x03A9, prA},     // Lu     [7] GREEK CAPITAL LETTER SIGMA..GREEK CAPITAL LETTER OMEGA
+	{0x03AA, 0x03B0, prN},     // L&     [7] GREEK CAPITAL LETTER IOTA WITH DIALYTIKA..GREEK SMALL LETTER UPSILON WITH DIALYTIKA AND TONOS
+	{0x03B1, 0x03C1, prA},     // Ll    [17] GREEK SMALL LETTER ALPHA..GREEK SMALL LETTER RHO
+	{0x03C2, 0x03C2, prN},     // Ll         GREEK SMALL LETTER FINAL SIGMA
+	{0x03C3, 0x03C9, prA},     // Ll     [7] GREEK SMALL LETTER SIGMA..GREEK SMALL LETTER OMEGA
+	{0x03CA, 0x03F5, prN},     // L&    [44] GREEK SMALL LETTER IOTA WITH DIALYTIKA..GREEK LUNATE EPSILON SYMBOL
+	{0x03F6, 0x03F6, prN},     // Sm         GREEK REVERSED LUNATE EPSILON SYMBOL
+	{0x03F7, 0x03FF, prN},     // L&     [9] GREEK CAPITAL LETTER SHO..GREEK CAPITAL REVERSED DOTTED LUNATE SIGMA SYMBOL
+	{0x0400, 0x0400, prN},     // Lu         CYRILLIC CAPITAL LETTER IE WITH GRAVE
+	{0x0401, 0x0401, prA},     // Lu         CYRILLIC CAPITAL LETTER IO
+	{0x0402, 0x040F, prN},     // Lu    [14] CYRILLIC CAPITAL LETTER DJE..CYRILLIC CAPITAL LETTER DZHE
+	{0x0410, 0x044F, prA},     // L&    [64] CYRILLIC CAPITAL LETTER A..CYRILLIC SMALL LETTER YA
+	{0x0450, 0x0450, prN},     // Ll         CYRILLIC SMALL LETTER IE WITH GRAVE
+	{0x0451, 0x0451, prA},     // Ll         CYRILLIC SMALL LETTER IO
+	{0x0452, 0x0481, prN},     // L&    [48] CYRILLIC SMALL LETTER DJE..CYRILLIC SMALL LETTER KOPPA
+	{0x0482, 0x0482, prN},     // So         CYRILLIC THOUSANDS SIGN
+	{0x0483, 0x0487, prN},     // Mn     [5] COMBINING CYRILLIC TITLO..COMBINING CYRILLIC POKRYTIE
+	{0x0488, 0x0489, prN},     // Me     [2] COMBINING CYRILLIC HUNDRED THOUSANDS SIGN..COMBINING CYRILLIC MILLIONS SIGN
+	{0x048A, 0x04FF, prN},     // L&   [118] CYRILLIC CAPITAL LETTER SHORT I WITH TAIL..CYRILLIC SMALL LETTER HA WITH STROKE
+	{0x0500, 0x052F, prN},     // L&    [48] CYRILLIC CAPITAL LETTER KOMI DE..CYRILLIC SMALL LETTER EL WITH DESCENDER
+	{0x0531, 0x0556, prN},     // Lu    [38] ARMENIAN CAPITAL LETTER AYB..ARMENIAN CAPITAL LETTER FEH
+	{0x0559, 0x0559, prN},     // Lm         ARMENIAN MODIFIER LETTER LEFT HALF RING
+	{0x055A, 0x055F, prN},     // Po     [6] ARMENIAN APOSTROPHE..ARMENIAN ABBREVIATION MARK
+	{0x0560, 0x0588, prN},     // Ll    [41] ARMENIAN SMALL LETTER TURNED AYB..ARMENIAN SMALL LETTER YI WITH STROKE
+	{0x0589, 0x0589, prN},     // Po         ARMENIAN FULL STOP
+	{0x058A, 0x058A, prN},     // Pd         ARMENIAN HYPHEN
+	{0x058D, 0x058E, prN},     // So     [2] RIGHT-FACING ARMENIAN ETERNITY SIGN..LEFT-FACING ARMENIAN ETERNITY SIGN
+	{0x058F, 0x058F, prN},     // Sc         ARMENIAN DRAM SIGN
+	{0x0591, 0x05BD, prN},     // Mn    [45] HEBREW ACCENT ETNAHTA..HEBREW POINT METEG
+	{0x05BE, 0x05BE, prN},     // Pd         HEBREW PUNCTUATION MAQAF
+	{0x05BF, 0x05BF, prN},     // Mn         HEBREW POINT RAFE
+	{0x05C0, 0x05C0, prN},     // Po         HEBREW PUNCTUATION PASEQ
+	{0x05C1, 0x05C2, prN},     // Mn     [2] HEBREW POINT SHIN DOT..HEBREW POINT SIN DOT
+	{0x05C3, 0x05C3, prN},     // Po         HEBREW PUNCTUATION SOF PASUQ
+	{0x05C4, 0x05C5, prN},     // Mn     [2] HEBREW MARK UPPER DOT..HEBREW MARK LOWER DOT
+	{0x05C6, 0x05C6, prN},     // Po         HEBREW PUNCTUATION NUN HAFUKHA
+	{0x05C7, 0x05C7, prN},     // Mn         HEBREW POINT QAMATS QATAN
+	{0x05D0, 0x05EA, prN},     // Lo    [27] HEBREW LETTER ALEF..HEBREW LETTER TAV
+	{0x05EF, 0x05F2, prN},     // Lo     [4] HEBREW YOD TRIANGLE..HEBREW LIGATURE YIDDISH DOUBLE YOD
+	{0x05F3, 0x05F4, prN},     // Po     [2] HEBREW PUNCTUATION GERESH..HEBREW PUNCTUATION GERSHAYIM
+	{0x0600, 0x0605, prN},     // Cf     [6] ARABIC NUMBER SIGN..ARABIC NUMBER MARK ABOVE
+	{0x0606, 0x0608, prN},     // Sm     [3] ARABIC-INDIC CUBE ROOT..ARABIC RAY
+	{0x0609, 0x060A, prN},     // Po     [2] ARABIC-INDIC PER MILLE SIGN..ARABIC-INDIC PER TEN THOUSAND SIGN
+	{0x060B, 0x060B, prN},     // Sc         AFGHANI SIGN
+	{0x060C, 0x060D, prN},     // Po     [2] ARABIC COMMA..ARABIC DATE SEPARATOR
+	{0x060E, 0x060F, prN},     // So     [2] ARABIC POETIC VERSE SIGN..ARABIC SIGN MISRA
+	{0x0610, 0x061A, prN},     // Mn    [11] ARABIC SIGN SALLALLAHOU ALAYHE WASSALLAM..ARABIC SMALL KASRA
+	{0x061B, 0x061B, prN},     // Po         ARABIC SEMICOLON
+	{0x061C, 0x061C, prN},     // Cf         ARABIC LETTER MARK
+	{0x061D, 0x061F, prN},     // Po     [3] ARABIC END OF TEXT MARK..ARABIC QUESTION MARK
+	{0x0620, 0x063F, prN},     // Lo    [32] ARABIC LETTER KASHMIRI YEH..ARABIC LETTER FARSI YEH WITH THREE DOTS ABOVE
+	{0x0640, 0x0640, prN},     // Lm         ARABIC TATWEEL
+	{0x0641, 0x064A, prN},     // Lo    [10] ARABIC LETTER FEH..ARABIC LETTER YEH
+	{0x064B, 0x065F, prN},     // Mn    [21] ARABIC FATHATAN..ARABIC WAVY HAMZA BELOW
+	{0x0660, 0x0669, prN},     // Nd    [10] ARABIC-INDIC DIGIT ZERO..ARABIC-INDIC DIGIT NINE
+	{0x066A, 0x066D, prN},     // Po     [4] ARABIC PERCENT SIGN..ARABIC FIVE POINTED STAR
+	{0x066E, 0x066F, prN},     // Lo     [2] ARABIC LETTER DOTLESS BEH..ARABIC LETTER DOTLESS QAF
+	{0x0670, 0x0670, prN},     // Mn         ARABIC LETTER SUPERSCRIPT ALEF
+	{0x0671, 0x06D3, prN},     // Lo    [99] ARABIC LETTER ALEF WASLA..ARABIC LETTER YEH BARREE WITH HAMZA ABOVE
+	{0x06D4, 0x06D4, prN},     // Po         ARABIC FULL STOP
+	{0x06D5, 0x06D5, prN},     // Lo         ARABIC LETTER AE
+	{0x06D6, 0x06DC, prN},     // Mn     [7] ARABIC SMALL HIGH LIGATURE SAD WITH LAM WITH ALEF MAKSURA..ARABIC SMALL HIGH SEEN
+	{0x06DD, 0x06DD, prN},     // Cf         ARABIC END OF AYAH
+	{0x06DE, 0x06DE, prN},     // So         ARABIC START OF RUB EL HIZB
+	{0x06DF, 0x06E4, prN},     // Mn     [6] ARABIC SMALL HIGH ROUNDED ZERO..ARABIC SMALL HIGH MADDA
+	{0x06E5, 0x06E6, prN},     // Lm     [2] ARABIC SMALL WAW..ARABIC SMALL YEH
+	{0x06E7, 0x06E8, prN},     // Mn     [2] ARABIC SMALL HIGH YEH..ARABIC SMALL HIGH NOON
+	{0x06E9, 0x06E9, prN},     // So         ARABIC PLACE OF SAJDAH
+	{0x06EA, 0x06ED, prN},     // Mn     [4] ARABIC EMPTY CENTRE LOW STOP..ARABIC SMALL LOW MEEM
+	{0x06EE, 0x06EF, prN},     // Lo     [2] ARABIC LETTER DAL WITH INVERTED V..ARABIC LETTER REH WITH INVERTED V
+	{0x06F0, 0x06F9, prN},     // Nd    [10] EXTENDED ARABIC-INDIC DIGIT ZERO..EXTENDED ARABIC-INDIC DIGIT NINE
+	{0x06FA, 0x06FC, prN},     // Lo     [3] ARABIC LETTER SHEEN WITH DOT BELOW..ARABIC LETTER GHAIN WITH DOT BELOW
+	{0x06FD, 0x06FE, prN},     // So     [2] ARABIC SIGN SINDHI AMPERSAND..ARABIC SIGN SINDHI POSTPOSITION MEN
+	{0x06FF, 0x06FF, prN},     // Lo         ARABIC LETTER HEH WITH INVERTED V
+	{0x0700, 0x070D, prN},     // Po    [14] SYRIAC END OF PARAGRAPH..SYRIAC HARKLEAN ASTERISCUS
+	{0x070F, 0x070F, prN},     // Cf         SYRIAC ABBREVIATION MARK
+	{0x0710, 0x0710, prN},     // Lo         SYRIAC LETTER ALAPH
+	{0x0711, 0x0711, prN},     // Mn         SYRIAC LETTER SUPERSCRIPT ALAPH
+	{0x0712, 0x072F, prN},     // Lo    [30] SYRIAC LETTER BETH..SYRIAC LETTER PERSIAN DHALATH
+	{0x0730, 0x074A, prN},     // Mn    [27] SYRIAC PTHAHA ABOVE..SYRIAC BARREKH
+	{0x074D, 0x074F, prN},     // Lo     [3] SYRIAC LETTER SOGDIAN ZHAIN..SYRIAC LETTER SOGDIAN FE
+	{0x0750, 0x077F, prN},     // Lo    [48] ARABIC LETTER BEH WITH THREE DOTS HORIZONTALLY BELOW..ARABIC LETTER KAF WITH TWO DOTS ABOVE
+	{0x0780, 0x07A5, prN},     // Lo    [38] THAANA LETTER HAA..THAANA LETTER WAAVU
+	{0x07A6, 0x07B0, prN},     // Mn    [11] THAANA ABAFILI..THAANA SUKUN
+	{0x07B1, 0x07B1, prN},     // Lo         THAANA LETTER NAA
+	{0x07C0, 0x07C9, prN},     // Nd    [10] NKO DIGIT ZERO..NKO DIGIT NINE
+	{0x07CA, 0x07EA, prN},     // Lo    [33] NKO LETTER A..NKO LETTER JONA RA
+	{0x07EB, 0x07F3, prN},     // Mn     [9] NKO COMBINING SHORT HIGH TONE..NKO COMBINING DOUBLE DOT ABOVE
+	{0x07F4, 0x07F5, prN},     // Lm     [2] NKO HIGH TONE APOSTROPHE..NKO LOW TONE APOSTROPHE
+	{0x07F6, 0x07F6, prN},     // So         NKO SYMBOL OO DENNEN
+	{0x07F7, 0x07F9, prN},     // Po     [3] NKO SYMBOL GBAKURUNEN..NKO EXCLAMATION MARK
+	{0x07FA, 0x07FA, prN},     // Lm         NKO LAJANYALAN
+	{0x07FD, 0x07FD, prN},     // Mn         NKO DANTAYALAN
+	{0x07FE, 0x07FF, prN},     // Sc     [2] NKO DOROME SIGN..NKO TAMAN SIGN
+	{0x0800, 0x0815, prN},     // Lo    [22] SAMARITAN LETTER ALAF..SAMARITAN LETTER TAAF
+	{0x0816, 0x0819, prN},     // Mn     [4] SAMARITAN MARK IN..SAMARITAN MARK DAGESH
+	{0x081A, 0x081A, prN},     // Lm         SAMARITAN MODIFIER LETTER EPENTHETIC YUT
+	{0x081B, 0x0823, prN},     // Mn     [9] SAMARITAN MARK EPENTHETIC YUT..SAMARITAN VOWEL SIGN A
+	{0x0824, 0x0824, prN},     // Lm         SAMARITAN MODIFIER LETTER SHORT A
+	{0x0825, 0x0827, prN},     // Mn     [3] SAMARITAN VOWEL SIGN SHORT A..SAMARITAN VOWEL SIGN U
+	{0x0828, 0x0828, prN},     // Lm         SAMARITAN MODIFIER LETTER I
+	{0x0829, 0x082D, prN},     // Mn     [5] SAMARITAN VOWEL SIGN LONG I..SAMARITAN MARK NEQUDAA
+	{0x0830, 0x083E, prN},     // Po    [15] SAMARITAN PUNCTUATION NEQUDAA..SAMARITAN PUNCTUATION ANNAAU
+	{0x0840, 0x0858, prN},     // Lo    [25] MANDAIC LETTER HALQA..MANDAIC LETTER AIN
+	{0x0859, 0x085B, prN},     // Mn     [3] MANDAIC AFFRICATION MARK..MANDAIC GEMINATION MARK
+	{0x085E, 0x085E, prN},     // Po         MANDAIC PUNCTUATION
+	{0x0860, 0x086A, prN},     // Lo    [11] SYRIAC LETTER MALAYALAM NGA..SYRIAC LETTER MALAYALAM SSA
+	{0x0870, 0x0887, prN},     // Lo    [24] ARABIC LETTER ALEF WITH ATTACHED FATHA..ARABIC BASELINE ROUND DOT
+	{0x0888, 0x0888, prN},     // Sk         ARABIC RAISED ROUND DOT
+	{0x0889, 0x088E, prN},     // Lo     [6] ARABIC LETTER NOON WITH INVERTED SMALL V..ARABIC VERTICAL TAIL
+	{0x0890, 0x0891, prN},     // Cf     [2] ARABIC POUND MARK ABOVE..ARABIC PIASTRE MARK ABOVE
+	{0x0898, 0x089F, prN},     // Mn     [8] ARABIC SMALL HIGH WORD AL-JUZ..ARABIC HALF MADDA OVER MADDA
+	{0x08A0, 0x08C8, prN},     // Lo    [41] ARABIC LETTER BEH WITH SMALL V BELOW..ARABIC LETTER GRAF
+	{0x08C9, 0x08C9, prN},     // Lm         ARABIC SMALL FARSI YEH
+	{0x08CA, 0x08E1, prN},     // Mn    [24] ARABIC SMALL HIGH FARSI YEH..ARABIC SMALL HIGH SIGN SAFHA
+	{0x08E2, 0x08E2, prN},     // Cf         ARABIC DISPUTED END OF AYAH
+	{0x08E3, 0x08FF, prN},     // Mn    [29] ARABIC TURNED DAMMA BELOW..ARABIC MARK SIDEWAYS NOON GHUNNA
+	{0x0900, 0x0902, prN},     // Mn     [3] DEVANAGARI SIGN INVERTED CANDRABINDU..DEVANAGARI SIGN ANUSVARA
+	{0x0903, 0x0903, prN},     // Mc         DEVANAGARI SIGN VISARGA
+	{0x0904, 0x0939, prN},     // Lo    [54] DEVANAGARI LETTER SHORT A..DEVANAGARI LETTER HA
+	{0x093A, 0x093A, prN},     // Mn         DEVANAGARI VOWEL SIGN OE
+	{0x093B, 0x093B, prN},     // Mc         DEVANAGARI VOWEL SIGN OOE
+	{0x093C, 0x093C, prN},     // Mn         DEVANAGARI SIGN NUKTA
+	{0x093D, 0x093D, prN},     // Lo         DEVANAGARI SIGN AVAGRAHA
+	{0x093E, 0x0940, prN},     // Mc     [3] DEVANAGARI VOWEL SIGN AA..DEVANAGARI VOWEL SIGN II
+	{0x0941, 0x0948, prN},     // Mn     [8] DEVANAGARI VOWEL SIGN U..DEVANAGARI VOWEL SIGN AI
+	{0x0949, 0x094C, prN},     // Mc     [4] DEVANAGARI VOWEL SIGN CANDRA O..DEVANAGARI VOWEL SIGN AU
+	{0x094D, 0x094D, prN},     // Mn         DEVANAGARI SIGN VIRAMA
+	{0x094E, 0x094F, prN},     // Mc     [2] DEVANAGARI VOWEL SIGN PRISHTHAMATRA E..DEVANAGARI VOWEL SIGN AW
+	{0x0950, 0x0950, prN},     // Lo         DEVANAGARI OM
+	{0x0951, 0x0957, prN},     // Mn     [7] DEVANAGARI STRESS SIGN UDATTA..DEVANAGARI VOWEL SIGN UUE
+	{0x0958, 0x0961, prN},     // Lo    [10] DEVANAGARI LETTER QA..DEVANAGARI LETTER VOCALIC LL
+	{0x0962, 0x0963, prN},     // Mn     [2] DEVANAGARI VOWEL SIGN VOCALIC L..DEVANAGARI VOWEL SIGN VOCALIC LL
+	{0x0964, 0x0965, prN},     // Po     [2] DEVANAGARI DANDA..DEVANAGARI DOUBLE DANDA
+	{0x0966, 0x096F, prN},     // Nd    [10] DEVANAGARI DIGIT ZERO..DEVANAGARI DIGIT NINE
+	{0x0970, 0x0970, prN},     // Po         DEVANAGARI ABBREVIATION SIGN
+	{0x0971, 0x0971, prN},     // Lm         DEVANAGARI SIGN HIGH SPACING DOT
+	{0x0972, 0x097F, prN},     // Lo    [14] DEVANAGARI LETTER CANDRA A..DEVANAGARI LETTER BBA
+	{0x0980, 0x0980, prN},     // Lo         BENGALI ANJI
+	{0x0981, 0x0981, prN},     // Mn         BENGALI SIGN CANDRABINDU
+	{0x0982, 0x0983, prN},     // Mc     [2] BENGALI SIGN ANUSVARA..BENGALI SIGN VISARGA
+	{0x0985, 0x098C, prN},     // Lo     [8] BENGALI LETTER A..BENGALI LETTER VOCALIC L
+	{0x098F, 0x0990, prN},     // Lo     [2] BENGALI LETTER E..BENGALI LETTER AI
+	{0x0993, 0x09A8, prN},     // Lo    [22] BENGALI LETTER O..BENGALI LETTER NA
+	{0x09AA, 0x09B0, prN},     // Lo     [7] BENGALI LETTER PA..BENGALI LETTER RA
+	{0x09B2, 0x09B2, prN},     // Lo         BENGALI LETTER LA
+	{0x09B6, 0x09B9, prN},     // Lo     [4] BENGALI LETTER SHA..BENGALI LETTER HA
+	{0x09BC, 0x09BC, prN},     // Mn         BENGALI SIGN NUKTA
+	{0x09BD, 0x09BD, prN},     // Lo         BENGALI SIGN AVAGRAHA
+	{0x09BE, 0x09C0, prN},     // Mc     [3] BENGALI VOWEL SIGN AA..BENGALI VOWEL SIGN II
+	{0x09C1, 0x09C4, prN},     // Mn     [4] BENGALI VOWEL SIGN U..BENGALI VOWEL SIGN VOCALIC RR
+	{0x09C7, 0x09C8, prN},     // Mc     [2] BENGALI VOWEL SIGN E..BENGALI VOWEL SIGN AI
+	{0x09CB, 0x09CC, prN},     // Mc     [2] BENGALI VOWEL SIGN O..BENGALI VOWEL SIGN AU
+	{0x09CD, 0x09CD, prN},     // Mn         BENGALI SIGN VIRAMA
+	{0x09CE, 0x09CE, prN},     // Lo         BENGALI LETTER KHANDA TA
+	{0x09D7, 0x09D7, prN},     // Mc         BENGALI AU LENGTH MARK
+	{0x09DC, 0x09DD, prN},     // Lo     [2] BENGALI LETTER RRA..BENGALI LETTER RHA
+	{0x09DF, 0x09E1, prN},     // Lo     [3] BENGALI LETTER YYA..BENGALI LETTER VOCALIC LL
+	{0x09E2, 0x09E3, prN},     // Mn     [2] BENGALI VOWEL SIGN VOCALIC L..BENGALI VOWEL SIGN VOCALIC LL
+	{0x09E6, 0x09EF, prN},     // Nd    [10] BENGALI DIGIT ZERO..BENGALI DIGIT NINE
+	{0x09F0, 0x09F1, prN},     // Lo     [2] BENGALI LETTER RA WITH MIDDLE DIAGONAL..BENGALI LETTER RA WITH LOWER DIAGONAL
+	{0x09F2, 0x09F3, prN},     // Sc     [2] BENGALI RUPEE MARK..BENGALI RUPEE SIGN
+	{0x09F4, 0x09F9, prN},     // No     [6] BENGALI CURRENCY NUMERATOR ONE..BENGALI CURRENCY DENOMINATOR SIXTEEN
+	{0x09FA, 0x09FA, prN},     // So         BENGALI ISSHAR
+	{0x09FB, 0x09FB, prN},     // Sc         BENGALI GANDA MARK
+	{0x09FC, 0x09FC, prN},     // Lo         BENGALI LETTER VEDIC ANUSVARA
+	{0x09FD, 0x09FD, prN},     // Po         BENGALI ABBREVIATION SIGN
+	{0x09FE, 0x09FE, prN},     // Mn         BENGALI SANDHI MARK
+	{0x0A01, 0x0A02, prN},     // Mn     [2] GURMUKHI SIGN ADAK BINDI..GURMUKHI SIGN BINDI
+	{0x0A03, 0x0A03, prN},     // Mc         GURMUKHI SIGN VISARGA
+	{0x0A05, 0x0A0A, prN},     // Lo     [6] GURMUKHI LETTER A..GURMUKHI LETTER UU
+	{0x0A0F, 0x0A10, prN},     // Lo     [2] GURMUKHI LETTER EE..GURMUKHI LETTER AI
+	{0x0A13, 0x0A28, prN},     // Lo    [22] GURMUKHI LETTER OO..GURMUKHI LETTER NA
+	{0x0A2A, 0x0A30, prN},     // Lo     [7] GURMUKHI LETTER PA..GURMUKHI LETTER RA
+	{0x0A32, 0x0A33, prN},     // Lo     [2] GURMUKHI LETTER LA..GURMUKHI LETTER LLA
+	{0x0A35, 0x0A36, prN},     // Lo     [2] GURMUKHI LETTER VA..GURMUKHI LETTER SHA
+	{0x0A38, 0x0A39, prN},     // Lo     [2] GURMUKHI LETTER SA..GURMUKHI LETTER HA
+	{0x0A3C, 0x0A3C, prN},     // Mn         GURMUKHI SIGN NUKTA
+	{0x0A3E, 0x0A40, prN},     // Mc     [3] GURMUKHI VOWEL SIGN AA..GURMUKHI VOWEL SIGN II
+	{0x0A41, 0x0A42, prN},     // Mn     [2] GURMUKHI VOWEL SIGN U..GURMUKHI VOWEL SIGN UU
+	{0x0A47, 0x0A48, prN},     // Mn     [2] GURMUKHI VOWEL SIGN EE..GURMUKHI VOWEL SIGN AI
+	{0x0A4B, 0x0A4D, prN},     // Mn     [3] GURMUKHI VOWEL SIGN OO..GURMUKHI SIGN VIRAMA
+	{0x0A51, 0x0A51, prN},     // Mn         GURMUKHI SIGN UDAAT
+	{0x0A59, 0x0A5C, prN},     // Lo     [4] GURMUKHI LETTER KHHA..GURMUKHI LETTER RRA
+	{0x0A5E, 0x0A5E, prN},     // Lo         GURMUKHI LETTER FA
+	{0x0A66, 0x0A6F, prN},     // Nd    [10] GURMUKHI DIGIT ZERO..GURMUKHI DIGIT NINE
+	{0x0A70, 0x0A71, prN},     // Mn     [2] GURMUKHI TIPPI..GURMUKHI ADDAK
+	{0x0A72, 0x0A74, prN},     // Lo     [3] GURMUKHI IRI..GURMUKHI EK ONKAR
+	{0x0A75, 0x0A75, prN},     // Mn         GURMUKHI SIGN YAKASH
+	{0x0A76, 0x0A76, prN},     // Po         GURMUKHI ABBREVIATION SIGN
+	{0x0A81, 0x0A82, prN},     // Mn     [2] GUJARATI SIGN CANDRABINDU..GUJARATI SIGN ANUSVARA
+	{0x0A83, 0x0A83, prN},     // Mc         GUJARATI SIGN VISARGA
+	{0x0A85, 0x0A8D, prN},     // Lo     [9] GUJARATI LETTER A..GUJARATI VOWEL CANDRA E
+	{0x0A8F, 0x0A91, prN},     // Lo     [3] GUJARATI LETTER E..GUJARATI VOWEL CANDRA O
+	{0x0A93, 0x0AA8, prN},     // Lo    [22] GUJARATI LETTER O..GUJARATI LETTER NA
+	{0x0AAA, 0x0AB0, prN},     // Lo     [7] GUJARATI LETTER PA..GUJARATI LETTER RA
+	{0x0AB2, 0x0AB3, prN},     // Lo     [2] GUJARATI LETTER LA..GUJARATI LETTER LLA
+	{0x0AB5, 0x0AB9, prN},     // Lo     [5] GUJARATI LETTER VA..GUJARATI LETTER HA
+	{0x0ABC, 0x0ABC, prN},     // Mn         GUJARATI SIGN NUKTA
+	{0x0ABD, 0x0ABD, prN},     // Lo         GUJARATI SIGN AVAGRAHA
+	{0x0ABE, 0x0AC0, prN},     // Mc     [3] GUJARATI VOWEL SIGN AA..GUJARATI VOWEL SIGN II
+	{0x0AC1, 0x0AC5, prN},     // Mn     [5] GUJARATI VOWEL SIGN U..GUJARATI VOWEL SIGN CANDRA E
+	{0x0AC7, 0x0AC8, prN},     // Mn     [2] GUJARATI VOWEL SIGN E..GUJARATI VOWEL SIGN AI
+	{0x0AC9, 0x0AC9, prN},     // Mc         GUJARATI VOWEL SIGN CANDRA O
+	{0x0ACB, 0x0ACC, prN},     // Mc     [2] GUJARATI VOWEL SIGN O..GUJARATI VOWEL SIGN AU
+	{0x0ACD, 0x0ACD, prN},     // Mn         GUJARATI SIGN VIRAMA
+	{0x0AD0, 0x0AD0, prN},     // Lo         GUJARATI OM
+	{0x0AE0, 0x0AE1, prN},     // Lo     [2] GUJARATI LETTER VOCALIC RR..GUJARATI LETTER VOCALIC LL
+	{0x0AE2, 0x0AE3, prN},     // Mn     [2] GUJARATI VOWEL SIGN VOCALIC L..GUJARATI VOWEL SIGN VOCALIC LL
+	{0x0AE6, 0x0AEF, prN},     // Nd    [10] GUJARATI DIGIT ZERO..GUJARATI DIGIT NINE
+	{0x0AF0, 0x0AF0, prN},     // Po         GUJARATI ABBREVIATION SIGN
+	{0x0AF1, 0x0AF1, prN},     // Sc         GUJARATI RUPEE SIGN
+	{0x0AF9, 0x0AF9, prN},     // Lo         GUJARATI LETTER ZHA
+	{0x0AFA, 0x0AFF, prN},     // Mn     [6] GUJARATI SIGN SUKUN..GUJARATI SIGN TWO-CIRCLE NUKTA ABOVE
+	{0x0B01, 0x0B01, prN},     // Mn         ORIYA SIGN CANDRABINDU
+	{0x0B02, 0x0B03, prN},     // Mc     [2] ORIYA SIGN ANUSVARA..ORIYA SIGN VISARGA
+	{0x0B05, 0x0B0C, prN},     // Lo     [8] ORIYA LETTER A..ORIYA LETTER VOCALIC L
+	{0x0B0F, 0x0B10, prN},     // Lo     [2] ORIYA LETTER E..ORIYA LETTER AI
+	{0x0B13, 0x0B28, prN},     // Lo    [22] ORIYA LETTER O..ORIYA LETTER NA
+	{0x0B2A, 0x0B30, prN},     // Lo     [7] ORIYA LETTER PA..ORIYA LETTER RA
+	{0x0B32, 0x0B33, prN},     // Lo     [2] ORIYA LETTER LA..ORIYA LETTER LLA
+	{0x0B35, 0x0B39, prN},     // Lo     [5] ORIYA LETTER VA..ORIYA LETTER HA
+	{0x0B3C, 0x0B3C, prN},     // Mn         ORIYA SIGN NUKTA
+	{0x0B3D, 0x0B3D, prN},     // Lo         ORIYA SIGN AVAGRAHA
+	{0x0B3E, 0x0B3E, prN},     // Mc         ORIYA VOWEL SIGN AA
+	{0x0B3F, 0x0B3F, prN},     // Mn         ORIYA VOWEL SIGN I
+	{0x0B40, 0x0B40, prN},     // Mc         ORIYA VOWEL SIGN II
+	{0x0B41, 0x0B44, prN},     // Mn     [4] ORIYA VOWEL SIGN U..ORIYA VOWEL SIGN VOCALIC RR
+	{0x0B47, 0x0B48, prN},     // Mc     [2] ORIYA VOWEL SIGN E..ORIYA VOWEL SIGN AI
+	{0x0B4B, 0x0B4C, prN},     // Mc     [2] ORIYA VOWEL SIGN O..ORIYA VOWEL SIGN AU
+	{0x0B4D, 0x0B4D, prN},     // Mn         ORIYA SIGN VIRAMA
+	{0x0B55, 0x0B56, prN},     // Mn     [2] ORIYA SIGN OVERLINE..ORIYA AI LENGTH MARK
+	{0x0B57, 0x0B57, prN},     // Mc         ORIYA AU LENGTH MARK
+	{0x0B5C, 0x0B5D, prN},     // Lo     [2] ORIYA LETTER RRA..ORIYA LETTER RHA
+	{0x0B5F, 0x0B61, prN},     // Lo     [3] ORIYA LETTER YYA..ORIYA LETTER VOCALIC LL
+	{0x0B62, 0x0B63, prN},     // Mn     [2] ORIYA VOWEL SIGN VOCALIC L..ORIYA VOWEL SIGN VOCALIC LL
+	{0x0B66, 0x0B6F, prN},     // Nd    [10] ORIYA DIGIT ZERO..ORIYA DIGIT NINE
+	{0x0B70, 0x0B70, prN},     // So         ORIYA ISSHAR
+	{0x0B71, 0x0B71, prN},     // Lo         ORIYA LETTER WA
+	{0x0B72, 0x0B77, prN},     // No     [6] ORIYA FRACTION ONE QUARTER..ORIYA FRACTION THREE SIXTEENTHS
+	{0x0B82, 0x0B82, prN},     // Mn         TAMIL SIGN ANUSVARA
+	{0x0B83, 0x0B83, prN},     // Lo         TAMIL SIGN VISARGA
+	{0x0B85, 0x0B8A, prN},     // Lo     [6] TAMIL LETTER A..TAMIL LETTER UU
+	{0x0B8E, 0x0B90, prN},     // Lo     [3] TAMIL LETTER E..TAMIL LETTER AI
+	{0x0B92, 0x0B95, prN},     // Lo     [4] TAMIL LETTER O..TAMIL LETTER KA
+	{0x0B99, 0x0B9A, prN},     // Lo     [2] TAMIL LETTER NGA..TAMIL LETTER CA
+	{0x0B9C, 0x0B9C, prN},     // Lo         TAMIL LETTER JA
+	{0x0B9E, 0x0B9F, prN},     // Lo     [2] TAMIL LETTER NYA..TAMIL LETTER TTA
+	{0x0BA3, 0x0BA4, prN},     // Lo     [2] TAMIL LETTER NNA..TAMIL LETTER TA
+	{0x0BA8, 0x0BAA, prN},     // Lo     [3] TAMIL LETTER NA..TAMIL LETTER PA
+	{0x0BAE, 0x0BB9, prN},     // Lo    [12] TAMIL LETTER MA..TAMIL LETTER HA
+	{0x0BBE, 0x0BBF, prN},     // Mc     [2] TAMIL VOWEL SIGN AA..TAMIL VOWEL SIGN I
+	{0x0BC0, 0x0BC0, prN},     // Mn         TAMIL VOWEL SIGN II
+	{0x0BC1, 0x0BC2, prN},     // Mc     [2] TAMIL VOWEL SIGN U..TAMIL VOWEL SIGN UU
+	{0x0BC6, 0x0BC8, prN},     // Mc     [3] TAMIL VOWEL SIGN E..TAMIL VOWEL SIGN AI
+	{0x0BCA, 0x0BCC, prN},     // Mc     [3] TAMIL VOWEL SIGN O..TAMIL VOWEL SIGN AU
+	{0x0BCD, 0x0BCD, prN},     // Mn         TAMIL SIGN VIRAMA
+	{0x0BD0, 0x0BD0, prN},     // Lo         TAMIL OM
+	{0x0BD7, 0x0BD7, prN},     // Mc         TAMIL AU LENGTH MARK
+	{0x0BE6, 0x0BEF, prN},     // Nd    [10] TAMIL DIGIT ZERO..TAMIL DIGIT NINE
+	{0x0BF0, 0x0BF2, prN},     // No     [3] TAMIL NUMBER TEN..TAMIL NUMBER ONE THOUSAND
+	{0x0BF3, 0x0BF8, prN},     // So     [6] TAMIL DAY SIGN..TAMIL AS ABOVE SIGN
+	{0x0BF9, 0x0BF9, prN},     // Sc         TAMIL RUPEE SIGN
+	{0x0BFA, 0x0BFA, prN},     // So         TAMIL NUMBER SIGN
+	{0x0C00, 0x0C00, prN},     // Mn         TELUGU SIGN COMBINING CANDRABINDU ABOVE
+	{0x0C01, 0x0C03, prN},     // Mc     [3] TELUGU SIGN CANDRABINDU..TELUGU SIGN VISARGA
+	{0x0C04, 0x0C04, prN},     // Mn         TELUGU SIGN COMBINING ANUSVARA ABOVE
+	{0x0C05, 0x0C0C, prN},     // Lo     [8] TELUGU LETTER A..TELUGU LETTER VOCALIC L
+	{0x0C0E, 0x0C10, prN},     // Lo     [3] TELUGU LETTER E..TELUGU LETTER AI
+	{0x0C12, 0x0C28, prN},     // Lo    [23] TELUGU LETTER O..TELUGU LETTER NA
+	{0x0C2A, 0x0C39, prN},     // Lo    [16] TELUGU LETTER PA..TELUGU LETTER HA
+	{0x0C3C, 0x0C3C, prN},     // Mn         TELUGU SIGN NUKTA
+	{0x0C3D, 0x0C3D, prN},     // Lo         TELUGU SIGN AVAGRAHA
+	{0x0C3E, 0x0C40, prN},     // Mn     [3] TELUGU VOWEL SIGN AA..TELUGU VOWEL SIGN II
+	{0x0C41, 0x0C44, prN},     // Mc     [4] TELUGU VOWEL SIGN U..TELUGU VOWEL SIGN VOCALIC RR
+	{0x0C46, 0x0C48, prN},     // Mn     [3] TELUGU VOWEL SIGN E..TELUGU VOWEL SIGN AI
+	{0x0C4A, 0x0C4D, prN},     // Mn     [4] TELUGU VOWEL SIGN O..TELUGU SIGN VIRAMA
+	{0x0C55, 0x0C56, prN},     // Mn     [2] TELUGU LENGTH MARK..TELUGU AI LENGTH MARK
+	{0x0C58, 0x0C5A, prN},     // Lo     [3] TELUGU LETTER TSA..TELUGU LETTER RRRA
+	{0x0C5D, 0x0C5D, prN},     // Lo         TELUGU LETTER NAKAARA POLLU
+	{0x0C60, 0x0C61, prN},     // Lo     [2] TELUGU LETTER VOCALIC RR..TELUGU LETTER VOCALIC LL
+	{0x0C62, 0x0C63, prN},     // Mn     [2] TELUGU VOWEL SIGN VOCALIC L..TELUGU VOWEL SIGN VOCALIC LL
+	{0x0C66, 0x0C6F, prN},     // Nd    [10] TELUGU DIGIT ZERO..TELUGU DIGIT NINE
+	{0x0C77, 0x0C77, prN},     // Po         TELUGU SIGN SIDDHAM
+	{0x0C78, 0x0C7E, prN},     // No     [7] TELUGU FRACTION DIGIT ZERO FOR ODD POWERS OF FOUR..TELUGU FRACTION DIGIT THREE FOR EVEN POWERS OF FOUR
+	{0x0C7F, 0x0C7F, prN},     // So         TELUGU SIGN TUUMU
+	{0x0C80, 0x0C80, prN},     // Lo         KANNADA SIGN SPACING CANDRABINDU
+	{0x0C81, 0x0C81, prN},     // Mn         KANNADA SIGN CANDRABINDU
+	{0x0C82, 0x0C83, prN},     // Mc     [2] KANNADA SIGN ANUSVARA..KANNADA SIGN VISARGA
+	{0x0C84, 0x0C84, prN},     // Po         KANNADA SIGN SIDDHAM
+	{0x0C85, 0x0C8C, prN},     // Lo     [8] KANNADA LETTER A..KANNADA LETTER VOCALIC L
+	{0x0C8E, 0x0C90, prN},     // Lo     [3] KANNADA LETTER E..KANNADA LETTER AI
+	{0x0C92, 0x0CA8, prN},     // Lo    [23] KANNADA LETTER O..KANNADA LETTER NA
+	{0x0CAA, 0x0CB3, prN},     // Lo    [10] KANNADA LETTER PA..KANNADA LETTER LLA
+	{0x0CB5, 0x0CB9, prN},     // Lo     [5] KANNADA LETTER VA..KANNADA LETTER HA
+	{0x0CBC, 0x0CBC, prN},     // Mn         KANNADA SIGN NUKTA
+	{0x0CBD, 0x0CBD, prN},     // Lo         KANNADA SIGN AVAGRAHA
+	{0x0CBE, 0x0CBE, prN},     // Mc         KANNADA VOWEL SIGN AA
+	{0x0CBF, 0x0CBF, prN},     // Mn         KANNADA VOWEL SIGN I
+	{0x0CC0, 0x0CC4, prN},     // Mc     [5] KANNADA VOWEL SIGN II..KANNADA VOWEL SIGN VOCALIC RR
+	{0x0CC6, 0x0CC6, prN},     // Mn         KANNADA VOWEL SIGN E
+	{0x0CC7, 0x0CC8, prN},     // Mc     [2] KANNADA VOWEL SIGN EE..KANNADA VOWEL SIGN AI
+	{0x0CCA, 0x0CCB, prN},     // Mc     [2] KANNADA VOWEL SIGN O..KANNADA VOWEL SIGN OO
+	{0x0CCC, 0x0CCD, prN},     // Mn     [2] KANNADA VOWEL SIGN AU..KANNADA SIGN VIRAMA
+	{0x0CD5, 0x0CD6, prN},     // Mc     [2] KANNADA LENGTH MARK..KANNADA AI LENGTH MARK
+	{0x0CDD, 0x0CDE, prN},     // Lo     [2] KANNADA LETTER NAKAARA POLLU..KANNADA LETTER FA
+	{0x0CE0, 0x0CE1, prN},     // Lo     [2] KANNADA LETTER VOCALIC RR..KANNADA LETTER VOCALIC LL
+	{0x0CE2, 0x0CE3, prN},     // Mn     [2] KANNADA VOWEL SIGN VOCALIC L..KANNADA VOWEL SIGN VOCALIC LL
+	{0x0CE6, 0x0CEF, prN},     // Nd    [10] KANNADA DIGIT ZERO..KANNADA DIGIT NINE
+	{0x0CF1, 0x0CF2, prN},     // Lo     [2] KANNADA SIGN JIHVAMULIYA..KANNADA SIGN UPADHMANIYA
+	{0x0D00, 0x0D01, prN},     // Mn     [2] MALAYALAM SIGN COMBINING ANUSVARA ABOVE..MALAYALAM SIGN CANDRABINDU
+	{0x0D02, 0x0D03, prN},     // Mc     [2] MALAYALAM SIGN ANUSVARA..MALAYALAM SIGN VISARGA
+	{0x0D04, 0x0D0C, prN},     // Lo     [9] MALAYALAM LETTER VEDIC ANUSVARA..MALAYALAM LETTER VOCALIC L
+	{0x0D0E, 0x0D10, prN},     // Lo     [3] MALAYALAM LETTER E..MALAYALAM LETTER AI
+	{0x0D12, 0x0D3A, prN},     // Lo    [41] MALAYALAM LETTER O..MALAYALAM LETTER TTTA
+	{0x0D3B, 0x0D3C, prN},     // Mn     [2] MALAYALAM SIGN VERTICAL BAR VIRAMA..MALAYALAM SIGN CIRCULAR VIRAMA
+	{0x0D3D, 0x0D3D, prN},     // Lo         MALAYALAM SIGN AVAGRAHA
+	{0x0D3E, 0x0D40, prN},     // Mc     [3] MALAYALAM VOWEL SIGN AA..MALAYALAM VOWEL SIGN II
+	{0x0D41, 0x0D44, prN},     // Mn     [4] MALAYALAM VOWEL SIGN U..MALAYALAM VOWEL SIGN VOCALIC RR
+	{0x0D46, 0x0D48, prN},     // Mc     [3] MALAYALAM VOWEL SIGN E..MALAYALAM VOWEL SIGN AI
+	{0x0D4A, 0x0D4C, prN},     // Mc     [3] MALAYALAM VOWEL SIGN O..MALAYALAM VOWEL SIGN AU
+	{0x0D4D, 0x0D4D, prN},     // Mn         MALAYALAM SIGN VIRAMA
+	{0x0D4E, 0x0D4E, prN},     // Lo         MALAYALAM LETTER DOT REPH
+	{0x0D4F, 0x0D4F, prN},     // So         MALAYALAM SIGN PARA
+	{0x0D54, 0x0D56, prN},     // Lo     [3] MALAYALAM LETTER CHILLU M..MALAYALAM LETTER CHILLU LLL
+	{0x0D57, 0x0D57, prN},     // Mc         MALAYALAM AU LENGTH MARK
+	{0x0D58, 0x0D5E, prN},     // No     [7] MALAYALAM FRACTION ONE ONE-HUNDRED-AND-SIXTIETH..MALAYALAM FRACTION ONE FIFTH
+	{0x0D5F, 0x0D61, prN},     // Lo     [3] MALAYALAM LETTER ARCHAIC II..MALAYALAM LETTER VOCALIC LL
+	{0x0D62, 0x0D63, prN},     // Mn     [2] MALAYALAM VOWEL SIGN VOCALIC L..MALAYALAM VOWEL SIGN VOCALIC LL
+	{0x0D66, 0x0D6F, prN},     // Nd    [10] MALAYALAM DIGIT ZERO..MALAYALAM DIGIT NINE
+	{0x0D70, 0x0D78, prN},     // No     [9] MALAYALAM NUMBER TEN..MALAYALAM FRACTION THREE SIXTEENTHS
+	{0x0D79, 0x0D79, prN},     // So         MALAYALAM DATE MARK
+	{0x0D7A, 0x0D7F, prN},     // Lo     [6] MALAYALAM LETTER CHILLU NN..MALAYALAM LETTER CHILLU K
+	{0x0D81, 0x0D81, prN},     // Mn         SINHALA SIGN CANDRABINDU
+	{0x0D82, 0x0D83, prN},     // Mc     [2] SINHALA SIGN ANUSVARAYA..SINHALA SIGN VISARGAYA
+	{0x0D85, 0x0D96, prN},     // Lo    [18] SINHALA LETTER AYANNA..SINHALA LETTER AUYANNA
+	{0x0D9A, 0x0DB1, prN},     // Lo    [24] SINHALA LETTER ALPAPRAANA KAYANNA..SINHALA LETTER DANTAJA NAYANNA
+	{0x0DB3, 0x0DBB, prN},     // Lo     [9] SINHALA LETTER SANYAKA DAYANNA..SINHALA LETTER RAYANNA
+	{0x0DBD, 0x0DBD, prN},     // Lo         SINHALA LETTER DANTAJA LAYANNA
+	{0x0DC0, 0x0DC6, prN},     // Lo     [7] SINHALA LETTER VAYANNA..SINHALA LETTER FAYANNA
+	{0x0DCA, 0x0DCA, prN},     // Mn         SINHALA SIGN AL-LAKUNA
+	{0x0DCF, 0x0DD1, prN},     // Mc     [3] SINHALA VOWEL SIGN AELA-PILLA..SINHALA VOWEL SIGN DIGA AEDA-PILLA
+	{0x0DD2, 0x0DD4, prN},     // Mn     [3] SINHALA VOWEL SIGN KETTI IS-PILLA..SINHALA VOWEL SIGN KETTI PAA-PILLA
+	{0x0DD6, 0x0DD6, prN},     // Mn         SINHALA VOWEL SIGN DIGA PAA-PILLA
+	{0x0DD8, 0x0DDF, prN},     // Mc     [8] SINHALA VOWEL SIGN GAETTA-PILLA..SINHALA VOWEL SIGN GAYANUKITTA
+	{0x0DE6, 0x0DEF, prN},     // Nd    [10] SINHALA LITH DIGIT ZERO..SINHALA LITH DIGIT NINE
+	{0x0DF2, 0x0DF3, prN},     // Mc     [2] SINHALA VOWEL SIGN DIGA GAETTA-PILLA..SINHALA VOWEL SIGN DIGA GAYANUKITTA
+	{0x0DF4, 0x0DF4, prN},     // Po         SINHALA PUNCTUATION KUNDDALIYA
+	{0x0E01, 0x0E30, prN},     // Lo    [48] THAI CHARACTER KO KAI..THAI CHARACTER SARA A
+	{0x0E31, 0x0E31, prN},     // Mn         THAI CHARACTER MAI HAN-AKAT
+	{0x0E32, 0x0E33, prN},     // Lo     [2] THAI CHARACTER SARA AA..THAI CHARACTER SARA AM
+	{0x0E34, 0x0E3A, prN},     // Mn     [7] THAI CHARACTER SARA I..THAI CHARACTER PHINTHU
+	{0x0E3F, 0x0E3F, prN},     // Sc         THAI CURRENCY SYMBOL BAHT
+	{0x0E40, 0x0E45, prN},     // Lo     [6] THAI CHARACTER SARA E..THAI CHARACTER LAKKHANGYAO
+	{0x0E46, 0x0E46, prN},     // Lm         THAI CHARACTER MAIYAMOK
+	{0x0E47, 0x0E4E, prN},     // Mn     [8] THAI CHARACTER MAITAIKHU..THAI CHARACTER YAMAKKAN
+	{0x0E4F, 0x0E4F, prN},     // Po         THAI CHARACTER FONGMAN
+	{0x0E50, 0x0E59, prN},     // Nd    [10] THAI DIGIT ZERO..THAI DIGIT NINE
+	{0x0E5A, 0x0E5B, prN},     // Po     [2] THAI CHARACTER ANGKHANKHU..THAI CHARACTER KHOMUT
+	{0x0E81, 0x0E82, prN},     // Lo     [2] LAO LETTER KO..LAO LETTER KHO SUNG
+	{0x0E84, 0x0E84, prN},     // Lo         LAO LETTER KHO TAM
+	{0x0E86, 0x0E8A, prN},     // Lo     [5] LAO LETTER PALI GHA..LAO LETTER SO TAM
+	{0x0E8C, 0x0EA3, prN},     // Lo    [24] LAO LETTER PALI JHA..LAO LETTER LO LING
+	{0x0EA5, 0x0EA5, prN},     // Lo         LAO LETTER LO LOOT
+	{0x0EA7, 0x0EB0, prN},     // Lo    [10] LAO LETTER WO..LAO VOWEL SIGN A
+	{0x0EB1, 0x0EB1, prN},     // Mn         LAO VOWEL SIGN MAI KAN
+	{0x0EB2, 0x0EB3, prN},     // Lo     [2] LAO VOWEL SIGN AA..LAO VOWEL SIGN AM
+	{0x0EB4, 0x0EBC, prN},     // Mn     [9] LAO VOWEL SIGN I..LAO SEMIVOWEL SIGN LO
+	{0x0EBD, 0x0EBD, prN},     // Lo         LAO SEMIVOWEL SIGN NYO
+	{0x0EC0, 0x0EC4, prN},     // Lo     [5] LAO VOWEL SIGN E..LAO VOWEL SIGN AI
+	{0x0EC6, 0x0EC6, prN},     // Lm         LAO KO LA
+	{0x0EC8, 0x0ECD, prN},     // Mn     [6] LAO TONE MAI EK..LAO NIGGAHITA
+	{0x0ED0, 0x0ED9, prN},     // Nd    [10] LAO DIGIT ZERO..LAO DIGIT NINE
+	{0x0EDC, 0x0EDF, prN},     // Lo     [4] LAO HO NO..LAO LETTER KHMU NYO
+	{0x0F00, 0x0F00, prN},     // Lo         TIBETAN SYLLABLE OM
+	{0x0F01, 0x0F03, prN},     // So     [3] TIBETAN MARK GTER YIG MGO TRUNCATED A..TIBETAN MARK GTER YIG MGO -UM GTER TSHEG MA
+	{0x0F04, 0x0F12, prN},     // Po    [15] TIBETAN MARK INITIAL YIG MGO MDUN MA..TIBETAN MARK RGYA GRAM SHAD
+	{0x0F13, 0x0F13, prN},     // So         TIBETAN MARK CARET -DZUD RTAGS ME LONG CAN
+	{0x0F14, 0x0F14, prN},     // Po         TIBETAN MARK GTER TSHEG
+	{0x0F15, 0x0F17, prN},     // So     [3] TIBETAN LOGOTYPE SIGN CHAD RTAGS..TIBETAN ASTROLOGICAL SIGN SGRA GCAN -CHAR RTAGS
+	{0x0F18, 0x0F19, prN},     // Mn     [2] TIBETAN ASTROLOGICAL SIGN -KHYUD PA..TIBETAN ASTROLOGICAL SIGN SDONG TSHUGS
+	{0x0F1A, 0x0F1F, prN},     // So     [6] TIBETAN SIGN RDEL DKAR GCIG..TIBETAN SIGN RDEL DKAR RDEL NAG
+	{0x0F20, 0x0F29, prN},     // Nd    [10] TIBETAN DIGIT ZERO..TIBETAN DIGIT NINE
+	{0x0F2A, 0x0F33, prN},     // No    [10] TIBETAN DIGIT HALF ONE..TIBETAN DIGIT HALF ZERO
+	{0x0F34, 0x0F34, prN},     // So         TIBETAN MARK BSDUS RTAGS
+	{0x0F35, 0x0F35, prN},     // Mn         TIBETAN MARK NGAS BZUNG NYI ZLA
+	{0x0F36, 0x0F36, prN},     // So         TIBETAN MARK CARET -DZUD RTAGS BZHI MIG CAN
+	{0x0F37, 0x0F37, prN},     // Mn         TIBETAN MARK NGAS BZUNG SGOR RTAGS
+	{0x0F38, 0x0F38, prN},     // So         TIBETAN MARK CHE MGO
+	{0x0F39, 0x0F39, prN},     // Mn         TIBETAN MARK TSA -PHRU
+	{0x0F3A, 0x0F3A, prN},     // Ps         TIBETAN MARK GUG RTAGS GYON
+	{0x0F3B, 0x0F3B, prN},     // Pe         TIBETAN MARK GUG RTAGS GYAS
+	{0x0F3C, 0x0F3C, prN},     // Ps         TIBETAN MARK ANG KHANG GYON
+	{0x0F3D, 0x0F3D, prN},     // Pe         TIBETAN MARK ANG KHANG GYAS
+	{0x0F3E, 0x0F3F, prN},     // Mc     [2] TIBETAN SIGN YAR TSHES..TIBETAN SIGN MAR TSHES
+	{0x0F40, 0x0F47, prN},     // Lo     [8] TIBETAN LETTER KA..TIBETAN LETTER JA
+	{0x0F49, 0x0F6C, prN},     // Lo    [36] TIBETAN LETTER NYA..TIBETAN LETTER RRA
+	{0x0F71, 0x0F7E, prN},     // Mn    [14] TIBETAN VOWEL SIGN AA..TIBETAN SIGN RJES SU NGA RO
+	{0x0F7F, 0x0F7F, prN},     // Mc         TIBETAN SIGN RNAM BCAD
+	{0x0F80, 0x0F84, prN},     // Mn     [5] TIBETAN VOWEL SIGN REVERSED I..TIBETAN MARK HALANTA
+	{0x0F85, 0x0F85, prN},     // Po         TIBETAN MARK PALUTA
+	{0x0F86, 0x0F87, prN},     // Mn     [2] TIBETAN SIGN LCI RTAGS..TIBETAN SIGN YANG RTAGS
+	{0x0F88, 0x0F8C, prN},     // Lo     [5] TIBETAN SIGN LCE TSA CAN..TIBETAN SIGN INVERTED MCHU CAN
+	{0x0F8D, 0x0F97, prN},     // Mn    [11] TIBETAN SUBJOINED SIGN LCE TSA CAN..TIBETAN SUBJOINED LETTER JA
+	{0x0F99, 0x0FBC, prN},     // Mn    [36] TIBETAN SUBJOINED LETTER NYA..TIBETAN SUBJOINED LETTER FIXED-FORM RA
+	{0x0FBE, 0x0FC5, prN},     // So     [8] TIBETAN KU RU KHA..TIBETAN SYMBOL RDO RJE
+	{0x0FC6, 0x0FC6, prN},     // Mn         TIBETAN SYMBOL PADMA GDAN
+	{0x0FC7, 0x0FCC, prN},     // So     [6] TIBETAN SYMBOL RDO RJE RGYA GRAM..TIBETAN SYMBOL NOR BU BZHI -KHYIL
+	{0x0FCE, 0x0FCF, prN},     // So     [2] TIBETAN SIGN RDEL NAG RDEL DKAR..TIBETAN SIGN RDEL NAG GSUM
+	{0x0FD0, 0x0FD4, prN},     // Po     [5] TIBETAN MARK BSKA- SHOG GI MGO RGYAN..TIBETAN MARK CLOSING BRDA RNYING YIG MGO SGAB MA
+	{0x0FD5, 0x0FD8, prN},     // So     [4] RIGHT-FACING SVASTI SIGN..LEFT-FACING SVASTI SIGN WITH DOTS
+	{0x0FD9, 0x0FDA, prN},     // Po     [2] TIBETAN MARK LEADING MCHAN RTAGS..TIBETAN MARK TRAILING MCHAN RTAGS
+	{0x1000, 0x102A, prN},     // Lo    [43] MYANMAR LETTER KA..MYANMAR LETTER AU
+	{0x102B, 0x102C, prN},     // Mc     [2] MYANMAR VOWEL SIGN TALL AA..MYANMAR VOWEL SIGN AA
+	{0x102D, 0x1030, prN},     // Mn     [4] MYANMAR VOWEL SIGN I..MYANMAR VOWEL SIGN UU
+	{0x1031, 0x1031, prN},     // Mc         MYANMAR VOWEL SIGN E
+	{0x1032, 0x1037, prN},     // Mn     [6] MYANMAR VOWEL SIGN AI..MYANMAR SIGN DOT BELOW
+	{0x1038, 0x1038, prN},     // Mc         MYANMAR SIGN VISARGA
+	{0x1039, 0x103A, prN},     // Mn     [2] MYANMAR SIGN VIRAMA..MYANMAR SIGN ASAT
+	{0x103B, 0x103C, prN},     // Mc     [2] MYANMAR CONSONANT SIGN MEDIAL YA..MYANMAR CONSONANT SIGN MEDIAL RA
+	{0x103D, 0x103E, prN},     // Mn     [2] MYANMAR CONSONANT SIGN MEDIAL WA..MYANMAR CONSONANT SIGN MEDIAL HA
+	{0x103F, 0x103F, prN},     // Lo         MYANMAR LETTER GREAT SA
+	{0x1040, 0x1049, prN},     // Nd    [10] MYANMAR DIGIT ZERO..MYANMAR DIGIT NINE
+	{0x104A, 0x104F, prN},     // Po     [6] MYANMAR SIGN LITTLE SECTION..MYANMAR SYMBOL GENITIVE
+	{0x1050, 0x1055, prN},     // Lo     [6] MYANMAR LETTER SHA..MYANMAR LETTER VOCALIC LL
+	{0x1056, 0x1057, prN},     // Mc     [2] MYANMAR VOWEL SIGN VOCALIC R..MYANMAR VOWEL SIGN VOCALIC RR
+	{0x1058, 0x1059, prN},     // Mn     [2] MYANMAR VOWEL SIGN VOCALIC L..MYANMAR VOWEL SIGN VOCALIC LL
+	{0x105A, 0x105D, prN},     // Lo     [4] MYANMAR LETTER MON NGA..MYANMAR LETTER MON BBE
+	{0x105E, 0x1060, prN},     // Mn     [3] MYANMAR CONSONANT SIGN MON MEDIAL NA..MYANMAR CONSONANT SIGN MON MEDIAL LA
+	{0x1061, 0x1061, prN},     // Lo         MYANMAR LETTER SGAW KAREN SHA
+	{0x1062, 0x1064, prN},     // Mc     [3] MYANMAR VOWEL SIGN SGAW KAREN EU..MYANMAR TONE MARK SGAW KAREN KE PHO
+	{0x1065, 0x1066, prN},     // Lo     [2] MYANMAR LETTER WESTERN PWO KAREN THA..MYANMAR LETTER WESTERN PWO KAREN PWA
+	{0x1067, 0x106D, prN},     // Mc     [7] MYANMAR VOWEL SIGN WESTERN PWO KAREN EU..MYANMAR SIGN WESTERN PWO KAREN TONE-5
+	{0x106E, 0x1070, prN},     // Lo     [3] MYANMAR LETTER EASTERN PWO KAREN NNA..MYANMAR LETTER EASTERN PWO KAREN GHWA
+	{0x1071, 0x1074, prN},     // Mn     [4] MYANMAR VOWEL SIGN GEBA KAREN I..MYANMAR VOWEL SIGN KAYAH EE
+	{0x1075, 0x1081, prN},     // Lo    [13] MYANMAR LETTER SHAN KA..MYANMAR LETTER SHAN HA
+	{0x1082, 0x1082, prN},     // Mn         MYANMAR CONSONANT SIGN SHAN MEDIAL WA
+	{0x1083, 0x1084, prN},     // Mc     [2] MYANMAR VOWEL SIGN SHAN AA..MYANMAR VOWEL SIGN SHAN E
+	{0x1085, 0x1086, prN},     // Mn     [2] MYANMAR VOWEL SIGN SHAN E ABOVE..MYANMAR VOWEL SIGN SHAN FINAL Y
+	{0x1087, 0x108C, prN},     // Mc     [6] MYANMAR SIGN SHAN TONE-2..MYANMAR SIGN SHAN COUNCIL TONE-3
+	{0x108D, 0x108D, prN},     // Mn         MYANMAR SIGN SHAN COUNCIL EMPHATIC TONE
+	{0x108E, 0x108E, prN},     // Lo         MYANMAR LETTER RUMAI PALAUNG FA
+	{0x108F, 0x108F, prN},     // Mc         MYANMAR SIGN RUMAI PALAUNG TONE-5
+	{0x1090, 0x1099, prN},     // Nd    [10] MYANMAR SHAN DIGIT ZERO..MYANMAR SHAN DIGIT NINE
+	{0x109A, 0x109C, prN},     // Mc     [3] MYANMAR SIGN KHAMTI TONE-1..MYANMAR VOWEL SIGN AITON A
+	{0x109D, 0x109D, prN},     // Mn         MYANMAR VOWEL SIGN AITON AI
+	{0x109E, 0x109F, prN},     // So     [2] MYANMAR SYMBOL SHAN ONE..MYANMAR SYMBOL SHAN EXCLAMATION
+	{0x10A0, 0x10C5, prN},     // Lu    [38] GEORGIAN CAPITAL LETTER AN..GEORGIAN CAPITAL LETTER HOE
+	{0x10C7, 0x10C7, prN},     // Lu         GEORGIAN CAPITAL LETTER YN
+	{0x10CD, 0x10CD, prN},     // Lu         GEORGIAN CAPITAL LETTER AEN
+	{0x10D0, 0x10FA, prN},     // Ll    [43] GEORGIAN LETTER AN..GEORGIAN LETTER AIN
+	{0x10FB, 0x10FB, prN},     // Po         GEORGIAN PARAGRAPH SEPARATOR
+	{0x10FC, 0x10FC, prN},     // Lm         MODIFIER LETTER GEORGIAN NAR
+	{0x10FD, 0x10FF, prN},     // Ll     [3] GEORGIAN LETTER AEN..GEORGIAN LETTER LABIAL SIGN
+	{0x1100, 0x115F, prW},     // Lo    [96] HANGUL CHOSEONG KIYEOK..HANGUL CHOSEONG FILLER
+	{0x1160, 0x11FF, prN},     // Lo   [160] HANGUL JUNGSEONG FILLER..HANGUL JONGSEONG SSANGNIEUN
+	{0x1200, 0x1248, prN},     // Lo    [73] ETHIOPIC SYLLABLE HA..ETHIOPIC SYLLABLE QWA
+	{0x124A, 0x124D, prN},     // Lo     [4] ETHIOPIC SYLLABLE QWI..ETHIOPIC SYLLABLE QWE
+	{0x1250, 0x1256, prN},     // Lo     [7] ETHIOPIC SYLLABLE QHA..ETHIOPIC SYLLABLE QHO
+	{0x1258, 0x1258, prN},     // Lo         ETHIOPIC SYLLABLE QHWA
+	{0x125A, 0x125D, prN},     // Lo     [4] ETHIOPIC SYLLABLE QHWI..ETHIOPIC SYLLABLE QHWE
+	{0x1260, 0x1288, prN},     // Lo    [41] ETHIOPIC SYLLABLE BA..ETHIOPIC SYLLABLE XWA
+	{0x128A, 0x128D, prN},     // Lo     [4] ETHIOPIC SYLLABLE XWI..ETHIOPIC SYLLABLE XWE
+	{0x1290, 0x12B0, prN},     // Lo    [33] ETHIOPIC SYLLABLE NA..ETHIOPIC SYLLABLE KWA
+	{0x12B2, 0x12B5, prN},     // Lo     [4] ETHIOPIC SYLLABLE KWI..ETHIOPIC SYLLABLE KWE
+	{0x12B8, 0x12BE, prN},     // Lo     [7] ETHIOPIC SYLLABLE KXA..ETHIOPIC SYLLABLE KXO
+	{0x12C0, 0x12C0, prN},     // Lo         ETHIOPIC SYLLABLE KXWA
+	{0x12C2, 0x12C5, prN},     // Lo     [4] ETHIOPIC SYLLABLE KXWI..ETHIOPIC SYLLABLE KXWE
+	{0x12C8, 0x12D6, prN},     // Lo    [15] ETHIOPIC SYLLABLE WA..ETHIOPIC SYLLABLE PHARYNGEAL O
+	{0x12D8, 0x1310, prN},     // Lo    [57] ETHIOPIC SYLLABLE ZA..ETHIOPIC SYLLABLE GWA
+	{0x1312, 0x1315, prN},     // Lo     [4] ETHIOPIC SYLLABLE GWI..ETHIOPIC SYLLABLE GWE
+	{0x1318, 0x135A, prN},     // Lo    [67] ETHIOPIC SYLLABLE GGA..ETHIOPIC SYLLABLE FYA
+	{0x135D, 0x135F, prN},     // Mn     [3] ETHIOPIC COMBINING GEMINATION AND VOWEL LENGTH MARK..ETHIOPIC COMBINING GEMINATION MARK
+	{0x1360, 0x1368, prN},     // Po     [9] ETHIOPIC SECTION MARK..ETHIOPIC PARAGRAPH SEPARATOR
+	{0x1369, 0x137C, prN},     // No    [20] ETHIOPIC DIGIT ONE..ETHIOPIC NUMBER TEN THOUSAND
+	{0x1380, 0x138F, prN},     // Lo    [16] ETHIOPIC SYLLABLE SEBATBEIT MWA..ETHIOPIC SYLLABLE PWE
+	{0x1390, 0x1399, prN},     // So    [10] ETHIOPIC TONAL MARK YIZET..ETHIOPIC TONAL MARK KURT
+	{0x13A0, 0x13F5, prN},     // Lu    [86] CHEROKEE LETTER A..CHEROKEE LETTER MV
+	{0x13F8, 0x13FD, prN},     // Ll     [6] CHEROKEE SMALL LETTER YE..CHEROKEE SMALL LETTER MV
+	{0x1400, 0x1400, prN},     // Pd         CANADIAN SYLLABICS HYPHEN
+	{0x1401, 0x166C, prN},     // Lo   [620] CANADIAN SYLLABICS E..CANADIAN SYLLABICS CARRIER TTSA
+	{0x166D, 0x166D, prN},     // So         CANADIAN SYLLABICS CHI SIGN
+	{0x166E, 0x166E, prN},     // Po         CANADIAN SYLLABICS FULL STOP
+	{0x166F, 0x167F, prN},     // Lo    [17] CANADIAN SYLLABICS QAI..CANADIAN SYLLABICS BLACKFOOT W
+	{0x1680, 0x1680, prN},     // Zs         OGHAM SPACE MARK
+	{0x1681, 0x169A, prN},     // Lo    [26] OGHAM LETTER BEITH..OGHAM LETTER PEITH
+	{0x169B, 0x169B, prN},     // Ps         OGHAM FEATHER MARK
+	{0x169C, 0x169C, prN},     // Pe         OGHAM REVERSED FEATHER MARK
+	{0x16A0, 0x16EA, prN},     // Lo    [75] RUNIC LETTER FEHU FEOH FE F..RUNIC LETTER X
+	{0x16EB, 0x16ED, prN},     // Po     [3] RUNIC SINGLE PUNCTUATION..RUNIC CROSS PUNCTUATION
+	{0x16EE, 0x16F0, prN},     // Nl     [3] RUNIC ARLAUG SYMBOL..RUNIC BELGTHOR SYMBOL
+	{0x16F1, 0x16F8, prN},     // Lo     [8] RUNIC LETTER K..RUNIC LETTER FRANKS CASKET AESC
+	{0x1700, 0x1711, prN},     // Lo    [18] TAGALOG LETTER A..TAGALOG LETTER HA
+	{0x1712, 0x1714, prN},     // Mn     [3] TAGALOG VOWEL SIGN I..TAGALOG SIGN VIRAMA
+	{0x1715, 0x1715, prN},     // Mc         TAGALOG SIGN PAMUDPOD
+	{0x171F, 0x171F, prN},     // Lo         TAGALOG LETTER ARCHAIC RA
+	{0x1720, 0x1731, prN},     // Lo    [18] HANUNOO LETTER A..HANUNOO LETTER HA
+	{0x1732, 0x1733, prN},     // Mn     [2] HANUNOO VOWEL SIGN I..HANUNOO VOWEL SIGN U
+	{0x1734, 0x1734, prN},     // Mc         HANUNOO SIGN PAMUDPOD
+	{0x1735, 0x1736, prN},     // Po     [2] PHILIPPINE SINGLE PUNCTUATION..PHILIPPINE DOUBLE PUNCTUATION
+	{0x1740, 0x1751, prN},     // Lo    [18] BUHID LETTER A..BUHID LETTER HA
+	{0x1752, 0x1753, prN},     // Mn     [2] BUHID VOWEL SIGN I..BUHID VOWEL SIGN U
+	{0x1760, 0x176C, prN},     // Lo    [13] TAGBANWA LETTER A..TAGBANWA LETTER YA
+	{0x176E, 0x1770, prN},     // Lo     [3] TAGBANWA LETTER LA..TAGBANWA LETTER SA
+	{0x1772, 0x1773, prN},     // Mn     [2] TAGBANWA VOWEL SIGN I..TAGBANWA VOWEL SIGN U
+	{0x1780, 0x17B3, prN},     // Lo    [52] KHMER LETTER KA..KHMER INDEPENDENT VOWEL QAU
+	{0x17B4, 0x17B5, prN},     // Mn     [2] KHMER VOWEL INHERENT AQ..KHMER VOWEL INHERENT AA
+	{0x17B6, 0x17B6, prN},     // Mc         KHMER VOWEL SIGN AA
+	{0x17B7, 0x17BD, prN},     // Mn     [7] KHMER VOWEL SIGN I..KHMER VOWEL SIGN UA
+	{0x17BE, 0x17C5, prN},     // Mc     [8] KHMER VOWEL SIGN OE..KHMER VOWEL SIGN AU
+	{0x17C6, 0x17C6, prN},     // Mn         KHMER SIGN NIKAHIT
+	{0x17C7, 0x17C8, prN},     // Mc     [2] KHMER SIGN REAHMUK..KHMER SIGN YUUKALEAPINTU
+	{0x17C9, 0x17D3, prN},     // Mn    [11] KHMER SIGN MUUSIKATOAN..KHMER SIGN BATHAMASAT
+	{0x17D4, 0x17D6, prN},     // Po     [3] KHMER SIGN KHAN..KHMER SIGN CAMNUC PII KUUH
+	{0x17D7, 0x17D7, prN},     // Lm         KHMER SIGN LEK TOO
+	{0x17D8, 0x17DA, prN},     // Po     [3] KHMER SIGN BEYYAL..KHMER SIGN KOOMUUT
+	{0x17DB, 0x17DB, prN},     // Sc         KHMER CURRENCY SYMBOL RIEL
+	{0x17DC, 0x17DC, prN},     // Lo         KHMER SIGN AVAKRAHASANYA
+	{0x17DD, 0x17DD, prN},     // Mn         KHMER SIGN ATTHACAN
+	{0x17E0, 0x17E9, prN},     // Nd    [10] KHMER DIGIT ZERO..KHMER DIGIT NINE
+	{0x17F0, 0x17F9, prN},     // No    [10] KHMER SYMBOL LEK ATTAK SON..KHMER SYMBOL LEK ATTAK PRAM-BUON
+	{0x1800, 0x1805, prN},     // Po     [6] MONGOLIAN BIRGA..MONGOLIAN FOUR DOTS
+	{0x1806, 0x1806, prN},     // Pd         MONGOLIAN TODO SOFT HYPHEN
+	{0x1807, 0x180A, prN},     // Po     [4] MONGOLIAN SIBE SYLLABLE BOUNDARY MARKER..MONGOLIAN NIRUGU
+	{0x180B, 0x180D, prN},     // Mn     [3] MONGOLIAN FREE VARIATION SELECTOR ONE..MONGOLIAN FREE VARIATION SELECTOR THREE
+	{0x180E, 0x180E, prN},     // Cf         MONGOLIAN VOWEL SEPARATOR
+	{0x180F, 0x180F, prN},     // Mn         MONGOLIAN FREE VARIATION SELECTOR FOUR
+	{0x1810, 0x1819, prN},     // Nd    [10] MONGOLIAN DIGIT ZERO..MONGOLIAN DIGIT NINE
+	{0x1820, 0x1842, prN},     // Lo    [35] MONGOLIAN LETTER A..MONGOLIAN LETTER CHI
+	{0x1843, 0x1843, prN},     // Lm         MONGOLIAN LETTER TODO LONG VOWEL SIGN
+	{0x1844, 0x1878, prN},     // Lo    [53] MONGOLIAN LETTER TODO E..MONGOLIAN LETTER CHA WITH TWO DOTS
+	{0x1880, 0x1884, prN},     // Lo     [5] MONGOLIAN LETTER ALI GALI ANUSVARA ONE..MONGOLIAN LETTER ALI GALI INVERTED UBADAMA
+	{0x1885, 0x1886, prN},     // Mn     [2] MONGOLIAN LETTER ALI GALI BALUDA..MONGOLIAN LETTER ALI GALI THREE BALUDA
+	{0x1887, 0x18A8, prN},     // Lo    [34] MONGOLIAN LETTER ALI GALI A..MONGOLIAN LETTER MANCHU ALI GALI BHA
+	{0x18A9, 0x18A9, prN},     // Mn         MONGOLIAN LETTER ALI GALI DAGALGA
+	{0x18AA, 0x18AA, prN},     // Lo         MONGOLIAN LETTER MANCHU ALI GALI LHA
+	{0x18B0, 0x18F5, prN},     // Lo    [70] CANADIAN SYLLABICS OY..CANADIAN SYLLABICS CARRIER DENTAL S
+	{0x1900, 0x191E, prN},     // Lo    [31] LIMBU VOWEL-CARRIER LETTER..LIMBU LETTER TRA
+	{0x1920, 0x1922, prN},     // Mn     [3] LIMBU VOWEL SIGN A..LIMBU VOWEL SIGN U
+	{0x1923, 0x1926, prN},     // Mc     [4] LIMBU VOWEL SIGN EE..LIMBU VOWEL SIGN AU
+	{0x1927, 0x1928, prN},     // Mn     [2] LIMBU VOWEL SIGN E..LIMBU VOWEL SIGN O
+	{0x1929, 0x192B, prN},     // Mc     [3] LIMBU SUBJOINED LETTER YA..LIMBU SUBJOINED LETTER WA
+	{0x1930, 0x1931, prN},     // Mc     [2] LIMBU SMALL LETTER KA..LIMBU SMALL LETTER NGA
+	{0x1932, 0x1932, prN},     // Mn         LIMBU SMALL LETTER ANUSVARA
+	{0x1933, 0x1938, prN},     // Mc     [6] LIMBU SMALL LETTER TA..LIMBU SMALL LETTER LA
+	{0x1939, 0x193B, prN},     // Mn     [3] LIMBU SIGN MUKPHRENG..LIMBU SIGN SA-I
+	{0x1940, 0x1940, prN},     // So         LIMBU SIGN LOO
+	{0x1944, 0x1945, prN},     // Po     [2] LIMBU EXCLAMATION MARK..LIMBU QUESTION MARK
+	{0x1946, 0x194F, prN},     // Nd    [10] LIMBU DIGIT ZERO..LIMBU DIGIT NINE
+	{0x1950, 0x196D, prN},     // Lo    [30] TAI LE LETTER KA..TAI LE LETTER AI
+	{0x1970, 0x1974, prN},     // Lo     [5] TAI LE LETTER TONE-2..TAI LE LETTER TONE-6
+	{0x1980, 0x19AB, prN},     // Lo    [44] NEW TAI LUE LETTER HIGH QA..NEW TAI LUE LETTER LOW SUA
+	{0x19B0, 0x19C9, prN},     // Lo    [26] NEW TAI LUE VOWEL SIGN VOWEL SHORTENER..NEW TAI LUE TONE MARK-2
+	{0x19D0, 0x19D9, prN},     // Nd    [10] NEW TAI LUE DIGIT ZERO..NEW TAI LUE DIGIT NINE
+	{0x19DA, 0x19DA, prN},     // No         NEW TAI LUE THAM DIGIT ONE
+	{0x19DE, 0x19DF, prN},     // So     [2] NEW TAI LUE SIGN LAE..NEW TAI LUE SIGN LAEV
+	{0x19E0, 0x19FF, prN},     // So    [32] KHMER SYMBOL PATHAMASAT..KHMER SYMBOL DAP-PRAM ROC
+	{0x1A00, 0x1A16, prN},     // Lo    [23] BUGINESE LETTER KA..BUGINESE LETTER HA
+	{0x1A17, 0x1A18, prN},     // Mn     [2] BUGINESE VOWEL SIGN I..BUGINESE VOWEL SIGN U
+	{0x1A19, 0x1A1A, prN},     // Mc     [2] BUGINESE VOWEL SIGN E..BUGINESE VOWEL SIGN O
+	{0x1A1B, 0x1A1B, prN},     // Mn         BUGINESE VOWEL SIGN AE
+	{0x1A1E, 0x1A1F, prN},     // Po     [2] BUGINESE PALLAWA..BUGINESE END OF SECTION
+	{0x1A20, 0x1A54, prN},     // Lo    [53] TAI THAM LETTER HIGH KA..TAI THAM LETTER GREAT SA
+	{0x1A55, 0x1A55, prN},     // Mc         TAI THAM CONSONANT SIGN MEDIAL RA
+	{0x1A56, 0x1A56, prN},     // Mn         TAI THAM CONSONANT SIGN MEDIAL LA
+	{0x1A57, 0x1A57, prN},     // Mc         TAI THAM CONSONANT SIGN LA TANG LAI
+	{0x1A58, 0x1A5E, prN},     // Mn     [7] TAI THAM SIGN MAI KANG LAI..TAI THAM CONSONANT SIGN SA
+	{0x1A60, 0x1A60, prN},     // Mn         TAI THAM SIGN SAKOT
+	{0x1A61, 0x1A61, prN},     // Mc         TAI THAM VOWEL SIGN A
+	{0x1A62, 0x1A62, prN},     // Mn         TAI THAM VOWEL SIGN MAI SAT
+	{0x1A63, 0x1A64, prN},     // Mc     [2] TAI THAM VOWEL SIGN AA..TAI THAM VOWEL SIGN TALL AA
+	{0x1A65, 0x1A6C, prN},     // Mn     [8] TAI THAM VOWEL SIGN I..TAI THAM VOWEL SIGN OA BELOW
+	{0x1A6D, 0x1A72, prN},     // Mc     [6] TAI THAM VOWEL SIGN OY..TAI THAM VOWEL SIGN THAM AI
+	{0x1A73, 0x1A7C, prN},     // Mn    [10] TAI THAM VOWEL SIGN OA ABOVE..TAI THAM SIGN KHUEN-LUE KARAN
+	{0x1A7F, 0x1A7F, prN},     // Mn         TAI THAM COMBINING CRYPTOGRAMMIC DOT
+	{0x1A80, 0x1A89, prN},     // Nd    [10] TAI THAM HORA DIGIT ZERO..TAI THAM HORA DIGIT NINE
+	{0x1A90, 0x1A99, prN},     // Nd    [10] TAI THAM THAM DIGIT ZERO..TAI THAM THAM DIGIT NINE
+	{0x1AA0, 0x1AA6, prN},     // Po     [7] TAI THAM SIGN WIANG..TAI THAM SIGN REVERSED ROTATED RANA
+	{0x1AA7, 0x1AA7, prN},     // Lm         TAI THAM SIGN MAI YAMOK
+	{0x1AA8, 0x1AAD, prN},     // Po     [6] TAI THAM SIGN KAAN..TAI THAM SIGN CAANG
+	{0x1AB0, 0x1ABD, prN},     // Mn    [14] COMBINING DOUBLED CIRCUMFLEX ACCENT..COMBINING PARENTHESES BELOW
+	{0x1ABE, 0x1ABE, prN},     // Me         COMBINING PARENTHESES OVERLAY
+	{0x1ABF, 0x1ACE, prN},     // Mn    [16] COMBINING LATIN SMALL LETTER W BELOW..COMBINING LATIN SMALL LETTER INSULAR T
+	{0x1B00, 0x1B03, prN},     // Mn     [4] BALINESE SIGN ULU RICEM..BALINESE SIGN SURANG
+	{0x1B04, 0x1B04, prN},     // Mc         BALINESE SIGN BISAH
+	{0x1B05, 0x1B33, prN},     // Lo    [47] BALINESE LETTER AKARA..BALINESE LETTER HA
+	{0x1B34, 0x1B34, prN},     // Mn         BALINESE SIGN REREKAN
+	{0x1B35, 0x1B35, prN},     // Mc         BALINESE VOWEL SIGN TEDUNG
+	{0x1B36, 0x1B3A, prN},     // Mn     [5] BALINESE VOWEL SIGN ULU..BALINESE VOWEL SIGN RA REPA
+	{0x1B3B, 0x1B3B, prN},     // Mc         BALINESE VOWEL SIGN RA REPA TEDUNG
+	{0x1B3C, 0x1B3C, prN},     // Mn         BALINESE VOWEL SIGN LA LENGA
+	{0x1B3D, 0x1B41, prN},     // Mc     [5] BALINESE VOWEL SIGN LA LENGA TEDUNG..BALINESE VOWEL SIGN TALING REPA TEDUNG
+	{0x1B42, 0x1B42, prN},     // Mn         BALINESE VOWEL SIGN PEPET
+	{0x1B43, 0x1B44, prN},     // Mc     [2] BALINESE VOWEL SIGN PEPET TEDUNG..BALINESE ADEG ADEG
+	{0x1B45, 0x1B4C, prN},     // Lo     [8] BALINESE LETTER KAF SASAK..BALINESE LETTER ARCHAIC JNYA
+	{0x1B50, 0x1B59, prN},     // Nd    [10] BALINESE DIGIT ZERO..BALINESE DIGIT NINE
+	{0x1B5A, 0x1B60, prN},     // Po     [7] BALINESE PANTI..BALINESE PAMENENG
+	{0x1B61, 0x1B6A, prN},     // So    [10] BALINESE MUSICAL SYMBOL DONG..BALINESE MUSICAL SYMBOL DANG GEDE
+	{0x1B6B, 0x1B73, prN},     // Mn     [9] BALINESE MUSICAL SYMBOL COMBINING TEGEH..BALINESE MUSICAL SYMBOL COMBINING GONG
+	{0x1B74, 0x1B7C, prN},     // So     [9] BALINESE MUSICAL SYMBOL RIGHT-HAND OPEN DUG..BALINESE MUSICAL SYMBOL LEFT-HAND OPEN PING
+	{0x1B7D, 0x1B7E, prN},     // Po     [2] BALINESE PANTI LANTANG..BALINESE PAMADA LANTANG
+	{0x1B80, 0x1B81, prN},     // Mn     [2] SUNDANESE SIGN PANYECEK..SUNDANESE SIGN PANGLAYAR
+	{0x1B82, 0x1B82, prN},     // Mc         SUNDANESE SIGN PANGWISAD
+	{0x1B83, 0x1BA0, prN},     // Lo    [30] SUNDANESE LETTER A..SUNDANESE LETTER HA
+	{0x1BA1, 0x1BA1, prN},     // Mc         SUNDANESE CONSONANT SIGN PAMINGKAL
+	{0x1BA2, 0x1BA5, prN},     // Mn     [4] SUNDANESE CONSONANT SIGN PANYAKRA..SUNDANESE VOWEL SIGN PANYUKU
+	{0x1BA6, 0x1BA7, prN},     // Mc     [2] SUNDANESE VOWEL SIGN PANAELAENG..SUNDANESE VOWEL SIGN PANOLONG
+	{0x1BA8, 0x1BA9, prN},     // Mn     [2] SUNDANESE VOWEL SIGN PAMEPET..SUNDANESE VOWEL SIGN PANEULEUNG
+	{0x1BAA, 0x1BAA, prN},     // Mc         SUNDANESE SIGN PAMAAEH
+	{0x1BAB, 0x1BAD, prN},     // Mn     [3] SUNDANESE SIGN VIRAMA..SUNDANESE CONSONANT SIGN PASANGAN WA
+	{0x1BAE, 0x1BAF, prN},     // Lo     [2] SUNDANESE LETTER KHA..SUNDANESE LETTER SYA
+	{0x1BB0, 0x1BB9, prN},     // Nd    [10] SUNDANESE DIGIT ZERO..SUNDANESE DIGIT NINE
+	{0x1BBA, 0x1BBF, prN},     // Lo     [6] SUNDANESE AVAGRAHA..SUNDANESE LETTER FINAL M
+	{0x1BC0, 0x1BE5, prN},     // Lo    [38] BATAK LETTER A..BATAK LETTER U
+	{0x1BE6, 0x1BE6, prN},     // Mn         BATAK SIGN TOMPI
+	{0x1BE7, 0x1BE7, prN},     // Mc         BATAK VOWEL SIGN E
+	{0x1BE8, 0x1BE9, prN},     // Mn     [2] BATAK VOWEL SIGN PAKPAK E..BATAK VOWEL SIGN EE
+	{0x1BEA, 0x1BEC, prN},     // Mc     [3] BATAK VOWEL SIGN I..BATAK VOWEL SIGN O
+	{0x1BED, 0x1BED, prN},     // Mn         BATAK VOWEL SIGN KARO O
+	{0x1BEE, 0x1BEE, prN},     // Mc         BATAK VOWEL SIGN U
+	{0x1BEF, 0x1BF1, prN},     // Mn     [3] BATAK VOWEL SIGN U FOR SIMALUNGUN SA..BATAK CONSONANT SIGN H
+	{0x1BF2, 0x1BF3, prN},     // Mc     [2] BATAK PANGOLAT..BATAK PANONGONAN
+	{0x1BFC, 0x1BFF, prN},     // Po     [4] BATAK SYMBOL BINDU NA METEK..BATAK SYMBOL BINDU PANGOLAT
+	{0x1C00, 0x1C23, prN},     // Lo    [36] LEPCHA LETTER KA..LEPCHA LETTER A
+	{0x1C24, 0x1C2B, prN},     // Mc     [8] LEPCHA SUBJOINED LETTER YA..LEPCHA VOWEL SIGN UU
+	{0x1C2C, 0x1C33, prN},     // Mn     [8] LEPCHA VOWEL SIGN E..LEPCHA CONSONANT SIGN T
+	{0x1C34, 0x1C35, prN},     // Mc     [2] LEPCHA CONSONANT SIGN NYIN-DO..LEPCHA CONSONANT SIGN KANG
+	{0x1C36, 0x1C37, prN},     // Mn     [2] LEPCHA SIGN RAN..LEPCHA SIGN NUKTA
+	{0x1C3B, 0x1C3F, prN},     // Po     [5] LEPCHA PUNCTUATION TA-ROL..LEPCHA PUNCTUATION TSHOOK
+	{0x1C40, 0x1C49, prN},     // Nd    [10] LEPCHA DIGIT ZERO..LEPCHA DIGIT NINE
+	{0x1C4D, 0x1C4F, prN},     // Lo     [3] LEPCHA LETTER TTA..LEPCHA LETTER DDA
+	{0x1C50, 0x1C59, prN},     // Nd    [10] OL CHIKI DIGIT ZERO..OL CHIKI DIGIT NINE
+	{0x1C5A, 0x1C77, prN},     // Lo    [30] OL CHIKI LETTER LA..OL CHIKI LETTER OH
+	{0x1C78, 0x1C7D, prN},     // Lm     [6] OL CHIKI MU TTUDDAG..OL CHIKI AHAD
+	{0x1C7E, 0x1C7F, prN},     // Po     [2] OL CHIKI PUNCTUATION MUCAAD..OL CHIKI PUNCTUATION DOUBLE MUCAAD
+	{0x1C80, 0x1C88, prN},     // Ll     [9] CYRILLIC SMALL LETTER ROUNDED VE..CYRILLIC SMALL LETTER UNBLENDED UK
+	{0x1C90, 0x1CBA, prN},     // Lu    [43] GEORGIAN MTAVRULI CAPITAL LETTER AN..GEORGIAN MTAVRULI CAPITAL LETTER AIN
+	{0x1CBD, 0x1CBF, prN},     // Lu     [3] GEORGIAN MTAVRULI CAPITAL LETTER AEN..GEORGIAN MTAVRULI CAPITAL LETTER LABIAL SIGN
+	{0x1CC0, 0x1CC7, prN},     // Po     [8] SUNDANESE PUNCTUATION BINDU SURYA..SUNDANESE PUNCTUATION BINDU BA SATANGA
+	{0x1CD0, 0x1CD2, prN},     // Mn     [3] VEDIC TONE KARSHANA..VEDIC TONE PRENKHA
+	{0x1CD3, 0x1CD3, prN},     // Po         VEDIC SIGN NIHSHVASA
+	{0x1CD4, 0x1CE0, prN},     // Mn    [13] VEDIC SIGN YAJURVEDIC MIDLINE SVARITA..VEDIC TONE RIGVEDIC KASHMIRI INDEPENDENT SVARITA
+	{0x1CE1, 0x1CE1, prN},     // Mc         VEDIC TONE ATHARVAVEDIC INDEPENDENT SVARITA
+	{0x1CE2, 0x1CE8, prN},     // Mn     [7] VEDIC SIGN VISARGA SVARITA..VEDIC SIGN VISARGA ANUDATTA WITH TAIL
+	{0x1CE9, 0x1CEC, prN},     // Lo     [4] VEDIC SIGN ANUSVARA ANTARGOMUKHA..VEDIC SIGN ANUSVARA VAMAGOMUKHA WITH TAIL
+	{0x1CED, 0x1CED, prN},     // Mn         VEDIC SIGN TIRYAK
+	{0x1CEE, 0x1CF3, prN},     // Lo     [6] VEDIC SIGN HEXIFORM LONG ANUSVARA..VEDIC SIGN ROTATED ARDHAVISARGA
+	{0x1CF4, 0x1CF4, prN},     // Mn         VEDIC TONE CANDRA ABOVE
+	{0x1CF5, 0x1CF6, prN},     // Lo     [2] VEDIC SIGN JIHVAMULIYA..VEDIC SIGN UPADHMANIYA
+	{0x1CF7, 0x1CF7, prN},     // Mc         VEDIC SIGN ATIKRAMA
+	{0x1CF8, 0x1CF9, prN},     // Mn     [2] VEDIC TONE RING ABOVE..VEDIC TONE DOUBLE RING ABOVE
+	{0x1CFA, 0x1CFA, prN},     // Lo         VEDIC SIGN DOUBLE ANUSVARA ANTARGOMUKHA
+	{0x1D00, 0x1D2B, prN},     // Ll    [44] LATIN LETTER SMALL CAPITAL A..CYRILLIC LETTER SMALL CAPITAL EL
+	{0x1D2C, 0x1D6A, prN},     // Lm    [63] MODIFIER LETTER CAPITAL A..GREEK SUBSCRIPT SMALL LETTER CHI
+	{0x1D6B, 0x1D77, prN},     // Ll    [13] LATIN SMALL LETTER UE..LATIN SMALL LETTER TURNED G
+	{0x1D78, 0x1D78, prN},     // Lm         MODIFIER LETTER CYRILLIC EN
+	{0x1D79, 0x1D7F, prN},     // Ll     [7] LATIN SMALL LETTER INSULAR G..LATIN SMALL LETTER UPSILON WITH STROKE
+	{0x1D80, 0x1D9A, prN},     // Ll    [27] LATIN SMALL LETTER B WITH PALATAL HOOK..LATIN SMALL LETTER EZH WITH RETROFLEX HOOK
+	{0x1D9B, 0x1DBF, prN},     // Lm    [37] MODIFIER LETTER SMALL TURNED ALPHA..MODIFIER LETTER SMALL THETA
+	{0x1DC0, 0x1DFF, prN},     // Mn    [64] COMBINING DOTTED GRAVE ACCENT..COMBINING RIGHT ARROWHEAD AND DOWN ARROWHEAD BELOW
+	{0x1E00, 0x1EFF, prN},     // L&   [256] LATIN CAPITAL LETTER A WITH RING BELOW..LATIN SMALL LETTER Y WITH LOOP
+	{0x1F00, 0x1F15, prN},     // L&    [22] GREEK SMALL LETTER ALPHA WITH PSILI..GREEK SMALL LETTER EPSILON WITH DASIA AND OXIA
+	{0x1F18, 0x1F1D, prN},     // Lu     [6] GREEK CAPITAL LETTER EPSILON WITH PSILI..GREEK CAPITAL LETTER EPSILON WITH DASIA AND OXIA
+	{0x1F20, 0x1F45, prN},     // L&    [38] GREEK SMALL LETTER ETA WITH PSILI..GREEK SMALL LETTER OMICRON WITH DASIA AND OXIA
+	{0x1F48, 0x1F4D, prN},     // Lu     [6] GREEK CAPITAL LETTER OMICRON WITH PSILI..GREEK CAPITAL LETTER OMICRON WITH DASIA AND OXIA
+	{0x1F50, 0x1F57, prN},     // Ll     [8] GREEK SMALL LETTER UPSILON WITH PSILI..GREEK SMALL LETTER UPSILON WITH DASIA AND PERISPOMENI
+	{0x1F59, 0x1F59, prN},     // Lu         GREEK CAPITAL LETTER UPSILON WITH DASIA
+	{0x1F5B, 0x1F5B, prN},     // Lu         GREEK CAPITAL LETTER UPSILON WITH DASIA AND VARIA
+	{0x1F5D, 0x1F5D, prN},     // Lu         GREEK CAPITAL LETTER UPSILON WITH DASIA AND OXIA
+	{0x1F5F, 0x1F7D, prN},     // L&    [31] GREEK CAPITAL LETTER UPSILON WITH DASIA AND PERISPOMENI..GREEK SMALL LETTER OMEGA WITH OXIA
+	{0x1F80, 0x1FB4, prN},     // L&    [53] GREEK SMALL LETTER ALPHA WITH PSILI AND YPOGEGRAMMENI..GREEK SMALL LETTER ALPHA WITH OXIA AND YPOGEGRAMMENI
+	{0x1FB6, 0x1FBC, prN},     // L&     [7] GREEK SMALL LETTER ALPHA WITH PERISPOMENI..GREEK CAPITAL LETTER ALPHA WITH PROSGEGRAMMENI
+	{0x1FBD, 0x1FBD, prN},     // Sk         GREEK KORONIS
+	{0x1FBE, 0x1FBE, prN},     // Ll         GREEK PROSGEGRAMMENI
+	{0x1FBF, 0x1FC1, prN},     // Sk     [3] GREEK PSILI..GREEK DIALYTIKA AND PERISPOMENI
+	{0x1FC2, 0x1FC4, prN},     // Ll     [3] GREEK SMALL LETTER ETA WITH VARIA AND YPOGEGRAMMENI..GREEK SMALL LETTER ETA WITH OXIA AND YPOGEGRAMMENI
+	{0x1FC6, 0x1FCC, prN},     // L&     [7] GREEK SMALL LETTER ETA WITH PERISPOMENI..GREEK CAPITAL LETTER ETA WITH PROSGEGRAMMENI
+	{0x1FCD, 0x1FCF, prN},     // Sk     [3] GREEK PSILI AND VARIA..GREEK PSILI AND PERISPOMENI
+	{0x1FD0, 0x1FD3, prN},     // Ll     [4] GREEK SMALL LETTER IOTA WITH VRACHY..GREEK SMALL LETTER IOTA WITH DIALYTIKA AND OXIA
+	{0x1FD6, 0x1FDB, prN},     // L&     [6] GREEK SMALL LETTER IOTA WITH PERISPOMENI..GREEK CAPITAL LETTER IOTA WITH OXIA
+	{0x1FDD, 0x1FDF, prN},     // Sk     [3] GREEK DASIA AND VARIA..GREEK DASIA AND PERISPOMENI
+	{0x1FE0, 0x1FEC, prN},     // L&    [13] GREEK SMALL LETTER UPSILON WITH VRACHY..GREEK CAPITAL LETTER RHO WITH DASIA
+	{0x1FED, 0x1FEF, prN},     // Sk     [3] GREEK DIALYTIKA AND VARIA..GREEK VARIA
+	{0x1FF2, 0x1FF4, prN},     // Ll     [3] GREEK SMALL LETTER OMEGA WITH VARIA AND YPOGEGRAMMENI..GREEK SMALL LETTER OMEGA WITH OXIA AND YPOGEGRAMMENI
+	{0x1FF6, 0x1FFC, prN},     // L&     [7] GREEK SMALL LETTER OMEGA WITH PERISPOMENI..GREEK CAPITAL LETTER OMEGA WITH PROSGEGRAMMENI
+	{0x1FFD, 0x1FFE, prN},     // Sk     [2] GREEK OXIA..GREEK DASIA
+	{0x2000, 0x200A, prN},     // Zs    [11] EN QUAD..HAIR SPACE
+	{0x200B, 0x200F, prN},     // Cf     [5] ZERO WIDTH SPACE..RIGHT-TO-LEFT MARK
+	{0x2010, 0x2010, prA},     // Pd         HYPHEN
+	{0x2011, 0x2012, prN},     // Pd     [2] NON-BREAKING HYPHEN..FIGURE DASH
+	{0x2013, 0x2015, prA},     // Pd     [3] EN DASH..HORIZONTAL BAR
+	{0x2016, 0x2016, prA},     // Po         DOUBLE VERTICAL LINE
+	{0x2017, 0x2017, prN},     // Po         DOUBLE LOW LINE
+	{0x2018, 0x2018, prA},     // Pi         LEFT SINGLE QUOTATION MARK
+	{0x2019, 0x2019, prA},     // Pf         RIGHT SINGLE QUOTATION MARK
+	{0x201A, 0x201A, prN},     // Ps         SINGLE LOW-9 QUOTATION MARK
+	{0x201B, 0x201B, prN},     // Pi         SINGLE HIGH-REVERSED-9 QUOTATION MARK
+	{0x201C, 0x201C, prA},     // Pi         LEFT DOUBLE QUOTATION MARK
+	{0x201D, 0x201D, prA},     // Pf         RIGHT DOUBLE QUOTATION MARK
+	{0x201E, 0x201E, prN},     // Ps         DOUBLE LOW-9 QUOTATION MARK
+	{0x201F, 0x201F, prN},     // Pi         DOUBLE HIGH-REVERSED-9 QUOTATION MARK
+	{0x2020, 0x2022, prA},     // Po     [3] DAGGER..BULLET
+	{0x2023, 0x2023, prN},     // Po         TRIANGULAR BULLET
+	{0x2024, 0x2027, prA},     // Po     [4] ONE DOT LEADER..HYPHENATION POINT
+	{0x2028, 0x2028, prN},     // Zl         LINE SEPARATOR
+	{0x2029, 0x2029, prN},     // Zp         PARAGRAPH SEPARATOR
+	{0x202A, 0x202E, prN},     // Cf     [5] LEFT-TO-RIGHT EMBEDDING..RIGHT-TO-LEFT OVERRIDE
+	{0x202F, 0x202F, prN},     // Zs         NARROW NO-BREAK SPACE
+	{0x2030, 0x2030, prA},     // Po         PER MILLE SIGN
+	{0x2031, 0x2031, prN},     // Po         PER TEN THOUSAND SIGN
+	{0x2032, 0x2033, prA},     // Po     [2] PRIME..DOUBLE PRIME
+	{0x2034, 0x2034, prN},     // Po         TRIPLE PRIME
+	{0x2035, 0x2035, prA},     // Po         REVERSED PRIME
+	{0x2036, 0x2038, prN},     // Po     [3] REVERSED DOUBLE PRIME..CARET
+	{0x2039, 0x2039, prN},     // Pi         SINGLE LEFT-POINTING ANGLE QUOTATION MARK
+	{0x203A, 0x203A, prN},     // Pf         SINGLE RIGHT-POINTING ANGLE QUOTATION MARK
+	{0x203B, 0x203B, prA},     // Po         REFERENCE MARK
+	{0x203C, 0x203D, prN},     // Po     [2] DOUBLE EXCLAMATION MARK..INTERROBANG
+	{0x203E, 0x203E, prA},     // Po         OVERLINE
+	{0x203F, 0x2040, prN},     // Pc     [2] UNDERTIE..CHARACTER TIE
+	{0x2041, 0x2043, prN},     // Po     [3] CARET INSERTION POINT..HYPHEN BULLET
+	{0x2044, 0x2044, prN},     // Sm         FRACTION SLASH
+	{0x2045, 0x2045, prN},     // Ps         LEFT SQUARE BRACKET WITH QUILL
+	{0x2046, 0x2046, prN},     // Pe         RIGHT SQUARE BRACKET WITH QUILL
+	{0x2047, 0x2051, prN},     // Po    [11] DOUBLE QUESTION MARK..TWO ASTERISKS ALIGNED VERTICALLY
+	{0x2052, 0x2052, prN},     // Sm         COMMERCIAL MINUS SIGN
+	{0x2053, 0x2053, prN},     // Po         SWUNG DASH
+	{0x2054, 0x2054, prN},     // Pc         INVERTED UNDERTIE
+	{0x2055, 0x205E, prN},     // Po    [10] FLOWER PUNCTUATION MARK..VERTICAL FOUR DOTS
+	{0x205F, 0x205F, prN},     // Zs         MEDIUM MATHEMATICAL SPACE
+	{0x2060, 0x2064, prN},     // Cf     [5] WORD JOINER..INVISIBLE PLUS
+	{0x2066, 0x206F, prN},     // Cf    [10] LEFT-TO-RIGHT ISOLATE..NOMINAL DIGIT SHAPES
+	{0x2070, 0x2070, prN},     // No         SUPERSCRIPT ZERO
+	{0x2071, 0x2071, prN},     // Lm         SUPERSCRIPT LATIN SMALL LETTER I
+	{0x2074, 0x2074, prA},     // No         SUPERSCRIPT FOUR
+	{0x2075, 0x2079, prN},     // No     [5] SUPERSCRIPT FIVE..SUPERSCRIPT NINE
+	{0x207A, 0x207C, prN},     // Sm     [3] SUPERSCRIPT PLUS SIGN..SUPERSCRIPT EQUALS SIGN
+	{0x207D, 0x207D, prN},     // Ps         SUPERSCRIPT LEFT PARENTHESIS
+	{0x207E, 0x207E, prN},     // Pe         SUPERSCRIPT RIGHT PARENTHESIS
+	{0x207F, 0x207F, prA},     // Lm         SUPERSCRIPT LATIN SMALL LETTER N
+	{0x2080, 0x2080, prN},     // No         SUBSCRIPT ZERO
+	{0x2081, 0x2084, prA},     // No     [4] SUBSCRIPT ONE..SUBSCRIPT FOUR
+	{0x2085, 0x2089, prN},     // No     [5] SUBSCRIPT FIVE..SUBSCRIPT NINE
+	{0x208A, 0x208C, prN},     // Sm     [3] SUBSCRIPT PLUS SIGN..SUBSCRIPT EQUALS SIGN
+	{0x208D, 0x208D, prN},     // Ps         SUBSCRIPT LEFT PARENTHESIS
+	{0x208E, 0x208E, prN},     // Pe         SUBSCRIPT RIGHT PARENTHESIS
+	{0x2090, 0x209C, prN},     // Lm    [13] LATIN SUBSCRIPT SMALL LETTER A..LATIN SUBSCRIPT SMALL LETTER T
+	{0x20A0, 0x20A8, prN},     // Sc     [9] EURO-CURRENCY SIGN..RUPEE SIGN
+	{0x20A9, 0x20A9, prH},     // Sc         WON SIGN
+	{0x20AA, 0x20AB, prN},     // Sc     [2] NEW SHEQEL SIGN..DONG SIGN
+	{0x20AC, 0x20AC, prA},     // Sc         EURO SIGN
+	{0x20AD, 0x20C0, prN},     // Sc    [20] KIP SIGN..SOM SIGN
+	{0x20D0, 0x20DC, prN},     // Mn    [13] COMBINING LEFT HARPOON ABOVE..COMBINING FOUR DOTS ABOVE
+	{0x20DD, 0x20E0, prN},     // Me     [4] COMBINING ENCLOSING CIRCLE..COMBINING ENCLOSING CIRCLE BACKSLASH
+	{0x20E1, 0x20E1, prN},     // Mn         COMBINING LEFT RIGHT ARROW ABOVE
+	{0x20E2, 0x20E4, prN},     // Me     [3] COMBINING ENCLOSING SCREEN..COMBINING ENCLOSING UPWARD POINTING TRIANGLE
+	{0x20E5, 0x20F0, prN},     // Mn    [12] COMBINING REVERSE SOLIDUS OVERLAY..COMBINING ASTERISK ABOVE
+	{0x2100, 0x2101, prN},     // So     [2] ACCOUNT OF..ADDRESSED TO THE SUBJECT
+	{0x2102, 0x2102, prN},     // Lu         DOUBLE-STRUCK CAPITAL C
+	{0x2103, 0x2103, prA},     // So         DEGREE CELSIUS
+	{0x2104, 0x2104, prN},     // So         CENTRE LINE SYMBOL
+	{0x2105, 0x2105, prA},     // So         CARE OF
+	{0x2106, 0x2106, prN},     // So         CADA UNA
+	{0x2107, 0x2107, prN},     // Lu         EULER CONSTANT
+	{0x2108, 0x2108, prN},     // So         SCRUPLE
+	{0x2109, 0x2109, prA},     // So         DEGREE FAHRENHEIT
+	{0x210A, 0x2112, prN},     // L&     [9] SCRIPT SMALL G..SCRIPT CAPITAL L
+	{0x2113, 0x2113, prA},     // Ll         SCRIPT SMALL L
+	{0x2114, 0x2114, prN},     // So         L B BAR SYMBOL
+	{0x2115, 0x2115, prN},     // Lu         DOUBLE-STRUCK CAPITAL N
+	{0x2116, 0x2116, prA},     // So         NUMERO SIGN
+	{0x2117, 0x2117, prN},     // So         SOUND RECORDING COPYRIGHT
+	{0x2118, 0x2118, prN},     // Sm         SCRIPT CAPITAL P
+	{0x2119, 0x211D, prN},     // Lu     [5] DOUBLE-STRUCK CAPITAL P..DOUBLE-STRUCK CAPITAL R
+	{0x211E, 0x2120, prN},     // So     [3] PRESCRIPTION TAKE..SERVICE MARK
+	{0x2121, 0x2122, prA},     // So     [2] TELEPHONE SIGN..TRADE MARK SIGN
+	{0x2123, 0x2123, prN},     // So         VERSICLE
+	{0x2124, 0x2124, prN},     // Lu         DOUBLE-STRUCK CAPITAL Z
+	{0x2125, 0x2125, prN},     // So         OUNCE SIGN
+	{0x2126, 0x2126, prA},     // Lu         OHM SIGN
+	{0x2127, 0x2127, prN},     // So         INVERTED OHM SIGN
+	{0x2128, 0x2128, prN},     // Lu         BLACK-LETTER CAPITAL Z
+	{0x2129, 0x2129, prN},     // So         TURNED GREEK SMALL LETTER IOTA
+	{0x212A, 0x212A, prN},     // Lu         KELVIN SIGN
+	{0x212B, 0x212B, prA},     // Lu         ANGSTROM SIGN
+	{0x212C, 0x212D, prN},     // Lu     [2] SCRIPT CAPITAL B..BLACK-LETTER CAPITAL C
+	{0x212E, 0x212E, prN},     // So         ESTIMATED SYMBOL
+	{0x212F, 0x2134, prN},     // L&     [6] SCRIPT SMALL E..SCRIPT SMALL O
+	{0x2135, 0x2138, prN},     // Lo     [4] ALEF SYMBOL..DALET SYMBOL
+	{0x2139, 0x2139, prN},     // Ll         INFORMATION SOURCE
+	{0x213A, 0x213B, prN},     // So     [2] ROTATED CAPITAL Q..FACSIMILE SIGN
+	{0x213C, 0x213F, prN},     // L&     [4] DOUBLE-STRUCK SMALL PI..DOUBLE-STRUCK CAPITAL PI
+	{0x2140, 0x2144, prN},     // Sm     [5] DOUBLE-STRUCK N-ARY SUMMATION..TURNED SANS-SERIF CAPITAL Y
+	{0x2145, 0x2149, prN},     // L&     [5] DOUBLE-STRUCK ITALIC CAPITAL D..DOUBLE-STRUCK ITALIC SMALL J
+	{0x214A, 0x214A, prN},     // So         PROPERTY LINE
+	{0x214B, 0x214B, prN},     // Sm         TURNED AMPERSAND
+	{0x214C, 0x214D, prN},     // So     [2] PER SIGN..AKTIESELSKAB
+	{0x214E, 0x214E, prN},     // Ll         TURNED SMALL F
+	{0x214F, 0x214F, prN},     // So         SYMBOL FOR SAMARITAN SOURCE
+	{0x2150, 0x2152, prN},     // No     [3] VULGAR FRACTION ONE SEVENTH..VULGAR FRACTION ONE TENTH
+	{0x2153, 0x2154, prA},     // No     [2] VULGAR FRACTION ONE THIRD..VULGAR FRACTION TWO THIRDS
+	{0x2155, 0x215A, prN},     // No     [6] VULGAR FRACTION ONE FIFTH..VULGAR FRACTION FIVE SIXTHS
+	{0x215B, 0x215E, prA},     // No     [4] VULGAR FRACTION ONE EIGHTH..VULGAR FRACTION SEVEN EIGHTHS
+	{0x215F, 0x215F, prN},     // No         FRACTION NUMERATOR ONE
+	{0x2160, 0x216B, prA},     // Nl    [12] ROMAN NUMERAL ONE..ROMAN NUMERAL TWELVE
+	{0x216C, 0x216F, prN},     // Nl     [4] ROMAN NUMERAL FIFTY..ROMAN NUMERAL ONE THOUSAND
+	{0x2170, 0x2179, prA},     // Nl    [10] SMALL ROMAN NUMERAL ONE..SMALL ROMAN NUMERAL TEN
+	{0x217A, 0x2182, prN},     // Nl     [9] SMALL ROMAN NUMERAL ELEVEN..ROMAN NUMERAL TEN THOUSAND
+	{0x2183, 0x2184, prN},     // L&     [2] ROMAN NUMERAL REVERSED ONE HUNDRED..LATIN SMALL LETTER REVERSED C
+	{0x2185, 0x2188, prN},     // Nl     [4] ROMAN NUMERAL SIX LATE FORM..ROMAN NUMERAL ONE HUNDRED THOUSAND
+	{0x2189, 0x2189, prA},     // No         VULGAR FRACTION ZERO THIRDS
+	{0x218A, 0x218B, prN},     // So     [2] TURNED DIGIT TWO..TURNED DIGIT THREE
+	{0x2190, 0x2194, prA},     // Sm     [5] LEFTWARDS ARROW..LEFT RIGHT ARROW
+	{0x2195, 0x2199, prA},     // So     [5] UP DOWN ARROW..SOUTH WEST ARROW
+	{0x219A, 0x219B, prN},     // Sm     [2] LEFTWARDS ARROW WITH STROKE..RIGHTWARDS ARROW WITH STROKE
+	{0x219C, 0x219F, prN},     // So     [4] LEFTWARDS WAVE ARROW..UPWARDS TWO HEADED ARROW
+	{0x21A0, 0x21A0, prN},     // Sm         RIGHTWARDS TWO HEADED ARROW
+	{0x21A1, 0x21A2, prN},     // So     [2] DOWNWARDS TWO HEADED ARROW..LEFTWARDS ARROW WITH TAIL
+	{0x21A3, 0x21A3, prN},     // Sm         RIGHTWARDS ARROW WITH TAIL
+	{0x21A4, 0x21A5, prN},     // So     [2] LEFTWARDS ARROW FROM BAR..UPWARDS ARROW FROM BAR
+	{0x21A6, 0x21A6, prN},     // Sm         RIGHTWARDS ARROW FROM BAR
+	{0x21A7, 0x21AD, prN},     // So     [7] DOWNWARDS ARROW FROM BAR..LEFT RIGHT WAVE ARROW
+	{0x21AE, 0x21AE, prN},     // Sm         LEFT RIGHT ARROW WITH STROKE
+	{0x21AF, 0x21B7, prN},     // So     [9] DOWNWARDS ZIGZAG ARROW..CLOCKWISE TOP SEMICIRCLE ARROW
+	{0x21B8, 0x21B9, prA},     // So     [2] NORTH WEST ARROW TO LONG BAR..LEFTWARDS ARROW TO BAR OVER RIGHTWARDS ARROW TO BAR
+	{0x21BA, 0x21CD, prN},     // So    [20] ANTICLOCKWISE OPEN CIRCLE ARROW..LEFTWARDS DOUBLE ARROW WITH STROKE
+	{0x21CE, 0x21CF, prN},     // Sm     [2] LEFT RIGHT DOUBLE ARROW WITH STROKE..RIGHTWARDS DOUBLE ARROW WITH STROKE
+	{0x21D0, 0x21D1, prN},     // So     [2] LEFTWARDS DOUBLE ARROW..UPWARDS DOUBLE ARROW
+	{0x21D2, 0x21D2, prA},     // Sm         RIGHTWARDS DOUBLE ARROW
+	{0x21D3, 0x21D3, prN},     // So         DOWNWARDS DOUBLE ARROW
+	{0x21D4, 0x21D4, prA},     // Sm         LEFT RIGHT DOUBLE ARROW
+	{0x21D5, 0x21E6, prN},     // So    [18] UP DOWN DOUBLE ARROW..LEFTWARDS WHITE ARROW
+	{0x21E7, 0x21E7, prA},     // So         UPWARDS WHITE ARROW
+	{0x21E8, 0x21F3, prN},     // So    [12] RIGHTWARDS WHITE ARROW..UP DOWN WHITE ARROW
+	{0x21F4, 0x21FF, prN},     // Sm    [12] RIGHT ARROW WITH SMALL CIRCLE..LEFT RIGHT OPEN-HEADED ARROW
+	{0x2200, 0x2200, prA},     // Sm         FOR ALL
+	{0x2201, 0x2201, prN},     // Sm         COMPLEMENT
+	{0x2202, 0x2203, prA},     // Sm     [2] PARTIAL DIFFERENTIAL..THERE EXISTS
+	{0x2204, 0x2206, prN},     // Sm     [3] THERE DOES NOT EXIST..INCREMENT
+	{0x2207, 0x2208, prA},     // Sm     [2] NABLA..ELEMENT OF
+	{0x2209, 0x220A, prN},     // Sm     [2] NOT AN ELEMENT OF..SMALL ELEMENT OF
+	{0x220B, 0x220B, prA},     // Sm         CONTAINS AS MEMBER
+	{0x220C, 0x220E, prN},     // Sm     [3] DOES NOT CONTAIN AS MEMBER..END OF PROOF
+	{0x220F, 0x220F, prA},     // Sm         N-ARY PRODUCT
+	{0x2210, 0x2210, prN},     // Sm         N-ARY COPRODUCT
+	{0x2211, 0x2211, prA},     // Sm         N-ARY SUMMATION
+	{0x2212, 0x2214, prN},     // Sm     [3] MINUS SIGN..DOT PLUS
+	{0x2215, 0x2215, prA},     // Sm         DIVISION SLASH
+	{0x2216, 0x2219, prN},     // Sm     [4] SET MINUS..BULLET OPERATOR
+	{0x221A, 0x221A, prA},     // Sm         SQUARE ROOT
+	{0x221B, 0x221C, prN},     // Sm     [2] CUBE ROOT..FOURTH ROOT
+	{0x221D, 0x2220, prA},     // Sm     [4] PROPORTIONAL TO..ANGLE
+	{0x2221, 0x2222, prN},     // Sm     [2] MEASURED ANGLE..SPHERICAL ANGLE
+	{0x2223, 0x2223, prA},     // Sm         DIVIDES
+	{0x2224, 0x2224, prN},     // Sm         DOES NOT DIVIDE
+	{0x2225, 0x2225, prA},     // Sm         PARALLEL TO
+	{0x2226, 0x2226, prN},     // Sm         NOT PARALLEL TO
+	{0x2227, 0x222C, prA},     // Sm     [6] LOGICAL AND..DOUBLE INTEGRAL
+	{0x222D, 0x222D, prN},     // Sm         TRIPLE INTEGRAL
+	{0x222E, 0x222E, prA},     // Sm         CONTOUR INTEGRAL
+	{0x222F, 0x2233, prN},     // Sm     [5] SURFACE INTEGRAL..ANTICLOCKWISE CONTOUR INTEGRAL
+	{0x2234, 0x2237, prA},     // Sm     [4] THEREFORE..PROPORTION
+	{0x2238, 0x223B, prN},     // Sm     [4] DOT MINUS..HOMOTHETIC
+	{0x223C, 0x223D, prA},     // Sm     [2] TILDE OPERATOR..REVERSED TILDE
+	{0x223E, 0x2247, prN},     // Sm    [10] INVERTED LAZY S..NEITHER APPROXIMATELY NOR ACTUALLY EQUAL TO
+	{0x2248, 0x2248, prA},     // Sm         ALMOST EQUAL TO
+	{0x2249, 0x224B, prN},     // Sm     [3] NOT ALMOST EQUAL TO..TRIPLE TILDE
+	{0x224C, 0x224C, prA},     // Sm         ALL EQUAL TO
+	{0x224D, 0x2251, prN},     // Sm     [5] EQUIVALENT TO..GEOMETRICALLY EQUAL TO
+	{0x2252, 0x2252, prA},     // Sm         APPROXIMATELY EQUAL TO OR THE IMAGE OF
+	{0x2253, 0x225F, prN},     // Sm    [13] IMAGE OF OR APPROXIMATELY EQUAL TO..QUESTIONED EQUAL TO
+	{0x2260, 0x2261, prA},     // Sm     [2] NOT EQUAL TO..IDENTICAL TO
+	{0x2262, 0x2263, prN},     // Sm     [2] NOT IDENTICAL TO..STRICTLY EQUIVALENT TO
+	{0x2264, 0x2267, prA},     // Sm     [4] LESS-THAN OR EQUAL TO..GREATER-THAN OVER EQUAL TO
+	{0x2268, 0x2269, prN},     // Sm     [2] LESS-THAN BUT NOT EQUAL TO..GREATER-THAN BUT NOT EQUAL TO
+	{0x226A, 0x226B, prA},     // Sm     [2] MUCH LESS-THAN..MUCH GREATER-THAN
+	{0x226C, 0x226D, prN},     // Sm     [2] BETWEEN..NOT EQUIVALENT TO
+	{0x226E, 0x226F, prA},     // Sm     [2] NOT LESS-THAN..NOT GREATER-THAN
+	{0x2270, 0x2281, prN},     // Sm    [18] NEITHER LESS-THAN NOR EQUAL TO..DOES NOT SUCCEED
+	{0x2282, 0x2283, prA},     // Sm     [2] SUBSET OF..SUPERSET OF
+	{0x2284, 0x2285, prN},     // Sm     [2] NOT A SUBSET OF..NOT A SUPERSET OF
+	{0x2286, 0x2287, prA},     // Sm     [2] SUBSET OF OR EQUAL TO..SUPERSET OF OR EQUAL TO
+	{0x2288, 0x2294, prN},     // Sm    [13] NEITHER A SUBSET OF NOR EQUAL TO..SQUARE CUP
+	{0x2295, 0x2295, prA},     // Sm         CIRCLED PLUS
+	{0x2296, 0x2298, prN},     // Sm     [3] CIRCLED MINUS..CIRCLED DIVISION SLASH
+	{0x2299, 0x2299, prA},     // Sm         CIRCLED DOT OPERATOR
+	{0x229A, 0x22A4, prN},     // Sm    [11] CIRCLED RING OPERATOR..DOWN TACK
+	{0x22A5, 0x22A5, prA},     // Sm         UP TACK
+	{0x22A6, 0x22BE, prN},     // Sm    [25] ASSERTION..RIGHT ANGLE WITH ARC
+	{0x22BF, 0x22BF, prA},     // Sm         RIGHT TRIANGLE
+	{0x22C0, 0x22FF, prN},     // Sm    [64] N-ARY LOGICAL AND..Z NOTATION BAG MEMBERSHIP
+	{0x2300, 0x2307, prN},     // So     [8] DIAMETER SIGN..WAVY LINE
+	{0x2308, 0x2308, prN},     // Ps         LEFT CEILING
+	{0x2309, 0x2309, prN},     // Pe         RIGHT CEILING
+	{0x230A, 0x230A, prN},     // Ps         LEFT FLOOR
+	{0x230B, 0x230B, prN},     // Pe         RIGHT FLOOR
+	{0x230C, 0x2311, prN},     // So     [6] BOTTOM RIGHT CROP..SQUARE LOZENGE
+	{0x2312, 0x2312, prA},     // So         ARC
+	{0x2313, 0x2319, prN},     // So     [7] SEGMENT..TURNED NOT SIGN
+	{0x231A, 0x231B, prW},     // So     [2] WATCH..HOURGLASS
+	{0x231C, 0x231F, prN},     // So     [4] TOP LEFT CORNER..BOTTOM RIGHT CORNER
+	{0x2320, 0x2321, prN},     // Sm     [2] TOP HALF INTEGRAL..BOTTOM HALF INTEGRAL
+	{0x2322, 0x2328, prN},     // So     [7] FROWN..KEYBOARD
+	{0x2329, 0x2329, prW},     // Ps         LEFT-POINTING ANGLE BRACKET
+	{0x232A, 0x232A, prW},     // Pe         RIGHT-POINTING ANGLE BRACKET
+	{0x232B, 0x237B, prN},     // So    [81] ERASE TO THE LEFT..NOT CHECK MARK
+	{0x237C, 0x237C, prN},     // Sm         RIGHT ANGLE WITH DOWNWARDS ZIGZAG ARROW
+	{0x237D, 0x239A, prN},     // So    [30] SHOULDERED OPEN BOX..CLEAR SCREEN SYMBOL
+	{0x239B, 0x23B3, prN},     // Sm    [25] LEFT PARENTHESIS UPPER HOOK..SUMMATION BOTTOM
+	{0x23B4, 0x23DB, prN},     // So    [40] TOP SQUARE BRACKET..FUSE
+	{0x23DC, 0x23E1, prN},     // Sm     [6] TOP PARENTHESIS..BOTTOM TORTOISE SHELL BRACKET
+	{0x23E2, 0x23E8, prN},     // So     [7] WHITE TRAPEZIUM..DECIMAL EXPONENT SYMBOL
+	{0x23E9, 0x23EC, prW},     // So     [4] BLACK RIGHT-POINTING DOUBLE TRIANGLE..BLACK DOWN-POINTING DOUBLE TRIANGLE
+	{0x23ED, 0x23EF, prN},     // So     [3] BLACK RIGHT-POINTING DOUBLE TRIANGLE WITH VERTICAL BAR..BLACK RIGHT-POINTING TRIANGLE WITH DOUBLE VERTICAL BAR
+	{0x23F0, 0x23F0, prW},     // So         ALARM CLOCK
+	{0x23F1, 0x23F2, prN},     // So     [2] STOPWATCH..TIMER CLOCK
+	{0x23F3, 0x23F3, prW},     // So         HOURGLASS WITH FLOWING SAND
+	{0x23F4, 0x23FF, prN},     // So    [12] BLACK MEDIUM LEFT-POINTING TRIANGLE..OBSERVER EYE SYMBOL
+	{0x2400, 0x2426, prN},     // So    [39] SYMBOL FOR NULL..SYMBOL FOR SUBSTITUTE FORM TWO
+	{0x2440, 0x244A, prN},     // So    [11] OCR HOOK..OCR DOUBLE BACKSLASH
+	{0x2460, 0x249B, prA},     // No    [60] CIRCLED DIGIT ONE..NUMBER TWENTY FULL STOP
+	{0x249C, 0x24E9, prA},     // So    [78] PARENTHESIZED LATIN SMALL LETTER A..CIRCLED LATIN SMALL LETTER Z
+	{0x24EA, 0x24EA, prN},     // No         CIRCLED DIGIT ZERO
+	{0x24EB, 0x24FF, prA},     // No    [21] NEGATIVE CIRCLED NUMBER ELEVEN..NEGATIVE CIRCLED DIGIT ZERO
+	{0x2500, 0x254B, prA},     // So    [76] BOX DRAWINGS LIGHT HORIZONTAL..BOX DRAWINGS HEAVY VERTICAL AND HORIZONTAL
+	{0x254C, 0x254F, prN},     // So     [4] BOX DRAWINGS LIGHT DOUBLE DASH HORIZONTAL..BOX DRAWINGS HEAVY DOUBLE DASH VERTICAL
+	{0x2550, 0x2573, prA},     // So    [36] BOX DRAWINGS DOUBLE HORIZONTAL..BOX DRAWINGS LIGHT DIAGONAL CROSS
+	{0x2574, 0x257F, prN},     // So    [12] BOX DRAWINGS LIGHT LEFT..BOX DRAWINGS HEAVY UP AND LIGHT DOWN
+	{0x2580, 0x258F, prA},     // So    [16] UPPER HALF BLOCK..LEFT ONE EIGHTH BLOCK
+	{0x2590, 0x2591, prN},     // So     [2] RIGHT HALF BLOCK..LIGHT SHADE
+	{0x2592, 0x2595, prA},     // So     [4] MEDIUM SHADE..RIGHT ONE EIGHTH BLOCK
+	{0x2596, 0x259F, prN},     // So    [10] QUADRANT LOWER LEFT..QUADRANT UPPER RIGHT AND LOWER LEFT AND LOWER RIGHT
+	{0x25A0, 0x25A1, prA},     // So     [2] BLACK SQUARE..WHITE SQUARE
+	{0x25A2, 0x25A2, prN},     // So         WHITE SQUARE WITH ROUNDED CORNERS
+	{0x25A3, 0x25A9, prA},     // So     [7] WHITE SQUARE CONTAINING BLACK SMALL SQUARE..SQUARE WITH DIAGONAL CROSSHATCH FILL
+	{0x25AA, 0x25B1, prN},     // So     [8] BLACK SMALL SQUARE..WHITE PARALLELOGRAM
+	{0x25B2, 0x25B3, prA},     // So     [2] BLACK UP-POINTING TRIANGLE..WHITE UP-POINTING TRIANGLE
+	{0x25B4, 0x25B5, prN},     // So     [2] BLACK UP-POINTING SMALL TRIANGLE..WHITE UP-POINTING SMALL TRIANGLE
+	{0x25B6, 0x25B6, prA},     // So         BLACK RIGHT-POINTING TRIANGLE
+	{0x25B7, 0x25B7, prA},     // Sm         WHITE RIGHT-POINTING TRIANGLE
+	{0x25B8, 0x25BB, prN},     // So     [4] BLACK RIGHT-POINTING SMALL TRIANGLE..WHITE RIGHT-POINTING POINTER
+	{0x25BC, 0x25BD, prA},     // So     [2] BLACK DOWN-POINTING TRIANGLE..WHITE DOWN-POINTING TRIANGLE
+	{0x25BE, 0x25BF, prN},     // So     [2] BLACK DOWN-POINTING SMALL TRIANGLE..WHITE DOWN-POINTING SMALL TRIANGLE
+	{0x25C0, 0x25C0, prA},     // So         BLACK LEFT-POINTING TRIANGLE
+	{0x25C1, 0x25C1, prA},     // Sm         WHITE LEFT-POINTING TRIANGLE
+	{0x25C2, 0x25C5, prN},     // So     [4] BLACK LEFT-POINTING SMALL TRIANGLE..WHITE LEFT-POINTING POINTER
+	{0x25C6, 0x25C8, prA},     // So     [3] BLACK DIAMOND..WHITE DIAMOND CONTAINING BLACK SMALL DIAMOND
+	{0x25C9, 0x25CA, prN},     // So     [2] FISHEYE..LOZENGE
+	{0x25CB, 0x25CB, prA},     // So         WHITE CIRCLE
+	{0x25CC, 0x25CD, prN},     // So     [2] DOTTED CIRCLE..CIRCLE WITH VERTICAL FILL
+	{0x25CE, 0x25D1, prA},     // So     [4] BULLSEYE..CIRCLE WITH RIGHT HALF BLACK
+	{0x25D2, 0x25E1, prN},     // So    [16] CIRCLE WITH LOWER HALF BLACK..LOWER HALF CIRCLE
+	{0x25E2, 0x25E5, prA},     // So     [4] BLACK LOWER RIGHT TRIANGLE..BLACK UPPER RIGHT TRIANGLE
+	{0x25E6, 0x25EE, prN},     // So     [9] WHITE BULLET..UP-POINTING TRIANGLE WITH RIGHT HALF BLACK
+	{0x25EF, 0x25EF, prA},     // So         LARGE CIRCLE
+	{0x25F0, 0x25F7, prN},     // So     [8] WHITE SQUARE WITH UPPER LEFT QUADRANT..WHITE CIRCLE WITH UPPER RIGHT QUADRANT
+	{0x25F8, 0x25FC, prN},     // Sm     [5] UPPER LEFT TRIANGLE..BLACK MEDIUM SQUARE
+	{0x25FD, 0x25FE, prW},     // Sm     [2] WHITE MEDIUM SMALL SQUARE..BLACK MEDIUM SMALL SQUARE
+	{0x25FF, 0x25FF, prN},     // Sm         LOWER RIGHT TRIANGLE
+	{0x2600, 0x2604, prN},     // So     [5] BLACK SUN WITH RAYS..COMET
+	{0x2605, 0x2606, prA},     // So     [2] BLACK STAR..WHITE STAR
+	{0x2607, 0x2608, prN},     // So     [2] LIGHTNING..THUNDERSTORM
+	{0x2609, 0x2609, prA},     // So         SUN
+	{0x260A, 0x260D, prN},     // So     [4] ASCENDING NODE..OPPOSITION
+	{0x260E, 0x260F, prA},     // So     [2] BLACK TELEPHONE..WHITE TELEPHONE
+	{0x2610, 0x2613, prN},     // So     [4] BALLOT BOX..SALTIRE
+	{0x2614, 0x2615, prW},     // So     [2] UMBRELLA WITH RAIN DROPS..HOT BEVERAGE
+	{0x2616, 0x261B, prN},     // So     [6] WHITE SHOGI PIECE..BLACK RIGHT POINTING INDEX
+	{0x261C, 0x261C, prA},     // So         WHITE LEFT POINTING INDEX
+	{0x261D, 0x261D, prN},     // So         WHITE UP POINTING INDEX
+	{0x261E, 0x261E, prA},     // So         WHITE RIGHT POINTING INDEX
+	{0x261F, 0x263F, prN},     // So    [33] WHITE DOWN POINTING INDEX..MERCURY
+	{0x2640, 0x2640, prA},     // So         FEMALE SIGN
+	{0x2641, 0x2641, prN},     // So         EARTH
+	{0x2642, 0x2642, prA},     // So         MALE SIGN
+	{0x2643, 0x2647, prN},     // So     [5] JUPITER..PLUTO
+	{0x2648, 0x2653, prW},     // So    [12] ARIES..PISCES
+	{0x2654, 0x265F, prN},     // So    [12] WHITE CHESS KING..BLACK CHESS PAWN
+	{0x2660, 0x2661, prA},     // So     [2] BLACK SPADE SUIT..WHITE HEART SUIT
+	{0x2662, 0x2662, prN},     // So         WHITE DIAMOND SUIT
+	{0x2663, 0x2665, prA},     // So     [3] BLACK CLUB SUIT..BLACK HEART SUIT
+	{0x2666, 0x2666, prN},     // So         BLACK DIAMOND SUIT
+	{0x2667, 0x266A, prA},     // So     [4] WHITE CLUB SUIT..EIGHTH NOTE
+	{0x266B, 0x266B, prN},     // So         BEAMED EIGHTH NOTES
+	{0x266C, 0x266D, prA},     // So     [2] BEAMED SIXTEENTH NOTES..MUSIC FLAT SIGN
+	{0x266E, 0x266E, prN},     // So         MUSIC NATURAL SIGN
+	{0x266F, 0x266F, prA},     // Sm         MUSIC SHARP SIGN
+	{0x2670, 0x267E, prN},     // So    [15] WEST SYRIAC CROSS..PERMANENT PAPER SIGN
+	{0x267F, 0x267F, prW},     // So         WHEELCHAIR SYMBOL
+	{0x2680, 0x2692, prN},     // So    [19] DIE FACE-1..HAMMER AND PICK
+	{0x2693, 0x2693, prW},     // So         ANCHOR
+	{0x2694, 0x269D, prN},     // So    [10] CROSSED SWORDS..OUTLINED WHITE STAR
+	{0x269E, 0x269F, prA},     // So     [2] THREE LINES CONVERGING RIGHT..THREE LINES CONVERGING LEFT
+	{0x26A0, 0x26A0, prN},     // So         WARNING SIGN
+	{0x26A1, 0x26A1, prW},     // So         HIGH VOLTAGE SIGN
+	{0x26A2, 0x26A9, prN},     // So     [8] DOUBLED FEMALE SIGN..HORIZONTAL MALE WITH STROKE SIGN
+	{0x26AA, 0x26AB, prW},     // So     [2] MEDIUM WHITE CIRCLE..MEDIUM BLACK CIRCLE
+	{0x26AC, 0x26BC, prN},     // So    [17] MEDIUM SMALL WHITE CIRCLE..SESQUIQUADRATE
+	{0x26BD, 0x26BE, prW},     // So     [2] SOCCER BALL..BASEBALL
+	{0x26BF, 0x26BF, prA},     // So         SQUARED KEY
+	{0x26C0, 0x26C3, prN},     // So     [4] WHITE DRAUGHTS MAN..BLACK DRAUGHTS KING
+	{0x26C4, 0x26C5, prW},     // So     [2] SNOWMAN WITHOUT SNOW..SUN BEHIND CLOUD
+	{0x26C6, 0x26CD, prA},     // So     [8] RAIN..DISABLED CAR
+	{0x26CE, 0x26CE, prW},     // So         OPHIUCHUS
+	{0x26CF, 0x26D3, prA},     // So     [5] PICK..CHAINS
+	{0x26D4, 0x26D4, prW},     // So         NO ENTRY
+	{0x26D5, 0x26E1, prA},     // So    [13] ALTERNATE ONE-WAY LEFT WAY TRAFFIC..RESTRICTED LEFT ENTRY-2
+	{0x26E2, 0x26E2, prN},     // So         ASTRONOMICAL SYMBOL FOR URANUS
+	{0x26E3, 0x26E3, prA},     // So         HEAVY CIRCLE WITH STROKE AND TWO DOTS ABOVE
+	{0x26E4, 0x26E7, prN},     // So     [4] PENTAGRAM..INVERTED PENTAGRAM
+	{0x26E8, 0x26E9, prA},     // So     [2] BLACK CROSS ON SHIELD..SHINTO SHRINE
+	{0x26EA, 0x26EA, prW},     // So         CHURCH
+	{0x26EB, 0x26F1, prA},     // So     [7] CASTLE..UMBRELLA ON GROUND
+	{0x26F2, 0x26F3, prW},     // So     [2] FOUNTAIN..FLAG IN HOLE
+	{0x26F4, 0x26F4, prA},     // So         FERRY
+	{0x26F5, 0x26F5, prW},     // So         SAILBOAT
+	{0x26F6, 0x26F9, prA},     // So     [4] SQUARE FOUR CORNERS..PERSON WITH BALL
+	{0x26FA, 0x26FA, prW},     // So         TENT
+	{0x26FB, 0x26FC, prA},     // So     [2] JAPANESE BANK SYMBOL..HEADSTONE GRAVEYARD SYMBOL
+	{0x26FD, 0x26FD, prW},     // So         FUEL PUMP
+	{0x26FE, 0x26FF, prA},     // So     [2] CUP ON BLACK SQUARE..WHITE FLAG WITH HORIZONTAL MIDDLE BLACK STRIPE
+	{0x2700, 0x2704, prN},     // So     [5] BLACK SAFETY SCISSORS..WHITE SCISSORS
+	{0x2705, 0x2705, prW},     // So         WHITE HEAVY CHECK MARK
+	{0x2706, 0x2709, prN},     // So     [4] TELEPHONE LOCATION SIGN..ENVELOPE
+	{0x270A, 0x270B, prW},     // So     [2] RAISED FIST..RAISED HAND
+	{0x270C, 0x2727, prN},     // So    [28] VICTORY HAND..WHITE FOUR POINTED STAR
+	{0x2728, 0x2728, prW},     // So         SPARKLES
+	{0x2729, 0x273C, prN},     // So    [20] STRESS OUTLINED WHITE STAR..OPEN CENTRE TEARDROP-SPOKED ASTERISK
+	{0x273D, 0x273D, prA},     // So         HEAVY TEARDROP-SPOKED ASTERISK
+	{0x273E, 0x274B, prN},     // So    [14] SIX PETALLED BLACK AND WHITE FLORETTE..HEAVY EIGHT TEARDROP-SPOKED PROPELLER ASTERISK
+	{0x274C, 0x274C, prW},     // So         CROSS MARK
+	{0x274D, 0x274D, prN},     // So         SHADOWED WHITE CIRCLE
+	{0x274E, 0x274E, prW},     // So         NEGATIVE SQUARED CROSS MARK
+	{0x274F, 0x2752, prN},     // So     [4] LOWER RIGHT DROP-SHADOWED WHITE SQUARE..UPPER RIGHT SHADOWED WHITE SQUARE
+	{0x2753, 0x2755, prW},     // So     [3] BLACK QUESTION MARK ORNAMENT..WHITE EXCLAMATION MARK ORNAMENT
+	{0x2756, 0x2756, prN},     // So         BLACK DIAMOND MINUS WHITE X
+	{0x2757, 0x2757, prW},     // So         HEAVY EXCLAMATION MARK SYMBOL
+	{0x2758, 0x2767, prN},     // So    [16] LIGHT VERTICAL BAR..ROTATED FLORAL HEART BULLET
+	{0x2768, 0x2768, prN},     // Ps         MEDIUM LEFT PARENTHESIS ORNAMENT
+	{0x2769, 0x2769, prN},     // Pe         MEDIUM RIGHT PARENTHESIS ORNAMENT
+	{0x276A, 0x276A, prN},     // Ps         MEDIUM FLATTENED LEFT PARENTHESIS ORNAMENT
+	{0x276B, 0x276B, prN},     // Pe         MEDIUM FLATTENED RIGHT PARENTHESIS ORNAMENT
+	{0x276C, 0x276C, prN},     // Ps         MEDIUM LEFT-POINTING ANGLE BRACKET ORNAMENT
+	{0x276D, 0x276D, prN},     // Pe         MEDIUM RIGHT-POINTING ANGLE BRACKET ORNAMENT
+	{0x276E, 0x276E, prN},     // Ps         HEAVY LEFT-POINTING ANGLE QUOTATION MARK ORNAMENT
+	{0x276F, 0x276F, prN},     // Pe         HEAVY RIGHT-POINTING ANGLE QUOTATION MARK ORNAMENT
+	{0x2770, 0x2770, prN},     // Ps         HEAVY LEFT-POINTING ANGLE BRACKET ORNAMENT
+	{0x2771, 0x2771, prN},     // Pe         HEAVY RIGHT-POINTING ANGLE BRACKET ORNAMENT
+	{0x2772, 0x2772, prN},     // Ps         LIGHT LEFT TORTOISE SHELL BRACKET ORNAMENT
+	{0x2773, 0x2773, prN},     // Pe         LIGHT RIGHT TORTOISE SHELL BRACKET ORNAMENT
+	{0x2774, 0x2774, prN},     // Ps         MEDIUM LEFT CURLY BRACKET ORNAMENT
+	{0x2775, 0x2775, prN},     // Pe         MEDIUM RIGHT CURLY BRACKET ORNAMENT
+	{0x2776, 0x277F, prA},     // No    [10] DINGBAT NEGATIVE CIRCLED DIGIT ONE..DINGBAT NEGATIVE CIRCLED NUMBER TEN
+	{0x2780, 0x2793, prN},     // No    [20] DINGBAT CIRCLED SANS-SERIF DIGIT ONE..DINGBAT NEGATIVE CIRCLED SANS-SERIF NUMBER TEN
+	{0x2794, 0x2794, prN},     // So         HEAVY WIDE-HEADED RIGHTWARDS ARROW
+	{0x2795, 0x2797, prW},     // So     [3] HEAVY PLUS SIGN..HEAVY DIVISION SIGN
+	{0x2798, 0x27AF, prN},     // So    [24] HEAVY SOUTH EAST ARROW..NOTCHED LOWER RIGHT-SHADOWED WHITE RIGHTWARDS ARROW
+	{0x27B0, 0x27B0, prW},     // So         CURLY LOOP
+	{0x27B1, 0x27BE, prN},     // So    [14] NOTCHED UPPER RIGHT-SHADOWED WHITE RIGHTWARDS ARROW..OPEN-OUTLINED RIGHTWARDS ARROW
+	{0x27BF, 0x27BF, prW},     // So         DOUBLE CURLY LOOP
+	{0x27C0, 0x27C4, prN},     // Sm     [5] THREE DIMENSIONAL ANGLE..OPEN SUPERSET
+	{0x27C5, 0x27C5, prN},     // Ps         LEFT S-SHAPED BAG DELIMITER
+	{0x27C6, 0x27C6, prN},     // Pe         RIGHT S-SHAPED BAG DELIMITER
+	{0x27C7, 0x27E5, prN},     // Sm    [31] OR WITH DOT INSIDE..WHITE SQUARE WITH RIGHTWARDS TICK
+	{0x27E6, 0x27E6, prNa},    // Ps         MATHEMATICAL LEFT WHITE SQUARE BRACKET
+	{0x27E7, 0x27E7, prNa},    // Pe         MATHEMATICAL RIGHT WHITE SQUARE BRACKET
+	{0x27E8, 0x27E8, prNa},    // Ps         MATHEMATICAL LEFT ANGLE BRACKET
+	{0x27E9, 0x27E9, prNa},    // Pe         MATHEMATICAL RIGHT ANGLE BRACKET
+	{0x27EA, 0x27EA, prNa},    // Ps         MATHEMATICAL LEFT DOUBLE ANGLE BRACKET
+	{0x27EB, 0x27EB, prNa},    // Pe         MATHEMATICAL RIGHT DOUBLE ANGLE BRACKET
+	{0x27EC, 0x27EC, prNa},    // Ps         MATHEMATICAL LEFT WHITE TORTOISE SHELL BRACKET
+	{0x27ED, 0x27ED, prNa},    // Pe         MATHEMATICAL RIGHT WHITE TORTOISE SHELL BRACKET
+	{0x27EE, 0x27EE, prN},     // Ps         MATHEMATICAL LEFT FLATTENED PARENTHESIS
+	{0x27EF, 0x27EF, prN},     // Pe         MATHEMATICAL RIGHT FLATTENED PARENTHESIS
+	{0x27F0, 0x27FF, prN},     // Sm    [16] UPWARDS QUADRUPLE ARROW..LONG RIGHTWARDS SQUIGGLE ARROW
+	{0x2800, 0x28FF, prN},     // So   [256] BRAILLE PATTERN BLANK..BRAILLE PATTERN DOTS-12345678
+	{0x2900, 0x297F, prN},     // Sm   [128] RIGHTWARDS TWO-HEADED ARROW WITH VERTICAL STROKE..DOWN FISH TAIL
+	{0x2980, 0x2982, prN},     // Sm     [3] TRIPLE VERTICAL BAR DELIMITER..Z NOTATION TYPE COLON
+	{0x2983, 0x2983, prN},     // Ps         LEFT WHITE CURLY BRACKET
+	{0x2984, 0x2984, prN},     // Pe         RIGHT WHITE CURLY BRACKET
+	{0x2985, 0x2985, prNa},    // Ps         LEFT WHITE PARENTHESIS
+	{0x2986, 0x2986, prNa},    // Pe         RIGHT WHITE PARENTHESIS
+	{0x2987, 0x2987, prN},     // Ps         Z NOTATION LEFT IMAGE BRACKET
+	{0x2988, 0x2988, prN},     // Pe         Z NOTATION RIGHT IMAGE BRACKET
+	{0x2989, 0x2989, prN},     // Ps         Z NOTATION LEFT BINDING BRACKET
+	{0x298A, 0x298A, prN},     // Pe         Z NOTATION RIGHT BINDING BRACKET
+	{0x298B, 0x298B, prN},     // Ps         LEFT SQUARE BRACKET WITH UNDERBAR
+	{0x298C, 0x298C, prN},     // Pe         RIGHT SQUARE BRACKET WITH UNDERBAR
+	{0x298D, 0x298D, prN},     // Ps         LEFT SQUARE BRACKET WITH TICK IN TOP CORNER
+	{0x298E, 0x298E, prN},     // Pe         RIGHT SQUARE BRACKET WITH TICK IN BOTTOM CORNER
+	{0x298F, 0x298F, prN},     // Ps         LEFT SQUARE BRACKET WITH TICK IN BOTTOM CORNER
+	{0x2990, 0x2990, prN},     // Pe         RIGHT SQUARE BRACKET WITH TICK IN TOP CORNER
+	{0x2991, 0x2991, prN},     // Ps         LEFT ANGLE BRACKET WITH DOT
+	{0x2992, 0x2992, prN},     // Pe         RIGHT ANGLE BRACKET WITH DOT
+	{0x2993, 0x2993, prN},     // Ps         LEFT ARC LESS-THAN BRACKET
+	{0x2994, 0x2994, prN},     // Pe         RIGHT ARC GREATER-THAN BRACKET
+	{0x2995, 0x2995, prN},     // Ps         DOUBLE LEFT ARC GREATER-THAN BRACKET
+	{0x2996, 0x2996, prN},     // Pe         DOUBLE RIGHT ARC LESS-THAN BRACKET
+	{0x2997, 0x2997, prN},     // Ps         LEFT BLACK TORTOISE SHELL BRACKET
+	{0x2998, 0x2998, prN},     // Pe         RIGHT BLACK TORTOISE SHELL BRACKET
+	{0x2999, 0x29D7, prN},     // Sm    [63] DOTTED FENCE..BLACK HOURGLASS
+	{0x29D8, 0x29D8, prN},     // Ps         LEFT WIGGLY FENCE
+	{0x29D9, 0x29D9, prN},     // Pe         RIGHT WIGGLY FENCE
+	{0x29DA, 0x29DA, prN},     // Ps         LEFT DOUBLE WIGGLY FENCE
+	{0x29DB, 0x29DB, prN},     // Pe         RIGHT DOUBLE WIGGLY FENCE
+	{0x29DC, 0x29FB, prN},     // Sm    [32] INCOMPLETE INFINITY..TRIPLE PLUS
+	{0x29FC, 0x29FC, prN},     // Ps         LEFT-POINTING CURVED ANGLE BRACKET
+	{0x29FD, 0x29FD, prN},     // Pe         RIGHT-POINTING CURVED ANGLE BRACKET
+	{0x29FE, 0x29FF, prN},     // Sm     [2] TINY..MINY
+	{0x2A00, 0x2AFF, prN},     // Sm   [256] N-ARY CIRCLED DOT OPERATOR..N-ARY WHITE VERTICAL BAR
+	{0x2B00, 0x2B1A, prN},     // So    [27] NORTH EAST WHITE ARROW..DOTTED SQUARE
+	{0x2B1B, 0x2B1C, prW},     // So     [2] BLACK LARGE SQUARE..WHITE LARGE SQUARE
+	{0x2B1D, 0x2B2F, prN},     // So    [19] BLACK VERY SMALL SQUARE..WHITE VERTICAL ELLIPSE
+	{0x2B30, 0x2B44, prN},     // Sm    [21] LEFT ARROW WITH SMALL CIRCLE..RIGHTWARDS ARROW THROUGH SUPERSET
+	{0x2B45, 0x2B46, prN},     // So     [2] LEFTWARDS QUADRUPLE ARROW..RIGHTWARDS QUADRUPLE ARROW
+	{0x2B47, 0x2B4C, prN},     // Sm     [6] REVERSE TILDE OPERATOR ABOVE RIGHTWARDS ARROW..RIGHTWARDS ARROW ABOVE REVERSE TILDE OPERATOR
+	{0x2B4D, 0x2B4F, prN},     // So     [3] DOWNWARDS TRIANGLE-HEADED ZIGZAG ARROW..SHORT BACKSLANTED SOUTH ARROW
+	{0x2B50, 0x2B50, prW},     // So         WHITE MEDIUM STAR
+	{0x2B51, 0x2B54, prN},     // So     [4] BLACK SMALL STAR..WHITE RIGHT-POINTING PENTAGON
+	{0x2B55, 0x2B55, prW},     // So         HEAVY LARGE CIRCLE
+	{0x2B56, 0x2B59, prA},     // So     [4] HEAVY OVAL WITH OVAL INSIDE..HEAVY CIRCLED SALTIRE
+	{0x2B5A, 0x2B73, prN},     // So    [26] SLANTED NORTH ARROW WITH HOOKED HEAD..DOWNWARDS TRIANGLE-HEADED ARROW TO BAR
+	{0x2B76, 0x2B95, prN},     // So    [32] NORTH WEST TRIANGLE-HEADED ARROW TO BAR..RIGHTWARDS BLACK ARROW
+	{0x2B97, 0x2BFF, prN},     // So   [105] SYMBOL FOR TYPE A ELECTRONICS..HELLSCHREIBER PAUSE SYMBOL
+	{0x2C00, 0x2C5F, prN},     // L&    [96] GLAGOLITIC CAPITAL LETTER AZU..GLAGOLITIC SMALL LETTER CAUDATE CHRIVI
+	{0x2C60, 0x2C7B, prN},     // L&    [28] LATIN CAPITAL LETTER L WITH DOUBLE BAR..LATIN LETTER SMALL CAPITAL TURNED E
+	{0x2C7C, 0x2C7D, prN},     // Lm     [2] LATIN SUBSCRIPT SMALL LETTER J..MODIFIER LETTER CAPITAL V
+	{0x2C7E, 0x2C7F, prN},     // Lu     [2] LATIN CAPITAL LETTER S WITH SWASH TAIL..LATIN CAPITAL LETTER Z WITH SWASH TAIL
+	{0x2C80, 0x2CE4, prN},     // L&   [101] COPTIC CAPITAL LETTER ALFA..COPTIC SYMBOL KAI
+	{0x2CE5, 0x2CEA, prN},     // So     [6] COPTIC SYMBOL MI RO..COPTIC SYMBOL SHIMA SIMA
+	{0x2CEB, 0x2CEE, prN},     // L&     [4] COPTIC CAPITAL LETTER CRYPTOGRAMMIC SHEI..COPTIC SMALL LETTER CRYPTOGRAMMIC GANGIA
+	{0x2CEF, 0x2CF1, prN},     // Mn     [3] COPTIC COMBINING NI ABOVE..COPTIC COMBINING SPIRITUS LENIS
+	{0x2CF2, 0x2CF3, prN},     // L&     [2] COPTIC CAPITAL LETTER BOHAIRIC KHEI..COPTIC SMALL LETTER BOHAIRIC KHEI
+	{0x2CF9, 0x2CFC, prN},     // Po     [4] COPTIC OLD NUBIAN FULL STOP..COPTIC OLD NUBIAN VERSE DIVIDER
+	{0x2CFD, 0x2CFD, prN},     // No         COPTIC FRACTION ONE HALF
+	{0x2CFE, 0x2CFF, prN},     // Po     [2] COPTIC FULL STOP..COPTIC MORPHOLOGICAL DIVIDER
+	{0x2D00, 0x2D25, prN},     // Ll    [38] GEORGIAN SMALL LETTER AN..GEORGIAN SMALL LETTER HOE
+	{0x2D27, 0x2D27, prN},     // Ll         GEORGIAN SMALL LETTER YN
+	{0x2D2D, 0x2D2D, prN},     // Ll         GEORGIAN SMALL LETTER AEN
+	{0x2D30, 0x2D67, prN},     // Lo    [56] TIFINAGH LETTER YA..TIFINAGH LETTER YO
+	{0x2D6F, 0x2D6F, prN},     // Lm         TIFINAGH MODIFIER LETTER LABIALIZATION MARK
+	{0x2D70, 0x2D70, prN},     // Po         TIFINAGH SEPARATOR MARK
+	{0x2D7F, 0x2D7F, prN},     // Mn         TIFINAGH CONSONANT JOINER
+	{0x2D80, 0x2D96, prN},     // Lo    [23] ETHIOPIC SYLLABLE LOA..ETHIOPIC SYLLABLE GGWE
+	{0x2DA0, 0x2DA6, prN},     // Lo     [7] ETHIOPIC SYLLABLE SSA..ETHIOPIC SYLLABLE SSO
+	{0x2DA8, 0x2DAE, prN},     // Lo     [7] ETHIOPIC SYLLABLE CCA..ETHIOPIC SYLLABLE CCO
+	{0x2DB0, 0x2DB6, prN},     // Lo     [7] ETHIOPIC SYLLABLE ZZA..ETHIOPIC SYLLABLE ZZO
+	{0x2DB8, 0x2DBE, prN},     // Lo     [7] ETHIOPIC SYLLABLE CCHA..ETHIOPIC SYLLABLE CCHO
+	{0x2DC0, 0x2DC6, prN},     // Lo     [7] ETHIOPIC SYLLABLE QYA..ETHIOPIC SYLLABLE QYO
+	{0x2DC8, 0x2DCE, prN},     // Lo     [7] ETHIOPIC SYLLABLE KYA..ETHIOPIC SYLLABLE KYO
+	{0x2DD0, 0x2DD6, prN},     // Lo     [7] ETHIOPIC SYLLABLE XYA..ETHIOPIC SYLLABLE XYO
+	{0x2DD8, 0x2DDE, prN},     // Lo     [7] ETHIOPIC SYLLABLE GYA..ETHIOPIC SYLLABLE GYO
+	{0x2DE0, 0x2DFF, prN},     // Mn    [32] COMBINING CYRILLIC LETTER BE..COMBINING CYRILLIC LETTER IOTIFIED BIG YUS
+	{0x2E00, 0x2E01, prN},     // Po     [2] RIGHT ANGLE SUBSTITUTION MARKER..RIGHT ANGLE DOTTED SUBSTITUTION MARKER
+	{0x2E02, 0x2E02, prN},     // Pi         LEFT SUBSTITUTION BRACKET
+	{0x2E03, 0x2E03, prN},     // Pf         RIGHT SUBSTITUTION BRACKET
+	{0x2E04, 0x2E04, prN},     // Pi         LEFT DOTTED SUBSTITUTION BRACKET
+	{0x2E05, 0x2E05, prN},     // Pf         RIGHT DOTTED SUBSTITUTION BRACKET
+	{0x2E06, 0x2E08, prN},     // Po     [3] RAISED INTERPOLATION MARKER..DOTTED TRANSPOSITION MARKER
+	{0x2E09, 0x2E09, prN},     // Pi         LEFT TRANSPOSITION BRACKET
+	{0x2E0A, 0x2E0A, prN},     // Pf         RIGHT TRANSPOSITION BRACKET
+	{0x2E0B, 0x2E0B, prN},     // Po         RAISED SQUARE
+	{0x2E0C, 0x2E0C, prN},     // Pi         LEFT RAISED OMISSION BRACKET
+	{0x2E0D, 0x2E0D, prN},     // Pf         RIGHT RAISED OMISSION BRACKET
+	{0x2E0E, 0x2E16, prN},     // Po     [9] EDITORIAL CORONIS..DOTTED RIGHT-POINTING ANGLE
+	{0x2E17, 0x2E17, prN},     // Pd         DOUBLE OBLIQUE HYPHEN
+	{0x2E18, 0x2E19, prN},     // Po     [2] INVERTED INTERROBANG..PALM BRANCH
+	{0x2E1A, 0x2E1A, prN},     // Pd         HYPHEN WITH DIAERESIS
+	{0x2E1B, 0x2E1B, prN},     // Po         TILDE WITH RING ABOVE
+	{0x2E1C, 0x2E1C, prN},     // Pi         LEFT LOW PARAPHRASE BRACKET
+	{0x2E1D, 0x2E1D, prN},     // Pf         RIGHT LOW PARAPHRASE BRACKET
+	{0x2E1E, 0x2E1F, prN},     // Po     [2] TILDE WITH DOT ABOVE..TILDE WITH DOT BELOW
+	{0x2E20, 0x2E20, prN},     // Pi         LEFT VERTICAL BAR WITH QUILL
+	{0x2E21, 0x2E21, prN},     // Pf         RIGHT VERTICAL BAR WITH QUILL
+	{0x2E22, 0x2E22, prN},     // Ps         TOP LEFT HALF BRACKET
+	{0x2E23, 0x2E23, prN},     // Pe         TOP RIGHT HALF BRACKET
+	{0x2E24, 0x2E24, prN},     // Ps         BOTTOM LEFT HALF BRACKET
+	{0x2E25, 0x2E25, prN},     // Pe         BOTTOM RIGHT HALF BRACKET
+	{0x2E26, 0x2E26, prN},     // Ps         LEFT SIDEWAYS U BRACKET
+	{0x2E27, 0x2E27, prN},     // Pe         RIGHT SIDEWAYS U BRACKET
+	{0x2E28, 0x2E28, prN},     // Ps         LEFT DOUBLE PARENTHESIS
+	{0x2E29, 0x2E29, prN},     // Pe         RIGHT DOUBLE PARENTHESIS
+	{0x2E2A, 0x2E2E, prN},     // Po     [5] TWO DOTS OVER ONE DOT PUNCTUATION..REVERSED QUESTION MARK
+	{0x2E2F, 0x2E2F, prN},     // Lm         VERTICAL TILDE
+	{0x2E30, 0x2E39, prN},     // Po    [10] RING POINT..TOP HALF SECTION SIGN
+	{0x2E3A, 0x2E3B, prN},     // Pd     [2] TWO-EM DASH..THREE-EM DASH
+	{0x2E3C, 0x2E3F, prN},     // Po     [4] STENOGRAPHIC FULL STOP..CAPITULUM
+	{0x2E40, 0x2E40, prN},     // Pd         DOUBLE HYPHEN
+	{0x2E41, 0x2E41, prN},     // Po         REVERSED COMMA
+	{0x2E42, 0x2E42, prN},     // Ps         DOUBLE LOW-REVERSED-9 QUOTATION MARK
+	{0x2E43, 0x2E4F, prN},     // Po    [13] DASH WITH LEFT UPTURN..CORNISH VERSE DIVIDER
+	{0x2E50, 0x2E51, prN},     // So     [2] CROSS PATTY WITH RIGHT CROSSBAR..CROSS PATTY WITH LEFT CROSSBAR
+	{0x2E52, 0x2E54, prN},     // Po     [3] TIRONIAN SIGN CAPITAL ET..MEDIEVAL QUESTION MARK
+	{0x2E55, 0x2E55, prN},     // Ps         LEFT SQUARE BRACKET WITH STROKE
+	{0x2E56, 0x2E56, prN},     // Pe         RIGHT SQUARE BRACKET WITH STROKE
+	{0x2E57, 0x2E57, prN},     // Ps         LEFT SQUARE BRACKET WITH DOUBLE STROKE
+	{0x2E58, 0x2E58, prN},     // Pe         RIGHT SQUARE BRACKET WITH DOUBLE STROKE
+	{0x2E59, 0x2E59, prN},     // Ps         TOP HALF LEFT PARENTHESIS
+	{0x2E5A, 0x2E5A, prN},     // Pe         TOP HALF RIGHT PARENTHESIS
+	{0x2E5B, 0x2E5B, prN},     // Ps         BOTTOM HALF LEFT PARENTHESIS
+	{0x2E5C, 0x2E5C, prN},     // Pe         BOTTOM HALF RIGHT PARENTHESIS
+	{0x2E5D, 0x2E5D, prN},     // Pd         OBLIQUE HYPHEN
+	{0x2E80, 0x2E99, prW},     // So    [26] CJK RADICAL REPEAT..CJK RADICAL RAP
+	{0x2E9B, 0x2EF3, prW},     // So    [89] CJK RADICAL CHOKE..CJK RADICAL C-SIMPLIFIED TURTLE
+	{0x2F00, 0x2FD5, prW},     // So   [214] KANGXI RADICAL ONE..KANGXI RADICAL FLUTE
+	{0x2FF0, 0x2FFB, prW},     // So    [12] IDEOGRAPHIC DESCRIPTION CHARACTER LEFT TO RIGHT..IDEOGRAPHIC DESCRIPTION CHARACTER OVERLAID
+	{0x3000, 0x3000, prF},     // Zs         IDEOGRAPHIC SPACE
+	{0x3001, 0x3003, prW},     // Po     [3] IDEOGRAPHIC COMMA..DITTO MARK
+	{0x3004, 0x3004, prW},     // So         JAPANESE INDUSTRIAL STANDARD SYMBOL
+	{0x3005, 0x3005, prW},     // Lm         IDEOGRAPHIC ITERATION MARK
+	{0x3006, 0x3006, prW},     // Lo         IDEOGRAPHIC CLOSING MARK
+	{0x3007, 0x3007, prW},     // Nl         IDEOGRAPHIC NUMBER ZERO
+	{0x3008, 0x3008, prW},     // Ps         LEFT ANGLE BRACKET
+	{0x3009, 0x3009, prW},     // Pe         RIGHT ANGLE BRACKET
+	{0x300A, 0x300A, prW},     // Ps         LEFT DOUBLE ANGLE BRACKET
+	{0x300B, 0x300B, prW},     // Pe         RIGHT DOUBLE ANGLE BRACKET
+	{0x300C, 0x300C, prW},     // Ps         LEFT CORNER BRACKET
+	{0x300D, 0x300D, prW},     // Pe         RIGHT CORNER BRACKET
+	{0x300E, 0x300E, prW},     // Ps         LEFT WHITE CORNER BRACKET
+	{0x300F, 0x300F, prW},     // Pe         RIGHT WHITE CORNER BRACKET
+	{0x3010, 0x3010, prW},     // Ps         LEFT BLACK LENTICULAR BRACKET
+	{0x3011, 0x3011, prW},     // Pe         RIGHT BLACK LENTICULAR BRACKET
+	{0x3012, 0x3013, prW},     // So     [2] POSTAL MARK..GETA MARK
+	{0x3014, 0x3014, prW},     // Ps         LEFT TORTOISE SHELL BRACKET
+	{0x3015, 0x3015, prW},     // Pe         RIGHT TORTOISE SHELL BRACKET
+	{0x3016, 0x3016, prW},     // Ps         LEFT WHITE LENTICULAR BRACKET
+	{0x3017, 0x3017, prW},     // Pe         RIGHT WHITE LENTICULAR BRACKET
+	{0x3018, 0x3018, prW},     // Ps         LEFT WHITE TORTOISE SHELL BRACKET
+	{0x3019, 0x3019, prW},     // Pe         RIGHT WHITE TORTOISE SHELL BRACKET
+	{0x301A, 0x301A, prW},     // Ps         LEFT WHITE SQUARE BRACKET
+	{0x301B, 0x301B, prW},     // Pe         RIGHT WHITE SQUARE BRACKET
+	{0x301C, 0x301C, prW},     // Pd         WAVE DASH
+	{0x301D, 0x301D, prW},     // Ps         REVERSED DOUBLE PRIME QUOTATION MARK
+	{0x301E, 0x301F, prW},     // Pe     [2] DOUBLE PRIME QUOTATION MARK..LOW DOUBLE PRIME QUOTATION MARK
+	{0x3020, 0x3020, prW},     // So         POSTAL MARK FACE
+	{0x3021, 0x3029, prW},     // Nl     [9] HANGZHOU NUMERAL ONE..HANGZHOU NUMERAL NINE
+	{0x302A, 0x302D, prW},     // Mn     [4] IDEOGRAPHIC LEVEL TONE MARK..IDEOGRAPHIC ENTERING TONE MARK
+	{0x302E, 0x302F, prW},     // Mc     [2] HANGUL SINGLE DOT TONE MARK..HANGUL DOUBLE DOT TONE MARK
+	{0x3030, 0x3030, prW},     // Pd         WAVY DASH
+	{0x3031, 0x3035, prW},     // Lm     [5] VERTICAL KANA REPEAT MARK..VERTICAL KANA REPEAT MARK LOWER HALF
+	{0x3036, 0x3037, prW},     // So     [2] CIRCLED POSTAL MARK..IDEOGRAPHIC TELEGRAPH LINE FEED SEPARATOR SYMBOL
+	{0x3038, 0x303A, prW},     // Nl     [3] HANGZHOU NUMERAL TEN..HANGZHOU NUMERAL THIRTY
+	{0x303B, 0x303B, prW},     // Lm         VERTICAL IDEOGRAPHIC ITERATION MARK
+	{0x303C, 0x303C, prW},     // Lo         MASU MARK
+	{0x303D, 0x303D, prW},     // Po         PART ALTERNATION MARK
+	{0x303E, 0x303E, prW},     // So         IDEOGRAPHIC VARIATION INDICATOR
+	{0x303F, 0x303F, prN},     // So         IDEOGRAPHIC HALF FILL SPACE
+	{0x3041, 0x3096, prW},     // Lo    [86] HIRAGANA LETTER SMALL A..HIRAGANA LETTER SMALL KE
+	{0x3099, 0x309A, prW},     // Mn     [2] COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK..COMBINING KATAKANA-HIRAGANA SEMI-VOICED SOUND MARK
+	{0x309B, 0x309C, prW},     // Sk     [2] KATAKANA-HIRAGANA VOICED SOUND MARK..KATAKANA-HIRAGANA SEMI-VOICED SOUND MARK
+	{0x309D, 0x309E, prW},     // Lm     [2] HIRAGANA ITERATION MARK..HIRAGANA VOICED ITERATION MARK
+	{0x309F, 0x309F, prW},     // Lo         HIRAGANA DIGRAPH YORI
+	{0x30A0, 0x30A0, prW},     // Pd         KATAKANA-HIRAGANA DOUBLE HYPHEN
+	{0x30A1, 0x30FA, prW},     // Lo    [90] KATAKANA LETTER SMALL A..KATAKANA LETTER VO
+	{0x30FB, 0x30FB, prW},     // Po         KATAKANA MIDDLE DOT
+	{0x30FC, 0x30FE, prW},     // Lm     [3] KATAKANA-HIRAGANA PROLONGED SOUND MARK..KATAKANA VOICED ITERATION MARK
+	{0x30FF, 0x30FF, prW},     // Lo         KATAKANA DIGRAPH KOTO
+	{0x3105, 0x312F, prW},     // Lo    [43] BOPOMOFO LETTER B..BOPOMOFO LETTER NN
+	{0x3131, 0x318E, prW},     // Lo    [94] HANGUL LETTER KIYEOK..HANGUL LETTER ARAEAE
+	{0x3190, 0x3191, prW},     // So     [2] IDEOGRAPHIC ANNOTATION LINKING MARK..IDEOGRAPHIC ANNOTATION REVERSE MARK
+	{0x3192, 0x3195, prW},     // No     [4] IDEOGRAPHIC ANNOTATION ONE MARK..IDEOGRAPHIC ANNOTATION FOUR MARK
+	{0x3196, 0x319F, prW},     // So    [10] IDEOGRAPHIC ANNOTATION TOP MARK..IDEOGRAPHIC ANNOTATION MAN MARK
+	{0x31A0, 0x31BF, prW},     // Lo    [32] BOPOMOFO LETTER BU..BOPOMOFO LETTER AH
+	{0x31C0, 0x31E3, prW},     // So    [36] CJK STROKE T..CJK STROKE Q
+	{0x31F0, 0x31FF, prW},     // Lo    [16] KATAKANA LETTER SMALL KU..KATAKANA LETTER SMALL RO
+	{0x3200, 0x321E, prW},     // So    [31] PARENTHESIZED HANGUL KIYEOK..PARENTHESIZED KOREAN CHARACTER O HU
+	{0x3220, 0x3229, prW},     // No    [10] PARENTHESIZED IDEOGRAPH ONE..PARENTHESIZED IDEOGRAPH TEN
+	{0x322A, 0x3247, prW},     // So    [30] PARENTHESIZED IDEOGRAPH MOON..CIRCLED IDEOGRAPH KOTO
+	{0x3248, 0x324F, prA},     // No     [8] CIRCLED NUMBER TEN ON BLACK SQUARE..CIRCLED NUMBER EIGHTY ON BLACK SQUARE
+	{0x3250, 0x3250, prW},     // So         PARTNERSHIP SIGN
+	{0x3251, 0x325F, prW},     // No    [15] CIRCLED NUMBER TWENTY ONE..CIRCLED NUMBER THIRTY FIVE
+	{0x3260, 0x327F, prW},     // So    [32] CIRCLED HANGUL KIYEOK..KOREAN STANDARD SYMBOL
+	{0x3280, 0x3289, prW},     // No    [10] CIRCLED IDEOGRAPH ONE..CIRCLED IDEOGRAPH TEN
+	{0x328A, 0x32B0, prW},     // So    [39] CIRCLED IDEOGRAPH MOON..CIRCLED IDEOGRAPH NIGHT
+	{0x32B1, 0x32BF, prW},     // No    [15] CIRCLED NUMBER THIRTY SIX..CIRCLED NUMBER FIFTY
+	{0x32C0, 0x32FF, prW},     // So    [64] IDEOGRAPHIC TELEGRAPH SYMBOL FOR JANUARY..SQUARE ERA NAME REIWA
+	{0x3300, 0x33FF, prW},     // So   [256] SQUARE APAATO..SQUARE GAL
+	{0x3400, 0x4DBF, prW},     // Lo  [6592] CJK UNIFIED IDEOGRAPH-3400..CJK UNIFIED IDEOGRAPH-4DBF
+	{0x4DC0, 0x4DFF, prN},     // So    [64] HEXAGRAM FOR THE CREATIVE HEAVEN..HEXAGRAM FOR BEFORE COMPLETION
+	{0x4E00, 0x9FFF, prW},     // Lo [20992] CJK UNIFIED IDEOGRAPH-4E00..CJK UNIFIED IDEOGRAPH-9FFF
+	{0xA000, 0xA014, prW},     // Lo    [21] YI SYLLABLE IT..YI SYLLABLE E
+	{0xA015, 0xA015, prW},     // Lm         YI SYLLABLE WU
+	{0xA016, 0xA48C, prW},     // Lo  [1143] YI SYLLABLE BIT..YI SYLLABLE YYR
+	{0xA490, 0xA4C6, prW},     // So    [55] YI RADICAL QOT..YI RADICAL KE
+	{0xA4D0, 0xA4F7, prN},     // Lo    [40] LISU LETTER BA..LISU LETTER OE
+	{0xA4F8, 0xA4FD, prN},     // Lm     [6] LISU LETTER TONE MYA TI..LISU LETTER TONE MYA JEU
+	{0xA4FE, 0xA4FF, prN},     // Po     [2] LISU PUNCTUATION COMMA..LISU PUNCTUATION FULL STOP
+	{0xA500, 0xA60B, prN},     // Lo   [268] VAI SYLLABLE EE..VAI SYLLABLE NG
+	{0xA60C, 0xA60C, prN},     // Lm         VAI SYLLABLE LENGTHENER
+	{0xA60D, 0xA60F, prN},     // Po     [3] VAI COMMA..VAI QUESTION MARK
+	{0xA610, 0xA61F, prN},     // Lo    [16] VAI SYLLABLE NDOLE FA..VAI SYMBOL JONG
+	{0xA620, 0xA629, prN},     // Nd    [10] VAI DIGIT ZERO..VAI DIGIT NINE
+	{0xA62A, 0xA62B, prN},     // Lo     [2] VAI SYLLABLE NDOLE MA..VAI SYLLABLE NDOLE DO
+	{0xA640, 0xA66D, prN},     // L&    [46] CYRILLIC CAPITAL LETTER ZEMLYA..CYRILLIC SMALL LETTER DOUBLE MONOCULAR O
+	{0xA66E, 0xA66E, prN},     // Lo         CYRILLIC LETTER MULTIOCULAR O
+	{0xA66F, 0xA66F, prN},     // Mn         COMBINING CYRILLIC VZMET
+	{0xA670, 0xA672, prN},     // Me     [3] COMBINING CYRILLIC TEN MILLIONS SIGN..COMBINING CYRILLIC THOUSAND MILLIONS SIGN
+	{0xA673, 0xA673, prN},     // Po         SLAVONIC ASTERISK
+	{0xA674, 0xA67D, prN},     // Mn    [10] COMBINING CYRILLIC LETTER UKRAINIAN IE..COMBINING CYRILLIC PAYEROK
+	{0xA67E, 0xA67E, prN},     // Po         CYRILLIC KAVYKA
+	{0xA67F, 0xA67F, prN},     // Lm         CYRILLIC PAYEROK
+	{0xA680, 0xA69B, prN},     // L&    [28] CYRILLIC CAPITAL LETTER DWE..CYRILLIC SMALL LETTER CROSSED O
+	{0xA69C, 0xA69D, prN},     // Lm     [2] MODIFIER LETTER CYRILLIC HARD SIGN..MODIFIER LETTER CYRILLIC SOFT SIGN
+	{0xA69E, 0xA69F, prN},     // Mn     [2] COMBINING CYRILLIC LETTER EF..COMBINING CYRILLIC LETTER IOTIFIED E
+	{0xA6A0, 0xA6E5, prN},     // Lo    [70] BAMUM LETTER A..BAMUM LETTER KI
+	{0xA6E6, 0xA6EF, prN},     // Nl    [10] BAMUM LETTER MO..BAMUM LETTER KOGHOM
+	{0xA6F0, 0xA6F1, prN},     // Mn     [2] BAMUM COMBINING MARK KOQNDON..BAMUM COMBINING MARK TUKWENTIS
+	{0xA6F2, 0xA6F7, prN},     // Po     [6] BAMUM NJAEMLI..BAMUM QUESTION MARK
+	{0xA700, 0xA716, prN},     // Sk    [23] MODIFIER LETTER CHINESE TONE YIN PING..MODIFIER LETTER EXTRA-LOW LEFT-STEM TONE BAR
+	{0xA717, 0xA71F, prN},     // Lm     [9] MODIFIER LETTER DOT VERTICAL BAR..MODIFIER LETTER LOW INVERTED EXCLAMATION MARK
+	{0xA720, 0xA721, prN},     // Sk     [2] MODIFIER LETTER STRESS AND HIGH TONE..MODIFIER LETTER STRESS AND LOW TONE
+	{0xA722, 0xA76F, prN},     // L&    [78] LATIN CAPITAL LETTER EGYPTOLOGICAL ALEF..LATIN SMALL LETTER CON
+	{0xA770, 0xA770, prN},     // Lm         MODIFIER LETTER US
+	{0xA771, 0xA787, prN},     // L&    [23] LATIN SMALL LETTER DUM..LATIN SMALL LETTER INSULAR T
+	{0xA788, 0xA788, prN},     // Lm         MODIFIER LETTER LOW CIRCUMFLEX ACCENT
+	{0xA789, 0xA78A, prN},     // Sk     [2] MODIFIER LETTER COLON..MODIFIER LETTER SHORT EQUALS SIGN
+	{0xA78B, 0xA78E, prN},     // L&     [4] LATIN CAPITAL LETTER SALTILLO..LATIN SMALL LETTER L WITH RETROFLEX HOOK AND BELT
+	{0xA78F, 0xA78F, prN},     // Lo         LATIN LETTER SINOLOGICAL DOT
+	{0xA790, 0xA7CA, prN},     // L&    [59] LATIN CAPITAL LETTER N WITH DESCENDER..LATIN SMALL LETTER S WITH SHORT STROKE OVERLAY
+	{0xA7D0, 0xA7D1, prN},     // L&     [2] LATIN CAPITAL LETTER CLOSED INSULAR G..LATIN SMALL LETTER CLOSED INSULAR G
+	{0xA7D3, 0xA7D3, prN},     // Ll         LATIN SMALL LETTER DOUBLE THORN
+	{0xA7D5, 0xA7D9, prN},     // L&     [5] LATIN SMALL LETTER DOUBLE WYNN..LATIN SMALL LETTER SIGMOID S
+	{0xA7F2, 0xA7F4, prN},     // Lm     [3] MODIFIER LETTER CAPITAL C..MODIFIER LETTER CAPITAL Q
+	{0xA7F5, 0xA7F6, prN},     // L&     [2] LATIN CAPITAL LETTER REVERSED HALF H..LATIN SMALL LETTER REVERSED HALF H
+	{0xA7F7, 0xA7F7, prN},     // Lo         LATIN EPIGRAPHIC LETTER SIDEWAYS I
+	{0xA7F8, 0xA7F9, prN},     // Lm     [2] MODIFIER LETTER CAPITAL H WITH STROKE..MODIFIER LETTER SMALL LIGATURE OE
+	{0xA7FA, 0xA7FA, prN},     // Ll         LATIN LETTER SMALL CAPITAL TURNED M
+	{0xA7FB, 0xA7FF, prN},     // Lo     [5] LATIN EPIGRAPHIC LETTER REVERSED F..LATIN EPIGRAPHIC LETTER ARCHAIC M
+	{0xA800, 0xA801, prN},     // Lo     [2] SYLOTI NAGRI LETTER A..SYLOTI NAGRI LETTER I
+	{0xA802, 0xA802, prN},     // Mn         SYLOTI NAGRI SIGN DVISVARA
+	{0xA803, 0xA805, prN},     // Lo     [3] SYLOTI NAGRI LETTER U..SYLOTI NAGRI LETTER O
+	{0xA806, 0xA806, prN},     // Mn         SYLOTI NAGRI SIGN HASANTA
+	{0xA807, 0xA80A, prN},     // Lo     [4] SYLOTI NAGRI LETTER KO..SYLOTI NAGRI LETTER GHO
+	{0xA80B, 0xA80B, prN},     // Mn         SYLOTI NAGRI SIGN ANUSVARA
+	{0xA80C, 0xA822, prN},     // Lo    [23] SYLOTI NAGRI LETTER CO..SYLOTI NAGRI LETTER HO
+	{0xA823, 0xA824, prN},     // Mc     [2] SYLOTI NAGRI VOWEL SIGN A..SYLOTI NAGRI VOWEL SIGN I
+	{0xA825, 0xA826, prN},     // Mn     [2] SYLOTI NAGRI VOWEL SIGN U..SYLOTI NAGRI VOWEL SIGN E
+	{0xA827, 0xA827, prN},     // Mc         SYLOTI NAGRI VOWEL SIGN OO
+	{0xA828, 0xA82B, prN},     // So     [4] SYLOTI NAGRI POETRY MARK-1..SYLOTI NAGRI POETRY MARK-4
+	{0xA82C, 0xA82C, prN},     // Mn         SYLOTI NAGRI SIGN ALTERNATE HASANTA
+	{0xA830, 0xA835, prN},     // No     [6] NORTH INDIC FRACTION ONE QUARTER..NORTH INDIC FRACTION THREE SIXTEENTHS
+	{0xA836, 0xA837, prN},     // So     [2] NORTH INDIC QUARTER MARK..NORTH INDIC PLACEHOLDER MARK
+	{0xA838, 0xA838, prN},     // Sc         NORTH INDIC RUPEE MARK
+	{0xA839, 0xA839, prN},     // So         NORTH INDIC QUANTITY MARK
+	{0xA840, 0xA873, prN},     // Lo    [52] PHAGS-PA LETTER KA..PHAGS-PA LETTER CANDRABINDU
+	{0xA874, 0xA877, prN},     // Po     [4] PHAGS-PA SINGLE HEAD MARK..PHAGS-PA MARK DOUBLE SHAD
+	{0xA880, 0xA881, prN},     // Mc     [2] SAURASHTRA SIGN ANUSVARA..SAURASHTRA SIGN VISARGA
+	{0xA882, 0xA8B3, prN},     // Lo    [50] SAURASHTRA LETTER A..SAURASHTRA LETTER LLA
+	{0xA8B4, 0xA8C3, prN},     // Mc    [16] SAURASHTRA CONSONANT SIGN HAARU..SAURASHTRA VOWEL SIGN AU
+	{0xA8C4, 0xA8C5, prN},     // Mn     [2] SAURASHTRA SIGN VIRAMA..SAURASHTRA SIGN CANDRABINDU
+	{0xA8CE, 0xA8CF, prN},     // Po     [2] SAURASHTRA DANDA..SAURASHTRA DOUBLE DANDA
+	{0xA8D0, 0xA8D9, prN},     // Nd    [10] SAURASHTRA DIGIT ZERO..SAURASHTRA DIGIT NINE
+	{0xA8E0, 0xA8F1, prN},     // Mn    [18] COMBINING DEVANAGARI DIGIT ZERO..COMBINING DEVANAGARI SIGN AVAGRAHA
+	{0xA8F2, 0xA8F7, prN},     // Lo     [6] DEVANAGARI SIGN SPACING CANDRABINDU..DEVANAGARI SIGN CANDRABINDU AVAGRAHA
+	{0xA8F8, 0xA8FA, prN},     // Po     [3] DEVANAGARI SIGN PUSHPIKA..DEVANAGARI CARET
+	{0xA8FB, 0xA8FB, prN},     // Lo         DEVANAGARI HEADSTROKE
+	{0xA8FC, 0xA8FC, prN},     // Po         DEVANAGARI SIGN SIDDHAM
+	{0xA8FD, 0xA8FE, prN},     // Lo     [2] DEVANAGARI JAIN OM..DEVANAGARI LETTER AY
+	{0xA8FF, 0xA8FF, prN},     // Mn         DEVANAGARI VOWEL SIGN AY
+	{0xA900, 0xA909, prN},     // Nd    [10] KAYAH LI DIGIT ZERO..KAYAH LI DIGIT NINE
+	{0xA90A, 0xA925, prN},     // Lo    [28] KAYAH LI LETTER KA..KAYAH LI LETTER OO
+	{0xA926, 0xA92D, prN},     // Mn     [8] KAYAH LI VOWEL UE..KAYAH LI TONE CALYA PLOPHU
+	{0xA92E, 0xA92F, prN},     // Po     [2] KAYAH LI SIGN CWI..KAYAH LI SIGN SHYA
+	{0xA930, 0xA946, prN},     // Lo    [23] REJANG LETTER KA..REJANG LETTER A
+	{0xA947, 0xA951, prN},     // Mn    [11] REJANG VOWEL SIGN I..REJANG CONSONANT SIGN R
+	{0xA952, 0xA953, prN},     // Mc     [2] REJANG CONSONANT SIGN H..REJANG VIRAMA
+	{0xA95F, 0xA95F, prN},     // Po         REJANG SECTION MARK
+	{0xA960, 0xA97C, prW},     // Lo    [29] HANGUL CHOSEONG TIKEUT-MIEUM..HANGUL CHOSEONG SSANGYEORINHIEUH
+	{0xA980, 0xA982, prN},     // Mn     [3] JAVANESE SIGN PANYANGGA..JAVANESE SIGN LAYAR
+	{0xA983, 0xA983, prN},     // Mc         JAVANESE SIGN WIGNYAN
+	{0xA984, 0xA9B2, prN},     // Lo    [47] JAVANESE LETTER A..JAVANESE LETTER HA
+	{0xA9B3, 0xA9B3, prN},     // Mn         JAVANESE SIGN CECAK TELU
+	{0xA9B4, 0xA9B5, prN},     // Mc     [2] JAVANESE VOWEL SIGN TARUNG..JAVANESE VOWEL SIGN TOLONG
+	{0xA9B6, 0xA9B9, prN},     // Mn     [4] JAVANESE VOWEL SIGN WULU..JAVANESE VOWEL SIGN SUKU MENDUT
+	{0xA9BA, 0xA9BB, prN},     // Mc     [2] JAVANESE VOWEL SIGN TALING..JAVANESE VOWEL SIGN DIRGA MURE
+	{0xA9BC, 0xA9BD, prN},     // Mn     [2] JAVANESE VOWEL SIGN PEPET..JAVANESE CONSONANT SIGN KERET
+	{0xA9BE, 0xA9C0, prN},     // Mc     [3] JAVANESE CONSONANT SIGN PENGKAL..JAVANESE PANGKON
+	{0xA9C1, 0xA9CD, prN},     // Po    [13] JAVANESE LEFT RERENGGAN..JAVANESE TURNED PADA PISELEH
+	{0xA9CF, 0xA9CF, prN},     // Lm         JAVANESE PANGRANGKEP
+	{0xA9D0, 0xA9D9, prN},     // Nd    [10] JAVANESE DIGIT ZERO..JAVANESE DIGIT NINE
+	{0xA9DE, 0xA9DF, prN},     // Po     [2] JAVANESE PADA TIRTA TUMETES..JAVANESE PADA ISEN-ISEN
+	{0xA9E0, 0xA9E4, prN},     // Lo     [5] MYANMAR LETTER SHAN GHA..MYANMAR LETTER SHAN BHA
+	{0xA9E5, 0xA9E5, prN},     // Mn         MYANMAR SIGN SHAN SAW
+	{0xA9E6, 0xA9E6, prN},     // Lm         MYANMAR MODIFIER LETTER SHAN REDUPLICATION
+	{0xA9E7, 0xA9EF, prN},     // Lo     [9] MYANMAR LETTER TAI LAING NYA..MYANMAR LETTER TAI LAING NNA
+	{0xA9F0, 0xA9F9, prN},     // Nd    [10] MYANMAR TAI LAING DIGIT ZERO..MYANMAR TAI LAING DIGIT NINE
+	{0xA9FA, 0xA9FE, prN},     // Lo     [5] MYANMAR LETTER TAI LAING LLA..MYANMAR LETTER TAI LAING BHA
+	{0xAA00, 0xAA28, prN},     // Lo    [41] CHAM LETTER A..CHAM LETTER HA
+	{0xAA29, 0xAA2E, prN},     // Mn     [6] CHAM VOWEL SIGN AA..CHAM VOWEL SIGN OE
+	{0xAA2F, 0xAA30, prN},     // Mc     [2] CHAM VOWEL SIGN O..CHAM VOWEL SIGN AI
+	{0xAA31, 0xAA32, prN},     // Mn     [2] CHAM VOWEL SIGN AU..CHAM VOWEL SIGN UE
+	{0xAA33, 0xAA34, prN},     // Mc     [2] CHAM CONSONANT SIGN YA..CHAM CONSONANT SIGN RA
+	{0xAA35, 0xAA36, prN},     // Mn     [2] CHAM CONSONANT SIGN LA..CHAM CONSONANT SIGN WA
+	{0xAA40, 0xAA42, prN},     // Lo     [3] CHAM LETTER FINAL K..CHAM LETTER FINAL NG
+	{0xAA43, 0xAA43, prN},     // Mn         CHAM CONSONANT SIGN FINAL NG
+	{0xAA44, 0xAA4B, prN},     // Lo     [8] CHAM LETTER FINAL CH..CHAM LETTER FINAL SS
+	{0xAA4C, 0xAA4C, prN},     // Mn         CHAM CONSONANT SIGN FINAL M
+	{0xAA4D, 0xAA4D, prN},     // Mc         CHAM CONSONANT SIGN FINAL H
+	{0xAA50, 0xAA59, prN},     // Nd    [10] CHAM DIGIT ZERO..CHAM DIGIT NINE
+	{0xAA5C, 0xAA5F, prN},     // Po     [4] CHAM PUNCTUATION SPIRAL..CHAM PUNCTUATION TRIPLE DANDA
+	{0xAA60, 0xAA6F, prN},     // Lo    [16] MYANMAR LETTER KHAMTI GA..MYANMAR LETTER KHAMTI FA
+	{0xAA70, 0xAA70, prN},     // Lm         MYANMAR MODIFIER LETTER KHAMTI REDUPLICATION
+	{0xAA71, 0xAA76, prN},     // Lo     [6] MYANMAR LETTER KHAMTI XA..MYANMAR LOGOGRAM KHAMTI HM
+	{0xAA77, 0xAA79, prN},     // So     [3] MYANMAR SYMBOL AITON EXCLAMATION..MYANMAR SYMBOL AITON TWO
+	{0xAA7A, 0xAA7A, prN},     // Lo         MYANMAR LETTER AITON RA
+	{0xAA7B, 0xAA7B, prN},     // Mc         MYANMAR SIGN PAO KAREN TONE
+	{0xAA7C, 0xAA7C, prN},     // Mn         MYANMAR SIGN TAI LAING TONE-2
+	{0xAA7D, 0xAA7D, prN},     // Mc         MYANMAR SIGN TAI LAING TONE-5
+	{0xAA7E, 0xAA7F, prN},     // Lo     [2] MYANMAR LETTER SHWE PALAUNG CHA..MYANMAR LETTER SHWE PALAUNG SHA
+	{0xAA80, 0xAAAF, prN},     // Lo    [48] TAI VIET LETTER LOW KO..TAI VIET LETTER HIGH O
+	{0xAAB0, 0xAAB0, prN},     // Mn         TAI VIET MAI KANG
+	{0xAAB1, 0xAAB1, prN},     // Lo         TAI VIET VOWEL AA
+	{0xAAB2, 0xAAB4, prN},     // Mn     [3] TAI VIET VOWEL I..TAI VIET VOWEL U
+	{0xAAB5, 0xAAB6, prN},     // Lo     [2] TAI VIET VOWEL E..TAI VIET VOWEL O
+	{0xAAB7, 0xAAB8, prN},     // Mn     [2] TAI VIET MAI KHIT..TAI VIET VOWEL IA
+	{0xAAB9, 0xAABD, prN},     // Lo     [5] TAI VIET VOWEL UEA..TAI VIET VOWEL AN
+	{0xAABE, 0xAABF, prN},     // Mn     [2] TAI VIET VOWEL AM..TAI VIET TONE MAI EK
+	{0xAAC0, 0xAAC0, prN},     // Lo         TAI VIET TONE MAI NUENG
+	{0xAAC1, 0xAAC1, prN},     // Mn         TAI VIET TONE MAI THO
+	{0xAAC2, 0xAAC2, prN},     // Lo         TAI VIET TONE MAI SONG
+	{0xAADB, 0xAADC, prN},     // Lo     [2] TAI VIET SYMBOL KON..TAI VIET SYMBOL NUENG
+	{0xAADD, 0xAADD, prN},     // Lm         TAI VIET SYMBOL SAM
+	{0xAADE, 0xAADF, prN},     // Po     [2] TAI VIET SYMBOL HO HOI..TAI VIET SYMBOL KOI KOI
+	{0xAAE0, 0xAAEA, prN},     // Lo    [11] MEETEI MAYEK LETTER E..MEETEI MAYEK LETTER SSA
+	{0xAAEB, 0xAAEB, prN},     // Mc         MEETEI MAYEK VOWEL SIGN II
+	{0xAAEC, 0xAAED, prN},     // Mn     [2] MEETEI MAYEK VOWEL SIGN UU..MEETEI MAYEK VOWEL SIGN AAI
+	{0xAAEE, 0xAAEF, prN},     // Mc     [2] MEETEI MAYEK VOWEL SIGN AU..MEETEI MAYEK VOWEL SIGN AAU
+	{0xAAF0, 0xAAF1, prN},     // Po     [2] MEETEI MAYEK CHEIKHAN..MEETEI MAYEK AHANG KHUDAM
+	{0xAAF2, 0xAAF2, prN},     // Lo         MEETEI MAYEK ANJI
+	{0xAAF3, 0xAAF4, prN},     // Lm     [2] MEETEI MAYEK SYLLABLE REPETITION MARK..MEETEI MAYEK WORD REPETITION MARK
+	{0xAAF5, 0xAAF5, prN},     // Mc         MEETEI MAYEK VOWEL SIGN VISARGA
+	{0xAAF6, 0xAAF6, prN},     // Mn         MEETEI MAYEK VIRAMA
+	{0xAB01, 0xAB06, prN},     // Lo     [6] ETHIOPIC SYLLABLE TTHU..ETHIOPIC SYLLABLE TTHO
+	{0xAB09, 0xAB0E, prN},     // Lo     [6] ETHIOPIC SYLLABLE DDHU..ETHIOPIC SYLLABLE DDHO
+	{0xAB11, 0xAB16, prN},     // Lo     [6] ETHIOPIC SYLLABLE DZU..ETHIOPIC SYLLABLE DZO
+	{0xAB20, 0xAB26, prN},     // Lo     [7] ETHIOPIC SYLLABLE CCHHA..ETHIOPIC SYLLABLE CCHHO
+	{0xAB28, 0xAB2E, prN},     // Lo     [7] ETHIOPIC SYLLABLE BBA..ETHIOPIC SYLLABLE BBO
+	{0xAB30, 0xAB5A, prN},     // Ll    [43] LATIN SMALL LETTER BARRED ALPHA..LATIN SMALL LETTER Y WITH SHORT RIGHT LEG
+	{0xAB5B, 0xAB5B, prN},     // Sk         MODIFIER BREVE WITH INVERTED BREVE
+	{0xAB5C, 0xAB5F, prN},     // Lm     [4] MODIFIER LETTER SMALL HENG..MODIFIER LETTER SMALL U WITH LEFT HOOK
+	{0xAB60, 0xAB68, prN},     // Ll     [9] LATIN SMALL LETTER SAKHA YAT..LATIN SMALL LETTER TURNED R WITH MIDDLE TILDE
+	{0xAB69, 0xAB69, prN},     // Lm         MODIFIER LETTER SMALL TURNED W
+	{0xAB6A, 0xAB6B, prN},     // Sk     [2] MODIFIER LETTER LEFT TACK..MODIFIER LETTER RIGHT TACK
+	{0xAB70, 0xABBF, prN},     // Ll    [80] CHEROKEE SMALL LETTER A..CHEROKEE SMALL LETTER YA
+	{0xABC0, 0xABE2, prN},     // Lo    [35] MEETEI MAYEK LETTER KOK..MEETEI MAYEK LETTER I LONSUM
+	{0xABE3, 0xABE4, prN},     // Mc     [2] MEETEI MAYEK VOWEL SIGN ONAP..MEETEI MAYEK VOWEL SIGN INAP
+	{0xABE5, 0xABE5, prN},     // Mn         MEETEI MAYEK VOWEL SIGN ANAP
+	{0xABE6, 0xABE7, prN},     // Mc     [2] MEETEI MAYEK VOWEL SIGN YENAP..MEETEI MAYEK VOWEL SIGN SOUNAP
+	{0xABE8, 0xABE8, prN},     // Mn         MEETEI MAYEK VOWEL SIGN UNAP
+	{0xABE9, 0xABEA, prN},     // Mc     [2] MEETEI MAYEK VOWEL SIGN CHEINAP..MEETEI MAYEK VOWEL SIGN NUNG
+	{0xABEB, 0xABEB, prN},     // Po         MEETEI MAYEK CHEIKHEI
+	{0xABEC, 0xABEC, prN},     // Mc         MEETEI MAYEK LUM IYEK
+	{0xABED, 0xABED, prN},     // Mn         MEETEI MAYEK APUN IYEK
+	{0xABF0, 0xABF9, prN},     // Nd    [10] MEETEI MAYEK DIGIT ZERO..MEETEI MAYEK DIGIT NINE
+	{0xAC00, 0xD7A3, prW},     // Lo [11172] HANGUL SYLLABLE GA..HANGUL SYLLABLE HIH
+	{0xD7B0, 0xD7C6, prN},     // Lo    [23] HANGUL JUNGSEONG O-YEO..HANGUL JUNGSEONG ARAEA-E
+	{0xD7CB, 0xD7FB, prN},     // Lo    [49] HANGUL JONGSEONG NIEUN-RIEUL..HANGUL JONGSEONG PHIEUPH-THIEUTH
+	{0xD800, 0xDB7F, prN},     // Cs   [896] <surrogate-D800>..<surrogate-DB7F>
+	{0xDB80, 0xDBFF, prN},     // Cs   [128] <surrogate-DB80>..<surrogate-DBFF>
+	{0xDC00, 0xDFFF, prN},     // Cs  [1024] <surrogate-DC00>..<surrogate-DFFF>
+	{0xE000, 0xF8FF, prA},     // Co  [6400] <private-use-E000>..<private-use-F8FF>
+	{0xF900, 0xFA6D, prW},     // Lo   [366] CJK COMPATIBILITY IDEOGRAPH-F900..CJK COMPATIBILITY IDEOGRAPH-FA6D
+	{0xFA6E, 0xFA6F, prW},     // Cn     [2] <reserved-FA6E>..<reserved-FA6F>
+	{0xFA70, 0xFAD9, prW},     // Lo   [106] CJK COMPATIBILITY IDEOGRAPH-FA70..CJK COMPATIBILITY IDEOGRAPH-FAD9
+	{0xFADA, 0xFAFF, prW},     // Cn    [38] <reserved-FADA>..<reserved-FAFF>
+	{0xFB00, 0xFB06, prN},     // Ll     [7] LATIN SMALL LIGATURE FF..LATIN SMALL LIGATURE ST
+	{0xFB13, 0xFB17, prN},     // Ll     [5] ARMENIAN SMALL LIGATURE MEN NOW..ARMENIAN SMALL LIGATURE MEN XEH
+	{0xFB1D, 0xFB1D, prN},     // Lo         HEBREW LETTER YOD WITH HIRIQ
+	{0xFB1E, 0xFB1E, prN},     // Mn         HEBREW POINT JUDEO-SPANISH VARIKA
+	{0xFB1F, 0xFB28, prN},     // Lo    [10] HEBREW LIGATURE YIDDISH YOD YOD PATAH..HEBREW LETTER WIDE TAV
+	{0xFB29, 0xFB29, prN},     // Sm         HEBREW LETTER ALTERNATIVE PLUS SIGN
+	{0xFB2A, 0xFB36, prN},     // Lo    [13] HEBREW LETTER SHIN WITH SHIN DOT..HEBREW LETTER ZAYIN WITH DAGESH
+	{0xFB38, 0xFB3C, prN},     // Lo     [5] HEBREW LETTER TET WITH DAGESH..HEBREW LETTER LAMED WITH DAGESH
+	{0xFB3E, 0xFB3E, prN},     // Lo         HEBREW LETTER MEM WITH DAGESH
+	{0xFB40, 0xFB41, prN},     // Lo     [2] HEBREW LETTER NUN WITH DAGESH..HEBREW LETTER SAMEKH WITH DAGESH
+	{0xFB43, 0xFB44, prN},     // Lo     [2] HEBREW LETTER FINAL PE WITH DAGESH..HEBREW LETTER PE WITH DAGESH
+	{0xFB46, 0xFB4F, prN},     // Lo    [10] HEBREW LETTER TSADI WITH DAGESH..HEBREW LIGATURE ALEF LAMED
+	{0xFB50, 0xFBB1, prN},     // Lo    [98] ARABIC LETTER ALEF WASLA ISOLATED FORM..ARABIC LETTER YEH BARREE WITH HAMZA ABOVE FINAL FORM
+	{0xFBB2, 0xFBC2, prN},     // Sk    [17] ARABIC SYMBOL DOT ABOVE..ARABIC SYMBOL WASLA ABOVE
+	{0xFBD3, 0xFD3D, prN},     // Lo   [363] ARABIC LETTER NG ISOLATED FORM..ARABIC LIGATURE ALEF WITH FATHATAN ISOLATED FORM
+	{0xFD3E, 0xFD3E, prN},     // Pe         ORNATE LEFT PARENTHESIS
+	{0xFD3F, 0xFD3F, prN},     // Ps         ORNATE RIGHT PARENTHESIS
+	{0xFD40, 0xFD4F, prN},     // So    [16] ARABIC LIGATURE RAHIMAHU ALLAAH..ARABIC LIGATURE RAHIMAHUM ALLAAH
+	{0xFD50, 0xFD8F, prN},     // Lo    [64] ARABIC LIGATURE TEH WITH JEEM WITH MEEM INITIAL FORM..ARABIC LIGATURE MEEM WITH KHAH WITH MEEM INITIAL FORM
+	{0xFD92, 0xFDC7, prN},     // Lo    [54] ARABIC LIGATURE MEEM WITH JEEM WITH KHAH INITIAL FORM..ARABIC LIGATURE NOON WITH JEEM WITH YEH FINAL FORM
+	{0xFDCF, 0xFDCF, prN},     // So         ARABIC LIGATURE SALAAMUHU ALAYNAA
+	{0xFDF0, 0xFDFB, prN},     // Lo    [12] ARABIC LIGATURE SALLA USED AS KORANIC STOP SIGN ISOLATED FORM..ARABIC LIGATURE JALLAJALALOUHOU
+	{0xFDFC, 0xFDFC, prN},     // Sc         RIAL SIGN
+	{0xFDFD, 0xFDFF, prN},     // So     [3] ARABIC LIGATURE BISMILLAH AR-RAHMAN AR-RAHEEM..ARABIC LIGATURE AZZA WA JALL
+	{0xFE00, 0xFE0F, prA},     // Mn    [16] VARIATION SELECTOR-1..VARIATION SELECTOR-16
+	{0xFE10, 0xFE16, prW},     // Po     [7] PRESENTATION FORM FOR VERTICAL COMMA..PRESENTATION FORM FOR VERTICAL QUESTION MARK
+	{0xFE17, 0xFE17, prW},     // Ps         PRESENTATION FORM FOR VERTICAL LEFT WHITE LENTICULAR BRACKET
+	{0xFE18, 0xFE18, prW},     // Pe         PRESENTATION FORM FOR VERTICAL RIGHT WHITE LENTICULAR BRAKCET
+	{0xFE19, 0xFE19, prW},     // Po         PRESENTATION FORM FOR VERTICAL HORIZONTAL ELLIPSIS
+	{0xFE20, 0xFE2F, prN},     // Mn    [16] COMBINING LIGATURE LEFT HALF..COMBINING CYRILLIC TITLO RIGHT HALF
+	{0xFE30, 0xFE30, prW},     // Po         PRESENTATION FORM FOR VERTICAL TWO DOT LEADER
+	{0xFE31, 0xFE32, prW},     // Pd     [2] PRESENTATION FORM FOR VERTICAL EM DASH..PRESENTATION FORM FOR VERTICAL EN DASH
+	{0xFE33, 0xFE34, prW},     // Pc     [2] PRESENTATION FORM FOR VERTICAL LOW LINE..PRESENTATION FORM FOR VERTICAL WAVY LOW LINE
+	{0xFE35, 0xFE35, prW},     // Ps         PRESENTATION FORM FOR VERTICAL LEFT PARENTHESIS
+	{0xFE36, 0xFE36, prW},     // Pe         PRESENTATION FORM FOR VERTICAL RIGHT PARENTHESIS
+	{0xFE37, 0xFE37, prW},     // Ps         PRESENTATION FORM FOR VERTICAL LEFT CURLY BRACKET
+	{0xFE38, 0xFE38, prW},     // Pe         PRESENTATION FORM FOR VERTICAL RIGHT CURLY BRACKET
+	{0xFE39, 0xFE39, prW},     // Ps         PRESENTATION FORM FOR VERTICAL LEFT TORTOISE SHELL BRACKET
+	{0xFE3A, 0xFE3A, prW},     // Pe         PRESENTATION FORM FOR VERTICAL RIGHT TORTOISE SHELL BRACKET
+	{0xFE3B, 0xFE3B, prW},     // Ps         PRESENTATION FORM FOR VERTICAL LEFT BLACK LENTICULAR BRACKET
+	{0xFE3C, 0xFE3C, prW},     // Pe         PRESENTATION FORM FOR VERTICAL RIGHT BLACK LENTICULAR BRACKET
+	{0xFE3D, 0xFE3D, prW},     // Ps         PRESENTATION FORM FOR VERTICAL LEFT DOUBLE ANGLE BRACKET
+	{0xFE3E, 0xFE3E, prW},     // Pe         PRESENTATION FORM FOR VERTICAL RIGHT DOUBLE ANGLE BRACKET
+	{0xFE3F, 0xFE3F, prW},     // Ps         PRESENTATION FORM FOR VERTICAL LEFT ANGLE BRACKET
+	{0xFE40, 0xFE40, prW},     // Pe         PRESENTATION FORM FOR VERTICAL RIGHT ANGLE BRACKET
+	{0xFE41, 0xFE41, prW},     // Ps         PRESENTATION FORM FOR VERTICAL LEFT CORNER BRACKET
+	{0xFE42, 0xFE42, prW},     // Pe         PRESENTATION FORM FOR VERTICAL RIGHT CORNER BRACKET
+	{0xFE43, 0xFE43, prW},     // Ps         PRESENTATION FORM FOR VERTICAL LEFT WHITE CORNER BRACKET
+	{0xFE44, 0xFE44, prW},     // Pe         PRESENTATION FORM FOR VERTICAL RIGHT WHITE CORNER BRACKET
+	{0xFE45, 0xFE46, prW},     // Po     [2] SESAME DOT..WHITE SESAME DOT
+	{0xFE47, 0xFE47, prW},     // Ps         PRESENTATION FORM FOR VERTICAL LEFT SQUARE BRACKET
+	{0xFE48, 0xFE48, prW},     // Pe         PRESENTATION FORM FOR VERTICAL RIGHT SQUARE BRACKET
+	{0xFE49, 0xFE4C, prW},     // Po     [4] DASHED OVERLINE..DOUBLE WAVY OVERLINE
+	{0xFE4D, 0xFE4F, prW},     // Pc     [3] DASHED LOW LINE..WAVY LOW LINE
+	{0xFE50, 0xFE52, prW},     // Po     [3] SMALL COMMA..SMALL FULL STOP
+	{0xFE54, 0xFE57, prW},     // Po     [4] SMALL SEMICOLON..SMALL EXCLAMATION MARK
+	{0xFE58, 0xFE58, prW},     // Pd         SMALL EM DASH
+	{0xFE59, 0xFE59, prW},     // Ps         SMALL LEFT PARENTHESIS
+	{0xFE5A, 0xFE5A, prW},     // Pe         SMALL RIGHT PARENTHESIS
+	{0xFE5B, 0xFE5B, prW},     // Ps         SMALL LEFT CURLY BRACKET
+	{0xFE5C, 0xFE5C, prW},     // Pe         SMALL RIGHT CURLY BRACKET
+	{0xFE5D, 0xFE5D, prW},     // Ps         SMALL LEFT TORTOISE SHELL BRACKET
+	{0xFE5E, 0xFE5E, prW},     // Pe         SMALL RIGHT TORTOISE SHELL BRACKET
+	{0xFE5F, 0xFE61, prW},     // Po     [3] SMALL NUMBER SIGN..SMALL ASTERISK
+	{0xFE62, 0xFE62, prW},     // Sm         SMALL PLUS SIGN
+	{0xFE63, 0xFE63, prW},     // Pd         SMALL HYPHEN-MINUS
+	{0xFE64, 0xFE66, prW},     // Sm     [3] SMALL LESS-THAN SIGN..SMALL EQUALS SIGN
+	{0xFE68, 0xFE68, prW},     // Po         SMALL REVERSE SOLIDUS
+	{0xFE69, 0xFE69, prW},     // Sc         SMALL DOLLAR SIGN
+	{0xFE6A, 0xFE6B, prW},     // Po     [2] SMALL PERCENT SIGN..SMALL COMMERCIAL AT
+	{0xFE70, 0xFE74, prN},     // Lo     [5] ARABIC FATHATAN ISOLATED FORM..ARABIC KASRATAN ISOLATED FORM
+	{0xFE76, 0xFEFC, prN},     // Lo   [135] ARABIC FATHA ISOLATED FORM..ARABIC LIGATURE LAM WITH ALEF FINAL FORM
+	{0xFEFF, 0xFEFF, prN},     // Cf         ZERO WIDTH NO-BREAK SPACE
+	{0xFF01, 0xFF03, prF},     // Po     [3] FULLWIDTH EXCLAMATION MARK..FULLWIDTH NUMBER SIGN
+	{0xFF04, 0xFF04, prF},     // Sc         FULLWIDTH DOLLAR SIGN
+	{0xFF05, 0xFF07, prF},     // Po     [3] FULLWIDTH PERCENT SIGN..FULLWIDTH APOSTROPHE
+	{0xFF08, 0xFF08, prF},     // Ps         FULLWIDTH LEFT PARENTHESIS
+	{0xFF09, 0xFF09, prF},     // Pe         FULLWIDTH RIGHT PARENTHESIS
+	{0xFF0A, 0xFF0A, prF},     // Po         FULLWIDTH ASTERISK
+	{0xFF0B, 0xFF0B, prF},     // Sm         FULLWIDTH PLUS SIGN
+	{0xFF0C, 0xFF0C, prF},     // Po         FULLWIDTH COMMA
+	{0xFF0D, 0xFF0D, prF},     // Pd         FULLWIDTH HYPHEN-MINUS
+	{0xFF0E, 0xFF0F, prF},     // Po     [2] FULLWIDTH FULL STOP..FULLWIDTH SOLIDUS
+	{0xFF10, 0xFF19, prF},     // Nd    [10] FULLWIDTH DIGIT ZERO..FULLWIDTH DIGIT NINE
+	{0xFF1A, 0xFF1B, prF},     // Po     [2] FULLWIDTH COLON..FULLWIDTH SEMICOLON
+	{0xFF1C, 0xFF1E, prF},     // Sm     [3] FULLWIDTH LESS-THAN SIGN..FULLWIDTH GREATER-THAN SIGN
+	{0xFF1F, 0xFF20, prF},     // Po     [2] FULLWIDTH QUESTION MARK..FULLWIDTH COMMERCIAL AT
+	{0xFF21, 0xFF3A, prF},     // Lu    [26] FULLWIDTH LATIN CAPITAL LETTER A..FULLWIDTH LATIN CAPITAL LETTER Z
+	{0xFF3B, 0xFF3B, prF},     // Ps         FULLWIDTH LEFT SQUARE BRACKET
+	{0xFF3C, 0xFF3C, prF},     // Po         FULLWIDTH REVERSE SOLIDUS
+	{0xFF3D, 0xFF3D, prF},     // Pe         FULLWIDTH RIGHT SQUARE BRACKET
+	{0xFF3E, 0xFF3E, prF},     // Sk         FULLWIDTH CIRCUMFLEX ACCENT
+	{0xFF3F, 0xFF3F, prF},     // Pc         FULLWIDTH LOW LINE
+	{0xFF40, 0xFF40, prF},     // Sk         FULLWIDTH GRAVE ACCENT
+	{0xFF41, 0xFF5A, prF},     // Ll    [26] FULLWIDTH LATIN SMALL LETTER A..FULLWIDTH LATIN SMALL LETTER Z
+	{0xFF5B, 0xFF5B, prF},     // Ps         FULLWIDTH LEFT CURLY BRACKET
+	{0xFF5C, 0xFF5C, prF},     // Sm         FULLWIDTH VERTICAL LINE
+	{0xFF5D, 0xFF5D, prF},     // Pe         FULLWIDTH RIGHT CURLY BRACKET
+	{0xFF5E, 0xFF5E, prF},     // Sm         FULLWIDTH TILDE
+	{0xFF5F, 0xFF5F, prF},     // Ps         FULLWIDTH LEFT WHITE PARENTHESIS
+	{0xFF60, 0xFF60, prF},     // Pe         FULLWIDTH RIGHT WHITE PARENTHESIS
+	{0xFF61, 0xFF61, prH},     // Po         HALFWIDTH IDEOGRAPHIC FULL STOP
+	{0xFF62, 0xFF62, prH},     // Ps         HALFWIDTH LEFT CORNER BRACKET
+	{0xFF63, 0xFF63, prH},     // Pe         HALFWIDTH RIGHT CORNER BRACKET
+	{0xFF64, 0xFF65, prH},     // Po     [2] HALFWIDTH IDEOGRAPHIC COMMA..HALFWIDTH KATAKANA MIDDLE DOT
+	{0xFF66, 0xFF6F, prH},     // Lo    [10] HALFWIDTH KATAKANA LETTER WO..HALFWIDTH KATAKANA LETTER SMALL TU
+	{0xFF70, 0xFF70, prH},     // Lm         HALFWIDTH KATAKANA-HIRAGANA PROLONGED SOUND MARK
+	{0xFF71, 0xFF9D, prH},     // Lo    [45] HALFWIDTH KATAKANA LETTER A..HALFWIDTH KATAKANA LETTER N
+	{0xFF9E, 0xFF9F, prH},     // Lm     [2] HALFWIDTH KATAKANA VOICED SOUND MARK..HALFWIDTH KATAKANA SEMI-VOICED SOUND MARK
+	{0xFFA0, 0xFFBE, prH},     // Lo    [31] HALFWIDTH HANGUL FILLER..HALFWIDTH HANGUL LETTER HIEUH
+	{0xFFC2, 0xFFC7, prH},     // Lo     [6] HALFWIDTH HANGUL LETTER A..HALFWIDTH HANGUL LETTER E
+	{0xFFCA, 0xFFCF, prH},     // Lo     [6] HALFWIDTH HANGUL LETTER YEO..HALFWIDTH HANGUL LETTER OE
+	{0xFFD2, 0xFFD7, prH},     // Lo     [6] HALFWIDTH HANGUL LETTER YO..HALFWIDTH HANGUL LETTER YU
+	{0xFFDA, 0xFFDC, prH},     // Lo     [3] HALFWIDTH HANGUL LETTER EU..HALFWIDTH HANGUL LETTER I
+	{0xFFE0, 0xFFE1, prF},     // Sc     [2] FULLWIDTH CENT SIGN..FULLWIDTH POUND SIGN
+	{0xFFE2, 0xFFE2, prF},     // Sm         FULLWIDTH NOT SIGN
+	{0xFFE3, 0xFFE3, prF},     // Sk         FULLWIDTH MACRON
+	{0xFFE4, 0xFFE4, prF},     // So         FULLWIDTH BROKEN BAR
+	{0xFFE5, 0xFFE6, prF},     // Sc     [2] FULLWIDTH YEN SIGN..FULLWIDTH WON SIGN
+	{0xFFE8, 0xFFE8, prH},     // So         HALFWIDTH FORMS LIGHT VERTICAL
+	{0xFFE9, 0xFFEC, prH},     // Sm     [4] HALFWIDTH LEFTWARDS ARROW..HALFWIDTH DOWNWARDS ARROW
+	{0xFFED, 0xFFEE, prH},     // So     [2] HALFWIDTH BLACK SQUARE..HALFWIDTH WHITE CIRCLE
+	{0xFFF9, 0xFFFB, prN},     // Cf     [3] INTERLINEAR ANNOTATION ANCHOR..INTERLINEAR ANNOTATION TERMINATOR
+	{0xFFFC, 0xFFFC, prN},     // So         OBJECT REPLACEMENT CHARACTER
+	{0xFFFD, 0xFFFD, prA},     // So         REPLACEMENT CHARACTER
+	{0x10000, 0x1000B, prN},   // Lo    [12] LINEAR B SYLLABLE B008 A..LINEAR B SYLLABLE B046 JE
+	{0x1000D, 0x10026, prN},   // Lo    [26] LINEAR B SYLLABLE B036 JO..LINEAR B SYLLABLE B032 QO
+	{0x10028, 0x1003A, prN},   // Lo    [19] LINEAR B SYLLABLE B060 RA..LINEAR B SYLLABLE B042 WO
+	{0x1003C, 0x1003D, prN},   // Lo     [2] LINEAR B SYLLABLE B017 ZA..LINEAR B SYLLABLE B074 ZE
+	{0x1003F, 0x1004D, prN},   // Lo    [15] LINEAR B SYLLABLE B020 ZO..LINEAR B SYLLABLE B091 TWO
+	{0x10050, 0x1005D, prN},   // Lo    [14] LINEAR B SYMBOL B018..LINEAR B SYMBOL B089
+	{0x10080, 0x100FA, prN},   // Lo   [123] LINEAR B IDEOGRAM B100 MAN..LINEAR B IDEOGRAM VESSEL B305
+	{0x10100, 0x10102, prN},   // Po     [3] AEGEAN WORD SEPARATOR LINE..AEGEAN CHECK MARK
+	{0x10107, 0x10133, prN},   // No    [45] AEGEAN NUMBER ONE..AEGEAN NUMBER NINETY THOUSAND
+	{0x10137, 0x1013F, prN},   // So     [9] AEGEAN WEIGHT BASE UNIT..AEGEAN MEASURE THIRD SUBUNIT
+	{0x10140, 0x10174, prN},   // Nl    [53] GREEK ACROPHONIC ATTIC ONE QUARTER..GREEK ACROPHONIC STRATIAN FIFTY MNAS
+	{0x10175, 0x10178, prN},   // No     [4] GREEK ONE HALF SIGN..GREEK THREE QUARTERS SIGN
+	{0x10179, 0x10189, prN},   // So    [17] GREEK YEAR SIGN..GREEK TRYBLION BASE SIGN
+	{0x1018A, 0x1018B, prN},   // No     [2] GREEK ZERO SIGN..GREEK ONE QUARTER SIGN
+	{0x1018C, 0x1018E, prN},   // So     [3] GREEK SINUSOID SIGN..NOMISMA SIGN
+	{0x10190, 0x1019C, prN},   // So    [13] ROMAN SEXTANS SIGN..ASCIA SYMBOL
+	{0x101A0, 0x101A0, prN},   // So         GREEK SYMBOL TAU RHO
+	{0x101D0, 0x101FC, prN},   // So    [45] PHAISTOS DISC SIGN PEDESTRIAN..PHAISTOS DISC SIGN WAVY BAND
+	{0x101FD, 0x101FD, prN},   // Mn         PHAISTOS DISC SIGN COMBINING OBLIQUE STROKE
+	{0x10280, 0x1029C, prN},   // Lo    [29] LYCIAN LETTER A..LYCIAN LETTER X
+	{0x102A0, 0x102D0, prN},   // Lo    [49] CARIAN LETTER A..CARIAN LETTER UUU3
+	{0x102E0, 0x102E0, prN},   // Mn         COPTIC EPACT THOUSANDS MARK
+	{0x102E1, 0x102FB, prN},   // No    [27] COPTIC EPACT DIGIT ONE..COPTIC EPACT NUMBER NINE HUNDRED
+	{0x10300, 0x1031F, prN},   // Lo    [32] OLD ITALIC LETTER A..OLD ITALIC LETTER ESS
+	{0x10320, 0x10323, prN},   // No     [4] OLD ITALIC NUMERAL ONE..OLD ITALIC NUMERAL FIFTY
+	{0x1032D, 0x1032F, prN},   // Lo     [3] OLD ITALIC LETTER YE..OLD ITALIC LETTER SOUTHERN TSE
+	{0x10330, 0x10340, prN},   // Lo    [17] GOTHIC LETTER AHSA..GOTHIC LETTER PAIRTHRA
+	{0x10341, 0x10341, prN},   // Nl         GOTHIC LETTER NINETY
+	{0x10342, 0x10349, prN},   // Lo     [8] GOTHIC LETTER RAIDA..GOTHIC LETTER OTHAL
+	{0x1034A, 0x1034A, prN},   // Nl         GOTHIC LETTER NINE HUNDRED
+	{0x10350, 0x10375, prN},   // Lo    [38] OLD PERMIC LETTER AN..OLD PERMIC LETTER IA
+	{0x10376, 0x1037A, prN},   // Mn     [5] COMBINING OLD PERMIC LETTER AN..COMBINING OLD PERMIC LETTER SII
+	{0x10380, 0x1039D, prN},   // Lo    [30] UGARITIC LETTER ALPA..UGARITIC LETTER SSU
+	{0x1039F, 0x1039F, prN},   // Po         UGARITIC WORD DIVIDER
+	{0x103A0, 0x103C3, prN},   // Lo    [36] OLD PERSIAN SIGN A..OLD PERSIAN SIGN HA
+	{0x103C8, 0x103CF, prN},   // Lo     [8] OLD PERSIAN SIGN AURAMAZDAA..OLD PERSIAN SIGN BUUMISH
+	{0x103D0, 0x103D0, prN},   // Po         OLD PERSIAN WORD DIVIDER
+	{0x103D1, 0x103D5, prN},   // Nl     [5] OLD PERSIAN NUMBER ONE..OLD PERSIAN NUMBER HUNDRED
+	{0x10400, 0x1044F, prN},   // L&    [80] DESERET CAPITAL LETTER LONG I..DESERET SMALL LETTER EW
+	{0x10450, 0x1047F, prN},   // Lo    [48] SHAVIAN LETTER PEEP..SHAVIAN LETTER YEW
+	{0x10480, 0x1049D, prN},   // Lo    [30] OSMANYA LETTER ALEF..OSMANYA LETTER OO
+	{0x104A0, 0x104A9, prN},   // Nd    [10] OSMANYA DIGIT ZERO..OSMANYA DIGIT NINE
+	{0x104B0, 0x104D3, prN},   // Lu    [36] OSAGE CAPITAL LETTER A..OSAGE CAPITAL LETTER ZHA
+	{0x104D8, 0x104FB, prN},   // Ll    [36] OSAGE SMALL LETTER A..OSAGE SMALL LETTER ZHA
+	{0x10500, 0x10527, prN},   // Lo    [40] ELBASAN LETTER A..ELBASAN LETTER KHE
+	{0x10530, 0x10563, prN},   // Lo    [52] CAUCASIAN ALBANIAN LETTER ALT..CAUCASIAN ALBANIAN LETTER KIW
+	{0x1056F, 0x1056F, prN},   // Po         CAUCASIAN ALBANIAN CITATION MARK
+	{0x10570, 0x1057A, prN},   // Lu    [11] VITHKUQI CAPITAL LETTER A..VITHKUQI CAPITAL LETTER GA
+	{0x1057C, 0x1058A, prN},   // Lu    [15] VITHKUQI CAPITAL LETTER HA..VITHKUQI CAPITAL LETTER RE
+	{0x1058C, 0x10592, prN},   // Lu     [7] VITHKUQI CAPITAL LETTER SE..VITHKUQI CAPITAL LETTER XE
+	{0x10594, 0x10595, prN},   // Lu     [2] VITHKUQI CAPITAL LETTER Y..VITHKUQI CAPITAL LETTER ZE
+	{0x10597, 0x105A1, prN},   // Ll    [11] VITHKUQI SMALL LETTER A..VITHKUQI SMALL LETTER GA
+	{0x105A3, 0x105B1, prN},   // Ll    [15] VITHKUQI SMALL LETTER HA..VITHKUQI SMALL LETTER RE
+	{0x105B3, 0x105B9, prN},   // Ll     [7] VITHKUQI SMALL LETTER SE..VITHKUQI SMALL LETTER XE
+	{0x105BB, 0x105BC, prN},   // Ll     [2] VITHKUQI SMALL LETTER Y..VITHKUQI SMALL LETTER ZE
+	{0x10600, 0x10736, prN},   // Lo   [311] LINEAR A SIGN AB001..LINEAR A SIGN A664
+	{0x10740, 0x10755, prN},   // Lo    [22] LINEAR A SIGN A701 A..LINEAR A SIGN A732 JE
+	{0x10760, 0x10767, prN},   // Lo     [8] LINEAR A SIGN A800..LINEAR A SIGN A807
+	{0x10780, 0x10785, prN},   // Lm     [6] MODIFIER LETTER SMALL CAPITAL AA..MODIFIER LETTER SMALL B WITH HOOK
+	{0x10787, 0x107B0, prN},   // Lm    [42] MODIFIER LETTER SMALL DZ DIGRAPH..MODIFIER LETTER SMALL V WITH RIGHT HOOK
+	{0x107B2, 0x107BA, prN},   // Lm     [9] MODIFIER LETTER SMALL CAPITAL Y..MODIFIER LETTER SMALL S WITH CURL
+	{0x10800, 0x10805, prN},   // Lo     [6] CYPRIOT SYLLABLE A..CYPRIOT SYLLABLE JA
+	{0x10808, 0x10808, prN},   // Lo         CYPRIOT SYLLABLE JO
+	{0x1080A, 0x10835, prN},   // Lo    [44] CYPRIOT SYLLABLE KA..CYPRIOT SYLLABLE WO
+	{0x10837, 0x10838, prN},   // Lo     [2] CYPRIOT SYLLABLE XA..CYPRIOT SYLLABLE XE
+	{0x1083C, 0x1083C, prN},   // Lo         CYPRIOT SYLLABLE ZA
+	{0x1083F, 0x1083F, prN},   // Lo         CYPRIOT SYLLABLE ZO
+	{0x10840, 0x10855, prN},   // Lo    [22] IMPERIAL ARAMAIC LETTER ALEPH..IMPERIAL ARAMAIC LETTER TAW
+	{0x10857, 0x10857, prN},   // Po         IMPERIAL ARAMAIC SECTION SIGN
+	{0x10858, 0x1085F, prN},   // No     [8] IMPERIAL ARAMAIC NUMBER ONE..IMPERIAL ARAMAIC NUMBER TEN THOUSAND
+	{0x10860, 0x10876, prN},   // Lo    [23] PALMYRENE LETTER ALEPH..PALMYRENE LETTER TAW
+	{0x10877, 0x10878, prN},   // So     [2] PALMYRENE LEFT-POINTING FLEURON..PALMYRENE RIGHT-POINTING FLEURON
+	{0x10879, 0x1087F, prN},   // No     [7] PALMYRENE NUMBER ONE..PALMYRENE NUMBER TWENTY
+	{0x10880, 0x1089E, prN},   // Lo    [31] NABATAEAN LETTER FINAL ALEPH..NABATAEAN LETTER TAW
+	{0x108A7, 0x108AF, prN},   // No     [9] NABATAEAN NUMBER ONE..NABATAEAN NUMBER ONE HUNDRED
+	{0x108E0, 0x108F2, prN},   // Lo    [19] HATRAN LETTER ALEPH..HATRAN LETTER QOPH
+	{0x108F4, 0x108F5, prN},   // Lo     [2] HATRAN LETTER SHIN..HATRAN LETTER TAW
+	{0x108FB, 0x108FF, prN},   // No     [5] HATRAN NUMBER ONE..HATRAN NUMBER ONE HUNDRED
+	{0x10900, 0x10915, prN},   // Lo    [22] PHOENICIAN LETTER ALF..PHOENICIAN LETTER TAU
+	{0x10916, 0x1091B, prN},   // No     [6] PHOENICIAN NUMBER ONE..PHOENICIAN NUMBER THREE
+	{0x1091F, 0x1091F, prN},   // Po         PHOENICIAN WORD SEPARATOR
+	{0x10920, 0x10939, prN},   // Lo    [26] LYDIAN LETTER A..LYDIAN LETTER C
+	{0x1093F, 0x1093F, prN},   // Po         LYDIAN TRIANGULAR MARK
+	{0x10980, 0x1099F, prN},   // Lo    [32] MEROITIC HIEROGLYPHIC LETTER A..MEROITIC HIEROGLYPHIC SYMBOL VIDJ-2
+	{0x109A0, 0x109B7, prN},   // Lo    [24] MEROITIC CURSIVE LETTER A..MEROITIC CURSIVE LETTER DA
+	{0x109BC, 0x109BD, prN},   // No     [2] MEROITIC CURSIVE FRACTION ELEVEN TWELFTHS..MEROITIC CURSIVE FRACTION ONE HALF
+	{0x109BE, 0x109BF, prN},   // Lo     [2] MEROITIC CURSIVE LOGOGRAM RMT..MEROITIC CURSIVE LOGOGRAM IMN
+	{0x109C0, 0x109CF, prN},   // No    [16] MEROITIC CURSIVE NUMBER ONE..MEROITIC CURSIVE NUMBER SEVENTY
+	{0x109D2, 0x109FF, prN},   // No    [46] MEROITIC CURSIVE NUMBER ONE HUNDRED..MEROITIC CURSIVE FRACTION TEN TWELFTHS
+	{0x10A00, 0x10A00, prN},   // Lo         KHAROSHTHI LETTER A
+	{0x10A01, 0x10A03, prN},   // Mn     [3] KHAROSHTHI VOWEL SIGN I..KHAROSHTHI VOWEL SIGN VOCALIC R
+	{0x10A05, 0x10A06, prN},   // Mn     [2] KHAROSHTHI VOWEL SIGN E..KHAROSHTHI VOWEL SIGN O
+	{0x10A0C, 0x10A0F, prN},   // Mn     [4] KHAROSHTHI VOWEL LENGTH MARK..KHAROSHTHI SIGN VISARGA
+	{0x10A10, 0x10A13, prN},   // Lo     [4] KHAROSHTHI LETTER KA..KHAROSHTHI LETTER GHA
+	{0x10A15, 0x10A17, prN},   // Lo     [3] KHAROSHTHI LETTER CA..KHAROSHTHI LETTER JA
+	{0x10A19, 0x10A35, prN},   // Lo    [29] KHAROSHTHI LETTER NYA..KHAROSHTHI LETTER VHA
+	{0x10A38, 0x10A3A, prN},   // Mn     [3] KHAROSHTHI SIGN BAR ABOVE..KHAROSHTHI SIGN DOT BELOW
+	{0x10A3F, 0x10A3F, prN},   // Mn         KHAROSHTHI VIRAMA
+	{0x10A40, 0x10A48, prN},   // No     [9] KHAROSHTHI DIGIT ONE..KHAROSHTHI FRACTION ONE HALF
+	{0x10A50, 0x10A58, prN},   // Po     [9] KHAROSHTHI PUNCTUATION DOT..KHAROSHTHI PUNCTUATION LINES
+	{0x10A60, 0x10A7C, prN},   // Lo    [29] OLD SOUTH ARABIAN LETTER HE..OLD SOUTH ARABIAN LETTER THETH
+	{0x10A7D, 0x10A7E, prN},   // No     [2] OLD SOUTH ARABIAN NUMBER ONE..OLD SOUTH ARABIAN NUMBER FIFTY
+	{0x10A7F, 0x10A7F, prN},   // Po         OLD SOUTH ARABIAN NUMERIC INDICATOR
+	{0x10A80, 0x10A9C, prN},   // Lo    [29] OLD NORTH ARABIAN LETTER HEH..OLD NORTH ARABIAN LETTER ZAH
+	{0x10A9D, 0x10A9F, prN},   // No     [3] OLD NORTH ARABIAN NUMBER ONE..OLD NORTH ARABIAN NUMBER TWENTY
+	{0x10AC0, 0x10AC7, prN},   // Lo     [8] MANICHAEAN LETTER ALEPH..MANICHAEAN LETTER WAW
+	{0x10AC8, 0x10AC8, prN},   // So         MANICHAEAN SIGN UD
+	{0x10AC9, 0x10AE4, prN},   // Lo    [28] MANICHAEAN LETTER ZAYIN..MANICHAEAN LETTER TAW
+	{0x10AE5, 0x10AE6, prN},   // Mn     [2] MANICHAEAN ABBREVIATION MARK ABOVE..MANICHAEAN ABBREVIATION MARK BELOW
+	{0x10AEB, 0x10AEF, prN},   // No     [5] MANICHAEAN NUMBER ONE..MANICHAEAN NUMBER ONE HUNDRED
+	{0x10AF0, 0x10AF6, prN},   // Po     [7] MANICHAEAN PUNCTUATION STAR..MANICHAEAN PUNCTUATION LINE FILLER
+	{0x10B00, 0x10B35, prN},   // Lo    [54] AVESTAN LETTER A..AVESTAN LETTER HE
+	{0x10B39, 0x10B3F, prN},   // Po     [7] AVESTAN ABBREVIATION MARK..LARGE ONE RING OVER TWO RINGS PUNCTUATION
+	{0x10B40, 0x10B55, prN},   // Lo    [22] INSCRIPTIONAL PARTHIAN LETTER ALEPH..INSCRIPTIONAL PARTHIAN LETTER TAW
+	{0x10B58, 0x10B5F, prN},   // No     [8] INSCRIPTIONAL PARTHIAN NUMBER ONE..INSCRIPTIONAL PARTHIAN NUMBER ONE THOUSAND
+	{0x10B60, 0x10B72, prN},   // Lo    [19] INSCRIPTIONAL PAHLAVI LETTER ALEPH..INSCRIPTIONAL PAHLAVI LETTER TAW
+	{0x10B78, 0x10B7F, prN},   // No     [8] INSCRIPTIONAL PAHLAVI NUMBER ONE..INSCRIPTIONAL PAHLAVI NUMBER ONE THOUSAND
+	{0x10B80, 0x10B91, prN},   // Lo    [18] PSALTER PAHLAVI LETTER ALEPH..PSALTER PAHLAVI LETTER TAW
+	{0x10B99, 0x10B9C, prN},   // Po     [4] PSALTER PAHLAVI SECTION MARK..PSALTER PAHLAVI FOUR DOTS WITH DOT
+	{0x10BA9, 0x10BAF, prN},   // No     [7] PSALTER PAHLAVI NUMBER ONE..PSALTER PAHLAVI NUMBER ONE HUNDRED
+	{0x10C00, 0x10C48, prN},   // Lo    [73] OLD TURKIC LETTER ORKHON A..OLD TURKIC LETTER ORKHON BASH
+	{0x10C80, 0x10CB2, prN},   // Lu    [51] OLD HUNGARIAN CAPITAL LETTER A..OLD HUNGARIAN CAPITAL LETTER US
+	{0x10CC0, 0x10CF2, prN},   // Ll    [51] OLD HUNGARIAN SMALL LETTER A..OLD HUNGARIAN SMALL LETTER US
+	{0x10CFA, 0x10CFF, prN},   // No     [6] OLD HUNGARIAN NUMBER ONE..OLD HUNGARIAN NUMBER ONE THOUSAND
+	{0x10D00, 0x10D23, prN},   // Lo    [36] HANIFI ROHINGYA LETTER A..HANIFI ROHINGYA MARK NA KHONNA
+	{0x10D24, 0x10D27, prN},   // Mn     [4] HANIFI ROHINGYA SIGN HARBAHAY..HANIFI ROHINGYA SIGN TASSI
+	{0x10D30, 0x10D39, prN},   // Nd    [10] HANIFI ROHINGYA DIGIT ZERO..HANIFI ROHINGYA DIGIT NINE
+	{0x10E60, 0x10E7E, prN},   // No    [31] RUMI DIGIT ONE..RUMI FRACTION TWO THIRDS
+	{0x10E80, 0x10EA9, prN},   // Lo    [42] YEZIDI LETTER ELIF..YEZIDI LETTER ET
+	{0x10EAB, 0x10EAC, prN},   // Mn     [2] YEZIDI COMBINING HAMZA MARK..YEZIDI COMBINING MADDA MARK
+	{0x10EAD, 0x10EAD, prN},   // Pd         YEZIDI HYPHENATION MARK
+	{0x10EB0, 0x10EB1, prN},   // Lo     [2] YEZIDI LETTER LAM WITH DOT ABOVE..YEZIDI LETTER YOT WITH CIRCUMFLEX ABOVE
+	{0x10F00, 0x10F1C, prN},   // Lo    [29] OLD SOGDIAN LETTER ALEPH..OLD SOGDIAN LETTER FINAL TAW WITH VERTICAL TAIL
+	{0x10F1D, 0x10F26, prN},   // No    [10] OLD SOGDIAN NUMBER ONE..OLD SOGDIAN FRACTION ONE HALF
+	{0x10F27, 0x10F27, prN},   // Lo         OLD SOGDIAN LIGATURE AYIN-DALETH
+	{0x10F30, 0x10F45, prN},   // Lo    [22] SOGDIAN LETTER ALEPH..SOGDIAN INDEPENDENT SHIN
+	{0x10F46, 0x10F50, prN},   // Mn    [11] SOGDIAN COMBINING DOT BELOW..SOGDIAN COMBINING STROKE BELOW
+	{0x10F51, 0x10F54, prN},   // No     [4] SOGDIAN NUMBER ONE..SOGDIAN NUMBER ONE HUNDRED
+	{0x10F55, 0x10F59, prN},   // Po     [5] SOGDIAN PUNCTUATION TWO VERTICAL BARS..SOGDIAN PUNCTUATION HALF CIRCLE WITH DOT
+	{0x10F70, 0x10F81, prN},   // Lo    [18] OLD UYGHUR LETTER ALEPH..OLD UYGHUR LETTER LESH
+	{0x10F82, 0x10F85, prN},   // Mn     [4] OLD UYGHUR COMBINING DOT ABOVE..OLD UYGHUR COMBINING TWO DOTS BELOW
+	{0x10F86, 0x10F89, prN},   // Po     [4] OLD UYGHUR PUNCTUATION BAR..OLD UYGHUR PUNCTUATION FOUR DOTS
+	{0x10FB0, 0x10FC4, prN},   // Lo    [21] CHORASMIAN LETTER ALEPH..CHORASMIAN LETTER TAW
+	{0x10FC5, 0x10FCB, prN},   // No     [7] CHORASMIAN NUMBER ONE..CHORASMIAN NUMBER ONE HUNDRED
+	{0x10FE0, 0x10FF6, prN},   // Lo    [23] ELYMAIC LETTER ALEPH..ELYMAIC LIGATURE ZAYIN-YODH
+	{0x11000, 0x11000, prN},   // Mc         BRAHMI SIGN CANDRABINDU
+	{0x11001, 0x11001, prN},   // Mn         BRAHMI SIGN ANUSVARA
+	{0x11002, 0x11002, prN},   // Mc         BRAHMI SIGN VISARGA
+	{0x11003, 0x11037, prN},   // Lo    [53] BRAHMI SIGN JIHVAMULIYA..BRAHMI LETTER OLD TAMIL NNNA
+	{0x11038, 0x11046, prN},   // Mn    [15] BRAHMI VOWEL SIGN AA..BRAHMI VIRAMA
+	{0x11047, 0x1104D, prN},   // Po     [7] BRAHMI DANDA..BRAHMI PUNCTUATION LOTUS
+	{0x11052, 0x11065, prN},   // No    [20] BRAHMI NUMBER ONE..BRAHMI NUMBER ONE THOUSAND
+	{0x11066, 0x1106F, prN},   // Nd    [10] BRAHMI DIGIT ZERO..BRAHMI DIGIT NINE
+	{0x11070, 0x11070, prN},   // Mn         BRAHMI SIGN OLD TAMIL VIRAMA
+	{0x11071, 0x11072, prN},   // Lo     [2] BRAHMI LETTER OLD TAMIL SHORT E..BRAHMI LETTER OLD TAMIL SHORT O
+	{0x11073, 0x11074, prN},   // Mn     [2] BRAHMI VOWEL SIGN OLD TAMIL SHORT E..BRAHMI VOWEL SIGN OLD TAMIL SHORT O
+	{0x11075, 0x11075, prN},   // Lo         BRAHMI LETTER OLD TAMIL LLA
+	{0x1107F, 0x1107F, prN},   // Mn         BRAHMI NUMBER JOINER
+	{0x11080, 0x11081, prN},   // Mn     [2] KAITHI SIGN CANDRABINDU..KAITHI SIGN ANUSVARA
+	{0x11082, 0x11082, prN},   // Mc         KAITHI SIGN VISARGA
+	{0x11083, 0x110AF, prN},   // Lo    [45] KAITHI LETTER A..KAITHI LETTER HA
+	{0x110B0, 0x110B2, prN},   // Mc     [3] KAITHI VOWEL SIGN AA..KAITHI VOWEL SIGN II
+	{0x110B3, 0x110B6, prN},   // Mn     [4] KAITHI VOWEL SIGN U..KAITHI VOWEL SIGN AI
+	{0x110B7, 0x110B8, prN},   // Mc     [2] KAITHI VOWEL SIGN O..KAITHI VOWEL SIGN AU
+	{0x110B9, 0x110BA, prN},   // Mn     [2] KAITHI SIGN VIRAMA..KAITHI SIGN NUKTA
+	{0x110BB, 0x110BC, prN},   // Po     [2] KAITHI ABBREVIATION SIGN..KAITHI ENUMERATION SIGN
+	{0x110BD, 0x110BD, prN},   // Cf         KAITHI NUMBER SIGN
+	{0x110BE, 0x110C1, prN},   // Po     [4] KAITHI SECTION MARK..KAITHI DOUBLE DANDA
+	{0x110C2, 0x110C2, prN},   // Mn         KAITHI VOWEL SIGN VOCALIC R
+	{0x110CD, 0x110CD, prN},   // Cf         KAITHI NUMBER SIGN ABOVE
+	{0x110D0, 0x110E8, prN},   // Lo    [25] SORA SOMPENG LETTER SAH..SORA SOMPENG LETTER MAE
+	{0x110F0, 0x110F9, prN},   // Nd    [10] SORA SOMPENG DIGIT ZERO..SORA SOMPENG DIGIT NINE
+	{0x11100, 0x11102, prN},   // Mn     [3] CHAKMA SIGN CANDRABINDU..CHAKMA SIGN VISARGA
+	{0x11103, 0x11126, prN},   // Lo    [36] CHAKMA LETTER AA..CHAKMA LETTER HAA
+	{0x11127, 0x1112B, prN},   // Mn     [5] CHAKMA VOWEL SIGN A..CHAKMA VOWEL SIGN UU
+	{0x1112C, 0x1112C, prN},   // Mc         CHAKMA VOWEL SIGN E
+	{0x1112D, 0x11134, prN},   // Mn     [8] CHAKMA VOWEL SIGN AI..CHAKMA MAAYYAA
+	{0x11136, 0x1113F, prN},   // Nd    [10] CHAKMA DIGIT ZERO..CHAKMA DIGIT NINE
+	{0x11140, 0x11143, prN},   // Po     [4] CHAKMA SECTION MARK..CHAKMA QUESTION MARK
+	{0x11144, 0x11144, prN},   // Lo         CHAKMA LETTER LHAA
+	{0x11145, 0x11146, prN},   // Mc     [2] CHAKMA VOWEL SIGN AA..CHAKMA VOWEL SIGN EI
+	{0x11147, 0x11147, prN},   // Lo         CHAKMA LETTER VAA
+	{0x11150, 0x11172, prN},   // Lo    [35] MAHAJANI LETTER A..MAHAJANI LETTER RRA
+	{0x11173, 0x11173, prN},   // Mn         MAHAJANI SIGN NUKTA
+	{0x11174, 0x11175, prN},   // Po     [2] MAHAJANI ABBREVIATION SIGN..MAHAJANI SECTION MARK
+	{0x11176, 0x11176, prN},   // Lo         MAHAJANI LIGATURE SHRI
+	{0x11180, 0x11181, prN},   // Mn     [2] SHARADA SIGN CANDRABINDU..SHARADA SIGN ANUSVARA
+	{0x11182, 0x11182, prN},   // Mc         SHARADA SIGN VISARGA
+	{0x11183, 0x111B2, prN},   // Lo    [48] SHARADA LETTER A..SHARADA LETTER HA
+	{0x111B3, 0x111B5, prN},   // Mc     [3] SHARADA VOWEL SIGN AA..SHARADA VOWEL SIGN II
+	{0x111B6, 0x111BE, prN},   // Mn     [9] SHARADA VOWEL SIGN U..SHARADA VOWEL SIGN O
+	{0x111BF, 0x111C0, prN},   // Mc     [2] SHARADA VOWEL SIGN AU..SHARADA SIGN VIRAMA
+	{0x111C1, 0x111C4, prN},   // Lo     [4] SHARADA SIGN AVAGRAHA..SHARADA OM
+	{0x111C5, 0x111C8, prN},   // Po     [4] SHARADA DANDA..SHARADA SEPARATOR
+	{0x111C9, 0x111CC, prN},   // Mn     [4] SHARADA SANDHI MARK..SHARADA EXTRA SHORT VOWEL MARK
+	{0x111CD, 0x111CD, prN},   // Po         SHARADA SUTRA MARK
+	{0x111CE, 0x111CE, prN},   // Mc         SHARADA VOWEL SIGN PRISHTHAMATRA E
+	{0x111CF, 0x111CF, prN},   // Mn         SHARADA SIGN INVERTED CANDRABINDU
+	{0x111D0, 0x111D9, prN},   // Nd    [10] SHARADA DIGIT ZERO..SHARADA DIGIT NINE
+	{0x111DA, 0x111DA, prN},   // Lo         SHARADA EKAM
+	{0x111DB, 0x111DB, prN},   // Po         SHARADA SIGN SIDDHAM
+	{0x111DC, 0x111DC, prN},   // Lo         SHARADA HEADSTROKE
+	{0x111DD, 0x111DF, prN},   // Po     [3] SHARADA CONTINUATION SIGN..SHARADA SECTION MARK-2
+	{0x111E1, 0x111F4, prN},   // No    [20] SINHALA ARCHAIC DIGIT ONE..SINHALA ARCHAIC NUMBER ONE THOUSAND
+	{0x11200, 0x11211, prN},   // Lo    [18] KHOJKI LETTER A..KHOJKI LETTER JJA
+	{0x11213, 0x1122B, prN},   // Lo    [25] KHOJKI LETTER NYA..KHOJKI LETTER LLA
+	{0x1122C, 0x1122E, prN},   // Mc     [3] KHOJKI VOWEL SIGN AA..KHOJKI VOWEL SIGN II
+	{0x1122F, 0x11231, prN},   // Mn     [3] KHOJKI VOWEL SIGN U..KHOJKI VOWEL SIGN AI
+	{0x11232, 0x11233, prN},   // Mc     [2] KHOJKI VOWEL SIGN O..KHOJKI VOWEL SIGN AU
+	{0x11234, 0x11234, prN},   // Mn         KHOJKI SIGN ANUSVARA
+	{0x11235, 0x11235, prN},   // Mc         KHOJKI SIGN VIRAMA
+	{0x11236, 0x11237, prN},   // Mn     [2] KHOJKI SIGN NUKTA..KHOJKI SIGN SHADDA
+	{0x11238, 0x1123D, prN},   // Po     [6] KHOJKI DANDA..KHOJKI ABBREVIATION SIGN
+	{0x1123E, 0x1123E, prN},   // Mn         KHOJKI SIGN SUKUN
+	{0x11280, 0x11286, prN},   // Lo     [7] MULTANI LETTER A..MULTANI LETTER GA
+	{0x11288, 0x11288, prN},   // Lo         MULTANI LETTER GHA
+	{0x1128A, 0x1128D, prN},   // Lo     [4] MULTANI LETTER CA..MULTANI LETTER JJA
+	{0x1128F, 0x1129D, prN},   // Lo    [15] MULTANI LETTER NYA..MULTANI LETTER BA
+	{0x1129F, 0x112A8, prN},   // Lo    [10] MULTANI LETTER BHA..MULTANI LETTER RHA
+	{0x112A9, 0x112A9, prN},   // Po         MULTANI SECTION MARK
+	{0x112B0, 0x112DE, prN},   // Lo    [47] KHUDAWADI LETTER A..KHUDAWADI LETTER HA
+	{0x112DF, 0x112DF, prN},   // Mn         KHUDAWADI SIGN ANUSVARA
+	{0x112E0, 0x112E2, prN},   // Mc     [3] KHUDAWADI VOWEL SIGN AA..KHUDAWADI VOWEL SIGN II
+	{0x112E3, 0x112EA, prN},   // Mn     [8] KHUDAWADI VOWEL SIGN U..KHUDAWADI SIGN VIRAMA
+	{0x112F0, 0x112F9, prN},   // Nd    [10] KHUDAWADI DIGIT ZERO..KHUDAWADI DIGIT NINE
+	{0x11300, 0x11301, prN},   // Mn     [2] GRANTHA SIGN COMBINING ANUSVARA ABOVE..GRANTHA SIGN CANDRABINDU
+	{0x11302, 0x11303, prN},   // Mc     [2] GRANTHA SIGN ANUSVARA..GRANTHA SIGN VISARGA
+	{0x11305, 0x1130C, prN},   // Lo     [8] GRANTHA LETTER A..GRANTHA LETTER VOCALIC L
+	{0x1130F, 0x11310, prN},   // Lo     [2] GRANTHA LETTER EE..GRANTHA LETTER AI
+	{0x11313, 0x11328, prN},   // Lo    [22] GRANTHA LETTER OO..GRANTHA LETTER NA
+	{0x1132A, 0x11330, prN},   // Lo     [7] GRANTHA LETTER PA..GRANTHA LETTER RA
+	{0x11332, 0x11333, prN},   // Lo     [2] GRANTHA LETTER LA..GRANTHA LETTER LLA
+	{0x11335, 0x11339, prN},   // Lo     [5] GRANTHA LETTER VA..GRANTHA LETTER HA
+	{0x1133B, 0x1133C, prN},   // Mn     [2] COMBINING BINDU BELOW..GRANTHA SIGN NUKTA
+	{0x1133D, 0x1133D, prN},   // Lo         GRANTHA SIGN AVAGRAHA
+	{0x1133E, 0x1133F, prN},   // Mc     [2] GRANTHA VOWEL SIGN AA..GRANTHA VOWEL SIGN I
+	{0x11340, 0x11340, prN},   // Mn         GRANTHA VOWEL SIGN II
+	{0x11341, 0x11344, prN},   // Mc     [4] GRANTHA VOWEL SIGN U..GRANTHA VOWEL SIGN VOCALIC RR
+	{0x11347, 0x11348, prN},   // Mc     [2] GRANTHA VOWEL SIGN EE..GRANTHA VOWEL SIGN AI
+	{0x1134B, 0x1134D, prN},   // Mc     [3] GRANTHA VOWEL SIGN OO..GRANTHA SIGN VIRAMA
+	{0x11350, 0x11350, prN},   // Lo         GRANTHA OM
+	{0x11357, 0x11357, prN},   // Mc         GRANTHA AU LENGTH MARK
+	{0x1135D, 0x11361, prN},   // Lo     [5] GRANTHA SIGN PLUTA..GRANTHA LETTER VOCALIC LL
+	{0x11362, 0x11363, prN},   // Mc     [2] GRANTHA VOWEL SIGN VOCALIC L..GRANTHA VOWEL SIGN VOCALIC LL
+	{0x11366, 0x1136C, prN},   // Mn     [7] COMBINING GRANTHA DIGIT ZERO..COMBINING GRANTHA DIGIT SIX
+	{0x11370, 0x11374, prN},   // Mn     [5] COMBINING GRANTHA LETTER A..COMBINING GRANTHA LETTER PA
+	{0x11400, 0x11434, prN},   // Lo    [53] NEWA LETTER A..NEWA LETTER HA
+	{0x11435, 0x11437, prN},   // Mc     [3] NEWA VOWEL SIGN AA..NEWA VOWEL SIGN II
+	{0x11438, 0x1143F, prN},   // Mn     [8] NEWA VOWEL SIGN U..NEWA VOWEL SIGN AI
+	{0x11440, 0x11441, prN},   // Mc     [2] NEWA VOWEL SIGN O..NEWA VOWEL SIGN AU
+	{0x11442, 0x11444, prN},   // Mn     [3] NEWA SIGN VIRAMA..NEWA SIGN ANUSVARA
+	{0x11445, 0x11445, prN},   // Mc         NEWA SIGN VISARGA
+	{0x11446, 0x11446, prN},   // Mn         NEWA SIGN NUKTA
+	{0x11447, 0x1144A, prN},   // Lo     [4] NEWA SIGN AVAGRAHA..NEWA SIDDHI
+	{0x1144B, 0x1144F, prN},   // Po     [5] NEWA DANDA..NEWA ABBREVIATION SIGN
+	{0x11450, 0x11459, prN},   // Nd    [10] NEWA DIGIT ZERO..NEWA DIGIT NINE
+	{0x1145A, 0x1145B, prN},   // Po     [2] NEWA DOUBLE COMMA..NEWA PLACEHOLDER MARK
+	{0x1145D, 0x1145D, prN},   // Po         NEWA INSERTION SIGN
+	{0x1145E, 0x1145E, prN},   // Mn         NEWA SANDHI MARK
+	{0x1145F, 0x11461, prN},   // Lo     [3] NEWA LETTER VEDIC ANUSVARA..NEWA SIGN UPADHMANIYA
+	{0x11480, 0x114AF, prN},   // Lo    [48] TIRHUTA ANJI..TIRHUTA LETTER HA
+	{0x114B0, 0x114B2, prN},   // Mc     [3] TIRHUTA VOWEL SIGN AA..TIRHUTA VOWEL SIGN II
+	{0x114B3, 0x114B8, prN},   // Mn     [6] TIRHUTA VOWEL SIGN U..TIRHUTA VOWEL SIGN VOCALIC LL
+	{0x114B9, 0x114B9, prN},   // Mc         TIRHUTA VOWEL SIGN E
+	{0x114BA, 0x114BA, prN},   // Mn         TIRHUTA VOWEL SIGN SHORT E
+	{0x114BB, 0x114BE, prN},   // Mc     [4] TIRHUTA VOWEL SIGN AI..TIRHUTA VOWEL SIGN AU
+	{0x114BF, 0x114C0, prN},   // Mn     [2] TIRHUTA SIGN CANDRABINDU..TIRHUTA SIGN ANUSVARA
+	{0x114C1, 0x114C1, prN},   // Mc         TIRHUTA SIGN VISARGA
+	{0x114C2, 0x114C3, prN},   // Mn     [2] TIRHUTA SIGN VIRAMA..TIRHUTA SIGN NUKTA
+	{0x114C4, 0x114C5, prN},   // Lo     [2] TIRHUTA SIGN AVAGRAHA..TIRHUTA GVANG
+	{0x114C6, 0x114C6, prN},   // Po         TIRHUTA ABBREVIATION SIGN
+	{0x114C7, 0x114C7, prN},   // Lo         TIRHUTA OM
+	{0x114D0, 0x114D9, prN},   // Nd    [10] TIRHUTA DIGIT ZERO..TIRHUTA DIGIT NINE
+	{0x11580, 0x115AE, prN},   // Lo    [47] SIDDHAM LETTER A..SIDDHAM LETTER HA
+	{0x115AF, 0x115B1, prN},   // Mc     [3] SIDDHAM VOWEL SIGN AA..SIDDHAM VOWEL SIGN II
+	{0x115B2, 0x115B5, prN},   // Mn     [4] SIDDHAM VOWEL SIGN U..SIDDHAM VOWEL SIGN VOCALIC RR
+	{0x115B8, 0x115BB, prN},   // Mc     [4] SIDDHAM VOWEL SIGN E..SIDDHAM VOWEL SIGN AU
+	{0x115BC, 0x115BD, prN},   // Mn     [2] SIDDHAM SIGN CANDRABINDU..SIDDHAM SIGN ANUSVARA
+	{0x115BE, 0x115BE, prN},   // Mc         SIDDHAM SIGN VISARGA
+	{0x115BF, 0x115C0, prN},   // Mn     [2] SIDDHAM SIGN VIRAMA..SIDDHAM SIGN NUKTA
+	{0x115C1, 0x115D7, prN},   // Po    [23] SIDDHAM SIGN SIDDHAM..SIDDHAM SECTION MARK WITH CIRCLES AND FOUR ENCLOSURES
+	{0x115D8, 0x115DB, prN},   // Lo     [4] SIDDHAM LETTER THREE-CIRCLE ALTERNATE I..SIDDHAM LETTER ALTERNATE U
+	{0x115DC, 0x115DD, prN},   // Mn     [2] SIDDHAM VOWEL SIGN ALTERNATE U..SIDDHAM VOWEL SIGN ALTERNATE UU
+	{0x11600, 0x1162F, prN},   // Lo    [48] MODI LETTER A..MODI LETTER LLA
+	{0x11630, 0x11632, prN},   // Mc     [3] MODI VOWEL SIGN AA..MODI VOWEL SIGN II
+	{0x11633, 0x1163A, prN},   // Mn     [8] MODI VOWEL SIGN U..MODI VOWEL SIGN AI
+	{0x1163B, 0x1163C, prN},   // Mc     [2] MODI VOWEL SIGN O..MODI VOWEL SIGN AU
+	{0x1163D, 0x1163D, prN},   // Mn         MODI SIGN ANUSVARA
+	{0x1163E, 0x1163E, prN},   // Mc         MODI SIGN VISARGA
+	{0x1163F, 0x11640, prN},   // Mn     [2] MODI SIGN VIRAMA..MODI SIGN ARDHACANDRA
+	{0x11641, 0x11643, prN},   // Po     [3] MODI DANDA..MODI ABBREVIATION SIGN
+	{0x11644, 0x11644, prN},   // Lo         MODI SIGN HUVA
+	{0x11650, 0x11659, prN},   // Nd    [10] MODI DIGIT ZERO..MODI DIGIT NINE
+	{0x11660, 0x1166C, prN},   // Po    [13] MONGOLIAN BIRGA WITH ORNAMENT..MONGOLIAN TURNED SWIRL BIRGA WITH DOUBLE ORNAMENT
+	{0x11680, 0x116AA, prN},   // Lo    [43] TAKRI LETTER A..TAKRI LETTER RRA
+	{0x116AB, 0x116AB, prN},   // Mn         TAKRI SIGN ANUSVARA
+	{0x116AC, 0x116AC, prN},   // Mc         TAKRI SIGN VISARGA
+	{0x116AD, 0x116AD, prN},   // Mn         TAKRI VOWEL SIGN AA
+	{0x116AE, 0x116AF, prN},   // Mc     [2] TAKRI VOWEL SIGN I..TAKRI VOWEL SIGN II
+	{0x116B0, 0x116B5, prN},   // Mn     [6] TAKRI VOWEL SIGN U..TAKRI VOWEL SIGN AU
+	{0x116B6, 0x116B6, prN},   // Mc         TAKRI SIGN VIRAMA
+	{0x116B7, 0x116B7, prN},   // Mn         TAKRI SIGN NUKTA
+	{0x116B8, 0x116B8, prN},   // Lo         TAKRI LETTER ARCHAIC KHA
+	{0x116B9, 0x116B9, prN},   // Po         TAKRI ABBREVIATION SIGN
+	{0x116C0, 0x116C9, prN},   // Nd    [10] TAKRI DIGIT ZERO..TAKRI DIGIT NINE
+	{0x11700, 0x1171A, prN},   // Lo    [27] AHOM LETTER KA..AHOM LETTER ALTERNATE BA
+	{0x1171D, 0x1171F, prN},   // Mn     [3] AHOM CONSONANT SIGN MEDIAL LA..AHOM CONSONANT SIGN MEDIAL LIGATING RA
+	{0x11720, 0x11721, prN},   // Mc     [2] AHOM VOWEL SIGN A..AHOM VOWEL SIGN AA
+	{0x11722, 0x11725, prN},   // Mn     [4] AHOM VOWEL SIGN I..AHOM VOWEL SIGN UU
+	{0x11726, 0x11726, prN},   // Mc         AHOM VOWEL SIGN E
+	{0x11727, 0x1172B, prN},   // Mn     [5] AHOM VOWEL SIGN AW..AHOM SIGN KILLER
+	{0x11730, 0x11739, prN},   // Nd    [10] AHOM DIGIT ZERO..AHOM DIGIT NINE
+	{0x1173A, 0x1173B, prN},   // No     [2] AHOM NUMBER TEN..AHOM NUMBER TWENTY
+	{0x1173C, 0x1173E, prN},   // Po     [3] AHOM SIGN SMALL SECTION..AHOM SIGN RULAI
+	{0x1173F, 0x1173F, prN},   // So         AHOM SYMBOL VI
+	{0x11740, 0x11746, prN},   // Lo     [7] AHOM LETTER CA..AHOM LETTER LLA
+	{0x11800, 0x1182B, prN},   // Lo    [44] DOGRA LETTER A..DOGRA LETTER RRA
+	{0x1182C, 0x1182E, prN},   // Mc     [3] DOGRA VOWEL SIGN AA..DOGRA VOWEL SIGN II
+	{0x1182F, 0x11837, prN},   // Mn     [9] DOGRA VOWEL SIGN U..DOGRA SIGN ANUSVARA
+	{0x11838, 0x11838, prN},   // Mc         DOGRA SIGN VISARGA
+	{0x11839, 0x1183A, prN},   // Mn     [2] DOGRA SIGN VIRAMA..DOGRA SIGN NUKTA
+	{0x1183B, 0x1183B, prN},   // Po         DOGRA ABBREVIATION SIGN
+	{0x118A0, 0x118DF, prN},   // L&    [64] WARANG CITI CAPITAL LETTER NGAA..WARANG CITI SMALL LETTER VIYO
+	{0x118E0, 0x118E9, prN},   // Nd    [10] WARANG CITI DIGIT ZERO..WARANG CITI DIGIT NINE
+	{0x118EA, 0x118F2, prN},   // No     [9] WARANG CITI NUMBER TEN..WARANG CITI NUMBER NINETY
+	{0x118FF, 0x118FF, prN},   // Lo         WARANG CITI OM
+	{0x11900, 0x11906, prN},   // Lo     [7] DIVES AKURU LETTER A..DIVES AKURU LETTER E
+	{0x11909, 0x11909, prN},   // Lo         DIVES AKURU LETTER O
+	{0x1190C, 0x11913, prN},   // Lo     [8] DIVES AKURU LETTER KA..DIVES AKURU LETTER JA
+	{0x11915, 0x11916, prN},   // Lo     [2] DIVES AKURU LETTER NYA..DIVES AKURU LETTER TTA
+	{0x11918, 0x1192F, prN},   // Lo    [24] DIVES AKURU LETTER DDA..DIVES AKURU LETTER ZA
+	{0x11930, 0x11935, prN},   // Mc     [6] DIVES AKURU VOWEL SIGN AA..DIVES AKURU VOWEL SIGN E
+	{0x11937, 0x11938, prN},   // Mc     [2] DIVES AKURU VOWEL SIGN AI..DIVES AKURU VOWEL SIGN O
+	{0x1193B, 0x1193C, prN},   // Mn     [2] DIVES AKURU SIGN ANUSVARA..DIVES AKURU SIGN CANDRABINDU
+	{0x1193D, 0x1193D, prN},   // Mc         DIVES AKURU SIGN HALANTA
+	{0x1193E, 0x1193E, prN},   // Mn         DIVES AKURU VIRAMA
+	{0x1193F, 0x1193F, prN},   // Lo         DIVES AKURU PREFIXED NASAL SIGN
+	{0x11940, 0x11940, prN},   // Mc         DIVES AKURU MEDIAL YA
+	{0x11941, 0x11941, prN},   // Lo         DIVES AKURU INITIAL RA
+	{0x11942, 0x11942, prN},   // Mc         DIVES AKURU MEDIAL RA
+	{0x11943, 0x11943, prN},   // Mn         DIVES AKURU SIGN NUKTA
+	{0x11944, 0x11946, prN},   // Po     [3] DIVES AKURU DOUBLE DANDA..DIVES AKURU END OF TEXT MARK
+	{0x11950, 0x11959, prN},   // Nd    [10] DIVES AKURU DIGIT ZERO..DIVES AKURU DIGIT NINE
+	{0x119A0, 0x119A7, prN},   // Lo     [8] NANDINAGARI LETTER A..NANDINAGARI LETTER VOCALIC RR
+	{0x119AA, 0x119D0, prN},   // Lo    [39] NANDINAGARI LETTER E..NANDINAGARI LETTER RRA
+	{0x119D1, 0x119D3, prN},   // Mc     [3] NANDINAGARI VOWEL SIGN AA..NANDINAGARI VOWEL SIGN II
+	{0x119D4, 0x119D7, prN},   // Mn     [4] NANDINAGARI VOWEL SIGN U..NANDINAGARI VOWEL SIGN VOCALIC RR
+	{0x119DA, 0x119DB, prN},   // Mn     [2] NANDINAGARI VOWEL SIGN E..NANDINAGARI VOWEL SIGN AI
+	{0x119DC, 0x119DF, prN},   // Mc     [4] NANDINAGARI VOWEL SIGN O..NANDINAGARI SIGN VISARGA
+	{0x119E0, 0x119E0, prN},   // Mn         NANDINAGARI SIGN VIRAMA
+	{0x119E1, 0x119E1, prN},   // Lo         NANDINAGARI SIGN AVAGRAHA
+	{0x119E2, 0x119E2, prN},   // Po         NANDINAGARI SIGN SIDDHAM
+	{0x119E3, 0x119E3, prN},   // Lo         NANDINAGARI HEADSTROKE
+	{0x119E4, 0x119E4, prN},   // Mc         NANDINAGARI VOWEL SIGN PRISHTHAMATRA E
+	{0x11A00, 0x11A00, prN},   // Lo         ZANABAZAR SQUARE LETTER A
+	{0x11A01, 0x11A0A, prN},   // Mn    [10] ZANABAZAR SQUARE VOWEL SIGN I..ZANABAZAR SQUARE VOWEL LENGTH MARK
+	{0x11A0B, 0x11A32, prN},   // Lo    [40] ZANABAZAR SQUARE LETTER KA..ZANABAZAR SQUARE LETTER KSSA
+	{0x11A33, 0x11A38, prN},   // Mn     [6] ZANABAZAR SQUARE FINAL CONSONANT MARK..ZANABAZAR SQUARE SIGN ANUSVARA
+	{0x11A39, 0x11A39, prN},   // Mc         ZANABAZAR SQUARE SIGN VISARGA
+	{0x11A3A, 0x11A3A, prN},   // Lo         ZANABAZAR SQUARE CLUSTER-INITIAL LETTER RA
+	{0x11A3B, 0x11A3E, prN},   // Mn     [4] ZANABAZAR SQUARE CLUSTER-FINAL LETTER YA..ZANABAZAR SQUARE CLUSTER-FINAL LETTER VA
+	{0x11A3F, 0x11A46, prN},   // Po     [8] ZANABAZAR SQUARE INITIAL HEAD MARK..ZANABAZAR SQUARE CLOSING DOUBLE-LINED HEAD MARK
+	{0x11A47, 0x11A47, prN},   // Mn         ZANABAZAR SQUARE SUBJOINER
+	{0x11A50, 0x11A50, prN},   // Lo         SOYOMBO LETTER A
+	{0x11A51, 0x11A56, prN},   // Mn     [6] SOYOMBO VOWEL SIGN I..SOYOMBO VOWEL SIGN OE
+	{0x11A57, 0x11A58, prN},   // Mc     [2] SOYOMBO VOWEL SIGN AI..SOYOMBO VOWEL SIGN AU
+	{0x11A59, 0x11A5B, prN},   // Mn     [3] SOYOMBO VOWEL SIGN VOCALIC R..SOYOMBO VOWEL LENGTH MARK
+	{0x11A5C, 0x11A89, prN},   // Lo    [46] SOYOMBO LETTER KA..SOYOMBO CLUSTER-INITIAL LETTER SA
+	{0x11A8A, 0x11A96, prN},   // Mn    [13] SOYOMBO FINAL CONSONANT SIGN G..SOYOMBO SIGN ANUSVARA
+	{0x11A97, 0x11A97, prN},   // Mc         SOYOMBO SIGN VISARGA
+	{0x11A98, 0x11A99, prN},   // Mn     [2] SOYOMBO GEMINATION MARK..SOYOMBO SUBJOINER
+	{0x11A9A, 0x11A9C, prN},   // Po     [3] SOYOMBO MARK TSHEG..SOYOMBO MARK DOUBLE SHAD
+	{0x11A9D, 0x11A9D, prN},   // Lo         SOYOMBO MARK PLUTA
+	{0x11A9E, 0x11AA2, prN},   // Po     [5] SOYOMBO HEAD MARK WITH MOON AND SUN AND TRIPLE FLAME..SOYOMBO TERMINAL MARK-2
+	{0x11AB0, 0x11ABF, prN},   // Lo    [16] CANADIAN SYLLABICS NATTILIK HI..CANADIAN SYLLABICS SPA
+	{0x11AC0, 0x11AF8, prN},   // Lo    [57] PAU CIN HAU LETTER PA..PAU CIN HAU GLOTTAL STOP FINAL
+	{0x11C00, 0x11C08, prN},   // Lo     [9] BHAIKSUKI LETTER A..BHAIKSUKI LETTER VOCALIC L
+	{0x11C0A, 0x11C2E, prN},   // Lo    [37] BHAIKSUKI LETTER E..BHAIKSUKI LETTER HA
+	{0x11C2F, 0x11C2F, prN},   // Mc         BHAIKSUKI VOWEL SIGN AA
+	{0x11C30, 0x11C36, prN},   // Mn     [7] BHAIKSUKI VOWEL SIGN I..BHAIKSUKI VOWEL SIGN VOCALIC L
+	{0x11C38, 0x11C3D, prN},   // Mn     [6] BHAIKSUKI VOWEL SIGN E..BHAIKSUKI SIGN ANUSVARA
+	{0x11C3E, 0x11C3E, prN},   // Mc         BHAIKSUKI SIGN VISARGA
+	{0x11C3F, 0x11C3F, prN},   // Mn         BHAIKSUKI SIGN VIRAMA
+	{0x11C40, 0x11C40, prN},   // Lo         BHAIKSUKI SIGN AVAGRAHA
+	{0x11C41, 0x11C45, prN},   // Po     [5] BHAIKSUKI DANDA..BHAIKSUKI GAP FILLER-2
+	{0x11C50, 0x11C59, prN},   // Nd    [10] BHAIKSUKI DIGIT ZERO..BHAIKSUKI DIGIT NINE
+	{0x11C5A, 0x11C6C, prN},   // No    [19] BHAIKSUKI NUMBER ONE..BHAIKSUKI HUNDREDS UNIT MARK
+	{0x11C70, 0x11C71, prN},   // Po     [2] MARCHEN HEAD MARK..MARCHEN MARK SHAD
+	{0x11C72, 0x11C8F, prN},   // Lo    [30] MARCHEN LETTER KA..MARCHEN LETTER A
+	{0x11C92, 0x11CA7, prN},   // Mn    [22] MARCHEN SUBJOINED LETTER KA..MARCHEN SUBJOINED LETTER ZA
+	{0x11CA9, 0x11CA9, prN},   // Mc         MARCHEN SUBJOINED LETTER YA
+	{0x11CAA, 0x11CB0, prN},   // Mn     [7] MARCHEN SUBJOINED LETTER RA..MARCHEN VOWEL SIGN AA
+	{0x11CB1, 0x11CB1, prN},   // Mc         MARCHEN VOWEL SIGN I
+	{0x11CB2, 0x11CB3, prN},   // Mn     [2] MARCHEN VOWEL SIGN U..MARCHEN VOWEL SIGN E
+	{0x11CB4, 0x11CB4, prN},   // Mc         MARCHEN VOWEL SIGN O
+	{0x11CB5, 0x11CB6, prN},   // Mn     [2] MARCHEN SIGN ANUSVARA..MARCHEN SIGN CANDRABINDU
+	{0x11D00, 0x11D06, prN},   // Lo     [7] MASARAM GONDI LETTER A..MASARAM GONDI LETTER E
+	{0x11D08, 0x11D09, prN},   // Lo     [2] MASARAM GONDI LETTER AI..MASARAM GONDI LETTER O
+	{0x11D0B, 0x11D30, prN},   // Lo    [38] MASARAM GONDI LETTER AU..MASARAM GONDI LETTER TRA
+	{0x11D31, 0x11D36, prN},   // Mn     [6] MASARAM GONDI VOWEL SIGN AA..MASARAM GONDI VOWEL SIGN VOCALIC R
+	{0x11D3A, 0x11D3A, prN},   // Mn         MASARAM GONDI VOWEL SIGN E
+	{0x11D3C, 0x11D3D, prN},   // Mn     [2] MASARAM GONDI VOWEL SIGN AI..MASARAM GONDI VOWEL SIGN O
+	{0x11D3F, 0x11D45, prN},   // Mn     [7] MASARAM GONDI VOWEL SIGN AU..MASARAM GONDI VIRAMA
+	{0x11D46, 0x11D46, prN},   // Lo         MASARAM GONDI REPHA
+	{0x11D47, 0x11D47, prN},   // Mn         MASARAM GONDI RA-KARA
+	{0x11D50, 0x11D59, prN},   // Nd    [10] MASARAM GONDI DIGIT ZERO..MASARAM GONDI DIGIT NINE
+	{0x11D60, 0x11D65, prN},   // Lo     [6] GUNJALA GONDI LETTER A..GUNJALA GONDI LETTER UU
+	{0x11D67, 0x11D68, prN},   // Lo     [2] GUNJALA GONDI LETTER EE..GUNJALA GONDI LETTER AI
+	{0x11D6A, 0x11D89, prN},   // Lo    [32] GUNJALA GONDI LETTER OO..GUNJALA GONDI LETTER SA
+	{0x11D8A, 0x11D8E, prN},   // Mc     [5] GUNJALA GONDI VOWEL SIGN AA..GUNJALA GONDI VOWEL SIGN UU
+	{0x11D90, 0x11D91, prN},   // Mn     [2] GUNJALA GONDI VOWEL SIGN EE..GUNJALA GONDI VOWEL SIGN AI
+	{0x11D93, 0x11D94, prN},   // Mc     [2] GUNJALA GONDI VOWEL SIGN OO..GUNJALA GONDI VOWEL SIGN AU
+	{0x11D95, 0x11D95, prN},   // Mn         GUNJALA GONDI SIGN ANUSVARA
+	{0x11D96, 0x11D96, prN},   // Mc         GUNJALA GONDI SIGN VISARGA
+	{0x11D97, 0x11D97, prN},   // Mn         GUNJALA GONDI VIRAMA
+	{0x11D98, 0x11D98, prN},   // Lo         GUNJALA GONDI OM
+	{0x11DA0, 0x11DA9, prN},   // Nd    [10] GUNJALA GONDI DIGIT ZERO..GUNJALA GONDI DIGIT NINE
+	{0x11EE0, 0x11EF2, prN},   // Lo    [19] MAKASAR LETTER KA..MAKASAR ANGKA
+	{0x11EF3, 0x11EF4, prN},   // Mn     [2] MAKASAR VOWEL SIGN I..MAKASAR VOWEL SIGN U
+	{0x11EF5, 0x11EF6, prN},   // Mc     [2] MAKASAR VOWEL SIGN E..MAKASAR VOWEL SIGN O
+	{0x11EF7, 0x11EF8, prN},   // Po     [2] MAKASAR PASSIMBANG..MAKASAR END OF SECTION
+	{0x11FB0, 0x11FB0, prN},   // Lo         LISU LETTER YHA
+	{0x11FC0, 0x11FD4, prN},   // No    [21] TAMIL FRACTION ONE THREE-HUNDRED-AND-TWENTIETH..TAMIL FRACTION DOWNSCALING FACTOR KIIZH
+	{0x11FD5, 0x11FDC, prN},   // So     [8] TAMIL SIGN NEL..TAMIL SIGN MUKKURUNI
+	{0x11FDD, 0x11FE0, prN},   // Sc     [4] TAMIL SIGN KAACU..TAMIL SIGN VARAAKAN
+	{0x11FE1, 0x11FF1, prN},   // So    [17] TAMIL SIGN PAARAM..TAMIL SIGN VAKAIYARAA
+	{0x11FFF, 0x11FFF, prN},   // Po         TAMIL PUNCTUATION END OF TEXT
+	{0x12000, 0x12399, prN},   // Lo   [922] CUNEIFORM SIGN A..CUNEIFORM SIGN U U
+	{0x12400, 0x1246E, prN},   // Nl   [111] CUNEIFORM NUMERIC SIGN TWO ASH..CUNEIFORM NUMERIC SIGN NINE U VARIANT FORM
+	{0x12470, 0x12474, prN},   // Po     [5] CUNEIFORM PUNCTUATION SIGN OLD ASSYRIAN WORD DIVIDER..CUNEIFORM PUNCTUATION SIGN DIAGONAL QUADCOLON
+	{0x12480, 0x12543, prN},   // Lo   [196] CUNEIFORM SIGN AB TIMES NUN TENU..CUNEIFORM SIGN ZU5 TIMES THREE DISH TENU
+	{0x12F90, 0x12FF0, prN},   // Lo    [97] CYPRO-MINOAN SIGN CM001..CYPRO-MINOAN SIGN CM114
+	{0x12FF1, 0x12FF2, prN},   // Po     [2] CYPRO-MINOAN SIGN CM301..CYPRO-MINOAN SIGN CM302
+	{0x13000, 0x1342E, prN},   // Lo  [1071] EGYPTIAN HIEROGLYPH A001..EGYPTIAN HIEROGLYPH AA032
+	{0x13430, 0x13438, prN},   // Cf     [9] EGYPTIAN HIEROGLYPH VERTICAL JOINER..EGYPTIAN HIEROGLYPH END SEGMENT
+	{0x14400, 0x14646, prN},   // Lo   [583] ANATOLIAN HIEROGLYPH A001..ANATOLIAN HIEROGLYPH A530
+	{0x16800, 0x16A38, prN},   // Lo   [569] BAMUM LETTER PHASE-A NGKUE MFON..BAMUM LETTER PHASE-F VUEQ
+	{0x16A40, 0x16A5E, prN},   // Lo    [31] MRO LETTER TA..MRO LETTER TEK
+	{0x16A60, 0x16A69, prN},   // Nd    [10] MRO DIGIT ZERO..MRO DIGIT NINE
+	{0x16A6E, 0x16A6F, prN},   // Po     [2] MRO DANDA..MRO DOUBLE DANDA
+	{0x16A70, 0x16ABE, prN},   // Lo    [79] TANGSA LETTER OZ..TANGSA LETTER ZA
+	{0x16AC0, 0x16AC9, prN},   // Nd    [10] TANGSA DIGIT ZERO..TANGSA DIGIT NINE
+	{0x16AD0, 0x16AED, prN},   // Lo    [30] BASSA VAH LETTER ENNI..BASSA VAH LETTER I
+	{0x16AF0, 0x16AF4, prN},   // Mn     [5] BASSA VAH COMBINING HIGH TONE..BASSA VAH COMBINING HIGH-LOW TONE
+	{0x16AF5, 0x16AF5, prN},   // Po         BASSA VAH FULL STOP
+	{0x16B00, 0x16B2F, prN},   // Lo    [48] PAHAWH HMONG VOWEL KEEB..PAHAWH HMONG CONSONANT CAU
+	{0x16B30, 0x16B36, prN},   // Mn     [7] PAHAWH HMONG MARK CIM TUB..PAHAWH HMONG MARK CIM TAUM
+	{0x16B37, 0x16B3B, prN},   // Po     [5] PAHAWH HMONG SIGN VOS THOM..PAHAWH HMONG SIGN VOS FEEM
+	{0x16B3C, 0x16B3F, prN},   // So     [4] PAHAWH HMONG SIGN XYEEM NTXIV..PAHAWH HMONG SIGN XYEEM FAIB
+	{0x16B40, 0x16B43, prN},   // Lm     [4] PAHAWH HMONG SIGN VOS SEEV..PAHAWH HMONG SIGN IB YAM
+	{0x16B44, 0x16B44, prN},   // Po         PAHAWH HMONG SIGN XAUS
+	{0x16B45, 0x16B45, prN},   // So         PAHAWH HMONG SIGN CIM TSOV ROG
+	{0x16B50, 0x16B59, prN},   // Nd    [10] PAHAWH HMONG DIGIT ZERO..PAHAWH HMONG DIGIT NINE
+	{0x16B5B, 0x16B61, prN},   // No     [7] PAHAWH HMONG NUMBER TENS..PAHAWH HMONG NUMBER TRILLIONS
+	{0x16B63, 0x16B77, prN},   // Lo    [21] PAHAWH HMONG SIGN VOS LUB..PAHAWH HMONG SIGN CIM NRES TOS
+	{0x16B7D, 0x16B8F, prN},   // Lo    [19] PAHAWH HMONG CLAN SIGN TSHEEJ..PAHAWH HMONG CLAN SIGN VWJ
+	{0x16E40, 0x16E7F, prN},   // L&    [64] MEDEFAIDRIN CAPITAL LETTER M..MEDEFAIDRIN SMALL LETTER Y
+	{0x16E80, 0x16E96, prN},   // No    [23] MEDEFAIDRIN DIGIT ZERO..MEDEFAIDRIN DIGIT THREE ALTERNATE FORM
+	{0x16E97, 0x16E9A, prN},   // Po     [4] MEDEFAIDRIN COMMA..MEDEFAIDRIN EXCLAMATION OH
+	{0x16F00, 0x16F4A, prN},   // Lo    [75] MIAO LETTER PA..MIAO LETTER RTE
+	{0x16F4F, 0x16F4F, prN},   // Mn         MIAO SIGN CONSONANT MODIFIER BAR
+	{0x16F50, 0x16F50, prN},   // Lo         MIAO LETTER NASALIZATION
+	{0x16F51, 0x16F87, prN},   // Mc    [55] MIAO SIGN ASPIRATION..MIAO VOWEL SIGN UI
+	{0x16F8F, 0x16F92, prN},   // Mn     [4] MIAO TONE RIGHT..MIAO TONE BELOW
+	{0x16F93, 0x16F9F, prN},   // Lm    [13] MIAO LETTER TONE-2..MIAO LETTER REFORMED TONE-8
+	{0x16FE0, 0x16FE1, prW},   // Lm     [2] TANGUT ITERATION MARK..NUSHU ITERATION MARK
+	{0x16FE2, 0x16FE2, prW},   // Po         OLD CHINESE HOOK MARK
+	{0x16FE3, 0x16FE3, prW},   // Lm         OLD CHINESE ITERATION MARK
+	{0x16FE4, 0x16FE4, prW},   // Mn         KHITAN SMALL SCRIPT FILLER
+	{0x16FF0, 0x16FF1, prW},   // Mc     [2] VIETNAMESE ALTERNATE READING MARK CA..VIETNAMESE ALTERNATE READING MARK NHAY
+	{0x17000, 0x187F7, prW},   // Lo  [6136] TANGUT IDEOGRAPH-17000..TANGUT IDEOGRAPH-187F7
+	{0x18800, 0x18AFF, prW},   // Lo   [768] TANGUT COMPONENT-001..TANGUT COMPONENT-768
+	{0x18B00, 0x18CD5, prW},   // Lo   [470] KHITAN SMALL SCRIPT CHARACTER-18B00..KHITAN SMALL SCRIPT CHARACTER-18CD5
+	{0x18D00, 0x18D08, prW},   // Lo     [9] TANGUT IDEOGRAPH-18D00..TANGUT IDEOGRAPH-18D08
+	{0x1AFF0, 0x1AFF3, prW},   // Lm     [4] KATAKANA LETTER MINNAN TONE-2..KATAKANA LETTER MINNAN TONE-5
+	{0x1AFF5, 0x1AFFB, prW},   // Lm     [7] KATAKANA LETTER MINNAN TONE-7..KATAKANA LETTER MINNAN NASALIZED TONE-5
+	{0x1AFFD, 0x1AFFE, prW},   // Lm     [2] KATAKANA LETTER MINNAN NASALIZED TONE-7..KATAKANA LETTER MINNAN NASALIZED TONE-8
+	{0x1B000, 0x1B0FF, prW},   // Lo   [256] KATAKANA LETTER ARCHAIC E..HENTAIGANA LETTER RE-2
+	{0x1B100, 0x1B122, prW},   // Lo    [35] HENTAIGANA LETTER RE-3..KATAKANA LETTER ARCHAIC WU
+	{0x1B150, 0x1B152, prW},   // Lo     [3] HIRAGANA LETTER SMALL WI..HIRAGANA LETTER SMALL WO
+	{0x1B164, 0x1B167, prW},   // Lo     [4] KATAKANA LETTER SMALL WI..KATAKANA LETTER SMALL N
+	{0x1B170, 0x1B2FB, prW},   // Lo   [396] NUSHU CHARACTER-1B170..NUSHU CHARACTER-1B2FB
+	{0x1BC00, 0x1BC6A, prN},   // Lo   [107] DUPLOYAN LETTER H..DUPLOYAN LETTER VOCALIC M
+	{0x1BC70, 0x1BC7C, prN},   // Lo    [13] DUPLOYAN AFFIX LEFT HORIZONTAL SECANT..DUPLOYAN AFFIX ATTACHED TANGENT HOOK
+	{0x1BC80, 0x1BC88, prN},   // Lo     [9] DUPLOYAN AFFIX HIGH ACUTE..DUPLOYAN AFFIX HIGH VERTICAL
+	{0x1BC90, 0x1BC99, prN},   // Lo    [10] DUPLOYAN AFFIX LOW ACUTE..DUPLOYAN AFFIX LOW ARROW
+	{0x1BC9C, 0x1BC9C, prN},   // So         DUPLOYAN SIGN O WITH CROSS
+	{0x1BC9D, 0x1BC9E, prN},   // Mn     [2] DUPLOYAN THICK LETTER SELECTOR..DUPLOYAN DOUBLE MARK
+	{0x1BC9F, 0x1BC9F, prN},   // Po         DUPLOYAN PUNCTUATION CHINOOK FULL STOP
+	{0x1BCA0, 0x1BCA3, prN},   // Cf     [4] SHORTHAND FORMAT LETTER OVERLAP..SHORTHAND FORMAT UP STEP
+	{0x1CF00, 0x1CF2D, prN},   // Mn    [46] ZNAMENNY COMBINING MARK GORAZDO NIZKO S KRYZHEM ON LEFT..ZNAMENNY COMBINING MARK KRYZH ON LEFT
+	{0x1CF30, 0x1CF46, prN},   // Mn    [23] ZNAMENNY COMBINING TONAL RANGE MARK MRACHNO..ZNAMENNY PRIZNAK MODIFIER ROG
+	{0x1CF50, 0x1CFC3, prN},   // So   [116] ZNAMENNY NEUME KRYUK..ZNAMENNY NEUME PAUK
+	{0x1D000, 0x1D0F5, prN},   // So   [246] BYZANTINE MUSICAL SYMBOL PSILI..BYZANTINE MUSICAL SYMBOL GORGON NEO KATO
+	{0x1D100, 0x1D126, prN},   // So    [39] MUSICAL SYMBOL SINGLE BARLINE..MUSICAL SYMBOL DRUM CLEF-2
+	{0x1D129, 0x1D164, prN},   // So    [60] MUSICAL SYMBOL MULTIPLE MEASURE REST..MUSICAL SYMBOL ONE HUNDRED TWENTY-EIGHTH NOTE
+	{0x1D165, 0x1D166, prN},   // Mc     [2] MUSICAL SYMBOL COMBINING STEM..MUSICAL SYMBOL COMBINING SPRECHGESANG STEM
+	{0x1D167, 0x1D169, prN},   // Mn     [3] MUSICAL SYMBOL COMBINING TREMOLO-1..MUSICAL SYMBOL COMBINING TREMOLO-3
+	{0x1D16A, 0x1D16C, prN},   // So     [3] MUSICAL SYMBOL FINGERED TREMOLO-1..MUSICAL SYMBOL FINGERED TREMOLO-3
+	{0x1D16D, 0x1D172, prN},   // Mc     [6] MUSICAL SYMBOL COMBINING AUGMENTATION DOT..MUSICAL SYMBOL COMBINING FLAG-5
+	{0x1D173, 0x1D17A, prN},   // Cf     [8] MUSICAL SYMBOL BEGIN BEAM..MUSICAL SYMBOL END PHRASE
+	{0x1D17B, 0x1D182, prN},   // Mn     [8] MUSICAL SYMBOL COMBINING ACCENT..MUSICAL SYMBOL COMBINING LOURE
+	{0x1D183, 0x1D184, prN},   // So     [2] MUSICAL SYMBOL ARPEGGIATO UP..MUSICAL SYMBOL ARPEGGIATO DOWN
+	{0x1D185, 0x1D18B, prN},   // Mn     [7] MUSICAL SYMBOL COMBINING DOIT..MUSICAL SYMBOL COMBINING TRIPLE TONGUE
+	{0x1D18C, 0x1D1A9, prN},   // So    [30] MUSICAL SYMBOL RINFORZANDO..MUSICAL SYMBOL DEGREE SLASH
+	{0x1D1AA, 0x1D1AD, prN},   // Mn     [4] MUSICAL SYMBOL COMBINING DOWN BOW..MUSICAL SYMBOL COMBINING SNAP PIZZICATO
+	{0x1D1AE, 0x1D1EA, prN},   // So    [61] MUSICAL SYMBOL PEDAL MARK..MUSICAL SYMBOL KORON
+	{0x1D200, 0x1D241, prN},   // So    [66] GREEK VOCAL NOTATION SYMBOL-1..GREEK INSTRUMENTAL NOTATION SYMBOL-54
+	{0x1D242, 0x1D244, prN},   // Mn     [3] COMBINING GREEK MUSICAL TRISEME..COMBINING GREEK MUSICAL PENTASEME
+	{0x1D245, 0x1D245, prN},   // So         GREEK MUSICAL LEIMMA
+	{0x1D2E0, 0x1D2F3, prN},   // No    [20] MAYAN NUMERAL ZERO..MAYAN NUMERAL NINETEEN
+	{0x1D300, 0x1D356, prN},   // So    [87] MONOGRAM FOR EARTH..TETRAGRAM FOR FOSTERING
+	{0x1D360, 0x1D378, prN},   // No    [25] COUNTING ROD UNIT DIGIT ONE..TALLY MARK FIVE
+	{0x1D400, 0x1D454, prN},   // L&    [85] MATHEMATICAL BOLD CAPITAL A..MATHEMATICAL ITALIC SMALL G
+	{0x1D456, 0x1D49C, prN},   // L&    [71] MATHEMATICAL ITALIC SMALL I..MATHEMATICAL SCRIPT CAPITAL A
+	{0x1D49E, 0x1D49F, prN},   // Lu     [2] MATHEMATICAL SCRIPT CAPITAL C..MATHEMATICAL SCRIPT CAPITAL D
+	{0x1D4A2, 0x1D4A2, prN},   // Lu         MATHEMATICAL SCRIPT CAPITAL G
+	{0x1D4A5, 0x1D4A6, prN},   // Lu     [2] MATHEMATICAL SCRIPT CAPITAL J..MATHEMATICAL SCRIPT CAPITAL K
+	{0x1D4A9, 0x1D4AC, prN},   // Lu     [4] MATHEMATICAL SCRIPT CAPITAL N..MATHEMATICAL SCRIPT CAPITAL Q
+	{0x1D4AE, 0x1D4B9, prN},   // L&    [12] MATHEMATICAL SCRIPT CAPITAL S..MATHEMATICAL SCRIPT SMALL D
+	{0x1D4BB, 0x1D4BB, prN},   // Ll         MATHEMATICAL SCRIPT SMALL F
+	{0x1D4BD, 0x1D4C3, prN},   // Ll     [7] MATHEMATICAL SCRIPT SMALL H..MATHEMATICAL SCRIPT SMALL N
+	{0x1D4C5, 0x1D505, prN},   // L&    [65] MATHEMATICAL SCRIPT SMALL P..MATHEMATICAL FRAKTUR CAPITAL B
+	{0x1D507, 0x1D50A, prN},   // Lu     [4] MATHEMATICAL FRAKTUR CAPITAL D..MATHEMATICAL FRAKTUR CAPITAL G
+	{0x1D50D, 0x1D514, prN},   // Lu     [8] MATHEMATICAL FRAKTUR CAPITAL J..MATHEMATICAL FRAKTUR CAPITAL Q
+	{0x1D516, 0x1D51C, prN},   // Lu     [7] MATHEMATICAL FRAKTUR CAPITAL S..MATHEMATICAL FRAKTUR CAPITAL Y
+	{0x1D51E, 0x1D539, prN},   // L&    [28] MATHEMATICAL FRAKTUR SMALL A..MATHEMATICAL DOUBLE-STRUCK CAPITAL B
+	{0x1D53B, 0x1D53E, prN},   // Lu     [4] MATHEMATICAL DOUBLE-STRUCK CAPITAL D..MATHEMATICAL DOUBLE-STRUCK CAPITAL G
+	{0x1D540, 0x1D544, prN},   // Lu     [5] MATHEMATICAL DOUBLE-STRUCK CAPITAL I..MATHEMATICAL DOUBLE-STRUCK CAPITAL M
+	{0x1D546, 0x1D546, prN},   // Lu         MATHEMATICAL DOUBLE-STRUCK CAPITAL O
+	{0x1D54A, 0x1D550, prN},   // Lu     [7] MATHEMATICAL DOUBLE-STRUCK CAPITAL S..MATHEMATICAL DOUBLE-STRUCK CAPITAL Y
+	{0x1D552, 0x1D6A5, prN},   // L&   [340] MATHEMATICAL DOUBLE-STRUCK SMALL A..MATHEMATICAL ITALIC SMALL DOTLESS J
+	{0x1D6A8, 0x1D6C0, prN},   // Lu    [25] MATHEMATICAL BOLD CAPITAL ALPHA..MATHEMATICAL BOLD CAPITAL OMEGA
+	{0x1D6C1, 0x1D6C1, prN},   // Sm         MATHEMATICAL BOLD NABLA
+	{0x1D6C2, 0x1D6DA, prN},   // Ll    [25] MATHEMATICAL BOLD SMALL ALPHA..MATHEMATICAL BOLD SMALL OMEGA
+	{0x1D6DB, 0x1D6DB, prN},   // Sm         MATHEMATICAL BOLD PARTIAL DIFFERENTIAL
+	{0x1D6DC, 0x1D6FA, prN},   // L&    [31] MATHEMATICAL BOLD EPSILON SYMBOL..MATHEMATICAL ITALIC CAPITAL OMEGA
+	{0x1D6FB, 0x1D6FB, prN},   // Sm         MATHEMATICAL ITALIC NABLA
+	{0x1D6FC, 0x1D714, prN},   // Ll    [25] MATHEMATICAL ITALIC SMALL ALPHA..MATHEMATICAL ITALIC SMALL OMEGA
+	{0x1D715, 0x1D715, prN},   // Sm         MATHEMATICAL ITALIC PARTIAL DIFFERENTIAL
+	{0x1D716, 0x1D734, prN},   // L&    [31] MATHEMATICAL ITALIC EPSILON SYMBOL..MATHEMATICAL BOLD ITALIC CAPITAL OMEGA
+	{0x1D735, 0x1D735, prN},   // Sm         MATHEMATICAL BOLD ITALIC NABLA
+	{0x1D736, 0x1D74E, prN},   // Ll    [25] MATHEMATICAL BOLD ITALIC SMALL ALPHA..MATHEMATICAL BOLD ITALIC SMALL OMEGA
+	{0x1D74F, 0x1D74F, prN},   // Sm         MATHEMATICAL BOLD ITALIC PARTIAL DIFFERENTIAL
+	{0x1D750, 0x1D76E, prN},   // L&    [31] MATHEMATICAL BOLD ITALIC EPSILON SYMBOL..MATHEMATICAL SANS-SERIF BOLD CAPITAL OMEGA
+	{0x1D76F, 0x1D76F, prN},   // Sm         MATHEMATICAL SANS-SERIF BOLD NABLA
+	{0x1D770, 0x1D788, prN},   // Ll    [25] MATHEMATICAL SANS-SERIF BOLD SMALL ALPHA..MATHEMATICAL SANS-SERIF BOLD SMALL OMEGA
+	{0x1D789, 0x1D789, prN},   // Sm         MATHEMATICAL SANS-SERIF BOLD PARTIAL DIFFERENTIAL
+	{0x1D78A, 0x1D7A8, prN},   // L&    [31] MATHEMATICAL SANS-SERIF BOLD EPSILON SYMBOL..MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL OMEGA
+	{0x1D7A9, 0x1D7A9, prN},   // Sm         MATHEMATICAL SANS-SERIF BOLD ITALIC NABLA
+	{0x1D7AA, 0x1D7C2, prN},   // Ll    [25] MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL ALPHA..MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL OMEGA
+	{0x1D7C3, 0x1D7C3, prN},   // Sm         MATHEMATICAL SANS-SERIF BOLD ITALIC PARTIAL DIFFERENTIAL
+	{0x1D7C4, 0x1D7CB, prN},   // L&     [8] MATHEMATICAL SANS-SERIF BOLD ITALIC EPSILON SYMBOL..MATHEMATICAL BOLD SMALL DIGAMMA
+	{0x1D7CE, 0x1D7FF, prN},   // Nd    [50] MATHEMATICAL BOLD DIGIT ZERO..MATHEMATICAL MONOSPACE DIGIT NINE
+	{0x1D800, 0x1D9FF, prN},   // So   [512] SIGNWRITING HAND-FIST INDEX..SIGNWRITING HEAD
+	{0x1DA00, 0x1DA36, prN},   // Mn    [55] SIGNWRITING HEAD RIM..SIGNWRITING AIR SUCKING IN
+	{0x1DA37, 0x1DA3A, prN},   // So     [4] SIGNWRITING AIR BLOW SMALL ROTATIONS..SIGNWRITING BREATH EXHALE
+	{0x1DA3B, 0x1DA6C, prN},   // Mn    [50] SIGNWRITING MOUTH CLOSED NEUTRAL..SIGNWRITING EXCITEMENT
+	{0x1DA6D, 0x1DA74, prN},   // So     [8] SIGNWRITING SHOULDER HIP SPINE..SIGNWRITING TORSO-FLOORPLANE TWISTING
+	{0x1DA75, 0x1DA75, prN},   // Mn         SIGNWRITING UPPER BODY TILTING FROM HIP JOINTS
+	{0x1DA76, 0x1DA83, prN},   // So    [14] SIGNWRITING LIMB COMBINATION..SIGNWRITING LOCATION DEPTH
+	{0x1DA84, 0x1DA84, prN},   // Mn         SIGNWRITING LOCATION HEAD NECK
+	{0x1DA85, 0x1DA86, prN},   // So     [2] SIGNWRITING LOCATION TORSO..SIGNWRITING LOCATION LIMBS DIGITS
+	{0x1DA87, 0x1DA8B, prN},   // Po     [5] SIGNWRITING COMMA..SIGNWRITING PARENTHESIS
+	{0x1DA9B, 0x1DA9F, prN},   // Mn     [5] SIGNWRITING FILL MODIFIER-2..SIGNWRITING FILL MODIFIER-6
+	{0x1DAA1, 0x1DAAF, prN},   // Mn    [15] SIGNWRITING ROTATION MODIFIER-2..SIGNWRITING ROTATION MODIFIER-16
+	{0x1DF00, 0x1DF09, prN},   // Ll    [10] LATIN SMALL LETTER FENG DIGRAPH WITH TRILL..LATIN SMALL LETTER T WITH HOOK AND RETROFLEX HOOK
+	{0x1DF0A, 0x1DF0A, prN},   // Lo         LATIN LETTER RETROFLEX CLICK WITH RETROFLEX HOOK
+	{0x1DF0B, 0x1DF1E, prN},   // Ll    [20] LATIN SMALL LETTER ESH WITH DOUBLE BAR..LATIN SMALL LETTER S WITH CURL
+	{0x1E000, 0x1E006, prN},   // Mn     [7] COMBINING GLAGOLITIC LETTER AZU..COMBINING GLAGOLITIC LETTER ZHIVETE
+	{0x1E008, 0x1E018, prN},   // Mn    [17] COMBINING GLAGOLITIC LETTER ZEMLJA..COMBINING GLAGOLITIC LETTER HERU
+	{0x1E01B, 0x1E021, prN},   // Mn     [7] COMBINING GLAGOLITIC LETTER SHTA..COMBINING GLAGOLITIC LETTER YATI
+	{0x1E023, 0x1E024, prN},   // Mn     [2] COMBINING GLAGOLITIC LETTER YU..COMBINING GLAGOLITIC LETTER SMALL YUS
+	{0x1E026, 0x1E02A, prN},   // Mn     [5] COMBINING GLAGOLITIC LETTER YO..COMBINING GLAGOLITIC LETTER FITA
+	{0x1E100, 0x1E12C, prN},   // Lo    [45] NYIAKENG PUACHUE HMONG LETTER MA..NYIAKENG PUACHUE HMONG LETTER W
+	{0x1E130, 0x1E136, prN},   // Mn     [7] NYIAKENG PUACHUE HMONG TONE-B..NYIAKENG PUACHUE HMONG TONE-D
+	{0x1E137, 0x1E13D, prN},   // Lm     [7] NYIAKENG PUACHUE HMONG SIGN FOR PERSON..NYIAKENG PUACHUE HMONG SYLLABLE LENGTHENER
+	{0x1E140, 0x1E149, prN},   // Nd    [10] NYIAKENG PUACHUE HMONG DIGIT ZERO..NYIAKENG PUACHUE HMONG DIGIT NINE
+	{0x1E14E, 0x1E14E, prN},   // Lo         NYIAKENG PUACHUE HMONG LOGOGRAM NYAJ
+	{0x1E14F, 0x1E14F, prN},   // So         NYIAKENG PUACHUE HMONG CIRCLED CA
+	{0x1E290, 0x1E2AD, prN},   // Lo    [30] TOTO LETTER PA..TOTO LETTER A
+	{0x1E2AE, 0x1E2AE, prN},   // Mn         TOTO SIGN RISING TONE
+	{0x1E2C0, 0x1E2EB, prN},   // Lo    [44] WANCHO LETTER AA..WANCHO LETTER YIH
+	{0x1E2EC, 0x1E2EF, prN},   // Mn     [4] WANCHO TONE TUP..WANCHO TONE KOINI
+	{0x1E2F0, 0x1E2F9, prN},   // Nd    [10] WANCHO DIGIT ZERO..WANCHO DIGIT NINE
+	{0x1E2FF, 0x1E2FF, prN},   // Sc         WANCHO NGUN SIGN
+	{0x1E7E0, 0x1E7E6, prN},   // Lo     [7] ETHIOPIC SYLLABLE HHYA..ETHIOPIC SYLLABLE HHYO
+	{0x1E7E8, 0x1E7EB, prN},   // Lo     [4] ETHIOPIC SYLLABLE GURAGE HHWA..ETHIOPIC SYLLABLE HHWE
+	{0x1E7ED, 0x1E7EE, prN},   // Lo     [2] ETHIOPIC SYLLABLE GURAGE MWI..ETHIOPIC SYLLABLE GURAGE MWEE
+	{0x1E7F0, 0x1E7FE, prN},   // Lo    [15] ETHIOPIC SYLLABLE GURAGE QWI..ETHIOPIC SYLLABLE GURAGE PWEE
+	{0x1E800, 0x1E8C4, prN},   // Lo   [197] MENDE KIKAKUI SYLLABLE M001 KI..MENDE KIKAKUI SYLLABLE M060 NYON
+	{0x1E8C7, 0x1E8CF, prN},   // No     [9] MENDE KIKAKUI DIGIT ONE..MENDE KIKAKUI DIGIT NINE
+	{0x1E8D0, 0x1E8D6, prN},   // Mn     [7] MENDE KIKAKUI COMBINING NUMBER TEENS..MENDE KIKAKUI COMBINING NUMBER MILLIONS
+	{0x1E900, 0x1E943, prN},   // L&    [68] ADLAM CAPITAL LETTER ALIF..ADLAM SMALL LETTER SHA
+	{0x1E944, 0x1E94A, prN},   // Mn     [7] ADLAM ALIF LENGTHENER..ADLAM NUKTA
+	{0x1E94B, 0x1E94B, prN},   // Lm         ADLAM NASALIZATION MARK
+	{0x1E950, 0x1E959, prN},   // Nd    [10] ADLAM DIGIT ZERO..ADLAM DIGIT NINE
+	{0x1E95E, 0x1E95F, prN},   // Po     [2] ADLAM INITIAL EXCLAMATION MARK..ADLAM INITIAL QUESTION MARK
+	{0x1EC71, 0x1ECAB, prN},   // No    [59] INDIC SIYAQ NUMBER ONE..INDIC SIYAQ NUMBER PREFIXED NINE
+	{0x1ECAC, 0x1ECAC, prN},   // So         INDIC SIYAQ PLACEHOLDER
+	{0x1ECAD, 0x1ECAF, prN},   // No     [3] INDIC SIYAQ FRACTION ONE QUARTER..INDIC SIYAQ FRACTION THREE QUARTERS
+	{0x1ECB0, 0x1ECB0, prN},   // Sc         INDIC SIYAQ RUPEE MARK
+	{0x1ECB1, 0x1ECB4, prN},   // No     [4] INDIC SIYAQ NUMBER ALTERNATE ONE..INDIC SIYAQ ALTERNATE LAKH MARK
+	{0x1ED01, 0x1ED2D, prN},   // No    [45] OTTOMAN SIYAQ NUMBER ONE..OTTOMAN SIYAQ NUMBER NINETY THOUSAND
+	{0x1ED2E, 0x1ED2E, prN},   // So         OTTOMAN SIYAQ MARRATAN
+	{0x1ED2F, 0x1ED3D, prN},   // No    [15] OTTOMAN SIYAQ ALTERNATE NUMBER TWO..OTTOMAN SIYAQ FRACTION ONE SIXTH
+	{0x1EE00, 0x1EE03, prN},   // Lo     [4] ARABIC MATHEMATICAL ALEF..ARABIC MATHEMATICAL DAL
+	{0x1EE05, 0x1EE1F, prN},   // Lo    [27] ARABIC MATHEMATICAL WAW..ARABIC MATHEMATICAL DOTLESS QAF
+	{0x1EE21, 0x1EE22, prN},   // Lo     [2] ARABIC MATHEMATICAL INITIAL BEH..ARABIC MATHEMATICAL INITIAL JEEM
+	{0x1EE24, 0x1EE24, prN},   // Lo         ARABIC MATHEMATICAL INITIAL HEH
+	{0x1EE27, 0x1EE27, prN},   // Lo         ARABIC MATHEMATICAL INITIAL HAH
+	{0x1EE29, 0x1EE32, prN},   // Lo    [10] ARABIC MATHEMATICAL INITIAL YEH..ARABIC MATHEMATICAL INITIAL QAF
+	{0x1EE34, 0x1EE37, prN},   // Lo     [4] ARABIC MATHEMATICAL INITIAL SHEEN..ARABIC MATHEMATICAL INITIAL KHAH
+	{0x1EE39, 0x1EE39, prN},   // Lo         ARABIC MATHEMATICAL INITIAL DAD
+	{0x1EE3B, 0x1EE3B, prN},   // Lo         ARABIC MATHEMATICAL INITIAL GHAIN
+	{0x1EE42, 0x1EE42, prN},   // Lo         ARABIC MATHEMATICAL TAILED JEEM
+	{0x1EE47, 0x1EE47, prN},   // Lo         ARABIC MATHEMATICAL TAILED HAH
+	{0x1EE49, 0x1EE49, prN},   // Lo         ARABIC MATHEMATICAL TAILED YEH
+	{0x1EE4B, 0x1EE4B, prN},   // Lo         ARABIC MATHEMATICAL TAILED LAM
+	{0x1EE4D, 0x1EE4F, prN},   // Lo     [3] ARABIC MATHEMATICAL TAILED NOON..ARABIC MATHEMATICAL TAILED AIN
+	{0x1EE51, 0x1EE52, prN},   // Lo     [2] ARABIC MATHEMATICAL TAILED SAD..ARABIC MATHEMATICAL TAILED QAF
+	{0x1EE54, 0x1EE54, prN},   // Lo         ARABIC MATHEMATICAL TAILED SHEEN
+	{0x1EE57, 0x1EE57, prN},   // Lo         ARABIC MATHEMATICAL TAILED KHAH
+	{0x1EE59, 0x1EE59, prN},   // Lo         ARABIC MATHEMATICAL TAILED DAD
+	{0x1EE5B, 0x1EE5B, prN},   // Lo         ARABIC MATHEMATICAL TAILED GHAIN
+	{0x1EE5D, 0x1EE5D, prN},   // Lo         ARABIC MATHEMATICAL TAILED DOTLESS NOON
+	{0x1EE5F, 0x1EE5F, prN},   // Lo         ARABIC MATHEMATICAL TAILED DOTLESS QAF
+	{0x1EE61, 0x1EE62, prN},   // Lo     [2] ARABIC MATHEMATICAL STRETCHED BEH..ARABIC MATHEMATICAL STRETCHED JEEM
+	{0x1EE64, 0x1EE64, prN},   // Lo         ARABIC MATHEMATICAL STRETCHED HEH
+	{0x1EE67, 0x1EE6A, prN},   // Lo     [4] ARABIC MATHEMATICAL STRETCHED HAH..ARABIC MATHEMATICAL STRETCHED KAF
+	{0x1EE6C, 0x1EE72, prN},   // Lo     [7] ARABIC MATHEMATICAL STRETCHED MEEM..ARABIC MATHEMATICAL STRETCHED QAF
+	{0x1EE74, 0x1EE77, prN},   // Lo     [4] ARABIC MATHEMATICAL STRETCHED SHEEN..ARABIC MATHEMATICAL STRETCHED KHAH
+	{0x1EE79, 0x1EE7C, prN},   // Lo     [4] ARABIC MATHEMATICAL STRETCHED DAD..ARABIC MATHEMATICAL STRETCHED DOTLESS BEH
+	{0x1EE7E, 0x1EE7E, prN},   // Lo         ARABIC MATHEMATICAL STRETCHED DOTLESS FEH
+	{0x1EE80, 0x1EE89, prN},   // Lo    [10] ARABIC MATHEMATICAL LOOPED ALEF..ARABIC MATHEMATICAL LOOPED YEH
+	{0x1EE8B, 0x1EE9B, prN},   // Lo    [17] ARABIC MATHEMATICAL LOOPED LAM..ARABIC MATHEMATICAL LOOPED GHAIN
+	{0x1EEA1, 0x1EEA3, prN},   // Lo     [3] ARABIC MATHEMATICAL DOUBLE-STRUCK BEH..ARABIC MATHEMATICAL DOUBLE-STRUCK DAL
+	{0x1EEA5, 0x1EEA9, prN},   // Lo     [5] ARABIC MATHEMATICAL DOUBLE-STRUCK WAW..ARABIC MATHEMATICAL DOUBLE-STRUCK YEH
+	{0x1EEAB, 0x1EEBB, prN},   // Lo    [17] ARABIC MATHEMATICAL DOUBLE-STRUCK LAM..ARABIC MATHEMATICAL DOUBLE-STRUCK GHAIN
+	{0x1EEF0, 0x1EEF1, prN},   // Sm     [2] ARABIC MATHEMATICAL OPERATOR MEEM WITH HAH WITH TATWEEL..ARABIC MATHEMATICAL OPERATOR HAH WITH DAL
+	{0x1F000, 0x1F003, prN},   // So     [4] MAHJONG TILE EAST WIND..MAHJONG TILE NORTH WIND
+	{0x1F004, 0x1F004, prW},   // So         MAHJONG TILE RED DRAGON
+	{0x1F005, 0x1F02B, prN},   // So    [39] MAHJONG TILE GREEN DRAGON..MAHJONG TILE BACK
+	{0x1F030, 0x1F093, prN},   // So   [100] DOMINO TILE HORIZONTAL BACK..DOMINO TILE VERTICAL-06-06
+	{0x1F0A0, 0x1F0AE, prN},   // So    [15] PLAYING CARD BACK..PLAYING CARD KING OF SPADES
+	{0x1F0B1, 0x1F0BF, prN},   // So    [15] PLAYING CARD ACE OF HEARTS..PLAYING CARD RED JOKER
+	{0x1F0C1, 0x1F0CE, prN},   // So    [14] PLAYING CARD ACE OF DIAMONDS..PLAYING CARD KING OF DIAMONDS
+	{0x1F0CF, 0x1F0CF, prW},   // So         PLAYING CARD BLACK JOKER
+	{0x1F0D1, 0x1F0F5, prN},   // So    [37] PLAYING CARD ACE OF CLUBS..PLAYING CARD TRUMP-21
+	{0x1F100, 0x1F10A, prA},   // No    [11] DIGIT ZERO FULL STOP..DIGIT NINE COMMA
+	{0x1F10B, 0x1F10C, prN},   // No     [2] DINGBAT CIRCLED SANS-SERIF DIGIT ZERO..DINGBAT NEGATIVE CIRCLED SANS-SERIF DIGIT ZERO
+	{0x1F10D, 0x1F10F, prN},   // So     [3] CIRCLED ZERO WITH SLASH..CIRCLED DOLLAR SIGN WITH OVERLAID BACKSLASH
+	{0x1F110, 0x1F12D, prA},   // So    [30] PARENTHESIZED LATIN CAPITAL LETTER A..CIRCLED CD
+	{0x1F12E, 0x1F12F, prN},   // So     [2] CIRCLED WZ..COPYLEFT SYMBOL
+	{0x1F130, 0x1F169, prA},   // So    [58] SQUARED LATIN CAPITAL LETTER A..NEGATIVE CIRCLED LATIN CAPITAL LETTER Z
+	{0x1F16A, 0x1F16F, prN},   // So     [6] RAISED MC SIGN..CIRCLED HUMAN FIGURE
+	{0x1F170, 0x1F18D, prA},   // So    [30] NEGATIVE SQUARED LATIN CAPITAL LETTER A..NEGATIVE SQUARED SA
+	{0x1F18E, 0x1F18E, prW},   // So         NEGATIVE SQUARED AB
+	{0x1F18F, 0x1F190, prA},   // So     [2] NEGATIVE SQUARED WC..SQUARE DJ
+	{0x1F191, 0x1F19A, prW},   // So    [10] SQUARED CL..SQUARED VS
+	{0x1F19B, 0x1F1AC, prA},   // So    [18] SQUARED THREE D..SQUARED VOD
+	{0x1F1AD, 0x1F1AD, prN},   // So         MASK WORK SYMBOL
+	{0x1F1E6, 0x1F1FF, prN},   // So    [26] REGIONAL INDICATOR SYMBOL LETTER A..REGIONAL INDICATOR SYMBOL LETTER Z
+	{0x1F200, 0x1F202, prW},   // So     [3] SQUARE HIRAGANA HOKA..SQUARED KATAKANA SA
+	{0x1F210, 0x1F23B, prW},   // So    [44] SQUARED CJK UNIFIED IDEOGRAPH-624B..SQUARED CJK UNIFIED IDEOGRAPH-914D
+	{0x1F240, 0x1F248, prW},   // So     [9] TORTOISE SHELL BRACKETED CJK UNIFIED IDEOGRAPH-672C..TORTOISE SHELL BRACKETED CJK UNIFIED IDEOGRAPH-6557
+	{0x1F250, 0x1F251, prW},   // So     [2] CIRCLED IDEOGRAPH ADVANTAGE..CIRCLED IDEOGRAPH ACCEPT
+	{0x1F260, 0x1F265, prW},   // So     [6] ROUNDED SYMBOL FOR FU..ROUNDED SYMBOL FOR CAI
+	{0x1F300, 0x1F320, prW},   // So    [33] CYCLONE..SHOOTING STAR
+	{0x1F321, 0x1F32C, prN},   // So    [12] THERMOMETER..WIND BLOWING FACE
+	{0x1F32D, 0x1F335, prW},   // So     [9] HOT DOG..CACTUS
+	{0x1F336, 0x1F336, prN},   // So         HOT PEPPER
+	{0x1F337, 0x1F37C, prW},   // So    [70] TULIP..BABY BOTTLE
+	{0x1F37D, 0x1F37D, prN},   // So         FORK AND KNIFE WITH PLATE
+	{0x1F37E, 0x1F393, prW},   // So    [22] BOTTLE WITH POPPING CORK..GRADUATION CAP
+	{0x1F394, 0x1F39F, prN},   // So    [12] HEART WITH TIP ON THE LEFT..ADMISSION TICKETS
+	{0x1F3A0, 0x1F3CA, prW},   // So    [43] CAROUSEL HORSE..SWIMMER
+	{0x1F3CB, 0x1F3CE, prN},   // So     [4] WEIGHT LIFTER..RACING CAR
+	{0x1F3CF, 0x1F3D3, prW},   // So     [5] CRICKET BAT AND BALL..TABLE TENNIS PADDLE AND BALL
+	{0x1F3D4, 0x1F3DF, prN},   // So    [12] SNOW CAPPED MOUNTAIN..STADIUM
+	{0x1F3E0, 0x1F3F0, prW},   // So    [17] HOUSE BUILDING..EUROPEAN CASTLE
+	{0x1F3F1, 0x1F3F3, prN},   // So     [3] WHITE PENNANT..WAVING WHITE FLAG
+	{0x1F3F4, 0x1F3F4, prW},   // So         WAVING BLACK FLAG
+	{0x1F3F5, 0x1F3F7, prN},   // So     [3] ROSETTE..LABEL
+	{0x1F3F8, 0x1F3FA, prW},   // So     [3] BADMINTON RACQUET AND SHUTTLECOCK..AMPHORA
+	{0x1F3FB, 0x1F3FF, prW},   // Sk     [5] EMOJI MODIFIER FITZPATRICK TYPE-1-2..EMOJI MODIFIER FITZPATRICK TYPE-6
+	{0x1F400, 0x1F43E, prW},   // So    [63] RAT..PAW PRINTS
+	{0x1F43F, 0x1F43F, prN},   // So         CHIPMUNK
+	{0x1F440, 0x1F440, prW},   // So         EYES
+	{0x1F441, 0x1F441, prN},   // So         EYE
+	{0x1F442, 0x1F4FC, prW},   // So   [187] EAR..VIDEOCASSETTE
+	{0x1F4FD, 0x1F4FE, prN},   // So     [2] FILM PROJECTOR..PORTABLE STEREO
+	{0x1F4FF, 0x1F53D, prW},   // So    [63] PRAYER BEADS..DOWN-POINTING SMALL RED TRIANGLE
+	{0x1F53E, 0x1F54A, prN},   // So    [13] LOWER RIGHT SHADOWED WHITE CIRCLE..DOVE OF PEACE
+	{0x1F54B, 0x1F54E, prW},   // So     [4] KAABA..MENORAH WITH NINE BRANCHES
+	{0x1F54F, 0x1F54F, prN},   // So         BOWL OF HYGIEIA
+	{0x1F550, 0x1F567, prW},   // So    [24] CLOCK FACE ONE OCLOCK..CLOCK FACE TWELVE-THIRTY
+	{0x1F568, 0x1F579, prN},   // So    [18] RIGHT SPEAKER..JOYSTICK
+	{0x1F57A, 0x1F57A, prW},   // So         MAN DANCING
+	{0x1F57B, 0x1F594, prN},   // So    [26] LEFT HAND TELEPHONE RECEIVER..REVERSED VICTORY HAND
+	{0x1F595, 0x1F596, prW},   // So     [2] REVERSED HAND WITH MIDDLE FINGER EXTENDED..RAISED HAND WITH PART BETWEEN MIDDLE AND RING FINGERS
+	{0x1F597, 0x1F5A3, prN},   // So    [13] WHITE DOWN POINTING LEFT HAND INDEX..BLACK DOWN POINTING BACKHAND INDEX
+	{0x1F5A4, 0x1F5A4, prW},   // So         BLACK HEART
+	{0x1F5A5, 0x1F5FA, prN},   // So    [86] DESKTOP COMPUTER..WORLD MAP
+	{0x1F5FB, 0x1F5FF, prW},   // So     [5] MOUNT FUJI..MOYAI
+	{0x1F600, 0x1F64F, prW},   // So    [80] GRINNING FACE..PERSON WITH FOLDED HANDS
+	{0x1F650, 0x1F67F, prN},   // So    [48] NORTH WEST POINTING LEAF..REVERSE CHECKER BOARD
+	{0x1F680, 0x1F6C5, prW},   // So    [70] ROCKET..LEFT LUGGAGE
+	{0x1F6C6, 0x1F6CB, prN},   // So     [6] TRIANGLE WITH ROUNDED CORNERS..COUCH AND LAMP
+	{0x1F6CC, 0x1F6CC, prW},   // So         SLEEPING ACCOMMODATION
+	{0x1F6CD, 0x1F6CF, prN},   // So     [3] SHOPPING BAGS..BED
+	{0x1F6D0, 0x1F6D2, prW},   // So     [3] PLACE OF WORSHIP..SHOPPING TROLLEY
+	{0x1F6D3, 0x1F6D4, prN},   // So     [2] STUPA..PAGODA
+	{0x1F6D5, 0x1F6D7, prW},   // So     [3] HINDU TEMPLE..ELEVATOR
+	{0x1F6DD, 0x1F6DF, prW},   // So     [3] PLAYGROUND SLIDE..RING BUOY
+	{0x1F6E0, 0x1F6EA, prN},   // So    [11] HAMMER AND WRENCH..NORTHEAST-POINTING AIRPLANE
+	{0x1F6EB, 0x1F6EC, prW},   // So     [2] AIRPLANE DEPARTURE..AIRPLANE ARRIVING
+	{0x1F6F0, 0x1F6F3, prN},   // So     [4] SATELLITE..PASSENGER SHIP
+	{0x1F6F4, 0x1F6FC, prW},   // So     [9] SCOOTER..ROLLER SKATE
+	{0x1F700, 0x1F773, prN},   // So   [116] ALCHEMICAL SYMBOL FOR QUINTESSENCE..ALCHEMICAL SYMBOL FOR HALF OUNCE
+	{0x1F780, 0x1F7D8, prN},   // So    [89] BLACK LEFT-POINTING ISOSCELES RIGHT TRIANGLE..NEGATIVE CIRCLED SQUARE
+	{0x1F7E0, 0x1F7EB, prW},   // So    [12] LARGE ORANGE CIRCLE..LARGE BROWN SQUARE
+	{0x1F7F0, 0x1F7F0, prW},   // So         HEAVY EQUALS SIGN
+	{0x1F800, 0x1F80B, prN},   // So    [12] LEFTWARDS ARROW WITH SMALL TRIANGLE ARROWHEAD..DOWNWARDS ARROW WITH LARGE TRIANGLE ARROWHEAD
+	{0x1F810, 0x1F847, prN},   // So    [56] LEFTWARDS ARROW WITH SMALL EQUILATERAL ARROWHEAD..DOWNWARDS HEAVY ARROW
+	{0x1F850, 0x1F859, prN},   // So    [10] LEFTWARDS SANS-SERIF ARROW..UP DOWN SANS-SERIF ARROW
+	{0x1F860, 0x1F887, prN},   // So    [40] WIDE-HEADED LEFTWARDS LIGHT BARB ARROW..WIDE-HEADED SOUTH WEST VERY HEAVY BARB ARROW
+	{0x1F890, 0x1F8AD, prN},   // So    [30] LEFTWARDS TRIANGLE ARROWHEAD..WHITE ARROW SHAFT WIDTH TWO THIRDS
+	{0x1F8B0, 0x1F8B1, prN},   // So     [2] ARROW POINTING UPWARDS THEN NORTH WEST..ARROW POINTING RIGHTWARDS THEN CURVING SOUTH WEST
+	{0x1F900, 0x1F90B, prN},   // So    [12] CIRCLED CROSS FORMEE WITH FOUR DOTS..DOWNWARD FACING NOTCHED HOOK WITH DOT
+	{0x1F90C, 0x1F93A, prW},   // So    [47] PINCHED FINGERS..FENCER
+	{0x1F93B, 0x1F93B, prN},   // So         MODERN PENTATHLON
+	{0x1F93C, 0x1F945, prW},   // So    [10] WRESTLERS..GOAL NET
+	{0x1F946, 0x1F946, prN},   // So         RIFLE
+	{0x1F947, 0x1F9FF, prW},   // So   [185] FIRST PLACE MEDAL..NAZAR AMULET
+	{0x1FA00, 0x1FA53, prN},   // So    [84] NEUTRAL CHESS KING..BLACK CHESS KNIGHT-BISHOP
+	{0x1FA60, 0x1FA6D, prN},   // So    [14] XIANGQI RED GENERAL..XIANGQI BLACK SOLDIER
+	{0x1FA70, 0x1FA74, prW},   // So     [5] BALLET SHOES..THONG SANDAL
+	{0x1FA78, 0x1FA7C, prW},   // So     [5] DROP OF BLOOD..CRUTCH
+	{0x1FA80, 0x1FA86, prW},   // So     [7] YO-YO..NESTING DOLLS
+	{0x1FA90, 0x1FAAC, prW},   // So    [29] RINGED PLANET..HAMSA
+	{0x1FAB0, 0x1FABA, prW},   // So    [11] FLY..NEST WITH EGGS
+	{0x1FAC0, 0x1FAC5, prW},   // So     [6] ANATOMICAL HEART..PERSON WITH CROWN
+	{0x1FAD0, 0x1FAD9, prW},   // So    [10] BLUEBERRIES..JAR
+	{0x1FAE0, 0x1FAE7, prW},   // So     [8] MELTING FACE..BUBBLES
+	{0x1FAF0, 0x1FAF6, prW},   // So     [7] HAND WITH INDEX FINGER AND THUMB CROSSED..HEART HANDS
+	{0x1FB00, 0x1FB92, prN},   // So   [147] BLOCK SEXTANT-1..UPPER HALF INVERSE MEDIUM SHADE AND LOWER HALF BLOCK
+	{0x1FB94, 0x1FBCA, prN},   // So    [55] LEFT HALF INVERSE MEDIUM SHADE AND RIGHT HALF BLOCK..WHITE UP-POINTING CHEVRON
+	{0x1FBF0, 0x1FBF9, prN},   // Nd    [10] SEGMENTED DIGIT ZERO..SEGMENTED DIGIT NINE
+	{0x20000, 0x2A6DF, prW},   // Lo [42720] CJK UNIFIED IDEOGRAPH-20000..CJK UNIFIED IDEOGRAPH-2A6DF
+	{0x2A6E0, 0x2A6FF, prW},   // Cn    [32] <reserved-2A6E0>..<reserved-2A6FF>
+	{0x2A700, 0x2B738, prW},   // Lo  [4153] CJK UNIFIED IDEOGRAPH-2A700..CJK UNIFIED IDEOGRAPH-2B738
+	{0x2B739, 0x2B73F, prW},   // Cn     [7] <reserved-2B739>..<reserved-2B73F>
+	{0x2B740, 0x2B81D, prW},   // Lo   [222] CJK UNIFIED IDEOGRAPH-2B740..CJK UNIFIED IDEOGRAPH-2B81D
+	{0x2B81E, 0x2B81F, prW},   // Cn     [2] <reserved-2B81E>..<reserved-2B81F>
+	{0x2B820, 0x2CEA1, prW},   // Lo  [5762] CJK UNIFIED IDEOGRAPH-2B820..CJK UNIFIED IDEOGRAPH-2CEA1
+	{0x2CEA2, 0x2CEAF, prW},   // Cn    [14] <reserved-2CEA2>..<reserved-2CEAF>
+	{0x2CEB0, 0x2EBE0, prW},   // Lo  [7473] CJK UNIFIED IDEOGRAPH-2CEB0..CJK UNIFIED IDEOGRAPH-2EBE0
+	{0x2EBE1, 0x2F7FF, prW},   // Cn  [3103] <reserved-2EBE1>..<reserved-2F7FF>
+	{0x2F800, 0x2FA1D, prW},   // Lo   [542] CJK COMPATIBILITY IDEOGRAPH-2F800..CJK COMPATIBILITY IDEOGRAPH-2FA1D
+	{0x2FA1E, 0x2FA1F, prW},   // Cn     [2] <reserved-2FA1E>..<reserved-2FA1F>
+	{0x2FA20, 0x2FFFD, prW},   // Cn  [1502] <reserved-2FA20>..<reserved-2FFFD>
+	{0x30000, 0x3134A, prW},   // Lo  [4939] CJK UNIFIED IDEOGRAPH-30000..CJK UNIFIED IDEOGRAPH-3134A
+	{0x3134B, 0x3FFFD, prW},   // Cn [60595] <reserved-3134B>..<reserved-3FFFD>
+	{0xE0001, 0xE0001, prN},   // Cf         LANGUAGE TAG
+	{0xE0020, 0xE007F, prN},   // Cf    [96] TAG SPACE..CANCEL TAG
+	{0xE0100, 0xE01EF, prA},   // Mn   [240] VARIATION SELECTOR-17..VARIATION SELECTOR-256
+	{0xF0000, 0xFFFFD, prA},   // Co [65534] <private-use-F0000>..<private-use-FFFFD>
+	{0x100000, 0x10FFFD, prA}, // Co [65534] <private-use-100000>..<private-use-10FFFD>
+}
diff --git a/vendor/github.com/rivo/uniseg/emojipresentation.go b/vendor/github.com/rivo/uniseg/emojipresentation.go
new file mode 100644
index 0000000000..fd0f7451af
--- /dev/null
+++ b/vendor/github.com/rivo/uniseg/emojipresentation.go
@@ -0,0 +1,285 @@
+package uniseg
+
+// Code generated via go generate from gen_properties.go. DO NOT EDIT.
+
+// emojiPresentation are taken from
+//
+// and
+// https://unicode.org/Public/14.0.0/ucd/emoji/emoji-data.txt
+// ("Extended_Pictographic" only)
+// on September 10, 2022. See https://www.unicode.org/license.html for the Unicode
+// license agreement.
+var emojiPresentation = [][3]int{
+	{0x231A, 0x231B, prEmojiPresentation},   // E0.6   [2] (⌚..⌛)    watch..hourglass done
+	{0x23E9, 0x23EC, prEmojiPresentation},   // E0.6   [4] (�..�)    fast-forward button..fast down button
+	{0x23F0, 0x23F0, prEmojiPresentation},   // E0.6   [1] (�)       alarm clock
+	{0x23F3, 0x23F3, prEmojiPresentation},   // E0.6   [1] (�)       hourglass not done
+	{0x25FD, 0x25FE, prEmojiPresentation},   // E0.6   [2] (â—½..â—¾)    white medium-small square..black medium-small square
+	{0x2614, 0x2615, prEmojiPresentation},   // E0.6   [2] (☔..☕)    umbrella with rain drops..hot beverage
+	{0x2648, 0x2653, prEmojiPresentation},   // E0.6  [12] (♈..♓)    Aries..Pisces
+	{0x267F, 0x267F, prEmojiPresentation},   // E0.6   [1] (♿)       wheelchair symbol
+	{0x2693, 0x2693, prEmojiPresentation},   // E0.6   [1] (âš“)       anchor
+	{0x26A1, 0x26A1, prEmojiPresentation},   // E0.6   [1] (âš¡)       high voltage
+	{0x26AA, 0x26AB, prEmojiPresentation},   // E0.6   [2] (⚪..⚫)    white circle..black circle
+	{0x26BD, 0x26BE, prEmojiPresentation},   // E0.6   [2] (âš½..âš¾)    soccer ball..baseball
+	{0x26C4, 0x26C5, prEmojiPresentation},   // E0.6   [2] (⛄..⛅)    snowman without snow..sun behind cloud
+	{0x26CE, 0x26CE, prEmojiPresentation},   // E0.6   [1] (⛎)       Ophiuchus
+	{0x26D4, 0x26D4, prEmojiPresentation},   // E0.6   [1] (â›”)       no entry
+	{0x26EA, 0x26EA, prEmojiPresentation},   // E0.6   [1] (⛪)       church
+	{0x26F2, 0x26F3, prEmojiPresentation},   // E0.6   [2] (⛲..⛳)    fountain..flag in hole
+	{0x26F5, 0x26F5, prEmojiPresentation},   // E0.6   [1] (⛵)       sailboat
+	{0x26FA, 0x26FA, prEmojiPresentation},   // E0.6   [1] (⛺)       tent
+	{0x26FD, 0x26FD, prEmojiPresentation},   // E0.6   [1] (⛽)       fuel pump
+	{0x2705, 0x2705, prEmojiPresentation},   // E0.6   [1] (✅)       check mark button
+	{0x270A, 0x270B, prEmojiPresentation},   // E0.6   [2] (✊..✋)    raised fist..raised hand
+	{0x2728, 0x2728, prEmojiPresentation},   // E0.6   [1] (✨)       sparkles
+	{0x274C, 0x274C, prEmojiPresentation},   // E0.6   [1] (�)       cross mark
+	{0x274E, 0x274E, prEmojiPresentation},   // E0.6   [1] (�)       cross mark button
+	{0x2753, 0x2755, prEmojiPresentation},   // E0.6   [3] (�..�)    red question mark..white exclamation mark
+	{0x2757, 0x2757, prEmojiPresentation},   // E0.6   [1] (�)       red exclamation mark
+	{0x2795, 0x2797, prEmojiPresentation},   // E0.6   [3] (âž•..âž—)    plus..divide
+	{0x27B0, 0x27B0, prEmojiPresentation},   // E0.6   [1] (âž°)       curly loop
+	{0x27BF, 0x27BF, prEmojiPresentation},   // E1.0   [1] (âž¿)       double curly loop
+	{0x2B1B, 0x2B1C, prEmojiPresentation},   // E0.6   [2] (⬛..⬜)    black large square..white large square
+	{0x2B50, 0x2B50, prEmojiPresentation},   // E0.6   [1] (â­�)       star
+	{0x2B55, 0x2B55, prEmojiPresentation},   // E0.6   [1] (â­•)       hollow red circle
+	{0x1F004, 0x1F004, prEmojiPresentation}, // E0.6   [1] (🀄)       mahjong red dragon
+	{0x1F0CF, 0x1F0CF, prEmojiPresentation}, // E0.6   [1] (�)       joker
+	{0x1F18E, 0x1F18E, prEmojiPresentation}, // E0.6   [1] (🆎)       AB button (blood type)
+	{0x1F191, 0x1F19A, prEmojiPresentation}, // E0.6  [10] (🆑..🆚)    CL button..VS button
+	{0x1F1E6, 0x1F1FF, prEmojiPresentation}, // E0.0  [26] (🇦..🇿)    regional indicator symbol letter a..regional indicator symbol letter z
+	{0x1F201, 0x1F201, prEmojiPresentation}, // E0.6   [1] (�)       Japanese “here� button
+	{0x1F21A, 0x1F21A, prEmojiPresentation}, // E0.6   [1] (🈚)       Japanese “free of charge� button
+	{0x1F22F, 0x1F22F, prEmojiPresentation}, // E0.6   [1] (🈯)       Japanese “reserved� button
+	{0x1F232, 0x1F236, prEmojiPresentation}, // E0.6   [5] (🈲..🈶)    Japanese “prohibited� button..Japanese “not free of charge� button
+	{0x1F238, 0x1F23A, prEmojiPresentation}, // E0.6   [3] (🈸..🈺)    Japanese “application� button..Japanese “open for business� button
+	{0x1F250, 0x1F251, prEmojiPresentation}, // E0.6   [2] (�..🉑)    Japanese “bargain� button..Japanese “acceptable� button
+	{0x1F300, 0x1F30C, prEmojiPresentation}, // E0.6  [13] (🌀..🌌)    cyclone..milky way
+	{0x1F30D, 0x1F30E, prEmojiPresentation}, // E0.7   [2] (�..🌎)    globe showing Europe-Africa..globe showing Americas
+	{0x1F30F, 0x1F30F, prEmojiPresentation}, // E0.6   [1] (�)       globe showing Asia-Australia
+	{0x1F310, 0x1F310, prEmojiPresentation}, // E1.0   [1] (�)       globe with meridians
+	{0x1F311, 0x1F311, prEmojiPresentation}, // E0.6   [1] (🌑)       new moon
+	{0x1F312, 0x1F312, prEmojiPresentation}, // E1.0   [1] (🌒)       waxing crescent moon
+	{0x1F313, 0x1F315, prEmojiPresentation}, // E0.6   [3] (🌓..🌕)    first quarter moon..full moon
+	{0x1F316, 0x1F318, prEmojiPresentation}, // E1.0   [3] (🌖..🌘)    waning gibbous moon..waning crescent moon
+	{0x1F319, 0x1F319, prEmojiPresentation}, // E0.6   [1] (🌙)       crescent moon
+	{0x1F31A, 0x1F31A, prEmojiPresentation}, // E1.0   [1] (🌚)       new moon face
+	{0x1F31B, 0x1F31B, prEmojiPresentation}, // E0.6   [1] (🌛)       first quarter moon face
+	{0x1F31C, 0x1F31C, prEmojiPresentation}, // E0.7   [1] (🌜)       last quarter moon face
+	{0x1F31D, 0x1F31E, prEmojiPresentation}, // E1.0   [2] (�..🌞)    full moon face..sun with face
+	{0x1F31F, 0x1F320, prEmojiPresentation}, // E0.6   [2] (🌟..🌠)    glowing star..shooting star
+	{0x1F32D, 0x1F32F, prEmojiPresentation}, // E1.0   [3] (🌭..🌯)    hot dog..burrito
+	{0x1F330, 0x1F331, prEmojiPresentation}, // E0.6   [2] (🌰..🌱)    chestnut..seedling
+	{0x1F332, 0x1F333, prEmojiPresentation}, // E1.0   [2] (🌲..🌳)    evergreen tree..deciduous tree
+	{0x1F334, 0x1F335, prEmojiPresentation}, // E0.6   [2] (🌴..🌵)    palm tree..cactus
+	{0x1F337, 0x1F34A, prEmojiPresentation}, // E0.6  [20] (🌷..�)    tulip..tangerine
+	{0x1F34B, 0x1F34B, prEmojiPresentation}, // E1.0   [1] (�)       lemon
+	{0x1F34C, 0x1F34F, prEmojiPresentation}, // E0.6   [4] (�..�)    banana..green apple
+	{0x1F350, 0x1F350, prEmojiPresentation}, // E1.0   [1] (�)       pear
+	{0x1F351, 0x1F37B, prEmojiPresentation}, // E0.6  [43] (�..�)    peach..clinking beer mugs
+	{0x1F37C, 0x1F37C, prEmojiPresentation}, // E1.0   [1] (�)       baby bottle
+	{0x1F37E, 0x1F37F, prEmojiPresentation}, // E1.0   [2] (�..�)    bottle with popping cork..popcorn
+	{0x1F380, 0x1F393, prEmojiPresentation}, // E0.6  [20] (🎀..🎓)    ribbon..graduation cap
+	{0x1F3A0, 0x1F3C4, prEmojiPresentation}, // E0.6  [37] (🎠..�)    carousel horse..person surfing
+	{0x1F3C5, 0x1F3C5, prEmojiPresentation}, // E1.0   [1] (�)       sports medal
+	{0x1F3C6, 0x1F3C6, prEmojiPresentation}, // E0.6   [1] (�)       trophy
+	{0x1F3C7, 0x1F3C7, prEmojiPresentation}, // E1.0   [1] (�)       horse racing
+	{0x1F3C8, 0x1F3C8, prEmojiPresentation}, // E0.6   [1] (�)       american football
+	{0x1F3C9, 0x1F3C9, prEmojiPresentation}, // E1.0   [1] (�)       rugby football
+	{0x1F3CA, 0x1F3CA, prEmojiPresentation}, // E0.6   [1] (�)       person swimming
+	{0x1F3CF, 0x1F3D3, prEmojiPresentation}, // E1.0   [5] (�..�)    cricket game..ping pong
+	{0x1F3E0, 0x1F3E3, prEmojiPresentation}, // E0.6   [4] (�..�)    house..Japanese post office
+	{0x1F3E4, 0x1F3E4, prEmojiPresentation}, // E1.0   [1] (�)       post office
+	{0x1F3E5, 0x1F3F0, prEmojiPresentation}, // E0.6  [12] (�..�)    hospital..castle
+	{0x1F3F4, 0x1F3F4, prEmojiPresentation}, // E1.0   [1] (�)       black flag
+	{0x1F3F8, 0x1F407, prEmojiPresentation}, // E1.0  [16] (�..�)    badminton..rabbit
+	{0x1F408, 0x1F408, prEmojiPresentation}, // E0.7   [1] (�)       cat
+	{0x1F409, 0x1F40B, prEmojiPresentation}, // E1.0   [3] (�..�)    dragon..whale
+	{0x1F40C, 0x1F40E, prEmojiPresentation}, // E0.6   [3] (�..�)    snail..horse
+	{0x1F40F, 0x1F410, prEmojiPresentation}, // E1.0   [2] (�..�)    ram..goat
+	{0x1F411, 0x1F412, prEmojiPresentation}, // E0.6   [2] (�..�)    ewe..monkey
+	{0x1F413, 0x1F413, prEmojiPresentation}, // E1.0   [1] (�)       rooster
+	{0x1F414, 0x1F414, prEmojiPresentation}, // E0.6   [1] (�)       chicken
+	{0x1F415, 0x1F415, prEmojiPresentation}, // E0.7   [1] (�)       dog
+	{0x1F416, 0x1F416, prEmojiPresentation}, // E1.0   [1] (�)       pig
+	{0x1F417, 0x1F429, prEmojiPresentation}, // E0.6  [19] (�..�)    boar..poodle
+	{0x1F42A, 0x1F42A, prEmojiPresentation}, // E1.0   [1] (�)       camel
+	{0x1F42B, 0x1F43E, prEmojiPresentation}, // E0.6  [20] (�..�)    two-hump camel..paw prints
+	{0x1F440, 0x1F440, prEmojiPresentation}, // E0.6   [1] (👀)       eyes
+	{0x1F442, 0x1F464, prEmojiPresentation}, // E0.6  [35] (👂..👤)    ear..bust in silhouette
+	{0x1F465, 0x1F465, prEmojiPresentation}, // E1.0   [1] (👥)       busts in silhouette
+	{0x1F466, 0x1F46B, prEmojiPresentation}, // E0.6   [6] (👦..👫)    boy..woman and man holding hands
+	{0x1F46C, 0x1F46D, prEmojiPresentation}, // E1.0   [2] (👬..👭)    men holding hands..women holding hands
+	{0x1F46E, 0x1F4AC, prEmojiPresentation}, // E0.6  [63] (👮..💬)    police officer..speech balloon
+	{0x1F4AD, 0x1F4AD, prEmojiPresentation}, // E1.0   [1] (💭)       thought balloon
+	{0x1F4AE, 0x1F4B5, prEmojiPresentation}, // E0.6   [8] (💮..💵)    white flower..dollar banknote
+	{0x1F4B6, 0x1F4B7, prEmojiPresentation}, // E1.0   [2] (💶..💷)    euro banknote..pound banknote
+	{0x1F4B8, 0x1F4EB, prEmojiPresentation}, // E0.6  [52] (💸..📫)    money with wings..closed mailbox with raised flag
+	{0x1F4EC, 0x1F4ED, prEmojiPresentation}, // E0.7   [2] (📬..📭)    open mailbox with raised flag..open mailbox with lowered flag
+	{0x1F4EE, 0x1F4EE, prEmojiPresentation}, // E0.6   [1] (📮)       postbox
+	{0x1F4EF, 0x1F4EF, prEmojiPresentation}, // E1.0   [1] (📯)       postal horn
+	{0x1F4F0, 0x1F4F4, prEmojiPresentation}, // E0.6   [5] (📰..📴)    newspaper..mobile phone off
+	{0x1F4F5, 0x1F4F5, prEmojiPresentation}, // E1.0   [1] (📵)       no mobile phones
+	{0x1F4F6, 0x1F4F7, prEmojiPresentation}, // E0.6   [2] (📶..📷)    antenna bars..camera
+	{0x1F4F8, 0x1F4F8, prEmojiPresentation}, // E1.0   [1] (📸)       camera with flash
+	{0x1F4F9, 0x1F4FC, prEmojiPresentation}, // E0.6   [4] (📹..📼)    video camera..videocassette
+	{0x1F4FF, 0x1F502, prEmojiPresentation}, // E1.0   [4] (📿..🔂)    prayer beads..repeat single button
+	{0x1F503, 0x1F503, prEmojiPresentation}, // E0.6   [1] (🔃)       clockwise vertical arrows
+	{0x1F504, 0x1F507, prEmojiPresentation}, // E1.0   [4] (🔄..🔇)    counterclockwise arrows button..muted speaker
+	{0x1F508, 0x1F508, prEmojiPresentation}, // E0.7   [1] (🔈)       speaker low volume
+	{0x1F509, 0x1F509, prEmojiPresentation}, // E1.0   [1] (🔉)       speaker medium volume
+	{0x1F50A, 0x1F514, prEmojiPresentation}, // E0.6  [11] (🔊..🔔)    speaker high volume..bell
+	{0x1F515, 0x1F515, prEmojiPresentation}, // E1.0   [1] (🔕)       bell with slash
+	{0x1F516, 0x1F52B, prEmojiPresentation}, // E0.6  [22] (🔖..🔫)    bookmark..water pistol
+	{0x1F52C, 0x1F52D, prEmojiPresentation}, // E1.0   [2] (🔬..🔭)    microscope..telescope
+	{0x1F52E, 0x1F53D, prEmojiPresentation}, // E0.6  [16] (🔮..🔽)    crystal ball..downwards button
+	{0x1F54B, 0x1F54E, prEmojiPresentation}, // E1.0   [4] (🕋..🕎)    kaaba..menorah
+	{0x1F550, 0x1F55B, prEmojiPresentation}, // E0.6  [12] (�..🕛)    one o’clock..twelve o’clock
+	{0x1F55C, 0x1F567, prEmojiPresentation}, // E0.7  [12] (🕜..🕧)    one-thirty..twelve-thirty
+	{0x1F57A, 0x1F57A, prEmojiPresentation}, // E3.0   [1] (🕺)       man dancing
+	{0x1F595, 0x1F596, prEmojiPresentation}, // E1.0   [2] (🖕..🖖)    middle finger..vulcan salute
+	{0x1F5A4, 0x1F5A4, prEmojiPresentation}, // E3.0   [1] (🖤)       black heart
+	{0x1F5FB, 0x1F5FF, prEmojiPresentation}, // E0.6   [5] (🗻..🗿)    mount fuji..moai
+	{0x1F600, 0x1F600, prEmojiPresentation}, // E1.0   [1] (😀)       grinning face
+	{0x1F601, 0x1F606, prEmojiPresentation}, // E0.6   [6] (�..😆)    beaming face with smiling eyes..grinning squinting face
+	{0x1F607, 0x1F608, prEmojiPresentation}, // E1.0   [2] (😇..😈)    smiling face with halo..smiling face with horns
+	{0x1F609, 0x1F60D, prEmojiPresentation}, // E0.6   [5] (😉..�)    winking face..smiling face with heart-eyes
+	{0x1F60E, 0x1F60E, prEmojiPresentation}, // E1.0   [1] (😎)       smiling face with sunglasses
+	{0x1F60F, 0x1F60F, prEmojiPresentation}, // E0.6   [1] (�)       smirking face
+	{0x1F610, 0x1F610, prEmojiPresentation}, // E0.7   [1] (�)       neutral face
+	{0x1F611, 0x1F611, prEmojiPresentation}, // E1.0   [1] (😑)       expressionless face
+	{0x1F612, 0x1F614, prEmojiPresentation}, // E0.6   [3] (😒..😔)    unamused face..pensive face
+	{0x1F615, 0x1F615, prEmojiPresentation}, // E1.0   [1] (😕)       confused face
+	{0x1F616, 0x1F616, prEmojiPresentation}, // E0.6   [1] (😖)       confounded face
+	{0x1F617, 0x1F617, prEmojiPresentation}, // E1.0   [1] (😗)       kissing face
+	{0x1F618, 0x1F618, prEmojiPresentation}, // E0.6   [1] (😘)       face blowing a kiss
+	{0x1F619, 0x1F619, prEmojiPresentation}, // E1.0   [1] (😙)       kissing face with smiling eyes
+	{0x1F61A, 0x1F61A, prEmojiPresentation}, // E0.6   [1] (😚)       kissing face with closed eyes
+	{0x1F61B, 0x1F61B, prEmojiPresentation}, // E1.0   [1] (😛)       face with tongue
+	{0x1F61C, 0x1F61E, prEmojiPresentation}, // E0.6   [3] (😜..😞)    winking face with tongue..disappointed face
+	{0x1F61F, 0x1F61F, prEmojiPresentation}, // E1.0   [1] (😟)       worried face
+	{0x1F620, 0x1F625, prEmojiPresentation}, // E0.6   [6] (😠..😥)    angry face..sad but relieved face
+	{0x1F626, 0x1F627, prEmojiPresentation}, // E1.0   [2] (😦..😧)    frowning face with open mouth..anguished face
+	{0x1F628, 0x1F62B, prEmojiPresentation}, // E0.6   [4] (😨..😫)    fearful face..tired face
+	{0x1F62C, 0x1F62C, prEmojiPresentation}, // E1.0   [1] (😬)       grimacing face
+	{0x1F62D, 0x1F62D, prEmojiPresentation}, // E0.6   [1] (😭)       loudly crying face
+	{0x1F62E, 0x1F62F, prEmojiPresentation}, // E1.0   [2] (😮..😯)    face with open mouth..hushed face
+	{0x1F630, 0x1F633, prEmojiPresentation}, // E0.6   [4] (😰..😳)    anxious face with sweat..flushed face
+	{0x1F634, 0x1F634, prEmojiPresentation}, // E1.0   [1] (😴)       sleeping face
+	{0x1F635, 0x1F635, prEmojiPresentation}, // E0.6   [1] (😵)       face with crossed-out eyes
+	{0x1F636, 0x1F636, prEmojiPresentation}, // E1.0   [1] (😶)       face without mouth
+	{0x1F637, 0x1F640, prEmojiPresentation}, // E0.6  [10] (😷..🙀)    face with medical mask..weary cat
+	{0x1F641, 0x1F644, prEmojiPresentation}, // E1.0   [4] (�..🙄)    slightly frowning face..face with rolling eyes
+	{0x1F645, 0x1F64F, prEmojiPresentation}, // E0.6  [11] (🙅..�)    person gesturing NO..folded hands
+	{0x1F680, 0x1F680, prEmojiPresentation}, // E0.6   [1] (🚀)       rocket
+	{0x1F681, 0x1F682, prEmojiPresentation}, // E1.0   [2] (�..🚂)    helicopter..locomotive
+	{0x1F683, 0x1F685, prEmojiPresentation}, // E0.6   [3] (🚃..🚅)    railway car..bullet train
+	{0x1F686, 0x1F686, prEmojiPresentation}, // E1.0   [1] (🚆)       train
+	{0x1F687, 0x1F687, prEmojiPresentation}, // E0.6   [1] (🚇)       metro
+	{0x1F688, 0x1F688, prEmojiPresentation}, // E1.0   [1] (🚈)       light rail
+	{0x1F689, 0x1F689, prEmojiPresentation}, // E0.6   [1] (🚉)       station
+	{0x1F68A, 0x1F68B, prEmojiPresentation}, // E1.0   [2] (🚊..🚋)    tram..tram car
+	{0x1F68C, 0x1F68C, prEmojiPresentation}, // E0.6   [1] (🚌)       bus
+	{0x1F68D, 0x1F68D, prEmojiPresentation}, // E0.7   [1] (�)       oncoming bus
+	{0x1F68E, 0x1F68E, prEmojiPresentation}, // E1.0   [1] (🚎)       trolleybus
+	{0x1F68F, 0x1F68F, prEmojiPresentation}, // E0.6   [1] (�)       bus stop
+	{0x1F690, 0x1F690, prEmojiPresentation}, // E1.0   [1] (�)       minibus
+	{0x1F691, 0x1F693, prEmojiPresentation}, // E0.6   [3] (🚑..🚓)    ambulance..police car
+	{0x1F694, 0x1F694, prEmojiPresentation}, // E0.7   [1] (🚔)       oncoming police car
+	{0x1F695, 0x1F695, prEmojiPresentation}, // E0.6   [1] (🚕)       taxi
+	{0x1F696, 0x1F696, prEmojiPresentation}, // E1.0   [1] (🚖)       oncoming taxi
+	{0x1F697, 0x1F697, prEmojiPresentation}, // E0.6   [1] (🚗)       automobile
+	{0x1F698, 0x1F698, prEmojiPresentation}, // E0.7   [1] (🚘)       oncoming automobile
+	{0x1F699, 0x1F69A, prEmojiPresentation}, // E0.6   [2] (🚙..🚚)    sport utility vehicle..delivery truck
+	{0x1F69B, 0x1F6A1, prEmojiPresentation}, // E1.0   [7] (🚛..🚡)    articulated lorry..aerial tramway
+	{0x1F6A2, 0x1F6A2, prEmojiPresentation}, // E0.6   [1] (🚢)       ship
+	{0x1F6A3, 0x1F6A3, prEmojiPresentation}, // E1.0   [1] (🚣)       person rowing boat
+	{0x1F6A4, 0x1F6A5, prEmojiPresentation}, // E0.6   [2] (🚤..🚥)    speedboat..horizontal traffic light
+	{0x1F6A6, 0x1F6A6, prEmojiPresentation}, // E1.0   [1] (🚦)       vertical traffic light
+	{0x1F6A7, 0x1F6AD, prEmojiPresentation}, // E0.6   [7] (🚧..🚭)    construction..no smoking
+	{0x1F6AE, 0x1F6B1, prEmojiPresentation}, // E1.0   [4] (🚮..🚱)    litter in bin sign..non-potable water
+	{0x1F6B2, 0x1F6B2, prEmojiPresentation}, // E0.6   [1] (🚲)       bicycle
+	{0x1F6B3, 0x1F6B5, prEmojiPresentation}, // E1.0   [3] (🚳..🚵)    no bicycles..person mountain biking
+	{0x1F6B6, 0x1F6B6, prEmojiPresentation}, // E0.6   [1] (🚶)       person walking
+	{0x1F6B7, 0x1F6B8, prEmojiPresentation}, // E1.0   [2] (🚷..🚸)    no pedestrians..children crossing
+	{0x1F6B9, 0x1F6BE, prEmojiPresentation}, // E0.6   [6] (🚹..🚾)    men’s room..water closet
+	{0x1F6BF, 0x1F6BF, prEmojiPresentation}, // E1.0   [1] (🚿)       shower
+	{0x1F6C0, 0x1F6C0, prEmojiPresentation}, // E0.6   [1] (🛀)       person taking bath
+	{0x1F6C1, 0x1F6C5, prEmojiPresentation}, // E1.0   [5] (�..🛅)    bathtub..left luggage
+	{0x1F6CC, 0x1F6CC, prEmojiPresentation}, // E1.0   [1] (🛌)       person in bed
+	{0x1F6D0, 0x1F6D0, prEmojiPresentation}, // E1.0   [1] (�)       place of worship
+	{0x1F6D1, 0x1F6D2, prEmojiPresentation}, // E3.0   [2] (🛑..🛒)    stop sign..shopping cart
+	{0x1F6D5, 0x1F6D5, prEmojiPresentation}, // E12.0  [1] (🛕)       hindu temple
+	{0x1F6D6, 0x1F6D7, prEmojiPresentation}, // E13.0  [2] (🛖..🛗)    hut..elevator
+	{0x1F6DD, 0x1F6DF, prEmojiPresentation}, // E14.0  [3] (�..🛟)    playground slide..ring buoy
+	{0x1F6EB, 0x1F6EC, prEmojiPresentation}, // E1.0   [2] (🛫..🛬)    airplane departure..airplane arrival
+	{0x1F6F4, 0x1F6F6, prEmojiPresentation}, // E3.0   [3] (🛴..🛶)    kick scooter..canoe
+	{0x1F6F7, 0x1F6F8, prEmojiPresentation}, // E5.0   [2] (🛷..🛸)    sled..flying saucer
+	{0x1F6F9, 0x1F6F9, prEmojiPresentation}, // E11.0  [1] (🛹)       skateboard
+	{0x1F6FA, 0x1F6FA, prEmojiPresentation}, // E12.0  [1] (🛺)       auto rickshaw
+	{0x1F6FB, 0x1F6FC, prEmojiPresentation}, // E13.0  [2] (🛻..🛼)    pickup truck..roller skate
+	{0x1F7E0, 0x1F7EB, prEmojiPresentation}, // E12.0 [12] (🟠..🟫)    orange circle..brown square
+	{0x1F7F0, 0x1F7F0, prEmojiPresentation}, // E14.0  [1] (🟰)       heavy equals sign
+	{0x1F90C, 0x1F90C, prEmojiPresentation}, // E13.0  [1] (🤌)       pinched fingers
+	{0x1F90D, 0x1F90F, prEmojiPresentation}, // E12.0  [3] (�..�)    white heart..pinching hand
+	{0x1F910, 0x1F918, prEmojiPresentation}, // E1.0   [9] (�..🤘)    zipper-mouth face..sign of the horns
+	{0x1F919, 0x1F91E, prEmojiPresentation}, // E3.0   [6] (🤙..🤞)    call me hand..crossed fingers
+	{0x1F91F, 0x1F91F, prEmojiPresentation}, // E5.0   [1] (🤟)       love-you gesture
+	{0x1F920, 0x1F927, prEmojiPresentation}, // E3.0   [8] (🤠..🤧)    cowboy hat face..sneezing face
+	{0x1F928, 0x1F92F, prEmojiPresentation}, // E5.0   [8] (🤨..🤯)    face with raised eyebrow..exploding head
+	{0x1F930, 0x1F930, prEmojiPresentation}, // E3.0   [1] (🤰)       pregnant woman
+	{0x1F931, 0x1F932, prEmojiPresentation}, // E5.0   [2] (🤱..🤲)    breast-feeding..palms up together
+	{0x1F933, 0x1F93A, prEmojiPresentation}, // E3.0   [8] (🤳..🤺)    selfie..person fencing
+	{0x1F93C, 0x1F93E, prEmojiPresentation}, // E3.0   [3] (🤼..🤾)    people wrestling..person playing handball
+	{0x1F93F, 0x1F93F, prEmojiPresentation}, // E12.0  [1] (🤿)       diving mask
+	{0x1F940, 0x1F945, prEmojiPresentation}, // E3.0   [6] (🥀..🥅)    wilted flower..goal net
+	{0x1F947, 0x1F94B, prEmojiPresentation}, // E3.0   [5] (🥇..🥋)    1st place medal..martial arts uniform
+	{0x1F94C, 0x1F94C, prEmojiPresentation}, // E5.0   [1] (🥌)       curling stone
+	{0x1F94D, 0x1F94F, prEmojiPresentation}, // E11.0  [3] (�..�)    lacrosse..flying disc
+	{0x1F950, 0x1F95E, prEmojiPresentation}, // E3.0  [15] (�..🥞)    croissant..pancakes
+	{0x1F95F, 0x1F96B, prEmojiPresentation}, // E5.0  [13] (🥟..🥫)    dumpling..canned food
+	{0x1F96C, 0x1F970, prEmojiPresentation}, // E11.0  [5] (🥬..🥰)    leafy green..smiling face with hearts
+	{0x1F971, 0x1F971, prEmojiPresentation}, // E12.0  [1] (🥱)       yawning face
+	{0x1F972, 0x1F972, prEmojiPresentation}, // E13.0  [1] (🥲)       smiling face with tear
+	{0x1F973, 0x1F976, prEmojiPresentation}, // E11.0  [4] (🥳..🥶)    partying face..cold face
+	{0x1F977, 0x1F978, prEmojiPresentation}, // E13.0  [2] (🥷..🥸)    ninja..disguised face
+	{0x1F979, 0x1F979, prEmojiPresentation}, // E14.0  [1] (🥹)       face holding back tears
+	{0x1F97A, 0x1F97A, prEmojiPresentation}, // E11.0  [1] (🥺)       pleading face
+	{0x1F97B, 0x1F97B, prEmojiPresentation}, // E12.0  [1] (🥻)       sari
+	{0x1F97C, 0x1F97F, prEmojiPresentation}, // E11.0  [4] (🥼..🥿)    lab coat..flat shoe
+	{0x1F980, 0x1F984, prEmojiPresentation}, // E1.0   [5] (🦀..🦄)    crab..unicorn
+	{0x1F985, 0x1F991, prEmojiPresentation}, // E3.0  [13] (🦅..🦑)    eagle..squid
+	{0x1F992, 0x1F997, prEmojiPresentation}, // E5.0   [6] (🦒..🦗)    giraffe..cricket
+	{0x1F998, 0x1F9A2, prEmojiPresentation}, // E11.0 [11] (🦘..🦢)    kangaroo..swan
+	{0x1F9A3, 0x1F9A4, prEmojiPresentation}, // E13.0  [2] (🦣..🦤)    mammoth..dodo
+	{0x1F9A5, 0x1F9AA, prEmojiPresentation}, // E12.0  [6] (🦥..🦪)    sloth..oyster
+	{0x1F9AB, 0x1F9AD, prEmojiPresentation}, // E13.0  [3] (🦫..🦭)    beaver..seal
+	{0x1F9AE, 0x1F9AF, prEmojiPresentation}, // E12.0  [2] (🦮..🦯)    guide dog..white cane
+	{0x1F9B0, 0x1F9B9, prEmojiPresentation}, // E11.0 [10] (🦰..🦹)    red hair..supervillain
+	{0x1F9BA, 0x1F9BF, prEmojiPresentation}, // E12.0  [6] (🦺..🦿)    safety vest..mechanical leg
+	{0x1F9C0, 0x1F9C0, prEmojiPresentation}, // E1.0   [1] (🧀)       cheese wedge
+	{0x1F9C1, 0x1F9C2, prEmojiPresentation}, // E11.0  [2] (�..🧂)    cupcake..salt
+	{0x1F9C3, 0x1F9CA, prEmojiPresentation}, // E12.0  [8] (🧃..🧊)    beverage box..ice
+	{0x1F9CB, 0x1F9CB, prEmojiPresentation}, // E13.0  [1] (🧋)       bubble tea
+	{0x1F9CC, 0x1F9CC, prEmojiPresentation}, // E14.0  [1] (🧌)       troll
+	{0x1F9CD, 0x1F9CF, prEmojiPresentation}, // E12.0  [3] (�..�)    person standing..deaf person
+	{0x1F9D0, 0x1F9E6, prEmojiPresentation}, // E5.0  [23] (�..🧦)    face with monocle..socks
+	{0x1F9E7, 0x1F9FF, prEmojiPresentation}, // E11.0 [25] (🧧..🧿)    red envelope..nazar amulet
+	{0x1FA70, 0x1FA73, prEmojiPresentation}, // E12.0  [4] (🩰..🩳)    ballet shoes..shorts
+	{0x1FA74, 0x1FA74, prEmojiPresentation}, // E13.0  [1] (🩴)       thong sandal
+	{0x1FA78, 0x1FA7A, prEmojiPresentation}, // E12.0  [3] (🩸..🩺)    drop of blood..stethoscope
+	{0x1FA7B, 0x1FA7C, prEmojiPresentation}, // E14.0  [2] (🩻..🩼)    x-ray..crutch
+	{0x1FA80, 0x1FA82, prEmojiPresentation}, // E12.0  [3] (🪀..🪂)    yo-yo..parachute
+	{0x1FA83, 0x1FA86, prEmojiPresentation}, // E13.0  [4] (🪃..🪆)    boomerang..nesting dolls
+	{0x1FA90, 0x1FA95, prEmojiPresentation}, // E12.0  [6] (�..🪕)    ringed planet..banjo
+	{0x1FA96, 0x1FAA8, prEmojiPresentation}, // E13.0 [19] (🪖..🪨)    military helmet..rock
+	{0x1FAA9, 0x1FAAC, prEmojiPresentation}, // E14.0  [4] (🪩..🪬)    mirror ball..hamsa
+	{0x1FAB0, 0x1FAB6, prEmojiPresentation}, // E13.0  [7] (🪰..🪶)    fly..feather
+	{0x1FAB7, 0x1FABA, prEmojiPresentation}, // E14.0  [4] (🪷..🪺)    lotus..nest with eggs
+	{0x1FAC0, 0x1FAC2, prEmojiPresentation}, // E13.0  [3] (🫀..🫂)    anatomical heart..people hugging
+	{0x1FAC3, 0x1FAC5, prEmojiPresentation}, // E14.0  [3] (🫃..🫅)    pregnant man..person with crown
+	{0x1FAD0, 0x1FAD6, prEmojiPresentation}, // E13.0  [7] (�..🫖)    blueberries..teapot
+	{0x1FAD7, 0x1FAD9, prEmojiPresentation}, // E14.0  [3] (🫗..🫙)    pouring liquid..jar
+	{0x1FAE0, 0x1FAE7, prEmojiPresentation}, // E14.0  [8] (🫠..🫧)    melting face..bubbles
+	{0x1FAF0, 0x1FAF6, prEmojiPresentation}, // E14.0  [7] (🫰..🫶)    hand with index finger and thumb crossed..heart hands
+}
diff --git a/vendor/github.com/rivo/uniseg/gen_breaktest.go b/vendor/github.com/rivo/uniseg/gen_breaktest.go
new file mode 100644
index 0000000000..e613c4cd00
--- /dev/null
+++ b/vendor/github.com/rivo/uniseg/gen_breaktest.go
@@ -0,0 +1,213 @@
+//go:build generate
+
+// This program generates a Go containing a slice of test cases based on the
+// Unicode Character Database auxiliary data files. The command line arguments
+// are as follows:
+//
+//   1. The name of the Unicode data file (just the filename, without extension).
+//   2. The name of the locally generated Go file.
+//   3. The name of the slice containing the test cases.
+//   4. The name of the generator, for logging purposes.
+//
+//go:generate go run gen_breaktest.go GraphemeBreakTest graphemebreak_test.go graphemeBreakTestCases graphemes
+//go:generate go run gen_breaktest.go WordBreakTest wordbreak_test.go wordBreakTestCases words
+//go:generate go run gen_breaktest.go SentenceBreakTest sentencebreak_test.go sentenceBreakTestCases sentences
+//go:generate go run gen_breaktest.go LineBreakTest linebreak_test.go lineBreakTestCases lines
+
+package main
+
+import (
+	"bufio"
+	"bytes"
+	"errors"
+	"fmt"
+	"go/format"
+	"io/ioutil"
+	"log"
+	"net/http"
+	"os"
+	"time"
+)
+
+// We want to test against a specific version rather than the latest. When the
+// package is upgraded to a new version, change these to generate new tests.
+const (
+	testCaseURL = `https://www.unicode.org/Public/14.0.0/ucd/auxiliary/%s.txt`
+)
+
+func main() {
+	if len(os.Args) < 5 {
+		fmt.Println("Not enough arguments, see code for details")
+		os.Exit(1)
+	}
+
+	log.SetPrefix("gen_breaktest (" + os.Args[4] + "): ")
+	log.SetFlags(0)
+
+	// Read text of testcases and parse into Go source code.
+	src, err := parse(fmt.Sprintf(testCaseURL, os.Args[1]))
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	// Format the Go code.
+	formatted, err := format.Source(src)
+	if err != nil {
+		log.Fatalln("gofmt:", err)
+	}
+
+	// Write it out.
+	log.Print("Writing to ", os.Args[2])
+	if err := ioutil.WriteFile(os.Args[2], formatted, 0644); err != nil {
+		log.Fatal(err)
+	}
+}
+
+// parse reads a break text file, either from a local file or from a URL. It
+// parses the file data into Go source code representing the test cases.
+func parse(url string) ([]byte, error) {
+	log.Printf("Parsing %s", url)
+	res, err := http.Get(url)
+	if err != nil {
+		return nil, err
+	}
+	body := res.Body
+	defer body.Close()
+
+	buf := new(bytes.Buffer)
+	buf.Grow(120 << 10)
+	buf.WriteString(`package uniseg
+
+// Code generated via go generate from gen_breaktest.go. DO NOT EDIT.
+
+// ` + os.Args[3] + ` are Grapheme testcases taken from
+// ` + url + `
+// on ` + time.Now().Format("January 2, 2006") + `. See
+// https://www.unicode.org/license.html for the Unicode license agreement.
+var ` + os.Args[3] + ` = []testCase {
+`)
+
+	sc := bufio.NewScanner(body)
+	num := 1
+	var line []byte
+	original := make([]byte, 0, 64)
+	expected := make([]byte, 0, 64)
+	for sc.Scan() {
+		num++
+		line = sc.Bytes()
+		if len(line) == 0 || line[0] == '#' {
+			continue
+		}
+		var comment []byte
+		if i := bytes.IndexByte(line, '#'); i >= 0 {
+			comment = bytes.TrimSpace(line[i+1:])
+			line = bytes.TrimSpace(line[:i])
+		}
+		original, expected, err := parseRuneSequence(line, original[:0], expected[:0])
+		if err != nil {
+			return nil, fmt.Errorf(`line %d: %v: %q`, num, err, line)
+		}
+		fmt.Fprintf(buf, "\t{original: \"%s\", expected: %s}, // %s\n", original, expected, comment)
+	}
+	if err := sc.Err(); err != nil {
+		return nil, err
+	}
+
+	// Check for final "# EOF", useful check if we're streaming via HTTP
+	if !bytes.Equal(line, []byte("# EOF")) {
+		return nil, fmt.Errorf(`line %d: exected "# EOF" as final line, got %q`, num, line)
+	}
+	buf.WriteString("}\n")
+	return buf.Bytes(), nil
+}
+
+// Used by parseRuneSequence to match input via bytes.HasPrefix.
+var (
+	prefixBreak     = []byte("÷ ")
+	prefixDontBreak = []byte("× ")
+	breakOk         = []byte("÷")
+	breakNo         = []byte("×")
+)
+
+// parseRuneSequence parses a rune + breaking opportunity sequence from b
+// and appends the Go code for testcase.original to orig
+// and appends the Go code for testcase.expected to exp.
+// It retuns the new orig and exp slices.
+//
+// E.g. for the input b="÷ 0020 × 0308 ÷ 1F1E6 ÷"
+// it will append
+//     "\u0020\u0308\U0001F1E6"
+// and "[][]rune{{0x0020,0x0308},{0x1F1E6},}"
+// to orig and exp respectively.
+//
+// The formatting of exp is expected to be cleaned up by gofmt or format.Source.
+// Note we explicitly require the sequence to start with ÷ and we implicitly
+// require it to end with ÷.
+func parseRuneSequence(b, orig, exp []byte) ([]byte, []byte, error) {
+	// Check for and remove first ÷ or ×.
+	if !bytes.HasPrefix(b, prefixBreak) && !bytes.HasPrefix(b, prefixDontBreak) {
+		return nil, nil, errors.New("expected ÷ or × as first character")
+	}
+	if bytes.HasPrefix(b, prefixBreak) {
+		b = b[len(prefixBreak):]
+	} else {
+		b = b[len(prefixDontBreak):]
+	}
+
+	boundary := true
+	exp = append(exp, "[][]rune{"...)
+	for len(b) > 0 {
+		if boundary {
+			exp = append(exp, '{')
+		}
+		exp = append(exp, "0x"...)
+		// Find end of hex digits.
+		var i int
+		for i = 0; i < len(b) && b[i] != ' '; i++ {
+			if d := b[i]; ('0' <= d || d <= '9') ||
+				('A' <= d || d <= 'F') ||
+				('a' <= d || d <= 'f') {
+				continue
+			}
+			return nil, nil, errors.New("bad hex digit")
+		}
+		switch i {
+		case 4:
+			orig = append(orig, "\\u"...)
+		case 5:
+			orig = append(orig, "\\U000"...)
+		default:
+			return nil, nil, errors.New("unsupport code point hex length")
+		}
+		orig = append(orig, b[:i]...)
+		exp = append(exp, b[:i]...)
+		b = b[i:]
+
+		// Check for space between hex and ÷ or ×.
+		if len(b) < 1 || b[0] != ' ' {
+			return nil, nil, errors.New("bad input")
+		}
+		b = b[1:]
+
+		// Check for next boundary.
+		switch {
+		case bytes.HasPrefix(b, breakOk):
+			boundary = true
+			b = b[len(breakOk):]
+		case bytes.HasPrefix(b, breakNo):
+			boundary = false
+			b = b[len(breakNo):]
+		default:
+			return nil, nil, errors.New("missing ÷ or ×")
+		}
+		if boundary {
+			exp = append(exp, '}')
+		}
+		exp = append(exp, ',')
+		if len(b) > 0 && b[0] == ' ' {
+			b = b[1:]
+		}
+	}
+	exp = append(exp, '}')
+	return orig, exp, nil
+}
diff --git a/vendor/github.com/rivo/uniseg/gen_properties.go b/vendor/github.com/rivo/uniseg/gen_properties.go
new file mode 100644
index 0000000000..999d5efddf
--- /dev/null
+++ b/vendor/github.com/rivo/uniseg/gen_properties.go
@@ -0,0 +1,256 @@
+//go:build generate
+
+// This program generates a property file in Go file from Unicode Character
+// Database auxiliary data files. The command line arguments are as follows:
+//
+//  1. The name of the Unicode data file (just the filename, without extension).
+//     Can be "-" (to skip) if the emoji flag is included.
+//  2. The name of the locally generated Go file.
+//  3. The name of the slice mapping code points to properties.
+//  4. The name of the generator, for logging purposes.
+//  5. (Optional) Flags, comma-separated. The following flags are available:
+//     - "emojis=<property>": include the specified emoji properties (e.g.
+//     "Extended_Pictographic").
+//     - "gencat": include general category properties.
+//
+//go:generate go run gen_properties.go auxiliary/GraphemeBreakProperty graphemeproperties.go graphemeCodePoints graphemes emojis=Extended_Pictographic
+//go:generate go run gen_properties.go auxiliary/WordBreakProperty wordproperties.go workBreakCodePoints words emojis=Extended_Pictographic
+//go:generate go run gen_properties.go auxiliary/SentenceBreakProperty sentenceproperties.go sentenceBreakCodePoints sentences
+//go:generate go run gen_properties.go LineBreak lineproperties.go lineBreakCodePoints lines gencat
+//go:generate go run gen_properties.go EastAsianWidth eastasianwidth.go eastAsianWidth eastasianwidth
+//go:generate go run gen_properties.go - emojipresentation.go emojiPresentation emojipresentation emojis=Emoji_Presentation
+package main
+
+import (
+	"bufio"
+	"bytes"
+	"errors"
+	"fmt"
+	"go/format"
+	"io/ioutil"
+	"log"
+	"net/http"
+	"os"
+	"regexp"
+	"sort"
+	"strconv"
+	"strings"
+	"time"
+)
+
+// We want to test against a specific version rather than the latest. When the
+// package is upgraded to a new version, change these to generate new tests.
+const (
+	propertyURL = `https://www.unicode.org/Public/14.0.0/ucd/%s.txt`
+	emojiURL    = `https://unicode.org/Public/14.0.0/ucd/emoji/emoji-data.txt`
+)
+
+// The regular expression for a line containing a code point range property.
+var propertyPattern = regexp.MustCompile(`^([0-9A-F]{4,6})(\.\.([0-9A-F]{4,6}))?\s*;\s*([A-Za-z0-9_]+)\s*#\s(.+)$`)
+
+func main() {
+	if len(os.Args) < 5 {
+		fmt.Println("Not enough arguments, see code for details")
+		os.Exit(1)
+	}
+
+	log.SetPrefix("gen_properties (" + os.Args[4] + "): ")
+	log.SetFlags(0)
+
+	// Parse flags.
+	flags := make(map[string]string)
+	if len(os.Args) >= 6 {
+		for _, flag := range strings.Split(os.Args[5], ",") {
+			flagFields := strings.Split(flag, "=")
+			if len(flagFields) == 1 {
+				flags[flagFields[0]] = "yes"
+			} else {
+				flags[flagFields[0]] = flagFields[1]
+			}
+		}
+	}
+
+	// Parse the text file and generate Go source code from it.
+	_, includeGeneralCategory := flags["gencat"]
+	var mainURL string
+	if os.Args[1] != "-" {
+		mainURL = fmt.Sprintf(propertyURL, os.Args[1])
+	}
+	src, err := parse(mainURL, flags["emojis"], includeGeneralCategory)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	// Format the Go code.
+	formatted, err := format.Source([]byte(src))
+	if err != nil {
+		log.Fatal("gofmt:", err)
+	}
+
+	// Save it to the (local) target file.
+	log.Print("Writing to ", os.Args[2])
+	if err := ioutil.WriteFile(os.Args[2], formatted, 0644); err != nil {
+		log.Fatal(err)
+	}
+}
+
+// parse parses the Unicode Properties text files located at the given URLs and
+// returns their equivalent Go source code to be used in the uniseg package. If
+// "emojiProperty" is not an empty string, emoji code points for that emoji
+// property (e.g. "Extended_Pictographic") will be included. In those cases, you
+// may pass an empty "propertyURL" to skip parsing the main properties file. If
+// "includeGeneralCategory" is true, the Unicode General Category property will
+// be extracted from the comments and included in the output.
+func parse(propertyURL, emojiProperty string, includeGeneralCategory bool) (string, error) {
+	if propertyURL == "" && emojiProperty == "" {
+		return "", errors.New("no properties to parse")
+	}
+
+	// Temporary buffer to hold properties.
+	var properties [][4]string
+
+	// Open the first URL.
+	if propertyURL != "" {
+		log.Printf("Parsing %s", propertyURL)
+		res, err := http.Get(propertyURL)
+		if err != nil {
+			return "", err
+		}
+		in1 := res.Body
+		defer in1.Close()
+
+		// Parse it.
+		scanner := bufio.NewScanner(in1)
+		num := 0
+		for scanner.Scan() {
+			num++
+			line := strings.TrimSpace(scanner.Text())
+
+			// Skip comments and empty lines.
+			if strings.HasPrefix(line, "#") || line == "" {
+				continue
+			}
+
+			// Everything else must be a code point range, a property and a comment.
+			from, to, property, comment, err := parseProperty(line)
+			if err != nil {
+				return "", fmt.Errorf("%s line %d: %v", os.Args[4], num, err)
+			}
+			properties = append(properties, [4]string{from, to, property, comment})
+		}
+		if err := scanner.Err(); err != nil {
+			return "", err
+		}
+	}
+
+	// Open the second URL.
+	if emojiProperty != "" {
+		log.Printf("Parsing %s", emojiURL)
+		res, err := http.Get(emojiURL)
+		if err != nil {
+			return "", err
+		}
+		in2 := res.Body
+		defer in2.Close()
+
+		// Parse it.
+		scanner := bufio.NewScanner(in2)
+		num := 0
+		for scanner.Scan() {
+			num++
+			line := scanner.Text()
+
+			// Skip comments, empty lines, and everything not containing
+			// "Extended_Pictographic".
+			if strings.HasPrefix(line, "#") || line == "" || !strings.Contains(line, emojiProperty) {
+				continue
+			}
+
+			// Everything else must be a code point range, a property and a comment.
+			from, to, property, comment, err := parseProperty(line)
+			if err != nil {
+				return "", fmt.Errorf("emojis line %d: %v", num, err)
+			}
+			properties = append(properties, [4]string{from, to, property, comment})
+		}
+		if err := scanner.Err(); err != nil {
+			return "", err
+		}
+	}
+
+	// Sort properties.
+	sort.Slice(properties, func(i, j int) bool {
+		left, _ := strconv.ParseUint(properties[i][0], 16, 64)
+		right, _ := strconv.ParseUint(properties[j][0], 16, 64)
+		return left < right
+	})
+
+	// Header.
+	var (
+		buf          bytes.Buffer
+		emojiComment string
+	)
+	columns := 3
+	if includeGeneralCategory {
+		columns = 4
+	}
+	if emojiURL != "" {
+		emojiComment = `
+// and
+// ` + emojiURL + `
+// ("Extended_Pictographic" only)`
+	}
+	buf.WriteString(`package uniseg
+
+// Code generated via go generate from gen_properties.go. DO NOT EDIT.
+
+// ` + os.Args[3] + ` are taken from
+// ` + propertyURL + emojiComment + `
+// on ` + time.Now().Format("January 2, 2006") + `. See https://www.unicode.org/license.html for the Unicode
+// license agreement.
+var ` + os.Args[3] + ` = [][` + strconv.Itoa(columns) + `]int{
+	`)
+
+	// Properties.
+	for _, prop := range properties {
+		if includeGeneralCategory {
+			generalCategory := "gc" + prop[3][:2]
+			if generalCategory == "gcL&" {
+				generalCategory = "gcLC"
+			}
+			prop[3] = prop[3][3:]
+			fmt.Fprintf(&buf, "{0x%s,0x%s,%s,%s}, // %s\n", prop[0], prop[1], translateProperty("pr", prop[2]), generalCategory, prop[3])
+		} else {
+			fmt.Fprintf(&buf, "{0x%s,0x%s,%s}, // %s\n", prop[0], prop[1], translateProperty("pr", prop[2]), prop[3])
+		}
+	}
+
+	// Tail.
+	buf.WriteString("}")
+
+	return buf.String(), nil
+}
+
+// parseProperty parses a line of the Unicode properties text file containing a
+// property for a code point range and returns it along with its comment.
+func parseProperty(line string) (from, to, property, comment string, err error) {
+	fields := propertyPattern.FindStringSubmatch(line)
+	if fields == nil {
+		err = errors.New("no property found")
+		return
+	}
+	from = fields[1]
+	to = fields[3]
+	if to == "" {
+		to = from
+	}
+	property = fields[4]
+	comment = fields[5]
+	return
+}
+
+// translateProperty translates a property name as used in the Unicode data file
+// to a variable used in the Go code.
+func translateProperty(prefix, property string) string {
+	return prefix + strings.ReplaceAll(property, "_", "")
+}
diff --git a/vendor/github.com/rivo/uniseg/grapheme.go b/vendor/github.com/rivo/uniseg/grapheme.go
index 207157f5e4..0086fc1b20 100644
--- a/vendor/github.com/rivo/uniseg/grapheme.go
+++ b/vendor/github.com/rivo/uniseg/grapheme.go
@@ -2,267 +2,333 @@ package uniseg
 
 import "unicode/utf8"
 
-// The states of the grapheme cluster parser.
-const (
-	grAny = iota
-	grCR
-	grControlLF
-	grL
-	grLVV
-	grLVTT
-	grPrepend
-	grExtendedPictographic
-	grExtendedPictographicZWJ
-	grRIOdd
-	grRIEven
-)
-
-// The grapheme cluster parser's breaking instructions.
-const (
-	grNoBoundary = iota
-	grBoundary
-)
-
-// The grapheme cluster parser's state transitions. Maps (state, property) to
-// (new state, breaking instruction, rule number). The breaking instruction
-// always refers to the boundary between the last and next code point.
+// Graphemes implements an iterator over Unicode grapheme clusters, or
+// user-perceived characters. While iterating, it also provides information
+// about word boundaries, sentence boundaries, line breaks, and monospace
+// character widths.
 //
-// This map is queried as follows:
+// After constructing the class via [NewGraphemes] for a given string "str",
+// [Graphemes.Next] is called for every grapheme cluster in a loop until it
+// returns false. Inside the loop, information about the grapheme cluster as
+// well as boundary information and character width is available via the various
+// methods (see examples below).
 //
-//   1. Find specific state + specific property. Stop if found.
-//   2. Find specific state + any property.
-//   3. Find any state + specific property.
-//   4. If only (2) or (3) (but not both) was found, stop.
-//   5. If both (2) and (3) were found, use state and breaking instruction from
-//      the transition with the lower rule number, prefer (3) if rule numbers
-//      are equal. Stop.
-//   6. Assume grAny and grBoundary.
-var grTransitions = map[[2]int][3]int{
-	// GB5
-	{grAny, prCR}:      {grCR, grBoundary, 50},
-	{grAny, prLF}:      {grControlLF, grBoundary, 50},
-	{grAny, prControl}: {grControlLF, grBoundary, 50},
-
-	// GB4
-	{grCR, prAny}:        {grAny, grBoundary, 40},
-	{grControlLF, prAny}: {grAny, grBoundary, 40},
-
-	// GB3.
-	{grCR, prLF}: {grAny, grNoBoundary, 30},
-
-	// GB6.
-	{grAny, prL}: {grL, grBoundary, 9990},
-	{grL, prL}:   {grL, grNoBoundary, 60},
-	{grL, prV}:   {grLVV, grNoBoundary, 60},
-	{grL, prLV}:  {grLVV, grNoBoundary, 60},
-	{grL, prLVT}: {grLVTT, grNoBoundary, 60},
-
-	// GB7.
-	{grAny, prLV}: {grLVV, grBoundary, 9990},
-	{grAny, prV}:  {grLVV, grBoundary, 9990},
-	{grLVV, prV}:  {grLVV, grNoBoundary, 70},
-	{grLVV, prT}:  {grLVTT, grNoBoundary, 70},
-
-	// GB8.
-	{grAny, prLVT}: {grLVTT, grBoundary, 9990},
-	{grAny, prT}:   {grLVTT, grBoundary, 9990},
-	{grLVTT, prT}:  {grLVTT, grNoBoundary, 80},
-
-	// GB9.
-	{grAny, prExtend}: {grAny, grNoBoundary, 90},
-	{grAny, prZWJ}:    {grAny, grNoBoundary, 90},
-
-	// GB9a.
-	{grAny, prSpacingMark}: {grAny, grNoBoundary, 91},
-
-	// GB9b.
-	{grAny, prPreprend}: {grPrepend, grBoundary, 9990},
-	{grPrepend, prAny}:  {grAny, grNoBoundary, 92},
-
-	// GB11.
-	{grAny, prExtendedPictographic}:                     {grExtendedPictographic, grBoundary, 9990},
-	{grExtendedPictographic, prExtend}:                  {grExtendedPictographic, grNoBoundary, 110},
-	{grExtendedPictographic, prZWJ}:                     {grExtendedPictographicZWJ, grNoBoundary, 110},
-	{grExtendedPictographicZWJ, prExtendedPictographic}: {grExtendedPictographic, grNoBoundary, 110},
-
-	// GB12 / GB13.
-	{grAny, prRegionalIndicator}:    {grRIOdd, grBoundary, 9990},
-	{grRIOdd, prRegionalIndicator}:  {grRIEven, grNoBoundary, 120},
-	{grRIEven, prRegionalIndicator}: {grRIOdd, grBoundary, 120},
-}
-
-// Graphemes implements an iterator over Unicode extended grapheme clusters,
-// specified in the Unicode Standard Annex #29. Grapheme clusters correspond to
-// "user-perceived characters". These characters often consist of multiple
-// code points (e.g. the "woman kissing woman" emoji consists of 8 code points:
-// woman + ZWJ + heavy black heart (2 code points) + ZWJ + kiss mark + ZWJ +
-// woman) and the rules described in Annex #29 must be applied to group those
-// code points into clusters perceived by the user as one character.
+// Using this class to iterate over a string is convenient but it is much slower
+// than using this package's [Step] or [StepString] functions or any of the
+// other specialized functions starting with "First".
 type Graphemes struct {
-	// The code points over which this class iterates.
-	codePoints []rune
+	// The original string.
+	original string
+
+	// The remaining string to be parsed.
+	remaining string
 
-	// The (byte-based) indices of the code points into the original string plus
-	// len(original string). Thus, len(indices) = len(codePoints) + 1.
-	indices []int
+	// The current grapheme cluster.
+	cluster string
 
-	// The current grapheme cluster to be returned. These are indices into
-	// codePoints/indices. If start == end, we either haven't started iterating
-	// yet (0) or the iteration has already completed (1).
-	start, end int
+	// The byte offset of the current grapheme cluster relative to the original
+	// string.
+	offset int
 
-	// The index of the next code point to be parsed.
-	pos int
+	// The current boundary information of the [Step] parser.
+	boundaries int
 
-	// The current state of the code point parser.
+	// The current state of the [Step] parser.
 	state int
 }
 
 // NewGraphemes returns a new grapheme cluster iterator.
-func NewGraphemes(s string) *Graphemes {
-	l := utf8.RuneCountInString(s)
-	codePoints := make([]rune, l)
-	indices := make([]int, l+1)
-	i := 0
-	for pos, r := range s {
-		codePoints[i] = r
-		indices[i] = pos
-		i++
+func NewGraphemes(str string) *Graphemes {
+	return &Graphemes{
+		original:  str,
+		remaining: str,
+		state:     -1,
 	}
-	indices[l] = len(s)
-	g := &Graphemes{
-		codePoints: codePoints,
-		indices:    indices,
-	}
-	g.Next() // Parse ahead.
-	return g
 }
 
 // Next advances the iterator by one grapheme cluster and returns false if no
 // clusters are left. This function must be called before the first cluster is
 // accessed.
 func (g *Graphemes) Next() bool {
-	g.start = g.end
-
-	// The state transition gives us a boundary instruction BEFORE the next code
-	// point so we always need to stay ahead by one code point.
-
-	// Parse the next code point.
-	for g.pos <= len(g.codePoints) {
-		// GB2.
-		if g.pos == len(g.codePoints) {
-			g.end = g.pos
-			g.pos++
-			break
-		}
-
-		// Determine the property of the next character.
-		nextProperty := property(g.codePoints[g.pos])
-		g.pos++
-
-		// Find the applicable transition.
-		var boundary bool
-		transition, ok := grTransitions[[2]int{g.state, nextProperty}]
-		if ok {
-			// We have a specific transition. We'll use it.
-			g.state = transition[0]
-			boundary = transition[1] == grBoundary
-		} else {
-			// No specific transition found. Try the less specific ones.
-			transAnyProp, okAnyProp := grTransitions[[2]int{g.state, prAny}]
-			transAnyState, okAnyState := grTransitions[[2]int{grAny, nextProperty}]
-			if okAnyProp && okAnyState {
-				// Both apply. We'll use a mix (see comments for grTransitions).
-				g.state = transAnyState[0]
-				boundary = transAnyState[1] == grBoundary
-				if transAnyProp[2] < transAnyState[2] {
-					g.state = transAnyProp[0]
-					boundary = transAnyProp[1] == grBoundary
-				}
-			} else if okAnyProp {
-				// We only have a specific state.
-				g.state = transAnyProp[0]
-				boundary = transAnyProp[1] == grBoundary
-				// This branch will probably never be reached because okAnyState will
-				// always be true given the current transition map. But we keep it here
-				// for future modifications to the transition map where this may not be
-				// true anymore.
-			} else if okAnyState {
-				// We only have a specific property.
-				g.state = transAnyState[0]
-				boundary = transAnyState[1] == grBoundary
-			} else {
-				// No known transition. GB999: Any x Any.
-				g.state = grAny
-				boundary = true
-			}
-		}
-
-		// If we found a cluster boundary, let's stop here. The current cluster will
-		// be the one that just ended.
-		if g.pos-1 == 0 /* GB1 */ || boundary {
-			g.end = g.pos - 1
-			break
-		}
+	if len(g.remaining) == 0 {
+		// We're already past the end.
+		g.state = -2
+		g.cluster = ""
+		return false
 	}
-
-	return g.start != g.end
+	g.offset += len(g.cluster)
+	g.cluster, g.remaining, g.boundaries, g.state = StepString(g.remaining, g.state)
+	return true
 }
 
 // Runes returns a slice of runes (code points) which corresponds to the current
-// grapheme cluster. If the iterator is already past the end or Next() has not
-// yet been called, nil is returned.
+// grapheme cluster. If the iterator is already past the end or [Graphemes.Next]
+// has not yet been called, nil is returned.
 func (g *Graphemes) Runes() []rune {
-	if g.start == g.end {
+	if g.state < 0 {
 		return nil
 	}
-	return g.codePoints[g.start:g.end]
+	return []rune(g.cluster)
 }
 
 // Str returns a substring of the original string which corresponds to the
-// current grapheme cluster. If the iterator is already past the end or Next()
-// has not yet been called, an empty string is returned.
+// current grapheme cluster. If the iterator is already past the end or
+// [Graphemes.Next] has not yet been called, an empty string is returned.
 func (g *Graphemes) Str() string {
-	if g.start == g.end {
-		return ""
-	}
-	return string(g.codePoints[g.start:g.end])
+	return g.cluster
 }
 
 // Bytes returns a byte slice which corresponds to the current grapheme cluster.
-// If the iterator is already past the end or Next() has not yet been called,
-// nil is returned.
+// If the iterator is already past the end or [Graphemes.Next] has not yet been
+// called, nil is returned.
 func (g *Graphemes) Bytes() []byte {
-	if g.start == g.end {
+	if g.state < 0 {
 		return nil
 	}
-	return []byte(string(g.codePoints[g.start:g.end]))
+	return []byte(g.cluster)
 }
 
 // Positions returns the interval of the current grapheme cluster as byte
 // positions into the original string. The first returned value "from" indexes
 // the first byte and the second returned value "to" indexes the first byte that
 // is not included anymore, i.e. str[from:to] is the current grapheme cluster of
-// the original string "str". If Next() has not yet been called, both values are
-// 0. If the iterator is already past the end, both values are 1.
+// the original string "str". If [Graphemes.Next] has not yet been called, both
+// values are 0. If the iterator is already past the end, both values are 1.
 func (g *Graphemes) Positions() (int, int) {
-	return g.indices[g.start], g.indices[g.end]
+	if g.state == -1 {
+		return 0, 0
+	} else if g.state == -2 {
+		return 1, 1
+	}
+	return g.offset, g.offset + len(g.cluster)
+}
+
+// IsWordBoundary returns true if a word ends after the current grapheme
+// cluster.
+func (g *Graphemes) IsWordBoundary() bool {
+	if g.state < 0 {
+		return true
+	}
+	return g.boundaries&MaskWord != 0
+}
+
+// IsSentenceBoundary returns true if a sentence ends after the current
+// grapheme cluster.
+func (g *Graphemes) IsSentenceBoundary() bool {
+	if g.state < 0 {
+		return true
+	}
+	return g.boundaries&MaskSentence != 0
+}
+
+// LineBreak returns whether the line can be broken after the current grapheme
+// cluster. A value of [LineDontBreak] means the line may not be broken, a value
+// of [LineMustBreak] means the line must be broken, and a value of
+// [LineCanBreak] means the line may or may not be broken.
+func (g *Graphemes) LineBreak() int {
+	if g.state == -1 {
+		return LineDontBreak
+	}
+	if g.state == -2 {
+		return LineMustBreak
+	}
+	return g.boundaries & MaskLine
+}
+
+// Width returns the monospace width of the current grapheme cluster.
+func (g *Graphemes) Width() int {
+	if g.state < 0 {
+		return 0
+	}
+	return g.boundaries >> ShiftWidth
 }
 
 // Reset puts the iterator into its initial state such that the next call to
-// Next() sets it to the first grapheme cluster again.
+// [Graphemes.Next] sets it to the first grapheme cluster again.
 func (g *Graphemes) Reset() {
-	g.start, g.end, g.pos, g.state = 0, 0, 0, grAny
-	g.Next() // Parse ahead again.
+	g.state = -1
+	g.offset = 0
+	g.cluster = ""
+	g.remaining = g.original
 }
 
 // GraphemeClusterCount returns the number of user-perceived characters
-// (grapheme clusters) for the given string. To calculate this number, it
-// iterates through the string using the Graphemes iterator.
+// (grapheme clusters) for the given string.
 func GraphemeClusterCount(s string) (n int) {
-	g := NewGraphemes(s)
-	for g.Next() {
+	state := -1
+	for len(s) > 0 {
+		_, s, _, state = FirstGraphemeClusterInString(s, state)
 		n++
 	}
 	return
 }
+
+// ReverseString reverses the given string while observing grapheme cluster
+// boundaries.
+func ReverseString(s string) string {
+	str := []byte(s)
+	reversed := make([]byte, len(str))
+	state := -1
+	index := len(str)
+	for len(str) > 0 {
+		var cluster []byte
+		cluster, str, _, state = FirstGraphemeCluster(str, state)
+		index -= len(cluster)
+		copy(reversed[index:], cluster)
+		if index <= len(str)/2 {
+			break
+		}
+	}
+	return string(reversed)
+}
+
+// The number of bits the grapheme property must be shifted to make place for
+// grapheme states.
+const shiftGraphemePropState = 4
+
+// FirstGraphemeCluster returns the first grapheme cluster found in the given
+// byte slice according to the rules of [Unicode Standard Annex #29, Grapheme
+// Cluster Boundaries]. This function can be called continuously to extract all
+// grapheme clusters from a byte slice, as illustrated in the example below.
+//
+// If you don't know the current state, for example when calling the function
+// for the first time, you must pass -1. For consecutive calls, pass the state
+// and rest slice returned by the previous call.
+//
+// The "rest" slice is the sub-slice of the original byte slice "b" starting
+// after the last byte of the identified grapheme cluster. If the length of the
+// "rest" slice is 0, the entire byte slice "b" has been processed. The
+// "cluster" byte slice is the sub-slice of the input slice containing the
+// identified grapheme cluster.
+//
+// The returned width is the width of the grapheme cluster for most monospace
+// fonts where a value of 1 represents one character cell.
+//
+// Given an empty byte slice "b", the function returns nil values.
+//
+// While slightly less convenient than using the Graphemes class, this function
+// has much better performance and makes no allocations. It lends itself well to
+// large byte slices.
+//
+// [Unicode Standard Annex #29, Grapheme Cluster Boundaries]: http://unicode.org/reports/tr29/#Grapheme_Cluster_Boundaries
+func FirstGraphemeCluster(b []byte, state int) (cluster, rest []byte, width, newState int) {
+	// An empty byte slice returns nothing.
+	if len(b) == 0 {
+		return
+	}
+
+	// Extract the first rune.
+	r, length := utf8.DecodeRune(b)
+	if len(b) <= length { // If we're already past the end, there is nothing else to parse.
+		var prop int
+		if state < 0 {
+			prop = property(graphemeCodePoints, r)
+		} else {
+			prop = state >> shiftGraphemePropState
+		}
+		return b, nil, runeWidth(r, prop), grAny | (prop << shiftGraphemePropState)
+	}
+
+	// If we don't know the state, determine it now.
+	var firstProp int
+	if state < 0 {
+		state, firstProp, _ = transitionGraphemeState(state, r)
+	} else {
+		firstProp = state >> shiftGraphemePropState
+	}
+	width += runeWidth(r, firstProp)
+
+	// Transition until we find a boundary.
+	for {
+		var (
+			prop     int
+			boundary bool
+		)
+
+		r, l := utf8.DecodeRune(b[length:])
+		state, prop, boundary = transitionGraphemeState(state&maskGraphemeState, r)
+
+		if boundary {
+			return b[:length], b[length:], width, state | (prop << shiftGraphemePropState)
+		}
+
+		if r == vs16 {
+			width = 2
+		} else if firstProp != prExtendedPictographic && firstProp != prRegionalIndicator && firstProp != prL {
+			width += runeWidth(r, prop)
+		} else if firstProp == prExtendedPictographic {
+			if r == vs15 {
+				width = 1
+			} else {
+				width = 2
+			}
+		}
+
+		length += l
+		if len(b) <= length {
+			return b, nil, width, grAny | (prop << shiftGraphemePropState)
+		}
+	}
+}
+
+// FirstGraphemeClusterInString is like [FirstGraphemeCluster] but its input and
+// outputs are strings.
+func FirstGraphemeClusterInString(str string, state int) (cluster, rest string, width, newState int) {
+	// An empty string returns nothing.
+	if len(str) == 0 {
+		return
+	}
+
+	// Extract the first rune.
+	r, length := utf8.DecodeRuneInString(str)
+	if len(str) <= length { // If we're already past the end, there is nothing else to parse.
+		var prop int
+		if state < 0 {
+			prop = property(graphemeCodePoints, r)
+		} else {
+			prop = state >> shiftGraphemePropState
+		}
+		return str, "", runeWidth(r, prop), grAny | (prop << shiftGraphemePropState)
+	}
+
+	// If we don't know the state, determine it now.
+	var firstProp int
+	if state < 0 {
+		state, firstProp, _ = transitionGraphemeState(state, r)
+	} else {
+		firstProp = state >> shiftGraphemePropState
+	}
+	width += runeWidth(r, firstProp)
+
+	// Transition until we find a boundary.
+	for {
+		var (
+			prop     int
+			boundary bool
+		)
+
+		r, l := utf8.DecodeRuneInString(str[length:])
+		state, prop, boundary = transitionGraphemeState(state&maskGraphemeState, r)
+
+		if boundary {
+			return str[:length], str[length:], width, state | (prop << shiftGraphemePropState)
+		}
+
+		if r == vs16 {
+			width = 2
+		} else if firstProp != prExtendedPictographic && firstProp != prRegionalIndicator && firstProp != prL {
+			width += runeWidth(r, prop)
+		} else if firstProp == prExtendedPictographic {
+			if r == vs15 {
+				width = 1
+			} else {
+				width = 2
+			}
+		}
+
+		length += l
+		if len(str) <= length {
+			return str, "", width, grAny | (prop << shiftGraphemePropState)
+		}
+	}
+}
diff --git a/vendor/github.com/rivo/uniseg/graphemeproperties.go b/vendor/github.com/rivo/uniseg/graphemeproperties.go
new file mode 100644
index 0000000000..a87d140bf2
--- /dev/null
+++ b/vendor/github.com/rivo/uniseg/graphemeproperties.go
@@ -0,0 +1,1891 @@
+package uniseg
+
+// Code generated via go generate from gen_properties.go. DO NOT EDIT.
+
+// graphemeCodePoints are taken from
+// https://www.unicode.org/Public/14.0.0/ucd/auxiliary/GraphemeBreakProperty.txt
+// and
+// https://unicode.org/Public/14.0.0/ucd/emoji/emoji-data.txt
+// ("Extended_Pictographic" only)
+// on September 10, 2022. See https://www.unicode.org/license.html for the Unicode
+// license agreement.
+var graphemeCodePoints = [][3]int{
+	{0x0000, 0x0009, prControl},                // Cc  [10] <control-0000>..<control-0009>
+	{0x000A, 0x000A, prLF},                     // Cc       <control-000A>
+	{0x000B, 0x000C, prControl},                // Cc   [2] <control-000B>..<control-000C>
+	{0x000D, 0x000D, prCR},                     // Cc       <control-000D>
+	{0x000E, 0x001F, prControl},                // Cc  [18] <control-000E>..<control-001F>
+	{0x007F, 0x009F, prControl},                // Cc  [33] <control-007F>..<control-009F>
+	{0x00A9, 0x00A9, prExtendedPictographic},   // E0.6   [1] (©�)       copyright
+	{0x00AD, 0x00AD, prControl},                // Cf       SOFT HYPHEN
+	{0x00AE, 0x00AE, prExtendedPictographic},   // E0.6   [1] (®�)       registered
+	{0x0300, 0x036F, prExtend},                 // Mn [112] COMBINING GRAVE ACCENT..COMBINING LATIN SMALL LETTER X
+	{0x0483, 0x0487, prExtend},                 // Mn   [5] COMBINING CYRILLIC TITLO..COMBINING CYRILLIC POKRYTIE
+	{0x0488, 0x0489, prExtend},                 // Me   [2] COMBINING CYRILLIC HUNDRED THOUSANDS SIGN..COMBINING CYRILLIC MILLIONS SIGN
+	{0x0591, 0x05BD, prExtend},                 // Mn  [45] HEBREW ACCENT ETNAHTA..HEBREW POINT METEG
+	{0x05BF, 0x05BF, prExtend},                 // Mn       HEBREW POINT RAFE
+	{0x05C1, 0x05C2, prExtend},                 // Mn   [2] HEBREW POINT SHIN DOT..HEBREW POINT SIN DOT
+	{0x05C4, 0x05C5, prExtend},                 // Mn   [2] HEBREW MARK UPPER DOT..HEBREW MARK LOWER DOT
+	{0x05C7, 0x05C7, prExtend},                 // Mn       HEBREW POINT QAMATS QATAN
+	{0x0600, 0x0605, prPrepend},                // Cf   [6] ARABIC NUMBER SIGN..ARABIC NUMBER MARK ABOVE
+	{0x0610, 0x061A, prExtend},                 // Mn  [11] ARABIC SIGN SALLALLAHOU ALAYHE WASSALLAM..ARABIC SMALL KASRA
+	{0x061C, 0x061C, prControl},                // Cf       ARABIC LETTER MARK
+	{0x064B, 0x065F, prExtend},                 // Mn  [21] ARABIC FATHATAN..ARABIC WAVY HAMZA BELOW
+	{0x0670, 0x0670, prExtend},                 // Mn       ARABIC LETTER SUPERSCRIPT ALEF
+	{0x06D6, 0x06DC, prExtend},                 // Mn   [7] ARABIC SMALL HIGH LIGATURE SAD WITH LAM WITH ALEF MAKSURA..ARABIC SMALL HIGH SEEN
+	{0x06DD, 0x06DD, prPrepend},                // Cf       ARABIC END OF AYAH
+	{0x06DF, 0x06E4, prExtend},                 // Mn   [6] ARABIC SMALL HIGH ROUNDED ZERO..ARABIC SMALL HIGH MADDA
+	{0x06E7, 0x06E8, prExtend},                 // Mn   [2] ARABIC SMALL HIGH YEH..ARABIC SMALL HIGH NOON
+	{0x06EA, 0x06ED, prExtend},                 // Mn   [4] ARABIC EMPTY CENTRE LOW STOP..ARABIC SMALL LOW MEEM
+	{0x070F, 0x070F, prPrepend},                // Cf       SYRIAC ABBREVIATION MARK
+	{0x0711, 0x0711, prExtend},                 // Mn       SYRIAC LETTER SUPERSCRIPT ALAPH
+	{0x0730, 0x074A, prExtend},                 // Mn  [27] SYRIAC PTHAHA ABOVE..SYRIAC BARREKH
+	{0x07A6, 0x07B0, prExtend},                 // Mn  [11] THAANA ABAFILI..THAANA SUKUN
+	{0x07EB, 0x07F3, prExtend},                 // Mn   [9] NKO COMBINING SHORT HIGH TONE..NKO COMBINING DOUBLE DOT ABOVE
+	{0x07FD, 0x07FD, prExtend},                 // Mn       NKO DANTAYALAN
+	{0x0816, 0x0819, prExtend},                 // Mn   [4] SAMARITAN MARK IN..SAMARITAN MARK DAGESH
+	{0x081B, 0x0823, prExtend},                 // Mn   [9] SAMARITAN MARK EPENTHETIC YUT..SAMARITAN VOWEL SIGN A
+	{0x0825, 0x0827, prExtend},                 // Mn   [3] SAMARITAN VOWEL SIGN SHORT A..SAMARITAN VOWEL SIGN U
+	{0x0829, 0x082D, prExtend},                 // Mn   [5] SAMARITAN VOWEL SIGN LONG I..SAMARITAN MARK NEQUDAA
+	{0x0859, 0x085B, prExtend},                 // Mn   [3] MANDAIC AFFRICATION MARK..MANDAIC GEMINATION MARK
+	{0x0890, 0x0891, prPrepend},                // Cf   [2] ARABIC POUND MARK ABOVE..ARABIC PIASTRE MARK ABOVE
+	{0x0898, 0x089F, prExtend},                 // Mn   [8] ARABIC SMALL HIGH WORD AL-JUZ..ARABIC HALF MADDA OVER MADDA
+	{0x08CA, 0x08E1, prExtend},                 // Mn  [24] ARABIC SMALL HIGH FARSI YEH..ARABIC SMALL HIGH SIGN SAFHA
+	{0x08E2, 0x08E2, prPrepend},                // Cf       ARABIC DISPUTED END OF AYAH
+	{0x08E3, 0x0902, prExtend},                 // Mn  [32] ARABIC TURNED DAMMA BELOW..DEVANAGARI SIGN ANUSVARA
+	{0x0903, 0x0903, prSpacingMark},            // Mc       DEVANAGARI SIGN VISARGA
+	{0x093A, 0x093A, prExtend},                 // Mn       DEVANAGARI VOWEL SIGN OE
+	{0x093B, 0x093B, prSpacingMark},            // Mc       DEVANAGARI VOWEL SIGN OOE
+	{0x093C, 0x093C, prExtend},                 // Mn       DEVANAGARI SIGN NUKTA
+	{0x093E, 0x0940, prSpacingMark},            // Mc   [3] DEVANAGARI VOWEL SIGN AA..DEVANAGARI VOWEL SIGN II
+	{0x0941, 0x0948, prExtend},                 // Mn   [8] DEVANAGARI VOWEL SIGN U..DEVANAGARI VOWEL SIGN AI
+	{0x0949, 0x094C, prSpacingMark},            // Mc   [4] DEVANAGARI VOWEL SIGN CANDRA O..DEVANAGARI VOWEL SIGN AU
+	{0x094D, 0x094D, prExtend},                 // Mn       DEVANAGARI SIGN VIRAMA
+	{0x094E, 0x094F, prSpacingMark},            // Mc   [2] DEVANAGARI VOWEL SIGN PRISHTHAMATRA E..DEVANAGARI VOWEL SIGN AW
+	{0x0951, 0x0957, prExtend},                 // Mn   [7] DEVANAGARI STRESS SIGN UDATTA..DEVANAGARI VOWEL SIGN UUE
+	{0x0962, 0x0963, prExtend},                 // Mn   [2] DEVANAGARI VOWEL SIGN VOCALIC L..DEVANAGARI VOWEL SIGN VOCALIC LL
+	{0x0981, 0x0981, prExtend},                 // Mn       BENGALI SIGN CANDRABINDU
+	{0x0982, 0x0983, prSpacingMark},            // Mc   [2] BENGALI SIGN ANUSVARA..BENGALI SIGN VISARGA
+	{0x09BC, 0x09BC, prExtend},                 // Mn       BENGALI SIGN NUKTA
+	{0x09BE, 0x09BE, prExtend},                 // Mc       BENGALI VOWEL SIGN AA
+	{0x09BF, 0x09C0, prSpacingMark},            // Mc   [2] BENGALI VOWEL SIGN I..BENGALI VOWEL SIGN II
+	{0x09C1, 0x09C4, prExtend},                 // Mn   [4] BENGALI VOWEL SIGN U..BENGALI VOWEL SIGN VOCALIC RR
+	{0x09C7, 0x09C8, prSpacingMark},            // Mc   [2] BENGALI VOWEL SIGN E..BENGALI VOWEL SIGN AI
+	{0x09CB, 0x09CC, prSpacingMark},            // Mc   [2] BENGALI VOWEL SIGN O..BENGALI VOWEL SIGN AU
+	{0x09CD, 0x09CD, prExtend},                 // Mn       BENGALI SIGN VIRAMA
+	{0x09D7, 0x09D7, prExtend},                 // Mc       BENGALI AU LENGTH MARK
+	{0x09E2, 0x09E3, prExtend},                 // Mn   [2] BENGALI VOWEL SIGN VOCALIC L..BENGALI VOWEL SIGN VOCALIC LL
+	{0x09FE, 0x09FE, prExtend},                 // Mn       BENGALI SANDHI MARK
+	{0x0A01, 0x0A02, prExtend},                 // Mn   [2] GURMUKHI SIGN ADAK BINDI..GURMUKHI SIGN BINDI
+	{0x0A03, 0x0A03, prSpacingMark},            // Mc       GURMUKHI SIGN VISARGA
+	{0x0A3C, 0x0A3C, prExtend},                 // Mn       GURMUKHI SIGN NUKTA
+	{0x0A3E, 0x0A40, prSpacingMark},            // Mc   [3] GURMUKHI VOWEL SIGN AA..GURMUKHI VOWEL SIGN II
+	{0x0A41, 0x0A42, prExtend},                 // Mn   [2] GURMUKHI VOWEL SIGN U..GURMUKHI VOWEL SIGN UU
+	{0x0A47, 0x0A48, prExtend},                 // Mn   [2] GURMUKHI VOWEL SIGN EE..GURMUKHI VOWEL SIGN AI
+	{0x0A4B, 0x0A4D, prExtend},                 // Mn   [3] GURMUKHI VOWEL SIGN OO..GURMUKHI SIGN VIRAMA
+	{0x0A51, 0x0A51, prExtend},                 // Mn       GURMUKHI SIGN UDAAT
+	{0x0A70, 0x0A71, prExtend},                 // Mn   [2] GURMUKHI TIPPI..GURMUKHI ADDAK
+	{0x0A75, 0x0A75, prExtend},                 // Mn       GURMUKHI SIGN YAKASH
+	{0x0A81, 0x0A82, prExtend},                 // Mn   [2] GUJARATI SIGN CANDRABINDU..GUJARATI SIGN ANUSVARA
+	{0x0A83, 0x0A83, prSpacingMark},            // Mc       GUJARATI SIGN VISARGA
+	{0x0ABC, 0x0ABC, prExtend},                 // Mn       GUJARATI SIGN NUKTA
+	{0x0ABE, 0x0AC0, prSpacingMark},            // Mc   [3] GUJARATI VOWEL SIGN AA..GUJARATI VOWEL SIGN II
+	{0x0AC1, 0x0AC5, prExtend},                 // Mn   [5] GUJARATI VOWEL SIGN U..GUJARATI VOWEL SIGN CANDRA E
+	{0x0AC7, 0x0AC8, prExtend},                 // Mn   [2] GUJARATI VOWEL SIGN E..GUJARATI VOWEL SIGN AI
+	{0x0AC9, 0x0AC9, prSpacingMark},            // Mc       GUJARATI VOWEL SIGN CANDRA O
+	{0x0ACB, 0x0ACC, prSpacingMark},            // Mc   [2] GUJARATI VOWEL SIGN O..GUJARATI VOWEL SIGN AU
+	{0x0ACD, 0x0ACD, prExtend},                 // Mn       GUJARATI SIGN VIRAMA
+	{0x0AE2, 0x0AE3, prExtend},                 // Mn   [2] GUJARATI VOWEL SIGN VOCALIC L..GUJARATI VOWEL SIGN VOCALIC LL
+	{0x0AFA, 0x0AFF, prExtend},                 // Mn   [6] GUJARATI SIGN SUKUN..GUJARATI SIGN TWO-CIRCLE NUKTA ABOVE
+	{0x0B01, 0x0B01, prExtend},                 // Mn       ORIYA SIGN CANDRABINDU
+	{0x0B02, 0x0B03, prSpacingMark},            // Mc   [2] ORIYA SIGN ANUSVARA..ORIYA SIGN VISARGA
+	{0x0B3C, 0x0B3C, prExtend},                 // Mn       ORIYA SIGN NUKTA
+	{0x0B3E, 0x0B3E, prExtend},                 // Mc       ORIYA VOWEL SIGN AA
+	{0x0B3F, 0x0B3F, prExtend},                 // Mn       ORIYA VOWEL SIGN I
+	{0x0B40, 0x0B40, prSpacingMark},            // Mc       ORIYA VOWEL SIGN II
+	{0x0B41, 0x0B44, prExtend},                 // Mn   [4] ORIYA VOWEL SIGN U..ORIYA VOWEL SIGN VOCALIC RR
+	{0x0B47, 0x0B48, prSpacingMark},            // Mc   [2] ORIYA VOWEL SIGN E..ORIYA VOWEL SIGN AI
+	{0x0B4B, 0x0B4C, prSpacingMark},            // Mc   [2] ORIYA VOWEL SIGN O..ORIYA VOWEL SIGN AU
+	{0x0B4D, 0x0B4D, prExtend},                 // Mn       ORIYA SIGN VIRAMA
+	{0x0B55, 0x0B56, prExtend},                 // Mn   [2] ORIYA SIGN OVERLINE..ORIYA AI LENGTH MARK
+	{0x0B57, 0x0B57, prExtend},                 // Mc       ORIYA AU LENGTH MARK
+	{0x0B62, 0x0B63, prExtend},                 // Mn   [2] ORIYA VOWEL SIGN VOCALIC L..ORIYA VOWEL SIGN VOCALIC LL
+	{0x0B82, 0x0B82, prExtend},                 // Mn       TAMIL SIGN ANUSVARA
+	{0x0BBE, 0x0BBE, prExtend},                 // Mc       TAMIL VOWEL SIGN AA
+	{0x0BBF, 0x0BBF, prSpacingMark},            // Mc       TAMIL VOWEL SIGN I
+	{0x0BC0, 0x0BC0, prExtend},                 // Mn       TAMIL VOWEL SIGN II
+	{0x0BC1, 0x0BC2, prSpacingMark},            // Mc   [2] TAMIL VOWEL SIGN U..TAMIL VOWEL SIGN UU
+	{0x0BC6, 0x0BC8, prSpacingMark},            // Mc   [3] TAMIL VOWEL SIGN E..TAMIL VOWEL SIGN AI
+	{0x0BCA, 0x0BCC, prSpacingMark},            // Mc   [3] TAMIL VOWEL SIGN O..TAMIL VOWEL SIGN AU
+	{0x0BCD, 0x0BCD, prExtend},                 // Mn       TAMIL SIGN VIRAMA
+	{0x0BD7, 0x0BD7, prExtend},                 // Mc       TAMIL AU LENGTH MARK
+	{0x0C00, 0x0C00, prExtend},                 // Mn       TELUGU SIGN COMBINING CANDRABINDU ABOVE
+	{0x0C01, 0x0C03, prSpacingMark},            // Mc   [3] TELUGU SIGN CANDRABINDU..TELUGU SIGN VISARGA
+	{0x0C04, 0x0C04, prExtend},                 // Mn       TELUGU SIGN COMBINING ANUSVARA ABOVE
+	{0x0C3C, 0x0C3C, prExtend},                 // Mn       TELUGU SIGN NUKTA
+	{0x0C3E, 0x0C40, prExtend},                 // Mn   [3] TELUGU VOWEL SIGN AA..TELUGU VOWEL SIGN II
+	{0x0C41, 0x0C44, prSpacingMark},            // Mc   [4] TELUGU VOWEL SIGN U..TELUGU VOWEL SIGN VOCALIC RR
+	{0x0C46, 0x0C48, prExtend},                 // Mn   [3] TELUGU VOWEL SIGN E..TELUGU VOWEL SIGN AI
+	{0x0C4A, 0x0C4D, prExtend},                 // Mn   [4] TELUGU VOWEL SIGN O..TELUGU SIGN VIRAMA
+	{0x0C55, 0x0C56, prExtend},                 // Mn   [2] TELUGU LENGTH MARK..TELUGU AI LENGTH MARK
+	{0x0C62, 0x0C63, prExtend},                 // Mn   [2] TELUGU VOWEL SIGN VOCALIC L..TELUGU VOWEL SIGN VOCALIC LL
+	{0x0C81, 0x0C81, prExtend},                 // Mn       KANNADA SIGN CANDRABINDU
+	{0x0C82, 0x0C83, prSpacingMark},            // Mc   [2] KANNADA SIGN ANUSVARA..KANNADA SIGN VISARGA
+	{0x0CBC, 0x0CBC, prExtend},                 // Mn       KANNADA SIGN NUKTA
+	{0x0CBE, 0x0CBE, prSpacingMark},            // Mc       KANNADA VOWEL SIGN AA
+	{0x0CBF, 0x0CBF, prExtend},                 // Mn       KANNADA VOWEL SIGN I
+	{0x0CC0, 0x0CC1, prSpacingMark},            // Mc   [2] KANNADA VOWEL SIGN II..KANNADA VOWEL SIGN U
+	{0x0CC2, 0x0CC2, prExtend},                 // Mc       KANNADA VOWEL SIGN UU
+	{0x0CC3, 0x0CC4, prSpacingMark},            // Mc   [2] KANNADA VOWEL SIGN VOCALIC R..KANNADA VOWEL SIGN VOCALIC RR
+	{0x0CC6, 0x0CC6, prExtend},                 // Mn       KANNADA VOWEL SIGN E
+	{0x0CC7, 0x0CC8, prSpacingMark},            // Mc   [2] KANNADA VOWEL SIGN EE..KANNADA VOWEL SIGN AI
+	{0x0CCA, 0x0CCB, prSpacingMark},            // Mc   [2] KANNADA VOWEL SIGN O..KANNADA VOWEL SIGN OO
+	{0x0CCC, 0x0CCD, prExtend},                 // Mn   [2] KANNADA VOWEL SIGN AU..KANNADA SIGN VIRAMA
+	{0x0CD5, 0x0CD6, prExtend},                 // Mc   [2] KANNADA LENGTH MARK..KANNADA AI LENGTH MARK
+	{0x0CE2, 0x0CE3, prExtend},                 // Mn   [2] KANNADA VOWEL SIGN VOCALIC L..KANNADA VOWEL SIGN VOCALIC LL
+	{0x0D00, 0x0D01, prExtend},                 // Mn   [2] MALAYALAM SIGN COMBINING ANUSVARA ABOVE..MALAYALAM SIGN CANDRABINDU
+	{0x0D02, 0x0D03, prSpacingMark},            // Mc   [2] MALAYALAM SIGN ANUSVARA..MALAYALAM SIGN VISARGA
+	{0x0D3B, 0x0D3C, prExtend},                 // Mn   [2] MALAYALAM SIGN VERTICAL BAR VIRAMA..MALAYALAM SIGN CIRCULAR VIRAMA
+	{0x0D3E, 0x0D3E, prExtend},                 // Mc       MALAYALAM VOWEL SIGN AA
+	{0x0D3F, 0x0D40, prSpacingMark},            // Mc   [2] MALAYALAM VOWEL SIGN I..MALAYALAM VOWEL SIGN II
+	{0x0D41, 0x0D44, prExtend},                 // Mn   [4] MALAYALAM VOWEL SIGN U..MALAYALAM VOWEL SIGN VOCALIC RR
+	{0x0D46, 0x0D48, prSpacingMark},            // Mc   [3] MALAYALAM VOWEL SIGN E..MALAYALAM VOWEL SIGN AI
+	{0x0D4A, 0x0D4C, prSpacingMark},            // Mc   [3] MALAYALAM VOWEL SIGN O..MALAYALAM VOWEL SIGN AU
+	{0x0D4D, 0x0D4D, prExtend},                 // Mn       MALAYALAM SIGN VIRAMA
+	{0x0D4E, 0x0D4E, prPrepend},                // Lo       MALAYALAM LETTER DOT REPH
+	{0x0D57, 0x0D57, prExtend},                 // Mc       MALAYALAM AU LENGTH MARK
+	{0x0D62, 0x0D63, prExtend},                 // Mn   [2] MALAYALAM VOWEL SIGN VOCALIC L..MALAYALAM VOWEL SIGN VOCALIC LL
+	{0x0D81, 0x0D81, prExtend},                 // Mn       SINHALA SIGN CANDRABINDU
+	{0x0D82, 0x0D83, prSpacingMark},            // Mc   [2] SINHALA SIGN ANUSVARAYA..SINHALA SIGN VISARGAYA
+	{0x0DCA, 0x0DCA, prExtend},                 // Mn       SINHALA SIGN AL-LAKUNA
+	{0x0DCF, 0x0DCF, prExtend},                 // Mc       SINHALA VOWEL SIGN AELA-PILLA
+	{0x0DD0, 0x0DD1, prSpacingMark},            // Mc   [2] SINHALA VOWEL SIGN KETTI AEDA-PILLA..SINHALA VOWEL SIGN DIGA AEDA-PILLA
+	{0x0DD2, 0x0DD4, prExtend},                 // Mn   [3] SINHALA VOWEL SIGN KETTI IS-PILLA..SINHALA VOWEL SIGN KETTI PAA-PILLA
+	{0x0DD6, 0x0DD6, prExtend},                 // Mn       SINHALA VOWEL SIGN DIGA PAA-PILLA
+	{0x0DD8, 0x0DDE, prSpacingMark},            // Mc   [7] SINHALA VOWEL SIGN GAETTA-PILLA..SINHALA VOWEL SIGN KOMBUVA HAA GAYANUKITTA
+	{0x0DDF, 0x0DDF, prExtend},                 // Mc       SINHALA VOWEL SIGN GAYANUKITTA
+	{0x0DF2, 0x0DF3, prSpacingMark},            // Mc   [2] SINHALA VOWEL SIGN DIGA GAETTA-PILLA..SINHALA VOWEL SIGN DIGA GAYANUKITTA
+	{0x0E31, 0x0E31, prExtend},                 // Mn       THAI CHARACTER MAI HAN-AKAT
+	{0x0E33, 0x0E33, prSpacingMark},            // Lo       THAI CHARACTER SARA AM
+	{0x0E34, 0x0E3A, prExtend},                 // Mn   [7] THAI CHARACTER SARA I..THAI CHARACTER PHINTHU
+	{0x0E47, 0x0E4E, prExtend},                 // Mn   [8] THAI CHARACTER MAITAIKHU..THAI CHARACTER YAMAKKAN
+	{0x0EB1, 0x0EB1, prExtend},                 // Mn       LAO VOWEL SIGN MAI KAN
+	{0x0EB3, 0x0EB3, prSpacingMark},            // Lo       LAO VOWEL SIGN AM
+	{0x0EB4, 0x0EBC, prExtend},                 // Mn   [9] LAO VOWEL SIGN I..LAO SEMIVOWEL SIGN LO
+	{0x0EC8, 0x0ECD, prExtend},                 // Mn   [6] LAO TONE MAI EK..LAO NIGGAHITA
+	{0x0F18, 0x0F19, prExtend},                 // Mn   [2] TIBETAN ASTROLOGICAL SIGN -KHYUD PA..TIBETAN ASTROLOGICAL SIGN SDONG TSHUGS
+	{0x0F35, 0x0F35, prExtend},                 // Mn       TIBETAN MARK NGAS BZUNG NYI ZLA
+	{0x0F37, 0x0F37, prExtend},                 // Mn       TIBETAN MARK NGAS BZUNG SGOR RTAGS
+	{0x0F39, 0x0F39, prExtend},                 // Mn       TIBETAN MARK TSA -PHRU
+	{0x0F3E, 0x0F3F, prSpacingMark},            // Mc   [2] TIBETAN SIGN YAR TSHES..TIBETAN SIGN MAR TSHES
+	{0x0F71, 0x0F7E, prExtend},                 // Mn  [14] TIBETAN VOWEL SIGN AA..TIBETAN SIGN RJES SU NGA RO
+	{0x0F7F, 0x0F7F, prSpacingMark},            // Mc       TIBETAN SIGN RNAM BCAD
+	{0x0F80, 0x0F84, prExtend},                 // Mn   [5] TIBETAN VOWEL SIGN REVERSED I..TIBETAN MARK HALANTA
+	{0x0F86, 0x0F87, prExtend},                 // Mn   [2] TIBETAN SIGN LCI RTAGS..TIBETAN SIGN YANG RTAGS
+	{0x0F8D, 0x0F97, prExtend},                 // Mn  [11] TIBETAN SUBJOINED SIGN LCE TSA CAN..TIBETAN SUBJOINED LETTER JA
+	{0x0F99, 0x0FBC, prExtend},                 // Mn  [36] TIBETAN SUBJOINED LETTER NYA..TIBETAN SUBJOINED LETTER FIXED-FORM RA
+	{0x0FC6, 0x0FC6, prExtend},                 // Mn       TIBETAN SYMBOL PADMA GDAN
+	{0x102D, 0x1030, prExtend},                 // Mn   [4] MYANMAR VOWEL SIGN I..MYANMAR VOWEL SIGN UU
+	{0x1031, 0x1031, prSpacingMark},            // Mc       MYANMAR VOWEL SIGN E
+	{0x1032, 0x1037, prExtend},                 // Mn   [6] MYANMAR VOWEL SIGN AI..MYANMAR SIGN DOT BELOW
+	{0x1039, 0x103A, prExtend},                 // Mn   [2] MYANMAR SIGN VIRAMA..MYANMAR SIGN ASAT
+	{0x103B, 0x103C, prSpacingMark},            // Mc   [2] MYANMAR CONSONANT SIGN MEDIAL YA..MYANMAR CONSONANT SIGN MEDIAL RA
+	{0x103D, 0x103E, prExtend},                 // Mn   [2] MYANMAR CONSONANT SIGN MEDIAL WA..MYANMAR CONSONANT SIGN MEDIAL HA
+	{0x1056, 0x1057, prSpacingMark},            // Mc   [2] MYANMAR VOWEL SIGN VOCALIC R..MYANMAR VOWEL SIGN VOCALIC RR
+	{0x1058, 0x1059, prExtend},                 // Mn   [2] MYANMAR VOWEL SIGN VOCALIC L..MYANMAR VOWEL SIGN VOCALIC LL
+	{0x105E, 0x1060, prExtend},                 // Mn   [3] MYANMAR CONSONANT SIGN MON MEDIAL NA..MYANMAR CONSONANT SIGN MON MEDIAL LA
+	{0x1071, 0x1074, prExtend},                 // Mn   [4] MYANMAR VOWEL SIGN GEBA KAREN I..MYANMAR VOWEL SIGN KAYAH EE
+	{0x1082, 0x1082, prExtend},                 // Mn       MYANMAR CONSONANT SIGN SHAN MEDIAL WA
+	{0x1084, 0x1084, prSpacingMark},            // Mc       MYANMAR VOWEL SIGN SHAN E
+	{0x1085, 0x1086, prExtend},                 // Mn   [2] MYANMAR VOWEL SIGN SHAN E ABOVE..MYANMAR VOWEL SIGN SHAN FINAL Y
+	{0x108D, 0x108D, prExtend},                 // Mn       MYANMAR SIGN SHAN COUNCIL EMPHATIC TONE
+	{0x109D, 0x109D, prExtend},                 // Mn       MYANMAR VOWEL SIGN AITON AI
+	{0x1100, 0x115F, prL},                      // Lo  [96] HANGUL CHOSEONG KIYEOK..HANGUL CHOSEONG FILLER
+	{0x1160, 0x11A7, prV},                      // Lo  [72] HANGUL JUNGSEONG FILLER..HANGUL JUNGSEONG O-YAE
+	{0x11A8, 0x11FF, prT},                      // Lo  [88] HANGUL JONGSEONG KIYEOK..HANGUL JONGSEONG SSANGNIEUN
+	{0x135D, 0x135F, prExtend},                 // Mn   [3] ETHIOPIC COMBINING GEMINATION AND VOWEL LENGTH MARK..ETHIOPIC COMBINING GEMINATION MARK
+	{0x1712, 0x1714, prExtend},                 // Mn   [3] TAGALOG VOWEL SIGN I..TAGALOG SIGN VIRAMA
+	{0x1715, 0x1715, prSpacingMark},            // Mc       TAGALOG SIGN PAMUDPOD
+	{0x1732, 0x1733, prExtend},                 // Mn   [2] HANUNOO VOWEL SIGN I..HANUNOO VOWEL SIGN U
+	{0x1734, 0x1734, prSpacingMark},            // Mc       HANUNOO SIGN PAMUDPOD
+	{0x1752, 0x1753, prExtend},                 // Mn   [2] BUHID VOWEL SIGN I..BUHID VOWEL SIGN U
+	{0x1772, 0x1773, prExtend},                 // Mn   [2] TAGBANWA VOWEL SIGN I..TAGBANWA VOWEL SIGN U
+	{0x17B4, 0x17B5, prExtend},                 // Mn   [2] KHMER VOWEL INHERENT AQ..KHMER VOWEL INHERENT AA
+	{0x17B6, 0x17B6, prSpacingMark},            // Mc       KHMER VOWEL SIGN AA
+	{0x17B7, 0x17BD, prExtend},                 // Mn   [7] KHMER VOWEL SIGN I..KHMER VOWEL SIGN UA
+	{0x17BE, 0x17C5, prSpacingMark},            // Mc   [8] KHMER VOWEL SIGN OE..KHMER VOWEL SIGN AU
+	{0x17C6, 0x17C6, prExtend},                 // Mn       KHMER SIGN NIKAHIT
+	{0x17C7, 0x17C8, prSpacingMark},            // Mc   [2] KHMER SIGN REAHMUK..KHMER SIGN YUUKALEAPINTU
+	{0x17C9, 0x17D3, prExtend},                 // Mn  [11] KHMER SIGN MUUSIKATOAN..KHMER SIGN BATHAMASAT
+	{0x17DD, 0x17DD, prExtend},                 // Mn       KHMER SIGN ATTHACAN
+	{0x180B, 0x180D, prExtend},                 // Mn   [3] MONGOLIAN FREE VARIATION SELECTOR ONE..MONGOLIAN FREE VARIATION SELECTOR THREE
+	{0x180E, 0x180E, prControl},                // Cf       MONGOLIAN VOWEL SEPARATOR
+	{0x180F, 0x180F, prExtend},                 // Mn       MONGOLIAN FREE VARIATION SELECTOR FOUR
+	{0x1885, 0x1886, prExtend},                 // Mn   [2] MONGOLIAN LETTER ALI GALI BALUDA..MONGOLIAN LETTER ALI GALI THREE BALUDA
+	{0x18A9, 0x18A9, prExtend},                 // Mn       MONGOLIAN LETTER ALI GALI DAGALGA
+	{0x1920, 0x1922, prExtend},                 // Mn   [3] LIMBU VOWEL SIGN A..LIMBU VOWEL SIGN U
+	{0x1923, 0x1926, prSpacingMark},            // Mc   [4] LIMBU VOWEL SIGN EE..LIMBU VOWEL SIGN AU
+	{0x1927, 0x1928, prExtend},                 // Mn   [2] LIMBU VOWEL SIGN E..LIMBU VOWEL SIGN O
+	{0x1929, 0x192B, prSpacingMark},            // Mc   [3] LIMBU SUBJOINED LETTER YA..LIMBU SUBJOINED LETTER WA
+	{0x1930, 0x1931, prSpacingMark},            // Mc   [2] LIMBU SMALL LETTER KA..LIMBU SMALL LETTER NGA
+	{0x1932, 0x1932, prExtend},                 // Mn       LIMBU SMALL LETTER ANUSVARA
+	{0x1933, 0x1938, prSpacingMark},            // Mc   [6] LIMBU SMALL LETTER TA..LIMBU SMALL LETTER LA
+	{0x1939, 0x193B, prExtend},                 // Mn   [3] LIMBU SIGN MUKPHRENG..LIMBU SIGN SA-I
+	{0x1A17, 0x1A18, prExtend},                 // Mn   [2] BUGINESE VOWEL SIGN I..BUGINESE VOWEL SIGN U
+	{0x1A19, 0x1A1A, prSpacingMark},            // Mc   [2] BUGINESE VOWEL SIGN E..BUGINESE VOWEL SIGN O
+	{0x1A1B, 0x1A1B, prExtend},                 // Mn       BUGINESE VOWEL SIGN AE
+	{0x1A55, 0x1A55, prSpacingMark},            // Mc       TAI THAM CONSONANT SIGN MEDIAL RA
+	{0x1A56, 0x1A56, prExtend},                 // Mn       TAI THAM CONSONANT SIGN MEDIAL LA
+	{0x1A57, 0x1A57, prSpacingMark},            // Mc       TAI THAM CONSONANT SIGN LA TANG LAI
+	{0x1A58, 0x1A5E, prExtend},                 // Mn   [7] TAI THAM SIGN MAI KANG LAI..TAI THAM CONSONANT SIGN SA
+	{0x1A60, 0x1A60, prExtend},                 // Mn       TAI THAM SIGN SAKOT
+	{0x1A62, 0x1A62, prExtend},                 // Mn       TAI THAM VOWEL SIGN MAI SAT
+	{0x1A65, 0x1A6C, prExtend},                 // Mn   [8] TAI THAM VOWEL SIGN I..TAI THAM VOWEL SIGN OA BELOW
+	{0x1A6D, 0x1A72, prSpacingMark},            // Mc   [6] TAI THAM VOWEL SIGN OY..TAI THAM VOWEL SIGN THAM AI
+	{0x1A73, 0x1A7C, prExtend},                 // Mn  [10] TAI THAM VOWEL SIGN OA ABOVE..TAI THAM SIGN KHUEN-LUE KARAN
+	{0x1A7F, 0x1A7F, prExtend},                 // Mn       TAI THAM COMBINING CRYPTOGRAMMIC DOT
+	{0x1AB0, 0x1ABD, prExtend},                 // Mn  [14] COMBINING DOUBLED CIRCUMFLEX ACCENT..COMBINING PARENTHESES BELOW
+	{0x1ABE, 0x1ABE, prExtend},                 // Me       COMBINING PARENTHESES OVERLAY
+	{0x1ABF, 0x1ACE, prExtend},                 // Mn  [16] COMBINING LATIN SMALL LETTER W BELOW..COMBINING LATIN SMALL LETTER INSULAR T
+	{0x1B00, 0x1B03, prExtend},                 // Mn   [4] BALINESE SIGN ULU RICEM..BALINESE SIGN SURANG
+	{0x1B04, 0x1B04, prSpacingMark},            // Mc       BALINESE SIGN BISAH
+	{0x1B34, 0x1B34, prExtend},                 // Mn       BALINESE SIGN REREKAN
+	{0x1B35, 0x1B35, prExtend},                 // Mc       BALINESE VOWEL SIGN TEDUNG
+	{0x1B36, 0x1B3A, prExtend},                 // Mn   [5] BALINESE VOWEL SIGN ULU..BALINESE VOWEL SIGN RA REPA
+	{0x1B3B, 0x1B3B, prSpacingMark},            // Mc       BALINESE VOWEL SIGN RA REPA TEDUNG
+	{0x1B3C, 0x1B3C, prExtend},                 // Mn       BALINESE VOWEL SIGN LA LENGA
+	{0x1B3D, 0x1B41, prSpacingMark},            // Mc   [5] BALINESE VOWEL SIGN LA LENGA TEDUNG..BALINESE VOWEL SIGN TALING REPA TEDUNG
+	{0x1B42, 0x1B42, prExtend},                 // Mn       BALINESE VOWEL SIGN PEPET
+	{0x1B43, 0x1B44, prSpacingMark},            // Mc   [2] BALINESE VOWEL SIGN PEPET TEDUNG..BALINESE ADEG ADEG
+	{0x1B6B, 0x1B73, prExtend},                 // Mn   [9] BALINESE MUSICAL SYMBOL COMBINING TEGEH..BALINESE MUSICAL SYMBOL COMBINING GONG
+	{0x1B80, 0x1B81, prExtend},                 // Mn   [2] SUNDANESE SIGN PANYECEK..SUNDANESE SIGN PANGLAYAR
+	{0x1B82, 0x1B82, prSpacingMark},            // Mc       SUNDANESE SIGN PANGWISAD
+	{0x1BA1, 0x1BA1, prSpacingMark},            // Mc       SUNDANESE CONSONANT SIGN PAMINGKAL
+	{0x1BA2, 0x1BA5, prExtend},                 // Mn   [4] SUNDANESE CONSONANT SIGN PANYAKRA..SUNDANESE VOWEL SIGN PANYUKU
+	{0x1BA6, 0x1BA7, prSpacingMark},            // Mc   [2] SUNDANESE VOWEL SIGN PANAELAENG..SUNDANESE VOWEL SIGN PANOLONG
+	{0x1BA8, 0x1BA9, prExtend},                 // Mn   [2] SUNDANESE VOWEL SIGN PAMEPET..SUNDANESE VOWEL SIGN PANEULEUNG
+	{0x1BAA, 0x1BAA, prSpacingMark},            // Mc       SUNDANESE SIGN PAMAAEH
+	{0x1BAB, 0x1BAD, prExtend},                 // Mn   [3] SUNDANESE SIGN VIRAMA..SUNDANESE CONSONANT SIGN PASANGAN WA
+	{0x1BE6, 0x1BE6, prExtend},                 // Mn       BATAK SIGN TOMPI
+	{0x1BE7, 0x1BE7, prSpacingMark},            // Mc       BATAK VOWEL SIGN E
+	{0x1BE8, 0x1BE9, prExtend},                 // Mn   [2] BATAK VOWEL SIGN PAKPAK E..BATAK VOWEL SIGN EE
+	{0x1BEA, 0x1BEC, prSpacingMark},            // Mc   [3] BATAK VOWEL SIGN I..BATAK VOWEL SIGN O
+	{0x1BED, 0x1BED, prExtend},                 // Mn       BATAK VOWEL SIGN KARO O
+	{0x1BEE, 0x1BEE, prSpacingMark},            // Mc       BATAK VOWEL SIGN U
+	{0x1BEF, 0x1BF1, prExtend},                 // Mn   [3] BATAK VOWEL SIGN U FOR SIMALUNGUN SA..BATAK CONSONANT SIGN H
+	{0x1BF2, 0x1BF3, prSpacingMark},            // Mc   [2] BATAK PANGOLAT..BATAK PANONGONAN
+	{0x1C24, 0x1C2B, prSpacingMark},            // Mc   [8] LEPCHA SUBJOINED LETTER YA..LEPCHA VOWEL SIGN UU
+	{0x1C2C, 0x1C33, prExtend},                 // Mn   [8] LEPCHA VOWEL SIGN E..LEPCHA CONSONANT SIGN T
+	{0x1C34, 0x1C35, prSpacingMark},            // Mc   [2] LEPCHA CONSONANT SIGN NYIN-DO..LEPCHA CONSONANT SIGN KANG
+	{0x1C36, 0x1C37, prExtend},                 // Mn   [2] LEPCHA SIGN RAN..LEPCHA SIGN NUKTA
+	{0x1CD0, 0x1CD2, prExtend},                 // Mn   [3] VEDIC TONE KARSHANA..VEDIC TONE PRENKHA
+	{0x1CD4, 0x1CE0, prExtend},                 // Mn  [13] VEDIC SIGN YAJURVEDIC MIDLINE SVARITA..VEDIC TONE RIGVEDIC KASHMIRI INDEPENDENT SVARITA
+	{0x1CE1, 0x1CE1, prSpacingMark},            // Mc       VEDIC TONE ATHARVAVEDIC INDEPENDENT SVARITA
+	{0x1CE2, 0x1CE8, prExtend},                 // Mn   [7] VEDIC SIGN VISARGA SVARITA..VEDIC SIGN VISARGA ANUDATTA WITH TAIL
+	{0x1CED, 0x1CED, prExtend},                 // Mn       VEDIC SIGN TIRYAK
+	{0x1CF4, 0x1CF4, prExtend},                 // Mn       VEDIC TONE CANDRA ABOVE
+	{0x1CF7, 0x1CF7, prSpacingMark},            // Mc       VEDIC SIGN ATIKRAMA
+	{0x1CF8, 0x1CF9, prExtend},                 // Mn   [2] VEDIC TONE RING ABOVE..VEDIC TONE DOUBLE RING ABOVE
+	{0x1DC0, 0x1DFF, prExtend},                 // Mn  [64] COMBINING DOTTED GRAVE ACCENT..COMBINING RIGHT ARROWHEAD AND DOWN ARROWHEAD BELOW
+	{0x200B, 0x200B, prControl},                // Cf       ZERO WIDTH SPACE
+	{0x200C, 0x200C, prExtend},                 // Cf       ZERO WIDTH NON-JOINER
+	{0x200D, 0x200D, prZWJ},                    // Cf       ZERO WIDTH JOINER
+	{0x200E, 0x200F, prControl},                // Cf   [2] LEFT-TO-RIGHT MARK..RIGHT-TO-LEFT MARK
+	{0x2028, 0x2028, prControl},                // Zl       LINE SEPARATOR
+	{0x2029, 0x2029, prControl},                // Zp       PARAGRAPH SEPARATOR
+	{0x202A, 0x202E, prControl},                // Cf   [5] LEFT-TO-RIGHT EMBEDDING..RIGHT-TO-LEFT OVERRIDE
+	{0x203C, 0x203C, prExtendedPictographic},   // E0.6   [1] (‼�)       double exclamation mark
+	{0x2049, 0x2049, prExtendedPictographic},   // E0.6   [1] (��)       exclamation question mark
+	{0x2060, 0x2064, prControl},                // Cf   [5] WORD JOINER..INVISIBLE PLUS
+	{0x2065, 0x2065, prControl},                // Cn       <reserved-2065>
+	{0x2066, 0x206F, prControl},                // Cf  [10] LEFT-TO-RIGHT ISOLATE..NOMINAL DIGIT SHAPES
+	{0x20D0, 0x20DC, prExtend},                 // Mn  [13] COMBINING LEFT HARPOON ABOVE..COMBINING FOUR DOTS ABOVE
+	{0x20DD, 0x20E0, prExtend},                 // Me   [4] COMBINING ENCLOSING CIRCLE..COMBINING ENCLOSING CIRCLE BACKSLASH
+	{0x20E1, 0x20E1, prExtend},                 // Mn       COMBINING LEFT RIGHT ARROW ABOVE
+	{0x20E2, 0x20E4, prExtend},                 // Me   [3] COMBINING ENCLOSING SCREEN..COMBINING ENCLOSING UPWARD POINTING TRIANGLE
+	{0x20E5, 0x20F0, prExtend},                 // Mn  [12] COMBINING REVERSE SOLIDUS OVERLAY..COMBINING ASTERISK ABOVE
+	{0x2122, 0x2122, prExtendedPictographic},   // E0.6   [1] (™�)       trade mark
+	{0x2139, 0x2139, prExtendedPictographic},   // E0.6   [1] (ℹ�)       information
+	{0x2194, 0x2199, prExtendedPictographic},   // E0.6   [6] (↔�..↙�)    left-right arrow..down-left arrow
+	{0x21A9, 0x21AA, prExtendedPictographic},   // E0.6   [2] (↩�..↪�)    right arrow curving left..left arrow curving right
+	{0x231A, 0x231B, prExtendedPictographic},   // E0.6   [2] (⌚..⌛)    watch..hourglass done
+	{0x2328, 0x2328, prExtendedPictographic},   // E1.0   [1] (⌨�)       keyboard
+	{0x2388, 0x2388, prExtendedPictographic},   // E0.0   [1] (⎈)       HELM SYMBOL
+	{0x23CF, 0x23CF, prExtendedPictographic},   // E1.0   [1] (��)       eject button
+	{0x23E9, 0x23EC, prExtendedPictographic},   // E0.6   [4] (�..�)    fast-forward button..fast down button
+	{0x23ED, 0x23EE, prExtendedPictographic},   // E0.7   [2] (��..��)    next track button..last track button
+	{0x23EF, 0x23EF, prExtendedPictographic},   // E1.0   [1] (��)       play or pause button
+	{0x23F0, 0x23F0, prExtendedPictographic},   // E0.6   [1] (�)       alarm clock
+	{0x23F1, 0x23F2, prExtendedPictographic},   // E1.0   [2] (��..��)    stopwatch..timer clock
+	{0x23F3, 0x23F3, prExtendedPictographic},   // E0.6   [1] (�)       hourglass not done
+	{0x23F8, 0x23FA, prExtendedPictographic},   // E0.7   [3] (��..��)    pause button..record button
+	{0x24C2, 0x24C2, prExtendedPictographic},   // E0.6   [1] (Ⓜ�)       circled M
+	{0x25AA, 0x25AB, prExtendedPictographic},   // E0.6   [2] (▪�..▫�)    black small square..white small square
+	{0x25B6, 0x25B6, prExtendedPictographic},   // E0.6   [1] (▶�)       play button
+	{0x25C0, 0x25C0, prExtendedPictographic},   // E0.6   [1] (◀�)       reverse button
+	{0x25FB, 0x25FE, prExtendedPictographic},   // E0.6   [4] (◻�..◾)    white medium square..black medium-small square
+	{0x2600, 0x2601, prExtendedPictographic},   // E0.6   [2] (☀�..��)    sun..cloud
+	{0x2602, 0x2603, prExtendedPictographic},   // E0.7   [2] (☂�..☃�)    umbrella..snowman
+	{0x2604, 0x2604, prExtendedPictographic},   // E1.0   [1] (☄�)       comet
+	{0x2605, 0x2605, prExtendedPictographic},   // E0.0   [1] (★)       BLACK STAR
+	{0x2607, 0x260D, prExtendedPictographic},   // E0.0   [7] (☇..�)    LIGHTNING..OPPOSITION
+	{0x260E, 0x260E, prExtendedPictographic},   // E0.6   [1] (☎�)       telephone
+	{0x260F, 0x2610, prExtendedPictographic},   // E0.0   [2] (�..�)    WHITE TELEPHONE..BALLOT BOX
+	{0x2611, 0x2611, prExtendedPictographic},   // E0.6   [1] (☑�)       check box with check
+	{0x2612, 0x2612, prExtendedPictographic},   // E0.0   [1] (☒)       BALLOT BOX WITH X
+	{0x2614, 0x2615, prExtendedPictographic},   // E0.6   [2] (☔..☕)    umbrella with rain drops..hot beverage
+	{0x2616, 0x2617, prExtendedPictographic},   // E0.0   [2] (☖..☗)    WHITE SHOGI PIECE..BLACK SHOGI PIECE
+	{0x2618, 0x2618, prExtendedPictographic},   // E1.0   [1] (☘�)       shamrock
+	{0x2619, 0x261C, prExtendedPictographic},   // E0.0   [4] (☙..☜)    REVERSED ROTATED FLORAL HEART BULLET..WHITE LEFT POINTING INDEX
+	{0x261D, 0x261D, prExtendedPictographic},   // E0.6   [1] (��)       index pointing up
+	{0x261E, 0x261F, prExtendedPictographic},   // E0.0   [2] (☞..☟)    WHITE RIGHT POINTING INDEX..WHITE DOWN POINTING INDEX
+	{0x2620, 0x2620, prExtendedPictographic},   // E1.0   [1] (☠�)       skull and crossbones
+	{0x2621, 0x2621, prExtendedPictographic},   // E0.0   [1] (☡)       CAUTION SIGN
+	{0x2622, 0x2623, prExtendedPictographic},   // E1.0   [2] (☢�..☣�)    radioactive..biohazard
+	{0x2624, 0x2625, prExtendedPictographic},   // E0.0   [2] (☤..☥)    CADUCEUS..ANKH
+	{0x2626, 0x2626, prExtendedPictographic},   // E1.0   [1] (☦�)       orthodox cross
+	{0x2627, 0x2629, prExtendedPictographic},   // E0.0   [3] (☧..☩)    CHI RHO..CROSS OF JERUSALEM
+	{0x262A, 0x262A, prExtendedPictographic},   // E0.7   [1] (☪�)       star and crescent
+	{0x262B, 0x262D, prExtendedPictographic},   // E0.0   [3] (☫..☭)    FARSI SYMBOL..HAMMER AND SICKLE
+	{0x262E, 0x262E, prExtendedPictographic},   // E1.0   [1] (☮�)       peace symbol
+	{0x262F, 0x262F, prExtendedPictographic},   // E0.7   [1] (☯�)       yin yang
+	{0x2630, 0x2637, prExtendedPictographic},   // E0.0   [8] (☰..☷)    TRIGRAM FOR HEAVEN..TRIGRAM FOR EARTH
+	{0x2638, 0x2639, prExtendedPictographic},   // E0.7   [2] (☸�..☹�)    wheel of dharma..frowning face
+	{0x263A, 0x263A, prExtendedPictographic},   // E0.6   [1] (☺�)       smiling face
+	{0x263B, 0x263F, prExtendedPictographic},   // E0.0   [5] (☻..☿)    BLACK SMILING FACE..MERCURY
+	{0x2640, 0x2640, prExtendedPictographic},   // E4.0   [1] (♀�)       female sign
+	{0x2641, 0x2641, prExtendedPictographic},   // E0.0   [1] (�)       EARTH
+	{0x2642, 0x2642, prExtendedPictographic},   // E4.0   [1] (♂�)       male sign
+	{0x2643, 0x2647, prExtendedPictographic},   // E0.0   [5] (♃..♇)    JUPITER..PLUTO
+	{0x2648, 0x2653, prExtendedPictographic},   // E0.6  [12] (♈..♓)    Aries..Pisces
+	{0x2654, 0x265E, prExtendedPictographic},   // E0.0  [11] (♔..♞)    WHITE CHESS KING..BLACK CHESS KNIGHT
+	{0x265F, 0x265F, prExtendedPictographic},   // E11.0  [1] (♟�)       chess pawn
+	{0x2660, 0x2660, prExtendedPictographic},   // E0.6   [1] (♠�)       spade suit
+	{0x2661, 0x2662, prExtendedPictographic},   // E0.0   [2] (♡..♢)    WHITE HEART SUIT..WHITE DIAMOND SUIT
+	{0x2663, 0x2663, prExtendedPictographic},   // E0.6   [1] (♣�)       club suit
+	{0x2664, 0x2664, prExtendedPictographic},   // E0.0   [1] (♤)       WHITE SPADE SUIT
+	{0x2665, 0x2666, prExtendedPictographic},   // E0.6   [2] (♥�..♦�)    heart suit..diamond suit
+	{0x2667, 0x2667, prExtendedPictographic},   // E0.0   [1] (♧)       WHITE CLUB SUIT
+	{0x2668, 0x2668, prExtendedPictographic},   // E0.6   [1] (♨�)       hot springs
+	{0x2669, 0x267A, prExtendedPictographic},   // E0.0  [18] (♩..♺)    QUARTER NOTE..RECYCLING SYMBOL FOR GENERIC MATERIALS
+	{0x267B, 0x267B, prExtendedPictographic},   // E0.6   [1] (♻�)       recycling symbol
+	{0x267C, 0x267D, prExtendedPictographic},   // E0.0   [2] (♼..♽)    RECYCLED PAPER SYMBOL..PARTIALLY-RECYCLED PAPER SYMBOL
+	{0x267E, 0x267E, prExtendedPictographic},   // E11.0  [1] (♾�)       infinity
+	{0x267F, 0x267F, prExtendedPictographic},   // E0.6   [1] (♿)       wheelchair symbol
+	{0x2680, 0x2685, prExtendedPictographic},   // E0.0   [6] (⚀..⚅)    DIE FACE-1..DIE FACE-6
+	{0x2690, 0x2691, prExtendedPictographic},   // E0.0   [2] (�..⚑)    WHITE FLAG..BLACK FLAG
+	{0x2692, 0x2692, prExtendedPictographic},   // E1.0   [1] (⚒�)       hammer and pick
+	{0x2693, 0x2693, prExtendedPictographic},   // E0.6   [1] (âš“)       anchor
+	{0x2694, 0x2694, prExtendedPictographic},   // E1.0   [1] (⚔�)       crossed swords
+	{0x2695, 0x2695, prExtendedPictographic},   // E4.0   [1] (⚕�)       medical symbol
+	{0x2696, 0x2697, prExtendedPictographic},   // E1.0   [2] (⚖�..⚗�)    balance scale..alembic
+	{0x2698, 0x2698, prExtendedPictographic},   // E0.0   [1] (⚘)       FLOWER
+	{0x2699, 0x2699, prExtendedPictographic},   // E1.0   [1] (⚙�)       gear
+	{0x269A, 0x269A, prExtendedPictographic},   // E0.0   [1] (âšš)       STAFF OF HERMES
+	{0x269B, 0x269C, prExtendedPictographic},   // E1.0   [2] (⚛�..⚜�)    atom symbol..fleur-de-lis
+	{0x269D, 0x269F, prExtendedPictographic},   // E0.0   [3] (�..⚟)    OUTLINED WHITE STAR..THREE LINES CONVERGING LEFT
+	{0x26A0, 0x26A1, prExtendedPictographic},   // E0.6   [2] (⚠�..⚡)    warning..high voltage
+	{0x26A2, 0x26A6, prExtendedPictographic},   // E0.0   [5] (⚢..⚦)    DOUBLED FEMALE SIGN..MALE WITH STROKE SIGN
+	{0x26A7, 0x26A7, prExtendedPictographic},   // E13.0  [1] (⚧�)       transgender symbol
+	{0x26A8, 0x26A9, prExtendedPictographic},   // E0.0   [2] (⚨..⚩)    VERTICAL MALE WITH STROKE SIGN..HORIZONTAL MALE WITH STROKE SIGN
+	{0x26AA, 0x26AB, prExtendedPictographic},   // E0.6   [2] (⚪..⚫)    white circle..black circle
+	{0x26AC, 0x26AF, prExtendedPictographic},   // E0.0   [4] (⚬..⚯)    MEDIUM SMALL WHITE CIRCLE..UNMARRIED PARTNERSHIP SYMBOL
+	{0x26B0, 0x26B1, prExtendedPictographic},   // E1.0   [2] (⚰�..⚱�)    coffin..funeral urn
+	{0x26B2, 0x26BC, prExtendedPictographic},   // E0.0  [11] (âš²..âš¼)    NEUTER..SESQUIQUADRATE
+	{0x26BD, 0x26BE, prExtendedPictographic},   // E0.6   [2] (âš½..âš¾)    soccer ball..baseball
+	{0x26BF, 0x26C3, prExtendedPictographic},   // E0.0   [5] (⚿..⛃)    SQUARED KEY..BLACK DRAUGHTS KING
+	{0x26C4, 0x26C5, prExtendedPictographic},   // E0.6   [2] (⛄..⛅)    snowman without snow..sun behind cloud
+	{0x26C6, 0x26C7, prExtendedPictographic},   // E0.0   [2] (⛆..⛇)    RAIN..BLACK SNOWMAN
+	{0x26C8, 0x26C8, prExtendedPictographic},   // E0.7   [1] (⛈�)       cloud with lightning and rain
+	{0x26C9, 0x26CD, prExtendedPictographic},   // E0.0   [5] (⛉..�)    TURNED WHITE SHOGI PIECE..DISABLED CAR
+	{0x26CE, 0x26CE, prExtendedPictographic},   // E0.6   [1] (⛎)       Ophiuchus
+	{0x26CF, 0x26CF, prExtendedPictographic},   // E0.7   [1] (��)       pick
+	{0x26D0, 0x26D0, prExtendedPictographic},   // E0.0   [1] (�)       CAR SLIDING
+	{0x26D1, 0x26D1, prExtendedPictographic},   // E0.7   [1] (⛑�)       rescue worker’s helmet
+	{0x26D2, 0x26D2, prExtendedPictographic},   // E0.0   [1] (â›’)       CIRCLED CROSSING LANES
+	{0x26D3, 0x26D3, prExtendedPictographic},   // E0.7   [1] (⛓�)       chains
+	{0x26D4, 0x26D4, prExtendedPictographic},   // E0.6   [1] (â›”)       no entry
+	{0x26D5, 0x26E8, prExtendedPictographic},   // E0.0  [20] (⛕..⛨)    ALTERNATE ONE-WAY LEFT WAY TRAFFIC..BLACK CROSS ON SHIELD
+	{0x26E9, 0x26E9, prExtendedPictographic},   // E0.7   [1] (⛩�)       shinto shrine
+	{0x26EA, 0x26EA, prExtendedPictographic},   // E0.6   [1] (⛪)       church
+	{0x26EB, 0x26EF, prExtendedPictographic},   // E0.0   [5] (⛫..⛯)    CASTLE..MAP SYMBOL FOR LIGHTHOUSE
+	{0x26F0, 0x26F1, prExtendedPictographic},   // E0.7   [2] (⛰�..⛱�)    mountain..umbrella on ground
+	{0x26F2, 0x26F3, prExtendedPictographic},   // E0.6   [2] (⛲..⛳)    fountain..flag in hole
+	{0x26F4, 0x26F4, prExtendedPictographic},   // E0.7   [1] (⛴�)       ferry
+	{0x26F5, 0x26F5, prExtendedPictographic},   // E0.6   [1] (⛵)       sailboat
+	{0x26F6, 0x26F6, prExtendedPictographic},   // E0.0   [1] (⛶)       SQUARE FOUR CORNERS
+	{0x26F7, 0x26F9, prExtendedPictographic},   // E0.7   [3] (⛷�..⛹�)    skier..person bouncing ball
+	{0x26FA, 0x26FA, prExtendedPictographic},   // E0.6   [1] (⛺)       tent
+	{0x26FB, 0x26FC, prExtendedPictographic},   // E0.0   [2] (⛻..⛼)    JAPANESE BANK SYMBOL..HEADSTONE GRAVEYARD SYMBOL
+	{0x26FD, 0x26FD, prExtendedPictographic},   // E0.6   [1] (⛽)       fuel pump
+	{0x26FE, 0x2701, prExtendedPictographic},   // E0.0   [4] (⛾..�)    CUP ON BLACK SQUARE..UPPER BLADE SCISSORS
+	{0x2702, 0x2702, prExtendedPictographic},   // E0.6   [1] (✂�)       scissors
+	{0x2703, 0x2704, prExtendedPictographic},   // E0.0   [2] (✃..✄)    LOWER BLADE SCISSORS..WHITE SCISSORS
+	{0x2705, 0x2705, prExtendedPictographic},   // E0.6   [1] (✅)       check mark button
+	{0x2708, 0x270C, prExtendedPictographic},   // E0.6   [5] (✈�..✌�)    airplane..victory hand
+	{0x270D, 0x270D, prExtendedPictographic},   // E0.7   [1] (��)       writing hand
+	{0x270E, 0x270E, prExtendedPictographic},   // E0.0   [1] (✎)       LOWER RIGHT PENCIL
+	{0x270F, 0x270F, prExtendedPictographic},   // E0.6   [1] (��)       pencil
+	{0x2710, 0x2711, prExtendedPictographic},   // E0.0   [2] (�..✑)    UPPER RIGHT PENCIL..WHITE NIB
+	{0x2712, 0x2712, prExtendedPictographic},   // E0.6   [1] (✒�)       black nib
+	{0x2714, 0x2714, prExtendedPictographic},   // E0.6   [1] (✔�)       check mark
+	{0x2716, 0x2716, prExtendedPictographic},   // E0.6   [1] (✖�)       multiply
+	{0x271D, 0x271D, prExtendedPictographic},   // E0.7   [1] (��)       latin cross
+	{0x2721, 0x2721, prExtendedPictographic},   // E0.7   [1] (✡�)       star of David
+	{0x2728, 0x2728, prExtendedPictographic},   // E0.6   [1] (✨)       sparkles
+	{0x2733, 0x2734, prExtendedPictographic},   // E0.6   [2] (✳�..✴�)    eight-spoked asterisk..eight-pointed star
+	{0x2744, 0x2744, prExtendedPictographic},   // E0.6   [1] (��)       snowflake
+	{0x2747, 0x2747, prExtendedPictographic},   // E0.6   [1] (��)       sparkle
+	{0x274C, 0x274C, prExtendedPictographic},   // E0.6   [1] (�)       cross mark
+	{0x274E, 0x274E, prExtendedPictographic},   // E0.6   [1] (�)       cross mark button
+	{0x2753, 0x2755, prExtendedPictographic},   // E0.6   [3] (�..�)    red question mark..white exclamation mark
+	{0x2757, 0x2757, prExtendedPictographic},   // E0.6   [1] (�)       red exclamation mark
+	{0x2763, 0x2763, prExtendedPictographic},   // E1.0   [1] (��)       heart exclamation
+	{0x2764, 0x2764, prExtendedPictographic},   // E0.6   [1] (��)       red heart
+	{0x2765, 0x2767, prExtendedPictographic},   // E0.0   [3] (�..�)    ROTATED HEAVY BLACK HEART BULLET..ROTATED FLORAL HEART BULLET
+	{0x2795, 0x2797, prExtendedPictographic},   // E0.6   [3] (âž•..âž—)    plus..divide
+	{0x27A1, 0x27A1, prExtendedPictographic},   // E0.6   [1] (➡�)       right arrow
+	{0x27B0, 0x27B0, prExtendedPictographic},   // E0.6   [1] (âž°)       curly loop
+	{0x27BF, 0x27BF, prExtendedPictographic},   // E1.0   [1] (âž¿)       double curly loop
+	{0x2934, 0x2935, prExtendedPictographic},   // E0.6   [2] (⤴�..⤵�)    right arrow curving up..right arrow curving down
+	{0x2B05, 0x2B07, prExtendedPictographic},   // E0.6   [3] (⬅�..⬇�)    left arrow..down arrow
+	{0x2B1B, 0x2B1C, prExtendedPictographic},   // E0.6   [2] (⬛..⬜)    black large square..white large square
+	{0x2B50, 0x2B50, prExtendedPictographic},   // E0.6   [1] (â­�)       star
+	{0x2B55, 0x2B55, prExtendedPictographic},   // E0.6   [1] (â­•)       hollow red circle
+	{0x2CEF, 0x2CF1, prExtend},                 // Mn   [3] COPTIC COMBINING NI ABOVE..COPTIC COMBINING SPIRITUS LENIS
+	{0x2D7F, 0x2D7F, prExtend},                 // Mn       TIFINAGH CONSONANT JOINER
+	{0x2DE0, 0x2DFF, prExtend},                 // Mn  [32] COMBINING CYRILLIC LETTER BE..COMBINING CYRILLIC LETTER IOTIFIED BIG YUS
+	{0x302A, 0x302D, prExtend},                 // Mn   [4] IDEOGRAPHIC LEVEL TONE MARK..IDEOGRAPHIC ENTERING TONE MARK
+	{0x302E, 0x302F, prExtend},                 // Mc   [2] HANGUL SINGLE DOT TONE MARK..HANGUL DOUBLE DOT TONE MARK
+	{0x3030, 0x3030, prExtendedPictographic},   // E0.6   [1] (〰�)       wavy dash
+	{0x303D, 0x303D, prExtendedPictographic},   // E0.6   [1] (〽�)       part alternation mark
+	{0x3099, 0x309A, prExtend},                 // Mn   [2] COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK..COMBINING KATAKANA-HIRAGANA SEMI-VOICED SOUND MARK
+	{0x3297, 0x3297, prExtendedPictographic},   // E0.6   [1] (㊗�)       Japanese “congratulations� button
+	{0x3299, 0x3299, prExtendedPictographic},   // E0.6   [1] (㊙�)       Japanese “secret� button
+	{0xA66F, 0xA66F, prExtend},                 // Mn       COMBINING CYRILLIC VZMET
+	{0xA670, 0xA672, prExtend},                 // Me   [3] COMBINING CYRILLIC TEN MILLIONS SIGN..COMBINING CYRILLIC THOUSAND MILLIONS SIGN
+	{0xA674, 0xA67D, prExtend},                 // Mn  [10] COMBINING CYRILLIC LETTER UKRAINIAN IE..COMBINING CYRILLIC PAYEROK
+	{0xA69E, 0xA69F, prExtend},                 // Mn   [2] COMBINING CYRILLIC LETTER EF..COMBINING CYRILLIC LETTER IOTIFIED E
+	{0xA6F0, 0xA6F1, prExtend},                 // Mn   [2] BAMUM COMBINING MARK KOQNDON..BAMUM COMBINING MARK TUKWENTIS
+	{0xA802, 0xA802, prExtend},                 // Mn       SYLOTI NAGRI SIGN DVISVARA
+	{0xA806, 0xA806, prExtend},                 // Mn       SYLOTI NAGRI SIGN HASANTA
+	{0xA80B, 0xA80B, prExtend},                 // Mn       SYLOTI NAGRI SIGN ANUSVARA
+	{0xA823, 0xA824, prSpacingMark},            // Mc   [2] SYLOTI NAGRI VOWEL SIGN A..SYLOTI NAGRI VOWEL SIGN I
+	{0xA825, 0xA826, prExtend},                 // Mn   [2] SYLOTI NAGRI VOWEL SIGN U..SYLOTI NAGRI VOWEL SIGN E
+	{0xA827, 0xA827, prSpacingMark},            // Mc       SYLOTI NAGRI VOWEL SIGN OO
+	{0xA82C, 0xA82C, prExtend},                 // Mn       SYLOTI NAGRI SIGN ALTERNATE HASANTA
+	{0xA880, 0xA881, prSpacingMark},            // Mc   [2] SAURASHTRA SIGN ANUSVARA..SAURASHTRA SIGN VISARGA
+	{0xA8B4, 0xA8C3, prSpacingMark},            // Mc  [16] SAURASHTRA CONSONANT SIGN HAARU..SAURASHTRA VOWEL SIGN AU
+	{0xA8C4, 0xA8C5, prExtend},                 // Mn   [2] SAURASHTRA SIGN VIRAMA..SAURASHTRA SIGN CANDRABINDU
+	{0xA8E0, 0xA8F1, prExtend},                 // Mn  [18] COMBINING DEVANAGARI DIGIT ZERO..COMBINING DEVANAGARI SIGN AVAGRAHA
+	{0xA8FF, 0xA8FF, prExtend},                 // Mn       DEVANAGARI VOWEL SIGN AY
+	{0xA926, 0xA92D, prExtend},                 // Mn   [8] KAYAH LI VOWEL UE..KAYAH LI TONE CALYA PLOPHU
+	{0xA947, 0xA951, prExtend},                 // Mn  [11] REJANG VOWEL SIGN I..REJANG CONSONANT SIGN R
+	{0xA952, 0xA953, prSpacingMark},            // Mc   [2] REJANG CONSONANT SIGN H..REJANG VIRAMA
+	{0xA960, 0xA97C, prL},                      // Lo  [29] HANGUL CHOSEONG TIKEUT-MIEUM..HANGUL CHOSEONG SSANGYEORINHIEUH
+	{0xA980, 0xA982, prExtend},                 // Mn   [3] JAVANESE SIGN PANYANGGA..JAVANESE SIGN LAYAR
+	{0xA983, 0xA983, prSpacingMark},            // Mc       JAVANESE SIGN WIGNYAN
+	{0xA9B3, 0xA9B3, prExtend},                 // Mn       JAVANESE SIGN CECAK TELU
+	{0xA9B4, 0xA9B5, prSpacingMark},            // Mc   [2] JAVANESE VOWEL SIGN TARUNG..JAVANESE VOWEL SIGN TOLONG
+	{0xA9B6, 0xA9B9, prExtend},                 // Mn   [4] JAVANESE VOWEL SIGN WULU..JAVANESE VOWEL SIGN SUKU MENDUT
+	{0xA9BA, 0xA9BB, prSpacingMark},            // Mc   [2] JAVANESE VOWEL SIGN TALING..JAVANESE VOWEL SIGN DIRGA MURE
+	{0xA9BC, 0xA9BD, prExtend},                 // Mn   [2] JAVANESE VOWEL SIGN PEPET..JAVANESE CONSONANT SIGN KERET
+	{0xA9BE, 0xA9C0, prSpacingMark},            // Mc   [3] JAVANESE CONSONANT SIGN PENGKAL..JAVANESE PANGKON
+	{0xA9E5, 0xA9E5, prExtend},                 // Mn       MYANMAR SIGN SHAN SAW
+	{0xAA29, 0xAA2E, prExtend},                 // Mn   [6] CHAM VOWEL SIGN AA..CHAM VOWEL SIGN OE
+	{0xAA2F, 0xAA30, prSpacingMark},            // Mc   [2] CHAM VOWEL SIGN O..CHAM VOWEL SIGN AI
+	{0xAA31, 0xAA32, prExtend},                 // Mn   [2] CHAM VOWEL SIGN AU..CHAM VOWEL SIGN UE
+	{0xAA33, 0xAA34, prSpacingMark},            // Mc   [2] CHAM CONSONANT SIGN YA..CHAM CONSONANT SIGN RA
+	{0xAA35, 0xAA36, prExtend},                 // Mn   [2] CHAM CONSONANT SIGN LA..CHAM CONSONANT SIGN WA
+	{0xAA43, 0xAA43, prExtend},                 // Mn       CHAM CONSONANT SIGN FINAL NG
+	{0xAA4C, 0xAA4C, prExtend},                 // Mn       CHAM CONSONANT SIGN FINAL M
+	{0xAA4D, 0xAA4D, prSpacingMark},            // Mc       CHAM CONSONANT SIGN FINAL H
+	{0xAA7C, 0xAA7C, prExtend},                 // Mn       MYANMAR SIGN TAI LAING TONE-2
+	{0xAAB0, 0xAAB0, prExtend},                 // Mn       TAI VIET MAI KANG
+	{0xAAB2, 0xAAB4, prExtend},                 // Mn   [3] TAI VIET VOWEL I..TAI VIET VOWEL U
+	{0xAAB7, 0xAAB8, prExtend},                 // Mn   [2] TAI VIET MAI KHIT..TAI VIET VOWEL IA
+	{0xAABE, 0xAABF, prExtend},                 // Mn   [2] TAI VIET VOWEL AM..TAI VIET TONE MAI EK
+	{0xAAC1, 0xAAC1, prExtend},                 // Mn       TAI VIET TONE MAI THO
+	{0xAAEB, 0xAAEB, prSpacingMark},            // Mc       MEETEI MAYEK VOWEL SIGN II
+	{0xAAEC, 0xAAED, prExtend},                 // Mn   [2] MEETEI MAYEK VOWEL SIGN UU..MEETEI MAYEK VOWEL SIGN AAI
+	{0xAAEE, 0xAAEF, prSpacingMark},            // Mc   [2] MEETEI MAYEK VOWEL SIGN AU..MEETEI MAYEK VOWEL SIGN AAU
+	{0xAAF5, 0xAAF5, prSpacingMark},            // Mc       MEETEI MAYEK VOWEL SIGN VISARGA
+	{0xAAF6, 0xAAF6, prExtend},                 // Mn       MEETEI MAYEK VIRAMA
+	{0xABE3, 0xABE4, prSpacingMark},            // Mc   [2] MEETEI MAYEK VOWEL SIGN ONAP..MEETEI MAYEK VOWEL SIGN INAP
+	{0xABE5, 0xABE5, prExtend},                 // Mn       MEETEI MAYEK VOWEL SIGN ANAP
+	{0xABE6, 0xABE7, prSpacingMark},            // Mc   [2] MEETEI MAYEK VOWEL SIGN YENAP..MEETEI MAYEK VOWEL SIGN SOUNAP
+	{0xABE8, 0xABE8, prExtend},                 // Mn       MEETEI MAYEK VOWEL SIGN UNAP
+	{0xABE9, 0xABEA, prSpacingMark},            // Mc   [2] MEETEI MAYEK VOWEL SIGN CHEINAP..MEETEI MAYEK VOWEL SIGN NUNG
+	{0xABEC, 0xABEC, prSpacingMark},            // Mc       MEETEI MAYEK LUM IYEK
+	{0xABED, 0xABED, prExtend},                 // Mn       MEETEI MAYEK APUN IYEK
+	{0xAC00, 0xAC00, prLV},                     // Lo       HANGUL SYLLABLE GA
+	{0xAC01, 0xAC1B, prLVT},                    // Lo  [27] HANGUL SYLLABLE GAG..HANGUL SYLLABLE GAH
+	{0xAC1C, 0xAC1C, prLV},                     // Lo       HANGUL SYLLABLE GAE
+	{0xAC1D, 0xAC37, prLVT},                    // Lo  [27] HANGUL SYLLABLE GAEG..HANGUL SYLLABLE GAEH
+	{0xAC38, 0xAC38, prLV},                     // Lo       HANGUL SYLLABLE GYA
+	{0xAC39, 0xAC53, prLVT},                    // Lo  [27] HANGUL SYLLABLE GYAG..HANGUL SYLLABLE GYAH
+	{0xAC54, 0xAC54, prLV},                     // Lo       HANGUL SYLLABLE GYAE
+	{0xAC55, 0xAC6F, prLVT},                    // Lo  [27] HANGUL SYLLABLE GYAEG..HANGUL SYLLABLE GYAEH
+	{0xAC70, 0xAC70, prLV},                     // Lo       HANGUL SYLLABLE GEO
+	{0xAC71, 0xAC8B, prLVT},                    // Lo  [27] HANGUL SYLLABLE GEOG..HANGUL SYLLABLE GEOH
+	{0xAC8C, 0xAC8C, prLV},                     // Lo       HANGUL SYLLABLE GE
+	{0xAC8D, 0xACA7, prLVT},                    // Lo  [27] HANGUL SYLLABLE GEG..HANGUL SYLLABLE GEH
+	{0xACA8, 0xACA8, prLV},                     // Lo       HANGUL SYLLABLE GYEO
+	{0xACA9, 0xACC3, prLVT},                    // Lo  [27] HANGUL SYLLABLE GYEOG..HANGUL SYLLABLE GYEOH
+	{0xACC4, 0xACC4, prLV},                     // Lo       HANGUL SYLLABLE GYE
+	{0xACC5, 0xACDF, prLVT},                    // Lo  [27] HANGUL SYLLABLE GYEG..HANGUL SYLLABLE GYEH
+	{0xACE0, 0xACE0, prLV},                     // Lo       HANGUL SYLLABLE GO
+	{0xACE1, 0xACFB, prLVT},                    // Lo  [27] HANGUL SYLLABLE GOG..HANGUL SYLLABLE GOH
+	{0xACFC, 0xACFC, prLV},                     // Lo       HANGUL SYLLABLE GWA
+	{0xACFD, 0xAD17, prLVT},                    // Lo  [27] HANGUL SYLLABLE GWAG..HANGUL SYLLABLE GWAH
+	{0xAD18, 0xAD18, prLV},                     // Lo       HANGUL SYLLABLE GWAE
+	{0xAD19, 0xAD33, prLVT},                    // Lo  [27] HANGUL SYLLABLE GWAEG..HANGUL SYLLABLE GWAEH
+	{0xAD34, 0xAD34, prLV},                     // Lo       HANGUL SYLLABLE GOE
+	{0xAD35, 0xAD4F, prLVT},                    // Lo  [27] HANGUL SYLLABLE GOEG..HANGUL SYLLABLE GOEH
+	{0xAD50, 0xAD50, prLV},                     // Lo       HANGUL SYLLABLE GYO
+	{0xAD51, 0xAD6B, prLVT},                    // Lo  [27] HANGUL SYLLABLE GYOG..HANGUL SYLLABLE GYOH
+	{0xAD6C, 0xAD6C, prLV},                     // Lo       HANGUL SYLLABLE GU
+	{0xAD6D, 0xAD87, prLVT},                    // Lo  [27] HANGUL SYLLABLE GUG..HANGUL SYLLABLE GUH
+	{0xAD88, 0xAD88, prLV},                     // Lo       HANGUL SYLLABLE GWEO
+	{0xAD89, 0xADA3, prLVT},                    // Lo  [27] HANGUL SYLLABLE GWEOG..HANGUL SYLLABLE GWEOH
+	{0xADA4, 0xADA4, prLV},                     // Lo       HANGUL SYLLABLE GWE
+	{0xADA5, 0xADBF, prLVT},                    // Lo  [27] HANGUL SYLLABLE GWEG..HANGUL SYLLABLE GWEH
+	{0xADC0, 0xADC0, prLV},                     // Lo       HANGUL SYLLABLE GWI
+	{0xADC1, 0xADDB, prLVT},                    // Lo  [27] HANGUL SYLLABLE GWIG..HANGUL SYLLABLE GWIH
+	{0xADDC, 0xADDC, prLV},                     // Lo       HANGUL SYLLABLE GYU
+	{0xADDD, 0xADF7, prLVT},                    // Lo  [27] HANGUL SYLLABLE GYUG..HANGUL SYLLABLE GYUH
+	{0xADF8, 0xADF8, prLV},                     // Lo       HANGUL SYLLABLE GEU
+	{0xADF9, 0xAE13, prLVT},                    // Lo  [27] HANGUL SYLLABLE GEUG..HANGUL SYLLABLE GEUH
+	{0xAE14, 0xAE14, prLV},                     // Lo       HANGUL SYLLABLE GYI
+	{0xAE15, 0xAE2F, prLVT},                    // Lo  [27] HANGUL SYLLABLE GYIG..HANGUL SYLLABLE GYIH
+	{0xAE30, 0xAE30, prLV},                     // Lo       HANGUL SYLLABLE GI
+	{0xAE31, 0xAE4B, prLVT},                    // Lo  [27] HANGUL SYLLABLE GIG..HANGUL SYLLABLE GIH
+	{0xAE4C, 0xAE4C, prLV},                     // Lo       HANGUL SYLLABLE GGA
+	{0xAE4D, 0xAE67, prLVT},                    // Lo  [27] HANGUL SYLLABLE GGAG..HANGUL SYLLABLE GGAH
+	{0xAE68, 0xAE68, prLV},                     // Lo       HANGUL SYLLABLE GGAE
+	{0xAE69, 0xAE83, prLVT},                    // Lo  [27] HANGUL SYLLABLE GGAEG..HANGUL SYLLABLE GGAEH
+	{0xAE84, 0xAE84, prLV},                     // Lo       HANGUL SYLLABLE GGYA
+	{0xAE85, 0xAE9F, prLVT},                    // Lo  [27] HANGUL SYLLABLE GGYAG..HANGUL SYLLABLE GGYAH
+	{0xAEA0, 0xAEA0, prLV},                     // Lo       HANGUL SYLLABLE GGYAE
+	{0xAEA1, 0xAEBB, prLVT},                    // Lo  [27] HANGUL SYLLABLE GGYAEG..HANGUL SYLLABLE GGYAEH
+	{0xAEBC, 0xAEBC, prLV},                     // Lo       HANGUL SYLLABLE GGEO
+	{0xAEBD, 0xAED7, prLVT},                    // Lo  [27] HANGUL SYLLABLE GGEOG..HANGUL SYLLABLE GGEOH
+	{0xAED8, 0xAED8, prLV},                     // Lo       HANGUL SYLLABLE GGE
+	{0xAED9, 0xAEF3, prLVT},                    // Lo  [27] HANGUL SYLLABLE GGEG..HANGUL SYLLABLE GGEH
+	{0xAEF4, 0xAEF4, prLV},                     // Lo       HANGUL SYLLABLE GGYEO
+	{0xAEF5, 0xAF0F, prLVT},                    // Lo  [27] HANGUL SYLLABLE GGYEOG..HANGUL SYLLABLE GGYEOH
+	{0xAF10, 0xAF10, prLV},                     // Lo       HANGUL SYLLABLE GGYE
+	{0xAF11, 0xAF2B, prLVT},                    // Lo  [27] HANGUL SYLLABLE GGYEG..HANGUL SYLLABLE GGYEH
+	{0xAF2C, 0xAF2C, prLV},                     // Lo       HANGUL SYLLABLE GGO
+	{0xAF2D, 0xAF47, prLVT},                    // Lo  [27] HANGUL SYLLABLE GGOG..HANGUL SYLLABLE GGOH
+	{0xAF48, 0xAF48, prLV},                     // Lo       HANGUL SYLLABLE GGWA
+	{0xAF49, 0xAF63, prLVT},                    // Lo  [27] HANGUL SYLLABLE GGWAG..HANGUL SYLLABLE GGWAH
+	{0xAF64, 0xAF64, prLV},                     // Lo       HANGUL SYLLABLE GGWAE
+	{0xAF65, 0xAF7F, prLVT},                    // Lo  [27] HANGUL SYLLABLE GGWAEG..HANGUL SYLLABLE GGWAEH
+	{0xAF80, 0xAF80, prLV},                     // Lo       HANGUL SYLLABLE GGOE
+	{0xAF81, 0xAF9B, prLVT},                    // Lo  [27] HANGUL SYLLABLE GGOEG..HANGUL SYLLABLE GGOEH
+	{0xAF9C, 0xAF9C, prLV},                     // Lo       HANGUL SYLLABLE GGYO
+	{0xAF9D, 0xAFB7, prLVT},                    // Lo  [27] HANGUL SYLLABLE GGYOG..HANGUL SYLLABLE GGYOH
+	{0xAFB8, 0xAFB8, prLV},                     // Lo       HANGUL SYLLABLE GGU
+	{0xAFB9, 0xAFD3, prLVT},                    // Lo  [27] HANGUL SYLLABLE GGUG..HANGUL SYLLABLE GGUH
+	{0xAFD4, 0xAFD4, prLV},                     // Lo       HANGUL SYLLABLE GGWEO
+	{0xAFD5, 0xAFEF, prLVT},                    // Lo  [27] HANGUL SYLLABLE GGWEOG..HANGUL SYLLABLE GGWEOH
+	{0xAFF0, 0xAFF0, prLV},                     // Lo       HANGUL SYLLABLE GGWE
+	{0xAFF1, 0xB00B, prLVT},                    // Lo  [27] HANGUL SYLLABLE GGWEG..HANGUL SYLLABLE GGWEH
+	{0xB00C, 0xB00C, prLV},                     // Lo       HANGUL SYLLABLE GGWI
+	{0xB00D, 0xB027, prLVT},                    // Lo  [27] HANGUL SYLLABLE GGWIG..HANGUL SYLLABLE GGWIH
+	{0xB028, 0xB028, prLV},                     // Lo       HANGUL SYLLABLE GGYU
+	{0xB029, 0xB043, prLVT},                    // Lo  [27] HANGUL SYLLABLE GGYUG..HANGUL SYLLABLE GGYUH
+	{0xB044, 0xB044, prLV},                     // Lo       HANGUL SYLLABLE GGEU
+	{0xB045, 0xB05F, prLVT},                    // Lo  [27] HANGUL SYLLABLE GGEUG..HANGUL SYLLABLE GGEUH
+	{0xB060, 0xB060, prLV},                     // Lo       HANGUL SYLLABLE GGYI
+	{0xB061, 0xB07B, prLVT},                    // Lo  [27] HANGUL SYLLABLE GGYIG..HANGUL SYLLABLE GGYIH
+	{0xB07C, 0xB07C, prLV},                     // Lo       HANGUL SYLLABLE GGI
+	{0xB07D, 0xB097, prLVT},                    // Lo  [27] HANGUL SYLLABLE GGIG..HANGUL SYLLABLE GGIH
+	{0xB098, 0xB098, prLV},                     // Lo       HANGUL SYLLABLE NA
+	{0xB099, 0xB0B3, prLVT},                    // Lo  [27] HANGUL SYLLABLE NAG..HANGUL SYLLABLE NAH
+	{0xB0B4, 0xB0B4, prLV},                     // Lo       HANGUL SYLLABLE NAE
+	{0xB0B5, 0xB0CF, prLVT},                    // Lo  [27] HANGUL SYLLABLE NAEG..HANGUL SYLLABLE NAEH
+	{0xB0D0, 0xB0D0, prLV},                     // Lo       HANGUL SYLLABLE NYA
+	{0xB0D1, 0xB0EB, prLVT},                    // Lo  [27] HANGUL SYLLABLE NYAG..HANGUL SYLLABLE NYAH
+	{0xB0EC, 0xB0EC, prLV},                     // Lo       HANGUL SYLLABLE NYAE
+	{0xB0ED, 0xB107, prLVT},                    // Lo  [27] HANGUL SYLLABLE NYAEG..HANGUL SYLLABLE NYAEH
+	{0xB108, 0xB108, prLV},                     // Lo       HANGUL SYLLABLE NEO
+	{0xB109, 0xB123, prLVT},                    // Lo  [27] HANGUL SYLLABLE NEOG..HANGUL SYLLABLE NEOH
+	{0xB124, 0xB124, prLV},                     // Lo       HANGUL SYLLABLE NE
+	{0xB125, 0xB13F, prLVT},                    // Lo  [27] HANGUL SYLLABLE NEG..HANGUL SYLLABLE NEH
+	{0xB140, 0xB140, prLV},                     // Lo       HANGUL SYLLABLE NYEO
+	{0xB141, 0xB15B, prLVT},                    // Lo  [27] HANGUL SYLLABLE NYEOG..HANGUL SYLLABLE NYEOH
+	{0xB15C, 0xB15C, prLV},                     // Lo       HANGUL SYLLABLE NYE
+	{0xB15D, 0xB177, prLVT},                    // Lo  [27] HANGUL SYLLABLE NYEG..HANGUL SYLLABLE NYEH
+	{0xB178, 0xB178, prLV},                     // Lo       HANGUL SYLLABLE NO
+	{0xB179, 0xB193, prLVT},                    // Lo  [27] HANGUL SYLLABLE NOG..HANGUL SYLLABLE NOH
+	{0xB194, 0xB194, prLV},                     // Lo       HANGUL SYLLABLE NWA
+	{0xB195, 0xB1AF, prLVT},                    // Lo  [27] HANGUL SYLLABLE NWAG..HANGUL SYLLABLE NWAH
+	{0xB1B0, 0xB1B0, prLV},                     // Lo       HANGUL SYLLABLE NWAE
+	{0xB1B1, 0xB1CB, prLVT},                    // Lo  [27] HANGUL SYLLABLE NWAEG..HANGUL SYLLABLE NWAEH
+	{0xB1CC, 0xB1CC, prLV},                     // Lo       HANGUL SYLLABLE NOE
+	{0xB1CD, 0xB1E7, prLVT},                    // Lo  [27] HANGUL SYLLABLE NOEG..HANGUL SYLLABLE NOEH
+	{0xB1E8, 0xB1E8, prLV},                     // Lo       HANGUL SYLLABLE NYO
+	{0xB1E9, 0xB203, prLVT},                    // Lo  [27] HANGUL SYLLABLE NYOG..HANGUL SYLLABLE NYOH
+	{0xB204, 0xB204, prLV},                     // Lo       HANGUL SYLLABLE NU
+	{0xB205, 0xB21F, prLVT},                    // Lo  [27] HANGUL SYLLABLE NUG..HANGUL SYLLABLE NUH
+	{0xB220, 0xB220, prLV},                     // Lo       HANGUL SYLLABLE NWEO
+	{0xB221, 0xB23B, prLVT},                    // Lo  [27] HANGUL SYLLABLE NWEOG..HANGUL SYLLABLE NWEOH
+	{0xB23C, 0xB23C, prLV},                     // Lo       HANGUL SYLLABLE NWE
+	{0xB23D, 0xB257, prLVT},                    // Lo  [27] HANGUL SYLLABLE NWEG..HANGUL SYLLABLE NWEH
+	{0xB258, 0xB258, prLV},                     // Lo       HANGUL SYLLABLE NWI
+	{0xB259, 0xB273, prLVT},                    // Lo  [27] HANGUL SYLLABLE NWIG..HANGUL SYLLABLE NWIH
+	{0xB274, 0xB274, prLV},                     // Lo       HANGUL SYLLABLE NYU
+	{0xB275, 0xB28F, prLVT},                    // Lo  [27] HANGUL SYLLABLE NYUG..HANGUL SYLLABLE NYUH
+	{0xB290, 0xB290, prLV},                     // Lo       HANGUL SYLLABLE NEU
+	{0xB291, 0xB2AB, prLVT},                    // Lo  [27] HANGUL SYLLABLE NEUG..HANGUL SYLLABLE NEUH
+	{0xB2AC, 0xB2AC, prLV},                     // Lo       HANGUL SYLLABLE NYI
+	{0xB2AD, 0xB2C7, prLVT},                    // Lo  [27] HANGUL SYLLABLE NYIG..HANGUL SYLLABLE NYIH
+	{0xB2C8, 0xB2C8, prLV},                     // Lo       HANGUL SYLLABLE NI
+	{0xB2C9, 0xB2E3, prLVT},                    // Lo  [27] HANGUL SYLLABLE NIG..HANGUL SYLLABLE NIH
+	{0xB2E4, 0xB2E4, prLV},                     // Lo       HANGUL SYLLABLE DA
+	{0xB2E5, 0xB2FF, prLVT},                    // Lo  [27] HANGUL SYLLABLE DAG..HANGUL SYLLABLE DAH
+	{0xB300, 0xB300, prLV},                     // Lo       HANGUL SYLLABLE DAE
+	{0xB301, 0xB31B, prLVT},                    // Lo  [27] HANGUL SYLLABLE DAEG..HANGUL SYLLABLE DAEH
+	{0xB31C, 0xB31C, prLV},                     // Lo       HANGUL SYLLABLE DYA
+	{0xB31D, 0xB337, prLVT},                    // Lo  [27] HANGUL SYLLABLE DYAG..HANGUL SYLLABLE DYAH
+	{0xB338, 0xB338, prLV},                     // Lo       HANGUL SYLLABLE DYAE
+	{0xB339, 0xB353, prLVT},                    // Lo  [27] HANGUL SYLLABLE DYAEG..HANGUL SYLLABLE DYAEH
+	{0xB354, 0xB354, prLV},                     // Lo       HANGUL SYLLABLE DEO
+	{0xB355, 0xB36F, prLVT},                    // Lo  [27] HANGUL SYLLABLE DEOG..HANGUL SYLLABLE DEOH
+	{0xB370, 0xB370, prLV},                     // Lo       HANGUL SYLLABLE DE
+	{0xB371, 0xB38B, prLVT},                    // Lo  [27] HANGUL SYLLABLE DEG..HANGUL SYLLABLE DEH
+	{0xB38C, 0xB38C, prLV},                     // Lo       HANGUL SYLLABLE DYEO
+	{0xB38D, 0xB3A7, prLVT},                    // Lo  [27] HANGUL SYLLABLE DYEOG..HANGUL SYLLABLE DYEOH
+	{0xB3A8, 0xB3A8, prLV},                     // Lo       HANGUL SYLLABLE DYE
+	{0xB3A9, 0xB3C3, prLVT},                    // Lo  [27] HANGUL SYLLABLE DYEG..HANGUL SYLLABLE DYEH
+	{0xB3C4, 0xB3C4, prLV},                     // Lo       HANGUL SYLLABLE DO
+	{0xB3C5, 0xB3DF, prLVT},                    // Lo  [27] HANGUL SYLLABLE DOG..HANGUL SYLLABLE DOH
+	{0xB3E0, 0xB3E0, prLV},                     // Lo       HANGUL SYLLABLE DWA
+	{0xB3E1, 0xB3FB, prLVT},                    // Lo  [27] HANGUL SYLLABLE DWAG..HANGUL SYLLABLE DWAH
+	{0xB3FC, 0xB3FC, prLV},                     // Lo       HANGUL SYLLABLE DWAE
+	{0xB3FD, 0xB417, prLVT},                    // Lo  [27] HANGUL SYLLABLE DWAEG..HANGUL SYLLABLE DWAEH
+	{0xB418, 0xB418, prLV},                     // Lo       HANGUL SYLLABLE DOE
+	{0xB419, 0xB433, prLVT},                    // Lo  [27] HANGUL SYLLABLE DOEG..HANGUL SYLLABLE DOEH
+	{0xB434, 0xB434, prLV},                     // Lo       HANGUL SYLLABLE DYO
+	{0xB435, 0xB44F, prLVT},                    // Lo  [27] HANGUL SYLLABLE DYOG..HANGUL SYLLABLE DYOH
+	{0xB450, 0xB450, prLV},                     // Lo       HANGUL SYLLABLE DU
+	{0xB451, 0xB46B, prLVT},                    // Lo  [27] HANGUL SYLLABLE DUG..HANGUL SYLLABLE DUH
+	{0xB46C, 0xB46C, prLV},                     // Lo       HANGUL SYLLABLE DWEO
+	{0xB46D, 0xB487, prLVT},                    // Lo  [27] HANGUL SYLLABLE DWEOG..HANGUL SYLLABLE DWEOH
+	{0xB488, 0xB488, prLV},                     // Lo       HANGUL SYLLABLE DWE
+	{0xB489, 0xB4A3, prLVT},                    // Lo  [27] HANGUL SYLLABLE DWEG..HANGUL SYLLABLE DWEH
+	{0xB4A4, 0xB4A4, prLV},                     // Lo       HANGUL SYLLABLE DWI
+	{0xB4A5, 0xB4BF, prLVT},                    // Lo  [27] HANGUL SYLLABLE DWIG..HANGUL SYLLABLE DWIH
+	{0xB4C0, 0xB4C0, prLV},                     // Lo       HANGUL SYLLABLE DYU
+	{0xB4C1, 0xB4DB, prLVT},                    // Lo  [27] HANGUL SYLLABLE DYUG..HANGUL SYLLABLE DYUH
+	{0xB4DC, 0xB4DC, prLV},                     // Lo       HANGUL SYLLABLE DEU
+	{0xB4DD, 0xB4F7, prLVT},                    // Lo  [27] HANGUL SYLLABLE DEUG..HANGUL SYLLABLE DEUH
+	{0xB4F8, 0xB4F8, prLV},                     // Lo       HANGUL SYLLABLE DYI
+	{0xB4F9, 0xB513, prLVT},                    // Lo  [27] HANGUL SYLLABLE DYIG..HANGUL SYLLABLE DYIH
+	{0xB514, 0xB514, prLV},                     // Lo       HANGUL SYLLABLE DI
+	{0xB515, 0xB52F, prLVT},                    // Lo  [27] HANGUL SYLLABLE DIG..HANGUL SYLLABLE DIH
+	{0xB530, 0xB530, prLV},                     // Lo       HANGUL SYLLABLE DDA
+	{0xB531, 0xB54B, prLVT},                    // Lo  [27] HANGUL SYLLABLE DDAG..HANGUL SYLLABLE DDAH
+	{0xB54C, 0xB54C, prLV},                     // Lo       HANGUL SYLLABLE DDAE
+	{0xB54D, 0xB567, prLVT},                    // Lo  [27] HANGUL SYLLABLE DDAEG..HANGUL SYLLABLE DDAEH
+	{0xB568, 0xB568, prLV},                     // Lo       HANGUL SYLLABLE DDYA
+	{0xB569, 0xB583, prLVT},                    // Lo  [27] HANGUL SYLLABLE DDYAG..HANGUL SYLLABLE DDYAH
+	{0xB584, 0xB584, prLV},                     // Lo       HANGUL SYLLABLE DDYAE
+	{0xB585, 0xB59F, prLVT},                    // Lo  [27] HANGUL SYLLABLE DDYAEG..HANGUL SYLLABLE DDYAEH
+	{0xB5A0, 0xB5A0, prLV},                     // Lo       HANGUL SYLLABLE DDEO
+	{0xB5A1, 0xB5BB, prLVT},                    // Lo  [27] HANGUL SYLLABLE DDEOG..HANGUL SYLLABLE DDEOH
+	{0xB5BC, 0xB5BC, prLV},                     // Lo       HANGUL SYLLABLE DDE
+	{0xB5BD, 0xB5D7, prLVT},                    // Lo  [27] HANGUL SYLLABLE DDEG..HANGUL SYLLABLE DDEH
+	{0xB5D8, 0xB5D8, prLV},                     // Lo       HANGUL SYLLABLE DDYEO
+	{0xB5D9, 0xB5F3, prLVT},                    // Lo  [27] HANGUL SYLLABLE DDYEOG..HANGUL SYLLABLE DDYEOH
+	{0xB5F4, 0xB5F4, prLV},                     // Lo       HANGUL SYLLABLE DDYE
+	{0xB5F5, 0xB60F, prLVT},                    // Lo  [27] HANGUL SYLLABLE DDYEG..HANGUL SYLLABLE DDYEH
+	{0xB610, 0xB610, prLV},                     // Lo       HANGUL SYLLABLE DDO
+	{0xB611, 0xB62B, prLVT},                    // Lo  [27] HANGUL SYLLABLE DDOG..HANGUL SYLLABLE DDOH
+	{0xB62C, 0xB62C, prLV},                     // Lo       HANGUL SYLLABLE DDWA
+	{0xB62D, 0xB647, prLVT},                    // Lo  [27] HANGUL SYLLABLE DDWAG..HANGUL SYLLABLE DDWAH
+	{0xB648, 0xB648, prLV},                     // Lo       HANGUL SYLLABLE DDWAE
+	{0xB649, 0xB663, prLVT},                    // Lo  [27] HANGUL SYLLABLE DDWAEG..HANGUL SYLLABLE DDWAEH
+	{0xB664, 0xB664, prLV},                     // Lo       HANGUL SYLLABLE DDOE
+	{0xB665, 0xB67F, prLVT},                    // Lo  [27] HANGUL SYLLABLE DDOEG..HANGUL SYLLABLE DDOEH
+	{0xB680, 0xB680, prLV},                     // Lo       HANGUL SYLLABLE DDYO
+	{0xB681, 0xB69B, prLVT},                    // Lo  [27] HANGUL SYLLABLE DDYOG..HANGUL SYLLABLE DDYOH
+	{0xB69C, 0xB69C, prLV},                     // Lo       HANGUL SYLLABLE DDU
+	{0xB69D, 0xB6B7, prLVT},                    // Lo  [27] HANGUL SYLLABLE DDUG..HANGUL SYLLABLE DDUH
+	{0xB6B8, 0xB6B8, prLV},                     // Lo       HANGUL SYLLABLE DDWEO
+	{0xB6B9, 0xB6D3, prLVT},                    // Lo  [27] HANGUL SYLLABLE DDWEOG..HANGUL SYLLABLE DDWEOH
+	{0xB6D4, 0xB6D4, prLV},                     // Lo       HANGUL SYLLABLE DDWE
+	{0xB6D5, 0xB6EF, prLVT},                    // Lo  [27] HANGUL SYLLABLE DDWEG..HANGUL SYLLABLE DDWEH
+	{0xB6F0, 0xB6F0, prLV},                     // Lo       HANGUL SYLLABLE DDWI
+	{0xB6F1, 0xB70B, prLVT},                    // Lo  [27] HANGUL SYLLABLE DDWIG..HANGUL SYLLABLE DDWIH
+	{0xB70C, 0xB70C, prLV},                     // Lo       HANGUL SYLLABLE DDYU
+	{0xB70D, 0xB727, prLVT},                    // Lo  [27] HANGUL SYLLABLE DDYUG..HANGUL SYLLABLE DDYUH
+	{0xB728, 0xB728, prLV},                     // Lo       HANGUL SYLLABLE DDEU
+	{0xB729, 0xB743, prLVT},                    // Lo  [27] HANGUL SYLLABLE DDEUG..HANGUL SYLLABLE DDEUH
+	{0xB744, 0xB744, prLV},                     // Lo       HANGUL SYLLABLE DDYI
+	{0xB745, 0xB75F, prLVT},                    // Lo  [27] HANGUL SYLLABLE DDYIG..HANGUL SYLLABLE DDYIH
+	{0xB760, 0xB760, prLV},                     // Lo       HANGUL SYLLABLE DDI
+	{0xB761, 0xB77B, prLVT},                    // Lo  [27] HANGUL SYLLABLE DDIG..HANGUL SYLLABLE DDIH
+	{0xB77C, 0xB77C, prLV},                     // Lo       HANGUL SYLLABLE RA
+	{0xB77D, 0xB797, prLVT},                    // Lo  [27] HANGUL SYLLABLE RAG..HANGUL SYLLABLE RAH
+	{0xB798, 0xB798, prLV},                     // Lo       HANGUL SYLLABLE RAE
+	{0xB799, 0xB7B3, prLVT},                    // Lo  [27] HANGUL SYLLABLE RAEG..HANGUL SYLLABLE RAEH
+	{0xB7B4, 0xB7B4, prLV},                     // Lo       HANGUL SYLLABLE RYA
+	{0xB7B5, 0xB7CF, prLVT},                    // Lo  [27] HANGUL SYLLABLE RYAG..HANGUL SYLLABLE RYAH
+	{0xB7D0, 0xB7D0, prLV},                     // Lo       HANGUL SYLLABLE RYAE
+	{0xB7D1, 0xB7EB, prLVT},                    // Lo  [27] HANGUL SYLLABLE RYAEG..HANGUL SYLLABLE RYAEH
+	{0xB7EC, 0xB7EC, prLV},                     // Lo       HANGUL SYLLABLE REO
+	{0xB7ED, 0xB807, prLVT},                    // Lo  [27] HANGUL SYLLABLE REOG..HANGUL SYLLABLE REOH
+	{0xB808, 0xB808, prLV},                     // Lo       HANGUL SYLLABLE RE
+	{0xB809, 0xB823, prLVT},                    // Lo  [27] HANGUL SYLLABLE REG..HANGUL SYLLABLE REH
+	{0xB824, 0xB824, prLV},                     // Lo       HANGUL SYLLABLE RYEO
+	{0xB825, 0xB83F, prLVT},                    // Lo  [27] HANGUL SYLLABLE RYEOG..HANGUL SYLLABLE RYEOH
+	{0xB840, 0xB840, prLV},                     // Lo       HANGUL SYLLABLE RYE
+	{0xB841, 0xB85B, prLVT},                    // Lo  [27] HANGUL SYLLABLE RYEG..HANGUL SYLLABLE RYEH
+	{0xB85C, 0xB85C, prLV},                     // Lo       HANGUL SYLLABLE RO
+	{0xB85D, 0xB877, prLVT},                    // Lo  [27] HANGUL SYLLABLE ROG..HANGUL SYLLABLE ROH
+	{0xB878, 0xB878, prLV},                     // Lo       HANGUL SYLLABLE RWA
+	{0xB879, 0xB893, prLVT},                    // Lo  [27] HANGUL SYLLABLE RWAG..HANGUL SYLLABLE RWAH
+	{0xB894, 0xB894, prLV},                     // Lo       HANGUL SYLLABLE RWAE
+	{0xB895, 0xB8AF, prLVT},                    // Lo  [27] HANGUL SYLLABLE RWAEG..HANGUL SYLLABLE RWAEH
+	{0xB8B0, 0xB8B0, prLV},                     // Lo       HANGUL SYLLABLE ROE
+	{0xB8B1, 0xB8CB, prLVT},                    // Lo  [27] HANGUL SYLLABLE ROEG..HANGUL SYLLABLE ROEH
+	{0xB8CC, 0xB8CC, prLV},                     // Lo       HANGUL SYLLABLE RYO
+	{0xB8CD, 0xB8E7, prLVT},                    // Lo  [27] HANGUL SYLLABLE RYOG..HANGUL SYLLABLE RYOH
+	{0xB8E8, 0xB8E8, prLV},                     // Lo       HANGUL SYLLABLE RU
+	{0xB8E9, 0xB903, prLVT},                    // Lo  [27] HANGUL SYLLABLE RUG..HANGUL SYLLABLE RUH
+	{0xB904, 0xB904, prLV},                     // Lo       HANGUL SYLLABLE RWEO
+	{0xB905, 0xB91F, prLVT},                    // Lo  [27] HANGUL SYLLABLE RWEOG..HANGUL SYLLABLE RWEOH
+	{0xB920, 0xB920, prLV},                     // Lo       HANGUL SYLLABLE RWE
+	{0xB921, 0xB93B, prLVT},                    // Lo  [27] HANGUL SYLLABLE RWEG..HANGUL SYLLABLE RWEH
+	{0xB93C, 0xB93C, prLV},                     // Lo       HANGUL SYLLABLE RWI
+	{0xB93D, 0xB957, prLVT},                    // Lo  [27] HANGUL SYLLABLE RWIG..HANGUL SYLLABLE RWIH
+	{0xB958, 0xB958, prLV},                     // Lo       HANGUL SYLLABLE RYU
+	{0xB959, 0xB973, prLVT},                    // Lo  [27] HANGUL SYLLABLE RYUG..HANGUL SYLLABLE RYUH
+	{0xB974, 0xB974, prLV},                     // Lo       HANGUL SYLLABLE REU
+	{0xB975, 0xB98F, prLVT},                    // Lo  [27] HANGUL SYLLABLE REUG..HANGUL SYLLABLE REUH
+	{0xB990, 0xB990, prLV},                     // Lo       HANGUL SYLLABLE RYI
+	{0xB991, 0xB9AB, prLVT},                    // Lo  [27] HANGUL SYLLABLE RYIG..HANGUL SYLLABLE RYIH
+	{0xB9AC, 0xB9AC, prLV},                     // Lo       HANGUL SYLLABLE RI
+	{0xB9AD, 0xB9C7, prLVT},                    // Lo  [27] HANGUL SYLLABLE RIG..HANGUL SYLLABLE RIH
+	{0xB9C8, 0xB9C8, prLV},                     // Lo       HANGUL SYLLABLE MA
+	{0xB9C9, 0xB9E3, prLVT},                    // Lo  [27] HANGUL SYLLABLE MAG..HANGUL SYLLABLE MAH
+	{0xB9E4, 0xB9E4, prLV},                     // Lo       HANGUL SYLLABLE MAE
+	{0xB9E5, 0xB9FF, prLVT},                    // Lo  [27] HANGUL SYLLABLE MAEG..HANGUL SYLLABLE MAEH
+	{0xBA00, 0xBA00, prLV},                     // Lo       HANGUL SYLLABLE MYA
+	{0xBA01, 0xBA1B, prLVT},                    // Lo  [27] HANGUL SYLLABLE MYAG..HANGUL SYLLABLE MYAH
+	{0xBA1C, 0xBA1C, prLV},                     // Lo       HANGUL SYLLABLE MYAE
+	{0xBA1D, 0xBA37, prLVT},                    // Lo  [27] HANGUL SYLLABLE MYAEG..HANGUL SYLLABLE MYAEH
+	{0xBA38, 0xBA38, prLV},                     // Lo       HANGUL SYLLABLE MEO
+	{0xBA39, 0xBA53, prLVT},                    // Lo  [27] HANGUL SYLLABLE MEOG..HANGUL SYLLABLE MEOH
+	{0xBA54, 0xBA54, prLV},                     // Lo       HANGUL SYLLABLE ME
+	{0xBA55, 0xBA6F, prLVT},                    // Lo  [27] HANGUL SYLLABLE MEG..HANGUL SYLLABLE MEH
+	{0xBA70, 0xBA70, prLV},                     // Lo       HANGUL SYLLABLE MYEO
+	{0xBA71, 0xBA8B, prLVT},                    // Lo  [27] HANGUL SYLLABLE MYEOG..HANGUL SYLLABLE MYEOH
+	{0xBA8C, 0xBA8C, prLV},                     // Lo       HANGUL SYLLABLE MYE
+	{0xBA8D, 0xBAA7, prLVT},                    // Lo  [27] HANGUL SYLLABLE MYEG..HANGUL SYLLABLE MYEH
+	{0xBAA8, 0xBAA8, prLV},                     // Lo       HANGUL SYLLABLE MO
+	{0xBAA9, 0xBAC3, prLVT},                    // Lo  [27] HANGUL SYLLABLE MOG..HANGUL SYLLABLE MOH
+	{0xBAC4, 0xBAC4, prLV},                     // Lo       HANGUL SYLLABLE MWA
+	{0xBAC5, 0xBADF, prLVT},                    // Lo  [27] HANGUL SYLLABLE MWAG..HANGUL SYLLABLE MWAH
+	{0xBAE0, 0xBAE0, prLV},                     // Lo       HANGUL SYLLABLE MWAE
+	{0xBAE1, 0xBAFB, prLVT},                    // Lo  [27] HANGUL SYLLABLE MWAEG..HANGUL SYLLABLE MWAEH
+	{0xBAFC, 0xBAFC, prLV},                     // Lo       HANGUL SYLLABLE MOE
+	{0xBAFD, 0xBB17, prLVT},                    // Lo  [27] HANGUL SYLLABLE MOEG..HANGUL SYLLABLE MOEH
+	{0xBB18, 0xBB18, prLV},                     // Lo       HANGUL SYLLABLE MYO
+	{0xBB19, 0xBB33, prLVT},                    // Lo  [27] HANGUL SYLLABLE MYOG..HANGUL SYLLABLE MYOH
+	{0xBB34, 0xBB34, prLV},                     // Lo       HANGUL SYLLABLE MU
+	{0xBB35, 0xBB4F, prLVT},                    // Lo  [27] HANGUL SYLLABLE MUG..HANGUL SYLLABLE MUH
+	{0xBB50, 0xBB50, prLV},                     // Lo       HANGUL SYLLABLE MWEO
+	{0xBB51, 0xBB6B, prLVT},                    // Lo  [27] HANGUL SYLLABLE MWEOG..HANGUL SYLLABLE MWEOH
+	{0xBB6C, 0xBB6C, prLV},                     // Lo       HANGUL SYLLABLE MWE
+	{0xBB6D, 0xBB87, prLVT},                    // Lo  [27] HANGUL SYLLABLE MWEG..HANGUL SYLLABLE MWEH
+	{0xBB88, 0xBB88, prLV},                     // Lo       HANGUL SYLLABLE MWI
+	{0xBB89, 0xBBA3, prLVT},                    // Lo  [27] HANGUL SYLLABLE MWIG..HANGUL SYLLABLE MWIH
+	{0xBBA4, 0xBBA4, prLV},                     // Lo       HANGUL SYLLABLE MYU
+	{0xBBA5, 0xBBBF, prLVT},                    // Lo  [27] HANGUL SYLLABLE MYUG..HANGUL SYLLABLE MYUH
+	{0xBBC0, 0xBBC0, prLV},                     // Lo       HANGUL SYLLABLE MEU
+	{0xBBC1, 0xBBDB, prLVT},                    // Lo  [27] HANGUL SYLLABLE MEUG..HANGUL SYLLABLE MEUH
+	{0xBBDC, 0xBBDC, prLV},                     // Lo       HANGUL SYLLABLE MYI
+	{0xBBDD, 0xBBF7, prLVT},                    // Lo  [27] HANGUL SYLLABLE MYIG..HANGUL SYLLABLE MYIH
+	{0xBBF8, 0xBBF8, prLV},                     // Lo       HANGUL SYLLABLE MI
+	{0xBBF9, 0xBC13, prLVT},                    // Lo  [27] HANGUL SYLLABLE MIG..HANGUL SYLLABLE MIH
+	{0xBC14, 0xBC14, prLV},                     // Lo       HANGUL SYLLABLE BA
+	{0xBC15, 0xBC2F, prLVT},                    // Lo  [27] HANGUL SYLLABLE BAG..HANGUL SYLLABLE BAH
+	{0xBC30, 0xBC30, prLV},                     // Lo       HANGUL SYLLABLE BAE
+	{0xBC31, 0xBC4B, prLVT},                    // Lo  [27] HANGUL SYLLABLE BAEG..HANGUL SYLLABLE BAEH
+	{0xBC4C, 0xBC4C, prLV},                     // Lo       HANGUL SYLLABLE BYA
+	{0xBC4D, 0xBC67, prLVT},                    // Lo  [27] HANGUL SYLLABLE BYAG..HANGUL SYLLABLE BYAH
+	{0xBC68, 0xBC68, prLV},                     // Lo       HANGUL SYLLABLE BYAE
+	{0xBC69, 0xBC83, prLVT},                    // Lo  [27] HANGUL SYLLABLE BYAEG..HANGUL SYLLABLE BYAEH
+	{0xBC84, 0xBC84, prLV},                     // Lo       HANGUL SYLLABLE BEO
+	{0xBC85, 0xBC9F, prLVT},                    // Lo  [27] HANGUL SYLLABLE BEOG..HANGUL SYLLABLE BEOH
+	{0xBCA0, 0xBCA0, prLV},                     // Lo       HANGUL SYLLABLE BE
+	{0xBCA1, 0xBCBB, prLVT},                    // Lo  [27] HANGUL SYLLABLE BEG..HANGUL SYLLABLE BEH
+	{0xBCBC, 0xBCBC, prLV},                     // Lo       HANGUL SYLLABLE BYEO
+	{0xBCBD, 0xBCD7, prLVT},                    // Lo  [27] HANGUL SYLLABLE BYEOG..HANGUL SYLLABLE BYEOH
+	{0xBCD8, 0xBCD8, prLV},                     // Lo       HANGUL SYLLABLE BYE
+	{0xBCD9, 0xBCF3, prLVT},                    // Lo  [27] HANGUL SYLLABLE BYEG..HANGUL SYLLABLE BYEH
+	{0xBCF4, 0xBCF4, prLV},                     // Lo       HANGUL SYLLABLE BO
+	{0xBCF5, 0xBD0F, prLVT},                    // Lo  [27] HANGUL SYLLABLE BOG..HANGUL SYLLABLE BOH
+	{0xBD10, 0xBD10, prLV},                     // Lo       HANGUL SYLLABLE BWA
+	{0xBD11, 0xBD2B, prLVT},                    // Lo  [27] HANGUL SYLLABLE BWAG..HANGUL SYLLABLE BWAH
+	{0xBD2C, 0xBD2C, prLV},                     // Lo       HANGUL SYLLABLE BWAE
+	{0xBD2D, 0xBD47, prLVT},                    // Lo  [27] HANGUL SYLLABLE BWAEG..HANGUL SYLLABLE BWAEH
+	{0xBD48, 0xBD48, prLV},                     // Lo       HANGUL SYLLABLE BOE
+	{0xBD49, 0xBD63, prLVT},                    // Lo  [27] HANGUL SYLLABLE BOEG..HANGUL SYLLABLE BOEH
+	{0xBD64, 0xBD64, prLV},                     // Lo       HANGUL SYLLABLE BYO
+	{0xBD65, 0xBD7F, prLVT},                    // Lo  [27] HANGUL SYLLABLE BYOG..HANGUL SYLLABLE BYOH
+	{0xBD80, 0xBD80, prLV},                     // Lo       HANGUL SYLLABLE BU
+	{0xBD81, 0xBD9B, prLVT},                    // Lo  [27] HANGUL SYLLABLE BUG..HANGUL SYLLABLE BUH
+	{0xBD9C, 0xBD9C, prLV},                     // Lo       HANGUL SYLLABLE BWEO
+	{0xBD9D, 0xBDB7, prLVT},                    // Lo  [27] HANGUL SYLLABLE BWEOG..HANGUL SYLLABLE BWEOH
+	{0xBDB8, 0xBDB8, prLV},                     // Lo       HANGUL SYLLABLE BWE
+	{0xBDB9, 0xBDD3, prLVT},                    // Lo  [27] HANGUL SYLLABLE BWEG..HANGUL SYLLABLE BWEH
+	{0xBDD4, 0xBDD4, prLV},                     // Lo       HANGUL SYLLABLE BWI
+	{0xBDD5, 0xBDEF, prLVT},                    // Lo  [27] HANGUL SYLLABLE BWIG..HANGUL SYLLABLE BWIH
+	{0xBDF0, 0xBDF0, prLV},                     // Lo       HANGUL SYLLABLE BYU
+	{0xBDF1, 0xBE0B, prLVT},                    // Lo  [27] HANGUL SYLLABLE BYUG..HANGUL SYLLABLE BYUH
+	{0xBE0C, 0xBE0C, prLV},                     // Lo       HANGUL SYLLABLE BEU
+	{0xBE0D, 0xBE27, prLVT},                    // Lo  [27] HANGUL SYLLABLE BEUG..HANGUL SYLLABLE BEUH
+	{0xBE28, 0xBE28, prLV},                     // Lo       HANGUL SYLLABLE BYI
+	{0xBE29, 0xBE43, prLVT},                    // Lo  [27] HANGUL SYLLABLE BYIG..HANGUL SYLLABLE BYIH
+	{0xBE44, 0xBE44, prLV},                     // Lo       HANGUL SYLLABLE BI
+	{0xBE45, 0xBE5F, prLVT},                    // Lo  [27] HANGUL SYLLABLE BIG..HANGUL SYLLABLE BIH
+	{0xBE60, 0xBE60, prLV},                     // Lo       HANGUL SYLLABLE BBA
+	{0xBE61, 0xBE7B, prLVT},                    // Lo  [27] HANGUL SYLLABLE BBAG..HANGUL SYLLABLE BBAH
+	{0xBE7C, 0xBE7C, prLV},                     // Lo       HANGUL SYLLABLE BBAE
+	{0xBE7D, 0xBE97, prLVT},                    // Lo  [27] HANGUL SYLLABLE BBAEG..HANGUL SYLLABLE BBAEH
+	{0xBE98, 0xBE98, prLV},                     // Lo       HANGUL SYLLABLE BBYA
+	{0xBE99, 0xBEB3, prLVT},                    // Lo  [27] HANGUL SYLLABLE BBYAG..HANGUL SYLLABLE BBYAH
+	{0xBEB4, 0xBEB4, prLV},                     // Lo       HANGUL SYLLABLE BBYAE
+	{0xBEB5, 0xBECF, prLVT},                    // Lo  [27] HANGUL SYLLABLE BBYAEG..HANGUL SYLLABLE BBYAEH
+	{0xBED0, 0xBED0, prLV},                     // Lo       HANGUL SYLLABLE BBEO
+	{0xBED1, 0xBEEB, prLVT},                    // Lo  [27] HANGUL SYLLABLE BBEOG..HANGUL SYLLABLE BBEOH
+	{0xBEEC, 0xBEEC, prLV},                     // Lo       HANGUL SYLLABLE BBE
+	{0xBEED, 0xBF07, prLVT},                    // Lo  [27] HANGUL SYLLABLE BBEG..HANGUL SYLLABLE BBEH
+	{0xBF08, 0xBF08, prLV},                     // Lo       HANGUL SYLLABLE BBYEO
+	{0xBF09, 0xBF23, prLVT},                    // Lo  [27] HANGUL SYLLABLE BBYEOG..HANGUL SYLLABLE BBYEOH
+	{0xBF24, 0xBF24, prLV},                     // Lo       HANGUL SYLLABLE BBYE
+	{0xBF25, 0xBF3F, prLVT},                    // Lo  [27] HANGUL SYLLABLE BBYEG..HANGUL SYLLABLE BBYEH
+	{0xBF40, 0xBF40, prLV},                     // Lo       HANGUL SYLLABLE BBO
+	{0xBF41, 0xBF5B, prLVT},                    // Lo  [27] HANGUL SYLLABLE BBOG..HANGUL SYLLABLE BBOH
+	{0xBF5C, 0xBF5C, prLV},                     // Lo       HANGUL SYLLABLE BBWA
+	{0xBF5D, 0xBF77, prLVT},                    // Lo  [27] HANGUL SYLLABLE BBWAG..HANGUL SYLLABLE BBWAH
+	{0xBF78, 0xBF78, prLV},                     // Lo       HANGUL SYLLABLE BBWAE
+	{0xBF79, 0xBF93, prLVT},                    // Lo  [27] HANGUL SYLLABLE BBWAEG..HANGUL SYLLABLE BBWAEH
+	{0xBF94, 0xBF94, prLV},                     // Lo       HANGUL SYLLABLE BBOE
+	{0xBF95, 0xBFAF, prLVT},                    // Lo  [27] HANGUL SYLLABLE BBOEG..HANGUL SYLLABLE BBOEH
+	{0xBFB0, 0xBFB0, prLV},                     // Lo       HANGUL SYLLABLE BBYO
+	{0xBFB1, 0xBFCB, prLVT},                    // Lo  [27] HANGUL SYLLABLE BBYOG..HANGUL SYLLABLE BBYOH
+	{0xBFCC, 0xBFCC, prLV},                     // Lo       HANGUL SYLLABLE BBU
+	{0xBFCD, 0xBFE7, prLVT},                    // Lo  [27] HANGUL SYLLABLE BBUG..HANGUL SYLLABLE BBUH
+	{0xBFE8, 0xBFE8, prLV},                     // Lo       HANGUL SYLLABLE BBWEO
+	{0xBFE9, 0xC003, prLVT},                    // Lo  [27] HANGUL SYLLABLE BBWEOG..HANGUL SYLLABLE BBWEOH
+	{0xC004, 0xC004, prLV},                     // Lo       HANGUL SYLLABLE BBWE
+	{0xC005, 0xC01F, prLVT},                    // Lo  [27] HANGUL SYLLABLE BBWEG..HANGUL SYLLABLE BBWEH
+	{0xC020, 0xC020, prLV},                     // Lo       HANGUL SYLLABLE BBWI
+	{0xC021, 0xC03B, prLVT},                    // Lo  [27] HANGUL SYLLABLE BBWIG..HANGUL SYLLABLE BBWIH
+	{0xC03C, 0xC03C, prLV},                     // Lo       HANGUL SYLLABLE BBYU
+	{0xC03D, 0xC057, prLVT},                    // Lo  [27] HANGUL SYLLABLE BBYUG..HANGUL SYLLABLE BBYUH
+	{0xC058, 0xC058, prLV},                     // Lo       HANGUL SYLLABLE BBEU
+	{0xC059, 0xC073, prLVT},                    // Lo  [27] HANGUL SYLLABLE BBEUG..HANGUL SYLLABLE BBEUH
+	{0xC074, 0xC074, prLV},                     // Lo       HANGUL SYLLABLE BBYI
+	{0xC075, 0xC08F, prLVT},                    // Lo  [27] HANGUL SYLLABLE BBYIG..HANGUL SYLLABLE BBYIH
+	{0xC090, 0xC090, prLV},                     // Lo       HANGUL SYLLABLE BBI
+	{0xC091, 0xC0AB, prLVT},                    // Lo  [27] HANGUL SYLLABLE BBIG..HANGUL SYLLABLE BBIH
+	{0xC0AC, 0xC0AC, prLV},                     // Lo       HANGUL SYLLABLE SA
+	{0xC0AD, 0xC0C7, prLVT},                    // Lo  [27] HANGUL SYLLABLE SAG..HANGUL SYLLABLE SAH
+	{0xC0C8, 0xC0C8, prLV},                     // Lo       HANGUL SYLLABLE SAE
+	{0xC0C9, 0xC0E3, prLVT},                    // Lo  [27] HANGUL SYLLABLE SAEG..HANGUL SYLLABLE SAEH
+	{0xC0E4, 0xC0E4, prLV},                     // Lo       HANGUL SYLLABLE SYA
+	{0xC0E5, 0xC0FF, prLVT},                    // Lo  [27] HANGUL SYLLABLE SYAG..HANGUL SYLLABLE SYAH
+	{0xC100, 0xC100, prLV},                     // Lo       HANGUL SYLLABLE SYAE
+	{0xC101, 0xC11B, prLVT},                    // Lo  [27] HANGUL SYLLABLE SYAEG..HANGUL SYLLABLE SYAEH
+	{0xC11C, 0xC11C, prLV},                     // Lo       HANGUL SYLLABLE SEO
+	{0xC11D, 0xC137, prLVT},                    // Lo  [27] HANGUL SYLLABLE SEOG..HANGUL SYLLABLE SEOH
+	{0xC138, 0xC138, prLV},                     // Lo       HANGUL SYLLABLE SE
+	{0xC139, 0xC153, prLVT},                    // Lo  [27] HANGUL SYLLABLE SEG..HANGUL SYLLABLE SEH
+	{0xC154, 0xC154, prLV},                     // Lo       HANGUL SYLLABLE SYEO
+	{0xC155, 0xC16F, prLVT},                    // Lo  [27] HANGUL SYLLABLE SYEOG..HANGUL SYLLABLE SYEOH
+	{0xC170, 0xC170, prLV},                     // Lo       HANGUL SYLLABLE SYE
+	{0xC171, 0xC18B, prLVT},                    // Lo  [27] HANGUL SYLLABLE SYEG..HANGUL SYLLABLE SYEH
+	{0xC18C, 0xC18C, prLV},                     // Lo       HANGUL SYLLABLE SO
+	{0xC18D, 0xC1A7, prLVT},                    // Lo  [27] HANGUL SYLLABLE SOG..HANGUL SYLLABLE SOH
+	{0xC1A8, 0xC1A8, prLV},                     // Lo       HANGUL SYLLABLE SWA
+	{0xC1A9, 0xC1C3, prLVT},                    // Lo  [27] HANGUL SYLLABLE SWAG..HANGUL SYLLABLE SWAH
+	{0xC1C4, 0xC1C4, prLV},                     // Lo       HANGUL SYLLABLE SWAE
+	{0xC1C5, 0xC1DF, prLVT},                    // Lo  [27] HANGUL SYLLABLE SWAEG..HANGUL SYLLABLE SWAEH
+	{0xC1E0, 0xC1E0, prLV},                     // Lo       HANGUL SYLLABLE SOE
+	{0xC1E1, 0xC1FB, prLVT},                    // Lo  [27] HANGUL SYLLABLE SOEG..HANGUL SYLLABLE SOEH
+	{0xC1FC, 0xC1FC, prLV},                     // Lo       HANGUL SYLLABLE SYO
+	{0xC1FD, 0xC217, prLVT},                    // Lo  [27] HANGUL SYLLABLE SYOG..HANGUL SYLLABLE SYOH
+	{0xC218, 0xC218, prLV},                     // Lo       HANGUL SYLLABLE SU
+	{0xC219, 0xC233, prLVT},                    // Lo  [27] HANGUL SYLLABLE SUG..HANGUL SYLLABLE SUH
+	{0xC234, 0xC234, prLV},                     // Lo       HANGUL SYLLABLE SWEO
+	{0xC235, 0xC24F, prLVT},                    // Lo  [27] HANGUL SYLLABLE SWEOG..HANGUL SYLLABLE SWEOH
+	{0xC250, 0xC250, prLV},                     // Lo       HANGUL SYLLABLE SWE
+	{0xC251, 0xC26B, prLVT},                    // Lo  [27] HANGUL SYLLABLE SWEG..HANGUL SYLLABLE SWEH
+	{0xC26C, 0xC26C, prLV},                     // Lo       HANGUL SYLLABLE SWI
+	{0xC26D, 0xC287, prLVT},                    // Lo  [27] HANGUL SYLLABLE SWIG..HANGUL SYLLABLE SWIH
+	{0xC288, 0xC288, prLV},                     // Lo       HANGUL SYLLABLE SYU
+	{0xC289, 0xC2A3, prLVT},                    // Lo  [27] HANGUL SYLLABLE SYUG..HANGUL SYLLABLE SYUH
+	{0xC2A4, 0xC2A4, prLV},                     // Lo       HANGUL SYLLABLE SEU
+	{0xC2A5, 0xC2BF, prLVT},                    // Lo  [27] HANGUL SYLLABLE SEUG..HANGUL SYLLABLE SEUH
+	{0xC2C0, 0xC2C0, prLV},                     // Lo       HANGUL SYLLABLE SYI
+	{0xC2C1, 0xC2DB, prLVT},                    // Lo  [27] HANGUL SYLLABLE SYIG..HANGUL SYLLABLE SYIH
+	{0xC2DC, 0xC2DC, prLV},                     // Lo       HANGUL SYLLABLE SI
+	{0xC2DD, 0xC2F7, prLVT},                    // Lo  [27] HANGUL SYLLABLE SIG..HANGUL SYLLABLE SIH
+	{0xC2F8, 0xC2F8, prLV},                     // Lo       HANGUL SYLLABLE SSA
+	{0xC2F9, 0xC313, prLVT},                    // Lo  [27] HANGUL SYLLABLE SSAG..HANGUL SYLLABLE SSAH
+	{0xC314, 0xC314, prLV},                     // Lo       HANGUL SYLLABLE SSAE
+	{0xC315, 0xC32F, prLVT},                    // Lo  [27] HANGUL SYLLABLE SSAEG..HANGUL SYLLABLE SSAEH
+	{0xC330, 0xC330, prLV},                     // Lo       HANGUL SYLLABLE SSYA
+	{0xC331, 0xC34B, prLVT},                    // Lo  [27] HANGUL SYLLABLE SSYAG..HANGUL SYLLABLE SSYAH
+	{0xC34C, 0xC34C, prLV},                     // Lo       HANGUL SYLLABLE SSYAE
+	{0xC34D, 0xC367, prLVT},                    // Lo  [27] HANGUL SYLLABLE SSYAEG..HANGUL SYLLABLE SSYAEH
+	{0xC368, 0xC368, prLV},                     // Lo       HANGUL SYLLABLE SSEO
+	{0xC369, 0xC383, prLVT},                    // Lo  [27] HANGUL SYLLABLE SSEOG..HANGUL SYLLABLE SSEOH
+	{0xC384, 0xC384, prLV},                     // Lo       HANGUL SYLLABLE SSE
+	{0xC385, 0xC39F, prLVT},                    // Lo  [27] HANGUL SYLLABLE SSEG..HANGUL SYLLABLE SSEH
+	{0xC3A0, 0xC3A0, prLV},                     // Lo       HANGUL SYLLABLE SSYEO
+	{0xC3A1, 0xC3BB, prLVT},                    // Lo  [27] HANGUL SYLLABLE SSYEOG..HANGUL SYLLABLE SSYEOH
+	{0xC3BC, 0xC3BC, prLV},                     // Lo       HANGUL SYLLABLE SSYE
+	{0xC3BD, 0xC3D7, prLVT},                    // Lo  [27] HANGUL SYLLABLE SSYEG..HANGUL SYLLABLE SSYEH
+	{0xC3D8, 0xC3D8, prLV},                     // Lo       HANGUL SYLLABLE SSO
+	{0xC3D9, 0xC3F3, prLVT},                    // Lo  [27] HANGUL SYLLABLE SSOG..HANGUL SYLLABLE SSOH
+	{0xC3F4, 0xC3F4, prLV},                     // Lo       HANGUL SYLLABLE SSWA
+	{0xC3F5, 0xC40F, prLVT},                    // Lo  [27] HANGUL SYLLABLE SSWAG..HANGUL SYLLABLE SSWAH
+	{0xC410, 0xC410, prLV},                     // Lo       HANGUL SYLLABLE SSWAE
+	{0xC411, 0xC42B, prLVT},                    // Lo  [27] HANGUL SYLLABLE SSWAEG..HANGUL SYLLABLE SSWAEH
+	{0xC42C, 0xC42C, prLV},                     // Lo       HANGUL SYLLABLE SSOE
+	{0xC42D, 0xC447, prLVT},                    // Lo  [27] HANGUL SYLLABLE SSOEG..HANGUL SYLLABLE SSOEH
+	{0xC448, 0xC448, prLV},                     // Lo       HANGUL SYLLABLE SSYO
+	{0xC449, 0xC463, prLVT},                    // Lo  [27] HANGUL SYLLABLE SSYOG..HANGUL SYLLABLE SSYOH
+	{0xC464, 0xC464, prLV},                     // Lo       HANGUL SYLLABLE SSU
+	{0xC465, 0xC47F, prLVT},                    // Lo  [27] HANGUL SYLLABLE SSUG..HANGUL SYLLABLE SSUH
+	{0xC480, 0xC480, prLV},                     // Lo       HANGUL SYLLABLE SSWEO
+	{0xC481, 0xC49B, prLVT},                    // Lo  [27] HANGUL SYLLABLE SSWEOG..HANGUL SYLLABLE SSWEOH
+	{0xC49C, 0xC49C, prLV},                     // Lo       HANGUL SYLLABLE SSWE
+	{0xC49D, 0xC4B7, prLVT},                    // Lo  [27] HANGUL SYLLABLE SSWEG..HANGUL SYLLABLE SSWEH
+	{0xC4B8, 0xC4B8, prLV},                     // Lo       HANGUL SYLLABLE SSWI
+	{0xC4B9, 0xC4D3, prLVT},                    // Lo  [27] HANGUL SYLLABLE SSWIG..HANGUL SYLLABLE SSWIH
+	{0xC4D4, 0xC4D4, prLV},                     // Lo       HANGUL SYLLABLE SSYU
+	{0xC4D5, 0xC4EF, prLVT},                    // Lo  [27] HANGUL SYLLABLE SSYUG..HANGUL SYLLABLE SSYUH
+	{0xC4F0, 0xC4F0, prLV},                     // Lo       HANGUL SYLLABLE SSEU
+	{0xC4F1, 0xC50B, prLVT},                    // Lo  [27] HANGUL SYLLABLE SSEUG..HANGUL SYLLABLE SSEUH
+	{0xC50C, 0xC50C, prLV},                     // Lo       HANGUL SYLLABLE SSYI
+	{0xC50D, 0xC527, prLVT},                    // Lo  [27] HANGUL SYLLABLE SSYIG..HANGUL SYLLABLE SSYIH
+	{0xC528, 0xC528, prLV},                     // Lo       HANGUL SYLLABLE SSI
+	{0xC529, 0xC543, prLVT},                    // Lo  [27] HANGUL SYLLABLE SSIG..HANGUL SYLLABLE SSIH
+	{0xC544, 0xC544, prLV},                     // Lo       HANGUL SYLLABLE A
+	{0xC545, 0xC55F, prLVT},                    // Lo  [27] HANGUL SYLLABLE AG..HANGUL SYLLABLE AH
+	{0xC560, 0xC560, prLV},                     // Lo       HANGUL SYLLABLE AE
+	{0xC561, 0xC57B, prLVT},                    // Lo  [27] HANGUL SYLLABLE AEG..HANGUL SYLLABLE AEH
+	{0xC57C, 0xC57C, prLV},                     // Lo       HANGUL SYLLABLE YA
+	{0xC57D, 0xC597, prLVT},                    // Lo  [27] HANGUL SYLLABLE YAG..HANGUL SYLLABLE YAH
+	{0xC598, 0xC598, prLV},                     // Lo       HANGUL SYLLABLE YAE
+	{0xC599, 0xC5B3, prLVT},                    // Lo  [27] HANGUL SYLLABLE YAEG..HANGUL SYLLABLE YAEH
+	{0xC5B4, 0xC5B4, prLV},                     // Lo       HANGUL SYLLABLE EO
+	{0xC5B5, 0xC5CF, prLVT},                    // Lo  [27] HANGUL SYLLABLE EOG..HANGUL SYLLABLE EOH
+	{0xC5D0, 0xC5D0, prLV},                     // Lo       HANGUL SYLLABLE E
+	{0xC5D1, 0xC5EB, prLVT},                    // Lo  [27] HANGUL SYLLABLE EG..HANGUL SYLLABLE EH
+	{0xC5EC, 0xC5EC, prLV},                     // Lo       HANGUL SYLLABLE YEO
+	{0xC5ED, 0xC607, prLVT},                    // Lo  [27] HANGUL SYLLABLE YEOG..HANGUL SYLLABLE YEOH
+	{0xC608, 0xC608, prLV},                     // Lo       HANGUL SYLLABLE YE
+	{0xC609, 0xC623, prLVT},                    // Lo  [27] HANGUL SYLLABLE YEG..HANGUL SYLLABLE YEH
+	{0xC624, 0xC624, prLV},                     // Lo       HANGUL SYLLABLE O
+	{0xC625, 0xC63F, prLVT},                    // Lo  [27] HANGUL SYLLABLE OG..HANGUL SYLLABLE OH
+	{0xC640, 0xC640, prLV},                     // Lo       HANGUL SYLLABLE WA
+	{0xC641, 0xC65B, prLVT},                    // Lo  [27] HANGUL SYLLABLE WAG..HANGUL SYLLABLE WAH
+	{0xC65C, 0xC65C, prLV},                     // Lo       HANGUL SYLLABLE WAE
+	{0xC65D, 0xC677, prLVT},                    // Lo  [27] HANGUL SYLLABLE WAEG..HANGUL SYLLABLE WAEH
+	{0xC678, 0xC678, prLV},                     // Lo       HANGUL SYLLABLE OE
+	{0xC679, 0xC693, prLVT},                    // Lo  [27] HANGUL SYLLABLE OEG..HANGUL SYLLABLE OEH
+	{0xC694, 0xC694, prLV},                     // Lo       HANGUL SYLLABLE YO
+	{0xC695, 0xC6AF, prLVT},                    // Lo  [27] HANGUL SYLLABLE YOG..HANGUL SYLLABLE YOH
+	{0xC6B0, 0xC6B0, prLV},                     // Lo       HANGUL SYLLABLE U
+	{0xC6B1, 0xC6CB, prLVT},                    // Lo  [27] HANGUL SYLLABLE UG..HANGUL SYLLABLE UH
+	{0xC6CC, 0xC6CC, prLV},                     // Lo       HANGUL SYLLABLE WEO
+	{0xC6CD, 0xC6E7, prLVT},                    // Lo  [27] HANGUL SYLLABLE WEOG..HANGUL SYLLABLE WEOH
+	{0xC6E8, 0xC6E8, prLV},                     // Lo       HANGUL SYLLABLE WE
+	{0xC6E9, 0xC703, prLVT},                    // Lo  [27] HANGUL SYLLABLE WEG..HANGUL SYLLABLE WEH
+	{0xC704, 0xC704, prLV},                     // Lo       HANGUL SYLLABLE WI
+	{0xC705, 0xC71F, prLVT},                    // Lo  [27] HANGUL SYLLABLE WIG..HANGUL SYLLABLE WIH
+	{0xC720, 0xC720, prLV},                     // Lo       HANGUL SYLLABLE YU
+	{0xC721, 0xC73B, prLVT},                    // Lo  [27] HANGUL SYLLABLE YUG..HANGUL SYLLABLE YUH
+	{0xC73C, 0xC73C, prLV},                     // Lo       HANGUL SYLLABLE EU
+	{0xC73D, 0xC757, prLVT},                    // Lo  [27] HANGUL SYLLABLE EUG..HANGUL SYLLABLE EUH
+	{0xC758, 0xC758, prLV},                     // Lo       HANGUL SYLLABLE YI
+	{0xC759, 0xC773, prLVT},                    // Lo  [27] HANGUL SYLLABLE YIG..HANGUL SYLLABLE YIH
+	{0xC774, 0xC774, prLV},                     // Lo       HANGUL SYLLABLE I
+	{0xC775, 0xC78F, prLVT},                    // Lo  [27] HANGUL SYLLABLE IG..HANGUL SYLLABLE IH
+	{0xC790, 0xC790, prLV},                     // Lo       HANGUL SYLLABLE JA
+	{0xC791, 0xC7AB, prLVT},                    // Lo  [27] HANGUL SYLLABLE JAG..HANGUL SYLLABLE JAH
+	{0xC7AC, 0xC7AC, prLV},                     // Lo       HANGUL SYLLABLE JAE
+	{0xC7AD, 0xC7C7, prLVT},                    // Lo  [27] HANGUL SYLLABLE JAEG..HANGUL SYLLABLE JAEH
+	{0xC7C8, 0xC7C8, prLV},                     // Lo       HANGUL SYLLABLE JYA
+	{0xC7C9, 0xC7E3, prLVT},                    // Lo  [27] HANGUL SYLLABLE JYAG..HANGUL SYLLABLE JYAH
+	{0xC7E4, 0xC7E4, prLV},                     // Lo       HANGUL SYLLABLE JYAE
+	{0xC7E5, 0xC7FF, prLVT},                    // Lo  [27] HANGUL SYLLABLE JYAEG..HANGUL SYLLABLE JYAEH
+	{0xC800, 0xC800, prLV},                     // Lo       HANGUL SYLLABLE JEO
+	{0xC801, 0xC81B, prLVT},                    // Lo  [27] HANGUL SYLLABLE JEOG..HANGUL SYLLABLE JEOH
+	{0xC81C, 0xC81C, prLV},                     // Lo       HANGUL SYLLABLE JE
+	{0xC81D, 0xC837, prLVT},                    // Lo  [27] HANGUL SYLLABLE JEG..HANGUL SYLLABLE JEH
+	{0xC838, 0xC838, prLV},                     // Lo       HANGUL SYLLABLE JYEO
+	{0xC839, 0xC853, prLVT},                    // Lo  [27] HANGUL SYLLABLE JYEOG..HANGUL SYLLABLE JYEOH
+	{0xC854, 0xC854, prLV},                     // Lo       HANGUL SYLLABLE JYE
+	{0xC855, 0xC86F, prLVT},                    // Lo  [27] HANGUL SYLLABLE JYEG..HANGUL SYLLABLE JYEH
+	{0xC870, 0xC870, prLV},                     // Lo       HANGUL SYLLABLE JO
+	{0xC871, 0xC88B, prLVT},                    // Lo  [27] HANGUL SYLLABLE JOG..HANGUL SYLLABLE JOH
+	{0xC88C, 0xC88C, prLV},                     // Lo       HANGUL SYLLABLE JWA
+	{0xC88D, 0xC8A7, prLVT},                    // Lo  [27] HANGUL SYLLABLE JWAG..HANGUL SYLLABLE JWAH
+	{0xC8A8, 0xC8A8, prLV},                     // Lo       HANGUL SYLLABLE JWAE
+	{0xC8A9, 0xC8C3, prLVT},                    // Lo  [27] HANGUL SYLLABLE JWAEG..HANGUL SYLLABLE JWAEH
+	{0xC8C4, 0xC8C4, prLV},                     // Lo       HANGUL SYLLABLE JOE
+	{0xC8C5, 0xC8DF, prLVT},                    // Lo  [27] HANGUL SYLLABLE JOEG..HANGUL SYLLABLE JOEH
+	{0xC8E0, 0xC8E0, prLV},                     // Lo       HANGUL SYLLABLE JYO
+	{0xC8E1, 0xC8FB, prLVT},                    // Lo  [27] HANGUL SYLLABLE JYOG..HANGUL SYLLABLE JYOH
+	{0xC8FC, 0xC8FC, prLV},                     // Lo       HANGUL SYLLABLE JU
+	{0xC8FD, 0xC917, prLVT},                    // Lo  [27] HANGUL SYLLABLE JUG..HANGUL SYLLABLE JUH
+	{0xC918, 0xC918, prLV},                     // Lo       HANGUL SYLLABLE JWEO
+	{0xC919, 0xC933, prLVT},                    // Lo  [27] HANGUL SYLLABLE JWEOG..HANGUL SYLLABLE JWEOH
+	{0xC934, 0xC934, prLV},                     // Lo       HANGUL SYLLABLE JWE
+	{0xC935, 0xC94F, prLVT},                    // Lo  [27] HANGUL SYLLABLE JWEG..HANGUL SYLLABLE JWEH
+	{0xC950, 0xC950, prLV},                     // Lo       HANGUL SYLLABLE JWI
+	{0xC951, 0xC96B, prLVT},                    // Lo  [27] HANGUL SYLLABLE JWIG..HANGUL SYLLABLE JWIH
+	{0xC96C, 0xC96C, prLV},                     // Lo       HANGUL SYLLABLE JYU
+	{0xC96D, 0xC987, prLVT},                    // Lo  [27] HANGUL SYLLABLE JYUG..HANGUL SYLLABLE JYUH
+	{0xC988, 0xC988, prLV},                     // Lo       HANGUL SYLLABLE JEU
+	{0xC989, 0xC9A3, prLVT},                    // Lo  [27] HANGUL SYLLABLE JEUG..HANGUL SYLLABLE JEUH
+	{0xC9A4, 0xC9A4, prLV},                     // Lo       HANGUL SYLLABLE JYI
+	{0xC9A5, 0xC9BF, prLVT},                    // Lo  [27] HANGUL SYLLABLE JYIG..HANGUL SYLLABLE JYIH
+	{0xC9C0, 0xC9C0, prLV},                     // Lo       HANGUL SYLLABLE JI
+	{0xC9C1, 0xC9DB, prLVT},                    // Lo  [27] HANGUL SYLLABLE JIG..HANGUL SYLLABLE JIH
+	{0xC9DC, 0xC9DC, prLV},                     // Lo       HANGUL SYLLABLE JJA
+	{0xC9DD, 0xC9F7, prLVT},                    // Lo  [27] HANGUL SYLLABLE JJAG..HANGUL SYLLABLE JJAH
+	{0xC9F8, 0xC9F8, prLV},                     // Lo       HANGUL SYLLABLE JJAE
+	{0xC9F9, 0xCA13, prLVT},                    // Lo  [27] HANGUL SYLLABLE JJAEG..HANGUL SYLLABLE JJAEH
+	{0xCA14, 0xCA14, prLV},                     // Lo       HANGUL SYLLABLE JJYA
+	{0xCA15, 0xCA2F, prLVT},                    // Lo  [27] HANGUL SYLLABLE JJYAG..HANGUL SYLLABLE JJYAH
+	{0xCA30, 0xCA30, prLV},                     // Lo       HANGUL SYLLABLE JJYAE
+	{0xCA31, 0xCA4B, prLVT},                    // Lo  [27] HANGUL SYLLABLE JJYAEG..HANGUL SYLLABLE JJYAEH
+	{0xCA4C, 0xCA4C, prLV},                     // Lo       HANGUL SYLLABLE JJEO
+	{0xCA4D, 0xCA67, prLVT},                    // Lo  [27] HANGUL SYLLABLE JJEOG..HANGUL SYLLABLE JJEOH
+	{0xCA68, 0xCA68, prLV},                     // Lo       HANGUL SYLLABLE JJE
+	{0xCA69, 0xCA83, prLVT},                    // Lo  [27] HANGUL SYLLABLE JJEG..HANGUL SYLLABLE JJEH
+	{0xCA84, 0xCA84, prLV},                     // Lo       HANGUL SYLLABLE JJYEO
+	{0xCA85, 0xCA9F, prLVT},                    // Lo  [27] HANGUL SYLLABLE JJYEOG..HANGUL SYLLABLE JJYEOH
+	{0xCAA0, 0xCAA0, prLV},                     // Lo       HANGUL SYLLABLE JJYE
+	{0xCAA1, 0xCABB, prLVT},                    // Lo  [27] HANGUL SYLLABLE JJYEG..HANGUL SYLLABLE JJYEH
+	{0xCABC, 0xCABC, prLV},                     // Lo       HANGUL SYLLABLE JJO
+	{0xCABD, 0xCAD7, prLVT},                    // Lo  [27] HANGUL SYLLABLE JJOG..HANGUL SYLLABLE JJOH
+	{0xCAD8, 0xCAD8, prLV},                     // Lo       HANGUL SYLLABLE JJWA
+	{0xCAD9, 0xCAF3, prLVT},                    // Lo  [27] HANGUL SYLLABLE JJWAG..HANGUL SYLLABLE JJWAH
+	{0xCAF4, 0xCAF4, prLV},                     // Lo       HANGUL SYLLABLE JJWAE
+	{0xCAF5, 0xCB0F, prLVT},                    // Lo  [27] HANGUL SYLLABLE JJWAEG..HANGUL SYLLABLE JJWAEH
+	{0xCB10, 0xCB10, prLV},                     // Lo       HANGUL SYLLABLE JJOE
+	{0xCB11, 0xCB2B, prLVT},                    // Lo  [27] HANGUL SYLLABLE JJOEG..HANGUL SYLLABLE JJOEH
+	{0xCB2C, 0xCB2C, prLV},                     // Lo       HANGUL SYLLABLE JJYO
+	{0xCB2D, 0xCB47, prLVT},                    // Lo  [27] HANGUL SYLLABLE JJYOG..HANGUL SYLLABLE JJYOH
+	{0xCB48, 0xCB48, prLV},                     // Lo       HANGUL SYLLABLE JJU
+	{0xCB49, 0xCB63, prLVT},                    // Lo  [27] HANGUL SYLLABLE JJUG..HANGUL SYLLABLE JJUH
+	{0xCB64, 0xCB64, prLV},                     // Lo       HANGUL SYLLABLE JJWEO
+	{0xCB65, 0xCB7F, prLVT},                    // Lo  [27] HANGUL SYLLABLE JJWEOG..HANGUL SYLLABLE JJWEOH
+	{0xCB80, 0xCB80, prLV},                     // Lo       HANGUL SYLLABLE JJWE
+	{0xCB81, 0xCB9B, prLVT},                    // Lo  [27] HANGUL SYLLABLE JJWEG..HANGUL SYLLABLE JJWEH
+	{0xCB9C, 0xCB9C, prLV},                     // Lo       HANGUL SYLLABLE JJWI
+	{0xCB9D, 0xCBB7, prLVT},                    // Lo  [27] HANGUL SYLLABLE JJWIG..HANGUL SYLLABLE JJWIH
+	{0xCBB8, 0xCBB8, prLV},                     // Lo       HANGUL SYLLABLE JJYU
+	{0xCBB9, 0xCBD3, prLVT},                    // Lo  [27] HANGUL SYLLABLE JJYUG..HANGUL SYLLABLE JJYUH
+	{0xCBD4, 0xCBD4, prLV},                     // Lo       HANGUL SYLLABLE JJEU
+	{0xCBD5, 0xCBEF, prLVT},                    // Lo  [27] HANGUL SYLLABLE JJEUG..HANGUL SYLLABLE JJEUH
+	{0xCBF0, 0xCBF0, prLV},                     // Lo       HANGUL SYLLABLE JJYI
+	{0xCBF1, 0xCC0B, prLVT},                    // Lo  [27] HANGUL SYLLABLE JJYIG..HANGUL SYLLABLE JJYIH
+	{0xCC0C, 0xCC0C, prLV},                     // Lo       HANGUL SYLLABLE JJI
+	{0xCC0D, 0xCC27, prLVT},                    // Lo  [27] HANGUL SYLLABLE JJIG..HANGUL SYLLABLE JJIH
+	{0xCC28, 0xCC28, prLV},                     // Lo       HANGUL SYLLABLE CA
+	{0xCC29, 0xCC43, prLVT},                    // Lo  [27] HANGUL SYLLABLE CAG..HANGUL SYLLABLE CAH
+	{0xCC44, 0xCC44, prLV},                     // Lo       HANGUL SYLLABLE CAE
+	{0xCC45, 0xCC5F, prLVT},                    // Lo  [27] HANGUL SYLLABLE CAEG..HANGUL SYLLABLE CAEH
+	{0xCC60, 0xCC60, prLV},                     // Lo       HANGUL SYLLABLE CYA
+	{0xCC61, 0xCC7B, prLVT},                    // Lo  [27] HANGUL SYLLABLE CYAG..HANGUL SYLLABLE CYAH
+	{0xCC7C, 0xCC7C, prLV},                     // Lo       HANGUL SYLLABLE CYAE
+	{0xCC7D, 0xCC97, prLVT},                    // Lo  [27] HANGUL SYLLABLE CYAEG..HANGUL SYLLABLE CYAEH
+	{0xCC98, 0xCC98, prLV},                     // Lo       HANGUL SYLLABLE CEO
+	{0xCC99, 0xCCB3, prLVT},                    // Lo  [27] HANGUL SYLLABLE CEOG..HANGUL SYLLABLE CEOH
+	{0xCCB4, 0xCCB4, prLV},                     // Lo       HANGUL SYLLABLE CE
+	{0xCCB5, 0xCCCF, prLVT},                    // Lo  [27] HANGUL SYLLABLE CEG..HANGUL SYLLABLE CEH
+	{0xCCD0, 0xCCD0, prLV},                     // Lo       HANGUL SYLLABLE CYEO
+	{0xCCD1, 0xCCEB, prLVT},                    // Lo  [27] HANGUL SYLLABLE CYEOG..HANGUL SYLLABLE CYEOH
+	{0xCCEC, 0xCCEC, prLV},                     // Lo       HANGUL SYLLABLE CYE
+	{0xCCED, 0xCD07, prLVT},                    // Lo  [27] HANGUL SYLLABLE CYEG..HANGUL SYLLABLE CYEH
+	{0xCD08, 0xCD08, prLV},                     // Lo       HANGUL SYLLABLE CO
+	{0xCD09, 0xCD23, prLVT},                    // Lo  [27] HANGUL SYLLABLE COG..HANGUL SYLLABLE COH
+	{0xCD24, 0xCD24, prLV},                     // Lo       HANGUL SYLLABLE CWA
+	{0xCD25, 0xCD3F, prLVT},                    // Lo  [27] HANGUL SYLLABLE CWAG..HANGUL SYLLABLE CWAH
+	{0xCD40, 0xCD40, prLV},                     // Lo       HANGUL SYLLABLE CWAE
+	{0xCD41, 0xCD5B, prLVT},                    // Lo  [27] HANGUL SYLLABLE CWAEG..HANGUL SYLLABLE CWAEH
+	{0xCD5C, 0xCD5C, prLV},                     // Lo       HANGUL SYLLABLE COE
+	{0xCD5D, 0xCD77, prLVT},                    // Lo  [27] HANGUL SYLLABLE COEG..HANGUL SYLLABLE COEH
+	{0xCD78, 0xCD78, prLV},                     // Lo       HANGUL SYLLABLE CYO
+	{0xCD79, 0xCD93, prLVT},                    // Lo  [27] HANGUL SYLLABLE CYOG..HANGUL SYLLABLE CYOH
+	{0xCD94, 0xCD94, prLV},                     // Lo       HANGUL SYLLABLE CU
+	{0xCD95, 0xCDAF, prLVT},                    // Lo  [27] HANGUL SYLLABLE CUG..HANGUL SYLLABLE CUH
+	{0xCDB0, 0xCDB0, prLV},                     // Lo       HANGUL SYLLABLE CWEO
+	{0xCDB1, 0xCDCB, prLVT},                    // Lo  [27] HANGUL SYLLABLE CWEOG..HANGUL SYLLABLE CWEOH
+	{0xCDCC, 0xCDCC, prLV},                     // Lo       HANGUL SYLLABLE CWE
+	{0xCDCD, 0xCDE7, prLVT},                    // Lo  [27] HANGUL SYLLABLE CWEG..HANGUL SYLLABLE CWEH
+	{0xCDE8, 0xCDE8, prLV},                     // Lo       HANGUL SYLLABLE CWI
+	{0xCDE9, 0xCE03, prLVT},                    // Lo  [27] HANGUL SYLLABLE CWIG..HANGUL SYLLABLE CWIH
+	{0xCE04, 0xCE04, prLV},                     // Lo       HANGUL SYLLABLE CYU
+	{0xCE05, 0xCE1F, prLVT},                    // Lo  [27] HANGUL SYLLABLE CYUG..HANGUL SYLLABLE CYUH
+	{0xCE20, 0xCE20, prLV},                     // Lo       HANGUL SYLLABLE CEU
+	{0xCE21, 0xCE3B, prLVT},                    // Lo  [27] HANGUL SYLLABLE CEUG..HANGUL SYLLABLE CEUH
+	{0xCE3C, 0xCE3C, prLV},                     // Lo       HANGUL SYLLABLE CYI
+	{0xCE3D, 0xCE57, prLVT},                    // Lo  [27] HANGUL SYLLABLE CYIG..HANGUL SYLLABLE CYIH
+	{0xCE58, 0xCE58, prLV},                     // Lo       HANGUL SYLLABLE CI
+	{0xCE59, 0xCE73, prLVT},                    // Lo  [27] HANGUL SYLLABLE CIG..HANGUL SYLLABLE CIH
+	{0xCE74, 0xCE74, prLV},                     // Lo       HANGUL SYLLABLE KA
+	{0xCE75, 0xCE8F, prLVT},                    // Lo  [27] HANGUL SYLLABLE KAG..HANGUL SYLLABLE KAH
+	{0xCE90, 0xCE90, prLV},                     // Lo       HANGUL SYLLABLE KAE
+	{0xCE91, 0xCEAB, prLVT},                    // Lo  [27] HANGUL SYLLABLE KAEG..HANGUL SYLLABLE KAEH
+	{0xCEAC, 0xCEAC, prLV},                     // Lo       HANGUL SYLLABLE KYA
+	{0xCEAD, 0xCEC7, prLVT},                    // Lo  [27] HANGUL SYLLABLE KYAG..HANGUL SYLLABLE KYAH
+	{0xCEC8, 0xCEC8, prLV},                     // Lo       HANGUL SYLLABLE KYAE
+	{0xCEC9, 0xCEE3, prLVT},                    // Lo  [27] HANGUL SYLLABLE KYAEG..HANGUL SYLLABLE KYAEH
+	{0xCEE4, 0xCEE4, prLV},                     // Lo       HANGUL SYLLABLE KEO
+	{0xCEE5, 0xCEFF, prLVT},                    // Lo  [27] HANGUL SYLLABLE KEOG..HANGUL SYLLABLE KEOH
+	{0xCF00, 0xCF00, prLV},                     // Lo       HANGUL SYLLABLE KE
+	{0xCF01, 0xCF1B, prLVT},                    // Lo  [27] HANGUL SYLLABLE KEG..HANGUL SYLLABLE KEH
+	{0xCF1C, 0xCF1C, prLV},                     // Lo       HANGUL SYLLABLE KYEO
+	{0xCF1D, 0xCF37, prLVT},                    // Lo  [27] HANGUL SYLLABLE KYEOG..HANGUL SYLLABLE KYEOH
+	{0xCF38, 0xCF38, prLV},                     // Lo       HANGUL SYLLABLE KYE
+	{0xCF39, 0xCF53, prLVT},                    // Lo  [27] HANGUL SYLLABLE KYEG..HANGUL SYLLABLE KYEH
+	{0xCF54, 0xCF54, prLV},                     // Lo       HANGUL SYLLABLE KO
+	{0xCF55, 0xCF6F, prLVT},                    // Lo  [27] HANGUL SYLLABLE KOG..HANGUL SYLLABLE KOH
+	{0xCF70, 0xCF70, prLV},                     // Lo       HANGUL SYLLABLE KWA
+	{0xCF71, 0xCF8B, prLVT},                    // Lo  [27] HANGUL SYLLABLE KWAG..HANGUL SYLLABLE KWAH
+	{0xCF8C, 0xCF8C, prLV},                     // Lo       HANGUL SYLLABLE KWAE
+	{0xCF8D, 0xCFA7, prLVT},                    // Lo  [27] HANGUL SYLLABLE KWAEG..HANGUL SYLLABLE KWAEH
+	{0xCFA8, 0xCFA8, prLV},                     // Lo       HANGUL SYLLABLE KOE
+	{0xCFA9, 0xCFC3, prLVT},                    // Lo  [27] HANGUL SYLLABLE KOEG..HANGUL SYLLABLE KOEH
+	{0xCFC4, 0xCFC4, prLV},                     // Lo       HANGUL SYLLABLE KYO
+	{0xCFC5, 0xCFDF, prLVT},                    // Lo  [27] HANGUL SYLLABLE KYOG..HANGUL SYLLABLE KYOH
+	{0xCFE0, 0xCFE0, prLV},                     // Lo       HANGUL SYLLABLE KU
+	{0xCFE1, 0xCFFB, prLVT},                    // Lo  [27] HANGUL SYLLABLE KUG..HANGUL SYLLABLE KUH
+	{0xCFFC, 0xCFFC, prLV},                     // Lo       HANGUL SYLLABLE KWEO
+	{0xCFFD, 0xD017, prLVT},                    // Lo  [27] HANGUL SYLLABLE KWEOG..HANGUL SYLLABLE KWEOH
+	{0xD018, 0xD018, prLV},                     // Lo       HANGUL SYLLABLE KWE
+	{0xD019, 0xD033, prLVT},                    // Lo  [27] HANGUL SYLLABLE KWEG..HANGUL SYLLABLE KWEH
+	{0xD034, 0xD034, prLV},                     // Lo       HANGUL SYLLABLE KWI
+	{0xD035, 0xD04F, prLVT},                    // Lo  [27] HANGUL SYLLABLE KWIG..HANGUL SYLLABLE KWIH
+	{0xD050, 0xD050, prLV},                     // Lo       HANGUL SYLLABLE KYU
+	{0xD051, 0xD06B, prLVT},                    // Lo  [27] HANGUL SYLLABLE KYUG..HANGUL SYLLABLE KYUH
+	{0xD06C, 0xD06C, prLV},                     // Lo       HANGUL SYLLABLE KEU
+	{0xD06D, 0xD087, prLVT},                    // Lo  [27] HANGUL SYLLABLE KEUG..HANGUL SYLLABLE KEUH
+	{0xD088, 0xD088, prLV},                     // Lo       HANGUL SYLLABLE KYI
+	{0xD089, 0xD0A3, prLVT},                    // Lo  [27] HANGUL SYLLABLE KYIG..HANGUL SYLLABLE KYIH
+	{0xD0A4, 0xD0A4, prLV},                     // Lo       HANGUL SYLLABLE KI
+	{0xD0A5, 0xD0BF, prLVT},                    // Lo  [27] HANGUL SYLLABLE KIG..HANGUL SYLLABLE KIH
+	{0xD0C0, 0xD0C0, prLV},                     // Lo       HANGUL SYLLABLE TA
+	{0xD0C1, 0xD0DB, prLVT},                    // Lo  [27] HANGUL SYLLABLE TAG..HANGUL SYLLABLE TAH
+	{0xD0DC, 0xD0DC, prLV},                     // Lo       HANGUL SYLLABLE TAE
+	{0xD0DD, 0xD0F7, prLVT},                    // Lo  [27] HANGUL SYLLABLE TAEG..HANGUL SYLLABLE TAEH
+	{0xD0F8, 0xD0F8, prLV},                     // Lo       HANGUL SYLLABLE TYA
+	{0xD0F9, 0xD113, prLVT},                    // Lo  [27] HANGUL SYLLABLE TYAG..HANGUL SYLLABLE TYAH
+	{0xD114, 0xD114, prLV},                     // Lo       HANGUL SYLLABLE TYAE
+	{0xD115, 0xD12F, prLVT},                    // Lo  [27] HANGUL SYLLABLE TYAEG..HANGUL SYLLABLE TYAEH
+	{0xD130, 0xD130, prLV},                     // Lo       HANGUL SYLLABLE TEO
+	{0xD131, 0xD14B, prLVT},                    // Lo  [27] HANGUL SYLLABLE TEOG..HANGUL SYLLABLE TEOH
+	{0xD14C, 0xD14C, prLV},                     // Lo       HANGUL SYLLABLE TE
+	{0xD14D, 0xD167, prLVT},                    // Lo  [27] HANGUL SYLLABLE TEG..HANGUL SYLLABLE TEH
+	{0xD168, 0xD168, prLV},                     // Lo       HANGUL SYLLABLE TYEO
+	{0xD169, 0xD183, prLVT},                    // Lo  [27] HANGUL SYLLABLE TYEOG..HANGUL SYLLABLE TYEOH
+	{0xD184, 0xD184, prLV},                     // Lo       HANGUL SYLLABLE TYE
+	{0xD185, 0xD19F, prLVT},                    // Lo  [27] HANGUL SYLLABLE TYEG..HANGUL SYLLABLE TYEH
+	{0xD1A0, 0xD1A0, prLV},                     // Lo       HANGUL SYLLABLE TO
+	{0xD1A1, 0xD1BB, prLVT},                    // Lo  [27] HANGUL SYLLABLE TOG..HANGUL SYLLABLE TOH
+	{0xD1BC, 0xD1BC, prLV},                     // Lo       HANGUL SYLLABLE TWA
+	{0xD1BD, 0xD1D7, prLVT},                    // Lo  [27] HANGUL SYLLABLE TWAG..HANGUL SYLLABLE TWAH
+	{0xD1D8, 0xD1D8, prLV},                     // Lo       HANGUL SYLLABLE TWAE
+	{0xD1D9, 0xD1F3, prLVT},                    // Lo  [27] HANGUL SYLLABLE TWAEG..HANGUL SYLLABLE TWAEH
+	{0xD1F4, 0xD1F4, prLV},                     // Lo       HANGUL SYLLABLE TOE
+	{0xD1F5, 0xD20F, prLVT},                    // Lo  [27] HANGUL SYLLABLE TOEG..HANGUL SYLLABLE TOEH
+	{0xD210, 0xD210, prLV},                     // Lo       HANGUL SYLLABLE TYO
+	{0xD211, 0xD22B, prLVT},                    // Lo  [27] HANGUL SYLLABLE TYOG..HANGUL SYLLABLE TYOH
+	{0xD22C, 0xD22C, prLV},                     // Lo       HANGUL SYLLABLE TU
+	{0xD22D, 0xD247, prLVT},                    // Lo  [27] HANGUL SYLLABLE TUG..HANGUL SYLLABLE TUH
+	{0xD248, 0xD248, prLV},                     // Lo       HANGUL SYLLABLE TWEO
+	{0xD249, 0xD263, prLVT},                    // Lo  [27] HANGUL SYLLABLE TWEOG..HANGUL SYLLABLE TWEOH
+	{0xD264, 0xD264, prLV},                     // Lo       HANGUL SYLLABLE TWE
+	{0xD265, 0xD27F, prLVT},                    // Lo  [27] HANGUL SYLLABLE TWEG..HANGUL SYLLABLE TWEH
+	{0xD280, 0xD280, prLV},                     // Lo       HANGUL SYLLABLE TWI
+	{0xD281, 0xD29B, prLVT},                    // Lo  [27] HANGUL SYLLABLE TWIG..HANGUL SYLLABLE TWIH
+	{0xD29C, 0xD29C, prLV},                     // Lo       HANGUL SYLLABLE TYU
+	{0xD29D, 0xD2B7, prLVT},                    // Lo  [27] HANGUL SYLLABLE TYUG..HANGUL SYLLABLE TYUH
+	{0xD2B8, 0xD2B8, prLV},                     // Lo       HANGUL SYLLABLE TEU
+	{0xD2B9, 0xD2D3, prLVT},                    // Lo  [27] HANGUL SYLLABLE TEUG..HANGUL SYLLABLE TEUH
+	{0xD2D4, 0xD2D4, prLV},                     // Lo       HANGUL SYLLABLE TYI
+	{0xD2D5, 0xD2EF, prLVT},                    // Lo  [27] HANGUL SYLLABLE TYIG..HANGUL SYLLABLE TYIH
+	{0xD2F0, 0xD2F0, prLV},                     // Lo       HANGUL SYLLABLE TI
+	{0xD2F1, 0xD30B, prLVT},                    // Lo  [27] HANGUL SYLLABLE TIG..HANGUL SYLLABLE TIH
+	{0xD30C, 0xD30C, prLV},                     // Lo       HANGUL SYLLABLE PA
+	{0xD30D, 0xD327, prLVT},                    // Lo  [27] HANGUL SYLLABLE PAG..HANGUL SYLLABLE PAH
+	{0xD328, 0xD328, prLV},                     // Lo       HANGUL SYLLABLE PAE
+	{0xD329, 0xD343, prLVT},                    // Lo  [27] HANGUL SYLLABLE PAEG..HANGUL SYLLABLE PAEH
+	{0xD344, 0xD344, prLV},                     // Lo       HANGUL SYLLABLE PYA
+	{0xD345, 0xD35F, prLVT},                    // Lo  [27] HANGUL SYLLABLE PYAG..HANGUL SYLLABLE PYAH
+	{0xD360, 0xD360, prLV},                     // Lo       HANGUL SYLLABLE PYAE
+	{0xD361, 0xD37B, prLVT},                    // Lo  [27] HANGUL SYLLABLE PYAEG..HANGUL SYLLABLE PYAEH
+	{0xD37C, 0xD37C, prLV},                     // Lo       HANGUL SYLLABLE PEO
+	{0xD37D, 0xD397, prLVT},                    // Lo  [27] HANGUL SYLLABLE PEOG..HANGUL SYLLABLE PEOH
+	{0xD398, 0xD398, prLV},                     // Lo       HANGUL SYLLABLE PE
+	{0xD399, 0xD3B3, prLVT},                    // Lo  [27] HANGUL SYLLABLE PEG..HANGUL SYLLABLE PEH
+	{0xD3B4, 0xD3B4, prLV},                     // Lo       HANGUL SYLLABLE PYEO
+	{0xD3B5, 0xD3CF, prLVT},                    // Lo  [27] HANGUL SYLLABLE PYEOG..HANGUL SYLLABLE PYEOH
+	{0xD3D0, 0xD3D0, prLV},                     // Lo       HANGUL SYLLABLE PYE
+	{0xD3D1, 0xD3EB, prLVT},                    // Lo  [27] HANGUL SYLLABLE PYEG..HANGUL SYLLABLE PYEH
+	{0xD3EC, 0xD3EC, prLV},                     // Lo       HANGUL SYLLABLE PO
+	{0xD3ED, 0xD407, prLVT},                    // Lo  [27] HANGUL SYLLABLE POG..HANGUL SYLLABLE POH
+	{0xD408, 0xD408, prLV},                     // Lo       HANGUL SYLLABLE PWA
+	{0xD409, 0xD423, prLVT},                    // Lo  [27] HANGUL SYLLABLE PWAG..HANGUL SYLLABLE PWAH
+	{0xD424, 0xD424, prLV},                     // Lo       HANGUL SYLLABLE PWAE
+	{0xD425, 0xD43F, prLVT},                    // Lo  [27] HANGUL SYLLABLE PWAEG..HANGUL SYLLABLE PWAEH
+	{0xD440, 0xD440, prLV},                     // Lo       HANGUL SYLLABLE POE
+	{0xD441, 0xD45B, prLVT},                    // Lo  [27] HANGUL SYLLABLE POEG..HANGUL SYLLABLE POEH
+	{0xD45C, 0xD45C, prLV},                     // Lo       HANGUL SYLLABLE PYO
+	{0xD45D, 0xD477, prLVT},                    // Lo  [27] HANGUL SYLLABLE PYOG..HANGUL SYLLABLE PYOH
+	{0xD478, 0xD478, prLV},                     // Lo       HANGUL SYLLABLE PU
+	{0xD479, 0xD493, prLVT},                    // Lo  [27] HANGUL SYLLABLE PUG..HANGUL SYLLABLE PUH
+	{0xD494, 0xD494, prLV},                     // Lo       HANGUL SYLLABLE PWEO
+	{0xD495, 0xD4AF, prLVT},                    // Lo  [27] HANGUL SYLLABLE PWEOG..HANGUL SYLLABLE PWEOH
+	{0xD4B0, 0xD4B0, prLV},                     // Lo       HANGUL SYLLABLE PWE
+	{0xD4B1, 0xD4CB, prLVT},                    // Lo  [27] HANGUL SYLLABLE PWEG..HANGUL SYLLABLE PWEH
+	{0xD4CC, 0xD4CC, prLV},                     // Lo       HANGUL SYLLABLE PWI
+	{0xD4CD, 0xD4E7, prLVT},                    // Lo  [27] HANGUL SYLLABLE PWIG..HANGUL SYLLABLE PWIH
+	{0xD4E8, 0xD4E8, prLV},                     // Lo       HANGUL SYLLABLE PYU
+	{0xD4E9, 0xD503, prLVT},                    // Lo  [27] HANGUL SYLLABLE PYUG..HANGUL SYLLABLE PYUH
+	{0xD504, 0xD504, prLV},                     // Lo       HANGUL SYLLABLE PEU
+	{0xD505, 0xD51F, prLVT},                    // Lo  [27] HANGUL SYLLABLE PEUG..HANGUL SYLLABLE PEUH
+	{0xD520, 0xD520, prLV},                     // Lo       HANGUL SYLLABLE PYI
+	{0xD521, 0xD53B, prLVT},                    // Lo  [27] HANGUL SYLLABLE PYIG..HANGUL SYLLABLE PYIH
+	{0xD53C, 0xD53C, prLV},                     // Lo       HANGUL SYLLABLE PI
+	{0xD53D, 0xD557, prLVT},                    // Lo  [27] HANGUL SYLLABLE PIG..HANGUL SYLLABLE PIH
+	{0xD558, 0xD558, prLV},                     // Lo       HANGUL SYLLABLE HA
+	{0xD559, 0xD573, prLVT},                    // Lo  [27] HANGUL SYLLABLE HAG..HANGUL SYLLABLE HAH
+	{0xD574, 0xD574, prLV},                     // Lo       HANGUL SYLLABLE HAE
+	{0xD575, 0xD58F, prLVT},                    // Lo  [27] HANGUL SYLLABLE HAEG..HANGUL SYLLABLE HAEH
+	{0xD590, 0xD590, prLV},                     // Lo       HANGUL SYLLABLE HYA
+	{0xD591, 0xD5AB, prLVT},                    // Lo  [27] HANGUL SYLLABLE HYAG..HANGUL SYLLABLE HYAH
+	{0xD5AC, 0xD5AC, prLV},                     // Lo       HANGUL SYLLABLE HYAE
+	{0xD5AD, 0xD5C7, prLVT},                    // Lo  [27] HANGUL SYLLABLE HYAEG..HANGUL SYLLABLE HYAEH
+	{0xD5C8, 0xD5C8, prLV},                     // Lo       HANGUL SYLLABLE HEO
+	{0xD5C9, 0xD5E3, prLVT},                    // Lo  [27] HANGUL SYLLABLE HEOG..HANGUL SYLLABLE HEOH
+	{0xD5E4, 0xD5E4, prLV},                     // Lo       HANGUL SYLLABLE HE
+	{0xD5E5, 0xD5FF, prLVT},                    // Lo  [27] HANGUL SYLLABLE HEG..HANGUL SYLLABLE HEH
+	{0xD600, 0xD600, prLV},                     // Lo       HANGUL SYLLABLE HYEO
+	{0xD601, 0xD61B, prLVT},                    // Lo  [27] HANGUL SYLLABLE HYEOG..HANGUL SYLLABLE HYEOH
+	{0xD61C, 0xD61C, prLV},                     // Lo       HANGUL SYLLABLE HYE
+	{0xD61D, 0xD637, prLVT},                    // Lo  [27] HANGUL SYLLABLE HYEG..HANGUL SYLLABLE HYEH
+	{0xD638, 0xD638, prLV},                     // Lo       HANGUL SYLLABLE HO
+	{0xD639, 0xD653, prLVT},                    // Lo  [27] HANGUL SYLLABLE HOG..HANGUL SYLLABLE HOH
+	{0xD654, 0xD654, prLV},                     // Lo       HANGUL SYLLABLE HWA
+	{0xD655, 0xD66F, prLVT},                    // Lo  [27] HANGUL SYLLABLE HWAG..HANGUL SYLLABLE HWAH
+	{0xD670, 0xD670, prLV},                     // Lo       HANGUL SYLLABLE HWAE
+	{0xD671, 0xD68B, prLVT},                    // Lo  [27] HANGUL SYLLABLE HWAEG..HANGUL SYLLABLE HWAEH
+	{0xD68C, 0xD68C, prLV},                     // Lo       HANGUL SYLLABLE HOE
+	{0xD68D, 0xD6A7, prLVT},                    // Lo  [27] HANGUL SYLLABLE HOEG..HANGUL SYLLABLE HOEH
+	{0xD6A8, 0xD6A8, prLV},                     // Lo       HANGUL SYLLABLE HYO
+	{0xD6A9, 0xD6C3, prLVT},                    // Lo  [27] HANGUL SYLLABLE HYOG..HANGUL SYLLABLE HYOH
+	{0xD6C4, 0xD6C4, prLV},                     // Lo       HANGUL SYLLABLE HU
+	{0xD6C5, 0xD6DF, prLVT},                    // Lo  [27] HANGUL SYLLABLE HUG..HANGUL SYLLABLE HUH
+	{0xD6E0, 0xD6E0, prLV},                     // Lo       HANGUL SYLLABLE HWEO
+	{0xD6E1, 0xD6FB, prLVT},                    // Lo  [27] HANGUL SYLLABLE HWEOG..HANGUL SYLLABLE HWEOH
+	{0xD6FC, 0xD6FC, prLV},                     // Lo       HANGUL SYLLABLE HWE
+	{0xD6FD, 0xD717, prLVT},                    // Lo  [27] HANGUL SYLLABLE HWEG..HANGUL SYLLABLE HWEH
+	{0xD718, 0xD718, prLV},                     // Lo       HANGUL SYLLABLE HWI
+	{0xD719, 0xD733, prLVT},                    // Lo  [27] HANGUL SYLLABLE HWIG..HANGUL SYLLABLE HWIH
+	{0xD734, 0xD734, prLV},                     // Lo       HANGUL SYLLABLE HYU
+	{0xD735, 0xD74F, prLVT},                    // Lo  [27] HANGUL SYLLABLE HYUG..HANGUL SYLLABLE HYUH
+	{0xD750, 0xD750, prLV},                     // Lo       HANGUL SYLLABLE HEU
+	{0xD751, 0xD76B, prLVT},                    // Lo  [27] HANGUL SYLLABLE HEUG..HANGUL SYLLABLE HEUH
+	{0xD76C, 0xD76C, prLV},                     // Lo       HANGUL SYLLABLE HYI
+	{0xD76D, 0xD787, prLVT},                    // Lo  [27] HANGUL SYLLABLE HYIG..HANGUL SYLLABLE HYIH
+	{0xD788, 0xD788, prLV},                     // Lo       HANGUL SYLLABLE HI
+	{0xD789, 0xD7A3, prLVT},                    // Lo  [27] HANGUL SYLLABLE HIG..HANGUL SYLLABLE HIH
+	{0xD7B0, 0xD7C6, prV},                      // Lo  [23] HANGUL JUNGSEONG O-YEO..HANGUL JUNGSEONG ARAEA-E
+	{0xD7CB, 0xD7FB, prT},                      // Lo  [49] HANGUL JONGSEONG NIEUN-RIEUL..HANGUL JONGSEONG PHIEUPH-THIEUTH
+	{0xFB1E, 0xFB1E, prExtend},                 // Mn       HEBREW POINT JUDEO-SPANISH VARIKA
+	{0xFE00, 0xFE0F, prExtend},                 // Mn  [16] VARIATION SELECTOR-1..VARIATION SELECTOR-16
+	{0xFE20, 0xFE2F, prExtend},                 // Mn  [16] COMBINING LIGATURE LEFT HALF..COMBINING CYRILLIC TITLO RIGHT HALF
+	{0xFEFF, 0xFEFF, prControl},                // Cf       ZERO WIDTH NO-BREAK SPACE
+	{0xFF9E, 0xFF9F, prExtend},                 // Lm   [2] HALFWIDTH KATAKANA VOICED SOUND MARK..HALFWIDTH KATAKANA SEMI-VOICED SOUND MARK
+	{0xFFF0, 0xFFF8, prControl},                // Cn   [9] <reserved-FFF0>..<reserved-FFF8>
+	{0xFFF9, 0xFFFB, prControl},                // Cf   [3] INTERLINEAR ANNOTATION ANCHOR..INTERLINEAR ANNOTATION TERMINATOR
+	{0x101FD, 0x101FD, prExtend},               // Mn       PHAISTOS DISC SIGN COMBINING OBLIQUE STROKE
+	{0x102E0, 0x102E0, prExtend},               // Mn       COPTIC EPACT THOUSANDS MARK
+	{0x10376, 0x1037A, prExtend},               // Mn   [5] COMBINING OLD PERMIC LETTER AN..COMBINING OLD PERMIC LETTER SII
+	{0x10A01, 0x10A03, prExtend},               // Mn   [3] KHAROSHTHI VOWEL SIGN I..KHAROSHTHI VOWEL SIGN VOCALIC R
+	{0x10A05, 0x10A06, prExtend},               // Mn   [2] KHAROSHTHI VOWEL SIGN E..KHAROSHTHI VOWEL SIGN O
+	{0x10A0C, 0x10A0F, prExtend},               // Mn   [4] KHAROSHTHI VOWEL LENGTH MARK..KHAROSHTHI SIGN VISARGA
+	{0x10A38, 0x10A3A, prExtend},               // Mn   [3] KHAROSHTHI SIGN BAR ABOVE..KHAROSHTHI SIGN DOT BELOW
+	{0x10A3F, 0x10A3F, prExtend},               // Mn       KHAROSHTHI VIRAMA
+	{0x10AE5, 0x10AE6, prExtend},               // Mn   [2] MANICHAEAN ABBREVIATION MARK ABOVE..MANICHAEAN ABBREVIATION MARK BELOW
+	{0x10D24, 0x10D27, prExtend},               // Mn   [4] HANIFI ROHINGYA SIGN HARBAHAY..HANIFI ROHINGYA SIGN TASSI
+	{0x10EAB, 0x10EAC, prExtend},               // Mn   [2] YEZIDI COMBINING HAMZA MARK..YEZIDI COMBINING MADDA MARK
+	{0x10F46, 0x10F50, prExtend},               // Mn  [11] SOGDIAN COMBINING DOT BELOW..SOGDIAN COMBINING STROKE BELOW
+	{0x10F82, 0x10F85, prExtend},               // Mn   [4] OLD UYGHUR COMBINING DOT ABOVE..OLD UYGHUR COMBINING TWO DOTS BELOW
+	{0x11000, 0x11000, prSpacingMark},          // Mc       BRAHMI SIGN CANDRABINDU
+	{0x11001, 0x11001, prExtend},               // Mn       BRAHMI SIGN ANUSVARA
+	{0x11002, 0x11002, prSpacingMark},          // Mc       BRAHMI SIGN VISARGA
+	{0x11038, 0x11046, prExtend},               // Mn  [15] BRAHMI VOWEL SIGN AA..BRAHMI VIRAMA
+	{0x11070, 0x11070, prExtend},               // Mn       BRAHMI SIGN OLD TAMIL VIRAMA
+	{0x11073, 0x11074, prExtend},               // Mn   [2] BRAHMI VOWEL SIGN OLD TAMIL SHORT E..BRAHMI VOWEL SIGN OLD TAMIL SHORT O
+	{0x1107F, 0x11081, prExtend},               // Mn   [3] BRAHMI NUMBER JOINER..KAITHI SIGN ANUSVARA
+	{0x11082, 0x11082, prSpacingMark},          // Mc       KAITHI SIGN VISARGA
+	{0x110B0, 0x110B2, prSpacingMark},          // Mc   [3] KAITHI VOWEL SIGN AA..KAITHI VOWEL SIGN II
+	{0x110B3, 0x110B6, prExtend},               // Mn   [4] KAITHI VOWEL SIGN U..KAITHI VOWEL SIGN AI
+	{0x110B7, 0x110B8, prSpacingMark},          // Mc   [2] KAITHI VOWEL SIGN O..KAITHI VOWEL SIGN AU
+	{0x110B9, 0x110BA, prExtend},               // Mn   [2] KAITHI SIGN VIRAMA..KAITHI SIGN NUKTA
+	{0x110BD, 0x110BD, prPrepend},              // Cf       KAITHI NUMBER SIGN
+	{0x110C2, 0x110C2, prExtend},               // Mn       KAITHI VOWEL SIGN VOCALIC R
+	{0x110CD, 0x110CD, prPrepend},              // Cf       KAITHI NUMBER SIGN ABOVE
+	{0x11100, 0x11102, prExtend},               // Mn   [3] CHAKMA SIGN CANDRABINDU..CHAKMA SIGN VISARGA
+	{0x11127, 0x1112B, prExtend},               // Mn   [5] CHAKMA VOWEL SIGN A..CHAKMA VOWEL SIGN UU
+	{0x1112C, 0x1112C, prSpacingMark},          // Mc       CHAKMA VOWEL SIGN E
+	{0x1112D, 0x11134, prExtend},               // Mn   [8] CHAKMA VOWEL SIGN AI..CHAKMA MAAYYAA
+	{0x11145, 0x11146, prSpacingMark},          // Mc   [2] CHAKMA VOWEL SIGN AA..CHAKMA VOWEL SIGN EI
+	{0x11173, 0x11173, prExtend},               // Mn       MAHAJANI SIGN NUKTA
+	{0x11180, 0x11181, prExtend},               // Mn   [2] SHARADA SIGN CANDRABINDU..SHARADA SIGN ANUSVARA
+	{0x11182, 0x11182, prSpacingMark},          // Mc       SHARADA SIGN VISARGA
+	{0x111B3, 0x111B5, prSpacingMark},          // Mc   [3] SHARADA VOWEL SIGN AA..SHARADA VOWEL SIGN II
+	{0x111B6, 0x111BE, prExtend},               // Mn   [9] SHARADA VOWEL SIGN U..SHARADA VOWEL SIGN O
+	{0x111BF, 0x111C0, prSpacingMark},          // Mc   [2] SHARADA VOWEL SIGN AU..SHARADA SIGN VIRAMA
+	{0x111C2, 0x111C3, prPrepend},              // Lo   [2] SHARADA SIGN JIHVAMULIYA..SHARADA SIGN UPADHMANIYA
+	{0x111C9, 0x111CC, prExtend},               // Mn   [4] SHARADA SANDHI MARK..SHARADA EXTRA SHORT VOWEL MARK
+	{0x111CE, 0x111CE, prSpacingMark},          // Mc       SHARADA VOWEL SIGN PRISHTHAMATRA E
+	{0x111CF, 0x111CF, prExtend},               // Mn       SHARADA SIGN INVERTED CANDRABINDU
+	{0x1122C, 0x1122E, prSpacingMark},          // Mc   [3] KHOJKI VOWEL SIGN AA..KHOJKI VOWEL SIGN II
+	{0x1122F, 0x11231, prExtend},               // Mn   [3] KHOJKI VOWEL SIGN U..KHOJKI VOWEL SIGN AI
+	{0x11232, 0x11233, prSpacingMark},          // Mc   [2] KHOJKI VOWEL SIGN O..KHOJKI VOWEL SIGN AU
+	{0x11234, 0x11234, prExtend},               // Mn       KHOJKI SIGN ANUSVARA
+	{0x11235, 0x11235, prSpacingMark},          // Mc       KHOJKI SIGN VIRAMA
+	{0x11236, 0x11237, prExtend},               // Mn   [2] KHOJKI SIGN NUKTA..KHOJKI SIGN SHADDA
+	{0x1123E, 0x1123E, prExtend},               // Mn       KHOJKI SIGN SUKUN
+	{0x112DF, 0x112DF, prExtend},               // Mn       KHUDAWADI SIGN ANUSVARA
+	{0x112E0, 0x112E2, prSpacingMark},          // Mc   [3] KHUDAWADI VOWEL SIGN AA..KHUDAWADI VOWEL SIGN II
+	{0x112E3, 0x112EA, prExtend},               // Mn   [8] KHUDAWADI VOWEL SIGN U..KHUDAWADI SIGN VIRAMA
+	{0x11300, 0x11301, prExtend},               // Mn   [2] GRANTHA SIGN COMBINING ANUSVARA ABOVE..GRANTHA SIGN CANDRABINDU
+	{0x11302, 0x11303, prSpacingMark},          // Mc   [2] GRANTHA SIGN ANUSVARA..GRANTHA SIGN VISARGA
+	{0x1133B, 0x1133C, prExtend},               // Mn   [2] COMBINING BINDU BELOW..GRANTHA SIGN NUKTA
+	{0x1133E, 0x1133E, prExtend},               // Mc       GRANTHA VOWEL SIGN AA
+	{0x1133F, 0x1133F, prSpacingMark},          // Mc       GRANTHA VOWEL SIGN I
+	{0x11340, 0x11340, prExtend},               // Mn       GRANTHA VOWEL SIGN II
+	{0x11341, 0x11344, prSpacingMark},          // Mc   [4] GRANTHA VOWEL SIGN U..GRANTHA VOWEL SIGN VOCALIC RR
+	{0x11347, 0x11348, prSpacingMark},          // Mc   [2] GRANTHA VOWEL SIGN EE..GRANTHA VOWEL SIGN AI
+	{0x1134B, 0x1134D, prSpacingMark},          // Mc   [3] GRANTHA VOWEL SIGN OO..GRANTHA SIGN VIRAMA
+	{0x11357, 0x11357, prExtend},               // Mc       GRANTHA AU LENGTH MARK
+	{0x11362, 0x11363, prSpacingMark},          // Mc   [2] GRANTHA VOWEL SIGN VOCALIC L..GRANTHA VOWEL SIGN VOCALIC LL
+	{0x11366, 0x1136C, prExtend},               // Mn   [7] COMBINING GRANTHA DIGIT ZERO..COMBINING GRANTHA DIGIT SIX
+	{0x11370, 0x11374, prExtend},               // Mn   [5] COMBINING GRANTHA LETTER A..COMBINING GRANTHA LETTER PA
+	{0x11435, 0x11437, prSpacingMark},          // Mc   [3] NEWA VOWEL SIGN AA..NEWA VOWEL SIGN II
+	{0x11438, 0x1143F, prExtend},               // Mn   [8] NEWA VOWEL SIGN U..NEWA VOWEL SIGN AI
+	{0x11440, 0x11441, prSpacingMark},          // Mc   [2] NEWA VOWEL SIGN O..NEWA VOWEL SIGN AU
+	{0x11442, 0x11444, prExtend},               // Mn   [3] NEWA SIGN VIRAMA..NEWA SIGN ANUSVARA
+	{0x11445, 0x11445, prSpacingMark},          // Mc       NEWA SIGN VISARGA
+	{0x11446, 0x11446, prExtend},               // Mn       NEWA SIGN NUKTA
+	{0x1145E, 0x1145E, prExtend},               // Mn       NEWA SANDHI MARK
+	{0x114B0, 0x114B0, prExtend},               // Mc       TIRHUTA VOWEL SIGN AA
+	{0x114B1, 0x114B2, prSpacingMark},          // Mc   [2] TIRHUTA VOWEL SIGN I..TIRHUTA VOWEL SIGN II
+	{0x114B3, 0x114B8, prExtend},               // Mn   [6] TIRHUTA VOWEL SIGN U..TIRHUTA VOWEL SIGN VOCALIC LL
+	{0x114B9, 0x114B9, prSpacingMark},          // Mc       TIRHUTA VOWEL SIGN E
+	{0x114BA, 0x114BA, prExtend},               // Mn       TIRHUTA VOWEL SIGN SHORT E
+	{0x114BB, 0x114BC, prSpacingMark},          // Mc   [2] TIRHUTA VOWEL SIGN AI..TIRHUTA VOWEL SIGN O
+	{0x114BD, 0x114BD, prExtend},               // Mc       TIRHUTA VOWEL SIGN SHORT O
+	{0x114BE, 0x114BE, prSpacingMark},          // Mc       TIRHUTA VOWEL SIGN AU
+	{0x114BF, 0x114C0, prExtend},               // Mn   [2] TIRHUTA SIGN CANDRABINDU..TIRHUTA SIGN ANUSVARA
+	{0x114C1, 0x114C1, prSpacingMark},          // Mc       TIRHUTA SIGN VISARGA
+	{0x114C2, 0x114C3, prExtend},               // Mn   [2] TIRHUTA SIGN VIRAMA..TIRHUTA SIGN NUKTA
+	{0x115AF, 0x115AF, prExtend},               // Mc       SIDDHAM VOWEL SIGN AA
+	{0x115B0, 0x115B1, prSpacingMark},          // Mc   [2] SIDDHAM VOWEL SIGN I..SIDDHAM VOWEL SIGN II
+	{0x115B2, 0x115B5, prExtend},               // Mn   [4] SIDDHAM VOWEL SIGN U..SIDDHAM VOWEL SIGN VOCALIC RR
+	{0x115B8, 0x115BB, prSpacingMark},          // Mc   [4] SIDDHAM VOWEL SIGN E..SIDDHAM VOWEL SIGN AU
+	{0x115BC, 0x115BD, prExtend},               // Mn   [2] SIDDHAM SIGN CANDRABINDU..SIDDHAM SIGN ANUSVARA
+	{0x115BE, 0x115BE, prSpacingMark},          // Mc       SIDDHAM SIGN VISARGA
+	{0x115BF, 0x115C0, prExtend},               // Mn   [2] SIDDHAM SIGN VIRAMA..SIDDHAM SIGN NUKTA
+	{0x115DC, 0x115DD, prExtend},               // Mn   [2] SIDDHAM VOWEL SIGN ALTERNATE U..SIDDHAM VOWEL SIGN ALTERNATE UU
+	{0x11630, 0x11632, prSpacingMark},          // Mc   [3] MODI VOWEL SIGN AA..MODI VOWEL SIGN II
+	{0x11633, 0x1163A, prExtend},               // Mn   [8] MODI VOWEL SIGN U..MODI VOWEL SIGN AI
+	{0x1163B, 0x1163C, prSpacingMark},          // Mc   [2] MODI VOWEL SIGN O..MODI VOWEL SIGN AU
+	{0x1163D, 0x1163D, prExtend},               // Mn       MODI SIGN ANUSVARA
+	{0x1163E, 0x1163E, prSpacingMark},          // Mc       MODI SIGN VISARGA
+	{0x1163F, 0x11640, prExtend},               // Mn   [2] MODI SIGN VIRAMA..MODI SIGN ARDHACANDRA
+	{0x116AB, 0x116AB, prExtend},               // Mn       TAKRI SIGN ANUSVARA
+	{0x116AC, 0x116AC, prSpacingMark},          // Mc       TAKRI SIGN VISARGA
+	{0x116AD, 0x116AD, prExtend},               // Mn       TAKRI VOWEL SIGN AA
+	{0x116AE, 0x116AF, prSpacingMark},          // Mc   [2] TAKRI VOWEL SIGN I..TAKRI VOWEL SIGN II
+	{0x116B0, 0x116B5, prExtend},               // Mn   [6] TAKRI VOWEL SIGN U..TAKRI VOWEL SIGN AU
+	{0x116B6, 0x116B6, prSpacingMark},          // Mc       TAKRI SIGN VIRAMA
+	{0x116B7, 0x116B7, prExtend},               // Mn       TAKRI SIGN NUKTA
+	{0x1171D, 0x1171F, prExtend},               // Mn   [3] AHOM CONSONANT SIGN MEDIAL LA..AHOM CONSONANT SIGN MEDIAL LIGATING RA
+	{0x11722, 0x11725, prExtend},               // Mn   [4] AHOM VOWEL SIGN I..AHOM VOWEL SIGN UU
+	{0x11726, 0x11726, prSpacingMark},          // Mc       AHOM VOWEL SIGN E
+	{0x11727, 0x1172B, prExtend},               // Mn   [5] AHOM VOWEL SIGN AW..AHOM SIGN KILLER
+	{0x1182C, 0x1182E, prSpacingMark},          // Mc   [3] DOGRA VOWEL SIGN AA..DOGRA VOWEL SIGN II
+	{0x1182F, 0x11837, prExtend},               // Mn   [9] DOGRA VOWEL SIGN U..DOGRA SIGN ANUSVARA
+	{0x11838, 0x11838, prSpacingMark},          // Mc       DOGRA SIGN VISARGA
+	{0x11839, 0x1183A, prExtend},               // Mn   [2] DOGRA SIGN VIRAMA..DOGRA SIGN NUKTA
+	{0x11930, 0x11930, prExtend},               // Mc       DIVES AKURU VOWEL SIGN AA
+	{0x11931, 0x11935, prSpacingMark},          // Mc   [5] DIVES AKURU VOWEL SIGN I..DIVES AKURU VOWEL SIGN E
+	{0x11937, 0x11938, prSpacingMark},          // Mc   [2] DIVES AKURU VOWEL SIGN AI..DIVES AKURU VOWEL SIGN O
+	{0x1193B, 0x1193C, prExtend},               // Mn   [2] DIVES AKURU SIGN ANUSVARA..DIVES AKURU SIGN CANDRABINDU
+	{0x1193D, 0x1193D, prSpacingMark},          // Mc       DIVES AKURU SIGN HALANTA
+	{0x1193E, 0x1193E, prExtend},               // Mn       DIVES AKURU VIRAMA
+	{0x1193F, 0x1193F, prPrepend},              // Lo       DIVES AKURU PREFIXED NASAL SIGN
+	{0x11940, 0x11940, prSpacingMark},          // Mc       DIVES AKURU MEDIAL YA
+	{0x11941, 0x11941, prPrepend},              // Lo       DIVES AKURU INITIAL RA
+	{0x11942, 0x11942, prSpacingMark},          // Mc       DIVES AKURU MEDIAL RA
+	{0x11943, 0x11943, prExtend},               // Mn       DIVES AKURU SIGN NUKTA
+	{0x119D1, 0x119D3, prSpacingMark},          // Mc   [3] NANDINAGARI VOWEL SIGN AA..NANDINAGARI VOWEL SIGN II
+	{0x119D4, 0x119D7, prExtend},               // Mn   [4] NANDINAGARI VOWEL SIGN U..NANDINAGARI VOWEL SIGN VOCALIC RR
+	{0x119DA, 0x119DB, prExtend},               // Mn   [2] NANDINAGARI VOWEL SIGN E..NANDINAGARI VOWEL SIGN AI
+	{0x119DC, 0x119DF, prSpacingMark},          // Mc   [4] NANDINAGARI VOWEL SIGN O..NANDINAGARI SIGN VISARGA
+	{0x119E0, 0x119E0, prExtend},               // Mn       NANDINAGARI SIGN VIRAMA
+	{0x119E4, 0x119E4, prSpacingMark},          // Mc       NANDINAGARI VOWEL SIGN PRISHTHAMATRA E
+	{0x11A01, 0x11A0A, prExtend},               // Mn  [10] ZANABAZAR SQUARE VOWEL SIGN I..ZANABAZAR SQUARE VOWEL LENGTH MARK
+	{0x11A33, 0x11A38, prExtend},               // Mn   [6] ZANABAZAR SQUARE FINAL CONSONANT MARK..ZANABAZAR SQUARE SIGN ANUSVARA
+	{0x11A39, 0x11A39, prSpacingMark},          // Mc       ZANABAZAR SQUARE SIGN VISARGA
+	{0x11A3A, 0x11A3A, prPrepend},              // Lo       ZANABAZAR SQUARE CLUSTER-INITIAL LETTER RA
+	{0x11A3B, 0x11A3E, prExtend},               // Mn   [4] ZANABAZAR SQUARE CLUSTER-FINAL LETTER YA..ZANABAZAR SQUARE CLUSTER-FINAL LETTER VA
+	{0x11A47, 0x11A47, prExtend},               // Mn       ZANABAZAR SQUARE SUBJOINER
+	{0x11A51, 0x11A56, prExtend},               // Mn   [6] SOYOMBO VOWEL SIGN I..SOYOMBO VOWEL SIGN OE
+	{0x11A57, 0x11A58, prSpacingMark},          // Mc   [2] SOYOMBO VOWEL SIGN AI..SOYOMBO VOWEL SIGN AU
+	{0x11A59, 0x11A5B, prExtend},               // Mn   [3] SOYOMBO VOWEL SIGN VOCALIC R..SOYOMBO VOWEL LENGTH MARK
+	{0x11A84, 0x11A89, prPrepend},              // Lo   [6] SOYOMBO SIGN JIHVAMULIYA..SOYOMBO CLUSTER-INITIAL LETTER SA
+	{0x11A8A, 0x11A96, prExtend},               // Mn  [13] SOYOMBO FINAL CONSONANT SIGN G..SOYOMBO SIGN ANUSVARA
+	{0x11A97, 0x11A97, prSpacingMark},          // Mc       SOYOMBO SIGN VISARGA
+	{0x11A98, 0x11A99, prExtend},               // Mn   [2] SOYOMBO GEMINATION MARK..SOYOMBO SUBJOINER
+	{0x11C2F, 0x11C2F, prSpacingMark},          // Mc       BHAIKSUKI VOWEL SIGN AA
+	{0x11C30, 0x11C36, prExtend},               // Mn   [7] BHAIKSUKI VOWEL SIGN I..BHAIKSUKI VOWEL SIGN VOCALIC L
+	{0x11C38, 0x11C3D, prExtend},               // Mn   [6] BHAIKSUKI VOWEL SIGN E..BHAIKSUKI SIGN ANUSVARA
+	{0x11C3E, 0x11C3E, prSpacingMark},          // Mc       BHAIKSUKI SIGN VISARGA
+	{0x11C3F, 0x11C3F, prExtend},               // Mn       BHAIKSUKI SIGN VIRAMA
+	{0x11C92, 0x11CA7, prExtend},               // Mn  [22] MARCHEN SUBJOINED LETTER KA..MARCHEN SUBJOINED LETTER ZA
+	{0x11CA9, 0x11CA9, prSpacingMark},          // Mc       MARCHEN SUBJOINED LETTER YA
+	{0x11CAA, 0x11CB0, prExtend},               // Mn   [7] MARCHEN SUBJOINED LETTER RA..MARCHEN VOWEL SIGN AA
+	{0x11CB1, 0x11CB1, prSpacingMark},          // Mc       MARCHEN VOWEL SIGN I
+	{0x11CB2, 0x11CB3, prExtend},               // Mn   [2] MARCHEN VOWEL SIGN U..MARCHEN VOWEL SIGN E
+	{0x11CB4, 0x11CB4, prSpacingMark},          // Mc       MARCHEN VOWEL SIGN O
+	{0x11CB5, 0x11CB6, prExtend},               // Mn   [2] MARCHEN SIGN ANUSVARA..MARCHEN SIGN CANDRABINDU
+	{0x11D31, 0x11D36, prExtend},               // Mn   [6] MASARAM GONDI VOWEL SIGN AA..MASARAM GONDI VOWEL SIGN VOCALIC R
+	{0x11D3A, 0x11D3A, prExtend},               // Mn       MASARAM GONDI VOWEL SIGN E
+	{0x11D3C, 0x11D3D, prExtend},               // Mn   [2] MASARAM GONDI VOWEL SIGN AI..MASARAM GONDI VOWEL SIGN O
+	{0x11D3F, 0x11D45, prExtend},               // Mn   [7] MASARAM GONDI VOWEL SIGN AU..MASARAM GONDI VIRAMA
+	{0x11D46, 0x11D46, prPrepend},              // Lo       MASARAM GONDI REPHA
+	{0x11D47, 0x11D47, prExtend},               // Mn       MASARAM GONDI RA-KARA
+	{0x11D8A, 0x11D8E, prSpacingMark},          // Mc   [5] GUNJALA GONDI VOWEL SIGN AA..GUNJALA GONDI VOWEL SIGN UU
+	{0x11D90, 0x11D91, prExtend},               // Mn   [2] GUNJALA GONDI VOWEL SIGN EE..GUNJALA GONDI VOWEL SIGN AI
+	{0x11D93, 0x11D94, prSpacingMark},          // Mc   [2] GUNJALA GONDI VOWEL SIGN OO..GUNJALA GONDI VOWEL SIGN AU
+	{0x11D95, 0x11D95, prExtend},               // Mn       GUNJALA GONDI SIGN ANUSVARA
+	{0x11D96, 0x11D96, prSpacingMark},          // Mc       GUNJALA GONDI SIGN VISARGA
+	{0x11D97, 0x11D97, prExtend},               // Mn       GUNJALA GONDI VIRAMA
+	{0x11EF3, 0x11EF4, prExtend},               // Mn   [2] MAKASAR VOWEL SIGN I..MAKASAR VOWEL SIGN U
+	{0x11EF5, 0x11EF6, prSpacingMark},          // Mc   [2] MAKASAR VOWEL SIGN E..MAKASAR VOWEL SIGN O
+	{0x13430, 0x13438, prControl},              // Cf   [9] EGYPTIAN HIEROGLYPH VERTICAL JOINER..EGYPTIAN HIEROGLYPH END SEGMENT
+	{0x16AF0, 0x16AF4, prExtend},               // Mn   [5] BASSA VAH COMBINING HIGH TONE..BASSA VAH COMBINING HIGH-LOW TONE
+	{0x16B30, 0x16B36, prExtend},               // Mn   [7] PAHAWH HMONG MARK CIM TUB..PAHAWH HMONG MARK CIM TAUM
+	{0x16F4F, 0x16F4F, prExtend},               // Mn       MIAO SIGN CONSONANT MODIFIER BAR
+	{0x16F51, 0x16F87, prSpacingMark},          // Mc  [55] MIAO SIGN ASPIRATION..MIAO VOWEL SIGN UI
+	{0x16F8F, 0x16F92, prExtend},               // Mn   [4] MIAO TONE RIGHT..MIAO TONE BELOW
+	{0x16FE4, 0x16FE4, prExtend},               // Mn       KHITAN SMALL SCRIPT FILLER
+	{0x16FF0, 0x16FF1, prSpacingMark},          // Mc   [2] VIETNAMESE ALTERNATE READING MARK CA..VIETNAMESE ALTERNATE READING MARK NHAY
+	{0x1BC9D, 0x1BC9E, prExtend},               // Mn   [2] DUPLOYAN THICK LETTER SELECTOR..DUPLOYAN DOUBLE MARK
+	{0x1BCA0, 0x1BCA3, prControl},              // Cf   [4] SHORTHAND FORMAT LETTER OVERLAP..SHORTHAND FORMAT UP STEP
+	{0x1CF00, 0x1CF2D, prExtend},               // Mn  [46] ZNAMENNY COMBINING MARK GORAZDO NIZKO S KRYZHEM ON LEFT..ZNAMENNY COMBINING MARK KRYZH ON LEFT
+	{0x1CF30, 0x1CF46, prExtend},               // Mn  [23] ZNAMENNY COMBINING TONAL RANGE MARK MRACHNO..ZNAMENNY PRIZNAK MODIFIER ROG
+	{0x1D165, 0x1D165, prExtend},               // Mc       MUSICAL SYMBOL COMBINING STEM
+	{0x1D166, 0x1D166, prSpacingMark},          // Mc       MUSICAL SYMBOL COMBINING SPRECHGESANG STEM
+	{0x1D167, 0x1D169, prExtend},               // Mn   [3] MUSICAL SYMBOL COMBINING TREMOLO-1..MUSICAL SYMBOL COMBINING TREMOLO-3
+	{0x1D16D, 0x1D16D, prSpacingMark},          // Mc       MUSICAL SYMBOL COMBINING AUGMENTATION DOT
+	{0x1D16E, 0x1D172, prExtend},               // Mc   [5] MUSICAL SYMBOL COMBINING FLAG-1..MUSICAL SYMBOL COMBINING FLAG-5
+	{0x1D173, 0x1D17A, prControl},              // Cf   [8] MUSICAL SYMBOL BEGIN BEAM..MUSICAL SYMBOL END PHRASE
+	{0x1D17B, 0x1D182, prExtend},               // Mn   [8] MUSICAL SYMBOL COMBINING ACCENT..MUSICAL SYMBOL COMBINING LOURE
+	{0x1D185, 0x1D18B, prExtend},               // Mn   [7] MUSICAL SYMBOL COMBINING DOIT..MUSICAL SYMBOL COMBINING TRIPLE TONGUE
+	{0x1D1AA, 0x1D1AD, prExtend},               // Mn   [4] MUSICAL SYMBOL COMBINING DOWN BOW..MUSICAL SYMBOL COMBINING SNAP PIZZICATO
+	{0x1D242, 0x1D244, prExtend},               // Mn   [3] COMBINING GREEK MUSICAL TRISEME..COMBINING GREEK MUSICAL PENTASEME
+	{0x1DA00, 0x1DA36, prExtend},               // Mn  [55] SIGNWRITING HEAD RIM..SIGNWRITING AIR SUCKING IN
+	{0x1DA3B, 0x1DA6C, prExtend},               // Mn  [50] SIGNWRITING MOUTH CLOSED NEUTRAL..SIGNWRITING EXCITEMENT
+	{0x1DA75, 0x1DA75, prExtend},               // Mn       SIGNWRITING UPPER BODY TILTING FROM HIP JOINTS
+	{0x1DA84, 0x1DA84, prExtend},               // Mn       SIGNWRITING LOCATION HEAD NECK
+	{0x1DA9B, 0x1DA9F, prExtend},               // Mn   [5] SIGNWRITING FILL MODIFIER-2..SIGNWRITING FILL MODIFIER-6
+	{0x1DAA1, 0x1DAAF, prExtend},               // Mn  [15] SIGNWRITING ROTATION MODIFIER-2..SIGNWRITING ROTATION MODIFIER-16
+	{0x1E000, 0x1E006, prExtend},               // Mn   [7] COMBINING GLAGOLITIC LETTER AZU..COMBINING GLAGOLITIC LETTER ZHIVETE
+	{0x1E008, 0x1E018, prExtend},               // Mn  [17] COMBINING GLAGOLITIC LETTER ZEMLJA..COMBINING GLAGOLITIC LETTER HERU
+	{0x1E01B, 0x1E021, prExtend},               // Mn   [7] COMBINING GLAGOLITIC LETTER SHTA..COMBINING GLAGOLITIC LETTER YATI
+	{0x1E023, 0x1E024, prExtend},               // Mn   [2] COMBINING GLAGOLITIC LETTER YU..COMBINING GLAGOLITIC LETTER SMALL YUS
+	{0x1E026, 0x1E02A, prExtend},               // Mn   [5] COMBINING GLAGOLITIC LETTER YO..COMBINING GLAGOLITIC LETTER FITA
+	{0x1E130, 0x1E136, prExtend},               // Mn   [7] NYIAKENG PUACHUE HMONG TONE-B..NYIAKENG PUACHUE HMONG TONE-D
+	{0x1E2AE, 0x1E2AE, prExtend},               // Mn       TOTO SIGN RISING TONE
+	{0x1E2EC, 0x1E2EF, prExtend},               // Mn   [4] WANCHO TONE TUP..WANCHO TONE KOINI
+	{0x1E8D0, 0x1E8D6, prExtend},               // Mn   [7] MENDE KIKAKUI COMBINING NUMBER TEENS..MENDE KIKAKUI COMBINING NUMBER MILLIONS
+	{0x1E944, 0x1E94A, prExtend},               // Mn   [7] ADLAM ALIF LENGTHENER..ADLAM NUKTA
+	{0x1F000, 0x1F003, prExtendedPictographic}, // E0.0   [4] (🀀..🀃)    MAHJONG TILE EAST WIND..MAHJONG TILE NORTH WIND
+	{0x1F004, 0x1F004, prExtendedPictographic}, // E0.6   [1] (🀄)       mahjong red dragon
+	{0x1F005, 0x1F0CE, prExtendedPictographic}, // E0.0 [202] (🀅..🃎)    MAHJONG TILE GREEN DRAGON..PLAYING CARD KING OF DIAMONDS
+	{0x1F0CF, 0x1F0CF, prExtendedPictographic}, // E0.6   [1] (�)       joker
+	{0x1F0D0, 0x1F0FF, prExtendedPictographic}, // E0.0  [48] (�..🃿)    <reserved-1F0D0>..<reserved-1F0FF>
+	{0x1F10D, 0x1F10F, prExtendedPictographic}, // E0.0   [3] (�..�)    CIRCLED ZERO WITH SLASH..CIRCLED DOLLAR SIGN WITH OVERLAID BACKSLASH
+	{0x1F12F, 0x1F12F, prExtendedPictographic}, // E0.0   [1] (🄯)       COPYLEFT SYMBOL
+	{0x1F16C, 0x1F16F, prExtendedPictographic}, // E0.0   [4] (🅬..🅯)    RAISED MR SIGN..CIRCLED HUMAN FIGURE
+	{0x1F170, 0x1F171, prExtendedPictographic}, // E0.6   [2] (🅰�..🅱�)    A button (blood type)..B button (blood type)
+	{0x1F17E, 0x1F17F, prExtendedPictographic}, // E0.6   [2] (🅾�..🅿�)    O button (blood type)..P button
+	{0x1F18E, 0x1F18E, prExtendedPictographic}, // E0.6   [1] (🆎)       AB button (blood type)
+	{0x1F191, 0x1F19A, prExtendedPictographic}, // E0.6  [10] (🆑..🆚)    CL button..VS button
+	{0x1F1AD, 0x1F1E5, prExtendedPictographic}, // E0.0  [57] (🆭..🇥)    MASK WORK SYMBOL..<reserved-1F1E5>
+	{0x1F1E6, 0x1F1FF, prRegionalIndicator},    // So  [26] REGIONAL INDICATOR SYMBOL LETTER A..REGIONAL INDICATOR SYMBOL LETTER Z
+	{0x1F201, 0x1F202, prExtendedPictographic}, // E0.6   [2] (�..🈂�)    Japanese “here� button..Japanese “service charge� button
+	{0x1F203, 0x1F20F, prExtendedPictographic}, // E0.0  [13] (🈃..�)    <reserved-1F203>..<reserved-1F20F>
+	{0x1F21A, 0x1F21A, prExtendedPictographic}, // E0.6   [1] (🈚)       Japanese “free of charge� button
+	{0x1F22F, 0x1F22F, prExtendedPictographic}, // E0.6   [1] (🈯)       Japanese “reserved� button
+	{0x1F232, 0x1F23A, prExtendedPictographic}, // E0.6   [9] (🈲..🈺)    Japanese “prohibited� button..Japanese “open for business� button
+	{0x1F23C, 0x1F23F, prExtendedPictographic}, // E0.0   [4] (🈼..🈿)    <reserved-1F23C>..<reserved-1F23F>
+	{0x1F249, 0x1F24F, prExtendedPictographic}, // E0.0   [7] (🉉..�)    <reserved-1F249>..<reserved-1F24F>
+	{0x1F250, 0x1F251, prExtendedPictographic}, // E0.6   [2] (�..🉑)    Japanese “bargain� button..Japanese “acceptable� button
+	{0x1F252, 0x1F2FF, prExtendedPictographic}, // E0.0 [174] (🉒..🋿)    <reserved-1F252>..<reserved-1F2FF>
+	{0x1F300, 0x1F30C, prExtendedPictographic}, // E0.6  [13] (🌀..🌌)    cyclone..milky way
+	{0x1F30D, 0x1F30E, prExtendedPictographic}, // E0.7   [2] (�..🌎)    globe showing Europe-Africa..globe showing Americas
+	{0x1F30F, 0x1F30F, prExtendedPictographic}, // E0.6   [1] (�)       globe showing Asia-Australia
+	{0x1F310, 0x1F310, prExtendedPictographic}, // E1.0   [1] (�)       globe with meridians
+	{0x1F311, 0x1F311, prExtendedPictographic}, // E0.6   [1] (🌑)       new moon
+	{0x1F312, 0x1F312, prExtendedPictographic}, // E1.0   [1] (🌒)       waxing crescent moon
+	{0x1F313, 0x1F315, prExtendedPictographic}, // E0.6   [3] (🌓..🌕)    first quarter moon..full moon
+	{0x1F316, 0x1F318, prExtendedPictographic}, // E1.0   [3] (🌖..🌘)    waning gibbous moon..waning crescent moon
+	{0x1F319, 0x1F319, prExtendedPictographic}, // E0.6   [1] (🌙)       crescent moon
+	{0x1F31A, 0x1F31A, prExtendedPictographic}, // E1.0   [1] (🌚)       new moon face
+	{0x1F31B, 0x1F31B, prExtendedPictographic}, // E0.6   [1] (🌛)       first quarter moon face
+	{0x1F31C, 0x1F31C, prExtendedPictographic}, // E0.7   [1] (🌜)       last quarter moon face
+	{0x1F31D, 0x1F31E, prExtendedPictographic}, // E1.0   [2] (�..🌞)    full moon face..sun with face
+	{0x1F31F, 0x1F320, prExtendedPictographic}, // E0.6   [2] (🌟..🌠)    glowing star..shooting star
+	{0x1F321, 0x1F321, prExtendedPictographic}, // E0.7   [1] (🌡�)       thermometer
+	{0x1F322, 0x1F323, prExtendedPictographic}, // E0.0   [2] (🌢..🌣)    BLACK DROPLET..WHITE SUN
+	{0x1F324, 0x1F32C, prExtendedPictographic}, // E0.7   [9] (🌤�..🌬�)    sun behind small cloud..wind face
+	{0x1F32D, 0x1F32F, prExtendedPictographic}, // E1.0   [3] (🌭..🌯)    hot dog..burrito
+	{0x1F330, 0x1F331, prExtendedPictographic}, // E0.6   [2] (🌰..🌱)    chestnut..seedling
+	{0x1F332, 0x1F333, prExtendedPictographic}, // E1.0   [2] (🌲..🌳)    evergreen tree..deciduous tree
+	{0x1F334, 0x1F335, prExtendedPictographic}, // E0.6   [2] (🌴..🌵)    palm tree..cactus
+	{0x1F336, 0x1F336, prExtendedPictographic}, // E0.7   [1] (🌶�)       hot pepper
+	{0x1F337, 0x1F34A, prExtendedPictographic}, // E0.6  [20] (🌷..�)    tulip..tangerine
+	{0x1F34B, 0x1F34B, prExtendedPictographic}, // E1.0   [1] (�)       lemon
+	{0x1F34C, 0x1F34F, prExtendedPictographic}, // E0.6   [4] (�..�)    banana..green apple
+	{0x1F350, 0x1F350, prExtendedPictographic}, // E1.0   [1] (�)       pear
+	{0x1F351, 0x1F37B, prExtendedPictographic}, // E0.6  [43] (�..�)    peach..clinking beer mugs
+	{0x1F37C, 0x1F37C, prExtendedPictographic}, // E1.0   [1] (�)       baby bottle
+	{0x1F37D, 0x1F37D, prExtendedPictographic}, // E0.7   [1] (��)       fork and knife with plate
+	{0x1F37E, 0x1F37F, prExtendedPictographic}, // E1.0   [2] (�..�)    bottle with popping cork..popcorn
+	{0x1F380, 0x1F393, prExtendedPictographic}, // E0.6  [20] (🎀..🎓)    ribbon..graduation cap
+	{0x1F394, 0x1F395, prExtendedPictographic}, // E0.0   [2] (🎔..🎕)    HEART WITH TIP ON THE LEFT..BOUQUET OF FLOWERS
+	{0x1F396, 0x1F397, prExtendedPictographic}, // E0.7   [2] (🎖�..🎗�)    military medal..reminder ribbon
+	{0x1F398, 0x1F398, prExtendedPictographic}, // E0.0   [1] (🎘)       MUSICAL KEYBOARD WITH JACKS
+	{0x1F399, 0x1F39B, prExtendedPictographic}, // E0.7   [3] (🎙�..🎛�)    studio microphone..control knobs
+	{0x1F39C, 0x1F39D, prExtendedPictographic}, // E0.0   [2] (🎜..�)    BEAMED ASCENDING MUSICAL NOTES..BEAMED DESCENDING MUSICAL NOTES
+	{0x1F39E, 0x1F39F, prExtendedPictographic}, // E0.7   [2] (🎞�..🎟�)    film frames..admission tickets
+	{0x1F3A0, 0x1F3C4, prExtendedPictographic}, // E0.6  [37] (🎠..�)    carousel horse..person surfing
+	{0x1F3C5, 0x1F3C5, prExtendedPictographic}, // E1.0   [1] (�)       sports medal
+	{0x1F3C6, 0x1F3C6, prExtendedPictographic}, // E0.6   [1] (�)       trophy
+	{0x1F3C7, 0x1F3C7, prExtendedPictographic}, // E1.0   [1] (�)       horse racing
+	{0x1F3C8, 0x1F3C8, prExtendedPictographic}, // E0.6   [1] (�)       american football
+	{0x1F3C9, 0x1F3C9, prExtendedPictographic}, // E1.0   [1] (�)       rugby football
+	{0x1F3CA, 0x1F3CA, prExtendedPictographic}, // E0.6   [1] (�)       person swimming
+	{0x1F3CB, 0x1F3CE, prExtendedPictographic}, // E0.7   [4] (��..��)    person lifting weights..racing car
+	{0x1F3CF, 0x1F3D3, prExtendedPictographic}, // E1.0   [5] (�..�)    cricket game..ping pong
+	{0x1F3D4, 0x1F3DF, prExtendedPictographic}, // E0.7  [12] (��..��)    snow-capped mountain..stadium
+	{0x1F3E0, 0x1F3E3, prExtendedPictographic}, // E0.6   [4] (�..�)    house..Japanese post office
+	{0x1F3E4, 0x1F3E4, prExtendedPictographic}, // E1.0   [1] (�)       post office
+	{0x1F3E5, 0x1F3F0, prExtendedPictographic}, // E0.6  [12] (�..�)    hospital..castle
+	{0x1F3F1, 0x1F3F2, prExtendedPictographic}, // E0.0   [2] (�..�)    WHITE PENNANT..BLACK PENNANT
+	{0x1F3F3, 0x1F3F3, prExtendedPictographic}, // E0.7   [1] (��)       white flag
+	{0x1F3F4, 0x1F3F4, prExtendedPictographic}, // E1.0   [1] (�)       black flag
+	{0x1F3F5, 0x1F3F5, prExtendedPictographic}, // E0.7   [1] (��)       rosette
+	{0x1F3F6, 0x1F3F6, prExtendedPictographic}, // E0.0   [1] (�)       BLACK ROSETTE
+	{0x1F3F7, 0x1F3F7, prExtendedPictographic}, // E0.7   [1] (��)       label
+	{0x1F3F8, 0x1F3FA, prExtendedPictographic}, // E1.0   [3] (�..�)    badminton..amphora
+	{0x1F3FB, 0x1F3FF, prExtend},               // Sk   [5] EMOJI MODIFIER FITZPATRICK TYPE-1-2..EMOJI MODIFIER FITZPATRICK TYPE-6
+	{0x1F400, 0x1F407, prExtendedPictographic}, // E1.0   [8] (�..�)    rat..rabbit
+	{0x1F408, 0x1F408, prExtendedPictographic}, // E0.7   [1] (�)       cat
+	{0x1F409, 0x1F40B, prExtendedPictographic}, // E1.0   [3] (�..�)    dragon..whale
+	{0x1F40C, 0x1F40E, prExtendedPictographic}, // E0.6   [3] (�..�)    snail..horse
+	{0x1F40F, 0x1F410, prExtendedPictographic}, // E1.0   [2] (�..�)    ram..goat
+	{0x1F411, 0x1F412, prExtendedPictographic}, // E0.6   [2] (�..�)    ewe..monkey
+	{0x1F413, 0x1F413, prExtendedPictographic}, // E1.0   [1] (�)       rooster
+	{0x1F414, 0x1F414, prExtendedPictographic}, // E0.6   [1] (�)       chicken
+	{0x1F415, 0x1F415, prExtendedPictographic}, // E0.7   [1] (�)       dog
+	{0x1F416, 0x1F416, prExtendedPictographic}, // E1.0   [1] (�)       pig
+	{0x1F417, 0x1F429, prExtendedPictographic}, // E0.6  [19] (�..�)    boar..poodle
+	{0x1F42A, 0x1F42A, prExtendedPictographic}, // E1.0   [1] (�)       camel
+	{0x1F42B, 0x1F43E, prExtendedPictographic}, // E0.6  [20] (�..�)    two-hump camel..paw prints
+	{0x1F43F, 0x1F43F, prExtendedPictographic}, // E0.7   [1] (��)       chipmunk
+	{0x1F440, 0x1F440, prExtendedPictographic}, // E0.6   [1] (👀)       eyes
+	{0x1F441, 0x1F441, prExtendedPictographic}, // E0.7   [1] (��)       eye
+	{0x1F442, 0x1F464, prExtendedPictographic}, // E0.6  [35] (👂..👤)    ear..bust in silhouette
+	{0x1F465, 0x1F465, prExtendedPictographic}, // E1.0   [1] (👥)       busts in silhouette
+	{0x1F466, 0x1F46B, prExtendedPictographic}, // E0.6   [6] (👦..👫)    boy..woman and man holding hands
+	{0x1F46C, 0x1F46D, prExtendedPictographic}, // E1.0   [2] (👬..👭)    men holding hands..women holding hands
+	{0x1F46E, 0x1F4AC, prExtendedPictographic}, // E0.6  [63] (👮..💬)    police officer..speech balloon
+	{0x1F4AD, 0x1F4AD, prExtendedPictographic}, // E1.0   [1] (💭)       thought balloon
+	{0x1F4AE, 0x1F4B5, prExtendedPictographic}, // E0.6   [8] (💮..💵)    white flower..dollar banknote
+	{0x1F4B6, 0x1F4B7, prExtendedPictographic}, // E1.0   [2] (💶..💷)    euro banknote..pound banknote
+	{0x1F4B8, 0x1F4EB, prExtendedPictographic}, // E0.6  [52] (💸..📫)    money with wings..closed mailbox with raised flag
+	{0x1F4EC, 0x1F4ED, prExtendedPictographic}, // E0.7   [2] (📬..📭)    open mailbox with raised flag..open mailbox with lowered flag
+	{0x1F4EE, 0x1F4EE, prExtendedPictographic}, // E0.6   [1] (📮)       postbox
+	{0x1F4EF, 0x1F4EF, prExtendedPictographic}, // E1.0   [1] (📯)       postal horn
+	{0x1F4F0, 0x1F4F4, prExtendedPictographic}, // E0.6   [5] (📰..📴)    newspaper..mobile phone off
+	{0x1F4F5, 0x1F4F5, prExtendedPictographic}, // E1.0   [1] (📵)       no mobile phones
+	{0x1F4F6, 0x1F4F7, prExtendedPictographic}, // E0.6   [2] (📶..📷)    antenna bars..camera
+	{0x1F4F8, 0x1F4F8, prExtendedPictographic}, // E1.0   [1] (📸)       camera with flash
+	{0x1F4F9, 0x1F4FC, prExtendedPictographic}, // E0.6   [4] (📹..📼)    video camera..videocassette
+	{0x1F4FD, 0x1F4FD, prExtendedPictographic}, // E0.7   [1] (📽�)       film projector
+	{0x1F4FE, 0x1F4FE, prExtendedPictographic}, // E0.0   [1] (📾)       PORTABLE STEREO
+	{0x1F4FF, 0x1F502, prExtendedPictographic}, // E1.0   [4] (📿..🔂)    prayer beads..repeat single button
+	{0x1F503, 0x1F503, prExtendedPictographic}, // E0.6   [1] (🔃)       clockwise vertical arrows
+	{0x1F504, 0x1F507, prExtendedPictographic}, // E1.0   [4] (🔄..🔇)    counterclockwise arrows button..muted speaker
+	{0x1F508, 0x1F508, prExtendedPictographic}, // E0.7   [1] (🔈)       speaker low volume
+	{0x1F509, 0x1F509, prExtendedPictographic}, // E1.0   [1] (🔉)       speaker medium volume
+	{0x1F50A, 0x1F514, prExtendedPictographic}, // E0.6  [11] (🔊..🔔)    speaker high volume..bell
+	{0x1F515, 0x1F515, prExtendedPictographic}, // E1.0   [1] (🔕)       bell with slash
+	{0x1F516, 0x1F52B, prExtendedPictographic}, // E0.6  [22] (🔖..🔫)    bookmark..water pistol
+	{0x1F52C, 0x1F52D, prExtendedPictographic}, // E1.0   [2] (🔬..🔭)    microscope..telescope
+	{0x1F52E, 0x1F53D, prExtendedPictographic}, // E0.6  [16] (🔮..🔽)    crystal ball..downwards button
+	{0x1F546, 0x1F548, prExtendedPictographic}, // E0.0   [3] (🕆..🕈)    WHITE LATIN CROSS..CELTIC CROSS
+	{0x1F549, 0x1F54A, prExtendedPictographic}, // E0.7   [2] (🕉�..🕊�)    om..dove
+	{0x1F54B, 0x1F54E, prExtendedPictographic}, // E1.0   [4] (🕋..🕎)    kaaba..menorah
+	{0x1F54F, 0x1F54F, prExtendedPictographic}, // E0.0   [1] (�)       BOWL OF HYGIEIA
+	{0x1F550, 0x1F55B, prExtendedPictographic}, // E0.6  [12] (�..🕛)    one o’clock..twelve o’clock
+	{0x1F55C, 0x1F567, prExtendedPictographic}, // E0.7  [12] (🕜..🕧)    one-thirty..twelve-thirty
+	{0x1F568, 0x1F56E, prExtendedPictographic}, // E0.0   [7] (🕨..🕮)    RIGHT SPEAKER..BOOK
+	{0x1F56F, 0x1F570, prExtendedPictographic}, // E0.7   [2] (🕯�..🕰�)    candle..mantelpiece clock
+	{0x1F571, 0x1F572, prExtendedPictographic}, // E0.0   [2] (🕱..🕲)    BLACK SKULL AND CROSSBONES..NO PIRACY
+	{0x1F573, 0x1F579, prExtendedPictographic}, // E0.7   [7] (🕳�..🕹�)    hole..joystick
+	{0x1F57A, 0x1F57A, prExtendedPictographic}, // E3.0   [1] (🕺)       man dancing
+	{0x1F57B, 0x1F586, prExtendedPictographic}, // E0.0  [12] (🕻..🖆)    LEFT HAND TELEPHONE RECEIVER..PEN OVER STAMPED ENVELOPE
+	{0x1F587, 0x1F587, prExtendedPictographic}, // E0.7   [1] (🖇�)       linked paperclips
+	{0x1F588, 0x1F589, prExtendedPictographic}, // E0.0   [2] (🖈..🖉)    BLACK PUSHPIN..LOWER LEFT PENCIL
+	{0x1F58A, 0x1F58D, prExtendedPictographic}, // E0.7   [4] (🖊�..��)    pen..crayon
+	{0x1F58E, 0x1F58F, prExtendedPictographic}, // E0.0   [2] (🖎..�)    LEFT WRITING HAND..TURNED OK HAND SIGN
+	{0x1F590, 0x1F590, prExtendedPictographic}, // E0.7   [1] (��)       hand with fingers splayed
+	{0x1F591, 0x1F594, prExtendedPictographic}, // E0.0   [4] (🖑..🖔)    REVERSED RAISED HAND WITH FINGERS SPLAYED..REVERSED VICTORY HAND
+	{0x1F595, 0x1F596, prExtendedPictographic}, // E1.0   [2] (🖕..🖖)    middle finger..vulcan salute
+	{0x1F597, 0x1F5A3, prExtendedPictographic}, // E0.0  [13] (🖗..🖣)    WHITE DOWN POINTING LEFT HAND INDEX..BLACK DOWN POINTING BACKHAND INDEX
+	{0x1F5A4, 0x1F5A4, prExtendedPictographic}, // E3.0   [1] (🖤)       black heart
+	{0x1F5A5, 0x1F5A5, prExtendedPictographic}, // E0.7   [1] (🖥�)       desktop computer
+	{0x1F5A6, 0x1F5A7, prExtendedPictographic}, // E0.0   [2] (🖦..🖧)    KEYBOARD AND MOUSE..THREE NETWORKED COMPUTERS
+	{0x1F5A8, 0x1F5A8, prExtendedPictographic}, // E0.7   [1] (🖨�)       printer
+	{0x1F5A9, 0x1F5B0, prExtendedPictographic}, // E0.0   [8] (🖩..🖰)    POCKET CALCULATOR..TWO BUTTON MOUSE
+	{0x1F5B1, 0x1F5B2, prExtendedPictographic}, // E0.7   [2] (🖱�..🖲�)    computer mouse..trackball
+	{0x1F5B3, 0x1F5BB, prExtendedPictographic}, // E0.0   [9] (🖳..🖻)    OLD PERSONAL COMPUTER..DOCUMENT WITH PICTURE
+	{0x1F5BC, 0x1F5BC, prExtendedPictographic}, // E0.7   [1] (🖼�)       framed picture
+	{0x1F5BD, 0x1F5C1, prExtendedPictographic}, // E0.0   [5] (🖽..�)    FRAME WITH TILES..OPEN FOLDER
+	{0x1F5C2, 0x1F5C4, prExtendedPictographic}, // E0.7   [3] (🗂�..🗄�)    card index dividers..file cabinet
+	{0x1F5C5, 0x1F5D0, prExtendedPictographic}, // E0.0  [12] (🗅..�)    EMPTY NOTE..PAGES
+	{0x1F5D1, 0x1F5D3, prExtendedPictographic}, // E0.7   [3] (🗑�..🗓�)    wastebasket..spiral calendar
+	{0x1F5D4, 0x1F5DB, prExtendedPictographic}, // E0.0   [8] (🗔..🗛)    DESKTOP WINDOW..DECREASE FONT SIZE SYMBOL
+	{0x1F5DC, 0x1F5DE, prExtendedPictographic}, // E0.7   [3] (🗜�..🗞�)    clamp..rolled-up newspaper
+	{0x1F5DF, 0x1F5E0, prExtendedPictographic}, // E0.0   [2] (🗟..🗠)    PAGE WITH CIRCLED TEXT..STOCK CHART
+	{0x1F5E1, 0x1F5E1, prExtendedPictographic}, // E0.7   [1] (🗡�)       dagger
+	{0x1F5E2, 0x1F5E2, prExtendedPictographic}, // E0.0   [1] (🗢)       LIPS
+	{0x1F5E3, 0x1F5E3, prExtendedPictographic}, // E0.7   [1] (🗣�)       speaking head
+	{0x1F5E4, 0x1F5E7, prExtendedPictographic}, // E0.0   [4] (🗤..🗧)    THREE RAYS ABOVE..THREE RAYS RIGHT
+	{0x1F5E8, 0x1F5E8, prExtendedPictographic}, // E2.0   [1] (🗨�)       left speech bubble
+	{0x1F5E9, 0x1F5EE, prExtendedPictographic}, // E0.0   [6] (🗩..🗮)    RIGHT SPEECH BUBBLE..LEFT ANGER BUBBLE
+	{0x1F5EF, 0x1F5EF, prExtendedPictographic}, // E0.7   [1] (🗯�)       right anger bubble
+	{0x1F5F0, 0x1F5F2, prExtendedPictographic}, // E0.0   [3] (🗰..🗲)    MOOD BUBBLE..LIGHTNING MOOD
+	{0x1F5F3, 0x1F5F3, prExtendedPictographic}, // E0.7   [1] (🗳�)       ballot box with ballot
+	{0x1F5F4, 0x1F5F9, prExtendedPictographic}, // E0.0   [6] (🗴..🗹)    BALLOT SCRIPT X..BALLOT BOX WITH BOLD CHECK
+	{0x1F5FA, 0x1F5FA, prExtendedPictographic}, // E0.7   [1] (🗺�)       world map
+	{0x1F5FB, 0x1F5FF, prExtendedPictographic}, // E0.6   [5] (🗻..🗿)    mount fuji..moai
+	{0x1F600, 0x1F600, prExtendedPictographic}, // E1.0   [1] (😀)       grinning face
+	{0x1F601, 0x1F606, prExtendedPictographic}, // E0.6   [6] (�..😆)    beaming face with smiling eyes..grinning squinting face
+	{0x1F607, 0x1F608, prExtendedPictographic}, // E1.0   [2] (😇..😈)    smiling face with halo..smiling face with horns
+	{0x1F609, 0x1F60D, prExtendedPictographic}, // E0.6   [5] (😉..�)    winking face..smiling face with heart-eyes
+	{0x1F60E, 0x1F60E, prExtendedPictographic}, // E1.0   [1] (😎)       smiling face with sunglasses
+	{0x1F60F, 0x1F60F, prExtendedPictographic}, // E0.6   [1] (�)       smirking face
+	{0x1F610, 0x1F610, prExtendedPictographic}, // E0.7   [1] (�)       neutral face
+	{0x1F611, 0x1F611, prExtendedPictographic}, // E1.0   [1] (😑)       expressionless face
+	{0x1F612, 0x1F614, prExtendedPictographic}, // E0.6   [3] (😒..😔)    unamused face..pensive face
+	{0x1F615, 0x1F615, prExtendedPictographic}, // E1.0   [1] (😕)       confused face
+	{0x1F616, 0x1F616, prExtendedPictographic}, // E0.6   [1] (😖)       confounded face
+	{0x1F617, 0x1F617, prExtendedPictographic}, // E1.0   [1] (😗)       kissing face
+	{0x1F618, 0x1F618, prExtendedPictographic}, // E0.6   [1] (😘)       face blowing a kiss
+	{0x1F619, 0x1F619, prExtendedPictographic}, // E1.0   [1] (😙)       kissing face with smiling eyes
+	{0x1F61A, 0x1F61A, prExtendedPictographic}, // E0.6   [1] (😚)       kissing face with closed eyes
+	{0x1F61B, 0x1F61B, prExtendedPictographic}, // E1.0   [1] (😛)       face with tongue
+	{0x1F61C, 0x1F61E, prExtendedPictographic}, // E0.6   [3] (😜..😞)    winking face with tongue..disappointed face
+	{0x1F61F, 0x1F61F, prExtendedPictographic}, // E1.0   [1] (😟)       worried face
+	{0x1F620, 0x1F625, prExtendedPictographic}, // E0.6   [6] (😠..😥)    angry face..sad but relieved face
+	{0x1F626, 0x1F627, prExtendedPictographic}, // E1.0   [2] (😦..😧)    frowning face with open mouth..anguished face
+	{0x1F628, 0x1F62B, prExtendedPictographic}, // E0.6   [4] (😨..😫)    fearful face..tired face
+	{0x1F62C, 0x1F62C, prExtendedPictographic}, // E1.0   [1] (😬)       grimacing face
+	{0x1F62D, 0x1F62D, prExtendedPictographic}, // E0.6   [1] (😭)       loudly crying face
+	{0x1F62E, 0x1F62F, prExtendedPictographic}, // E1.0   [2] (😮..😯)    face with open mouth..hushed face
+	{0x1F630, 0x1F633, prExtendedPictographic}, // E0.6   [4] (😰..😳)    anxious face with sweat..flushed face
+	{0x1F634, 0x1F634, prExtendedPictographic}, // E1.0   [1] (😴)       sleeping face
+	{0x1F635, 0x1F635, prExtendedPictographic}, // E0.6   [1] (😵)       face with crossed-out eyes
+	{0x1F636, 0x1F636, prExtendedPictographic}, // E1.0   [1] (😶)       face without mouth
+	{0x1F637, 0x1F640, prExtendedPictographic}, // E0.6  [10] (😷..🙀)    face with medical mask..weary cat
+	{0x1F641, 0x1F644, prExtendedPictographic}, // E1.0   [4] (�..🙄)    slightly frowning face..face with rolling eyes
+	{0x1F645, 0x1F64F, prExtendedPictographic}, // E0.6  [11] (🙅..�)    person gesturing NO..folded hands
+	{0x1F680, 0x1F680, prExtendedPictographic}, // E0.6   [1] (🚀)       rocket
+	{0x1F681, 0x1F682, prExtendedPictographic}, // E1.0   [2] (�..🚂)    helicopter..locomotive
+	{0x1F683, 0x1F685, prExtendedPictographic}, // E0.6   [3] (🚃..🚅)    railway car..bullet train
+	{0x1F686, 0x1F686, prExtendedPictographic}, // E1.0   [1] (🚆)       train
+	{0x1F687, 0x1F687, prExtendedPictographic}, // E0.6   [1] (🚇)       metro
+	{0x1F688, 0x1F688, prExtendedPictographic}, // E1.0   [1] (🚈)       light rail
+	{0x1F689, 0x1F689, prExtendedPictographic}, // E0.6   [1] (🚉)       station
+	{0x1F68A, 0x1F68B, prExtendedPictographic}, // E1.0   [2] (🚊..🚋)    tram..tram car
+	{0x1F68C, 0x1F68C, prExtendedPictographic}, // E0.6   [1] (🚌)       bus
+	{0x1F68D, 0x1F68D, prExtendedPictographic}, // E0.7   [1] (�)       oncoming bus
+	{0x1F68E, 0x1F68E, prExtendedPictographic}, // E1.0   [1] (🚎)       trolleybus
+	{0x1F68F, 0x1F68F, prExtendedPictographic}, // E0.6   [1] (�)       bus stop
+	{0x1F690, 0x1F690, prExtendedPictographic}, // E1.0   [1] (�)       minibus
+	{0x1F691, 0x1F693, prExtendedPictographic}, // E0.6   [3] (🚑..🚓)    ambulance..police car
+	{0x1F694, 0x1F694, prExtendedPictographic}, // E0.7   [1] (🚔)       oncoming police car
+	{0x1F695, 0x1F695, prExtendedPictographic}, // E0.6   [1] (🚕)       taxi
+	{0x1F696, 0x1F696, prExtendedPictographic}, // E1.0   [1] (🚖)       oncoming taxi
+	{0x1F697, 0x1F697, prExtendedPictographic}, // E0.6   [1] (🚗)       automobile
+	{0x1F698, 0x1F698, prExtendedPictographic}, // E0.7   [1] (🚘)       oncoming automobile
+	{0x1F699, 0x1F69A, prExtendedPictographic}, // E0.6   [2] (🚙..🚚)    sport utility vehicle..delivery truck
+	{0x1F69B, 0x1F6A1, prExtendedPictographic}, // E1.0   [7] (🚛..🚡)    articulated lorry..aerial tramway
+	{0x1F6A2, 0x1F6A2, prExtendedPictographic}, // E0.6   [1] (🚢)       ship
+	{0x1F6A3, 0x1F6A3, prExtendedPictographic}, // E1.0   [1] (🚣)       person rowing boat
+	{0x1F6A4, 0x1F6A5, prExtendedPictographic}, // E0.6   [2] (🚤..🚥)    speedboat..horizontal traffic light
+	{0x1F6A6, 0x1F6A6, prExtendedPictographic}, // E1.0   [1] (🚦)       vertical traffic light
+	{0x1F6A7, 0x1F6AD, prExtendedPictographic}, // E0.6   [7] (🚧..🚭)    construction..no smoking
+	{0x1F6AE, 0x1F6B1, prExtendedPictographic}, // E1.0   [4] (🚮..🚱)    litter in bin sign..non-potable water
+	{0x1F6B2, 0x1F6B2, prExtendedPictographic}, // E0.6   [1] (🚲)       bicycle
+	{0x1F6B3, 0x1F6B5, prExtendedPictographic}, // E1.0   [3] (🚳..🚵)    no bicycles..person mountain biking
+	{0x1F6B6, 0x1F6B6, prExtendedPictographic}, // E0.6   [1] (🚶)       person walking
+	{0x1F6B7, 0x1F6B8, prExtendedPictographic}, // E1.0   [2] (🚷..🚸)    no pedestrians..children crossing
+	{0x1F6B9, 0x1F6BE, prExtendedPictographic}, // E0.6   [6] (🚹..🚾)    men’s room..water closet
+	{0x1F6BF, 0x1F6BF, prExtendedPictographic}, // E1.0   [1] (🚿)       shower
+	{0x1F6C0, 0x1F6C0, prExtendedPictographic}, // E0.6   [1] (🛀)       person taking bath
+	{0x1F6C1, 0x1F6C5, prExtendedPictographic}, // E1.0   [5] (�..🛅)    bathtub..left luggage
+	{0x1F6C6, 0x1F6CA, prExtendedPictographic}, // E0.0   [5] (🛆..🛊)    TRIANGLE WITH ROUNDED CORNERS..GIRLS SYMBOL
+	{0x1F6CB, 0x1F6CB, prExtendedPictographic}, // E0.7   [1] (🛋�)       couch and lamp
+	{0x1F6CC, 0x1F6CC, prExtendedPictographic}, // E1.0   [1] (🛌)       person in bed
+	{0x1F6CD, 0x1F6CF, prExtendedPictographic}, // E0.7   [3] (��..��)    shopping bags..bed
+	{0x1F6D0, 0x1F6D0, prExtendedPictographic}, // E1.0   [1] (�)       place of worship
+	{0x1F6D1, 0x1F6D2, prExtendedPictographic}, // E3.0   [2] (🛑..🛒)    stop sign..shopping cart
+	{0x1F6D3, 0x1F6D4, prExtendedPictographic}, // E0.0   [2] (🛓..🛔)    STUPA..PAGODA
+	{0x1F6D5, 0x1F6D5, prExtendedPictographic}, // E12.0  [1] (🛕)       hindu temple
+	{0x1F6D6, 0x1F6D7, prExtendedPictographic}, // E13.0  [2] (🛖..🛗)    hut..elevator
+	{0x1F6D8, 0x1F6DC, prExtendedPictographic}, // E0.0   [5] (🛘..🛜)    <reserved-1F6D8>..<reserved-1F6DC>
+	{0x1F6DD, 0x1F6DF, prExtendedPictographic}, // E14.0  [3] (�..🛟)    playground slide..ring buoy
+	{0x1F6E0, 0x1F6E5, prExtendedPictographic}, // E0.7   [6] (🛠�..🛥�)    hammer and wrench..motor boat
+	{0x1F6E6, 0x1F6E8, prExtendedPictographic}, // E0.0   [3] (🛦..🛨)    UP-POINTING MILITARY AIRPLANE..UP-POINTING SMALL AIRPLANE
+	{0x1F6E9, 0x1F6E9, prExtendedPictographic}, // E0.7   [1] (🛩�)       small airplane
+	{0x1F6EA, 0x1F6EA, prExtendedPictographic}, // E0.0   [1] (🛪)       NORTHEAST-POINTING AIRPLANE
+	{0x1F6EB, 0x1F6EC, prExtendedPictographic}, // E1.0   [2] (🛫..🛬)    airplane departure..airplane arrival
+	{0x1F6ED, 0x1F6EF, prExtendedPictographic}, // E0.0   [3] (🛭..🛯)    <reserved-1F6ED>..<reserved-1F6EF>
+	{0x1F6F0, 0x1F6F0, prExtendedPictographic}, // E0.7   [1] (🛰�)       satellite
+	{0x1F6F1, 0x1F6F2, prExtendedPictographic}, // E0.0   [2] (🛱..🛲)    ONCOMING FIRE ENGINE..DIESEL LOCOMOTIVE
+	{0x1F6F3, 0x1F6F3, prExtendedPictographic}, // E0.7   [1] (🛳�)       passenger ship
+	{0x1F6F4, 0x1F6F6, prExtendedPictographic}, // E3.0   [3] (🛴..🛶)    kick scooter..canoe
+	{0x1F6F7, 0x1F6F8, prExtendedPictographic}, // E5.0   [2] (🛷..🛸)    sled..flying saucer
+	{0x1F6F9, 0x1F6F9, prExtendedPictographic}, // E11.0  [1] (🛹)       skateboard
+	{0x1F6FA, 0x1F6FA, prExtendedPictographic}, // E12.0  [1] (🛺)       auto rickshaw
+	{0x1F6FB, 0x1F6FC, prExtendedPictographic}, // E13.0  [2] (🛻..🛼)    pickup truck..roller skate
+	{0x1F6FD, 0x1F6FF, prExtendedPictographic}, // E0.0   [3] (🛽..🛿)    <reserved-1F6FD>..<reserved-1F6FF>
+	{0x1F774, 0x1F77F, prExtendedPictographic}, // E0.0  [12] (�..�)    <reserved-1F774>..<reserved-1F77F>
+	{0x1F7D5, 0x1F7DF, prExtendedPictographic}, // E0.0  [11] (🟕..🟟)    CIRCLED TRIANGLE..<reserved-1F7DF>
+	{0x1F7E0, 0x1F7EB, prExtendedPictographic}, // E12.0 [12] (🟠..🟫)    orange circle..brown square
+	{0x1F7EC, 0x1F7EF, prExtendedPictographic}, // E0.0   [4] (🟬..🟯)    <reserved-1F7EC>..<reserved-1F7EF>
+	{0x1F7F0, 0x1F7F0, prExtendedPictographic}, // E14.0  [1] (🟰)       heavy equals sign
+	{0x1F7F1, 0x1F7FF, prExtendedPictographic}, // E0.0  [15] (🟱..🟿)    <reserved-1F7F1>..<reserved-1F7FF>
+	{0x1F80C, 0x1F80F, prExtendedPictographic}, // E0.0   [4] (🠌..�)    <reserved-1F80C>..<reserved-1F80F>
+	{0x1F848, 0x1F84F, prExtendedPictographic}, // E0.0   [8] (🡈..�)    <reserved-1F848>..<reserved-1F84F>
+	{0x1F85A, 0x1F85F, prExtendedPictographic}, // E0.0   [6] (🡚..🡟)    <reserved-1F85A>..<reserved-1F85F>
+	{0x1F888, 0x1F88F, prExtendedPictographic}, // E0.0   [8] (🢈..�)    <reserved-1F888>..<reserved-1F88F>
+	{0x1F8AE, 0x1F8FF, prExtendedPictographic}, // E0.0  [82] (🢮..🣿)    <reserved-1F8AE>..<reserved-1F8FF>
+	{0x1F90C, 0x1F90C, prExtendedPictographic}, // E13.0  [1] (🤌)       pinched fingers
+	{0x1F90D, 0x1F90F, prExtendedPictographic}, // E12.0  [3] (�..�)    white heart..pinching hand
+	{0x1F910, 0x1F918, prExtendedPictographic}, // E1.0   [9] (�..🤘)    zipper-mouth face..sign of the horns
+	{0x1F919, 0x1F91E, prExtendedPictographic}, // E3.0   [6] (🤙..🤞)    call me hand..crossed fingers
+	{0x1F91F, 0x1F91F, prExtendedPictographic}, // E5.0   [1] (🤟)       love-you gesture
+	{0x1F920, 0x1F927, prExtendedPictographic}, // E3.0   [8] (🤠..🤧)    cowboy hat face..sneezing face
+	{0x1F928, 0x1F92F, prExtendedPictographic}, // E5.0   [8] (🤨..🤯)    face with raised eyebrow..exploding head
+	{0x1F930, 0x1F930, prExtendedPictographic}, // E3.0   [1] (🤰)       pregnant woman
+	{0x1F931, 0x1F932, prExtendedPictographic}, // E5.0   [2] (🤱..🤲)    breast-feeding..palms up together
+	{0x1F933, 0x1F93A, prExtendedPictographic}, // E3.0   [8] (🤳..🤺)    selfie..person fencing
+	{0x1F93C, 0x1F93E, prExtendedPictographic}, // E3.0   [3] (🤼..🤾)    people wrestling..person playing handball
+	{0x1F93F, 0x1F93F, prExtendedPictographic}, // E12.0  [1] (🤿)       diving mask
+	{0x1F940, 0x1F945, prExtendedPictographic}, // E3.0   [6] (🥀..🥅)    wilted flower..goal net
+	{0x1F947, 0x1F94B, prExtendedPictographic}, // E3.0   [5] (🥇..🥋)    1st place medal..martial arts uniform
+	{0x1F94C, 0x1F94C, prExtendedPictographic}, // E5.0   [1] (🥌)       curling stone
+	{0x1F94D, 0x1F94F, prExtendedPictographic}, // E11.0  [3] (�..�)    lacrosse..flying disc
+	{0x1F950, 0x1F95E, prExtendedPictographic}, // E3.0  [15] (�..🥞)    croissant..pancakes
+	{0x1F95F, 0x1F96B, prExtendedPictographic}, // E5.0  [13] (🥟..🥫)    dumpling..canned food
+	{0x1F96C, 0x1F970, prExtendedPictographic}, // E11.0  [5] (🥬..🥰)    leafy green..smiling face with hearts
+	{0x1F971, 0x1F971, prExtendedPictographic}, // E12.0  [1] (🥱)       yawning face
+	{0x1F972, 0x1F972, prExtendedPictographic}, // E13.0  [1] (🥲)       smiling face with tear
+	{0x1F973, 0x1F976, prExtendedPictographic}, // E11.0  [4] (🥳..🥶)    partying face..cold face
+	{0x1F977, 0x1F978, prExtendedPictographic}, // E13.0  [2] (🥷..🥸)    ninja..disguised face
+	{0x1F979, 0x1F979, prExtendedPictographic}, // E14.0  [1] (🥹)       face holding back tears
+	{0x1F97A, 0x1F97A, prExtendedPictographic}, // E11.0  [1] (🥺)       pleading face
+	{0x1F97B, 0x1F97B, prExtendedPictographic}, // E12.0  [1] (🥻)       sari
+	{0x1F97C, 0x1F97F, prExtendedPictographic}, // E11.0  [4] (🥼..🥿)    lab coat..flat shoe
+	{0x1F980, 0x1F984, prExtendedPictographic}, // E1.0   [5] (🦀..🦄)    crab..unicorn
+	{0x1F985, 0x1F991, prExtendedPictographic}, // E3.0  [13] (🦅..🦑)    eagle..squid
+	{0x1F992, 0x1F997, prExtendedPictographic}, // E5.0   [6] (🦒..🦗)    giraffe..cricket
+	{0x1F998, 0x1F9A2, prExtendedPictographic}, // E11.0 [11] (🦘..🦢)    kangaroo..swan
+	{0x1F9A3, 0x1F9A4, prExtendedPictographic}, // E13.0  [2] (🦣..🦤)    mammoth..dodo
+	{0x1F9A5, 0x1F9AA, prExtendedPictographic}, // E12.0  [6] (🦥..🦪)    sloth..oyster
+	{0x1F9AB, 0x1F9AD, prExtendedPictographic}, // E13.0  [3] (🦫..🦭)    beaver..seal
+	{0x1F9AE, 0x1F9AF, prExtendedPictographic}, // E12.0  [2] (🦮..🦯)    guide dog..white cane
+	{0x1F9B0, 0x1F9B9, prExtendedPictographic}, // E11.0 [10] (🦰..🦹)    red hair..supervillain
+	{0x1F9BA, 0x1F9BF, prExtendedPictographic}, // E12.0  [6] (🦺..🦿)    safety vest..mechanical leg
+	{0x1F9C0, 0x1F9C0, prExtendedPictographic}, // E1.0   [1] (🧀)       cheese wedge
+	{0x1F9C1, 0x1F9C2, prExtendedPictographic}, // E11.0  [2] (�..🧂)    cupcake..salt
+	{0x1F9C3, 0x1F9CA, prExtendedPictographic}, // E12.0  [8] (🧃..🧊)    beverage box..ice
+	{0x1F9CB, 0x1F9CB, prExtendedPictographic}, // E13.0  [1] (🧋)       bubble tea
+	{0x1F9CC, 0x1F9CC, prExtendedPictographic}, // E14.0  [1] (🧌)       troll
+	{0x1F9CD, 0x1F9CF, prExtendedPictographic}, // E12.0  [3] (�..�)    person standing..deaf person
+	{0x1F9D0, 0x1F9E6, prExtendedPictographic}, // E5.0  [23] (�..🧦)    face with monocle..socks
+	{0x1F9E7, 0x1F9FF, prExtendedPictographic}, // E11.0 [25] (🧧..🧿)    red envelope..nazar amulet
+	{0x1FA00, 0x1FA6F, prExtendedPictographic}, // E0.0 [112] (🨀..🩯)    NEUTRAL CHESS KING..<reserved-1FA6F>
+	{0x1FA70, 0x1FA73, prExtendedPictographic}, // E12.0  [4] (🩰..🩳)    ballet shoes..shorts
+	{0x1FA74, 0x1FA74, prExtendedPictographic}, // E13.0  [1] (🩴)       thong sandal
+	{0x1FA75, 0x1FA77, prExtendedPictographic}, // E0.0   [3] (🩵..🩷)    <reserved-1FA75>..<reserved-1FA77>
+	{0x1FA78, 0x1FA7A, prExtendedPictographic}, // E12.0  [3] (🩸..🩺)    drop of blood..stethoscope
+	{0x1FA7B, 0x1FA7C, prExtendedPictographic}, // E14.0  [2] (🩻..🩼)    x-ray..crutch
+	{0x1FA7D, 0x1FA7F, prExtendedPictographic}, // E0.0   [3] (🩽..🩿)    <reserved-1FA7D>..<reserved-1FA7F>
+	{0x1FA80, 0x1FA82, prExtendedPictographic}, // E12.0  [3] (🪀..🪂)    yo-yo..parachute
+	{0x1FA83, 0x1FA86, prExtendedPictographic}, // E13.0  [4] (🪃..🪆)    boomerang..nesting dolls
+	{0x1FA87, 0x1FA8F, prExtendedPictographic}, // E0.0   [9] (🪇..�)    <reserved-1FA87>..<reserved-1FA8F>
+	{0x1FA90, 0x1FA95, prExtendedPictographic}, // E12.0  [6] (�..🪕)    ringed planet..banjo
+	{0x1FA96, 0x1FAA8, prExtendedPictographic}, // E13.0 [19] (🪖..🪨)    military helmet..rock
+	{0x1FAA9, 0x1FAAC, prExtendedPictographic}, // E14.0  [4] (🪩..🪬)    mirror ball..hamsa
+	{0x1FAAD, 0x1FAAF, prExtendedPictographic}, // E0.0   [3] (🪭..🪯)    <reserved-1FAAD>..<reserved-1FAAF>
+	{0x1FAB0, 0x1FAB6, prExtendedPictographic}, // E13.0  [7] (🪰..🪶)    fly..feather
+	{0x1FAB7, 0x1FABA, prExtendedPictographic}, // E14.0  [4] (🪷..🪺)    lotus..nest with eggs
+	{0x1FABB, 0x1FABF, prExtendedPictographic}, // E0.0   [5] (🪻..🪿)    <reserved-1FABB>..<reserved-1FABF>
+	{0x1FAC0, 0x1FAC2, prExtendedPictographic}, // E13.0  [3] (🫀..🫂)    anatomical heart..people hugging
+	{0x1FAC3, 0x1FAC5, prExtendedPictographic}, // E14.0  [3] (🫃..🫅)    pregnant man..person with crown
+	{0x1FAC6, 0x1FACF, prExtendedPictographic}, // E0.0  [10] (🫆..�)    <reserved-1FAC6>..<reserved-1FACF>
+	{0x1FAD0, 0x1FAD6, prExtendedPictographic}, // E13.0  [7] (�..🫖)    blueberries..teapot
+	{0x1FAD7, 0x1FAD9, prExtendedPictographic}, // E14.0  [3] (🫗..🫙)    pouring liquid..jar
+	{0x1FADA, 0x1FADF, prExtendedPictographic}, // E0.0   [6] (🫚..🫟)    <reserved-1FADA>..<reserved-1FADF>
+	{0x1FAE0, 0x1FAE7, prExtendedPictographic}, // E14.0  [8] (🫠..🫧)    melting face..bubbles
+	{0x1FAE8, 0x1FAEF, prExtendedPictographic}, // E0.0   [8] (🫨..🫯)    <reserved-1FAE8>..<reserved-1FAEF>
+	{0x1FAF0, 0x1FAF6, prExtendedPictographic}, // E14.0  [7] (🫰..🫶)    hand with index finger and thumb crossed..heart hands
+	{0x1FAF7, 0x1FAFF, prExtendedPictographic}, // E0.0   [9] (🫷..🫿)    <reserved-1FAF7>..<reserved-1FAFF>
+	{0x1FC00, 0x1FFFD, prExtendedPictographic}, // E0.0[1022] (🰀..🿽)    <reserved-1FC00>..<reserved-1FFFD>
+	{0xE0000, 0xE0000, prControl},              // Cn       <reserved-E0000>
+	{0xE0001, 0xE0001, prControl},              // Cf       LANGUAGE TAG
+	{0xE0002, 0xE001F, prControl},              // Cn  [30] <reserved-E0002>..<reserved-E001F>
+	{0xE0020, 0xE007F, prExtend},               // Cf  [96] TAG SPACE..CANCEL TAG
+	{0xE0080, 0xE00FF, prControl},              // Cn [128] <reserved-E0080>..<reserved-E00FF>
+	{0xE0100, 0xE01EF, prExtend},               // Mn [240] VARIATION SELECTOR-17..VARIATION SELECTOR-256
+	{0xE01F0, 0xE0FFF, prControl},              // Cn [3600] <reserved-E01F0>..<reserved-E0FFF>
+}
diff --git a/vendor/github.com/rivo/uniseg/graphemerules.go b/vendor/github.com/rivo/uniseg/graphemerules.go
new file mode 100644
index 0000000000..9f46b575bb
--- /dev/null
+++ b/vendor/github.com/rivo/uniseg/graphemerules.go
@@ -0,0 +1,138 @@
+package uniseg
+
+// The states of the grapheme cluster parser.
+const (
+	grAny = iota
+	grCR
+	grControlLF
+	grL
+	grLVV
+	grLVTT
+	grPrepend
+	grExtendedPictographic
+	grExtendedPictographicZWJ
+	grRIOdd
+	grRIEven
+)
+
+// The grapheme cluster parser's breaking instructions.
+const (
+	grNoBoundary = iota
+	grBoundary
+)
+
+// The grapheme cluster parser's state transitions. Maps (state, property) to
+// (new state, breaking instruction, rule number). The breaking instruction
+// always refers to the boundary between the last and next code point.
+//
+// This map is queried as follows:
+//
+//  1. Find specific state + specific property. Stop if found.
+//  2. Find specific state + any property.
+//  3. Find any state + specific property.
+//  4. If only (2) or (3) (but not both) was found, stop.
+//  5. If both (2) and (3) were found, use state from (3) and breaking instruction
+//     from the transition with the lower rule number, prefer (3) if rule numbers
+//     are equal. Stop.
+//  6. Assume grAny and grBoundary.
+//
+// Unicode version 14.0.0.
+var grTransitions = map[[2]int][3]int{
+	// GB5
+	{grAny, prCR}:      {grCR, grBoundary, 50},
+	{grAny, prLF}:      {grControlLF, grBoundary, 50},
+	{grAny, prControl}: {grControlLF, grBoundary, 50},
+
+	// GB4
+	{grCR, prAny}:        {grAny, grBoundary, 40},
+	{grControlLF, prAny}: {grAny, grBoundary, 40},
+
+	// GB3.
+	{grCR, prLF}: {grControlLF, grNoBoundary, 30},
+
+	// GB6.
+	{grAny, prL}: {grL, grBoundary, 9990},
+	{grL, prL}:   {grL, grNoBoundary, 60},
+	{grL, prV}:   {grLVV, grNoBoundary, 60},
+	{grL, prLV}:  {grLVV, grNoBoundary, 60},
+	{grL, prLVT}: {grLVTT, grNoBoundary, 60},
+
+	// GB7.
+	{grAny, prLV}: {grLVV, grBoundary, 9990},
+	{grAny, prV}:  {grLVV, grBoundary, 9990},
+	{grLVV, prV}:  {grLVV, grNoBoundary, 70},
+	{grLVV, prT}:  {grLVTT, grNoBoundary, 70},
+
+	// GB8.
+	{grAny, prLVT}: {grLVTT, grBoundary, 9990},
+	{grAny, prT}:   {grLVTT, grBoundary, 9990},
+	{grLVTT, prT}:  {grLVTT, grNoBoundary, 80},
+
+	// GB9.
+	{grAny, prExtend}: {grAny, grNoBoundary, 90},
+	{grAny, prZWJ}:    {grAny, grNoBoundary, 90},
+
+	// GB9a.
+	{grAny, prSpacingMark}: {grAny, grNoBoundary, 91},
+
+	// GB9b.
+	{grAny, prPrepend}: {grPrepend, grBoundary, 9990},
+	{grPrepend, prAny}: {grAny, grNoBoundary, 92},
+
+	// GB11.
+	{grAny, prExtendedPictographic}:                     {grExtendedPictographic, grBoundary, 9990},
+	{grExtendedPictographic, prExtend}:                  {grExtendedPictographic, grNoBoundary, 110},
+	{grExtendedPictographic, prZWJ}:                     {grExtendedPictographicZWJ, grNoBoundary, 110},
+	{grExtendedPictographicZWJ, prExtendedPictographic}: {grExtendedPictographic, grNoBoundary, 110},
+
+	// GB12 / GB13.
+	{grAny, prRegionalIndicator}:    {grRIOdd, grBoundary, 9990},
+	{grRIOdd, prRegionalIndicator}:  {grRIEven, grNoBoundary, 120},
+	{grRIEven, prRegionalIndicator}: {grRIOdd, grBoundary, 120},
+}
+
+// transitionGraphemeState determines the new state of the grapheme cluster
+// parser given the current state and the next code point. It also returns the
+// code point's grapheme property (the value mapped by the [graphemeCodePoints]
+// table) and whether a cluster boundary was detected.
+func transitionGraphemeState(state int, r rune) (newState, prop int, boundary bool) {
+	// Determine the property of the next character.
+	prop = property(graphemeCodePoints, r)
+
+	// Find the applicable transition.
+	transition, ok := grTransitions[[2]int{state, prop}]
+	if ok {
+		// We have a specific transition. We'll use it.
+		return transition[0], prop, transition[1] == grBoundary
+	}
+
+	// No specific transition found. Try the less specific ones.
+	transAnyProp, okAnyProp := grTransitions[[2]int{state, prAny}]
+	transAnyState, okAnyState := grTransitions[[2]int{grAny, prop}]
+	if okAnyProp && okAnyState {
+		// Both apply. We'll use a mix (see comments for grTransitions).
+		newState = transAnyState[0]
+		boundary = transAnyState[1] == grBoundary
+		if transAnyProp[2] < transAnyState[2] {
+			boundary = transAnyProp[1] == grBoundary
+		}
+		return
+	}
+
+	if okAnyProp {
+		// We only have a specific state.
+		return transAnyProp[0], prop, transAnyProp[1] == grBoundary
+		// This branch will probably never be reached because okAnyState will
+		// always be true given the current transition map. But we keep it here
+		// for future modifications to the transition map where this may not be
+		// true anymore.
+	}
+
+	if okAnyState {
+		// We only have a specific property.
+		return transAnyState[0], prop, transAnyState[1] == grBoundary
+	}
+
+	// No known transition. GB999: Any ÷ Any.
+	return grAny, prop, true
+}
diff --git a/vendor/github.com/rivo/uniseg/line.go b/vendor/github.com/rivo/uniseg/line.go
new file mode 100644
index 0000000000..87f28503f4
--- /dev/null
+++ b/vendor/github.com/rivo/uniseg/line.go
@@ -0,0 +1,134 @@
+package uniseg
+
+import "unicode/utf8"
+
+// FirstLineSegment returns the prefix of the given byte slice after which a
+// decision to break the string over to the next line can or must be made,
+// according to the rules of [Unicode Standard Annex #14]. This is used to
+// implement line breaking.
+//
+// Line breaking, also known as word wrapping, is the process of breaking a
+// section of text into lines such that it will fit in the available width of a
+// page, window or other display area.
+//
+// The returned "segment" may not be broken into smaller parts, unless no other
+// breaking opportunities present themselves, in which case you may break by
+// grapheme clusters (using the [FirstGraphemeCluster] function to determine the
+// grapheme clusters).
+//
+// The "mustBreak" flag indicates whether you MUST break the line after the
+// given segment (true), for example after newline characters, or you MAY break
+// the line after the given segment (false).
+//
+// This function can be called continuously to extract all non-breaking sub-sets
+// from a byte slice, as illustrated in the example below.
+//
+// If you don't know the current state, for example when calling the function
+// for the first time, you must pass -1. For consecutive calls, pass the state
+// and rest slice returned by the previous call.
+//
+// The "rest" slice is the sub-slice of the original byte slice "b" starting
+// after the last byte of the identified line segment. If the length of the
+// "rest" slice is 0, the entire byte slice "b" has been processed. The
+// "segment" byte slice is the sub-slice of the input slice containing the
+// identified line segment.
+//
+// Given an empty byte slice "b", the function returns nil values.
+//
+// Note that in accordance with [UAX #14 LB3], the final segment will end with
+// "mustBreak" set to true. You can choose to ignore this by checking if the
+// length of the "rest" slice is 0 and calling [HasTrailingLineBreak] or
+// [HasTrailingLineBreakInString] on the last rune.
+//
+// Note also that this algorithm may break within grapheme clusters. This is
+// addressed in Section 8.2 Example 6 of UAX #14. To avoid this, you can use
+// the [Step] function instead.
+//
+// [Unicode Standard Annex #14]: https://www.unicode.org/reports/tr14/
+// [UAX #14 LB3]: https://www.unicode.org/reports/tr14/#Algorithm
+func FirstLineSegment(b []byte, state int) (segment, rest []byte, mustBreak bool, newState int) {
+	// An empty byte slice returns nothing.
+	if len(b) == 0 {
+		return
+	}
+
+	// Extract the first rune.
+	r, length := utf8.DecodeRune(b)
+	if len(b) <= length { // If we're already past the end, there is nothing else to parse.
+		return b, nil, true, lbAny // LB3.
+	}
+
+	// If we don't know the state, determine it now.
+	if state < 0 {
+		state, _ = transitionLineBreakState(state, r, b[length:], "")
+	}
+
+	// Transition until we find a boundary.
+	var boundary int
+	for {
+		r, l := utf8.DecodeRune(b[length:])
+		state, boundary = transitionLineBreakState(state, r, b[length+l:], "")
+
+		if boundary != LineDontBreak {
+			return b[:length], b[length:], boundary == LineMustBreak, state
+		}
+
+		length += l
+		if len(b) <= length {
+			return b, nil, true, lbAny // LB3
+		}
+	}
+}
+
+// FirstLineSegmentInString is like FirstLineSegment() but its input and outputs
+// are strings.
+func FirstLineSegmentInString(str string, state int) (segment, rest string, mustBreak bool, newState int) {
+	// An empty byte slice returns nothing.
+	if len(str) == 0 {
+		return
+	}
+
+	// Extract the first rune.
+	r, length := utf8.DecodeRuneInString(str)
+	if len(str) <= length { // If we're already past the end, there is nothing else to parse.
+		return str, "", true, lbAny // LB3.
+	}
+
+	// If we don't know the state, determine it now.
+	if state < 0 {
+		state, _ = transitionLineBreakState(state, r, nil, str[length:])
+	}
+
+	// Transition until we find a boundary.
+	var boundary int
+	for {
+		r, l := utf8.DecodeRuneInString(str[length:])
+		state, boundary = transitionLineBreakState(state, r, nil, str[length+l:])
+
+		if boundary != LineDontBreak {
+			return str[:length], str[length:], boundary == LineMustBreak, state
+		}
+
+		length += l
+		if len(str) <= length {
+			return str, "", true, lbAny // LB3.
+		}
+	}
+}
+
+// HasTrailingLineBreak returns true if the last rune in the given byte slice is
+// one of the hard line break code points defined in LB4 and LB5 of [UAX #14].
+//
+// [UAX #14]: https://www.unicode.org/reports/tr14/#Algorithm
+func HasTrailingLineBreak(b []byte) bool {
+	r, _ := utf8.DecodeLastRune(b)
+	property, _ := propertyWithGenCat(lineBreakCodePoints, r)
+	return property == lbBK || property == lbCR || property == lbLF || property == lbNL
+}
+
+// HasTrailingLineBreakInString is like [HasTrailingLineBreak] but for a string.
+func HasTrailingLineBreakInString(str string) bool {
+	r, _ := utf8.DecodeLastRuneInString(str)
+	property, _ := propertyWithGenCat(lineBreakCodePoints, r)
+	return property == lbBK || property == lbCR || property == lbLF || property == lbNL
+}
diff --git a/vendor/github.com/rivo/uniseg/lineproperties.go b/vendor/github.com/rivo/uniseg/lineproperties.go
new file mode 100644
index 0000000000..32169306e8
--- /dev/null
+++ b/vendor/github.com/rivo/uniseg/lineproperties.go
@@ -0,0 +1,3513 @@
+package uniseg
+
+// Code generated via go generate from gen_properties.go. DO NOT EDIT.
+
+// lineBreakCodePoints are taken from
+// https://www.unicode.org/Public/14.0.0/ucd/LineBreak.txt
+// and
+// https://unicode.org/Public/14.0.0/ucd/emoji/emoji-data.txt
+// ("Extended_Pictographic" only)
+// on September 10, 2022. See https://www.unicode.org/license.html for the Unicode
+// license agreement.
+var lineBreakCodePoints = [][4]int{
+	{0x0000, 0x0008, prCM, gcCc},     //     [9] <control-0000>..<control-0008>
+	{0x0009, 0x0009, prBA, gcCc},     //         <control-0009>
+	{0x000A, 0x000A, prLF, gcCc},     //         <control-000A>
+	{0x000B, 0x000C, prBK, gcCc},     //     [2] <control-000B>..<control-000C>
+	{0x000D, 0x000D, prCR, gcCc},     //         <control-000D>
+	{0x000E, 0x001F, prCM, gcCc},     //    [18] <control-000E>..<control-001F>
+	{0x0020, 0x0020, prSP, gcZs},     //         SPACE
+	{0x0021, 0x0021, prEX, gcPo},     //         EXCLAMATION MARK
+	{0x0022, 0x0022, prQU, gcPo},     //         QUOTATION MARK
+	{0x0023, 0x0023, prAL, gcPo},     //         NUMBER SIGN
+	{0x0024, 0x0024, prPR, gcSc},     //         DOLLAR SIGN
+	{0x0025, 0x0025, prPO, gcPo},     //         PERCENT SIGN
+	{0x0026, 0x0026, prAL, gcPo},     //         AMPERSAND
+	{0x0027, 0x0027, prQU, gcPo},     //         APOSTROPHE
+	{0x0028, 0x0028, prOP, gcPs},     //         LEFT PARENTHESIS
+	{0x0029, 0x0029, prCP, gcPe},     //         RIGHT PARENTHESIS
+	{0x002A, 0x002A, prAL, gcPo},     //         ASTERISK
+	{0x002B, 0x002B, prPR, gcSm},     //         PLUS SIGN
+	{0x002C, 0x002C, prIS, gcPo},     //         COMMA
+	{0x002D, 0x002D, prHY, gcPd},     //         HYPHEN-MINUS
+	{0x002E, 0x002E, prIS, gcPo},     //         FULL STOP
+	{0x002F, 0x002F, prSY, gcPo},     //         SOLIDUS
+	{0x0030, 0x0039, prNU, gcNd},     //    [10] DIGIT ZERO..DIGIT NINE
+	{0x003A, 0x003B, prIS, gcPo},     //     [2] COLON..SEMICOLON
+	{0x003C, 0x003E, prAL, gcSm},     //     [3] LESS-THAN SIGN..GREATER-THAN SIGN
+	{0x003F, 0x003F, prEX, gcPo},     //         QUESTION MARK
+	{0x0040, 0x0040, prAL, gcPo},     //         COMMERCIAL AT
+	{0x0041, 0x005A, prAL, gcLu},     //    [26] LATIN CAPITAL LETTER A..LATIN CAPITAL LETTER Z
+	{0x005B, 0x005B, prOP, gcPs},     //         LEFT SQUARE BRACKET
+	{0x005C, 0x005C, prPR, gcPo},     //         REVERSE SOLIDUS
+	{0x005D, 0x005D, prCP, gcPe},     //         RIGHT SQUARE BRACKET
+	{0x005E, 0x005E, prAL, gcSk},     //         CIRCUMFLEX ACCENT
+	{0x005F, 0x005F, prAL, gcPc},     //         LOW LINE
+	{0x0060, 0x0060, prAL, gcSk},     //         GRAVE ACCENT
+	{0x0061, 0x007A, prAL, gcLl},     //    [26] LATIN SMALL LETTER A..LATIN SMALL LETTER Z
+	{0x007B, 0x007B, prOP, gcPs},     //         LEFT CURLY BRACKET
+	{0x007C, 0x007C, prBA, gcSm},     //         VERTICAL LINE
+	{0x007D, 0x007D, prCL, gcPe},     //         RIGHT CURLY BRACKET
+	{0x007E, 0x007E, prAL, gcSm},     //         TILDE
+	{0x007F, 0x007F, prCM, gcCc},     //         <control-007F>
+	{0x0080, 0x0084, prCM, gcCc},     //     [5] <control-0080>..<control-0084>
+	{0x0085, 0x0085, prNL, gcCc},     //         <control-0085>
+	{0x0086, 0x009F, prCM, gcCc},     //    [26] <control-0086>..<control-009F>
+	{0x00A0, 0x00A0, prGL, gcZs},     //         NO-BREAK SPACE
+	{0x00A1, 0x00A1, prOP, gcPo},     //         INVERTED EXCLAMATION MARK
+	{0x00A2, 0x00A2, prPO, gcSc},     //         CENT SIGN
+	{0x00A3, 0x00A5, prPR, gcSc},     //     [3] POUND SIGN..YEN SIGN
+	{0x00A6, 0x00A6, prAL, gcSo},     //         BROKEN BAR
+	{0x00A7, 0x00A7, prAI, gcPo},     //         SECTION SIGN
+	{0x00A8, 0x00A8, prAI, gcSk},     //         DIAERESIS
+	{0x00A9, 0x00A9, prAL, gcSo},     //         COPYRIGHT SIGN
+	{0x00AA, 0x00AA, prAI, gcLo},     //         FEMININE ORDINAL INDICATOR
+	{0x00AB, 0x00AB, prQU, gcPi},     //         LEFT-POINTING DOUBLE ANGLE QUOTATION MARK
+	{0x00AC, 0x00AC, prAL, gcSm},     //         NOT SIGN
+	{0x00AD, 0x00AD, prBA, gcCf},     //         SOFT HYPHEN
+	{0x00AE, 0x00AE, prAL, gcSo},     //         REGISTERED SIGN
+	{0x00AF, 0x00AF, prAL, gcSk},     //         MACRON
+	{0x00B0, 0x00B0, prPO, gcSo},     //         DEGREE SIGN
+	{0x00B1, 0x00B1, prPR, gcSm},     //         PLUS-MINUS SIGN
+	{0x00B2, 0x00B3, prAI, gcNo},     //     [2] SUPERSCRIPT TWO..SUPERSCRIPT THREE
+	{0x00B4, 0x00B4, prBB, gcSk},     //         ACUTE ACCENT
+	{0x00B5, 0x00B5, prAL, gcLl},     //         MICRO SIGN
+	{0x00B6, 0x00B7, prAI, gcPo},     //     [2] PILCROW SIGN..MIDDLE DOT
+	{0x00B8, 0x00B8, prAI, gcSk},     //         CEDILLA
+	{0x00B9, 0x00B9, prAI, gcNo},     //         SUPERSCRIPT ONE
+	{0x00BA, 0x00BA, prAI, gcLo},     //         MASCULINE ORDINAL INDICATOR
+	{0x00BB, 0x00BB, prQU, gcPf},     //         RIGHT-POINTING DOUBLE ANGLE QUOTATION MARK
+	{0x00BC, 0x00BE, prAI, gcNo},     //     [3] VULGAR FRACTION ONE QUARTER..VULGAR FRACTION THREE QUARTERS
+	{0x00BF, 0x00BF, prOP, gcPo},     //         INVERTED QUESTION MARK
+	{0x00C0, 0x00D6, prAL, gcLu},     //    [23] LATIN CAPITAL LETTER A WITH GRAVE..LATIN CAPITAL LETTER O WITH DIAERESIS
+	{0x00D7, 0x00D7, prAI, gcSm},     //         MULTIPLICATION SIGN
+	{0x00D8, 0x00F6, prAL, gcLC},     //    [31] LATIN CAPITAL LETTER O WITH STROKE..LATIN SMALL LETTER O WITH DIAERESIS
+	{0x00F7, 0x00F7, prAI, gcSm},     //         DIVISION SIGN
+	{0x00F8, 0x00FF, prAL, gcLl},     //     [8] LATIN SMALL LETTER O WITH STROKE..LATIN SMALL LETTER Y WITH DIAERESIS
+	{0x0100, 0x017F, prAL, gcLC},     //   [128] LATIN CAPITAL LETTER A WITH MACRON..LATIN SMALL LETTER LONG S
+	{0x0180, 0x01BA, prAL, gcLC},     //    [59] LATIN SMALL LETTER B WITH STROKE..LATIN SMALL LETTER EZH WITH TAIL
+	{0x01BB, 0x01BB, prAL, gcLo},     //         LATIN LETTER TWO WITH STROKE
+	{0x01BC, 0x01BF, prAL, gcLC},     //     [4] LATIN CAPITAL LETTER TONE FIVE..LATIN LETTER WYNN
+	{0x01C0, 0x01C3, prAL, gcLo},     //     [4] LATIN LETTER DENTAL CLICK..LATIN LETTER RETROFLEX CLICK
+	{0x01C4, 0x024F, prAL, gcLC},     //   [140] LATIN CAPITAL LETTER DZ WITH CARON..LATIN SMALL LETTER Y WITH STROKE
+	{0x0250, 0x0293, prAL, gcLl},     //    [68] LATIN SMALL LETTER TURNED A..LATIN SMALL LETTER EZH WITH CURL
+	{0x0294, 0x0294, prAL, gcLo},     //         LATIN LETTER GLOTTAL STOP
+	{0x0295, 0x02AF, prAL, gcLl},     //    [27] LATIN LETTER PHARYNGEAL VOICED FRICATIVE..LATIN SMALL LETTER TURNED H WITH FISHHOOK AND TAIL
+	{0x02B0, 0x02C1, prAL, gcLm},     //    [18] MODIFIER LETTER SMALL H..MODIFIER LETTER REVERSED GLOTTAL STOP
+	{0x02C2, 0x02C5, prAL, gcSk},     //     [4] MODIFIER LETTER LEFT ARROWHEAD..MODIFIER LETTER DOWN ARROWHEAD
+	{0x02C6, 0x02C6, prAL, gcLm},     //         MODIFIER LETTER CIRCUMFLEX ACCENT
+	{0x02C7, 0x02C7, prAI, gcLm},     //         CARON
+	{0x02C8, 0x02C8, prBB, gcLm},     //         MODIFIER LETTER VERTICAL LINE
+	{0x02C9, 0x02CB, prAI, gcLm},     //     [3] MODIFIER LETTER MACRON..MODIFIER LETTER GRAVE ACCENT
+	{0x02CC, 0x02CC, prBB, gcLm},     //         MODIFIER LETTER LOW VERTICAL LINE
+	{0x02CD, 0x02CD, prAI, gcLm},     //         MODIFIER LETTER LOW MACRON
+	{0x02CE, 0x02CF, prAL, gcLm},     //     [2] MODIFIER LETTER LOW GRAVE ACCENT..MODIFIER LETTER LOW ACUTE ACCENT
+	{0x02D0, 0x02D0, prAI, gcLm},     //         MODIFIER LETTER TRIANGULAR COLON
+	{0x02D1, 0x02D1, prAL, gcLm},     //         MODIFIER LETTER HALF TRIANGULAR COLON
+	{0x02D2, 0x02D7, prAL, gcSk},     //     [6] MODIFIER LETTER CENTRED RIGHT HALF RING..MODIFIER LETTER MINUS SIGN
+	{0x02D8, 0x02DB, prAI, gcSk},     //     [4] BREVE..OGONEK
+	{0x02DC, 0x02DC, prAL, gcSk},     //         SMALL TILDE
+	{0x02DD, 0x02DD, prAI, gcSk},     //         DOUBLE ACUTE ACCENT
+	{0x02DE, 0x02DE, prAL, gcSk},     //         MODIFIER LETTER RHOTIC HOOK
+	{0x02DF, 0x02DF, prBB, gcSk},     //         MODIFIER LETTER CROSS ACCENT
+	{0x02E0, 0x02E4, prAL, gcLm},     //     [5] MODIFIER LETTER SMALL GAMMA..MODIFIER LETTER SMALL REVERSED GLOTTAL STOP
+	{0x02E5, 0x02EB, prAL, gcSk},     //     [7] MODIFIER LETTER EXTRA-HIGH TONE BAR..MODIFIER LETTER YANG DEPARTING TONE MARK
+	{0x02EC, 0x02EC, prAL, gcLm},     //         MODIFIER LETTER VOICING
+	{0x02ED, 0x02ED, prAL, gcSk},     //         MODIFIER LETTER UNASPIRATED
+	{0x02EE, 0x02EE, prAL, gcLm},     //         MODIFIER LETTER DOUBLE APOSTROPHE
+	{0x02EF, 0x02FF, prAL, gcSk},     //    [17] MODIFIER LETTER LOW DOWN ARROWHEAD..MODIFIER LETTER LOW LEFT ARROW
+	{0x0300, 0x034E, prCM, gcMn},     //    [79] COMBINING GRAVE ACCENT..COMBINING UPWARDS ARROW BELOW
+	{0x034F, 0x034F, prGL, gcMn},     //         COMBINING GRAPHEME JOINER
+	{0x0350, 0x035B, prCM, gcMn},     //    [12] COMBINING RIGHT ARROWHEAD ABOVE..COMBINING ZIGZAG ABOVE
+	{0x035C, 0x0362, prGL, gcMn},     //     [7] COMBINING DOUBLE BREVE BELOW..COMBINING DOUBLE RIGHTWARDS ARROW BELOW
+	{0x0363, 0x036F, prCM, gcMn},     //    [13] COMBINING LATIN SMALL LETTER A..COMBINING LATIN SMALL LETTER X
+	{0x0370, 0x0373, prAL, gcLC},     //     [4] GREEK CAPITAL LETTER HETA..GREEK SMALL LETTER ARCHAIC SAMPI
+	{0x0374, 0x0374, prAL, gcLm},     //         GREEK NUMERAL SIGN
+	{0x0375, 0x0375, prAL, gcSk},     //         GREEK LOWER NUMERAL SIGN
+	{0x0376, 0x0377, prAL, gcLC},     //     [2] GREEK CAPITAL LETTER PAMPHYLIAN DIGAMMA..GREEK SMALL LETTER PAMPHYLIAN DIGAMMA
+	{0x037A, 0x037A, prAL, gcLm},     //         GREEK YPOGEGRAMMENI
+	{0x037B, 0x037D, prAL, gcLl},     //     [3] GREEK SMALL REVERSED LUNATE SIGMA SYMBOL..GREEK SMALL REVERSED DOTTED LUNATE SIGMA SYMBOL
+	{0x037E, 0x037E, prIS, gcPo},     //         GREEK QUESTION MARK
+	{0x037F, 0x037F, prAL, gcLu},     //         GREEK CAPITAL LETTER YOT
+	{0x0384, 0x0385, prAL, gcSk},     //     [2] GREEK TONOS..GREEK DIALYTIKA TONOS
+	{0x0386, 0x0386, prAL, gcLu},     //         GREEK CAPITAL LETTER ALPHA WITH TONOS
+	{0x0387, 0x0387, prAL, gcPo},     //         GREEK ANO TELEIA
+	{0x0388, 0x038A, prAL, gcLu},     //     [3] GREEK CAPITAL LETTER EPSILON WITH TONOS..GREEK CAPITAL LETTER IOTA WITH TONOS
+	{0x038C, 0x038C, prAL, gcLu},     //         GREEK CAPITAL LETTER OMICRON WITH TONOS
+	{0x038E, 0x03A1, prAL, gcLC},     //    [20] GREEK CAPITAL LETTER UPSILON WITH TONOS..GREEK CAPITAL LETTER RHO
+	{0x03A3, 0x03F5, prAL, gcLC},     //    [83] GREEK CAPITAL LETTER SIGMA..GREEK LUNATE EPSILON SYMBOL
+	{0x03F6, 0x03F6, prAL, gcSm},     //         GREEK REVERSED LUNATE EPSILON SYMBOL
+	{0x03F7, 0x03FF, prAL, gcLC},     //     [9] GREEK CAPITAL LETTER SHO..GREEK CAPITAL REVERSED DOTTED LUNATE SIGMA SYMBOL
+	{0x0400, 0x0481, prAL, gcLC},     //   [130] CYRILLIC CAPITAL LETTER IE WITH GRAVE..CYRILLIC SMALL LETTER KOPPA
+	{0x0482, 0x0482, prAL, gcSo},     //         CYRILLIC THOUSANDS SIGN
+	{0x0483, 0x0487, prCM, gcMn},     //     [5] COMBINING CYRILLIC TITLO..COMBINING CYRILLIC POKRYTIE
+	{0x0488, 0x0489, prCM, gcMe},     //     [2] COMBINING CYRILLIC HUNDRED THOUSANDS SIGN..COMBINING CYRILLIC MILLIONS SIGN
+	{0x048A, 0x04FF, prAL, gcLC},     //   [118] CYRILLIC CAPITAL LETTER SHORT I WITH TAIL..CYRILLIC SMALL LETTER HA WITH STROKE
+	{0x0500, 0x052F, prAL, gcLC},     //    [48] CYRILLIC CAPITAL LETTER KOMI DE..CYRILLIC SMALL LETTER EL WITH DESCENDER
+	{0x0531, 0x0556, prAL, gcLu},     //    [38] ARMENIAN CAPITAL LETTER AYB..ARMENIAN CAPITAL LETTER FEH
+	{0x0559, 0x0559, prAL, gcLm},     //         ARMENIAN MODIFIER LETTER LEFT HALF RING
+	{0x055A, 0x055F, prAL, gcPo},     //     [6] ARMENIAN APOSTROPHE..ARMENIAN ABBREVIATION MARK
+	{0x0560, 0x0588, prAL, gcLl},     //    [41] ARMENIAN SMALL LETTER TURNED AYB..ARMENIAN SMALL LETTER YI WITH STROKE
+	{0x0589, 0x0589, prIS, gcPo},     //         ARMENIAN FULL STOP
+	{0x058A, 0x058A, prBA, gcPd},     //         ARMENIAN HYPHEN
+	{0x058D, 0x058E, prAL, gcSo},     //     [2] RIGHT-FACING ARMENIAN ETERNITY SIGN..LEFT-FACING ARMENIAN ETERNITY SIGN
+	{0x058F, 0x058F, prPR, gcSc},     //         ARMENIAN DRAM SIGN
+	{0x0591, 0x05BD, prCM, gcMn},     //    [45] HEBREW ACCENT ETNAHTA..HEBREW POINT METEG
+	{0x05BE, 0x05BE, prBA, gcPd},     //         HEBREW PUNCTUATION MAQAF
+	{0x05BF, 0x05BF, prCM, gcMn},     //         HEBREW POINT RAFE
+	{0x05C0, 0x05C0, prAL, gcPo},     //         HEBREW PUNCTUATION PASEQ
+	{0x05C1, 0x05C2, prCM, gcMn},     //     [2] HEBREW POINT SHIN DOT..HEBREW POINT SIN DOT
+	{0x05C3, 0x05C3, prAL, gcPo},     //         HEBREW PUNCTUATION SOF PASUQ
+	{0x05C4, 0x05C5, prCM, gcMn},     //     [2] HEBREW MARK UPPER DOT..HEBREW MARK LOWER DOT
+	{0x05C6, 0x05C6, prEX, gcPo},     //         HEBREW PUNCTUATION NUN HAFUKHA
+	{0x05C7, 0x05C7, prCM, gcMn},     //         HEBREW POINT QAMATS QATAN
+	{0x05D0, 0x05EA, prHL, gcLo},     //    [27] HEBREW LETTER ALEF..HEBREW LETTER TAV
+	{0x05EF, 0x05F2, prHL, gcLo},     //     [4] HEBREW YOD TRIANGLE..HEBREW LIGATURE YIDDISH DOUBLE YOD
+	{0x05F3, 0x05F4, prAL, gcPo},     //     [2] HEBREW PUNCTUATION GERESH..HEBREW PUNCTUATION GERSHAYIM
+	{0x0600, 0x0605, prAL, gcCf},     //     [6] ARABIC NUMBER SIGN..ARABIC NUMBER MARK ABOVE
+	{0x0606, 0x0608, prAL, gcSm},     //     [3] ARABIC-INDIC CUBE ROOT..ARABIC RAY
+	{0x0609, 0x060A, prPO, gcPo},     //     [2] ARABIC-INDIC PER MILLE SIGN..ARABIC-INDIC PER TEN THOUSAND SIGN
+	{0x060B, 0x060B, prPO, gcSc},     //         AFGHANI SIGN
+	{0x060C, 0x060D, prIS, gcPo},     //     [2] ARABIC COMMA..ARABIC DATE SEPARATOR
+	{0x060E, 0x060F, prAL, gcSo},     //     [2] ARABIC POETIC VERSE SIGN..ARABIC SIGN MISRA
+	{0x0610, 0x061A, prCM, gcMn},     //    [11] ARABIC SIGN SALLALLAHOU ALAYHE WASSALLAM..ARABIC SMALL KASRA
+	{0x061B, 0x061B, prEX, gcPo},     //         ARABIC SEMICOLON
+	{0x061C, 0x061C, prCM, gcCf},     //         ARABIC LETTER MARK
+	{0x061D, 0x061F, prEX, gcPo},     //     [3] ARABIC END OF TEXT MARK..ARABIC QUESTION MARK
+	{0x0620, 0x063F, prAL, gcLo},     //    [32] ARABIC LETTER KASHMIRI YEH..ARABIC LETTER FARSI YEH WITH THREE DOTS ABOVE
+	{0x0640, 0x0640, prAL, gcLm},     //         ARABIC TATWEEL
+	{0x0641, 0x064A, prAL, gcLo},     //    [10] ARABIC LETTER FEH..ARABIC LETTER YEH
+	{0x064B, 0x065F, prCM, gcMn},     //    [21] ARABIC FATHATAN..ARABIC WAVY HAMZA BELOW
+	{0x0660, 0x0669, prNU, gcNd},     //    [10] ARABIC-INDIC DIGIT ZERO..ARABIC-INDIC DIGIT NINE
+	{0x066A, 0x066A, prPO, gcPo},     //         ARABIC PERCENT SIGN
+	{0x066B, 0x066C, prNU, gcPo},     //     [2] ARABIC DECIMAL SEPARATOR..ARABIC THOUSANDS SEPARATOR
+	{0x066D, 0x066D, prAL, gcPo},     //         ARABIC FIVE POINTED STAR
+	{0x066E, 0x066F, prAL, gcLo},     //     [2] ARABIC LETTER DOTLESS BEH..ARABIC LETTER DOTLESS QAF
+	{0x0670, 0x0670, prCM, gcMn},     //         ARABIC LETTER SUPERSCRIPT ALEF
+	{0x0671, 0x06D3, prAL, gcLo},     //    [99] ARABIC LETTER ALEF WASLA..ARABIC LETTER YEH BARREE WITH HAMZA ABOVE
+	{0x06D4, 0x06D4, prEX, gcPo},     //         ARABIC FULL STOP
+	{0x06D5, 0x06D5, prAL, gcLo},     //         ARABIC LETTER AE
+	{0x06D6, 0x06DC, prCM, gcMn},     //     [7] ARABIC SMALL HIGH LIGATURE SAD WITH LAM WITH ALEF MAKSURA..ARABIC SMALL HIGH SEEN
+	{0x06DD, 0x06DD, prAL, gcCf},     //         ARABIC END OF AYAH
+	{0x06DE, 0x06DE, prAL, gcSo},     //         ARABIC START OF RUB EL HIZB
+	{0x06DF, 0x06E4, prCM, gcMn},     //     [6] ARABIC SMALL HIGH ROUNDED ZERO..ARABIC SMALL HIGH MADDA
+	{0x06E5, 0x06E6, prAL, gcLm},     //     [2] ARABIC SMALL WAW..ARABIC SMALL YEH
+	{0x06E7, 0x06E8, prCM, gcMn},     //     [2] ARABIC SMALL HIGH YEH..ARABIC SMALL HIGH NOON
+	{0x06E9, 0x06E9, prAL, gcSo},     //         ARABIC PLACE OF SAJDAH
+	{0x06EA, 0x06ED, prCM, gcMn},     //     [4] ARABIC EMPTY CENTRE LOW STOP..ARABIC SMALL LOW MEEM
+	{0x06EE, 0x06EF, prAL, gcLo},     //     [2] ARABIC LETTER DAL WITH INVERTED V..ARABIC LETTER REH WITH INVERTED V
+	{0x06F0, 0x06F9, prNU, gcNd},     //    [10] EXTENDED ARABIC-INDIC DIGIT ZERO..EXTENDED ARABIC-INDIC DIGIT NINE
+	{0x06FA, 0x06FC, prAL, gcLo},     //     [3] ARABIC LETTER SHEEN WITH DOT BELOW..ARABIC LETTER GHAIN WITH DOT BELOW
+	{0x06FD, 0x06FE, prAL, gcSo},     //     [2] ARABIC SIGN SINDHI AMPERSAND..ARABIC SIGN SINDHI POSTPOSITION MEN
+	{0x06FF, 0x06FF, prAL, gcLo},     //         ARABIC LETTER HEH WITH INVERTED V
+	{0x0700, 0x070D, prAL, gcPo},     //    [14] SYRIAC END OF PARAGRAPH..SYRIAC HARKLEAN ASTERISCUS
+	{0x070F, 0x070F, prAL, gcCf},     //         SYRIAC ABBREVIATION MARK
+	{0x0710, 0x0710, prAL, gcLo},     //         SYRIAC LETTER ALAPH
+	{0x0711, 0x0711, prCM, gcMn},     //         SYRIAC LETTER SUPERSCRIPT ALAPH
+	{0x0712, 0x072F, prAL, gcLo},     //    [30] SYRIAC LETTER BETH..SYRIAC LETTER PERSIAN DHALATH
+	{0x0730, 0x074A, prCM, gcMn},     //    [27] SYRIAC PTHAHA ABOVE..SYRIAC BARREKH
+	{0x074D, 0x074F, prAL, gcLo},     //     [3] SYRIAC LETTER SOGDIAN ZHAIN..SYRIAC LETTER SOGDIAN FE
+	{0x0750, 0x077F, prAL, gcLo},     //    [48] ARABIC LETTER BEH WITH THREE DOTS HORIZONTALLY BELOW..ARABIC LETTER KAF WITH TWO DOTS ABOVE
+	{0x0780, 0x07A5, prAL, gcLo},     //    [38] THAANA LETTER HAA..THAANA LETTER WAAVU
+	{0x07A6, 0x07B0, prCM, gcMn},     //    [11] THAANA ABAFILI..THAANA SUKUN
+	{0x07B1, 0x07B1, prAL, gcLo},     //         THAANA LETTER NAA
+	{0x07C0, 0x07C9, prNU, gcNd},     //    [10] NKO DIGIT ZERO..NKO DIGIT NINE
+	{0x07CA, 0x07EA, prAL, gcLo},     //    [33] NKO LETTER A..NKO LETTER JONA RA
+	{0x07EB, 0x07F3, prCM, gcMn},     //     [9] NKO COMBINING SHORT HIGH TONE..NKO COMBINING DOUBLE DOT ABOVE
+	{0x07F4, 0x07F5, prAL, gcLm},     //     [2] NKO HIGH TONE APOSTROPHE..NKO LOW TONE APOSTROPHE
+	{0x07F6, 0x07F6, prAL, gcSo},     //         NKO SYMBOL OO DENNEN
+	{0x07F7, 0x07F7, prAL, gcPo},     //         NKO SYMBOL GBAKURUNEN
+	{0x07F8, 0x07F8, prIS, gcPo},     //         NKO COMMA
+	{0x07F9, 0x07F9, prEX, gcPo},     //         NKO EXCLAMATION MARK
+	{0x07FA, 0x07FA, prAL, gcLm},     //         NKO LAJANYALAN
+	{0x07FD, 0x07FD, prCM, gcMn},     //         NKO DANTAYALAN
+	{0x07FE, 0x07FF, prPR, gcSc},     //     [2] NKO DOROME SIGN..NKO TAMAN SIGN
+	{0x0800, 0x0815, prAL, gcLo},     //    [22] SAMARITAN LETTER ALAF..SAMARITAN LETTER TAAF
+	{0x0816, 0x0819, prCM, gcMn},     //     [4] SAMARITAN MARK IN..SAMARITAN MARK DAGESH
+	{0x081A, 0x081A, prAL, gcLm},     //         SAMARITAN MODIFIER LETTER EPENTHETIC YUT
+	{0x081B, 0x0823, prCM, gcMn},     //     [9] SAMARITAN MARK EPENTHETIC YUT..SAMARITAN VOWEL SIGN A
+	{0x0824, 0x0824, prAL, gcLm},     //         SAMARITAN MODIFIER LETTER SHORT A
+	{0x0825, 0x0827, prCM, gcMn},     //     [3] SAMARITAN VOWEL SIGN SHORT A..SAMARITAN VOWEL SIGN U
+	{0x0828, 0x0828, prAL, gcLm},     //         SAMARITAN MODIFIER LETTER I
+	{0x0829, 0x082D, prCM, gcMn},     //     [5] SAMARITAN VOWEL SIGN LONG I..SAMARITAN MARK NEQUDAA
+	{0x0830, 0x083E, prAL, gcPo},     //    [15] SAMARITAN PUNCTUATION NEQUDAA..SAMARITAN PUNCTUATION ANNAAU
+	{0x0840, 0x0858, prAL, gcLo},     //    [25] MANDAIC LETTER HALQA..MANDAIC LETTER AIN
+	{0x0859, 0x085B, prCM, gcMn},     //     [3] MANDAIC AFFRICATION MARK..MANDAIC GEMINATION MARK
+	{0x085E, 0x085E, prAL, gcPo},     //         MANDAIC PUNCTUATION
+	{0x0860, 0x086A, prAL, gcLo},     //    [11] SYRIAC LETTER MALAYALAM NGA..SYRIAC LETTER MALAYALAM SSA
+	{0x0870, 0x0887, prAL, gcLo},     //    [24] ARABIC LETTER ALEF WITH ATTACHED FATHA..ARABIC BASELINE ROUND DOT
+	{0x0888, 0x0888, prAL, gcSk},     //         ARABIC RAISED ROUND DOT
+	{0x0889, 0x088E, prAL, gcLo},     //     [6] ARABIC LETTER NOON WITH INVERTED SMALL V..ARABIC VERTICAL TAIL
+	{0x0890, 0x0891, prAL, gcCf},     //     [2] ARABIC POUND MARK ABOVE..ARABIC PIASTRE MARK ABOVE
+	{0x0898, 0x089F, prCM, gcMn},     //     [8] ARABIC SMALL HIGH WORD AL-JUZ..ARABIC HALF MADDA OVER MADDA
+	{0x08A0, 0x08C8, prAL, gcLo},     //    [41] ARABIC LETTER BEH WITH SMALL V BELOW..ARABIC LETTER GRAF
+	{0x08C9, 0x08C9, prAL, gcLm},     //         ARABIC SMALL FARSI YEH
+	{0x08CA, 0x08E1, prCM, gcMn},     //    [24] ARABIC SMALL HIGH FARSI YEH..ARABIC SMALL HIGH SIGN SAFHA
+	{0x08E2, 0x08E2, prAL, gcCf},     //         ARABIC DISPUTED END OF AYAH
+	{0x08E3, 0x08FF, prCM, gcMn},     //    [29] ARABIC TURNED DAMMA BELOW..ARABIC MARK SIDEWAYS NOON GHUNNA
+	{0x0900, 0x0902, prCM, gcMn},     //     [3] DEVANAGARI SIGN INVERTED CANDRABINDU..DEVANAGARI SIGN ANUSVARA
+	{0x0903, 0x0903, prCM, gcMc},     //         DEVANAGARI SIGN VISARGA
+	{0x0904, 0x0939, prAL, gcLo},     //    [54] DEVANAGARI LETTER SHORT A..DEVANAGARI LETTER HA
+	{0x093A, 0x093A, prCM, gcMn},     //         DEVANAGARI VOWEL SIGN OE
+	{0x093B, 0x093B, prCM, gcMc},     //         DEVANAGARI VOWEL SIGN OOE
+	{0x093C, 0x093C, prCM, gcMn},     //         DEVANAGARI SIGN NUKTA
+	{0x093D, 0x093D, prAL, gcLo},     //         DEVANAGARI SIGN AVAGRAHA
+	{0x093E, 0x0940, prCM, gcMc},     //     [3] DEVANAGARI VOWEL SIGN AA..DEVANAGARI VOWEL SIGN II
+	{0x0941, 0x0948, prCM, gcMn},     //     [8] DEVANAGARI VOWEL SIGN U..DEVANAGARI VOWEL SIGN AI
+	{0x0949, 0x094C, prCM, gcMc},     //     [4] DEVANAGARI VOWEL SIGN CANDRA O..DEVANAGARI VOWEL SIGN AU
+	{0x094D, 0x094D, prCM, gcMn},     //         DEVANAGARI SIGN VIRAMA
+	{0x094E, 0x094F, prCM, gcMc},     //     [2] DEVANAGARI VOWEL SIGN PRISHTHAMATRA E..DEVANAGARI VOWEL SIGN AW
+	{0x0950, 0x0950, prAL, gcLo},     //         DEVANAGARI OM
+	{0x0951, 0x0957, prCM, gcMn},     //     [7] DEVANAGARI STRESS SIGN UDATTA..DEVANAGARI VOWEL SIGN UUE
+	{0x0958, 0x0961, prAL, gcLo},     //    [10] DEVANAGARI LETTER QA..DEVANAGARI LETTER VOCALIC LL
+	{0x0962, 0x0963, prCM, gcMn},     //     [2] DEVANAGARI VOWEL SIGN VOCALIC L..DEVANAGARI VOWEL SIGN VOCALIC LL
+	{0x0964, 0x0965, prBA, gcPo},     //     [2] DEVANAGARI DANDA..DEVANAGARI DOUBLE DANDA
+	{0x0966, 0x096F, prNU, gcNd},     //    [10] DEVANAGARI DIGIT ZERO..DEVANAGARI DIGIT NINE
+	{0x0970, 0x0970, prAL, gcPo},     //         DEVANAGARI ABBREVIATION SIGN
+	{0x0971, 0x0971, prAL, gcLm},     //         DEVANAGARI SIGN HIGH SPACING DOT
+	{0x0972, 0x097F, prAL, gcLo},     //    [14] DEVANAGARI LETTER CANDRA A..DEVANAGARI LETTER BBA
+	{0x0980, 0x0980, prAL, gcLo},     //         BENGALI ANJI
+	{0x0981, 0x0981, prCM, gcMn},     //         BENGALI SIGN CANDRABINDU
+	{0x0982, 0x0983, prCM, gcMc},     //     [2] BENGALI SIGN ANUSVARA..BENGALI SIGN VISARGA
+	{0x0985, 0x098C, prAL, gcLo},     //     [8] BENGALI LETTER A..BENGALI LETTER VOCALIC L
+	{0x098F, 0x0990, prAL, gcLo},     //     [2] BENGALI LETTER E..BENGALI LETTER AI
+	{0x0993, 0x09A8, prAL, gcLo},     //    [22] BENGALI LETTER O..BENGALI LETTER NA
+	{0x09AA, 0x09B0, prAL, gcLo},     //     [7] BENGALI LETTER PA..BENGALI LETTER RA
+	{0x09B2, 0x09B2, prAL, gcLo},     //         BENGALI LETTER LA
+	{0x09B6, 0x09B9, prAL, gcLo},     //     [4] BENGALI LETTER SHA..BENGALI LETTER HA
+	{0x09BC, 0x09BC, prCM, gcMn},     //         BENGALI SIGN NUKTA
+	{0x09BD, 0x09BD, prAL, gcLo},     //         BENGALI SIGN AVAGRAHA
+	{0x09BE, 0x09C0, prCM, gcMc},     //     [3] BENGALI VOWEL SIGN AA..BENGALI VOWEL SIGN II
+	{0x09C1, 0x09C4, prCM, gcMn},     //     [4] BENGALI VOWEL SIGN U..BENGALI VOWEL SIGN VOCALIC RR
+	{0x09C7, 0x09C8, prCM, gcMc},     //     [2] BENGALI VOWEL SIGN E..BENGALI VOWEL SIGN AI
+	{0x09CB, 0x09CC, prCM, gcMc},     //     [2] BENGALI VOWEL SIGN O..BENGALI VOWEL SIGN AU
+	{0x09CD, 0x09CD, prCM, gcMn},     //         BENGALI SIGN VIRAMA
+	{0x09CE, 0x09CE, prAL, gcLo},     //         BENGALI LETTER KHANDA TA
+	{0x09D7, 0x09D7, prCM, gcMc},     //         BENGALI AU LENGTH MARK
+	{0x09DC, 0x09DD, prAL, gcLo},     //     [2] BENGALI LETTER RRA..BENGALI LETTER RHA
+	{0x09DF, 0x09E1, prAL, gcLo},     //     [3] BENGALI LETTER YYA..BENGALI LETTER VOCALIC LL
+	{0x09E2, 0x09E3, prCM, gcMn},     //     [2] BENGALI VOWEL SIGN VOCALIC L..BENGALI VOWEL SIGN VOCALIC LL
+	{0x09E6, 0x09EF, prNU, gcNd},     //    [10] BENGALI DIGIT ZERO..BENGALI DIGIT NINE
+	{0x09F0, 0x09F1, prAL, gcLo},     //     [2] BENGALI LETTER RA WITH MIDDLE DIAGONAL..BENGALI LETTER RA WITH LOWER DIAGONAL
+	{0x09F2, 0x09F3, prPO, gcSc},     //     [2] BENGALI RUPEE MARK..BENGALI RUPEE SIGN
+	{0x09F4, 0x09F8, prAL, gcNo},     //     [5] BENGALI CURRENCY NUMERATOR ONE..BENGALI CURRENCY NUMERATOR ONE LESS THAN THE DENOMINATOR
+	{0x09F9, 0x09F9, prPO, gcNo},     //         BENGALI CURRENCY DENOMINATOR SIXTEEN
+	{0x09FA, 0x09FA, prAL, gcSo},     //         BENGALI ISSHAR
+	{0x09FB, 0x09FB, prPR, gcSc},     //         BENGALI GANDA MARK
+	{0x09FC, 0x09FC, prAL, gcLo},     //         BENGALI LETTER VEDIC ANUSVARA
+	{0x09FD, 0x09FD, prAL, gcPo},     //         BENGALI ABBREVIATION SIGN
+	{0x09FE, 0x09FE, prCM, gcMn},     //         BENGALI SANDHI MARK
+	{0x0A01, 0x0A02, prCM, gcMn},     //     [2] GURMUKHI SIGN ADAK BINDI..GURMUKHI SIGN BINDI
+	{0x0A03, 0x0A03, prCM, gcMc},     //         GURMUKHI SIGN VISARGA
+	{0x0A05, 0x0A0A, prAL, gcLo},     //     [6] GURMUKHI LETTER A..GURMUKHI LETTER UU
+	{0x0A0F, 0x0A10, prAL, gcLo},     //     [2] GURMUKHI LETTER EE..GURMUKHI LETTER AI
+	{0x0A13, 0x0A28, prAL, gcLo},     //    [22] GURMUKHI LETTER OO..GURMUKHI LETTER NA
+	{0x0A2A, 0x0A30, prAL, gcLo},     //     [7] GURMUKHI LETTER PA..GURMUKHI LETTER RA
+	{0x0A32, 0x0A33, prAL, gcLo},     //     [2] GURMUKHI LETTER LA..GURMUKHI LETTER LLA
+	{0x0A35, 0x0A36, prAL, gcLo},     //     [2] GURMUKHI LETTER VA..GURMUKHI LETTER SHA
+	{0x0A38, 0x0A39, prAL, gcLo},     //     [2] GURMUKHI LETTER SA..GURMUKHI LETTER HA
+	{0x0A3C, 0x0A3C, prCM, gcMn},     //         GURMUKHI SIGN NUKTA
+	{0x0A3E, 0x0A40, prCM, gcMc},     //     [3] GURMUKHI VOWEL SIGN AA..GURMUKHI VOWEL SIGN II
+	{0x0A41, 0x0A42, prCM, gcMn},     //     [2] GURMUKHI VOWEL SIGN U..GURMUKHI VOWEL SIGN UU
+	{0x0A47, 0x0A48, prCM, gcMn},     //     [2] GURMUKHI VOWEL SIGN EE..GURMUKHI VOWEL SIGN AI
+	{0x0A4B, 0x0A4D, prCM, gcMn},     //     [3] GURMUKHI VOWEL SIGN OO..GURMUKHI SIGN VIRAMA
+	{0x0A51, 0x0A51, prCM, gcMn},     //         GURMUKHI SIGN UDAAT
+	{0x0A59, 0x0A5C, prAL, gcLo},     //     [4] GURMUKHI LETTER KHHA..GURMUKHI LETTER RRA
+	{0x0A5E, 0x0A5E, prAL, gcLo},     //         GURMUKHI LETTER FA
+	{0x0A66, 0x0A6F, prNU, gcNd},     //    [10] GURMUKHI DIGIT ZERO..GURMUKHI DIGIT NINE
+	{0x0A70, 0x0A71, prCM, gcMn},     //     [2] GURMUKHI TIPPI..GURMUKHI ADDAK
+	{0x0A72, 0x0A74, prAL, gcLo},     //     [3] GURMUKHI IRI..GURMUKHI EK ONKAR
+	{0x0A75, 0x0A75, prCM, gcMn},     //         GURMUKHI SIGN YAKASH
+	{0x0A76, 0x0A76, prAL, gcPo},     //         GURMUKHI ABBREVIATION SIGN
+	{0x0A81, 0x0A82, prCM, gcMn},     //     [2] GUJARATI SIGN CANDRABINDU..GUJARATI SIGN ANUSVARA
+	{0x0A83, 0x0A83, prCM, gcMc},     //         GUJARATI SIGN VISARGA
+	{0x0A85, 0x0A8D, prAL, gcLo},     //     [9] GUJARATI LETTER A..GUJARATI VOWEL CANDRA E
+	{0x0A8F, 0x0A91, prAL, gcLo},     //     [3] GUJARATI LETTER E..GUJARATI VOWEL CANDRA O
+	{0x0A93, 0x0AA8, prAL, gcLo},     //    [22] GUJARATI LETTER O..GUJARATI LETTER NA
+	{0x0AAA, 0x0AB0, prAL, gcLo},     //     [7] GUJARATI LETTER PA..GUJARATI LETTER RA
+	{0x0AB2, 0x0AB3, prAL, gcLo},     //     [2] GUJARATI LETTER LA..GUJARATI LETTER LLA
+	{0x0AB5, 0x0AB9, prAL, gcLo},     //     [5] GUJARATI LETTER VA..GUJARATI LETTER HA
+	{0x0ABC, 0x0ABC, prCM, gcMn},     //         GUJARATI SIGN NUKTA
+	{0x0ABD, 0x0ABD, prAL, gcLo},     //         GUJARATI SIGN AVAGRAHA
+	{0x0ABE, 0x0AC0, prCM, gcMc},     //     [3] GUJARATI VOWEL SIGN AA..GUJARATI VOWEL SIGN II
+	{0x0AC1, 0x0AC5, prCM, gcMn},     //     [5] GUJARATI VOWEL SIGN U..GUJARATI VOWEL SIGN CANDRA E
+	{0x0AC7, 0x0AC8, prCM, gcMn},     //     [2] GUJARATI VOWEL SIGN E..GUJARATI VOWEL SIGN AI
+	{0x0AC9, 0x0AC9, prCM, gcMc},     //         GUJARATI VOWEL SIGN CANDRA O
+	{0x0ACB, 0x0ACC, prCM, gcMc},     //     [2] GUJARATI VOWEL SIGN O..GUJARATI VOWEL SIGN AU
+	{0x0ACD, 0x0ACD, prCM, gcMn},     //         GUJARATI SIGN VIRAMA
+	{0x0AD0, 0x0AD0, prAL, gcLo},     //         GUJARATI OM
+	{0x0AE0, 0x0AE1, prAL, gcLo},     //     [2] GUJARATI LETTER VOCALIC RR..GUJARATI LETTER VOCALIC LL
+	{0x0AE2, 0x0AE3, prCM, gcMn},     //     [2] GUJARATI VOWEL SIGN VOCALIC L..GUJARATI VOWEL SIGN VOCALIC LL
+	{0x0AE6, 0x0AEF, prNU, gcNd},     //    [10] GUJARATI DIGIT ZERO..GUJARATI DIGIT NINE
+	{0x0AF0, 0x0AF0, prAL, gcPo},     //         GUJARATI ABBREVIATION SIGN
+	{0x0AF1, 0x0AF1, prPR, gcSc},     //         GUJARATI RUPEE SIGN
+	{0x0AF9, 0x0AF9, prAL, gcLo},     //         GUJARATI LETTER ZHA
+	{0x0AFA, 0x0AFF, prCM, gcMn},     //     [6] GUJARATI SIGN SUKUN..GUJARATI SIGN TWO-CIRCLE NUKTA ABOVE
+	{0x0B01, 0x0B01, prCM, gcMn},     //         ORIYA SIGN CANDRABINDU
+	{0x0B02, 0x0B03, prCM, gcMc},     //     [2] ORIYA SIGN ANUSVARA..ORIYA SIGN VISARGA
+	{0x0B05, 0x0B0C, prAL, gcLo},     //     [8] ORIYA LETTER A..ORIYA LETTER VOCALIC L
+	{0x0B0F, 0x0B10, prAL, gcLo},     //     [2] ORIYA LETTER E..ORIYA LETTER AI
+	{0x0B13, 0x0B28, prAL, gcLo},     //    [22] ORIYA LETTER O..ORIYA LETTER NA
+	{0x0B2A, 0x0B30, prAL, gcLo},     //     [7] ORIYA LETTER PA..ORIYA LETTER RA
+	{0x0B32, 0x0B33, prAL, gcLo},     //     [2] ORIYA LETTER LA..ORIYA LETTER LLA
+	{0x0B35, 0x0B39, prAL, gcLo},     //     [5] ORIYA LETTER VA..ORIYA LETTER HA
+	{0x0B3C, 0x0B3C, prCM, gcMn},     //         ORIYA SIGN NUKTA
+	{0x0B3D, 0x0B3D, prAL, gcLo},     //         ORIYA SIGN AVAGRAHA
+	{0x0B3E, 0x0B3E, prCM, gcMc},     //         ORIYA VOWEL SIGN AA
+	{0x0B3F, 0x0B3F, prCM, gcMn},     //         ORIYA VOWEL SIGN I
+	{0x0B40, 0x0B40, prCM, gcMc},     //         ORIYA VOWEL SIGN II
+	{0x0B41, 0x0B44, prCM, gcMn},     //     [4] ORIYA VOWEL SIGN U..ORIYA VOWEL SIGN VOCALIC RR
+	{0x0B47, 0x0B48, prCM, gcMc},     //     [2] ORIYA VOWEL SIGN E..ORIYA VOWEL SIGN AI
+	{0x0B4B, 0x0B4C, prCM, gcMc},     //     [2] ORIYA VOWEL SIGN O..ORIYA VOWEL SIGN AU
+	{0x0B4D, 0x0B4D, prCM, gcMn},     //         ORIYA SIGN VIRAMA
+	{0x0B55, 0x0B56, prCM, gcMn},     //     [2] ORIYA SIGN OVERLINE..ORIYA AI LENGTH MARK
+	{0x0B57, 0x0B57, prCM, gcMc},     //         ORIYA AU LENGTH MARK
+	{0x0B5C, 0x0B5D, prAL, gcLo},     //     [2] ORIYA LETTER RRA..ORIYA LETTER RHA
+	{0x0B5F, 0x0B61, prAL, gcLo},     //     [3] ORIYA LETTER YYA..ORIYA LETTER VOCALIC LL
+	{0x0B62, 0x0B63, prCM, gcMn},     //     [2] ORIYA VOWEL SIGN VOCALIC L..ORIYA VOWEL SIGN VOCALIC LL
+	{0x0B66, 0x0B6F, prNU, gcNd},     //    [10] ORIYA DIGIT ZERO..ORIYA DIGIT NINE
+	{0x0B70, 0x0B70, prAL, gcSo},     //         ORIYA ISSHAR
+	{0x0B71, 0x0B71, prAL, gcLo},     //         ORIYA LETTER WA
+	{0x0B72, 0x0B77, prAL, gcNo},     //     [6] ORIYA FRACTION ONE QUARTER..ORIYA FRACTION THREE SIXTEENTHS
+	{0x0B82, 0x0B82, prCM, gcMn},     //         TAMIL SIGN ANUSVARA
+	{0x0B83, 0x0B83, prAL, gcLo},     //         TAMIL SIGN VISARGA
+	{0x0B85, 0x0B8A, prAL, gcLo},     //     [6] TAMIL LETTER A..TAMIL LETTER UU
+	{0x0B8E, 0x0B90, prAL, gcLo},     //     [3] TAMIL LETTER E..TAMIL LETTER AI
+	{0x0B92, 0x0B95, prAL, gcLo},     //     [4] TAMIL LETTER O..TAMIL LETTER KA
+	{0x0B99, 0x0B9A, prAL, gcLo},     //     [2] TAMIL LETTER NGA..TAMIL LETTER CA
+	{0x0B9C, 0x0B9C, prAL, gcLo},     //         TAMIL LETTER JA
+	{0x0B9E, 0x0B9F, prAL, gcLo},     //     [2] TAMIL LETTER NYA..TAMIL LETTER TTA
+	{0x0BA3, 0x0BA4, prAL, gcLo},     //     [2] TAMIL LETTER NNA..TAMIL LETTER TA
+	{0x0BA8, 0x0BAA, prAL, gcLo},     //     [3] TAMIL LETTER NA..TAMIL LETTER PA
+	{0x0BAE, 0x0BB9, prAL, gcLo},     //    [12] TAMIL LETTER MA..TAMIL LETTER HA
+	{0x0BBE, 0x0BBF, prCM, gcMc},     //     [2] TAMIL VOWEL SIGN AA..TAMIL VOWEL SIGN I
+	{0x0BC0, 0x0BC0, prCM, gcMn},     //         TAMIL VOWEL SIGN II
+	{0x0BC1, 0x0BC2, prCM, gcMc},     //     [2] TAMIL VOWEL SIGN U..TAMIL VOWEL SIGN UU
+	{0x0BC6, 0x0BC8, prCM, gcMc},     //     [3] TAMIL VOWEL SIGN E..TAMIL VOWEL SIGN AI
+	{0x0BCA, 0x0BCC, prCM, gcMc},     //     [3] TAMIL VOWEL SIGN O..TAMIL VOWEL SIGN AU
+	{0x0BCD, 0x0BCD, prCM, gcMn},     //         TAMIL SIGN VIRAMA
+	{0x0BD0, 0x0BD0, prAL, gcLo},     //         TAMIL OM
+	{0x0BD7, 0x0BD7, prCM, gcMc},     //         TAMIL AU LENGTH MARK
+	{0x0BE6, 0x0BEF, prNU, gcNd},     //    [10] TAMIL DIGIT ZERO..TAMIL DIGIT NINE
+	{0x0BF0, 0x0BF2, prAL, gcNo},     //     [3] TAMIL NUMBER TEN..TAMIL NUMBER ONE THOUSAND
+	{0x0BF3, 0x0BF8, prAL, gcSo},     //     [6] TAMIL DAY SIGN..TAMIL AS ABOVE SIGN
+	{0x0BF9, 0x0BF9, prPR, gcSc},     //         TAMIL RUPEE SIGN
+	{0x0BFA, 0x0BFA, prAL, gcSo},     //         TAMIL NUMBER SIGN
+	{0x0C00, 0x0C00, prCM, gcMn},     //         TELUGU SIGN COMBINING CANDRABINDU ABOVE
+	{0x0C01, 0x0C03, prCM, gcMc},     //     [3] TELUGU SIGN CANDRABINDU..TELUGU SIGN VISARGA
+	{0x0C04, 0x0C04, prCM, gcMn},     //         TELUGU SIGN COMBINING ANUSVARA ABOVE
+	{0x0C05, 0x0C0C, prAL, gcLo},     //     [8] TELUGU LETTER A..TELUGU LETTER VOCALIC L
+	{0x0C0E, 0x0C10, prAL, gcLo},     //     [3] TELUGU LETTER E..TELUGU LETTER AI
+	{0x0C12, 0x0C28, prAL, gcLo},     //    [23] TELUGU LETTER O..TELUGU LETTER NA
+	{0x0C2A, 0x0C39, prAL, gcLo},     //    [16] TELUGU LETTER PA..TELUGU LETTER HA
+	{0x0C3C, 0x0C3C, prCM, gcMn},     //         TELUGU SIGN NUKTA
+	{0x0C3D, 0x0C3D, prAL, gcLo},     //         TELUGU SIGN AVAGRAHA
+	{0x0C3E, 0x0C40, prCM, gcMn},     //     [3] TELUGU VOWEL SIGN AA..TELUGU VOWEL SIGN II
+	{0x0C41, 0x0C44, prCM, gcMc},     //     [4] TELUGU VOWEL SIGN U..TELUGU VOWEL SIGN VOCALIC RR
+	{0x0C46, 0x0C48, prCM, gcMn},     //     [3] TELUGU VOWEL SIGN E..TELUGU VOWEL SIGN AI
+	{0x0C4A, 0x0C4D, prCM, gcMn},     //     [4] TELUGU VOWEL SIGN O..TELUGU SIGN VIRAMA
+	{0x0C55, 0x0C56, prCM, gcMn},     //     [2] TELUGU LENGTH MARK..TELUGU AI LENGTH MARK
+	{0x0C58, 0x0C5A, prAL, gcLo},     //     [3] TELUGU LETTER TSA..TELUGU LETTER RRRA
+	{0x0C5D, 0x0C5D, prAL, gcLo},     //         TELUGU LETTER NAKAARA POLLU
+	{0x0C60, 0x0C61, prAL, gcLo},     //     [2] TELUGU LETTER VOCALIC RR..TELUGU LETTER VOCALIC LL
+	{0x0C62, 0x0C63, prCM, gcMn},     //     [2] TELUGU VOWEL SIGN VOCALIC L..TELUGU VOWEL SIGN VOCALIC LL
+	{0x0C66, 0x0C6F, prNU, gcNd},     //    [10] TELUGU DIGIT ZERO..TELUGU DIGIT NINE
+	{0x0C77, 0x0C77, prBB, gcPo},     //         TELUGU SIGN SIDDHAM
+	{0x0C78, 0x0C7E, prAL, gcNo},     //     [7] TELUGU FRACTION DIGIT ZERO FOR ODD POWERS OF FOUR..TELUGU FRACTION DIGIT THREE FOR EVEN POWERS OF FOUR
+	{0x0C7F, 0x0C7F, prAL, gcSo},     //         TELUGU SIGN TUUMU
+	{0x0C80, 0x0C80, prAL, gcLo},     //         KANNADA SIGN SPACING CANDRABINDU
+	{0x0C81, 0x0C81, prCM, gcMn},     //         KANNADA SIGN CANDRABINDU
+	{0x0C82, 0x0C83, prCM, gcMc},     //     [2] KANNADA SIGN ANUSVARA..KANNADA SIGN VISARGA
+	{0x0C84, 0x0C84, prBB, gcPo},     //         KANNADA SIGN SIDDHAM
+	{0x0C85, 0x0C8C, prAL, gcLo},     //     [8] KANNADA LETTER A..KANNADA LETTER VOCALIC L
+	{0x0C8E, 0x0C90, prAL, gcLo},     //     [3] KANNADA LETTER E..KANNADA LETTER AI
+	{0x0C92, 0x0CA8, prAL, gcLo},     //    [23] KANNADA LETTER O..KANNADA LETTER NA
+	{0x0CAA, 0x0CB3, prAL, gcLo},     //    [10] KANNADA LETTER PA..KANNADA LETTER LLA
+	{0x0CB5, 0x0CB9, prAL, gcLo},     //     [5] KANNADA LETTER VA..KANNADA LETTER HA
+	{0x0CBC, 0x0CBC, prCM, gcMn},     //         KANNADA SIGN NUKTA
+	{0x0CBD, 0x0CBD, prAL, gcLo},     //         KANNADA SIGN AVAGRAHA
+	{0x0CBE, 0x0CBE, prCM, gcMc},     //         KANNADA VOWEL SIGN AA
+	{0x0CBF, 0x0CBF, prCM, gcMn},     //         KANNADA VOWEL SIGN I
+	{0x0CC0, 0x0CC4, prCM, gcMc},     //     [5] KANNADA VOWEL SIGN II..KANNADA VOWEL SIGN VOCALIC RR
+	{0x0CC6, 0x0CC6, prCM, gcMn},     //         KANNADA VOWEL SIGN E
+	{0x0CC7, 0x0CC8, prCM, gcMc},     //     [2] KANNADA VOWEL SIGN EE..KANNADA VOWEL SIGN AI
+	{0x0CCA, 0x0CCB, prCM, gcMc},     //     [2] KANNADA VOWEL SIGN O..KANNADA VOWEL SIGN OO
+	{0x0CCC, 0x0CCD, prCM, gcMn},     //     [2] KANNADA VOWEL SIGN AU..KANNADA SIGN VIRAMA
+	{0x0CD5, 0x0CD6, prCM, gcMc},     //     [2] KANNADA LENGTH MARK..KANNADA AI LENGTH MARK
+	{0x0CDD, 0x0CDE, prAL, gcLo},     //     [2] KANNADA LETTER NAKAARA POLLU..KANNADA LETTER FA
+	{0x0CE0, 0x0CE1, prAL, gcLo},     //     [2] KANNADA LETTER VOCALIC RR..KANNADA LETTER VOCALIC LL
+	{0x0CE2, 0x0CE3, prCM, gcMn},     //     [2] KANNADA VOWEL SIGN VOCALIC L..KANNADA VOWEL SIGN VOCALIC LL
+	{0x0CE6, 0x0CEF, prNU, gcNd},     //    [10] KANNADA DIGIT ZERO..KANNADA DIGIT NINE
+	{0x0CF1, 0x0CF2, prAL, gcLo},     //     [2] KANNADA SIGN JIHVAMULIYA..KANNADA SIGN UPADHMANIYA
+	{0x0D00, 0x0D01, prCM, gcMn},     //     [2] MALAYALAM SIGN COMBINING ANUSVARA ABOVE..MALAYALAM SIGN CANDRABINDU
+	{0x0D02, 0x0D03, prCM, gcMc},     //     [2] MALAYALAM SIGN ANUSVARA..MALAYALAM SIGN VISARGA
+	{0x0D04, 0x0D0C, prAL, gcLo},     //     [9] MALAYALAM LETTER VEDIC ANUSVARA..MALAYALAM LETTER VOCALIC L
+	{0x0D0E, 0x0D10, prAL, gcLo},     //     [3] MALAYALAM LETTER E..MALAYALAM LETTER AI
+	{0x0D12, 0x0D3A, prAL, gcLo},     //    [41] MALAYALAM LETTER O..MALAYALAM LETTER TTTA
+	{0x0D3B, 0x0D3C, prCM, gcMn},     //     [2] MALAYALAM SIGN VERTICAL BAR VIRAMA..MALAYALAM SIGN CIRCULAR VIRAMA
+	{0x0D3D, 0x0D3D, prAL, gcLo},     //         MALAYALAM SIGN AVAGRAHA
+	{0x0D3E, 0x0D40, prCM, gcMc},     //     [3] MALAYALAM VOWEL SIGN AA..MALAYALAM VOWEL SIGN II
+	{0x0D41, 0x0D44, prCM, gcMn},     //     [4] MALAYALAM VOWEL SIGN U..MALAYALAM VOWEL SIGN VOCALIC RR
+	{0x0D46, 0x0D48, prCM, gcMc},     //     [3] MALAYALAM VOWEL SIGN E..MALAYALAM VOWEL SIGN AI
+	{0x0D4A, 0x0D4C, prCM, gcMc},     //     [3] MALAYALAM VOWEL SIGN O..MALAYALAM VOWEL SIGN AU
+	{0x0D4D, 0x0D4D, prCM, gcMn},     //         MALAYALAM SIGN VIRAMA
+	{0x0D4E, 0x0D4E, prAL, gcLo},     //         MALAYALAM LETTER DOT REPH
+	{0x0D4F, 0x0D4F, prAL, gcSo},     //         MALAYALAM SIGN PARA
+	{0x0D54, 0x0D56, prAL, gcLo},     //     [3] MALAYALAM LETTER CHILLU M..MALAYALAM LETTER CHILLU LLL
+	{0x0D57, 0x0D57, prCM, gcMc},     //         MALAYALAM AU LENGTH MARK
+	{0x0D58, 0x0D5E, prAL, gcNo},     //     [7] MALAYALAM FRACTION ONE ONE-HUNDRED-AND-SIXTIETH..MALAYALAM FRACTION ONE FIFTH
+	{0x0D5F, 0x0D61, prAL, gcLo},     //     [3] MALAYALAM LETTER ARCHAIC II..MALAYALAM LETTER VOCALIC LL
+	{0x0D62, 0x0D63, prCM, gcMn},     //     [2] MALAYALAM VOWEL SIGN VOCALIC L..MALAYALAM VOWEL SIGN VOCALIC LL
+	{0x0D66, 0x0D6F, prNU, gcNd},     //    [10] MALAYALAM DIGIT ZERO..MALAYALAM DIGIT NINE
+	{0x0D70, 0x0D78, prAL, gcNo},     //     [9] MALAYALAM NUMBER TEN..MALAYALAM FRACTION THREE SIXTEENTHS
+	{0x0D79, 0x0D79, prPO, gcSo},     //         MALAYALAM DATE MARK
+	{0x0D7A, 0x0D7F, prAL, gcLo},     //     [6] MALAYALAM LETTER CHILLU NN..MALAYALAM LETTER CHILLU K
+	{0x0D81, 0x0D81, prCM, gcMn},     //         SINHALA SIGN CANDRABINDU
+	{0x0D82, 0x0D83, prCM, gcMc},     //     [2] SINHALA SIGN ANUSVARAYA..SINHALA SIGN VISARGAYA
+	{0x0D85, 0x0D96, prAL, gcLo},     //    [18] SINHALA LETTER AYANNA..SINHALA LETTER AUYANNA
+	{0x0D9A, 0x0DB1, prAL, gcLo},     //    [24] SINHALA LETTER ALPAPRAANA KAYANNA..SINHALA LETTER DANTAJA NAYANNA
+	{0x0DB3, 0x0DBB, prAL, gcLo},     //     [9] SINHALA LETTER SANYAKA DAYANNA..SINHALA LETTER RAYANNA
+	{0x0DBD, 0x0DBD, prAL, gcLo},     //         SINHALA LETTER DANTAJA LAYANNA
+	{0x0DC0, 0x0DC6, prAL, gcLo},     //     [7] SINHALA LETTER VAYANNA..SINHALA LETTER FAYANNA
+	{0x0DCA, 0x0DCA, prCM, gcMn},     //         SINHALA SIGN AL-LAKUNA
+	{0x0DCF, 0x0DD1, prCM, gcMc},     //     [3] SINHALA VOWEL SIGN AELA-PILLA..SINHALA VOWEL SIGN DIGA AEDA-PILLA
+	{0x0DD2, 0x0DD4, prCM, gcMn},     //     [3] SINHALA VOWEL SIGN KETTI IS-PILLA..SINHALA VOWEL SIGN KETTI PAA-PILLA
+	{0x0DD6, 0x0DD6, prCM, gcMn},     //         SINHALA VOWEL SIGN DIGA PAA-PILLA
+	{0x0DD8, 0x0DDF, prCM, gcMc},     //     [8] SINHALA VOWEL SIGN GAETTA-PILLA..SINHALA VOWEL SIGN GAYANUKITTA
+	{0x0DE6, 0x0DEF, prNU, gcNd},     //    [10] SINHALA LITH DIGIT ZERO..SINHALA LITH DIGIT NINE
+	{0x0DF2, 0x0DF3, prCM, gcMc},     //     [2] SINHALA VOWEL SIGN DIGA GAETTA-PILLA..SINHALA VOWEL SIGN DIGA GAYANUKITTA
+	{0x0DF4, 0x0DF4, prAL, gcPo},     //         SINHALA PUNCTUATION KUNDDALIYA
+	{0x0E01, 0x0E30, prSA, gcLo},     //    [48] THAI CHARACTER KO KAI..THAI CHARACTER SARA A
+	{0x0E31, 0x0E31, prSA, gcMn},     //         THAI CHARACTER MAI HAN-AKAT
+	{0x0E32, 0x0E33, prSA, gcLo},     //     [2] THAI CHARACTER SARA AA..THAI CHARACTER SARA AM
+	{0x0E34, 0x0E3A, prSA, gcMn},     //     [7] THAI CHARACTER SARA I..THAI CHARACTER PHINTHU
+	{0x0E3F, 0x0E3F, prPR, gcSc},     //         THAI CURRENCY SYMBOL BAHT
+	{0x0E40, 0x0E45, prSA, gcLo},     //     [6] THAI CHARACTER SARA E..THAI CHARACTER LAKKHANGYAO
+	{0x0E46, 0x0E46, prSA, gcLm},     //         THAI CHARACTER MAIYAMOK
+	{0x0E47, 0x0E4E, prSA, gcMn},     //     [8] THAI CHARACTER MAITAIKHU..THAI CHARACTER YAMAKKAN
+	{0x0E4F, 0x0E4F, prAL, gcPo},     //         THAI CHARACTER FONGMAN
+	{0x0E50, 0x0E59, prNU, gcNd},     //    [10] THAI DIGIT ZERO..THAI DIGIT NINE
+	{0x0E5A, 0x0E5B, prBA, gcPo},     //     [2] THAI CHARACTER ANGKHANKHU..THAI CHARACTER KHOMUT
+	{0x0E81, 0x0E82, prSA, gcLo},     //     [2] LAO LETTER KO..LAO LETTER KHO SUNG
+	{0x0E84, 0x0E84, prSA, gcLo},     //         LAO LETTER KHO TAM
+	{0x0E86, 0x0E8A, prSA, gcLo},     //     [5] LAO LETTER PALI GHA..LAO LETTER SO TAM
+	{0x0E8C, 0x0EA3, prSA, gcLo},     //    [24] LAO LETTER PALI JHA..LAO LETTER LO LING
+	{0x0EA5, 0x0EA5, prSA, gcLo},     //         LAO LETTER LO LOOT
+	{0x0EA7, 0x0EB0, prSA, gcLo},     //    [10] LAO LETTER WO..LAO VOWEL SIGN A
+	{0x0EB1, 0x0EB1, prSA, gcMn},     //         LAO VOWEL SIGN MAI KAN
+	{0x0EB2, 0x0EB3, prSA, gcLo},     //     [2] LAO VOWEL SIGN AA..LAO VOWEL SIGN AM
+	{0x0EB4, 0x0EBC, prSA, gcMn},     //     [9] LAO VOWEL SIGN I..LAO SEMIVOWEL SIGN LO
+	{0x0EBD, 0x0EBD, prSA, gcLo},     //         LAO SEMIVOWEL SIGN NYO
+	{0x0EC0, 0x0EC4, prSA, gcLo},     //     [5] LAO VOWEL SIGN E..LAO VOWEL SIGN AI
+	{0x0EC6, 0x0EC6, prSA, gcLm},     //         LAO KO LA
+	{0x0EC8, 0x0ECD, prSA, gcMn},     //     [6] LAO TONE MAI EK..LAO NIGGAHITA
+	{0x0ED0, 0x0ED9, prNU, gcNd},     //    [10] LAO DIGIT ZERO..LAO DIGIT NINE
+	{0x0EDC, 0x0EDF, prSA, gcLo},     //     [4] LAO HO NO..LAO LETTER KHMU NYO
+	{0x0F00, 0x0F00, prAL, gcLo},     //         TIBETAN SYLLABLE OM
+	{0x0F01, 0x0F03, prBB, gcSo},     //     [3] TIBETAN MARK GTER YIG MGO TRUNCATED A..TIBETAN MARK GTER YIG MGO -UM GTER TSHEG MA
+	{0x0F04, 0x0F04, prBB, gcPo},     //         TIBETAN MARK INITIAL YIG MGO MDUN MA
+	{0x0F05, 0x0F05, prAL, gcPo},     //         TIBETAN MARK CLOSING YIG MGO SGAB MA
+	{0x0F06, 0x0F07, prBB, gcPo},     //     [2] TIBETAN MARK CARET YIG MGO PHUR SHAD MA..TIBETAN MARK YIG MGO TSHEG SHAD MA
+	{0x0F08, 0x0F08, prGL, gcPo},     //         TIBETAN MARK SBRUL SHAD
+	{0x0F09, 0x0F0A, prBB, gcPo},     //     [2] TIBETAN MARK BSKUR YIG MGO..TIBETAN MARK BKA- SHOG YIG MGO
+	{0x0F0B, 0x0F0B, prBA, gcPo},     //         TIBETAN MARK INTERSYLLABIC TSHEG
+	{0x0F0C, 0x0F0C, prGL, gcPo},     //         TIBETAN MARK DELIMITER TSHEG BSTAR
+	{0x0F0D, 0x0F11, prEX, gcPo},     //     [5] TIBETAN MARK SHAD..TIBETAN MARK RIN CHEN SPUNGS SHAD
+	{0x0F12, 0x0F12, prGL, gcPo},     //         TIBETAN MARK RGYA GRAM SHAD
+	{0x0F13, 0x0F13, prAL, gcSo},     //         TIBETAN MARK CARET -DZUD RTAGS ME LONG CAN
+	{0x0F14, 0x0F14, prEX, gcPo},     //         TIBETAN MARK GTER TSHEG
+	{0x0F15, 0x0F17, prAL, gcSo},     //     [3] TIBETAN LOGOTYPE SIGN CHAD RTAGS..TIBETAN ASTROLOGICAL SIGN SGRA GCAN -CHAR RTAGS
+	{0x0F18, 0x0F19, prCM, gcMn},     //     [2] TIBETAN ASTROLOGICAL SIGN -KHYUD PA..TIBETAN ASTROLOGICAL SIGN SDONG TSHUGS
+	{0x0F1A, 0x0F1F, prAL, gcSo},     //     [6] TIBETAN SIGN RDEL DKAR GCIG..TIBETAN SIGN RDEL DKAR RDEL NAG
+	{0x0F20, 0x0F29, prNU, gcNd},     //    [10] TIBETAN DIGIT ZERO..TIBETAN DIGIT NINE
+	{0x0F2A, 0x0F33, prAL, gcNo},     //    [10] TIBETAN DIGIT HALF ONE..TIBETAN DIGIT HALF ZERO
+	{0x0F34, 0x0F34, prBA, gcSo},     //         TIBETAN MARK BSDUS RTAGS
+	{0x0F35, 0x0F35, prCM, gcMn},     //         TIBETAN MARK NGAS BZUNG NYI ZLA
+	{0x0F36, 0x0F36, prAL, gcSo},     //         TIBETAN MARK CARET -DZUD RTAGS BZHI MIG CAN
+	{0x0F37, 0x0F37, prCM, gcMn},     //         TIBETAN MARK NGAS BZUNG SGOR RTAGS
+	{0x0F38, 0x0F38, prAL, gcSo},     //         TIBETAN MARK CHE MGO
+	{0x0F39, 0x0F39, prCM, gcMn},     //         TIBETAN MARK TSA -PHRU
+	{0x0F3A, 0x0F3A, prOP, gcPs},     //         TIBETAN MARK GUG RTAGS GYON
+	{0x0F3B, 0x0F3B, prCL, gcPe},     //         TIBETAN MARK GUG RTAGS GYAS
+	{0x0F3C, 0x0F3C, prOP, gcPs},     //         TIBETAN MARK ANG KHANG GYON
+	{0x0F3D, 0x0F3D, prCL, gcPe},     //         TIBETAN MARK ANG KHANG GYAS
+	{0x0F3E, 0x0F3F, prCM, gcMc},     //     [2] TIBETAN SIGN YAR TSHES..TIBETAN SIGN MAR TSHES
+	{0x0F40, 0x0F47, prAL, gcLo},     //     [8] TIBETAN LETTER KA..TIBETAN LETTER JA
+	{0x0F49, 0x0F6C, prAL, gcLo},     //    [36] TIBETAN LETTER NYA..TIBETAN LETTER RRA
+	{0x0F71, 0x0F7E, prCM, gcMn},     //    [14] TIBETAN VOWEL SIGN AA..TIBETAN SIGN RJES SU NGA RO
+	{0x0F7F, 0x0F7F, prBA, gcMc},     //         TIBETAN SIGN RNAM BCAD
+	{0x0F80, 0x0F84, prCM, gcMn},     //     [5] TIBETAN VOWEL SIGN REVERSED I..TIBETAN MARK HALANTA
+	{0x0F85, 0x0F85, prBA, gcPo},     //         TIBETAN MARK PALUTA
+	{0x0F86, 0x0F87, prCM, gcMn},     //     [2] TIBETAN SIGN LCI RTAGS..TIBETAN SIGN YANG RTAGS
+	{0x0F88, 0x0F8C, prAL, gcLo},     //     [5] TIBETAN SIGN LCE TSA CAN..TIBETAN SIGN INVERTED MCHU CAN
+	{0x0F8D, 0x0F97, prCM, gcMn},     //    [11] TIBETAN SUBJOINED SIGN LCE TSA CAN..TIBETAN SUBJOINED LETTER JA
+	{0x0F99, 0x0FBC, prCM, gcMn},     //    [36] TIBETAN SUBJOINED LETTER NYA..TIBETAN SUBJOINED LETTER FIXED-FORM RA
+	{0x0FBE, 0x0FBF, prBA, gcSo},     //     [2] TIBETAN KU RU KHA..TIBETAN KU RU KHA BZHI MIG CAN
+	{0x0FC0, 0x0FC5, prAL, gcSo},     //     [6] TIBETAN CANTILLATION SIGN HEAVY BEAT..TIBETAN SYMBOL RDO RJE
+	{0x0FC6, 0x0FC6, prCM, gcMn},     //         TIBETAN SYMBOL PADMA GDAN
+	{0x0FC7, 0x0FCC, prAL, gcSo},     //     [6] TIBETAN SYMBOL RDO RJE RGYA GRAM..TIBETAN SYMBOL NOR BU BZHI -KHYIL
+	{0x0FCE, 0x0FCF, prAL, gcSo},     //     [2] TIBETAN SIGN RDEL NAG RDEL DKAR..TIBETAN SIGN RDEL NAG GSUM
+	{0x0FD0, 0x0FD1, prBB, gcPo},     //     [2] TIBETAN MARK BSKA- SHOG GI MGO RGYAN..TIBETAN MARK MNYAM YIG GI MGO RGYAN
+	{0x0FD2, 0x0FD2, prBA, gcPo},     //         TIBETAN MARK NYIS TSHEG
+	{0x0FD3, 0x0FD3, prBB, gcPo},     //         TIBETAN MARK INITIAL BRDA RNYING YIG MGO MDUN MA
+	{0x0FD4, 0x0FD4, prAL, gcPo},     //         TIBETAN MARK CLOSING BRDA RNYING YIG MGO SGAB MA
+	{0x0FD5, 0x0FD8, prAL, gcSo},     //     [4] RIGHT-FACING SVASTI SIGN..LEFT-FACING SVASTI SIGN WITH DOTS
+	{0x0FD9, 0x0FDA, prGL, gcPo},     //     [2] TIBETAN MARK LEADING MCHAN RTAGS..TIBETAN MARK TRAILING MCHAN RTAGS
+	{0x1000, 0x102A, prSA, gcLo},     //    [43] MYANMAR LETTER KA..MYANMAR LETTER AU
+	{0x102B, 0x102C, prSA, gcMc},     //     [2] MYANMAR VOWEL SIGN TALL AA..MYANMAR VOWEL SIGN AA
+	{0x102D, 0x1030, prSA, gcMn},     //     [4] MYANMAR VOWEL SIGN I..MYANMAR VOWEL SIGN UU
+	{0x1031, 0x1031, prSA, gcMc},     //         MYANMAR VOWEL SIGN E
+	{0x1032, 0x1037, prSA, gcMn},     //     [6] MYANMAR VOWEL SIGN AI..MYANMAR SIGN DOT BELOW
+	{0x1038, 0x1038, prSA, gcMc},     //         MYANMAR SIGN VISARGA
+	{0x1039, 0x103A, prSA, gcMn},     //     [2] MYANMAR SIGN VIRAMA..MYANMAR SIGN ASAT
+	{0x103B, 0x103C, prSA, gcMc},     //     [2] MYANMAR CONSONANT SIGN MEDIAL YA..MYANMAR CONSONANT SIGN MEDIAL RA
+	{0x103D, 0x103E, prSA, gcMn},     //     [2] MYANMAR CONSONANT SIGN MEDIAL WA..MYANMAR CONSONANT SIGN MEDIAL HA
+	{0x103F, 0x103F, prSA, gcLo},     //         MYANMAR LETTER GREAT SA
+	{0x1040, 0x1049, prNU, gcNd},     //    [10] MYANMAR DIGIT ZERO..MYANMAR DIGIT NINE
+	{0x104A, 0x104B, prBA, gcPo},     //     [2] MYANMAR SIGN LITTLE SECTION..MYANMAR SIGN SECTION
+	{0x104C, 0x104F, prAL, gcPo},     //     [4] MYANMAR SYMBOL LOCATIVE..MYANMAR SYMBOL GENITIVE
+	{0x1050, 0x1055, prSA, gcLo},     //     [6] MYANMAR LETTER SHA..MYANMAR LETTER VOCALIC LL
+	{0x1056, 0x1057, prSA, gcMc},     //     [2] MYANMAR VOWEL SIGN VOCALIC R..MYANMAR VOWEL SIGN VOCALIC RR
+	{0x1058, 0x1059, prSA, gcMn},     //     [2] MYANMAR VOWEL SIGN VOCALIC L..MYANMAR VOWEL SIGN VOCALIC LL
+	{0x105A, 0x105D, prSA, gcLo},     //     [4] MYANMAR LETTER MON NGA..MYANMAR LETTER MON BBE
+	{0x105E, 0x1060, prSA, gcMn},     //     [3] MYANMAR CONSONANT SIGN MON MEDIAL NA..MYANMAR CONSONANT SIGN MON MEDIAL LA
+	{0x1061, 0x1061, prSA, gcLo},     //         MYANMAR LETTER SGAW KAREN SHA
+	{0x1062, 0x1064, prSA, gcMc},     //     [3] MYANMAR VOWEL SIGN SGAW KAREN EU..MYANMAR TONE MARK SGAW KAREN KE PHO
+	{0x1065, 0x1066, prSA, gcLo},     //     [2] MYANMAR LETTER WESTERN PWO KAREN THA..MYANMAR LETTER WESTERN PWO KAREN PWA
+	{0x1067, 0x106D, prSA, gcMc},     //     [7] MYANMAR VOWEL SIGN WESTERN PWO KAREN EU..MYANMAR SIGN WESTERN PWO KAREN TONE-5
+	{0x106E, 0x1070, prSA, gcLo},     //     [3] MYANMAR LETTER EASTERN PWO KAREN NNA..MYANMAR LETTER EASTERN PWO KAREN GHWA
+	{0x1071, 0x1074, prSA, gcMn},     //     [4] MYANMAR VOWEL SIGN GEBA KAREN I..MYANMAR VOWEL SIGN KAYAH EE
+	{0x1075, 0x1081, prSA, gcLo},     //    [13] MYANMAR LETTER SHAN KA..MYANMAR LETTER SHAN HA
+	{0x1082, 0x1082, prSA, gcMn},     //         MYANMAR CONSONANT SIGN SHAN MEDIAL WA
+	{0x1083, 0x1084, prSA, gcMc},     //     [2] MYANMAR VOWEL SIGN SHAN AA..MYANMAR VOWEL SIGN SHAN E
+	{0x1085, 0x1086, prSA, gcMn},     //     [2] MYANMAR VOWEL SIGN SHAN E ABOVE..MYANMAR VOWEL SIGN SHAN FINAL Y
+	{0x1087, 0x108C, prSA, gcMc},     //     [6] MYANMAR SIGN SHAN TONE-2..MYANMAR SIGN SHAN COUNCIL TONE-3
+	{0x108D, 0x108D, prSA, gcMn},     //         MYANMAR SIGN SHAN COUNCIL EMPHATIC TONE
+	{0x108E, 0x108E, prSA, gcLo},     //         MYANMAR LETTER RUMAI PALAUNG FA
+	{0x108F, 0x108F, prSA, gcMc},     //         MYANMAR SIGN RUMAI PALAUNG TONE-5
+	{0x1090, 0x1099, prNU, gcNd},     //    [10] MYANMAR SHAN DIGIT ZERO..MYANMAR SHAN DIGIT NINE
+	{0x109A, 0x109C, prSA, gcMc},     //     [3] MYANMAR SIGN KHAMTI TONE-1..MYANMAR VOWEL SIGN AITON A
+	{0x109D, 0x109D, prSA, gcMn},     //         MYANMAR VOWEL SIGN AITON AI
+	{0x109E, 0x109F, prSA, gcSo},     //     [2] MYANMAR SYMBOL SHAN ONE..MYANMAR SYMBOL SHAN EXCLAMATION
+	{0x10A0, 0x10C5, prAL, gcLu},     //    [38] GEORGIAN CAPITAL LETTER AN..GEORGIAN CAPITAL LETTER HOE
+	{0x10C7, 0x10C7, prAL, gcLu},     //         GEORGIAN CAPITAL LETTER YN
+	{0x10CD, 0x10CD, prAL, gcLu},     //         GEORGIAN CAPITAL LETTER AEN
+	{0x10D0, 0x10FA, prAL, gcLl},     //    [43] GEORGIAN LETTER AN..GEORGIAN LETTER AIN
+	{0x10FB, 0x10FB, prAL, gcPo},     //         GEORGIAN PARAGRAPH SEPARATOR
+	{0x10FC, 0x10FC, prAL, gcLm},     //         MODIFIER LETTER GEORGIAN NAR
+	{0x10FD, 0x10FF, prAL, gcLl},     //     [3] GEORGIAN LETTER AEN..GEORGIAN LETTER LABIAL SIGN
+	{0x1100, 0x115F, prJL, gcLo},     //    [96] HANGUL CHOSEONG KIYEOK..HANGUL CHOSEONG FILLER
+	{0x1160, 0x11A7, prJV, gcLo},     //    [72] HANGUL JUNGSEONG FILLER..HANGUL JUNGSEONG O-YAE
+	{0x11A8, 0x11FF, prJT, gcLo},     //    [88] HANGUL JONGSEONG KIYEOK..HANGUL JONGSEONG SSANGNIEUN
+	{0x1200, 0x1248, prAL, gcLo},     //    [73] ETHIOPIC SYLLABLE HA..ETHIOPIC SYLLABLE QWA
+	{0x124A, 0x124D, prAL, gcLo},     //     [4] ETHIOPIC SYLLABLE QWI..ETHIOPIC SYLLABLE QWE
+	{0x1250, 0x1256, prAL, gcLo},     //     [7] ETHIOPIC SYLLABLE QHA..ETHIOPIC SYLLABLE QHO
+	{0x1258, 0x1258, prAL, gcLo},     //         ETHIOPIC SYLLABLE QHWA
+	{0x125A, 0x125D, prAL, gcLo},     //     [4] ETHIOPIC SYLLABLE QHWI..ETHIOPIC SYLLABLE QHWE
+	{0x1260, 0x1288, prAL, gcLo},     //    [41] ETHIOPIC SYLLABLE BA..ETHIOPIC SYLLABLE XWA
+	{0x128A, 0x128D, prAL, gcLo},     //     [4] ETHIOPIC SYLLABLE XWI..ETHIOPIC SYLLABLE XWE
+	{0x1290, 0x12B0, prAL, gcLo},     //    [33] ETHIOPIC SYLLABLE NA..ETHIOPIC SYLLABLE KWA
+	{0x12B2, 0x12B5, prAL, gcLo},     //     [4] ETHIOPIC SYLLABLE KWI..ETHIOPIC SYLLABLE KWE
+	{0x12B8, 0x12BE, prAL, gcLo},     //     [7] ETHIOPIC SYLLABLE KXA..ETHIOPIC SYLLABLE KXO
+	{0x12C0, 0x12C0, prAL, gcLo},     //         ETHIOPIC SYLLABLE KXWA
+	{0x12C2, 0x12C5, prAL, gcLo},     //     [4] ETHIOPIC SYLLABLE KXWI..ETHIOPIC SYLLABLE KXWE
+	{0x12C8, 0x12D6, prAL, gcLo},     //    [15] ETHIOPIC SYLLABLE WA..ETHIOPIC SYLLABLE PHARYNGEAL O
+	{0x12D8, 0x1310, prAL, gcLo},     //    [57] ETHIOPIC SYLLABLE ZA..ETHIOPIC SYLLABLE GWA
+	{0x1312, 0x1315, prAL, gcLo},     //     [4] ETHIOPIC SYLLABLE GWI..ETHIOPIC SYLLABLE GWE
+	{0x1318, 0x135A, prAL, gcLo},     //    [67] ETHIOPIC SYLLABLE GGA..ETHIOPIC SYLLABLE FYA
+	{0x135D, 0x135F, prCM, gcMn},     //     [3] ETHIOPIC COMBINING GEMINATION AND VOWEL LENGTH MARK..ETHIOPIC COMBINING GEMINATION MARK
+	{0x1360, 0x1360, prAL, gcPo},     //         ETHIOPIC SECTION MARK
+	{0x1361, 0x1361, prBA, gcPo},     //         ETHIOPIC WORDSPACE
+	{0x1362, 0x1368, prAL, gcPo},     //     [7] ETHIOPIC FULL STOP..ETHIOPIC PARAGRAPH SEPARATOR
+	{0x1369, 0x137C, prAL, gcNo},     //    [20] ETHIOPIC DIGIT ONE..ETHIOPIC NUMBER TEN THOUSAND
+	{0x1380, 0x138F, prAL, gcLo},     //    [16] ETHIOPIC SYLLABLE SEBATBEIT MWA..ETHIOPIC SYLLABLE PWE
+	{0x1390, 0x1399, prAL, gcSo},     //    [10] ETHIOPIC TONAL MARK YIZET..ETHIOPIC TONAL MARK KURT
+	{0x13A0, 0x13F5, prAL, gcLu},     //    [86] CHEROKEE LETTER A..CHEROKEE LETTER MV
+	{0x13F8, 0x13FD, prAL, gcLl},     //     [6] CHEROKEE SMALL LETTER YE..CHEROKEE SMALL LETTER MV
+	{0x1400, 0x1400, prBA, gcPd},     //         CANADIAN SYLLABICS HYPHEN
+	{0x1401, 0x166C, prAL, gcLo},     //   [620] CANADIAN SYLLABICS E..CANADIAN SYLLABICS CARRIER TTSA
+	{0x166D, 0x166D, prAL, gcSo},     //         CANADIAN SYLLABICS CHI SIGN
+	{0x166E, 0x166E, prAL, gcPo},     //         CANADIAN SYLLABICS FULL STOP
+	{0x166F, 0x167F, prAL, gcLo},     //    [17] CANADIAN SYLLABICS QAI..CANADIAN SYLLABICS BLACKFOOT W
+	{0x1680, 0x1680, prBA, gcZs},     //         OGHAM SPACE MARK
+	{0x1681, 0x169A, prAL, gcLo},     //    [26] OGHAM LETTER BEITH..OGHAM LETTER PEITH
+	{0x169B, 0x169B, prOP, gcPs},     //         OGHAM FEATHER MARK
+	{0x169C, 0x169C, prCL, gcPe},     //         OGHAM REVERSED FEATHER MARK
+	{0x16A0, 0x16EA, prAL, gcLo},     //    [75] RUNIC LETTER FEHU FEOH FE F..RUNIC LETTER X
+	{0x16EB, 0x16ED, prBA, gcPo},     //     [3] RUNIC SINGLE PUNCTUATION..RUNIC CROSS PUNCTUATION
+	{0x16EE, 0x16F0, prAL, gcNl},     //     [3] RUNIC ARLAUG SYMBOL..RUNIC BELGTHOR SYMBOL
+	{0x16F1, 0x16F8, prAL, gcLo},     //     [8] RUNIC LETTER K..RUNIC LETTER FRANKS CASKET AESC
+	{0x1700, 0x1711, prAL, gcLo},     //    [18] TAGALOG LETTER A..TAGALOG LETTER HA
+	{0x1712, 0x1714, prCM, gcMn},     //     [3] TAGALOG VOWEL SIGN I..TAGALOG SIGN VIRAMA
+	{0x1715, 0x1715, prCM, gcMc},     //         TAGALOG SIGN PAMUDPOD
+	{0x171F, 0x171F, prAL, gcLo},     //         TAGALOG LETTER ARCHAIC RA
+	{0x1720, 0x1731, prAL, gcLo},     //    [18] HANUNOO LETTER A..HANUNOO LETTER HA
+	{0x1732, 0x1733, prCM, gcMn},     //     [2] HANUNOO VOWEL SIGN I..HANUNOO VOWEL SIGN U
+	{0x1734, 0x1734, prCM, gcMc},     //         HANUNOO SIGN PAMUDPOD
+	{0x1735, 0x1736, prBA, gcPo},     //     [2] PHILIPPINE SINGLE PUNCTUATION..PHILIPPINE DOUBLE PUNCTUATION
+	{0x1740, 0x1751, prAL, gcLo},     //    [18] BUHID LETTER A..BUHID LETTER HA
+	{0x1752, 0x1753, prCM, gcMn},     //     [2] BUHID VOWEL SIGN I..BUHID VOWEL SIGN U
+	{0x1760, 0x176C, prAL, gcLo},     //    [13] TAGBANWA LETTER A..TAGBANWA LETTER YA
+	{0x176E, 0x1770, prAL, gcLo},     //     [3] TAGBANWA LETTER LA..TAGBANWA LETTER SA
+	{0x1772, 0x1773, prCM, gcMn},     //     [2] TAGBANWA VOWEL SIGN I..TAGBANWA VOWEL SIGN U
+	{0x1780, 0x17B3, prSA, gcLo},     //    [52] KHMER LETTER KA..KHMER INDEPENDENT VOWEL QAU
+	{0x17B4, 0x17B5, prSA, gcMn},     //     [2] KHMER VOWEL INHERENT AQ..KHMER VOWEL INHERENT AA
+	{0x17B6, 0x17B6, prSA, gcMc},     //         KHMER VOWEL SIGN AA
+	{0x17B7, 0x17BD, prSA, gcMn},     //     [7] KHMER VOWEL SIGN I..KHMER VOWEL SIGN UA
+	{0x17BE, 0x17C5, prSA, gcMc},     //     [8] KHMER VOWEL SIGN OE..KHMER VOWEL SIGN AU
+	{0x17C6, 0x17C6, prSA, gcMn},     //         KHMER SIGN NIKAHIT
+	{0x17C7, 0x17C8, prSA, gcMc},     //     [2] KHMER SIGN REAHMUK..KHMER SIGN YUUKALEAPINTU
+	{0x17C9, 0x17D3, prSA, gcMn},     //    [11] KHMER SIGN MUUSIKATOAN..KHMER SIGN BATHAMASAT
+	{0x17D4, 0x17D5, prBA, gcPo},     //     [2] KHMER SIGN KHAN..KHMER SIGN BARIYOOSAN
+	{0x17D6, 0x17D6, prNS, gcPo},     //         KHMER SIGN CAMNUC PII KUUH
+	{0x17D7, 0x17D7, prSA, gcLm},     //         KHMER SIGN LEK TOO
+	{0x17D8, 0x17D8, prBA, gcPo},     //         KHMER SIGN BEYYAL
+	{0x17D9, 0x17D9, prAL, gcPo},     //         KHMER SIGN PHNAEK MUAN
+	{0x17DA, 0x17DA, prBA, gcPo},     //         KHMER SIGN KOOMUUT
+	{0x17DB, 0x17DB, prPR, gcSc},     //         KHMER CURRENCY SYMBOL RIEL
+	{0x17DC, 0x17DC, prSA, gcLo},     //         KHMER SIGN AVAKRAHASANYA
+	{0x17DD, 0x17DD, prSA, gcMn},     //         KHMER SIGN ATTHACAN
+	{0x17E0, 0x17E9, prNU, gcNd},     //    [10] KHMER DIGIT ZERO..KHMER DIGIT NINE
+	{0x17F0, 0x17F9, prAL, gcNo},     //    [10] KHMER SYMBOL LEK ATTAK SON..KHMER SYMBOL LEK ATTAK PRAM-BUON
+	{0x1800, 0x1801, prAL, gcPo},     //     [2] MONGOLIAN BIRGA..MONGOLIAN ELLIPSIS
+	{0x1802, 0x1803, prEX, gcPo},     //     [2] MONGOLIAN COMMA..MONGOLIAN FULL STOP
+	{0x1804, 0x1805, prBA, gcPo},     //     [2] MONGOLIAN COLON..MONGOLIAN FOUR DOTS
+	{0x1806, 0x1806, prBB, gcPd},     //         MONGOLIAN TODO SOFT HYPHEN
+	{0x1807, 0x1807, prAL, gcPo},     //         MONGOLIAN SIBE SYLLABLE BOUNDARY MARKER
+	{0x1808, 0x1809, prEX, gcPo},     //     [2] MONGOLIAN MANCHU COMMA..MONGOLIAN MANCHU FULL STOP
+	{0x180A, 0x180A, prAL, gcPo},     //         MONGOLIAN NIRUGU
+	{0x180B, 0x180D, prCM, gcMn},     //     [3] MONGOLIAN FREE VARIATION SELECTOR ONE..MONGOLIAN FREE VARIATION SELECTOR THREE
+	{0x180E, 0x180E, prGL, gcCf},     //         MONGOLIAN VOWEL SEPARATOR
+	{0x180F, 0x180F, prCM, gcMn},     //         MONGOLIAN FREE VARIATION SELECTOR FOUR
+	{0x1810, 0x1819, prNU, gcNd},     //    [10] MONGOLIAN DIGIT ZERO..MONGOLIAN DIGIT NINE
+	{0x1820, 0x1842, prAL, gcLo},     //    [35] MONGOLIAN LETTER A..MONGOLIAN LETTER CHI
+	{0x1843, 0x1843, prAL, gcLm},     //         MONGOLIAN LETTER TODO LONG VOWEL SIGN
+	{0x1844, 0x1878, prAL, gcLo},     //    [53] MONGOLIAN LETTER TODO E..MONGOLIAN LETTER CHA WITH TWO DOTS
+	{0x1880, 0x1884, prAL, gcLo},     //     [5] MONGOLIAN LETTER ALI GALI ANUSVARA ONE..MONGOLIAN LETTER ALI GALI INVERTED UBADAMA
+	{0x1885, 0x1886, prCM, gcMn},     //     [2] MONGOLIAN LETTER ALI GALI BALUDA..MONGOLIAN LETTER ALI GALI THREE BALUDA
+	{0x1887, 0x18A8, prAL, gcLo},     //    [34] MONGOLIAN LETTER ALI GALI A..MONGOLIAN LETTER MANCHU ALI GALI BHA
+	{0x18A9, 0x18A9, prCM, gcMn},     //         MONGOLIAN LETTER ALI GALI DAGALGA
+	{0x18AA, 0x18AA, prAL, gcLo},     //         MONGOLIAN LETTER MANCHU ALI GALI LHA
+	{0x18B0, 0x18F5, prAL, gcLo},     //    [70] CANADIAN SYLLABICS OY..CANADIAN SYLLABICS CARRIER DENTAL S
+	{0x1900, 0x191E, prAL, gcLo},     //    [31] LIMBU VOWEL-CARRIER LETTER..LIMBU LETTER TRA
+	{0x1920, 0x1922, prCM, gcMn},     //     [3] LIMBU VOWEL SIGN A..LIMBU VOWEL SIGN U
+	{0x1923, 0x1926, prCM, gcMc},     //     [4] LIMBU VOWEL SIGN EE..LIMBU VOWEL SIGN AU
+	{0x1927, 0x1928, prCM, gcMn},     //     [2] LIMBU VOWEL SIGN E..LIMBU VOWEL SIGN O
+	{0x1929, 0x192B, prCM, gcMc},     //     [3] LIMBU SUBJOINED LETTER YA..LIMBU SUBJOINED LETTER WA
+	{0x1930, 0x1931, prCM, gcMc},     //     [2] LIMBU SMALL LETTER KA..LIMBU SMALL LETTER NGA
+	{0x1932, 0x1932, prCM, gcMn},     //         LIMBU SMALL LETTER ANUSVARA
+	{0x1933, 0x1938, prCM, gcMc},     //     [6] LIMBU SMALL LETTER TA..LIMBU SMALL LETTER LA
+	{0x1939, 0x193B, prCM, gcMn},     //     [3] LIMBU SIGN MUKPHRENG..LIMBU SIGN SA-I
+	{0x1940, 0x1940, prAL, gcSo},     //         LIMBU SIGN LOO
+	{0x1944, 0x1945, prEX, gcPo},     //     [2] LIMBU EXCLAMATION MARK..LIMBU QUESTION MARK
+	{0x1946, 0x194F, prNU, gcNd},     //    [10] LIMBU DIGIT ZERO..LIMBU DIGIT NINE
+	{0x1950, 0x196D, prSA, gcLo},     //    [30] TAI LE LETTER KA..TAI LE LETTER AI
+	{0x1970, 0x1974, prSA, gcLo},     //     [5] TAI LE LETTER TONE-2..TAI LE LETTER TONE-6
+	{0x1980, 0x19AB, prSA, gcLo},     //    [44] NEW TAI LUE LETTER HIGH QA..NEW TAI LUE LETTER LOW SUA
+	{0x19B0, 0x19C9, prSA, gcLo},     //    [26] NEW TAI LUE VOWEL SIGN VOWEL SHORTENER..NEW TAI LUE TONE MARK-2
+	{0x19D0, 0x19D9, prNU, gcNd},     //    [10] NEW TAI LUE DIGIT ZERO..NEW TAI LUE DIGIT NINE
+	{0x19DA, 0x19DA, prSA, gcNo},     //         NEW TAI LUE THAM DIGIT ONE
+	{0x19DE, 0x19DF, prSA, gcSo},     //     [2] NEW TAI LUE SIGN LAE..NEW TAI LUE SIGN LAEV
+	{0x19E0, 0x19FF, prAL, gcSo},     //    [32] KHMER SYMBOL PATHAMASAT..KHMER SYMBOL DAP-PRAM ROC
+	{0x1A00, 0x1A16, prAL, gcLo},     //    [23] BUGINESE LETTER KA..BUGINESE LETTER HA
+	{0x1A17, 0x1A18, prCM, gcMn},     //     [2] BUGINESE VOWEL SIGN I..BUGINESE VOWEL SIGN U
+	{0x1A19, 0x1A1A, prCM, gcMc},     //     [2] BUGINESE VOWEL SIGN E..BUGINESE VOWEL SIGN O
+	{0x1A1B, 0x1A1B, prCM, gcMn},     //         BUGINESE VOWEL SIGN AE
+	{0x1A1E, 0x1A1F, prAL, gcPo},     //     [2] BUGINESE PALLAWA..BUGINESE END OF SECTION
+	{0x1A20, 0x1A54, prSA, gcLo},     //    [53] TAI THAM LETTER HIGH KA..TAI THAM LETTER GREAT SA
+	{0x1A55, 0x1A55, prSA, gcMc},     //         TAI THAM CONSONANT SIGN MEDIAL RA
+	{0x1A56, 0x1A56, prSA, gcMn},     //         TAI THAM CONSONANT SIGN MEDIAL LA
+	{0x1A57, 0x1A57, prSA, gcMc},     //         TAI THAM CONSONANT SIGN LA TANG LAI
+	{0x1A58, 0x1A5E, prSA, gcMn},     //     [7] TAI THAM SIGN MAI KANG LAI..TAI THAM CONSONANT SIGN SA
+	{0x1A60, 0x1A60, prSA, gcMn},     //         TAI THAM SIGN SAKOT
+	{0x1A61, 0x1A61, prSA, gcMc},     //         TAI THAM VOWEL SIGN A
+	{0x1A62, 0x1A62, prSA, gcMn},     //         TAI THAM VOWEL SIGN MAI SAT
+	{0x1A63, 0x1A64, prSA, gcMc},     //     [2] TAI THAM VOWEL SIGN AA..TAI THAM VOWEL SIGN TALL AA
+	{0x1A65, 0x1A6C, prSA, gcMn},     //     [8] TAI THAM VOWEL SIGN I..TAI THAM VOWEL SIGN OA BELOW
+	{0x1A6D, 0x1A72, prSA, gcMc},     //     [6] TAI THAM VOWEL SIGN OY..TAI THAM VOWEL SIGN THAM AI
+	{0x1A73, 0x1A7C, prSA, gcMn},     //    [10] TAI THAM VOWEL SIGN OA ABOVE..TAI THAM SIGN KHUEN-LUE KARAN
+	{0x1A7F, 0x1A7F, prCM, gcMn},     //         TAI THAM COMBINING CRYPTOGRAMMIC DOT
+	{0x1A80, 0x1A89, prNU, gcNd},     //    [10] TAI THAM HORA DIGIT ZERO..TAI THAM HORA DIGIT NINE
+	{0x1A90, 0x1A99, prNU, gcNd},     //    [10] TAI THAM THAM DIGIT ZERO..TAI THAM THAM DIGIT NINE
+	{0x1AA0, 0x1AA6, prSA, gcPo},     //     [7] TAI THAM SIGN WIANG..TAI THAM SIGN REVERSED ROTATED RANA
+	{0x1AA7, 0x1AA7, prSA, gcLm},     //         TAI THAM SIGN MAI YAMOK
+	{0x1AA8, 0x1AAD, prSA, gcPo},     //     [6] TAI THAM SIGN KAAN..TAI THAM SIGN CAANG
+	{0x1AB0, 0x1ABD, prCM, gcMn},     //    [14] COMBINING DOUBLED CIRCUMFLEX ACCENT..COMBINING PARENTHESES BELOW
+	{0x1ABE, 0x1ABE, prCM, gcMe},     //         COMBINING PARENTHESES OVERLAY
+	{0x1ABF, 0x1ACE, prCM, gcMn},     //    [16] COMBINING LATIN SMALL LETTER W BELOW..COMBINING LATIN SMALL LETTER INSULAR T
+	{0x1B00, 0x1B03, prCM, gcMn},     //     [4] BALINESE SIGN ULU RICEM..BALINESE SIGN SURANG
+	{0x1B04, 0x1B04, prCM, gcMc},     //         BALINESE SIGN BISAH
+	{0x1B05, 0x1B33, prAL, gcLo},     //    [47] BALINESE LETTER AKARA..BALINESE LETTER HA
+	{0x1B34, 0x1B34, prCM, gcMn},     //         BALINESE SIGN REREKAN
+	{0x1B35, 0x1B35, prCM, gcMc},     //         BALINESE VOWEL SIGN TEDUNG
+	{0x1B36, 0x1B3A, prCM, gcMn},     //     [5] BALINESE VOWEL SIGN ULU..BALINESE VOWEL SIGN RA REPA
+	{0x1B3B, 0x1B3B, prCM, gcMc},     //         BALINESE VOWEL SIGN RA REPA TEDUNG
+	{0x1B3C, 0x1B3C, prCM, gcMn},     //         BALINESE VOWEL SIGN LA LENGA
+	{0x1B3D, 0x1B41, prCM, gcMc},     //     [5] BALINESE VOWEL SIGN LA LENGA TEDUNG..BALINESE VOWEL SIGN TALING REPA TEDUNG
+	{0x1B42, 0x1B42, prCM, gcMn},     //         BALINESE VOWEL SIGN PEPET
+	{0x1B43, 0x1B44, prCM, gcMc},     //     [2] BALINESE VOWEL SIGN PEPET TEDUNG..BALINESE ADEG ADEG
+	{0x1B45, 0x1B4C, prAL, gcLo},     //     [8] BALINESE LETTER KAF SASAK..BALINESE LETTER ARCHAIC JNYA
+	{0x1B50, 0x1B59, prNU, gcNd},     //    [10] BALINESE DIGIT ZERO..BALINESE DIGIT NINE
+	{0x1B5A, 0x1B5B, prBA, gcPo},     //     [2] BALINESE PANTI..BALINESE PAMADA
+	{0x1B5C, 0x1B5C, prAL, gcPo},     //         BALINESE WINDU
+	{0x1B5D, 0x1B60, prBA, gcPo},     //     [4] BALINESE CARIK PAMUNGKAH..BALINESE PAMENENG
+	{0x1B61, 0x1B6A, prAL, gcSo},     //    [10] BALINESE MUSICAL SYMBOL DONG..BALINESE MUSICAL SYMBOL DANG GEDE
+	{0x1B6B, 0x1B73, prCM, gcMn},     //     [9] BALINESE MUSICAL SYMBOL COMBINING TEGEH..BALINESE MUSICAL SYMBOL COMBINING GONG
+	{0x1B74, 0x1B7C, prAL, gcSo},     //     [9] BALINESE MUSICAL SYMBOL RIGHT-HAND OPEN DUG..BALINESE MUSICAL SYMBOL LEFT-HAND OPEN PING
+	{0x1B7D, 0x1B7E, prBA, gcPo},     //     [2] BALINESE PANTI LANTANG..BALINESE PAMADA LANTANG
+	{0x1B80, 0x1B81, prCM, gcMn},     //     [2] SUNDANESE SIGN PANYECEK..SUNDANESE SIGN PANGLAYAR
+	{0x1B82, 0x1B82, prCM, gcMc},     //         SUNDANESE SIGN PANGWISAD
+	{0x1B83, 0x1BA0, prAL, gcLo},     //    [30] SUNDANESE LETTER A..SUNDANESE LETTER HA
+	{0x1BA1, 0x1BA1, prCM, gcMc},     //         SUNDANESE CONSONANT SIGN PAMINGKAL
+	{0x1BA2, 0x1BA5, prCM, gcMn},     //     [4] SUNDANESE CONSONANT SIGN PANYAKRA..SUNDANESE VOWEL SIGN PANYUKU
+	{0x1BA6, 0x1BA7, prCM, gcMc},     //     [2] SUNDANESE VOWEL SIGN PANAELAENG..SUNDANESE VOWEL SIGN PANOLONG
+	{0x1BA8, 0x1BA9, prCM, gcMn},     //     [2] SUNDANESE VOWEL SIGN PAMEPET..SUNDANESE VOWEL SIGN PANEULEUNG
+	{0x1BAA, 0x1BAA, prCM, gcMc},     //         SUNDANESE SIGN PAMAAEH
+	{0x1BAB, 0x1BAD, prCM, gcMn},     //     [3] SUNDANESE SIGN VIRAMA..SUNDANESE CONSONANT SIGN PASANGAN WA
+	{0x1BAE, 0x1BAF, prAL, gcLo},     //     [2] SUNDANESE LETTER KHA..SUNDANESE LETTER SYA
+	{0x1BB0, 0x1BB9, prNU, gcNd},     //    [10] SUNDANESE DIGIT ZERO..SUNDANESE DIGIT NINE
+	{0x1BBA, 0x1BBF, prAL, gcLo},     //     [6] SUNDANESE AVAGRAHA..SUNDANESE LETTER FINAL M
+	{0x1BC0, 0x1BE5, prAL, gcLo},     //    [38] BATAK LETTER A..BATAK LETTER U
+	{0x1BE6, 0x1BE6, prCM, gcMn},     //         BATAK SIGN TOMPI
+	{0x1BE7, 0x1BE7, prCM, gcMc},     //         BATAK VOWEL SIGN E
+	{0x1BE8, 0x1BE9, prCM, gcMn},     //     [2] BATAK VOWEL SIGN PAKPAK E..BATAK VOWEL SIGN EE
+	{0x1BEA, 0x1BEC, prCM, gcMc},     //     [3] BATAK VOWEL SIGN I..BATAK VOWEL SIGN O
+	{0x1BED, 0x1BED, prCM, gcMn},     //         BATAK VOWEL SIGN KARO O
+	{0x1BEE, 0x1BEE, prCM, gcMc},     //         BATAK VOWEL SIGN U
+	{0x1BEF, 0x1BF1, prCM, gcMn},     //     [3] BATAK VOWEL SIGN U FOR SIMALUNGUN SA..BATAK CONSONANT SIGN H
+	{0x1BF2, 0x1BF3, prCM, gcMc},     //     [2] BATAK PANGOLAT..BATAK PANONGONAN
+	{0x1BFC, 0x1BFF, prAL, gcPo},     //     [4] BATAK SYMBOL BINDU NA METEK..BATAK SYMBOL BINDU PANGOLAT
+	{0x1C00, 0x1C23, prAL, gcLo},     //    [36] LEPCHA LETTER KA..LEPCHA LETTER A
+	{0x1C24, 0x1C2B, prCM, gcMc},     //     [8] LEPCHA SUBJOINED LETTER YA..LEPCHA VOWEL SIGN UU
+	{0x1C2C, 0x1C33, prCM, gcMn},     //     [8] LEPCHA VOWEL SIGN E..LEPCHA CONSONANT SIGN T
+	{0x1C34, 0x1C35, prCM, gcMc},     //     [2] LEPCHA CONSONANT SIGN NYIN-DO..LEPCHA CONSONANT SIGN KANG
+	{0x1C36, 0x1C37, prCM, gcMn},     //     [2] LEPCHA SIGN RAN..LEPCHA SIGN NUKTA
+	{0x1C3B, 0x1C3F, prBA, gcPo},     //     [5] LEPCHA PUNCTUATION TA-ROL..LEPCHA PUNCTUATION TSHOOK
+	{0x1C40, 0x1C49, prNU, gcNd},     //    [10] LEPCHA DIGIT ZERO..LEPCHA DIGIT NINE
+	{0x1C4D, 0x1C4F, prAL, gcLo},     //     [3] LEPCHA LETTER TTA..LEPCHA LETTER DDA
+	{0x1C50, 0x1C59, prNU, gcNd},     //    [10] OL CHIKI DIGIT ZERO..OL CHIKI DIGIT NINE
+	{0x1C5A, 0x1C77, prAL, gcLo},     //    [30] OL CHIKI LETTER LA..OL CHIKI LETTER OH
+	{0x1C78, 0x1C7D, prAL, gcLm},     //     [6] OL CHIKI MU TTUDDAG..OL CHIKI AHAD
+	{0x1C7E, 0x1C7F, prBA, gcPo},     //     [2] OL CHIKI PUNCTUATION MUCAAD..OL CHIKI PUNCTUATION DOUBLE MUCAAD
+	{0x1C80, 0x1C88, prAL, gcLl},     //     [9] CYRILLIC SMALL LETTER ROUNDED VE..CYRILLIC SMALL LETTER UNBLENDED UK
+	{0x1C90, 0x1CBA, prAL, gcLu},     //    [43] GEORGIAN MTAVRULI CAPITAL LETTER AN..GEORGIAN MTAVRULI CAPITAL LETTER AIN
+	{0x1CBD, 0x1CBF, prAL, gcLu},     //     [3] GEORGIAN MTAVRULI CAPITAL LETTER AEN..GEORGIAN MTAVRULI CAPITAL LETTER LABIAL SIGN
+	{0x1CC0, 0x1CC7, prAL, gcPo},     //     [8] SUNDANESE PUNCTUATION BINDU SURYA..SUNDANESE PUNCTUATION BINDU BA SATANGA
+	{0x1CD0, 0x1CD2, prCM, gcMn},     //     [3] VEDIC TONE KARSHANA..VEDIC TONE PRENKHA
+	{0x1CD3, 0x1CD3, prAL, gcPo},     //         VEDIC SIGN NIHSHVASA
+	{0x1CD4, 0x1CE0, prCM, gcMn},     //    [13] VEDIC SIGN YAJURVEDIC MIDLINE SVARITA..VEDIC TONE RIGVEDIC KASHMIRI INDEPENDENT SVARITA
+	{0x1CE1, 0x1CE1, prCM, gcMc},     //         VEDIC TONE ATHARVAVEDIC INDEPENDENT SVARITA
+	{0x1CE2, 0x1CE8, prCM, gcMn},     //     [7] VEDIC SIGN VISARGA SVARITA..VEDIC SIGN VISARGA ANUDATTA WITH TAIL
+	{0x1CE9, 0x1CEC, prAL, gcLo},     //     [4] VEDIC SIGN ANUSVARA ANTARGOMUKHA..VEDIC SIGN ANUSVARA VAMAGOMUKHA WITH TAIL
+	{0x1CED, 0x1CED, prCM, gcMn},     //         VEDIC SIGN TIRYAK
+	{0x1CEE, 0x1CF3, prAL, gcLo},     //     [6] VEDIC SIGN HEXIFORM LONG ANUSVARA..VEDIC SIGN ROTATED ARDHAVISARGA
+	{0x1CF4, 0x1CF4, prCM, gcMn},     //         VEDIC TONE CANDRA ABOVE
+	{0x1CF5, 0x1CF6, prAL, gcLo},     //     [2] VEDIC SIGN JIHVAMULIYA..VEDIC SIGN UPADHMANIYA
+	{0x1CF7, 0x1CF7, prCM, gcMc},     //         VEDIC SIGN ATIKRAMA
+	{0x1CF8, 0x1CF9, prCM, gcMn},     //     [2] VEDIC TONE RING ABOVE..VEDIC TONE DOUBLE RING ABOVE
+	{0x1CFA, 0x1CFA, prAL, gcLo},     //         VEDIC SIGN DOUBLE ANUSVARA ANTARGOMUKHA
+	{0x1D00, 0x1D2B, prAL, gcLl},     //    [44] LATIN LETTER SMALL CAPITAL A..CYRILLIC LETTER SMALL CAPITAL EL
+	{0x1D2C, 0x1D6A, prAL, gcLm},     //    [63] MODIFIER LETTER CAPITAL A..GREEK SUBSCRIPT SMALL LETTER CHI
+	{0x1D6B, 0x1D77, prAL, gcLl},     //    [13] LATIN SMALL LETTER UE..LATIN SMALL LETTER TURNED G
+	{0x1D78, 0x1D78, prAL, gcLm},     //         MODIFIER LETTER CYRILLIC EN
+	{0x1D79, 0x1D7F, prAL, gcLl},     //     [7] LATIN SMALL LETTER INSULAR G..LATIN SMALL LETTER UPSILON WITH STROKE
+	{0x1D80, 0x1D9A, prAL, gcLl},     //    [27] LATIN SMALL LETTER B WITH PALATAL HOOK..LATIN SMALL LETTER EZH WITH RETROFLEX HOOK
+	{0x1D9B, 0x1DBF, prAL, gcLm},     //    [37] MODIFIER LETTER SMALL TURNED ALPHA..MODIFIER LETTER SMALL THETA
+	{0x1DC0, 0x1DFF, prCM, gcMn},     //    [64] COMBINING DOTTED GRAVE ACCENT..COMBINING RIGHT ARROWHEAD AND DOWN ARROWHEAD BELOW
+	{0x1E00, 0x1EFF, prAL, gcLC},     //   [256] LATIN CAPITAL LETTER A WITH RING BELOW..LATIN SMALL LETTER Y WITH LOOP
+	{0x1F00, 0x1F15, prAL, gcLC},     //    [22] GREEK SMALL LETTER ALPHA WITH PSILI..GREEK SMALL LETTER EPSILON WITH DASIA AND OXIA
+	{0x1F18, 0x1F1D, prAL, gcLu},     //     [6] GREEK CAPITAL LETTER EPSILON WITH PSILI..GREEK CAPITAL LETTER EPSILON WITH DASIA AND OXIA
+	{0x1F20, 0x1F45, prAL, gcLC},     //    [38] GREEK SMALL LETTER ETA WITH PSILI..GREEK SMALL LETTER OMICRON WITH DASIA AND OXIA
+	{0x1F48, 0x1F4D, prAL, gcLu},     //     [6] GREEK CAPITAL LETTER OMICRON WITH PSILI..GREEK CAPITAL LETTER OMICRON WITH DASIA AND OXIA
+	{0x1F50, 0x1F57, prAL, gcLl},     //     [8] GREEK SMALL LETTER UPSILON WITH PSILI..GREEK SMALL LETTER UPSILON WITH DASIA AND PERISPOMENI
+	{0x1F59, 0x1F59, prAL, gcLu},     //         GREEK CAPITAL LETTER UPSILON WITH DASIA
+	{0x1F5B, 0x1F5B, prAL, gcLu},     //         GREEK CAPITAL LETTER UPSILON WITH DASIA AND VARIA
+	{0x1F5D, 0x1F5D, prAL, gcLu},     //         GREEK CAPITAL LETTER UPSILON WITH DASIA AND OXIA
+	{0x1F5F, 0x1F7D, prAL, gcLC},     //    [31] GREEK CAPITAL LETTER UPSILON WITH DASIA AND PERISPOMENI..GREEK SMALL LETTER OMEGA WITH OXIA
+	{0x1F80, 0x1FB4, prAL, gcLC},     //    [53] GREEK SMALL LETTER ALPHA WITH PSILI AND YPOGEGRAMMENI..GREEK SMALL LETTER ALPHA WITH OXIA AND YPOGEGRAMMENI
+	{0x1FB6, 0x1FBC, prAL, gcLC},     //     [7] GREEK SMALL LETTER ALPHA WITH PERISPOMENI..GREEK CAPITAL LETTER ALPHA WITH PROSGEGRAMMENI
+	{0x1FBD, 0x1FBD, prAL, gcSk},     //         GREEK KORONIS
+	{0x1FBE, 0x1FBE, prAL, gcLl},     //         GREEK PROSGEGRAMMENI
+	{0x1FBF, 0x1FC1, prAL, gcSk},     //     [3] GREEK PSILI..GREEK DIALYTIKA AND PERISPOMENI
+	{0x1FC2, 0x1FC4, prAL, gcLl},     //     [3] GREEK SMALL LETTER ETA WITH VARIA AND YPOGEGRAMMENI..GREEK SMALL LETTER ETA WITH OXIA AND YPOGEGRAMMENI
+	{0x1FC6, 0x1FCC, prAL, gcLC},     //     [7] GREEK SMALL LETTER ETA WITH PERISPOMENI..GREEK CAPITAL LETTER ETA WITH PROSGEGRAMMENI
+	{0x1FCD, 0x1FCF, prAL, gcSk},     //     [3] GREEK PSILI AND VARIA..GREEK PSILI AND PERISPOMENI
+	{0x1FD0, 0x1FD3, prAL, gcLl},     //     [4] GREEK SMALL LETTER IOTA WITH VRACHY..GREEK SMALL LETTER IOTA WITH DIALYTIKA AND OXIA
+	{0x1FD6, 0x1FDB, prAL, gcLC},     //     [6] GREEK SMALL LETTER IOTA WITH PERISPOMENI..GREEK CAPITAL LETTER IOTA WITH OXIA
+	{0x1FDD, 0x1FDF, prAL, gcSk},     //     [3] GREEK DASIA AND VARIA..GREEK DASIA AND PERISPOMENI
+	{0x1FE0, 0x1FEC, prAL, gcLC},     //    [13] GREEK SMALL LETTER UPSILON WITH VRACHY..GREEK CAPITAL LETTER RHO WITH DASIA
+	{0x1FED, 0x1FEF, prAL, gcSk},     //     [3] GREEK DIALYTIKA AND VARIA..GREEK VARIA
+	{0x1FF2, 0x1FF4, prAL, gcLl},     //     [3] GREEK SMALL LETTER OMEGA WITH VARIA AND YPOGEGRAMMENI..GREEK SMALL LETTER OMEGA WITH OXIA AND YPOGEGRAMMENI
+	{0x1FF6, 0x1FFC, prAL, gcLC},     //     [7] GREEK SMALL LETTER OMEGA WITH PERISPOMENI..GREEK CAPITAL LETTER OMEGA WITH PROSGEGRAMMENI
+	{0x1FFD, 0x1FFD, prBB, gcSk},     //         GREEK OXIA
+	{0x1FFE, 0x1FFE, prAL, gcSk},     //         GREEK DASIA
+	{0x2000, 0x2006, prBA, gcZs},     //     [7] EN QUAD..SIX-PER-EM SPACE
+	{0x2007, 0x2007, prGL, gcZs},     //         FIGURE SPACE
+	{0x2008, 0x200A, prBA, gcZs},     //     [3] PUNCTUATION SPACE..HAIR SPACE
+	{0x200B, 0x200B, prZW, gcCf},     //         ZERO WIDTH SPACE
+	{0x200C, 0x200C, prCM, gcCf},     //         ZERO WIDTH NON-JOINER
+	{0x200D, 0x200D, prZWJ, gcCf},    //         ZERO WIDTH JOINER
+	{0x200E, 0x200F, prCM, gcCf},     //     [2] LEFT-TO-RIGHT MARK..RIGHT-TO-LEFT MARK
+	{0x2010, 0x2010, prBA, gcPd},     //         HYPHEN
+	{0x2011, 0x2011, prGL, gcPd},     //         NON-BREAKING HYPHEN
+	{0x2012, 0x2013, prBA, gcPd},     //     [2] FIGURE DASH..EN DASH
+	{0x2014, 0x2014, prB2, gcPd},     //         EM DASH
+	{0x2015, 0x2015, prAI, gcPd},     //         HORIZONTAL BAR
+	{0x2016, 0x2016, prAI, gcPo},     //         DOUBLE VERTICAL LINE
+	{0x2017, 0x2017, prAL, gcPo},     //         DOUBLE LOW LINE
+	{0x2018, 0x2018, prQU, gcPi},     //         LEFT SINGLE QUOTATION MARK
+	{0x2019, 0x2019, prQU, gcPf},     //         RIGHT SINGLE QUOTATION MARK
+	{0x201A, 0x201A, prOP, gcPs},     //         SINGLE LOW-9 QUOTATION MARK
+	{0x201B, 0x201C, prQU, gcPi},     //     [2] SINGLE HIGH-REVERSED-9 QUOTATION MARK..LEFT DOUBLE QUOTATION MARK
+	{0x201D, 0x201D, prQU, gcPf},     //         RIGHT DOUBLE QUOTATION MARK
+	{0x201E, 0x201E, prOP, gcPs},     //         DOUBLE LOW-9 QUOTATION MARK
+	{0x201F, 0x201F, prQU, gcPi},     //         DOUBLE HIGH-REVERSED-9 QUOTATION MARK
+	{0x2020, 0x2021, prAI, gcPo},     //     [2] DAGGER..DOUBLE DAGGER
+	{0x2022, 0x2023, prAL, gcPo},     //     [2] BULLET..TRIANGULAR BULLET
+	{0x2024, 0x2026, prIN, gcPo},     //     [3] ONE DOT LEADER..HORIZONTAL ELLIPSIS
+	{0x2027, 0x2027, prBA, gcPo},     //         HYPHENATION POINT
+	{0x2028, 0x2028, prBK, gcZl},     //         LINE SEPARATOR
+	{0x2029, 0x2029, prBK, gcZp},     //         PARAGRAPH SEPARATOR
+	{0x202A, 0x202E, prCM, gcCf},     //     [5] LEFT-TO-RIGHT EMBEDDING..RIGHT-TO-LEFT OVERRIDE
+	{0x202F, 0x202F, prGL, gcZs},     //         NARROW NO-BREAK SPACE
+	{0x2030, 0x2037, prPO, gcPo},     //     [8] PER MILLE SIGN..REVERSED TRIPLE PRIME
+	{0x2038, 0x2038, prAL, gcPo},     //         CARET
+	{0x2039, 0x2039, prQU, gcPi},     //         SINGLE LEFT-POINTING ANGLE QUOTATION MARK
+	{0x203A, 0x203A, prQU, gcPf},     //         SINGLE RIGHT-POINTING ANGLE QUOTATION MARK
+	{0x203B, 0x203B, prAI, gcPo},     //         REFERENCE MARK
+	{0x203C, 0x203D, prNS, gcPo},     //     [2] DOUBLE EXCLAMATION MARK..INTERROBANG
+	{0x203E, 0x203E, prAL, gcPo},     //         OVERLINE
+	{0x203F, 0x2040, prAL, gcPc},     //     [2] UNDERTIE..CHARACTER TIE
+	{0x2041, 0x2043, prAL, gcPo},     //     [3] CARET INSERTION POINT..HYPHEN BULLET
+	{0x2044, 0x2044, prIS, gcSm},     //         FRACTION SLASH
+	{0x2045, 0x2045, prOP, gcPs},     //         LEFT SQUARE BRACKET WITH QUILL
+	{0x2046, 0x2046, prCL, gcPe},     //         RIGHT SQUARE BRACKET WITH QUILL
+	{0x2047, 0x2049, prNS, gcPo},     //     [3] DOUBLE QUESTION MARK..EXCLAMATION QUESTION MARK
+	{0x204A, 0x2051, prAL, gcPo},     //     [8] TIRONIAN SIGN ET..TWO ASTERISKS ALIGNED VERTICALLY
+	{0x2052, 0x2052, prAL, gcSm},     //         COMMERCIAL MINUS SIGN
+	{0x2053, 0x2053, prAL, gcPo},     //         SWUNG DASH
+	{0x2054, 0x2054, prAL, gcPc},     //         INVERTED UNDERTIE
+	{0x2055, 0x2055, prAL, gcPo},     //         FLOWER PUNCTUATION MARK
+	{0x2056, 0x2056, prBA, gcPo},     //         THREE DOT PUNCTUATION
+	{0x2057, 0x2057, prAL, gcPo},     //         QUADRUPLE PRIME
+	{0x2058, 0x205B, prBA, gcPo},     //     [4] FOUR DOT PUNCTUATION..FOUR DOT MARK
+	{0x205C, 0x205C, prAL, gcPo},     //         DOTTED CROSS
+	{0x205D, 0x205E, prBA, gcPo},     //     [2] TRICOLON..VERTICAL FOUR DOTS
+	{0x205F, 0x205F, prBA, gcZs},     //         MEDIUM MATHEMATICAL SPACE
+	{0x2060, 0x2060, prWJ, gcCf},     //         WORD JOINER
+	{0x2061, 0x2064, prAL, gcCf},     //     [4] FUNCTION APPLICATION..INVISIBLE PLUS
+	{0x2066, 0x206F, prCM, gcCf},     //    [10] LEFT-TO-RIGHT ISOLATE..NOMINAL DIGIT SHAPES
+	{0x2070, 0x2070, prAL, gcNo},     //         SUPERSCRIPT ZERO
+	{0x2071, 0x2071, prAL, gcLm},     //         SUPERSCRIPT LATIN SMALL LETTER I
+	{0x2074, 0x2074, prAI, gcNo},     //         SUPERSCRIPT FOUR
+	{0x2075, 0x2079, prAL, gcNo},     //     [5] SUPERSCRIPT FIVE..SUPERSCRIPT NINE
+	{0x207A, 0x207C, prAL, gcSm},     //     [3] SUPERSCRIPT PLUS SIGN..SUPERSCRIPT EQUALS SIGN
+	{0x207D, 0x207D, prOP, gcPs},     //         SUPERSCRIPT LEFT PARENTHESIS
+	{0x207E, 0x207E, prCL, gcPe},     //         SUPERSCRIPT RIGHT PARENTHESIS
+	{0x207F, 0x207F, prAI, gcLm},     //         SUPERSCRIPT LATIN SMALL LETTER N
+	{0x2080, 0x2080, prAL, gcNo},     //         SUBSCRIPT ZERO
+	{0x2081, 0x2084, prAI, gcNo},     //     [4] SUBSCRIPT ONE..SUBSCRIPT FOUR
+	{0x2085, 0x2089, prAL, gcNo},     //     [5] SUBSCRIPT FIVE..SUBSCRIPT NINE
+	{0x208A, 0x208C, prAL, gcSm},     //     [3] SUBSCRIPT PLUS SIGN..SUBSCRIPT EQUALS SIGN
+	{0x208D, 0x208D, prOP, gcPs},     //         SUBSCRIPT LEFT PARENTHESIS
+	{0x208E, 0x208E, prCL, gcPe},     //         SUBSCRIPT RIGHT PARENTHESIS
+	{0x2090, 0x209C, prAL, gcLm},     //    [13] LATIN SUBSCRIPT SMALL LETTER A..LATIN SUBSCRIPT SMALL LETTER T
+	{0x20A0, 0x20A6, prPR, gcSc},     //     [7] EURO-CURRENCY SIGN..NAIRA SIGN
+	{0x20A7, 0x20A7, prPO, gcSc},     //         PESETA SIGN
+	{0x20A8, 0x20B5, prPR, gcSc},     //    [14] RUPEE SIGN..CEDI SIGN
+	{0x20B6, 0x20B6, prPO, gcSc},     //         LIVRE TOURNOIS SIGN
+	{0x20B7, 0x20BA, prPR, gcSc},     //     [4] SPESMILO SIGN..TURKISH LIRA SIGN
+	{0x20BB, 0x20BB, prPO, gcSc},     //         NORDIC MARK SIGN
+	{0x20BC, 0x20BD, prPR, gcSc},     //     [2] MANAT SIGN..RUBLE SIGN
+	{0x20BE, 0x20BE, prPO, gcSc},     //         LARI SIGN
+	{0x20BF, 0x20BF, prPR, gcSc},     //         BITCOIN SIGN
+	{0x20C0, 0x20C0, prPO, gcSc},     //         SOM SIGN
+	{0x20C1, 0x20CF, prPR, gcCn},     //    [15] <reserved-20C1>..<reserved-20CF>
+	{0x20D0, 0x20DC, prCM, gcMn},     //    [13] COMBINING LEFT HARPOON ABOVE..COMBINING FOUR DOTS ABOVE
+	{0x20DD, 0x20E0, prCM, gcMe},     //     [4] COMBINING ENCLOSING CIRCLE..COMBINING ENCLOSING CIRCLE BACKSLASH
+	{0x20E1, 0x20E1, prCM, gcMn},     //         COMBINING LEFT RIGHT ARROW ABOVE
+	{0x20E2, 0x20E4, prCM, gcMe},     //     [3] COMBINING ENCLOSING SCREEN..COMBINING ENCLOSING UPWARD POINTING TRIANGLE
+	{0x20E5, 0x20F0, prCM, gcMn},     //    [12] COMBINING REVERSE SOLIDUS OVERLAY..COMBINING ASTERISK ABOVE
+	{0x2100, 0x2101, prAL, gcSo},     //     [2] ACCOUNT OF..ADDRESSED TO THE SUBJECT
+	{0x2102, 0x2102, prAL, gcLu},     //         DOUBLE-STRUCK CAPITAL C
+	{0x2103, 0x2103, prPO, gcSo},     //         DEGREE CELSIUS
+	{0x2104, 0x2104, prAL, gcSo},     //         CENTRE LINE SYMBOL
+	{0x2105, 0x2105, prAI, gcSo},     //         CARE OF
+	{0x2106, 0x2106, prAL, gcSo},     //         CADA UNA
+	{0x2107, 0x2107, prAL, gcLu},     //         EULER CONSTANT
+	{0x2108, 0x2108, prAL, gcSo},     //         SCRUPLE
+	{0x2109, 0x2109, prPO, gcSo},     //         DEGREE FAHRENHEIT
+	{0x210A, 0x2112, prAL, gcLC},     //     [9] SCRIPT SMALL G..SCRIPT CAPITAL L
+	{0x2113, 0x2113, prAI, gcLl},     //         SCRIPT SMALL L
+	{0x2114, 0x2114, prAL, gcSo},     //         L B BAR SYMBOL
+	{0x2115, 0x2115, prAL, gcLu},     //         DOUBLE-STRUCK CAPITAL N
+	{0x2116, 0x2116, prPR, gcSo},     //         NUMERO SIGN
+	{0x2117, 0x2117, prAL, gcSo},     //         SOUND RECORDING COPYRIGHT
+	{0x2118, 0x2118, prAL, gcSm},     //         SCRIPT CAPITAL P
+	{0x2119, 0x211D, prAL, gcLu},     //     [5] DOUBLE-STRUCK CAPITAL P..DOUBLE-STRUCK CAPITAL R
+	{0x211E, 0x2120, prAL, gcSo},     //     [3] PRESCRIPTION TAKE..SERVICE MARK
+	{0x2121, 0x2122, prAI, gcSo},     //     [2] TELEPHONE SIGN..TRADE MARK SIGN
+	{0x2123, 0x2123, prAL, gcSo},     //         VERSICLE
+	{0x2124, 0x2124, prAL, gcLu},     //         DOUBLE-STRUCK CAPITAL Z
+	{0x2125, 0x2125, prAL, gcSo},     //         OUNCE SIGN
+	{0x2126, 0x2126, prAL, gcLu},     //         OHM SIGN
+	{0x2127, 0x2127, prAL, gcSo},     //         INVERTED OHM SIGN
+	{0x2128, 0x2128, prAL, gcLu},     //         BLACK-LETTER CAPITAL Z
+	{0x2129, 0x2129, prAL, gcSo},     //         TURNED GREEK SMALL LETTER IOTA
+	{0x212A, 0x212A, prAL, gcLu},     //         KELVIN SIGN
+	{0x212B, 0x212B, prAI, gcLu},     //         ANGSTROM SIGN
+	{0x212C, 0x212D, prAL, gcLu},     //     [2] SCRIPT CAPITAL B..BLACK-LETTER CAPITAL C
+	{0x212E, 0x212E, prAL, gcSo},     //         ESTIMATED SYMBOL
+	{0x212F, 0x2134, prAL, gcLC},     //     [6] SCRIPT SMALL E..SCRIPT SMALL O
+	{0x2135, 0x2138, prAL, gcLo},     //     [4] ALEF SYMBOL..DALET SYMBOL
+	{0x2139, 0x2139, prAL, gcLl},     //         INFORMATION SOURCE
+	{0x213A, 0x213B, prAL, gcSo},     //     [2] ROTATED CAPITAL Q..FACSIMILE SIGN
+	{0x213C, 0x213F, prAL, gcLC},     //     [4] DOUBLE-STRUCK SMALL PI..DOUBLE-STRUCK CAPITAL PI
+	{0x2140, 0x2144, prAL, gcSm},     //     [5] DOUBLE-STRUCK N-ARY SUMMATION..TURNED SANS-SERIF CAPITAL Y
+	{0x2145, 0x2149, prAL, gcLC},     //     [5] DOUBLE-STRUCK ITALIC CAPITAL D..DOUBLE-STRUCK ITALIC SMALL J
+	{0x214A, 0x214A, prAL, gcSo},     //         PROPERTY LINE
+	{0x214B, 0x214B, prAL, gcSm},     //         TURNED AMPERSAND
+	{0x214C, 0x214D, prAL, gcSo},     //     [2] PER SIGN..AKTIESELSKAB
+	{0x214E, 0x214E, prAL, gcLl},     //         TURNED SMALL F
+	{0x214F, 0x214F, prAL, gcSo},     //         SYMBOL FOR SAMARITAN SOURCE
+	{0x2150, 0x2153, prAL, gcNo},     //     [4] VULGAR FRACTION ONE SEVENTH..VULGAR FRACTION ONE THIRD
+	{0x2154, 0x2155, prAI, gcNo},     //     [2] VULGAR FRACTION TWO THIRDS..VULGAR FRACTION ONE FIFTH
+	{0x2156, 0x215A, prAL, gcNo},     //     [5] VULGAR FRACTION TWO FIFTHS..VULGAR FRACTION FIVE SIXTHS
+	{0x215B, 0x215B, prAI, gcNo},     //         VULGAR FRACTION ONE EIGHTH
+	{0x215C, 0x215D, prAL, gcNo},     //     [2] VULGAR FRACTION THREE EIGHTHS..VULGAR FRACTION FIVE EIGHTHS
+	{0x215E, 0x215E, prAI, gcNo},     //         VULGAR FRACTION SEVEN EIGHTHS
+	{0x215F, 0x215F, prAL, gcNo},     //         FRACTION NUMERATOR ONE
+	{0x2160, 0x216B, prAI, gcNl},     //    [12] ROMAN NUMERAL ONE..ROMAN NUMERAL TWELVE
+	{0x216C, 0x216F, prAL, gcNl},     //     [4] ROMAN NUMERAL FIFTY..ROMAN NUMERAL ONE THOUSAND
+	{0x2170, 0x2179, prAI, gcNl},     //    [10] SMALL ROMAN NUMERAL ONE..SMALL ROMAN NUMERAL TEN
+	{0x217A, 0x2182, prAL, gcNl},     //     [9] SMALL ROMAN NUMERAL ELEVEN..ROMAN NUMERAL TEN THOUSAND
+	{0x2183, 0x2184, prAL, gcLC},     //     [2] ROMAN NUMERAL REVERSED ONE HUNDRED..LATIN SMALL LETTER REVERSED C
+	{0x2185, 0x2188, prAL, gcNl},     //     [4] ROMAN NUMERAL SIX LATE FORM..ROMAN NUMERAL ONE HUNDRED THOUSAND
+	{0x2189, 0x2189, prAI, gcNo},     //         VULGAR FRACTION ZERO THIRDS
+	{0x218A, 0x218B, prAL, gcSo},     //     [2] TURNED DIGIT TWO..TURNED DIGIT THREE
+	{0x2190, 0x2194, prAI, gcSm},     //     [5] LEFTWARDS ARROW..LEFT RIGHT ARROW
+	{0x2195, 0x2199, prAI, gcSo},     //     [5] UP DOWN ARROW..SOUTH WEST ARROW
+	{0x219A, 0x219B, prAL, gcSm},     //     [2] LEFTWARDS ARROW WITH STROKE..RIGHTWARDS ARROW WITH STROKE
+	{0x219C, 0x219F, prAL, gcSo},     //     [4] LEFTWARDS WAVE ARROW..UPWARDS TWO HEADED ARROW
+	{0x21A0, 0x21A0, prAL, gcSm},     //         RIGHTWARDS TWO HEADED ARROW
+	{0x21A1, 0x21A2, prAL, gcSo},     //     [2] DOWNWARDS TWO HEADED ARROW..LEFTWARDS ARROW WITH TAIL
+	{0x21A3, 0x21A3, prAL, gcSm},     //         RIGHTWARDS ARROW WITH TAIL
+	{0x21A4, 0x21A5, prAL, gcSo},     //     [2] LEFTWARDS ARROW FROM BAR..UPWARDS ARROW FROM BAR
+	{0x21A6, 0x21A6, prAL, gcSm},     //         RIGHTWARDS ARROW FROM BAR
+	{0x21A7, 0x21AD, prAL, gcSo},     //     [7] DOWNWARDS ARROW FROM BAR..LEFT RIGHT WAVE ARROW
+	{0x21AE, 0x21AE, prAL, gcSm},     //         LEFT RIGHT ARROW WITH STROKE
+	{0x21AF, 0x21CD, prAL, gcSo},     //    [31] DOWNWARDS ZIGZAG ARROW..LEFTWARDS DOUBLE ARROW WITH STROKE
+	{0x21CE, 0x21CF, prAL, gcSm},     //     [2] LEFT RIGHT DOUBLE ARROW WITH STROKE..RIGHTWARDS DOUBLE ARROW WITH STROKE
+	{0x21D0, 0x21D1, prAL, gcSo},     //     [2] LEFTWARDS DOUBLE ARROW..UPWARDS DOUBLE ARROW
+	{0x21D2, 0x21D2, prAI, gcSm},     //         RIGHTWARDS DOUBLE ARROW
+	{0x21D3, 0x21D3, prAL, gcSo},     //         DOWNWARDS DOUBLE ARROW
+	{0x21D4, 0x21D4, prAI, gcSm},     //         LEFT RIGHT DOUBLE ARROW
+	{0x21D5, 0x21F3, prAL, gcSo},     //    [31] UP DOWN DOUBLE ARROW..UP DOWN WHITE ARROW
+	{0x21F4, 0x21FF, prAL, gcSm},     //    [12] RIGHT ARROW WITH SMALL CIRCLE..LEFT RIGHT OPEN-HEADED ARROW
+	{0x2200, 0x2200, prAI, gcSm},     //         FOR ALL
+	{0x2201, 0x2201, prAL, gcSm},     //         COMPLEMENT
+	{0x2202, 0x2203, prAI, gcSm},     //     [2] PARTIAL DIFFERENTIAL..THERE EXISTS
+	{0x2204, 0x2206, prAL, gcSm},     //     [3] THERE DOES NOT EXIST..INCREMENT
+	{0x2207, 0x2208, prAI, gcSm},     //     [2] NABLA..ELEMENT OF
+	{0x2209, 0x220A, prAL, gcSm},     //     [2] NOT AN ELEMENT OF..SMALL ELEMENT OF
+	{0x220B, 0x220B, prAI, gcSm},     //         CONTAINS AS MEMBER
+	{0x220C, 0x220E, prAL, gcSm},     //     [3] DOES NOT CONTAIN AS MEMBER..END OF PROOF
+	{0x220F, 0x220F, prAI, gcSm},     //         N-ARY PRODUCT
+	{0x2210, 0x2210, prAL, gcSm},     //         N-ARY COPRODUCT
+	{0x2211, 0x2211, prAI, gcSm},     //         N-ARY SUMMATION
+	{0x2212, 0x2213, prPR, gcSm},     //     [2] MINUS SIGN..MINUS-OR-PLUS SIGN
+	{0x2214, 0x2214, prAL, gcSm},     //         DOT PLUS
+	{0x2215, 0x2215, prAI, gcSm},     //         DIVISION SLASH
+	{0x2216, 0x2219, prAL, gcSm},     //     [4] SET MINUS..BULLET OPERATOR
+	{0x221A, 0x221A, prAI, gcSm},     //         SQUARE ROOT
+	{0x221B, 0x221C, prAL, gcSm},     //     [2] CUBE ROOT..FOURTH ROOT
+	{0x221D, 0x2220, prAI, gcSm},     //     [4] PROPORTIONAL TO..ANGLE
+	{0x2221, 0x2222, prAL, gcSm},     //     [2] MEASURED ANGLE..SPHERICAL ANGLE
+	{0x2223, 0x2223, prAI, gcSm},     //         DIVIDES
+	{0x2224, 0x2224, prAL, gcSm},     //         DOES NOT DIVIDE
+	{0x2225, 0x2225, prAI, gcSm},     //         PARALLEL TO
+	{0x2226, 0x2226, prAL, gcSm},     //         NOT PARALLEL TO
+	{0x2227, 0x222C, prAI, gcSm},     //     [6] LOGICAL AND..DOUBLE INTEGRAL
+	{0x222D, 0x222D, prAL, gcSm},     //         TRIPLE INTEGRAL
+	{0x222E, 0x222E, prAI, gcSm},     //         CONTOUR INTEGRAL
+	{0x222F, 0x2233, prAL, gcSm},     //     [5] SURFACE INTEGRAL..ANTICLOCKWISE CONTOUR INTEGRAL
+	{0x2234, 0x2237, prAI, gcSm},     //     [4] THEREFORE..PROPORTION
+	{0x2238, 0x223B, prAL, gcSm},     //     [4] DOT MINUS..HOMOTHETIC
+	{0x223C, 0x223D, prAI, gcSm},     //     [2] TILDE OPERATOR..REVERSED TILDE
+	{0x223E, 0x2247, prAL, gcSm},     //    [10] INVERTED LAZY S..NEITHER APPROXIMATELY NOR ACTUALLY EQUAL TO
+	{0x2248, 0x2248, prAI, gcSm},     //         ALMOST EQUAL TO
+	{0x2249, 0x224B, prAL, gcSm},     //     [3] NOT ALMOST EQUAL TO..TRIPLE TILDE
+	{0x224C, 0x224C, prAI, gcSm},     //         ALL EQUAL TO
+	{0x224D, 0x2251, prAL, gcSm},     //     [5] EQUIVALENT TO..GEOMETRICALLY EQUAL TO
+	{0x2252, 0x2252, prAI, gcSm},     //         APPROXIMATELY EQUAL TO OR THE IMAGE OF
+	{0x2253, 0x225F, prAL, gcSm},     //    [13] IMAGE OF OR APPROXIMATELY EQUAL TO..QUESTIONED EQUAL TO
+	{0x2260, 0x2261, prAI, gcSm},     //     [2] NOT EQUAL TO..IDENTICAL TO
+	{0x2262, 0x2263, prAL, gcSm},     //     [2] NOT IDENTICAL TO..STRICTLY EQUIVALENT TO
+	{0x2264, 0x2267, prAI, gcSm},     //     [4] LESS-THAN OR EQUAL TO..GREATER-THAN OVER EQUAL TO
+	{0x2268, 0x2269, prAL, gcSm},     //     [2] LESS-THAN BUT NOT EQUAL TO..GREATER-THAN BUT NOT EQUAL TO
+	{0x226A, 0x226B, prAI, gcSm},     //     [2] MUCH LESS-THAN..MUCH GREATER-THAN
+	{0x226C, 0x226D, prAL, gcSm},     //     [2] BETWEEN..NOT EQUIVALENT TO
+	{0x226E, 0x226F, prAI, gcSm},     //     [2] NOT LESS-THAN..NOT GREATER-THAN
+	{0x2270, 0x2281, prAL, gcSm},     //    [18] NEITHER LESS-THAN NOR EQUAL TO..DOES NOT SUCCEED
+	{0x2282, 0x2283, prAI, gcSm},     //     [2] SUBSET OF..SUPERSET OF
+	{0x2284, 0x2285, prAL, gcSm},     //     [2] NOT A SUBSET OF..NOT A SUPERSET OF
+	{0x2286, 0x2287, prAI, gcSm},     //     [2] SUBSET OF OR EQUAL TO..SUPERSET OF OR EQUAL TO
+	{0x2288, 0x2294, prAL, gcSm},     //    [13] NEITHER A SUBSET OF NOR EQUAL TO..SQUARE CUP
+	{0x2295, 0x2295, prAI, gcSm},     //         CIRCLED PLUS
+	{0x2296, 0x2298, prAL, gcSm},     //     [3] CIRCLED MINUS..CIRCLED DIVISION SLASH
+	{0x2299, 0x2299, prAI, gcSm},     //         CIRCLED DOT OPERATOR
+	{0x229A, 0x22A4, prAL, gcSm},     //    [11] CIRCLED RING OPERATOR..DOWN TACK
+	{0x22A5, 0x22A5, prAI, gcSm},     //         UP TACK
+	{0x22A6, 0x22BE, prAL, gcSm},     //    [25] ASSERTION..RIGHT ANGLE WITH ARC
+	{0x22BF, 0x22BF, prAI, gcSm},     //         RIGHT TRIANGLE
+	{0x22C0, 0x22EE, prAL, gcSm},     //    [47] N-ARY LOGICAL AND..VERTICAL ELLIPSIS
+	{0x22EF, 0x22EF, prIN, gcSm},     //         MIDLINE HORIZONTAL ELLIPSIS
+	{0x22F0, 0x22FF, prAL, gcSm},     //    [16] UP RIGHT DIAGONAL ELLIPSIS..Z NOTATION BAG MEMBERSHIP
+	{0x2300, 0x2307, prAL, gcSo},     //     [8] DIAMETER SIGN..WAVY LINE
+	{0x2308, 0x2308, prOP, gcPs},     //         LEFT CEILING
+	{0x2309, 0x2309, prCL, gcPe},     //         RIGHT CEILING
+	{0x230A, 0x230A, prOP, gcPs},     //         LEFT FLOOR
+	{0x230B, 0x230B, prCL, gcPe},     //         RIGHT FLOOR
+	{0x230C, 0x2311, prAL, gcSo},     //     [6] BOTTOM RIGHT CROP..SQUARE LOZENGE
+	{0x2312, 0x2312, prAI, gcSo},     //         ARC
+	{0x2313, 0x2319, prAL, gcSo},     //     [7] SEGMENT..TURNED NOT SIGN
+	{0x231A, 0x231B, prID, gcSo},     //     [2] WATCH..HOURGLASS
+	{0x231C, 0x231F, prAL, gcSo},     //     [4] TOP LEFT CORNER..BOTTOM RIGHT CORNER
+	{0x2320, 0x2321, prAL, gcSm},     //     [2] TOP HALF INTEGRAL..BOTTOM HALF INTEGRAL
+	{0x2322, 0x2328, prAL, gcSo},     //     [7] FROWN..KEYBOARD
+	{0x2329, 0x2329, prOP, gcPs},     //         LEFT-POINTING ANGLE BRACKET
+	{0x232A, 0x232A, prCL, gcPe},     //         RIGHT-POINTING ANGLE BRACKET
+	{0x232B, 0x237B, prAL, gcSo},     //    [81] ERASE TO THE LEFT..NOT CHECK MARK
+	{0x237C, 0x237C, prAL, gcSm},     //         RIGHT ANGLE WITH DOWNWARDS ZIGZAG ARROW
+	{0x237D, 0x239A, prAL, gcSo},     //    [30] SHOULDERED OPEN BOX..CLEAR SCREEN SYMBOL
+	{0x239B, 0x23B3, prAL, gcSm},     //    [25] LEFT PARENTHESIS UPPER HOOK..SUMMATION BOTTOM
+	{0x23B4, 0x23DB, prAL, gcSo},     //    [40] TOP SQUARE BRACKET..FUSE
+	{0x23DC, 0x23E1, prAL, gcSm},     //     [6] TOP PARENTHESIS..BOTTOM TORTOISE SHELL BRACKET
+	{0x23E2, 0x23EF, prAL, gcSo},     //    [14] WHITE TRAPEZIUM..BLACK RIGHT-POINTING TRIANGLE WITH DOUBLE VERTICAL BAR
+	{0x23F0, 0x23F3, prID, gcSo},     //     [4] ALARM CLOCK..HOURGLASS WITH FLOWING SAND
+	{0x23F4, 0x23FF, prAL, gcSo},     //    [12] BLACK MEDIUM LEFT-POINTING TRIANGLE..OBSERVER EYE SYMBOL
+	{0x2400, 0x2426, prAL, gcSo},     //    [39] SYMBOL FOR NULL..SYMBOL FOR SUBSTITUTE FORM TWO
+	{0x2440, 0x244A, prAL, gcSo},     //    [11] OCR HOOK..OCR DOUBLE BACKSLASH
+	{0x2460, 0x249B, prAI, gcNo},     //    [60] CIRCLED DIGIT ONE..NUMBER TWENTY FULL STOP
+	{0x249C, 0x24E9, prAI, gcSo},     //    [78] PARENTHESIZED LATIN SMALL LETTER A..CIRCLED LATIN SMALL LETTER Z
+	{0x24EA, 0x24FE, prAI, gcNo},     //    [21] CIRCLED DIGIT ZERO..DOUBLE CIRCLED NUMBER TEN
+	{0x24FF, 0x24FF, prAL, gcNo},     //         NEGATIVE CIRCLED DIGIT ZERO
+	{0x2500, 0x254B, prAI, gcSo},     //    [76] BOX DRAWINGS LIGHT HORIZONTAL..BOX DRAWINGS HEAVY VERTICAL AND HORIZONTAL
+	{0x254C, 0x254F, prAL, gcSo},     //     [4] BOX DRAWINGS LIGHT DOUBLE DASH HORIZONTAL..BOX DRAWINGS HEAVY DOUBLE DASH VERTICAL
+	{0x2550, 0x2574, prAI, gcSo},     //    [37] BOX DRAWINGS DOUBLE HORIZONTAL..BOX DRAWINGS LIGHT LEFT
+	{0x2575, 0x257F, prAL, gcSo},     //    [11] BOX DRAWINGS LIGHT UP..BOX DRAWINGS HEAVY UP AND LIGHT DOWN
+	{0x2580, 0x258F, prAI, gcSo},     //    [16] UPPER HALF BLOCK..LEFT ONE EIGHTH BLOCK
+	{0x2590, 0x2591, prAL, gcSo},     //     [2] RIGHT HALF BLOCK..LIGHT SHADE
+	{0x2592, 0x2595, prAI, gcSo},     //     [4] MEDIUM SHADE..RIGHT ONE EIGHTH BLOCK
+	{0x2596, 0x259F, prAL, gcSo},     //    [10] QUADRANT LOWER LEFT..QUADRANT UPPER RIGHT AND LOWER LEFT AND LOWER RIGHT
+	{0x25A0, 0x25A1, prAI, gcSo},     //     [2] BLACK SQUARE..WHITE SQUARE
+	{0x25A2, 0x25A2, prAL, gcSo},     //         WHITE SQUARE WITH ROUNDED CORNERS
+	{0x25A3, 0x25A9, prAI, gcSo},     //     [7] WHITE SQUARE CONTAINING BLACK SMALL SQUARE..SQUARE WITH DIAGONAL CROSSHATCH FILL
+	{0x25AA, 0x25B1, prAL, gcSo},     //     [8] BLACK SMALL SQUARE..WHITE PARALLELOGRAM
+	{0x25B2, 0x25B3, prAI, gcSo},     //     [2] BLACK UP-POINTING TRIANGLE..WHITE UP-POINTING TRIANGLE
+	{0x25B4, 0x25B5, prAL, gcSo},     //     [2] BLACK UP-POINTING SMALL TRIANGLE..WHITE UP-POINTING SMALL TRIANGLE
+	{0x25B6, 0x25B6, prAI, gcSo},     //         BLACK RIGHT-POINTING TRIANGLE
+	{0x25B7, 0x25B7, prAI, gcSm},     //         WHITE RIGHT-POINTING TRIANGLE
+	{0x25B8, 0x25BB, prAL, gcSo},     //     [4] BLACK RIGHT-POINTING SMALL TRIANGLE..WHITE RIGHT-POINTING POINTER
+	{0x25BC, 0x25BD, prAI, gcSo},     //     [2] BLACK DOWN-POINTING TRIANGLE..WHITE DOWN-POINTING TRIANGLE
+	{0x25BE, 0x25BF, prAL, gcSo},     //     [2] BLACK DOWN-POINTING SMALL TRIANGLE..WHITE DOWN-POINTING SMALL TRIANGLE
+	{0x25C0, 0x25C0, prAI, gcSo},     //         BLACK LEFT-POINTING TRIANGLE
+	{0x25C1, 0x25C1, prAI, gcSm},     //         WHITE LEFT-POINTING TRIANGLE
+	{0x25C2, 0x25C5, prAL, gcSo},     //     [4] BLACK LEFT-POINTING SMALL TRIANGLE..WHITE LEFT-POINTING POINTER
+	{0x25C6, 0x25C8, prAI, gcSo},     //     [3] BLACK DIAMOND..WHITE DIAMOND CONTAINING BLACK SMALL DIAMOND
+	{0x25C9, 0x25CA, prAL, gcSo},     //     [2] FISHEYE..LOZENGE
+	{0x25CB, 0x25CB, prAI, gcSo},     //         WHITE CIRCLE
+	{0x25CC, 0x25CD, prAL, gcSo},     //     [2] DOTTED CIRCLE..CIRCLE WITH VERTICAL FILL
+	{0x25CE, 0x25D1, prAI, gcSo},     //     [4] BULLSEYE..CIRCLE WITH RIGHT HALF BLACK
+	{0x25D2, 0x25E1, prAL, gcSo},     //    [16] CIRCLE WITH LOWER HALF BLACK..LOWER HALF CIRCLE
+	{0x25E2, 0x25E5, prAI, gcSo},     //     [4] BLACK LOWER RIGHT TRIANGLE..BLACK UPPER RIGHT TRIANGLE
+	{0x25E6, 0x25EE, prAL, gcSo},     //     [9] WHITE BULLET..UP-POINTING TRIANGLE WITH RIGHT HALF BLACK
+	{0x25EF, 0x25EF, prAI, gcSo},     //         LARGE CIRCLE
+	{0x25F0, 0x25F7, prAL, gcSo},     //     [8] WHITE SQUARE WITH UPPER LEFT QUADRANT..WHITE CIRCLE WITH UPPER RIGHT QUADRANT
+	{0x25F8, 0x25FF, prAL, gcSm},     //     [8] UPPER LEFT TRIANGLE..LOWER RIGHT TRIANGLE
+	{0x2600, 0x2603, prID, gcSo},     //     [4] BLACK SUN WITH RAYS..SNOWMAN
+	{0x2604, 0x2604, prAL, gcSo},     //         COMET
+	{0x2605, 0x2606, prAI, gcSo},     //     [2] BLACK STAR..WHITE STAR
+	{0x2607, 0x2608, prAL, gcSo},     //     [2] LIGHTNING..THUNDERSTORM
+	{0x2609, 0x2609, prAI, gcSo},     //         SUN
+	{0x260A, 0x260D, prAL, gcSo},     //     [4] ASCENDING NODE..OPPOSITION
+	{0x260E, 0x260F, prAI, gcSo},     //     [2] BLACK TELEPHONE..WHITE TELEPHONE
+	{0x2610, 0x2613, prAL, gcSo},     //     [4] BALLOT BOX..SALTIRE
+	{0x2614, 0x2615, prID, gcSo},     //     [2] UMBRELLA WITH RAIN DROPS..HOT BEVERAGE
+	{0x2616, 0x2617, prAI, gcSo},     //     [2] WHITE SHOGI PIECE..BLACK SHOGI PIECE
+	{0x2618, 0x2618, prID, gcSo},     //         SHAMROCK
+	{0x2619, 0x2619, prAL, gcSo},     //         REVERSED ROTATED FLORAL HEART BULLET
+	{0x261A, 0x261C, prID, gcSo},     //     [3] BLACK LEFT POINTING INDEX..WHITE LEFT POINTING INDEX
+	{0x261D, 0x261D, prEB, gcSo},     //         WHITE UP POINTING INDEX
+	{0x261E, 0x261F, prID, gcSo},     //     [2] WHITE RIGHT POINTING INDEX..WHITE DOWN POINTING INDEX
+	{0x2620, 0x2638, prAL, gcSo},     //    [25] SKULL AND CROSSBONES..WHEEL OF DHARMA
+	{0x2639, 0x263B, prID, gcSo},     //     [3] WHITE FROWNING FACE..BLACK SMILING FACE
+	{0x263C, 0x263F, prAL, gcSo},     //     [4] WHITE SUN WITH RAYS..MERCURY
+	{0x2640, 0x2640, prAI, gcSo},     //         FEMALE SIGN
+	{0x2641, 0x2641, prAL, gcSo},     //         EARTH
+	{0x2642, 0x2642, prAI, gcSo},     //         MALE SIGN
+	{0x2643, 0x265F, prAL, gcSo},     //    [29] JUPITER..BLACK CHESS PAWN
+	{0x2660, 0x2661, prAI, gcSo},     //     [2] BLACK SPADE SUIT..WHITE HEART SUIT
+	{0x2662, 0x2662, prAL, gcSo},     //         WHITE DIAMOND SUIT
+	{0x2663, 0x2665, prAI, gcSo},     //     [3] BLACK CLUB SUIT..BLACK HEART SUIT
+	{0x2666, 0x2666, prAL, gcSo},     //         BLACK DIAMOND SUIT
+	{0x2667, 0x2667, prAI, gcSo},     //         WHITE CLUB SUIT
+	{0x2668, 0x2668, prID, gcSo},     //         HOT SPRINGS
+	{0x2669, 0x266A, prAI, gcSo},     //     [2] QUARTER NOTE..EIGHTH NOTE
+	{0x266B, 0x266B, prAL, gcSo},     //         BEAMED EIGHTH NOTES
+	{0x266C, 0x266D, prAI, gcSo},     //     [2] BEAMED SIXTEENTH NOTES..MUSIC FLAT SIGN
+	{0x266E, 0x266E, prAL, gcSo},     //         MUSIC NATURAL SIGN
+	{0x266F, 0x266F, prAI, gcSm},     //         MUSIC SHARP SIGN
+	{0x2670, 0x267E, prAL, gcSo},     //    [15] WEST SYRIAC CROSS..PERMANENT PAPER SIGN
+	{0x267F, 0x267F, prID, gcSo},     //         WHEELCHAIR SYMBOL
+	{0x2680, 0x269D, prAL, gcSo},     //    [30] DIE FACE-1..OUTLINED WHITE STAR
+	{0x269E, 0x269F, prAI, gcSo},     //     [2] THREE LINES CONVERGING RIGHT..THREE LINES CONVERGING LEFT
+	{0x26A0, 0x26BC, prAL, gcSo},     //    [29] WARNING SIGN..SESQUIQUADRATE
+	{0x26BD, 0x26C8, prID, gcSo},     //    [12] SOCCER BALL..THUNDER CLOUD AND RAIN
+	{0x26C9, 0x26CC, prAI, gcSo},     //     [4] TURNED WHITE SHOGI PIECE..CROSSING LANES
+	{0x26CD, 0x26CD, prID, gcSo},     //         DISABLED CAR
+	{0x26CE, 0x26CE, prAL, gcSo},     //         OPHIUCHUS
+	{0x26CF, 0x26D1, prID, gcSo},     //     [3] PICK..HELMET WITH WHITE CROSS
+	{0x26D2, 0x26D2, prAI, gcSo},     //         CIRCLED CROSSING LANES
+	{0x26D3, 0x26D4, prID, gcSo},     //     [2] CHAINS..NO ENTRY
+	{0x26D5, 0x26D7, prAI, gcSo},     //     [3] ALTERNATE ONE-WAY LEFT WAY TRAFFIC..WHITE TWO-WAY LEFT WAY TRAFFIC
+	{0x26D8, 0x26D9, prID, gcSo},     //     [2] BLACK LEFT LANE MERGE..WHITE LEFT LANE MERGE
+	{0x26DA, 0x26DB, prAI, gcSo},     //     [2] DRIVE SLOW SIGN..HEAVY WHITE DOWN-POINTING TRIANGLE
+	{0x26DC, 0x26DC, prID, gcSo},     //         LEFT CLOSED ENTRY
+	{0x26DD, 0x26DE, prAI, gcSo},     //     [2] SQUARED SALTIRE..FALLING DIAGONAL IN WHITE CIRCLE IN BLACK SQUARE
+	{0x26DF, 0x26E1, prID, gcSo},     //     [3] BLACK TRUCK..RESTRICTED LEFT ENTRY-2
+	{0x26E2, 0x26E2, prAL, gcSo},     //         ASTRONOMICAL SYMBOL FOR URANUS
+	{0x26E3, 0x26E3, prAI, gcSo},     //         HEAVY CIRCLE WITH STROKE AND TWO DOTS ABOVE
+	{0x26E4, 0x26E7, prAL, gcSo},     //     [4] PENTAGRAM..INVERTED PENTAGRAM
+	{0x26E8, 0x26E9, prAI, gcSo},     //     [2] BLACK CROSS ON SHIELD..SHINTO SHRINE
+	{0x26EA, 0x26EA, prID, gcSo},     //         CHURCH
+	{0x26EB, 0x26F0, prAI, gcSo},     //     [6] CASTLE..MOUNTAIN
+	{0x26F1, 0x26F5, prID, gcSo},     //     [5] UMBRELLA ON GROUND..SAILBOAT
+	{0x26F6, 0x26F6, prAI, gcSo},     //         SQUARE FOUR CORNERS
+	{0x26F7, 0x26F8, prID, gcSo},     //     [2] SKIER..ICE SKATE
+	{0x26F9, 0x26F9, prEB, gcSo},     //         PERSON WITH BALL
+	{0x26FA, 0x26FA, prID, gcSo},     //         TENT
+	{0x26FB, 0x26FC, prAI, gcSo},     //     [2] JAPANESE BANK SYMBOL..HEADSTONE GRAVEYARD SYMBOL
+	{0x26FD, 0x26FF, prID, gcSo},     //     [3] FUEL PUMP..WHITE FLAG WITH HORIZONTAL MIDDLE BLACK STRIPE
+	{0x2700, 0x2704, prID, gcSo},     //     [5] BLACK SAFETY SCISSORS..WHITE SCISSORS
+	{0x2705, 0x2707, prAL, gcSo},     //     [3] WHITE HEAVY CHECK MARK..TAPE DRIVE
+	{0x2708, 0x2709, prID, gcSo},     //     [2] AIRPLANE..ENVELOPE
+	{0x270A, 0x270D, prEB, gcSo},     //     [4] RAISED FIST..WRITING HAND
+	{0x270E, 0x2756, prAL, gcSo},     //    [73] LOWER RIGHT PENCIL..BLACK DIAMOND MINUS WHITE X
+	{0x2757, 0x2757, prAI, gcSo},     //         HEAVY EXCLAMATION MARK SYMBOL
+	{0x2758, 0x275A, prAL, gcSo},     //     [3] LIGHT VERTICAL BAR..HEAVY VERTICAL BAR
+	{0x275B, 0x2760, prQU, gcSo},     //     [6] HEAVY SINGLE TURNED COMMA QUOTATION MARK ORNAMENT..HEAVY LOW DOUBLE COMMA QUOTATION MARK ORNAMENT
+	{0x2761, 0x2761, prAL, gcSo},     //         CURVED STEM PARAGRAPH SIGN ORNAMENT
+	{0x2762, 0x2763, prEX, gcSo},     //     [2] HEAVY EXCLAMATION MARK ORNAMENT..HEAVY HEART EXCLAMATION MARK ORNAMENT
+	{0x2764, 0x2764, prID, gcSo},     //         HEAVY BLACK HEART
+	{0x2765, 0x2767, prAL, gcSo},     //     [3] ROTATED HEAVY BLACK HEART BULLET..ROTATED FLORAL HEART BULLET
+	{0x2768, 0x2768, prOP, gcPs},     //         MEDIUM LEFT PARENTHESIS ORNAMENT
+	{0x2769, 0x2769, prCL, gcPe},     //         MEDIUM RIGHT PARENTHESIS ORNAMENT
+	{0x276A, 0x276A, prOP, gcPs},     //         MEDIUM FLATTENED LEFT PARENTHESIS ORNAMENT
+	{0x276B, 0x276B, prCL, gcPe},     //         MEDIUM FLATTENED RIGHT PARENTHESIS ORNAMENT
+	{0x276C, 0x276C, prOP, gcPs},     //         MEDIUM LEFT-POINTING ANGLE BRACKET ORNAMENT
+	{0x276D, 0x276D, prCL, gcPe},     //         MEDIUM RIGHT-POINTING ANGLE BRACKET ORNAMENT
+	{0x276E, 0x276E, prOP, gcPs},     //         HEAVY LEFT-POINTING ANGLE QUOTATION MARK ORNAMENT
+	{0x276F, 0x276F, prCL, gcPe},     //         HEAVY RIGHT-POINTING ANGLE QUOTATION MARK ORNAMENT
+	{0x2770, 0x2770, prOP, gcPs},     //         HEAVY LEFT-POINTING ANGLE BRACKET ORNAMENT
+	{0x2771, 0x2771, prCL, gcPe},     //         HEAVY RIGHT-POINTING ANGLE BRACKET ORNAMENT
+	{0x2772, 0x2772, prOP, gcPs},     //         LIGHT LEFT TORTOISE SHELL BRACKET ORNAMENT
+	{0x2773, 0x2773, prCL, gcPe},     //         LIGHT RIGHT TORTOISE SHELL BRACKET ORNAMENT
+	{0x2774, 0x2774, prOP, gcPs},     //         MEDIUM LEFT CURLY BRACKET ORNAMENT
+	{0x2775, 0x2775, prCL, gcPe},     //         MEDIUM RIGHT CURLY BRACKET ORNAMENT
+	{0x2776, 0x2793, prAI, gcNo},     //    [30] DINGBAT NEGATIVE CIRCLED DIGIT ONE..DINGBAT NEGATIVE CIRCLED SANS-SERIF NUMBER TEN
+	{0x2794, 0x27BF, prAL, gcSo},     //    [44] HEAVY WIDE-HEADED RIGHTWARDS ARROW..DOUBLE CURLY LOOP
+	{0x27C0, 0x27C4, prAL, gcSm},     //     [5] THREE DIMENSIONAL ANGLE..OPEN SUPERSET
+	{0x27C5, 0x27C5, prOP, gcPs},     //         LEFT S-SHAPED BAG DELIMITER
+	{0x27C6, 0x27C6, prCL, gcPe},     //         RIGHT S-SHAPED BAG DELIMITER
+	{0x27C7, 0x27E5, prAL, gcSm},     //    [31] OR WITH DOT INSIDE..WHITE SQUARE WITH RIGHTWARDS TICK
+	{0x27E6, 0x27E6, prOP, gcPs},     //         MATHEMATICAL LEFT WHITE SQUARE BRACKET
+	{0x27E7, 0x27E7, prCL, gcPe},     //         MATHEMATICAL RIGHT WHITE SQUARE BRACKET
+	{0x27E8, 0x27E8, prOP, gcPs},     //         MATHEMATICAL LEFT ANGLE BRACKET
+	{0x27E9, 0x27E9, prCL, gcPe},     //         MATHEMATICAL RIGHT ANGLE BRACKET
+	{0x27EA, 0x27EA, prOP, gcPs},     //         MATHEMATICAL LEFT DOUBLE ANGLE BRACKET
+	{0x27EB, 0x27EB, prCL, gcPe},     //         MATHEMATICAL RIGHT DOUBLE ANGLE BRACKET
+	{0x27EC, 0x27EC, prOP, gcPs},     //         MATHEMATICAL LEFT WHITE TORTOISE SHELL BRACKET
+	{0x27ED, 0x27ED, prCL, gcPe},     //         MATHEMATICAL RIGHT WHITE TORTOISE SHELL BRACKET
+	{0x27EE, 0x27EE, prOP, gcPs},     //         MATHEMATICAL LEFT FLATTENED PARENTHESIS
+	{0x27EF, 0x27EF, prCL, gcPe},     //         MATHEMATICAL RIGHT FLATTENED PARENTHESIS
+	{0x27F0, 0x27FF, prAL, gcSm},     //    [16] UPWARDS QUADRUPLE ARROW..LONG RIGHTWARDS SQUIGGLE ARROW
+	{0x2800, 0x28FF, prAL, gcSo},     //   [256] BRAILLE PATTERN BLANK..BRAILLE PATTERN DOTS-12345678
+	{0x2900, 0x297F, prAL, gcSm},     //   [128] RIGHTWARDS TWO-HEADED ARROW WITH VERTICAL STROKE..DOWN FISH TAIL
+	{0x2980, 0x2982, prAL, gcSm},     //     [3] TRIPLE VERTICAL BAR DELIMITER..Z NOTATION TYPE COLON
+	{0x2983, 0x2983, prOP, gcPs},     //         LEFT WHITE CURLY BRACKET
+	{0x2984, 0x2984, prCL, gcPe},     //         RIGHT WHITE CURLY BRACKET
+	{0x2985, 0x2985, prOP, gcPs},     //         LEFT WHITE PARENTHESIS
+	{0x2986, 0x2986, prCL, gcPe},     //         RIGHT WHITE PARENTHESIS
+	{0x2987, 0x2987, prOP, gcPs},     //         Z NOTATION LEFT IMAGE BRACKET
+	{0x2988, 0x2988, prCL, gcPe},     //         Z NOTATION RIGHT IMAGE BRACKET
+	{0x2989, 0x2989, prOP, gcPs},     //         Z NOTATION LEFT BINDING BRACKET
+	{0x298A, 0x298A, prCL, gcPe},     //         Z NOTATION RIGHT BINDING BRACKET
+	{0x298B, 0x298B, prOP, gcPs},     //         LEFT SQUARE BRACKET WITH UNDERBAR
+	{0x298C, 0x298C, prCL, gcPe},     //         RIGHT SQUARE BRACKET WITH UNDERBAR
+	{0x298D, 0x298D, prOP, gcPs},     //         LEFT SQUARE BRACKET WITH TICK IN TOP CORNER
+	{0x298E, 0x298E, prCL, gcPe},     //         RIGHT SQUARE BRACKET WITH TICK IN BOTTOM CORNER
+	{0x298F, 0x298F, prOP, gcPs},     //         LEFT SQUARE BRACKET WITH TICK IN BOTTOM CORNER
+	{0x2990, 0x2990, prCL, gcPe},     //         RIGHT SQUARE BRACKET WITH TICK IN TOP CORNER
+	{0x2991, 0x2991, prOP, gcPs},     //         LEFT ANGLE BRACKET WITH DOT
+	{0x2992, 0x2992, prCL, gcPe},     //         RIGHT ANGLE BRACKET WITH DOT
+	{0x2993, 0x2993, prOP, gcPs},     //         LEFT ARC LESS-THAN BRACKET
+	{0x2994, 0x2994, prCL, gcPe},     //         RIGHT ARC GREATER-THAN BRACKET
+	{0x2995, 0x2995, prOP, gcPs},     //         DOUBLE LEFT ARC GREATER-THAN BRACKET
+	{0x2996, 0x2996, prCL, gcPe},     //         DOUBLE RIGHT ARC LESS-THAN BRACKET
+	{0x2997, 0x2997, prOP, gcPs},     //         LEFT BLACK TORTOISE SHELL BRACKET
+	{0x2998, 0x2998, prCL, gcPe},     //         RIGHT BLACK TORTOISE SHELL BRACKET
+	{0x2999, 0x29D7, prAL, gcSm},     //    [63] DOTTED FENCE..BLACK HOURGLASS
+	{0x29D8, 0x29D8, prOP, gcPs},     //         LEFT WIGGLY FENCE
+	{0x29D9, 0x29D9, prCL, gcPe},     //         RIGHT WIGGLY FENCE
+	{0x29DA, 0x29DA, prOP, gcPs},     //         LEFT DOUBLE WIGGLY FENCE
+	{0x29DB, 0x29DB, prCL, gcPe},     //         RIGHT DOUBLE WIGGLY FENCE
+	{0x29DC, 0x29FB, prAL, gcSm},     //    [32] INCOMPLETE INFINITY..TRIPLE PLUS
+	{0x29FC, 0x29FC, prOP, gcPs},     //         LEFT-POINTING CURVED ANGLE BRACKET
+	{0x29FD, 0x29FD, prCL, gcPe},     //         RIGHT-POINTING CURVED ANGLE BRACKET
+	{0x29FE, 0x29FF, prAL, gcSm},     //     [2] TINY..MINY
+	{0x2A00, 0x2AFF, prAL, gcSm},     //   [256] N-ARY CIRCLED DOT OPERATOR..N-ARY WHITE VERTICAL BAR
+	{0x2B00, 0x2B2F, prAL, gcSo},     //    [48] NORTH EAST WHITE ARROW..WHITE VERTICAL ELLIPSE
+	{0x2B30, 0x2B44, prAL, gcSm},     //    [21] LEFT ARROW WITH SMALL CIRCLE..RIGHTWARDS ARROW THROUGH SUPERSET
+	{0x2B45, 0x2B46, prAL, gcSo},     //     [2] LEFTWARDS QUADRUPLE ARROW..RIGHTWARDS QUADRUPLE ARROW
+	{0x2B47, 0x2B4C, prAL, gcSm},     //     [6] REVERSE TILDE OPERATOR ABOVE RIGHTWARDS ARROW..RIGHTWARDS ARROW ABOVE REVERSE TILDE OPERATOR
+	{0x2B4D, 0x2B54, prAL, gcSo},     //     [8] DOWNWARDS TRIANGLE-HEADED ZIGZAG ARROW..WHITE RIGHT-POINTING PENTAGON
+	{0x2B55, 0x2B59, prAI, gcSo},     //     [5] HEAVY LARGE CIRCLE..HEAVY CIRCLED SALTIRE
+	{0x2B5A, 0x2B73, prAL, gcSo},     //    [26] SLANTED NORTH ARROW WITH HOOKED HEAD..DOWNWARDS TRIANGLE-HEADED ARROW TO BAR
+	{0x2B76, 0x2B95, prAL, gcSo},     //    [32] NORTH WEST TRIANGLE-HEADED ARROW TO BAR..RIGHTWARDS BLACK ARROW
+	{0x2B97, 0x2BFF, prAL, gcSo},     //   [105] SYMBOL FOR TYPE A ELECTRONICS..HELLSCHREIBER PAUSE SYMBOL
+	{0x2C00, 0x2C5F, prAL, gcLC},     //    [96] GLAGOLITIC CAPITAL LETTER AZU..GLAGOLITIC SMALL LETTER CAUDATE CHRIVI
+	{0x2C60, 0x2C7B, prAL, gcLC},     //    [28] LATIN CAPITAL LETTER L WITH DOUBLE BAR..LATIN LETTER SMALL CAPITAL TURNED E
+	{0x2C7C, 0x2C7D, prAL, gcLm},     //     [2] LATIN SUBSCRIPT SMALL LETTER J..MODIFIER LETTER CAPITAL V
+	{0x2C7E, 0x2C7F, prAL, gcLu},     //     [2] LATIN CAPITAL LETTER S WITH SWASH TAIL..LATIN CAPITAL LETTER Z WITH SWASH TAIL
+	{0x2C80, 0x2CE4, prAL, gcLC},     //   [101] COPTIC CAPITAL LETTER ALFA..COPTIC SYMBOL KAI
+	{0x2CE5, 0x2CEA, prAL, gcSo},     //     [6] COPTIC SYMBOL MI RO..COPTIC SYMBOL SHIMA SIMA
+	{0x2CEB, 0x2CEE, prAL, gcLC},     //     [4] COPTIC CAPITAL LETTER CRYPTOGRAMMIC SHEI..COPTIC SMALL LETTER CRYPTOGRAMMIC GANGIA
+	{0x2CEF, 0x2CF1, prCM, gcMn},     //     [3] COPTIC COMBINING NI ABOVE..COPTIC COMBINING SPIRITUS LENIS
+	{0x2CF2, 0x2CF3, prAL, gcLC},     //     [2] COPTIC CAPITAL LETTER BOHAIRIC KHEI..COPTIC SMALL LETTER BOHAIRIC KHEI
+	{0x2CF9, 0x2CF9, prEX, gcPo},     //         COPTIC OLD NUBIAN FULL STOP
+	{0x2CFA, 0x2CFC, prBA, gcPo},     //     [3] COPTIC OLD NUBIAN DIRECT QUESTION MARK..COPTIC OLD NUBIAN VERSE DIVIDER
+	{0x2CFD, 0x2CFD, prAL, gcNo},     //         COPTIC FRACTION ONE HALF
+	{0x2CFE, 0x2CFE, prEX, gcPo},     //         COPTIC FULL STOP
+	{0x2CFF, 0x2CFF, prBA, gcPo},     //         COPTIC MORPHOLOGICAL DIVIDER
+	{0x2D00, 0x2D25, prAL, gcLl},     //    [38] GEORGIAN SMALL LETTER AN..GEORGIAN SMALL LETTER HOE
+	{0x2D27, 0x2D27, prAL, gcLl},     //         GEORGIAN SMALL LETTER YN
+	{0x2D2D, 0x2D2D, prAL, gcLl},     //         GEORGIAN SMALL LETTER AEN
+	{0x2D30, 0x2D67, prAL, gcLo},     //    [56] TIFINAGH LETTER YA..TIFINAGH LETTER YO
+	{0x2D6F, 0x2D6F, prAL, gcLm},     //         TIFINAGH MODIFIER LETTER LABIALIZATION MARK
+	{0x2D70, 0x2D70, prBA, gcPo},     //         TIFINAGH SEPARATOR MARK
+	{0x2D7F, 0x2D7F, prCM, gcMn},     //         TIFINAGH CONSONANT JOINER
+	{0x2D80, 0x2D96, prAL, gcLo},     //    [23] ETHIOPIC SYLLABLE LOA..ETHIOPIC SYLLABLE GGWE
+	{0x2DA0, 0x2DA6, prAL, gcLo},     //     [7] ETHIOPIC SYLLABLE SSA..ETHIOPIC SYLLABLE SSO
+	{0x2DA8, 0x2DAE, prAL, gcLo},     //     [7] ETHIOPIC SYLLABLE CCA..ETHIOPIC SYLLABLE CCO
+	{0x2DB0, 0x2DB6, prAL, gcLo},     //     [7] ETHIOPIC SYLLABLE ZZA..ETHIOPIC SYLLABLE ZZO
+	{0x2DB8, 0x2DBE, prAL, gcLo},     //     [7] ETHIOPIC SYLLABLE CCHA..ETHIOPIC SYLLABLE CCHO
+	{0x2DC0, 0x2DC6, prAL, gcLo},     //     [7] ETHIOPIC SYLLABLE QYA..ETHIOPIC SYLLABLE QYO
+	{0x2DC8, 0x2DCE, prAL, gcLo},     //     [7] ETHIOPIC SYLLABLE KYA..ETHIOPIC SYLLABLE KYO
+	{0x2DD0, 0x2DD6, prAL, gcLo},     //     [7] ETHIOPIC SYLLABLE XYA..ETHIOPIC SYLLABLE XYO
+	{0x2DD8, 0x2DDE, prAL, gcLo},     //     [7] ETHIOPIC SYLLABLE GYA..ETHIOPIC SYLLABLE GYO
+	{0x2DE0, 0x2DFF, prCM, gcMn},     //    [32] COMBINING CYRILLIC LETTER BE..COMBINING CYRILLIC LETTER IOTIFIED BIG YUS
+	{0x2E00, 0x2E01, prQU, gcPo},     //     [2] RIGHT ANGLE SUBSTITUTION MARKER..RIGHT ANGLE DOTTED SUBSTITUTION MARKER
+	{0x2E02, 0x2E02, prQU, gcPi},     //         LEFT SUBSTITUTION BRACKET
+	{0x2E03, 0x2E03, prQU, gcPf},     //         RIGHT SUBSTITUTION BRACKET
+	{0x2E04, 0x2E04, prQU, gcPi},     //         LEFT DOTTED SUBSTITUTION BRACKET
+	{0x2E05, 0x2E05, prQU, gcPf},     //         RIGHT DOTTED SUBSTITUTION BRACKET
+	{0x2E06, 0x2E08, prQU, gcPo},     //     [3] RAISED INTERPOLATION MARKER..DOTTED TRANSPOSITION MARKER
+	{0x2E09, 0x2E09, prQU, gcPi},     //         LEFT TRANSPOSITION BRACKET
+	{0x2E0A, 0x2E0A, prQU, gcPf},     //         RIGHT TRANSPOSITION BRACKET
+	{0x2E0B, 0x2E0B, prQU, gcPo},     //         RAISED SQUARE
+	{0x2E0C, 0x2E0C, prQU, gcPi},     //         LEFT RAISED OMISSION BRACKET
+	{0x2E0D, 0x2E0D, prQU, gcPf},     //         RIGHT RAISED OMISSION BRACKET
+	{0x2E0E, 0x2E15, prBA, gcPo},     //     [8] EDITORIAL CORONIS..UPWARDS ANCORA
+	{0x2E16, 0x2E16, prAL, gcPo},     //         DOTTED RIGHT-POINTING ANGLE
+	{0x2E17, 0x2E17, prBA, gcPd},     //         DOUBLE OBLIQUE HYPHEN
+	{0x2E18, 0x2E18, prOP, gcPo},     //         INVERTED INTERROBANG
+	{0x2E19, 0x2E19, prBA, gcPo},     //         PALM BRANCH
+	{0x2E1A, 0x2E1A, prAL, gcPd},     //         HYPHEN WITH DIAERESIS
+	{0x2E1B, 0x2E1B, prAL, gcPo},     //         TILDE WITH RING ABOVE
+	{0x2E1C, 0x2E1C, prQU, gcPi},     //         LEFT LOW PARAPHRASE BRACKET
+	{0x2E1D, 0x2E1D, prQU, gcPf},     //         RIGHT LOW PARAPHRASE BRACKET
+	{0x2E1E, 0x2E1F, prAL, gcPo},     //     [2] TILDE WITH DOT ABOVE..TILDE WITH DOT BELOW
+	{0x2E20, 0x2E20, prQU, gcPi},     //         LEFT VERTICAL BAR WITH QUILL
+	{0x2E21, 0x2E21, prQU, gcPf},     //         RIGHT VERTICAL BAR WITH QUILL
+	{0x2E22, 0x2E22, prOP, gcPs},     //         TOP LEFT HALF BRACKET
+	{0x2E23, 0x2E23, prCL, gcPe},     //         TOP RIGHT HALF BRACKET
+	{0x2E24, 0x2E24, prOP, gcPs},     //         BOTTOM LEFT HALF BRACKET
+	{0x2E25, 0x2E25, prCL, gcPe},     //         BOTTOM RIGHT HALF BRACKET
+	{0x2E26, 0x2E26, prOP, gcPs},     //         LEFT SIDEWAYS U BRACKET
+	{0x2E27, 0x2E27, prCL, gcPe},     //         RIGHT SIDEWAYS U BRACKET
+	{0x2E28, 0x2E28, prOP, gcPs},     //         LEFT DOUBLE PARENTHESIS
+	{0x2E29, 0x2E29, prCL, gcPe},     //         RIGHT DOUBLE PARENTHESIS
+	{0x2E2A, 0x2E2D, prBA, gcPo},     //     [4] TWO DOTS OVER ONE DOT PUNCTUATION..FIVE DOT MARK
+	{0x2E2E, 0x2E2E, prEX, gcPo},     //         REVERSED QUESTION MARK
+	{0x2E2F, 0x2E2F, prAL, gcLm},     //         VERTICAL TILDE
+	{0x2E30, 0x2E31, prBA, gcPo},     //     [2] RING POINT..WORD SEPARATOR MIDDLE DOT
+	{0x2E32, 0x2E32, prAL, gcPo},     //         TURNED COMMA
+	{0x2E33, 0x2E34, prBA, gcPo},     //     [2] RAISED DOT..RAISED COMMA
+	{0x2E35, 0x2E39, prAL, gcPo},     //     [5] TURNED SEMICOLON..TOP HALF SECTION SIGN
+	{0x2E3A, 0x2E3B, prB2, gcPd},     //     [2] TWO-EM DASH..THREE-EM DASH
+	{0x2E3C, 0x2E3E, prBA, gcPo},     //     [3] STENOGRAPHIC FULL STOP..WIGGLY VERTICAL LINE
+	{0x2E3F, 0x2E3F, prAL, gcPo},     //         CAPITULUM
+	{0x2E40, 0x2E40, prBA, gcPd},     //         DOUBLE HYPHEN
+	{0x2E41, 0x2E41, prBA, gcPo},     //         REVERSED COMMA
+	{0x2E42, 0x2E42, prOP, gcPs},     //         DOUBLE LOW-REVERSED-9 QUOTATION MARK
+	{0x2E43, 0x2E4A, prBA, gcPo},     //     [8] DASH WITH LEFT UPTURN..DOTTED SOLIDUS
+	{0x2E4B, 0x2E4B, prAL, gcPo},     //         TRIPLE DAGGER
+	{0x2E4C, 0x2E4C, prBA, gcPo},     //         MEDIEVAL COMMA
+	{0x2E4D, 0x2E4D, prAL, gcPo},     //         PARAGRAPHUS MARK
+	{0x2E4E, 0x2E4F, prBA, gcPo},     //     [2] PUNCTUS ELEVATUS MARK..CORNISH VERSE DIVIDER
+	{0x2E50, 0x2E51, prAL, gcSo},     //     [2] CROSS PATTY WITH RIGHT CROSSBAR..CROSS PATTY WITH LEFT CROSSBAR
+	{0x2E52, 0x2E52, prAL, gcPo},     //         TIRONIAN SIGN CAPITAL ET
+	{0x2E53, 0x2E54, prEX, gcPo},     //     [2] MEDIEVAL EXCLAMATION MARK..MEDIEVAL QUESTION MARK
+	{0x2E55, 0x2E55, prOP, gcPs},     //         LEFT SQUARE BRACKET WITH STROKE
+	{0x2E56, 0x2E56, prCL, gcPe},     //         RIGHT SQUARE BRACKET WITH STROKE
+	{0x2E57, 0x2E57, prOP, gcPs},     //         LEFT SQUARE BRACKET WITH DOUBLE STROKE
+	{0x2E58, 0x2E58, prCL, gcPe},     //         RIGHT SQUARE BRACKET WITH DOUBLE STROKE
+	{0x2E59, 0x2E59, prOP, gcPs},     //         TOP HALF LEFT PARENTHESIS
+	{0x2E5A, 0x2E5A, prCL, gcPe},     //         TOP HALF RIGHT PARENTHESIS
+	{0x2E5B, 0x2E5B, prOP, gcPs},     //         BOTTOM HALF LEFT PARENTHESIS
+	{0x2E5C, 0x2E5C, prCL, gcPe},     //         BOTTOM HALF RIGHT PARENTHESIS
+	{0x2E5D, 0x2E5D, prBA, gcPd},     //         OBLIQUE HYPHEN
+	{0x2E80, 0x2E99, prID, gcSo},     //    [26] CJK RADICAL REPEAT..CJK RADICAL RAP
+	{0x2E9B, 0x2EF3, prID, gcSo},     //    [89] CJK RADICAL CHOKE..CJK RADICAL C-SIMPLIFIED TURTLE
+	{0x2F00, 0x2FD5, prID, gcSo},     //   [214] KANGXI RADICAL ONE..KANGXI RADICAL FLUTE
+	{0x2FF0, 0x2FFB, prID, gcSo},     //    [12] IDEOGRAPHIC DESCRIPTION CHARACTER LEFT TO RIGHT..IDEOGRAPHIC DESCRIPTION CHARACTER OVERLAID
+	{0x3000, 0x3000, prBA, gcZs},     //         IDEOGRAPHIC SPACE
+	{0x3001, 0x3002, prCL, gcPo},     //     [2] IDEOGRAPHIC COMMA..IDEOGRAPHIC FULL STOP
+	{0x3003, 0x3003, prID, gcPo},     //         DITTO MARK
+	{0x3004, 0x3004, prID, gcSo},     //         JAPANESE INDUSTRIAL STANDARD SYMBOL
+	{0x3005, 0x3005, prNS, gcLm},     //         IDEOGRAPHIC ITERATION MARK
+	{0x3006, 0x3006, prID, gcLo},     //         IDEOGRAPHIC CLOSING MARK
+	{0x3007, 0x3007, prID, gcNl},     //         IDEOGRAPHIC NUMBER ZERO
+	{0x3008, 0x3008, prOP, gcPs},     //         LEFT ANGLE BRACKET
+	{0x3009, 0x3009, prCL, gcPe},     //         RIGHT ANGLE BRACKET
+	{0x300A, 0x300A, prOP, gcPs},     //         LEFT DOUBLE ANGLE BRACKET
+	{0x300B, 0x300B, prCL, gcPe},     //         RIGHT DOUBLE ANGLE BRACKET
+	{0x300C, 0x300C, prOP, gcPs},     //         LEFT CORNER BRACKET
+	{0x300D, 0x300D, prCL, gcPe},     //         RIGHT CORNER BRACKET
+	{0x300E, 0x300E, prOP, gcPs},     //         LEFT WHITE CORNER BRACKET
+	{0x300F, 0x300F, prCL, gcPe},     //         RIGHT WHITE CORNER BRACKET
+	{0x3010, 0x3010, prOP, gcPs},     //         LEFT BLACK LENTICULAR BRACKET
+	{0x3011, 0x3011, prCL, gcPe},     //         RIGHT BLACK LENTICULAR BRACKET
+	{0x3012, 0x3013, prID, gcSo},     //     [2] POSTAL MARK..GETA MARK
+	{0x3014, 0x3014, prOP, gcPs},     //         LEFT TORTOISE SHELL BRACKET
+	{0x3015, 0x3015, prCL, gcPe},     //         RIGHT TORTOISE SHELL BRACKET
+	{0x3016, 0x3016, prOP, gcPs},     //         LEFT WHITE LENTICULAR BRACKET
+	{0x3017, 0x3017, prCL, gcPe},     //         RIGHT WHITE LENTICULAR BRACKET
+	{0x3018, 0x3018, prOP, gcPs},     //         LEFT WHITE TORTOISE SHELL BRACKET
+	{0x3019, 0x3019, prCL, gcPe},     //         RIGHT WHITE TORTOISE SHELL BRACKET
+	{0x301A, 0x301A, prOP, gcPs},     //         LEFT WHITE SQUARE BRACKET
+	{0x301B, 0x301B, prCL, gcPe},     //         RIGHT WHITE SQUARE BRACKET
+	{0x301C, 0x301C, prNS, gcPd},     //         WAVE DASH
+	{0x301D, 0x301D, prOP, gcPs},     //         REVERSED DOUBLE PRIME QUOTATION MARK
+	{0x301E, 0x301F, prCL, gcPe},     //     [2] DOUBLE PRIME QUOTATION MARK..LOW DOUBLE PRIME QUOTATION MARK
+	{0x3020, 0x3020, prID, gcSo},     //         POSTAL MARK FACE
+	{0x3021, 0x3029, prID, gcNl},     //     [9] HANGZHOU NUMERAL ONE..HANGZHOU NUMERAL NINE
+	{0x302A, 0x302D, prCM, gcMn},     //     [4] IDEOGRAPHIC LEVEL TONE MARK..IDEOGRAPHIC ENTERING TONE MARK
+	{0x302E, 0x302F, prCM, gcMc},     //     [2] HANGUL SINGLE DOT TONE MARK..HANGUL DOUBLE DOT TONE MARK
+	{0x3030, 0x3030, prID, gcPd},     //         WAVY DASH
+	{0x3031, 0x3034, prID, gcLm},     //     [4] VERTICAL KANA REPEAT MARK..VERTICAL KANA REPEAT WITH VOICED SOUND MARK UPPER HALF
+	{0x3035, 0x3035, prCM, gcLm},     //         VERTICAL KANA REPEAT MARK LOWER HALF
+	{0x3036, 0x3037, prID, gcSo},     //     [2] CIRCLED POSTAL MARK..IDEOGRAPHIC TELEGRAPH LINE FEED SEPARATOR SYMBOL
+	{0x3038, 0x303A, prID, gcNl},     //     [3] HANGZHOU NUMERAL TEN..HANGZHOU NUMERAL THIRTY
+	{0x303B, 0x303B, prNS, gcLm},     //         VERTICAL IDEOGRAPHIC ITERATION MARK
+	{0x303C, 0x303C, prNS, gcLo},     //         MASU MARK
+	{0x303D, 0x303D, prID, gcPo},     //         PART ALTERNATION MARK
+	{0x303E, 0x303F, prID, gcSo},     //     [2] IDEOGRAPHIC VARIATION INDICATOR..IDEOGRAPHIC HALF FILL SPACE
+	{0x3041, 0x3041, prCJ, gcLo},     //         HIRAGANA LETTER SMALL A
+	{0x3042, 0x3042, prID, gcLo},     //         HIRAGANA LETTER A
+	{0x3043, 0x3043, prCJ, gcLo},     //         HIRAGANA LETTER SMALL I
+	{0x3044, 0x3044, prID, gcLo},     //         HIRAGANA LETTER I
+	{0x3045, 0x3045, prCJ, gcLo},     //         HIRAGANA LETTER SMALL U
+	{0x3046, 0x3046, prID, gcLo},     //         HIRAGANA LETTER U
+	{0x3047, 0x3047, prCJ, gcLo},     //         HIRAGANA LETTER SMALL E
+	{0x3048, 0x3048, prID, gcLo},     //         HIRAGANA LETTER E
+	{0x3049, 0x3049, prCJ, gcLo},     //         HIRAGANA LETTER SMALL O
+	{0x304A, 0x3062, prID, gcLo},     //    [25] HIRAGANA LETTER O..HIRAGANA LETTER DI
+	{0x3063, 0x3063, prCJ, gcLo},     //         HIRAGANA LETTER SMALL TU
+	{0x3064, 0x3082, prID, gcLo},     //    [31] HIRAGANA LETTER TU..HIRAGANA LETTER MO
+	{0x3083, 0x3083, prCJ, gcLo},     //         HIRAGANA LETTER SMALL YA
+	{0x3084, 0x3084, prID, gcLo},     //         HIRAGANA LETTER YA
+	{0x3085, 0x3085, prCJ, gcLo},     //         HIRAGANA LETTER SMALL YU
+	{0x3086, 0x3086, prID, gcLo},     //         HIRAGANA LETTER YU
+	{0x3087, 0x3087, prCJ, gcLo},     //         HIRAGANA LETTER SMALL YO
+	{0x3088, 0x308D, prID, gcLo},     //     [6] HIRAGANA LETTER YO..HIRAGANA LETTER RO
+	{0x308E, 0x308E, prCJ, gcLo},     //         HIRAGANA LETTER SMALL WA
+	{0x308F, 0x3094, prID, gcLo},     //     [6] HIRAGANA LETTER WA..HIRAGANA LETTER VU
+	{0x3095, 0x3096, prCJ, gcLo},     //     [2] HIRAGANA LETTER SMALL KA..HIRAGANA LETTER SMALL KE
+	{0x3099, 0x309A, prCM, gcMn},     //     [2] COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK..COMBINING KATAKANA-HIRAGANA SEMI-VOICED SOUND MARK
+	{0x309B, 0x309C, prNS, gcSk},     //     [2] KATAKANA-HIRAGANA VOICED SOUND MARK..KATAKANA-HIRAGANA SEMI-VOICED SOUND MARK
+	{0x309D, 0x309E, prNS, gcLm},     //     [2] HIRAGANA ITERATION MARK..HIRAGANA VOICED ITERATION MARK
+	{0x309F, 0x309F, prID, gcLo},     //         HIRAGANA DIGRAPH YORI
+	{0x30A0, 0x30A0, prNS, gcPd},     //         KATAKANA-HIRAGANA DOUBLE HYPHEN
+	{0x30A1, 0x30A1, prCJ, gcLo},     //         KATAKANA LETTER SMALL A
+	{0x30A2, 0x30A2, prID, gcLo},     //         KATAKANA LETTER A
+	{0x30A3, 0x30A3, prCJ, gcLo},     //         KATAKANA LETTER SMALL I
+	{0x30A4, 0x30A4, prID, gcLo},     //         KATAKANA LETTER I
+	{0x30A5, 0x30A5, prCJ, gcLo},     //         KATAKANA LETTER SMALL U
+	{0x30A6, 0x30A6, prID, gcLo},     //         KATAKANA LETTER U
+	{0x30A7, 0x30A7, prCJ, gcLo},     //         KATAKANA LETTER SMALL E
+	{0x30A8, 0x30A8, prID, gcLo},     //         KATAKANA LETTER E
+	{0x30A9, 0x30A9, prCJ, gcLo},     //         KATAKANA LETTER SMALL O
+	{0x30AA, 0x30C2, prID, gcLo},     //    [25] KATAKANA LETTER O..KATAKANA LETTER DI
+	{0x30C3, 0x30C3, prCJ, gcLo},     //         KATAKANA LETTER SMALL TU
+	{0x30C4, 0x30E2, prID, gcLo},     //    [31] KATAKANA LETTER TU..KATAKANA LETTER MO
+	{0x30E3, 0x30E3, prCJ, gcLo},     //         KATAKANA LETTER SMALL YA
+	{0x30E4, 0x30E4, prID, gcLo},     //         KATAKANA LETTER YA
+	{0x30E5, 0x30E5, prCJ, gcLo},     //         KATAKANA LETTER SMALL YU
+	{0x30E6, 0x30E6, prID, gcLo},     //         KATAKANA LETTER YU
+	{0x30E7, 0x30E7, prCJ, gcLo},     //         KATAKANA LETTER SMALL YO
+	{0x30E8, 0x30ED, prID, gcLo},     //     [6] KATAKANA LETTER YO..KATAKANA LETTER RO
+	{0x30EE, 0x30EE, prCJ, gcLo},     //         KATAKANA LETTER SMALL WA
+	{0x30EF, 0x30F4, prID, gcLo},     //     [6] KATAKANA LETTER WA..KATAKANA LETTER VU
+	{0x30F5, 0x30F6, prCJ, gcLo},     //     [2] KATAKANA LETTER SMALL KA..KATAKANA LETTER SMALL KE
+	{0x30F7, 0x30FA, prID, gcLo},     //     [4] KATAKANA LETTER VA..KATAKANA LETTER VO
+	{0x30FB, 0x30FB, prNS, gcPo},     //         KATAKANA MIDDLE DOT
+	{0x30FC, 0x30FC, prCJ, gcLm},     //         KATAKANA-HIRAGANA PROLONGED SOUND MARK
+	{0x30FD, 0x30FE, prNS, gcLm},     //     [2] KATAKANA ITERATION MARK..KATAKANA VOICED ITERATION MARK
+	{0x30FF, 0x30FF, prID, gcLo},     //         KATAKANA DIGRAPH KOTO
+	{0x3105, 0x312F, prID, gcLo},     //    [43] BOPOMOFO LETTER B..BOPOMOFO LETTER NN
+	{0x3131, 0x318E, prID, gcLo},     //    [94] HANGUL LETTER KIYEOK..HANGUL LETTER ARAEAE
+	{0x3190, 0x3191, prID, gcSo},     //     [2] IDEOGRAPHIC ANNOTATION LINKING MARK..IDEOGRAPHIC ANNOTATION REVERSE MARK
+	{0x3192, 0x3195, prID, gcNo},     //     [4] IDEOGRAPHIC ANNOTATION ONE MARK..IDEOGRAPHIC ANNOTATION FOUR MARK
+	{0x3196, 0x319F, prID, gcSo},     //    [10] IDEOGRAPHIC ANNOTATION TOP MARK..IDEOGRAPHIC ANNOTATION MAN MARK
+	{0x31A0, 0x31BF, prID, gcLo},     //    [32] BOPOMOFO LETTER BU..BOPOMOFO LETTER AH
+	{0x31C0, 0x31E3, prID, gcSo},     //    [36] CJK STROKE T..CJK STROKE Q
+	{0x31F0, 0x31FF, prCJ, gcLo},     //    [16] KATAKANA LETTER SMALL KU..KATAKANA LETTER SMALL RO
+	{0x3200, 0x321E, prID, gcSo},     //    [31] PARENTHESIZED HANGUL KIYEOK..PARENTHESIZED KOREAN CHARACTER O HU
+	{0x3220, 0x3229, prID, gcNo},     //    [10] PARENTHESIZED IDEOGRAPH ONE..PARENTHESIZED IDEOGRAPH TEN
+	{0x322A, 0x3247, prID, gcSo},     //    [30] PARENTHESIZED IDEOGRAPH MOON..CIRCLED IDEOGRAPH KOTO
+	{0x3248, 0x324F, prAI, gcNo},     //     [8] CIRCLED NUMBER TEN ON BLACK SQUARE..CIRCLED NUMBER EIGHTY ON BLACK SQUARE
+	{0x3250, 0x3250, prID, gcSo},     //         PARTNERSHIP SIGN
+	{0x3251, 0x325F, prID, gcNo},     //    [15] CIRCLED NUMBER TWENTY ONE..CIRCLED NUMBER THIRTY FIVE
+	{0x3260, 0x327F, prID, gcSo},     //    [32] CIRCLED HANGUL KIYEOK..KOREAN STANDARD SYMBOL
+	{0x3280, 0x3289, prID, gcNo},     //    [10] CIRCLED IDEOGRAPH ONE..CIRCLED IDEOGRAPH TEN
+	{0x328A, 0x32B0, prID, gcSo},     //    [39] CIRCLED IDEOGRAPH MOON..CIRCLED IDEOGRAPH NIGHT
+	{0x32B1, 0x32BF, prID, gcNo},     //    [15] CIRCLED NUMBER THIRTY SIX..CIRCLED NUMBER FIFTY
+	{0x32C0, 0x32FF, prID, gcSo},     //    [64] IDEOGRAPHIC TELEGRAPH SYMBOL FOR JANUARY..SQUARE ERA NAME REIWA
+	{0x3300, 0x33FF, prID, gcSo},     //   [256] SQUARE APAATO..SQUARE GAL
+	{0x3400, 0x4DBF, prID, gcLo},     //  [6592] CJK UNIFIED IDEOGRAPH-3400..CJK UNIFIED IDEOGRAPH-4DBF
+	{0x4DC0, 0x4DFF, prAL, gcSo},     //    [64] HEXAGRAM FOR THE CREATIVE HEAVEN..HEXAGRAM FOR BEFORE COMPLETION
+	{0x4E00, 0x9FFF, prID, gcLo},     // [20992] CJK UNIFIED IDEOGRAPH-4E00..CJK UNIFIED IDEOGRAPH-9FFF
+	{0xA000, 0xA014, prID, gcLo},     //    [21] YI SYLLABLE IT..YI SYLLABLE E
+	{0xA015, 0xA015, prNS, gcLm},     //         YI SYLLABLE WU
+	{0xA016, 0xA48C, prID, gcLo},     //  [1143] YI SYLLABLE BIT..YI SYLLABLE YYR
+	{0xA490, 0xA4C6, prID, gcSo},     //    [55] YI RADICAL QOT..YI RADICAL KE
+	{0xA4D0, 0xA4F7, prAL, gcLo},     //    [40] LISU LETTER BA..LISU LETTER OE
+	{0xA4F8, 0xA4FD, prAL, gcLm},     //     [6] LISU LETTER TONE MYA TI..LISU LETTER TONE MYA JEU
+	{0xA4FE, 0xA4FF, prBA, gcPo},     //     [2] LISU PUNCTUATION COMMA..LISU PUNCTUATION FULL STOP
+	{0xA500, 0xA60B, prAL, gcLo},     //   [268] VAI SYLLABLE EE..VAI SYLLABLE NG
+	{0xA60C, 0xA60C, prAL, gcLm},     //         VAI SYLLABLE LENGTHENER
+	{0xA60D, 0xA60D, prBA, gcPo},     //         VAI COMMA
+	{0xA60E, 0xA60E, prEX, gcPo},     //         VAI FULL STOP
+	{0xA60F, 0xA60F, prBA, gcPo},     //         VAI QUESTION MARK
+	{0xA610, 0xA61F, prAL, gcLo},     //    [16] VAI SYLLABLE NDOLE FA..VAI SYMBOL JONG
+	{0xA620, 0xA629, prNU, gcNd},     //    [10] VAI DIGIT ZERO..VAI DIGIT NINE
+	{0xA62A, 0xA62B, prAL, gcLo},     //     [2] VAI SYLLABLE NDOLE MA..VAI SYLLABLE NDOLE DO
+	{0xA640, 0xA66D, prAL, gcLC},     //    [46] CYRILLIC CAPITAL LETTER ZEMLYA..CYRILLIC SMALL LETTER DOUBLE MONOCULAR O
+	{0xA66E, 0xA66E, prAL, gcLo},     //         CYRILLIC LETTER MULTIOCULAR O
+	{0xA66F, 0xA66F, prCM, gcMn},     //         COMBINING CYRILLIC VZMET
+	{0xA670, 0xA672, prCM, gcMe},     //     [3] COMBINING CYRILLIC TEN MILLIONS SIGN..COMBINING CYRILLIC THOUSAND MILLIONS SIGN
+	{0xA673, 0xA673, prAL, gcPo},     //         SLAVONIC ASTERISK
+	{0xA674, 0xA67D, prCM, gcMn},     //    [10] COMBINING CYRILLIC LETTER UKRAINIAN IE..COMBINING CYRILLIC PAYEROK
+	{0xA67E, 0xA67E, prAL, gcPo},     //         CYRILLIC KAVYKA
+	{0xA67F, 0xA67F, prAL, gcLm},     //         CYRILLIC PAYEROK
+	{0xA680, 0xA69B, prAL, gcLC},     //    [28] CYRILLIC CAPITAL LETTER DWE..CYRILLIC SMALL LETTER CROSSED O
+	{0xA69C, 0xA69D, prAL, gcLm},     //     [2] MODIFIER LETTER CYRILLIC HARD SIGN..MODIFIER LETTER CYRILLIC SOFT SIGN
+	{0xA69E, 0xA69F, prCM, gcMn},     //     [2] COMBINING CYRILLIC LETTER EF..COMBINING CYRILLIC LETTER IOTIFIED E
+	{0xA6A0, 0xA6E5, prAL, gcLo},     //    [70] BAMUM LETTER A..BAMUM LETTER KI
+	{0xA6E6, 0xA6EF, prAL, gcNl},     //    [10] BAMUM LETTER MO..BAMUM LETTER KOGHOM
+	{0xA6F0, 0xA6F1, prCM, gcMn},     //     [2] BAMUM COMBINING MARK KOQNDON..BAMUM COMBINING MARK TUKWENTIS
+	{0xA6F2, 0xA6F2, prAL, gcPo},     //         BAMUM NJAEMLI
+	{0xA6F3, 0xA6F7, prBA, gcPo},     //     [5] BAMUM FULL STOP..BAMUM QUESTION MARK
+	{0xA700, 0xA716, prAL, gcSk},     //    [23] MODIFIER LETTER CHINESE TONE YIN PING..MODIFIER LETTER EXTRA-LOW LEFT-STEM TONE BAR
+	{0xA717, 0xA71F, prAL, gcLm},     //     [9] MODIFIER LETTER DOT VERTICAL BAR..MODIFIER LETTER LOW INVERTED EXCLAMATION MARK
+	{0xA720, 0xA721, prAL, gcSk},     //     [2] MODIFIER LETTER STRESS AND HIGH TONE..MODIFIER LETTER STRESS AND LOW TONE
+	{0xA722, 0xA76F, prAL, gcLC},     //    [78] LATIN CAPITAL LETTER EGYPTOLOGICAL ALEF..LATIN SMALL LETTER CON
+	{0xA770, 0xA770, prAL, gcLm},     //         MODIFIER LETTER US
+	{0xA771, 0xA787, prAL, gcLC},     //    [23] LATIN SMALL LETTER DUM..LATIN SMALL LETTER INSULAR T
+	{0xA788, 0xA788, prAL, gcLm},     //         MODIFIER LETTER LOW CIRCUMFLEX ACCENT
+	{0xA789, 0xA78A, prAL, gcSk},     //     [2] MODIFIER LETTER COLON..MODIFIER LETTER SHORT EQUALS SIGN
+	{0xA78B, 0xA78E, prAL, gcLC},     //     [4] LATIN CAPITAL LETTER SALTILLO..LATIN SMALL LETTER L WITH RETROFLEX HOOK AND BELT
+	{0xA78F, 0xA78F, prAL, gcLo},     //         LATIN LETTER SINOLOGICAL DOT
+	{0xA790, 0xA7CA, prAL, gcLC},     //    [59] LATIN CAPITAL LETTER N WITH DESCENDER..LATIN SMALL LETTER S WITH SHORT STROKE OVERLAY
+	{0xA7D0, 0xA7D1, prAL, gcLC},     //     [2] LATIN CAPITAL LETTER CLOSED INSULAR G..LATIN SMALL LETTER CLOSED INSULAR G
+	{0xA7D3, 0xA7D3, prAL, gcLl},     //         LATIN SMALL LETTER DOUBLE THORN
+	{0xA7D5, 0xA7D9, prAL, gcLC},     //     [5] LATIN SMALL LETTER DOUBLE WYNN..LATIN SMALL LETTER SIGMOID S
+	{0xA7F2, 0xA7F4, prAL, gcLm},     //     [3] MODIFIER LETTER CAPITAL C..MODIFIER LETTER CAPITAL Q
+	{0xA7F5, 0xA7F6, prAL, gcLC},     //     [2] LATIN CAPITAL LETTER REVERSED HALF H..LATIN SMALL LETTER REVERSED HALF H
+	{0xA7F7, 0xA7F7, prAL, gcLo},     //         LATIN EPIGRAPHIC LETTER SIDEWAYS I
+	{0xA7F8, 0xA7F9, prAL, gcLm},     //     [2] MODIFIER LETTER CAPITAL H WITH STROKE..MODIFIER LETTER SMALL LIGATURE OE
+	{0xA7FA, 0xA7FA, prAL, gcLl},     //         LATIN LETTER SMALL CAPITAL TURNED M
+	{0xA7FB, 0xA7FF, prAL, gcLo},     //     [5] LATIN EPIGRAPHIC LETTER REVERSED F..LATIN EPIGRAPHIC LETTER ARCHAIC M
+	{0xA800, 0xA801, prAL, gcLo},     //     [2] SYLOTI NAGRI LETTER A..SYLOTI NAGRI LETTER I
+	{0xA802, 0xA802, prCM, gcMn},     //         SYLOTI NAGRI SIGN DVISVARA
+	{0xA803, 0xA805, prAL, gcLo},     //     [3] SYLOTI NAGRI LETTER U..SYLOTI NAGRI LETTER O
+	{0xA806, 0xA806, prCM, gcMn},     //         SYLOTI NAGRI SIGN HASANTA
+	{0xA807, 0xA80A, prAL, gcLo},     //     [4] SYLOTI NAGRI LETTER KO..SYLOTI NAGRI LETTER GHO
+	{0xA80B, 0xA80B, prCM, gcMn},     //         SYLOTI NAGRI SIGN ANUSVARA
+	{0xA80C, 0xA822, prAL, gcLo},     //    [23] SYLOTI NAGRI LETTER CO..SYLOTI NAGRI LETTER HO
+	{0xA823, 0xA824, prCM, gcMc},     //     [2] SYLOTI NAGRI VOWEL SIGN A..SYLOTI NAGRI VOWEL SIGN I
+	{0xA825, 0xA826, prCM, gcMn},     //     [2] SYLOTI NAGRI VOWEL SIGN U..SYLOTI NAGRI VOWEL SIGN E
+	{0xA827, 0xA827, prCM, gcMc},     //         SYLOTI NAGRI VOWEL SIGN OO
+	{0xA828, 0xA82B, prAL, gcSo},     //     [4] SYLOTI NAGRI POETRY MARK-1..SYLOTI NAGRI POETRY MARK-4
+	{0xA82C, 0xA82C, prCM, gcMn},     //         SYLOTI NAGRI SIGN ALTERNATE HASANTA
+	{0xA830, 0xA835, prAL, gcNo},     //     [6] NORTH INDIC FRACTION ONE QUARTER..NORTH INDIC FRACTION THREE SIXTEENTHS
+	{0xA836, 0xA837, prAL, gcSo},     //     [2] NORTH INDIC QUARTER MARK..NORTH INDIC PLACEHOLDER MARK
+	{0xA838, 0xA838, prPO, gcSc},     //         NORTH INDIC RUPEE MARK
+	{0xA839, 0xA839, prAL, gcSo},     //         NORTH INDIC QUANTITY MARK
+	{0xA840, 0xA873, prAL, gcLo},     //    [52] PHAGS-PA LETTER KA..PHAGS-PA LETTER CANDRABINDU
+	{0xA874, 0xA875, prBB, gcPo},     //     [2] PHAGS-PA SINGLE HEAD MARK..PHAGS-PA DOUBLE HEAD MARK
+	{0xA876, 0xA877, prEX, gcPo},     //     [2] PHAGS-PA MARK SHAD..PHAGS-PA MARK DOUBLE SHAD
+	{0xA880, 0xA881, prCM, gcMc},     //     [2] SAURASHTRA SIGN ANUSVARA..SAURASHTRA SIGN VISARGA
+	{0xA882, 0xA8B3, prAL, gcLo},     //    [50] SAURASHTRA LETTER A..SAURASHTRA LETTER LLA
+	{0xA8B4, 0xA8C3, prCM, gcMc},     //    [16] SAURASHTRA CONSONANT SIGN HAARU..SAURASHTRA VOWEL SIGN AU
+	{0xA8C4, 0xA8C5, prCM, gcMn},     //     [2] SAURASHTRA SIGN VIRAMA..SAURASHTRA SIGN CANDRABINDU
+	{0xA8CE, 0xA8CF, prBA, gcPo},     //     [2] SAURASHTRA DANDA..SAURASHTRA DOUBLE DANDA
+	{0xA8D0, 0xA8D9, prNU, gcNd},     //    [10] SAURASHTRA DIGIT ZERO..SAURASHTRA DIGIT NINE
+	{0xA8E0, 0xA8F1, prCM, gcMn},     //    [18] COMBINING DEVANAGARI DIGIT ZERO..COMBINING DEVANAGARI SIGN AVAGRAHA
+	{0xA8F2, 0xA8F7, prAL, gcLo},     //     [6] DEVANAGARI SIGN SPACING CANDRABINDU..DEVANAGARI SIGN CANDRABINDU AVAGRAHA
+	{0xA8F8, 0xA8FA, prAL, gcPo},     //     [3] DEVANAGARI SIGN PUSHPIKA..DEVANAGARI CARET
+	{0xA8FB, 0xA8FB, prAL, gcLo},     //         DEVANAGARI HEADSTROKE
+	{0xA8FC, 0xA8FC, prBB, gcPo},     //         DEVANAGARI SIGN SIDDHAM
+	{0xA8FD, 0xA8FE, prAL, gcLo},     //     [2] DEVANAGARI JAIN OM..DEVANAGARI LETTER AY
+	{0xA8FF, 0xA8FF, prCM, gcMn},     //         DEVANAGARI VOWEL SIGN AY
+	{0xA900, 0xA909, prNU, gcNd},     //    [10] KAYAH LI DIGIT ZERO..KAYAH LI DIGIT NINE
+	{0xA90A, 0xA925, prAL, gcLo},     //    [28] KAYAH LI LETTER KA..KAYAH LI LETTER OO
+	{0xA926, 0xA92D, prCM, gcMn},     //     [8] KAYAH LI VOWEL UE..KAYAH LI TONE CALYA PLOPHU
+	{0xA92E, 0xA92F, prBA, gcPo},     //     [2] KAYAH LI SIGN CWI..KAYAH LI SIGN SHYA
+	{0xA930, 0xA946, prAL, gcLo},     //    [23] REJANG LETTER KA..REJANG LETTER A
+	{0xA947, 0xA951, prCM, gcMn},     //    [11] REJANG VOWEL SIGN I..REJANG CONSONANT SIGN R
+	{0xA952, 0xA953, prCM, gcMc},     //     [2] REJANG CONSONANT SIGN H..REJANG VIRAMA
+	{0xA95F, 0xA95F, prAL, gcPo},     //         REJANG SECTION MARK
+	{0xA960, 0xA97C, prJL, gcLo},     //    [29] HANGUL CHOSEONG TIKEUT-MIEUM..HANGUL CHOSEONG SSANGYEORINHIEUH
+	{0xA980, 0xA982, prCM, gcMn},     //     [3] JAVANESE SIGN PANYANGGA..JAVANESE SIGN LAYAR
+	{0xA983, 0xA983, prCM, gcMc},     //         JAVANESE SIGN WIGNYAN
+	{0xA984, 0xA9B2, prAL, gcLo},     //    [47] JAVANESE LETTER A..JAVANESE LETTER HA
+	{0xA9B3, 0xA9B3, prCM, gcMn},     //         JAVANESE SIGN CECAK TELU
+	{0xA9B4, 0xA9B5, prCM, gcMc},     //     [2] JAVANESE VOWEL SIGN TARUNG..JAVANESE VOWEL SIGN TOLONG
+	{0xA9B6, 0xA9B9, prCM, gcMn},     //     [4] JAVANESE VOWEL SIGN WULU..JAVANESE VOWEL SIGN SUKU MENDUT
+	{0xA9BA, 0xA9BB, prCM, gcMc},     //     [2] JAVANESE VOWEL SIGN TALING..JAVANESE VOWEL SIGN DIRGA MURE
+	{0xA9BC, 0xA9BD, prCM, gcMn},     //     [2] JAVANESE VOWEL SIGN PEPET..JAVANESE CONSONANT SIGN KERET
+	{0xA9BE, 0xA9C0, prCM, gcMc},     //     [3] JAVANESE CONSONANT SIGN PENGKAL..JAVANESE PANGKON
+	{0xA9C1, 0xA9C6, prAL, gcPo},     //     [6] JAVANESE LEFT RERENGGAN..JAVANESE PADA WINDU
+	{0xA9C7, 0xA9C9, prBA, gcPo},     //     [3] JAVANESE PADA PANGKAT..JAVANESE PADA LUNGSI
+	{0xA9CA, 0xA9CD, prAL, gcPo},     //     [4] JAVANESE PADA ADEG..JAVANESE TURNED PADA PISELEH
+	{0xA9CF, 0xA9CF, prAL, gcLm},     //         JAVANESE PANGRANGKEP
+	{0xA9D0, 0xA9D9, prNU, gcNd},     //    [10] JAVANESE DIGIT ZERO..JAVANESE DIGIT NINE
+	{0xA9DE, 0xA9DF, prAL, gcPo},     //     [2] JAVANESE PADA TIRTA TUMETES..JAVANESE PADA ISEN-ISEN
+	{0xA9E0, 0xA9E4, prSA, gcLo},     //     [5] MYANMAR LETTER SHAN GHA..MYANMAR LETTER SHAN BHA
+	{0xA9E5, 0xA9E5, prSA, gcMn},     //         MYANMAR SIGN SHAN SAW
+	{0xA9E6, 0xA9E6, prSA, gcLm},     //         MYANMAR MODIFIER LETTER SHAN REDUPLICATION
+	{0xA9E7, 0xA9EF, prSA, gcLo},     //     [9] MYANMAR LETTER TAI LAING NYA..MYANMAR LETTER TAI LAING NNA
+	{0xA9F0, 0xA9F9, prNU, gcNd},     //    [10] MYANMAR TAI LAING DIGIT ZERO..MYANMAR TAI LAING DIGIT NINE
+	{0xA9FA, 0xA9FE, prSA, gcLo},     //     [5] MYANMAR LETTER TAI LAING LLA..MYANMAR LETTER TAI LAING BHA
+	{0xAA00, 0xAA28, prAL, gcLo},     //    [41] CHAM LETTER A..CHAM LETTER HA
+	{0xAA29, 0xAA2E, prCM, gcMn},     //     [6] CHAM VOWEL SIGN AA..CHAM VOWEL SIGN OE
+	{0xAA2F, 0xAA30, prCM, gcMc},     //     [2] CHAM VOWEL SIGN O..CHAM VOWEL SIGN AI
+	{0xAA31, 0xAA32, prCM, gcMn},     //     [2] CHAM VOWEL SIGN AU..CHAM VOWEL SIGN UE
+	{0xAA33, 0xAA34, prCM, gcMc},     //     [2] CHAM CONSONANT SIGN YA..CHAM CONSONANT SIGN RA
+	{0xAA35, 0xAA36, prCM, gcMn},     //     [2] CHAM CONSONANT SIGN LA..CHAM CONSONANT SIGN WA
+	{0xAA40, 0xAA42, prAL, gcLo},     //     [3] CHAM LETTER FINAL K..CHAM LETTER FINAL NG
+	{0xAA43, 0xAA43, prCM, gcMn},     //         CHAM CONSONANT SIGN FINAL NG
+	{0xAA44, 0xAA4B, prAL, gcLo},     //     [8] CHAM LETTER FINAL CH..CHAM LETTER FINAL SS
+	{0xAA4C, 0xAA4C, prCM, gcMn},     //         CHAM CONSONANT SIGN FINAL M
+	{0xAA4D, 0xAA4D, prCM, gcMc},     //         CHAM CONSONANT SIGN FINAL H
+	{0xAA50, 0xAA59, prNU, gcNd},     //    [10] CHAM DIGIT ZERO..CHAM DIGIT NINE
+	{0xAA5C, 0xAA5C, prAL, gcPo},     //         CHAM PUNCTUATION SPIRAL
+	{0xAA5D, 0xAA5F, prBA, gcPo},     //     [3] CHAM PUNCTUATION DANDA..CHAM PUNCTUATION TRIPLE DANDA
+	{0xAA60, 0xAA6F, prSA, gcLo},     //    [16] MYANMAR LETTER KHAMTI GA..MYANMAR LETTER KHAMTI FA
+	{0xAA70, 0xAA70, prSA, gcLm},     //         MYANMAR MODIFIER LETTER KHAMTI REDUPLICATION
+	{0xAA71, 0xAA76, prSA, gcLo},     //     [6] MYANMAR LETTER KHAMTI XA..MYANMAR LOGOGRAM KHAMTI HM
+	{0xAA77, 0xAA79, prSA, gcSo},     //     [3] MYANMAR SYMBOL AITON EXCLAMATION..MYANMAR SYMBOL AITON TWO
+	{0xAA7A, 0xAA7A, prSA, gcLo},     //         MYANMAR LETTER AITON RA
+	{0xAA7B, 0xAA7B, prSA, gcMc},     //         MYANMAR SIGN PAO KAREN TONE
+	{0xAA7C, 0xAA7C, prSA, gcMn},     //         MYANMAR SIGN TAI LAING TONE-2
+	{0xAA7D, 0xAA7D, prSA, gcMc},     //         MYANMAR SIGN TAI LAING TONE-5
+	{0xAA7E, 0xAA7F, prSA, gcLo},     //     [2] MYANMAR LETTER SHWE PALAUNG CHA..MYANMAR LETTER SHWE PALAUNG SHA
+	{0xAA80, 0xAAAF, prSA, gcLo},     //    [48] TAI VIET LETTER LOW KO..TAI VIET LETTER HIGH O
+	{0xAAB0, 0xAAB0, prSA, gcMn},     //         TAI VIET MAI KANG
+	{0xAAB1, 0xAAB1, prSA, gcLo},     //         TAI VIET VOWEL AA
+	{0xAAB2, 0xAAB4, prSA, gcMn},     //     [3] TAI VIET VOWEL I..TAI VIET VOWEL U
+	{0xAAB5, 0xAAB6, prSA, gcLo},     //     [2] TAI VIET VOWEL E..TAI VIET VOWEL O
+	{0xAAB7, 0xAAB8, prSA, gcMn},     //     [2] TAI VIET MAI KHIT..TAI VIET VOWEL IA
+	{0xAAB9, 0xAABD, prSA, gcLo},     //     [5] TAI VIET VOWEL UEA..TAI VIET VOWEL AN
+	{0xAABE, 0xAABF, prSA, gcMn},     //     [2] TAI VIET VOWEL AM..TAI VIET TONE MAI EK
+	{0xAAC0, 0xAAC0, prSA, gcLo},     //         TAI VIET TONE MAI NUENG
+	{0xAAC1, 0xAAC1, prSA, gcMn},     //         TAI VIET TONE MAI THO
+	{0xAAC2, 0xAAC2, prSA, gcLo},     //         TAI VIET TONE MAI SONG
+	{0xAADB, 0xAADC, prSA, gcLo},     //     [2] TAI VIET SYMBOL KON..TAI VIET SYMBOL NUENG
+	{0xAADD, 0xAADD, prSA, gcLm},     //         TAI VIET SYMBOL SAM
+	{0xAADE, 0xAADF, prSA, gcPo},     //     [2] TAI VIET SYMBOL HO HOI..TAI VIET SYMBOL KOI KOI
+	{0xAAE0, 0xAAEA, prAL, gcLo},     //    [11] MEETEI MAYEK LETTER E..MEETEI MAYEK LETTER SSA
+	{0xAAEB, 0xAAEB, prCM, gcMc},     //         MEETEI MAYEK VOWEL SIGN II
+	{0xAAEC, 0xAAED, prCM, gcMn},     //     [2] MEETEI MAYEK VOWEL SIGN UU..MEETEI MAYEK VOWEL SIGN AAI
+	{0xAAEE, 0xAAEF, prCM, gcMc},     //     [2] MEETEI MAYEK VOWEL SIGN AU..MEETEI MAYEK VOWEL SIGN AAU
+	{0xAAF0, 0xAAF1, prBA, gcPo},     //     [2] MEETEI MAYEK CHEIKHAN..MEETEI MAYEK AHANG KHUDAM
+	{0xAAF2, 0xAAF2, prAL, gcLo},     //         MEETEI MAYEK ANJI
+	{0xAAF3, 0xAAF4, prAL, gcLm},     //     [2] MEETEI MAYEK SYLLABLE REPETITION MARK..MEETEI MAYEK WORD REPETITION MARK
+	{0xAAF5, 0xAAF5, prCM, gcMc},     //         MEETEI MAYEK VOWEL SIGN VISARGA
+	{0xAAF6, 0xAAF6, prCM, gcMn},     //         MEETEI MAYEK VIRAMA
+	{0xAB01, 0xAB06, prAL, gcLo},     //     [6] ETHIOPIC SYLLABLE TTHU..ETHIOPIC SYLLABLE TTHO
+	{0xAB09, 0xAB0E, prAL, gcLo},     //     [6] ETHIOPIC SYLLABLE DDHU..ETHIOPIC SYLLABLE DDHO
+	{0xAB11, 0xAB16, prAL, gcLo},     //     [6] ETHIOPIC SYLLABLE DZU..ETHIOPIC SYLLABLE DZO
+	{0xAB20, 0xAB26, prAL, gcLo},     //     [7] ETHIOPIC SYLLABLE CCHHA..ETHIOPIC SYLLABLE CCHHO
+	{0xAB28, 0xAB2E, prAL, gcLo},     //     [7] ETHIOPIC SYLLABLE BBA..ETHIOPIC SYLLABLE BBO
+	{0xAB30, 0xAB5A, prAL, gcLl},     //    [43] LATIN SMALL LETTER BARRED ALPHA..LATIN SMALL LETTER Y WITH SHORT RIGHT LEG
+	{0xAB5B, 0xAB5B, prAL, gcSk},     //         MODIFIER BREVE WITH INVERTED BREVE
+	{0xAB5C, 0xAB5F, prAL, gcLm},     //     [4] MODIFIER LETTER SMALL HENG..MODIFIER LETTER SMALL U WITH LEFT HOOK
+	{0xAB60, 0xAB68, prAL, gcLl},     //     [9] LATIN SMALL LETTER SAKHA YAT..LATIN SMALL LETTER TURNED R WITH MIDDLE TILDE
+	{0xAB69, 0xAB69, prAL, gcLm},     //         MODIFIER LETTER SMALL TURNED W
+	{0xAB6A, 0xAB6B, prAL, gcSk},     //     [2] MODIFIER LETTER LEFT TACK..MODIFIER LETTER RIGHT TACK
+	{0xAB70, 0xABBF, prAL, gcLl},     //    [80] CHEROKEE SMALL LETTER A..CHEROKEE SMALL LETTER YA
+	{0xABC0, 0xABE2, prAL, gcLo},     //    [35] MEETEI MAYEK LETTER KOK..MEETEI MAYEK LETTER I LONSUM
+	{0xABE3, 0xABE4, prCM, gcMc},     //     [2] MEETEI MAYEK VOWEL SIGN ONAP..MEETEI MAYEK VOWEL SIGN INAP
+	{0xABE5, 0xABE5, prCM, gcMn},     //         MEETEI MAYEK VOWEL SIGN ANAP
+	{0xABE6, 0xABE7, prCM, gcMc},     //     [2] MEETEI MAYEK VOWEL SIGN YENAP..MEETEI MAYEK VOWEL SIGN SOUNAP
+	{0xABE8, 0xABE8, prCM, gcMn},     //         MEETEI MAYEK VOWEL SIGN UNAP
+	{0xABE9, 0xABEA, prCM, gcMc},     //     [2] MEETEI MAYEK VOWEL SIGN CHEINAP..MEETEI MAYEK VOWEL SIGN NUNG
+	{0xABEB, 0xABEB, prBA, gcPo},     //         MEETEI MAYEK CHEIKHEI
+	{0xABEC, 0xABEC, prCM, gcMc},     //         MEETEI MAYEK LUM IYEK
+	{0xABED, 0xABED, prCM, gcMn},     //         MEETEI MAYEK APUN IYEK
+	{0xABF0, 0xABF9, prNU, gcNd},     //    [10] MEETEI MAYEK DIGIT ZERO..MEETEI MAYEK DIGIT NINE
+	{0xAC00, 0xAC00, prH2, gcLo},     //         HANGUL SYLLABLE GA
+	{0xAC01, 0xAC1B, prH3, gcLo},     //    [27] HANGUL SYLLABLE GAG..HANGUL SYLLABLE GAH
+	{0xAC1C, 0xAC1C, prH2, gcLo},     //         HANGUL SYLLABLE GAE
+	{0xAC1D, 0xAC37, prH3, gcLo},     //    [27] HANGUL SYLLABLE GAEG..HANGUL SYLLABLE GAEH
+	{0xAC38, 0xAC38, prH2, gcLo},     //         HANGUL SYLLABLE GYA
+	{0xAC39, 0xAC53, prH3, gcLo},     //    [27] HANGUL SYLLABLE GYAG..HANGUL SYLLABLE GYAH
+	{0xAC54, 0xAC54, prH2, gcLo},     //         HANGUL SYLLABLE GYAE
+	{0xAC55, 0xAC6F, prH3, gcLo},     //    [27] HANGUL SYLLABLE GYAEG..HANGUL SYLLABLE GYAEH
+	{0xAC70, 0xAC70, prH2, gcLo},     //         HANGUL SYLLABLE GEO
+	{0xAC71, 0xAC8B, prH3, gcLo},     //    [27] HANGUL SYLLABLE GEOG..HANGUL SYLLABLE GEOH
+	{0xAC8C, 0xAC8C, prH2, gcLo},     //         HANGUL SYLLABLE GE
+	{0xAC8D, 0xACA7, prH3, gcLo},     //    [27] HANGUL SYLLABLE GEG..HANGUL SYLLABLE GEH
+	{0xACA8, 0xACA8, prH2, gcLo},     //         HANGUL SYLLABLE GYEO
+	{0xACA9, 0xACC3, prH3, gcLo},     //    [27] HANGUL SYLLABLE GYEOG..HANGUL SYLLABLE GYEOH
+	{0xACC4, 0xACC4, prH2, gcLo},     //         HANGUL SYLLABLE GYE
+	{0xACC5, 0xACDF, prH3, gcLo},     //    [27] HANGUL SYLLABLE GYEG..HANGUL SYLLABLE GYEH
+	{0xACE0, 0xACE0, prH2, gcLo},     //         HANGUL SYLLABLE GO
+	{0xACE1, 0xACFB, prH3, gcLo},     //    [27] HANGUL SYLLABLE GOG..HANGUL SYLLABLE GOH
+	{0xACFC, 0xACFC, prH2, gcLo},     //         HANGUL SYLLABLE GWA
+	{0xACFD, 0xAD17, prH3, gcLo},     //    [27] HANGUL SYLLABLE GWAG..HANGUL SYLLABLE GWAH
+	{0xAD18, 0xAD18, prH2, gcLo},     //         HANGUL SYLLABLE GWAE
+	{0xAD19, 0xAD33, prH3, gcLo},     //    [27] HANGUL SYLLABLE GWAEG..HANGUL SYLLABLE GWAEH
+	{0xAD34, 0xAD34, prH2, gcLo},     //         HANGUL SYLLABLE GOE
+	{0xAD35, 0xAD4F, prH3, gcLo},     //    [27] HANGUL SYLLABLE GOEG..HANGUL SYLLABLE GOEH
+	{0xAD50, 0xAD50, prH2, gcLo},     //         HANGUL SYLLABLE GYO
+	{0xAD51, 0xAD6B, prH3, gcLo},     //    [27] HANGUL SYLLABLE GYOG..HANGUL SYLLABLE GYOH
+	{0xAD6C, 0xAD6C, prH2, gcLo},     //         HANGUL SYLLABLE GU
+	{0xAD6D, 0xAD87, prH3, gcLo},     //    [27] HANGUL SYLLABLE GUG..HANGUL SYLLABLE GUH
+	{0xAD88, 0xAD88, prH2, gcLo},     //         HANGUL SYLLABLE GWEO
+	{0xAD89, 0xADA3, prH3, gcLo},     //    [27] HANGUL SYLLABLE GWEOG..HANGUL SYLLABLE GWEOH
+	{0xADA4, 0xADA4, prH2, gcLo},     //         HANGUL SYLLABLE GWE
+	{0xADA5, 0xADBF, prH3, gcLo},     //    [27] HANGUL SYLLABLE GWEG..HANGUL SYLLABLE GWEH
+	{0xADC0, 0xADC0, prH2, gcLo},     //         HANGUL SYLLABLE GWI
+	{0xADC1, 0xADDB, prH3, gcLo},     //    [27] HANGUL SYLLABLE GWIG..HANGUL SYLLABLE GWIH
+	{0xADDC, 0xADDC, prH2, gcLo},     //         HANGUL SYLLABLE GYU
+	{0xADDD, 0xADF7, prH3, gcLo},     //    [27] HANGUL SYLLABLE GYUG..HANGUL SYLLABLE GYUH
+	{0xADF8, 0xADF8, prH2, gcLo},     //         HANGUL SYLLABLE GEU
+	{0xADF9, 0xAE13, prH3, gcLo},     //    [27] HANGUL SYLLABLE GEUG..HANGUL SYLLABLE GEUH
+	{0xAE14, 0xAE14, prH2, gcLo},     //         HANGUL SYLLABLE GYI
+	{0xAE15, 0xAE2F, prH3, gcLo},     //    [27] HANGUL SYLLABLE GYIG..HANGUL SYLLABLE GYIH
+	{0xAE30, 0xAE30, prH2, gcLo},     //         HANGUL SYLLABLE GI
+	{0xAE31, 0xAE4B, prH3, gcLo},     //    [27] HANGUL SYLLABLE GIG..HANGUL SYLLABLE GIH
+	{0xAE4C, 0xAE4C, prH2, gcLo},     //         HANGUL SYLLABLE GGA
+	{0xAE4D, 0xAE67, prH3, gcLo},     //    [27] HANGUL SYLLABLE GGAG..HANGUL SYLLABLE GGAH
+	{0xAE68, 0xAE68, prH2, gcLo},     //         HANGUL SYLLABLE GGAE
+	{0xAE69, 0xAE83, prH3, gcLo},     //    [27] HANGUL SYLLABLE GGAEG..HANGUL SYLLABLE GGAEH
+	{0xAE84, 0xAE84, prH2, gcLo},     //         HANGUL SYLLABLE GGYA
+	{0xAE85, 0xAE9F, prH3, gcLo},     //    [27] HANGUL SYLLABLE GGYAG..HANGUL SYLLABLE GGYAH
+	{0xAEA0, 0xAEA0, prH2, gcLo},     //         HANGUL SYLLABLE GGYAE
+	{0xAEA1, 0xAEBB, prH3, gcLo},     //    [27] HANGUL SYLLABLE GGYAEG..HANGUL SYLLABLE GGYAEH
+	{0xAEBC, 0xAEBC, prH2, gcLo},     //         HANGUL SYLLABLE GGEO
+	{0xAEBD, 0xAED7, prH3, gcLo},     //    [27] HANGUL SYLLABLE GGEOG..HANGUL SYLLABLE GGEOH
+	{0xAED8, 0xAED8, prH2, gcLo},     //         HANGUL SYLLABLE GGE
+	{0xAED9, 0xAEF3, prH3, gcLo},     //    [27] HANGUL SYLLABLE GGEG..HANGUL SYLLABLE GGEH
+	{0xAEF4, 0xAEF4, prH2, gcLo},     //         HANGUL SYLLABLE GGYEO
+	{0xAEF5, 0xAF0F, prH3, gcLo},     //    [27] HANGUL SYLLABLE GGYEOG..HANGUL SYLLABLE GGYEOH
+	{0xAF10, 0xAF10, prH2, gcLo},     //         HANGUL SYLLABLE GGYE
+	{0xAF11, 0xAF2B, prH3, gcLo},     //    [27] HANGUL SYLLABLE GGYEG..HANGUL SYLLABLE GGYEH
+	{0xAF2C, 0xAF2C, prH2, gcLo},     //         HANGUL SYLLABLE GGO
+	{0xAF2D, 0xAF47, prH3, gcLo},     //    [27] HANGUL SYLLABLE GGOG..HANGUL SYLLABLE GGOH
+	{0xAF48, 0xAF48, prH2, gcLo},     //         HANGUL SYLLABLE GGWA
+	{0xAF49, 0xAF63, prH3, gcLo},     //    [27] HANGUL SYLLABLE GGWAG..HANGUL SYLLABLE GGWAH
+	{0xAF64, 0xAF64, prH2, gcLo},     //         HANGUL SYLLABLE GGWAE
+	{0xAF65, 0xAF7F, prH3, gcLo},     //    [27] HANGUL SYLLABLE GGWAEG..HANGUL SYLLABLE GGWAEH
+	{0xAF80, 0xAF80, prH2, gcLo},     //         HANGUL SYLLABLE GGOE
+	{0xAF81, 0xAF9B, prH3, gcLo},     //    [27] HANGUL SYLLABLE GGOEG..HANGUL SYLLABLE GGOEH
+	{0xAF9C, 0xAF9C, prH2, gcLo},     //         HANGUL SYLLABLE GGYO
+	{0xAF9D, 0xAFB7, prH3, gcLo},     //    [27] HANGUL SYLLABLE GGYOG..HANGUL SYLLABLE GGYOH
+	{0xAFB8, 0xAFB8, prH2, gcLo},     //         HANGUL SYLLABLE GGU
+	{0xAFB9, 0xAFD3, prH3, gcLo},     //    [27] HANGUL SYLLABLE GGUG..HANGUL SYLLABLE GGUH
+	{0xAFD4, 0xAFD4, prH2, gcLo},     //         HANGUL SYLLABLE GGWEO
+	{0xAFD5, 0xAFEF, prH3, gcLo},     //    [27] HANGUL SYLLABLE GGWEOG..HANGUL SYLLABLE GGWEOH
+	{0xAFF0, 0xAFF0, prH2, gcLo},     //         HANGUL SYLLABLE GGWE
+	{0xAFF1, 0xB00B, prH3, gcLo},     //    [27] HANGUL SYLLABLE GGWEG..HANGUL SYLLABLE GGWEH
+	{0xB00C, 0xB00C, prH2, gcLo},     //         HANGUL SYLLABLE GGWI
+	{0xB00D, 0xB027, prH3, gcLo},     //    [27] HANGUL SYLLABLE GGWIG..HANGUL SYLLABLE GGWIH
+	{0xB028, 0xB028, prH2, gcLo},     //         HANGUL SYLLABLE GGYU
+	{0xB029, 0xB043, prH3, gcLo},     //    [27] HANGUL SYLLABLE GGYUG..HANGUL SYLLABLE GGYUH
+	{0xB044, 0xB044, prH2, gcLo},     //         HANGUL SYLLABLE GGEU
+	{0xB045, 0xB05F, prH3, gcLo},     //    [27] HANGUL SYLLABLE GGEUG..HANGUL SYLLABLE GGEUH
+	{0xB060, 0xB060, prH2, gcLo},     //         HANGUL SYLLABLE GGYI
+	{0xB061, 0xB07B, prH3, gcLo},     //    [27] HANGUL SYLLABLE GGYIG..HANGUL SYLLABLE GGYIH
+	{0xB07C, 0xB07C, prH2, gcLo},     //         HANGUL SYLLABLE GGI
+	{0xB07D, 0xB097, prH3, gcLo},     //    [27] HANGUL SYLLABLE GGIG..HANGUL SYLLABLE GGIH
+	{0xB098, 0xB098, prH2, gcLo},     //         HANGUL SYLLABLE NA
+	{0xB099, 0xB0B3, prH3, gcLo},     //    [27] HANGUL SYLLABLE NAG..HANGUL SYLLABLE NAH
+	{0xB0B4, 0xB0B4, prH2, gcLo},     //         HANGUL SYLLABLE NAE
+	{0xB0B5, 0xB0CF, prH3, gcLo},     //    [27] HANGUL SYLLABLE NAEG..HANGUL SYLLABLE NAEH
+	{0xB0D0, 0xB0D0, prH2, gcLo},     //         HANGUL SYLLABLE NYA
+	{0xB0D1, 0xB0EB, prH3, gcLo},     //    [27] HANGUL SYLLABLE NYAG..HANGUL SYLLABLE NYAH
+	{0xB0EC, 0xB0EC, prH2, gcLo},     //         HANGUL SYLLABLE NYAE
+	{0xB0ED, 0xB107, prH3, gcLo},     //    [27] HANGUL SYLLABLE NYAEG..HANGUL SYLLABLE NYAEH
+	{0xB108, 0xB108, prH2, gcLo},     //         HANGUL SYLLABLE NEO
+	{0xB109, 0xB123, prH3, gcLo},     //    [27] HANGUL SYLLABLE NEOG..HANGUL SYLLABLE NEOH
+	{0xB124, 0xB124, prH2, gcLo},     //         HANGUL SYLLABLE NE
+	{0xB125, 0xB13F, prH3, gcLo},     //    [27] HANGUL SYLLABLE NEG..HANGUL SYLLABLE NEH
+	{0xB140, 0xB140, prH2, gcLo},     //         HANGUL SYLLABLE NYEO
+	{0xB141, 0xB15B, prH3, gcLo},     //    [27] HANGUL SYLLABLE NYEOG..HANGUL SYLLABLE NYEOH
+	{0xB15C, 0xB15C, prH2, gcLo},     //         HANGUL SYLLABLE NYE
+	{0xB15D, 0xB177, prH3, gcLo},     //    [27] HANGUL SYLLABLE NYEG..HANGUL SYLLABLE NYEH
+	{0xB178, 0xB178, prH2, gcLo},     //         HANGUL SYLLABLE NO
+	{0xB179, 0xB193, prH3, gcLo},     //    [27] HANGUL SYLLABLE NOG..HANGUL SYLLABLE NOH
+	{0xB194, 0xB194, prH2, gcLo},     //         HANGUL SYLLABLE NWA
+	{0xB195, 0xB1AF, prH3, gcLo},     //    [27] HANGUL SYLLABLE NWAG..HANGUL SYLLABLE NWAH
+	{0xB1B0, 0xB1B0, prH2, gcLo},     //         HANGUL SYLLABLE NWAE
+	{0xB1B1, 0xB1CB, prH3, gcLo},     //    [27] HANGUL SYLLABLE NWAEG..HANGUL SYLLABLE NWAEH
+	{0xB1CC, 0xB1CC, prH2, gcLo},     //         HANGUL SYLLABLE NOE
+	{0xB1CD, 0xB1E7, prH3, gcLo},     //    [27] HANGUL SYLLABLE NOEG..HANGUL SYLLABLE NOEH
+	{0xB1E8, 0xB1E8, prH2, gcLo},     //         HANGUL SYLLABLE NYO
+	{0xB1E9, 0xB203, prH3, gcLo},     //    [27] HANGUL SYLLABLE NYOG..HANGUL SYLLABLE NYOH
+	{0xB204, 0xB204, prH2, gcLo},     //         HANGUL SYLLABLE NU
+	{0xB205, 0xB21F, prH3, gcLo},     //    [27] HANGUL SYLLABLE NUG..HANGUL SYLLABLE NUH
+	{0xB220, 0xB220, prH2, gcLo},     //         HANGUL SYLLABLE NWEO
+	{0xB221, 0xB23B, prH3, gcLo},     //    [27] HANGUL SYLLABLE NWEOG..HANGUL SYLLABLE NWEOH
+	{0xB23C, 0xB23C, prH2, gcLo},     //         HANGUL SYLLABLE NWE
+	{0xB23D, 0xB257, prH3, gcLo},     //    [27] HANGUL SYLLABLE NWEG..HANGUL SYLLABLE NWEH
+	{0xB258, 0xB258, prH2, gcLo},     //         HANGUL SYLLABLE NWI
+	{0xB259, 0xB273, prH3, gcLo},     //    [27] HANGUL SYLLABLE NWIG..HANGUL SYLLABLE NWIH
+	{0xB274, 0xB274, prH2, gcLo},     //         HANGUL SYLLABLE NYU
+	{0xB275, 0xB28F, prH3, gcLo},     //    [27] HANGUL SYLLABLE NYUG..HANGUL SYLLABLE NYUH
+	{0xB290, 0xB290, prH2, gcLo},     //         HANGUL SYLLABLE NEU
+	{0xB291, 0xB2AB, prH3, gcLo},     //    [27] HANGUL SYLLABLE NEUG..HANGUL SYLLABLE NEUH
+	{0xB2AC, 0xB2AC, prH2, gcLo},     //         HANGUL SYLLABLE NYI
+	{0xB2AD, 0xB2C7, prH3, gcLo},     //    [27] HANGUL SYLLABLE NYIG..HANGUL SYLLABLE NYIH
+	{0xB2C8, 0xB2C8, prH2, gcLo},     //         HANGUL SYLLABLE NI
+	{0xB2C9, 0xB2E3, prH3, gcLo},     //    [27] HANGUL SYLLABLE NIG..HANGUL SYLLABLE NIH
+	{0xB2E4, 0xB2E4, prH2, gcLo},     //         HANGUL SYLLABLE DA
+	{0xB2E5, 0xB2FF, prH3, gcLo},     //    [27] HANGUL SYLLABLE DAG..HANGUL SYLLABLE DAH
+	{0xB300, 0xB300, prH2, gcLo},     //         HANGUL SYLLABLE DAE
+	{0xB301, 0xB31B, prH3, gcLo},     //    [27] HANGUL SYLLABLE DAEG..HANGUL SYLLABLE DAEH
+	{0xB31C, 0xB31C, prH2, gcLo},     //         HANGUL SYLLABLE DYA
+	{0xB31D, 0xB337, prH3, gcLo},     //    [27] HANGUL SYLLABLE DYAG..HANGUL SYLLABLE DYAH
+	{0xB338, 0xB338, prH2, gcLo},     //         HANGUL SYLLABLE DYAE
+	{0xB339, 0xB353, prH3, gcLo},     //    [27] HANGUL SYLLABLE DYAEG..HANGUL SYLLABLE DYAEH
+	{0xB354, 0xB354, prH2, gcLo},     //         HANGUL SYLLABLE DEO
+	{0xB355, 0xB36F, prH3, gcLo},     //    [27] HANGUL SYLLABLE DEOG..HANGUL SYLLABLE DEOH
+	{0xB370, 0xB370, prH2, gcLo},     //         HANGUL SYLLABLE DE
+	{0xB371, 0xB38B, prH3, gcLo},     //    [27] HANGUL SYLLABLE DEG..HANGUL SYLLABLE DEH
+	{0xB38C, 0xB38C, prH2, gcLo},     //         HANGUL SYLLABLE DYEO
+	{0xB38D, 0xB3A7, prH3, gcLo},     //    [27] HANGUL SYLLABLE DYEOG..HANGUL SYLLABLE DYEOH
+	{0xB3A8, 0xB3A8, prH2, gcLo},     //         HANGUL SYLLABLE DYE
+	{0xB3A9, 0xB3C3, prH3, gcLo},     //    [27] HANGUL SYLLABLE DYEG..HANGUL SYLLABLE DYEH
+	{0xB3C4, 0xB3C4, prH2, gcLo},     //         HANGUL SYLLABLE DO
+	{0xB3C5, 0xB3DF, prH3, gcLo},     //    [27] HANGUL SYLLABLE DOG..HANGUL SYLLABLE DOH
+	{0xB3E0, 0xB3E0, prH2, gcLo},     //         HANGUL SYLLABLE DWA
+	{0xB3E1, 0xB3FB, prH3, gcLo},     //    [27] HANGUL SYLLABLE DWAG..HANGUL SYLLABLE DWAH
+	{0xB3FC, 0xB3FC, prH2, gcLo},     //         HANGUL SYLLABLE DWAE
+	{0xB3FD, 0xB417, prH3, gcLo},     //    [27] HANGUL SYLLABLE DWAEG..HANGUL SYLLABLE DWAEH
+	{0xB418, 0xB418, prH2, gcLo},     //         HANGUL SYLLABLE DOE
+	{0xB419, 0xB433, prH3, gcLo},     //    [27] HANGUL SYLLABLE DOEG..HANGUL SYLLABLE DOEH
+	{0xB434, 0xB434, prH2, gcLo},     //         HANGUL SYLLABLE DYO
+	{0xB435, 0xB44F, prH3, gcLo},     //    [27] HANGUL SYLLABLE DYOG..HANGUL SYLLABLE DYOH
+	{0xB450, 0xB450, prH2, gcLo},     //         HANGUL SYLLABLE DU
+	{0xB451, 0xB46B, prH3, gcLo},     //    [27] HANGUL SYLLABLE DUG..HANGUL SYLLABLE DUH
+	{0xB46C, 0xB46C, prH2, gcLo},     //         HANGUL SYLLABLE DWEO
+	{0xB46D, 0xB487, prH3, gcLo},     //    [27] HANGUL SYLLABLE DWEOG..HANGUL SYLLABLE DWEOH
+	{0xB488, 0xB488, prH2, gcLo},     //         HANGUL SYLLABLE DWE
+	{0xB489, 0xB4A3, prH3, gcLo},     //    [27] HANGUL SYLLABLE DWEG..HANGUL SYLLABLE DWEH
+	{0xB4A4, 0xB4A4, prH2, gcLo},     //         HANGUL SYLLABLE DWI
+	{0xB4A5, 0xB4BF, prH3, gcLo},     //    [27] HANGUL SYLLABLE DWIG..HANGUL SYLLABLE DWIH
+	{0xB4C0, 0xB4C0, prH2, gcLo},     //         HANGUL SYLLABLE DYU
+	{0xB4C1, 0xB4DB, prH3, gcLo},     //    [27] HANGUL SYLLABLE DYUG..HANGUL SYLLABLE DYUH
+	{0xB4DC, 0xB4DC, prH2, gcLo},     //         HANGUL SYLLABLE DEU
+	{0xB4DD, 0xB4F7, prH3, gcLo},     //    [27] HANGUL SYLLABLE DEUG..HANGUL SYLLABLE DEUH
+	{0xB4F8, 0xB4F8, prH2, gcLo},     //         HANGUL SYLLABLE DYI
+	{0xB4F9, 0xB513, prH3, gcLo},     //    [27] HANGUL SYLLABLE DYIG..HANGUL SYLLABLE DYIH
+	{0xB514, 0xB514, prH2, gcLo},     //         HANGUL SYLLABLE DI
+	{0xB515, 0xB52F, prH3, gcLo},     //    [27] HANGUL SYLLABLE DIG..HANGUL SYLLABLE DIH
+	{0xB530, 0xB530, prH2, gcLo},     //         HANGUL SYLLABLE DDA
+	{0xB531, 0xB54B, prH3, gcLo},     //    [27] HANGUL SYLLABLE DDAG..HANGUL SYLLABLE DDAH
+	{0xB54C, 0xB54C, prH2, gcLo},     //         HANGUL SYLLABLE DDAE
+	{0xB54D, 0xB567, prH3, gcLo},     //    [27] HANGUL SYLLABLE DDAEG..HANGUL SYLLABLE DDAEH
+	{0xB568, 0xB568, prH2, gcLo},     //         HANGUL SYLLABLE DDYA
+	{0xB569, 0xB583, prH3, gcLo},     //    [27] HANGUL SYLLABLE DDYAG..HANGUL SYLLABLE DDYAH
+	{0xB584, 0xB584, prH2, gcLo},     //         HANGUL SYLLABLE DDYAE
+	{0xB585, 0xB59F, prH3, gcLo},     //    [27] HANGUL SYLLABLE DDYAEG..HANGUL SYLLABLE DDYAEH
+	{0xB5A0, 0xB5A0, prH2, gcLo},     //         HANGUL SYLLABLE DDEO
+	{0xB5A1, 0xB5BB, prH3, gcLo},     //    [27] HANGUL SYLLABLE DDEOG..HANGUL SYLLABLE DDEOH
+	{0xB5BC, 0xB5BC, prH2, gcLo},     //         HANGUL SYLLABLE DDE
+	{0xB5BD, 0xB5D7, prH3, gcLo},     //    [27] HANGUL SYLLABLE DDEG..HANGUL SYLLABLE DDEH
+	{0xB5D8, 0xB5D8, prH2, gcLo},     //         HANGUL SYLLABLE DDYEO
+	{0xB5D9, 0xB5F3, prH3, gcLo},     //    [27] HANGUL SYLLABLE DDYEOG..HANGUL SYLLABLE DDYEOH
+	{0xB5F4, 0xB5F4, prH2, gcLo},     //         HANGUL SYLLABLE DDYE
+	{0xB5F5, 0xB60F, prH3, gcLo},     //    [27] HANGUL SYLLABLE DDYEG..HANGUL SYLLABLE DDYEH
+	{0xB610, 0xB610, prH2, gcLo},     //         HANGUL SYLLABLE DDO
+	{0xB611, 0xB62B, prH3, gcLo},     //    [27] HANGUL SYLLABLE DDOG..HANGUL SYLLABLE DDOH
+	{0xB62C, 0xB62C, prH2, gcLo},     //         HANGUL SYLLABLE DDWA
+	{0xB62D, 0xB647, prH3, gcLo},     //    [27] HANGUL SYLLABLE DDWAG..HANGUL SYLLABLE DDWAH
+	{0xB648, 0xB648, prH2, gcLo},     //         HANGUL SYLLABLE DDWAE
+	{0xB649, 0xB663, prH3, gcLo},     //    [27] HANGUL SYLLABLE DDWAEG..HANGUL SYLLABLE DDWAEH
+	{0xB664, 0xB664, prH2, gcLo},     //         HANGUL SYLLABLE DDOE
+	{0xB665, 0xB67F, prH3, gcLo},     //    [27] HANGUL SYLLABLE DDOEG..HANGUL SYLLABLE DDOEH
+	{0xB680, 0xB680, prH2, gcLo},     //         HANGUL SYLLABLE DDYO
+	{0xB681, 0xB69B, prH3, gcLo},     //    [27] HANGUL SYLLABLE DDYOG..HANGUL SYLLABLE DDYOH
+	{0xB69C, 0xB69C, prH2, gcLo},     //         HANGUL SYLLABLE DDU
+	{0xB69D, 0xB6B7, prH3, gcLo},     //    [27] HANGUL SYLLABLE DDUG..HANGUL SYLLABLE DDUH
+	{0xB6B8, 0xB6B8, prH2, gcLo},     //         HANGUL SYLLABLE DDWEO
+	{0xB6B9, 0xB6D3, prH3, gcLo},     //    [27] HANGUL SYLLABLE DDWEOG..HANGUL SYLLABLE DDWEOH
+	{0xB6D4, 0xB6D4, prH2, gcLo},     //         HANGUL SYLLABLE DDWE
+	{0xB6D5, 0xB6EF, prH3, gcLo},     //    [27] HANGUL SYLLABLE DDWEG..HANGUL SYLLABLE DDWEH
+	{0xB6F0, 0xB6F0, prH2, gcLo},     //         HANGUL SYLLABLE DDWI
+	{0xB6F1, 0xB70B, prH3, gcLo},     //    [27] HANGUL SYLLABLE DDWIG..HANGUL SYLLABLE DDWIH
+	{0xB70C, 0xB70C, prH2, gcLo},     //         HANGUL SYLLABLE DDYU
+	{0xB70D, 0xB727, prH3, gcLo},     //    [27] HANGUL SYLLABLE DDYUG..HANGUL SYLLABLE DDYUH
+	{0xB728, 0xB728, prH2, gcLo},     //         HANGUL SYLLABLE DDEU
+	{0xB729, 0xB743, prH3, gcLo},     //    [27] HANGUL SYLLABLE DDEUG..HANGUL SYLLABLE DDEUH
+	{0xB744, 0xB744, prH2, gcLo},     //         HANGUL SYLLABLE DDYI
+	{0xB745, 0xB75F, prH3, gcLo},     //    [27] HANGUL SYLLABLE DDYIG..HANGUL SYLLABLE DDYIH
+	{0xB760, 0xB760, prH2, gcLo},     //         HANGUL SYLLABLE DDI
+	{0xB761, 0xB77B, prH3, gcLo},     //    [27] HANGUL SYLLABLE DDIG..HANGUL SYLLABLE DDIH
+	{0xB77C, 0xB77C, prH2, gcLo},     //         HANGUL SYLLABLE RA
+	{0xB77D, 0xB797, prH3, gcLo},     //    [27] HANGUL SYLLABLE RAG..HANGUL SYLLABLE RAH
+	{0xB798, 0xB798, prH2, gcLo},     //         HANGUL SYLLABLE RAE
+	{0xB799, 0xB7B3, prH3, gcLo},     //    [27] HANGUL SYLLABLE RAEG..HANGUL SYLLABLE RAEH
+	{0xB7B4, 0xB7B4, prH2, gcLo},     //         HANGUL SYLLABLE RYA
+	{0xB7B5, 0xB7CF, prH3, gcLo},     //    [27] HANGUL SYLLABLE RYAG..HANGUL SYLLABLE RYAH
+	{0xB7D0, 0xB7D0, prH2, gcLo},     //         HANGUL SYLLABLE RYAE
+	{0xB7D1, 0xB7EB, prH3, gcLo},     //    [27] HANGUL SYLLABLE RYAEG..HANGUL SYLLABLE RYAEH
+	{0xB7EC, 0xB7EC, prH2, gcLo},     //         HANGUL SYLLABLE REO
+	{0xB7ED, 0xB807, prH3, gcLo},     //    [27] HANGUL SYLLABLE REOG..HANGUL SYLLABLE REOH
+	{0xB808, 0xB808, prH2, gcLo},     //         HANGUL SYLLABLE RE
+	{0xB809, 0xB823, prH3, gcLo},     //    [27] HANGUL SYLLABLE REG..HANGUL SYLLABLE REH
+	{0xB824, 0xB824, prH2, gcLo},     //         HANGUL SYLLABLE RYEO
+	{0xB825, 0xB83F, prH3, gcLo},     //    [27] HANGUL SYLLABLE RYEOG..HANGUL SYLLABLE RYEOH
+	{0xB840, 0xB840, prH2, gcLo},     //         HANGUL SYLLABLE RYE
+	{0xB841, 0xB85B, prH3, gcLo},     //    [27] HANGUL SYLLABLE RYEG..HANGUL SYLLABLE RYEH
+	{0xB85C, 0xB85C, prH2, gcLo},     //         HANGUL SYLLABLE RO
+	{0xB85D, 0xB877, prH3, gcLo},     //    [27] HANGUL SYLLABLE ROG..HANGUL SYLLABLE ROH
+	{0xB878, 0xB878, prH2, gcLo},     //         HANGUL SYLLABLE RWA
+	{0xB879, 0xB893, prH3, gcLo},     //    [27] HANGUL SYLLABLE RWAG..HANGUL SYLLABLE RWAH
+	{0xB894, 0xB894, prH2, gcLo},     //         HANGUL SYLLABLE RWAE
+	{0xB895, 0xB8AF, prH3, gcLo},     //    [27] HANGUL SYLLABLE RWAEG..HANGUL SYLLABLE RWAEH
+	{0xB8B0, 0xB8B0, prH2, gcLo},     //         HANGUL SYLLABLE ROE
+	{0xB8B1, 0xB8CB, prH3, gcLo},     //    [27] HANGUL SYLLABLE ROEG..HANGUL SYLLABLE ROEH
+	{0xB8CC, 0xB8CC, prH2, gcLo},     //         HANGUL SYLLABLE RYO
+	{0xB8CD, 0xB8E7, prH3, gcLo},     //    [27] HANGUL SYLLABLE RYOG..HANGUL SYLLABLE RYOH
+	{0xB8E8, 0xB8E8, prH2, gcLo},     //         HANGUL SYLLABLE RU
+	{0xB8E9, 0xB903, prH3, gcLo},     //    [27] HANGUL SYLLABLE RUG..HANGUL SYLLABLE RUH
+	{0xB904, 0xB904, prH2, gcLo},     //         HANGUL SYLLABLE RWEO
+	{0xB905, 0xB91F, prH3, gcLo},     //    [27] HANGUL SYLLABLE RWEOG..HANGUL SYLLABLE RWEOH
+	{0xB920, 0xB920, prH2, gcLo},     //         HANGUL SYLLABLE RWE
+	{0xB921, 0xB93B, prH3, gcLo},     //    [27] HANGUL SYLLABLE RWEG..HANGUL SYLLABLE RWEH
+	{0xB93C, 0xB93C, prH2, gcLo},     //         HANGUL SYLLABLE RWI
+	{0xB93D, 0xB957, prH3, gcLo},     //    [27] HANGUL SYLLABLE RWIG..HANGUL SYLLABLE RWIH
+	{0xB958, 0xB958, prH2, gcLo},     //         HANGUL SYLLABLE RYU
+	{0xB959, 0xB973, prH3, gcLo},     //    [27] HANGUL SYLLABLE RYUG..HANGUL SYLLABLE RYUH
+	{0xB974, 0xB974, prH2, gcLo},     //         HANGUL SYLLABLE REU
+	{0xB975, 0xB98F, prH3, gcLo},     //    [27] HANGUL SYLLABLE REUG..HANGUL SYLLABLE REUH
+	{0xB990, 0xB990, prH2, gcLo},     //         HANGUL SYLLABLE RYI
+	{0xB991, 0xB9AB, prH3, gcLo},     //    [27] HANGUL SYLLABLE RYIG..HANGUL SYLLABLE RYIH
+	{0xB9AC, 0xB9AC, prH2, gcLo},     //         HANGUL SYLLABLE RI
+	{0xB9AD, 0xB9C7, prH3, gcLo},     //    [27] HANGUL SYLLABLE RIG..HANGUL SYLLABLE RIH
+	{0xB9C8, 0xB9C8, prH2, gcLo},     //         HANGUL SYLLABLE MA
+	{0xB9C9, 0xB9E3, prH3, gcLo},     //    [27] HANGUL SYLLABLE MAG..HANGUL SYLLABLE MAH
+	{0xB9E4, 0xB9E4, prH2, gcLo},     //         HANGUL SYLLABLE MAE
+	{0xB9E5, 0xB9FF, prH3, gcLo},     //    [27] HANGUL SYLLABLE MAEG..HANGUL SYLLABLE MAEH
+	{0xBA00, 0xBA00, prH2, gcLo},     //         HANGUL SYLLABLE MYA
+	{0xBA01, 0xBA1B, prH3, gcLo},     //    [27] HANGUL SYLLABLE MYAG..HANGUL SYLLABLE MYAH
+	{0xBA1C, 0xBA1C, prH2, gcLo},     //         HANGUL SYLLABLE MYAE
+	{0xBA1D, 0xBA37, prH3, gcLo},     //    [27] HANGUL SYLLABLE MYAEG..HANGUL SYLLABLE MYAEH
+	{0xBA38, 0xBA38, prH2, gcLo},     //         HANGUL SYLLABLE MEO
+	{0xBA39, 0xBA53, prH3, gcLo},     //    [27] HANGUL SYLLABLE MEOG..HANGUL SYLLABLE MEOH
+	{0xBA54, 0xBA54, prH2, gcLo},     //         HANGUL SYLLABLE ME
+	{0xBA55, 0xBA6F, prH3, gcLo},     //    [27] HANGUL SYLLABLE MEG..HANGUL SYLLABLE MEH
+	{0xBA70, 0xBA70, prH2, gcLo},     //         HANGUL SYLLABLE MYEO
+	{0xBA71, 0xBA8B, prH3, gcLo},     //    [27] HANGUL SYLLABLE MYEOG..HANGUL SYLLABLE MYEOH
+	{0xBA8C, 0xBA8C, prH2, gcLo},     //         HANGUL SYLLABLE MYE
+	{0xBA8D, 0xBAA7, prH3, gcLo},     //    [27] HANGUL SYLLABLE MYEG..HANGUL SYLLABLE MYEH
+	{0xBAA8, 0xBAA8, prH2, gcLo},     //         HANGUL SYLLABLE MO
+	{0xBAA9, 0xBAC3, prH3, gcLo},     //    [27] HANGUL SYLLABLE MOG..HANGUL SYLLABLE MOH
+	{0xBAC4, 0xBAC4, prH2, gcLo},     //         HANGUL SYLLABLE MWA
+	{0xBAC5, 0xBADF, prH3, gcLo},     //    [27] HANGUL SYLLABLE MWAG..HANGUL SYLLABLE MWAH
+	{0xBAE0, 0xBAE0, prH2, gcLo},     //         HANGUL SYLLABLE MWAE
+	{0xBAE1, 0xBAFB, prH3, gcLo},     //    [27] HANGUL SYLLABLE MWAEG..HANGUL SYLLABLE MWAEH
+	{0xBAFC, 0xBAFC, prH2, gcLo},     //         HANGUL SYLLABLE MOE
+	{0xBAFD, 0xBB17, prH3, gcLo},     //    [27] HANGUL SYLLABLE MOEG..HANGUL SYLLABLE MOEH
+	{0xBB18, 0xBB18, prH2, gcLo},     //         HANGUL SYLLABLE MYO
+	{0xBB19, 0xBB33, prH3, gcLo},     //    [27] HANGUL SYLLABLE MYOG..HANGUL SYLLABLE MYOH
+	{0xBB34, 0xBB34, prH2, gcLo},     //         HANGUL SYLLABLE MU
+	{0xBB35, 0xBB4F, prH3, gcLo},     //    [27] HANGUL SYLLABLE MUG..HANGUL SYLLABLE MUH
+	{0xBB50, 0xBB50, prH2, gcLo},     //         HANGUL SYLLABLE MWEO
+	{0xBB51, 0xBB6B, prH3, gcLo},     //    [27] HANGUL SYLLABLE MWEOG..HANGUL SYLLABLE MWEOH
+	{0xBB6C, 0xBB6C, prH2, gcLo},     //         HANGUL SYLLABLE MWE
+	{0xBB6D, 0xBB87, prH3, gcLo},     //    [27] HANGUL SYLLABLE MWEG..HANGUL SYLLABLE MWEH
+	{0xBB88, 0xBB88, prH2, gcLo},     //         HANGUL SYLLABLE MWI
+	{0xBB89, 0xBBA3, prH3, gcLo},     //    [27] HANGUL SYLLABLE MWIG..HANGUL SYLLABLE MWIH
+	{0xBBA4, 0xBBA4, prH2, gcLo},     //         HANGUL SYLLABLE MYU
+	{0xBBA5, 0xBBBF, prH3, gcLo},     //    [27] HANGUL SYLLABLE MYUG..HANGUL SYLLABLE MYUH
+	{0xBBC0, 0xBBC0, prH2, gcLo},     //         HANGUL SYLLABLE MEU
+	{0xBBC1, 0xBBDB, prH3, gcLo},     //    [27] HANGUL SYLLABLE MEUG..HANGUL SYLLABLE MEUH
+	{0xBBDC, 0xBBDC, prH2, gcLo},     //         HANGUL SYLLABLE MYI
+	{0xBBDD, 0xBBF7, prH3, gcLo},     //    [27] HANGUL SYLLABLE MYIG..HANGUL SYLLABLE MYIH
+	{0xBBF8, 0xBBF8, prH2, gcLo},     //         HANGUL SYLLABLE MI
+	{0xBBF9, 0xBC13, prH3, gcLo},     //    [27] HANGUL SYLLABLE MIG..HANGUL SYLLABLE MIH
+	{0xBC14, 0xBC14, prH2, gcLo},     //         HANGUL SYLLABLE BA
+	{0xBC15, 0xBC2F, prH3, gcLo},     //    [27] HANGUL SYLLABLE BAG..HANGUL SYLLABLE BAH
+	{0xBC30, 0xBC30, prH2, gcLo},     //         HANGUL SYLLABLE BAE
+	{0xBC31, 0xBC4B, prH3, gcLo},     //    [27] HANGUL SYLLABLE BAEG..HANGUL SYLLABLE BAEH
+	{0xBC4C, 0xBC4C, prH2, gcLo},     //         HANGUL SYLLABLE BYA
+	{0xBC4D, 0xBC67, prH3, gcLo},     //    [27] HANGUL SYLLABLE BYAG..HANGUL SYLLABLE BYAH
+	{0xBC68, 0xBC68, prH2, gcLo},     //         HANGUL SYLLABLE BYAE
+	{0xBC69, 0xBC83, prH3, gcLo},     //    [27] HANGUL SYLLABLE BYAEG..HANGUL SYLLABLE BYAEH
+	{0xBC84, 0xBC84, prH2, gcLo},     //         HANGUL SYLLABLE BEO
+	{0xBC85, 0xBC9F, prH3, gcLo},     //    [27] HANGUL SYLLABLE BEOG..HANGUL SYLLABLE BEOH
+	{0xBCA0, 0xBCA0, prH2, gcLo},     //         HANGUL SYLLABLE BE
+	{0xBCA1, 0xBCBB, prH3, gcLo},     //    [27] HANGUL SYLLABLE BEG..HANGUL SYLLABLE BEH
+	{0xBCBC, 0xBCBC, prH2, gcLo},     //         HANGUL SYLLABLE BYEO
+	{0xBCBD, 0xBCD7, prH3, gcLo},     //    [27] HANGUL SYLLABLE BYEOG..HANGUL SYLLABLE BYEOH
+	{0xBCD8, 0xBCD8, prH2, gcLo},     //         HANGUL SYLLABLE BYE
+	{0xBCD9, 0xBCF3, prH3, gcLo},     //    [27] HANGUL SYLLABLE BYEG..HANGUL SYLLABLE BYEH
+	{0xBCF4, 0xBCF4, prH2, gcLo},     //         HANGUL SYLLABLE BO
+	{0xBCF5, 0xBD0F, prH3, gcLo},     //    [27] HANGUL SYLLABLE BOG..HANGUL SYLLABLE BOH
+	{0xBD10, 0xBD10, prH2, gcLo},     //         HANGUL SYLLABLE BWA
+	{0xBD11, 0xBD2B, prH3, gcLo},     //    [27] HANGUL SYLLABLE BWAG..HANGUL SYLLABLE BWAH
+	{0xBD2C, 0xBD2C, prH2, gcLo},     //         HANGUL SYLLABLE BWAE
+	{0xBD2D, 0xBD47, prH3, gcLo},     //    [27] HANGUL SYLLABLE BWAEG..HANGUL SYLLABLE BWAEH
+	{0xBD48, 0xBD48, prH2, gcLo},     //         HANGUL SYLLABLE BOE
+	{0xBD49, 0xBD63, prH3, gcLo},     //    [27] HANGUL SYLLABLE BOEG..HANGUL SYLLABLE BOEH
+	{0xBD64, 0xBD64, prH2, gcLo},     //         HANGUL SYLLABLE BYO
+	{0xBD65, 0xBD7F, prH3, gcLo},     //    [27] HANGUL SYLLABLE BYOG..HANGUL SYLLABLE BYOH
+	{0xBD80, 0xBD80, prH2, gcLo},     //         HANGUL SYLLABLE BU
+	{0xBD81, 0xBD9B, prH3, gcLo},     //    [27] HANGUL SYLLABLE BUG..HANGUL SYLLABLE BUH
+	{0xBD9C, 0xBD9C, prH2, gcLo},     //         HANGUL SYLLABLE BWEO
+	{0xBD9D, 0xBDB7, prH3, gcLo},     //    [27] HANGUL SYLLABLE BWEOG..HANGUL SYLLABLE BWEOH
+	{0xBDB8, 0xBDB8, prH2, gcLo},     //         HANGUL SYLLABLE BWE
+	{0xBDB9, 0xBDD3, prH3, gcLo},     //    [27] HANGUL SYLLABLE BWEG..HANGUL SYLLABLE BWEH
+	{0xBDD4, 0xBDD4, prH2, gcLo},     //         HANGUL SYLLABLE BWI
+	{0xBDD5, 0xBDEF, prH3, gcLo},     //    [27] HANGUL SYLLABLE BWIG..HANGUL SYLLABLE BWIH
+	{0xBDF0, 0xBDF0, prH2, gcLo},     //         HANGUL SYLLABLE BYU
+	{0xBDF1, 0xBE0B, prH3, gcLo},     //    [27] HANGUL SYLLABLE BYUG..HANGUL SYLLABLE BYUH
+	{0xBE0C, 0xBE0C, prH2, gcLo},     //         HANGUL SYLLABLE BEU
+	{0xBE0D, 0xBE27, prH3, gcLo},     //    [27] HANGUL SYLLABLE BEUG..HANGUL SYLLABLE BEUH
+	{0xBE28, 0xBE28, prH2, gcLo},     //         HANGUL SYLLABLE BYI
+	{0xBE29, 0xBE43, prH3, gcLo},     //    [27] HANGUL SYLLABLE BYIG..HANGUL SYLLABLE BYIH
+	{0xBE44, 0xBE44, prH2, gcLo},     //         HANGUL SYLLABLE BI
+	{0xBE45, 0xBE5F, prH3, gcLo},     //    [27] HANGUL SYLLABLE BIG..HANGUL SYLLABLE BIH
+	{0xBE60, 0xBE60, prH2, gcLo},     //         HANGUL SYLLABLE BBA
+	{0xBE61, 0xBE7B, prH3, gcLo},     //    [27] HANGUL SYLLABLE BBAG..HANGUL SYLLABLE BBAH
+	{0xBE7C, 0xBE7C, prH2, gcLo},     //         HANGUL SYLLABLE BBAE
+	{0xBE7D, 0xBE97, prH3, gcLo},     //    [27] HANGUL SYLLABLE BBAEG..HANGUL SYLLABLE BBAEH
+	{0xBE98, 0xBE98, prH2, gcLo},     //         HANGUL SYLLABLE BBYA
+	{0xBE99, 0xBEB3, prH3, gcLo},     //    [27] HANGUL SYLLABLE BBYAG..HANGUL SYLLABLE BBYAH
+	{0xBEB4, 0xBEB4, prH2, gcLo},     //         HANGUL SYLLABLE BBYAE
+	{0xBEB5, 0xBECF, prH3, gcLo},     //    [27] HANGUL SYLLABLE BBYAEG..HANGUL SYLLABLE BBYAEH
+	{0xBED0, 0xBED0, prH2, gcLo},     //         HANGUL SYLLABLE BBEO
+	{0xBED1, 0xBEEB, prH3, gcLo},     //    [27] HANGUL SYLLABLE BBEOG..HANGUL SYLLABLE BBEOH
+	{0xBEEC, 0xBEEC, prH2, gcLo},     //         HANGUL SYLLABLE BBE
+	{0xBEED, 0xBF07, prH3, gcLo},     //    [27] HANGUL SYLLABLE BBEG..HANGUL SYLLABLE BBEH
+	{0xBF08, 0xBF08, prH2, gcLo},     //         HANGUL SYLLABLE BBYEO
+	{0xBF09, 0xBF23, prH3, gcLo},     //    [27] HANGUL SYLLABLE BBYEOG..HANGUL SYLLABLE BBYEOH
+	{0xBF24, 0xBF24, prH2, gcLo},     //         HANGUL SYLLABLE BBYE
+	{0xBF25, 0xBF3F, prH3, gcLo},     //    [27] HANGUL SYLLABLE BBYEG..HANGUL SYLLABLE BBYEH
+	{0xBF40, 0xBF40, prH2, gcLo},     //         HANGUL SYLLABLE BBO
+	{0xBF41, 0xBF5B, prH3, gcLo},     //    [27] HANGUL SYLLABLE BBOG..HANGUL SYLLABLE BBOH
+	{0xBF5C, 0xBF5C, prH2, gcLo},     //         HANGUL SYLLABLE BBWA
+	{0xBF5D, 0xBF77, prH3, gcLo},     //    [27] HANGUL SYLLABLE BBWAG..HANGUL SYLLABLE BBWAH
+	{0xBF78, 0xBF78, prH2, gcLo},     //         HANGUL SYLLABLE BBWAE
+	{0xBF79, 0xBF93, prH3, gcLo},     //    [27] HANGUL SYLLABLE BBWAEG..HANGUL SYLLABLE BBWAEH
+	{0xBF94, 0xBF94, prH2, gcLo},     //         HANGUL SYLLABLE BBOE
+	{0xBF95, 0xBFAF, prH3, gcLo},     //    [27] HANGUL SYLLABLE BBOEG..HANGUL SYLLABLE BBOEH
+	{0xBFB0, 0xBFB0, prH2, gcLo},     //         HANGUL SYLLABLE BBYO
+	{0xBFB1, 0xBFCB, prH3, gcLo},     //    [27] HANGUL SYLLABLE BBYOG..HANGUL SYLLABLE BBYOH
+	{0xBFCC, 0xBFCC, prH2, gcLo},     //         HANGUL SYLLABLE BBU
+	{0xBFCD, 0xBFE7, prH3, gcLo},     //    [27] HANGUL SYLLABLE BBUG..HANGUL SYLLABLE BBUH
+	{0xBFE8, 0xBFE8, prH2, gcLo},     //         HANGUL SYLLABLE BBWEO
+	{0xBFE9, 0xC003, prH3, gcLo},     //    [27] HANGUL SYLLABLE BBWEOG..HANGUL SYLLABLE BBWEOH
+	{0xC004, 0xC004, prH2, gcLo},     //         HANGUL SYLLABLE BBWE
+	{0xC005, 0xC01F, prH3, gcLo},     //    [27] HANGUL SYLLABLE BBWEG..HANGUL SYLLABLE BBWEH
+	{0xC020, 0xC020, prH2, gcLo},     //         HANGUL SYLLABLE BBWI
+	{0xC021, 0xC03B, prH3, gcLo},     //    [27] HANGUL SYLLABLE BBWIG..HANGUL SYLLABLE BBWIH
+	{0xC03C, 0xC03C, prH2, gcLo},     //         HANGUL SYLLABLE BBYU
+	{0xC03D, 0xC057, prH3, gcLo},     //    [27] HANGUL SYLLABLE BBYUG..HANGUL SYLLABLE BBYUH
+	{0xC058, 0xC058, prH2, gcLo},     //         HANGUL SYLLABLE BBEU
+	{0xC059, 0xC073, prH3, gcLo},     //    [27] HANGUL SYLLABLE BBEUG..HANGUL SYLLABLE BBEUH
+	{0xC074, 0xC074, prH2, gcLo},     //         HANGUL SYLLABLE BBYI
+	{0xC075, 0xC08F, prH3, gcLo},     //    [27] HANGUL SYLLABLE BBYIG..HANGUL SYLLABLE BBYIH
+	{0xC090, 0xC090, prH2, gcLo},     //         HANGUL SYLLABLE BBI
+	{0xC091, 0xC0AB, prH3, gcLo},     //    [27] HANGUL SYLLABLE BBIG..HANGUL SYLLABLE BBIH
+	{0xC0AC, 0xC0AC, prH2, gcLo},     //         HANGUL SYLLABLE SA
+	{0xC0AD, 0xC0C7, prH3, gcLo},     //    [27] HANGUL SYLLABLE SAG..HANGUL SYLLABLE SAH
+	{0xC0C8, 0xC0C8, prH2, gcLo},     //         HANGUL SYLLABLE SAE
+	{0xC0C9, 0xC0E3, prH3, gcLo},     //    [27] HANGUL SYLLABLE SAEG..HANGUL SYLLABLE SAEH
+	{0xC0E4, 0xC0E4, prH2, gcLo},     //         HANGUL SYLLABLE SYA
+	{0xC0E5, 0xC0FF, prH3, gcLo},     //    [27] HANGUL SYLLABLE SYAG..HANGUL SYLLABLE SYAH
+	{0xC100, 0xC100, prH2, gcLo},     //         HANGUL SYLLABLE SYAE
+	{0xC101, 0xC11B, prH3, gcLo},     //    [27] HANGUL SYLLABLE SYAEG..HANGUL SYLLABLE SYAEH
+	{0xC11C, 0xC11C, prH2, gcLo},     //         HANGUL SYLLABLE SEO
+	{0xC11D, 0xC137, prH3, gcLo},     //    [27] HANGUL SYLLABLE SEOG..HANGUL SYLLABLE SEOH
+	{0xC138, 0xC138, prH2, gcLo},     //         HANGUL SYLLABLE SE
+	{0xC139, 0xC153, prH3, gcLo},     //    [27] HANGUL SYLLABLE SEG..HANGUL SYLLABLE SEH
+	{0xC154, 0xC154, prH2, gcLo},     //         HANGUL SYLLABLE SYEO
+	{0xC155, 0xC16F, prH3, gcLo},     //    [27] HANGUL SYLLABLE SYEOG..HANGUL SYLLABLE SYEOH
+	{0xC170, 0xC170, prH2, gcLo},     //         HANGUL SYLLABLE SYE
+	{0xC171, 0xC18B, prH3, gcLo},     //    [27] HANGUL SYLLABLE SYEG..HANGUL SYLLABLE SYEH
+	{0xC18C, 0xC18C, prH2, gcLo},     //         HANGUL SYLLABLE SO
+	{0xC18D, 0xC1A7, prH3, gcLo},     //    [27] HANGUL SYLLABLE SOG..HANGUL SYLLABLE SOH
+	{0xC1A8, 0xC1A8, prH2, gcLo},     //         HANGUL SYLLABLE SWA
+	{0xC1A9, 0xC1C3, prH3, gcLo},     //    [27] HANGUL SYLLABLE SWAG..HANGUL SYLLABLE SWAH
+	{0xC1C4, 0xC1C4, prH2, gcLo},     //         HANGUL SYLLABLE SWAE
+	{0xC1C5, 0xC1DF, prH3, gcLo},     //    [27] HANGUL SYLLABLE SWAEG..HANGUL SYLLABLE SWAEH
+	{0xC1E0, 0xC1E0, prH2, gcLo},     //         HANGUL SYLLABLE SOE
+	{0xC1E1, 0xC1FB, prH3, gcLo},     //    [27] HANGUL SYLLABLE SOEG..HANGUL SYLLABLE SOEH
+	{0xC1FC, 0xC1FC, prH2, gcLo},     //         HANGUL SYLLABLE SYO
+	{0xC1FD, 0xC217, prH3, gcLo},     //    [27] HANGUL SYLLABLE SYOG..HANGUL SYLLABLE SYOH
+	{0xC218, 0xC218, prH2, gcLo},     //         HANGUL SYLLABLE SU
+	{0xC219, 0xC233, prH3, gcLo},     //    [27] HANGUL SYLLABLE SUG..HANGUL SYLLABLE SUH
+	{0xC234, 0xC234, prH2, gcLo},     //         HANGUL SYLLABLE SWEO
+	{0xC235, 0xC24F, prH3, gcLo},     //    [27] HANGUL SYLLABLE SWEOG..HANGUL SYLLABLE SWEOH
+	{0xC250, 0xC250, prH2, gcLo},     //         HANGUL SYLLABLE SWE
+	{0xC251, 0xC26B, prH3, gcLo},     //    [27] HANGUL SYLLABLE SWEG..HANGUL SYLLABLE SWEH
+	{0xC26C, 0xC26C, prH2, gcLo},     //         HANGUL SYLLABLE SWI
+	{0xC26D, 0xC287, prH3, gcLo},     //    [27] HANGUL SYLLABLE SWIG..HANGUL SYLLABLE SWIH
+	{0xC288, 0xC288, prH2, gcLo},     //         HANGUL SYLLABLE SYU
+	{0xC289, 0xC2A3, prH3, gcLo},     //    [27] HANGUL SYLLABLE SYUG..HANGUL SYLLABLE SYUH
+	{0xC2A4, 0xC2A4, prH2, gcLo},     //         HANGUL SYLLABLE SEU
+	{0xC2A5, 0xC2BF, prH3, gcLo},     //    [27] HANGUL SYLLABLE SEUG..HANGUL SYLLABLE SEUH
+	{0xC2C0, 0xC2C0, prH2, gcLo},     //         HANGUL SYLLABLE SYI
+	{0xC2C1, 0xC2DB, prH3, gcLo},     //    [27] HANGUL SYLLABLE SYIG..HANGUL SYLLABLE SYIH
+	{0xC2DC, 0xC2DC, prH2, gcLo},     //         HANGUL SYLLABLE SI
+	{0xC2DD, 0xC2F7, prH3, gcLo},     //    [27] HANGUL SYLLABLE SIG..HANGUL SYLLABLE SIH
+	{0xC2F8, 0xC2F8, prH2, gcLo},     //         HANGUL SYLLABLE SSA
+	{0xC2F9, 0xC313, prH3, gcLo},     //    [27] HANGUL SYLLABLE SSAG..HANGUL SYLLABLE SSAH
+	{0xC314, 0xC314, prH2, gcLo},     //         HANGUL SYLLABLE SSAE
+	{0xC315, 0xC32F, prH3, gcLo},     //    [27] HANGUL SYLLABLE SSAEG..HANGUL SYLLABLE SSAEH
+	{0xC330, 0xC330, prH2, gcLo},     //         HANGUL SYLLABLE SSYA
+	{0xC331, 0xC34B, prH3, gcLo},     //    [27] HANGUL SYLLABLE SSYAG..HANGUL SYLLABLE SSYAH
+	{0xC34C, 0xC34C, prH2, gcLo},     //         HANGUL SYLLABLE SSYAE
+	{0xC34D, 0xC367, prH3, gcLo},     //    [27] HANGUL SYLLABLE SSYAEG..HANGUL SYLLABLE SSYAEH
+	{0xC368, 0xC368, prH2, gcLo},     //         HANGUL SYLLABLE SSEO
+	{0xC369, 0xC383, prH3, gcLo},     //    [27] HANGUL SYLLABLE SSEOG..HANGUL SYLLABLE SSEOH
+	{0xC384, 0xC384, prH2, gcLo},     //         HANGUL SYLLABLE SSE
+	{0xC385, 0xC39F, prH3, gcLo},     //    [27] HANGUL SYLLABLE SSEG..HANGUL SYLLABLE SSEH
+	{0xC3A0, 0xC3A0, prH2, gcLo},     //         HANGUL SYLLABLE SSYEO
+	{0xC3A1, 0xC3BB, prH3, gcLo},     //    [27] HANGUL SYLLABLE SSYEOG..HANGUL SYLLABLE SSYEOH
+	{0xC3BC, 0xC3BC, prH2, gcLo},     //         HANGUL SYLLABLE SSYE
+	{0xC3BD, 0xC3D7, prH3, gcLo},     //    [27] HANGUL SYLLABLE SSYEG..HANGUL SYLLABLE SSYEH
+	{0xC3D8, 0xC3D8, prH2, gcLo},     //         HANGUL SYLLABLE SSO
+	{0xC3D9, 0xC3F3, prH3, gcLo},     //    [27] HANGUL SYLLABLE SSOG..HANGUL SYLLABLE SSOH
+	{0xC3F4, 0xC3F4, prH2, gcLo},     //         HANGUL SYLLABLE SSWA
+	{0xC3F5, 0xC40F, prH3, gcLo},     //    [27] HANGUL SYLLABLE SSWAG..HANGUL SYLLABLE SSWAH
+	{0xC410, 0xC410, prH2, gcLo},     //         HANGUL SYLLABLE SSWAE
+	{0xC411, 0xC42B, prH3, gcLo},     //    [27] HANGUL SYLLABLE SSWAEG..HANGUL SYLLABLE SSWAEH
+	{0xC42C, 0xC42C, prH2, gcLo},     //         HANGUL SYLLABLE SSOE
+	{0xC42D, 0xC447, prH3, gcLo},     //    [27] HANGUL SYLLABLE SSOEG..HANGUL SYLLABLE SSOEH
+	{0xC448, 0xC448, prH2, gcLo},     //         HANGUL SYLLABLE SSYO
+	{0xC449, 0xC463, prH3, gcLo},     //    [27] HANGUL SYLLABLE SSYOG..HANGUL SYLLABLE SSYOH
+	{0xC464, 0xC464, prH2, gcLo},     //         HANGUL SYLLABLE SSU
+	{0xC465, 0xC47F, prH3, gcLo},     //    [27] HANGUL SYLLABLE SSUG..HANGUL SYLLABLE SSUH
+	{0xC480, 0xC480, prH2, gcLo},     //         HANGUL SYLLABLE SSWEO
+	{0xC481, 0xC49B, prH3, gcLo},     //    [27] HANGUL SYLLABLE SSWEOG..HANGUL SYLLABLE SSWEOH
+	{0xC49C, 0xC49C, prH2, gcLo},     //         HANGUL SYLLABLE SSWE
+	{0xC49D, 0xC4B7, prH3, gcLo},     //    [27] HANGUL SYLLABLE SSWEG..HANGUL SYLLABLE SSWEH
+	{0xC4B8, 0xC4B8, prH2, gcLo},     //         HANGUL SYLLABLE SSWI
+	{0xC4B9, 0xC4D3, prH3, gcLo},     //    [27] HANGUL SYLLABLE SSWIG..HANGUL SYLLABLE SSWIH
+	{0xC4D4, 0xC4D4, prH2, gcLo},     //         HANGUL SYLLABLE SSYU
+	{0xC4D5, 0xC4EF, prH3, gcLo},     //    [27] HANGUL SYLLABLE SSYUG..HANGUL SYLLABLE SSYUH
+	{0xC4F0, 0xC4F0, prH2, gcLo},     //         HANGUL SYLLABLE SSEU
+	{0xC4F1, 0xC50B, prH3, gcLo},     //    [27] HANGUL SYLLABLE SSEUG..HANGUL SYLLABLE SSEUH
+	{0xC50C, 0xC50C, prH2, gcLo},     //         HANGUL SYLLABLE SSYI
+	{0xC50D, 0xC527, prH3, gcLo},     //    [27] HANGUL SYLLABLE SSYIG..HANGUL SYLLABLE SSYIH
+	{0xC528, 0xC528, prH2, gcLo},     //         HANGUL SYLLABLE SSI
+	{0xC529, 0xC543, prH3, gcLo},     //    [27] HANGUL SYLLABLE SSIG..HANGUL SYLLABLE SSIH
+	{0xC544, 0xC544, prH2, gcLo},     //         HANGUL SYLLABLE A
+	{0xC545, 0xC55F, prH3, gcLo},     //    [27] HANGUL SYLLABLE AG..HANGUL SYLLABLE AH
+	{0xC560, 0xC560, prH2, gcLo},     //         HANGUL SYLLABLE AE
+	{0xC561, 0xC57B, prH3, gcLo},     //    [27] HANGUL SYLLABLE AEG..HANGUL SYLLABLE AEH
+	{0xC57C, 0xC57C, prH2, gcLo},     //         HANGUL SYLLABLE YA
+	{0xC57D, 0xC597, prH3, gcLo},     //    [27] HANGUL SYLLABLE YAG..HANGUL SYLLABLE YAH
+	{0xC598, 0xC598, prH2, gcLo},     //         HANGUL SYLLABLE YAE
+	{0xC599, 0xC5B3, prH3, gcLo},     //    [27] HANGUL SYLLABLE YAEG..HANGUL SYLLABLE YAEH
+	{0xC5B4, 0xC5B4, prH2, gcLo},     //         HANGUL SYLLABLE EO
+	{0xC5B5, 0xC5CF, prH3, gcLo},     //    [27] HANGUL SYLLABLE EOG..HANGUL SYLLABLE EOH
+	{0xC5D0, 0xC5D0, prH2, gcLo},     //         HANGUL SYLLABLE E
+	{0xC5D1, 0xC5EB, prH3, gcLo},     //    [27] HANGUL SYLLABLE EG..HANGUL SYLLABLE EH
+	{0xC5EC, 0xC5EC, prH2, gcLo},     //         HANGUL SYLLABLE YEO
+	{0xC5ED, 0xC607, prH3, gcLo},     //    [27] HANGUL SYLLABLE YEOG..HANGUL SYLLABLE YEOH
+	{0xC608, 0xC608, prH2, gcLo},     //         HANGUL SYLLABLE YE
+	{0xC609, 0xC623, prH3, gcLo},     //    [27] HANGUL SYLLABLE YEG..HANGUL SYLLABLE YEH
+	{0xC624, 0xC624, prH2, gcLo},     //         HANGUL SYLLABLE O
+	{0xC625, 0xC63F, prH3, gcLo},     //    [27] HANGUL SYLLABLE OG..HANGUL SYLLABLE OH
+	{0xC640, 0xC640, prH2, gcLo},     //         HANGUL SYLLABLE WA
+	{0xC641, 0xC65B, prH3, gcLo},     //    [27] HANGUL SYLLABLE WAG..HANGUL SYLLABLE WAH
+	{0xC65C, 0xC65C, prH2, gcLo},     //         HANGUL SYLLABLE WAE
+	{0xC65D, 0xC677, prH3, gcLo},     //    [27] HANGUL SYLLABLE WAEG..HANGUL SYLLABLE WAEH
+	{0xC678, 0xC678, prH2, gcLo},     //         HANGUL SYLLABLE OE
+	{0xC679, 0xC693, prH3, gcLo},     //    [27] HANGUL SYLLABLE OEG..HANGUL SYLLABLE OEH
+	{0xC694, 0xC694, prH2, gcLo},     //         HANGUL SYLLABLE YO
+	{0xC695, 0xC6AF, prH3, gcLo},     //    [27] HANGUL SYLLABLE YOG..HANGUL SYLLABLE YOH
+	{0xC6B0, 0xC6B0, prH2, gcLo},     //         HANGUL SYLLABLE U
+	{0xC6B1, 0xC6CB, prH3, gcLo},     //    [27] HANGUL SYLLABLE UG..HANGUL SYLLABLE UH
+	{0xC6CC, 0xC6CC, prH2, gcLo},     //         HANGUL SYLLABLE WEO
+	{0xC6CD, 0xC6E7, prH3, gcLo},     //    [27] HANGUL SYLLABLE WEOG..HANGUL SYLLABLE WEOH
+	{0xC6E8, 0xC6E8, prH2, gcLo},     //         HANGUL SYLLABLE WE
+	{0xC6E9, 0xC703, prH3, gcLo},     //    [27] HANGUL SYLLABLE WEG..HANGUL SYLLABLE WEH
+	{0xC704, 0xC704, prH2, gcLo},     //         HANGUL SYLLABLE WI
+	{0xC705, 0xC71F, prH3, gcLo},     //    [27] HANGUL SYLLABLE WIG..HANGUL SYLLABLE WIH
+	{0xC720, 0xC720, prH2, gcLo},     //         HANGUL SYLLABLE YU
+	{0xC721, 0xC73B, prH3, gcLo},     //    [27] HANGUL SYLLABLE YUG..HANGUL SYLLABLE YUH
+	{0xC73C, 0xC73C, prH2, gcLo},     //         HANGUL SYLLABLE EU
+	{0xC73D, 0xC757, prH3, gcLo},     //    [27] HANGUL SYLLABLE EUG..HANGUL SYLLABLE EUH
+	{0xC758, 0xC758, prH2, gcLo},     //         HANGUL SYLLABLE YI
+	{0xC759, 0xC773, prH3, gcLo},     //    [27] HANGUL SYLLABLE YIG..HANGUL SYLLABLE YIH
+	{0xC774, 0xC774, prH2, gcLo},     //         HANGUL SYLLABLE I
+	{0xC775, 0xC78F, prH3, gcLo},     //    [27] HANGUL SYLLABLE IG..HANGUL SYLLABLE IH
+	{0xC790, 0xC790, prH2, gcLo},     //         HANGUL SYLLABLE JA
+	{0xC791, 0xC7AB, prH3, gcLo},     //    [27] HANGUL SYLLABLE JAG..HANGUL SYLLABLE JAH
+	{0xC7AC, 0xC7AC, prH2, gcLo},     //         HANGUL SYLLABLE JAE
+	{0xC7AD, 0xC7C7, prH3, gcLo},     //    [27] HANGUL SYLLABLE JAEG..HANGUL SYLLABLE JAEH
+	{0xC7C8, 0xC7C8, prH2, gcLo},     //         HANGUL SYLLABLE JYA
+	{0xC7C9, 0xC7E3, prH3, gcLo},     //    [27] HANGUL SYLLABLE JYAG..HANGUL SYLLABLE JYAH
+	{0xC7E4, 0xC7E4, prH2, gcLo},     //         HANGUL SYLLABLE JYAE
+	{0xC7E5, 0xC7FF, prH3, gcLo},     //    [27] HANGUL SYLLABLE JYAEG..HANGUL SYLLABLE JYAEH
+	{0xC800, 0xC800, prH2, gcLo},     //         HANGUL SYLLABLE JEO
+	{0xC801, 0xC81B, prH3, gcLo},     //    [27] HANGUL SYLLABLE JEOG..HANGUL SYLLABLE JEOH
+	{0xC81C, 0xC81C, prH2, gcLo},     //         HANGUL SYLLABLE JE
+	{0xC81D, 0xC837, prH3, gcLo},     //    [27] HANGUL SYLLABLE JEG..HANGUL SYLLABLE JEH
+	{0xC838, 0xC838, prH2, gcLo},     //         HANGUL SYLLABLE JYEO
+	{0xC839, 0xC853, prH3, gcLo},     //    [27] HANGUL SYLLABLE JYEOG..HANGUL SYLLABLE JYEOH
+	{0xC854, 0xC854, prH2, gcLo},     //         HANGUL SYLLABLE JYE
+	{0xC855, 0xC86F, prH3, gcLo},     //    [27] HANGUL SYLLABLE JYEG..HANGUL SYLLABLE JYEH
+	{0xC870, 0xC870, prH2, gcLo},     //         HANGUL SYLLABLE JO
+	{0xC871, 0xC88B, prH3, gcLo},     //    [27] HANGUL SYLLABLE JOG..HANGUL SYLLABLE JOH
+	{0xC88C, 0xC88C, prH2, gcLo},     //         HANGUL SYLLABLE JWA
+	{0xC88D, 0xC8A7, prH3, gcLo},     //    [27] HANGUL SYLLABLE JWAG..HANGUL SYLLABLE JWAH
+	{0xC8A8, 0xC8A8, prH2, gcLo},     //         HANGUL SYLLABLE JWAE
+	{0xC8A9, 0xC8C3, prH3, gcLo},     //    [27] HANGUL SYLLABLE JWAEG..HANGUL SYLLABLE JWAEH
+	{0xC8C4, 0xC8C4, prH2, gcLo},     //         HANGUL SYLLABLE JOE
+	{0xC8C5, 0xC8DF, prH3, gcLo},     //    [27] HANGUL SYLLABLE JOEG..HANGUL SYLLABLE JOEH
+	{0xC8E0, 0xC8E0, prH2, gcLo},     //         HANGUL SYLLABLE JYO
+	{0xC8E1, 0xC8FB, prH3, gcLo},     //    [27] HANGUL SYLLABLE JYOG..HANGUL SYLLABLE JYOH
+	{0xC8FC, 0xC8FC, prH2, gcLo},     //         HANGUL SYLLABLE JU
+	{0xC8FD, 0xC917, prH3, gcLo},     //    [27] HANGUL SYLLABLE JUG..HANGUL SYLLABLE JUH
+	{0xC918, 0xC918, prH2, gcLo},     //         HANGUL SYLLABLE JWEO
+	{0xC919, 0xC933, prH3, gcLo},     //    [27] HANGUL SYLLABLE JWEOG..HANGUL SYLLABLE JWEOH
+	{0xC934, 0xC934, prH2, gcLo},     //         HANGUL SYLLABLE JWE
+	{0xC935, 0xC94F, prH3, gcLo},     //    [27] HANGUL SYLLABLE JWEG..HANGUL SYLLABLE JWEH
+	{0xC950, 0xC950, prH2, gcLo},     //         HANGUL SYLLABLE JWI
+	{0xC951, 0xC96B, prH3, gcLo},     //    [27] HANGUL SYLLABLE JWIG..HANGUL SYLLABLE JWIH
+	{0xC96C, 0xC96C, prH2, gcLo},     //         HANGUL SYLLABLE JYU
+	{0xC96D, 0xC987, prH3, gcLo},     //    [27] HANGUL SYLLABLE JYUG..HANGUL SYLLABLE JYUH
+	{0xC988, 0xC988, prH2, gcLo},     //         HANGUL SYLLABLE JEU
+	{0xC989, 0xC9A3, prH3, gcLo},     //    [27] HANGUL SYLLABLE JEUG..HANGUL SYLLABLE JEUH
+	{0xC9A4, 0xC9A4, prH2, gcLo},     //         HANGUL SYLLABLE JYI
+	{0xC9A5, 0xC9BF, prH3, gcLo},     //    [27] HANGUL SYLLABLE JYIG..HANGUL SYLLABLE JYIH
+	{0xC9C0, 0xC9C0, prH2, gcLo},     //         HANGUL SYLLABLE JI
+	{0xC9C1, 0xC9DB, prH3, gcLo},     //    [27] HANGUL SYLLABLE JIG..HANGUL SYLLABLE JIH
+	{0xC9DC, 0xC9DC, prH2, gcLo},     //         HANGUL SYLLABLE JJA
+	{0xC9DD, 0xC9F7, prH3, gcLo},     //    [27] HANGUL SYLLABLE JJAG..HANGUL SYLLABLE JJAH
+	{0xC9F8, 0xC9F8, prH2, gcLo},     //         HANGUL SYLLABLE JJAE
+	{0xC9F9, 0xCA13, prH3, gcLo},     //    [27] HANGUL SYLLABLE JJAEG..HANGUL SYLLABLE JJAEH
+	{0xCA14, 0xCA14, prH2, gcLo},     //         HANGUL SYLLABLE JJYA
+	{0xCA15, 0xCA2F, prH3, gcLo},     //    [27] HANGUL SYLLABLE JJYAG..HANGUL SYLLABLE JJYAH
+	{0xCA30, 0xCA30, prH2, gcLo},     //         HANGUL SYLLABLE JJYAE
+	{0xCA31, 0xCA4B, prH3, gcLo},     //    [27] HANGUL SYLLABLE JJYAEG..HANGUL SYLLABLE JJYAEH
+	{0xCA4C, 0xCA4C, prH2, gcLo},     //         HANGUL SYLLABLE JJEO
+	{0xCA4D, 0xCA67, prH3, gcLo},     //    [27] HANGUL SYLLABLE JJEOG..HANGUL SYLLABLE JJEOH
+	{0xCA68, 0xCA68, prH2, gcLo},     //         HANGUL SYLLABLE JJE
+	{0xCA69, 0xCA83, prH3, gcLo},     //    [27] HANGUL SYLLABLE JJEG..HANGUL SYLLABLE JJEH
+	{0xCA84, 0xCA84, prH2, gcLo},     //         HANGUL SYLLABLE JJYEO
+	{0xCA85, 0xCA9F, prH3, gcLo},     //    [27] HANGUL SYLLABLE JJYEOG..HANGUL SYLLABLE JJYEOH
+	{0xCAA0, 0xCAA0, prH2, gcLo},     //         HANGUL SYLLABLE JJYE
+	{0xCAA1, 0xCABB, prH3, gcLo},     //    [27] HANGUL SYLLABLE JJYEG..HANGUL SYLLABLE JJYEH
+	{0xCABC, 0xCABC, prH2, gcLo},     //         HANGUL SYLLABLE JJO
+	{0xCABD, 0xCAD7, prH3, gcLo},     //    [27] HANGUL SYLLABLE JJOG..HANGUL SYLLABLE JJOH
+	{0xCAD8, 0xCAD8, prH2, gcLo},     //         HANGUL SYLLABLE JJWA
+	{0xCAD9, 0xCAF3, prH3, gcLo},     //    [27] HANGUL SYLLABLE JJWAG..HANGUL SYLLABLE JJWAH
+	{0xCAF4, 0xCAF4, prH2, gcLo},     //         HANGUL SYLLABLE JJWAE
+	{0xCAF5, 0xCB0F, prH3, gcLo},     //    [27] HANGUL SYLLABLE JJWAEG..HANGUL SYLLABLE JJWAEH
+	{0xCB10, 0xCB10, prH2, gcLo},     //         HANGUL SYLLABLE JJOE
+	{0xCB11, 0xCB2B, prH3, gcLo},     //    [27] HANGUL SYLLABLE JJOEG..HANGUL SYLLABLE JJOEH
+	{0xCB2C, 0xCB2C, prH2, gcLo},     //         HANGUL SYLLABLE JJYO
+	{0xCB2D, 0xCB47, prH3, gcLo},     //    [27] HANGUL SYLLABLE JJYOG..HANGUL SYLLABLE JJYOH
+	{0xCB48, 0xCB48, prH2, gcLo},     //         HANGUL SYLLABLE JJU
+	{0xCB49, 0xCB63, prH3, gcLo},     //    [27] HANGUL SYLLABLE JJUG..HANGUL SYLLABLE JJUH
+	{0xCB64, 0xCB64, prH2, gcLo},     //         HANGUL SYLLABLE JJWEO
+	{0xCB65, 0xCB7F, prH3, gcLo},     //    [27] HANGUL SYLLABLE JJWEOG..HANGUL SYLLABLE JJWEOH
+	{0xCB80, 0xCB80, prH2, gcLo},     //         HANGUL SYLLABLE JJWE
+	{0xCB81, 0xCB9B, prH3, gcLo},     //    [27] HANGUL SYLLABLE JJWEG..HANGUL SYLLABLE JJWEH
+	{0xCB9C, 0xCB9C, prH2, gcLo},     //         HANGUL SYLLABLE JJWI
+	{0xCB9D, 0xCBB7, prH3, gcLo},     //    [27] HANGUL SYLLABLE JJWIG..HANGUL SYLLABLE JJWIH
+	{0xCBB8, 0xCBB8, prH2, gcLo},     //         HANGUL SYLLABLE JJYU
+	{0xCBB9, 0xCBD3, prH3, gcLo},     //    [27] HANGUL SYLLABLE JJYUG..HANGUL SYLLABLE JJYUH
+	{0xCBD4, 0xCBD4, prH2, gcLo},     //         HANGUL SYLLABLE JJEU
+	{0xCBD5, 0xCBEF, prH3, gcLo},     //    [27] HANGUL SYLLABLE JJEUG..HANGUL SYLLABLE JJEUH
+	{0xCBF0, 0xCBF0, prH2, gcLo},     //         HANGUL SYLLABLE JJYI
+	{0xCBF1, 0xCC0B, prH3, gcLo},     //    [27] HANGUL SYLLABLE JJYIG..HANGUL SYLLABLE JJYIH
+	{0xCC0C, 0xCC0C, prH2, gcLo},     //         HANGUL SYLLABLE JJI
+	{0xCC0D, 0xCC27, prH3, gcLo},     //    [27] HANGUL SYLLABLE JJIG..HANGUL SYLLABLE JJIH
+	{0xCC28, 0xCC28, prH2, gcLo},     //         HANGUL SYLLABLE CA
+	{0xCC29, 0xCC43, prH3, gcLo},     //    [27] HANGUL SYLLABLE CAG..HANGUL SYLLABLE CAH
+	{0xCC44, 0xCC44, prH2, gcLo},     //         HANGUL SYLLABLE CAE
+	{0xCC45, 0xCC5F, prH3, gcLo},     //    [27] HANGUL SYLLABLE CAEG..HANGUL SYLLABLE CAEH
+	{0xCC60, 0xCC60, prH2, gcLo},     //         HANGUL SYLLABLE CYA
+	{0xCC61, 0xCC7B, prH3, gcLo},     //    [27] HANGUL SYLLABLE CYAG..HANGUL SYLLABLE CYAH
+	{0xCC7C, 0xCC7C, prH2, gcLo},     //         HANGUL SYLLABLE CYAE
+	{0xCC7D, 0xCC97, prH3, gcLo},     //    [27] HANGUL SYLLABLE CYAEG..HANGUL SYLLABLE CYAEH
+	{0xCC98, 0xCC98, prH2, gcLo},     //         HANGUL SYLLABLE CEO
+	{0xCC99, 0xCCB3, prH3, gcLo},     //    [27] HANGUL SYLLABLE CEOG..HANGUL SYLLABLE CEOH
+	{0xCCB4, 0xCCB4, prH2, gcLo},     //         HANGUL SYLLABLE CE
+	{0xCCB5, 0xCCCF, prH3, gcLo},     //    [27] HANGUL SYLLABLE CEG..HANGUL SYLLABLE CEH
+	{0xCCD0, 0xCCD0, prH2, gcLo},     //         HANGUL SYLLABLE CYEO
+	{0xCCD1, 0xCCEB, prH3, gcLo},     //    [27] HANGUL SYLLABLE CYEOG..HANGUL SYLLABLE CYEOH
+	{0xCCEC, 0xCCEC, prH2, gcLo},     //         HANGUL SYLLABLE CYE
+	{0xCCED, 0xCD07, prH3, gcLo},     //    [27] HANGUL SYLLABLE CYEG..HANGUL SYLLABLE CYEH
+	{0xCD08, 0xCD08, prH2, gcLo},     //         HANGUL SYLLABLE CO
+	{0xCD09, 0xCD23, prH3, gcLo},     //    [27] HANGUL SYLLABLE COG..HANGUL SYLLABLE COH
+	{0xCD24, 0xCD24, prH2, gcLo},     //         HANGUL SYLLABLE CWA
+	{0xCD25, 0xCD3F, prH3, gcLo},     //    [27] HANGUL SYLLABLE CWAG..HANGUL SYLLABLE CWAH
+	{0xCD40, 0xCD40, prH2, gcLo},     //         HANGUL SYLLABLE CWAE
+	{0xCD41, 0xCD5B, prH3, gcLo},     //    [27] HANGUL SYLLABLE CWAEG..HANGUL SYLLABLE CWAEH
+	{0xCD5C, 0xCD5C, prH2, gcLo},     //         HANGUL SYLLABLE COE
+	{0xCD5D, 0xCD77, prH3, gcLo},     //    [27] HANGUL SYLLABLE COEG..HANGUL SYLLABLE COEH
+	{0xCD78, 0xCD78, prH2, gcLo},     //         HANGUL SYLLABLE CYO
+	{0xCD79, 0xCD93, prH3, gcLo},     //    [27] HANGUL SYLLABLE CYOG..HANGUL SYLLABLE CYOH
+	{0xCD94, 0xCD94, prH2, gcLo},     //         HANGUL SYLLABLE CU
+	{0xCD95, 0xCDAF, prH3, gcLo},     //    [27] HANGUL SYLLABLE CUG..HANGUL SYLLABLE CUH
+	{0xCDB0, 0xCDB0, prH2, gcLo},     //         HANGUL SYLLABLE CWEO
+	{0xCDB1, 0xCDCB, prH3, gcLo},     //    [27] HANGUL SYLLABLE CWEOG..HANGUL SYLLABLE CWEOH
+	{0xCDCC, 0xCDCC, prH2, gcLo},     //         HANGUL SYLLABLE CWE
+	{0xCDCD, 0xCDE7, prH3, gcLo},     //    [27] HANGUL SYLLABLE CWEG..HANGUL SYLLABLE CWEH
+	{0xCDE8, 0xCDE8, prH2, gcLo},     //         HANGUL SYLLABLE CWI
+	{0xCDE9, 0xCE03, prH3, gcLo},     //    [27] HANGUL SYLLABLE CWIG..HANGUL SYLLABLE CWIH
+	{0xCE04, 0xCE04, prH2, gcLo},     //         HANGUL SYLLABLE CYU
+	{0xCE05, 0xCE1F, prH3, gcLo},     //    [27] HANGUL SYLLABLE CYUG..HANGUL SYLLABLE CYUH
+	{0xCE20, 0xCE20, prH2, gcLo},     //         HANGUL SYLLABLE CEU
+	{0xCE21, 0xCE3B, prH3, gcLo},     //    [27] HANGUL SYLLABLE CEUG..HANGUL SYLLABLE CEUH
+	{0xCE3C, 0xCE3C, prH2, gcLo},     //         HANGUL SYLLABLE CYI
+	{0xCE3D, 0xCE57, prH3, gcLo},     //    [27] HANGUL SYLLABLE CYIG..HANGUL SYLLABLE CYIH
+	{0xCE58, 0xCE58, prH2, gcLo},     //         HANGUL SYLLABLE CI
+	{0xCE59, 0xCE73, prH3, gcLo},     //    [27] HANGUL SYLLABLE CIG..HANGUL SYLLABLE CIH
+	{0xCE74, 0xCE74, prH2, gcLo},     //         HANGUL SYLLABLE KA
+	{0xCE75, 0xCE8F, prH3, gcLo},     //    [27] HANGUL SYLLABLE KAG..HANGUL SYLLABLE KAH
+	{0xCE90, 0xCE90, prH2, gcLo},     //         HANGUL SYLLABLE KAE
+	{0xCE91, 0xCEAB, prH3, gcLo},     //    [27] HANGUL SYLLABLE KAEG..HANGUL SYLLABLE KAEH
+	{0xCEAC, 0xCEAC, prH2, gcLo},     //         HANGUL SYLLABLE KYA
+	{0xCEAD, 0xCEC7, prH3, gcLo},     //    [27] HANGUL SYLLABLE KYAG..HANGUL SYLLABLE KYAH
+	{0xCEC8, 0xCEC8, prH2, gcLo},     //         HANGUL SYLLABLE KYAE
+	{0xCEC9, 0xCEE3, prH3, gcLo},     //    [27] HANGUL SYLLABLE KYAEG..HANGUL SYLLABLE KYAEH
+	{0xCEE4, 0xCEE4, prH2, gcLo},     //         HANGUL SYLLABLE KEO
+	{0xCEE5, 0xCEFF, prH3, gcLo},     //    [27] HANGUL SYLLABLE KEOG..HANGUL SYLLABLE KEOH
+	{0xCF00, 0xCF00, prH2, gcLo},     //         HANGUL SYLLABLE KE
+	{0xCF01, 0xCF1B, prH3, gcLo},     //    [27] HANGUL SYLLABLE KEG..HANGUL SYLLABLE KEH
+	{0xCF1C, 0xCF1C, prH2, gcLo},     //         HANGUL SYLLABLE KYEO
+	{0xCF1D, 0xCF37, prH3, gcLo},     //    [27] HANGUL SYLLABLE KYEOG..HANGUL SYLLABLE KYEOH
+	{0xCF38, 0xCF38, prH2, gcLo},     //         HANGUL SYLLABLE KYE
+	{0xCF39, 0xCF53, prH3, gcLo},     //    [27] HANGUL SYLLABLE KYEG..HANGUL SYLLABLE KYEH
+	{0xCF54, 0xCF54, prH2, gcLo},     //         HANGUL SYLLABLE KO
+	{0xCF55, 0xCF6F, prH3, gcLo},     //    [27] HANGUL SYLLABLE KOG..HANGUL SYLLABLE KOH
+	{0xCF70, 0xCF70, prH2, gcLo},     //         HANGUL SYLLABLE KWA
+	{0xCF71, 0xCF8B, prH3, gcLo},     //    [27] HANGUL SYLLABLE KWAG..HANGUL SYLLABLE KWAH
+	{0xCF8C, 0xCF8C, prH2, gcLo},     //         HANGUL SYLLABLE KWAE
+	{0xCF8D, 0xCFA7, prH3, gcLo},     //    [27] HANGUL SYLLABLE KWAEG..HANGUL SYLLABLE KWAEH
+	{0xCFA8, 0xCFA8, prH2, gcLo},     //         HANGUL SYLLABLE KOE
+	{0xCFA9, 0xCFC3, prH3, gcLo},     //    [27] HANGUL SYLLABLE KOEG..HANGUL SYLLABLE KOEH
+	{0xCFC4, 0xCFC4, prH2, gcLo},     //         HANGUL SYLLABLE KYO
+	{0xCFC5, 0xCFDF, prH3, gcLo},     //    [27] HANGUL SYLLABLE KYOG..HANGUL SYLLABLE KYOH
+	{0xCFE0, 0xCFE0, prH2, gcLo},     //         HANGUL SYLLABLE KU
+	{0xCFE1, 0xCFFB, prH3, gcLo},     //    [27] HANGUL SYLLABLE KUG..HANGUL SYLLABLE KUH
+	{0xCFFC, 0xCFFC, prH2, gcLo},     //         HANGUL SYLLABLE KWEO
+	{0xCFFD, 0xD017, prH3, gcLo},     //    [27] HANGUL SYLLABLE KWEOG..HANGUL SYLLABLE KWEOH
+	{0xD018, 0xD018, prH2, gcLo},     //         HANGUL SYLLABLE KWE
+	{0xD019, 0xD033, prH3, gcLo},     //    [27] HANGUL SYLLABLE KWEG..HANGUL SYLLABLE KWEH
+	{0xD034, 0xD034, prH2, gcLo},     //         HANGUL SYLLABLE KWI
+	{0xD035, 0xD04F, prH3, gcLo},     //    [27] HANGUL SYLLABLE KWIG..HANGUL SYLLABLE KWIH
+	{0xD050, 0xD050, prH2, gcLo},     //         HANGUL SYLLABLE KYU
+	{0xD051, 0xD06B, prH3, gcLo},     //    [27] HANGUL SYLLABLE KYUG..HANGUL SYLLABLE KYUH
+	{0xD06C, 0xD06C, prH2, gcLo},     //         HANGUL SYLLABLE KEU
+	{0xD06D, 0xD087, prH3, gcLo},     //    [27] HANGUL SYLLABLE KEUG..HANGUL SYLLABLE KEUH
+	{0xD088, 0xD088, prH2, gcLo},     //         HANGUL SYLLABLE KYI
+	{0xD089, 0xD0A3, prH3, gcLo},     //    [27] HANGUL SYLLABLE KYIG..HANGUL SYLLABLE KYIH
+	{0xD0A4, 0xD0A4, prH2, gcLo},     //         HANGUL SYLLABLE KI
+	{0xD0A5, 0xD0BF, prH3, gcLo},     //    [27] HANGUL SYLLABLE KIG..HANGUL SYLLABLE KIH
+	{0xD0C0, 0xD0C0, prH2, gcLo},     //         HANGUL SYLLABLE TA
+	{0xD0C1, 0xD0DB, prH3, gcLo},     //    [27] HANGUL SYLLABLE TAG..HANGUL SYLLABLE TAH
+	{0xD0DC, 0xD0DC, prH2, gcLo},     //         HANGUL SYLLABLE TAE
+	{0xD0DD, 0xD0F7, prH3, gcLo},     //    [27] HANGUL SYLLABLE TAEG..HANGUL SYLLABLE TAEH
+	{0xD0F8, 0xD0F8, prH2, gcLo},     //         HANGUL SYLLABLE TYA
+	{0xD0F9, 0xD113, prH3, gcLo},     //    [27] HANGUL SYLLABLE TYAG..HANGUL SYLLABLE TYAH
+	{0xD114, 0xD114, prH2, gcLo},     //         HANGUL SYLLABLE TYAE
+	{0xD115, 0xD12F, prH3, gcLo},     //    [27] HANGUL SYLLABLE TYAEG..HANGUL SYLLABLE TYAEH
+	{0xD130, 0xD130, prH2, gcLo},     //         HANGUL SYLLABLE TEO
+	{0xD131, 0xD14B, prH3, gcLo},     //    [27] HANGUL SYLLABLE TEOG..HANGUL SYLLABLE TEOH
+	{0xD14C, 0xD14C, prH2, gcLo},     //         HANGUL SYLLABLE TE
+	{0xD14D, 0xD167, prH3, gcLo},     //    [27] HANGUL SYLLABLE TEG..HANGUL SYLLABLE TEH
+	{0xD168, 0xD168, prH2, gcLo},     //         HANGUL SYLLABLE TYEO
+	{0xD169, 0xD183, prH3, gcLo},     //    [27] HANGUL SYLLABLE TYEOG..HANGUL SYLLABLE TYEOH
+	{0xD184, 0xD184, prH2, gcLo},     //         HANGUL SYLLABLE TYE
+	{0xD185, 0xD19F, prH3, gcLo},     //    [27] HANGUL SYLLABLE TYEG..HANGUL SYLLABLE TYEH
+	{0xD1A0, 0xD1A0, prH2, gcLo},     //         HANGUL SYLLABLE TO
+	{0xD1A1, 0xD1BB, prH3, gcLo},     //    [27] HANGUL SYLLABLE TOG..HANGUL SYLLABLE TOH
+	{0xD1BC, 0xD1BC, prH2, gcLo},     //         HANGUL SYLLABLE TWA
+	{0xD1BD, 0xD1D7, prH3, gcLo},     //    [27] HANGUL SYLLABLE TWAG..HANGUL SYLLABLE TWAH
+	{0xD1D8, 0xD1D8, prH2, gcLo},     //         HANGUL SYLLABLE TWAE
+	{0xD1D9, 0xD1F3, prH3, gcLo},     //    [27] HANGUL SYLLABLE TWAEG..HANGUL SYLLABLE TWAEH
+	{0xD1F4, 0xD1F4, prH2, gcLo},     //         HANGUL SYLLABLE TOE
+	{0xD1F5, 0xD20F, prH3, gcLo},     //    [27] HANGUL SYLLABLE TOEG..HANGUL SYLLABLE TOEH
+	{0xD210, 0xD210, prH2, gcLo},     //         HANGUL SYLLABLE TYO
+	{0xD211, 0xD22B, prH3, gcLo},     //    [27] HANGUL SYLLABLE TYOG..HANGUL SYLLABLE TYOH
+	{0xD22C, 0xD22C, prH2, gcLo},     //         HANGUL SYLLABLE TU
+	{0xD22D, 0xD247, prH3, gcLo},     //    [27] HANGUL SYLLABLE TUG..HANGUL SYLLABLE TUH
+	{0xD248, 0xD248, prH2, gcLo},     //         HANGUL SYLLABLE TWEO
+	{0xD249, 0xD263, prH3, gcLo},     //    [27] HANGUL SYLLABLE TWEOG..HANGUL SYLLABLE TWEOH
+	{0xD264, 0xD264, prH2, gcLo},     //         HANGUL SYLLABLE TWE
+	{0xD265, 0xD27F, prH3, gcLo},     //    [27] HANGUL SYLLABLE TWEG..HANGUL SYLLABLE TWEH
+	{0xD280, 0xD280, prH2, gcLo},     //         HANGUL SYLLABLE TWI
+	{0xD281, 0xD29B, prH3, gcLo},     //    [27] HANGUL SYLLABLE TWIG..HANGUL SYLLABLE TWIH
+	{0xD29C, 0xD29C, prH2, gcLo},     //         HANGUL SYLLABLE TYU
+	{0xD29D, 0xD2B7, prH3, gcLo},     //    [27] HANGUL SYLLABLE TYUG..HANGUL SYLLABLE TYUH
+	{0xD2B8, 0xD2B8, prH2, gcLo},     //         HANGUL SYLLABLE TEU
+	{0xD2B9, 0xD2D3, prH3, gcLo},     //    [27] HANGUL SYLLABLE TEUG..HANGUL SYLLABLE TEUH
+	{0xD2D4, 0xD2D4, prH2, gcLo},     //         HANGUL SYLLABLE TYI
+	{0xD2D5, 0xD2EF, prH3, gcLo},     //    [27] HANGUL SYLLABLE TYIG..HANGUL SYLLABLE TYIH
+	{0xD2F0, 0xD2F0, prH2, gcLo},     //         HANGUL SYLLABLE TI
+	{0xD2F1, 0xD30B, prH3, gcLo},     //    [27] HANGUL SYLLABLE TIG..HANGUL SYLLABLE TIH
+	{0xD30C, 0xD30C, prH2, gcLo},     //         HANGUL SYLLABLE PA
+	{0xD30D, 0xD327, prH3, gcLo},     //    [27] HANGUL SYLLABLE PAG..HANGUL SYLLABLE PAH
+	{0xD328, 0xD328, prH2, gcLo},     //         HANGUL SYLLABLE PAE
+	{0xD329, 0xD343, prH3, gcLo},     //    [27] HANGUL SYLLABLE PAEG..HANGUL SYLLABLE PAEH
+	{0xD344, 0xD344, prH2, gcLo},     //         HANGUL SYLLABLE PYA
+	{0xD345, 0xD35F, prH3, gcLo},     //    [27] HANGUL SYLLABLE PYAG..HANGUL SYLLABLE PYAH
+	{0xD360, 0xD360, prH2, gcLo},     //         HANGUL SYLLABLE PYAE
+	{0xD361, 0xD37B, prH3, gcLo},     //    [27] HANGUL SYLLABLE PYAEG..HANGUL SYLLABLE PYAEH
+	{0xD37C, 0xD37C, prH2, gcLo},     //         HANGUL SYLLABLE PEO
+	{0xD37D, 0xD397, prH3, gcLo},     //    [27] HANGUL SYLLABLE PEOG..HANGUL SYLLABLE PEOH
+	{0xD398, 0xD398, prH2, gcLo},     //         HANGUL SYLLABLE PE
+	{0xD399, 0xD3B3, prH3, gcLo},     //    [27] HANGUL SYLLABLE PEG..HANGUL SYLLABLE PEH
+	{0xD3B4, 0xD3B4, prH2, gcLo},     //         HANGUL SYLLABLE PYEO
+	{0xD3B5, 0xD3CF, prH3, gcLo},     //    [27] HANGUL SYLLABLE PYEOG..HANGUL SYLLABLE PYEOH
+	{0xD3D0, 0xD3D0, prH2, gcLo},     //         HANGUL SYLLABLE PYE
+	{0xD3D1, 0xD3EB, prH3, gcLo},     //    [27] HANGUL SYLLABLE PYEG..HANGUL SYLLABLE PYEH
+	{0xD3EC, 0xD3EC, prH2, gcLo},     //         HANGUL SYLLABLE PO
+	{0xD3ED, 0xD407, prH3, gcLo},     //    [27] HANGUL SYLLABLE POG..HANGUL SYLLABLE POH
+	{0xD408, 0xD408, prH2, gcLo},     //         HANGUL SYLLABLE PWA
+	{0xD409, 0xD423, prH3, gcLo},     //    [27] HANGUL SYLLABLE PWAG..HANGUL SYLLABLE PWAH
+	{0xD424, 0xD424, prH2, gcLo},     //         HANGUL SYLLABLE PWAE
+	{0xD425, 0xD43F, prH3, gcLo},     //    [27] HANGUL SYLLABLE PWAEG..HANGUL SYLLABLE PWAEH
+	{0xD440, 0xD440, prH2, gcLo},     //         HANGUL SYLLABLE POE
+	{0xD441, 0xD45B, prH3, gcLo},     //    [27] HANGUL SYLLABLE POEG..HANGUL SYLLABLE POEH
+	{0xD45C, 0xD45C, prH2, gcLo},     //         HANGUL SYLLABLE PYO
+	{0xD45D, 0xD477, prH3, gcLo},     //    [27] HANGUL SYLLABLE PYOG..HANGUL SYLLABLE PYOH
+	{0xD478, 0xD478, prH2, gcLo},     //         HANGUL SYLLABLE PU
+	{0xD479, 0xD493, prH3, gcLo},     //    [27] HANGUL SYLLABLE PUG..HANGUL SYLLABLE PUH
+	{0xD494, 0xD494, prH2, gcLo},     //         HANGUL SYLLABLE PWEO
+	{0xD495, 0xD4AF, prH3, gcLo},     //    [27] HANGUL SYLLABLE PWEOG..HANGUL SYLLABLE PWEOH
+	{0xD4B0, 0xD4B0, prH2, gcLo},     //         HANGUL SYLLABLE PWE
+	{0xD4B1, 0xD4CB, prH3, gcLo},     //    [27] HANGUL SYLLABLE PWEG..HANGUL SYLLABLE PWEH
+	{0xD4CC, 0xD4CC, prH2, gcLo},     //         HANGUL SYLLABLE PWI
+	{0xD4CD, 0xD4E7, prH3, gcLo},     //    [27] HANGUL SYLLABLE PWIG..HANGUL SYLLABLE PWIH
+	{0xD4E8, 0xD4E8, prH2, gcLo},     //         HANGUL SYLLABLE PYU
+	{0xD4E9, 0xD503, prH3, gcLo},     //    [27] HANGUL SYLLABLE PYUG..HANGUL SYLLABLE PYUH
+	{0xD504, 0xD504, prH2, gcLo},     //         HANGUL SYLLABLE PEU
+	{0xD505, 0xD51F, prH3, gcLo},     //    [27] HANGUL SYLLABLE PEUG..HANGUL SYLLABLE PEUH
+	{0xD520, 0xD520, prH2, gcLo},     //         HANGUL SYLLABLE PYI
+	{0xD521, 0xD53B, prH3, gcLo},     //    [27] HANGUL SYLLABLE PYIG..HANGUL SYLLABLE PYIH
+	{0xD53C, 0xD53C, prH2, gcLo},     //         HANGUL SYLLABLE PI
+	{0xD53D, 0xD557, prH3, gcLo},     //    [27] HANGUL SYLLABLE PIG..HANGUL SYLLABLE PIH
+	{0xD558, 0xD558, prH2, gcLo},     //         HANGUL SYLLABLE HA
+	{0xD559, 0xD573, prH3, gcLo},     //    [27] HANGUL SYLLABLE HAG..HANGUL SYLLABLE HAH
+	{0xD574, 0xD574, prH2, gcLo},     //         HANGUL SYLLABLE HAE
+	{0xD575, 0xD58F, prH3, gcLo},     //    [27] HANGUL SYLLABLE HAEG..HANGUL SYLLABLE HAEH
+	{0xD590, 0xD590, prH2, gcLo},     //         HANGUL SYLLABLE HYA
+	{0xD591, 0xD5AB, prH3, gcLo},     //    [27] HANGUL SYLLABLE HYAG..HANGUL SYLLABLE HYAH
+	{0xD5AC, 0xD5AC, prH2, gcLo},     //         HANGUL SYLLABLE HYAE
+	{0xD5AD, 0xD5C7, prH3, gcLo},     //    [27] HANGUL SYLLABLE HYAEG..HANGUL SYLLABLE HYAEH
+	{0xD5C8, 0xD5C8, prH2, gcLo},     //         HANGUL SYLLABLE HEO
+	{0xD5C9, 0xD5E3, prH3, gcLo},     //    [27] HANGUL SYLLABLE HEOG..HANGUL SYLLABLE HEOH
+	{0xD5E4, 0xD5E4, prH2, gcLo},     //         HANGUL SYLLABLE HE
+	{0xD5E5, 0xD5FF, prH3, gcLo},     //    [27] HANGUL SYLLABLE HEG..HANGUL SYLLABLE HEH
+	{0xD600, 0xD600, prH2, gcLo},     //         HANGUL SYLLABLE HYEO
+	{0xD601, 0xD61B, prH3, gcLo},     //    [27] HANGUL SYLLABLE HYEOG..HANGUL SYLLABLE HYEOH
+	{0xD61C, 0xD61C, prH2, gcLo},     //         HANGUL SYLLABLE HYE
+	{0xD61D, 0xD637, prH3, gcLo},     //    [27] HANGUL SYLLABLE HYEG..HANGUL SYLLABLE HYEH
+	{0xD638, 0xD638, prH2, gcLo},     //         HANGUL SYLLABLE HO
+	{0xD639, 0xD653, prH3, gcLo},     //    [27] HANGUL SYLLABLE HOG..HANGUL SYLLABLE HOH
+	{0xD654, 0xD654, prH2, gcLo},     //         HANGUL SYLLABLE HWA
+	{0xD655, 0xD66F, prH3, gcLo},     //    [27] HANGUL SYLLABLE HWAG..HANGUL SYLLABLE HWAH
+	{0xD670, 0xD670, prH2, gcLo},     //         HANGUL SYLLABLE HWAE
+	{0xD671, 0xD68B, prH3, gcLo},     //    [27] HANGUL SYLLABLE HWAEG..HANGUL SYLLABLE HWAEH
+	{0xD68C, 0xD68C, prH2, gcLo},     //         HANGUL SYLLABLE HOE
+	{0xD68D, 0xD6A7, prH3, gcLo},     //    [27] HANGUL SYLLABLE HOEG..HANGUL SYLLABLE HOEH
+	{0xD6A8, 0xD6A8, prH2, gcLo},     //         HANGUL SYLLABLE HYO
+	{0xD6A9, 0xD6C3, prH3, gcLo},     //    [27] HANGUL SYLLABLE HYOG..HANGUL SYLLABLE HYOH
+	{0xD6C4, 0xD6C4, prH2, gcLo},     //         HANGUL SYLLABLE HU
+	{0xD6C5, 0xD6DF, prH3, gcLo},     //    [27] HANGUL SYLLABLE HUG..HANGUL SYLLABLE HUH
+	{0xD6E0, 0xD6E0, prH2, gcLo},     //         HANGUL SYLLABLE HWEO
+	{0xD6E1, 0xD6FB, prH3, gcLo},     //    [27] HANGUL SYLLABLE HWEOG..HANGUL SYLLABLE HWEOH
+	{0xD6FC, 0xD6FC, prH2, gcLo},     //         HANGUL SYLLABLE HWE
+	{0xD6FD, 0xD717, prH3, gcLo},     //    [27] HANGUL SYLLABLE HWEG..HANGUL SYLLABLE HWEH
+	{0xD718, 0xD718, prH2, gcLo},     //         HANGUL SYLLABLE HWI
+	{0xD719, 0xD733, prH3, gcLo},     //    [27] HANGUL SYLLABLE HWIG..HANGUL SYLLABLE HWIH
+	{0xD734, 0xD734, prH2, gcLo},     //         HANGUL SYLLABLE HYU
+	{0xD735, 0xD74F, prH3, gcLo},     //    [27] HANGUL SYLLABLE HYUG..HANGUL SYLLABLE HYUH
+	{0xD750, 0xD750, prH2, gcLo},     //         HANGUL SYLLABLE HEU
+	{0xD751, 0xD76B, prH3, gcLo},     //    [27] HANGUL SYLLABLE HEUG..HANGUL SYLLABLE HEUH
+	{0xD76C, 0xD76C, prH2, gcLo},     //         HANGUL SYLLABLE HYI
+	{0xD76D, 0xD787, prH3, gcLo},     //    [27] HANGUL SYLLABLE HYIG..HANGUL SYLLABLE HYIH
+	{0xD788, 0xD788, prH2, gcLo},     //         HANGUL SYLLABLE HI
+	{0xD789, 0xD7A3, prH3, gcLo},     //    [27] HANGUL SYLLABLE HIG..HANGUL SYLLABLE HIH
+	{0xD7B0, 0xD7C6, prJV, gcLo},     //    [23] HANGUL JUNGSEONG O-YEO..HANGUL JUNGSEONG ARAEA-E
+	{0xD7CB, 0xD7FB, prJT, gcLo},     //    [49] HANGUL JONGSEONG NIEUN-RIEUL..HANGUL JONGSEONG PHIEUPH-THIEUTH
+	{0xD800, 0xDB7F, prSG, gcCs},     //   [896] <surrogate-D800>..<surrogate-DB7F>
+	{0xDB80, 0xDBFF, prSG, gcCs},     //   [128] <surrogate-DB80>..<surrogate-DBFF>
+	{0xDC00, 0xDFFF, prSG, gcCs},     //  [1024] <surrogate-DC00>..<surrogate-DFFF>
+	{0xE000, 0xF8FF, prXX, gcCo},     //  [6400] <private-use-E000>..<private-use-F8FF>
+	{0xF900, 0xFA6D, prID, gcLo},     //   [366] CJK COMPATIBILITY IDEOGRAPH-F900..CJK COMPATIBILITY IDEOGRAPH-FA6D
+	{0xFA6E, 0xFA6F, prID, gcCn},     //     [2] <reserved-FA6E>..<reserved-FA6F>
+	{0xFA70, 0xFAD9, prID, gcLo},     //   [106] CJK COMPATIBILITY IDEOGRAPH-FA70..CJK COMPATIBILITY IDEOGRAPH-FAD9
+	{0xFADA, 0xFAFF, prID, gcCn},     //    [38] <reserved-FADA>..<reserved-FAFF>
+	{0xFB00, 0xFB06, prAL, gcLl},     //     [7] LATIN SMALL LIGATURE FF..LATIN SMALL LIGATURE ST
+	{0xFB13, 0xFB17, prAL, gcLl},     //     [5] ARMENIAN SMALL LIGATURE MEN NOW..ARMENIAN SMALL LIGATURE MEN XEH
+	{0xFB1D, 0xFB1D, prHL, gcLo},     //         HEBREW LETTER YOD WITH HIRIQ
+	{0xFB1E, 0xFB1E, prCM, gcMn},     //         HEBREW POINT JUDEO-SPANISH VARIKA
+	{0xFB1F, 0xFB28, prHL, gcLo},     //    [10] HEBREW LIGATURE YIDDISH YOD YOD PATAH..HEBREW LETTER WIDE TAV
+	{0xFB29, 0xFB29, prAL, gcSm},     //         HEBREW LETTER ALTERNATIVE PLUS SIGN
+	{0xFB2A, 0xFB36, prHL, gcLo},     //    [13] HEBREW LETTER SHIN WITH SHIN DOT..HEBREW LETTER ZAYIN WITH DAGESH
+	{0xFB38, 0xFB3C, prHL, gcLo},     //     [5] HEBREW LETTER TET WITH DAGESH..HEBREW LETTER LAMED WITH DAGESH
+	{0xFB3E, 0xFB3E, prHL, gcLo},     //         HEBREW LETTER MEM WITH DAGESH
+	{0xFB40, 0xFB41, prHL, gcLo},     //     [2] HEBREW LETTER NUN WITH DAGESH..HEBREW LETTER SAMEKH WITH DAGESH
+	{0xFB43, 0xFB44, prHL, gcLo},     //     [2] HEBREW LETTER FINAL PE WITH DAGESH..HEBREW LETTER PE WITH DAGESH
+	{0xFB46, 0xFB4F, prHL, gcLo},     //    [10] HEBREW LETTER TSADI WITH DAGESH..HEBREW LIGATURE ALEF LAMED
+	{0xFB50, 0xFBB1, prAL, gcLo},     //    [98] ARABIC LETTER ALEF WASLA ISOLATED FORM..ARABIC LETTER YEH BARREE WITH HAMZA ABOVE FINAL FORM
+	{0xFBB2, 0xFBC2, prAL, gcSk},     //    [17] ARABIC SYMBOL DOT ABOVE..ARABIC SYMBOL WASLA ABOVE
+	{0xFBD3, 0xFD3D, prAL, gcLo},     //   [363] ARABIC LETTER NG ISOLATED FORM..ARABIC LIGATURE ALEF WITH FATHATAN ISOLATED FORM
+	{0xFD3E, 0xFD3E, prCL, gcPe},     //         ORNATE LEFT PARENTHESIS
+	{0xFD3F, 0xFD3F, prOP, gcPs},     //         ORNATE RIGHT PARENTHESIS
+	{0xFD40, 0xFD4F, prAL, gcSo},     //    [16] ARABIC LIGATURE RAHIMAHU ALLAAH..ARABIC LIGATURE RAHIMAHUM ALLAAH
+	{0xFD50, 0xFD8F, prAL, gcLo},     //    [64] ARABIC LIGATURE TEH WITH JEEM WITH MEEM INITIAL FORM..ARABIC LIGATURE MEEM WITH KHAH WITH MEEM INITIAL FORM
+	{0xFD92, 0xFDC7, prAL, gcLo},     //    [54] ARABIC LIGATURE MEEM WITH JEEM WITH KHAH INITIAL FORM..ARABIC LIGATURE NOON WITH JEEM WITH YEH FINAL FORM
+	{0xFDCF, 0xFDCF, prAL, gcSo},     //         ARABIC LIGATURE SALAAMUHU ALAYNAA
+	{0xFDF0, 0xFDFB, prAL, gcLo},     //    [12] ARABIC LIGATURE SALLA USED AS KORANIC STOP SIGN ISOLATED FORM..ARABIC LIGATURE JALLAJALALOUHOU
+	{0xFDFC, 0xFDFC, prPO, gcSc},     //         RIAL SIGN
+	{0xFDFD, 0xFDFF, prAL, gcSo},     //     [3] ARABIC LIGATURE BISMILLAH AR-RAHMAN AR-RAHEEM..ARABIC LIGATURE AZZA WA JALL
+	{0xFE00, 0xFE0F, prCM, gcMn},     //    [16] VARIATION SELECTOR-1..VARIATION SELECTOR-16
+	{0xFE10, 0xFE10, prIS, gcPo},     //         PRESENTATION FORM FOR VERTICAL COMMA
+	{0xFE11, 0xFE12, prCL, gcPo},     //     [2] PRESENTATION FORM FOR VERTICAL IDEOGRAPHIC COMMA..PRESENTATION FORM FOR VERTICAL IDEOGRAPHIC FULL STOP
+	{0xFE13, 0xFE14, prIS, gcPo},     //     [2] PRESENTATION FORM FOR VERTICAL COLON..PRESENTATION FORM FOR VERTICAL SEMICOLON
+	{0xFE15, 0xFE16, prEX, gcPo},     //     [2] PRESENTATION FORM FOR VERTICAL EXCLAMATION MARK..PRESENTATION FORM FOR VERTICAL QUESTION MARK
+	{0xFE17, 0xFE17, prOP, gcPs},     //         PRESENTATION FORM FOR VERTICAL LEFT WHITE LENTICULAR BRACKET
+	{0xFE18, 0xFE18, prCL, gcPe},     //         PRESENTATION FORM FOR VERTICAL RIGHT WHITE LENTICULAR BRAKCET
+	{0xFE19, 0xFE19, prIN, gcPo},     //         PRESENTATION FORM FOR VERTICAL HORIZONTAL ELLIPSIS
+	{0xFE20, 0xFE2F, prCM, gcMn},     //    [16] COMBINING LIGATURE LEFT HALF..COMBINING CYRILLIC TITLO RIGHT HALF
+	{0xFE30, 0xFE30, prID, gcPo},     //         PRESENTATION FORM FOR VERTICAL TWO DOT LEADER
+	{0xFE31, 0xFE32, prID, gcPd},     //     [2] PRESENTATION FORM FOR VERTICAL EM DASH..PRESENTATION FORM FOR VERTICAL EN DASH
+	{0xFE33, 0xFE34, prID, gcPc},     //     [2] PRESENTATION FORM FOR VERTICAL LOW LINE..PRESENTATION FORM FOR VERTICAL WAVY LOW LINE
+	{0xFE35, 0xFE35, prOP, gcPs},     //         PRESENTATION FORM FOR VERTICAL LEFT PARENTHESIS
+	{0xFE36, 0xFE36, prCL, gcPe},     //         PRESENTATION FORM FOR VERTICAL RIGHT PARENTHESIS
+	{0xFE37, 0xFE37, prOP, gcPs},     //         PRESENTATION FORM FOR VERTICAL LEFT CURLY BRACKET
+	{0xFE38, 0xFE38, prCL, gcPe},     //         PRESENTATION FORM FOR VERTICAL RIGHT CURLY BRACKET
+	{0xFE39, 0xFE39, prOP, gcPs},     //         PRESENTATION FORM FOR VERTICAL LEFT TORTOISE SHELL BRACKET
+	{0xFE3A, 0xFE3A, prCL, gcPe},     //         PRESENTATION FORM FOR VERTICAL RIGHT TORTOISE SHELL BRACKET
+	{0xFE3B, 0xFE3B, prOP, gcPs},     //         PRESENTATION FORM FOR VERTICAL LEFT BLACK LENTICULAR BRACKET
+	{0xFE3C, 0xFE3C, prCL, gcPe},     //         PRESENTATION FORM FOR VERTICAL RIGHT BLACK LENTICULAR BRACKET
+	{0xFE3D, 0xFE3D, prOP, gcPs},     //         PRESENTATION FORM FOR VERTICAL LEFT DOUBLE ANGLE BRACKET
+	{0xFE3E, 0xFE3E, prCL, gcPe},     //         PRESENTATION FORM FOR VERTICAL RIGHT DOUBLE ANGLE BRACKET
+	{0xFE3F, 0xFE3F, prOP, gcPs},     //         PRESENTATION FORM FOR VERTICAL LEFT ANGLE BRACKET
+	{0xFE40, 0xFE40, prCL, gcPe},     //         PRESENTATION FORM FOR VERTICAL RIGHT ANGLE BRACKET
+	{0xFE41, 0xFE41, prOP, gcPs},     //         PRESENTATION FORM FOR VERTICAL LEFT CORNER BRACKET
+	{0xFE42, 0xFE42, prCL, gcPe},     //         PRESENTATION FORM FOR VERTICAL RIGHT CORNER BRACKET
+	{0xFE43, 0xFE43, prOP, gcPs},     //         PRESENTATION FORM FOR VERTICAL LEFT WHITE CORNER BRACKET
+	{0xFE44, 0xFE44, prCL, gcPe},     //         PRESENTATION FORM FOR VERTICAL RIGHT WHITE CORNER BRACKET
+	{0xFE45, 0xFE46, prID, gcPo},     //     [2] SESAME DOT..WHITE SESAME DOT
+	{0xFE47, 0xFE47, prOP, gcPs},     //         PRESENTATION FORM FOR VERTICAL LEFT SQUARE BRACKET
+	{0xFE48, 0xFE48, prCL, gcPe},     //         PRESENTATION FORM FOR VERTICAL RIGHT SQUARE BRACKET
+	{0xFE49, 0xFE4C, prID, gcPo},     //     [4] DASHED OVERLINE..DOUBLE WAVY OVERLINE
+	{0xFE4D, 0xFE4F, prID, gcPc},     //     [3] DASHED LOW LINE..WAVY LOW LINE
+	{0xFE50, 0xFE50, prCL, gcPo},     //         SMALL COMMA
+	{0xFE51, 0xFE51, prID, gcPo},     //         SMALL IDEOGRAPHIC COMMA
+	{0xFE52, 0xFE52, prCL, gcPo},     //         SMALL FULL STOP
+	{0xFE54, 0xFE55, prNS, gcPo},     //     [2] SMALL SEMICOLON..SMALL COLON
+	{0xFE56, 0xFE57, prEX, gcPo},     //     [2] SMALL QUESTION MARK..SMALL EXCLAMATION MARK
+	{0xFE58, 0xFE58, prID, gcPd},     //         SMALL EM DASH
+	{0xFE59, 0xFE59, prOP, gcPs},     //         SMALL LEFT PARENTHESIS
+	{0xFE5A, 0xFE5A, prCL, gcPe},     //         SMALL RIGHT PARENTHESIS
+	{0xFE5B, 0xFE5B, prOP, gcPs},     //         SMALL LEFT CURLY BRACKET
+	{0xFE5C, 0xFE5C, prCL, gcPe},     //         SMALL RIGHT CURLY BRACKET
+	{0xFE5D, 0xFE5D, prOP, gcPs},     //         SMALL LEFT TORTOISE SHELL BRACKET
+	{0xFE5E, 0xFE5E, prCL, gcPe},     //         SMALL RIGHT TORTOISE SHELL BRACKET
+	{0xFE5F, 0xFE61, prID, gcPo},     //     [3] SMALL NUMBER SIGN..SMALL ASTERISK
+	{0xFE62, 0xFE62, prID, gcSm},     //         SMALL PLUS SIGN
+	{0xFE63, 0xFE63, prID, gcPd},     //         SMALL HYPHEN-MINUS
+	{0xFE64, 0xFE66, prID, gcSm},     //     [3] SMALL LESS-THAN SIGN..SMALL EQUALS SIGN
+	{0xFE68, 0xFE68, prID, gcPo},     //         SMALL REVERSE SOLIDUS
+	{0xFE69, 0xFE69, prPR, gcSc},     //         SMALL DOLLAR SIGN
+	{0xFE6A, 0xFE6A, prPO, gcPo},     //         SMALL PERCENT SIGN
+	{0xFE6B, 0xFE6B, prID, gcPo},     //         SMALL COMMERCIAL AT
+	{0xFE70, 0xFE74, prAL, gcLo},     //     [5] ARABIC FATHATAN ISOLATED FORM..ARABIC KASRATAN ISOLATED FORM
+	{0xFE76, 0xFEFC, prAL, gcLo},     //   [135] ARABIC FATHA ISOLATED FORM..ARABIC LIGATURE LAM WITH ALEF FINAL FORM
+	{0xFEFF, 0xFEFF, prWJ, gcCf},     //         ZERO WIDTH NO-BREAK SPACE
+	{0xFF01, 0xFF01, prEX, gcPo},     //         FULLWIDTH EXCLAMATION MARK
+	{0xFF02, 0xFF03, prID, gcPo},     //     [2] FULLWIDTH QUOTATION MARK..FULLWIDTH NUMBER SIGN
+	{0xFF04, 0xFF04, prPR, gcSc},     //         FULLWIDTH DOLLAR SIGN
+	{0xFF05, 0xFF05, prPO, gcPo},     //         FULLWIDTH PERCENT SIGN
+	{0xFF06, 0xFF07, prID, gcPo},     //     [2] FULLWIDTH AMPERSAND..FULLWIDTH APOSTROPHE
+	{0xFF08, 0xFF08, prOP, gcPs},     //         FULLWIDTH LEFT PARENTHESIS
+	{0xFF09, 0xFF09, prCL, gcPe},     //         FULLWIDTH RIGHT PARENTHESIS
+	{0xFF0A, 0xFF0A, prID, gcPo},     //         FULLWIDTH ASTERISK
+	{0xFF0B, 0xFF0B, prID, gcSm},     //         FULLWIDTH PLUS SIGN
+	{0xFF0C, 0xFF0C, prCL, gcPo},     //         FULLWIDTH COMMA
+	{0xFF0D, 0xFF0D, prID, gcPd},     //         FULLWIDTH HYPHEN-MINUS
+	{0xFF0E, 0xFF0E, prCL, gcPo},     //         FULLWIDTH FULL STOP
+	{0xFF0F, 0xFF0F, prID, gcPo},     //         FULLWIDTH SOLIDUS
+	{0xFF10, 0xFF19, prID, gcNd},     //    [10] FULLWIDTH DIGIT ZERO..FULLWIDTH DIGIT NINE
+	{0xFF1A, 0xFF1B, prNS, gcPo},     //     [2] FULLWIDTH COLON..FULLWIDTH SEMICOLON
+	{0xFF1C, 0xFF1E, prID, gcSm},     //     [3] FULLWIDTH LESS-THAN SIGN..FULLWIDTH GREATER-THAN SIGN
+	{0xFF1F, 0xFF1F, prEX, gcPo},     //         FULLWIDTH QUESTION MARK
+	{0xFF20, 0xFF20, prID, gcPo},     //         FULLWIDTH COMMERCIAL AT
+	{0xFF21, 0xFF3A, prID, gcLu},     //    [26] FULLWIDTH LATIN CAPITAL LETTER A..FULLWIDTH LATIN CAPITAL LETTER Z
+	{0xFF3B, 0xFF3B, prOP, gcPs},     //         FULLWIDTH LEFT SQUARE BRACKET
+	{0xFF3C, 0xFF3C, prID, gcPo},     //         FULLWIDTH REVERSE SOLIDUS
+	{0xFF3D, 0xFF3D, prCL, gcPe},     //         FULLWIDTH RIGHT SQUARE BRACKET
+	{0xFF3E, 0xFF3E, prID, gcSk},     //         FULLWIDTH CIRCUMFLEX ACCENT
+	{0xFF3F, 0xFF3F, prID, gcPc},     //         FULLWIDTH LOW LINE
+	{0xFF40, 0xFF40, prID, gcSk},     //         FULLWIDTH GRAVE ACCENT
+	{0xFF41, 0xFF5A, prID, gcLl},     //    [26] FULLWIDTH LATIN SMALL LETTER A..FULLWIDTH LATIN SMALL LETTER Z
+	{0xFF5B, 0xFF5B, prOP, gcPs},     //         FULLWIDTH LEFT CURLY BRACKET
+	{0xFF5C, 0xFF5C, prID, gcSm},     //         FULLWIDTH VERTICAL LINE
+	{0xFF5D, 0xFF5D, prCL, gcPe},     //         FULLWIDTH RIGHT CURLY BRACKET
+	{0xFF5E, 0xFF5E, prID, gcSm},     //         FULLWIDTH TILDE
+	{0xFF5F, 0xFF5F, prOP, gcPs},     //         FULLWIDTH LEFT WHITE PARENTHESIS
+	{0xFF60, 0xFF60, prCL, gcPe},     //         FULLWIDTH RIGHT WHITE PARENTHESIS
+	{0xFF61, 0xFF61, prCL, gcPo},     //         HALFWIDTH IDEOGRAPHIC FULL STOP
+	{0xFF62, 0xFF62, prOP, gcPs},     //         HALFWIDTH LEFT CORNER BRACKET
+	{0xFF63, 0xFF63, prCL, gcPe},     //         HALFWIDTH RIGHT CORNER BRACKET
+	{0xFF64, 0xFF64, prCL, gcPo},     //         HALFWIDTH IDEOGRAPHIC COMMA
+	{0xFF65, 0xFF65, prNS, gcPo},     //         HALFWIDTH KATAKANA MIDDLE DOT
+	{0xFF66, 0xFF66, prID, gcLo},     //         HALFWIDTH KATAKANA LETTER WO
+	{0xFF67, 0xFF6F, prCJ, gcLo},     //     [9] HALFWIDTH KATAKANA LETTER SMALL A..HALFWIDTH KATAKANA LETTER SMALL TU
+	{0xFF70, 0xFF70, prCJ, gcLm},     //         HALFWIDTH KATAKANA-HIRAGANA PROLONGED SOUND MARK
+	{0xFF71, 0xFF9D, prID, gcLo},     //    [45] HALFWIDTH KATAKANA LETTER A..HALFWIDTH KATAKANA LETTER N
+	{0xFF9E, 0xFF9F, prNS, gcLm},     //     [2] HALFWIDTH KATAKANA VOICED SOUND MARK..HALFWIDTH KATAKANA SEMI-VOICED SOUND MARK
+	{0xFFA0, 0xFFBE, prID, gcLo},     //    [31] HALFWIDTH HANGUL FILLER..HALFWIDTH HANGUL LETTER HIEUH
+	{0xFFC2, 0xFFC7, prID, gcLo},     //     [6] HALFWIDTH HANGUL LETTER A..HALFWIDTH HANGUL LETTER E
+	{0xFFCA, 0xFFCF, prID, gcLo},     //     [6] HALFWIDTH HANGUL LETTER YEO..HALFWIDTH HANGUL LETTER OE
+	{0xFFD2, 0xFFD7, prID, gcLo},     //     [6] HALFWIDTH HANGUL LETTER YO..HALFWIDTH HANGUL LETTER YU
+	{0xFFDA, 0xFFDC, prID, gcLo},     //     [3] HALFWIDTH HANGUL LETTER EU..HALFWIDTH HANGUL LETTER I
+	{0xFFE0, 0xFFE0, prPO, gcSc},     //         FULLWIDTH CENT SIGN
+	{0xFFE1, 0xFFE1, prPR, gcSc},     //         FULLWIDTH POUND SIGN
+	{0xFFE2, 0xFFE2, prID, gcSm},     //         FULLWIDTH NOT SIGN
+	{0xFFE3, 0xFFE3, prID, gcSk},     //         FULLWIDTH MACRON
+	{0xFFE4, 0xFFE4, prID, gcSo},     //         FULLWIDTH BROKEN BAR
+	{0xFFE5, 0xFFE6, prPR, gcSc},     //     [2] FULLWIDTH YEN SIGN..FULLWIDTH WON SIGN
+	{0xFFE8, 0xFFE8, prAL, gcSo},     //         HALFWIDTH FORMS LIGHT VERTICAL
+	{0xFFE9, 0xFFEC, prAL, gcSm},     //     [4] HALFWIDTH LEFTWARDS ARROW..HALFWIDTH DOWNWARDS ARROW
+	{0xFFED, 0xFFEE, prAL, gcSo},     //     [2] HALFWIDTH BLACK SQUARE..HALFWIDTH WHITE CIRCLE
+	{0xFFF9, 0xFFFB, prCM, gcCf},     //     [3] INTERLINEAR ANNOTATION ANCHOR..INTERLINEAR ANNOTATION TERMINATOR
+	{0xFFFC, 0xFFFC, prCB, gcSo},     //         OBJECT REPLACEMENT CHARACTER
+	{0xFFFD, 0xFFFD, prAI, gcSo},     //         REPLACEMENT CHARACTER
+	{0x10000, 0x1000B, prAL, gcLo},   //    [12] LINEAR B SYLLABLE B008 A..LINEAR B SYLLABLE B046 JE
+	{0x1000D, 0x10026, prAL, gcLo},   //    [26] LINEAR B SYLLABLE B036 JO..LINEAR B SYLLABLE B032 QO
+	{0x10028, 0x1003A, prAL, gcLo},   //    [19] LINEAR B SYLLABLE B060 RA..LINEAR B SYLLABLE B042 WO
+	{0x1003C, 0x1003D, prAL, gcLo},   //     [2] LINEAR B SYLLABLE B017 ZA..LINEAR B SYLLABLE B074 ZE
+	{0x1003F, 0x1004D, prAL, gcLo},   //    [15] LINEAR B SYLLABLE B020 ZO..LINEAR B SYLLABLE B091 TWO
+	{0x10050, 0x1005D, prAL, gcLo},   //    [14] LINEAR B SYMBOL B018..LINEAR B SYMBOL B089
+	{0x10080, 0x100FA, prAL, gcLo},   //   [123] LINEAR B IDEOGRAM B100 MAN..LINEAR B IDEOGRAM VESSEL B305
+	{0x10100, 0x10102, prBA, gcPo},   //     [3] AEGEAN WORD SEPARATOR LINE..AEGEAN CHECK MARK
+	{0x10107, 0x10133, prAL, gcNo},   //    [45] AEGEAN NUMBER ONE..AEGEAN NUMBER NINETY THOUSAND
+	{0x10137, 0x1013F, prAL, gcSo},   //     [9] AEGEAN WEIGHT BASE UNIT..AEGEAN MEASURE THIRD SUBUNIT
+	{0x10140, 0x10174, prAL, gcNl},   //    [53] GREEK ACROPHONIC ATTIC ONE QUARTER..GREEK ACROPHONIC STRATIAN FIFTY MNAS
+	{0x10175, 0x10178, prAL, gcNo},   //     [4] GREEK ONE HALF SIGN..GREEK THREE QUARTERS SIGN
+	{0x10179, 0x10189, prAL, gcSo},   //    [17] GREEK YEAR SIGN..GREEK TRYBLION BASE SIGN
+	{0x1018A, 0x1018B, prAL, gcNo},   //     [2] GREEK ZERO SIGN..GREEK ONE QUARTER SIGN
+	{0x1018C, 0x1018E, prAL, gcSo},   //     [3] GREEK SINUSOID SIGN..NOMISMA SIGN
+	{0x10190, 0x1019C, prAL, gcSo},   //    [13] ROMAN SEXTANS SIGN..ASCIA SYMBOL
+	{0x101A0, 0x101A0, prAL, gcSo},   //         GREEK SYMBOL TAU RHO
+	{0x101D0, 0x101FC, prAL, gcSo},   //    [45] PHAISTOS DISC SIGN PEDESTRIAN..PHAISTOS DISC SIGN WAVY BAND
+	{0x101FD, 0x101FD, prCM, gcMn},   //         PHAISTOS DISC SIGN COMBINING OBLIQUE STROKE
+	{0x10280, 0x1029C, prAL, gcLo},   //    [29] LYCIAN LETTER A..LYCIAN LETTER X
+	{0x102A0, 0x102D0, prAL, gcLo},   //    [49] CARIAN LETTER A..CARIAN LETTER UUU3
+	{0x102E0, 0x102E0, prCM, gcMn},   //         COPTIC EPACT THOUSANDS MARK
+	{0x102E1, 0x102FB, prAL, gcNo},   //    [27] COPTIC EPACT DIGIT ONE..COPTIC EPACT NUMBER NINE HUNDRED
+	{0x10300, 0x1031F, prAL, gcLo},   //    [32] OLD ITALIC LETTER A..OLD ITALIC LETTER ESS
+	{0x10320, 0x10323, prAL, gcNo},   //     [4] OLD ITALIC NUMERAL ONE..OLD ITALIC NUMERAL FIFTY
+	{0x1032D, 0x1032F, prAL, gcLo},   //     [3] OLD ITALIC LETTER YE..OLD ITALIC LETTER SOUTHERN TSE
+	{0x10330, 0x10340, prAL, gcLo},   //    [17] GOTHIC LETTER AHSA..GOTHIC LETTER PAIRTHRA
+	{0x10341, 0x10341, prAL, gcNl},   //         GOTHIC LETTER NINETY
+	{0x10342, 0x10349, prAL, gcLo},   //     [8] GOTHIC LETTER RAIDA..GOTHIC LETTER OTHAL
+	{0x1034A, 0x1034A, prAL, gcNl},   //         GOTHIC LETTER NINE HUNDRED
+	{0x10350, 0x10375, prAL, gcLo},   //    [38] OLD PERMIC LETTER AN..OLD PERMIC LETTER IA
+	{0x10376, 0x1037A, prCM, gcMn},   //     [5] COMBINING OLD PERMIC LETTER AN..COMBINING OLD PERMIC LETTER SII
+	{0x10380, 0x1039D, prAL, gcLo},   //    [30] UGARITIC LETTER ALPA..UGARITIC LETTER SSU
+	{0x1039F, 0x1039F, prBA, gcPo},   //         UGARITIC WORD DIVIDER
+	{0x103A0, 0x103C3, prAL, gcLo},   //    [36] OLD PERSIAN SIGN A..OLD PERSIAN SIGN HA
+	{0x103C8, 0x103CF, prAL, gcLo},   //     [8] OLD PERSIAN SIGN AURAMAZDAA..OLD PERSIAN SIGN BUUMISH
+	{0x103D0, 0x103D0, prBA, gcPo},   //         OLD PERSIAN WORD DIVIDER
+	{0x103D1, 0x103D5, prAL, gcNl},   //     [5] OLD PERSIAN NUMBER ONE..OLD PERSIAN NUMBER HUNDRED
+	{0x10400, 0x1044F, prAL, gcLC},   //    [80] DESERET CAPITAL LETTER LONG I..DESERET SMALL LETTER EW
+	{0x10450, 0x1047F, prAL, gcLo},   //    [48] SHAVIAN LETTER PEEP..SHAVIAN LETTER YEW
+	{0x10480, 0x1049D, prAL, gcLo},   //    [30] OSMANYA LETTER ALEF..OSMANYA LETTER OO
+	{0x104A0, 0x104A9, prNU, gcNd},   //    [10] OSMANYA DIGIT ZERO..OSMANYA DIGIT NINE
+	{0x104B0, 0x104D3, prAL, gcLu},   //    [36] OSAGE CAPITAL LETTER A..OSAGE CAPITAL LETTER ZHA
+	{0x104D8, 0x104FB, prAL, gcLl},   //    [36] OSAGE SMALL LETTER A..OSAGE SMALL LETTER ZHA
+	{0x10500, 0x10527, prAL, gcLo},   //    [40] ELBASAN LETTER A..ELBASAN LETTER KHE
+	{0x10530, 0x10563, prAL, gcLo},   //    [52] CAUCASIAN ALBANIAN LETTER ALT..CAUCASIAN ALBANIAN LETTER KIW
+	{0x1056F, 0x1056F, prAL, gcPo},   //         CAUCASIAN ALBANIAN CITATION MARK
+	{0x10570, 0x1057A, prAL, gcLu},   //    [11] VITHKUQI CAPITAL LETTER A..VITHKUQI CAPITAL LETTER GA
+	{0x1057C, 0x1058A, prAL, gcLu},   //    [15] VITHKUQI CAPITAL LETTER HA..VITHKUQI CAPITAL LETTER RE
+	{0x1058C, 0x10592, prAL, gcLu},   //     [7] VITHKUQI CAPITAL LETTER SE..VITHKUQI CAPITAL LETTER XE
+	{0x10594, 0x10595, prAL, gcLu},   //     [2] VITHKUQI CAPITAL LETTER Y..VITHKUQI CAPITAL LETTER ZE
+	{0x10597, 0x105A1, prAL, gcLl},   //    [11] VITHKUQI SMALL LETTER A..VITHKUQI SMALL LETTER GA
+	{0x105A3, 0x105B1, prAL, gcLl},   //    [15] VITHKUQI SMALL LETTER HA..VITHKUQI SMALL LETTER RE
+	{0x105B3, 0x105B9, prAL, gcLl},   //     [7] VITHKUQI SMALL LETTER SE..VITHKUQI SMALL LETTER XE
+	{0x105BB, 0x105BC, prAL, gcLl},   //     [2] VITHKUQI SMALL LETTER Y..VITHKUQI SMALL LETTER ZE
+	{0x10600, 0x10736, prAL, gcLo},   //   [311] LINEAR A SIGN AB001..LINEAR A SIGN A664
+	{0x10740, 0x10755, prAL, gcLo},   //    [22] LINEAR A SIGN A701 A..LINEAR A SIGN A732 JE
+	{0x10760, 0x10767, prAL, gcLo},   //     [8] LINEAR A SIGN A800..LINEAR A SIGN A807
+	{0x10780, 0x10785, prAL, gcLm},   //     [6] MODIFIER LETTER SMALL CAPITAL AA..MODIFIER LETTER SMALL B WITH HOOK
+	{0x10787, 0x107B0, prAL, gcLm},   //    [42] MODIFIER LETTER SMALL DZ DIGRAPH..MODIFIER LETTER SMALL V WITH RIGHT HOOK
+	{0x107B2, 0x107BA, prAL, gcLm},   //     [9] MODIFIER LETTER SMALL CAPITAL Y..MODIFIER LETTER SMALL S WITH CURL
+	{0x10800, 0x10805, prAL, gcLo},   //     [6] CYPRIOT SYLLABLE A..CYPRIOT SYLLABLE JA
+	{0x10808, 0x10808, prAL, gcLo},   //         CYPRIOT SYLLABLE JO
+	{0x1080A, 0x10835, prAL, gcLo},   //    [44] CYPRIOT SYLLABLE KA..CYPRIOT SYLLABLE WO
+	{0x10837, 0x10838, prAL, gcLo},   //     [2] CYPRIOT SYLLABLE XA..CYPRIOT SYLLABLE XE
+	{0x1083C, 0x1083C, prAL, gcLo},   //         CYPRIOT SYLLABLE ZA
+	{0x1083F, 0x1083F, prAL, gcLo},   //         CYPRIOT SYLLABLE ZO
+	{0x10840, 0x10855, prAL, gcLo},   //    [22] IMPERIAL ARAMAIC LETTER ALEPH..IMPERIAL ARAMAIC LETTER TAW
+	{0x10857, 0x10857, prBA, gcPo},   //         IMPERIAL ARAMAIC SECTION SIGN
+	{0x10858, 0x1085F, prAL, gcNo},   //     [8] IMPERIAL ARAMAIC NUMBER ONE..IMPERIAL ARAMAIC NUMBER TEN THOUSAND
+	{0x10860, 0x10876, prAL, gcLo},   //    [23] PALMYRENE LETTER ALEPH..PALMYRENE LETTER TAW
+	{0x10877, 0x10878, prAL, gcSo},   //     [2] PALMYRENE LEFT-POINTING FLEURON..PALMYRENE RIGHT-POINTING FLEURON
+	{0x10879, 0x1087F, prAL, gcNo},   //     [7] PALMYRENE NUMBER ONE..PALMYRENE NUMBER TWENTY
+	{0x10880, 0x1089E, prAL, gcLo},   //    [31] NABATAEAN LETTER FINAL ALEPH..NABATAEAN LETTER TAW
+	{0x108A7, 0x108AF, prAL, gcNo},   //     [9] NABATAEAN NUMBER ONE..NABATAEAN NUMBER ONE HUNDRED
+	{0x108E0, 0x108F2, prAL, gcLo},   //    [19] HATRAN LETTER ALEPH..HATRAN LETTER QOPH
+	{0x108F4, 0x108F5, prAL, gcLo},   //     [2] HATRAN LETTER SHIN..HATRAN LETTER TAW
+	{0x108FB, 0x108FF, prAL, gcNo},   //     [5] HATRAN NUMBER ONE..HATRAN NUMBER ONE HUNDRED
+	{0x10900, 0x10915, prAL, gcLo},   //    [22] PHOENICIAN LETTER ALF..PHOENICIAN LETTER TAU
+	{0x10916, 0x1091B, prAL, gcNo},   //     [6] PHOENICIAN NUMBER ONE..PHOENICIAN NUMBER THREE
+	{0x1091F, 0x1091F, prBA, gcPo},   //         PHOENICIAN WORD SEPARATOR
+	{0x10920, 0x10939, prAL, gcLo},   //    [26] LYDIAN LETTER A..LYDIAN LETTER C
+	{0x1093F, 0x1093F, prAL, gcPo},   //         LYDIAN TRIANGULAR MARK
+	{0x10980, 0x1099F, prAL, gcLo},   //    [32] MEROITIC HIEROGLYPHIC LETTER A..MEROITIC HIEROGLYPHIC SYMBOL VIDJ-2
+	{0x109A0, 0x109B7, prAL, gcLo},   //    [24] MEROITIC CURSIVE LETTER A..MEROITIC CURSIVE LETTER DA
+	{0x109BC, 0x109BD, prAL, gcNo},   //     [2] MEROITIC CURSIVE FRACTION ELEVEN TWELFTHS..MEROITIC CURSIVE FRACTION ONE HALF
+	{0x109BE, 0x109BF, prAL, gcLo},   //     [2] MEROITIC CURSIVE LOGOGRAM RMT..MEROITIC CURSIVE LOGOGRAM IMN
+	{0x109C0, 0x109CF, prAL, gcNo},   //    [16] MEROITIC CURSIVE NUMBER ONE..MEROITIC CURSIVE NUMBER SEVENTY
+	{0x109D2, 0x109FF, prAL, gcNo},   //    [46] MEROITIC CURSIVE NUMBER ONE HUNDRED..MEROITIC CURSIVE FRACTION TEN TWELFTHS
+	{0x10A00, 0x10A00, prAL, gcLo},   //         KHAROSHTHI LETTER A
+	{0x10A01, 0x10A03, prCM, gcMn},   //     [3] KHAROSHTHI VOWEL SIGN I..KHAROSHTHI VOWEL SIGN VOCALIC R
+	{0x10A05, 0x10A06, prCM, gcMn},   //     [2] KHAROSHTHI VOWEL SIGN E..KHAROSHTHI VOWEL SIGN O
+	{0x10A0C, 0x10A0F, prCM, gcMn},   //     [4] KHAROSHTHI VOWEL LENGTH MARK..KHAROSHTHI SIGN VISARGA
+	{0x10A10, 0x10A13, prAL, gcLo},   //     [4] KHAROSHTHI LETTER KA..KHAROSHTHI LETTER GHA
+	{0x10A15, 0x10A17, prAL, gcLo},   //     [3] KHAROSHTHI LETTER CA..KHAROSHTHI LETTER JA
+	{0x10A19, 0x10A35, prAL, gcLo},   //    [29] KHAROSHTHI LETTER NYA..KHAROSHTHI LETTER VHA
+	{0x10A38, 0x10A3A, prCM, gcMn},   //     [3] KHAROSHTHI SIGN BAR ABOVE..KHAROSHTHI SIGN DOT BELOW
+	{0x10A3F, 0x10A3F, prCM, gcMn},   //         KHAROSHTHI VIRAMA
+	{0x10A40, 0x10A48, prAL, gcNo},   //     [9] KHAROSHTHI DIGIT ONE..KHAROSHTHI FRACTION ONE HALF
+	{0x10A50, 0x10A57, prBA, gcPo},   //     [8] KHAROSHTHI PUNCTUATION DOT..KHAROSHTHI PUNCTUATION DOUBLE DANDA
+	{0x10A58, 0x10A58, prAL, gcPo},   //         KHAROSHTHI PUNCTUATION LINES
+	{0x10A60, 0x10A7C, prAL, gcLo},   //    [29] OLD SOUTH ARABIAN LETTER HE..OLD SOUTH ARABIAN LETTER THETH
+	{0x10A7D, 0x10A7E, prAL, gcNo},   //     [2] OLD SOUTH ARABIAN NUMBER ONE..OLD SOUTH ARABIAN NUMBER FIFTY
+	{0x10A7F, 0x10A7F, prAL, gcPo},   //         OLD SOUTH ARABIAN NUMERIC INDICATOR
+	{0x10A80, 0x10A9C, prAL, gcLo},   //    [29] OLD NORTH ARABIAN LETTER HEH..OLD NORTH ARABIAN LETTER ZAH
+	{0x10A9D, 0x10A9F, prAL, gcNo},   //     [3] OLD NORTH ARABIAN NUMBER ONE..OLD NORTH ARABIAN NUMBER TWENTY
+	{0x10AC0, 0x10AC7, prAL, gcLo},   //     [8] MANICHAEAN LETTER ALEPH..MANICHAEAN LETTER WAW
+	{0x10AC8, 0x10AC8, prAL, gcSo},   //         MANICHAEAN SIGN UD
+	{0x10AC9, 0x10AE4, prAL, gcLo},   //    [28] MANICHAEAN LETTER ZAYIN..MANICHAEAN LETTER TAW
+	{0x10AE5, 0x10AE6, prCM, gcMn},   //     [2] MANICHAEAN ABBREVIATION MARK ABOVE..MANICHAEAN ABBREVIATION MARK BELOW
+	{0x10AEB, 0x10AEF, prAL, gcNo},   //     [5] MANICHAEAN NUMBER ONE..MANICHAEAN NUMBER ONE HUNDRED
+	{0x10AF0, 0x10AF5, prBA, gcPo},   //     [6] MANICHAEAN PUNCTUATION STAR..MANICHAEAN PUNCTUATION TWO DOTS
+	{0x10AF6, 0x10AF6, prIN, gcPo},   //         MANICHAEAN PUNCTUATION LINE FILLER
+	{0x10B00, 0x10B35, prAL, gcLo},   //    [54] AVESTAN LETTER A..AVESTAN LETTER HE
+	{0x10B39, 0x10B3F, prBA, gcPo},   //     [7] AVESTAN ABBREVIATION MARK..LARGE ONE RING OVER TWO RINGS PUNCTUATION
+	{0x10B40, 0x10B55, prAL, gcLo},   //    [22] INSCRIPTIONAL PARTHIAN LETTER ALEPH..INSCRIPTIONAL PARTHIAN LETTER TAW
+	{0x10B58, 0x10B5F, prAL, gcNo},   //     [8] INSCRIPTIONAL PARTHIAN NUMBER ONE..INSCRIPTIONAL PARTHIAN NUMBER ONE THOUSAND
+	{0x10B60, 0x10B72, prAL, gcLo},   //    [19] INSCRIPTIONAL PAHLAVI LETTER ALEPH..INSCRIPTIONAL PAHLAVI LETTER TAW
+	{0x10B78, 0x10B7F, prAL, gcNo},   //     [8] INSCRIPTIONAL PAHLAVI NUMBER ONE..INSCRIPTIONAL PAHLAVI NUMBER ONE THOUSAND
+	{0x10B80, 0x10B91, prAL, gcLo},   //    [18] PSALTER PAHLAVI LETTER ALEPH..PSALTER PAHLAVI LETTER TAW
+	{0x10B99, 0x10B9C, prAL, gcPo},   //     [4] PSALTER PAHLAVI SECTION MARK..PSALTER PAHLAVI FOUR DOTS WITH DOT
+	{0x10BA9, 0x10BAF, prAL, gcNo},   //     [7] PSALTER PAHLAVI NUMBER ONE..PSALTER PAHLAVI NUMBER ONE HUNDRED
+	{0x10C00, 0x10C48, prAL, gcLo},   //    [73] OLD TURKIC LETTER ORKHON A..OLD TURKIC LETTER ORKHON BASH
+	{0x10C80, 0x10CB2, prAL, gcLu},   //    [51] OLD HUNGARIAN CAPITAL LETTER A..OLD HUNGARIAN CAPITAL LETTER US
+	{0x10CC0, 0x10CF2, prAL, gcLl},   //    [51] OLD HUNGARIAN SMALL LETTER A..OLD HUNGARIAN SMALL LETTER US
+	{0x10CFA, 0x10CFF, prAL, gcNo},   //     [6] OLD HUNGARIAN NUMBER ONE..OLD HUNGARIAN NUMBER ONE THOUSAND
+	{0x10D00, 0x10D23, prAL, gcLo},   //    [36] HANIFI ROHINGYA LETTER A..HANIFI ROHINGYA MARK NA KHONNA
+	{0x10D24, 0x10D27, prCM, gcMn},   //     [4] HANIFI ROHINGYA SIGN HARBAHAY..HANIFI ROHINGYA SIGN TASSI
+	{0x10D30, 0x10D39, prNU, gcNd},   //    [10] HANIFI ROHINGYA DIGIT ZERO..HANIFI ROHINGYA DIGIT NINE
+	{0x10E60, 0x10E7E, prAL, gcNo},   //    [31] RUMI DIGIT ONE..RUMI FRACTION TWO THIRDS
+	{0x10E80, 0x10EA9, prAL, gcLo},   //    [42] YEZIDI LETTER ELIF..YEZIDI LETTER ET
+	{0x10EAB, 0x10EAC, prCM, gcMn},   //     [2] YEZIDI COMBINING HAMZA MARK..YEZIDI COMBINING MADDA MARK
+	{0x10EAD, 0x10EAD, prBA, gcPd},   //         YEZIDI HYPHENATION MARK
+	{0x10EB0, 0x10EB1, prAL, gcLo},   //     [2] YEZIDI LETTER LAM WITH DOT ABOVE..YEZIDI LETTER YOT WITH CIRCUMFLEX ABOVE
+	{0x10F00, 0x10F1C, prAL, gcLo},   //    [29] OLD SOGDIAN LETTER ALEPH..OLD SOGDIAN LETTER FINAL TAW WITH VERTICAL TAIL
+	{0x10F1D, 0x10F26, prAL, gcNo},   //    [10] OLD SOGDIAN NUMBER ONE..OLD SOGDIAN FRACTION ONE HALF
+	{0x10F27, 0x10F27, prAL, gcLo},   //         OLD SOGDIAN LIGATURE AYIN-DALETH
+	{0x10F30, 0x10F45, prAL, gcLo},   //    [22] SOGDIAN LETTER ALEPH..SOGDIAN INDEPENDENT SHIN
+	{0x10F46, 0x10F50, prCM, gcMn},   //    [11] SOGDIAN COMBINING DOT BELOW..SOGDIAN COMBINING STROKE BELOW
+	{0x10F51, 0x10F54, prAL, gcNo},   //     [4] SOGDIAN NUMBER ONE..SOGDIAN NUMBER ONE HUNDRED
+	{0x10F55, 0x10F59, prAL, gcPo},   //     [5] SOGDIAN PUNCTUATION TWO VERTICAL BARS..SOGDIAN PUNCTUATION HALF CIRCLE WITH DOT
+	{0x10F70, 0x10F81, prAL, gcLo},   //    [18] OLD UYGHUR LETTER ALEPH..OLD UYGHUR LETTER LESH
+	{0x10F82, 0x10F85, prCM, gcMn},   //     [4] OLD UYGHUR COMBINING DOT ABOVE..OLD UYGHUR COMBINING TWO DOTS BELOW
+	{0x10F86, 0x10F89, prAL, gcPo},   //     [4] OLD UYGHUR PUNCTUATION BAR..OLD UYGHUR PUNCTUATION FOUR DOTS
+	{0x10FB0, 0x10FC4, prAL, gcLo},   //    [21] CHORASMIAN LETTER ALEPH..CHORASMIAN LETTER TAW
+	{0x10FC5, 0x10FCB, prAL, gcNo},   //     [7] CHORASMIAN NUMBER ONE..CHORASMIAN NUMBER ONE HUNDRED
+	{0x10FE0, 0x10FF6, prAL, gcLo},   //    [23] ELYMAIC LETTER ALEPH..ELYMAIC LIGATURE ZAYIN-YODH
+	{0x11000, 0x11000, prCM, gcMc},   //         BRAHMI SIGN CANDRABINDU
+	{0x11001, 0x11001, prCM, gcMn},   //         BRAHMI SIGN ANUSVARA
+	{0x11002, 0x11002, prCM, gcMc},   //         BRAHMI SIGN VISARGA
+	{0x11003, 0x11037, prAL, gcLo},   //    [53] BRAHMI SIGN JIHVAMULIYA..BRAHMI LETTER OLD TAMIL NNNA
+	{0x11038, 0x11046, prCM, gcMn},   //    [15] BRAHMI VOWEL SIGN AA..BRAHMI VIRAMA
+	{0x11047, 0x11048, prBA, gcPo},   //     [2] BRAHMI DANDA..BRAHMI DOUBLE DANDA
+	{0x11049, 0x1104D, prAL, gcPo},   //     [5] BRAHMI PUNCTUATION DOT..BRAHMI PUNCTUATION LOTUS
+	{0x11052, 0x11065, prAL, gcNo},   //    [20] BRAHMI NUMBER ONE..BRAHMI NUMBER ONE THOUSAND
+	{0x11066, 0x1106F, prNU, gcNd},   //    [10] BRAHMI DIGIT ZERO..BRAHMI DIGIT NINE
+	{0x11070, 0x11070, prCM, gcMn},   //         BRAHMI SIGN OLD TAMIL VIRAMA
+	{0x11071, 0x11072, prAL, gcLo},   //     [2] BRAHMI LETTER OLD TAMIL SHORT E..BRAHMI LETTER OLD TAMIL SHORT O
+	{0x11073, 0x11074, prCM, gcMn},   //     [2] BRAHMI VOWEL SIGN OLD TAMIL SHORT E..BRAHMI VOWEL SIGN OLD TAMIL SHORT O
+	{0x11075, 0x11075, prAL, gcLo},   //         BRAHMI LETTER OLD TAMIL LLA
+	{0x1107F, 0x1107F, prCM, gcMn},   //         BRAHMI NUMBER JOINER
+	{0x11080, 0x11081, prCM, gcMn},   //     [2] KAITHI SIGN CANDRABINDU..KAITHI SIGN ANUSVARA
+	{0x11082, 0x11082, prCM, gcMc},   //         KAITHI SIGN VISARGA
+	{0x11083, 0x110AF, prAL, gcLo},   //    [45] KAITHI LETTER A..KAITHI LETTER HA
+	{0x110B0, 0x110B2, prCM, gcMc},   //     [3] KAITHI VOWEL SIGN AA..KAITHI VOWEL SIGN II
+	{0x110B3, 0x110B6, prCM, gcMn},   //     [4] KAITHI VOWEL SIGN U..KAITHI VOWEL SIGN AI
+	{0x110B7, 0x110B8, prCM, gcMc},   //     [2] KAITHI VOWEL SIGN O..KAITHI VOWEL SIGN AU
+	{0x110B9, 0x110BA, prCM, gcMn},   //     [2] KAITHI SIGN VIRAMA..KAITHI SIGN NUKTA
+	{0x110BB, 0x110BC, prAL, gcPo},   //     [2] KAITHI ABBREVIATION SIGN..KAITHI ENUMERATION SIGN
+	{0x110BD, 0x110BD, prAL, gcCf},   //         KAITHI NUMBER SIGN
+	{0x110BE, 0x110C1, prBA, gcPo},   //     [4] KAITHI SECTION MARK..KAITHI DOUBLE DANDA
+	{0x110C2, 0x110C2, prCM, gcMn},   //         KAITHI VOWEL SIGN VOCALIC R
+	{0x110CD, 0x110CD, prAL, gcCf},   //         KAITHI NUMBER SIGN ABOVE
+	{0x110D0, 0x110E8, prAL, gcLo},   //    [25] SORA SOMPENG LETTER SAH..SORA SOMPENG LETTER MAE
+	{0x110F0, 0x110F9, prNU, gcNd},   //    [10] SORA SOMPENG DIGIT ZERO..SORA SOMPENG DIGIT NINE
+	{0x11100, 0x11102, prCM, gcMn},   //     [3] CHAKMA SIGN CANDRABINDU..CHAKMA SIGN VISARGA
+	{0x11103, 0x11126, prAL, gcLo},   //    [36] CHAKMA LETTER AA..CHAKMA LETTER HAA
+	{0x11127, 0x1112B, prCM, gcMn},   //     [5] CHAKMA VOWEL SIGN A..CHAKMA VOWEL SIGN UU
+	{0x1112C, 0x1112C, prCM, gcMc},   //         CHAKMA VOWEL SIGN E
+	{0x1112D, 0x11134, prCM, gcMn},   //     [8] CHAKMA VOWEL SIGN AI..CHAKMA MAAYYAA
+	{0x11136, 0x1113F, prNU, gcNd},   //    [10] CHAKMA DIGIT ZERO..CHAKMA DIGIT NINE
+	{0x11140, 0x11143, prBA, gcPo},   //     [4] CHAKMA SECTION MARK..CHAKMA QUESTION MARK
+	{0x11144, 0x11144, prAL, gcLo},   //         CHAKMA LETTER LHAA
+	{0x11145, 0x11146, prCM, gcMc},   //     [2] CHAKMA VOWEL SIGN AA..CHAKMA VOWEL SIGN EI
+	{0x11147, 0x11147, prAL, gcLo},   //         CHAKMA LETTER VAA
+	{0x11150, 0x11172, prAL, gcLo},   //    [35] MAHAJANI LETTER A..MAHAJANI LETTER RRA
+	{0x11173, 0x11173, prCM, gcMn},   //         MAHAJANI SIGN NUKTA
+	{0x11174, 0x11174, prAL, gcPo},   //         MAHAJANI ABBREVIATION SIGN
+	{0x11175, 0x11175, prBB, gcPo},   //         MAHAJANI SECTION MARK
+	{0x11176, 0x11176, prAL, gcLo},   //         MAHAJANI LIGATURE SHRI
+	{0x11180, 0x11181, prCM, gcMn},   //     [2] SHARADA SIGN CANDRABINDU..SHARADA SIGN ANUSVARA
+	{0x11182, 0x11182, prCM, gcMc},   //         SHARADA SIGN VISARGA
+	{0x11183, 0x111B2, prAL, gcLo},   //    [48] SHARADA LETTER A..SHARADA LETTER HA
+	{0x111B3, 0x111B5, prCM, gcMc},   //     [3] SHARADA VOWEL SIGN AA..SHARADA VOWEL SIGN II
+	{0x111B6, 0x111BE, prCM, gcMn},   //     [9] SHARADA VOWEL SIGN U..SHARADA VOWEL SIGN O
+	{0x111BF, 0x111C0, prCM, gcMc},   //     [2] SHARADA VOWEL SIGN AU..SHARADA SIGN VIRAMA
+	{0x111C1, 0x111C4, prAL, gcLo},   //     [4] SHARADA SIGN AVAGRAHA..SHARADA OM
+	{0x111C5, 0x111C6, prBA, gcPo},   //     [2] SHARADA DANDA..SHARADA DOUBLE DANDA
+	{0x111C7, 0x111C7, prAL, gcPo},   //         SHARADA ABBREVIATION SIGN
+	{0x111C8, 0x111C8, prBA, gcPo},   //         SHARADA SEPARATOR
+	{0x111C9, 0x111CC, prCM, gcMn},   //     [4] SHARADA SANDHI MARK..SHARADA EXTRA SHORT VOWEL MARK
+	{0x111CD, 0x111CD, prAL, gcPo},   //         SHARADA SUTRA MARK
+	{0x111CE, 0x111CE, prCM, gcMc},   //         SHARADA VOWEL SIGN PRISHTHAMATRA E
+	{0x111CF, 0x111CF, prCM, gcMn},   //         SHARADA SIGN INVERTED CANDRABINDU
+	{0x111D0, 0x111D9, prNU, gcNd},   //    [10] SHARADA DIGIT ZERO..SHARADA DIGIT NINE
+	{0x111DA, 0x111DA, prAL, gcLo},   //         SHARADA EKAM
+	{0x111DB, 0x111DB, prBB, gcPo},   //         SHARADA SIGN SIDDHAM
+	{0x111DC, 0x111DC, prAL, gcLo},   //         SHARADA HEADSTROKE
+	{0x111DD, 0x111DF, prBA, gcPo},   //     [3] SHARADA CONTINUATION SIGN..SHARADA SECTION MARK-2
+	{0x111E1, 0x111F4, prAL, gcNo},   //    [20] SINHALA ARCHAIC DIGIT ONE..SINHALA ARCHAIC NUMBER ONE THOUSAND
+	{0x11200, 0x11211, prAL, gcLo},   //    [18] KHOJKI LETTER A..KHOJKI LETTER JJA
+	{0x11213, 0x1122B, prAL, gcLo},   //    [25] KHOJKI LETTER NYA..KHOJKI LETTER LLA
+	{0x1122C, 0x1122E, prCM, gcMc},   //     [3] KHOJKI VOWEL SIGN AA..KHOJKI VOWEL SIGN II
+	{0x1122F, 0x11231, prCM, gcMn},   //     [3] KHOJKI VOWEL SIGN U..KHOJKI VOWEL SIGN AI
+	{0x11232, 0x11233, prCM, gcMc},   //     [2] KHOJKI VOWEL SIGN O..KHOJKI VOWEL SIGN AU
+	{0x11234, 0x11234, prCM, gcMn},   //         KHOJKI SIGN ANUSVARA
+	{0x11235, 0x11235, prCM, gcMc},   //         KHOJKI SIGN VIRAMA
+	{0x11236, 0x11237, prCM, gcMn},   //     [2] KHOJKI SIGN NUKTA..KHOJKI SIGN SHADDA
+	{0x11238, 0x11239, prBA, gcPo},   //     [2] KHOJKI DANDA..KHOJKI DOUBLE DANDA
+	{0x1123A, 0x1123A, prAL, gcPo},   //         KHOJKI WORD SEPARATOR
+	{0x1123B, 0x1123C, prBA, gcPo},   //     [2] KHOJKI SECTION MARK..KHOJKI DOUBLE SECTION MARK
+	{0x1123D, 0x1123D, prAL, gcPo},   //         KHOJKI ABBREVIATION SIGN
+	{0x1123E, 0x1123E, prCM, gcMn},   //         KHOJKI SIGN SUKUN
+	{0x11280, 0x11286, prAL, gcLo},   //     [7] MULTANI LETTER A..MULTANI LETTER GA
+	{0x11288, 0x11288, prAL, gcLo},   //         MULTANI LETTER GHA
+	{0x1128A, 0x1128D, prAL, gcLo},   //     [4] MULTANI LETTER CA..MULTANI LETTER JJA
+	{0x1128F, 0x1129D, prAL, gcLo},   //    [15] MULTANI LETTER NYA..MULTANI LETTER BA
+	{0x1129F, 0x112A8, prAL, gcLo},   //    [10] MULTANI LETTER BHA..MULTANI LETTER RHA
+	{0x112A9, 0x112A9, prBA, gcPo},   //         MULTANI SECTION MARK
+	{0x112B0, 0x112DE, prAL, gcLo},   //    [47] KHUDAWADI LETTER A..KHUDAWADI LETTER HA
+	{0x112DF, 0x112DF, prCM, gcMn},   //         KHUDAWADI SIGN ANUSVARA
+	{0x112E0, 0x112E2, prCM, gcMc},   //     [3] KHUDAWADI VOWEL SIGN AA..KHUDAWADI VOWEL SIGN II
+	{0x112E3, 0x112EA, prCM, gcMn},   //     [8] KHUDAWADI VOWEL SIGN U..KHUDAWADI SIGN VIRAMA
+	{0x112F0, 0x112F9, prNU, gcNd},   //    [10] KHUDAWADI DIGIT ZERO..KHUDAWADI DIGIT NINE
+	{0x11300, 0x11301, prCM, gcMn},   //     [2] GRANTHA SIGN COMBINING ANUSVARA ABOVE..GRANTHA SIGN CANDRABINDU
+	{0x11302, 0x11303, prCM, gcMc},   //     [2] GRANTHA SIGN ANUSVARA..GRANTHA SIGN VISARGA
+	{0x11305, 0x1130C, prAL, gcLo},   //     [8] GRANTHA LETTER A..GRANTHA LETTER VOCALIC L
+	{0x1130F, 0x11310, prAL, gcLo},   //     [2] GRANTHA LETTER EE..GRANTHA LETTER AI
+	{0x11313, 0x11328, prAL, gcLo},   //    [22] GRANTHA LETTER OO..GRANTHA LETTER NA
+	{0x1132A, 0x11330, prAL, gcLo},   //     [7] GRANTHA LETTER PA..GRANTHA LETTER RA
+	{0x11332, 0x11333, prAL, gcLo},   //     [2] GRANTHA LETTER LA..GRANTHA LETTER LLA
+	{0x11335, 0x11339, prAL, gcLo},   //     [5] GRANTHA LETTER VA..GRANTHA LETTER HA
+	{0x1133B, 0x1133C, prCM, gcMn},   //     [2] COMBINING BINDU BELOW..GRANTHA SIGN NUKTA
+	{0x1133D, 0x1133D, prAL, gcLo},   //         GRANTHA SIGN AVAGRAHA
+	{0x1133E, 0x1133F, prCM, gcMc},   //     [2] GRANTHA VOWEL SIGN AA..GRANTHA VOWEL SIGN I
+	{0x11340, 0x11340, prCM, gcMn},   //         GRANTHA VOWEL SIGN II
+	{0x11341, 0x11344, prCM, gcMc},   //     [4] GRANTHA VOWEL SIGN U..GRANTHA VOWEL SIGN VOCALIC RR
+	{0x11347, 0x11348, prCM, gcMc},   //     [2] GRANTHA VOWEL SIGN EE..GRANTHA VOWEL SIGN AI
+	{0x1134B, 0x1134D, prCM, gcMc},   //     [3] GRANTHA VOWEL SIGN OO..GRANTHA SIGN VIRAMA
+	{0x11350, 0x11350, prAL, gcLo},   //         GRANTHA OM
+	{0x11357, 0x11357, prCM, gcMc},   //         GRANTHA AU LENGTH MARK
+	{0x1135D, 0x11361, prAL, gcLo},   //     [5] GRANTHA SIGN PLUTA..GRANTHA LETTER VOCALIC LL
+	{0x11362, 0x11363, prCM, gcMc},   //     [2] GRANTHA VOWEL SIGN VOCALIC L..GRANTHA VOWEL SIGN VOCALIC LL
+	{0x11366, 0x1136C, prCM, gcMn},   //     [7] COMBINING GRANTHA DIGIT ZERO..COMBINING GRANTHA DIGIT SIX
+	{0x11370, 0x11374, prCM, gcMn},   //     [5] COMBINING GRANTHA LETTER A..COMBINING GRANTHA LETTER PA
+	{0x11400, 0x11434, prAL, gcLo},   //    [53] NEWA LETTER A..NEWA LETTER HA
+	{0x11435, 0x11437, prCM, gcMc},   //     [3] NEWA VOWEL SIGN AA..NEWA VOWEL SIGN II
+	{0x11438, 0x1143F, prCM, gcMn},   //     [8] NEWA VOWEL SIGN U..NEWA VOWEL SIGN AI
+	{0x11440, 0x11441, prCM, gcMc},   //     [2] NEWA VOWEL SIGN O..NEWA VOWEL SIGN AU
+	{0x11442, 0x11444, prCM, gcMn},   //     [3] NEWA SIGN VIRAMA..NEWA SIGN ANUSVARA
+	{0x11445, 0x11445, prCM, gcMc},   //         NEWA SIGN VISARGA
+	{0x11446, 0x11446, prCM, gcMn},   //         NEWA SIGN NUKTA
+	{0x11447, 0x1144A, prAL, gcLo},   //     [4] NEWA SIGN AVAGRAHA..NEWA SIDDHI
+	{0x1144B, 0x1144E, prBA, gcPo},   //     [4] NEWA DANDA..NEWA GAP FILLER
+	{0x1144F, 0x1144F, prAL, gcPo},   //         NEWA ABBREVIATION SIGN
+	{0x11450, 0x11459, prNU, gcNd},   //    [10] NEWA DIGIT ZERO..NEWA DIGIT NINE
+	{0x1145A, 0x1145B, prBA, gcPo},   //     [2] NEWA DOUBLE COMMA..NEWA PLACEHOLDER MARK
+	{0x1145D, 0x1145D, prAL, gcPo},   //         NEWA INSERTION SIGN
+	{0x1145E, 0x1145E, prCM, gcMn},   //         NEWA SANDHI MARK
+	{0x1145F, 0x11461, prAL, gcLo},   //     [3] NEWA LETTER VEDIC ANUSVARA..NEWA SIGN UPADHMANIYA
+	{0x11480, 0x114AF, prAL, gcLo},   //    [48] TIRHUTA ANJI..TIRHUTA LETTER HA
+	{0x114B0, 0x114B2, prCM, gcMc},   //     [3] TIRHUTA VOWEL SIGN AA..TIRHUTA VOWEL SIGN II
+	{0x114B3, 0x114B8, prCM, gcMn},   //     [6] TIRHUTA VOWEL SIGN U..TIRHUTA VOWEL SIGN VOCALIC LL
+	{0x114B9, 0x114B9, prCM, gcMc},   //         TIRHUTA VOWEL SIGN E
+	{0x114BA, 0x114BA, prCM, gcMn},   //         TIRHUTA VOWEL SIGN SHORT E
+	{0x114BB, 0x114BE, prCM, gcMc},   //     [4] TIRHUTA VOWEL SIGN AI..TIRHUTA VOWEL SIGN AU
+	{0x114BF, 0x114C0, prCM, gcMn},   //     [2] TIRHUTA SIGN CANDRABINDU..TIRHUTA SIGN ANUSVARA
+	{0x114C1, 0x114C1, prCM, gcMc},   //         TIRHUTA SIGN VISARGA
+	{0x114C2, 0x114C3, prCM, gcMn},   //     [2] TIRHUTA SIGN VIRAMA..TIRHUTA SIGN NUKTA
+	{0x114C4, 0x114C5, prAL, gcLo},   //     [2] TIRHUTA SIGN AVAGRAHA..TIRHUTA GVANG
+	{0x114C6, 0x114C6, prAL, gcPo},   //         TIRHUTA ABBREVIATION SIGN
+	{0x114C7, 0x114C7, prAL, gcLo},   //         TIRHUTA OM
+	{0x114D0, 0x114D9, prNU, gcNd},   //    [10] TIRHUTA DIGIT ZERO..TIRHUTA DIGIT NINE
+	{0x11580, 0x115AE, prAL, gcLo},   //    [47] SIDDHAM LETTER A..SIDDHAM LETTER HA
+	{0x115AF, 0x115B1, prCM, gcMc},   //     [3] SIDDHAM VOWEL SIGN AA..SIDDHAM VOWEL SIGN II
+	{0x115B2, 0x115B5, prCM, gcMn},   //     [4] SIDDHAM VOWEL SIGN U..SIDDHAM VOWEL SIGN VOCALIC RR
+	{0x115B8, 0x115BB, prCM, gcMc},   //     [4] SIDDHAM VOWEL SIGN E..SIDDHAM VOWEL SIGN AU
+	{0x115BC, 0x115BD, prCM, gcMn},   //     [2] SIDDHAM SIGN CANDRABINDU..SIDDHAM SIGN ANUSVARA
+	{0x115BE, 0x115BE, prCM, gcMc},   //         SIDDHAM SIGN VISARGA
+	{0x115BF, 0x115C0, prCM, gcMn},   //     [2] SIDDHAM SIGN VIRAMA..SIDDHAM SIGN NUKTA
+	{0x115C1, 0x115C1, prBB, gcPo},   //         SIDDHAM SIGN SIDDHAM
+	{0x115C2, 0x115C3, prBA, gcPo},   //     [2] SIDDHAM DANDA..SIDDHAM DOUBLE DANDA
+	{0x115C4, 0x115C5, prEX, gcPo},   //     [2] SIDDHAM SEPARATOR DOT..SIDDHAM SEPARATOR BAR
+	{0x115C6, 0x115C8, prAL, gcPo},   //     [3] SIDDHAM REPETITION MARK-1..SIDDHAM REPETITION MARK-3
+	{0x115C9, 0x115D7, prBA, gcPo},   //    [15] SIDDHAM END OF TEXT MARK..SIDDHAM SECTION MARK WITH CIRCLES AND FOUR ENCLOSURES
+	{0x115D8, 0x115DB, prAL, gcLo},   //     [4] SIDDHAM LETTER THREE-CIRCLE ALTERNATE I..SIDDHAM LETTER ALTERNATE U
+	{0x115DC, 0x115DD, prCM, gcMn},   //     [2] SIDDHAM VOWEL SIGN ALTERNATE U..SIDDHAM VOWEL SIGN ALTERNATE UU
+	{0x11600, 0x1162F, prAL, gcLo},   //    [48] MODI LETTER A..MODI LETTER LLA
+	{0x11630, 0x11632, prCM, gcMc},   //     [3] MODI VOWEL SIGN AA..MODI VOWEL SIGN II
+	{0x11633, 0x1163A, prCM, gcMn},   //     [8] MODI VOWEL SIGN U..MODI VOWEL SIGN AI
+	{0x1163B, 0x1163C, prCM, gcMc},   //     [2] MODI VOWEL SIGN O..MODI VOWEL SIGN AU
+	{0x1163D, 0x1163D, prCM, gcMn},   //         MODI SIGN ANUSVARA
+	{0x1163E, 0x1163E, prCM, gcMc},   //         MODI SIGN VISARGA
+	{0x1163F, 0x11640, prCM, gcMn},   //     [2] MODI SIGN VIRAMA..MODI SIGN ARDHACANDRA
+	{0x11641, 0x11642, prBA, gcPo},   //     [2] MODI DANDA..MODI DOUBLE DANDA
+	{0x11643, 0x11643, prAL, gcPo},   //         MODI ABBREVIATION SIGN
+	{0x11644, 0x11644, prAL, gcLo},   //         MODI SIGN HUVA
+	{0x11650, 0x11659, prNU, gcNd},   //    [10] MODI DIGIT ZERO..MODI DIGIT NINE
+	{0x11660, 0x1166C, prBB, gcPo},   //    [13] MONGOLIAN BIRGA WITH ORNAMENT..MONGOLIAN TURNED SWIRL BIRGA WITH DOUBLE ORNAMENT
+	{0x11680, 0x116AA, prAL, gcLo},   //    [43] TAKRI LETTER A..TAKRI LETTER RRA
+	{0x116AB, 0x116AB, prCM, gcMn},   //         TAKRI SIGN ANUSVARA
+	{0x116AC, 0x116AC, prCM, gcMc},   //         TAKRI SIGN VISARGA
+	{0x116AD, 0x116AD, prCM, gcMn},   //         TAKRI VOWEL SIGN AA
+	{0x116AE, 0x116AF, prCM, gcMc},   //     [2] TAKRI VOWEL SIGN I..TAKRI VOWEL SIGN II
+	{0x116B0, 0x116B5, prCM, gcMn},   //     [6] TAKRI VOWEL SIGN U..TAKRI VOWEL SIGN AU
+	{0x116B6, 0x116B6, prCM, gcMc},   //         TAKRI SIGN VIRAMA
+	{0x116B7, 0x116B7, prCM, gcMn},   //         TAKRI SIGN NUKTA
+	{0x116B8, 0x116B8, prAL, gcLo},   //         TAKRI LETTER ARCHAIC KHA
+	{0x116B9, 0x116B9, prAL, gcPo},   //         TAKRI ABBREVIATION SIGN
+	{0x116C0, 0x116C9, prNU, gcNd},   //    [10] TAKRI DIGIT ZERO..TAKRI DIGIT NINE
+	{0x11700, 0x1171A, prSA, gcLo},   //    [27] AHOM LETTER KA..AHOM LETTER ALTERNATE BA
+	{0x1171D, 0x1171F, prSA, gcMn},   //     [3] AHOM CONSONANT SIGN MEDIAL LA..AHOM CONSONANT SIGN MEDIAL LIGATING RA
+	{0x11720, 0x11721, prSA, gcMc},   //     [2] AHOM VOWEL SIGN A..AHOM VOWEL SIGN AA
+	{0x11722, 0x11725, prSA, gcMn},   //     [4] AHOM VOWEL SIGN I..AHOM VOWEL SIGN UU
+	{0x11726, 0x11726, prSA, gcMc},   //         AHOM VOWEL SIGN E
+	{0x11727, 0x1172B, prSA, gcMn},   //     [5] AHOM VOWEL SIGN AW..AHOM SIGN KILLER
+	{0x11730, 0x11739, prNU, gcNd},   //    [10] AHOM DIGIT ZERO..AHOM DIGIT NINE
+	{0x1173A, 0x1173B, prSA, gcNo},   //     [2] AHOM NUMBER TEN..AHOM NUMBER TWENTY
+	{0x1173C, 0x1173E, prBA, gcPo},   //     [3] AHOM SIGN SMALL SECTION..AHOM SIGN RULAI
+	{0x1173F, 0x1173F, prSA, gcSo},   //         AHOM SYMBOL VI
+	{0x11740, 0x11746, prSA, gcLo},   //     [7] AHOM LETTER CA..AHOM LETTER LLA
+	{0x11800, 0x1182B, prAL, gcLo},   //    [44] DOGRA LETTER A..DOGRA LETTER RRA
+	{0x1182C, 0x1182E, prCM, gcMc},   //     [3] DOGRA VOWEL SIGN AA..DOGRA VOWEL SIGN II
+	{0x1182F, 0x11837, prCM, gcMn},   //     [9] DOGRA VOWEL SIGN U..DOGRA SIGN ANUSVARA
+	{0x11838, 0x11838, prCM, gcMc},   //         DOGRA SIGN VISARGA
+	{0x11839, 0x1183A, prCM, gcMn},   //     [2] DOGRA SIGN VIRAMA..DOGRA SIGN NUKTA
+	{0x1183B, 0x1183B, prAL, gcPo},   //         DOGRA ABBREVIATION SIGN
+	{0x118A0, 0x118DF, prAL, gcLC},   //    [64] WARANG CITI CAPITAL LETTER NGAA..WARANG CITI SMALL LETTER VIYO
+	{0x118E0, 0x118E9, prNU, gcNd},   //    [10] WARANG CITI DIGIT ZERO..WARANG CITI DIGIT NINE
+	{0x118EA, 0x118F2, prAL, gcNo},   //     [9] WARANG CITI NUMBER TEN..WARANG CITI NUMBER NINETY
+	{0x118FF, 0x118FF, prAL, gcLo},   //         WARANG CITI OM
+	{0x11900, 0x11906, prAL, gcLo},   //     [7] DIVES AKURU LETTER A..DIVES AKURU LETTER E
+	{0x11909, 0x11909, prAL, gcLo},   //         DIVES AKURU LETTER O
+	{0x1190C, 0x11913, prAL, gcLo},   //     [8] DIVES AKURU LETTER KA..DIVES AKURU LETTER JA
+	{0x11915, 0x11916, prAL, gcLo},   //     [2] DIVES AKURU LETTER NYA..DIVES AKURU LETTER TTA
+	{0x11918, 0x1192F, prAL, gcLo},   //    [24] DIVES AKURU LETTER DDA..DIVES AKURU LETTER ZA
+	{0x11930, 0x11935, prCM, gcMc},   //     [6] DIVES AKURU VOWEL SIGN AA..DIVES AKURU VOWEL SIGN E
+	{0x11937, 0x11938, prCM, gcMc},   //     [2] DIVES AKURU VOWEL SIGN AI..DIVES AKURU VOWEL SIGN O
+	{0x1193B, 0x1193C, prCM, gcMn},   //     [2] DIVES AKURU SIGN ANUSVARA..DIVES AKURU SIGN CANDRABINDU
+	{0x1193D, 0x1193D, prCM, gcMc},   //         DIVES AKURU SIGN HALANTA
+	{0x1193E, 0x1193E, prCM, gcMn},   //         DIVES AKURU VIRAMA
+	{0x1193F, 0x1193F, prAL, gcLo},   //         DIVES AKURU PREFIXED NASAL SIGN
+	{0x11940, 0x11940, prCM, gcMc},   //         DIVES AKURU MEDIAL YA
+	{0x11941, 0x11941, prAL, gcLo},   //         DIVES AKURU INITIAL RA
+	{0x11942, 0x11942, prCM, gcMc},   //         DIVES AKURU MEDIAL RA
+	{0x11943, 0x11943, prCM, gcMn},   //         DIVES AKURU SIGN NUKTA
+	{0x11944, 0x11946, prBA, gcPo},   //     [3] DIVES AKURU DOUBLE DANDA..DIVES AKURU END OF TEXT MARK
+	{0x11950, 0x11959, prNU, gcNd},   //    [10] DIVES AKURU DIGIT ZERO..DIVES AKURU DIGIT NINE
+	{0x119A0, 0x119A7, prAL, gcLo},   //     [8] NANDINAGARI LETTER A..NANDINAGARI LETTER VOCALIC RR
+	{0x119AA, 0x119D0, prAL, gcLo},   //    [39] NANDINAGARI LETTER E..NANDINAGARI LETTER RRA
+	{0x119D1, 0x119D3, prCM, gcMc},   //     [3] NANDINAGARI VOWEL SIGN AA..NANDINAGARI VOWEL SIGN II
+	{0x119D4, 0x119D7, prCM, gcMn},   //     [4] NANDINAGARI VOWEL SIGN U..NANDINAGARI VOWEL SIGN VOCALIC RR
+	{0x119DA, 0x119DB, prCM, gcMn},   //     [2] NANDINAGARI VOWEL SIGN E..NANDINAGARI VOWEL SIGN AI
+	{0x119DC, 0x119DF, prCM, gcMc},   //     [4] NANDINAGARI VOWEL SIGN O..NANDINAGARI SIGN VISARGA
+	{0x119E0, 0x119E0, prCM, gcMn},   //         NANDINAGARI SIGN VIRAMA
+	{0x119E1, 0x119E1, prAL, gcLo},   //         NANDINAGARI SIGN AVAGRAHA
+	{0x119E2, 0x119E2, prBB, gcPo},   //         NANDINAGARI SIGN SIDDHAM
+	{0x119E3, 0x119E3, prAL, gcLo},   //         NANDINAGARI HEADSTROKE
+	{0x119E4, 0x119E4, prCM, gcMc},   //         NANDINAGARI VOWEL SIGN PRISHTHAMATRA E
+	{0x11A00, 0x11A00, prAL, gcLo},   //         ZANABAZAR SQUARE LETTER A
+	{0x11A01, 0x11A0A, prCM, gcMn},   //    [10] ZANABAZAR SQUARE VOWEL SIGN I..ZANABAZAR SQUARE VOWEL LENGTH MARK
+	{0x11A0B, 0x11A32, prAL, gcLo},   //    [40] ZANABAZAR SQUARE LETTER KA..ZANABAZAR SQUARE LETTER KSSA
+	{0x11A33, 0x11A38, prCM, gcMn},   //     [6] ZANABAZAR SQUARE FINAL CONSONANT MARK..ZANABAZAR SQUARE SIGN ANUSVARA
+	{0x11A39, 0x11A39, prCM, gcMc},   //         ZANABAZAR SQUARE SIGN VISARGA
+	{0x11A3A, 0x11A3A, prAL, gcLo},   //         ZANABAZAR SQUARE CLUSTER-INITIAL LETTER RA
+	{0x11A3B, 0x11A3E, prCM, gcMn},   //     [4] ZANABAZAR SQUARE CLUSTER-FINAL LETTER YA..ZANABAZAR SQUARE CLUSTER-FINAL LETTER VA
+	{0x11A3F, 0x11A3F, prBB, gcPo},   //         ZANABAZAR SQUARE INITIAL HEAD MARK
+	{0x11A40, 0x11A40, prAL, gcPo},   //         ZANABAZAR SQUARE CLOSING HEAD MARK
+	{0x11A41, 0x11A44, prBA, gcPo},   //     [4] ZANABAZAR SQUARE MARK TSHEG..ZANABAZAR SQUARE MARK LONG TSHEG
+	{0x11A45, 0x11A45, prBB, gcPo},   //         ZANABAZAR SQUARE INITIAL DOUBLE-LINED HEAD MARK
+	{0x11A46, 0x11A46, prAL, gcPo},   //         ZANABAZAR SQUARE CLOSING DOUBLE-LINED HEAD MARK
+	{0x11A47, 0x11A47, prCM, gcMn},   //         ZANABAZAR SQUARE SUBJOINER
+	{0x11A50, 0x11A50, prAL, gcLo},   //         SOYOMBO LETTER A
+	{0x11A51, 0x11A56, prCM, gcMn},   //     [6] SOYOMBO VOWEL SIGN I..SOYOMBO VOWEL SIGN OE
+	{0x11A57, 0x11A58, prCM, gcMc},   //     [2] SOYOMBO VOWEL SIGN AI..SOYOMBO VOWEL SIGN AU
+	{0x11A59, 0x11A5B, prCM, gcMn},   //     [3] SOYOMBO VOWEL SIGN VOCALIC R..SOYOMBO VOWEL LENGTH MARK
+	{0x11A5C, 0x11A89, prAL, gcLo},   //    [46] SOYOMBO LETTER KA..SOYOMBO CLUSTER-INITIAL LETTER SA
+	{0x11A8A, 0x11A96, prCM, gcMn},   //    [13] SOYOMBO FINAL CONSONANT SIGN G..SOYOMBO SIGN ANUSVARA
+	{0x11A97, 0x11A97, prCM, gcMc},   //         SOYOMBO SIGN VISARGA
+	{0x11A98, 0x11A99, prCM, gcMn},   //     [2] SOYOMBO GEMINATION MARK..SOYOMBO SUBJOINER
+	{0x11A9A, 0x11A9C, prBA, gcPo},   //     [3] SOYOMBO MARK TSHEG..SOYOMBO MARK DOUBLE SHAD
+	{0x11A9D, 0x11A9D, prAL, gcLo},   //         SOYOMBO MARK PLUTA
+	{0x11A9E, 0x11AA0, prBB, gcPo},   //     [3] SOYOMBO HEAD MARK WITH MOON AND SUN AND TRIPLE FLAME..SOYOMBO HEAD MARK WITH MOON AND SUN
+	{0x11AA1, 0x11AA2, prBA, gcPo},   //     [2] SOYOMBO TERMINAL MARK-1..SOYOMBO TERMINAL MARK-2
+	{0x11AB0, 0x11ABF, prAL, gcLo},   //    [16] CANADIAN SYLLABICS NATTILIK HI..CANADIAN SYLLABICS SPA
+	{0x11AC0, 0x11AF8, prAL, gcLo},   //    [57] PAU CIN HAU LETTER PA..PAU CIN HAU GLOTTAL STOP FINAL
+	{0x11C00, 0x11C08, prAL, gcLo},   //     [9] BHAIKSUKI LETTER A..BHAIKSUKI LETTER VOCALIC L
+	{0x11C0A, 0x11C2E, prAL, gcLo},   //    [37] BHAIKSUKI LETTER E..BHAIKSUKI LETTER HA
+	{0x11C2F, 0x11C2F, prCM, gcMc},   //         BHAIKSUKI VOWEL SIGN AA
+	{0x11C30, 0x11C36, prCM, gcMn},   //     [7] BHAIKSUKI VOWEL SIGN I..BHAIKSUKI VOWEL SIGN VOCALIC L
+	{0x11C38, 0x11C3D, prCM, gcMn},   //     [6] BHAIKSUKI VOWEL SIGN E..BHAIKSUKI SIGN ANUSVARA
+	{0x11C3E, 0x11C3E, prCM, gcMc},   //         BHAIKSUKI SIGN VISARGA
+	{0x11C3F, 0x11C3F, prCM, gcMn},   //         BHAIKSUKI SIGN VIRAMA
+	{0x11C40, 0x11C40, prAL, gcLo},   //         BHAIKSUKI SIGN AVAGRAHA
+	{0x11C41, 0x11C45, prBA, gcPo},   //     [5] BHAIKSUKI DANDA..BHAIKSUKI GAP FILLER-2
+	{0x11C50, 0x11C59, prNU, gcNd},   //    [10] BHAIKSUKI DIGIT ZERO..BHAIKSUKI DIGIT NINE
+	{0x11C5A, 0x11C6C, prAL, gcNo},   //    [19] BHAIKSUKI NUMBER ONE..BHAIKSUKI HUNDREDS UNIT MARK
+	{0x11C70, 0x11C70, prBB, gcPo},   //         MARCHEN HEAD MARK
+	{0x11C71, 0x11C71, prEX, gcPo},   //         MARCHEN MARK SHAD
+	{0x11C72, 0x11C8F, prAL, gcLo},   //    [30] MARCHEN LETTER KA..MARCHEN LETTER A
+	{0x11C92, 0x11CA7, prCM, gcMn},   //    [22] MARCHEN SUBJOINED LETTER KA..MARCHEN SUBJOINED LETTER ZA
+	{0x11CA9, 0x11CA9, prCM, gcMc},   //         MARCHEN SUBJOINED LETTER YA
+	{0x11CAA, 0x11CB0, prCM, gcMn},   //     [7] MARCHEN SUBJOINED LETTER RA..MARCHEN VOWEL SIGN AA
+	{0x11CB1, 0x11CB1, prCM, gcMc},   //         MARCHEN VOWEL SIGN I
+	{0x11CB2, 0x11CB3, prCM, gcMn},   //     [2] MARCHEN VOWEL SIGN U..MARCHEN VOWEL SIGN E
+	{0x11CB4, 0x11CB4, prCM, gcMc},   //         MARCHEN VOWEL SIGN O
+	{0x11CB5, 0x11CB6, prCM, gcMn},   //     [2] MARCHEN SIGN ANUSVARA..MARCHEN SIGN CANDRABINDU
+	{0x11D00, 0x11D06, prAL, gcLo},   //     [7] MASARAM GONDI LETTER A..MASARAM GONDI LETTER E
+	{0x11D08, 0x11D09, prAL, gcLo},   //     [2] MASARAM GONDI LETTER AI..MASARAM GONDI LETTER O
+	{0x11D0B, 0x11D30, prAL, gcLo},   //    [38] MASARAM GONDI LETTER AU..MASARAM GONDI LETTER TRA
+	{0x11D31, 0x11D36, prCM, gcMn},   //     [6] MASARAM GONDI VOWEL SIGN AA..MASARAM GONDI VOWEL SIGN VOCALIC R
+	{0x11D3A, 0x11D3A, prCM, gcMn},   //         MASARAM GONDI VOWEL SIGN E
+	{0x11D3C, 0x11D3D, prCM, gcMn},   //     [2] MASARAM GONDI VOWEL SIGN AI..MASARAM GONDI VOWEL SIGN O
+	{0x11D3F, 0x11D45, prCM, gcMn},   //     [7] MASARAM GONDI VOWEL SIGN AU..MASARAM GONDI VIRAMA
+	{0x11D46, 0x11D46, prAL, gcLo},   //         MASARAM GONDI REPHA
+	{0x11D47, 0x11D47, prCM, gcMn},   //         MASARAM GONDI RA-KARA
+	{0x11D50, 0x11D59, prNU, gcNd},   //    [10] MASARAM GONDI DIGIT ZERO..MASARAM GONDI DIGIT NINE
+	{0x11D60, 0x11D65, prAL, gcLo},   //     [6] GUNJALA GONDI LETTER A..GUNJALA GONDI LETTER UU
+	{0x11D67, 0x11D68, prAL, gcLo},   //     [2] GUNJALA GONDI LETTER EE..GUNJALA GONDI LETTER AI
+	{0x11D6A, 0x11D89, prAL, gcLo},   //    [32] GUNJALA GONDI LETTER OO..GUNJALA GONDI LETTER SA
+	{0x11D8A, 0x11D8E, prCM, gcMc},   //     [5] GUNJALA GONDI VOWEL SIGN AA..GUNJALA GONDI VOWEL SIGN UU
+	{0x11D90, 0x11D91, prCM, gcMn},   //     [2] GUNJALA GONDI VOWEL SIGN EE..GUNJALA GONDI VOWEL SIGN AI
+	{0x11D93, 0x11D94, prCM, gcMc},   //     [2] GUNJALA GONDI VOWEL SIGN OO..GUNJALA GONDI VOWEL SIGN AU
+	{0x11D95, 0x11D95, prCM, gcMn},   //         GUNJALA GONDI SIGN ANUSVARA
+	{0x11D96, 0x11D96, prCM, gcMc},   //         GUNJALA GONDI SIGN VISARGA
+	{0x11D97, 0x11D97, prCM, gcMn},   //         GUNJALA GONDI VIRAMA
+	{0x11D98, 0x11D98, prAL, gcLo},   //         GUNJALA GONDI OM
+	{0x11DA0, 0x11DA9, prNU, gcNd},   //    [10] GUNJALA GONDI DIGIT ZERO..GUNJALA GONDI DIGIT NINE
+	{0x11EE0, 0x11EF2, prAL, gcLo},   //    [19] MAKASAR LETTER KA..MAKASAR ANGKA
+	{0x11EF3, 0x11EF4, prCM, gcMn},   //     [2] MAKASAR VOWEL SIGN I..MAKASAR VOWEL SIGN U
+	{0x11EF5, 0x11EF6, prCM, gcMc},   //     [2] MAKASAR VOWEL SIGN E..MAKASAR VOWEL SIGN O
+	{0x11EF7, 0x11EF8, prAL, gcPo},   //     [2] MAKASAR PASSIMBANG..MAKASAR END OF SECTION
+	{0x11FB0, 0x11FB0, prAL, gcLo},   //         LISU LETTER YHA
+	{0x11FC0, 0x11FD4, prAL, gcNo},   //    [21] TAMIL FRACTION ONE THREE-HUNDRED-AND-TWENTIETH..TAMIL FRACTION DOWNSCALING FACTOR KIIZH
+	{0x11FD5, 0x11FDC, prAL, gcSo},   //     [8] TAMIL SIGN NEL..TAMIL SIGN MUKKURUNI
+	{0x11FDD, 0x11FE0, prPO, gcSc},   //     [4] TAMIL SIGN KAACU..TAMIL SIGN VARAAKAN
+	{0x11FE1, 0x11FF1, prAL, gcSo},   //    [17] TAMIL SIGN PAARAM..TAMIL SIGN VAKAIYARAA
+	{0x11FFF, 0x11FFF, prBA, gcPo},   //         TAMIL PUNCTUATION END OF TEXT
+	{0x12000, 0x12399, prAL, gcLo},   //   [922] CUNEIFORM SIGN A..CUNEIFORM SIGN U U
+	{0x12400, 0x1246E, prAL, gcNl},   //   [111] CUNEIFORM NUMERIC SIGN TWO ASH..CUNEIFORM NUMERIC SIGN NINE U VARIANT FORM
+	{0x12470, 0x12474, prBA, gcPo},   //     [5] CUNEIFORM PUNCTUATION SIGN OLD ASSYRIAN WORD DIVIDER..CUNEIFORM PUNCTUATION SIGN DIAGONAL QUADCOLON
+	{0x12480, 0x12543, prAL, gcLo},   //   [196] CUNEIFORM SIGN AB TIMES NUN TENU..CUNEIFORM SIGN ZU5 TIMES THREE DISH TENU
+	{0x12F90, 0x12FF0, prAL, gcLo},   //    [97] CYPRO-MINOAN SIGN CM001..CYPRO-MINOAN SIGN CM114
+	{0x12FF1, 0x12FF2, prAL, gcPo},   //     [2] CYPRO-MINOAN SIGN CM301..CYPRO-MINOAN SIGN CM302
+	{0x13000, 0x13257, prAL, gcLo},   //   [600] EGYPTIAN HIEROGLYPH A001..EGYPTIAN HIEROGLYPH O006
+	{0x13258, 0x1325A, prOP, gcLo},   //     [3] EGYPTIAN HIEROGLYPH O006A..EGYPTIAN HIEROGLYPH O006C
+	{0x1325B, 0x1325D, prCL, gcLo},   //     [3] EGYPTIAN HIEROGLYPH O006D..EGYPTIAN HIEROGLYPH O006F
+	{0x1325E, 0x13281, prAL, gcLo},   //    [36] EGYPTIAN HIEROGLYPH O007..EGYPTIAN HIEROGLYPH O033
+	{0x13282, 0x13282, prCL, gcLo},   //         EGYPTIAN HIEROGLYPH O033A
+	{0x13283, 0x13285, prAL, gcLo},   //     [3] EGYPTIAN HIEROGLYPH O034..EGYPTIAN HIEROGLYPH O036
+	{0x13286, 0x13286, prOP, gcLo},   //         EGYPTIAN HIEROGLYPH O036A
+	{0x13287, 0x13287, prCL, gcLo},   //         EGYPTIAN HIEROGLYPH O036B
+	{0x13288, 0x13288, prOP, gcLo},   //         EGYPTIAN HIEROGLYPH O036C
+	{0x13289, 0x13289, prCL, gcLo},   //         EGYPTIAN HIEROGLYPH O036D
+	{0x1328A, 0x13378, prAL, gcLo},   //   [239] EGYPTIAN HIEROGLYPH O037..EGYPTIAN HIEROGLYPH V011
+	{0x13379, 0x13379, prOP, gcLo},   //         EGYPTIAN HIEROGLYPH V011A
+	{0x1337A, 0x1337B, prCL, gcLo},   //     [2] EGYPTIAN HIEROGLYPH V011B..EGYPTIAN HIEROGLYPH V011C
+	{0x1337C, 0x1342E, prAL, gcLo},   //   [179] EGYPTIAN HIEROGLYPH V012..EGYPTIAN HIEROGLYPH AA032
+	{0x13430, 0x13436, prGL, gcCf},   //     [7] EGYPTIAN HIEROGLYPH VERTICAL JOINER..EGYPTIAN HIEROGLYPH OVERLAY MIDDLE
+	{0x13437, 0x13437, prOP, gcCf},   //         EGYPTIAN HIEROGLYPH BEGIN SEGMENT
+	{0x13438, 0x13438, prCL, gcCf},   //         EGYPTIAN HIEROGLYPH END SEGMENT
+	{0x14400, 0x145CD, prAL, gcLo},   //   [462] ANATOLIAN HIEROGLYPH A001..ANATOLIAN HIEROGLYPH A409
+	{0x145CE, 0x145CE, prOP, gcLo},   //         ANATOLIAN HIEROGLYPH A410 BEGIN LOGOGRAM MARK
+	{0x145CF, 0x145CF, prCL, gcLo},   //         ANATOLIAN HIEROGLYPH A410A END LOGOGRAM MARK
+	{0x145D0, 0x14646, prAL, gcLo},   //   [119] ANATOLIAN HIEROGLYPH A411..ANATOLIAN HIEROGLYPH A530
+	{0x16800, 0x16A38, prAL, gcLo},   //   [569] BAMUM LETTER PHASE-A NGKUE MFON..BAMUM LETTER PHASE-F VUEQ
+	{0x16A40, 0x16A5E, prAL, gcLo},   //    [31] MRO LETTER TA..MRO LETTER TEK
+	{0x16A60, 0x16A69, prNU, gcNd},   //    [10] MRO DIGIT ZERO..MRO DIGIT NINE
+	{0x16A6E, 0x16A6F, prBA, gcPo},   //     [2] MRO DANDA..MRO DOUBLE DANDA
+	{0x16A70, 0x16ABE, prAL, gcLo},   //    [79] TANGSA LETTER OZ..TANGSA LETTER ZA
+	{0x16AC0, 0x16AC9, prNU, gcNd},   //    [10] TANGSA DIGIT ZERO..TANGSA DIGIT NINE
+	{0x16AD0, 0x16AED, prAL, gcLo},   //    [30] BASSA VAH LETTER ENNI..BASSA VAH LETTER I
+	{0x16AF0, 0x16AF4, prCM, gcMn},   //     [5] BASSA VAH COMBINING HIGH TONE..BASSA VAH COMBINING HIGH-LOW TONE
+	{0x16AF5, 0x16AF5, prBA, gcPo},   //         BASSA VAH FULL STOP
+	{0x16B00, 0x16B2F, prAL, gcLo},   //    [48] PAHAWH HMONG VOWEL KEEB..PAHAWH HMONG CONSONANT CAU
+	{0x16B30, 0x16B36, prCM, gcMn},   //     [7] PAHAWH HMONG MARK CIM TUB..PAHAWH HMONG MARK CIM TAUM
+	{0x16B37, 0x16B39, prBA, gcPo},   //     [3] PAHAWH HMONG SIGN VOS THOM..PAHAWH HMONG SIGN CIM CHEEM
+	{0x16B3A, 0x16B3B, prAL, gcPo},   //     [2] PAHAWH HMONG SIGN VOS THIAB..PAHAWH HMONG SIGN VOS FEEM
+	{0x16B3C, 0x16B3F, prAL, gcSo},   //     [4] PAHAWH HMONG SIGN XYEEM NTXIV..PAHAWH HMONG SIGN XYEEM FAIB
+	{0x16B40, 0x16B43, prAL, gcLm},   //     [4] PAHAWH HMONG SIGN VOS SEEV..PAHAWH HMONG SIGN IB YAM
+	{0x16B44, 0x16B44, prBA, gcPo},   //         PAHAWH HMONG SIGN XAUS
+	{0x16B45, 0x16B45, prAL, gcSo},   //         PAHAWH HMONG SIGN CIM TSOV ROG
+	{0x16B50, 0x16B59, prNU, gcNd},   //    [10] PAHAWH HMONG DIGIT ZERO..PAHAWH HMONG DIGIT NINE
+	{0x16B5B, 0x16B61, prAL, gcNo},   //     [7] PAHAWH HMONG NUMBER TENS..PAHAWH HMONG NUMBER TRILLIONS
+	{0x16B63, 0x16B77, prAL, gcLo},   //    [21] PAHAWH HMONG SIGN VOS LUB..PAHAWH HMONG SIGN CIM NRES TOS
+	{0x16B7D, 0x16B8F, prAL, gcLo},   //    [19] PAHAWH HMONG CLAN SIGN TSHEEJ..PAHAWH HMONG CLAN SIGN VWJ
+	{0x16E40, 0x16E7F, prAL, gcLC},   //    [64] MEDEFAIDRIN CAPITAL LETTER M..MEDEFAIDRIN SMALL LETTER Y
+	{0x16E80, 0x16E96, prAL, gcNo},   //    [23] MEDEFAIDRIN DIGIT ZERO..MEDEFAIDRIN DIGIT THREE ALTERNATE FORM
+	{0x16E97, 0x16E98, prBA, gcPo},   //     [2] MEDEFAIDRIN COMMA..MEDEFAIDRIN FULL STOP
+	{0x16E99, 0x16E9A, prAL, gcPo},   //     [2] MEDEFAIDRIN SYMBOL AIVA..MEDEFAIDRIN EXCLAMATION OH
+	{0x16F00, 0x16F4A, prAL, gcLo},   //    [75] MIAO LETTER PA..MIAO LETTER RTE
+	{0x16F4F, 0x16F4F, prCM, gcMn},   //         MIAO SIGN CONSONANT MODIFIER BAR
+	{0x16F50, 0x16F50, prAL, gcLo},   //         MIAO LETTER NASALIZATION
+	{0x16F51, 0x16F87, prCM, gcMc},   //    [55] MIAO SIGN ASPIRATION..MIAO VOWEL SIGN UI
+	{0x16F8F, 0x16F92, prCM, gcMn},   //     [4] MIAO TONE RIGHT..MIAO TONE BELOW
+	{0x16F93, 0x16F9F, prAL, gcLm},   //    [13] MIAO LETTER TONE-2..MIAO LETTER REFORMED TONE-8
+	{0x16FE0, 0x16FE1, prNS, gcLm},   //     [2] TANGUT ITERATION MARK..NUSHU ITERATION MARK
+	{0x16FE2, 0x16FE2, prNS, gcPo},   //         OLD CHINESE HOOK MARK
+	{0x16FE3, 0x16FE3, prNS, gcLm},   //         OLD CHINESE ITERATION MARK
+	{0x16FE4, 0x16FE4, prGL, gcMn},   //         KHITAN SMALL SCRIPT FILLER
+	{0x16FF0, 0x16FF1, prCM, gcMc},   //     [2] VIETNAMESE ALTERNATE READING MARK CA..VIETNAMESE ALTERNATE READING MARK NHAY
+	{0x17000, 0x187F7, prID, gcLo},   //  [6136] TANGUT IDEOGRAPH-17000..TANGUT IDEOGRAPH-187F7
+	{0x18800, 0x18AFF, prID, gcLo},   //   [768] TANGUT COMPONENT-001..TANGUT COMPONENT-768
+	{0x18B00, 0x18CD5, prAL, gcLo},   //   [470] KHITAN SMALL SCRIPT CHARACTER-18B00..KHITAN SMALL SCRIPT CHARACTER-18CD5
+	{0x18D00, 0x18D08, prID, gcLo},   //     [9] TANGUT IDEOGRAPH-18D00..TANGUT IDEOGRAPH-18D08
+	{0x1AFF0, 0x1AFF3, prAL, gcLm},   //     [4] KATAKANA LETTER MINNAN TONE-2..KATAKANA LETTER MINNAN TONE-5
+	{0x1AFF5, 0x1AFFB, prAL, gcLm},   //     [7] KATAKANA LETTER MINNAN TONE-7..KATAKANA LETTER MINNAN NASALIZED TONE-5
+	{0x1AFFD, 0x1AFFE, prAL, gcLm},   //     [2] KATAKANA LETTER MINNAN NASALIZED TONE-7..KATAKANA LETTER MINNAN NASALIZED TONE-8
+	{0x1B000, 0x1B0FF, prID, gcLo},   //   [256] KATAKANA LETTER ARCHAIC E..HENTAIGANA LETTER RE-2
+	{0x1B100, 0x1B122, prID, gcLo},   //    [35] HENTAIGANA LETTER RE-3..KATAKANA LETTER ARCHAIC WU
+	{0x1B150, 0x1B152, prCJ, gcLo},   //     [3] HIRAGANA LETTER SMALL WI..HIRAGANA LETTER SMALL WO
+	{0x1B164, 0x1B167, prCJ, gcLo},   //     [4] KATAKANA LETTER SMALL WI..KATAKANA LETTER SMALL N
+	{0x1B170, 0x1B2FB, prID, gcLo},   //   [396] NUSHU CHARACTER-1B170..NUSHU CHARACTER-1B2FB
+	{0x1BC00, 0x1BC6A, prAL, gcLo},   //   [107] DUPLOYAN LETTER H..DUPLOYAN LETTER VOCALIC M
+	{0x1BC70, 0x1BC7C, prAL, gcLo},   //    [13] DUPLOYAN AFFIX LEFT HORIZONTAL SECANT..DUPLOYAN AFFIX ATTACHED TANGENT HOOK
+	{0x1BC80, 0x1BC88, prAL, gcLo},   //     [9] DUPLOYAN AFFIX HIGH ACUTE..DUPLOYAN AFFIX HIGH VERTICAL
+	{0x1BC90, 0x1BC99, prAL, gcLo},   //    [10] DUPLOYAN AFFIX LOW ACUTE..DUPLOYAN AFFIX LOW ARROW
+	{0x1BC9C, 0x1BC9C, prAL, gcSo},   //         DUPLOYAN SIGN O WITH CROSS
+	{0x1BC9D, 0x1BC9E, prCM, gcMn},   //     [2] DUPLOYAN THICK LETTER SELECTOR..DUPLOYAN DOUBLE MARK
+	{0x1BC9F, 0x1BC9F, prBA, gcPo},   //         DUPLOYAN PUNCTUATION CHINOOK FULL STOP
+	{0x1BCA0, 0x1BCA3, prCM, gcCf},   //     [4] SHORTHAND FORMAT LETTER OVERLAP..SHORTHAND FORMAT UP STEP
+	{0x1CF00, 0x1CF2D, prCM, gcMn},   //    [46] ZNAMENNY COMBINING MARK GORAZDO NIZKO S KRYZHEM ON LEFT..ZNAMENNY COMBINING MARK KRYZH ON LEFT
+	{0x1CF30, 0x1CF46, prCM, gcMn},   //    [23] ZNAMENNY COMBINING TONAL RANGE MARK MRACHNO..ZNAMENNY PRIZNAK MODIFIER ROG
+	{0x1CF50, 0x1CFC3, prAL, gcSo},   //   [116] ZNAMENNY NEUME KRYUK..ZNAMENNY NEUME PAUK
+	{0x1D000, 0x1D0F5, prAL, gcSo},   //   [246] BYZANTINE MUSICAL SYMBOL PSILI..BYZANTINE MUSICAL SYMBOL GORGON NEO KATO
+	{0x1D100, 0x1D126, prAL, gcSo},   //    [39] MUSICAL SYMBOL SINGLE BARLINE..MUSICAL SYMBOL DRUM CLEF-2
+	{0x1D129, 0x1D164, prAL, gcSo},   //    [60] MUSICAL SYMBOL MULTIPLE MEASURE REST..MUSICAL SYMBOL ONE HUNDRED TWENTY-EIGHTH NOTE
+	{0x1D165, 0x1D166, prCM, gcMc},   //     [2] MUSICAL SYMBOL COMBINING STEM..MUSICAL SYMBOL COMBINING SPRECHGESANG STEM
+	{0x1D167, 0x1D169, prCM, gcMn},   //     [3] MUSICAL SYMBOL COMBINING TREMOLO-1..MUSICAL SYMBOL COMBINING TREMOLO-3
+	{0x1D16A, 0x1D16C, prAL, gcSo},   //     [3] MUSICAL SYMBOL FINGERED TREMOLO-1..MUSICAL SYMBOL FINGERED TREMOLO-3
+	{0x1D16D, 0x1D172, prCM, gcMc},   //     [6] MUSICAL SYMBOL COMBINING AUGMENTATION DOT..MUSICAL SYMBOL COMBINING FLAG-5
+	{0x1D173, 0x1D17A, prCM, gcCf},   //     [8] MUSICAL SYMBOL BEGIN BEAM..MUSICAL SYMBOL END PHRASE
+	{0x1D17B, 0x1D182, prCM, gcMn},   //     [8] MUSICAL SYMBOL COMBINING ACCENT..MUSICAL SYMBOL COMBINING LOURE
+	{0x1D183, 0x1D184, prAL, gcSo},   //     [2] MUSICAL SYMBOL ARPEGGIATO UP..MUSICAL SYMBOL ARPEGGIATO DOWN
+	{0x1D185, 0x1D18B, prCM, gcMn},   //     [7] MUSICAL SYMBOL COMBINING DOIT..MUSICAL SYMBOL COMBINING TRIPLE TONGUE
+	{0x1D18C, 0x1D1A9, prAL, gcSo},   //    [30] MUSICAL SYMBOL RINFORZANDO..MUSICAL SYMBOL DEGREE SLASH
+	{0x1D1AA, 0x1D1AD, prCM, gcMn},   //     [4] MUSICAL SYMBOL COMBINING DOWN BOW..MUSICAL SYMBOL COMBINING SNAP PIZZICATO
+	{0x1D1AE, 0x1D1EA, prAL, gcSo},   //    [61] MUSICAL SYMBOL PEDAL MARK..MUSICAL SYMBOL KORON
+	{0x1D200, 0x1D241, prAL, gcSo},   //    [66] GREEK VOCAL NOTATION SYMBOL-1..GREEK INSTRUMENTAL NOTATION SYMBOL-54
+	{0x1D242, 0x1D244, prCM, gcMn},   //     [3] COMBINING GREEK MUSICAL TRISEME..COMBINING GREEK MUSICAL PENTASEME
+	{0x1D245, 0x1D245, prAL, gcSo},   //         GREEK MUSICAL LEIMMA
+	{0x1D2E0, 0x1D2F3, prAL, gcNo},   //    [20] MAYAN NUMERAL ZERO..MAYAN NUMERAL NINETEEN
+	{0x1D300, 0x1D356, prAL, gcSo},   //    [87] MONOGRAM FOR EARTH..TETRAGRAM FOR FOSTERING
+	{0x1D360, 0x1D378, prAL, gcNo},   //    [25] COUNTING ROD UNIT DIGIT ONE..TALLY MARK FIVE
+	{0x1D400, 0x1D454, prAL, gcLC},   //    [85] MATHEMATICAL BOLD CAPITAL A..MATHEMATICAL ITALIC SMALL G
+	{0x1D456, 0x1D49C, prAL, gcLC},   //    [71] MATHEMATICAL ITALIC SMALL I..MATHEMATICAL SCRIPT CAPITAL A
+	{0x1D49E, 0x1D49F, prAL, gcLu},   //     [2] MATHEMATICAL SCRIPT CAPITAL C..MATHEMATICAL SCRIPT CAPITAL D
+	{0x1D4A2, 0x1D4A2, prAL, gcLu},   //         MATHEMATICAL SCRIPT CAPITAL G
+	{0x1D4A5, 0x1D4A6, prAL, gcLu},   //     [2] MATHEMATICAL SCRIPT CAPITAL J..MATHEMATICAL SCRIPT CAPITAL K
+	{0x1D4A9, 0x1D4AC, prAL, gcLu},   //     [4] MATHEMATICAL SCRIPT CAPITAL N..MATHEMATICAL SCRIPT CAPITAL Q
+	{0x1D4AE, 0x1D4B9, prAL, gcLC},   //    [12] MATHEMATICAL SCRIPT CAPITAL S..MATHEMATICAL SCRIPT SMALL D
+	{0x1D4BB, 0x1D4BB, prAL, gcLl},   //         MATHEMATICAL SCRIPT SMALL F
+	{0x1D4BD, 0x1D4C3, prAL, gcLl},   //     [7] MATHEMATICAL SCRIPT SMALL H..MATHEMATICAL SCRIPT SMALL N
+	{0x1D4C5, 0x1D505, prAL, gcLC},   //    [65] MATHEMATICAL SCRIPT SMALL P..MATHEMATICAL FRAKTUR CAPITAL B
+	{0x1D507, 0x1D50A, prAL, gcLu},   //     [4] MATHEMATICAL FRAKTUR CAPITAL D..MATHEMATICAL FRAKTUR CAPITAL G
+	{0x1D50D, 0x1D514, prAL, gcLu},   //     [8] MATHEMATICAL FRAKTUR CAPITAL J..MATHEMATICAL FRAKTUR CAPITAL Q
+	{0x1D516, 0x1D51C, prAL, gcLu},   //     [7] MATHEMATICAL FRAKTUR CAPITAL S..MATHEMATICAL FRAKTUR CAPITAL Y
+	{0x1D51E, 0x1D539, prAL, gcLC},   //    [28] MATHEMATICAL FRAKTUR SMALL A..MATHEMATICAL DOUBLE-STRUCK CAPITAL B
+	{0x1D53B, 0x1D53E, prAL, gcLu},   //     [4] MATHEMATICAL DOUBLE-STRUCK CAPITAL D..MATHEMATICAL DOUBLE-STRUCK CAPITAL G
+	{0x1D540, 0x1D544, prAL, gcLu},   //     [5] MATHEMATICAL DOUBLE-STRUCK CAPITAL I..MATHEMATICAL DOUBLE-STRUCK CAPITAL M
+	{0x1D546, 0x1D546, prAL, gcLu},   //         MATHEMATICAL DOUBLE-STRUCK CAPITAL O
+	{0x1D54A, 0x1D550, prAL, gcLu},   //     [7] MATHEMATICAL DOUBLE-STRUCK CAPITAL S..MATHEMATICAL DOUBLE-STRUCK CAPITAL Y
+	{0x1D552, 0x1D6A5, prAL, gcLC},   //   [340] MATHEMATICAL DOUBLE-STRUCK SMALL A..MATHEMATICAL ITALIC SMALL DOTLESS J
+	{0x1D6A8, 0x1D6C0, prAL, gcLu},   //    [25] MATHEMATICAL BOLD CAPITAL ALPHA..MATHEMATICAL BOLD CAPITAL OMEGA
+	{0x1D6C1, 0x1D6C1, prAL, gcSm},   //         MATHEMATICAL BOLD NABLA
+	{0x1D6C2, 0x1D6DA, prAL, gcLl},   //    [25] MATHEMATICAL BOLD SMALL ALPHA..MATHEMATICAL BOLD SMALL OMEGA
+	{0x1D6DB, 0x1D6DB, prAL, gcSm},   //         MATHEMATICAL BOLD PARTIAL DIFFERENTIAL
+	{0x1D6DC, 0x1D6FA, prAL, gcLC},   //    [31] MATHEMATICAL BOLD EPSILON SYMBOL..MATHEMATICAL ITALIC CAPITAL OMEGA
+	{0x1D6FB, 0x1D6FB, prAL, gcSm},   //         MATHEMATICAL ITALIC NABLA
+	{0x1D6FC, 0x1D714, prAL, gcLl},   //    [25] MATHEMATICAL ITALIC SMALL ALPHA..MATHEMATICAL ITALIC SMALL OMEGA
+	{0x1D715, 0x1D715, prAL, gcSm},   //         MATHEMATICAL ITALIC PARTIAL DIFFERENTIAL
+	{0x1D716, 0x1D734, prAL, gcLC},   //    [31] MATHEMATICAL ITALIC EPSILON SYMBOL..MATHEMATICAL BOLD ITALIC CAPITAL OMEGA
+	{0x1D735, 0x1D735, prAL, gcSm},   //         MATHEMATICAL BOLD ITALIC NABLA
+	{0x1D736, 0x1D74E, prAL, gcLl},   //    [25] MATHEMATICAL BOLD ITALIC SMALL ALPHA..MATHEMATICAL BOLD ITALIC SMALL OMEGA
+	{0x1D74F, 0x1D74F, prAL, gcSm},   //         MATHEMATICAL BOLD ITALIC PARTIAL DIFFERENTIAL
+	{0x1D750, 0x1D76E, prAL, gcLC},   //    [31] MATHEMATICAL BOLD ITALIC EPSILON SYMBOL..MATHEMATICAL SANS-SERIF BOLD CAPITAL OMEGA
+	{0x1D76F, 0x1D76F, prAL, gcSm},   //         MATHEMATICAL SANS-SERIF BOLD NABLA
+	{0x1D770, 0x1D788, prAL, gcLl},   //    [25] MATHEMATICAL SANS-SERIF BOLD SMALL ALPHA..MATHEMATICAL SANS-SERIF BOLD SMALL OMEGA
+	{0x1D789, 0x1D789, prAL, gcSm},   //         MATHEMATICAL SANS-SERIF BOLD PARTIAL DIFFERENTIAL
+	{0x1D78A, 0x1D7A8, prAL, gcLC},   //    [31] MATHEMATICAL SANS-SERIF BOLD EPSILON SYMBOL..MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL OMEGA
+	{0x1D7A9, 0x1D7A9, prAL, gcSm},   //         MATHEMATICAL SANS-SERIF BOLD ITALIC NABLA
+	{0x1D7AA, 0x1D7C2, prAL, gcLl},   //    [25] MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL ALPHA..MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL OMEGA
+	{0x1D7C3, 0x1D7C3, prAL, gcSm},   //         MATHEMATICAL SANS-SERIF BOLD ITALIC PARTIAL DIFFERENTIAL
+	{0x1D7C4, 0x1D7CB, prAL, gcLC},   //     [8] MATHEMATICAL SANS-SERIF BOLD ITALIC EPSILON SYMBOL..MATHEMATICAL BOLD SMALL DIGAMMA
+	{0x1D7CE, 0x1D7FF, prNU, gcNd},   //    [50] MATHEMATICAL BOLD DIGIT ZERO..MATHEMATICAL MONOSPACE DIGIT NINE
+	{0x1D800, 0x1D9FF, prAL, gcSo},   //   [512] SIGNWRITING HAND-FIST INDEX..SIGNWRITING HEAD
+	{0x1DA00, 0x1DA36, prCM, gcMn},   //    [55] SIGNWRITING HEAD RIM..SIGNWRITING AIR SUCKING IN
+	{0x1DA37, 0x1DA3A, prAL, gcSo},   //     [4] SIGNWRITING AIR BLOW SMALL ROTATIONS..SIGNWRITING BREATH EXHALE
+	{0x1DA3B, 0x1DA6C, prCM, gcMn},   //    [50] SIGNWRITING MOUTH CLOSED NEUTRAL..SIGNWRITING EXCITEMENT
+	{0x1DA6D, 0x1DA74, prAL, gcSo},   //     [8] SIGNWRITING SHOULDER HIP SPINE..SIGNWRITING TORSO-FLOORPLANE TWISTING
+	{0x1DA75, 0x1DA75, prCM, gcMn},   //         SIGNWRITING UPPER BODY TILTING FROM HIP JOINTS
+	{0x1DA76, 0x1DA83, prAL, gcSo},   //    [14] SIGNWRITING LIMB COMBINATION..SIGNWRITING LOCATION DEPTH
+	{0x1DA84, 0x1DA84, prCM, gcMn},   //         SIGNWRITING LOCATION HEAD NECK
+	{0x1DA85, 0x1DA86, prAL, gcSo},   //     [2] SIGNWRITING LOCATION TORSO..SIGNWRITING LOCATION LIMBS DIGITS
+	{0x1DA87, 0x1DA8A, prBA, gcPo},   //     [4] SIGNWRITING COMMA..SIGNWRITING COLON
+	{0x1DA8B, 0x1DA8B, prAL, gcPo},   //         SIGNWRITING PARENTHESIS
+	{0x1DA9B, 0x1DA9F, prCM, gcMn},   //     [5] SIGNWRITING FILL MODIFIER-2..SIGNWRITING FILL MODIFIER-6
+	{0x1DAA1, 0x1DAAF, prCM, gcMn},   //    [15] SIGNWRITING ROTATION MODIFIER-2..SIGNWRITING ROTATION MODIFIER-16
+	{0x1DF00, 0x1DF09, prAL, gcLl},   //    [10] LATIN SMALL LETTER FENG DIGRAPH WITH TRILL..LATIN SMALL LETTER T WITH HOOK AND RETROFLEX HOOK
+	{0x1DF0A, 0x1DF0A, prAL, gcLo},   //         LATIN LETTER RETROFLEX CLICK WITH RETROFLEX HOOK
+	{0x1DF0B, 0x1DF1E, prAL, gcLl},   //    [20] LATIN SMALL LETTER ESH WITH DOUBLE BAR..LATIN SMALL LETTER S WITH CURL
+	{0x1E000, 0x1E006, prCM, gcMn},   //     [7] COMBINING GLAGOLITIC LETTER AZU..COMBINING GLAGOLITIC LETTER ZHIVETE
+	{0x1E008, 0x1E018, prCM, gcMn},   //    [17] COMBINING GLAGOLITIC LETTER ZEMLJA..COMBINING GLAGOLITIC LETTER HERU
+	{0x1E01B, 0x1E021, prCM, gcMn},   //     [7] COMBINING GLAGOLITIC LETTER SHTA..COMBINING GLAGOLITIC LETTER YATI
+	{0x1E023, 0x1E024, prCM, gcMn},   //     [2] COMBINING GLAGOLITIC LETTER YU..COMBINING GLAGOLITIC LETTER SMALL YUS
+	{0x1E026, 0x1E02A, prCM, gcMn},   //     [5] COMBINING GLAGOLITIC LETTER YO..COMBINING GLAGOLITIC LETTER FITA
+	{0x1E100, 0x1E12C, prAL, gcLo},   //    [45] NYIAKENG PUACHUE HMONG LETTER MA..NYIAKENG PUACHUE HMONG LETTER W
+	{0x1E130, 0x1E136, prCM, gcMn},   //     [7] NYIAKENG PUACHUE HMONG TONE-B..NYIAKENG PUACHUE HMONG TONE-D
+	{0x1E137, 0x1E13D, prAL, gcLm},   //     [7] NYIAKENG PUACHUE HMONG SIGN FOR PERSON..NYIAKENG PUACHUE HMONG SYLLABLE LENGTHENER
+	{0x1E140, 0x1E149, prNU, gcNd},   //    [10] NYIAKENG PUACHUE HMONG DIGIT ZERO..NYIAKENG PUACHUE HMONG DIGIT NINE
+	{0x1E14E, 0x1E14E, prAL, gcLo},   //         NYIAKENG PUACHUE HMONG LOGOGRAM NYAJ
+	{0x1E14F, 0x1E14F, prAL, gcSo},   //         NYIAKENG PUACHUE HMONG CIRCLED CA
+	{0x1E290, 0x1E2AD, prAL, gcLo},   //    [30] TOTO LETTER PA..TOTO LETTER A
+	{0x1E2AE, 0x1E2AE, prCM, gcMn},   //         TOTO SIGN RISING TONE
+	{0x1E2C0, 0x1E2EB, prAL, gcLo},   //    [44] WANCHO LETTER AA..WANCHO LETTER YIH
+	{0x1E2EC, 0x1E2EF, prCM, gcMn},   //     [4] WANCHO TONE TUP..WANCHO TONE KOINI
+	{0x1E2F0, 0x1E2F9, prNU, gcNd},   //    [10] WANCHO DIGIT ZERO..WANCHO DIGIT NINE
+	{0x1E2FF, 0x1E2FF, prPR, gcSc},   //         WANCHO NGUN SIGN
+	{0x1E7E0, 0x1E7E6, prAL, gcLo},   //     [7] ETHIOPIC SYLLABLE HHYA..ETHIOPIC SYLLABLE HHYO
+	{0x1E7E8, 0x1E7EB, prAL, gcLo},   //     [4] ETHIOPIC SYLLABLE GURAGE HHWA..ETHIOPIC SYLLABLE HHWE
+	{0x1E7ED, 0x1E7EE, prAL, gcLo},   //     [2] ETHIOPIC SYLLABLE GURAGE MWI..ETHIOPIC SYLLABLE GURAGE MWEE
+	{0x1E7F0, 0x1E7FE, prAL, gcLo},   //    [15] ETHIOPIC SYLLABLE GURAGE QWI..ETHIOPIC SYLLABLE GURAGE PWEE
+	{0x1E800, 0x1E8C4, prAL, gcLo},   //   [197] MENDE KIKAKUI SYLLABLE M001 KI..MENDE KIKAKUI SYLLABLE M060 NYON
+	{0x1E8C7, 0x1E8CF, prAL, gcNo},   //     [9] MENDE KIKAKUI DIGIT ONE..MENDE KIKAKUI DIGIT NINE
+	{0x1E8D0, 0x1E8D6, prCM, gcMn},   //     [7] MENDE KIKAKUI COMBINING NUMBER TEENS..MENDE KIKAKUI COMBINING NUMBER MILLIONS
+	{0x1E900, 0x1E943, prAL, gcLC},   //    [68] ADLAM CAPITAL LETTER ALIF..ADLAM SMALL LETTER SHA
+	{0x1E944, 0x1E94A, prCM, gcMn},   //     [7] ADLAM ALIF LENGTHENER..ADLAM NUKTA
+	{0x1E94B, 0x1E94B, prAL, gcLm},   //         ADLAM NASALIZATION MARK
+	{0x1E950, 0x1E959, prNU, gcNd},   //    [10] ADLAM DIGIT ZERO..ADLAM DIGIT NINE
+	{0x1E95E, 0x1E95F, prOP, gcPo},   //     [2] ADLAM INITIAL EXCLAMATION MARK..ADLAM INITIAL QUESTION MARK
+	{0x1EC71, 0x1ECAB, prAL, gcNo},   //    [59] INDIC SIYAQ NUMBER ONE..INDIC SIYAQ NUMBER PREFIXED NINE
+	{0x1ECAC, 0x1ECAC, prPO, gcSo},   //         INDIC SIYAQ PLACEHOLDER
+	{0x1ECAD, 0x1ECAF, prAL, gcNo},   //     [3] INDIC SIYAQ FRACTION ONE QUARTER..INDIC SIYAQ FRACTION THREE QUARTERS
+	{0x1ECB0, 0x1ECB0, prPO, gcSc},   //         INDIC SIYAQ RUPEE MARK
+	{0x1ECB1, 0x1ECB4, prAL, gcNo},   //     [4] INDIC SIYAQ NUMBER ALTERNATE ONE..INDIC SIYAQ ALTERNATE LAKH MARK
+	{0x1ED01, 0x1ED2D, prAL, gcNo},   //    [45] OTTOMAN SIYAQ NUMBER ONE..OTTOMAN SIYAQ NUMBER NINETY THOUSAND
+	{0x1ED2E, 0x1ED2E, prAL, gcSo},   //         OTTOMAN SIYAQ MARRATAN
+	{0x1ED2F, 0x1ED3D, prAL, gcNo},   //    [15] OTTOMAN SIYAQ ALTERNATE NUMBER TWO..OTTOMAN SIYAQ FRACTION ONE SIXTH
+	{0x1EE00, 0x1EE03, prAL, gcLo},   //     [4] ARABIC MATHEMATICAL ALEF..ARABIC MATHEMATICAL DAL
+	{0x1EE05, 0x1EE1F, prAL, gcLo},   //    [27] ARABIC MATHEMATICAL WAW..ARABIC MATHEMATICAL DOTLESS QAF
+	{0x1EE21, 0x1EE22, prAL, gcLo},   //     [2] ARABIC MATHEMATICAL INITIAL BEH..ARABIC MATHEMATICAL INITIAL JEEM
+	{0x1EE24, 0x1EE24, prAL, gcLo},   //         ARABIC MATHEMATICAL INITIAL HEH
+	{0x1EE27, 0x1EE27, prAL, gcLo},   //         ARABIC MATHEMATICAL INITIAL HAH
+	{0x1EE29, 0x1EE32, prAL, gcLo},   //    [10] ARABIC MATHEMATICAL INITIAL YEH..ARABIC MATHEMATICAL INITIAL QAF
+	{0x1EE34, 0x1EE37, prAL, gcLo},   //     [4] ARABIC MATHEMATICAL INITIAL SHEEN..ARABIC MATHEMATICAL INITIAL KHAH
+	{0x1EE39, 0x1EE39, prAL, gcLo},   //         ARABIC MATHEMATICAL INITIAL DAD
+	{0x1EE3B, 0x1EE3B, prAL, gcLo},   //         ARABIC MATHEMATICAL INITIAL GHAIN
+	{0x1EE42, 0x1EE42, prAL, gcLo},   //         ARABIC MATHEMATICAL TAILED JEEM
+	{0x1EE47, 0x1EE47, prAL, gcLo},   //         ARABIC MATHEMATICAL TAILED HAH
+	{0x1EE49, 0x1EE49, prAL, gcLo},   //         ARABIC MATHEMATICAL TAILED YEH
+	{0x1EE4B, 0x1EE4B, prAL, gcLo},   //         ARABIC MATHEMATICAL TAILED LAM
+	{0x1EE4D, 0x1EE4F, prAL, gcLo},   //     [3] ARABIC MATHEMATICAL TAILED NOON..ARABIC MATHEMATICAL TAILED AIN
+	{0x1EE51, 0x1EE52, prAL, gcLo},   //     [2] ARABIC MATHEMATICAL TAILED SAD..ARABIC MATHEMATICAL TAILED QAF
+	{0x1EE54, 0x1EE54, prAL, gcLo},   //         ARABIC MATHEMATICAL TAILED SHEEN
+	{0x1EE57, 0x1EE57, prAL, gcLo},   //         ARABIC MATHEMATICAL TAILED KHAH
+	{0x1EE59, 0x1EE59, prAL, gcLo},   //         ARABIC MATHEMATICAL TAILED DAD
+	{0x1EE5B, 0x1EE5B, prAL, gcLo},   //         ARABIC MATHEMATICAL TAILED GHAIN
+	{0x1EE5D, 0x1EE5D, prAL, gcLo},   //         ARABIC MATHEMATICAL TAILED DOTLESS NOON
+	{0x1EE5F, 0x1EE5F, prAL, gcLo},   //         ARABIC MATHEMATICAL TAILED DOTLESS QAF
+	{0x1EE61, 0x1EE62, prAL, gcLo},   //     [2] ARABIC MATHEMATICAL STRETCHED BEH..ARABIC MATHEMATICAL STRETCHED JEEM
+	{0x1EE64, 0x1EE64, prAL, gcLo},   //         ARABIC MATHEMATICAL STRETCHED HEH
+	{0x1EE67, 0x1EE6A, prAL, gcLo},   //     [4] ARABIC MATHEMATICAL STRETCHED HAH..ARABIC MATHEMATICAL STRETCHED KAF
+	{0x1EE6C, 0x1EE72, prAL, gcLo},   //     [7] ARABIC MATHEMATICAL STRETCHED MEEM..ARABIC MATHEMATICAL STRETCHED QAF
+	{0x1EE74, 0x1EE77, prAL, gcLo},   //     [4] ARABIC MATHEMATICAL STRETCHED SHEEN..ARABIC MATHEMATICAL STRETCHED KHAH
+	{0x1EE79, 0x1EE7C, prAL, gcLo},   //     [4] ARABIC MATHEMATICAL STRETCHED DAD..ARABIC MATHEMATICAL STRETCHED DOTLESS BEH
+	{0x1EE7E, 0x1EE7E, prAL, gcLo},   //         ARABIC MATHEMATICAL STRETCHED DOTLESS FEH
+	{0x1EE80, 0x1EE89, prAL, gcLo},   //    [10] ARABIC MATHEMATICAL LOOPED ALEF..ARABIC MATHEMATICAL LOOPED YEH
+	{0x1EE8B, 0x1EE9B, prAL, gcLo},   //    [17] ARABIC MATHEMATICAL LOOPED LAM..ARABIC MATHEMATICAL LOOPED GHAIN
+	{0x1EEA1, 0x1EEA3, prAL, gcLo},   //     [3] ARABIC MATHEMATICAL DOUBLE-STRUCK BEH..ARABIC MATHEMATICAL DOUBLE-STRUCK DAL
+	{0x1EEA5, 0x1EEA9, prAL, gcLo},   //     [5] ARABIC MATHEMATICAL DOUBLE-STRUCK WAW..ARABIC MATHEMATICAL DOUBLE-STRUCK YEH
+	{0x1EEAB, 0x1EEBB, prAL, gcLo},   //    [17] ARABIC MATHEMATICAL DOUBLE-STRUCK LAM..ARABIC MATHEMATICAL DOUBLE-STRUCK GHAIN
+	{0x1EEF0, 0x1EEF1, prAL, gcSm},   //     [2] ARABIC MATHEMATICAL OPERATOR MEEM WITH HAH WITH TATWEEL..ARABIC MATHEMATICAL OPERATOR HAH WITH DAL
+	{0x1F000, 0x1F02B, prID, gcSo},   //    [44] MAHJONG TILE EAST WIND..MAHJONG TILE BACK
+	{0x1F02C, 0x1F02F, prID, gcCn},   //     [4] <reserved-1F02C>..<reserved-1F02F>
+	{0x1F030, 0x1F093, prID, gcSo},   //   [100] DOMINO TILE HORIZONTAL BACK..DOMINO TILE VERTICAL-06-06
+	{0x1F094, 0x1F09F, prID, gcCn},   //    [12] <reserved-1F094>..<reserved-1F09F>
+	{0x1F0A0, 0x1F0AE, prID, gcSo},   //    [15] PLAYING CARD BACK..PLAYING CARD KING OF SPADES
+	{0x1F0AF, 0x1F0B0, prID, gcCn},   //     [2] <reserved-1F0AF>..<reserved-1F0B0>
+	{0x1F0B1, 0x1F0BF, prID, gcSo},   //    [15] PLAYING CARD ACE OF HEARTS..PLAYING CARD RED JOKER
+	{0x1F0C0, 0x1F0C0, prID, gcCn},   //         <reserved-1F0C0>
+	{0x1F0C1, 0x1F0CF, prID, gcSo},   //    [15] PLAYING CARD ACE OF DIAMONDS..PLAYING CARD BLACK JOKER
+	{0x1F0D0, 0x1F0D0, prID, gcCn},   //         <reserved-1F0D0>
+	{0x1F0D1, 0x1F0F5, prID, gcSo},   //    [37] PLAYING CARD ACE OF CLUBS..PLAYING CARD TRUMP-21
+	{0x1F0F6, 0x1F0FF, prID, gcCn},   //    [10] <reserved-1F0F6>..<reserved-1F0FF>
+	{0x1F100, 0x1F10C, prAI, gcNo},   //    [13] DIGIT ZERO FULL STOP..DINGBAT NEGATIVE CIRCLED SANS-SERIF DIGIT ZERO
+	{0x1F10D, 0x1F10F, prID, gcSo},   //     [3] CIRCLED ZERO WITH SLASH..CIRCLED DOLLAR SIGN WITH OVERLAID BACKSLASH
+	{0x1F110, 0x1F12D, prAI, gcSo},   //    [30] PARENTHESIZED LATIN CAPITAL LETTER A..CIRCLED CD
+	{0x1F12E, 0x1F12F, prAL, gcSo},   //     [2] CIRCLED WZ..COPYLEFT SYMBOL
+	{0x1F130, 0x1F169, prAI, gcSo},   //    [58] SQUARED LATIN CAPITAL LETTER A..NEGATIVE CIRCLED LATIN CAPITAL LETTER Z
+	{0x1F16A, 0x1F16C, prAL, gcSo},   //     [3] RAISED MC SIGN..RAISED MR SIGN
+	{0x1F16D, 0x1F16F, prID, gcSo},   //     [3] CIRCLED CC..CIRCLED HUMAN FIGURE
+	{0x1F170, 0x1F1AC, prAI, gcSo},   //    [61] NEGATIVE SQUARED LATIN CAPITAL LETTER A..SQUARED VOD
+	{0x1F1AD, 0x1F1AD, prID, gcSo},   //         MASK WORK SYMBOL
+	{0x1F1AE, 0x1F1E5, prID, gcCn},   //    [56] <reserved-1F1AE>..<reserved-1F1E5>
+	{0x1F1E6, 0x1F1FF, prRI, gcSo},   //    [26] REGIONAL INDICATOR SYMBOL LETTER A..REGIONAL INDICATOR SYMBOL LETTER Z
+	{0x1F200, 0x1F202, prID, gcSo},   //     [3] SQUARE HIRAGANA HOKA..SQUARED KATAKANA SA
+	{0x1F203, 0x1F20F, prID, gcCn},   //    [13] <reserved-1F203>..<reserved-1F20F>
+	{0x1F210, 0x1F23B, prID, gcSo},   //    [44] SQUARED CJK UNIFIED IDEOGRAPH-624B..SQUARED CJK UNIFIED IDEOGRAPH-914D
+	{0x1F23C, 0x1F23F, prID, gcCn},   //     [4] <reserved-1F23C>..<reserved-1F23F>
+	{0x1F240, 0x1F248, prID, gcSo},   //     [9] TORTOISE SHELL BRACKETED CJK UNIFIED IDEOGRAPH-672C..TORTOISE SHELL BRACKETED CJK UNIFIED IDEOGRAPH-6557
+	{0x1F249, 0x1F24F, prID, gcCn},   //     [7] <reserved-1F249>..<reserved-1F24F>
+	{0x1F250, 0x1F251, prID, gcSo},   //     [2] CIRCLED IDEOGRAPH ADVANTAGE..CIRCLED IDEOGRAPH ACCEPT
+	{0x1F252, 0x1F25F, prID, gcCn},   //    [14] <reserved-1F252>..<reserved-1F25F>
+	{0x1F260, 0x1F265, prID, gcSo},   //     [6] ROUNDED SYMBOL FOR FU..ROUNDED SYMBOL FOR CAI
+	{0x1F266, 0x1F2FF, prID, gcCn},   //   [154] <reserved-1F266>..<reserved-1F2FF>
+	{0x1F300, 0x1F384, prID, gcSo},   //   [133] CYCLONE..CHRISTMAS TREE
+	{0x1F385, 0x1F385, prEB, gcSo},   //         FATHER CHRISTMAS
+	{0x1F386, 0x1F39B, prID, gcSo},   //    [22] FIREWORKS..CONTROL KNOBS
+	{0x1F39C, 0x1F39D, prAL, gcSo},   //     [2] BEAMED ASCENDING MUSICAL NOTES..BEAMED DESCENDING MUSICAL NOTES
+	{0x1F39E, 0x1F3B4, prID, gcSo},   //    [23] FILM FRAMES..FLOWER PLAYING CARDS
+	{0x1F3B5, 0x1F3B6, prAL, gcSo},   //     [2] MUSICAL NOTE..MULTIPLE MUSICAL NOTES
+	{0x1F3B7, 0x1F3BB, prID, gcSo},   //     [5] SAXOPHONE..VIOLIN
+	{0x1F3BC, 0x1F3BC, prAL, gcSo},   //         MUSICAL SCORE
+	{0x1F3BD, 0x1F3C1, prID, gcSo},   //     [5] RUNNING SHIRT WITH SASH..CHEQUERED FLAG
+	{0x1F3C2, 0x1F3C4, prEB, gcSo},   //     [3] SNOWBOARDER..SURFER
+	{0x1F3C5, 0x1F3C6, prID, gcSo},   //     [2] SPORTS MEDAL..TROPHY
+	{0x1F3C7, 0x1F3C7, prEB, gcSo},   //         HORSE RACING
+	{0x1F3C8, 0x1F3C9, prID, gcSo},   //     [2] AMERICAN FOOTBALL..RUGBY FOOTBALL
+	{0x1F3CA, 0x1F3CC, prEB, gcSo},   //     [3] SWIMMER..GOLFER
+	{0x1F3CD, 0x1F3FA, prID, gcSo},   //    [46] RACING MOTORCYCLE..AMPHORA
+	{0x1F3FB, 0x1F3FF, prEM, gcSk},   //     [5] EMOJI MODIFIER FITZPATRICK TYPE-1-2..EMOJI MODIFIER FITZPATRICK TYPE-6
+	{0x1F400, 0x1F441, prID, gcSo},   //    [66] RAT..EYE
+	{0x1F442, 0x1F443, prEB, gcSo},   //     [2] EAR..NOSE
+	{0x1F444, 0x1F445, prID, gcSo},   //     [2] MOUTH..TONGUE
+	{0x1F446, 0x1F450, prEB, gcSo},   //    [11] WHITE UP POINTING BACKHAND INDEX..OPEN HANDS SIGN
+	{0x1F451, 0x1F465, prID, gcSo},   //    [21] CROWN..BUSTS IN SILHOUETTE
+	{0x1F466, 0x1F478, prEB, gcSo},   //    [19] BOY..PRINCESS
+	{0x1F479, 0x1F47B, prID, gcSo},   //     [3] JAPANESE OGRE..GHOST
+	{0x1F47C, 0x1F47C, prEB, gcSo},   //         BABY ANGEL
+	{0x1F47D, 0x1F480, prID, gcSo},   //     [4] EXTRATERRESTRIAL ALIEN..SKULL
+	{0x1F481, 0x1F483, prEB, gcSo},   //     [3] INFORMATION DESK PERSON..DANCER
+	{0x1F484, 0x1F484, prID, gcSo},   //         LIPSTICK
+	{0x1F485, 0x1F487, prEB, gcSo},   //     [3] NAIL POLISH..HAIRCUT
+	{0x1F488, 0x1F48E, prID, gcSo},   //     [7] BARBER POLE..GEM STONE
+	{0x1F48F, 0x1F48F, prEB, gcSo},   //         KISS
+	{0x1F490, 0x1F490, prID, gcSo},   //         BOUQUET
+	{0x1F491, 0x1F491, prEB, gcSo},   //         COUPLE WITH HEART
+	{0x1F492, 0x1F49F, prID, gcSo},   //    [14] WEDDING..HEART DECORATION
+	{0x1F4A0, 0x1F4A0, prAL, gcSo},   //         DIAMOND SHAPE WITH A DOT INSIDE
+	{0x1F4A1, 0x1F4A1, prID, gcSo},   //         ELECTRIC LIGHT BULB
+	{0x1F4A2, 0x1F4A2, prAL, gcSo},   //         ANGER SYMBOL
+	{0x1F4A3, 0x1F4A3, prID, gcSo},   //         BOMB
+	{0x1F4A4, 0x1F4A4, prAL, gcSo},   //         SLEEPING SYMBOL
+	{0x1F4A5, 0x1F4A9, prID, gcSo},   //     [5] COLLISION SYMBOL..PILE OF POO
+	{0x1F4AA, 0x1F4AA, prEB, gcSo},   //         FLEXED BICEPS
+	{0x1F4AB, 0x1F4AE, prID, gcSo},   //     [4] DIZZY SYMBOL..WHITE FLOWER
+	{0x1F4AF, 0x1F4AF, prAL, gcSo},   //         HUNDRED POINTS SYMBOL
+	{0x1F4B0, 0x1F4B0, prID, gcSo},   //         MONEY BAG
+	{0x1F4B1, 0x1F4B2, prAL, gcSo},   //     [2] CURRENCY EXCHANGE..HEAVY DOLLAR SIGN
+	{0x1F4B3, 0x1F4FF, prID, gcSo},   //    [77] CREDIT CARD..PRAYER BEADS
+	{0x1F500, 0x1F506, prAL, gcSo},   //     [7] TWISTED RIGHTWARDS ARROWS..HIGH BRIGHTNESS SYMBOL
+	{0x1F507, 0x1F516, prID, gcSo},   //    [16] SPEAKER WITH CANCELLATION STROKE..BOOKMARK
+	{0x1F517, 0x1F524, prAL, gcSo},   //    [14] LINK SYMBOL..INPUT SYMBOL FOR LATIN LETTERS
+	{0x1F525, 0x1F531, prID, gcSo},   //    [13] FIRE..TRIDENT EMBLEM
+	{0x1F532, 0x1F549, prAL, gcSo},   //    [24] BLACK SQUARE BUTTON..OM SYMBOL
+	{0x1F54A, 0x1F573, prID, gcSo},   //    [42] DOVE OF PEACE..HOLE
+	{0x1F574, 0x1F575, prEB, gcSo},   //     [2] MAN IN BUSINESS SUIT LEVITATING..SLEUTH OR SPY
+	{0x1F576, 0x1F579, prID, gcSo},   //     [4] DARK SUNGLASSES..JOYSTICK
+	{0x1F57A, 0x1F57A, prEB, gcSo},   //         MAN DANCING
+	{0x1F57B, 0x1F58F, prID, gcSo},   //    [21] LEFT HAND TELEPHONE RECEIVER..TURNED OK HAND SIGN
+	{0x1F590, 0x1F590, prEB, gcSo},   //         RAISED HAND WITH FINGERS SPLAYED
+	{0x1F591, 0x1F594, prID, gcSo},   //     [4] REVERSED RAISED HAND WITH FINGERS SPLAYED..REVERSED VICTORY HAND
+	{0x1F595, 0x1F596, prEB, gcSo},   //     [2] REVERSED HAND WITH MIDDLE FINGER EXTENDED..RAISED HAND WITH PART BETWEEN MIDDLE AND RING FINGERS
+	{0x1F597, 0x1F5D3, prID, gcSo},   //    [61] WHITE DOWN POINTING LEFT HAND INDEX..SPIRAL CALENDAR PAD
+	{0x1F5D4, 0x1F5DB, prAL, gcSo},   //     [8] DESKTOP WINDOW..DECREASE FONT SIZE SYMBOL
+	{0x1F5DC, 0x1F5F3, prID, gcSo},   //    [24] COMPRESSION..BALLOT BOX WITH BALLOT
+	{0x1F5F4, 0x1F5F9, prAL, gcSo},   //     [6] BALLOT SCRIPT X..BALLOT BOX WITH BOLD CHECK
+	{0x1F5FA, 0x1F5FF, prID, gcSo},   //     [6] WORLD MAP..MOYAI
+	{0x1F600, 0x1F644, prID, gcSo},   //    [69] GRINNING FACE..FACE WITH ROLLING EYES
+	{0x1F645, 0x1F647, prEB, gcSo},   //     [3] FACE WITH NO GOOD GESTURE..PERSON BOWING DEEPLY
+	{0x1F648, 0x1F64A, prID, gcSo},   //     [3] SEE-NO-EVIL MONKEY..SPEAK-NO-EVIL MONKEY
+	{0x1F64B, 0x1F64F, prEB, gcSo},   //     [5] HAPPY PERSON RAISING ONE HAND..PERSON WITH FOLDED HANDS
+	{0x1F650, 0x1F675, prAL, gcSo},   //    [38] NORTH WEST POINTING LEAF..SWASH AMPERSAND ORNAMENT
+	{0x1F676, 0x1F678, prQU, gcSo},   //     [3] SANS-SERIF HEAVY DOUBLE TURNED COMMA QUOTATION MARK ORNAMENT..SANS-SERIF HEAVY LOW DOUBLE COMMA QUOTATION MARK ORNAMENT
+	{0x1F679, 0x1F67B, prNS, gcSo},   //     [3] HEAVY INTERROBANG ORNAMENT..HEAVY SANS-SERIF INTERROBANG ORNAMENT
+	{0x1F67C, 0x1F67F, prAL, gcSo},   //     [4] VERY HEAVY SOLIDUS..REVERSE CHECKER BOARD
+	{0x1F680, 0x1F6A2, prID, gcSo},   //    [35] ROCKET..SHIP
+	{0x1F6A3, 0x1F6A3, prEB, gcSo},   //         ROWBOAT
+	{0x1F6A4, 0x1F6B3, prID, gcSo},   //    [16] SPEEDBOAT..NO BICYCLES
+	{0x1F6B4, 0x1F6B6, prEB, gcSo},   //     [3] BICYCLIST..PEDESTRIAN
+	{0x1F6B7, 0x1F6BF, prID, gcSo},   //     [9] NO PEDESTRIANS..SHOWER
+	{0x1F6C0, 0x1F6C0, prEB, gcSo},   //         BATH
+	{0x1F6C1, 0x1F6CB, prID, gcSo},   //    [11] BATHTUB..COUCH AND LAMP
+	{0x1F6CC, 0x1F6CC, prEB, gcSo},   //         SLEEPING ACCOMMODATION
+	{0x1F6CD, 0x1F6D7, prID, gcSo},   //    [11] SHOPPING BAGS..ELEVATOR
+	{0x1F6D8, 0x1F6DC, prID, gcCn},   //     [5] <reserved-1F6D8>..<reserved-1F6DC>
+	{0x1F6DD, 0x1F6EC, prID, gcSo},   //    [16] PLAYGROUND SLIDE..AIRPLANE ARRIVING
+	{0x1F6ED, 0x1F6EF, prID, gcCn},   //     [3] <reserved-1F6ED>..<reserved-1F6EF>
+	{0x1F6F0, 0x1F6FC, prID, gcSo},   //    [13] SATELLITE..ROLLER SKATE
+	{0x1F6FD, 0x1F6FF, prID, gcCn},   //     [3] <reserved-1F6FD>..<reserved-1F6FF>
+	{0x1F700, 0x1F773, prAL, gcSo},   //   [116] ALCHEMICAL SYMBOL FOR QUINTESSENCE..ALCHEMICAL SYMBOL FOR HALF OUNCE
+	{0x1F774, 0x1F77F, prID, gcCn},   //    [12] <reserved-1F774>..<reserved-1F77F>
+	{0x1F780, 0x1F7D4, prAL, gcSo},   //    [85] BLACK LEFT-POINTING ISOSCELES RIGHT TRIANGLE..HEAVY TWELVE POINTED PINWHEEL STAR
+	{0x1F7D5, 0x1F7D8, prID, gcSo},   //     [4] CIRCLED TRIANGLE..NEGATIVE CIRCLED SQUARE
+	{0x1F7D9, 0x1F7DF, prID, gcCn},   //     [7] <reserved-1F7D9>..<reserved-1F7DF>
+	{0x1F7E0, 0x1F7EB, prID, gcSo},   //    [12] LARGE ORANGE CIRCLE..LARGE BROWN SQUARE
+	{0x1F7EC, 0x1F7EF, prID, gcCn},   //     [4] <reserved-1F7EC>..<reserved-1F7EF>
+	{0x1F7F0, 0x1F7F0, prID, gcSo},   //         HEAVY EQUALS SIGN
+	{0x1F7F1, 0x1F7FF, prID, gcCn},   //    [15] <reserved-1F7F1>..<reserved-1F7FF>
+	{0x1F800, 0x1F80B, prAL, gcSo},   //    [12] LEFTWARDS ARROW WITH SMALL TRIANGLE ARROWHEAD..DOWNWARDS ARROW WITH LARGE TRIANGLE ARROWHEAD
+	{0x1F80C, 0x1F80F, prID, gcCn},   //     [4] <reserved-1F80C>..<reserved-1F80F>
+	{0x1F810, 0x1F847, prAL, gcSo},   //    [56] LEFTWARDS ARROW WITH SMALL EQUILATERAL ARROWHEAD..DOWNWARDS HEAVY ARROW
+	{0x1F848, 0x1F84F, prID, gcCn},   //     [8] <reserved-1F848>..<reserved-1F84F>
+	{0x1F850, 0x1F859, prAL, gcSo},   //    [10] LEFTWARDS SANS-SERIF ARROW..UP DOWN SANS-SERIF ARROW
+	{0x1F85A, 0x1F85F, prID, gcCn},   //     [6] <reserved-1F85A>..<reserved-1F85F>
+	{0x1F860, 0x1F887, prAL, gcSo},   //    [40] WIDE-HEADED LEFTWARDS LIGHT BARB ARROW..WIDE-HEADED SOUTH WEST VERY HEAVY BARB ARROW
+	{0x1F888, 0x1F88F, prID, gcCn},   //     [8] <reserved-1F888>..<reserved-1F88F>
+	{0x1F890, 0x1F8AD, prAL, gcSo},   //    [30] LEFTWARDS TRIANGLE ARROWHEAD..WHITE ARROW SHAFT WIDTH TWO THIRDS
+	{0x1F8AE, 0x1F8AF, prID, gcCn},   //     [2] <reserved-1F8AE>..<reserved-1F8AF>
+	{0x1F8B0, 0x1F8B1, prID, gcSo},   //     [2] ARROW POINTING UPWARDS THEN NORTH WEST..ARROW POINTING RIGHTWARDS THEN CURVING SOUTH WEST
+	{0x1F8B2, 0x1F8FF, prID, gcCn},   //    [78] <reserved-1F8B2>..<reserved-1F8FF>
+	{0x1F900, 0x1F90B, prAL, gcSo},   //    [12] CIRCLED CROSS FORMEE WITH FOUR DOTS..DOWNWARD FACING NOTCHED HOOK WITH DOT
+	{0x1F90C, 0x1F90C, prEB, gcSo},   //         PINCHED FINGERS
+	{0x1F90D, 0x1F90E, prID, gcSo},   //     [2] WHITE HEART..BROWN HEART
+	{0x1F90F, 0x1F90F, prEB, gcSo},   //         PINCHING HAND
+	{0x1F910, 0x1F917, prID, gcSo},   //     [8] ZIPPER-MOUTH FACE..HUGGING FACE
+	{0x1F918, 0x1F91F, prEB, gcSo},   //     [8] SIGN OF THE HORNS..I LOVE YOU HAND SIGN
+	{0x1F920, 0x1F925, prID, gcSo},   //     [6] FACE WITH COWBOY HAT..LYING FACE
+	{0x1F926, 0x1F926, prEB, gcSo},   //         FACE PALM
+	{0x1F927, 0x1F92F, prID, gcSo},   //     [9] SNEEZING FACE..SHOCKED FACE WITH EXPLODING HEAD
+	{0x1F930, 0x1F939, prEB, gcSo},   //    [10] PREGNANT WOMAN..JUGGLING
+	{0x1F93A, 0x1F93B, prID, gcSo},   //     [2] FENCER..MODERN PENTATHLON
+	{0x1F93C, 0x1F93E, prEB, gcSo},   //     [3] WRESTLERS..HANDBALL
+	{0x1F93F, 0x1F976, prID, gcSo},   //    [56] DIVING MASK..FREEZING FACE
+	{0x1F977, 0x1F977, prEB, gcSo},   //         NINJA
+	{0x1F978, 0x1F9B4, prID, gcSo},   //    [61] DISGUISED FACE..BONE
+	{0x1F9B5, 0x1F9B6, prEB, gcSo},   //     [2] LEG..FOOT
+	{0x1F9B7, 0x1F9B7, prID, gcSo},   //         TOOTH
+	{0x1F9B8, 0x1F9B9, prEB, gcSo},   //     [2] SUPERHERO..SUPERVILLAIN
+	{0x1F9BA, 0x1F9BA, prID, gcSo},   //         SAFETY VEST
+	{0x1F9BB, 0x1F9BB, prEB, gcSo},   //         EAR WITH HEARING AID
+	{0x1F9BC, 0x1F9CC, prID, gcSo},   //    [17] MOTORIZED WHEELCHAIR..TROLL
+	{0x1F9CD, 0x1F9CF, prEB, gcSo},   //     [3] STANDING PERSON..DEAF PERSON
+	{0x1F9D0, 0x1F9D0, prID, gcSo},   //         FACE WITH MONOCLE
+	{0x1F9D1, 0x1F9DD, prEB, gcSo},   //    [13] ADULT..ELF
+	{0x1F9DE, 0x1F9FF, prID, gcSo},   //    [34] GENIE..NAZAR AMULET
+	{0x1FA00, 0x1FA53, prAL, gcSo},   //    [84] NEUTRAL CHESS KING..BLACK CHESS KNIGHT-BISHOP
+	{0x1FA54, 0x1FA5F, prID, gcCn},   //    [12] <reserved-1FA54>..<reserved-1FA5F>
+	{0x1FA60, 0x1FA6D, prID, gcSo},   //    [14] XIANGQI RED GENERAL..XIANGQI BLACK SOLDIER
+	{0x1FA6E, 0x1FA6F, prID, gcCn},   //     [2] <reserved-1FA6E>..<reserved-1FA6F>
+	{0x1FA70, 0x1FA74, prID, gcSo},   //     [5] BALLET SHOES..THONG SANDAL
+	{0x1FA75, 0x1FA77, prID, gcCn},   //     [3] <reserved-1FA75>..<reserved-1FA77>
+	{0x1FA78, 0x1FA7C, prID, gcSo},   //     [5] DROP OF BLOOD..CRUTCH
+	{0x1FA7D, 0x1FA7F, prID, gcCn},   //     [3] <reserved-1FA7D>..<reserved-1FA7F>
+	{0x1FA80, 0x1FA86, prID, gcSo},   //     [7] YO-YO..NESTING DOLLS
+	{0x1FA87, 0x1FA8F, prID, gcCn},   //     [9] <reserved-1FA87>..<reserved-1FA8F>
+	{0x1FA90, 0x1FAAC, prID, gcSo},   //    [29] RINGED PLANET..HAMSA
+	{0x1FAAD, 0x1FAAF, prID, gcCn},   //     [3] <reserved-1FAAD>..<reserved-1FAAF>
+	{0x1FAB0, 0x1FABA, prID, gcSo},   //    [11] FLY..NEST WITH EGGS
+	{0x1FABB, 0x1FABF, prID, gcCn},   //     [5] <reserved-1FABB>..<reserved-1FABF>
+	{0x1FAC0, 0x1FAC2, prID, gcSo},   //     [3] ANATOMICAL HEART..PEOPLE HUGGING
+	{0x1FAC3, 0x1FAC5, prEB, gcSo},   //     [3] PREGNANT MAN..PERSON WITH CROWN
+	{0x1FAC6, 0x1FACF, prID, gcCn},   //    [10] <reserved-1FAC6>..<reserved-1FACF>
+	{0x1FAD0, 0x1FAD9, prID, gcSo},   //    [10] BLUEBERRIES..JAR
+	{0x1FADA, 0x1FADF, prID, gcCn},   //     [6] <reserved-1FADA>..<reserved-1FADF>
+	{0x1FAE0, 0x1FAE7, prID, gcSo},   //     [8] MELTING FACE..BUBBLES
+	{0x1FAE8, 0x1FAEF, prID, gcCn},   //     [8] <reserved-1FAE8>..<reserved-1FAEF>
+	{0x1FAF0, 0x1FAF6, prEB, gcSo},   //     [7] HAND WITH INDEX FINGER AND THUMB CROSSED..HEART HANDS
+	{0x1FAF7, 0x1FAFF, prID, gcCn},   //     [9] <reserved-1FAF7>..<reserved-1FAFF>
+	{0x1FB00, 0x1FB92, prAL, gcSo},   //   [147] BLOCK SEXTANT-1..UPPER HALF INVERSE MEDIUM SHADE AND LOWER HALF BLOCK
+	{0x1FB94, 0x1FBCA, prAL, gcSo},   //    [55] LEFT HALF INVERSE MEDIUM SHADE AND RIGHT HALF BLOCK..WHITE UP-POINTING CHEVRON
+	{0x1FBF0, 0x1FBF9, prNU, gcNd},   //    [10] SEGMENTED DIGIT ZERO..SEGMENTED DIGIT NINE
+	{0x1FC00, 0x1FFFD, prID, gcCn},   //  [1022] <reserved-1FC00>..<reserved-1FFFD>
+	{0x20000, 0x2A6DF, prID, gcLo},   // [42720] CJK UNIFIED IDEOGRAPH-20000..CJK UNIFIED IDEOGRAPH-2A6DF
+	{0x2A6E0, 0x2A6FF, prID, gcCn},   //    [32] <reserved-2A6E0>..<reserved-2A6FF>
+	{0x2A700, 0x2B738, prID, gcLo},   //  [4153] CJK UNIFIED IDEOGRAPH-2A700..CJK UNIFIED IDEOGRAPH-2B738
+	{0x2B739, 0x2B73F, prID, gcCn},   //     [7] <reserved-2B739>..<reserved-2B73F>
+	{0x2B740, 0x2B81D, prID, gcLo},   //   [222] CJK UNIFIED IDEOGRAPH-2B740..CJK UNIFIED IDEOGRAPH-2B81D
+	{0x2B81E, 0x2B81F, prID, gcCn},   //     [2] <reserved-2B81E>..<reserved-2B81F>
+	{0x2B820, 0x2CEA1, prID, gcLo},   //  [5762] CJK UNIFIED IDEOGRAPH-2B820..CJK UNIFIED IDEOGRAPH-2CEA1
+	{0x2CEA2, 0x2CEAF, prID, gcCn},   //    [14] <reserved-2CEA2>..<reserved-2CEAF>
+	{0x2CEB0, 0x2EBE0, prID, gcLo},   //  [7473] CJK UNIFIED IDEOGRAPH-2CEB0..CJK UNIFIED IDEOGRAPH-2EBE0
+	{0x2EBE1, 0x2F7FF, prID, gcCn},   //  [3103] <reserved-2EBE1>..<reserved-2F7FF>
+	{0x2F800, 0x2FA1D, prID, gcLo},   //   [542] CJK COMPATIBILITY IDEOGRAPH-2F800..CJK COMPATIBILITY IDEOGRAPH-2FA1D
+	{0x2FA1E, 0x2FA1F, prID, gcCn},   //     [2] <reserved-2FA1E>..<reserved-2FA1F>
+	{0x2FA20, 0x2FFFD, prID, gcCn},   //  [1502] <reserved-2FA20>..<reserved-2FFFD>
+	{0x30000, 0x3134A, prID, gcLo},   //  [4939] CJK UNIFIED IDEOGRAPH-30000..CJK UNIFIED IDEOGRAPH-3134A
+	{0x3134B, 0x3FFFD, prID, gcCn},   // [60595] <reserved-3134B>..<reserved-3FFFD>
+	{0xE0001, 0xE0001, prCM, gcCf},   //         LANGUAGE TAG
+	{0xE0020, 0xE007F, prCM, gcCf},   //    [96] TAG SPACE..CANCEL TAG
+	{0xE0100, 0xE01EF, prCM, gcMn},   //   [240] VARIATION SELECTOR-17..VARIATION SELECTOR-256
+	{0xF0000, 0xFFFFD, prXX, gcCo},   // [65534] <private-use-F0000>..<private-use-FFFFD>
+	{0x100000, 0x10FFFD, prXX, gcCo}, // [65534] <private-use-100000>..<private-use-10FFFD>
+}
diff --git a/vendor/github.com/rivo/uniseg/linerules.go b/vendor/github.com/rivo/uniseg/linerules.go
new file mode 100644
index 0000000000..d2ad51680e
--- /dev/null
+++ b/vendor/github.com/rivo/uniseg/linerules.go
@@ -0,0 +1,470 @@
+package uniseg
+
+import "unicode/utf8"
+
+// The states of the line break parser.
+const (
+	lbAny = iota
+	lbBK
+	lbCR
+	lbLF
+	lbNL
+	lbSP
+	lbZW
+	lbWJ
+	lbGL
+	lbBA
+	lbHY
+	lbCL
+	lbCP
+	lbEX
+	lbIS
+	lbSY
+	lbOP
+	lbQU
+	lbQUSP
+	lbNS
+	lbCLCPSP
+	lbB2
+	lbB2SP
+	lbCB
+	lbBB
+	lbLB21a
+	lbHL
+	lbAL
+	lbNU
+	lbPR
+	lbEB
+	lbIDEM
+	lbNUNU
+	lbNUSY
+	lbNUIS
+	lbNUCL
+	lbNUCP
+	lbPO
+	lbJL
+	lbJV
+	lbJT
+	lbH2
+	lbH3
+	lbOddRI
+	lbEvenRI
+	lbExtPicCn
+	lbZWJBit     = 64
+	lbCPeaFWHBit = 128
+)
+
+// These constants define whether a given text may be broken into the next line.
+// If the break is optional (LineCanBreak), you may choose to break or not based
+// on your own criteria, for example, if the text has reached the available
+// width.
+const (
+	LineDontBreak = iota // You may not break the line here.
+	LineCanBreak         // You may or may not break the line here.
+	LineMustBreak        // You must break the line here.
+)
+
+// The line break parser's state transitions. It's anologous to grTransitions,
+// see comments there for details. Unicode version 14.0.0.
+var lbTransitions = map[[2]int][3]int{
+	// LB4.
+	{lbAny, prBK}: {lbBK, LineCanBreak, 310},
+	{lbBK, prAny}: {lbAny, LineMustBreak, 40},
+
+	// LB5.
+	{lbAny, prCR}: {lbCR, LineCanBreak, 310},
+	{lbAny, prLF}: {lbLF, LineCanBreak, 310},
+	{lbAny, prNL}: {lbNL, LineCanBreak, 310},
+	{lbCR, prLF}:  {lbLF, LineDontBreak, 50},
+	{lbCR, prAny}: {lbAny, LineMustBreak, 50},
+	{lbLF, prAny}: {lbAny, LineMustBreak, 50},
+	{lbNL, prAny}: {lbAny, LineMustBreak, 50},
+
+	// LB6.
+	{lbAny, prBK}: {lbBK, LineDontBreak, 60},
+	{lbAny, prCR}: {lbCR, LineDontBreak, 60},
+	{lbAny, prLF}: {lbLF, LineDontBreak, 60},
+	{lbAny, prNL}: {lbNL, LineDontBreak, 60},
+
+	// LB7.
+	{lbAny, prSP}: {lbSP, LineDontBreak, 70},
+	{lbAny, prZW}: {lbZW, LineDontBreak, 70},
+
+	// LB8.
+	{lbZW, prSP}:  {lbZW, LineDontBreak, 70},
+	{lbZW, prAny}: {lbAny, LineCanBreak, 80},
+
+	// LB11.
+	{lbAny, prWJ}: {lbWJ, LineDontBreak, 110},
+	{lbWJ, prAny}: {lbAny, LineDontBreak, 110},
+
+	// LB12.
+	{lbAny, prGL}: {lbGL, LineCanBreak, 310},
+	{lbGL, prAny}: {lbAny, LineDontBreak, 120},
+
+	// LB13 (simple transitions).
+	{lbAny, prCL}: {lbCL, LineCanBreak, 310},
+	{lbAny, prCP}: {lbCP, LineCanBreak, 310},
+	{lbAny, prEX}: {lbEX, LineDontBreak, 130},
+	{lbAny, prIS}: {lbIS, LineCanBreak, 310},
+	{lbAny, prSY}: {lbSY, LineCanBreak, 310},
+
+	// LB14.
+	{lbAny, prOP}: {lbOP, LineCanBreak, 310},
+	{lbOP, prSP}:  {lbOP, LineDontBreak, 70},
+	{lbOP, prAny}: {lbAny, LineDontBreak, 140},
+
+	// LB15.
+	{lbQU, prSP}:   {lbQUSP, LineDontBreak, 70},
+	{lbQU, prOP}:   {lbOP, LineDontBreak, 150},
+	{lbQUSP, prOP}: {lbOP, LineDontBreak, 150},
+
+	// LB16.
+	{lbCL, prSP}:     {lbCLCPSP, LineDontBreak, 70},
+	{lbNUCL, prSP}:   {lbCLCPSP, LineDontBreak, 70},
+	{lbCP, prSP}:     {lbCLCPSP, LineDontBreak, 70},
+	{lbNUCP, prSP}:   {lbCLCPSP, LineDontBreak, 70},
+	{lbCL, prNS}:     {lbNS, LineDontBreak, 160},
+	{lbNUCL, prNS}:   {lbNS, LineDontBreak, 160},
+	{lbCP, prNS}:     {lbNS, LineDontBreak, 160},
+	{lbNUCP, prNS}:   {lbNS, LineDontBreak, 160},
+	{lbCLCPSP, prNS}: {lbNS, LineDontBreak, 160},
+
+	// LB17.
+	{lbAny, prB2}:  {lbB2, LineCanBreak, 310},
+	{lbB2, prSP}:   {lbB2SP, LineDontBreak, 70},
+	{lbB2, prB2}:   {lbB2, LineDontBreak, 170},
+	{lbB2SP, prB2}: {lbB2, LineDontBreak, 170},
+
+	// LB18.
+	{lbSP, prAny}:     {lbAny, LineCanBreak, 180},
+	{lbQUSP, prAny}:   {lbAny, LineCanBreak, 180},
+	{lbCLCPSP, prAny}: {lbAny, LineCanBreak, 180},
+	{lbB2SP, prAny}:   {lbAny, LineCanBreak, 180},
+
+	// LB19.
+	{lbAny, prQU}: {lbQU, LineDontBreak, 190},
+	{lbQU, prAny}: {lbAny, LineDontBreak, 190},
+
+	// LB20.
+	{lbAny, prCB}: {lbCB, LineCanBreak, 200},
+	{lbCB, prAny}: {lbAny, LineCanBreak, 200},
+
+	// LB21.
+	{lbAny, prBA}: {lbBA, LineDontBreak, 210},
+	{lbAny, prHY}: {lbHY, LineDontBreak, 210},
+	{lbAny, prNS}: {lbNS, LineDontBreak, 210},
+	{lbAny, prBB}: {lbBB, LineCanBreak, 310},
+	{lbBB, prAny}: {lbAny, LineDontBreak, 210},
+
+	// LB21a.
+	{lbAny, prHL}:    {lbHL, LineCanBreak, 310},
+	{lbHL, prHY}:     {lbLB21a, LineDontBreak, 210},
+	{lbHL, prBA}:     {lbLB21a, LineDontBreak, 210},
+	{lbLB21a, prAny}: {lbAny, LineDontBreak, 211},
+
+	// LB21b.
+	{lbSY, prHL}:   {lbHL, LineDontBreak, 212},
+	{lbNUSY, prHL}: {lbHL, LineDontBreak, 212},
+
+	// LB22.
+	{lbAny, prIN}: {lbAny, LineDontBreak, 220},
+
+	// LB23.
+	{lbAny, prAL}:  {lbAL, LineCanBreak, 310},
+	{lbAny, prNU}:  {lbNU, LineCanBreak, 310},
+	{lbAL, prNU}:   {lbNU, LineDontBreak, 230},
+	{lbHL, prNU}:   {lbNU, LineDontBreak, 230},
+	{lbNU, prAL}:   {lbAL, LineDontBreak, 230},
+	{lbNU, prHL}:   {lbHL, LineDontBreak, 230},
+	{lbNUNU, prAL}: {lbAL, LineDontBreak, 230},
+	{lbNUNU, prHL}: {lbHL, LineDontBreak, 230},
+
+	// LB23a.
+	{lbAny, prPR}:  {lbPR, LineCanBreak, 310},
+	{lbAny, prID}:  {lbIDEM, LineCanBreak, 310},
+	{lbAny, prEB}:  {lbEB, LineCanBreak, 310},
+	{lbAny, prEM}:  {lbIDEM, LineCanBreak, 310},
+	{lbPR, prID}:   {lbIDEM, LineDontBreak, 231},
+	{lbPR, prEB}:   {lbEB, LineDontBreak, 231},
+	{lbPR, prEM}:   {lbIDEM, LineDontBreak, 231},
+	{lbIDEM, prPO}: {lbPO, LineDontBreak, 231},
+	{lbEB, prPO}:   {lbPO, LineDontBreak, 231},
+
+	// LB24.
+	{lbAny, prPO}: {lbPO, LineCanBreak, 310},
+	{lbPR, prAL}:  {lbAL, LineDontBreak, 240},
+	{lbPR, prHL}:  {lbHL, LineDontBreak, 240},
+	{lbPO, prAL}:  {lbAL, LineDontBreak, 240},
+	{lbPO, prHL}:  {lbHL, LineDontBreak, 240},
+	{lbAL, prPR}:  {lbPR, LineDontBreak, 240},
+	{lbAL, prPO}:  {lbPO, LineDontBreak, 240},
+	{lbHL, prPR}:  {lbPR, LineDontBreak, 240},
+	{lbHL, prPO}:  {lbPO, LineDontBreak, 240},
+
+	// LB25 (simple transitions).
+	{lbPR, prNU}:   {lbNU, LineDontBreak, 250},
+	{lbPO, prNU}:   {lbNU, LineDontBreak, 250},
+	{lbOP, prNU}:   {lbNU, LineDontBreak, 250},
+	{lbHY, prNU}:   {lbNU, LineDontBreak, 250},
+	{lbNU, prNU}:   {lbNUNU, LineDontBreak, 250},
+	{lbNU, prSY}:   {lbNUSY, LineDontBreak, 250},
+	{lbNU, prIS}:   {lbNUIS, LineDontBreak, 250},
+	{lbNUNU, prNU}: {lbNUNU, LineDontBreak, 250},
+	{lbNUNU, prSY}: {lbNUSY, LineDontBreak, 250},
+	{lbNUNU, prIS}: {lbNUIS, LineDontBreak, 250},
+	{lbNUSY, prNU}: {lbNUNU, LineDontBreak, 250},
+	{lbNUSY, prSY}: {lbNUSY, LineDontBreak, 250},
+	{lbNUSY, prIS}: {lbNUIS, LineDontBreak, 250},
+	{lbNUIS, prNU}: {lbNUNU, LineDontBreak, 250},
+	{lbNUIS, prSY}: {lbNUSY, LineDontBreak, 250},
+	{lbNUIS, prIS}: {lbNUIS, LineDontBreak, 250},
+	{lbNU, prCL}:   {lbNUCL, LineDontBreak, 250},
+	{lbNU, prCP}:   {lbNUCP, LineDontBreak, 250},
+	{lbNUNU, prCL}: {lbNUCL, LineDontBreak, 250},
+	{lbNUNU, prCP}: {lbNUCP, LineDontBreak, 250},
+	{lbNUSY, prCL}: {lbNUCL, LineDontBreak, 250},
+	{lbNUSY, prCP}: {lbNUCP, LineDontBreak, 250},
+	{lbNUIS, prCL}: {lbNUCL, LineDontBreak, 250},
+	{lbNUIS, prCP}: {lbNUCP, LineDontBreak, 250},
+	{lbNU, prPO}:   {lbPO, LineDontBreak, 250},
+	{lbNUNU, prPO}: {lbPO, LineDontBreak, 250},
+	{lbNUSY, prPO}: {lbPO, LineDontBreak, 250},
+	{lbNUIS, prPO}: {lbPO, LineDontBreak, 250},
+	{lbNUCL, prPO}: {lbPO, LineDontBreak, 250},
+	{lbNUCP, prPO}: {lbPO, LineDontBreak, 250},
+	{lbNU, prPR}:   {lbPR, LineDontBreak, 250},
+	{lbNUNU, prPR}: {lbPR, LineDontBreak, 250},
+	{lbNUSY, prPR}: {lbPR, LineDontBreak, 250},
+	{lbNUIS, prPR}: {lbPR, LineDontBreak, 250},
+	{lbNUCL, prPR}: {lbPR, LineDontBreak, 250},
+	{lbNUCP, prPR}: {lbPR, LineDontBreak, 250},
+
+	// LB26.
+	{lbAny, prJL}: {lbJL, LineCanBreak, 310},
+	{lbAny, prJV}: {lbJV, LineCanBreak, 310},
+	{lbAny, prJT}: {lbJT, LineCanBreak, 310},
+	{lbAny, prH2}: {lbH2, LineCanBreak, 310},
+	{lbAny, prH3}: {lbH3, LineCanBreak, 310},
+	{lbJL, prJL}:  {lbJL, LineDontBreak, 260},
+	{lbJL, prJV}:  {lbJV, LineDontBreak, 260},
+	{lbJL, prH2}:  {lbH2, LineDontBreak, 260},
+	{lbJL, prH3}:  {lbH3, LineDontBreak, 260},
+	{lbJV, prJV}:  {lbJV, LineDontBreak, 260},
+	{lbJV, prJT}:  {lbJT, LineDontBreak, 260},
+	{lbH2, prJV}:  {lbJV, LineDontBreak, 260},
+	{lbH2, prJT}:  {lbJT, LineDontBreak, 260},
+	{lbJT, prJT}:  {lbJT, LineDontBreak, 260},
+	{lbH3, prJT}:  {lbJT, LineDontBreak, 260},
+
+	// LB27.
+	{lbJL, prPO}: {lbPO, LineDontBreak, 270},
+	{lbJV, prPO}: {lbPO, LineDontBreak, 270},
+	{lbJT, prPO}: {lbPO, LineDontBreak, 270},
+	{lbH2, prPO}: {lbPO, LineDontBreak, 270},
+	{lbH3, prPO}: {lbPO, LineDontBreak, 270},
+	{lbPR, prJL}: {lbJL, LineDontBreak, 270},
+	{lbPR, prJV}: {lbJV, LineDontBreak, 270},
+	{lbPR, prJT}: {lbJT, LineDontBreak, 270},
+	{lbPR, prH2}: {lbH2, LineDontBreak, 270},
+	{lbPR, prH3}: {lbH3, LineDontBreak, 270},
+
+	// LB28.
+	{lbAL, prAL}: {lbAL, LineDontBreak, 280},
+	{lbAL, prHL}: {lbHL, LineDontBreak, 280},
+	{lbHL, prAL}: {lbAL, LineDontBreak, 280},
+	{lbHL, prHL}: {lbHL, LineDontBreak, 280},
+
+	// LB29.
+	{lbIS, prAL}:   {lbAL, LineDontBreak, 290},
+	{lbIS, prHL}:   {lbHL, LineDontBreak, 290},
+	{lbNUIS, prAL}: {lbAL, LineDontBreak, 290},
+	{lbNUIS, prHL}: {lbHL, LineDontBreak, 290},
+}
+
+// transitionLineBreakState determines the new state of the line break parser
+// given the current state and the next code point. It also returns the type of
+// line break: LineDontBreak, LineCanBreak, or LineMustBreak. If more than one
+// code point is needed to determine the new state, the byte slice or the string
+// starting after rune "r" can be used (whichever is not nil or empty) for
+// further lookups.
+func transitionLineBreakState(state int, r rune, b []byte, str string) (newState int, lineBreak int) {
+	// Determine the property of the next character.
+	nextProperty, generalCategory := propertyWithGenCat(lineBreakCodePoints, r)
+
+	// Prepare.
+	var forceNoBreak, isCPeaFWH bool
+	if state >= 0 && state&lbCPeaFWHBit != 0 {
+		isCPeaFWH = true // LB30: CP but ea is not F, W, or H.
+		state = state &^ lbCPeaFWHBit
+	}
+	if state >= 0 && state&lbZWJBit != 0 {
+		state = state &^ lbZWJBit // Extract zero-width joiner bit.
+		forceNoBreak = true       // LB8a.
+	}
+
+	defer func() {
+		// Transition into LB30.
+		if newState == lbCP || newState == lbNUCP {
+			ea := property(eastAsianWidth, r)
+			if ea != prF && ea != prW && ea != prH {
+				newState |= lbCPeaFWHBit
+			}
+		}
+
+		// Override break.
+		if forceNoBreak {
+			lineBreak = LineDontBreak
+		}
+	}()
+
+	// LB1.
+	if nextProperty == prAI || nextProperty == prSG || nextProperty == prXX {
+		nextProperty = prAL
+	} else if nextProperty == prSA {
+		if generalCategory == gcMn || generalCategory == gcMc {
+			nextProperty = prCM
+		} else {
+			nextProperty = prAL
+		}
+	} else if nextProperty == prCJ {
+		nextProperty = prNS
+	}
+
+	// Combining marks.
+	if nextProperty == prZWJ || nextProperty == prCM {
+		var bit int
+		if nextProperty == prZWJ {
+			bit = lbZWJBit
+		}
+		mustBreakState := state < 0 || state == lbBK || state == lbCR || state == lbLF || state == lbNL
+		if !mustBreakState && state != lbSP && state != lbZW && state != lbQUSP && state != lbCLCPSP && state != lbB2SP {
+			// LB9.
+			return state | bit, LineDontBreak
+		} else {
+			// LB10.
+			if mustBreakState {
+				return lbAL | bit, LineMustBreak
+			}
+			return lbAL | bit, LineCanBreak
+		}
+	}
+
+	// Find the applicable transition in the table.
+	var rule int
+	transition, ok := lbTransitions[[2]int{state, nextProperty}]
+	if ok {
+		// We have a specific transition. We'll use it.
+		newState, lineBreak, rule = transition[0], transition[1], transition[2]
+	} else {
+		// No specific transition found. Try the less specific ones.
+		transAnyProp, okAnyProp := lbTransitions[[2]int{state, prAny}]
+		transAnyState, okAnyState := lbTransitions[[2]int{lbAny, nextProperty}]
+		if okAnyProp && okAnyState {
+			// Both apply. We'll use a mix (see comments for grTransitions).
+			newState, lineBreak, rule = transAnyState[0], transAnyState[1], transAnyState[2]
+			if transAnyProp[2] < transAnyState[2] {
+				lineBreak, rule = transAnyProp[1], transAnyProp[2]
+			}
+		} else if okAnyProp {
+			// We only have a specific state.
+			newState, lineBreak, rule = transAnyProp[0], transAnyProp[1], transAnyProp[2]
+			// This branch will probably never be reached because okAnyState will
+			// always be true given the current transition map. But we keep it here
+			// for future modifications to the transition map where this may not be
+			// true anymore.
+		} else if okAnyState {
+			// We only have a specific property.
+			newState, lineBreak, rule = transAnyState[0], transAnyState[1], transAnyState[2]
+		} else {
+			// No known transition. LB31: ALL ÷ ALL.
+			newState, lineBreak, rule = lbAny, LineCanBreak, 310
+		}
+	}
+
+	// LB12a.
+	if rule > 121 &&
+		nextProperty == prGL &&
+		(state != lbSP && state != lbBA && state != lbHY && state != lbLB21a && state != lbQUSP && state != lbCLCPSP && state != lbB2SP) {
+		return lbGL, LineDontBreak
+	}
+
+	// LB13.
+	if rule > 130 && state != lbNU && state != lbNUNU {
+		switch nextProperty {
+		case prCL:
+			return lbCL, LineDontBreak
+		case prCP:
+			return lbCP, LineDontBreak
+		case prIS:
+			return lbIS, LineDontBreak
+		case prSY:
+			return lbSY, LineDontBreak
+		}
+	}
+
+	// LB25 (look ahead).
+	if rule > 250 &&
+		(state == lbPR || state == lbPO) &&
+		nextProperty == prOP || nextProperty == prHY {
+		var r rune
+		if b != nil { // Byte slice version.
+			r, _ = utf8.DecodeRune(b)
+		} else { // String version.
+			r, _ = utf8.DecodeRuneInString(str)
+		}
+		if r != utf8.RuneError {
+			pr, _ := propertyWithGenCat(lineBreakCodePoints, r)
+			if pr == prNU {
+				return lbNU, LineDontBreak
+			}
+		}
+	}
+
+	// LB30 (part one).
+	if rule > 300 {
+		if (state == lbAL || state == lbHL || state == lbNU || state == lbNUNU) && nextProperty == prOP {
+			ea := property(eastAsianWidth, r)
+			if ea != prF && ea != prW && ea != prH {
+				return lbOP, LineDontBreak
+			}
+		} else if isCPeaFWH {
+			switch nextProperty {
+			case prAL:
+				return lbAL, LineDontBreak
+			case prHL:
+				return lbHL, LineDontBreak
+			case prNU:
+				return lbNU, LineDontBreak
+			}
+		}
+	}
+
+	// LB30a.
+	if newState == lbAny && nextProperty == prRI {
+		if state != lbOddRI && state != lbEvenRI { // Includes state == -1.
+			// Transition into the first RI.
+			return lbOddRI, lineBreak
+		}
+		if state == lbOddRI {
+			// Don't break pairs of Regional Indicators.
+			return lbEvenRI, LineDontBreak
+		}
+		return lbOddRI, lineBreak
+	}
+
+	// LB30b.
+	if rule > 302 {
+		if nextProperty == prEM {
+			if state == lbEB || state == lbExtPicCn {
+				return prAny, LineDontBreak
+			}
+		}
+		graphemeProperty := property(graphemeCodePoints, r)
+		if graphemeProperty == prExtendedPictographic && generalCategory == gcCn {
+			return lbExtPicCn, LineCanBreak
+		}
+	}
+
+	return
+}
diff --git a/vendor/github.com/rivo/uniseg/properties.go b/vendor/github.com/rivo/uniseg/properties.go
index a75ab58839..bc3c7bcf34 100644
--- a/vendor/github.com/rivo/uniseg/properties.go
+++ b/vendor/github.com/rivo/uniseg/properties.go
@@ -1,10 +1,11 @@
 package uniseg
 
-// The unicode properties. Only the ones needed in the context of this package
-// are included.
+// The Unicode properties as used in the various parsers. Only the ones needed
+// in the context of this package are included.
 const (
-	prAny = iota
-	prPreprend
+	prXX      = 0    // Same as prAny.
+	prAny     = iota // prAny must be 0.
+	prPrepend        // Grapheme properties must come first, to reduce the number of bits stored in the state vector.
 	prCR
 	prLF
 	prControl
@@ -18,1632 +19,128 @@ const (
 	prLVT
 	prZWJ
 	prExtendedPictographic
+	prNewline
+	prWSegSpace
+	prDoubleQuote
+	prSingleQuote
+	prMidNumLet
+	prNumeric
+	prMidLetter
+	prMidNum
+	prExtendNumLet
+	prALetter
+	prFormat
+	prHebrewLetter
+	prKatakana
+	prSp
+	prSTerm
+	prClose
+	prSContinue
+	prATerm
+	prUpper
+	prLower
+	prSep
+	prOLetter
+	prCM
+	prBA
+	prBK
+	prSP
+	prEX
+	prQU
+	prAL
+	prPR
+	prPO
+	prOP
+	prCP
+	prIS
+	prHY
+	prSY
+	prNU
+	prCL
+	prNL
+	prGL
+	prAI
+	prBB
+	prHL
+	prSA
+	prJL
+	prJV
+	prJT
+	prNS
+	prZW
+	prB2
+	prIN
+	prWJ
+	prID
+	prEB
+	prCJ
+	prH2
+	prH3
+	prSG
+	prCB
+	prRI
+	prEM
+	prN
+	prNa
+	prA
+	prW
+	prH
+	prF
+	prEmojiPresentation
 )
 
-// Maps code point ranges to their properties. In the context of this package,
-// any code point that is not contained may map to "prAny". The code point
-// ranges in this slice are numerically sorted.
-//
-// These ranges were taken from
-// http://www.unicode.org/Public/UCD/latest/ucd/auxiliary/GraphemeBreakProperty.txt
-// as well as
-// https://unicode.org/Public/emoji/latest/emoji-data.txt
-// ("Extended_Pictographic" only) on March 11, 2019. See
-// https://www.unicode.org/license.html for the Unicode license agreement.
-var codePoints = [][3]int{
-	{0x0000, 0x0009, prControl},                // Cc  [10] <control-0000>..<control-0009>
-	{0x000A, 0x000A, prLF},                     // Cc       <control-000A>
-	{0x000B, 0x000C, prControl},                // Cc   [2] <control-000B>..<control-000C>
-	{0x000D, 0x000D, prCR},                     // Cc       <control-000D>
-	{0x000E, 0x001F, prControl},                // Cc  [18] <control-000E>..<control-001F>
-	{0x007F, 0x009F, prControl},                // Cc  [33] <control-007F>..<control-009F>
-	{0x00A9, 0x00A9, prExtendedPictographic},   //  1.1  [1] (©�)       copyright
-	{0x00AD, 0x00AD, prControl},                // Cf       SOFT HYPHEN
-	{0x00AE, 0x00AE, prExtendedPictographic},   //  1.1  [1] (®�)       registered
-	{0x0300, 0x036F, prExtend},                 // Mn [112] COMBINING GRAVE ACCENT..COMBINING LATIN SMALL LETTER X
-	{0x0483, 0x0487, prExtend},                 // Mn   [5] COMBINING CYRILLIC TITLO..COMBINING CYRILLIC POKRYTIE
-	{0x0488, 0x0489, prExtend},                 // Me   [2] COMBINING CYRILLIC HUNDRED THOUSANDS SIGN..COMBINING CYRILLIC MILLIONS SIGN
-	{0x0591, 0x05BD, prExtend},                 // Mn  [45] HEBREW ACCENT ETNAHTA..HEBREW POINT METEG
-	{0x05BF, 0x05BF, prExtend},                 // Mn       HEBREW POINT RAFE
-	{0x05C1, 0x05C2, prExtend},                 // Mn   [2] HEBREW POINT SHIN DOT..HEBREW POINT SIN DOT
-	{0x05C4, 0x05C5, prExtend},                 // Mn   [2] HEBREW MARK UPPER DOT..HEBREW MARK LOWER DOT
-	{0x05C7, 0x05C7, prExtend},                 // Mn       HEBREW POINT QAMATS QATAN
-	{0x0600, 0x0605, prPreprend},               // Cf   [6] ARABIC NUMBER SIGN..ARABIC NUMBER MARK ABOVE
-	{0x0610, 0x061A, prExtend},                 // Mn  [11] ARABIC SIGN SALLALLAHOU ALAYHE WASSALLAM..ARABIC SMALL KASRA
-	{0x061C, 0x061C, prControl},                // Cf       ARABIC LETTER MARK
-	{0x064B, 0x065F, prExtend},                 // Mn  [21] ARABIC FATHATAN..ARABIC WAVY HAMZA BELOW
-	{0x0670, 0x0670, prExtend},                 // Mn       ARABIC LETTER SUPERSCRIPT ALEF
-	{0x06D6, 0x06DC, prExtend},                 // Mn   [7] ARABIC SMALL HIGH LIGATURE SAD WITH LAM WITH ALEF MAKSURA..ARABIC SMALL HIGH SEEN
-	{0x06DD, 0x06DD, prPreprend},               // Cf       ARABIC END OF AYAH
-	{0x06DF, 0x06E4, prExtend},                 // Mn   [6] ARABIC SMALL HIGH ROUNDED ZERO..ARABIC SMALL HIGH MADDA
-	{0x06E7, 0x06E8, prExtend},                 // Mn   [2] ARABIC SMALL HIGH YEH..ARABIC SMALL HIGH NOON
-	{0x06EA, 0x06ED, prExtend},                 // Mn   [4] ARABIC EMPTY CENTRE LOW STOP..ARABIC SMALL LOW MEEM
-	{0x070F, 0x070F, prPreprend},               // Cf       SYRIAC ABBREVIATION MARK
-	{0x0711, 0x0711, prExtend},                 // Mn       SYRIAC LETTER SUPERSCRIPT ALAPH
-	{0x0730, 0x074A, prExtend},                 // Mn  [27] SYRIAC PTHAHA ABOVE..SYRIAC BARREKH
-	{0x07A6, 0x07B0, prExtend},                 // Mn  [11] THAANA ABAFILI..THAANA SUKUN
-	{0x07EB, 0x07F3, prExtend},                 // Mn   [9] NKO COMBINING SHORT HIGH TONE..NKO COMBINING DOUBLE DOT ABOVE
-	{0x07FD, 0x07FD, prExtend},                 // Mn       NKO DANTAYALAN
-	{0x0816, 0x0819, prExtend},                 // Mn   [4] SAMARITAN MARK IN..SAMARITAN MARK DAGESH
-	{0x081B, 0x0823, prExtend},                 // Mn   [9] SAMARITAN MARK EPENTHETIC YUT..SAMARITAN VOWEL SIGN A
-	{0x0825, 0x0827, prExtend},                 // Mn   [3] SAMARITAN VOWEL SIGN SHORT A..SAMARITAN VOWEL SIGN U
-	{0x0829, 0x082D, prExtend},                 // Mn   [5] SAMARITAN VOWEL SIGN LONG I..SAMARITAN MARK NEQUDAA
-	{0x0859, 0x085B, prExtend},                 // Mn   [3] MANDAIC AFFRICATION MARK..MANDAIC GEMINATION MARK
-	{0x08D3, 0x08E1, prExtend},                 // Mn  [15] ARABIC SMALL LOW WAW..ARABIC SMALL HIGH SIGN SAFHA
-	{0x08E2, 0x08E2, prPreprend},               // Cf       ARABIC DISPUTED END OF AYAH
-	{0x08E3, 0x0902, prExtend},                 // Mn  [32] ARABIC TURNED DAMMA BELOW..DEVANAGARI SIGN ANUSVARA
-	{0x0903, 0x0903, prSpacingMark},            // Mc       DEVANAGARI SIGN VISARGA
-	{0x093A, 0x093A, prExtend},                 // Mn       DEVANAGARI VOWEL SIGN OE
-	{0x093B, 0x093B, prSpacingMark},            // Mc       DEVANAGARI VOWEL SIGN OOE
-	{0x093C, 0x093C, prExtend},                 // Mn       DEVANAGARI SIGN NUKTA
-	{0x093E, 0x0940, prSpacingMark},            // Mc   [3] DEVANAGARI VOWEL SIGN AA..DEVANAGARI VOWEL SIGN II
-	{0x0941, 0x0948, prExtend},                 // Mn   [8] DEVANAGARI VOWEL SIGN U..DEVANAGARI VOWEL SIGN AI
-	{0x0949, 0x094C, prSpacingMark},            // Mc   [4] DEVANAGARI VOWEL SIGN CANDRA O..DEVANAGARI VOWEL SIGN AU
-	{0x094D, 0x094D, prExtend},                 // Mn       DEVANAGARI SIGN VIRAMA
-	{0x094E, 0x094F, prSpacingMark},            // Mc   [2] DEVANAGARI VOWEL SIGN PRISHTHAMATRA E..DEVANAGARI VOWEL SIGN AW
-	{0x0951, 0x0957, prExtend},                 // Mn   [7] DEVANAGARI STRESS SIGN UDATTA..DEVANAGARI VOWEL SIGN UUE
-	{0x0962, 0x0963, prExtend},                 // Mn   [2] DEVANAGARI VOWEL SIGN VOCALIC L..DEVANAGARI VOWEL SIGN VOCALIC LL
-	{0x0981, 0x0981, prExtend},                 // Mn       BENGALI SIGN CANDRABINDU
-	{0x0982, 0x0983, prSpacingMark},            // Mc   [2] BENGALI SIGN ANUSVARA..BENGALI SIGN VISARGA
-	{0x09BC, 0x09BC, prExtend},                 // Mn       BENGALI SIGN NUKTA
-	{0x09BE, 0x09BE, prExtend},                 // Mc       BENGALI VOWEL SIGN AA
-	{0x09BF, 0x09C0, prSpacingMark},            // Mc   [2] BENGALI VOWEL SIGN I..BENGALI VOWEL SIGN II
-	{0x09C1, 0x09C4, prExtend},                 // Mn   [4] BENGALI VOWEL SIGN U..BENGALI VOWEL SIGN VOCALIC RR
-	{0x09C7, 0x09C8, prSpacingMark},            // Mc   [2] BENGALI VOWEL SIGN E..BENGALI VOWEL SIGN AI
-	{0x09CB, 0x09CC, prSpacingMark},            // Mc   [2] BENGALI VOWEL SIGN O..BENGALI VOWEL SIGN AU
-	{0x09CD, 0x09CD, prExtend},                 // Mn       BENGALI SIGN VIRAMA
-	{0x09D7, 0x09D7, prExtend},                 // Mc       BENGALI AU LENGTH MARK
-	{0x09E2, 0x09E3, prExtend},                 // Mn   [2] BENGALI VOWEL SIGN VOCALIC L..BENGALI VOWEL SIGN VOCALIC LL
-	{0x09FE, 0x09FE, prExtend},                 // Mn       BENGALI SANDHI MARK
-	{0x0A01, 0x0A02, prExtend},                 // Mn   [2] GURMUKHI SIGN ADAK BINDI..GURMUKHI SIGN BINDI
-	{0x0A03, 0x0A03, prSpacingMark},            // Mc       GURMUKHI SIGN VISARGA
-	{0x0A3C, 0x0A3C, prExtend},                 // Mn       GURMUKHI SIGN NUKTA
-	{0x0A3E, 0x0A40, prSpacingMark},            // Mc   [3] GURMUKHI VOWEL SIGN AA..GURMUKHI VOWEL SIGN II
-	{0x0A41, 0x0A42, prExtend},                 // Mn   [2] GURMUKHI VOWEL SIGN U..GURMUKHI VOWEL SIGN UU
-	{0x0A47, 0x0A48, prExtend},                 // Mn   [2] GURMUKHI VOWEL SIGN EE..GURMUKHI VOWEL SIGN AI
-	{0x0A4B, 0x0A4D, prExtend},                 // Mn   [3] GURMUKHI VOWEL SIGN OO..GURMUKHI SIGN VIRAMA
-	{0x0A51, 0x0A51, prExtend},                 // Mn       GURMUKHI SIGN UDAAT
-	{0x0A70, 0x0A71, prExtend},                 // Mn   [2] GURMUKHI TIPPI..GURMUKHI ADDAK
-	{0x0A75, 0x0A75, prExtend},                 // Mn       GURMUKHI SIGN YAKASH
-	{0x0A81, 0x0A82, prExtend},                 // Mn   [2] GUJARATI SIGN CANDRABINDU..GUJARATI SIGN ANUSVARA
-	{0x0A83, 0x0A83, prSpacingMark},            // Mc       GUJARATI SIGN VISARGA
-	{0x0ABC, 0x0ABC, prExtend},                 // Mn       GUJARATI SIGN NUKTA
-	{0x0ABE, 0x0AC0, prSpacingMark},            // Mc   [3] GUJARATI VOWEL SIGN AA..GUJARATI VOWEL SIGN II
-	{0x0AC1, 0x0AC5, prExtend},                 // Mn   [5] GUJARATI VOWEL SIGN U..GUJARATI VOWEL SIGN CANDRA E
-	{0x0AC7, 0x0AC8, prExtend},                 // Mn   [2] GUJARATI VOWEL SIGN E..GUJARATI VOWEL SIGN AI
-	{0x0AC9, 0x0AC9, prSpacingMark},            // Mc       GUJARATI VOWEL SIGN CANDRA O
-	{0x0ACB, 0x0ACC, prSpacingMark},            // Mc   [2] GUJARATI VOWEL SIGN O..GUJARATI VOWEL SIGN AU
-	{0x0ACD, 0x0ACD, prExtend},                 // Mn       GUJARATI SIGN VIRAMA
-	{0x0AE2, 0x0AE3, prExtend},                 // Mn   [2] GUJARATI VOWEL SIGN VOCALIC L..GUJARATI VOWEL SIGN VOCALIC LL
-	{0x0AFA, 0x0AFF, prExtend},                 // Mn   [6] GUJARATI SIGN SUKUN..GUJARATI SIGN TWO-CIRCLE NUKTA ABOVE
-	{0x0B01, 0x0B01, prExtend},                 // Mn       ORIYA SIGN CANDRABINDU
-	{0x0B02, 0x0B03, prSpacingMark},            // Mc   [2] ORIYA SIGN ANUSVARA..ORIYA SIGN VISARGA
-	{0x0B3C, 0x0B3C, prExtend},                 // Mn       ORIYA SIGN NUKTA
-	{0x0B3E, 0x0B3E, prExtend},                 // Mc       ORIYA VOWEL SIGN AA
-	{0x0B3F, 0x0B3F, prExtend},                 // Mn       ORIYA VOWEL SIGN I
-	{0x0B40, 0x0B40, prSpacingMark},            // Mc       ORIYA VOWEL SIGN II
-	{0x0B41, 0x0B44, prExtend},                 // Mn   [4] ORIYA VOWEL SIGN U..ORIYA VOWEL SIGN VOCALIC RR
-	{0x0B47, 0x0B48, prSpacingMark},            // Mc   [2] ORIYA VOWEL SIGN E..ORIYA VOWEL SIGN AI
-	{0x0B4B, 0x0B4C, prSpacingMark},            // Mc   [2] ORIYA VOWEL SIGN O..ORIYA VOWEL SIGN AU
-	{0x0B4D, 0x0B4D, prExtend},                 // Mn       ORIYA SIGN VIRAMA
-	{0x0B56, 0x0B56, prExtend},                 // Mn       ORIYA AI LENGTH MARK
-	{0x0B57, 0x0B57, prExtend},                 // Mc       ORIYA AU LENGTH MARK
-	{0x0B62, 0x0B63, prExtend},                 // Mn   [2] ORIYA VOWEL SIGN VOCALIC L..ORIYA VOWEL SIGN VOCALIC LL
-	{0x0B82, 0x0B82, prExtend},                 // Mn       TAMIL SIGN ANUSVARA
-	{0x0BBE, 0x0BBE, prExtend},                 // Mc       TAMIL VOWEL SIGN AA
-	{0x0BBF, 0x0BBF, prSpacingMark},            // Mc       TAMIL VOWEL SIGN I
-	{0x0BC0, 0x0BC0, prExtend},                 // Mn       TAMIL VOWEL SIGN II
-	{0x0BC1, 0x0BC2, prSpacingMark},            // Mc   [2] TAMIL VOWEL SIGN U..TAMIL VOWEL SIGN UU
-	{0x0BC6, 0x0BC8, prSpacingMark},            // Mc   [3] TAMIL VOWEL SIGN E..TAMIL VOWEL SIGN AI
-	{0x0BCA, 0x0BCC, prSpacingMark},            // Mc   [3] TAMIL VOWEL SIGN O..TAMIL VOWEL SIGN AU
-	{0x0BCD, 0x0BCD, prExtend},                 // Mn       TAMIL SIGN VIRAMA
-	{0x0BD7, 0x0BD7, prExtend},                 // Mc       TAMIL AU LENGTH MARK
-	{0x0C00, 0x0C00, prExtend},                 // Mn       TELUGU SIGN COMBINING CANDRABINDU ABOVE
-	{0x0C01, 0x0C03, prSpacingMark},            // Mc   [3] TELUGU SIGN CANDRABINDU..TELUGU SIGN VISARGA
-	{0x0C04, 0x0C04, prExtend},                 // Mn       TELUGU SIGN COMBINING ANUSVARA ABOVE
-	{0x0C3E, 0x0C40, prExtend},                 // Mn   [3] TELUGU VOWEL SIGN AA..TELUGU VOWEL SIGN II
-	{0x0C41, 0x0C44, prSpacingMark},            // Mc   [4] TELUGU VOWEL SIGN U..TELUGU VOWEL SIGN VOCALIC RR
-	{0x0C46, 0x0C48, prExtend},                 // Mn   [3] TELUGU VOWEL SIGN E..TELUGU VOWEL SIGN AI
-	{0x0C4A, 0x0C4D, prExtend},                 // Mn   [4] TELUGU VOWEL SIGN O..TELUGU SIGN VIRAMA
-	{0x0C55, 0x0C56, prExtend},                 // Mn   [2] TELUGU LENGTH MARK..TELUGU AI LENGTH MARK
-	{0x0C62, 0x0C63, prExtend},                 // Mn   [2] TELUGU VOWEL SIGN VOCALIC L..TELUGU VOWEL SIGN VOCALIC LL
-	{0x0C81, 0x0C81, prExtend},                 // Mn       KANNADA SIGN CANDRABINDU
-	{0x0C82, 0x0C83, prSpacingMark},            // Mc   [2] KANNADA SIGN ANUSVARA..KANNADA SIGN VISARGA
-	{0x0CBC, 0x0CBC, prExtend},                 // Mn       KANNADA SIGN NUKTA
-	{0x0CBE, 0x0CBE, prSpacingMark},            // Mc       KANNADA VOWEL SIGN AA
-	{0x0CBF, 0x0CBF, prExtend},                 // Mn       KANNADA VOWEL SIGN I
-	{0x0CC0, 0x0CC1, prSpacingMark},            // Mc   [2] KANNADA VOWEL SIGN II..KANNADA VOWEL SIGN U
-	{0x0CC2, 0x0CC2, prExtend},                 // Mc       KANNADA VOWEL SIGN UU
-	{0x0CC3, 0x0CC4, prSpacingMark},            // Mc   [2] KANNADA VOWEL SIGN VOCALIC R..KANNADA VOWEL SIGN VOCALIC RR
-	{0x0CC6, 0x0CC6, prExtend},                 // Mn       KANNADA VOWEL SIGN E
-	{0x0CC7, 0x0CC8, prSpacingMark},            // Mc   [2] KANNADA VOWEL SIGN EE..KANNADA VOWEL SIGN AI
-	{0x0CCA, 0x0CCB, prSpacingMark},            // Mc   [2] KANNADA VOWEL SIGN O..KANNADA VOWEL SIGN OO
-	{0x0CCC, 0x0CCD, prExtend},                 // Mn   [2] KANNADA VOWEL SIGN AU..KANNADA SIGN VIRAMA
-	{0x0CD5, 0x0CD6, prExtend},                 // Mc   [2] KANNADA LENGTH MARK..KANNADA AI LENGTH MARK
-	{0x0CE2, 0x0CE3, prExtend},                 // Mn   [2] KANNADA VOWEL SIGN VOCALIC L..KANNADA VOWEL SIGN VOCALIC LL
-	{0x0D00, 0x0D01, prExtend},                 // Mn   [2] MALAYALAM SIGN COMBINING ANUSVARA ABOVE..MALAYALAM SIGN CANDRABINDU
-	{0x0D02, 0x0D03, prSpacingMark},            // Mc   [2] MALAYALAM SIGN ANUSVARA..MALAYALAM SIGN VISARGA
-	{0x0D3B, 0x0D3C, prExtend},                 // Mn   [2] MALAYALAM SIGN VERTICAL BAR VIRAMA..MALAYALAM SIGN CIRCULAR VIRAMA
-	{0x0D3E, 0x0D3E, prExtend},                 // Mc       MALAYALAM VOWEL SIGN AA
-	{0x0D3F, 0x0D40, prSpacingMark},            // Mc   [2] MALAYALAM VOWEL SIGN I..MALAYALAM VOWEL SIGN II
-	{0x0D41, 0x0D44, prExtend},                 // Mn   [4] MALAYALAM VOWEL SIGN U..MALAYALAM VOWEL SIGN VOCALIC RR
-	{0x0D46, 0x0D48, prSpacingMark},            // Mc   [3] MALAYALAM VOWEL SIGN E..MALAYALAM VOWEL SIGN AI
-	{0x0D4A, 0x0D4C, prSpacingMark},            // Mc   [3] MALAYALAM VOWEL SIGN O..MALAYALAM VOWEL SIGN AU
-	{0x0D4D, 0x0D4D, prExtend},                 // Mn       MALAYALAM SIGN VIRAMA
-	{0x0D4E, 0x0D4E, prPreprend},               // Lo       MALAYALAM LETTER DOT REPH
-	{0x0D57, 0x0D57, prExtend},                 // Mc       MALAYALAM AU LENGTH MARK
-	{0x0D62, 0x0D63, prExtend},                 // Mn   [2] MALAYALAM VOWEL SIGN VOCALIC L..MALAYALAM VOWEL SIGN VOCALIC LL
-	{0x0D82, 0x0D83, prSpacingMark},            // Mc   [2] SINHALA SIGN ANUSVARAYA..SINHALA SIGN VISARGAYA
-	{0x0DCA, 0x0DCA, prExtend},                 // Mn       SINHALA SIGN AL-LAKUNA
-	{0x0DCF, 0x0DCF, prExtend},                 // Mc       SINHALA VOWEL SIGN AELA-PILLA
-	{0x0DD0, 0x0DD1, prSpacingMark},            // Mc   [2] SINHALA VOWEL SIGN KETTI AEDA-PILLA..SINHALA VOWEL SIGN DIGA AEDA-PILLA
-	{0x0DD2, 0x0DD4, prExtend},                 // Mn   [3] SINHALA VOWEL SIGN KETTI IS-PILLA..SINHALA VOWEL SIGN KETTI PAA-PILLA
-	{0x0DD6, 0x0DD6, prExtend},                 // Mn       SINHALA VOWEL SIGN DIGA PAA-PILLA
-	{0x0DD8, 0x0DDE, prSpacingMark},            // Mc   [7] SINHALA VOWEL SIGN GAETTA-PILLA..SINHALA VOWEL SIGN KOMBUVA HAA GAYANUKITTA
-	{0x0DDF, 0x0DDF, prExtend},                 // Mc       SINHALA VOWEL SIGN GAYANUKITTA
-	{0x0DF2, 0x0DF3, prSpacingMark},            // Mc   [2] SINHALA VOWEL SIGN DIGA GAETTA-PILLA..SINHALA VOWEL SIGN DIGA GAYANUKITTA
-	{0x0E31, 0x0E31, prExtend},                 // Mn       THAI CHARACTER MAI HAN-AKAT
-	{0x0E33, 0x0E33, prSpacingMark},            // Lo       THAI CHARACTER SARA AM
-	{0x0E34, 0x0E3A, prExtend},                 // Mn   [7] THAI CHARACTER SARA I..THAI CHARACTER PHINTHU
-	{0x0E47, 0x0E4E, prExtend},                 // Mn   [8] THAI CHARACTER MAITAIKHU..THAI CHARACTER YAMAKKAN
-	{0x0EB1, 0x0EB1, prExtend},                 // Mn       LAO VOWEL SIGN MAI KAN
-	{0x0EB3, 0x0EB3, prSpacingMark},            // Lo       LAO VOWEL SIGN AM
-	{0x0EB4, 0x0EBC, prExtend},                 // Mn   [9] LAO VOWEL SIGN I..LAO SEMIVOWEL SIGN LO
-	{0x0EC8, 0x0ECD, prExtend},                 // Mn   [6] LAO TONE MAI EK..LAO NIGGAHITA
-	{0x0F18, 0x0F19, prExtend},                 // Mn   [2] TIBETAN ASTROLOGICAL SIGN -KHYUD PA..TIBETAN ASTROLOGICAL SIGN SDONG TSHUGS
-	{0x0F35, 0x0F35, prExtend},                 // Mn       TIBETAN MARK NGAS BZUNG NYI ZLA
-	{0x0F37, 0x0F37, prExtend},                 // Mn       TIBETAN MARK NGAS BZUNG SGOR RTAGS
-	{0x0F39, 0x0F39, prExtend},                 // Mn       TIBETAN MARK TSA -PHRU
-	{0x0F3E, 0x0F3F, prSpacingMark},            // Mc   [2] TIBETAN SIGN YAR TSHES..TIBETAN SIGN MAR TSHES
-	{0x0F71, 0x0F7E, prExtend},                 // Mn  [14] TIBETAN VOWEL SIGN AA..TIBETAN SIGN RJES SU NGA RO
-	{0x0F7F, 0x0F7F, prSpacingMark},            // Mc       TIBETAN SIGN RNAM BCAD
-	{0x0F80, 0x0F84, prExtend},                 // Mn   [5] TIBETAN VOWEL SIGN REVERSED I..TIBETAN MARK HALANTA
-	{0x0F86, 0x0F87, prExtend},                 // Mn   [2] TIBETAN SIGN LCI RTAGS..TIBETAN SIGN YANG RTAGS
-	{0x0F8D, 0x0F97, prExtend},                 // Mn  [11] TIBETAN SUBJOINED SIGN LCE TSA CAN..TIBETAN SUBJOINED LETTER JA
-	{0x0F99, 0x0FBC, prExtend},                 // Mn  [36] TIBETAN SUBJOINED LETTER NYA..TIBETAN SUBJOINED LETTER FIXED-FORM RA
-	{0x0FC6, 0x0FC6, prExtend},                 // Mn       TIBETAN SYMBOL PADMA GDAN
-	{0x102D, 0x1030, prExtend},                 // Mn   [4] MYANMAR VOWEL SIGN I..MYANMAR VOWEL SIGN UU
-	{0x1031, 0x1031, prSpacingMark},            // Mc       MYANMAR VOWEL SIGN E
-	{0x1032, 0x1037, prExtend},                 // Mn   [6] MYANMAR VOWEL SIGN AI..MYANMAR SIGN DOT BELOW
-	{0x1039, 0x103A, prExtend},                 // Mn   [2] MYANMAR SIGN VIRAMA..MYANMAR SIGN ASAT
-	{0x103B, 0x103C, prSpacingMark},            // Mc   [2] MYANMAR CONSONANT SIGN MEDIAL YA..MYANMAR CONSONANT SIGN MEDIAL RA
-	{0x103D, 0x103E, prExtend},                 // Mn   [2] MYANMAR CONSONANT SIGN MEDIAL WA..MYANMAR CONSONANT SIGN MEDIAL HA
-	{0x1056, 0x1057, prSpacingMark},            // Mc   [2] MYANMAR VOWEL SIGN VOCALIC R..MYANMAR VOWEL SIGN VOCALIC RR
-	{0x1058, 0x1059, prExtend},                 // Mn   [2] MYANMAR VOWEL SIGN VOCALIC L..MYANMAR VOWEL SIGN VOCALIC LL
-	{0x105E, 0x1060, prExtend},                 // Mn   [3] MYANMAR CONSONANT SIGN MON MEDIAL NA..MYANMAR CONSONANT SIGN MON MEDIAL LA
-	{0x1071, 0x1074, prExtend},                 // Mn   [4] MYANMAR VOWEL SIGN GEBA KAREN I..MYANMAR VOWEL SIGN KAYAH EE
-	{0x1082, 0x1082, prExtend},                 // Mn       MYANMAR CONSONANT SIGN SHAN MEDIAL WA
-	{0x1084, 0x1084, prSpacingMark},            // Mc       MYANMAR VOWEL SIGN SHAN E
-	{0x1085, 0x1086, prExtend},                 // Mn   [2] MYANMAR VOWEL SIGN SHAN E ABOVE..MYANMAR VOWEL SIGN SHAN FINAL Y
-	{0x108D, 0x108D, prExtend},                 // Mn       MYANMAR SIGN SHAN COUNCIL EMPHATIC TONE
-	{0x109D, 0x109D, prExtend},                 // Mn       MYANMAR VOWEL SIGN AITON AI
-	{0x1100, 0x115F, prL},                      // Lo  [96] HANGUL CHOSEONG KIYEOK..HANGUL CHOSEONG FILLER
-	{0x1160, 0x11A7, prV},                      // Lo  [72] HANGUL JUNGSEONG FILLER..HANGUL JUNGSEONG O-YAE
-	{0x11A8, 0x11FF, prT},                      // Lo  [88] HANGUL JONGSEONG KIYEOK..HANGUL JONGSEONG SSANGNIEUN
-	{0x135D, 0x135F, prExtend},                 // Mn   [3] ETHIOPIC COMBINING GEMINATION AND VOWEL LENGTH MARK..ETHIOPIC COMBINING GEMINATION MARK
-	{0x1712, 0x1714, prExtend},                 // Mn   [3] TAGALOG VOWEL SIGN I..TAGALOG SIGN VIRAMA
-	{0x1732, 0x1734, prExtend},                 // Mn   [3] HANUNOO VOWEL SIGN I..HANUNOO SIGN PAMUDPOD
-	{0x1752, 0x1753, prExtend},                 // Mn   [2] BUHID VOWEL SIGN I..BUHID VOWEL SIGN U
-	{0x1772, 0x1773, prExtend},                 // Mn   [2] TAGBANWA VOWEL SIGN I..TAGBANWA VOWEL SIGN U
-	{0x17B4, 0x17B5, prExtend},                 // Mn   [2] KHMER VOWEL INHERENT AQ..KHMER VOWEL INHERENT AA
-	{0x17B6, 0x17B6, prSpacingMark},            // Mc       KHMER VOWEL SIGN AA
-	{0x17B7, 0x17BD, prExtend},                 // Mn   [7] KHMER VOWEL SIGN I..KHMER VOWEL SIGN UA
-	{0x17BE, 0x17C5, prSpacingMark},            // Mc   [8] KHMER VOWEL SIGN OE..KHMER VOWEL SIGN AU
-	{0x17C6, 0x17C6, prExtend},                 // Mn       KHMER SIGN NIKAHIT
-	{0x17C7, 0x17C8, prSpacingMark},            // Mc   [2] KHMER SIGN REAHMUK..KHMER SIGN YUUKALEAPINTU
-	{0x17C9, 0x17D3, prExtend},                 // Mn  [11] KHMER SIGN MUUSIKATOAN..KHMER SIGN BATHAMASAT
-	{0x17DD, 0x17DD, prExtend},                 // Mn       KHMER SIGN ATTHACAN
-	{0x180B, 0x180D, prExtend},                 // Mn   [3] MONGOLIAN FREE VARIATION SELECTOR ONE..MONGOLIAN FREE VARIATION SELECTOR THREE
-	{0x180E, 0x180E, prControl},                // Cf       MONGOLIAN VOWEL SEPARATOR
-	{0x1885, 0x1886, prExtend},                 // Mn   [2] MONGOLIAN LETTER ALI GALI BALUDA..MONGOLIAN LETTER ALI GALI THREE BALUDA
-	{0x18A9, 0x18A9, prExtend},                 // Mn       MONGOLIAN LETTER ALI GALI DAGALGA
-	{0x1920, 0x1922, prExtend},                 // Mn   [3] LIMBU VOWEL SIGN A..LIMBU VOWEL SIGN U
-	{0x1923, 0x1926, prSpacingMark},            // Mc   [4] LIMBU VOWEL SIGN EE..LIMBU VOWEL SIGN AU
-	{0x1927, 0x1928, prExtend},                 // Mn   [2] LIMBU VOWEL SIGN E..LIMBU VOWEL SIGN O
-	{0x1929, 0x192B, prSpacingMark},            // Mc   [3] LIMBU SUBJOINED LETTER YA..LIMBU SUBJOINED LETTER WA
-	{0x1930, 0x1931, prSpacingMark},            // Mc   [2] LIMBU SMALL LETTER KA..LIMBU SMALL LETTER NGA
-	{0x1932, 0x1932, prExtend},                 // Mn       LIMBU SMALL LETTER ANUSVARA
-	{0x1933, 0x1938, prSpacingMark},            // Mc   [6] LIMBU SMALL LETTER TA..LIMBU SMALL LETTER LA
-	{0x1939, 0x193B, prExtend},                 // Mn   [3] LIMBU SIGN MUKPHRENG..LIMBU SIGN SA-I
-	{0x1A17, 0x1A18, prExtend},                 // Mn   [2] BUGINESE VOWEL SIGN I..BUGINESE VOWEL SIGN U
-	{0x1A19, 0x1A1A, prSpacingMark},            // Mc   [2] BUGINESE VOWEL SIGN E..BUGINESE VOWEL SIGN O
-	{0x1A1B, 0x1A1B, prExtend},                 // Mn       BUGINESE VOWEL SIGN AE
-	{0x1A55, 0x1A55, prSpacingMark},            // Mc       TAI THAM CONSONANT SIGN MEDIAL RA
-	{0x1A56, 0x1A56, prExtend},                 // Mn       TAI THAM CONSONANT SIGN MEDIAL LA
-	{0x1A57, 0x1A57, prSpacingMark},            // Mc       TAI THAM CONSONANT SIGN LA TANG LAI
-	{0x1A58, 0x1A5E, prExtend},                 // Mn   [7] TAI THAM SIGN MAI KANG LAI..TAI THAM CONSONANT SIGN SA
-	{0x1A60, 0x1A60, prExtend},                 // Mn       TAI THAM SIGN SAKOT
-	{0x1A62, 0x1A62, prExtend},                 // Mn       TAI THAM VOWEL SIGN MAI SAT
-	{0x1A65, 0x1A6C, prExtend},                 // Mn   [8] TAI THAM VOWEL SIGN I..TAI THAM VOWEL SIGN OA BELOW
-	{0x1A6D, 0x1A72, prSpacingMark},            // Mc   [6] TAI THAM VOWEL SIGN OY..TAI THAM VOWEL SIGN THAM AI
-	{0x1A73, 0x1A7C, prExtend},                 // Mn  [10] TAI THAM VOWEL SIGN OA ABOVE..TAI THAM SIGN KHUEN-LUE KARAN
-	{0x1A7F, 0x1A7F, prExtend},                 // Mn       TAI THAM COMBINING CRYPTOGRAMMIC DOT
-	{0x1AB0, 0x1ABD, prExtend},                 // Mn  [14] COMBINING DOUBLED CIRCUMFLEX ACCENT..COMBINING PARENTHESES BELOW
-	{0x1ABE, 0x1ABE, prExtend},                 // Me       COMBINING PARENTHESES OVERLAY
-	{0x1B00, 0x1B03, prExtend},                 // Mn   [4] BALINESE SIGN ULU RICEM..BALINESE SIGN SURANG
-	{0x1B04, 0x1B04, prSpacingMark},            // Mc       BALINESE SIGN BISAH
-	{0x1B34, 0x1B34, prExtend},                 // Mn       BALINESE SIGN REREKAN
-	{0x1B35, 0x1B35, prExtend},                 // Mc       BALINESE VOWEL SIGN TEDUNG
-	{0x1B36, 0x1B3A, prExtend},                 // Mn   [5] BALINESE VOWEL SIGN ULU..BALINESE VOWEL SIGN RA REPA
-	{0x1B3B, 0x1B3B, prSpacingMark},            // Mc       BALINESE VOWEL SIGN RA REPA TEDUNG
-	{0x1B3C, 0x1B3C, prExtend},                 // Mn       BALINESE VOWEL SIGN LA LENGA
-	{0x1B3D, 0x1B41, prSpacingMark},            // Mc   [5] BALINESE VOWEL SIGN LA LENGA TEDUNG..BALINESE VOWEL SIGN TALING REPA TEDUNG
-	{0x1B42, 0x1B42, prExtend},                 // Mn       BALINESE VOWEL SIGN PEPET
-	{0x1B43, 0x1B44, prSpacingMark},            // Mc   [2] BALINESE VOWEL SIGN PEPET TEDUNG..BALINESE ADEG ADEG
-	{0x1B6B, 0x1B73, prExtend},                 // Mn   [9] BALINESE MUSICAL SYMBOL COMBINING TEGEH..BALINESE MUSICAL SYMBOL COMBINING GONG
-	{0x1B80, 0x1B81, prExtend},                 // Mn   [2] SUNDANESE SIGN PANYECEK..SUNDANESE SIGN PANGLAYAR
-	{0x1B82, 0x1B82, prSpacingMark},            // Mc       SUNDANESE SIGN PANGWISAD
-	{0x1BA1, 0x1BA1, prSpacingMark},            // Mc       SUNDANESE CONSONANT SIGN PAMINGKAL
-	{0x1BA2, 0x1BA5, prExtend},                 // Mn   [4] SUNDANESE CONSONANT SIGN PANYAKRA..SUNDANESE VOWEL SIGN PANYUKU
-	{0x1BA6, 0x1BA7, prSpacingMark},            // Mc   [2] SUNDANESE VOWEL SIGN PANAELAENG..SUNDANESE VOWEL SIGN PANOLONG
-	{0x1BA8, 0x1BA9, prExtend},                 // Mn   [2] SUNDANESE VOWEL SIGN PAMEPET..SUNDANESE VOWEL SIGN PANEULEUNG
-	{0x1BAA, 0x1BAA, prSpacingMark},            // Mc       SUNDANESE SIGN PAMAAEH
-	{0x1BAB, 0x1BAD, prExtend},                 // Mn   [3] SUNDANESE SIGN VIRAMA..SUNDANESE CONSONANT SIGN PASANGAN WA
-	{0x1BE6, 0x1BE6, prExtend},                 // Mn       BATAK SIGN TOMPI
-	{0x1BE7, 0x1BE7, prSpacingMark},            // Mc       BATAK VOWEL SIGN E
-	{0x1BE8, 0x1BE9, prExtend},                 // Mn   [2] BATAK VOWEL SIGN PAKPAK E..BATAK VOWEL SIGN EE
-	{0x1BEA, 0x1BEC, prSpacingMark},            // Mc   [3] BATAK VOWEL SIGN I..BATAK VOWEL SIGN O
-	{0x1BED, 0x1BED, prExtend},                 // Mn       BATAK VOWEL SIGN KARO O
-	{0x1BEE, 0x1BEE, prSpacingMark},            // Mc       BATAK VOWEL SIGN U
-	{0x1BEF, 0x1BF1, prExtend},                 // Mn   [3] BATAK VOWEL SIGN U FOR SIMALUNGUN SA..BATAK CONSONANT SIGN H
-	{0x1BF2, 0x1BF3, prSpacingMark},            // Mc   [2] BATAK PANGOLAT..BATAK PANONGONAN
-	{0x1C24, 0x1C2B, prSpacingMark},            // Mc   [8] LEPCHA SUBJOINED LETTER YA..LEPCHA VOWEL SIGN UU
-	{0x1C2C, 0x1C33, prExtend},                 // Mn   [8] LEPCHA VOWEL SIGN E..LEPCHA CONSONANT SIGN T
-	{0x1C34, 0x1C35, prSpacingMark},            // Mc   [2] LEPCHA CONSONANT SIGN NYIN-DO..LEPCHA CONSONANT SIGN KANG
-	{0x1C36, 0x1C37, prExtend},                 // Mn   [2] LEPCHA SIGN RAN..LEPCHA SIGN NUKTA
-	{0x1CD0, 0x1CD2, prExtend},                 // Mn   [3] VEDIC TONE KARSHANA..VEDIC TONE PRENKHA
-	{0x1CD4, 0x1CE0, prExtend},                 // Mn  [13] VEDIC SIGN YAJURVEDIC MIDLINE SVARITA..VEDIC TONE RIGVEDIC KASHMIRI INDEPENDENT SVARITA
-	{0x1CE1, 0x1CE1, prSpacingMark},            // Mc       VEDIC TONE ATHARVAVEDIC INDEPENDENT SVARITA
-	{0x1CE2, 0x1CE8, prExtend},                 // Mn   [7] VEDIC SIGN VISARGA SVARITA..VEDIC SIGN VISARGA ANUDATTA WITH TAIL
-	{0x1CED, 0x1CED, prExtend},                 // Mn       VEDIC SIGN TIRYAK
-	{0x1CF4, 0x1CF4, prExtend},                 // Mn       VEDIC TONE CANDRA ABOVE
-	{0x1CF7, 0x1CF7, prSpacingMark},            // Mc       VEDIC SIGN ATIKRAMA
-	{0x1CF8, 0x1CF9, prExtend},                 // Mn   [2] VEDIC TONE RING ABOVE..VEDIC TONE DOUBLE RING ABOVE
-	{0x1DC0, 0x1DF9, prExtend},                 // Mn  [58] COMBINING DOTTED GRAVE ACCENT..COMBINING WIDE INVERTED BRIDGE BELOW
-	{0x1DFB, 0x1DFF, prExtend},                 // Mn   [5] COMBINING DELETION MARK..COMBINING RIGHT ARROWHEAD AND DOWN ARROWHEAD BELOW
-	{0x200B, 0x200B, prControl},                // Cf       ZERO WIDTH SPACE
-	{0x200C, 0x200C, prExtend},                 // Cf       ZERO WIDTH NON-JOINER
-	{0x200D, 0x200D, prZWJ},                    // Cf       ZERO WIDTH JOINER
-	{0x200E, 0x200F, prControl},                // Cf   [2] LEFT-TO-RIGHT MARK..RIGHT-TO-LEFT MARK
-	{0x2028, 0x2028, prControl},                // Zl       LINE SEPARATOR
-	{0x2029, 0x2029, prControl},                // Zp       PARAGRAPH SEPARATOR
-	{0x202A, 0x202E, prControl},                // Cf   [5] LEFT-TO-RIGHT EMBEDDING..RIGHT-TO-LEFT OVERRIDE
-	{0x203C, 0x203C, prExtendedPictographic},   //  1.1  [1] (‼�)       double exclamation mark
-	{0x2049, 0x2049, prExtendedPictographic},   //  3.0  [1] (��)       exclamation question mark
-	{0x2060, 0x2064, prControl},                // Cf   [5] WORD JOINER..INVISIBLE PLUS
-	{0x2065, 0x2065, prControl},                // Cn       <reserved-2065>
-	{0x2066, 0x206F, prControl},                // Cf  [10] LEFT-TO-RIGHT ISOLATE..NOMINAL DIGIT SHAPES
-	{0x20D0, 0x20DC, prExtend},                 // Mn  [13] COMBINING LEFT HARPOON ABOVE..COMBINING FOUR DOTS ABOVE
-	{0x20DD, 0x20E0, prExtend},                 // Me   [4] COMBINING ENCLOSING CIRCLE..COMBINING ENCLOSING CIRCLE BACKSLASH
-	{0x20E1, 0x20E1, prExtend},                 // Mn       COMBINING LEFT RIGHT ARROW ABOVE
-	{0x20E2, 0x20E4, prExtend},                 // Me   [3] COMBINING ENCLOSING SCREEN..COMBINING ENCLOSING UPWARD POINTING TRIANGLE
-	{0x20E5, 0x20F0, prExtend},                 // Mn  [12] COMBINING REVERSE SOLIDUS OVERLAY..COMBINING ASTERISK ABOVE
-	{0x2122, 0x2122, prExtendedPictographic},   //  1.1  [1] (™�)       trade mark
-	{0x2139, 0x2139, prExtendedPictographic},   //  3.0  [1] (ℹ�)       information
-	{0x2194, 0x2199, prExtendedPictographic},   //  1.1  [6] (↔�..↙�)    left-right arrow..down-left arrow
-	{0x21A9, 0x21AA, prExtendedPictographic},   //  1.1  [2] (↩�..↪�)    right arrow curving left..left arrow curving right
-	{0x231A, 0x231B, prExtendedPictographic},   //  1.1  [2] (⌚..⌛)    watch..hourglass done
-	{0x2328, 0x2328, prExtendedPictographic},   //  1.1  [1] (⌨�)       keyboard
-	{0x2388, 0x2388, prExtendedPictographic},   //  3.0  [1] (⎈)       HELM SYMBOL
-	{0x23CF, 0x23CF, prExtendedPictographic},   //  4.0  [1] (��)       eject button
-	{0x23E9, 0x23F3, prExtendedPictographic},   //  6.0 [11] (�..�)    fast-forward button..hourglass not done
-	{0x23F8, 0x23FA, prExtendedPictographic},   //  7.0  [3] (��..��)    pause button..record button
-	{0x24C2, 0x24C2, prExtendedPictographic},   //  1.1  [1] (Ⓜ�)       circled M
-	{0x25AA, 0x25AB, prExtendedPictographic},   //  1.1  [2] (▪�..▫�)    black small square..white small square
-	{0x25B6, 0x25B6, prExtendedPictographic},   //  1.1  [1] (▶�)       play button
-	{0x25C0, 0x25C0, prExtendedPictographic},   //  1.1  [1] (◀�)       reverse button
-	{0x25FB, 0x25FE, prExtendedPictographic},   //  3.2  [4] (◻�..◾)    white medium square..black medium-small square
-	{0x2600, 0x2605, prExtendedPictographic},   //  1.1  [6] (☀�..★)    sun..BLACK STAR
-	{0x2607, 0x2612, prExtendedPictographic},   //  1.1 [12] (☇..☒)    LIGHTNING..BALLOT BOX WITH X
-	{0x2614, 0x2615, prExtendedPictographic},   //  4.0  [2] (☔..☕)    umbrella with rain drops..hot beverage
-	{0x2616, 0x2617, prExtendedPictographic},   //  3.2  [2] (☖..☗)    WHITE SHOGI PIECE..BLACK SHOGI PIECE
-	{0x2618, 0x2618, prExtendedPictographic},   //  4.1  [1] (☘�)       shamrock
-	{0x2619, 0x2619, prExtendedPictographic},   //  3.0  [1] (☙)       REVERSED ROTATED FLORAL HEART BULLET
-	{0x261A, 0x266F, prExtendedPictographic},   //  1.1 [86] (☚..♯)    BLACK LEFT POINTING INDEX..MUSIC SHARP SIGN
-	{0x2670, 0x2671, prExtendedPictographic},   //  3.0  [2] (â™°..â™±)    WEST SYRIAC CROSS..EAST SYRIAC CROSS
-	{0x2672, 0x267D, prExtendedPictographic},   //  3.2 [12] (♲..♽)    UNIVERSAL RECYCLING SYMBOL..PARTIALLY-RECYCLED PAPER SYMBOL
-	{0x267E, 0x267F, prExtendedPictographic},   //  4.1  [2] (♾�..♿)    infinity..wheelchair symbol
-	{0x2680, 0x2685, prExtendedPictographic},   //  3.2  [6] (⚀..⚅)    DIE FACE-1..DIE FACE-6
-	{0x2690, 0x2691, prExtendedPictographic},   //  4.0  [2] (�..⚑)    WHITE FLAG..BLACK FLAG
-	{0x2692, 0x269C, prExtendedPictographic},   //  4.1 [11] (⚒�..⚜�)    hammer and pick..fleur-de-lis
-	{0x269D, 0x269D, prExtendedPictographic},   //  5.1  [1] (�)       OUTLINED WHITE STAR
-	{0x269E, 0x269F, prExtendedPictographic},   //  5.2  [2] (⚞..⚟)    THREE LINES CONVERGING RIGHT..THREE LINES CONVERGING LEFT
-	{0x26A0, 0x26A1, prExtendedPictographic},   //  4.0  [2] (⚠�..⚡)    warning..high voltage
-	{0x26A2, 0x26B1, prExtendedPictographic},   //  4.1 [16] (⚢..⚱�)    DOUBLED FEMALE SIGN..funeral urn
-	{0x26B2, 0x26B2, prExtendedPictographic},   //  5.0  [1] (âš²)       NEUTER
-	{0x26B3, 0x26BC, prExtendedPictographic},   //  5.1 [10] (âš³..âš¼)    CERES..SESQUIQUADRATE
-	{0x26BD, 0x26BF, prExtendedPictographic},   //  5.2  [3] (âš½..âš¿)    soccer ball..SQUARED KEY
-	{0x26C0, 0x26C3, prExtendedPictographic},   //  5.1  [4] (⛀..⛃)    WHITE DRAUGHTS MAN..BLACK DRAUGHTS KING
-	{0x26C4, 0x26CD, prExtendedPictographic},   //  5.2 [10] (⛄..�)    snowman without snow..DISABLED CAR
-	{0x26CE, 0x26CE, prExtendedPictographic},   //  6.0  [1] (⛎)       Ophiuchus
-	{0x26CF, 0x26E1, prExtendedPictographic},   //  5.2 [19] (��..⛡)    pick..RESTRICTED LEFT ENTRY-2
-	{0x26E2, 0x26E2, prExtendedPictographic},   //  6.0  [1] (⛢)       ASTRONOMICAL SYMBOL FOR URANUS
-	{0x26E3, 0x26E3, prExtendedPictographic},   //  5.2  [1] (⛣)       HEAVY CIRCLE WITH STROKE AND TWO DOTS ABOVE
-	{0x26E4, 0x26E7, prExtendedPictographic},   //  6.0  [4] (⛤..⛧)    PENTAGRAM..INVERTED PENTAGRAM
-	{0x26E8, 0x26FF, prExtendedPictographic},   //  5.2 [24] (⛨..⛿)    BLACK CROSS ON SHIELD..WHITE FLAG WITH HORIZONTAL MIDDLE BLACK STRIPE
-	{0x2700, 0x2700, prExtendedPictographic},   //  7.0  [1] (✀)       BLACK SAFETY SCISSORS
-	{0x2701, 0x2704, prExtendedPictographic},   //  1.1  [4] (�..✄)    UPPER BLADE SCISSORS..WHITE SCISSORS
-	{0x2705, 0x2705, prExtendedPictographic},   //  6.0  [1] (✅)       check mark button
-	{0x2708, 0x2709, prExtendedPictographic},   //  1.1  [2] (✈�..✉�)    airplane..envelope
-	{0x270A, 0x270B, prExtendedPictographic},   //  6.0  [2] (✊..✋)    raised fist..raised hand
-	{0x270C, 0x2712, prExtendedPictographic},   //  1.1  [7] (✌�..✒�)    victory hand..black nib
-	{0x2714, 0x2714, prExtendedPictographic},   //  1.1  [1] (✔�)       check mark
-	{0x2716, 0x2716, prExtendedPictographic},   //  1.1  [1] (✖�)       multiplication sign
-	{0x271D, 0x271D, prExtendedPictographic},   //  1.1  [1] (��)       latin cross
-	{0x2721, 0x2721, prExtendedPictographic},   //  1.1  [1] (✡�)       star of David
-	{0x2728, 0x2728, prExtendedPictographic},   //  6.0  [1] (✨)       sparkles
-	{0x2733, 0x2734, prExtendedPictographic},   //  1.1  [2] (✳�..✴�)    eight-spoked asterisk..eight-pointed star
-	{0x2744, 0x2744, prExtendedPictographic},   //  1.1  [1] (��)       snowflake
-	{0x2747, 0x2747, prExtendedPictographic},   //  1.1  [1] (��)       sparkle
-	{0x274C, 0x274C, prExtendedPictographic},   //  6.0  [1] (�)       cross mark
-	{0x274E, 0x274E, prExtendedPictographic},   //  6.0  [1] (�)       cross mark button
-	{0x2753, 0x2755, prExtendedPictographic},   //  6.0  [3] (�..�)    question mark..white exclamation mark
-	{0x2757, 0x2757, prExtendedPictographic},   //  5.2  [1] (�)       exclamation mark
-	{0x2763, 0x2767, prExtendedPictographic},   //  1.1  [5] (��..�)    heart exclamation..ROTATED FLORAL HEART BULLET
-	{0x2795, 0x2797, prExtendedPictographic},   //  6.0  [3] (âž•..âž—)    plus sign..division sign
-	{0x27A1, 0x27A1, prExtendedPictographic},   //  1.1  [1] (➡�)       right arrow
-	{0x27B0, 0x27B0, prExtendedPictographic},   //  6.0  [1] (âž°)       curly loop
-	{0x27BF, 0x27BF, prExtendedPictographic},   //  6.0  [1] (âž¿)       double curly loop
-	{0x2934, 0x2935, prExtendedPictographic},   //  3.2  [2] (⤴�..⤵�)    right arrow curving up..right arrow curving down
-	{0x2B05, 0x2B07, prExtendedPictographic},   //  4.0  [3] (⬅�..⬇�)    left arrow..down arrow
-	{0x2B1B, 0x2B1C, prExtendedPictographic},   //  5.1  [2] (⬛..⬜)    black large square..white large square
-	{0x2B50, 0x2B50, prExtendedPictographic},   //  5.1  [1] (â­�)       star
-	{0x2B55, 0x2B55, prExtendedPictographic},   //  5.2  [1] (â­•)       hollow red circle
-	{0x2CEF, 0x2CF1, prExtend},                 // Mn   [3] COPTIC COMBINING NI ABOVE..COPTIC COMBINING SPIRITUS LENIS
-	{0x2D7F, 0x2D7F, prExtend},                 // Mn       TIFINAGH CONSONANT JOINER
-	{0x2DE0, 0x2DFF, prExtend},                 // Mn  [32] COMBINING CYRILLIC LETTER BE..COMBINING CYRILLIC LETTER IOTIFIED BIG YUS
-	{0x302A, 0x302D, prExtend},                 // Mn   [4] IDEOGRAPHIC LEVEL TONE MARK..IDEOGRAPHIC ENTERING TONE MARK
-	{0x302E, 0x302F, prExtend},                 // Mc   [2] HANGUL SINGLE DOT TONE MARK..HANGUL DOUBLE DOT TONE MARK
-	{0x3030, 0x3030, prExtendedPictographic},   //  1.1  [1] (〰�)       wavy dash
-	{0x303D, 0x303D, prExtendedPictographic},   //  3.2  [1] (〽�)       part alternation mark
-	{0x3099, 0x309A, prExtend},                 // Mn   [2] COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK..COMBINING KATAKANA-HIRAGANA SEMI-VOICED SOUND MARK
-	{0x3297, 0x3297, prExtendedPictographic},   //  1.1  [1] (㊗�)       Japanese “congratulations� button
-	{0x3299, 0x3299, prExtendedPictographic},   //  1.1  [1] (㊙�)       Japanese “secret� button
-	{0xA66F, 0xA66F, prExtend},                 // Mn       COMBINING CYRILLIC VZMET
-	{0xA670, 0xA672, prExtend},                 // Me   [3] COMBINING CYRILLIC TEN MILLIONS SIGN..COMBINING CYRILLIC THOUSAND MILLIONS SIGN
-	{0xA674, 0xA67D, prExtend},                 // Mn  [10] COMBINING CYRILLIC LETTER UKRAINIAN IE..COMBINING CYRILLIC PAYEROK
-	{0xA69E, 0xA69F, prExtend},                 // Mn   [2] COMBINING CYRILLIC LETTER EF..COMBINING CYRILLIC LETTER IOTIFIED E
-	{0xA6F0, 0xA6F1, prExtend},                 // Mn   [2] BAMUM COMBINING MARK KOQNDON..BAMUM COMBINING MARK TUKWENTIS
-	{0xA802, 0xA802, prExtend},                 // Mn       SYLOTI NAGRI SIGN DVISVARA
-	{0xA806, 0xA806, prExtend},                 // Mn       SYLOTI NAGRI SIGN HASANTA
-	{0xA80B, 0xA80B, prExtend},                 // Mn       SYLOTI NAGRI SIGN ANUSVARA
-	{0xA823, 0xA824, prSpacingMark},            // Mc   [2] SYLOTI NAGRI VOWEL SIGN A..SYLOTI NAGRI VOWEL SIGN I
-	{0xA825, 0xA826, prExtend},                 // Mn   [2] SYLOTI NAGRI VOWEL SIGN U..SYLOTI NAGRI VOWEL SIGN E
-	{0xA827, 0xA827, prSpacingMark},            // Mc       SYLOTI NAGRI VOWEL SIGN OO
-	{0xA880, 0xA881, prSpacingMark},            // Mc   [2] SAURASHTRA SIGN ANUSVARA..SAURASHTRA SIGN VISARGA
-	{0xA8B4, 0xA8C3, prSpacingMark},            // Mc  [16] SAURASHTRA CONSONANT SIGN HAARU..SAURASHTRA VOWEL SIGN AU
-	{0xA8C4, 0xA8C5, prExtend},                 // Mn   [2] SAURASHTRA SIGN VIRAMA..SAURASHTRA SIGN CANDRABINDU
-	{0xA8E0, 0xA8F1, prExtend},                 // Mn  [18] COMBINING DEVANAGARI DIGIT ZERO..COMBINING DEVANAGARI SIGN AVAGRAHA
-	{0xA8FF, 0xA8FF, prExtend},                 // Mn       DEVANAGARI VOWEL SIGN AY
-	{0xA926, 0xA92D, prExtend},                 // Mn   [8] KAYAH LI VOWEL UE..KAYAH LI TONE CALYA PLOPHU
-	{0xA947, 0xA951, prExtend},                 // Mn  [11] REJANG VOWEL SIGN I..REJANG CONSONANT SIGN R
-	{0xA952, 0xA953, prSpacingMark},            // Mc   [2] REJANG CONSONANT SIGN H..REJANG VIRAMA
-	{0xA960, 0xA97C, prL},                      // Lo  [29] HANGUL CHOSEONG TIKEUT-MIEUM..HANGUL CHOSEONG SSANGYEORINHIEUH
-	{0xA980, 0xA982, prExtend},                 // Mn   [3] JAVANESE SIGN PANYANGGA..JAVANESE SIGN LAYAR
-	{0xA983, 0xA983, prSpacingMark},            // Mc       JAVANESE SIGN WIGNYAN
-	{0xA9B3, 0xA9B3, prExtend},                 // Mn       JAVANESE SIGN CECAK TELU
-	{0xA9B4, 0xA9B5, prSpacingMark},            // Mc   [2] JAVANESE VOWEL SIGN TARUNG..JAVANESE VOWEL SIGN TOLONG
-	{0xA9B6, 0xA9B9, prExtend},                 // Mn   [4] JAVANESE VOWEL SIGN WULU..JAVANESE VOWEL SIGN SUKU MENDUT
-	{0xA9BA, 0xA9BB, prSpacingMark},            // Mc   [2] JAVANESE VOWEL SIGN TALING..JAVANESE VOWEL SIGN DIRGA MURE
-	{0xA9BC, 0xA9BD, prExtend},                 // Mn   [2] JAVANESE VOWEL SIGN PEPET..JAVANESE CONSONANT SIGN KERET
-	{0xA9BE, 0xA9C0, prSpacingMark},            // Mc   [3] JAVANESE CONSONANT SIGN PENGKAL..JAVANESE PANGKON
-	{0xA9E5, 0xA9E5, prExtend},                 // Mn       MYANMAR SIGN SHAN SAW
-	{0xAA29, 0xAA2E, prExtend},                 // Mn   [6] CHAM VOWEL SIGN AA..CHAM VOWEL SIGN OE
-	{0xAA2F, 0xAA30, prSpacingMark},            // Mc   [2] CHAM VOWEL SIGN O..CHAM VOWEL SIGN AI
-	{0xAA31, 0xAA32, prExtend},                 // Mn   [2] CHAM VOWEL SIGN AU..CHAM VOWEL SIGN UE
-	{0xAA33, 0xAA34, prSpacingMark},            // Mc   [2] CHAM CONSONANT SIGN YA..CHAM CONSONANT SIGN RA
-	{0xAA35, 0xAA36, prExtend},                 // Mn   [2] CHAM CONSONANT SIGN LA..CHAM CONSONANT SIGN WA
-	{0xAA43, 0xAA43, prExtend},                 // Mn       CHAM CONSONANT SIGN FINAL NG
-	{0xAA4C, 0xAA4C, prExtend},                 // Mn       CHAM CONSONANT SIGN FINAL M
-	{0xAA4D, 0xAA4D, prSpacingMark},            // Mc       CHAM CONSONANT SIGN FINAL H
-	{0xAA7C, 0xAA7C, prExtend},                 // Mn       MYANMAR SIGN TAI LAING TONE-2
-	{0xAAB0, 0xAAB0, prExtend},                 // Mn       TAI VIET MAI KANG
-	{0xAAB2, 0xAAB4, prExtend},                 // Mn   [3] TAI VIET VOWEL I..TAI VIET VOWEL U
-	{0xAAB7, 0xAAB8, prExtend},                 // Mn   [2] TAI VIET MAI KHIT..TAI VIET VOWEL IA
-	{0xAABE, 0xAABF, prExtend},                 // Mn   [2] TAI VIET VOWEL AM..TAI VIET TONE MAI EK
-	{0xAAC1, 0xAAC1, prExtend},                 // Mn       TAI VIET TONE MAI THO
-	{0xAAEB, 0xAAEB, prSpacingMark},            // Mc       MEETEI MAYEK VOWEL SIGN II
-	{0xAAEC, 0xAAED, prExtend},                 // Mn   [2] MEETEI MAYEK VOWEL SIGN UU..MEETEI MAYEK VOWEL SIGN AAI
-	{0xAAEE, 0xAAEF, prSpacingMark},            // Mc   [2] MEETEI MAYEK VOWEL SIGN AU..MEETEI MAYEK VOWEL SIGN AAU
-	{0xAAF5, 0xAAF5, prSpacingMark},            // Mc       MEETEI MAYEK VOWEL SIGN VISARGA
-	{0xAAF6, 0xAAF6, prExtend},                 // Mn       MEETEI MAYEK VIRAMA
-	{0xABE3, 0xABE4, prSpacingMark},            // Mc   [2] MEETEI MAYEK VOWEL SIGN ONAP..MEETEI MAYEK VOWEL SIGN INAP
-	{0xABE5, 0xABE5, prExtend},                 // Mn       MEETEI MAYEK VOWEL SIGN ANAP
-	{0xABE6, 0xABE7, prSpacingMark},            // Mc   [2] MEETEI MAYEK VOWEL SIGN YENAP..MEETEI MAYEK VOWEL SIGN SOUNAP
-	{0xABE8, 0xABE8, prExtend},                 // Mn       MEETEI MAYEK VOWEL SIGN UNAP
-	{0xABE9, 0xABEA, prSpacingMark},            // Mc   [2] MEETEI MAYEK VOWEL SIGN CHEINAP..MEETEI MAYEK VOWEL SIGN NUNG
-	{0xABEC, 0xABEC, prSpacingMark},            // Mc       MEETEI MAYEK LUM IYEK
-	{0xABED, 0xABED, prExtend},                 // Mn       MEETEI MAYEK APUN IYEK
-	{0xAC00, 0xAC00, prLV},                     // Lo       HANGUL SYLLABLE GA
-	{0xAC01, 0xAC1B, prLVT},                    // Lo  [27] HANGUL SYLLABLE GAG..HANGUL SYLLABLE GAH
-	{0xAC1C, 0xAC1C, prLV},                     // Lo       HANGUL SYLLABLE GAE
-	{0xAC1D, 0xAC37, prLVT},                    // Lo  [27] HANGUL SYLLABLE GAEG..HANGUL SYLLABLE GAEH
-	{0xAC38, 0xAC38, prLV},                     // Lo       HANGUL SYLLABLE GYA
-	{0xAC39, 0xAC53, prLVT},                    // Lo  [27] HANGUL SYLLABLE GYAG..HANGUL SYLLABLE GYAH
-	{0xAC54, 0xAC54, prLV},                     // Lo       HANGUL SYLLABLE GYAE
-	{0xAC55, 0xAC6F, prLVT},                    // Lo  [27] HANGUL SYLLABLE GYAEG..HANGUL SYLLABLE GYAEH
-	{0xAC70, 0xAC70, prLV},                     // Lo       HANGUL SYLLABLE GEO
-	{0xAC71, 0xAC8B, prLVT},                    // Lo  [27] HANGUL SYLLABLE GEOG..HANGUL SYLLABLE GEOH
-	{0xAC8C, 0xAC8C, prLV},                     // Lo       HANGUL SYLLABLE GE
-	{0xAC8D, 0xACA7, prLVT},                    // Lo  [27] HANGUL SYLLABLE GEG..HANGUL SYLLABLE GEH
-	{0xACA8, 0xACA8, prLV},                     // Lo       HANGUL SYLLABLE GYEO
-	{0xACA9, 0xACC3, prLVT},                    // Lo  [27] HANGUL SYLLABLE GYEOG..HANGUL SYLLABLE GYEOH
-	{0xACC4, 0xACC4, prLV},                     // Lo       HANGUL SYLLABLE GYE
-	{0xACC5, 0xACDF, prLVT},                    // Lo  [27] HANGUL SYLLABLE GYEG..HANGUL SYLLABLE GYEH
-	{0xACE0, 0xACE0, prLV},                     // Lo       HANGUL SYLLABLE GO
-	{0xACE1, 0xACFB, prLVT},                    // Lo  [27] HANGUL SYLLABLE GOG..HANGUL SYLLABLE GOH
-	{0xACFC, 0xACFC, prLV},                     // Lo       HANGUL SYLLABLE GWA
-	{0xACFD, 0xAD17, prLVT},                    // Lo  [27] HANGUL SYLLABLE GWAG..HANGUL SYLLABLE GWAH
-	{0xAD18, 0xAD18, prLV},                     // Lo       HANGUL SYLLABLE GWAE
-	{0xAD19, 0xAD33, prLVT},                    // Lo  [27] HANGUL SYLLABLE GWAEG..HANGUL SYLLABLE GWAEH
-	{0xAD34, 0xAD34, prLV},                     // Lo       HANGUL SYLLABLE GOE
-	{0xAD35, 0xAD4F, prLVT},                    // Lo  [27] HANGUL SYLLABLE GOEG..HANGUL SYLLABLE GOEH
-	{0xAD50, 0xAD50, prLV},                     // Lo       HANGUL SYLLABLE GYO
-	{0xAD51, 0xAD6B, prLVT},                    // Lo  [27] HANGUL SYLLABLE GYOG..HANGUL SYLLABLE GYOH
-	{0xAD6C, 0xAD6C, prLV},                     // Lo       HANGUL SYLLABLE GU
-	{0xAD6D, 0xAD87, prLVT},                    // Lo  [27] HANGUL SYLLABLE GUG..HANGUL SYLLABLE GUH
-	{0xAD88, 0xAD88, prLV},                     // Lo       HANGUL SYLLABLE GWEO
-	{0xAD89, 0xADA3, prLVT},                    // Lo  [27] HANGUL SYLLABLE GWEOG..HANGUL SYLLABLE GWEOH
-	{0xADA4, 0xADA4, prLV},                     // Lo       HANGUL SYLLABLE GWE
-	{0xADA5, 0xADBF, prLVT},                    // Lo  [27] HANGUL SYLLABLE GWEG..HANGUL SYLLABLE GWEH
-	{0xADC0, 0xADC0, prLV},                     // Lo       HANGUL SYLLABLE GWI
-	{0xADC1, 0xADDB, prLVT},                    // Lo  [27] HANGUL SYLLABLE GWIG..HANGUL SYLLABLE GWIH
-	{0xADDC, 0xADDC, prLV},                     // Lo       HANGUL SYLLABLE GYU
-	{0xADDD, 0xADF7, prLVT},                    // Lo  [27] HANGUL SYLLABLE GYUG..HANGUL SYLLABLE GYUH
-	{0xADF8, 0xADF8, prLV},                     // Lo       HANGUL SYLLABLE GEU
-	{0xADF9, 0xAE13, prLVT},                    // Lo  [27] HANGUL SYLLABLE GEUG..HANGUL SYLLABLE GEUH
-	{0xAE14, 0xAE14, prLV},                     // Lo       HANGUL SYLLABLE GYI
-	{0xAE15, 0xAE2F, prLVT},                    // Lo  [27] HANGUL SYLLABLE GYIG..HANGUL SYLLABLE GYIH
-	{0xAE30, 0xAE30, prLV},                     // Lo       HANGUL SYLLABLE GI
-	{0xAE31, 0xAE4B, prLVT},                    // Lo  [27] HANGUL SYLLABLE GIG..HANGUL SYLLABLE GIH
-	{0xAE4C, 0xAE4C, prLV},                     // Lo       HANGUL SYLLABLE GGA
-	{0xAE4D, 0xAE67, prLVT},                    // Lo  [27] HANGUL SYLLABLE GGAG..HANGUL SYLLABLE GGAH
-	{0xAE68, 0xAE68, prLV},                     // Lo       HANGUL SYLLABLE GGAE
-	{0xAE69, 0xAE83, prLVT},                    // Lo  [27] HANGUL SYLLABLE GGAEG..HANGUL SYLLABLE GGAEH
-	{0xAE84, 0xAE84, prLV},                     // Lo       HANGUL SYLLABLE GGYA
-	{0xAE85, 0xAE9F, prLVT},                    // Lo  [27] HANGUL SYLLABLE GGYAG..HANGUL SYLLABLE GGYAH
-	{0xAEA0, 0xAEA0, prLV},                     // Lo       HANGUL SYLLABLE GGYAE
-	{0xAEA1, 0xAEBB, prLVT},                    // Lo  [27] HANGUL SYLLABLE GGYAEG..HANGUL SYLLABLE GGYAEH
-	{0xAEBC, 0xAEBC, prLV},                     // Lo       HANGUL SYLLABLE GGEO
-	{0xAEBD, 0xAED7, prLVT},                    // Lo  [27] HANGUL SYLLABLE GGEOG..HANGUL SYLLABLE GGEOH
-	{0xAED8, 0xAED8, prLV},                     // Lo       HANGUL SYLLABLE GGE
-	{0xAED9, 0xAEF3, prLVT},                    // Lo  [27] HANGUL SYLLABLE GGEG..HANGUL SYLLABLE GGEH
-	{0xAEF4, 0xAEF4, prLV},                     // Lo       HANGUL SYLLABLE GGYEO
-	{0xAEF5, 0xAF0F, prLVT},                    // Lo  [27] HANGUL SYLLABLE GGYEOG..HANGUL SYLLABLE GGYEOH
-	{0xAF10, 0xAF10, prLV},                     // Lo       HANGUL SYLLABLE GGYE
-	{0xAF11, 0xAF2B, prLVT},                    // Lo  [27] HANGUL SYLLABLE GGYEG..HANGUL SYLLABLE GGYEH
-	{0xAF2C, 0xAF2C, prLV},                     // Lo       HANGUL SYLLABLE GGO
-	{0xAF2D, 0xAF47, prLVT},                    // Lo  [27] HANGUL SYLLABLE GGOG..HANGUL SYLLABLE GGOH
-	{0xAF48, 0xAF48, prLV},                     // Lo       HANGUL SYLLABLE GGWA
-	{0xAF49, 0xAF63, prLVT},                    // Lo  [27] HANGUL SYLLABLE GGWAG..HANGUL SYLLABLE GGWAH
-	{0xAF64, 0xAF64, prLV},                     // Lo       HANGUL SYLLABLE GGWAE
-	{0xAF65, 0xAF7F, prLVT},                    // Lo  [27] HANGUL SYLLABLE GGWAEG..HANGUL SYLLABLE GGWAEH
-	{0xAF80, 0xAF80, prLV},                     // Lo       HANGUL SYLLABLE GGOE
-	{0xAF81, 0xAF9B, prLVT},                    // Lo  [27] HANGUL SYLLABLE GGOEG..HANGUL SYLLABLE GGOEH
-	{0xAF9C, 0xAF9C, prLV},                     // Lo       HANGUL SYLLABLE GGYO
-	{0xAF9D, 0xAFB7, prLVT},                    // Lo  [27] HANGUL SYLLABLE GGYOG..HANGUL SYLLABLE GGYOH
-	{0xAFB8, 0xAFB8, prLV},                     // Lo       HANGUL SYLLABLE GGU
-	{0xAFB9, 0xAFD3, prLVT},                    // Lo  [27] HANGUL SYLLABLE GGUG..HANGUL SYLLABLE GGUH
-	{0xAFD4, 0xAFD4, prLV},                     // Lo       HANGUL SYLLABLE GGWEO
-	{0xAFD5, 0xAFEF, prLVT},                    // Lo  [27] HANGUL SYLLABLE GGWEOG..HANGUL SYLLABLE GGWEOH
-	{0xAFF0, 0xAFF0, prLV},                     // Lo       HANGUL SYLLABLE GGWE
-	{0xAFF1, 0xB00B, prLVT},                    // Lo  [27] HANGUL SYLLABLE GGWEG..HANGUL SYLLABLE GGWEH
-	{0xB00C, 0xB00C, prLV},                     // Lo       HANGUL SYLLABLE GGWI
-	{0xB00D, 0xB027, prLVT},                    // Lo  [27] HANGUL SYLLABLE GGWIG..HANGUL SYLLABLE GGWIH
-	{0xB028, 0xB028, prLV},                     // Lo       HANGUL SYLLABLE GGYU
-	{0xB029, 0xB043, prLVT},                    // Lo  [27] HANGUL SYLLABLE GGYUG..HANGUL SYLLABLE GGYUH
-	{0xB044, 0xB044, prLV},                     // Lo       HANGUL SYLLABLE GGEU
-	{0xB045, 0xB05F, prLVT},                    // Lo  [27] HANGUL SYLLABLE GGEUG..HANGUL SYLLABLE GGEUH
-	{0xB060, 0xB060, prLV},                     // Lo       HANGUL SYLLABLE GGYI
-	{0xB061, 0xB07B, prLVT},                    // Lo  [27] HANGUL SYLLABLE GGYIG..HANGUL SYLLABLE GGYIH
-	{0xB07C, 0xB07C, prLV},                     // Lo       HANGUL SYLLABLE GGI
-	{0xB07D, 0xB097, prLVT},                    // Lo  [27] HANGUL SYLLABLE GGIG..HANGUL SYLLABLE GGIH
-	{0xB098, 0xB098, prLV},                     // Lo       HANGUL SYLLABLE NA
-	{0xB099, 0xB0B3, prLVT},                    // Lo  [27] HANGUL SYLLABLE NAG..HANGUL SYLLABLE NAH
-	{0xB0B4, 0xB0B4, prLV},                     // Lo       HANGUL SYLLABLE NAE
-	{0xB0B5, 0xB0CF, prLVT},                    // Lo  [27] HANGUL SYLLABLE NAEG..HANGUL SYLLABLE NAEH
-	{0xB0D0, 0xB0D0, prLV},                     // Lo       HANGUL SYLLABLE NYA
-	{0xB0D1, 0xB0EB, prLVT},                    // Lo  [27] HANGUL SYLLABLE NYAG..HANGUL SYLLABLE NYAH
-	{0xB0EC, 0xB0EC, prLV},                     // Lo       HANGUL SYLLABLE NYAE
-	{0xB0ED, 0xB107, prLVT},                    // Lo  [27] HANGUL SYLLABLE NYAEG..HANGUL SYLLABLE NYAEH
-	{0xB108, 0xB108, prLV},                     // Lo       HANGUL SYLLABLE NEO
-	{0xB109, 0xB123, prLVT},                    // Lo  [27] HANGUL SYLLABLE NEOG..HANGUL SYLLABLE NEOH
-	{0xB124, 0xB124, prLV},                     // Lo       HANGUL SYLLABLE NE
-	{0xB125, 0xB13F, prLVT},                    // Lo  [27] HANGUL SYLLABLE NEG..HANGUL SYLLABLE NEH
-	{0xB140, 0xB140, prLV},                     // Lo       HANGUL SYLLABLE NYEO
-	{0xB141, 0xB15B, prLVT},                    // Lo  [27] HANGUL SYLLABLE NYEOG..HANGUL SYLLABLE NYEOH
-	{0xB15C, 0xB15C, prLV},                     // Lo       HANGUL SYLLABLE NYE
-	{0xB15D, 0xB177, prLVT},                    // Lo  [27] HANGUL SYLLABLE NYEG..HANGUL SYLLABLE NYEH
-	{0xB178, 0xB178, prLV},                     // Lo       HANGUL SYLLABLE NO
-	{0xB179, 0xB193, prLVT},                    // Lo  [27] HANGUL SYLLABLE NOG..HANGUL SYLLABLE NOH
-	{0xB194, 0xB194, prLV},                     // Lo       HANGUL SYLLABLE NWA
-	{0xB195, 0xB1AF, prLVT},                    // Lo  [27] HANGUL SYLLABLE NWAG..HANGUL SYLLABLE NWAH
-	{0xB1B0, 0xB1B0, prLV},                     // Lo       HANGUL SYLLABLE NWAE
-	{0xB1B1, 0xB1CB, prLVT},                    // Lo  [27] HANGUL SYLLABLE NWAEG..HANGUL SYLLABLE NWAEH
-	{0xB1CC, 0xB1CC, prLV},                     // Lo       HANGUL SYLLABLE NOE
-	{0xB1CD, 0xB1E7, prLVT},                    // Lo  [27] HANGUL SYLLABLE NOEG..HANGUL SYLLABLE NOEH
-	{0xB1E8, 0xB1E8, prLV},                     // Lo       HANGUL SYLLABLE NYO
-	{0xB1E9, 0xB203, prLVT},                    // Lo  [27] HANGUL SYLLABLE NYOG..HANGUL SYLLABLE NYOH
-	{0xB204, 0xB204, prLV},                     // Lo       HANGUL SYLLABLE NU
-	{0xB205, 0xB21F, prLVT},                    // Lo  [27] HANGUL SYLLABLE NUG..HANGUL SYLLABLE NUH
-	{0xB220, 0xB220, prLV},                     // Lo       HANGUL SYLLABLE NWEO
-	{0xB221, 0xB23B, prLVT},                    // Lo  [27] HANGUL SYLLABLE NWEOG..HANGUL SYLLABLE NWEOH
-	{0xB23C, 0xB23C, prLV},                     // Lo       HANGUL SYLLABLE NWE
-	{0xB23D, 0xB257, prLVT},                    // Lo  [27] HANGUL SYLLABLE NWEG..HANGUL SYLLABLE NWEH
-	{0xB258, 0xB258, prLV},                     // Lo       HANGUL SYLLABLE NWI
-	{0xB259, 0xB273, prLVT},                    // Lo  [27] HANGUL SYLLABLE NWIG..HANGUL SYLLABLE NWIH
-	{0xB274, 0xB274, prLV},                     // Lo       HANGUL SYLLABLE NYU
-	{0xB275, 0xB28F, prLVT},                    // Lo  [27] HANGUL SYLLABLE NYUG..HANGUL SYLLABLE NYUH
-	{0xB290, 0xB290, prLV},                     // Lo       HANGUL SYLLABLE NEU
-	{0xB291, 0xB2AB, prLVT},                    // Lo  [27] HANGUL SYLLABLE NEUG..HANGUL SYLLABLE NEUH
-	{0xB2AC, 0xB2AC, prLV},                     // Lo       HANGUL SYLLABLE NYI
-	{0xB2AD, 0xB2C7, prLVT},                    // Lo  [27] HANGUL SYLLABLE NYIG..HANGUL SYLLABLE NYIH
-	{0xB2C8, 0xB2C8, prLV},                     // Lo       HANGUL SYLLABLE NI
-	{0xB2C9, 0xB2E3, prLVT},                    // Lo  [27] HANGUL SYLLABLE NIG..HANGUL SYLLABLE NIH
-	{0xB2E4, 0xB2E4, prLV},                     // Lo       HANGUL SYLLABLE DA
-	{0xB2E5, 0xB2FF, prLVT},                    // Lo  [27] HANGUL SYLLABLE DAG..HANGUL SYLLABLE DAH
-	{0xB300, 0xB300, prLV},                     // Lo       HANGUL SYLLABLE DAE
-	{0xB301, 0xB31B, prLVT},                    // Lo  [27] HANGUL SYLLABLE DAEG..HANGUL SYLLABLE DAEH
-	{0xB31C, 0xB31C, prLV},                     // Lo       HANGUL SYLLABLE DYA
-	{0xB31D, 0xB337, prLVT},                    // Lo  [27] HANGUL SYLLABLE DYAG..HANGUL SYLLABLE DYAH
-	{0xB338, 0xB338, prLV},                     // Lo       HANGUL SYLLABLE DYAE
-	{0xB339, 0xB353, prLVT},                    // Lo  [27] HANGUL SYLLABLE DYAEG..HANGUL SYLLABLE DYAEH
-	{0xB354, 0xB354, prLV},                     // Lo       HANGUL SYLLABLE DEO
-	{0xB355, 0xB36F, prLVT},                    // Lo  [27] HANGUL SYLLABLE DEOG..HANGUL SYLLABLE DEOH
-	{0xB370, 0xB370, prLV},                     // Lo       HANGUL SYLLABLE DE
-	{0xB371, 0xB38B, prLVT},                    // Lo  [27] HANGUL SYLLABLE DEG..HANGUL SYLLABLE DEH
-	{0xB38C, 0xB38C, prLV},                     // Lo       HANGUL SYLLABLE DYEO
-	{0xB38D, 0xB3A7, prLVT},                    // Lo  [27] HANGUL SYLLABLE DYEOG..HANGUL SYLLABLE DYEOH
-	{0xB3A8, 0xB3A8, prLV},                     // Lo       HANGUL SYLLABLE DYE
-	{0xB3A9, 0xB3C3, prLVT},                    // Lo  [27] HANGUL SYLLABLE DYEG..HANGUL SYLLABLE DYEH
-	{0xB3C4, 0xB3C4, prLV},                     // Lo       HANGUL SYLLABLE DO
-	{0xB3C5, 0xB3DF, prLVT},                    // Lo  [27] HANGUL SYLLABLE DOG..HANGUL SYLLABLE DOH
-	{0xB3E0, 0xB3E0, prLV},                     // Lo       HANGUL SYLLABLE DWA
-	{0xB3E1, 0xB3FB, prLVT},                    // Lo  [27] HANGUL SYLLABLE DWAG..HANGUL SYLLABLE DWAH
-	{0xB3FC, 0xB3FC, prLV},                     // Lo       HANGUL SYLLABLE DWAE
-	{0xB3FD, 0xB417, prLVT},                    // Lo  [27] HANGUL SYLLABLE DWAEG..HANGUL SYLLABLE DWAEH
-	{0xB418, 0xB418, prLV},                     // Lo       HANGUL SYLLABLE DOE
-	{0xB419, 0xB433, prLVT},                    // Lo  [27] HANGUL SYLLABLE DOEG..HANGUL SYLLABLE DOEH
-	{0xB434, 0xB434, prLV},                     // Lo       HANGUL SYLLABLE DYO
-	{0xB435, 0xB44F, prLVT},                    // Lo  [27] HANGUL SYLLABLE DYOG..HANGUL SYLLABLE DYOH
-	{0xB450, 0xB450, prLV},                     // Lo       HANGUL SYLLABLE DU
-	{0xB451, 0xB46B, prLVT},                    // Lo  [27] HANGUL SYLLABLE DUG..HANGUL SYLLABLE DUH
-	{0xB46C, 0xB46C, prLV},                     // Lo       HANGUL SYLLABLE DWEO
-	{0xB46D, 0xB487, prLVT},                    // Lo  [27] HANGUL SYLLABLE DWEOG..HANGUL SYLLABLE DWEOH
-	{0xB488, 0xB488, prLV},                     // Lo       HANGUL SYLLABLE DWE
-	{0xB489, 0xB4A3, prLVT},                    // Lo  [27] HANGUL SYLLABLE DWEG..HANGUL SYLLABLE DWEH
-	{0xB4A4, 0xB4A4, prLV},                     // Lo       HANGUL SYLLABLE DWI
-	{0xB4A5, 0xB4BF, prLVT},                    // Lo  [27] HANGUL SYLLABLE DWIG..HANGUL SYLLABLE DWIH
-	{0xB4C0, 0xB4C0, prLV},                     // Lo       HANGUL SYLLABLE DYU
-	{0xB4C1, 0xB4DB, prLVT},                    // Lo  [27] HANGUL SYLLABLE DYUG..HANGUL SYLLABLE DYUH
-	{0xB4DC, 0xB4DC, prLV},                     // Lo       HANGUL SYLLABLE DEU
-	{0xB4DD, 0xB4F7, prLVT},                    // Lo  [27] HANGUL SYLLABLE DEUG..HANGUL SYLLABLE DEUH
-	{0xB4F8, 0xB4F8, prLV},                     // Lo       HANGUL SYLLABLE DYI
-	{0xB4F9, 0xB513, prLVT},                    // Lo  [27] HANGUL SYLLABLE DYIG..HANGUL SYLLABLE DYIH
-	{0xB514, 0xB514, prLV},                     // Lo       HANGUL SYLLABLE DI
-	{0xB515, 0xB52F, prLVT},                    // Lo  [27] HANGUL SYLLABLE DIG..HANGUL SYLLABLE DIH
-	{0xB530, 0xB530, prLV},                     // Lo       HANGUL SYLLABLE DDA
-	{0xB531, 0xB54B, prLVT},                    // Lo  [27] HANGUL SYLLABLE DDAG..HANGUL SYLLABLE DDAH
-	{0xB54C, 0xB54C, prLV},                     // Lo       HANGUL SYLLABLE DDAE
-	{0xB54D, 0xB567, prLVT},                    // Lo  [27] HANGUL SYLLABLE DDAEG..HANGUL SYLLABLE DDAEH
-	{0xB568, 0xB568, prLV},                     // Lo       HANGUL SYLLABLE DDYA
-	{0xB569, 0xB583, prLVT},                    // Lo  [27] HANGUL SYLLABLE DDYAG..HANGUL SYLLABLE DDYAH
-	{0xB584, 0xB584, prLV},                     // Lo       HANGUL SYLLABLE DDYAE
-	{0xB585, 0xB59F, prLVT},                    // Lo  [27] HANGUL SYLLABLE DDYAEG..HANGUL SYLLABLE DDYAEH
-	{0xB5A0, 0xB5A0, prLV},                     // Lo       HANGUL SYLLABLE DDEO
-	{0xB5A1, 0xB5BB, prLVT},                    // Lo  [27] HANGUL SYLLABLE DDEOG..HANGUL SYLLABLE DDEOH
-	{0xB5BC, 0xB5BC, prLV},                     // Lo       HANGUL SYLLABLE DDE
-	{0xB5BD, 0xB5D7, prLVT},                    // Lo  [27] HANGUL SYLLABLE DDEG..HANGUL SYLLABLE DDEH
-	{0xB5D8, 0xB5D8, prLV},                     // Lo       HANGUL SYLLABLE DDYEO
-	{0xB5D9, 0xB5F3, prLVT},                    // Lo  [27] HANGUL SYLLABLE DDYEOG..HANGUL SYLLABLE DDYEOH
-	{0xB5F4, 0xB5F4, prLV},                     // Lo       HANGUL SYLLABLE DDYE
-	{0xB5F5, 0xB60F, prLVT},                    // Lo  [27] HANGUL SYLLABLE DDYEG..HANGUL SYLLABLE DDYEH
-	{0xB610, 0xB610, prLV},                     // Lo       HANGUL SYLLABLE DDO
-	{0xB611, 0xB62B, prLVT},                    // Lo  [27] HANGUL SYLLABLE DDOG..HANGUL SYLLABLE DDOH
-	{0xB62C, 0xB62C, prLV},                     // Lo       HANGUL SYLLABLE DDWA
-	{0xB62D, 0xB647, prLVT},                    // Lo  [27] HANGUL SYLLABLE DDWAG..HANGUL SYLLABLE DDWAH
-	{0xB648, 0xB648, prLV},                     // Lo       HANGUL SYLLABLE DDWAE
-	{0xB649, 0xB663, prLVT},                    // Lo  [27] HANGUL SYLLABLE DDWAEG..HANGUL SYLLABLE DDWAEH
-	{0xB664, 0xB664, prLV},                     // Lo       HANGUL SYLLABLE DDOE
-	{0xB665, 0xB67F, prLVT},                    // Lo  [27] HANGUL SYLLABLE DDOEG..HANGUL SYLLABLE DDOEH
-	{0xB680, 0xB680, prLV},                     // Lo       HANGUL SYLLABLE DDYO
-	{0xB681, 0xB69B, prLVT},                    // Lo  [27] HANGUL SYLLABLE DDYOG..HANGUL SYLLABLE DDYOH
-	{0xB69C, 0xB69C, prLV},                     // Lo       HANGUL SYLLABLE DDU
-	{0xB69D, 0xB6B7, prLVT},                    // Lo  [27] HANGUL SYLLABLE DDUG..HANGUL SYLLABLE DDUH
-	{0xB6B8, 0xB6B8, prLV},                     // Lo       HANGUL SYLLABLE DDWEO
-	{0xB6B9, 0xB6D3, prLVT},                    // Lo  [27] HANGUL SYLLABLE DDWEOG..HANGUL SYLLABLE DDWEOH
-	{0xB6D4, 0xB6D4, prLV},                     // Lo       HANGUL SYLLABLE DDWE
-	{0xB6D5, 0xB6EF, prLVT},                    // Lo  [27] HANGUL SYLLABLE DDWEG..HANGUL SYLLABLE DDWEH
-	{0xB6F0, 0xB6F0, prLV},                     // Lo       HANGUL SYLLABLE DDWI
-	{0xB6F1, 0xB70B, prLVT},                    // Lo  [27] HANGUL SYLLABLE DDWIG..HANGUL SYLLABLE DDWIH
-	{0xB70C, 0xB70C, prLV},                     // Lo       HANGUL SYLLABLE DDYU
-	{0xB70D, 0xB727, prLVT},                    // Lo  [27] HANGUL SYLLABLE DDYUG..HANGUL SYLLABLE DDYUH
-	{0xB728, 0xB728, prLV},                     // Lo       HANGUL SYLLABLE DDEU
-	{0xB729, 0xB743, prLVT},                    // Lo  [27] HANGUL SYLLABLE DDEUG..HANGUL SYLLABLE DDEUH
-	{0xB744, 0xB744, prLV},                     // Lo       HANGUL SYLLABLE DDYI
-	{0xB745, 0xB75F, prLVT},                    // Lo  [27] HANGUL SYLLABLE DDYIG..HANGUL SYLLABLE DDYIH
-	{0xB760, 0xB760, prLV},                     // Lo       HANGUL SYLLABLE DDI
-	{0xB761, 0xB77B, prLVT},                    // Lo  [27] HANGUL SYLLABLE DDIG..HANGUL SYLLABLE DDIH
-	{0xB77C, 0xB77C, prLV},                     // Lo       HANGUL SYLLABLE RA
-	{0xB77D, 0xB797, prLVT},                    // Lo  [27] HANGUL SYLLABLE RAG..HANGUL SYLLABLE RAH
-	{0xB798, 0xB798, prLV},                     // Lo       HANGUL SYLLABLE RAE
-	{0xB799, 0xB7B3, prLVT},                    // Lo  [27] HANGUL SYLLABLE RAEG..HANGUL SYLLABLE RAEH
-	{0xB7B4, 0xB7B4, prLV},                     // Lo       HANGUL SYLLABLE RYA
-	{0xB7B5, 0xB7CF, prLVT},                    // Lo  [27] HANGUL SYLLABLE RYAG..HANGUL SYLLABLE RYAH
-	{0xB7D0, 0xB7D0, prLV},                     // Lo       HANGUL SYLLABLE RYAE
-	{0xB7D1, 0xB7EB, prLVT},                    // Lo  [27] HANGUL SYLLABLE RYAEG..HANGUL SYLLABLE RYAEH
-	{0xB7EC, 0xB7EC, prLV},                     // Lo       HANGUL SYLLABLE REO
-	{0xB7ED, 0xB807, prLVT},                    // Lo  [27] HANGUL SYLLABLE REOG..HANGUL SYLLABLE REOH
-	{0xB808, 0xB808, prLV},                     // Lo       HANGUL SYLLABLE RE
-	{0xB809, 0xB823, prLVT},                    // Lo  [27] HANGUL SYLLABLE REG..HANGUL SYLLABLE REH
-	{0xB824, 0xB824, prLV},                     // Lo       HANGUL SYLLABLE RYEO
-	{0xB825, 0xB83F, prLVT},                    // Lo  [27] HANGUL SYLLABLE RYEOG..HANGUL SYLLABLE RYEOH
-	{0xB840, 0xB840, prLV},                     // Lo       HANGUL SYLLABLE RYE
-	{0xB841, 0xB85B, prLVT},                    // Lo  [27] HANGUL SYLLABLE RYEG..HANGUL SYLLABLE RYEH
-	{0xB85C, 0xB85C, prLV},                     // Lo       HANGUL SYLLABLE RO
-	{0xB85D, 0xB877, prLVT},                    // Lo  [27] HANGUL SYLLABLE ROG..HANGUL SYLLABLE ROH
-	{0xB878, 0xB878, prLV},                     // Lo       HANGUL SYLLABLE RWA
-	{0xB879, 0xB893, prLVT},                    // Lo  [27] HANGUL SYLLABLE RWAG..HANGUL SYLLABLE RWAH
-	{0xB894, 0xB894, prLV},                     // Lo       HANGUL SYLLABLE RWAE
-	{0xB895, 0xB8AF, prLVT},                    // Lo  [27] HANGUL SYLLABLE RWAEG..HANGUL SYLLABLE RWAEH
-	{0xB8B0, 0xB8B0, prLV},                     // Lo       HANGUL SYLLABLE ROE
-	{0xB8B1, 0xB8CB, prLVT},                    // Lo  [27] HANGUL SYLLABLE ROEG..HANGUL SYLLABLE ROEH
-	{0xB8CC, 0xB8CC, prLV},                     // Lo       HANGUL SYLLABLE RYO
-	{0xB8CD, 0xB8E7, prLVT},                    // Lo  [27] HANGUL SYLLABLE RYOG..HANGUL SYLLABLE RYOH
-	{0xB8E8, 0xB8E8, prLV},                     // Lo       HANGUL SYLLABLE RU
-	{0xB8E9, 0xB903, prLVT},                    // Lo  [27] HANGUL SYLLABLE RUG..HANGUL SYLLABLE RUH
-	{0xB904, 0xB904, prLV},                     // Lo       HANGUL SYLLABLE RWEO
-	{0xB905, 0xB91F, prLVT},                    // Lo  [27] HANGUL SYLLABLE RWEOG..HANGUL SYLLABLE RWEOH
-	{0xB920, 0xB920, prLV},                     // Lo       HANGUL SYLLABLE RWE
-	{0xB921, 0xB93B, prLVT},                    // Lo  [27] HANGUL SYLLABLE RWEG..HANGUL SYLLABLE RWEH
-	{0xB93C, 0xB93C, prLV},                     // Lo       HANGUL SYLLABLE RWI
-	{0xB93D, 0xB957, prLVT},                    // Lo  [27] HANGUL SYLLABLE RWIG..HANGUL SYLLABLE RWIH
-	{0xB958, 0xB958, prLV},                     // Lo       HANGUL SYLLABLE RYU
-	{0xB959, 0xB973, prLVT},                    // Lo  [27] HANGUL SYLLABLE RYUG..HANGUL SYLLABLE RYUH
-	{0xB974, 0xB974, prLV},                     // Lo       HANGUL SYLLABLE REU
-	{0xB975, 0xB98F, prLVT},                    // Lo  [27] HANGUL SYLLABLE REUG..HANGUL SYLLABLE REUH
-	{0xB990, 0xB990, prLV},                     // Lo       HANGUL SYLLABLE RYI
-	{0xB991, 0xB9AB, prLVT},                    // Lo  [27] HANGUL SYLLABLE RYIG..HANGUL SYLLABLE RYIH
-	{0xB9AC, 0xB9AC, prLV},                     // Lo       HANGUL SYLLABLE RI
-	{0xB9AD, 0xB9C7, prLVT},                    // Lo  [27] HANGUL SYLLABLE RIG..HANGUL SYLLABLE RIH
-	{0xB9C8, 0xB9C8, prLV},                     // Lo       HANGUL SYLLABLE MA
-	{0xB9C9, 0xB9E3, prLVT},                    // Lo  [27] HANGUL SYLLABLE MAG..HANGUL SYLLABLE MAH
-	{0xB9E4, 0xB9E4, prLV},                     // Lo       HANGUL SYLLABLE MAE
-	{0xB9E5, 0xB9FF, prLVT},                    // Lo  [27] HANGUL SYLLABLE MAEG..HANGUL SYLLABLE MAEH
-	{0xBA00, 0xBA00, prLV},                     // Lo       HANGUL SYLLABLE MYA
-	{0xBA01, 0xBA1B, prLVT},                    // Lo  [27] HANGUL SYLLABLE MYAG..HANGUL SYLLABLE MYAH
-	{0xBA1C, 0xBA1C, prLV},                     // Lo       HANGUL SYLLABLE MYAE
-	{0xBA1D, 0xBA37, prLVT},                    // Lo  [27] HANGUL SYLLABLE MYAEG..HANGUL SYLLABLE MYAEH
-	{0xBA38, 0xBA38, prLV},                     // Lo       HANGUL SYLLABLE MEO
-	{0xBA39, 0xBA53, prLVT},                    // Lo  [27] HANGUL SYLLABLE MEOG..HANGUL SYLLABLE MEOH
-	{0xBA54, 0xBA54, prLV},                     // Lo       HANGUL SYLLABLE ME
-	{0xBA55, 0xBA6F, prLVT},                    // Lo  [27] HANGUL SYLLABLE MEG..HANGUL SYLLABLE MEH
-	{0xBA70, 0xBA70, prLV},                     // Lo       HANGUL SYLLABLE MYEO
-	{0xBA71, 0xBA8B, prLVT},                    // Lo  [27] HANGUL SYLLABLE MYEOG..HANGUL SYLLABLE MYEOH
-	{0xBA8C, 0xBA8C, prLV},                     // Lo       HANGUL SYLLABLE MYE
-	{0xBA8D, 0xBAA7, prLVT},                    // Lo  [27] HANGUL SYLLABLE MYEG..HANGUL SYLLABLE MYEH
-	{0xBAA8, 0xBAA8, prLV},                     // Lo       HANGUL SYLLABLE MO
-	{0xBAA9, 0xBAC3, prLVT},                    // Lo  [27] HANGUL SYLLABLE MOG..HANGUL SYLLABLE MOH
-	{0xBAC4, 0xBAC4, prLV},                     // Lo       HANGUL SYLLABLE MWA
-	{0xBAC5, 0xBADF, prLVT},                    // Lo  [27] HANGUL SYLLABLE MWAG..HANGUL SYLLABLE MWAH
-	{0xBAE0, 0xBAE0, prLV},                     // Lo       HANGUL SYLLABLE MWAE
-	{0xBAE1, 0xBAFB, prLVT},                    // Lo  [27] HANGUL SYLLABLE MWAEG..HANGUL SYLLABLE MWAEH
-	{0xBAFC, 0xBAFC, prLV},                     // Lo       HANGUL SYLLABLE MOE
-	{0xBAFD, 0xBB17, prLVT},                    // Lo  [27] HANGUL SYLLABLE MOEG..HANGUL SYLLABLE MOEH
-	{0xBB18, 0xBB18, prLV},                     // Lo       HANGUL SYLLABLE MYO
-	{0xBB19, 0xBB33, prLVT},                    // Lo  [27] HANGUL SYLLABLE MYOG..HANGUL SYLLABLE MYOH
-	{0xBB34, 0xBB34, prLV},                     // Lo       HANGUL SYLLABLE MU
-	{0xBB35, 0xBB4F, prLVT},                    // Lo  [27] HANGUL SYLLABLE MUG..HANGUL SYLLABLE MUH
-	{0xBB50, 0xBB50, prLV},                     // Lo       HANGUL SYLLABLE MWEO
-	{0xBB51, 0xBB6B, prLVT},                    // Lo  [27] HANGUL SYLLABLE MWEOG..HANGUL SYLLABLE MWEOH
-	{0xBB6C, 0xBB6C, prLV},                     // Lo       HANGUL SYLLABLE MWE
-	{0xBB6D, 0xBB87, prLVT},                    // Lo  [27] HANGUL SYLLABLE MWEG..HANGUL SYLLABLE MWEH
-	{0xBB88, 0xBB88, prLV},                     // Lo       HANGUL SYLLABLE MWI
-	{0xBB89, 0xBBA3, prLVT},                    // Lo  [27] HANGUL SYLLABLE MWIG..HANGUL SYLLABLE MWIH
-	{0xBBA4, 0xBBA4, prLV},                     // Lo       HANGUL SYLLABLE MYU
-	{0xBBA5, 0xBBBF, prLVT},                    // Lo  [27] HANGUL SYLLABLE MYUG..HANGUL SYLLABLE MYUH
-	{0xBBC0, 0xBBC0, prLV},                     // Lo       HANGUL SYLLABLE MEU
-	{0xBBC1, 0xBBDB, prLVT},                    // Lo  [27] HANGUL SYLLABLE MEUG..HANGUL SYLLABLE MEUH
-	{0xBBDC, 0xBBDC, prLV},                     // Lo       HANGUL SYLLABLE MYI
-	{0xBBDD, 0xBBF7, prLVT},                    // Lo  [27] HANGUL SYLLABLE MYIG..HANGUL SYLLABLE MYIH
-	{0xBBF8, 0xBBF8, prLV},                     // Lo       HANGUL SYLLABLE MI
-	{0xBBF9, 0xBC13, prLVT},                    // Lo  [27] HANGUL SYLLABLE MIG..HANGUL SYLLABLE MIH
-	{0xBC14, 0xBC14, prLV},                     // Lo       HANGUL SYLLABLE BA
-	{0xBC15, 0xBC2F, prLVT},                    // Lo  [27] HANGUL SYLLABLE BAG..HANGUL SYLLABLE BAH
-	{0xBC30, 0xBC30, prLV},                     // Lo       HANGUL SYLLABLE BAE
-	{0xBC31, 0xBC4B, prLVT},                    // Lo  [27] HANGUL SYLLABLE BAEG..HANGUL SYLLABLE BAEH
-	{0xBC4C, 0xBC4C, prLV},                     // Lo       HANGUL SYLLABLE BYA
-	{0xBC4D, 0xBC67, prLVT},                    // Lo  [27] HANGUL SYLLABLE BYAG..HANGUL SYLLABLE BYAH
-	{0xBC68, 0xBC68, prLV},                     // Lo       HANGUL SYLLABLE BYAE
-	{0xBC69, 0xBC83, prLVT},                    // Lo  [27] HANGUL SYLLABLE BYAEG..HANGUL SYLLABLE BYAEH
-	{0xBC84, 0xBC84, prLV},                     // Lo       HANGUL SYLLABLE BEO
-	{0xBC85, 0xBC9F, prLVT},                    // Lo  [27] HANGUL SYLLABLE BEOG..HANGUL SYLLABLE BEOH
-	{0xBCA0, 0xBCA0, prLV},                     // Lo       HANGUL SYLLABLE BE
-	{0xBCA1, 0xBCBB, prLVT},                    // Lo  [27] HANGUL SYLLABLE BEG..HANGUL SYLLABLE BEH
-	{0xBCBC, 0xBCBC, prLV},                     // Lo       HANGUL SYLLABLE BYEO
-	{0xBCBD, 0xBCD7, prLVT},                    // Lo  [27] HANGUL SYLLABLE BYEOG..HANGUL SYLLABLE BYEOH
-	{0xBCD8, 0xBCD8, prLV},                     // Lo       HANGUL SYLLABLE BYE
-	{0xBCD9, 0xBCF3, prLVT},                    // Lo  [27] HANGUL SYLLABLE BYEG..HANGUL SYLLABLE BYEH
-	{0xBCF4, 0xBCF4, prLV},                     // Lo       HANGUL SYLLABLE BO
-	{0xBCF5, 0xBD0F, prLVT},                    // Lo  [27] HANGUL SYLLABLE BOG..HANGUL SYLLABLE BOH
-	{0xBD10, 0xBD10, prLV},                     // Lo       HANGUL SYLLABLE BWA
-	{0xBD11, 0xBD2B, prLVT},                    // Lo  [27] HANGUL SYLLABLE BWAG..HANGUL SYLLABLE BWAH
-	{0xBD2C, 0xBD2C, prLV},                     // Lo       HANGUL SYLLABLE BWAE
-	{0xBD2D, 0xBD47, prLVT},                    // Lo  [27] HANGUL SYLLABLE BWAEG..HANGUL SYLLABLE BWAEH
-	{0xBD48, 0xBD48, prLV},                     // Lo       HANGUL SYLLABLE BOE
-	{0xBD49, 0xBD63, prLVT},                    // Lo  [27] HANGUL SYLLABLE BOEG..HANGUL SYLLABLE BOEH
-	{0xBD64, 0xBD64, prLV},                     // Lo       HANGUL SYLLABLE BYO
-	{0xBD65, 0xBD7F, prLVT},                    // Lo  [27] HANGUL SYLLABLE BYOG..HANGUL SYLLABLE BYOH
-	{0xBD80, 0xBD80, prLV},                     // Lo       HANGUL SYLLABLE BU
-	{0xBD81, 0xBD9B, prLVT},                    // Lo  [27] HANGUL SYLLABLE BUG..HANGUL SYLLABLE BUH
-	{0xBD9C, 0xBD9C, prLV},                     // Lo       HANGUL SYLLABLE BWEO
-	{0xBD9D, 0xBDB7, prLVT},                    // Lo  [27] HANGUL SYLLABLE BWEOG..HANGUL SYLLABLE BWEOH
-	{0xBDB8, 0xBDB8, prLV},                     // Lo       HANGUL SYLLABLE BWE
-	{0xBDB9, 0xBDD3, prLVT},                    // Lo  [27] HANGUL SYLLABLE BWEG..HANGUL SYLLABLE BWEH
-	{0xBDD4, 0xBDD4, prLV},                     // Lo       HANGUL SYLLABLE BWI
-	{0xBDD5, 0xBDEF, prLVT},                    // Lo  [27] HANGUL SYLLABLE BWIG..HANGUL SYLLABLE BWIH
-	{0xBDF0, 0xBDF0, prLV},                     // Lo       HANGUL SYLLABLE BYU
-	{0xBDF1, 0xBE0B, prLVT},                    // Lo  [27] HANGUL SYLLABLE BYUG..HANGUL SYLLABLE BYUH
-	{0xBE0C, 0xBE0C, prLV},                     // Lo       HANGUL SYLLABLE BEU
-	{0xBE0D, 0xBE27, prLVT},                    // Lo  [27] HANGUL SYLLABLE BEUG..HANGUL SYLLABLE BEUH
-	{0xBE28, 0xBE28, prLV},                     // Lo       HANGUL SYLLABLE BYI
-	{0xBE29, 0xBE43, prLVT},                    // Lo  [27] HANGUL SYLLABLE BYIG..HANGUL SYLLABLE BYIH
-	{0xBE44, 0xBE44, prLV},                     // Lo       HANGUL SYLLABLE BI
-	{0xBE45, 0xBE5F, prLVT},                    // Lo  [27] HANGUL SYLLABLE BIG..HANGUL SYLLABLE BIH
-	{0xBE60, 0xBE60, prLV},                     // Lo       HANGUL SYLLABLE BBA
-	{0xBE61, 0xBE7B, prLVT},                    // Lo  [27] HANGUL SYLLABLE BBAG..HANGUL SYLLABLE BBAH
-	{0xBE7C, 0xBE7C, prLV},                     // Lo       HANGUL SYLLABLE BBAE
-	{0xBE7D, 0xBE97, prLVT},                    // Lo  [27] HANGUL SYLLABLE BBAEG..HANGUL SYLLABLE BBAEH
-	{0xBE98, 0xBE98, prLV},                     // Lo       HANGUL SYLLABLE BBYA
-	{0xBE99, 0xBEB3, prLVT},                    // Lo  [27] HANGUL SYLLABLE BBYAG..HANGUL SYLLABLE BBYAH
-	{0xBEB4, 0xBEB4, prLV},                     // Lo       HANGUL SYLLABLE BBYAE
-	{0xBEB5, 0xBECF, prLVT},                    // Lo  [27] HANGUL SYLLABLE BBYAEG..HANGUL SYLLABLE BBYAEH
-	{0xBED0, 0xBED0, prLV},                     // Lo       HANGUL SYLLABLE BBEO
-	{0xBED1, 0xBEEB, prLVT},                    // Lo  [27] HANGUL SYLLABLE BBEOG..HANGUL SYLLABLE BBEOH
-	{0xBEEC, 0xBEEC, prLV},                     // Lo       HANGUL SYLLABLE BBE
-	{0xBEED, 0xBF07, prLVT},                    // Lo  [27] HANGUL SYLLABLE BBEG..HANGUL SYLLABLE BBEH
-	{0xBF08, 0xBF08, prLV},                     // Lo       HANGUL SYLLABLE BBYEO
-	{0xBF09, 0xBF23, prLVT},                    // Lo  [27] HANGUL SYLLABLE BBYEOG..HANGUL SYLLABLE BBYEOH
-	{0xBF24, 0xBF24, prLV},                     // Lo       HANGUL SYLLABLE BBYE
-	{0xBF25, 0xBF3F, prLVT},                    // Lo  [27] HANGUL SYLLABLE BBYEG..HANGUL SYLLABLE BBYEH
-	{0xBF40, 0xBF40, prLV},                     // Lo       HANGUL SYLLABLE BBO
-	{0xBF41, 0xBF5B, prLVT},                    // Lo  [27] HANGUL SYLLABLE BBOG..HANGUL SYLLABLE BBOH
-	{0xBF5C, 0xBF5C, prLV},                     // Lo       HANGUL SYLLABLE BBWA
-	{0xBF5D, 0xBF77, prLVT},                    // Lo  [27] HANGUL SYLLABLE BBWAG..HANGUL SYLLABLE BBWAH
-	{0xBF78, 0xBF78, prLV},                     // Lo       HANGUL SYLLABLE BBWAE
-	{0xBF79, 0xBF93, prLVT},                    // Lo  [27] HANGUL SYLLABLE BBWAEG..HANGUL SYLLABLE BBWAEH
-	{0xBF94, 0xBF94, prLV},                     // Lo       HANGUL SYLLABLE BBOE
-	{0xBF95, 0xBFAF, prLVT},                    // Lo  [27] HANGUL SYLLABLE BBOEG..HANGUL SYLLABLE BBOEH
-	{0xBFB0, 0xBFB0, prLV},                     // Lo       HANGUL SYLLABLE BBYO
-	{0xBFB1, 0xBFCB, prLVT},                    // Lo  [27] HANGUL SYLLABLE BBYOG..HANGUL SYLLABLE BBYOH
-	{0xBFCC, 0xBFCC, prLV},                     // Lo       HANGUL SYLLABLE BBU
-	{0xBFCD, 0xBFE7, prLVT},                    // Lo  [27] HANGUL SYLLABLE BBUG..HANGUL SYLLABLE BBUH
-	{0xBFE8, 0xBFE8, prLV},                     // Lo       HANGUL SYLLABLE BBWEO
-	{0xBFE9, 0xC003, prLVT},                    // Lo  [27] HANGUL SYLLABLE BBWEOG..HANGUL SYLLABLE BBWEOH
-	{0xC004, 0xC004, prLV},                     // Lo       HANGUL SYLLABLE BBWE
-	{0xC005, 0xC01F, prLVT},                    // Lo  [27] HANGUL SYLLABLE BBWEG..HANGUL SYLLABLE BBWEH
-	{0xC020, 0xC020, prLV},                     // Lo       HANGUL SYLLABLE BBWI
-	{0xC021, 0xC03B, prLVT},                    // Lo  [27] HANGUL SYLLABLE BBWIG..HANGUL SYLLABLE BBWIH
-	{0xC03C, 0xC03C, prLV},                     // Lo       HANGUL SYLLABLE BBYU
-	{0xC03D, 0xC057, prLVT},                    // Lo  [27] HANGUL SYLLABLE BBYUG..HANGUL SYLLABLE BBYUH
-	{0xC058, 0xC058, prLV},                     // Lo       HANGUL SYLLABLE BBEU
-	{0xC059, 0xC073, prLVT},                    // Lo  [27] HANGUL SYLLABLE BBEUG..HANGUL SYLLABLE BBEUH
-	{0xC074, 0xC074, prLV},                     // Lo       HANGUL SYLLABLE BBYI
-	{0xC075, 0xC08F, prLVT},                    // Lo  [27] HANGUL SYLLABLE BBYIG..HANGUL SYLLABLE BBYIH
-	{0xC090, 0xC090, prLV},                     // Lo       HANGUL SYLLABLE BBI
-	{0xC091, 0xC0AB, prLVT},                    // Lo  [27] HANGUL SYLLABLE BBIG..HANGUL SYLLABLE BBIH
-	{0xC0AC, 0xC0AC, prLV},                     // Lo       HANGUL SYLLABLE SA
-	{0xC0AD, 0xC0C7, prLVT},                    // Lo  [27] HANGUL SYLLABLE SAG..HANGUL SYLLABLE SAH
-	{0xC0C8, 0xC0C8, prLV},                     // Lo       HANGUL SYLLABLE SAE
-	{0xC0C9, 0xC0E3, prLVT},                    // Lo  [27] HANGUL SYLLABLE SAEG..HANGUL SYLLABLE SAEH
-	{0xC0E4, 0xC0E4, prLV},                     // Lo       HANGUL SYLLABLE SYA
-	{0xC0E5, 0xC0FF, prLVT},                    // Lo  [27] HANGUL SYLLABLE SYAG..HANGUL SYLLABLE SYAH
-	{0xC100, 0xC100, prLV},                     // Lo       HANGUL SYLLABLE SYAE
-	{0xC101, 0xC11B, prLVT},                    // Lo  [27] HANGUL SYLLABLE SYAEG..HANGUL SYLLABLE SYAEH
-	{0xC11C, 0xC11C, prLV},                     // Lo       HANGUL SYLLABLE SEO
-	{0xC11D, 0xC137, prLVT},                    // Lo  [27] HANGUL SYLLABLE SEOG..HANGUL SYLLABLE SEOH
-	{0xC138, 0xC138, prLV},                     // Lo       HANGUL SYLLABLE SE
-	{0xC139, 0xC153, prLVT},                    // Lo  [27] HANGUL SYLLABLE SEG..HANGUL SYLLABLE SEH
-	{0xC154, 0xC154, prLV},                     // Lo       HANGUL SYLLABLE SYEO
-	{0xC155, 0xC16F, prLVT},                    // Lo  [27] HANGUL SYLLABLE SYEOG..HANGUL SYLLABLE SYEOH
-	{0xC170, 0xC170, prLV},                     // Lo       HANGUL SYLLABLE SYE
-	{0xC171, 0xC18B, prLVT},                    // Lo  [27] HANGUL SYLLABLE SYEG..HANGUL SYLLABLE SYEH
-	{0xC18C, 0xC18C, prLV},                     // Lo       HANGUL SYLLABLE SO
-	{0xC18D, 0xC1A7, prLVT},                    // Lo  [27] HANGUL SYLLABLE SOG..HANGUL SYLLABLE SOH
-	{0xC1A8, 0xC1A8, prLV},                     // Lo       HANGUL SYLLABLE SWA
-	{0xC1A9, 0xC1C3, prLVT},                    // Lo  [27] HANGUL SYLLABLE SWAG..HANGUL SYLLABLE SWAH
-	{0xC1C4, 0xC1C4, prLV},                     // Lo       HANGUL SYLLABLE SWAE
-	{0xC1C5, 0xC1DF, prLVT},                    // Lo  [27] HANGUL SYLLABLE SWAEG..HANGUL SYLLABLE SWAEH
-	{0xC1E0, 0xC1E0, prLV},                     // Lo       HANGUL SYLLABLE SOE
-	{0xC1E1, 0xC1FB, prLVT},                    // Lo  [27] HANGUL SYLLABLE SOEG..HANGUL SYLLABLE SOEH
-	{0xC1FC, 0xC1FC, prLV},                     // Lo       HANGUL SYLLABLE SYO
-	{0xC1FD, 0xC217, prLVT},                    // Lo  [27] HANGUL SYLLABLE SYOG..HANGUL SYLLABLE SYOH
-	{0xC218, 0xC218, prLV},                     // Lo       HANGUL SYLLABLE SU
-	{0xC219, 0xC233, prLVT},                    // Lo  [27] HANGUL SYLLABLE SUG..HANGUL SYLLABLE SUH
-	{0xC234, 0xC234, prLV},                     // Lo       HANGUL SYLLABLE SWEO
-	{0xC235, 0xC24F, prLVT},                    // Lo  [27] HANGUL SYLLABLE SWEOG..HANGUL SYLLABLE SWEOH
-	{0xC250, 0xC250, prLV},                     // Lo       HANGUL SYLLABLE SWE
-	{0xC251, 0xC26B, prLVT},                    // Lo  [27] HANGUL SYLLABLE SWEG..HANGUL SYLLABLE SWEH
-	{0xC26C, 0xC26C, prLV},                     // Lo       HANGUL SYLLABLE SWI
-	{0xC26D, 0xC287, prLVT},                    // Lo  [27] HANGUL SYLLABLE SWIG..HANGUL SYLLABLE SWIH
-	{0xC288, 0xC288, prLV},                     // Lo       HANGUL SYLLABLE SYU
-	{0xC289, 0xC2A3, prLVT},                    // Lo  [27] HANGUL SYLLABLE SYUG..HANGUL SYLLABLE SYUH
-	{0xC2A4, 0xC2A4, prLV},                     // Lo       HANGUL SYLLABLE SEU
-	{0xC2A5, 0xC2BF, prLVT},                    // Lo  [27] HANGUL SYLLABLE SEUG..HANGUL SYLLABLE SEUH
-	{0xC2C0, 0xC2C0, prLV},                     // Lo       HANGUL SYLLABLE SYI
-	{0xC2C1, 0xC2DB, prLVT},                    // Lo  [27] HANGUL SYLLABLE SYIG..HANGUL SYLLABLE SYIH
-	{0xC2DC, 0xC2DC, prLV},                     // Lo       HANGUL SYLLABLE SI
-	{0xC2DD, 0xC2F7, prLVT},                    // Lo  [27] HANGUL SYLLABLE SIG..HANGUL SYLLABLE SIH
-	{0xC2F8, 0xC2F8, prLV},                     // Lo       HANGUL SYLLABLE SSA
-	{0xC2F9, 0xC313, prLVT},                    // Lo  [27] HANGUL SYLLABLE SSAG..HANGUL SYLLABLE SSAH
-	{0xC314, 0xC314, prLV},                     // Lo       HANGUL SYLLABLE SSAE
-	{0xC315, 0xC32F, prLVT},                    // Lo  [27] HANGUL SYLLABLE SSAEG..HANGUL SYLLABLE SSAEH
-	{0xC330, 0xC330, prLV},                     // Lo       HANGUL SYLLABLE SSYA
-	{0xC331, 0xC34B, prLVT},                    // Lo  [27] HANGUL SYLLABLE SSYAG..HANGUL SYLLABLE SSYAH
-	{0xC34C, 0xC34C, prLV},                     // Lo       HANGUL SYLLABLE SSYAE
-	{0xC34D, 0xC367, prLVT},                    // Lo  [27] HANGUL SYLLABLE SSYAEG..HANGUL SYLLABLE SSYAEH
-	{0xC368, 0xC368, prLV},                     // Lo       HANGUL SYLLABLE SSEO
-	{0xC369, 0xC383, prLVT},                    // Lo  [27] HANGUL SYLLABLE SSEOG..HANGUL SYLLABLE SSEOH
-	{0xC384, 0xC384, prLV},                     // Lo       HANGUL SYLLABLE SSE
-	{0xC385, 0xC39F, prLVT},                    // Lo  [27] HANGUL SYLLABLE SSEG..HANGUL SYLLABLE SSEH
-	{0xC3A0, 0xC3A0, prLV},                     // Lo       HANGUL SYLLABLE SSYEO
-	{0xC3A1, 0xC3BB, prLVT},                    // Lo  [27] HANGUL SYLLABLE SSYEOG..HANGUL SYLLABLE SSYEOH
-	{0xC3BC, 0xC3BC, prLV},                     // Lo       HANGUL SYLLABLE SSYE
-	{0xC3BD, 0xC3D7, prLVT},                    // Lo  [27] HANGUL SYLLABLE SSYEG..HANGUL SYLLABLE SSYEH
-	{0xC3D8, 0xC3D8, prLV},                     // Lo       HANGUL SYLLABLE SSO
-	{0xC3D9, 0xC3F3, prLVT},                    // Lo  [27] HANGUL SYLLABLE SSOG..HANGUL SYLLABLE SSOH
-	{0xC3F4, 0xC3F4, prLV},                     // Lo       HANGUL SYLLABLE SSWA
-	{0xC3F5, 0xC40F, prLVT},                    // Lo  [27] HANGUL SYLLABLE SSWAG..HANGUL SYLLABLE SSWAH
-	{0xC410, 0xC410, prLV},                     // Lo       HANGUL SYLLABLE SSWAE
-	{0xC411, 0xC42B, prLVT},                    // Lo  [27] HANGUL SYLLABLE SSWAEG..HANGUL SYLLABLE SSWAEH
-	{0xC42C, 0xC42C, prLV},                     // Lo       HANGUL SYLLABLE SSOE
-	{0xC42D, 0xC447, prLVT},                    // Lo  [27] HANGUL SYLLABLE SSOEG..HANGUL SYLLABLE SSOEH
-	{0xC448, 0xC448, prLV},                     // Lo       HANGUL SYLLABLE SSYO
-	{0xC449, 0xC463, prLVT},                    // Lo  [27] HANGUL SYLLABLE SSYOG..HANGUL SYLLABLE SSYOH
-	{0xC464, 0xC464, prLV},                     // Lo       HANGUL SYLLABLE SSU
-	{0xC465, 0xC47F, prLVT},                    // Lo  [27] HANGUL SYLLABLE SSUG..HANGUL SYLLABLE SSUH
-	{0xC480, 0xC480, prLV},                     // Lo       HANGUL SYLLABLE SSWEO
-	{0xC481, 0xC49B, prLVT},                    // Lo  [27] HANGUL SYLLABLE SSWEOG..HANGUL SYLLABLE SSWEOH
-	{0xC49C, 0xC49C, prLV},                     // Lo       HANGUL SYLLABLE SSWE
-	{0xC49D, 0xC4B7, prLVT},                    // Lo  [27] HANGUL SYLLABLE SSWEG..HANGUL SYLLABLE SSWEH
-	{0xC4B8, 0xC4B8, prLV},                     // Lo       HANGUL SYLLABLE SSWI
-	{0xC4B9, 0xC4D3, prLVT},                    // Lo  [27] HANGUL SYLLABLE SSWIG..HANGUL SYLLABLE SSWIH
-	{0xC4D4, 0xC4D4, prLV},                     // Lo       HANGUL SYLLABLE SSYU
-	{0xC4D5, 0xC4EF, prLVT},                    // Lo  [27] HANGUL SYLLABLE SSYUG..HANGUL SYLLABLE SSYUH
-	{0xC4F0, 0xC4F0, prLV},                     // Lo       HANGUL SYLLABLE SSEU
-	{0xC4F1, 0xC50B, prLVT},                    // Lo  [27] HANGUL SYLLABLE SSEUG..HANGUL SYLLABLE SSEUH
-	{0xC50C, 0xC50C, prLV},                     // Lo       HANGUL SYLLABLE SSYI
-	{0xC50D, 0xC527, prLVT},                    // Lo  [27] HANGUL SYLLABLE SSYIG..HANGUL SYLLABLE SSYIH
-	{0xC528, 0xC528, prLV},                     // Lo       HANGUL SYLLABLE SSI
-	{0xC529, 0xC543, prLVT},                    // Lo  [27] HANGUL SYLLABLE SSIG..HANGUL SYLLABLE SSIH
-	{0xC544, 0xC544, prLV},                     // Lo       HANGUL SYLLABLE A
-	{0xC545, 0xC55F, prLVT},                    // Lo  [27] HANGUL SYLLABLE AG..HANGUL SYLLABLE AH
-	{0xC560, 0xC560, prLV},                     // Lo       HANGUL SYLLABLE AE
-	{0xC561, 0xC57B, prLVT},                    // Lo  [27] HANGUL SYLLABLE AEG..HANGUL SYLLABLE AEH
-	{0xC57C, 0xC57C, prLV},                     // Lo       HANGUL SYLLABLE YA
-	{0xC57D, 0xC597, prLVT},                    // Lo  [27] HANGUL SYLLABLE YAG..HANGUL SYLLABLE YAH
-	{0xC598, 0xC598, prLV},                     // Lo       HANGUL SYLLABLE YAE
-	{0xC599, 0xC5B3, prLVT},                    // Lo  [27] HANGUL SYLLABLE YAEG..HANGUL SYLLABLE YAEH
-	{0xC5B4, 0xC5B4, prLV},                     // Lo       HANGUL SYLLABLE EO
-	{0xC5B5, 0xC5CF, prLVT},                    // Lo  [27] HANGUL SYLLABLE EOG..HANGUL SYLLABLE EOH
-	{0xC5D0, 0xC5D0, prLV},                     // Lo       HANGUL SYLLABLE E
-	{0xC5D1, 0xC5EB, prLVT},                    // Lo  [27] HANGUL SYLLABLE EG..HANGUL SYLLABLE EH
-	{0xC5EC, 0xC5EC, prLV},                     // Lo       HANGUL SYLLABLE YEO
-	{0xC5ED, 0xC607, prLVT},                    // Lo  [27] HANGUL SYLLABLE YEOG..HANGUL SYLLABLE YEOH
-	{0xC608, 0xC608, prLV},                     // Lo       HANGUL SYLLABLE YE
-	{0xC609, 0xC623, prLVT},                    // Lo  [27] HANGUL SYLLABLE YEG..HANGUL SYLLABLE YEH
-	{0xC624, 0xC624, prLV},                     // Lo       HANGUL SYLLABLE O
-	{0xC625, 0xC63F, prLVT},                    // Lo  [27] HANGUL SYLLABLE OG..HANGUL SYLLABLE OH
-	{0xC640, 0xC640, prLV},                     // Lo       HANGUL SYLLABLE WA
-	{0xC641, 0xC65B, prLVT},                    // Lo  [27] HANGUL SYLLABLE WAG..HANGUL SYLLABLE WAH
-	{0xC65C, 0xC65C, prLV},                     // Lo       HANGUL SYLLABLE WAE
-	{0xC65D, 0xC677, prLVT},                    // Lo  [27] HANGUL SYLLABLE WAEG..HANGUL SYLLABLE WAEH
-	{0xC678, 0xC678, prLV},                     // Lo       HANGUL SYLLABLE OE
-	{0xC679, 0xC693, prLVT},                    // Lo  [27] HANGUL SYLLABLE OEG..HANGUL SYLLABLE OEH
-	{0xC694, 0xC694, prLV},                     // Lo       HANGUL SYLLABLE YO
-	{0xC695, 0xC6AF, prLVT},                    // Lo  [27] HANGUL SYLLABLE YOG..HANGUL SYLLABLE YOH
-	{0xC6B0, 0xC6B0, prLV},                     // Lo       HANGUL SYLLABLE U
-	{0xC6B1, 0xC6CB, prLVT},                    // Lo  [27] HANGUL SYLLABLE UG..HANGUL SYLLABLE UH
-	{0xC6CC, 0xC6CC, prLV},                     // Lo       HANGUL SYLLABLE WEO
-	{0xC6CD, 0xC6E7, prLVT},                    // Lo  [27] HANGUL SYLLABLE WEOG..HANGUL SYLLABLE WEOH
-	{0xC6E8, 0xC6E8, prLV},                     // Lo       HANGUL SYLLABLE WE
-	{0xC6E9, 0xC703, prLVT},                    // Lo  [27] HANGUL SYLLABLE WEG..HANGUL SYLLABLE WEH
-	{0xC704, 0xC704, prLV},                     // Lo       HANGUL SYLLABLE WI
-	{0xC705, 0xC71F, prLVT},                    // Lo  [27] HANGUL SYLLABLE WIG..HANGUL SYLLABLE WIH
-	{0xC720, 0xC720, prLV},                     // Lo       HANGUL SYLLABLE YU
-	{0xC721, 0xC73B, prLVT},                    // Lo  [27] HANGUL SYLLABLE YUG..HANGUL SYLLABLE YUH
-	{0xC73C, 0xC73C, prLV},                     // Lo       HANGUL SYLLABLE EU
-	{0xC73D, 0xC757, prLVT},                    // Lo  [27] HANGUL SYLLABLE EUG..HANGUL SYLLABLE EUH
-	{0xC758, 0xC758, prLV},                     // Lo       HANGUL SYLLABLE YI
-	{0xC759, 0xC773, prLVT},                    // Lo  [27] HANGUL SYLLABLE YIG..HANGUL SYLLABLE YIH
-	{0xC774, 0xC774, prLV},                     // Lo       HANGUL SYLLABLE I
-	{0xC775, 0xC78F, prLVT},                    // Lo  [27] HANGUL SYLLABLE IG..HANGUL SYLLABLE IH
-	{0xC790, 0xC790, prLV},                     // Lo       HANGUL SYLLABLE JA
-	{0xC791, 0xC7AB, prLVT},                    // Lo  [27] HANGUL SYLLABLE JAG..HANGUL SYLLABLE JAH
-	{0xC7AC, 0xC7AC, prLV},                     // Lo       HANGUL SYLLABLE JAE
-	{0xC7AD, 0xC7C7, prLVT},                    // Lo  [27] HANGUL SYLLABLE JAEG..HANGUL SYLLABLE JAEH
-	{0xC7C8, 0xC7C8, prLV},                     // Lo       HANGUL SYLLABLE JYA
-	{0xC7C9, 0xC7E3, prLVT},                    // Lo  [27] HANGUL SYLLABLE JYAG..HANGUL SYLLABLE JYAH
-	{0xC7E4, 0xC7E4, prLV},                     // Lo       HANGUL SYLLABLE JYAE
-	{0xC7E5, 0xC7FF, prLVT},                    // Lo  [27] HANGUL SYLLABLE JYAEG..HANGUL SYLLABLE JYAEH
-	{0xC800, 0xC800, prLV},                     // Lo       HANGUL SYLLABLE JEO
-	{0xC801, 0xC81B, prLVT},                    // Lo  [27] HANGUL SYLLABLE JEOG..HANGUL SYLLABLE JEOH
-	{0xC81C, 0xC81C, prLV},                     // Lo       HANGUL SYLLABLE JE
-	{0xC81D, 0xC837, prLVT},                    // Lo  [27] HANGUL SYLLABLE JEG..HANGUL SYLLABLE JEH
-	{0xC838, 0xC838, prLV},                     // Lo       HANGUL SYLLABLE JYEO
-	{0xC839, 0xC853, prLVT},                    // Lo  [27] HANGUL SYLLABLE JYEOG..HANGUL SYLLABLE JYEOH
-	{0xC854, 0xC854, prLV},                     // Lo       HANGUL SYLLABLE JYE
-	{0xC855, 0xC86F, prLVT},                    // Lo  [27] HANGUL SYLLABLE JYEG..HANGUL SYLLABLE JYEH
-	{0xC870, 0xC870, prLV},                     // Lo       HANGUL SYLLABLE JO
-	{0xC871, 0xC88B, prLVT},                    // Lo  [27] HANGUL SYLLABLE JOG..HANGUL SYLLABLE JOH
-	{0xC88C, 0xC88C, prLV},                     // Lo       HANGUL SYLLABLE JWA
-	{0xC88D, 0xC8A7, prLVT},                    // Lo  [27] HANGUL SYLLABLE JWAG..HANGUL SYLLABLE JWAH
-	{0xC8A8, 0xC8A8, prLV},                     // Lo       HANGUL SYLLABLE JWAE
-	{0xC8A9, 0xC8C3, prLVT},                    // Lo  [27] HANGUL SYLLABLE JWAEG..HANGUL SYLLABLE JWAEH
-	{0xC8C4, 0xC8C4, prLV},                     // Lo       HANGUL SYLLABLE JOE
-	{0xC8C5, 0xC8DF, prLVT},                    // Lo  [27] HANGUL SYLLABLE JOEG..HANGUL SYLLABLE JOEH
-	{0xC8E0, 0xC8E0, prLV},                     // Lo       HANGUL SYLLABLE JYO
-	{0xC8E1, 0xC8FB, prLVT},                    // Lo  [27] HANGUL SYLLABLE JYOG..HANGUL SYLLABLE JYOH
-	{0xC8FC, 0xC8FC, prLV},                     // Lo       HANGUL SYLLABLE JU
-	{0xC8FD, 0xC917, prLVT},                    // Lo  [27] HANGUL SYLLABLE JUG..HANGUL SYLLABLE JUH
-	{0xC918, 0xC918, prLV},                     // Lo       HANGUL SYLLABLE JWEO
-	{0xC919, 0xC933, prLVT},                    // Lo  [27] HANGUL SYLLABLE JWEOG..HANGUL SYLLABLE JWEOH
-	{0xC934, 0xC934, prLV},                     // Lo       HANGUL SYLLABLE JWE
-	{0xC935, 0xC94F, prLVT},                    // Lo  [27] HANGUL SYLLABLE JWEG..HANGUL SYLLABLE JWEH
-	{0xC950, 0xC950, prLV},                     // Lo       HANGUL SYLLABLE JWI
-	{0xC951, 0xC96B, prLVT},                    // Lo  [27] HANGUL SYLLABLE JWIG..HANGUL SYLLABLE JWIH
-	{0xC96C, 0xC96C, prLV},                     // Lo       HANGUL SYLLABLE JYU
-	{0xC96D, 0xC987, prLVT},                    // Lo  [27] HANGUL SYLLABLE JYUG..HANGUL SYLLABLE JYUH
-	{0xC988, 0xC988, prLV},                     // Lo       HANGUL SYLLABLE JEU
-	{0xC989, 0xC9A3, prLVT},                    // Lo  [27] HANGUL SYLLABLE JEUG..HANGUL SYLLABLE JEUH
-	{0xC9A4, 0xC9A4, prLV},                     // Lo       HANGUL SYLLABLE JYI
-	{0xC9A5, 0xC9BF, prLVT},                    // Lo  [27] HANGUL SYLLABLE JYIG..HANGUL SYLLABLE JYIH
-	{0xC9C0, 0xC9C0, prLV},                     // Lo       HANGUL SYLLABLE JI
-	{0xC9C1, 0xC9DB, prLVT},                    // Lo  [27] HANGUL SYLLABLE JIG..HANGUL SYLLABLE JIH
-	{0xC9DC, 0xC9DC, prLV},                     // Lo       HANGUL SYLLABLE JJA
-	{0xC9DD, 0xC9F7, prLVT},                    // Lo  [27] HANGUL SYLLABLE JJAG..HANGUL SYLLABLE JJAH
-	{0xC9F8, 0xC9F8, prLV},                     // Lo       HANGUL SYLLABLE JJAE
-	{0xC9F9, 0xCA13, prLVT},                    // Lo  [27] HANGUL SYLLABLE JJAEG..HANGUL SYLLABLE JJAEH
-	{0xCA14, 0xCA14, prLV},                     // Lo       HANGUL SYLLABLE JJYA
-	{0xCA15, 0xCA2F, prLVT},                    // Lo  [27] HANGUL SYLLABLE JJYAG..HANGUL SYLLABLE JJYAH
-	{0xCA30, 0xCA30, prLV},                     // Lo       HANGUL SYLLABLE JJYAE
-	{0xCA31, 0xCA4B, prLVT},                    // Lo  [27] HANGUL SYLLABLE JJYAEG..HANGUL SYLLABLE JJYAEH
-	{0xCA4C, 0xCA4C, prLV},                     // Lo       HANGUL SYLLABLE JJEO
-	{0xCA4D, 0xCA67, prLVT},                    // Lo  [27] HANGUL SYLLABLE JJEOG..HANGUL SYLLABLE JJEOH
-	{0xCA68, 0xCA68, prLV},                     // Lo       HANGUL SYLLABLE JJE
-	{0xCA69, 0xCA83, prLVT},                    // Lo  [27] HANGUL SYLLABLE JJEG..HANGUL SYLLABLE JJEH
-	{0xCA84, 0xCA84, prLV},                     // Lo       HANGUL SYLLABLE JJYEO
-	{0xCA85, 0xCA9F, prLVT},                    // Lo  [27] HANGUL SYLLABLE JJYEOG..HANGUL SYLLABLE JJYEOH
-	{0xCAA0, 0xCAA0, prLV},                     // Lo       HANGUL SYLLABLE JJYE
-	{0xCAA1, 0xCABB, prLVT},                    // Lo  [27] HANGUL SYLLABLE JJYEG..HANGUL SYLLABLE JJYEH
-	{0xCABC, 0xCABC, prLV},                     // Lo       HANGUL SYLLABLE JJO
-	{0xCABD, 0xCAD7, prLVT},                    // Lo  [27] HANGUL SYLLABLE JJOG..HANGUL SYLLABLE JJOH
-	{0xCAD8, 0xCAD8, prLV},                     // Lo       HANGUL SYLLABLE JJWA
-	{0xCAD9, 0xCAF3, prLVT},                    // Lo  [27] HANGUL SYLLABLE JJWAG..HANGUL SYLLABLE JJWAH
-	{0xCAF4, 0xCAF4, prLV},                     // Lo       HANGUL SYLLABLE JJWAE
-	{0xCAF5, 0xCB0F, prLVT},                    // Lo  [27] HANGUL SYLLABLE JJWAEG..HANGUL SYLLABLE JJWAEH
-	{0xCB10, 0xCB10, prLV},                     // Lo       HANGUL SYLLABLE JJOE
-	{0xCB11, 0xCB2B, prLVT},                    // Lo  [27] HANGUL SYLLABLE JJOEG..HANGUL SYLLABLE JJOEH
-	{0xCB2C, 0xCB2C, prLV},                     // Lo       HANGUL SYLLABLE JJYO
-	{0xCB2D, 0xCB47, prLVT},                    // Lo  [27] HANGUL SYLLABLE JJYOG..HANGUL SYLLABLE JJYOH
-	{0xCB48, 0xCB48, prLV},                     // Lo       HANGUL SYLLABLE JJU
-	{0xCB49, 0xCB63, prLVT},                    // Lo  [27] HANGUL SYLLABLE JJUG..HANGUL SYLLABLE JJUH
-	{0xCB64, 0xCB64, prLV},                     // Lo       HANGUL SYLLABLE JJWEO
-	{0xCB65, 0xCB7F, prLVT},                    // Lo  [27] HANGUL SYLLABLE JJWEOG..HANGUL SYLLABLE JJWEOH
-	{0xCB80, 0xCB80, prLV},                     // Lo       HANGUL SYLLABLE JJWE
-	{0xCB81, 0xCB9B, prLVT},                    // Lo  [27] HANGUL SYLLABLE JJWEG..HANGUL SYLLABLE JJWEH
-	{0xCB9C, 0xCB9C, prLV},                     // Lo       HANGUL SYLLABLE JJWI
-	{0xCB9D, 0xCBB7, prLVT},                    // Lo  [27] HANGUL SYLLABLE JJWIG..HANGUL SYLLABLE JJWIH
-	{0xCBB8, 0xCBB8, prLV},                     // Lo       HANGUL SYLLABLE JJYU
-	{0xCBB9, 0xCBD3, prLVT},                    // Lo  [27] HANGUL SYLLABLE JJYUG..HANGUL SYLLABLE JJYUH
-	{0xCBD4, 0xCBD4, prLV},                     // Lo       HANGUL SYLLABLE JJEU
-	{0xCBD5, 0xCBEF, prLVT},                    // Lo  [27] HANGUL SYLLABLE JJEUG..HANGUL SYLLABLE JJEUH
-	{0xCBF0, 0xCBF0, prLV},                     // Lo       HANGUL SYLLABLE JJYI
-	{0xCBF1, 0xCC0B, prLVT},                    // Lo  [27] HANGUL SYLLABLE JJYIG..HANGUL SYLLABLE JJYIH
-	{0xCC0C, 0xCC0C, prLV},                     // Lo       HANGUL SYLLABLE JJI
-	{0xCC0D, 0xCC27, prLVT},                    // Lo  [27] HANGUL SYLLABLE JJIG..HANGUL SYLLABLE JJIH
-	{0xCC28, 0xCC28, prLV},                     // Lo       HANGUL SYLLABLE CA
-	{0xCC29, 0xCC43, prLVT},                    // Lo  [27] HANGUL SYLLABLE CAG..HANGUL SYLLABLE CAH
-	{0xCC44, 0xCC44, prLV},                     // Lo       HANGUL SYLLABLE CAE
-	{0xCC45, 0xCC5F, prLVT},                    // Lo  [27] HANGUL SYLLABLE CAEG..HANGUL SYLLABLE CAEH
-	{0xCC60, 0xCC60, prLV},                     // Lo       HANGUL SYLLABLE CYA
-	{0xCC61, 0xCC7B, prLVT},                    // Lo  [27] HANGUL SYLLABLE CYAG..HANGUL SYLLABLE CYAH
-	{0xCC7C, 0xCC7C, prLV},                     // Lo       HANGUL SYLLABLE CYAE
-	{0xCC7D, 0xCC97, prLVT},                    // Lo  [27] HANGUL SYLLABLE CYAEG..HANGUL SYLLABLE CYAEH
-	{0xCC98, 0xCC98, prLV},                     // Lo       HANGUL SYLLABLE CEO
-	{0xCC99, 0xCCB3, prLVT},                    // Lo  [27] HANGUL SYLLABLE CEOG..HANGUL SYLLABLE CEOH
-	{0xCCB4, 0xCCB4, prLV},                     // Lo       HANGUL SYLLABLE CE
-	{0xCCB5, 0xCCCF, prLVT},                    // Lo  [27] HANGUL SYLLABLE CEG..HANGUL SYLLABLE CEH
-	{0xCCD0, 0xCCD0, prLV},                     // Lo       HANGUL SYLLABLE CYEO
-	{0xCCD1, 0xCCEB, prLVT},                    // Lo  [27] HANGUL SYLLABLE CYEOG..HANGUL SYLLABLE CYEOH
-	{0xCCEC, 0xCCEC, prLV},                     // Lo       HANGUL SYLLABLE CYE
-	{0xCCED, 0xCD07, prLVT},                    // Lo  [27] HANGUL SYLLABLE CYEG..HANGUL SYLLABLE CYEH
-	{0xCD08, 0xCD08, prLV},                     // Lo       HANGUL SYLLABLE CO
-	{0xCD09, 0xCD23, prLVT},                    // Lo  [27] HANGUL SYLLABLE COG..HANGUL SYLLABLE COH
-	{0xCD24, 0xCD24, prLV},                     // Lo       HANGUL SYLLABLE CWA
-	{0xCD25, 0xCD3F, prLVT},                    // Lo  [27] HANGUL SYLLABLE CWAG..HANGUL SYLLABLE CWAH
-	{0xCD40, 0xCD40, prLV},                     // Lo       HANGUL SYLLABLE CWAE
-	{0xCD41, 0xCD5B, prLVT},                    // Lo  [27] HANGUL SYLLABLE CWAEG..HANGUL SYLLABLE CWAEH
-	{0xCD5C, 0xCD5C, prLV},                     // Lo       HANGUL SYLLABLE COE
-	{0xCD5D, 0xCD77, prLVT},                    // Lo  [27] HANGUL SYLLABLE COEG..HANGUL SYLLABLE COEH
-	{0xCD78, 0xCD78, prLV},                     // Lo       HANGUL SYLLABLE CYO
-	{0xCD79, 0xCD93, prLVT},                    // Lo  [27] HANGUL SYLLABLE CYOG..HANGUL SYLLABLE CYOH
-	{0xCD94, 0xCD94, prLV},                     // Lo       HANGUL SYLLABLE CU
-	{0xCD95, 0xCDAF, prLVT},                    // Lo  [27] HANGUL SYLLABLE CUG..HANGUL SYLLABLE CUH
-	{0xCDB0, 0xCDB0, prLV},                     // Lo       HANGUL SYLLABLE CWEO
-	{0xCDB1, 0xCDCB, prLVT},                    // Lo  [27] HANGUL SYLLABLE CWEOG..HANGUL SYLLABLE CWEOH
-	{0xCDCC, 0xCDCC, prLV},                     // Lo       HANGUL SYLLABLE CWE
-	{0xCDCD, 0xCDE7, prLVT},                    // Lo  [27] HANGUL SYLLABLE CWEG..HANGUL SYLLABLE CWEH
-	{0xCDE8, 0xCDE8, prLV},                     // Lo       HANGUL SYLLABLE CWI
-	{0xCDE9, 0xCE03, prLVT},                    // Lo  [27] HANGUL SYLLABLE CWIG..HANGUL SYLLABLE CWIH
-	{0xCE04, 0xCE04, prLV},                     // Lo       HANGUL SYLLABLE CYU
-	{0xCE05, 0xCE1F, prLVT},                    // Lo  [27] HANGUL SYLLABLE CYUG..HANGUL SYLLABLE CYUH
-	{0xCE20, 0xCE20, prLV},                     // Lo       HANGUL SYLLABLE CEU
-	{0xCE21, 0xCE3B, prLVT},                    // Lo  [27] HANGUL SYLLABLE CEUG..HANGUL SYLLABLE CEUH
-	{0xCE3C, 0xCE3C, prLV},                     // Lo       HANGUL SYLLABLE CYI
-	{0xCE3D, 0xCE57, prLVT},                    // Lo  [27] HANGUL SYLLABLE CYIG..HANGUL SYLLABLE CYIH
-	{0xCE58, 0xCE58, prLV},                     // Lo       HANGUL SYLLABLE CI
-	{0xCE59, 0xCE73, prLVT},                    // Lo  [27] HANGUL SYLLABLE CIG..HANGUL SYLLABLE CIH
-	{0xCE74, 0xCE74, prLV},                     // Lo       HANGUL SYLLABLE KA
-	{0xCE75, 0xCE8F, prLVT},                    // Lo  [27] HANGUL SYLLABLE KAG..HANGUL SYLLABLE KAH
-	{0xCE90, 0xCE90, prLV},                     // Lo       HANGUL SYLLABLE KAE
-	{0xCE91, 0xCEAB, prLVT},                    // Lo  [27] HANGUL SYLLABLE KAEG..HANGUL SYLLABLE KAEH
-	{0xCEAC, 0xCEAC, prLV},                     // Lo       HANGUL SYLLABLE KYA
-	{0xCEAD, 0xCEC7, prLVT},                    // Lo  [27] HANGUL SYLLABLE KYAG..HANGUL SYLLABLE KYAH
-	{0xCEC8, 0xCEC8, prLV},                     // Lo       HANGUL SYLLABLE KYAE
-	{0xCEC9, 0xCEE3, prLVT},                    // Lo  [27] HANGUL SYLLABLE KYAEG..HANGUL SYLLABLE KYAEH
-	{0xCEE4, 0xCEE4, prLV},                     // Lo       HANGUL SYLLABLE KEO
-	{0xCEE5, 0xCEFF, prLVT},                    // Lo  [27] HANGUL SYLLABLE KEOG..HANGUL SYLLABLE KEOH
-	{0xCF00, 0xCF00, prLV},                     // Lo       HANGUL SYLLABLE KE
-	{0xCF01, 0xCF1B, prLVT},                    // Lo  [27] HANGUL SYLLABLE KEG..HANGUL SYLLABLE KEH
-	{0xCF1C, 0xCF1C, prLV},                     // Lo       HANGUL SYLLABLE KYEO
-	{0xCF1D, 0xCF37, prLVT},                    // Lo  [27] HANGUL SYLLABLE KYEOG..HANGUL SYLLABLE KYEOH
-	{0xCF38, 0xCF38, prLV},                     // Lo       HANGUL SYLLABLE KYE
-	{0xCF39, 0xCF53, prLVT},                    // Lo  [27] HANGUL SYLLABLE KYEG..HANGUL SYLLABLE KYEH
-	{0xCF54, 0xCF54, prLV},                     // Lo       HANGUL SYLLABLE KO
-	{0xCF55, 0xCF6F, prLVT},                    // Lo  [27] HANGUL SYLLABLE KOG..HANGUL SYLLABLE KOH
-	{0xCF70, 0xCF70, prLV},                     // Lo       HANGUL SYLLABLE KWA
-	{0xCF71, 0xCF8B, prLVT},                    // Lo  [27] HANGUL SYLLABLE KWAG..HANGUL SYLLABLE KWAH
-	{0xCF8C, 0xCF8C, prLV},                     // Lo       HANGUL SYLLABLE KWAE
-	{0xCF8D, 0xCFA7, prLVT},                    // Lo  [27] HANGUL SYLLABLE KWAEG..HANGUL SYLLABLE KWAEH
-	{0xCFA8, 0xCFA8, prLV},                     // Lo       HANGUL SYLLABLE KOE
-	{0xCFA9, 0xCFC3, prLVT},                    // Lo  [27] HANGUL SYLLABLE KOEG..HANGUL SYLLABLE KOEH
-	{0xCFC4, 0xCFC4, prLV},                     // Lo       HANGUL SYLLABLE KYO
-	{0xCFC5, 0xCFDF, prLVT},                    // Lo  [27] HANGUL SYLLABLE KYOG..HANGUL SYLLABLE KYOH
-	{0xCFE0, 0xCFE0, prLV},                     // Lo       HANGUL SYLLABLE KU
-	{0xCFE1, 0xCFFB, prLVT},                    // Lo  [27] HANGUL SYLLABLE KUG..HANGUL SYLLABLE KUH
-	{0xCFFC, 0xCFFC, prLV},                     // Lo       HANGUL SYLLABLE KWEO
-	{0xCFFD, 0xD017, prLVT},                    // Lo  [27] HANGUL SYLLABLE KWEOG..HANGUL SYLLABLE KWEOH
-	{0xD018, 0xD018, prLV},                     // Lo       HANGUL SYLLABLE KWE
-	{0xD019, 0xD033, prLVT},                    // Lo  [27] HANGUL SYLLABLE KWEG..HANGUL SYLLABLE KWEH
-	{0xD034, 0xD034, prLV},                     // Lo       HANGUL SYLLABLE KWI
-	{0xD035, 0xD04F, prLVT},                    // Lo  [27] HANGUL SYLLABLE KWIG..HANGUL SYLLABLE KWIH
-	{0xD050, 0xD050, prLV},                     // Lo       HANGUL SYLLABLE KYU
-	{0xD051, 0xD06B, prLVT},                    // Lo  [27] HANGUL SYLLABLE KYUG..HANGUL SYLLABLE KYUH
-	{0xD06C, 0xD06C, prLV},                     // Lo       HANGUL SYLLABLE KEU
-	{0xD06D, 0xD087, prLVT},                    // Lo  [27] HANGUL SYLLABLE KEUG..HANGUL SYLLABLE KEUH
-	{0xD088, 0xD088, prLV},                     // Lo       HANGUL SYLLABLE KYI
-	{0xD089, 0xD0A3, prLVT},                    // Lo  [27] HANGUL SYLLABLE KYIG..HANGUL SYLLABLE KYIH
-	{0xD0A4, 0xD0A4, prLV},                     // Lo       HANGUL SYLLABLE KI
-	{0xD0A5, 0xD0BF, prLVT},                    // Lo  [27] HANGUL SYLLABLE KIG..HANGUL SYLLABLE KIH
-	{0xD0C0, 0xD0C0, prLV},                     // Lo       HANGUL SYLLABLE TA
-	{0xD0C1, 0xD0DB, prLVT},                    // Lo  [27] HANGUL SYLLABLE TAG..HANGUL SYLLABLE TAH
-	{0xD0DC, 0xD0DC, prLV},                     // Lo       HANGUL SYLLABLE TAE
-	{0xD0DD, 0xD0F7, prLVT},                    // Lo  [27] HANGUL SYLLABLE TAEG..HANGUL SYLLABLE TAEH
-	{0xD0F8, 0xD0F8, prLV},                     // Lo       HANGUL SYLLABLE TYA
-	{0xD0F9, 0xD113, prLVT},                    // Lo  [27] HANGUL SYLLABLE TYAG..HANGUL SYLLABLE TYAH
-	{0xD114, 0xD114, prLV},                     // Lo       HANGUL SYLLABLE TYAE
-	{0xD115, 0xD12F, prLVT},                    // Lo  [27] HANGUL SYLLABLE TYAEG..HANGUL SYLLABLE TYAEH
-	{0xD130, 0xD130, prLV},                     // Lo       HANGUL SYLLABLE TEO
-	{0xD131, 0xD14B, prLVT},                    // Lo  [27] HANGUL SYLLABLE TEOG..HANGUL SYLLABLE TEOH
-	{0xD14C, 0xD14C, prLV},                     // Lo       HANGUL SYLLABLE TE
-	{0xD14D, 0xD167, prLVT},                    // Lo  [27] HANGUL SYLLABLE TEG..HANGUL SYLLABLE TEH
-	{0xD168, 0xD168, prLV},                     // Lo       HANGUL SYLLABLE TYEO
-	{0xD169, 0xD183, prLVT},                    // Lo  [27] HANGUL SYLLABLE TYEOG..HANGUL SYLLABLE TYEOH
-	{0xD184, 0xD184, prLV},                     // Lo       HANGUL SYLLABLE TYE
-	{0xD185, 0xD19F, prLVT},                    // Lo  [27] HANGUL SYLLABLE TYEG..HANGUL SYLLABLE TYEH
-	{0xD1A0, 0xD1A0, prLV},                     // Lo       HANGUL SYLLABLE TO
-	{0xD1A1, 0xD1BB, prLVT},                    // Lo  [27] HANGUL SYLLABLE TOG..HANGUL SYLLABLE TOH
-	{0xD1BC, 0xD1BC, prLV},                     // Lo       HANGUL SYLLABLE TWA
-	{0xD1BD, 0xD1D7, prLVT},                    // Lo  [27] HANGUL SYLLABLE TWAG..HANGUL SYLLABLE TWAH
-	{0xD1D8, 0xD1D8, prLV},                     // Lo       HANGUL SYLLABLE TWAE
-	{0xD1D9, 0xD1F3, prLVT},                    // Lo  [27] HANGUL SYLLABLE TWAEG..HANGUL SYLLABLE TWAEH
-	{0xD1F4, 0xD1F4, prLV},                     // Lo       HANGUL SYLLABLE TOE
-	{0xD1F5, 0xD20F, prLVT},                    // Lo  [27] HANGUL SYLLABLE TOEG..HANGUL SYLLABLE TOEH
-	{0xD210, 0xD210, prLV},                     // Lo       HANGUL SYLLABLE TYO
-	{0xD211, 0xD22B, prLVT},                    // Lo  [27] HANGUL SYLLABLE TYOG..HANGUL SYLLABLE TYOH
-	{0xD22C, 0xD22C, prLV},                     // Lo       HANGUL SYLLABLE TU
-	{0xD22D, 0xD247, prLVT},                    // Lo  [27] HANGUL SYLLABLE TUG..HANGUL SYLLABLE TUH
-	{0xD248, 0xD248, prLV},                     // Lo       HANGUL SYLLABLE TWEO
-	{0xD249, 0xD263, prLVT},                    // Lo  [27] HANGUL SYLLABLE TWEOG..HANGUL SYLLABLE TWEOH
-	{0xD264, 0xD264, prLV},                     // Lo       HANGUL SYLLABLE TWE
-	{0xD265, 0xD27F, prLVT},                    // Lo  [27] HANGUL SYLLABLE TWEG..HANGUL SYLLABLE TWEH
-	{0xD280, 0xD280, prLV},                     // Lo       HANGUL SYLLABLE TWI
-	{0xD281, 0xD29B, prLVT},                    // Lo  [27] HANGUL SYLLABLE TWIG..HANGUL SYLLABLE TWIH
-	{0xD29C, 0xD29C, prLV},                     // Lo       HANGUL SYLLABLE TYU
-	{0xD29D, 0xD2B7, prLVT},                    // Lo  [27] HANGUL SYLLABLE TYUG..HANGUL SYLLABLE TYUH
-	{0xD2B8, 0xD2B8, prLV},                     // Lo       HANGUL SYLLABLE TEU
-	{0xD2B9, 0xD2D3, prLVT},                    // Lo  [27] HANGUL SYLLABLE TEUG..HANGUL SYLLABLE TEUH
-	{0xD2D4, 0xD2D4, prLV},                     // Lo       HANGUL SYLLABLE TYI
-	{0xD2D5, 0xD2EF, prLVT},                    // Lo  [27] HANGUL SYLLABLE TYIG..HANGUL SYLLABLE TYIH
-	{0xD2F0, 0xD2F0, prLV},                     // Lo       HANGUL SYLLABLE TI
-	{0xD2F1, 0xD30B, prLVT},                    // Lo  [27] HANGUL SYLLABLE TIG..HANGUL SYLLABLE TIH
-	{0xD30C, 0xD30C, prLV},                     // Lo       HANGUL SYLLABLE PA
-	{0xD30D, 0xD327, prLVT},                    // Lo  [27] HANGUL SYLLABLE PAG..HANGUL SYLLABLE PAH
-	{0xD328, 0xD328, prLV},                     // Lo       HANGUL SYLLABLE PAE
-	{0xD329, 0xD343, prLVT},                    // Lo  [27] HANGUL SYLLABLE PAEG..HANGUL SYLLABLE PAEH
-	{0xD344, 0xD344, prLV},                     // Lo       HANGUL SYLLABLE PYA
-	{0xD345, 0xD35F, prLVT},                    // Lo  [27] HANGUL SYLLABLE PYAG..HANGUL SYLLABLE PYAH
-	{0xD360, 0xD360, prLV},                     // Lo       HANGUL SYLLABLE PYAE
-	{0xD361, 0xD37B, prLVT},                    // Lo  [27] HANGUL SYLLABLE PYAEG..HANGUL SYLLABLE PYAEH
-	{0xD37C, 0xD37C, prLV},                     // Lo       HANGUL SYLLABLE PEO
-	{0xD37D, 0xD397, prLVT},                    // Lo  [27] HANGUL SYLLABLE PEOG..HANGUL SYLLABLE PEOH
-	{0xD398, 0xD398, prLV},                     // Lo       HANGUL SYLLABLE PE
-	{0xD399, 0xD3B3, prLVT},                    // Lo  [27] HANGUL SYLLABLE PEG..HANGUL SYLLABLE PEH
-	{0xD3B4, 0xD3B4, prLV},                     // Lo       HANGUL SYLLABLE PYEO
-	{0xD3B5, 0xD3CF, prLVT},                    // Lo  [27] HANGUL SYLLABLE PYEOG..HANGUL SYLLABLE PYEOH
-	{0xD3D0, 0xD3D0, prLV},                     // Lo       HANGUL SYLLABLE PYE
-	{0xD3D1, 0xD3EB, prLVT},                    // Lo  [27] HANGUL SYLLABLE PYEG..HANGUL SYLLABLE PYEH
-	{0xD3EC, 0xD3EC, prLV},                     // Lo       HANGUL SYLLABLE PO
-	{0xD3ED, 0xD407, prLVT},                    // Lo  [27] HANGUL SYLLABLE POG..HANGUL SYLLABLE POH
-	{0xD408, 0xD408, prLV},                     // Lo       HANGUL SYLLABLE PWA
-	{0xD409, 0xD423, prLVT},                    // Lo  [27] HANGUL SYLLABLE PWAG..HANGUL SYLLABLE PWAH
-	{0xD424, 0xD424, prLV},                     // Lo       HANGUL SYLLABLE PWAE
-	{0xD425, 0xD43F, prLVT},                    // Lo  [27] HANGUL SYLLABLE PWAEG..HANGUL SYLLABLE PWAEH
-	{0xD440, 0xD440, prLV},                     // Lo       HANGUL SYLLABLE POE
-	{0xD441, 0xD45B, prLVT},                    // Lo  [27] HANGUL SYLLABLE POEG..HANGUL SYLLABLE POEH
-	{0xD45C, 0xD45C, prLV},                     // Lo       HANGUL SYLLABLE PYO
-	{0xD45D, 0xD477, prLVT},                    // Lo  [27] HANGUL SYLLABLE PYOG..HANGUL SYLLABLE PYOH
-	{0xD478, 0xD478, prLV},                     // Lo       HANGUL SYLLABLE PU
-	{0xD479, 0xD493, prLVT},                    // Lo  [27] HANGUL SYLLABLE PUG..HANGUL SYLLABLE PUH
-	{0xD494, 0xD494, prLV},                     // Lo       HANGUL SYLLABLE PWEO
-	{0xD495, 0xD4AF, prLVT},                    // Lo  [27] HANGUL SYLLABLE PWEOG..HANGUL SYLLABLE PWEOH
-	{0xD4B0, 0xD4B0, prLV},                     // Lo       HANGUL SYLLABLE PWE
-	{0xD4B1, 0xD4CB, prLVT},                    // Lo  [27] HANGUL SYLLABLE PWEG..HANGUL SYLLABLE PWEH
-	{0xD4CC, 0xD4CC, prLV},                     // Lo       HANGUL SYLLABLE PWI
-	{0xD4CD, 0xD4E7, prLVT},                    // Lo  [27] HANGUL SYLLABLE PWIG..HANGUL SYLLABLE PWIH
-	{0xD4E8, 0xD4E8, prLV},                     // Lo       HANGUL SYLLABLE PYU
-	{0xD4E9, 0xD503, prLVT},                    // Lo  [27] HANGUL SYLLABLE PYUG..HANGUL SYLLABLE PYUH
-	{0xD504, 0xD504, prLV},                     // Lo       HANGUL SYLLABLE PEU
-	{0xD505, 0xD51F, prLVT},                    // Lo  [27] HANGUL SYLLABLE PEUG..HANGUL SYLLABLE PEUH
-	{0xD520, 0xD520, prLV},                     // Lo       HANGUL SYLLABLE PYI
-	{0xD521, 0xD53B, prLVT},                    // Lo  [27] HANGUL SYLLABLE PYIG..HANGUL SYLLABLE PYIH
-	{0xD53C, 0xD53C, prLV},                     // Lo       HANGUL SYLLABLE PI
-	{0xD53D, 0xD557, prLVT},                    // Lo  [27] HANGUL SYLLABLE PIG..HANGUL SYLLABLE PIH
-	{0xD558, 0xD558, prLV},                     // Lo       HANGUL SYLLABLE HA
-	{0xD559, 0xD573, prLVT},                    // Lo  [27] HANGUL SYLLABLE HAG..HANGUL SYLLABLE HAH
-	{0xD574, 0xD574, prLV},                     // Lo       HANGUL SYLLABLE HAE
-	{0xD575, 0xD58F, prLVT},                    // Lo  [27] HANGUL SYLLABLE HAEG..HANGUL SYLLABLE HAEH
-	{0xD590, 0xD590, prLV},                     // Lo       HANGUL SYLLABLE HYA
-	{0xD591, 0xD5AB, prLVT},                    // Lo  [27] HANGUL SYLLABLE HYAG..HANGUL SYLLABLE HYAH
-	{0xD5AC, 0xD5AC, prLV},                     // Lo       HANGUL SYLLABLE HYAE
-	{0xD5AD, 0xD5C7, prLVT},                    // Lo  [27] HANGUL SYLLABLE HYAEG..HANGUL SYLLABLE HYAEH
-	{0xD5C8, 0xD5C8, prLV},                     // Lo       HANGUL SYLLABLE HEO
-	{0xD5C9, 0xD5E3, prLVT},                    // Lo  [27] HANGUL SYLLABLE HEOG..HANGUL SYLLABLE HEOH
-	{0xD5E4, 0xD5E4, prLV},                     // Lo       HANGUL SYLLABLE HE
-	{0xD5E5, 0xD5FF, prLVT},                    // Lo  [27] HANGUL SYLLABLE HEG..HANGUL SYLLABLE HEH
-	{0xD600, 0xD600, prLV},                     // Lo       HANGUL SYLLABLE HYEO
-	{0xD601, 0xD61B, prLVT},                    // Lo  [27] HANGUL SYLLABLE HYEOG..HANGUL SYLLABLE HYEOH
-	{0xD61C, 0xD61C, prLV},                     // Lo       HANGUL SYLLABLE HYE
-	{0xD61D, 0xD637, prLVT},                    // Lo  [27] HANGUL SYLLABLE HYEG..HANGUL SYLLABLE HYEH
-	{0xD638, 0xD638, prLV},                     // Lo       HANGUL SYLLABLE HO
-	{0xD639, 0xD653, prLVT},                    // Lo  [27] HANGUL SYLLABLE HOG..HANGUL SYLLABLE HOH
-	{0xD654, 0xD654, prLV},                     // Lo       HANGUL SYLLABLE HWA
-	{0xD655, 0xD66F, prLVT},                    // Lo  [27] HANGUL SYLLABLE HWAG..HANGUL SYLLABLE HWAH
-	{0xD670, 0xD670, prLV},                     // Lo       HANGUL SYLLABLE HWAE
-	{0xD671, 0xD68B, prLVT},                    // Lo  [27] HANGUL SYLLABLE HWAEG..HANGUL SYLLABLE HWAEH
-	{0xD68C, 0xD68C, prLV},                     // Lo       HANGUL SYLLABLE HOE
-	{0xD68D, 0xD6A7, prLVT},                    // Lo  [27] HANGUL SYLLABLE HOEG..HANGUL SYLLABLE HOEH
-	{0xD6A8, 0xD6A8, prLV},                     // Lo       HANGUL SYLLABLE HYO
-	{0xD6A9, 0xD6C3, prLVT},                    // Lo  [27] HANGUL SYLLABLE HYOG..HANGUL SYLLABLE HYOH
-	{0xD6C4, 0xD6C4, prLV},                     // Lo       HANGUL SYLLABLE HU
-	{0xD6C5, 0xD6DF, prLVT},                    // Lo  [27] HANGUL SYLLABLE HUG..HANGUL SYLLABLE HUH
-	{0xD6E0, 0xD6E0, prLV},                     // Lo       HANGUL SYLLABLE HWEO
-	{0xD6E1, 0xD6FB, prLVT},                    // Lo  [27] HANGUL SYLLABLE HWEOG..HANGUL SYLLABLE HWEOH
-	{0xD6FC, 0xD6FC, prLV},                     // Lo       HANGUL SYLLABLE HWE
-	{0xD6FD, 0xD717, prLVT},                    // Lo  [27] HANGUL SYLLABLE HWEG..HANGUL SYLLABLE HWEH
-	{0xD718, 0xD718, prLV},                     // Lo       HANGUL SYLLABLE HWI
-	{0xD719, 0xD733, prLVT},                    // Lo  [27] HANGUL SYLLABLE HWIG..HANGUL SYLLABLE HWIH
-	{0xD734, 0xD734, prLV},                     // Lo       HANGUL SYLLABLE HYU
-	{0xD735, 0xD74F, prLVT},                    // Lo  [27] HANGUL SYLLABLE HYUG..HANGUL SYLLABLE HYUH
-	{0xD750, 0xD750, prLV},                     // Lo       HANGUL SYLLABLE HEU
-	{0xD751, 0xD76B, prLVT},                    // Lo  [27] HANGUL SYLLABLE HEUG..HANGUL SYLLABLE HEUH
-	{0xD76C, 0xD76C, prLV},                     // Lo       HANGUL SYLLABLE HYI
-	{0xD76D, 0xD787, prLVT},                    // Lo  [27] HANGUL SYLLABLE HYIG..HANGUL SYLLABLE HYIH
-	{0xD788, 0xD788, prLV},                     // Lo       HANGUL SYLLABLE HI
-	{0xD789, 0xD7A3, prLVT},                    // Lo  [27] HANGUL SYLLABLE HIG..HANGUL SYLLABLE HIH
-	{0xD7B0, 0xD7C6, prV},                      // Lo  [23] HANGUL JUNGSEONG O-YEO..HANGUL JUNGSEONG ARAEA-E
-	{0xD7CB, 0xD7FB, prT},                      // Lo  [49] HANGUL JONGSEONG NIEUN-RIEUL..HANGUL JONGSEONG PHIEUPH-THIEUTH
-	{0xFB1E, 0xFB1E, prExtend},                 // Mn       HEBREW POINT JUDEO-SPANISH VARIKA
-	{0xFE00, 0xFE0F, prExtend},                 // Mn  [16] VARIATION SELECTOR-1..VARIATION SELECTOR-16
-	{0xFE20, 0xFE2F, prExtend},                 // Mn  [16] COMBINING LIGATURE LEFT HALF..COMBINING CYRILLIC TITLO RIGHT HALF
-	{0xFEFF, 0xFEFF, prControl},                // Cf       ZERO WIDTH NO-BREAK SPACE
-	{0xFF9E, 0xFF9F, prExtend},                 // Lm   [2] HALFWIDTH KATAKANA VOICED SOUND MARK..HALFWIDTH KATAKANA SEMI-VOICED SOUND MARK
-	{0xFFF0, 0xFFF8, prControl},                // Cn   [9] <reserved-FFF0>..<reserved-FFF8>
-	{0xFFF9, 0xFFFB, prControl},                // Cf   [3] INTERLINEAR ANNOTATION ANCHOR..INTERLINEAR ANNOTATION TERMINATOR
-	{0x101FD, 0x101FD, prExtend},               // Mn       PHAISTOS DISC SIGN COMBINING OBLIQUE STROKE
-	{0x102E0, 0x102E0, prExtend},               // Mn       COPTIC EPACT THOUSANDS MARK
-	{0x10376, 0x1037A, prExtend},               // Mn   [5] COMBINING OLD PERMIC LETTER AN..COMBINING OLD PERMIC LETTER SII
-	{0x10A01, 0x10A03, prExtend},               // Mn   [3] KHAROSHTHI VOWEL SIGN I..KHAROSHTHI VOWEL SIGN VOCALIC R
-	{0x10A05, 0x10A06, prExtend},               // Mn   [2] KHAROSHTHI VOWEL SIGN E..KHAROSHTHI VOWEL SIGN O
-	{0x10A0C, 0x10A0F, prExtend},               // Mn   [4] KHAROSHTHI VOWEL LENGTH MARK..KHAROSHTHI SIGN VISARGA
-	{0x10A38, 0x10A3A, prExtend},               // Mn   [3] KHAROSHTHI SIGN BAR ABOVE..KHAROSHTHI SIGN DOT BELOW
-	{0x10A3F, 0x10A3F, prExtend},               // Mn       KHAROSHTHI VIRAMA
-	{0x10AE5, 0x10AE6, prExtend},               // Mn   [2] MANICHAEAN ABBREVIATION MARK ABOVE..MANICHAEAN ABBREVIATION MARK BELOW
-	{0x10D24, 0x10D27, prExtend},               // Mn   [4] HANIFI ROHINGYA SIGN HARBAHAY..HANIFI ROHINGYA SIGN TASSI
-	{0x10F46, 0x10F50, prExtend},               // Mn  [11] SOGDIAN COMBINING DOT BELOW..SOGDIAN COMBINING STROKE BELOW
-	{0x11000, 0x11000, prSpacingMark},          // Mc       BRAHMI SIGN CANDRABINDU
-	{0x11001, 0x11001, prExtend},               // Mn       BRAHMI SIGN ANUSVARA
-	{0x11002, 0x11002, prSpacingMark},          // Mc       BRAHMI SIGN VISARGA
-	{0x11038, 0x11046, prExtend},               // Mn  [15] BRAHMI VOWEL SIGN AA..BRAHMI VIRAMA
-	{0x1107F, 0x11081, prExtend},               // Mn   [3] BRAHMI NUMBER JOINER..KAITHI SIGN ANUSVARA
-	{0x11082, 0x11082, prSpacingMark},          // Mc       KAITHI SIGN VISARGA
-	{0x110B0, 0x110B2, prSpacingMark},          // Mc   [3] KAITHI VOWEL SIGN AA..KAITHI VOWEL SIGN II
-	{0x110B3, 0x110B6, prExtend},               // Mn   [4] KAITHI VOWEL SIGN U..KAITHI VOWEL SIGN AI
-	{0x110B7, 0x110B8, prSpacingMark},          // Mc   [2] KAITHI VOWEL SIGN O..KAITHI VOWEL SIGN AU
-	{0x110B9, 0x110BA, prExtend},               // Mn   [2] KAITHI SIGN VIRAMA..KAITHI SIGN NUKTA
-	{0x110BD, 0x110BD, prPreprend},             // Cf       KAITHI NUMBER SIGN
-	{0x110CD, 0x110CD, prPreprend},             // Cf       KAITHI NUMBER SIGN ABOVE
-	{0x11100, 0x11102, prExtend},               // Mn   [3] CHAKMA SIGN CANDRABINDU..CHAKMA SIGN VISARGA
-	{0x11127, 0x1112B, prExtend},               // Mn   [5] CHAKMA VOWEL SIGN A..CHAKMA VOWEL SIGN UU
-	{0x1112C, 0x1112C, prSpacingMark},          // Mc       CHAKMA VOWEL SIGN E
-	{0x1112D, 0x11134, prExtend},               // Mn   [8] CHAKMA VOWEL SIGN AI..CHAKMA MAAYYAA
-	{0x11145, 0x11146, prSpacingMark},          // Mc   [2] CHAKMA VOWEL SIGN AA..CHAKMA VOWEL SIGN EI
-	{0x11173, 0x11173, prExtend},               // Mn       MAHAJANI SIGN NUKTA
-	{0x11180, 0x11181, prExtend},               // Mn   [2] SHARADA SIGN CANDRABINDU..SHARADA SIGN ANUSVARA
-	{0x11182, 0x11182, prSpacingMark},          // Mc       SHARADA SIGN VISARGA
-	{0x111B3, 0x111B5, prSpacingMark},          // Mc   [3] SHARADA VOWEL SIGN AA..SHARADA VOWEL SIGN II
-	{0x111B6, 0x111BE, prExtend},               // Mn   [9] SHARADA VOWEL SIGN U..SHARADA VOWEL SIGN O
-	{0x111BF, 0x111C0, prSpacingMark},          // Mc   [2] SHARADA VOWEL SIGN AU..SHARADA SIGN VIRAMA
-	{0x111C2, 0x111C3, prPreprend},             // Lo   [2] SHARADA SIGN JIHVAMULIYA..SHARADA SIGN UPADHMANIYA
-	{0x111C9, 0x111CC, prExtend},               // Mn   [4] SHARADA SANDHI MARK..SHARADA EXTRA SHORT VOWEL MARK
-	{0x1122C, 0x1122E, prSpacingMark},          // Mc   [3] KHOJKI VOWEL SIGN AA..KHOJKI VOWEL SIGN II
-	{0x1122F, 0x11231, prExtend},               // Mn   [3] KHOJKI VOWEL SIGN U..KHOJKI VOWEL SIGN AI
-	{0x11232, 0x11233, prSpacingMark},          // Mc   [2] KHOJKI VOWEL SIGN O..KHOJKI VOWEL SIGN AU
-	{0x11234, 0x11234, prExtend},               // Mn       KHOJKI SIGN ANUSVARA
-	{0x11235, 0x11235, prSpacingMark},          // Mc       KHOJKI SIGN VIRAMA
-	{0x11236, 0x11237, prExtend},               // Mn   [2] KHOJKI SIGN NUKTA..KHOJKI SIGN SHADDA
-	{0x1123E, 0x1123E, prExtend},               // Mn       KHOJKI SIGN SUKUN
-	{0x112DF, 0x112DF, prExtend},               // Mn       KHUDAWADI SIGN ANUSVARA
-	{0x112E0, 0x112E2, prSpacingMark},          // Mc   [3] KHUDAWADI VOWEL SIGN AA..KHUDAWADI VOWEL SIGN II
-	{0x112E3, 0x112EA, prExtend},               // Mn   [8] KHUDAWADI VOWEL SIGN U..KHUDAWADI SIGN VIRAMA
-	{0x11300, 0x11301, prExtend},               // Mn   [2] GRANTHA SIGN COMBINING ANUSVARA ABOVE..GRANTHA SIGN CANDRABINDU
-	{0x11302, 0x11303, prSpacingMark},          // Mc   [2] GRANTHA SIGN ANUSVARA..GRANTHA SIGN VISARGA
-	{0x1133B, 0x1133C, prExtend},               // Mn   [2] COMBINING BINDU BELOW..GRANTHA SIGN NUKTA
-	{0x1133E, 0x1133E, prExtend},               // Mc       GRANTHA VOWEL SIGN AA
-	{0x1133F, 0x1133F, prSpacingMark},          // Mc       GRANTHA VOWEL SIGN I
-	{0x11340, 0x11340, prExtend},               // Mn       GRANTHA VOWEL SIGN II
-	{0x11341, 0x11344, prSpacingMark},          // Mc   [4] GRANTHA VOWEL SIGN U..GRANTHA VOWEL SIGN VOCALIC RR
-	{0x11347, 0x11348, prSpacingMark},          // Mc   [2] GRANTHA VOWEL SIGN EE..GRANTHA VOWEL SIGN AI
-	{0x1134B, 0x1134D, prSpacingMark},          // Mc   [3] GRANTHA VOWEL SIGN OO..GRANTHA SIGN VIRAMA
-	{0x11357, 0x11357, prExtend},               // Mc       GRANTHA AU LENGTH MARK
-	{0x11362, 0x11363, prSpacingMark},          // Mc   [2] GRANTHA VOWEL SIGN VOCALIC L..GRANTHA VOWEL SIGN VOCALIC LL
-	{0x11366, 0x1136C, prExtend},               // Mn   [7] COMBINING GRANTHA DIGIT ZERO..COMBINING GRANTHA DIGIT SIX
-	{0x11370, 0x11374, prExtend},               // Mn   [5] COMBINING GRANTHA LETTER A..COMBINING GRANTHA LETTER PA
-	{0x11435, 0x11437, prSpacingMark},          // Mc   [3] NEWA VOWEL SIGN AA..NEWA VOWEL SIGN II
-	{0x11438, 0x1143F, prExtend},               // Mn   [8] NEWA VOWEL SIGN U..NEWA VOWEL SIGN AI
-	{0x11440, 0x11441, prSpacingMark},          // Mc   [2] NEWA VOWEL SIGN O..NEWA VOWEL SIGN AU
-	{0x11442, 0x11444, prExtend},               // Mn   [3] NEWA SIGN VIRAMA..NEWA SIGN ANUSVARA
-	{0x11445, 0x11445, prSpacingMark},          // Mc       NEWA SIGN VISARGA
-	{0x11446, 0x11446, prExtend},               // Mn       NEWA SIGN NUKTA
-	{0x1145E, 0x1145E, prExtend},               // Mn       NEWA SANDHI MARK
-	{0x114B0, 0x114B0, prExtend},               // Mc       TIRHUTA VOWEL SIGN AA
-	{0x114B1, 0x114B2, prSpacingMark},          // Mc   [2] TIRHUTA VOWEL SIGN I..TIRHUTA VOWEL SIGN II
-	{0x114B3, 0x114B8, prExtend},               // Mn   [6] TIRHUTA VOWEL SIGN U..TIRHUTA VOWEL SIGN VOCALIC LL
-	{0x114B9, 0x114B9, prSpacingMark},          // Mc       TIRHUTA VOWEL SIGN E
-	{0x114BA, 0x114BA, prExtend},               // Mn       TIRHUTA VOWEL SIGN SHORT E
-	{0x114BB, 0x114BC, prSpacingMark},          // Mc   [2] TIRHUTA VOWEL SIGN AI..TIRHUTA VOWEL SIGN O
-	{0x114BD, 0x114BD, prExtend},               // Mc       TIRHUTA VOWEL SIGN SHORT O
-	{0x114BE, 0x114BE, prSpacingMark},          // Mc       TIRHUTA VOWEL SIGN AU
-	{0x114BF, 0x114C0, prExtend},               // Mn   [2] TIRHUTA SIGN CANDRABINDU..TIRHUTA SIGN ANUSVARA
-	{0x114C1, 0x114C1, prSpacingMark},          // Mc       TIRHUTA SIGN VISARGA
-	{0x114C2, 0x114C3, prExtend},               // Mn   [2] TIRHUTA SIGN VIRAMA..TIRHUTA SIGN NUKTA
-	{0x115AF, 0x115AF, prExtend},               // Mc       SIDDHAM VOWEL SIGN AA
-	{0x115B0, 0x115B1, prSpacingMark},          // Mc   [2] SIDDHAM VOWEL SIGN I..SIDDHAM VOWEL SIGN II
-	{0x115B2, 0x115B5, prExtend},               // Mn   [4] SIDDHAM VOWEL SIGN U..SIDDHAM VOWEL SIGN VOCALIC RR
-	{0x115B8, 0x115BB, prSpacingMark},          // Mc   [4] SIDDHAM VOWEL SIGN E..SIDDHAM VOWEL SIGN AU
-	{0x115BC, 0x115BD, prExtend},               // Mn   [2] SIDDHAM SIGN CANDRABINDU..SIDDHAM SIGN ANUSVARA
-	{0x115BE, 0x115BE, prSpacingMark},          // Mc       SIDDHAM SIGN VISARGA
-	{0x115BF, 0x115C0, prExtend},               // Mn   [2] SIDDHAM SIGN VIRAMA..SIDDHAM SIGN NUKTA
-	{0x115DC, 0x115DD, prExtend},               // Mn   [2] SIDDHAM VOWEL SIGN ALTERNATE U..SIDDHAM VOWEL SIGN ALTERNATE UU
-	{0x11630, 0x11632, prSpacingMark},          // Mc   [3] MODI VOWEL SIGN AA..MODI VOWEL SIGN II
-	{0x11633, 0x1163A, prExtend},               // Mn   [8] MODI VOWEL SIGN U..MODI VOWEL SIGN AI
-	{0x1163B, 0x1163C, prSpacingMark},          // Mc   [2] MODI VOWEL SIGN O..MODI VOWEL SIGN AU
-	{0x1163D, 0x1163D, prExtend},               // Mn       MODI SIGN ANUSVARA
-	{0x1163E, 0x1163E, prSpacingMark},          // Mc       MODI SIGN VISARGA
-	{0x1163F, 0x11640, prExtend},               // Mn   [2] MODI SIGN VIRAMA..MODI SIGN ARDHACANDRA
-	{0x116AB, 0x116AB, prExtend},               // Mn       TAKRI SIGN ANUSVARA
-	{0x116AC, 0x116AC, prSpacingMark},          // Mc       TAKRI SIGN VISARGA
-	{0x116AD, 0x116AD, prExtend},               // Mn       TAKRI VOWEL SIGN AA
-	{0x116AE, 0x116AF, prSpacingMark},          // Mc   [2] TAKRI VOWEL SIGN I..TAKRI VOWEL SIGN II
-	{0x116B0, 0x116B5, prExtend},               // Mn   [6] TAKRI VOWEL SIGN U..TAKRI VOWEL SIGN AU
-	{0x116B6, 0x116B6, prSpacingMark},          // Mc       TAKRI SIGN VIRAMA
-	{0x116B7, 0x116B7, prExtend},               // Mn       TAKRI SIGN NUKTA
-	{0x1171D, 0x1171F, prExtend},               // Mn   [3] AHOM CONSONANT SIGN MEDIAL LA..AHOM CONSONANT SIGN MEDIAL LIGATING RA
-	{0x11720, 0x11721, prSpacingMark},          // Mc   [2] AHOM VOWEL SIGN A..AHOM VOWEL SIGN AA
-	{0x11722, 0x11725, prExtend},               // Mn   [4] AHOM VOWEL SIGN I..AHOM VOWEL SIGN UU
-	{0x11726, 0x11726, prSpacingMark},          // Mc       AHOM VOWEL SIGN E
-	{0x11727, 0x1172B, prExtend},               // Mn   [5] AHOM VOWEL SIGN AW..AHOM SIGN KILLER
-	{0x1182C, 0x1182E, prSpacingMark},          // Mc   [3] DOGRA VOWEL SIGN AA..DOGRA VOWEL SIGN II
-	{0x1182F, 0x11837, prExtend},               // Mn   [9] DOGRA VOWEL SIGN U..DOGRA SIGN ANUSVARA
-	{0x11838, 0x11838, prSpacingMark},          // Mc       DOGRA SIGN VISARGA
-	{0x11839, 0x1183A, prExtend},               // Mn   [2] DOGRA SIGN VIRAMA..DOGRA SIGN NUKTA
-	{0x119D1, 0x119D3, prSpacingMark},          // Mc   [3] NANDINAGARI VOWEL SIGN AA..NANDINAGARI VOWEL SIGN II
-	{0x119D4, 0x119D7, prExtend},               // Mn   [4] NANDINAGARI VOWEL SIGN U..NANDINAGARI VOWEL SIGN VOCALIC RR
-	{0x119DA, 0x119DB, prExtend},               // Mn   [2] NANDINAGARI VOWEL SIGN E..NANDINAGARI VOWEL SIGN AI
-	{0x119DC, 0x119DF, prSpacingMark},          // Mc   [4] NANDINAGARI VOWEL SIGN O..NANDINAGARI SIGN VISARGA
-	{0x119E0, 0x119E0, prExtend},               // Mn       NANDINAGARI SIGN VIRAMA
-	{0x119E4, 0x119E4, prSpacingMark},          // Mc       NANDINAGARI VOWEL SIGN PRISHTHAMATRA E
-	{0x11A01, 0x11A0A, prExtend},               // Mn  [10] ZANABAZAR SQUARE VOWEL SIGN I..ZANABAZAR SQUARE VOWEL LENGTH MARK
-	{0x11A33, 0x11A38, prExtend},               // Mn   [6] ZANABAZAR SQUARE FINAL CONSONANT MARK..ZANABAZAR SQUARE SIGN ANUSVARA
-	{0x11A39, 0x11A39, prSpacingMark},          // Mc       ZANABAZAR SQUARE SIGN VISARGA
-	{0x11A3A, 0x11A3A, prPreprend},             // Lo       ZANABAZAR SQUARE CLUSTER-INITIAL LETTER RA
-	{0x11A3B, 0x11A3E, prExtend},               // Mn   [4] ZANABAZAR SQUARE CLUSTER-FINAL LETTER YA..ZANABAZAR SQUARE CLUSTER-FINAL LETTER VA
-	{0x11A47, 0x11A47, prExtend},               // Mn       ZANABAZAR SQUARE SUBJOINER
-	{0x11A51, 0x11A56, prExtend},               // Mn   [6] SOYOMBO VOWEL SIGN I..SOYOMBO VOWEL SIGN OE
-	{0x11A57, 0x11A58, prSpacingMark},          // Mc   [2] SOYOMBO VOWEL SIGN AI..SOYOMBO VOWEL SIGN AU
-	{0x11A59, 0x11A5B, prExtend},               // Mn   [3] SOYOMBO VOWEL SIGN VOCALIC R..SOYOMBO VOWEL LENGTH MARK
-	{0x11A84, 0x11A89, prPreprend},             // Lo   [6] SOYOMBO SIGN JIHVAMULIYA..SOYOMBO CLUSTER-INITIAL LETTER SA
-	{0x11A8A, 0x11A96, prExtend},               // Mn  [13] SOYOMBO FINAL CONSONANT SIGN G..SOYOMBO SIGN ANUSVARA
-	{0x11A97, 0x11A97, prSpacingMark},          // Mc       SOYOMBO SIGN VISARGA
-	{0x11A98, 0x11A99, prExtend},               // Mn   [2] SOYOMBO GEMINATION MARK..SOYOMBO SUBJOINER
-	{0x11C2F, 0x11C2F, prSpacingMark},          // Mc       BHAIKSUKI VOWEL SIGN AA
-	{0x11C30, 0x11C36, prExtend},               // Mn   [7] BHAIKSUKI VOWEL SIGN I..BHAIKSUKI VOWEL SIGN VOCALIC L
-	{0x11C38, 0x11C3D, prExtend},               // Mn   [6] BHAIKSUKI VOWEL SIGN E..BHAIKSUKI SIGN ANUSVARA
-	{0x11C3E, 0x11C3E, prSpacingMark},          // Mc       BHAIKSUKI SIGN VISARGA
-	{0x11C3F, 0x11C3F, prExtend},               // Mn       BHAIKSUKI SIGN VIRAMA
-	{0x11C92, 0x11CA7, prExtend},               // Mn  [22] MARCHEN SUBJOINED LETTER KA..MARCHEN SUBJOINED LETTER ZA
-	{0x11CA9, 0x11CA9, prSpacingMark},          // Mc       MARCHEN SUBJOINED LETTER YA
-	{0x11CAA, 0x11CB0, prExtend},               // Mn   [7] MARCHEN SUBJOINED LETTER RA..MARCHEN VOWEL SIGN AA
-	{0x11CB1, 0x11CB1, prSpacingMark},          // Mc       MARCHEN VOWEL SIGN I
-	{0x11CB2, 0x11CB3, prExtend},               // Mn   [2] MARCHEN VOWEL SIGN U..MARCHEN VOWEL SIGN E
-	{0x11CB4, 0x11CB4, prSpacingMark},          // Mc       MARCHEN VOWEL SIGN O
-	{0x11CB5, 0x11CB6, prExtend},               // Mn   [2] MARCHEN SIGN ANUSVARA..MARCHEN SIGN CANDRABINDU
-	{0x11D31, 0x11D36, prExtend},               // Mn   [6] MASARAM GONDI VOWEL SIGN AA..MASARAM GONDI VOWEL SIGN VOCALIC R
-	{0x11D3A, 0x11D3A, prExtend},               // Mn       MASARAM GONDI VOWEL SIGN E
-	{0x11D3C, 0x11D3D, prExtend},               // Mn   [2] MASARAM GONDI VOWEL SIGN AI..MASARAM GONDI VOWEL SIGN O
-	{0x11D3F, 0x11D45, prExtend},               // Mn   [7] MASARAM GONDI VOWEL SIGN AU..MASARAM GONDI VIRAMA
-	{0x11D46, 0x11D46, prPreprend},             // Lo       MASARAM GONDI REPHA
-	{0x11D47, 0x11D47, prExtend},               // Mn       MASARAM GONDI RA-KARA
-	{0x11D8A, 0x11D8E, prSpacingMark},          // Mc   [5] GUNJALA GONDI VOWEL SIGN AA..GUNJALA GONDI VOWEL SIGN UU
-	{0x11D90, 0x11D91, prExtend},               // Mn   [2] GUNJALA GONDI VOWEL SIGN EE..GUNJALA GONDI VOWEL SIGN AI
-	{0x11D93, 0x11D94, prSpacingMark},          // Mc   [2] GUNJALA GONDI VOWEL SIGN OO..GUNJALA GONDI VOWEL SIGN AU
-	{0x11D95, 0x11D95, prExtend},               // Mn       GUNJALA GONDI SIGN ANUSVARA
-	{0x11D96, 0x11D96, prSpacingMark},          // Mc       GUNJALA GONDI SIGN VISARGA
-	{0x11D97, 0x11D97, prExtend},               // Mn       GUNJALA GONDI VIRAMA
-	{0x11EF3, 0x11EF4, prExtend},               // Mn   [2] MAKASAR VOWEL SIGN I..MAKASAR VOWEL SIGN U
-	{0x11EF5, 0x11EF6, prSpacingMark},          // Mc   [2] MAKASAR VOWEL SIGN E..MAKASAR VOWEL SIGN O
-	{0x13430, 0x13438, prControl},              // Cf   [9] EGYPTIAN HIEROGLYPH VERTICAL JOINER..EGYPTIAN HIEROGLYPH END SEGMENT
-	{0x16AF0, 0x16AF4, prExtend},               // Mn   [5] BASSA VAH COMBINING HIGH TONE..BASSA VAH COMBINING HIGH-LOW TONE
-	{0x16B30, 0x16B36, prExtend},               // Mn   [7] PAHAWH HMONG MARK CIM TUB..PAHAWH HMONG MARK CIM TAUM
-	{0x16F4F, 0x16F4F, prExtend},               // Mn       MIAO SIGN CONSONANT MODIFIER BAR
-	{0x16F51, 0x16F87, prSpacingMark},          // Mc  [55] MIAO SIGN ASPIRATION..MIAO VOWEL SIGN UI
-	{0x16F8F, 0x16F92, prExtend},               // Mn   [4] MIAO TONE RIGHT..MIAO TONE BELOW
-	{0x1BC9D, 0x1BC9E, prExtend},               // Mn   [2] DUPLOYAN THICK LETTER SELECTOR..DUPLOYAN DOUBLE MARK
-	{0x1BCA0, 0x1BCA3, prControl},              // Cf   [4] SHORTHAND FORMAT LETTER OVERLAP..SHORTHAND FORMAT UP STEP
-	{0x1D165, 0x1D165, prExtend},               // Mc       MUSICAL SYMBOL COMBINING STEM
-	{0x1D166, 0x1D166, prSpacingMark},          // Mc       MUSICAL SYMBOL COMBINING SPRECHGESANG STEM
-	{0x1D167, 0x1D169, prExtend},               // Mn   [3] MUSICAL SYMBOL COMBINING TREMOLO-1..MUSICAL SYMBOL COMBINING TREMOLO-3
-	{0x1D16D, 0x1D16D, prSpacingMark},          // Mc       MUSICAL SYMBOL COMBINING AUGMENTATION DOT
-	{0x1D16E, 0x1D172, prExtend},               // Mc   [5] MUSICAL SYMBOL COMBINING FLAG-1..MUSICAL SYMBOL COMBINING FLAG-5
-	{0x1D173, 0x1D17A, prControl},              // Cf   [8] MUSICAL SYMBOL BEGIN BEAM..MUSICAL SYMBOL END PHRASE
-	{0x1D17B, 0x1D182, prExtend},               // Mn   [8] MUSICAL SYMBOL COMBINING ACCENT..MUSICAL SYMBOL COMBINING LOURE
-	{0x1D185, 0x1D18B, prExtend},               // Mn   [7] MUSICAL SYMBOL COMBINING DOIT..MUSICAL SYMBOL COMBINING TRIPLE TONGUE
-	{0x1D1AA, 0x1D1AD, prExtend},               // Mn   [4] MUSICAL SYMBOL COMBINING DOWN BOW..MUSICAL SYMBOL COMBINING SNAP PIZZICATO
-	{0x1D242, 0x1D244, prExtend},               // Mn   [3] COMBINING GREEK MUSICAL TRISEME..COMBINING GREEK MUSICAL PENTASEME
-	{0x1DA00, 0x1DA36, prExtend},               // Mn  [55] SIGNWRITING HEAD RIM..SIGNWRITING AIR SUCKING IN
-	{0x1DA3B, 0x1DA6C, prExtend},               // Mn  [50] SIGNWRITING MOUTH CLOSED NEUTRAL..SIGNWRITING EXCITEMENT
-	{0x1DA75, 0x1DA75, prExtend},               // Mn       SIGNWRITING UPPER BODY TILTING FROM HIP JOINTS
-	{0x1DA84, 0x1DA84, prExtend},               // Mn       SIGNWRITING LOCATION HEAD NECK
-	{0x1DA9B, 0x1DA9F, prExtend},               // Mn   [5] SIGNWRITING FILL MODIFIER-2..SIGNWRITING FILL MODIFIER-6
-	{0x1DAA1, 0x1DAAF, prExtend},               // Mn  [15] SIGNWRITING ROTATION MODIFIER-2..SIGNWRITING ROTATION MODIFIER-16
-	{0x1E000, 0x1E006, prExtend},               // Mn   [7] COMBINING GLAGOLITIC LETTER AZU..COMBINING GLAGOLITIC LETTER ZHIVETE
-	{0x1E008, 0x1E018, prExtend},               // Mn  [17] COMBINING GLAGOLITIC LETTER ZEMLJA..COMBINING GLAGOLITIC LETTER HERU
-	{0x1E01B, 0x1E021, prExtend},               // Mn   [7] COMBINING GLAGOLITIC LETTER SHTA..COMBINING GLAGOLITIC LETTER YATI
-	{0x1E023, 0x1E024, prExtend},               // Mn   [2] COMBINING GLAGOLITIC LETTER YU..COMBINING GLAGOLITIC LETTER SMALL YUS
-	{0x1E026, 0x1E02A, prExtend},               // Mn   [5] COMBINING GLAGOLITIC LETTER YO..COMBINING GLAGOLITIC LETTER FITA
-	{0x1E130, 0x1E136, prExtend},               // Mn   [7] NYIAKENG PUACHUE HMONG TONE-B..NYIAKENG PUACHUE HMONG TONE-D
-	{0x1E2EC, 0x1E2EF, prExtend},               // Mn   [4] WANCHO TONE TUP..WANCHO TONE KOINI
-	{0x1E8D0, 0x1E8D6, prExtend},               // Mn   [7] MENDE KIKAKUI COMBINING NUMBER TEENS..MENDE KIKAKUI COMBINING NUMBER MILLIONS
-	{0x1E944, 0x1E94A, prExtend},               // Mn   [7] ADLAM ALIF LENGTHENER..ADLAM NUKTA
-	{0x1F000, 0x1F02B, prExtendedPictographic}, //  5.1 [44] (🀀..🀫)    MAHJONG TILE EAST WIND..MAHJONG TILE BACK
-	{0x1F02C, 0x1F02F, prExtendedPictographic}, //   NA  [4] (🀬..🀯)    <reserved-1F02C>..<reserved-1F02F>
-	{0x1F030, 0x1F093, prExtendedPictographic}, //  5.1[100] (🀰..🂓)    DOMINO TILE HORIZONTAL BACK..DOMINO TILE VERTICAL-06-06
-	{0x1F094, 0x1F09F, prExtendedPictographic}, //   NA [12] (🂔..🂟)    <reserved-1F094>..<reserved-1F09F>
-	{0x1F0A0, 0x1F0AE, prExtendedPictographic}, //  6.0 [15] (🂠..🂮)    PLAYING CARD BACK..PLAYING CARD KING OF SPADES
-	{0x1F0AF, 0x1F0B0, prExtendedPictographic}, //   NA  [2] (🂯..🂰)    <reserved-1F0AF>..<reserved-1F0B0>
-	{0x1F0B1, 0x1F0BE, prExtendedPictographic}, //  6.0 [14] (🂱..🂾)    PLAYING CARD ACE OF HEARTS..PLAYING CARD KING OF HEARTS
-	{0x1F0BF, 0x1F0BF, prExtendedPictographic}, //  7.0  [1] (🂿)       PLAYING CARD RED JOKER
-	{0x1F0C0, 0x1F0C0, prExtendedPictographic}, //   NA  [1] (🃀)       <reserved-1F0C0>
-	{0x1F0C1, 0x1F0CF, prExtendedPictographic}, //  6.0 [15] (�..�)    PLAYING CARD ACE OF DIAMONDS..joker
-	{0x1F0D0, 0x1F0D0, prExtendedPictographic}, //   NA  [1] (�)       <reserved-1F0D0>
-	{0x1F0D1, 0x1F0DF, prExtendedPictographic}, //  6.0 [15] (🃑..🃟)    PLAYING CARD ACE OF CLUBS..PLAYING CARD WHITE JOKER
-	{0x1F0E0, 0x1F0F5, prExtendedPictographic}, //  7.0 [22] (🃠..🃵)    PLAYING CARD FOOL..PLAYING CARD TRUMP-21
-	{0x1F0F6, 0x1F0FF, prExtendedPictographic}, //   NA [10] (🃶..🃿)    <reserved-1F0F6>..<reserved-1F0FF>
-	{0x1F10D, 0x1F10F, prExtendedPictographic}, //   NA  [3] (�..�)    <reserved-1F10D>..<reserved-1F10F>
-	{0x1F12F, 0x1F12F, prExtendedPictographic}, // 11.0  [1] (🄯)       COPYLEFT SYMBOL
-	{0x1F16C, 0x1F16C, prExtendedPictographic}, // 12.0  [1] (🅬)       RAISED MR SIGN
-	{0x1F16D, 0x1F16F, prExtendedPictographic}, //   NA  [3] (🅭..🅯)    <reserved-1F16D>..<reserved-1F16F>
-	{0x1F170, 0x1F171, prExtendedPictographic}, //  6.0  [2] (🅰�..🅱�)    A button (blood type)..B button (blood type)
-	{0x1F17E, 0x1F17E, prExtendedPictographic}, //  6.0  [1] (🅾�)       O button (blood type)
-	{0x1F17F, 0x1F17F, prExtendedPictographic}, //  5.2  [1] (🅿�)       P button
-	{0x1F18E, 0x1F18E, prExtendedPictographic}, //  6.0  [1] (🆎)       AB button (blood type)
-	{0x1F191, 0x1F19A, prExtendedPictographic}, //  6.0 [10] (🆑..🆚)    CL button..VS button
-	{0x1F1AD, 0x1F1E5, prExtendedPictographic}, //   NA [57] (🆭..🇥)    <reserved-1F1AD>..<reserved-1F1E5>
-	{0x1F1E6, 0x1F1FF, prRegionalIndicator},    // So  [26] REGIONAL INDICATOR SYMBOL LETTER A..REGIONAL INDICATOR SYMBOL LETTER Z
-	{0x1F201, 0x1F202, prExtendedPictographic}, //  6.0  [2] (�..🈂�)    Japanese “here� button..Japanese “service charge� button
-	{0x1F203, 0x1F20F, prExtendedPictographic}, //   NA [13] (🈃..�)    <reserved-1F203>..<reserved-1F20F>
-	{0x1F21A, 0x1F21A, prExtendedPictographic}, //  5.2  [1] (🈚)       Japanese “free of charge� button
-	{0x1F22F, 0x1F22F, prExtendedPictographic}, //  5.2  [1] (🈯)       Japanese “reserved� button
-	{0x1F232, 0x1F23A, prExtendedPictographic}, //  6.0  [9] (🈲..🈺)    Japanese “prohibited� button..Japanese “open for business� button
-	{0x1F23C, 0x1F23F, prExtendedPictographic}, //   NA  [4] (🈼..🈿)    <reserved-1F23C>..<reserved-1F23F>
-	{0x1F249, 0x1F24F, prExtendedPictographic}, //   NA  [7] (🉉..�)    <reserved-1F249>..<reserved-1F24F>
-	{0x1F250, 0x1F251, prExtendedPictographic}, //  6.0  [2] (�..🉑)    Japanese “bargain� button..Japanese “acceptable� button
-	{0x1F252, 0x1F25F, prExtendedPictographic}, //   NA [14] (🉒..🉟)    <reserved-1F252>..<reserved-1F25F>
-	{0x1F260, 0x1F265, prExtendedPictographic}, // 10.0  [6] (🉠..🉥)    ROUNDED SYMBOL FOR FU..ROUNDED SYMBOL FOR CAI
-	{0x1F266, 0x1F2FF, prExtendedPictographic}, //   NA[154] (🉦..🋿)    <reserved-1F266>..<reserved-1F2FF>
-	{0x1F300, 0x1F320, prExtendedPictographic}, //  6.0 [33] (🌀..🌠)    cyclone..shooting star
-	{0x1F321, 0x1F32C, prExtendedPictographic}, //  7.0 [12] (🌡�..🌬�)    thermometer..wind face
-	{0x1F32D, 0x1F32F, prExtendedPictographic}, //  8.0  [3] (🌭..🌯)    hot dog..burrito
-	{0x1F330, 0x1F335, prExtendedPictographic}, //  6.0  [6] (🌰..🌵)    chestnut..cactus
-	{0x1F336, 0x1F336, prExtendedPictographic}, //  7.0  [1] (🌶�)       hot pepper
-	{0x1F337, 0x1F37C, prExtendedPictographic}, //  6.0 [70] (🌷..�)    tulip..baby bottle
-	{0x1F37D, 0x1F37D, prExtendedPictographic}, //  7.0  [1] (��)       fork and knife with plate
-	{0x1F37E, 0x1F37F, prExtendedPictographic}, //  8.0  [2] (�..�)    bottle with popping cork..popcorn
-	{0x1F380, 0x1F393, prExtendedPictographic}, //  6.0 [20] (🎀..🎓)    ribbon..graduation cap
-	{0x1F394, 0x1F39F, prExtendedPictographic}, //  7.0 [12] (🎔..🎟�)    HEART WITH TIP ON THE LEFT..admission tickets
-	{0x1F3A0, 0x1F3C4, prExtendedPictographic}, //  6.0 [37] (🎠..�)    carousel horse..person surfing
-	{0x1F3C5, 0x1F3C5, prExtendedPictographic}, //  7.0  [1] (�)       sports medal
-	{0x1F3C6, 0x1F3CA, prExtendedPictographic}, //  6.0  [5] (�..�)    trophy..person swimming
-	{0x1F3CB, 0x1F3CE, prExtendedPictographic}, //  7.0  [4] (��..��)    person lifting weights..racing car
-	{0x1F3CF, 0x1F3D3, prExtendedPictographic}, //  8.0  [5] (�..�)    cricket game..ping pong
-	{0x1F3D4, 0x1F3DF, prExtendedPictographic}, //  7.0 [12] (��..��)    snow-capped mountain..stadium
-	{0x1F3E0, 0x1F3F0, prExtendedPictographic}, //  6.0 [17] (�..�)    house..castle
-	{0x1F3F1, 0x1F3F7, prExtendedPictographic}, //  7.0  [7] (�..��)    WHITE PENNANT..label
-	{0x1F3F8, 0x1F3FA, prExtendedPictographic}, //  8.0  [3] (�..�)    badminton..amphora
-	{0x1F3FB, 0x1F3FF, prExtend},               // Sk   [5] EMOJI MODIFIER FITZPATRICK TYPE-1-2..EMOJI MODIFIER FITZPATRICK TYPE-6
-	{0x1F400, 0x1F43E, prExtendedPictographic}, //  6.0 [63] (�..�)    rat..paw prints
-	{0x1F43F, 0x1F43F, prExtendedPictographic}, //  7.0  [1] (��)       chipmunk
-	{0x1F440, 0x1F440, prExtendedPictographic}, //  6.0  [1] (👀)       eyes
-	{0x1F441, 0x1F441, prExtendedPictographic}, //  7.0  [1] (��)       eye
-	{0x1F442, 0x1F4F7, prExtendedPictographic}, //  6.0[182] (👂..📷)    ear..camera
-	{0x1F4F8, 0x1F4F8, prExtendedPictographic}, //  7.0  [1] (📸)       camera with flash
-	{0x1F4F9, 0x1F4FC, prExtendedPictographic}, //  6.0  [4] (📹..📼)    video camera..videocassette
-	{0x1F4FD, 0x1F4FE, prExtendedPictographic}, //  7.0  [2] (📽�..📾)    film projector..PORTABLE STEREO
-	{0x1F4FF, 0x1F4FF, prExtendedPictographic}, //  8.0  [1] (📿)       prayer beads
-	{0x1F500, 0x1F53D, prExtendedPictographic}, //  6.0 [62] (🔀..🔽)    shuffle tracks button..downwards button
-	{0x1F546, 0x1F54A, prExtendedPictographic}, //  7.0  [5] (🕆..🕊�)    WHITE LATIN CROSS..dove
-	{0x1F54B, 0x1F54F, prExtendedPictographic}, //  8.0  [5] (🕋..�)    kaaba..BOWL OF HYGIEIA
-	{0x1F550, 0x1F567, prExtendedPictographic}, //  6.0 [24] (�..🕧)    one o’clock..twelve-thirty
-	{0x1F568, 0x1F579, prExtendedPictographic}, //  7.0 [18] (🕨..🕹�)    RIGHT SPEAKER..joystick
-	{0x1F57A, 0x1F57A, prExtendedPictographic}, //  9.0  [1] (🕺)       man dancing
-	{0x1F57B, 0x1F5A3, prExtendedPictographic}, //  7.0 [41] (🕻..🖣)    LEFT HAND TELEPHONE RECEIVER..BLACK DOWN POINTING BACKHAND INDEX
-	{0x1F5A4, 0x1F5A4, prExtendedPictographic}, //  9.0  [1] (🖤)       black heart
-	{0x1F5A5, 0x1F5FA, prExtendedPictographic}, //  7.0 [86] (🖥�..🗺�)    desktop computer..world map
-	{0x1F5FB, 0x1F5FF, prExtendedPictographic}, //  6.0  [5] (🗻..🗿)    mount fuji..moai
-	{0x1F600, 0x1F600, prExtendedPictographic}, //  6.1  [1] (😀)       grinning face
-	{0x1F601, 0x1F610, prExtendedPictographic}, //  6.0 [16] (�..�)    beaming face with smiling eyes..neutral face
-	{0x1F611, 0x1F611, prExtendedPictographic}, //  6.1  [1] (😑)       expressionless face
-	{0x1F612, 0x1F614, prExtendedPictographic}, //  6.0  [3] (😒..😔)    unamused face..pensive face
-	{0x1F615, 0x1F615, prExtendedPictographic}, //  6.1  [1] (😕)       confused face
-	{0x1F616, 0x1F616, prExtendedPictographic}, //  6.0  [1] (😖)       confounded face
-	{0x1F617, 0x1F617, prExtendedPictographic}, //  6.1  [1] (😗)       kissing face
-	{0x1F618, 0x1F618, prExtendedPictographic}, //  6.0  [1] (😘)       face blowing a kiss
-	{0x1F619, 0x1F619, prExtendedPictographic}, //  6.1  [1] (😙)       kissing face with smiling eyes
-	{0x1F61A, 0x1F61A, prExtendedPictographic}, //  6.0  [1] (😚)       kissing face with closed eyes
-	{0x1F61B, 0x1F61B, prExtendedPictographic}, //  6.1  [1] (😛)       face with tongue
-	{0x1F61C, 0x1F61E, prExtendedPictographic}, //  6.0  [3] (😜..😞)    winking face with tongue..disappointed face
-	{0x1F61F, 0x1F61F, prExtendedPictographic}, //  6.1  [1] (😟)       worried face
-	{0x1F620, 0x1F625, prExtendedPictographic}, //  6.0  [6] (😠..😥)    angry face..sad but relieved face
-	{0x1F626, 0x1F627, prExtendedPictographic}, //  6.1  [2] (😦..😧)    frowning face with open mouth..anguished face
-	{0x1F628, 0x1F62B, prExtendedPictographic}, //  6.0  [4] (😨..😫)    fearful face..tired face
-	{0x1F62C, 0x1F62C, prExtendedPictographic}, //  6.1  [1] (😬)       grimacing face
-	{0x1F62D, 0x1F62D, prExtendedPictographic}, //  6.0  [1] (😭)       loudly crying face
-	{0x1F62E, 0x1F62F, prExtendedPictographic}, //  6.1  [2] (😮..😯)    face with open mouth..hushed face
-	{0x1F630, 0x1F633, prExtendedPictographic}, //  6.0  [4] (😰..😳)    anxious face with sweat..flushed face
-	{0x1F634, 0x1F634, prExtendedPictographic}, //  6.1  [1] (😴)       sleeping face
-	{0x1F635, 0x1F640, prExtendedPictographic}, //  6.0 [12] (😵..🙀)    dizzy face..weary cat
-	{0x1F641, 0x1F642, prExtendedPictographic}, //  7.0  [2] (�..🙂)    slightly frowning face..slightly smiling face
-	{0x1F643, 0x1F644, prExtendedPictographic}, //  8.0  [2] (🙃..🙄)    upside-down face..face with rolling eyes
-	{0x1F645, 0x1F64F, prExtendedPictographic}, //  6.0 [11] (🙅..�)    person gesturing NO..folded hands
-	{0x1F680, 0x1F6C5, prExtendedPictographic}, //  6.0 [70] (🚀..🛅)    rocket..left luggage
-	{0x1F6C6, 0x1F6CF, prExtendedPictographic}, //  7.0 [10] (🛆..��)    TRIANGLE WITH ROUNDED CORNERS..bed
-	{0x1F6D0, 0x1F6D0, prExtendedPictographic}, //  8.0  [1] (�)       place of worship
-	{0x1F6D1, 0x1F6D2, prExtendedPictographic}, //  9.0  [2] (🛑..🛒)    stop sign..shopping cart
-	{0x1F6D3, 0x1F6D4, prExtendedPictographic}, // 10.0  [2] (🛓..🛔)    STUPA..PAGODA
-	{0x1F6D5, 0x1F6D5, prExtendedPictographic}, // 12.0  [1] (🛕)       hindu temple
-	{0x1F6D6, 0x1F6DF, prExtendedPictographic}, //   NA [10] (🛖..🛟)    <reserved-1F6D6>..<reserved-1F6DF>
-	{0x1F6E0, 0x1F6EC, prExtendedPictographic}, //  7.0 [13] (🛠�..🛬)    hammer and wrench..airplane arrival
-	{0x1F6ED, 0x1F6EF, prExtendedPictographic}, //   NA  [3] (🛭..🛯)    <reserved-1F6ED>..<reserved-1F6EF>
-	{0x1F6F0, 0x1F6F3, prExtendedPictographic}, //  7.0  [4] (🛰�..🛳�)    satellite..passenger ship
-	{0x1F6F4, 0x1F6F6, prExtendedPictographic}, //  9.0  [3] (🛴..🛶)    kick scooter..canoe
-	{0x1F6F7, 0x1F6F8, prExtendedPictographic}, // 10.0  [2] (🛷..🛸)    sled..flying saucer
-	{0x1F6F9, 0x1F6F9, prExtendedPictographic}, // 11.0  [1] (🛹)       skateboard
-	{0x1F6FA, 0x1F6FA, prExtendedPictographic}, // 12.0  [1] (🛺)       auto rickshaw
-	{0x1F6FB, 0x1F6FF, prExtendedPictographic}, //   NA  [5] (🛻..🛿)    <reserved-1F6FB>..<reserved-1F6FF>
-	{0x1F774, 0x1F77F, prExtendedPictographic}, //   NA [12] (�..�)    <reserved-1F774>..<reserved-1F77F>
-	{0x1F7D5, 0x1F7D8, prExtendedPictographic}, // 11.0  [4] (🟕..🟘)    CIRCLED TRIANGLE..NEGATIVE CIRCLED SQUARE
-	{0x1F7D9, 0x1F7DF, prExtendedPictographic}, //   NA  [7] (🟙..🟟)    <reserved-1F7D9>..<reserved-1F7DF>
-	{0x1F7E0, 0x1F7EB, prExtendedPictographic}, // 12.0 [12] (🟠..🟫)    orange circle..brown square
-	{0x1F7EC, 0x1F7FF, prExtendedPictographic}, //   NA [20] (🟬..🟿)    <reserved-1F7EC>..<reserved-1F7FF>
-	{0x1F80C, 0x1F80F, prExtendedPictographic}, //   NA  [4] (🠌..�)    <reserved-1F80C>..<reserved-1F80F>
-	{0x1F848, 0x1F84F, prExtendedPictographic}, //   NA  [8] (🡈..�)    <reserved-1F848>..<reserved-1F84F>
-	{0x1F85A, 0x1F85F, prExtendedPictographic}, //   NA  [6] (🡚..🡟)    <reserved-1F85A>..<reserved-1F85F>
-	{0x1F888, 0x1F88F, prExtendedPictographic}, //   NA  [8] (🢈..�)    <reserved-1F888>..<reserved-1F88F>
-	{0x1F8AE, 0x1F8FF, prExtendedPictographic}, //   NA [82] (🢮..🣿)    <reserved-1F8AE>..<reserved-1F8FF>
-	{0x1F90C, 0x1F90C, prExtendedPictographic}, //   NA  [1] (🤌)       <reserved-1F90C>
-	{0x1F90D, 0x1F90F, prExtendedPictographic}, // 12.0  [3] (�..�)    white heart..pinching hand
-	{0x1F910, 0x1F918, prExtendedPictographic}, //  8.0  [9] (�..🤘)    zipper-mouth face..sign of the horns
-	{0x1F919, 0x1F91E, prExtendedPictographic}, //  9.0  [6] (🤙..🤞)    call me hand..crossed fingers
-	{0x1F91F, 0x1F91F, prExtendedPictographic}, // 10.0  [1] (🤟)       love-you gesture
-	{0x1F920, 0x1F927, prExtendedPictographic}, //  9.0  [8] (🤠..🤧)    cowboy hat face..sneezing face
-	{0x1F928, 0x1F92F, prExtendedPictographic}, // 10.0  [8] (🤨..🤯)    face with raised eyebrow..exploding head
-	{0x1F930, 0x1F930, prExtendedPictographic}, //  9.0  [1] (🤰)       pregnant woman
-	{0x1F931, 0x1F932, prExtendedPictographic}, // 10.0  [2] (🤱..🤲)    breast-feeding..palms up together
-	{0x1F933, 0x1F93A, prExtendedPictographic}, //  9.0  [8] (🤳..🤺)    selfie..person fencing
-	{0x1F93C, 0x1F93E, prExtendedPictographic}, //  9.0  [3] (🤼..🤾)    people wrestling..person playing handball
-	{0x1F93F, 0x1F93F, prExtendedPictographic}, // 12.0  [1] (🤿)       diving mask
-	{0x1F940, 0x1F945, prExtendedPictographic}, //  9.0  [6] (🥀..🥅)    wilted flower..goal net
-	{0x1F947, 0x1F94B, prExtendedPictographic}, //  9.0  [5] (🥇..🥋)    1st place medal..martial arts uniform
-	{0x1F94C, 0x1F94C, prExtendedPictographic}, // 10.0  [1] (🥌)       curling stone
-	{0x1F94D, 0x1F94F, prExtendedPictographic}, // 11.0  [3] (�..�)    lacrosse..flying disc
-	{0x1F950, 0x1F95E, prExtendedPictographic}, //  9.0 [15] (�..🥞)    croissant..pancakes
-	{0x1F95F, 0x1F96B, prExtendedPictographic}, // 10.0 [13] (🥟..🥫)    dumpling..canned food
-	{0x1F96C, 0x1F970, prExtendedPictographic}, // 11.0  [5] (🥬..🥰)    leafy green..smiling face with hearts
-	{0x1F971, 0x1F971, prExtendedPictographic}, // 12.0  [1] (🥱)       yawning face
-	{0x1F972, 0x1F972, prExtendedPictographic}, //   NA  [1] (🥲)       <reserved-1F972>
-	{0x1F973, 0x1F976, prExtendedPictographic}, // 11.0  [4] (🥳..🥶)    partying face..cold face
-	{0x1F977, 0x1F979, prExtendedPictographic}, //   NA  [3] (🥷..🥹)    <reserved-1F977>..<reserved-1F979>
-	{0x1F97A, 0x1F97A, prExtendedPictographic}, // 11.0  [1] (🥺)       pleading face
-	{0x1F97B, 0x1F97B, prExtendedPictographic}, // 12.0  [1] (🥻)       sari
-	{0x1F97C, 0x1F97F, prExtendedPictographic}, // 11.0  [4] (🥼..🥿)    lab coat..flat shoe
-	{0x1F980, 0x1F984, prExtendedPictographic}, //  8.0  [5] (🦀..🦄)    crab..unicorn
-	{0x1F985, 0x1F991, prExtendedPictographic}, //  9.0 [13] (🦅..🦑)    eagle..squid
-	{0x1F992, 0x1F997, prExtendedPictographic}, // 10.0  [6] (🦒..🦗)    giraffe..cricket
-	{0x1F998, 0x1F9A2, prExtendedPictographic}, // 11.0 [11] (🦘..🦢)    kangaroo..swan
-	{0x1F9A3, 0x1F9A4, prExtendedPictographic}, //   NA  [2] (🦣..🦤)    <reserved-1F9A3>..<reserved-1F9A4>
-	{0x1F9A5, 0x1F9AA, prExtendedPictographic}, // 12.0  [6] (🦥..🦪)    sloth..oyster
-	{0x1F9AB, 0x1F9AD, prExtendedPictographic}, //   NA  [3] (🦫..🦭)    <reserved-1F9AB>..<reserved-1F9AD>
-	{0x1F9AE, 0x1F9AF, prExtendedPictographic}, // 12.0  [2] (🦮..🦯)    guide dog..probing cane
-	{0x1F9B0, 0x1F9B9, prExtendedPictographic}, // 11.0 [10] (🦰..🦹)    red hair..supervillain
-	{0x1F9BA, 0x1F9BF, prExtendedPictographic}, // 12.0  [6] (🦺..🦿)    safety vest..mechanical leg
-	{0x1F9C0, 0x1F9C0, prExtendedPictographic}, //  8.0  [1] (🧀)       cheese wedge
-	{0x1F9C1, 0x1F9C2, prExtendedPictographic}, // 11.0  [2] (�..🧂)    cupcake..salt
-	{0x1F9C3, 0x1F9CA, prExtendedPictographic}, // 12.0  [8] (🧃..🧊)    beverage box..ice cube
-	{0x1F9CB, 0x1F9CC, prExtendedPictographic}, //   NA  [2] (🧋..🧌)    <reserved-1F9CB>..<reserved-1F9CC>
-	{0x1F9CD, 0x1F9CF, prExtendedPictographic}, // 12.0  [3] (�..�)    person standing..deaf person
-	{0x1F9D0, 0x1F9E6, prExtendedPictographic}, // 10.0 [23] (�..🧦)    face with monocle..socks
-	{0x1F9E7, 0x1F9FF, prExtendedPictographic}, // 11.0 [25] (🧧..🧿)    red envelope..nazar amulet
-	{0x1FA00, 0x1FA53, prExtendedPictographic}, // 12.0 [84] (🨀..🩓)    NEUTRAL CHESS KING..BLACK CHESS KNIGHT-BISHOP
-	{0x1FA54, 0x1FA5F, prExtendedPictographic}, //   NA [12] (🩔..🩟)    <reserved-1FA54>..<reserved-1FA5F>
-	{0x1FA60, 0x1FA6D, prExtendedPictographic}, // 11.0 [14] (🩠..🩭)    XIANGQI RED GENERAL..XIANGQI BLACK SOLDIER
-	{0x1FA6E, 0x1FA6F, prExtendedPictographic}, //   NA  [2] (🩮..🩯)    <reserved-1FA6E>..<reserved-1FA6F>
-	{0x1FA70, 0x1FA73, prExtendedPictographic}, // 12.0  [4] (🩰..🩳)    ballet shoes..shorts
-	{0x1FA74, 0x1FA77, prExtendedPictographic}, //   NA  [4] (🩴..🩷)    <reserved-1FA74>..<reserved-1FA77>
-	{0x1FA78, 0x1FA7A, prExtendedPictographic}, // 12.0  [3] (🩸..🩺)    drop of blood..stethoscope
-	{0x1FA7B, 0x1FA7F, prExtendedPictographic}, //   NA  [5] (🩻..🩿)    <reserved-1FA7B>..<reserved-1FA7F>
-	{0x1FA80, 0x1FA82, prExtendedPictographic}, // 12.0  [3] (🪀..🪂)    yo-yo..parachute
-	{0x1FA83, 0x1FA8F, prExtendedPictographic}, //   NA [13] (🪃..�)    <reserved-1FA83>..<reserved-1FA8F>
-	{0x1FA90, 0x1FA95, prExtendedPictographic}, // 12.0  [6] (�..🪕)    ringed planet..banjo
-	{0x1FA96, 0x1FFFD, prExtendedPictographic}, //   NA[1384] (🪖..🿽)   <reserved-1FA96>..<reserved-1FFFD>
-	{0xE0000, 0xE0000, prControl},              // Cn       <reserved-E0000>
-	{0xE0001, 0xE0001, prControl},              // Cf       LANGUAGE TAG
-	{0xE0002, 0xE001F, prControl},              // Cn  [30] <reserved-E0002>..<reserved-E001F>
-	{0xE0020, 0xE007F, prExtend},               // Cf  [96] TAG SPACE..CANCEL TAG
-	{0xE0080, 0xE00FF, prControl},              // Cn [128] <reserved-E0080>..<reserved-E00FF>
-	{0xE0100, 0xE01EF, prExtend},               // Mn [240] VARIATION SELECTOR-17..VARIATION SELECTOR-256
-	{0xE01F0, 0xE0FFF, prControl},              // Cn [3600] <reserved-E01F0>..<reserved-E0FFF>
-}
+// Unicode General Categories. Only the ones needed in the context of this
+// package are included.
+const (
+	gcNone = iota // gcNone must be 0.
+	gcCc
+	gcZs
+	gcPo
+	gcSc
+	gcPs
+	gcPe
+	gcSm
+	gcPd
+	gcNd
+	gcLu
+	gcSk
+	gcPc
+	gcLl
+	gcSo
+	gcLo
+	gcPi
+	gcCf
+	gcNo
+	gcPf
+	gcLC
+	gcLm
+	gcMn
+	gcMe
+	gcMc
+	gcNl
+	gcZl
+	gcZp
+	gcCn
+	gcCs
+	gcCo
+)
 
-// property returns the Unicode property value (see constants above) of the
-// given code point.
-func property(r rune) int {
+// Special code points.
+const (
+	vs15 = 0xfe0e // Variation Selector-15 (text presentation)
+	vs16 = 0xfe0f // Variation Selector-16 (emoji presentation)
+)
+
+// propertySearch performs a binary search on a property slice and returns the
+// entry whose range (start = first array element, end = second array element)
+// includes r, or an array of 0's if no such entry was found.
+func propertySearch[E interface{ [3]int | [4]int }](dictionary []E, r rune) (result E) {
 	// Run a binary search.
 	from := 0
-	to := len(codePoints)
+	to := len(dictionary)
 	for to > from {
 		middle := (from + to) / 2
-		cpRange := codePoints[middle]
+		cpRange := dictionary[middle]
 		if int(r) < cpRange[0] {
 			to = middle
 			continue
@@ -1652,7 +149,20 @@ func property(r rune) int {
 			from = middle + 1
 			continue
 		}
-		return cpRange[2]
+		return cpRange
 	}
-	return prAny
+	return
+}
+
+// property returns the Unicode property value (see constants above) of the
+// given code point.
+func property(dictionary [][3]int, r rune) int {
+	return propertySearch(dictionary, r)[2]
+}
+
+// propertyWithGenCat returns the Unicode property value and General Category
+// (see constants above) of the given code point.
+func propertyWithGenCat(dictionary [][4]int, r rune) (property, generalCategory int) {
+	entry := propertySearch(dictionary, r)
+	return entry[2], entry[3]
 }
diff --git a/vendor/github.com/rivo/uniseg/sentence.go b/vendor/github.com/rivo/uniseg/sentence.go
new file mode 100644
index 0000000000..adc2a35773
--- /dev/null
+++ b/vendor/github.com/rivo/uniseg/sentence.go
@@ -0,0 +1,90 @@
+package uniseg
+
+import "unicode/utf8"
+
+// FirstSentence returns the first sentence found in the given byte slice
+// according to the rules of [Unicode Standard Annex #29, Sentence Boundaries].
+// This function can be called continuously to extract all sentences from a byte
+// slice, as illustrated in the example below.
+//
+// If you don't know the current state, for example when calling the function
+// for the first time, you must pass -1. For consecutive calls, pass the state
+// and rest slice returned by the previous call.
+//
+// The "rest" slice is the sub-slice of the original byte slice "b" starting
+// after the last byte of the identified sentence. If the length of the "rest"
+// slice is 0, the entire byte slice "b" has been processed. The "sentence" byte
+// slice is the sub-slice of the input slice containing the identified sentence.
+//
+// Given an empty byte slice "b", the function returns nil values.
+//
+// [Unicode Standard Annex #29, Sentence Boundaries]: http://unicode.org/reports/tr29/#Sentence_Boundaries
+func FirstSentence(b []byte, state int) (sentence, rest []byte, newState int) {
+	// An empty byte slice returns nothing.
+	if len(b) == 0 {
+		return
+	}
+
+	// Extract the first rune.
+	r, length := utf8.DecodeRune(b)
+	if len(b) <= length { // If we're already past the end, there is nothing else to parse.
+		return b, nil, sbAny
+	}
+
+	// If we don't know the state, determine it now.
+	if state < 0 {
+		state, _ = transitionSentenceBreakState(state, r, b[length:], "")
+	}
+
+	// Transition until we find a boundary.
+	var boundary bool
+	for {
+		r, l := utf8.DecodeRune(b[length:])
+		state, boundary = transitionSentenceBreakState(state, r, b[length+l:], "")
+
+		if boundary {
+			return b[:length], b[length:], state
+		}
+
+		length += l
+		if len(b) <= length {
+			return b, nil, sbAny
+		}
+	}
+}
+
+// FirstSentenceInString is like [FirstSentence] but its input and outputs are
+// strings.
+func FirstSentenceInString(str string, state int) (sentence, rest string, newState int) {
+	// An empty byte slice returns nothing.
+	if len(str) == 0 {
+		return
+	}
+
+	// Extract the first rune.
+	r, length := utf8.DecodeRuneInString(str)
+	if len(str) <= length { // If we're already past the end, there is nothing else to parse.
+		return str, "", sbAny
+	}
+
+	// If we don't know the state, determine it now.
+	if state < 0 {
+		state, _ = transitionSentenceBreakState(state, r, nil, str[length:])
+	}
+
+	// Transition until we find a boundary.
+	var boundary bool
+	for {
+		r, l := utf8.DecodeRuneInString(str[length:])
+		state, boundary = transitionSentenceBreakState(state, r, nil, str[length+l:])
+
+		if boundary {
+			return str[:length], str[length:], state
+		}
+
+		length += l
+		if len(str) <= length {
+			return str, "", sbAny
+		}
+	}
+}
diff --git a/vendor/github.com/rivo/uniseg/sentenceproperties.go b/vendor/github.com/rivo/uniseg/sentenceproperties.go
new file mode 100644
index 0000000000..ba0cf2de11
--- /dev/null
+++ b/vendor/github.com/rivo/uniseg/sentenceproperties.go
@@ -0,0 +1,2815 @@
+package uniseg
+
+// Code generated via go generate from gen_properties.go. DO NOT EDIT.
+
+// sentenceBreakCodePoints are taken from
+// https://www.unicode.org/Public/14.0.0/ucd/auxiliary/SentenceBreakProperty.txt
+// and
+// https://unicode.org/Public/14.0.0/ucd/emoji/emoji-data.txt
+// ("Extended_Pictographic" only)
+// on September 10, 2022. See https://www.unicode.org/license.html for the Unicode
+// license agreement.
+var sentenceBreakCodePoints = [][3]int{
+	{0x0009, 0x0009, prSp},        // Cc       <control-0009>
+	{0x000A, 0x000A, prLF},        // Cc       <control-000A>
+	{0x000B, 0x000C, prSp},        // Cc   [2] <control-000B>..<control-000C>
+	{0x000D, 0x000D, prCR},        // Cc       <control-000D>
+	{0x0020, 0x0020, prSp},        // Zs       SPACE
+	{0x0021, 0x0021, prSTerm},     // Po       EXCLAMATION MARK
+	{0x0022, 0x0022, prClose},     // Po       QUOTATION MARK
+	{0x0027, 0x0027, prClose},     // Po       APOSTROPHE
+	{0x0028, 0x0028, prClose},     // Ps       LEFT PARENTHESIS
+	{0x0029, 0x0029, prClose},     // Pe       RIGHT PARENTHESIS
+	{0x002C, 0x002C, prSContinue}, // Po       COMMA
+	{0x002D, 0x002D, prSContinue}, // Pd       HYPHEN-MINUS
+	{0x002E, 0x002E, prATerm},     // Po       FULL STOP
+	{0x0030, 0x0039, prNumeric},   // Nd  [10] DIGIT ZERO..DIGIT NINE
+	{0x003A, 0x003A, prSContinue}, // Po       COLON
+	{0x003F, 0x003F, prSTerm},     // Po       QUESTION MARK
+	{0x0041, 0x005A, prUpper},     // L&  [26] LATIN CAPITAL LETTER A..LATIN CAPITAL LETTER Z
+	{0x005B, 0x005B, prClose},     // Ps       LEFT SQUARE BRACKET
+	{0x005D, 0x005D, prClose},     // Pe       RIGHT SQUARE BRACKET
+	{0x0061, 0x007A, prLower},     // L&  [26] LATIN SMALL LETTER A..LATIN SMALL LETTER Z
+	{0x007B, 0x007B, prClose},     // Ps       LEFT CURLY BRACKET
+	{0x007D, 0x007D, prClose},     // Pe       RIGHT CURLY BRACKET
+	{0x0085, 0x0085, prSep},       // Cc       <control-0085>
+	{0x00A0, 0x00A0, prSp},        // Zs       NO-BREAK SPACE
+	{0x00AA, 0x00AA, prLower},     // Lo       FEMININE ORDINAL INDICATOR
+	{0x00AB, 0x00AB, prClose},     // Pi       LEFT-POINTING DOUBLE ANGLE QUOTATION MARK
+	{0x00AD, 0x00AD, prFormat},    // Cf       SOFT HYPHEN
+	{0x00B5, 0x00B5, prLower},     // L&       MICRO SIGN
+	{0x00BA, 0x00BA, prLower},     // Lo       MASCULINE ORDINAL INDICATOR
+	{0x00BB, 0x00BB, prClose},     // Pf       RIGHT-POINTING DOUBLE ANGLE QUOTATION MARK
+	{0x00C0, 0x00D6, prUpper},     // L&  [23] LATIN CAPITAL LETTER A WITH GRAVE..LATIN CAPITAL LETTER O WITH DIAERESIS
+	{0x00D8, 0x00DE, prUpper},     // L&   [7] LATIN CAPITAL LETTER O WITH STROKE..LATIN CAPITAL LETTER THORN
+	{0x00DF, 0x00F6, prLower},     // L&  [24] LATIN SMALL LETTER SHARP S..LATIN SMALL LETTER O WITH DIAERESIS
+	{0x00F8, 0x00FF, prLower},     // L&   [8] LATIN SMALL LETTER O WITH STROKE..LATIN SMALL LETTER Y WITH DIAERESIS
+	{0x0100, 0x0100, prUpper},     // L&       LATIN CAPITAL LETTER A WITH MACRON
+	{0x0101, 0x0101, prLower},     // L&       LATIN SMALL LETTER A WITH MACRON
+	{0x0102, 0x0102, prUpper},     // L&       LATIN CAPITAL LETTER A WITH BREVE
+	{0x0103, 0x0103, prLower},     // L&       LATIN SMALL LETTER A WITH BREVE
+	{0x0104, 0x0104, prUpper},     // L&       LATIN CAPITAL LETTER A WITH OGONEK
+	{0x0105, 0x0105, prLower},     // L&       LATIN SMALL LETTER A WITH OGONEK
+	{0x0106, 0x0106, prUpper},     // L&       LATIN CAPITAL LETTER C WITH ACUTE
+	{0x0107, 0x0107, prLower},     // L&       LATIN SMALL LETTER C WITH ACUTE
+	{0x0108, 0x0108, prUpper},     // L&       LATIN CAPITAL LETTER C WITH CIRCUMFLEX
+	{0x0109, 0x0109, prLower},     // L&       LATIN SMALL LETTER C WITH CIRCUMFLEX
+	{0x010A, 0x010A, prUpper},     // L&       LATIN CAPITAL LETTER C WITH DOT ABOVE
+	{0x010B, 0x010B, prLower},     // L&       LATIN SMALL LETTER C WITH DOT ABOVE
+	{0x010C, 0x010C, prUpper},     // L&       LATIN CAPITAL LETTER C WITH CARON
+	{0x010D, 0x010D, prLower},     // L&       LATIN SMALL LETTER C WITH CARON
+	{0x010E, 0x010E, prUpper},     // L&       LATIN CAPITAL LETTER D WITH CARON
+	{0x010F, 0x010F, prLower},     // L&       LATIN SMALL LETTER D WITH CARON
+	{0x0110, 0x0110, prUpper},     // L&       LATIN CAPITAL LETTER D WITH STROKE
+	{0x0111, 0x0111, prLower},     // L&       LATIN SMALL LETTER D WITH STROKE
+	{0x0112, 0x0112, prUpper},     // L&       LATIN CAPITAL LETTER E WITH MACRON
+	{0x0113, 0x0113, prLower},     // L&       LATIN SMALL LETTER E WITH MACRON
+	{0x0114, 0x0114, prUpper},     // L&       LATIN CAPITAL LETTER E WITH BREVE
+	{0x0115, 0x0115, prLower},     // L&       LATIN SMALL LETTER E WITH BREVE
+	{0x0116, 0x0116, prUpper},     // L&       LATIN CAPITAL LETTER E WITH DOT ABOVE
+	{0x0117, 0x0117, prLower},     // L&       LATIN SMALL LETTER E WITH DOT ABOVE
+	{0x0118, 0x0118, prUpper},     // L&       LATIN CAPITAL LETTER E WITH OGONEK
+	{0x0119, 0x0119, prLower},     // L&       LATIN SMALL LETTER E WITH OGONEK
+	{0x011A, 0x011A, prUpper},     // L&       LATIN CAPITAL LETTER E WITH CARON
+	{0x011B, 0x011B, prLower},     // L&       LATIN SMALL LETTER E WITH CARON
+	{0x011C, 0x011C, prUpper},     // L&       LATIN CAPITAL LETTER G WITH CIRCUMFLEX
+	{0x011D, 0x011D, prLower},     // L&       LATIN SMALL LETTER G WITH CIRCUMFLEX
+	{0x011E, 0x011E, prUpper},     // L&       LATIN CAPITAL LETTER G WITH BREVE
+	{0x011F, 0x011F, prLower},     // L&       LATIN SMALL LETTER G WITH BREVE
+	{0x0120, 0x0120, prUpper},     // L&       LATIN CAPITAL LETTER G WITH DOT ABOVE
+	{0x0121, 0x0121, prLower},     // L&       LATIN SMALL LETTER G WITH DOT ABOVE
+	{0x0122, 0x0122, prUpper},     // L&       LATIN CAPITAL LETTER G WITH CEDILLA
+	{0x0123, 0x0123, prLower},     // L&       LATIN SMALL LETTER G WITH CEDILLA
+	{0x0124, 0x0124, prUpper},     // L&       LATIN CAPITAL LETTER H WITH CIRCUMFLEX
+	{0x0125, 0x0125, prLower},     // L&       LATIN SMALL LETTER H WITH CIRCUMFLEX
+	{0x0126, 0x0126, prUpper},     // L&       LATIN CAPITAL LETTER H WITH STROKE
+	{0x0127, 0x0127, prLower},     // L&       LATIN SMALL LETTER H WITH STROKE
+	{0x0128, 0x0128, prUpper},     // L&       LATIN CAPITAL LETTER I WITH TILDE
+	{0x0129, 0x0129, prLower},     // L&       LATIN SMALL LETTER I WITH TILDE
+	{0x012A, 0x012A, prUpper},     // L&       LATIN CAPITAL LETTER I WITH MACRON
+	{0x012B, 0x012B, prLower},     // L&       LATIN SMALL LETTER I WITH MACRON
+	{0x012C, 0x012C, prUpper},     // L&       LATIN CAPITAL LETTER I WITH BREVE
+	{0x012D, 0x012D, prLower},     // L&       LATIN SMALL LETTER I WITH BREVE
+	{0x012E, 0x012E, prUpper},     // L&       LATIN CAPITAL LETTER I WITH OGONEK
+	{0x012F, 0x012F, prLower},     // L&       LATIN SMALL LETTER I WITH OGONEK
+	{0x0130, 0x0130, prUpper},     // L&       LATIN CAPITAL LETTER I WITH DOT ABOVE
+	{0x0131, 0x0131, prLower},     // L&       LATIN SMALL LETTER DOTLESS I
+	{0x0132, 0x0132, prUpper},     // L&       LATIN CAPITAL LIGATURE IJ
+	{0x0133, 0x0133, prLower},     // L&       LATIN SMALL LIGATURE IJ
+	{0x0134, 0x0134, prUpper},     // L&       LATIN CAPITAL LETTER J WITH CIRCUMFLEX
+	{0x0135, 0x0135, prLower},     // L&       LATIN SMALL LETTER J WITH CIRCUMFLEX
+	{0x0136, 0x0136, prUpper},     // L&       LATIN CAPITAL LETTER K WITH CEDILLA
+	{0x0137, 0x0138, prLower},     // L&   [2] LATIN SMALL LETTER K WITH CEDILLA..LATIN SMALL LETTER KRA
+	{0x0139, 0x0139, prUpper},     // L&       LATIN CAPITAL LETTER L WITH ACUTE
+	{0x013A, 0x013A, prLower},     // L&       LATIN SMALL LETTER L WITH ACUTE
+	{0x013B, 0x013B, prUpper},     // L&       LATIN CAPITAL LETTER L WITH CEDILLA
+	{0x013C, 0x013C, prLower},     // L&       LATIN SMALL LETTER L WITH CEDILLA
+	{0x013D, 0x013D, prUpper},     // L&       LATIN CAPITAL LETTER L WITH CARON
+	{0x013E, 0x013E, prLower},     // L&       LATIN SMALL LETTER L WITH CARON
+	{0x013F, 0x013F, prUpper},     // L&       LATIN CAPITAL LETTER L WITH MIDDLE DOT
+	{0x0140, 0x0140, prLower},     // L&       LATIN SMALL LETTER L WITH MIDDLE DOT
+	{0x0141, 0x0141, prUpper},     // L&       LATIN CAPITAL LETTER L WITH STROKE
+	{0x0142, 0x0142, prLower},     // L&       LATIN SMALL LETTER L WITH STROKE
+	{0x0143, 0x0143, prUpper},     // L&       LATIN CAPITAL LETTER N WITH ACUTE
+	{0x0144, 0x0144, prLower},     // L&       LATIN SMALL LETTER N WITH ACUTE
+	{0x0145, 0x0145, prUpper},     // L&       LATIN CAPITAL LETTER N WITH CEDILLA
+	{0x0146, 0x0146, prLower},     // L&       LATIN SMALL LETTER N WITH CEDILLA
+	{0x0147, 0x0147, prUpper},     // L&       LATIN CAPITAL LETTER N WITH CARON
+	{0x0148, 0x0149, prLower},     // L&   [2] LATIN SMALL LETTER N WITH CARON..LATIN SMALL LETTER N PRECEDED BY APOSTROPHE
+	{0x014A, 0x014A, prUpper},     // L&       LATIN CAPITAL LETTER ENG
+	{0x014B, 0x014B, prLower},     // L&       LATIN SMALL LETTER ENG
+	{0x014C, 0x014C, prUpper},     // L&       LATIN CAPITAL LETTER O WITH MACRON
+	{0x014D, 0x014D, prLower},     // L&       LATIN SMALL LETTER O WITH MACRON
+	{0x014E, 0x014E, prUpper},     // L&       LATIN CAPITAL LETTER O WITH BREVE
+	{0x014F, 0x014F, prLower},     // L&       LATIN SMALL LETTER O WITH BREVE
+	{0x0150, 0x0150, prUpper},     // L&       LATIN CAPITAL LETTER O WITH DOUBLE ACUTE
+	{0x0151, 0x0151, prLower},     // L&       LATIN SMALL LETTER O WITH DOUBLE ACUTE
+	{0x0152, 0x0152, prUpper},     // L&       LATIN CAPITAL LIGATURE OE
+	{0x0153, 0x0153, prLower},     // L&       LATIN SMALL LIGATURE OE
+	{0x0154, 0x0154, prUpper},     // L&       LATIN CAPITAL LETTER R WITH ACUTE
+	{0x0155, 0x0155, prLower},     // L&       LATIN SMALL LETTER R WITH ACUTE
+	{0x0156, 0x0156, prUpper},     // L&       LATIN CAPITAL LETTER R WITH CEDILLA
+	{0x0157, 0x0157, prLower},     // L&       LATIN SMALL LETTER R WITH CEDILLA
+	{0x0158, 0x0158, prUpper},     // L&       LATIN CAPITAL LETTER R WITH CARON
+	{0x0159, 0x0159, prLower},     // L&       LATIN SMALL LETTER R WITH CARON
+	{0x015A, 0x015A, prUpper},     // L&       LATIN CAPITAL LETTER S WITH ACUTE
+	{0x015B, 0x015B, prLower},     // L&       LATIN SMALL LETTER S WITH ACUTE
+	{0x015C, 0x015C, prUpper},     // L&       LATIN CAPITAL LETTER S WITH CIRCUMFLEX
+	{0x015D, 0x015D, prLower},     // L&       LATIN SMALL LETTER S WITH CIRCUMFLEX
+	{0x015E, 0x015E, prUpper},     // L&       LATIN CAPITAL LETTER S WITH CEDILLA
+	{0x015F, 0x015F, prLower},     // L&       LATIN SMALL LETTER S WITH CEDILLA
+	{0x0160, 0x0160, prUpper},     // L&       LATIN CAPITAL LETTER S WITH CARON
+	{0x0161, 0x0161, prLower},     // L&       LATIN SMALL LETTER S WITH CARON
+	{0x0162, 0x0162, prUpper},     // L&       LATIN CAPITAL LETTER T WITH CEDILLA
+	{0x0163, 0x0163, prLower},     // L&       LATIN SMALL LETTER T WITH CEDILLA
+	{0x0164, 0x0164, prUpper},     // L&       LATIN CAPITAL LETTER T WITH CARON
+	{0x0165, 0x0165, prLower},     // L&       LATIN SMALL LETTER T WITH CARON
+	{0x0166, 0x0166, prUpper},     // L&       LATIN CAPITAL LETTER T WITH STROKE
+	{0x0167, 0x0167, prLower},     // L&       LATIN SMALL LETTER T WITH STROKE
+	{0x0168, 0x0168, prUpper},     // L&       LATIN CAPITAL LETTER U WITH TILDE
+	{0x0169, 0x0169, prLower},     // L&       LATIN SMALL LETTER U WITH TILDE
+	{0x016A, 0x016A, prUpper},     // L&       LATIN CAPITAL LETTER U WITH MACRON
+	{0x016B, 0x016B, prLower},     // L&       LATIN SMALL LETTER U WITH MACRON
+	{0x016C, 0x016C, prUpper},     // L&       LATIN CAPITAL LETTER U WITH BREVE
+	{0x016D, 0x016D, prLower},     // L&       LATIN SMALL LETTER U WITH BREVE
+	{0x016E, 0x016E, prUpper},     // L&       LATIN CAPITAL LETTER U WITH RING ABOVE
+	{0x016F, 0x016F, prLower},     // L&       LATIN SMALL LETTER U WITH RING ABOVE
+	{0x0170, 0x0170, prUpper},     // L&       LATIN CAPITAL LETTER U WITH DOUBLE ACUTE
+	{0x0171, 0x0171, prLower},     // L&       LATIN SMALL LETTER U WITH DOUBLE ACUTE
+	{0x0172, 0x0172, prUpper},     // L&       LATIN CAPITAL LETTER U WITH OGONEK
+	{0x0173, 0x0173, prLower},     // L&       LATIN SMALL LETTER U WITH OGONEK
+	{0x0174, 0x0174, prUpper},     // L&       LATIN CAPITAL LETTER W WITH CIRCUMFLEX
+	{0x0175, 0x0175, prLower},     // L&       LATIN SMALL LETTER W WITH CIRCUMFLEX
+	{0x0176, 0x0176, prUpper},     // L&       LATIN CAPITAL LETTER Y WITH CIRCUMFLEX
+	{0x0177, 0x0177, prLower},     // L&       LATIN SMALL LETTER Y WITH CIRCUMFLEX
+	{0x0178, 0x0179, prUpper},     // L&   [2] LATIN CAPITAL LETTER Y WITH DIAERESIS..LATIN CAPITAL LETTER Z WITH ACUTE
+	{0x017A, 0x017A, prLower},     // L&       LATIN SMALL LETTER Z WITH ACUTE
+	{0x017B, 0x017B, prUpper},     // L&       LATIN CAPITAL LETTER Z WITH DOT ABOVE
+	{0x017C, 0x017C, prLower},     // L&       LATIN SMALL LETTER Z WITH DOT ABOVE
+	{0x017D, 0x017D, prUpper},     // L&       LATIN CAPITAL LETTER Z WITH CARON
+	{0x017E, 0x0180, prLower},     // L&   [3] LATIN SMALL LETTER Z WITH CARON..LATIN SMALL LETTER B WITH STROKE
+	{0x0181, 0x0182, prUpper},     // L&   [2] LATIN CAPITAL LETTER B WITH HOOK..LATIN CAPITAL LETTER B WITH TOPBAR
+	{0x0183, 0x0183, prLower},     // L&       LATIN SMALL LETTER B WITH TOPBAR
+	{0x0184, 0x0184, prUpper},     // L&       LATIN CAPITAL LETTER TONE SIX
+	{0x0185, 0x0185, prLower},     // L&       LATIN SMALL LETTER TONE SIX
+	{0x0186, 0x0187, prUpper},     // L&   [2] LATIN CAPITAL LETTER OPEN O..LATIN CAPITAL LETTER C WITH HOOK
+	{0x0188, 0x0188, prLower},     // L&       LATIN SMALL LETTER C WITH HOOK
+	{0x0189, 0x018B, prUpper},     // L&   [3] LATIN CAPITAL LETTER AFRICAN D..LATIN CAPITAL LETTER D WITH TOPBAR
+	{0x018C, 0x018D, prLower},     // L&   [2] LATIN SMALL LETTER D WITH TOPBAR..LATIN SMALL LETTER TURNED DELTA
+	{0x018E, 0x0191, prUpper},     // L&   [4] LATIN CAPITAL LETTER REVERSED E..LATIN CAPITAL LETTER F WITH HOOK
+	{0x0192, 0x0192, prLower},     // L&       LATIN SMALL LETTER F WITH HOOK
+	{0x0193, 0x0194, prUpper},     // L&   [2] LATIN CAPITAL LETTER G WITH HOOK..LATIN CAPITAL LETTER GAMMA
+	{0x0195, 0x0195, prLower},     // L&       LATIN SMALL LETTER HV
+	{0x0196, 0x0198, prUpper},     // L&   [3] LATIN CAPITAL LETTER IOTA..LATIN CAPITAL LETTER K WITH HOOK
+	{0x0199, 0x019B, prLower},     // L&   [3] LATIN SMALL LETTER K WITH HOOK..LATIN SMALL LETTER LAMBDA WITH STROKE
+	{0x019C, 0x019D, prUpper},     // L&   [2] LATIN CAPITAL LETTER TURNED M..LATIN CAPITAL LETTER N WITH LEFT HOOK
+	{0x019E, 0x019E, prLower},     // L&       LATIN SMALL LETTER N WITH LONG RIGHT LEG
+	{0x019F, 0x01A0, prUpper},     // L&   [2] LATIN CAPITAL LETTER O WITH MIDDLE TILDE..LATIN CAPITAL LETTER O WITH HORN
+	{0x01A1, 0x01A1, prLower},     // L&       LATIN SMALL LETTER O WITH HORN
+	{0x01A2, 0x01A2, prUpper},     // L&       LATIN CAPITAL LETTER OI
+	{0x01A3, 0x01A3, prLower},     // L&       LATIN SMALL LETTER OI
+	{0x01A4, 0x01A4, prUpper},     // L&       LATIN CAPITAL LETTER P WITH HOOK
+	{0x01A5, 0x01A5, prLower},     // L&       LATIN SMALL LETTER P WITH HOOK
+	{0x01A6, 0x01A7, prUpper},     // L&   [2] LATIN LETTER YR..LATIN CAPITAL LETTER TONE TWO
+	{0x01A8, 0x01A8, prLower},     // L&       LATIN SMALL LETTER TONE TWO
+	{0x01A9, 0x01A9, prUpper},     // L&       LATIN CAPITAL LETTER ESH
+	{0x01AA, 0x01AB, prLower},     // L&   [2] LATIN LETTER REVERSED ESH LOOP..LATIN SMALL LETTER T WITH PALATAL HOOK
+	{0x01AC, 0x01AC, prUpper},     // L&       LATIN CAPITAL LETTER T WITH HOOK
+	{0x01AD, 0x01AD, prLower},     // L&       LATIN SMALL LETTER T WITH HOOK
+	{0x01AE, 0x01AF, prUpper},     // L&   [2] LATIN CAPITAL LETTER T WITH RETROFLEX HOOK..LATIN CAPITAL LETTER U WITH HORN
+	{0x01B0, 0x01B0, prLower},     // L&       LATIN SMALL LETTER U WITH HORN
+	{0x01B1, 0x01B3, prUpper},     // L&   [3] LATIN CAPITAL LETTER UPSILON..LATIN CAPITAL LETTER Y WITH HOOK
+	{0x01B4, 0x01B4, prLower},     // L&       LATIN SMALL LETTER Y WITH HOOK
+	{0x01B5, 0x01B5, prUpper},     // L&       LATIN CAPITAL LETTER Z WITH STROKE
+	{0x01B6, 0x01B6, prLower},     // L&       LATIN SMALL LETTER Z WITH STROKE
+	{0x01B7, 0x01B8, prUpper},     // L&   [2] LATIN CAPITAL LETTER EZH..LATIN CAPITAL LETTER EZH REVERSED
+	{0x01B9, 0x01BA, prLower},     // L&   [2] LATIN SMALL LETTER EZH REVERSED..LATIN SMALL LETTER EZH WITH TAIL
+	{0x01BB, 0x01BB, prOLetter},   // Lo       LATIN LETTER TWO WITH STROKE
+	{0x01BC, 0x01BC, prUpper},     // L&       LATIN CAPITAL LETTER TONE FIVE
+	{0x01BD, 0x01BF, prLower},     // L&   [3] LATIN SMALL LETTER TONE FIVE..LATIN LETTER WYNN
+	{0x01C0, 0x01C3, prOLetter},   // Lo   [4] LATIN LETTER DENTAL CLICK..LATIN LETTER RETROFLEX CLICK
+	{0x01C4, 0x01C5, prUpper},     // L&   [2] LATIN CAPITAL LETTER DZ WITH CARON..LATIN CAPITAL LETTER D WITH SMALL LETTER Z WITH CARON
+	{0x01C6, 0x01C6, prLower},     // L&       LATIN SMALL LETTER DZ WITH CARON
+	{0x01C7, 0x01C8, prUpper},     // L&   [2] LATIN CAPITAL LETTER LJ..LATIN CAPITAL LETTER L WITH SMALL LETTER J
+	{0x01C9, 0x01C9, prLower},     // L&       LATIN SMALL LETTER LJ
+	{0x01CA, 0x01CB, prUpper},     // L&   [2] LATIN CAPITAL LETTER NJ..LATIN CAPITAL LETTER N WITH SMALL LETTER J
+	{0x01CC, 0x01CC, prLower},     // L&       LATIN SMALL LETTER NJ
+	{0x01CD, 0x01CD, prUpper},     // L&       LATIN CAPITAL LETTER A WITH CARON
+	{0x01CE, 0x01CE, prLower},     // L&       LATIN SMALL LETTER A WITH CARON
+	{0x01CF, 0x01CF, prUpper},     // L&       LATIN CAPITAL LETTER I WITH CARON
+	{0x01D0, 0x01D0, prLower},     // L&       LATIN SMALL LETTER I WITH CARON
+	{0x01D1, 0x01D1, prUpper},     // L&       LATIN CAPITAL LETTER O WITH CARON
+	{0x01D2, 0x01D2, prLower},     // L&       LATIN SMALL LETTER O WITH CARON
+	{0x01D3, 0x01D3, prUpper},     // L&       LATIN CAPITAL LETTER U WITH CARON
+	{0x01D4, 0x01D4, prLower},     // L&       LATIN SMALL LETTER U WITH CARON
+	{0x01D5, 0x01D5, prUpper},     // L&       LATIN CAPITAL LETTER U WITH DIAERESIS AND MACRON
+	{0x01D6, 0x01D6, prLower},     // L&       LATIN SMALL LETTER U WITH DIAERESIS AND MACRON
+	{0x01D7, 0x01D7, prUpper},     // L&       LATIN CAPITAL LETTER U WITH DIAERESIS AND ACUTE
+	{0x01D8, 0x01D8, prLower},     // L&       LATIN SMALL LETTER U WITH DIAERESIS AND ACUTE
+	{0x01D9, 0x01D9, prUpper},     // L&       LATIN CAPITAL LETTER U WITH DIAERESIS AND CARON
+	{0x01DA, 0x01DA, prLower},     // L&       LATIN SMALL LETTER U WITH DIAERESIS AND CARON
+	{0x01DB, 0x01DB, prUpper},     // L&       LATIN CAPITAL LETTER U WITH DIAERESIS AND GRAVE
+	{0x01DC, 0x01DD, prLower},     // L&   [2] LATIN SMALL LETTER U WITH DIAERESIS AND GRAVE..LATIN SMALL LETTER TURNED E
+	{0x01DE, 0x01DE, prUpper},     // L&       LATIN CAPITAL LETTER A WITH DIAERESIS AND MACRON
+	{0x01DF, 0x01DF, prLower},     // L&       LATIN SMALL LETTER A WITH DIAERESIS AND MACRON
+	{0x01E0, 0x01E0, prUpper},     // L&       LATIN CAPITAL LETTER A WITH DOT ABOVE AND MACRON
+	{0x01E1, 0x01E1, prLower},     // L&       LATIN SMALL LETTER A WITH DOT ABOVE AND MACRON
+	{0x01E2, 0x01E2, prUpper},     // L&       LATIN CAPITAL LETTER AE WITH MACRON
+	{0x01E3, 0x01E3, prLower},     // L&       LATIN SMALL LETTER AE WITH MACRON
+	{0x01E4, 0x01E4, prUpper},     // L&       LATIN CAPITAL LETTER G WITH STROKE
+	{0x01E5, 0x01E5, prLower},     // L&       LATIN SMALL LETTER G WITH STROKE
+	{0x01E6, 0x01E6, prUpper},     // L&       LATIN CAPITAL LETTER G WITH CARON
+	{0x01E7, 0x01E7, prLower},     // L&       LATIN SMALL LETTER G WITH CARON
+	{0x01E8, 0x01E8, prUpper},     // L&       LATIN CAPITAL LETTER K WITH CARON
+	{0x01E9, 0x01E9, prLower},     // L&       LATIN SMALL LETTER K WITH CARON
+	{0x01EA, 0x01EA, prUpper},     // L&       LATIN CAPITAL LETTER O WITH OGONEK
+	{0x01EB, 0x01EB, prLower},     // L&       LATIN SMALL LETTER O WITH OGONEK
+	{0x01EC, 0x01EC, prUpper},     // L&       LATIN CAPITAL LETTER O WITH OGONEK AND MACRON
+	{0x01ED, 0x01ED, prLower},     // L&       LATIN SMALL LETTER O WITH OGONEK AND MACRON
+	{0x01EE, 0x01EE, prUpper},     // L&       LATIN CAPITAL LETTER EZH WITH CARON
+	{0x01EF, 0x01F0, prLower},     // L&   [2] LATIN SMALL LETTER EZH WITH CARON..LATIN SMALL LETTER J WITH CARON
+	{0x01F1, 0x01F2, prUpper},     // L&   [2] LATIN CAPITAL LETTER DZ..LATIN CAPITAL LETTER D WITH SMALL LETTER Z
+	{0x01F3, 0x01F3, prLower},     // L&       LATIN SMALL LETTER DZ
+	{0x01F4, 0x01F4, prUpper},     // L&       LATIN CAPITAL LETTER G WITH ACUTE
+	{0x01F5, 0x01F5, prLower},     // L&       LATIN SMALL LETTER G WITH ACUTE
+	{0x01F6, 0x01F8, prUpper},     // L&   [3] LATIN CAPITAL LETTER HWAIR..LATIN CAPITAL LETTER N WITH GRAVE
+	{0x01F9, 0x01F9, prLower},     // L&       LATIN SMALL LETTER N WITH GRAVE
+	{0x01FA, 0x01FA, prUpper},     // L&       LATIN CAPITAL LETTER A WITH RING ABOVE AND ACUTE
+	{0x01FB, 0x01FB, prLower},     // L&       LATIN SMALL LETTER A WITH RING ABOVE AND ACUTE
+	{0x01FC, 0x01FC, prUpper},     // L&       LATIN CAPITAL LETTER AE WITH ACUTE
+	{0x01FD, 0x01FD, prLower},     // L&       LATIN SMALL LETTER AE WITH ACUTE
+	{0x01FE, 0x01FE, prUpper},     // L&       LATIN CAPITAL LETTER O WITH STROKE AND ACUTE
+	{0x01FF, 0x01FF, prLower},     // L&       LATIN SMALL LETTER O WITH STROKE AND ACUTE
+	{0x0200, 0x0200, prUpper},     // L&       LATIN CAPITAL LETTER A WITH DOUBLE GRAVE
+	{0x0201, 0x0201, prLower},     // L&       LATIN SMALL LETTER A WITH DOUBLE GRAVE
+	{0x0202, 0x0202, prUpper},     // L&       LATIN CAPITAL LETTER A WITH INVERTED BREVE
+	{0x0203, 0x0203, prLower},     // L&       LATIN SMALL LETTER A WITH INVERTED BREVE
+	{0x0204, 0x0204, prUpper},     // L&       LATIN CAPITAL LETTER E WITH DOUBLE GRAVE
+	{0x0205, 0x0205, prLower},     // L&       LATIN SMALL LETTER E WITH DOUBLE GRAVE
+	{0x0206, 0x0206, prUpper},     // L&       LATIN CAPITAL LETTER E WITH INVERTED BREVE
+	{0x0207, 0x0207, prLower},     // L&       LATIN SMALL LETTER E WITH INVERTED BREVE
+	{0x0208, 0x0208, prUpper},     // L&       LATIN CAPITAL LETTER I WITH DOUBLE GRAVE
+	{0x0209, 0x0209, prLower},     // L&       LATIN SMALL LETTER I WITH DOUBLE GRAVE
+	{0x020A, 0x020A, prUpper},     // L&       LATIN CAPITAL LETTER I WITH INVERTED BREVE
+	{0x020B, 0x020B, prLower},     // L&       LATIN SMALL LETTER I WITH INVERTED BREVE
+	{0x020C, 0x020C, prUpper},     // L&       LATIN CAPITAL LETTER O WITH DOUBLE GRAVE
+	{0x020D, 0x020D, prLower},     // L&       LATIN SMALL LETTER O WITH DOUBLE GRAVE
+	{0x020E, 0x020E, prUpper},     // L&       LATIN CAPITAL LETTER O WITH INVERTED BREVE
+	{0x020F, 0x020F, prLower},     // L&       LATIN SMALL LETTER O WITH INVERTED BREVE
+	{0x0210, 0x0210, prUpper},     // L&       LATIN CAPITAL LETTER R WITH DOUBLE GRAVE
+	{0x0211, 0x0211, prLower},     // L&       LATIN SMALL LETTER R WITH DOUBLE GRAVE
+	{0x0212, 0x0212, prUpper},     // L&       LATIN CAPITAL LETTER R WITH INVERTED BREVE
+	{0x0213, 0x0213, prLower},     // L&       LATIN SMALL LETTER R WITH INVERTED BREVE
+	{0x0214, 0x0214, prUpper},     // L&       LATIN CAPITAL LETTER U WITH DOUBLE GRAVE
+	{0x0215, 0x0215, prLower},     // L&       LATIN SMALL LETTER U WITH DOUBLE GRAVE
+	{0x0216, 0x0216, prUpper},     // L&       LATIN CAPITAL LETTER U WITH INVERTED BREVE
+	{0x0217, 0x0217, prLower},     // L&       LATIN SMALL LETTER U WITH INVERTED BREVE
+	{0x0218, 0x0218, prUpper},     // L&       LATIN CAPITAL LETTER S WITH COMMA BELOW
+	{0x0219, 0x0219, prLower},     // L&       LATIN SMALL LETTER S WITH COMMA BELOW
+	{0x021A, 0x021A, prUpper},     // L&       LATIN CAPITAL LETTER T WITH COMMA BELOW
+	{0x021B, 0x021B, prLower},     // L&       LATIN SMALL LETTER T WITH COMMA BELOW
+	{0x021C, 0x021C, prUpper},     // L&       LATIN CAPITAL LETTER YOGH
+	{0x021D, 0x021D, prLower},     // L&       LATIN SMALL LETTER YOGH
+	{0x021E, 0x021E, prUpper},     // L&       LATIN CAPITAL LETTER H WITH CARON
+	{0x021F, 0x021F, prLower},     // L&       LATIN SMALL LETTER H WITH CARON
+	{0x0220, 0x0220, prUpper},     // L&       LATIN CAPITAL LETTER N WITH LONG RIGHT LEG
+	{0x0221, 0x0221, prLower},     // L&       LATIN SMALL LETTER D WITH CURL
+	{0x0222, 0x0222, prUpper},     // L&       LATIN CAPITAL LETTER OU
+	{0x0223, 0x0223, prLower},     // L&       LATIN SMALL LETTER OU
+	{0x0224, 0x0224, prUpper},     // L&       LATIN CAPITAL LETTER Z WITH HOOK
+	{0x0225, 0x0225, prLower},     // L&       LATIN SMALL LETTER Z WITH HOOK
+	{0x0226, 0x0226, prUpper},     // L&       LATIN CAPITAL LETTER A WITH DOT ABOVE
+	{0x0227, 0x0227, prLower},     // L&       LATIN SMALL LETTER A WITH DOT ABOVE
+	{0x0228, 0x0228, prUpper},     // L&       LATIN CAPITAL LETTER E WITH CEDILLA
+	{0x0229, 0x0229, prLower},     // L&       LATIN SMALL LETTER E WITH CEDILLA
+	{0x022A, 0x022A, prUpper},     // L&       LATIN CAPITAL LETTER O WITH DIAERESIS AND MACRON
+	{0x022B, 0x022B, prLower},     // L&       LATIN SMALL LETTER O WITH DIAERESIS AND MACRON
+	{0x022C, 0x022C, prUpper},     // L&       LATIN CAPITAL LETTER O WITH TILDE AND MACRON
+	{0x022D, 0x022D, prLower},     // L&       LATIN SMALL LETTER O WITH TILDE AND MACRON
+	{0x022E, 0x022E, prUpper},     // L&       LATIN CAPITAL LETTER O WITH DOT ABOVE
+	{0x022F, 0x022F, prLower},     // L&       LATIN SMALL LETTER O WITH DOT ABOVE
+	{0x0230, 0x0230, prUpper},     // L&       LATIN CAPITAL LETTER O WITH DOT ABOVE AND MACRON
+	{0x0231, 0x0231, prLower},     // L&       LATIN SMALL LETTER O WITH DOT ABOVE AND MACRON
+	{0x0232, 0x0232, prUpper},     // L&       LATIN CAPITAL LETTER Y WITH MACRON
+	{0x0233, 0x0239, prLower},     // L&   [7] LATIN SMALL LETTER Y WITH MACRON..LATIN SMALL LETTER QP DIGRAPH
+	{0x023A, 0x023B, prUpper},     // L&   [2] LATIN CAPITAL LETTER A WITH STROKE..LATIN CAPITAL LETTER C WITH STROKE
+	{0x023C, 0x023C, prLower},     // L&       LATIN SMALL LETTER C WITH STROKE
+	{0x023D, 0x023E, prUpper},     // L&   [2] LATIN CAPITAL LETTER L WITH BAR..LATIN CAPITAL LETTER T WITH DIAGONAL STROKE
+	{0x023F, 0x0240, prLower},     // L&   [2] LATIN SMALL LETTER S WITH SWASH TAIL..LATIN SMALL LETTER Z WITH SWASH TAIL
+	{0x0241, 0x0241, prUpper},     // L&       LATIN CAPITAL LETTER GLOTTAL STOP
+	{0x0242, 0x0242, prLower},     // L&       LATIN SMALL LETTER GLOTTAL STOP
+	{0x0243, 0x0246, prUpper},     // L&   [4] LATIN CAPITAL LETTER B WITH STROKE..LATIN CAPITAL LETTER E WITH STROKE
+	{0x0247, 0x0247, prLower},     // L&       LATIN SMALL LETTER E WITH STROKE
+	{0x0248, 0x0248, prUpper},     // L&       LATIN CAPITAL LETTER J WITH STROKE
+	{0x0249, 0x0249, prLower},     // L&       LATIN SMALL LETTER J WITH STROKE
+	{0x024A, 0x024A, prUpper},     // L&       LATIN CAPITAL LETTER SMALL Q WITH HOOK TAIL
+	{0x024B, 0x024B, prLower},     // L&       LATIN SMALL LETTER Q WITH HOOK TAIL
+	{0x024C, 0x024C, prUpper},     // L&       LATIN CAPITAL LETTER R WITH STROKE
+	{0x024D, 0x024D, prLower},     // L&       LATIN SMALL LETTER R WITH STROKE
+	{0x024E, 0x024E, prUpper},     // L&       LATIN CAPITAL LETTER Y WITH STROKE
+	{0x024F, 0x0293, prLower},     // L&  [69] LATIN SMALL LETTER Y WITH STROKE..LATIN SMALL LETTER EZH WITH CURL
+	{0x0294, 0x0294, prOLetter},   // Lo       LATIN LETTER GLOTTAL STOP
+	{0x0295, 0x02AF, prLower},     // L&  [27] LATIN LETTER PHARYNGEAL VOICED FRICATIVE..LATIN SMALL LETTER TURNED H WITH FISHHOOK AND TAIL
+	{0x02B0, 0x02B8, prLower},     // Lm   [9] MODIFIER LETTER SMALL H..MODIFIER LETTER SMALL Y
+	{0x02B9, 0x02BF, prOLetter},   // Lm   [7] MODIFIER LETTER PRIME..MODIFIER LETTER LEFT HALF RING
+	{0x02C0, 0x02C1, prLower},     // Lm   [2] MODIFIER LETTER GLOTTAL STOP..MODIFIER LETTER REVERSED GLOTTAL STOP
+	{0x02C6, 0x02D1, prOLetter},   // Lm  [12] MODIFIER LETTER CIRCUMFLEX ACCENT..MODIFIER LETTER HALF TRIANGULAR COLON
+	{0x02E0, 0x02E4, prLower},     // Lm   [5] MODIFIER LETTER SMALL GAMMA..MODIFIER LETTER SMALL REVERSED GLOTTAL STOP
+	{0x02EC, 0x02EC, prOLetter},   // Lm       MODIFIER LETTER VOICING
+	{0x02EE, 0x02EE, prOLetter},   // Lm       MODIFIER LETTER DOUBLE APOSTROPHE
+	{0x0300, 0x036F, prExtend},    // Mn [112] COMBINING GRAVE ACCENT..COMBINING LATIN SMALL LETTER X
+	{0x0370, 0x0370, prUpper},     // L&       GREEK CAPITAL LETTER HETA
+	{0x0371, 0x0371, prLower},     // L&       GREEK SMALL LETTER HETA
+	{0x0372, 0x0372, prUpper},     // L&       GREEK CAPITAL LETTER ARCHAIC SAMPI
+	{0x0373, 0x0373, prLower},     // L&       GREEK SMALL LETTER ARCHAIC SAMPI
+	{0x0374, 0x0374, prOLetter},   // Lm       GREEK NUMERAL SIGN
+	{0x0376, 0x0376, prUpper},     // L&       GREEK CAPITAL LETTER PAMPHYLIAN DIGAMMA
+	{0x0377, 0x0377, prLower},     // L&       GREEK SMALL LETTER PAMPHYLIAN DIGAMMA
+	{0x037A, 0x037A, prLower},     // Lm       GREEK YPOGEGRAMMENI
+	{0x037B, 0x037D, prLower},     // L&   [3] GREEK SMALL REVERSED LUNATE SIGMA SYMBOL..GREEK SMALL REVERSED DOTTED LUNATE SIGMA SYMBOL
+	{0x037F, 0x037F, prUpper},     // L&       GREEK CAPITAL LETTER YOT
+	{0x0386, 0x0386, prUpper},     // L&       GREEK CAPITAL LETTER ALPHA WITH TONOS
+	{0x0388, 0x038A, prUpper},     // L&   [3] GREEK CAPITAL LETTER EPSILON WITH TONOS..GREEK CAPITAL LETTER IOTA WITH TONOS
+	{0x038C, 0x038C, prUpper},     // L&       GREEK CAPITAL LETTER OMICRON WITH TONOS
+	{0x038E, 0x038F, prUpper},     // L&   [2] GREEK CAPITAL LETTER UPSILON WITH TONOS..GREEK CAPITAL LETTER OMEGA WITH TONOS
+	{0x0390, 0x0390, prLower},     // L&       GREEK SMALL LETTER IOTA WITH DIALYTIKA AND TONOS
+	{0x0391, 0x03A1, prUpper},     // L&  [17] GREEK CAPITAL LETTER ALPHA..GREEK CAPITAL LETTER RHO
+	{0x03A3, 0x03AB, prUpper},     // L&   [9] GREEK CAPITAL LETTER SIGMA..GREEK CAPITAL LETTER UPSILON WITH DIALYTIKA
+	{0x03AC, 0x03CE, prLower},     // L&  [35] GREEK SMALL LETTER ALPHA WITH TONOS..GREEK SMALL LETTER OMEGA WITH TONOS
+	{0x03CF, 0x03CF, prUpper},     // L&       GREEK CAPITAL KAI SYMBOL
+	{0x03D0, 0x03D1, prLower},     // L&   [2] GREEK BETA SYMBOL..GREEK THETA SYMBOL
+	{0x03D2, 0x03D4, prUpper},     // L&   [3] GREEK UPSILON WITH HOOK SYMBOL..GREEK UPSILON WITH DIAERESIS AND HOOK SYMBOL
+	{0x03D5, 0x03D7, prLower},     // L&   [3] GREEK PHI SYMBOL..GREEK KAI SYMBOL
+	{0x03D8, 0x03D8, prUpper},     // L&       GREEK LETTER ARCHAIC KOPPA
+	{0x03D9, 0x03D9, prLower},     // L&       GREEK SMALL LETTER ARCHAIC KOPPA
+	{0x03DA, 0x03DA, prUpper},     // L&       GREEK LETTER STIGMA
+	{0x03DB, 0x03DB, prLower},     // L&       GREEK SMALL LETTER STIGMA
+	{0x03DC, 0x03DC, prUpper},     // L&       GREEK LETTER DIGAMMA
+	{0x03DD, 0x03DD, prLower},     // L&       GREEK SMALL LETTER DIGAMMA
+	{0x03DE, 0x03DE, prUpper},     // L&       GREEK LETTER KOPPA
+	{0x03DF, 0x03DF, prLower},     // L&       GREEK SMALL LETTER KOPPA
+	{0x03E0, 0x03E0, prUpper},     // L&       GREEK LETTER SAMPI
+	{0x03E1, 0x03E1, prLower},     // L&       GREEK SMALL LETTER SAMPI
+	{0x03E2, 0x03E2, prUpper},     // L&       COPTIC CAPITAL LETTER SHEI
+	{0x03E3, 0x03E3, prLower},     // L&       COPTIC SMALL LETTER SHEI
+	{0x03E4, 0x03E4, prUpper},     // L&       COPTIC CAPITAL LETTER FEI
+	{0x03E5, 0x03E5, prLower},     // L&       COPTIC SMALL LETTER FEI
+	{0x03E6, 0x03E6, prUpper},     // L&       COPTIC CAPITAL LETTER KHEI
+	{0x03E7, 0x03E7, prLower},     // L&       COPTIC SMALL LETTER KHEI
+	{0x03E8, 0x03E8, prUpper},     // L&       COPTIC CAPITAL LETTER HORI
+	{0x03E9, 0x03E9, prLower},     // L&       COPTIC SMALL LETTER HORI
+	{0x03EA, 0x03EA, prUpper},     // L&       COPTIC CAPITAL LETTER GANGIA
+	{0x03EB, 0x03EB, prLower},     // L&       COPTIC SMALL LETTER GANGIA
+	{0x03EC, 0x03EC, prUpper},     // L&       COPTIC CAPITAL LETTER SHIMA
+	{0x03ED, 0x03ED, prLower},     // L&       COPTIC SMALL LETTER SHIMA
+	{0x03EE, 0x03EE, prUpper},     // L&       COPTIC CAPITAL LETTER DEI
+	{0x03EF, 0x03F3, prLower},     // L&   [5] COPTIC SMALL LETTER DEI..GREEK LETTER YOT
+	{0x03F4, 0x03F4, prUpper},     // L&       GREEK CAPITAL THETA SYMBOL
+	{0x03F5, 0x03F5, prLower},     // L&       GREEK LUNATE EPSILON SYMBOL
+	{0x03F7, 0x03F7, prUpper},     // L&       GREEK CAPITAL LETTER SHO
+	{0x03F8, 0x03F8, prLower},     // L&       GREEK SMALL LETTER SHO
+	{0x03F9, 0x03FA, prUpper},     // L&   [2] GREEK CAPITAL LUNATE SIGMA SYMBOL..GREEK CAPITAL LETTER SAN
+	{0x03FB, 0x03FC, prLower},     // L&   [2] GREEK SMALL LETTER SAN..GREEK RHO WITH STROKE SYMBOL
+	{0x03FD, 0x042F, prUpper},     // L&  [51] GREEK CAPITAL REVERSED LUNATE SIGMA SYMBOL..CYRILLIC CAPITAL LETTER YA
+	{0x0430, 0x045F, prLower},     // L&  [48] CYRILLIC SMALL LETTER A..CYRILLIC SMALL LETTER DZHE
+	{0x0460, 0x0460, prUpper},     // L&       CYRILLIC CAPITAL LETTER OMEGA
+	{0x0461, 0x0461, prLower},     // L&       CYRILLIC SMALL LETTER OMEGA
+	{0x0462, 0x0462, prUpper},     // L&       CYRILLIC CAPITAL LETTER YAT
+	{0x0463, 0x0463, prLower},     // L&       CYRILLIC SMALL LETTER YAT
+	{0x0464, 0x0464, prUpper},     // L&       CYRILLIC CAPITAL LETTER IOTIFIED E
+	{0x0465, 0x0465, prLower},     // L&       CYRILLIC SMALL LETTER IOTIFIED E
+	{0x0466, 0x0466, prUpper},     // L&       CYRILLIC CAPITAL LETTER LITTLE YUS
+	{0x0467, 0x0467, prLower},     // L&       CYRILLIC SMALL LETTER LITTLE YUS
+	{0x0468, 0x0468, prUpper},     // L&       CYRILLIC CAPITAL LETTER IOTIFIED LITTLE YUS
+	{0x0469, 0x0469, prLower},     // L&       CYRILLIC SMALL LETTER IOTIFIED LITTLE YUS
+	{0x046A, 0x046A, prUpper},     // L&       CYRILLIC CAPITAL LETTER BIG YUS
+	{0x046B, 0x046B, prLower},     // L&       CYRILLIC SMALL LETTER BIG YUS
+	{0x046C, 0x046C, prUpper},     // L&       CYRILLIC CAPITAL LETTER IOTIFIED BIG YUS
+	{0x046D, 0x046D, prLower},     // L&       CYRILLIC SMALL LETTER IOTIFIED BIG YUS
+	{0x046E, 0x046E, prUpper},     // L&       CYRILLIC CAPITAL LETTER KSI
+	{0x046F, 0x046F, prLower},     // L&       CYRILLIC SMALL LETTER KSI
+	{0x0470, 0x0470, prUpper},     // L&       CYRILLIC CAPITAL LETTER PSI
+	{0x0471, 0x0471, prLower},     // L&       CYRILLIC SMALL LETTER PSI
+	{0x0472, 0x0472, prUpper},     // L&       CYRILLIC CAPITAL LETTER FITA
+	{0x0473, 0x0473, prLower},     // L&       CYRILLIC SMALL LETTER FITA
+	{0x0474, 0x0474, prUpper},     // L&       CYRILLIC CAPITAL LETTER IZHITSA
+	{0x0475, 0x0475, prLower},     // L&       CYRILLIC SMALL LETTER IZHITSA
+	{0x0476, 0x0476, prUpper},     // L&       CYRILLIC CAPITAL LETTER IZHITSA WITH DOUBLE GRAVE ACCENT
+	{0x0477, 0x0477, prLower},     // L&       CYRILLIC SMALL LETTER IZHITSA WITH DOUBLE GRAVE ACCENT
+	{0x0478, 0x0478, prUpper},     // L&       CYRILLIC CAPITAL LETTER UK
+	{0x0479, 0x0479, prLower},     // L&       CYRILLIC SMALL LETTER UK
+	{0x047A, 0x047A, prUpper},     // L&       CYRILLIC CAPITAL LETTER ROUND OMEGA
+	{0x047B, 0x047B, prLower},     // L&       CYRILLIC SMALL LETTER ROUND OMEGA
+	{0x047C, 0x047C, prUpper},     // L&       CYRILLIC CAPITAL LETTER OMEGA WITH TITLO
+	{0x047D, 0x047D, prLower},     // L&       CYRILLIC SMALL LETTER OMEGA WITH TITLO
+	{0x047E, 0x047E, prUpper},     // L&       CYRILLIC CAPITAL LETTER OT
+	{0x047F, 0x047F, prLower},     // L&       CYRILLIC SMALL LETTER OT
+	{0x0480, 0x0480, prUpper},     // L&       CYRILLIC CAPITAL LETTER KOPPA
+	{0x0481, 0x0481, prLower},     // L&       CYRILLIC SMALL LETTER KOPPA
+	{0x0483, 0x0487, prExtend},    // Mn   [5] COMBINING CYRILLIC TITLO..COMBINING CYRILLIC POKRYTIE
+	{0x0488, 0x0489, prExtend},    // Me   [2] COMBINING CYRILLIC HUNDRED THOUSANDS SIGN..COMBINING CYRILLIC MILLIONS SIGN
+	{0x048A, 0x048A, prUpper},     // L&       CYRILLIC CAPITAL LETTER SHORT I WITH TAIL
+	{0x048B, 0x048B, prLower},     // L&       CYRILLIC SMALL LETTER SHORT I WITH TAIL
+	{0x048C, 0x048C, prUpper},     // L&       CYRILLIC CAPITAL LETTER SEMISOFT SIGN
+	{0x048D, 0x048D, prLower},     // L&       CYRILLIC SMALL LETTER SEMISOFT SIGN
+	{0x048E, 0x048E, prUpper},     // L&       CYRILLIC CAPITAL LETTER ER WITH TICK
+	{0x048F, 0x048F, prLower},     // L&       CYRILLIC SMALL LETTER ER WITH TICK
+	{0x0490, 0x0490, prUpper},     // L&       CYRILLIC CAPITAL LETTER GHE WITH UPTURN
+	{0x0491, 0x0491, prLower},     // L&       CYRILLIC SMALL LETTER GHE WITH UPTURN
+	{0x0492, 0x0492, prUpper},     // L&       CYRILLIC CAPITAL LETTER GHE WITH STROKE
+	{0x0493, 0x0493, prLower},     // L&       CYRILLIC SMALL LETTER GHE WITH STROKE
+	{0x0494, 0x0494, prUpper},     // L&       CYRILLIC CAPITAL LETTER GHE WITH MIDDLE HOOK
+	{0x0495, 0x0495, prLower},     // L&       CYRILLIC SMALL LETTER GHE WITH MIDDLE HOOK
+	{0x0496, 0x0496, prUpper},     // L&       CYRILLIC CAPITAL LETTER ZHE WITH DESCENDER
+	{0x0497, 0x0497, prLower},     // L&       CYRILLIC SMALL LETTER ZHE WITH DESCENDER
+	{0x0498, 0x0498, prUpper},     // L&       CYRILLIC CAPITAL LETTER ZE WITH DESCENDER
+	{0x0499, 0x0499, prLower},     // L&       CYRILLIC SMALL LETTER ZE WITH DESCENDER
+	{0x049A, 0x049A, prUpper},     // L&       CYRILLIC CAPITAL LETTER KA WITH DESCENDER
+	{0x049B, 0x049B, prLower},     // L&       CYRILLIC SMALL LETTER KA WITH DESCENDER
+	{0x049C, 0x049C, prUpper},     // L&       CYRILLIC CAPITAL LETTER KA WITH VERTICAL STROKE
+	{0x049D, 0x049D, prLower},     // L&       CYRILLIC SMALL LETTER KA WITH VERTICAL STROKE
+	{0x049E, 0x049E, prUpper},     // L&       CYRILLIC CAPITAL LETTER KA WITH STROKE
+	{0x049F, 0x049F, prLower},     // L&       CYRILLIC SMALL LETTER KA WITH STROKE
+	{0x04A0, 0x04A0, prUpper},     // L&       CYRILLIC CAPITAL LETTER BASHKIR KA
+	{0x04A1, 0x04A1, prLower},     // L&       CYRILLIC SMALL LETTER BASHKIR KA
+	{0x04A2, 0x04A2, prUpper},     // L&       CYRILLIC CAPITAL LETTER EN WITH DESCENDER
+	{0x04A3, 0x04A3, prLower},     // L&       CYRILLIC SMALL LETTER EN WITH DESCENDER
+	{0x04A4, 0x04A4, prUpper},     // L&       CYRILLIC CAPITAL LIGATURE EN GHE
+	{0x04A5, 0x04A5, prLower},     // L&       CYRILLIC SMALL LIGATURE EN GHE
+	{0x04A6, 0x04A6, prUpper},     // L&       CYRILLIC CAPITAL LETTER PE WITH MIDDLE HOOK
+	{0x04A7, 0x04A7, prLower},     // L&       CYRILLIC SMALL LETTER PE WITH MIDDLE HOOK
+	{0x04A8, 0x04A8, prUpper},     // L&       CYRILLIC CAPITAL LETTER ABKHASIAN HA
+	{0x04A9, 0x04A9, prLower},     // L&       CYRILLIC SMALL LETTER ABKHASIAN HA
+	{0x04AA, 0x04AA, prUpper},     // L&       CYRILLIC CAPITAL LETTER ES WITH DESCENDER
+	{0x04AB, 0x04AB, prLower},     // L&       CYRILLIC SMALL LETTER ES WITH DESCENDER
+	{0x04AC, 0x04AC, prUpper},     // L&       CYRILLIC CAPITAL LETTER TE WITH DESCENDER
+	{0x04AD, 0x04AD, prLower},     // L&       CYRILLIC SMALL LETTER TE WITH DESCENDER
+	{0x04AE, 0x04AE, prUpper},     // L&       CYRILLIC CAPITAL LETTER STRAIGHT U
+	{0x04AF, 0x04AF, prLower},     // L&       CYRILLIC SMALL LETTER STRAIGHT U
+	{0x04B0, 0x04B0, prUpper},     // L&       CYRILLIC CAPITAL LETTER STRAIGHT U WITH STROKE
+	{0x04B1, 0x04B1, prLower},     // L&       CYRILLIC SMALL LETTER STRAIGHT U WITH STROKE
+	{0x04B2, 0x04B2, prUpper},     // L&       CYRILLIC CAPITAL LETTER HA WITH DESCENDER
+	{0x04B3, 0x04B3, prLower},     // L&       CYRILLIC SMALL LETTER HA WITH DESCENDER
+	{0x04B4, 0x04B4, prUpper},     // L&       CYRILLIC CAPITAL LIGATURE TE TSE
+	{0x04B5, 0x04B5, prLower},     // L&       CYRILLIC SMALL LIGATURE TE TSE
+	{0x04B6, 0x04B6, prUpper},     // L&       CYRILLIC CAPITAL LETTER CHE WITH DESCENDER
+	{0x04B7, 0x04B7, prLower},     // L&       CYRILLIC SMALL LETTER CHE WITH DESCENDER
+	{0x04B8, 0x04B8, prUpper},     // L&       CYRILLIC CAPITAL LETTER CHE WITH VERTICAL STROKE
+	{0x04B9, 0x04B9, prLower},     // L&       CYRILLIC SMALL LETTER CHE WITH VERTICAL STROKE
+	{0x04BA, 0x04BA, prUpper},     // L&       CYRILLIC CAPITAL LETTER SHHA
+	{0x04BB, 0x04BB, prLower},     // L&       CYRILLIC SMALL LETTER SHHA
+	{0x04BC, 0x04BC, prUpper},     // L&       CYRILLIC CAPITAL LETTER ABKHASIAN CHE
+	{0x04BD, 0x04BD, prLower},     // L&       CYRILLIC SMALL LETTER ABKHASIAN CHE
+	{0x04BE, 0x04BE, prUpper},     // L&       CYRILLIC CAPITAL LETTER ABKHASIAN CHE WITH DESCENDER
+	{0x04BF, 0x04BF, prLower},     // L&       CYRILLIC SMALL LETTER ABKHASIAN CHE WITH DESCENDER
+	{0x04C0, 0x04C1, prUpper},     // L&   [2] CYRILLIC LETTER PALOCHKA..CYRILLIC CAPITAL LETTER ZHE WITH BREVE
+	{0x04C2, 0x04C2, prLower},     // L&       CYRILLIC SMALL LETTER ZHE WITH BREVE
+	{0x04C3, 0x04C3, prUpper},     // L&       CYRILLIC CAPITAL LETTER KA WITH HOOK
+	{0x04C4, 0x04C4, prLower},     // L&       CYRILLIC SMALL LETTER KA WITH HOOK
+	{0x04C5, 0x04C5, prUpper},     // L&       CYRILLIC CAPITAL LETTER EL WITH TAIL
+	{0x04C6, 0x04C6, prLower},     // L&       CYRILLIC SMALL LETTER EL WITH TAIL
+	{0x04C7, 0x04C7, prUpper},     // L&       CYRILLIC CAPITAL LETTER EN WITH HOOK
+	{0x04C8, 0x04C8, prLower},     // L&       CYRILLIC SMALL LETTER EN WITH HOOK
+	{0x04C9, 0x04C9, prUpper},     // L&       CYRILLIC CAPITAL LETTER EN WITH TAIL
+	{0x04CA, 0x04CA, prLower},     // L&       CYRILLIC SMALL LETTER EN WITH TAIL
+	{0x04CB, 0x04CB, prUpper},     // L&       CYRILLIC CAPITAL LETTER KHAKASSIAN CHE
+	{0x04CC, 0x04CC, prLower},     // L&       CYRILLIC SMALL LETTER KHAKASSIAN CHE
+	{0x04CD, 0x04CD, prUpper},     // L&       CYRILLIC CAPITAL LETTER EM WITH TAIL
+	{0x04CE, 0x04CF, prLower},     // L&   [2] CYRILLIC SMALL LETTER EM WITH TAIL..CYRILLIC SMALL LETTER PALOCHKA
+	{0x04D0, 0x04D0, prUpper},     // L&       CYRILLIC CAPITAL LETTER A WITH BREVE
+	{0x04D1, 0x04D1, prLower},     // L&       CYRILLIC SMALL LETTER A WITH BREVE
+	{0x04D2, 0x04D2, prUpper},     // L&       CYRILLIC CAPITAL LETTER A WITH DIAERESIS
+	{0x04D3, 0x04D3, prLower},     // L&       CYRILLIC SMALL LETTER A WITH DIAERESIS
+	{0x04D4, 0x04D4, prUpper},     // L&       CYRILLIC CAPITAL LIGATURE A IE
+	{0x04D5, 0x04D5, prLower},     // L&       CYRILLIC SMALL LIGATURE A IE
+	{0x04D6, 0x04D6, prUpper},     // L&       CYRILLIC CAPITAL LETTER IE WITH BREVE
+	{0x04D7, 0x04D7, prLower},     // L&       CYRILLIC SMALL LETTER IE WITH BREVE
+	{0x04D8, 0x04D8, prUpper},     // L&       CYRILLIC CAPITAL LETTER SCHWA
+	{0x04D9, 0x04D9, prLower},     // L&       CYRILLIC SMALL LETTER SCHWA
+	{0x04DA, 0x04DA, prUpper},     // L&       CYRILLIC CAPITAL LETTER SCHWA WITH DIAERESIS
+	{0x04DB, 0x04DB, prLower},     // L&       CYRILLIC SMALL LETTER SCHWA WITH DIAERESIS
+	{0x04DC, 0x04DC, prUpper},     // L&       CYRILLIC CAPITAL LETTER ZHE WITH DIAERESIS
+	{0x04DD, 0x04DD, prLower},     // L&       CYRILLIC SMALL LETTER ZHE WITH DIAERESIS
+	{0x04DE, 0x04DE, prUpper},     // L&       CYRILLIC CAPITAL LETTER ZE WITH DIAERESIS
+	{0x04DF, 0x04DF, prLower},     // L&       CYRILLIC SMALL LETTER ZE WITH DIAERESIS
+	{0x04E0, 0x04E0, prUpper},     // L&       CYRILLIC CAPITAL LETTER ABKHASIAN DZE
+	{0x04E1, 0x04E1, prLower},     // L&       CYRILLIC SMALL LETTER ABKHASIAN DZE
+	{0x04E2, 0x04E2, prUpper},     // L&       CYRILLIC CAPITAL LETTER I WITH MACRON
+	{0x04E3, 0x04E3, prLower},     // L&       CYRILLIC SMALL LETTER I WITH MACRON
+	{0x04E4, 0x04E4, prUpper},     // L&       CYRILLIC CAPITAL LETTER I WITH DIAERESIS
+	{0x04E5, 0x04E5, prLower},     // L&       CYRILLIC SMALL LETTER I WITH DIAERESIS
+	{0x04E6, 0x04E6, prUpper},     // L&       CYRILLIC CAPITAL LETTER O WITH DIAERESIS
+	{0x04E7, 0x04E7, prLower},     // L&       CYRILLIC SMALL LETTER O WITH DIAERESIS
+	{0x04E8, 0x04E8, prUpper},     // L&       CYRILLIC CAPITAL LETTER BARRED O
+	{0x04E9, 0x04E9, prLower},     // L&       CYRILLIC SMALL LETTER BARRED O
+	{0x04EA, 0x04EA, prUpper},     // L&       CYRILLIC CAPITAL LETTER BARRED O WITH DIAERESIS
+	{0x04EB, 0x04EB, prLower},     // L&       CYRILLIC SMALL LETTER BARRED O WITH DIAERESIS
+	{0x04EC, 0x04EC, prUpper},     // L&       CYRILLIC CAPITAL LETTER E WITH DIAERESIS
+	{0x04ED, 0x04ED, prLower},     // L&       CYRILLIC SMALL LETTER E WITH DIAERESIS
+	{0x04EE, 0x04EE, prUpper},     // L&       CYRILLIC CAPITAL LETTER U WITH MACRON
+	{0x04EF, 0x04EF, prLower},     // L&       CYRILLIC SMALL LETTER U WITH MACRON
+	{0x04F0, 0x04F0, prUpper},     // L&       CYRILLIC CAPITAL LETTER U WITH DIAERESIS
+	{0x04F1, 0x04F1, prLower},     // L&       CYRILLIC SMALL LETTER U WITH DIAERESIS
+	{0x04F2, 0x04F2, prUpper},     // L&       CYRILLIC CAPITAL LETTER U WITH DOUBLE ACUTE
+	{0x04F3, 0x04F3, prLower},     // L&       CYRILLIC SMALL LETTER U WITH DOUBLE ACUTE
+	{0x04F4, 0x04F4, prUpper},     // L&       CYRILLIC CAPITAL LETTER CHE WITH DIAERESIS
+	{0x04F5, 0x04F5, prLower},     // L&       CYRILLIC SMALL LETTER CHE WITH DIAERESIS
+	{0x04F6, 0x04F6, prUpper},     // L&       CYRILLIC CAPITAL LETTER GHE WITH DESCENDER
+	{0x04F7, 0x04F7, prLower},     // L&       CYRILLIC SMALL LETTER GHE WITH DESCENDER
+	{0x04F8, 0x04F8, prUpper},     // L&       CYRILLIC CAPITAL LETTER YERU WITH DIAERESIS
+	{0x04F9, 0x04F9, prLower},     // L&       CYRILLIC SMALL LETTER YERU WITH DIAERESIS
+	{0x04FA, 0x04FA, prUpper},     // L&       CYRILLIC CAPITAL LETTER GHE WITH STROKE AND HOOK
+	{0x04FB, 0x04FB, prLower},     // L&       CYRILLIC SMALL LETTER GHE WITH STROKE AND HOOK
+	{0x04FC, 0x04FC, prUpper},     // L&       CYRILLIC CAPITAL LETTER HA WITH HOOK
+	{0x04FD, 0x04FD, prLower},     // L&       CYRILLIC SMALL LETTER HA WITH HOOK
+	{0x04FE, 0x04FE, prUpper},     // L&       CYRILLIC CAPITAL LETTER HA WITH STROKE
+	{0x04FF, 0x04FF, prLower},     // L&       CYRILLIC SMALL LETTER HA WITH STROKE
+	{0x0500, 0x0500, prUpper},     // L&       CYRILLIC CAPITAL LETTER KOMI DE
+	{0x0501, 0x0501, prLower},     // L&       CYRILLIC SMALL LETTER KOMI DE
+	{0x0502, 0x0502, prUpper},     // L&       CYRILLIC CAPITAL LETTER KOMI DJE
+	{0x0503, 0x0503, prLower},     // L&       CYRILLIC SMALL LETTER KOMI DJE
+	{0x0504, 0x0504, prUpper},     // L&       CYRILLIC CAPITAL LETTER KOMI ZJE
+	{0x0505, 0x0505, prLower},     // L&       CYRILLIC SMALL LETTER KOMI ZJE
+	{0x0506, 0x0506, prUpper},     // L&       CYRILLIC CAPITAL LETTER KOMI DZJE
+	{0x0507, 0x0507, prLower},     // L&       CYRILLIC SMALL LETTER KOMI DZJE
+	{0x0508, 0x0508, prUpper},     // L&       CYRILLIC CAPITAL LETTER KOMI LJE
+	{0x0509, 0x0509, prLower},     // L&       CYRILLIC SMALL LETTER KOMI LJE
+	{0x050A, 0x050A, prUpper},     // L&       CYRILLIC CAPITAL LETTER KOMI NJE
+	{0x050B, 0x050B, prLower},     // L&       CYRILLIC SMALL LETTER KOMI NJE
+	{0x050C, 0x050C, prUpper},     // L&       CYRILLIC CAPITAL LETTER KOMI SJE
+	{0x050D, 0x050D, prLower},     // L&       CYRILLIC SMALL LETTER KOMI SJE
+	{0x050E, 0x050E, prUpper},     // L&       CYRILLIC CAPITAL LETTER KOMI TJE
+	{0x050F, 0x050F, prLower},     // L&       CYRILLIC SMALL LETTER KOMI TJE
+	{0x0510, 0x0510, prUpper},     // L&       CYRILLIC CAPITAL LETTER REVERSED ZE
+	{0x0511, 0x0511, prLower},     // L&       CYRILLIC SMALL LETTER REVERSED ZE
+	{0x0512, 0x0512, prUpper},     // L&       CYRILLIC CAPITAL LETTER EL WITH HOOK
+	{0x0513, 0x0513, prLower},     // L&       CYRILLIC SMALL LETTER EL WITH HOOK
+	{0x0514, 0x0514, prUpper},     // L&       CYRILLIC CAPITAL LETTER LHA
+	{0x0515, 0x0515, prLower},     // L&       CYRILLIC SMALL LETTER LHA
+	{0x0516, 0x0516, prUpper},     // L&       CYRILLIC CAPITAL LETTER RHA
+	{0x0517, 0x0517, prLower},     // L&       CYRILLIC SMALL LETTER RHA
+	{0x0518, 0x0518, prUpper},     // L&       CYRILLIC CAPITAL LETTER YAE
+	{0x0519, 0x0519, prLower},     // L&       CYRILLIC SMALL LETTER YAE
+	{0x051A, 0x051A, prUpper},     // L&       CYRILLIC CAPITAL LETTER QA
+	{0x051B, 0x051B, prLower},     // L&       CYRILLIC SMALL LETTER QA
+	{0x051C, 0x051C, prUpper},     // L&       CYRILLIC CAPITAL LETTER WE
+	{0x051D, 0x051D, prLower},     // L&       CYRILLIC SMALL LETTER WE
+	{0x051E, 0x051E, prUpper},     // L&       CYRILLIC CAPITAL LETTER ALEUT KA
+	{0x051F, 0x051F, prLower},     // L&       CYRILLIC SMALL LETTER ALEUT KA
+	{0x0520, 0x0520, prUpper},     // L&       CYRILLIC CAPITAL LETTER EL WITH MIDDLE HOOK
+	{0x0521, 0x0521, prLower},     // L&       CYRILLIC SMALL LETTER EL WITH MIDDLE HOOK
+	{0x0522, 0x0522, prUpper},     // L&       CYRILLIC CAPITAL LETTER EN WITH MIDDLE HOOK
+	{0x0523, 0x0523, prLower},     // L&       CYRILLIC SMALL LETTER EN WITH MIDDLE HOOK
+	{0x0524, 0x0524, prUpper},     // L&       CYRILLIC CAPITAL LETTER PE WITH DESCENDER
+	{0x0525, 0x0525, prLower},     // L&       CYRILLIC SMALL LETTER PE WITH DESCENDER
+	{0x0526, 0x0526, prUpper},     // L&       CYRILLIC CAPITAL LETTER SHHA WITH DESCENDER
+	{0x0527, 0x0527, prLower},     // L&       CYRILLIC SMALL LETTER SHHA WITH DESCENDER
+	{0x0528, 0x0528, prUpper},     // L&       CYRILLIC CAPITAL LETTER EN WITH LEFT HOOK
+	{0x0529, 0x0529, prLower},     // L&       CYRILLIC SMALL LETTER EN WITH LEFT HOOK
+	{0x052A, 0x052A, prUpper},     // L&       CYRILLIC CAPITAL LETTER DZZHE
+	{0x052B, 0x052B, prLower},     // L&       CYRILLIC SMALL LETTER DZZHE
+	{0x052C, 0x052C, prUpper},     // L&       CYRILLIC CAPITAL LETTER DCHE
+	{0x052D, 0x052D, prLower},     // L&       CYRILLIC SMALL LETTER DCHE
+	{0x052E, 0x052E, prUpper},     // L&       CYRILLIC CAPITAL LETTER EL WITH DESCENDER
+	{0x052F, 0x052F, prLower},     // L&       CYRILLIC SMALL LETTER EL WITH DESCENDER
+	{0x0531, 0x0556, prUpper},     // L&  [38] ARMENIAN CAPITAL LETTER AYB..ARMENIAN CAPITAL LETTER FEH
+	{0x0559, 0x0559, prOLetter},   // Lm       ARMENIAN MODIFIER LETTER LEFT HALF RING
+	{0x055D, 0x055D, prSContinue}, // Po       ARMENIAN COMMA
+	{0x0560, 0x0588, prLower},     // L&  [41] ARMENIAN SMALL LETTER TURNED AYB..ARMENIAN SMALL LETTER YI WITH STROKE
+	{0x0589, 0x0589, prSTerm},     // Po       ARMENIAN FULL STOP
+	{0x0591, 0x05BD, prExtend},    // Mn  [45] HEBREW ACCENT ETNAHTA..HEBREW POINT METEG
+	{0x05BF, 0x05BF, prExtend},    // Mn       HEBREW POINT RAFE
+	{0x05C1, 0x05C2, prExtend},    // Mn   [2] HEBREW POINT SHIN DOT..HEBREW POINT SIN DOT
+	{0x05C4, 0x05C5, prExtend},    // Mn   [2] HEBREW MARK UPPER DOT..HEBREW MARK LOWER DOT
+	{0x05C7, 0x05C7, prExtend},    // Mn       HEBREW POINT QAMATS QATAN
+	{0x05D0, 0x05EA, prOLetter},   // Lo  [27] HEBREW LETTER ALEF..HEBREW LETTER TAV
+	{0x05EF, 0x05F2, prOLetter},   // Lo   [4] HEBREW YOD TRIANGLE..HEBREW LIGATURE YIDDISH DOUBLE YOD
+	{0x05F3, 0x05F3, prOLetter},   // Po       HEBREW PUNCTUATION GERESH
+	{0x0600, 0x0605, prFormat},    // Cf   [6] ARABIC NUMBER SIGN..ARABIC NUMBER MARK ABOVE
+	{0x060C, 0x060D, prSContinue}, // Po   [2] ARABIC COMMA..ARABIC DATE SEPARATOR
+	{0x0610, 0x061A, prExtend},    // Mn  [11] ARABIC SIGN SALLALLAHOU ALAYHE WASSALLAM..ARABIC SMALL KASRA
+	{0x061C, 0x061C, prFormat},    // Cf       ARABIC LETTER MARK
+	{0x061D, 0x061F, prSTerm},     // Po   [3] ARABIC END OF TEXT MARK..ARABIC QUESTION MARK
+	{0x0620, 0x063F, prOLetter},   // Lo  [32] ARABIC LETTER KASHMIRI YEH..ARABIC LETTER FARSI YEH WITH THREE DOTS ABOVE
+	{0x0640, 0x0640, prOLetter},   // Lm       ARABIC TATWEEL
+	{0x0641, 0x064A, prOLetter},   // Lo  [10] ARABIC LETTER FEH..ARABIC LETTER YEH
+	{0x064B, 0x065F, prExtend},    // Mn  [21] ARABIC FATHATAN..ARABIC WAVY HAMZA BELOW
+	{0x0660, 0x0669, prNumeric},   // Nd  [10] ARABIC-INDIC DIGIT ZERO..ARABIC-INDIC DIGIT NINE
+	{0x066B, 0x066C, prNumeric},   // Po   [2] ARABIC DECIMAL SEPARATOR..ARABIC THOUSANDS SEPARATOR
+	{0x066E, 0x066F, prOLetter},   // Lo   [2] ARABIC LETTER DOTLESS BEH..ARABIC LETTER DOTLESS QAF
+	{0x0670, 0x0670, prExtend},    // Mn       ARABIC LETTER SUPERSCRIPT ALEF
+	{0x0671, 0x06D3, prOLetter},   // Lo  [99] ARABIC LETTER ALEF WASLA..ARABIC LETTER YEH BARREE WITH HAMZA ABOVE
+	{0x06D4, 0x06D4, prSTerm},     // Po       ARABIC FULL STOP
+	{0x06D5, 0x06D5, prOLetter},   // Lo       ARABIC LETTER AE
+	{0x06D6, 0x06DC, prExtend},    // Mn   [7] ARABIC SMALL HIGH LIGATURE SAD WITH LAM WITH ALEF MAKSURA..ARABIC SMALL HIGH SEEN
+	{0x06DD, 0x06DD, prFormat},    // Cf       ARABIC END OF AYAH
+	{0x06DF, 0x06E4, prExtend},    // Mn   [6] ARABIC SMALL HIGH ROUNDED ZERO..ARABIC SMALL HIGH MADDA
+	{0x06E5, 0x06E6, prOLetter},   // Lm   [2] ARABIC SMALL WAW..ARABIC SMALL YEH
+	{0x06E7, 0x06E8, prExtend},    // Mn   [2] ARABIC SMALL HIGH YEH..ARABIC SMALL HIGH NOON
+	{0x06EA, 0x06ED, prExtend},    // Mn   [4] ARABIC EMPTY CENTRE LOW STOP..ARABIC SMALL LOW MEEM
+	{0x06EE, 0x06EF, prOLetter},   // Lo   [2] ARABIC LETTER DAL WITH INVERTED V..ARABIC LETTER REH WITH INVERTED V
+	{0x06F0, 0x06F9, prNumeric},   // Nd  [10] EXTENDED ARABIC-INDIC DIGIT ZERO..EXTENDED ARABIC-INDIC DIGIT NINE
+	{0x06FA, 0x06FC, prOLetter},   // Lo   [3] ARABIC LETTER SHEEN WITH DOT BELOW..ARABIC LETTER GHAIN WITH DOT BELOW
+	{0x06FF, 0x06FF, prOLetter},   // Lo       ARABIC LETTER HEH WITH INVERTED V
+	{0x0700, 0x0702, prSTerm},     // Po   [3] SYRIAC END OF PARAGRAPH..SYRIAC SUBLINEAR FULL STOP
+	{0x070F, 0x070F, prFormat},    // Cf       SYRIAC ABBREVIATION MARK
+	{0x0710, 0x0710, prOLetter},   // Lo       SYRIAC LETTER ALAPH
+	{0x0711, 0x0711, prExtend},    // Mn       SYRIAC LETTER SUPERSCRIPT ALAPH
+	{0x0712, 0x072F, prOLetter},   // Lo  [30] SYRIAC LETTER BETH..SYRIAC LETTER PERSIAN DHALATH
+	{0x0730, 0x074A, prExtend},    // Mn  [27] SYRIAC PTHAHA ABOVE..SYRIAC BARREKH
+	{0x074D, 0x07A5, prOLetter},   // Lo  [89] SYRIAC LETTER SOGDIAN ZHAIN..THAANA LETTER WAAVU
+	{0x07A6, 0x07B0, prExtend},    // Mn  [11] THAANA ABAFILI..THAANA SUKUN
+	{0x07B1, 0x07B1, prOLetter},   // Lo       THAANA LETTER NAA
+	{0x07C0, 0x07C9, prNumeric},   // Nd  [10] NKO DIGIT ZERO..NKO DIGIT NINE
+	{0x07CA, 0x07EA, prOLetter},   // Lo  [33] NKO LETTER A..NKO LETTER JONA RA
+	{0x07EB, 0x07F3, prExtend},    // Mn   [9] NKO COMBINING SHORT HIGH TONE..NKO COMBINING DOUBLE DOT ABOVE
+	{0x07F4, 0x07F5, prOLetter},   // Lm   [2] NKO HIGH TONE APOSTROPHE..NKO LOW TONE APOSTROPHE
+	{0x07F8, 0x07F8, prSContinue}, // Po       NKO COMMA
+	{0x07F9, 0x07F9, prSTerm},     // Po       NKO EXCLAMATION MARK
+	{0x07FA, 0x07FA, prOLetter},   // Lm       NKO LAJANYALAN
+	{0x07FD, 0x07FD, prExtend},    // Mn       NKO DANTAYALAN
+	{0x0800, 0x0815, prOLetter},   // Lo  [22] SAMARITAN LETTER ALAF..SAMARITAN LETTER TAAF
+	{0x0816, 0x0819, prExtend},    // Mn   [4] SAMARITAN MARK IN..SAMARITAN MARK DAGESH
+	{0x081A, 0x081A, prOLetter},   // Lm       SAMARITAN MODIFIER LETTER EPENTHETIC YUT
+	{0x081B, 0x0823, prExtend},    // Mn   [9] SAMARITAN MARK EPENTHETIC YUT..SAMARITAN VOWEL SIGN A
+	{0x0824, 0x0824, prOLetter},   // Lm       SAMARITAN MODIFIER LETTER SHORT A
+	{0x0825, 0x0827, prExtend},    // Mn   [3] SAMARITAN VOWEL SIGN SHORT A..SAMARITAN VOWEL SIGN U
+	{0x0828, 0x0828, prOLetter},   // Lm       SAMARITAN MODIFIER LETTER I
+	{0x0829, 0x082D, prExtend},    // Mn   [5] SAMARITAN VOWEL SIGN LONG I..SAMARITAN MARK NEQUDAA
+	{0x0837, 0x0837, prSTerm},     // Po       SAMARITAN PUNCTUATION MELODIC QITSA
+	{0x0839, 0x0839, prSTerm},     // Po       SAMARITAN PUNCTUATION QITSA
+	{0x083D, 0x083E, prSTerm},     // Po   [2] SAMARITAN PUNCTUATION SOF MASHFAAT..SAMARITAN PUNCTUATION ANNAAU
+	{0x0840, 0x0858, prOLetter},   // Lo  [25] MANDAIC LETTER HALQA..MANDAIC LETTER AIN
+	{0x0859, 0x085B, prExtend},    // Mn   [3] MANDAIC AFFRICATION MARK..MANDAIC GEMINATION MARK
+	{0x0860, 0x086A, prOLetter},   // Lo  [11] SYRIAC LETTER MALAYALAM NGA..SYRIAC LETTER MALAYALAM SSA
+	{0x0870, 0x0887, prOLetter},   // Lo  [24] ARABIC LETTER ALEF WITH ATTACHED FATHA..ARABIC BASELINE ROUND DOT
+	{0x0889, 0x088E, prOLetter},   // Lo   [6] ARABIC LETTER NOON WITH INVERTED SMALL V..ARABIC VERTICAL TAIL
+	{0x0890, 0x0891, prFormat},    // Cf   [2] ARABIC POUND MARK ABOVE..ARABIC PIASTRE MARK ABOVE
+	{0x0898, 0x089F, prExtend},    // Mn   [8] ARABIC SMALL HIGH WORD AL-JUZ..ARABIC HALF MADDA OVER MADDA
+	{0x08A0, 0x08C8, prOLetter},   // Lo  [41] ARABIC LETTER BEH WITH SMALL V BELOW..ARABIC LETTER GRAF
+	{0x08C9, 0x08C9, prOLetter},   // Lm       ARABIC SMALL FARSI YEH
+	{0x08CA, 0x08E1, prExtend},    // Mn  [24] ARABIC SMALL HIGH FARSI YEH..ARABIC SMALL HIGH SIGN SAFHA
+	{0x08E2, 0x08E2, prFormat},    // Cf       ARABIC DISPUTED END OF AYAH
+	{0x08E3, 0x0902, prExtend},    // Mn  [32] ARABIC TURNED DAMMA BELOW..DEVANAGARI SIGN ANUSVARA
+	{0x0903, 0x0903, prExtend},    // Mc       DEVANAGARI SIGN VISARGA
+	{0x0904, 0x0939, prOLetter},   // Lo  [54] DEVANAGARI LETTER SHORT A..DEVANAGARI LETTER HA
+	{0x093A, 0x093A, prExtend},    // Mn       DEVANAGARI VOWEL SIGN OE
+	{0x093B, 0x093B, prExtend},    // Mc       DEVANAGARI VOWEL SIGN OOE
+	{0x093C, 0x093C, prExtend},    // Mn       DEVANAGARI SIGN NUKTA
+	{0x093D, 0x093D, prOLetter},   // Lo       DEVANAGARI SIGN AVAGRAHA
+	{0x093E, 0x0940, prExtend},    // Mc   [3] DEVANAGARI VOWEL SIGN AA..DEVANAGARI VOWEL SIGN II
+	{0x0941, 0x0948, prExtend},    // Mn   [8] DEVANAGARI VOWEL SIGN U..DEVANAGARI VOWEL SIGN AI
+	{0x0949, 0x094C, prExtend},    // Mc   [4] DEVANAGARI VOWEL SIGN CANDRA O..DEVANAGARI VOWEL SIGN AU
+	{0x094D, 0x094D, prExtend},    // Mn       DEVANAGARI SIGN VIRAMA
+	{0x094E, 0x094F, prExtend},    // Mc   [2] DEVANAGARI VOWEL SIGN PRISHTHAMATRA E..DEVANAGARI VOWEL SIGN AW
+	{0x0950, 0x0950, prOLetter},   // Lo       DEVANAGARI OM
+	{0x0951, 0x0957, prExtend},    // Mn   [7] DEVANAGARI STRESS SIGN UDATTA..DEVANAGARI VOWEL SIGN UUE
+	{0x0958, 0x0961, prOLetter},   // Lo  [10] DEVANAGARI LETTER QA..DEVANAGARI LETTER VOCALIC LL
+	{0x0962, 0x0963, prExtend},    // Mn   [2] DEVANAGARI VOWEL SIGN VOCALIC L..DEVANAGARI VOWEL SIGN VOCALIC LL
+	{0x0964, 0x0965, prSTerm},     // Po   [2] DEVANAGARI DANDA..DEVANAGARI DOUBLE DANDA
+	{0x0966, 0x096F, prNumeric},   // Nd  [10] DEVANAGARI DIGIT ZERO..DEVANAGARI DIGIT NINE
+	{0x0971, 0x0971, prOLetter},   // Lm       DEVANAGARI SIGN HIGH SPACING DOT
+	{0x0972, 0x0980, prOLetter},   // Lo  [15] DEVANAGARI LETTER CANDRA A..BENGALI ANJI
+	{0x0981, 0x0981, prExtend},    // Mn       BENGALI SIGN CANDRABINDU
+	{0x0982, 0x0983, prExtend},    // Mc   [2] BENGALI SIGN ANUSVARA..BENGALI SIGN VISARGA
+	{0x0985, 0x098C, prOLetter},   // Lo   [8] BENGALI LETTER A..BENGALI LETTER VOCALIC L
+	{0x098F, 0x0990, prOLetter},   // Lo   [2] BENGALI LETTER E..BENGALI LETTER AI
+	{0x0993, 0x09A8, prOLetter},   // Lo  [22] BENGALI LETTER O..BENGALI LETTER NA
+	{0x09AA, 0x09B0, prOLetter},   // Lo   [7] BENGALI LETTER PA..BENGALI LETTER RA
+	{0x09B2, 0x09B2, prOLetter},   // Lo       BENGALI LETTER LA
+	{0x09B6, 0x09B9, prOLetter},   // Lo   [4] BENGALI LETTER SHA..BENGALI LETTER HA
+	{0x09BC, 0x09BC, prExtend},    // Mn       BENGALI SIGN NUKTA
+	{0x09BD, 0x09BD, prOLetter},   // Lo       BENGALI SIGN AVAGRAHA
+	{0x09BE, 0x09C0, prExtend},    // Mc   [3] BENGALI VOWEL SIGN AA..BENGALI VOWEL SIGN II
+	{0x09C1, 0x09C4, prExtend},    // Mn   [4] BENGALI VOWEL SIGN U..BENGALI VOWEL SIGN VOCALIC RR
+	{0x09C7, 0x09C8, prExtend},    // Mc   [2] BENGALI VOWEL SIGN E..BENGALI VOWEL SIGN AI
+	{0x09CB, 0x09CC, prExtend},    // Mc   [2] BENGALI VOWEL SIGN O..BENGALI VOWEL SIGN AU
+	{0x09CD, 0x09CD, prExtend},    // Mn       BENGALI SIGN VIRAMA
+	{0x09CE, 0x09CE, prOLetter},   // Lo       BENGALI LETTER KHANDA TA
+	{0x09D7, 0x09D7, prExtend},    // Mc       BENGALI AU LENGTH MARK
+	{0x09DC, 0x09DD, prOLetter},   // Lo   [2] BENGALI LETTER RRA..BENGALI LETTER RHA
+	{0x09DF, 0x09E1, prOLetter},   // Lo   [3] BENGALI LETTER YYA..BENGALI LETTER VOCALIC LL
+	{0x09E2, 0x09E3, prExtend},    // Mn   [2] BENGALI VOWEL SIGN VOCALIC L..BENGALI VOWEL SIGN VOCALIC LL
+	{0x09E6, 0x09EF, prNumeric},   // Nd  [10] BENGALI DIGIT ZERO..BENGALI DIGIT NINE
+	{0x09F0, 0x09F1, prOLetter},   // Lo   [2] BENGALI LETTER RA WITH MIDDLE DIAGONAL..BENGALI LETTER RA WITH LOWER DIAGONAL
+	{0x09FC, 0x09FC, prOLetter},   // Lo       BENGALI LETTER VEDIC ANUSVARA
+	{0x09FE, 0x09FE, prExtend},    // Mn       BENGALI SANDHI MARK
+	{0x0A01, 0x0A02, prExtend},    // Mn   [2] GURMUKHI SIGN ADAK BINDI..GURMUKHI SIGN BINDI
+	{0x0A03, 0x0A03, prExtend},    // Mc       GURMUKHI SIGN VISARGA
+	{0x0A05, 0x0A0A, prOLetter},   // Lo   [6] GURMUKHI LETTER A..GURMUKHI LETTER UU
+	{0x0A0F, 0x0A10, prOLetter},   // Lo   [2] GURMUKHI LETTER EE..GURMUKHI LETTER AI
+	{0x0A13, 0x0A28, prOLetter},   // Lo  [22] GURMUKHI LETTER OO..GURMUKHI LETTER NA
+	{0x0A2A, 0x0A30, prOLetter},   // Lo   [7] GURMUKHI LETTER PA..GURMUKHI LETTER RA
+	{0x0A32, 0x0A33, prOLetter},   // Lo   [2] GURMUKHI LETTER LA..GURMUKHI LETTER LLA
+	{0x0A35, 0x0A36, prOLetter},   // Lo   [2] GURMUKHI LETTER VA..GURMUKHI LETTER SHA
+	{0x0A38, 0x0A39, prOLetter},   // Lo   [2] GURMUKHI LETTER SA..GURMUKHI LETTER HA
+	{0x0A3C, 0x0A3C, prExtend},    // Mn       GURMUKHI SIGN NUKTA
+	{0x0A3E, 0x0A40, prExtend},    // Mc   [3] GURMUKHI VOWEL SIGN AA..GURMUKHI VOWEL SIGN II
+	{0x0A41, 0x0A42, prExtend},    // Mn   [2] GURMUKHI VOWEL SIGN U..GURMUKHI VOWEL SIGN UU
+	{0x0A47, 0x0A48, prExtend},    // Mn   [2] GURMUKHI VOWEL SIGN EE..GURMUKHI VOWEL SIGN AI
+	{0x0A4B, 0x0A4D, prExtend},    // Mn   [3] GURMUKHI VOWEL SIGN OO..GURMUKHI SIGN VIRAMA
+	{0x0A51, 0x0A51, prExtend},    // Mn       GURMUKHI SIGN UDAAT
+	{0x0A59, 0x0A5C, prOLetter},   // Lo   [4] GURMUKHI LETTER KHHA..GURMUKHI LETTER RRA
+	{0x0A5E, 0x0A5E, prOLetter},   // Lo       GURMUKHI LETTER FA
+	{0x0A66, 0x0A6F, prNumeric},   // Nd  [10] GURMUKHI DIGIT ZERO..GURMUKHI DIGIT NINE
+	{0x0A70, 0x0A71, prExtend},    // Mn   [2] GURMUKHI TIPPI..GURMUKHI ADDAK
+	{0x0A72, 0x0A74, prOLetter},   // Lo   [3] GURMUKHI IRI..GURMUKHI EK ONKAR
+	{0x0A75, 0x0A75, prExtend},    // Mn       GURMUKHI SIGN YAKASH
+	{0x0A81, 0x0A82, prExtend},    // Mn   [2] GUJARATI SIGN CANDRABINDU..GUJARATI SIGN ANUSVARA
+	{0x0A83, 0x0A83, prExtend},    // Mc       GUJARATI SIGN VISARGA
+	{0x0A85, 0x0A8D, prOLetter},   // Lo   [9] GUJARATI LETTER A..GUJARATI VOWEL CANDRA E
+	{0x0A8F, 0x0A91, prOLetter},   // Lo   [3] GUJARATI LETTER E..GUJARATI VOWEL CANDRA O
+	{0x0A93, 0x0AA8, prOLetter},   // Lo  [22] GUJARATI LETTER O..GUJARATI LETTER NA
+	{0x0AAA, 0x0AB0, prOLetter},   // Lo   [7] GUJARATI LETTER PA..GUJARATI LETTER RA
+	{0x0AB2, 0x0AB3, prOLetter},   // Lo   [2] GUJARATI LETTER LA..GUJARATI LETTER LLA
+	{0x0AB5, 0x0AB9, prOLetter},   // Lo   [5] GUJARATI LETTER VA..GUJARATI LETTER HA
+	{0x0ABC, 0x0ABC, prExtend},    // Mn       GUJARATI SIGN NUKTA
+	{0x0ABD, 0x0ABD, prOLetter},   // Lo       GUJARATI SIGN AVAGRAHA
+	{0x0ABE, 0x0AC0, prExtend},    // Mc   [3] GUJARATI VOWEL SIGN AA..GUJARATI VOWEL SIGN II
+	{0x0AC1, 0x0AC5, prExtend},    // Mn   [5] GUJARATI VOWEL SIGN U..GUJARATI VOWEL SIGN CANDRA E
+	{0x0AC7, 0x0AC8, prExtend},    // Mn   [2] GUJARATI VOWEL SIGN E..GUJARATI VOWEL SIGN AI
+	{0x0AC9, 0x0AC9, prExtend},    // Mc       GUJARATI VOWEL SIGN CANDRA O
+	{0x0ACB, 0x0ACC, prExtend},    // Mc   [2] GUJARATI VOWEL SIGN O..GUJARATI VOWEL SIGN AU
+	{0x0ACD, 0x0ACD, prExtend},    // Mn       GUJARATI SIGN VIRAMA
+	{0x0AD0, 0x0AD0, prOLetter},   // Lo       GUJARATI OM
+	{0x0AE0, 0x0AE1, prOLetter},   // Lo   [2] GUJARATI LETTER VOCALIC RR..GUJARATI LETTER VOCALIC LL
+	{0x0AE2, 0x0AE3, prExtend},    // Mn   [2] GUJARATI VOWEL SIGN VOCALIC L..GUJARATI VOWEL SIGN VOCALIC LL
+	{0x0AE6, 0x0AEF, prNumeric},   // Nd  [10] GUJARATI DIGIT ZERO..GUJARATI DIGIT NINE
+	{0x0AF9, 0x0AF9, prOLetter},   // Lo       GUJARATI LETTER ZHA
+	{0x0AFA, 0x0AFF, prExtend},    // Mn   [6] GUJARATI SIGN SUKUN..GUJARATI SIGN TWO-CIRCLE NUKTA ABOVE
+	{0x0B01, 0x0B01, prExtend},    // Mn       ORIYA SIGN CANDRABINDU
+	{0x0B02, 0x0B03, prExtend},    // Mc   [2] ORIYA SIGN ANUSVARA..ORIYA SIGN VISARGA
+	{0x0B05, 0x0B0C, prOLetter},   // Lo   [8] ORIYA LETTER A..ORIYA LETTER VOCALIC L
+	{0x0B0F, 0x0B10, prOLetter},   // Lo   [2] ORIYA LETTER E..ORIYA LETTER AI
+	{0x0B13, 0x0B28, prOLetter},   // Lo  [22] ORIYA LETTER O..ORIYA LETTER NA
+	{0x0B2A, 0x0B30, prOLetter},   // Lo   [7] ORIYA LETTER PA..ORIYA LETTER RA
+	{0x0B32, 0x0B33, prOLetter},   // Lo   [2] ORIYA LETTER LA..ORIYA LETTER LLA
+	{0x0B35, 0x0B39, prOLetter},   // Lo   [5] ORIYA LETTER VA..ORIYA LETTER HA
+	{0x0B3C, 0x0B3C, prExtend},    // Mn       ORIYA SIGN NUKTA
+	{0x0B3D, 0x0B3D, prOLetter},   // Lo       ORIYA SIGN AVAGRAHA
+	{0x0B3E, 0x0B3E, prExtend},    // Mc       ORIYA VOWEL SIGN AA
+	{0x0B3F, 0x0B3F, prExtend},    // Mn       ORIYA VOWEL SIGN I
+	{0x0B40, 0x0B40, prExtend},    // Mc       ORIYA VOWEL SIGN II
+	{0x0B41, 0x0B44, prExtend},    // Mn   [4] ORIYA VOWEL SIGN U..ORIYA VOWEL SIGN VOCALIC RR
+	{0x0B47, 0x0B48, prExtend},    // Mc   [2] ORIYA VOWEL SIGN E..ORIYA VOWEL SIGN AI
+	{0x0B4B, 0x0B4C, prExtend},    // Mc   [2] ORIYA VOWEL SIGN O..ORIYA VOWEL SIGN AU
+	{0x0B4D, 0x0B4D, prExtend},    // Mn       ORIYA SIGN VIRAMA
+	{0x0B55, 0x0B56, prExtend},    // Mn   [2] ORIYA SIGN OVERLINE..ORIYA AI LENGTH MARK
+	{0x0B57, 0x0B57, prExtend},    // Mc       ORIYA AU LENGTH MARK
+	{0x0B5C, 0x0B5D, prOLetter},   // Lo   [2] ORIYA LETTER RRA..ORIYA LETTER RHA
+	{0x0B5F, 0x0B61, prOLetter},   // Lo   [3] ORIYA LETTER YYA..ORIYA LETTER VOCALIC LL
+	{0x0B62, 0x0B63, prExtend},    // Mn   [2] ORIYA VOWEL SIGN VOCALIC L..ORIYA VOWEL SIGN VOCALIC LL
+	{0x0B66, 0x0B6F, prNumeric},   // Nd  [10] ORIYA DIGIT ZERO..ORIYA DIGIT NINE
+	{0x0B71, 0x0B71, prOLetter},   // Lo       ORIYA LETTER WA
+	{0x0B82, 0x0B82, prExtend},    // Mn       TAMIL SIGN ANUSVARA
+	{0x0B83, 0x0B83, prOLetter},   // Lo       TAMIL SIGN VISARGA
+	{0x0B85, 0x0B8A, prOLetter},   // Lo   [6] TAMIL LETTER A..TAMIL LETTER UU
+	{0x0B8E, 0x0B90, prOLetter},   // Lo   [3] TAMIL LETTER E..TAMIL LETTER AI
+	{0x0B92, 0x0B95, prOLetter},   // Lo   [4] TAMIL LETTER O..TAMIL LETTER KA
+	{0x0B99, 0x0B9A, prOLetter},   // Lo   [2] TAMIL LETTER NGA..TAMIL LETTER CA
+	{0x0B9C, 0x0B9C, prOLetter},   // Lo       TAMIL LETTER JA
+	{0x0B9E, 0x0B9F, prOLetter},   // Lo   [2] TAMIL LETTER NYA..TAMIL LETTER TTA
+	{0x0BA3, 0x0BA4, prOLetter},   // Lo   [2] TAMIL LETTER NNA..TAMIL LETTER TA
+	{0x0BA8, 0x0BAA, prOLetter},   // Lo   [3] TAMIL LETTER NA..TAMIL LETTER PA
+	{0x0BAE, 0x0BB9, prOLetter},   // Lo  [12] TAMIL LETTER MA..TAMIL LETTER HA
+	{0x0BBE, 0x0BBF, prExtend},    // Mc   [2] TAMIL VOWEL SIGN AA..TAMIL VOWEL SIGN I
+	{0x0BC0, 0x0BC0, prExtend},    // Mn       TAMIL VOWEL SIGN II
+	{0x0BC1, 0x0BC2, prExtend},    // Mc   [2] TAMIL VOWEL SIGN U..TAMIL VOWEL SIGN UU
+	{0x0BC6, 0x0BC8, prExtend},    // Mc   [3] TAMIL VOWEL SIGN E..TAMIL VOWEL SIGN AI
+	{0x0BCA, 0x0BCC, prExtend},    // Mc   [3] TAMIL VOWEL SIGN O..TAMIL VOWEL SIGN AU
+	{0x0BCD, 0x0BCD, prExtend},    // Mn       TAMIL SIGN VIRAMA
+	{0x0BD0, 0x0BD0, prOLetter},   // Lo       TAMIL OM
+	{0x0BD7, 0x0BD7, prExtend},    // Mc       TAMIL AU LENGTH MARK
+	{0x0BE6, 0x0BEF, prNumeric},   // Nd  [10] TAMIL DIGIT ZERO..TAMIL DIGIT NINE
+	{0x0C00, 0x0C00, prExtend},    // Mn       TELUGU SIGN COMBINING CANDRABINDU ABOVE
+	{0x0C01, 0x0C03, prExtend},    // Mc   [3] TELUGU SIGN CANDRABINDU..TELUGU SIGN VISARGA
+	{0x0C04, 0x0C04, prExtend},    // Mn       TELUGU SIGN COMBINING ANUSVARA ABOVE
+	{0x0C05, 0x0C0C, prOLetter},   // Lo   [8] TELUGU LETTER A..TELUGU LETTER VOCALIC L
+	{0x0C0E, 0x0C10, prOLetter},   // Lo   [3] TELUGU LETTER E..TELUGU LETTER AI
+	{0x0C12, 0x0C28, prOLetter},   // Lo  [23] TELUGU LETTER O..TELUGU LETTER NA
+	{0x0C2A, 0x0C39, prOLetter},   // Lo  [16] TELUGU LETTER PA..TELUGU LETTER HA
+	{0x0C3C, 0x0C3C, prExtend},    // Mn       TELUGU SIGN NUKTA
+	{0x0C3D, 0x0C3D, prOLetter},   // Lo       TELUGU SIGN AVAGRAHA
+	{0x0C3E, 0x0C40, prExtend},    // Mn   [3] TELUGU VOWEL SIGN AA..TELUGU VOWEL SIGN II
+	{0x0C41, 0x0C44, prExtend},    // Mc   [4] TELUGU VOWEL SIGN U..TELUGU VOWEL SIGN VOCALIC RR
+	{0x0C46, 0x0C48, prExtend},    // Mn   [3] TELUGU VOWEL SIGN E..TELUGU VOWEL SIGN AI
+	{0x0C4A, 0x0C4D, prExtend},    // Mn   [4] TELUGU VOWEL SIGN O..TELUGU SIGN VIRAMA
+	{0x0C55, 0x0C56, prExtend},    // Mn   [2] TELUGU LENGTH MARK..TELUGU AI LENGTH MARK
+	{0x0C58, 0x0C5A, prOLetter},   // Lo   [3] TELUGU LETTER TSA..TELUGU LETTER RRRA
+	{0x0C5D, 0x0C5D, prOLetter},   // Lo       TELUGU LETTER NAKAARA POLLU
+	{0x0C60, 0x0C61, prOLetter},   // Lo   [2] TELUGU LETTER VOCALIC RR..TELUGU LETTER VOCALIC LL
+	{0x0C62, 0x0C63, prExtend},    // Mn   [2] TELUGU VOWEL SIGN VOCALIC L..TELUGU VOWEL SIGN VOCALIC LL
+	{0x0C66, 0x0C6F, prNumeric},   // Nd  [10] TELUGU DIGIT ZERO..TELUGU DIGIT NINE
+	{0x0C80, 0x0C80, prOLetter},   // Lo       KANNADA SIGN SPACING CANDRABINDU
+	{0x0C81, 0x0C81, prExtend},    // Mn       KANNADA SIGN CANDRABINDU
+	{0x0C82, 0x0C83, prExtend},    // Mc   [2] KANNADA SIGN ANUSVARA..KANNADA SIGN VISARGA
+	{0x0C85, 0x0C8C, prOLetter},   // Lo   [8] KANNADA LETTER A..KANNADA LETTER VOCALIC L
+	{0x0C8E, 0x0C90, prOLetter},   // Lo   [3] KANNADA LETTER E..KANNADA LETTER AI
+	{0x0C92, 0x0CA8, prOLetter},   // Lo  [23] KANNADA LETTER O..KANNADA LETTER NA
+	{0x0CAA, 0x0CB3, prOLetter},   // Lo  [10] KANNADA LETTER PA..KANNADA LETTER LLA
+	{0x0CB5, 0x0CB9, prOLetter},   // Lo   [5] KANNADA LETTER VA..KANNADA LETTER HA
+	{0x0CBC, 0x0CBC, prExtend},    // Mn       KANNADA SIGN NUKTA
+	{0x0CBD, 0x0CBD, prOLetter},   // Lo       KANNADA SIGN AVAGRAHA
+	{0x0CBE, 0x0CBE, prExtend},    // Mc       KANNADA VOWEL SIGN AA
+	{0x0CBF, 0x0CBF, prExtend},    // Mn       KANNADA VOWEL SIGN I
+	{0x0CC0, 0x0CC4, prExtend},    // Mc   [5] KANNADA VOWEL SIGN II..KANNADA VOWEL SIGN VOCALIC RR
+	{0x0CC6, 0x0CC6, prExtend},    // Mn       KANNADA VOWEL SIGN E
+	{0x0CC7, 0x0CC8, prExtend},    // Mc   [2] KANNADA VOWEL SIGN EE..KANNADA VOWEL SIGN AI
+	{0x0CCA, 0x0CCB, prExtend},    // Mc   [2] KANNADA VOWEL SIGN O..KANNADA VOWEL SIGN OO
+	{0x0CCC, 0x0CCD, prExtend},    // Mn   [2] KANNADA VOWEL SIGN AU..KANNADA SIGN VIRAMA
+	{0x0CD5, 0x0CD6, prExtend},    // Mc   [2] KANNADA LENGTH MARK..KANNADA AI LENGTH MARK
+	{0x0CDD, 0x0CDE, prOLetter},   // Lo   [2] KANNADA LETTER NAKAARA POLLU..KANNADA LETTER FA
+	{0x0CE0, 0x0CE1, prOLetter},   // Lo   [2] KANNADA LETTER VOCALIC RR..KANNADA LETTER VOCALIC LL
+	{0x0CE2, 0x0CE3, prExtend},    // Mn   [2] KANNADA VOWEL SIGN VOCALIC L..KANNADA VOWEL SIGN VOCALIC LL
+	{0x0CE6, 0x0CEF, prNumeric},   // Nd  [10] KANNADA DIGIT ZERO..KANNADA DIGIT NINE
+	{0x0CF1, 0x0CF2, prOLetter},   // Lo   [2] KANNADA SIGN JIHVAMULIYA..KANNADA SIGN UPADHMANIYA
+	{0x0D00, 0x0D01, prExtend},    // Mn   [2] MALAYALAM SIGN COMBINING ANUSVARA ABOVE..MALAYALAM SIGN CANDRABINDU
+	{0x0D02, 0x0D03, prExtend},    // Mc   [2] MALAYALAM SIGN ANUSVARA..MALAYALAM SIGN VISARGA
+	{0x0D04, 0x0D0C, prOLetter},   // Lo   [9] MALAYALAM LETTER VEDIC ANUSVARA..MALAYALAM LETTER VOCALIC L
+	{0x0D0E, 0x0D10, prOLetter},   // Lo   [3] MALAYALAM LETTER E..MALAYALAM LETTER AI
+	{0x0D12, 0x0D3A, prOLetter},   // Lo  [41] MALAYALAM LETTER O..MALAYALAM LETTER TTTA
+	{0x0D3B, 0x0D3C, prExtend},    // Mn   [2] MALAYALAM SIGN VERTICAL BAR VIRAMA..MALAYALAM SIGN CIRCULAR VIRAMA
+	{0x0D3D, 0x0D3D, prOLetter},   // Lo       MALAYALAM SIGN AVAGRAHA
+	{0x0D3E, 0x0D40, prExtend},    // Mc   [3] MALAYALAM VOWEL SIGN AA..MALAYALAM VOWEL SIGN II
+	{0x0D41, 0x0D44, prExtend},    // Mn   [4] MALAYALAM VOWEL SIGN U..MALAYALAM VOWEL SIGN VOCALIC RR
+	{0x0D46, 0x0D48, prExtend},    // Mc   [3] MALAYALAM VOWEL SIGN E..MALAYALAM VOWEL SIGN AI
+	{0x0D4A, 0x0D4C, prExtend},    // Mc   [3] MALAYALAM VOWEL SIGN O..MALAYALAM VOWEL SIGN AU
+	{0x0D4D, 0x0D4D, prExtend},    // Mn       MALAYALAM SIGN VIRAMA
+	{0x0D4E, 0x0D4E, prOLetter},   // Lo       MALAYALAM LETTER DOT REPH
+	{0x0D54, 0x0D56, prOLetter},   // Lo   [3] MALAYALAM LETTER CHILLU M..MALAYALAM LETTER CHILLU LLL
+	{0x0D57, 0x0D57, prExtend},    // Mc       MALAYALAM AU LENGTH MARK
+	{0x0D5F, 0x0D61, prOLetter},   // Lo   [3] MALAYALAM LETTER ARCHAIC II..MALAYALAM LETTER VOCALIC LL
+	{0x0D62, 0x0D63, prExtend},    // Mn   [2] MALAYALAM VOWEL SIGN VOCALIC L..MALAYALAM VOWEL SIGN VOCALIC LL
+	{0x0D66, 0x0D6F, prNumeric},   // Nd  [10] MALAYALAM DIGIT ZERO..MALAYALAM DIGIT NINE
+	{0x0D7A, 0x0D7F, prOLetter},   // Lo   [6] MALAYALAM LETTER CHILLU NN..MALAYALAM LETTER CHILLU K
+	{0x0D81, 0x0D81, prExtend},    // Mn       SINHALA SIGN CANDRABINDU
+	{0x0D82, 0x0D83, prExtend},    // Mc   [2] SINHALA SIGN ANUSVARAYA..SINHALA SIGN VISARGAYA
+	{0x0D85, 0x0D96, prOLetter},   // Lo  [18] SINHALA LETTER AYANNA..SINHALA LETTER AUYANNA
+	{0x0D9A, 0x0DB1, prOLetter},   // Lo  [24] SINHALA LETTER ALPAPRAANA KAYANNA..SINHALA LETTER DANTAJA NAYANNA
+	{0x0DB3, 0x0DBB, prOLetter},   // Lo   [9] SINHALA LETTER SANYAKA DAYANNA..SINHALA LETTER RAYANNA
+	{0x0DBD, 0x0DBD, prOLetter},   // Lo       SINHALA LETTER DANTAJA LAYANNA
+	{0x0DC0, 0x0DC6, prOLetter},   // Lo   [7] SINHALA LETTER VAYANNA..SINHALA LETTER FAYANNA
+	{0x0DCA, 0x0DCA, prExtend},    // Mn       SINHALA SIGN AL-LAKUNA
+	{0x0DCF, 0x0DD1, prExtend},    // Mc   [3] SINHALA VOWEL SIGN AELA-PILLA..SINHALA VOWEL SIGN DIGA AEDA-PILLA
+	{0x0DD2, 0x0DD4, prExtend},    // Mn   [3] SINHALA VOWEL SIGN KETTI IS-PILLA..SINHALA VOWEL SIGN KETTI PAA-PILLA
+	{0x0DD6, 0x0DD6, prExtend},    // Mn       SINHALA VOWEL SIGN DIGA PAA-PILLA
+	{0x0DD8, 0x0DDF, prExtend},    // Mc   [8] SINHALA VOWEL SIGN GAETTA-PILLA..SINHALA VOWEL SIGN GAYANUKITTA
+	{0x0DE6, 0x0DEF, prNumeric},   // Nd  [10] SINHALA LITH DIGIT ZERO..SINHALA LITH DIGIT NINE
+	{0x0DF2, 0x0DF3, prExtend},    // Mc   [2] SINHALA VOWEL SIGN DIGA GAETTA-PILLA..SINHALA VOWEL SIGN DIGA GAYANUKITTA
+	{0x0E01, 0x0E30, prOLetter},   // Lo  [48] THAI CHARACTER KO KAI..THAI CHARACTER SARA A
+	{0x0E31, 0x0E31, prExtend},    // Mn       THAI CHARACTER MAI HAN-AKAT
+	{0x0E32, 0x0E33, prOLetter},   // Lo   [2] THAI CHARACTER SARA AA..THAI CHARACTER SARA AM
+	{0x0E34, 0x0E3A, prExtend},    // Mn   [7] THAI CHARACTER SARA I..THAI CHARACTER PHINTHU
+	{0x0E40, 0x0E45, prOLetter},   // Lo   [6] THAI CHARACTER SARA E..THAI CHARACTER LAKKHANGYAO
+	{0x0E46, 0x0E46, prOLetter},   // Lm       THAI CHARACTER MAIYAMOK
+	{0x0E47, 0x0E4E, prExtend},    // Mn   [8] THAI CHARACTER MAITAIKHU..THAI CHARACTER YAMAKKAN
+	{0x0E50, 0x0E59, prNumeric},   // Nd  [10] THAI DIGIT ZERO..THAI DIGIT NINE
+	{0x0E81, 0x0E82, prOLetter},   // Lo   [2] LAO LETTER KO..LAO LETTER KHO SUNG
+	{0x0E84, 0x0E84, prOLetter},   // Lo       LAO LETTER KHO TAM
+	{0x0E86, 0x0E8A, prOLetter},   // Lo   [5] LAO LETTER PALI GHA..LAO LETTER SO TAM
+	{0x0E8C, 0x0EA3, prOLetter},   // Lo  [24] LAO LETTER PALI JHA..LAO LETTER LO LING
+	{0x0EA5, 0x0EA5, prOLetter},   // Lo       LAO LETTER LO LOOT
+	{0x0EA7, 0x0EB0, prOLetter},   // Lo  [10] LAO LETTER WO..LAO VOWEL SIGN A
+	{0x0EB1, 0x0EB1, prExtend},    // Mn       LAO VOWEL SIGN MAI KAN
+	{0x0EB2, 0x0EB3, prOLetter},   // Lo   [2] LAO VOWEL SIGN AA..LAO VOWEL SIGN AM
+	{0x0EB4, 0x0EBC, prExtend},    // Mn   [9] LAO VOWEL SIGN I..LAO SEMIVOWEL SIGN LO
+	{0x0EBD, 0x0EBD, prOLetter},   // Lo       LAO SEMIVOWEL SIGN NYO
+	{0x0EC0, 0x0EC4, prOLetter},   // Lo   [5] LAO VOWEL SIGN E..LAO VOWEL SIGN AI
+	{0x0EC6, 0x0EC6, prOLetter},   // Lm       LAO KO LA
+	{0x0EC8, 0x0ECD, prExtend},    // Mn   [6] LAO TONE MAI EK..LAO NIGGAHITA
+	{0x0ED0, 0x0ED9, prNumeric},   // Nd  [10] LAO DIGIT ZERO..LAO DIGIT NINE
+	{0x0EDC, 0x0EDF, prOLetter},   // Lo   [4] LAO HO NO..LAO LETTER KHMU NYO
+	{0x0F00, 0x0F00, prOLetter},   // Lo       TIBETAN SYLLABLE OM
+	{0x0F18, 0x0F19, prExtend},    // Mn   [2] TIBETAN ASTROLOGICAL SIGN -KHYUD PA..TIBETAN ASTROLOGICAL SIGN SDONG TSHUGS
+	{0x0F20, 0x0F29, prNumeric},   // Nd  [10] TIBETAN DIGIT ZERO..TIBETAN DIGIT NINE
+	{0x0F35, 0x0F35, prExtend},    // Mn       TIBETAN MARK NGAS BZUNG NYI ZLA
+	{0x0F37, 0x0F37, prExtend},    // Mn       TIBETAN MARK NGAS BZUNG SGOR RTAGS
+	{0x0F39, 0x0F39, prExtend},    // Mn       TIBETAN MARK TSA -PHRU
+	{0x0F3A, 0x0F3A, prClose},     // Ps       TIBETAN MARK GUG RTAGS GYON
+	{0x0F3B, 0x0F3B, prClose},     // Pe       TIBETAN MARK GUG RTAGS GYAS
+	{0x0F3C, 0x0F3C, prClose},     // Ps       TIBETAN MARK ANG KHANG GYON
+	{0x0F3D, 0x0F3D, prClose},     // Pe       TIBETAN MARK ANG KHANG GYAS
+	{0x0F3E, 0x0F3F, prExtend},    // Mc   [2] TIBETAN SIGN YAR TSHES..TIBETAN SIGN MAR TSHES
+	{0x0F40, 0x0F47, prOLetter},   // Lo   [8] TIBETAN LETTER KA..TIBETAN LETTER JA
+	{0x0F49, 0x0F6C, prOLetter},   // Lo  [36] TIBETAN LETTER NYA..TIBETAN LETTER RRA
+	{0x0F71, 0x0F7E, prExtend},    // Mn  [14] TIBETAN VOWEL SIGN AA..TIBETAN SIGN RJES SU NGA RO
+	{0x0F7F, 0x0F7F, prExtend},    // Mc       TIBETAN SIGN RNAM BCAD
+	{0x0F80, 0x0F84, prExtend},    // Mn   [5] TIBETAN VOWEL SIGN REVERSED I..TIBETAN MARK HALANTA
+	{0x0F86, 0x0F87, prExtend},    // Mn   [2] TIBETAN SIGN LCI RTAGS..TIBETAN SIGN YANG RTAGS
+	{0x0F88, 0x0F8C, prOLetter},   // Lo   [5] TIBETAN SIGN LCE TSA CAN..TIBETAN SIGN INVERTED MCHU CAN
+	{0x0F8D, 0x0F97, prExtend},    // Mn  [11] TIBETAN SUBJOINED SIGN LCE TSA CAN..TIBETAN SUBJOINED LETTER JA
+	{0x0F99, 0x0FBC, prExtend},    // Mn  [36] TIBETAN SUBJOINED LETTER NYA..TIBETAN SUBJOINED LETTER FIXED-FORM RA
+	{0x0FC6, 0x0FC6, prExtend},    // Mn       TIBETAN SYMBOL PADMA GDAN
+	{0x1000, 0x102A, prOLetter},   // Lo  [43] MYANMAR LETTER KA..MYANMAR LETTER AU
+	{0x102B, 0x102C, prExtend},    // Mc   [2] MYANMAR VOWEL SIGN TALL AA..MYANMAR VOWEL SIGN AA
+	{0x102D, 0x1030, prExtend},    // Mn   [4] MYANMAR VOWEL SIGN I..MYANMAR VOWEL SIGN UU
+	{0x1031, 0x1031, prExtend},    // Mc       MYANMAR VOWEL SIGN E
+	{0x1032, 0x1037, prExtend},    // Mn   [6] MYANMAR VOWEL SIGN AI..MYANMAR SIGN DOT BELOW
+	{0x1038, 0x1038, prExtend},    // Mc       MYANMAR SIGN VISARGA
+	{0x1039, 0x103A, prExtend},    // Mn   [2] MYANMAR SIGN VIRAMA..MYANMAR SIGN ASAT
+	{0x103B, 0x103C, prExtend},    // Mc   [2] MYANMAR CONSONANT SIGN MEDIAL YA..MYANMAR CONSONANT SIGN MEDIAL RA
+	{0x103D, 0x103E, prExtend},    // Mn   [2] MYANMAR CONSONANT SIGN MEDIAL WA..MYANMAR CONSONANT SIGN MEDIAL HA
+	{0x103F, 0x103F, prOLetter},   // Lo       MYANMAR LETTER GREAT SA
+	{0x1040, 0x1049, prNumeric},   // Nd  [10] MYANMAR DIGIT ZERO..MYANMAR DIGIT NINE
+	{0x104A, 0x104B, prSTerm},     // Po   [2] MYANMAR SIGN LITTLE SECTION..MYANMAR SIGN SECTION
+	{0x1050, 0x1055, prOLetter},   // Lo   [6] MYANMAR LETTER SHA..MYANMAR LETTER VOCALIC LL
+	{0x1056, 0x1057, prExtend},    // Mc   [2] MYANMAR VOWEL SIGN VOCALIC R..MYANMAR VOWEL SIGN VOCALIC RR
+	{0x1058, 0x1059, prExtend},    // Mn   [2] MYANMAR VOWEL SIGN VOCALIC L..MYANMAR VOWEL SIGN VOCALIC LL
+	{0x105A, 0x105D, prOLetter},   // Lo   [4] MYANMAR LETTER MON NGA..MYANMAR LETTER MON BBE
+	{0x105E, 0x1060, prExtend},    // Mn   [3] MYANMAR CONSONANT SIGN MON MEDIAL NA..MYANMAR CONSONANT SIGN MON MEDIAL LA
+	{0x1061, 0x1061, prOLetter},   // Lo       MYANMAR LETTER SGAW KAREN SHA
+	{0x1062, 0x1064, prExtend},    // Mc   [3] MYANMAR VOWEL SIGN SGAW KAREN EU..MYANMAR TONE MARK SGAW KAREN KE PHO
+	{0x1065, 0x1066, prOLetter},   // Lo   [2] MYANMAR LETTER WESTERN PWO KAREN THA..MYANMAR LETTER WESTERN PWO KAREN PWA
+	{0x1067, 0x106D, prExtend},    // Mc   [7] MYANMAR VOWEL SIGN WESTERN PWO KAREN EU..MYANMAR SIGN WESTERN PWO KAREN TONE-5
+	{0x106E, 0x1070, prOLetter},   // Lo   [3] MYANMAR LETTER EASTERN PWO KAREN NNA..MYANMAR LETTER EASTERN PWO KAREN GHWA
+	{0x1071, 0x1074, prExtend},    // Mn   [4] MYANMAR VOWEL SIGN GEBA KAREN I..MYANMAR VOWEL SIGN KAYAH EE
+	{0x1075, 0x1081, prOLetter},   // Lo  [13] MYANMAR LETTER SHAN KA..MYANMAR LETTER SHAN HA
+	{0x1082, 0x1082, prExtend},    // Mn       MYANMAR CONSONANT SIGN SHAN MEDIAL WA
+	{0x1083, 0x1084, prExtend},    // Mc   [2] MYANMAR VOWEL SIGN SHAN AA..MYANMAR VOWEL SIGN SHAN E
+	{0x1085, 0x1086, prExtend},    // Mn   [2] MYANMAR VOWEL SIGN SHAN E ABOVE..MYANMAR VOWEL SIGN SHAN FINAL Y
+	{0x1087, 0x108C, prExtend},    // Mc   [6] MYANMAR SIGN SHAN TONE-2..MYANMAR SIGN SHAN COUNCIL TONE-3
+	{0x108D, 0x108D, prExtend},    // Mn       MYANMAR SIGN SHAN COUNCIL EMPHATIC TONE
+	{0x108E, 0x108E, prOLetter},   // Lo       MYANMAR LETTER RUMAI PALAUNG FA
+	{0x108F, 0x108F, prExtend},    // Mc       MYANMAR SIGN RUMAI PALAUNG TONE-5
+	{0x1090, 0x1099, prNumeric},   // Nd  [10] MYANMAR SHAN DIGIT ZERO..MYANMAR SHAN DIGIT NINE
+	{0x109A, 0x109C, prExtend},    // Mc   [3] MYANMAR SIGN KHAMTI TONE-1..MYANMAR VOWEL SIGN AITON A
+	{0x109D, 0x109D, prExtend},    // Mn       MYANMAR VOWEL SIGN AITON AI
+	{0x10A0, 0x10C5, prUpper},     // L&  [38] GEORGIAN CAPITAL LETTER AN..GEORGIAN CAPITAL LETTER HOE
+	{0x10C7, 0x10C7, prUpper},     // L&       GEORGIAN CAPITAL LETTER YN
+	{0x10CD, 0x10CD, prUpper},     // L&       GEORGIAN CAPITAL LETTER AEN
+	{0x10D0, 0x10FA, prOLetter},   // L&  [43] GEORGIAN LETTER AN..GEORGIAN LETTER AIN
+	{0x10FC, 0x10FC, prOLetter},   // Lm       MODIFIER LETTER GEORGIAN NAR
+	{0x10FD, 0x10FF, prOLetter},   // L&   [3] GEORGIAN LETTER AEN..GEORGIAN LETTER LABIAL SIGN
+	{0x1100, 0x1248, prOLetter},   // Lo [329] HANGUL CHOSEONG KIYEOK..ETHIOPIC SYLLABLE QWA
+	{0x124A, 0x124D, prOLetter},   // Lo   [4] ETHIOPIC SYLLABLE QWI..ETHIOPIC SYLLABLE QWE
+	{0x1250, 0x1256, prOLetter},   // Lo   [7] ETHIOPIC SYLLABLE QHA..ETHIOPIC SYLLABLE QHO
+	{0x1258, 0x1258, prOLetter},   // Lo       ETHIOPIC SYLLABLE QHWA
+	{0x125A, 0x125D, prOLetter},   // Lo   [4] ETHIOPIC SYLLABLE QHWI..ETHIOPIC SYLLABLE QHWE
+	{0x1260, 0x1288, prOLetter},   // Lo  [41] ETHIOPIC SYLLABLE BA..ETHIOPIC SYLLABLE XWA
+	{0x128A, 0x128D, prOLetter},   // Lo   [4] ETHIOPIC SYLLABLE XWI..ETHIOPIC SYLLABLE XWE
+	{0x1290, 0x12B0, prOLetter},   // Lo  [33] ETHIOPIC SYLLABLE NA..ETHIOPIC SYLLABLE KWA
+	{0x12B2, 0x12B5, prOLetter},   // Lo   [4] ETHIOPIC SYLLABLE KWI..ETHIOPIC SYLLABLE KWE
+	{0x12B8, 0x12BE, prOLetter},   // Lo   [7] ETHIOPIC SYLLABLE KXA..ETHIOPIC SYLLABLE KXO
+	{0x12C0, 0x12C0, prOLetter},   // Lo       ETHIOPIC SYLLABLE KXWA
+	{0x12C2, 0x12C5, prOLetter},   // Lo   [4] ETHIOPIC SYLLABLE KXWI..ETHIOPIC SYLLABLE KXWE
+	{0x12C8, 0x12D6, prOLetter},   // Lo  [15] ETHIOPIC SYLLABLE WA..ETHIOPIC SYLLABLE PHARYNGEAL O
+	{0x12D8, 0x1310, prOLetter},   // Lo  [57] ETHIOPIC SYLLABLE ZA..ETHIOPIC SYLLABLE GWA
+	{0x1312, 0x1315, prOLetter},   // Lo   [4] ETHIOPIC SYLLABLE GWI..ETHIOPIC SYLLABLE GWE
+	{0x1318, 0x135A, prOLetter},   // Lo  [67] ETHIOPIC SYLLABLE GGA..ETHIOPIC SYLLABLE FYA
+	{0x135D, 0x135F, prExtend},    // Mn   [3] ETHIOPIC COMBINING GEMINATION AND VOWEL LENGTH MARK..ETHIOPIC COMBINING GEMINATION MARK
+	{0x1362, 0x1362, prSTerm},     // Po       ETHIOPIC FULL STOP
+	{0x1367, 0x1368, prSTerm},     // Po   [2] ETHIOPIC QUESTION MARK..ETHIOPIC PARAGRAPH SEPARATOR
+	{0x1380, 0x138F, prOLetter},   // Lo  [16] ETHIOPIC SYLLABLE SEBATBEIT MWA..ETHIOPIC SYLLABLE PWE
+	{0x13A0, 0x13F5, prUpper},     // L&  [86] CHEROKEE LETTER A..CHEROKEE LETTER MV
+	{0x13F8, 0x13FD, prLower},     // L&   [6] CHEROKEE SMALL LETTER YE..CHEROKEE SMALL LETTER MV
+	{0x1401, 0x166C, prOLetter},   // Lo [620] CANADIAN SYLLABICS E..CANADIAN SYLLABICS CARRIER TTSA
+	{0x166E, 0x166E, prSTerm},     // Po       CANADIAN SYLLABICS FULL STOP
+	{0x166F, 0x167F, prOLetter},   // Lo  [17] CANADIAN SYLLABICS QAI..CANADIAN SYLLABICS BLACKFOOT W
+	{0x1680, 0x1680, prSp},        // Zs       OGHAM SPACE MARK
+	{0x1681, 0x169A, prOLetter},   // Lo  [26] OGHAM LETTER BEITH..OGHAM LETTER PEITH
+	{0x169B, 0x169B, prClose},     // Ps       OGHAM FEATHER MARK
+	{0x169C, 0x169C, prClose},     // Pe       OGHAM REVERSED FEATHER MARK
+	{0x16A0, 0x16EA, prOLetter},   // Lo  [75] RUNIC LETTER FEHU FEOH FE F..RUNIC LETTER X
+	{0x16EE, 0x16F0, prOLetter},   // Nl   [3] RUNIC ARLAUG SYMBOL..RUNIC BELGTHOR SYMBOL
+	{0x16F1, 0x16F8, prOLetter},   // Lo   [8] RUNIC LETTER K..RUNIC LETTER FRANKS CASKET AESC
+	{0x1700, 0x1711, prOLetter},   // Lo  [18] TAGALOG LETTER A..TAGALOG LETTER HA
+	{0x1712, 0x1714, prExtend},    // Mn   [3] TAGALOG VOWEL SIGN I..TAGALOG SIGN VIRAMA
+	{0x1715, 0x1715, prExtend},    // Mc       TAGALOG SIGN PAMUDPOD
+	{0x171F, 0x1731, prOLetter},   // Lo  [19] TAGALOG LETTER ARCHAIC RA..HANUNOO LETTER HA
+	{0x1732, 0x1733, prExtend},    // Mn   [2] HANUNOO VOWEL SIGN I..HANUNOO VOWEL SIGN U
+	{0x1734, 0x1734, prExtend},    // Mc       HANUNOO SIGN PAMUDPOD
+	{0x1735, 0x1736, prSTerm},     // Po   [2] PHILIPPINE SINGLE PUNCTUATION..PHILIPPINE DOUBLE PUNCTUATION
+	{0x1740, 0x1751, prOLetter},   // Lo  [18] BUHID LETTER A..BUHID LETTER HA
+	{0x1752, 0x1753, prExtend},    // Mn   [2] BUHID VOWEL SIGN I..BUHID VOWEL SIGN U
+	{0x1760, 0x176C, prOLetter},   // Lo  [13] TAGBANWA LETTER A..TAGBANWA LETTER YA
+	{0x176E, 0x1770, prOLetter},   // Lo   [3] TAGBANWA LETTER LA..TAGBANWA LETTER SA
+	{0x1772, 0x1773, prExtend},    // Mn   [2] TAGBANWA VOWEL SIGN I..TAGBANWA VOWEL SIGN U
+	{0x1780, 0x17B3, prOLetter},   // Lo  [52] KHMER LETTER KA..KHMER INDEPENDENT VOWEL QAU
+	{0x17B4, 0x17B5, prExtend},    // Mn   [2] KHMER VOWEL INHERENT AQ..KHMER VOWEL INHERENT AA
+	{0x17B6, 0x17B6, prExtend},    // Mc       KHMER VOWEL SIGN AA
+	{0x17B7, 0x17BD, prExtend},    // Mn   [7] KHMER VOWEL SIGN I..KHMER VOWEL SIGN UA
+	{0x17BE, 0x17C5, prExtend},    // Mc   [8] KHMER VOWEL SIGN OE..KHMER VOWEL SIGN AU
+	{0x17C6, 0x17C6, prExtend},    // Mn       KHMER SIGN NIKAHIT
+	{0x17C7, 0x17C8, prExtend},    // Mc   [2] KHMER SIGN REAHMUK..KHMER SIGN YUUKALEAPINTU
+	{0x17C9, 0x17D3, prExtend},    // Mn  [11] KHMER SIGN MUUSIKATOAN..KHMER SIGN BATHAMASAT
+	{0x17D7, 0x17D7, prOLetter},   // Lm       KHMER SIGN LEK TOO
+	{0x17DC, 0x17DC, prOLetter},   // Lo       KHMER SIGN AVAKRAHASANYA
+	{0x17DD, 0x17DD, prExtend},    // Mn       KHMER SIGN ATTHACAN
+	{0x17E0, 0x17E9, prNumeric},   // Nd  [10] KHMER DIGIT ZERO..KHMER DIGIT NINE
+	{0x1802, 0x1802, prSContinue}, // Po       MONGOLIAN COMMA
+	{0x1803, 0x1803, prSTerm},     // Po       MONGOLIAN FULL STOP
+	{0x1808, 0x1808, prSContinue}, // Po       MONGOLIAN MANCHU COMMA
+	{0x1809, 0x1809, prSTerm},     // Po       MONGOLIAN MANCHU FULL STOP
+	{0x180B, 0x180D, prExtend},    // Mn   [3] MONGOLIAN FREE VARIATION SELECTOR ONE..MONGOLIAN FREE VARIATION SELECTOR THREE
+	{0x180E, 0x180E, prFormat},    // Cf       MONGOLIAN VOWEL SEPARATOR
+	{0x180F, 0x180F, prExtend},    // Mn       MONGOLIAN FREE VARIATION SELECTOR FOUR
+	{0x1810, 0x1819, prNumeric},   // Nd  [10] MONGOLIAN DIGIT ZERO..MONGOLIAN DIGIT NINE
+	{0x1820, 0x1842, prOLetter},   // Lo  [35] MONGOLIAN LETTER A..MONGOLIAN LETTER CHI
+	{0x1843, 0x1843, prOLetter},   // Lm       MONGOLIAN LETTER TODO LONG VOWEL SIGN
+	{0x1844, 0x1878, prOLetter},   // Lo  [53] MONGOLIAN LETTER TODO E..MONGOLIAN LETTER CHA WITH TWO DOTS
+	{0x1880, 0x1884, prOLetter},   // Lo   [5] MONGOLIAN LETTER ALI GALI ANUSVARA ONE..MONGOLIAN LETTER ALI GALI INVERTED UBADAMA
+	{0x1885, 0x1886, prExtend},    // Mn   [2] MONGOLIAN LETTER ALI GALI BALUDA..MONGOLIAN LETTER ALI GALI THREE BALUDA
+	{0x1887, 0x18A8, prOLetter},   // Lo  [34] MONGOLIAN LETTER ALI GALI A..MONGOLIAN LETTER MANCHU ALI GALI BHA
+	{0x18A9, 0x18A9, prExtend},    // Mn       MONGOLIAN LETTER ALI GALI DAGALGA
+	{0x18AA, 0x18AA, prOLetter},   // Lo       MONGOLIAN LETTER MANCHU ALI GALI LHA
+	{0x18B0, 0x18F5, prOLetter},   // Lo  [70] CANADIAN SYLLABICS OY..CANADIAN SYLLABICS CARRIER DENTAL S
+	{0x1900, 0x191E, prOLetter},   // Lo  [31] LIMBU VOWEL-CARRIER LETTER..LIMBU LETTER TRA
+	{0x1920, 0x1922, prExtend},    // Mn   [3] LIMBU VOWEL SIGN A..LIMBU VOWEL SIGN U
+	{0x1923, 0x1926, prExtend},    // Mc   [4] LIMBU VOWEL SIGN EE..LIMBU VOWEL SIGN AU
+	{0x1927, 0x1928, prExtend},    // Mn   [2] LIMBU VOWEL SIGN E..LIMBU VOWEL SIGN O
+	{0x1929, 0x192B, prExtend},    // Mc   [3] LIMBU SUBJOINED LETTER YA..LIMBU SUBJOINED LETTER WA
+	{0x1930, 0x1931, prExtend},    // Mc   [2] LIMBU SMALL LETTER KA..LIMBU SMALL LETTER NGA
+	{0x1932, 0x1932, prExtend},    // Mn       LIMBU SMALL LETTER ANUSVARA
+	{0x1933, 0x1938, prExtend},    // Mc   [6] LIMBU SMALL LETTER TA..LIMBU SMALL LETTER LA
+	{0x1939, 0x193B, prExtend},    // Mn   [3] LIMBU SIGN MUKPHRENG..LIMBU SIGN SA-I
+	{0x1944, 0x1945, prSTerm},     // Po   [2] LIMBU EXCLAMATION MARK..LIMBU QUESTION MARK
+	{0x1946, 0x194F, prNumeric},   // Nd  [10] LIMBU DIGIT ZERO..LIMBU DIGIT NINE
+	{0x1950, 0x196D, prOLetter},   // Lo  [30] TAI LE LETTER KA..TAI LE LETTER AI
+	{0x1970, 0x1974, prOLetter},   // Lo   [5] TAI LE LETTER TONE-2..TAI LE LETTER TONE-6
+	{0x1980, 0x19AB, prOLetter},   // Lo  [44] NEW TAI LUE LETTER HIGH QA..NEW TAI LUE LETTER LOW SUA
+	{0x19B0, 0x19C9, prOLetter},   // Lo  [26] NEW TAI LUE VOWEL SIGN VOWEL SHORTENER..NEW TAI LUE TONE MARK-2
+	{0x19D0, 0x19D9, prNumeric},   // Nd  [10] NEW TAI LUE DIGIT ZERO..NEW TAI LUE DIGIT NINE
+	{0x1A00, 0x1A16, prOLetter},   // Lo  [23] BUGINESE LETTER KA..BUGINESE LETTER HA
+	{0x1A17, 0x1A18, prExtend},    // Mn   [2] BUGINESE VOWEL SIGN I..BUGINESE VOWEL SIGN U
+	{0x1A19, 0x1A1A, prExtend},    // Mc   [2] BUGINESE VOWEL SIGN E..BUGINESE VOWEL SIGN O
+	{0x1A1B, 0x1A1B, prExtend},    // Mn       BUGINESE VOWEL SIGN AE
+	{0x1A20, 0x1A54, prOLetter},   // Lo  [53] TAI THAM LETTER HIGH KA..TAI THAM LETTER GREAT SA
+	{0x1A55, 0x1A55, prExtend},    // Mc       TAI THAM CONSONANT SIGN MEDIAL RA
+	{0x1A56, 0x1A56, prExtend},    // Mn       TAI THAM CONSONANT SIGN MEDIAL LA
+	{0x1A57, 0x1A57, prExtend},    // Mc       TAI THAM CONSONANT SIGN LA TANG LAI
+	{0x1A58, 0x1A5E, prExtend},    // Mn   [7] TAI THAM SIGN MAI KANG LAI..TAI THAM CONSONANT SIGN SA
+	{0x1A60, 0x1A60, prExtend},    // Mn       TAI THAM SIGN SAKOT
+	{0x1A61, 0x1A61, prExtend},    // Mc       TAI THAM VOWEL SIGN A
+	{0x1A62, 0x1A62, prExtend},    // Mn       TAI THAM VOWEL SIGN MAI SAT
+	{0x1A63, 0x1A64, prExtend},    // Mc   [2] TAI THAM VOWEL SIGN AA..TAI THAM VOWEL SIGN TALL AA
+	{0x1A65, 0x1A6C, prExtend},    // Mn   [8] TAI THAM VOWEL SIGN I..TAI THAM VOWEL SIGN OA BELOW
+	{0x1A6D, 0x1A72, prExtend},    // Mc   [6] TAI THAM VOWEL SIGN OY..TAI THAM VOWEL SIGN THAM AI
+	{0x1A73, 0x1A7C, prExtend},    // Mn  [10] TAI THAM VOWEL SIGN OA ABOVE..TAI THAM SIGN KHUEN-LUE KARAN
+	{0x1A7F, 0x1A7F, prExtend},    // Mn       TAI THAM COMBINING CRYPTOGRAMMIC DOT
+	{0x1A80, 0x1A89, prNumeric},   // Nd  [10] TAI THAM HORA DIGIT ZERO..TAI THAM HORA DIGIT NINE
+	{0x1A90, 0x1A99, prNumeric},   // Nd  [10] TAI THAM THAM DIGIT ZERO..TAI THAM THAM DIGIT NINE
+	{0x1AA7, 0x1AA7, prOLetter},   // Lm       TAI THAM SIGN MAI YAMOK
+	{0x1AA8, 0x1AAB, prSTerm},     // Po   [4] TAI THAM SIGN KAAN..TAI THAM SIGN SATKAANKUU
+	{0x1AB0, 0x1ABD, prExtend},    // Mn  [14] COMBINING DOUBLED CIRCUMFLEX ACCENT..COMBINING PARENTHESES BELOW
+	{0x1ABE, 0x1ABE, prExtend},    // Me       COMBINING PARENTHESES OVERLAY
+	{0x1ABF, 0x1ACE, prExtend},    // Mn  [16] COMBINING LATIN SMALL LETTER W BELOW..COMBINING LATIN SMALL LETTER INSULAR T
+	{0x1B00, 0x1B03, prExtend},    // Mn   [4] BALINESE SIGN ULU RICEM..BALINESE SIGN SURANG
+	{0x1B04, 0x1B04, prExtend},    // Mc       BALINESE SIGN BISAH
+	{0x1B05, 0x1B33, prOLetter},   // Lo  [47] BALINESE LETTER AKARA..BALINESE LETTER HA
+	{0x1B34, 0x1B34, prExtend},    // Mn       BALINESE SIGN REREKAN
+	{0x1B35, 0x1B35, prExtend},    // Mc       BALINESE VOWEL SIGN TEDUNG
+	{0x1B36, 0x1B3A, prExtend},    // Mn   [5] BALINESE VOWEL SIGN ULU..BALINESE VOWEL SIGN RA REPA
+	{0x1B3B, 0x1B3B, prExtend},    // Mc       BALINESE VOWEL SIGN RA REPA TEDUNG
+	{0x1B3C, 0x1B3C, prExtend},    // Mn       BALINESE VOWEL SIGN LA LENGA
+	{0x1B3D, 0x1B41, prExtend},    // Mc   [5] BALINESE VOWEL SIGN LA LENGA TEDUNG..BALINESE VOWEL SIGN TALING REPA TEDUNG
+	{0x1B42, 0x1B42, prExtend},    // Mn       BALINESE VOWEL SIGN PEPET
+	{0x1B43, 0x1B44, prExtend},    // Mc   [2] BALINESE VOWEL SIGN PEPET TEDUNG..BALINESE ADEG ADEG
+	{0x1B45, 0x1B4C, prOLetter},   // Lo   [8] BALINESE LETTER KAF SASAK..BALINESE LETTER ARCHAIC JNYA
+	{0x1B50, 0x1B59, prNumeric},   // Nd  [10] BALINESE DIGIT ZERO..BALINESE DIGIT NINE
+	{0x1B5A, 0x1B5B, prSTerm},     // Po   [2] BALINESE PANTI..BALINESE PAMADA
+	{0x1B5E, 0x1B5F, prSTerm},     // Po   [2] BALINESE CARIK SIKI..BALINESE CARIK PAREREN
+	{0x1B6B, 0x1B73, prExtend},    // Mn   [9] BALINESE MUSICAL SYMBOL COMBINING TEGEH..BALINESE MUSICAL SYMBOL COMBINING GONG
+	{0x1B7D, 0x1B7E, prSTerm},     // Po   [2] BALINESE PANTI LANTANG..BALINESE PAMADA LANTANG
+	{0x1B80, 0x1B81, prExtend},    // Mn   [2] SUNDANESE SIGN PANYECEK..SUNDANESE SIGN PANGLAYAR
+	{0x1B82, 0x1B82, prExtend},    // Mc       SUNDANESE SIGN PANGWISAD
+	{0x1B83, 0x1BA0, prOLetter},   // Lo  [30] SUNDANESE LETTER A..SUNDANESE LETTER HA
+	{0x1BA1, 0x1BA1, prExtend},    // Mc       SUNDANESE CONSONANT SIGN PAMINGKAL
+	{0x1BA2, 0x1BA5, prExtend},    // Mn   [4] SUNDANESE CONSONANT SIGN PANYAKRA..SUNDANESE VOWEL SIGN PANYUKU
+	{0x1BA6, 0x1BA7, prExtend},    // Mc   [2] SUNDANESE VOWEL SIGN PANAELAENG..SUNDANESE VOWEL SIGN PANOLONG
+	{0x1BA8, 0x1BA9, prExtend},    // Mn   [2] SUNDANESE VOWEL SIGN PAMEPET..SUNDANESE VOWEL SIGN PANEULEUNG
+	{0x1BAA, 0x1BAA, prExtend},    // Mc       SUNDANESE SIGN PAMAAEH
+	{0x1BAB, 0x1BAD, prExtend},    // Mn   [3] SUNDANESE SIGN VIRAMA..SUNDANESE CONSONANT SIGN PASANGAN WA
+	{0x1BAE, 0x1BAF, prOLetter},   // Lo   [2] SUNDANESE LETTER KHA..SUNDANESE LETTER SYA
+	{0x1BB0, 0x1BB9, prNumeric},   // Nd  [10] SUNDANESE DIGIT ZERO..SUNDANESE DIGIT NINE
+	{0x1BBA, 0x1BE5, prOLetter},   // Lo  [44] SUNDANESE AVAGRAHA..BATAK LETTER U
+	{0x1BE6, 0x1BE6, prExtend},    // Mn       BATAK SIGN TOMPI
+	{0x1BE7, 0x1BE7, prExtend},    // Mc       BATAK VOWEL SIGN E
+	{0x1BE8, 0x1BE9, prExtend},    // Mn   [2] BATAK VOWEL SIGN PAKPAK E..BATAK VOWEL SIGN EE
+	{0x1BEA, 0x1BEC, prExtend},    // Mc   [3] BATAK VOWEL SIGN I..BATAK VOWEL SIGN O
+	{0x1BED, 0x1BED, prExtend},    // Mn       BATAK VOWEL SIGN KARO O
+	{0x1BEE, 0x1BEE, prExtend},    // Mc       BATAK VOWEL SIGN U
+	{0x1BEF, 0x1BF1, prExtend},    // Mn   [3] BATAK VOWEL SIGN U FOR SIMALUNGUN SA..BATAK CONSONANT SIGN H
+	{0x1BF2, 0x1BF3, prExtend},    // Mc   [2] BATAK PANGOLAT..BATAK PANONGONAN
+	{0x1C00, 0x1C23, prOLetter},   // Lo  [36] LEPCHA LETTER KA..LEPCHA LETTER A
+	{0x1C24, 0x1C2B, prExtend},    // Mc   [8] LEPCHA SUBJOINED LETTER YA..LEPCHA VOWEL SIGN UU
+	{0x1C2C, 0x1C33, prExtend},    // Mn   [8] LEPCHA VOWEL SIGN E..LEPCHA CONSONANT SIGN T
+	{0x1C34, 0x1C35, prExtend},    // Mc   [2] LEPCHA CONSONANT SIGN NYIN-DO..LEPCHA CONSONANT SIGN KANG
+	{0x1C36, 0x1C37, prExtend},    // Mn   [2] LEPCHA SIGN RAN..LEPCHA SIGN NUKTA
+	{0x1C3B, 0x1C3C, prSTerm},     // Po   [2] LEPCHA PUNCTUATION TA-ROL..LEPCHA PUNCTUATION NYET THYOOM TA-ROL
+	{0x1C40, 0x1C49, prNumeric},   // Nd  [10] LEPCHA DIGIT ZERO..LEPCHA DIGIT NINE
+	{0x1C4D, 0x1C4F, prOLetter},   // Lo   [3] LEPCHA LETTER TTA..LEPCHA LETTER DDA
+	{0x1C50, 0x1C59, prNumeric},   // Nd  [10] OL CHIKI DIGIT ZERO..OL CHIKI DIGIT NINE
+	{0x1C5A, 0x1C77, prOLetter},   // Lo  [30] OL CHIKI LETTER LA..OL CHIKI LETTER OH
+	{0x1C78, 0x1C7D, prOLetter},   // Lm   [6] OL CHIKI MU TTUDDAG..OL CHIKI AHAD
+	{0x1C7E, 0x1C7F, prSTerm},     // Po   [2] OL CHIKI PUNCTUATION MUCAAD..OL CHIKI PUNCTUATION DOUBLE MUCAAD
+	{0x1C80, 0x1C88, prLower},     // L&   [9] CYRILLIC SMALL LETTER ROUNDED VE..CYRILLIC SMALL LETTER UNBLENDED UK
+	{0x1C90, 0x1CBA, prOLetter},   // L&  [43] GEORGIAN MTAVRULI CAPITAL LETTER AN..GEORGIAN MTAVRULI CAPITAL LETTER AIN
+	{0x1CBD, 0x1CBF, prOLetter},   // L&   [3] GEORGIAN MTAVRULI CAPITAL LETTER AEN..GEORGIAN MTAVRULI CAPITAL LETTER LABIAL SIGN
+	{0x1CD0, 0x1CD2, prExtend},    // Mn   [3] VEDIC TONE KARSHANA..VEDIC TONE PRENKHA
+	{0x1CD4, 0x1CE0, prExtend},    // Mn  [13] VEDIC SIGN YAJURVEDIC MIDLINE SVARITA..VEDIC TONE RIGVEDIC KASHMIRI INDEPENDENT SVARITA
+	{0x1CE1, 0x1CE1, prExtend},    // Mc       VEDIC TONE ATHARVAVEDIC INDEPENDENT SVARITA
+	{0x1CE2, 0x1CE8, prExtend},    // Mn   [7] VEDIC SIGN VISARGA SVARITA..VEDIC SIGN VISARGA ANUDATTA WITH TAIL
+	{0x1CE9, 0x1CEC, prOLetter},   // Lo   [4] VEDIC SIGN ANUSVARA ANTARGOMUKHA..VEDIC SIGN ANUSVARA VAMAGOMUKHA WITH TAIL
+	{0x1CED, 0x1CED, prExtend},    // Mn       VEDIC SIGN TIRYAK
+	{0x1CEE, 0x1CF3, prOLetter},   // Lo   [6] VEDIC SIGN HEXIFORM LONG ANUSVARA..VEDIC SIGN ROTATED ARDHAVISARGA
+	{0x1CF4, 0x1CF4, prExtend},    // Mn       VEDIC TONE CANDRA ABOVE
+	{0x1CF5, 0x1CF6, prOLetter},   // Lo   [2] VEDIC SIGN JIHVAMULIYA..VEDIC SIGN UPADHMANIYA
+	{0x1CF7, 0x1CF7, prExtend},    // Mc       VEDIC SIGN ATIKRAMA
+	{0x1CF8, 0x1CF9, prExtend},    // Mn   [2] VEDIC TONE RING ABOVE..VEDIC TONE DOUBLE RING ABOVE
+	{0x1CFA, 0x1CFA, prOLetter},   // Lo       VEDIC SIGN DOUBLE ANUSVARA ANTARGOMUKHA
+	{0x1D00, 0x1D2B, prLower},     // L&  [44] LATIN LETTER SMALL CAPITAL A..CYRILLIC LETTER SMALL CAPITAL EL
+	{0x1D2C, 0x1D6A, prLower},     // Lm  [63] MODIFIER LETTER CAPITAL A..GREEK SUBSCRIPT SMALL LETTER CHI
+	{0x1D6B, 0x1D77, prLower},     // L&  [13] LATIN SMALL LETTER UE..LATIN SMALL LETTER TURNED G
+	{0x1D78, 0x1D78, prLower},     // Lm       MODIFIER LETTER CYRILLIC EN
+	{0x1D79, 0x1D9A, prLower},     // L&  [34] LATIN SMALL LETTER INSULAR G..LATIN SMALL LETTER EZH WITH RETROFLEX HOOK
+	{0x1D9B, 0x1DBF, prLower},     // Lm  [37] MODIFIER LETTER SMALL TURNED ALPHA..MODIFIER LETTER SMALL THETA
+	{0x1DC0, 0x1DFF, prExtend},    // Mn  [64] COMBINING DOTTED GRAVE ACCENT..COMBINING RIGHT ARROWHEAD AND DOWN ARROWHEAD BELOW
+	{0x1E00, 0x1E00, prUpper},     // L&       LATIN CAPITAL LETTER A WITH RING BELOW
+	{0x1E01, 0x1E01, prLower},     // L&       LATIN SMALL LETTER A WITH RING BELOW
+	{0x1E02, 0x1E02, prUpper},     // L&       LATIN CAPITAL LETTER B WITH DOT ABOVE
+	{0x1E03, 0x1E03, prLower},     // L&       LATIN SMALL LETTER B WITH DOT ABOVE
+	{0x1E04, 0x1E04, prUpper},     // L&       LATIN CAPITAL LETTER B WITH DOT BELOW
+	{0x1E05, 0x1E05, prLower},     // L&       LATIN SMALL LETTER B WITH DOT BELOW
+	{0x1E06, 0x1E06, prUpper},     // L&       LATIN CAPITAL LETTER B WITH LINE BELOW
+	{0x1E07, 0x1E07, prLower},     // L&       LATIN SMALL LETTER B WITH LINE BELOW
+	{0x1E08, 0x1E08, prUpper},     // L&       LATIN CAPITAL LETTER C WITH CEDILLA AND ACUTE
+	{0x1E09, 0x1E09, prLower},     // L&       LATIN SMALL LETTER C WITH CEDILLA AND ACUTE
+	{0x1E0A, 0x1E0A, prUpper},     // L&       LATIN CAPITAL LETTER D WITH DOT ABOVE
+	{0x1E0B, 0x1E0B, prLower},     // L&       LATIN SMALL LETTER D WITH DOT ABOVE
+	{0x1E0C, 0x1E0C, prUpper},     // L&       LATIN CAPITAL LETTER D WITH DOT BELOW
+	{0x1E0D, 0x1E0D, prLower},     // L&       LATIN SMALL LETTER D WITH DOT BELOW
+	{0x1E0E, 0x1E0E, prUpper},     // L&       LATIN CAPITAL LETTER D WITH LINE BELOW
+	{0x1E0F, 0x1E0F, prLower},     // L&       LATIN SMALL LETTER D WITH LINE BELOW
+	{0x1E10, 0x1E10, prUpper},     // L&       LATIN CAPITAL LETTER D WITH CEDILLA
+	{0x1E11, 0x1E11, prLower},     // L&       LATIN SMALL LETTER D WITH CEDILLA
+	{0x1E12, 0x1E12, prUpper},     // L&       LATIN CAPITAL LETTER D WITH CIRCUMFLEX BELOW
+	{0x1E13, 0x1E13, prLower},     // L&       LATIN SMALL LETTER D WITH CIRCUMFLEX BELOW
+	{0x1E14, 0x1E14, prUpper},     // L&       LATIN CAPITAL LETTER E WITH MACRON AND GRAVE
+	{0x1E15, 0x1E15, prLower},     // L&       LATIN SMALL LETTER E WITH MACRON AND GRAVE
+	{0x1E16, 0x1E16, prUpper},     // L&       LATIN CAPITAL LETTER E WITH MACRON AND ACUTE
+	{0x1E17, 0x1E17, prLower},     // L&       LATIN SMALL LETTER E WITH MACRON AND ACUTE
+	{0x1E18, 0x1E18, prUpper},     // L&       LATIN CAPITAL LETTER E WITH CIRCUMFLEX BELOW
+	{0x1E19, 0x1E19, prLower},     // L&       LATIN SMALL LETTER E WITH CIRCUMFLEX BELOW
+	{0x1E1A, 0x1E1A, prUpper},     // L&       LATIN CAPITAL LETTER E WITH TILDE BELOW
+	{0x1E1B, 0x1E1B, prLower},     // L&       LATIN SMALL LETTER E WITH TILDE BELOW
+	{0x1E1C, 0x1E1C, prUpper},     // L&       LATIN CAPITAL LETTER E WITH CEDILLA AND BREVE
+	{0x1E1D, 0x1E1D, prLower},     // L&       LATIN SMALL LETTER E WITH CEDILLA AND BREVE
+	{0x1E1E, 0x1E1E, prUpper},     // L&       LATIN CAPITAL LETTER F WITH DOT ABOVE
+	{0x1E1F, 0x1E1F, prLower},     // L&       LATIN SMALL LETTER F WITH DOT ABOVE
+	{0x1E20, 0x1E20, prUpper},     // L&       LATIN CAPITAL LETTER G WITH MACRON
+	{0x1E21, 0x1E21, prLower},     // L&       LATIN SMALL LETTER G WITH MACRON
+	{0x1E22, 0x1E22, prUpper},     // L&       LATIN CAPITAL LETTER H WITH DOT ABOVE
+	{0x1E23, 0x1E23, prLower},     // L&       LATIN SMALL LETTER H WITH DOT ABOVE
+	{0x1E24, 0x1E24, prUpper},     // L&       LATIN CAPITAL LETTER H WITH DOT BELOW
+	{0x1E25, 0x1E25, prLower},     // L&       LATIN SMALL LETTER H WITH DOT BELOW
+	{0x1E26, 0x1E26, prUpper},     // L&       LATIN CAPITAL LETTER H WITH DIAERESIS
+	{0x1E27, 0x1E27, prLower},     // L&       LATIN SMALL LETTER H WITH DIAERESIS
+	{0x1E28, 0x1E28, prUpper},     // L&       LATIN CAPITAL LETTER H WITH CEDILLA
+	{0x1E29, 0x1E29, prLower},     // L&       LATIN SMALL LETTER H WITH CEDILLA
+	{0x1E2A, 0x1E2A, prUpper},     // L&       LATIN CAPITAL LETTER H WITH BREVE BELOW
+	{0x1E2B, 0x1E2B, prLower},     // L&       LATIN SMALL LETTER H WITH BREVE BELOW
+	{0x1E2C, 0x1E2C, prUpper},     // L&       LATIN CAPITAL LETTER I WITH TILDE BELOW
+	{0x1E2D, 0x1E2D, prLower},     // L&       LATIN SMALL LETTER I WITH TILDE BELOW
+	{0x1E2E, 0x1E2E, prUpper},     // L&       LATIN CAPITAL LETTER I WITH DIAERESIS AND ACUTE
+	{0x1E2F, 0x1E2F, prLower},     // L&       LATIN SMALL LETTER I WITH DIAERESIS AND ACUTE
+	{0x1E30, 0x1E30, prUpper},     // L&       LATIN CAPITAL LETTER K WITH ACUTE
+	{0x1E31, 0x1E31, prLower},     // L&       LATIN SMALL LETTER K WITH ACUTE
+	{0x1E32, 0x1E32, prUpper},     // L&       LATIN CAPITAL LETTER K WITH DOT BELOW
+	{0x1E33, 0x1E33, prLower},     // L&       LATIN SMALL LETTER K WITH DOT BELOW
+	{0x1E34, 0x1E34, prUpper},     // L&       LATIN CAPITAL LETTER K WITH LINE BELOW
+	{0x1E35, 0x1E35, prLower},     // L&       LATIN SMALL LETTER K WITH LINE BELOW
+	{0x1E36, 0x1E36, prUpper},     // L&       LATIN CAPITAL LETTER L WITH DOT BELOW
+	{0x1E37, 0x1E37, prLower},     // L&       LATIN SMALL LETTER L WITH DOT BELOW
+	{0x1E38, 0x1E38, prUpper},     // L&       LATIN CAPITAL LETTER L WITH DOT BELOW AND MACRON
+	{0x1E39, 0x1E39, prLower},     // L&       LATIN SMALL LETTER L WITH DOT BELOW AND MACRON
+	{0x1E3A, 0x1E3A, prUpper},     // L&       LATIN CAPITAL LETTER L WITH LINE BELOW
+	{0x1E3B, 0x1E3B, prLower},     // L&       LATIN SMALL LETTER L WITH LINE BELOW
+	{0x1E3C, 0x1E3C, prUpper},     // L&       LATIN CAPITAL LETTER L WITH CIRCUMFLEX BELOW
+	{0x1E3D, 0x1E3D, prLower},     // L&       LATIN SMALL LETTER L WITH CIRCUMFLEX BELOW
+	{0x1E3E, 0x1E3E, prUpper},     // L&       LATIN CAPITAL LETTER M WITH ACUTE
+	{0x1E3F, 0x1E3F, prLower},     // L&       LATIN SMALL LETTER M WITH ACUTE
+	{0x1E40, 0x1E40, prUpper},     // L&       LATIN CAPITAL LETTER M WITH DOT ABOVE
+	{0x1E41, 0x1E41, prLower},     // L&       LATIN SMALL LETTER M WITH DOT ABOVE
+	{0x1E42, 0x1E42, prUpper},     // L&       LATIN CAPITAL LETTER M WITH DOT BELOW
+	{0x1E43, 0x1E43, prLower},     // L&       LATIN SMALL LETTER M WITH DOT BELOW
+	{0x1E44, 0x1E44, prUpper},     // L&       LATIN CAPITAL LETTER N WITH DOT ABOVE
+	{0x1E45, 0x1E45, prLower},     // L&       LATIN SMALL LETTER N WITH DOT ABOVE
+	{0x1E46, 0x1E46, prUpper},     // L&       LATIN CAPITAL LETTER N WITH DOT BELOW
+	{0x1E47, 0x1E47, prLower},     // L&       LATIN SMALL LETTER N WITH DOT BELOW
+	{0x1E48, 0x1E48, prUpper},     // L&       LATIN CAPITAL LETTER N WITH LINE BELOW
+	{0x1E49, 0x1E49, prLower},     // L&       LATIN SMALL LETTER N WITH LINE BELOW
+	{0x1E4A, 0x1E4A, prUpper},     // L&       LATIN CAPITAL LETTER N WITH CIRCUMFLEX BELOW
+	{0x1E4B, 0x1E4B, prLower},     // L&       LATIN SMALL LETTER N WITH CIRCUMFLEX BELOW
+	{0x1E4C, 0x1E4C, prUpper},     // L&       LATIN CAPITAL LETTER O WITH TILDE AND ACUTE
+	{0x1E4D, 0x1E4D, prLower},     // L&       LATIN SMALL LETTER O WITH TILDE AND ACUTE
+	{0x1E4E, 0x1E4E, prUpper},     // L&       LATIN CAPITAL LETTER O WITH TILDE AND DIAERESIS
+	{0x1E4F, 0x1E4F, prLower},     // L&       LATIN SMALL LETTER O WITH TILDE AND DIAERESIS
+	{0x1E50, 0x1E50, prUpper},     // L&       LATIN CAPITAL LETTER O WITH MACRON AND GRAVE
+	{0x1E51, 0x1E51, prLower},     // L&       LATIN SMALL LETTER O WITH MACRON AND GRAVE
+	{0x1E52, 0x1E52, prUpper},     // L&       LATIN CAPITAL LETTER O WITH MACRON AND ACUTE
+	{0x1E53, 0x1E53, prLower},     // L&       LATIN SMALL LETTER O WITH MACRON AND ACUTE
+	{0x1E54, 0x1E54, prUpper},     // L&       LATIN CAPITAL LETTER P WITH ACUTE
+	{0x1E55, 0x1E55, prLower},     // L&       LATIN SMALL LETTER P WITH ACUTE
+	{0x1E56, 0x1E56, prUpper},     // L&       LATIN CAPITAL LETTER P WITH DOT ABOVE
+	{0x1E57, 0x1E57, prLower},     // L&       LATIN SMALL LETTER P WITH DOT ABOVE
+	{0x1E58, 0x1E58, prUpper},     // L&       LATIN CAPITAL LETTER R WITH DOT ABOVE
+	{0x1E59, 0x1E59, prLower},     // L&       LATIN SMALL LETTER R WITH DOT ABOVE
+	{0x1E5A, 0x1E5A, prUpper},     // L&       LATIN CAPITAL LETTER R WITH DOT BELOW
+	{0x1E5B, 0x1E5B, prLower},     // L&       LATIN SMALL LETTER R WITH DOT BELOW
+	{0x1E5C, 0x1E5C, prUpper},     // L&       LATIN CAPITAL LETTER R WITH DOT BELOW AND MACRON
+	{0x1E5D, 0x1E5D, prLower},     // L&       LATIN SMALL LETTER R WITH DOT BELOW AND MACRON
+	{0x1E5E, 0x1E5E, prUpper},     // L&       LATIN CAPITAL LETTER R WITH LINE BELOW
+	{0x1E5F, 0x1E5F, prLower},     // L&       LATIN SMALL LETTER R WITH LINE BELOW
+	{0x1E60, 0x1E60, prUpper},     // L&       LATIN CAPITAL LETTER S WITH DOT ABOVE
+	{0x1E61, 0x1E61, prLower},     // L&       LATIN SMALL LETTER S WITH DOT ABOVE
+	{0x1E62, 0x1E62, prUpper},     // L&       LATIN CAPITAL LETTER S WITH DOT BELOW
+	{0x1E63, 0x1E63, prLower},     // L&       LATIN SMALL LETTER S WITH DOT BELOW
+	{0x1E64, 0x1E64, prUpper},     // L&       LATIN CAPITAL LETTER S WITH ACUTE AND DOT ABOVE
+	{0x1E65, 0x1E65, prLower},     // L&       LATIN SMALL LETTER S WITH ACUTE AND DOT ABOVE
+	{0x1E66, 0x1E66, prUpper},     // L&       LATIN CAPITAL LETTER S WITH CARON AND DOT ABOVE
+	{0x1E67, 0x1E67, prLower},     // L&       LATIN SMALL LETTER S WITH CARON AND DOT ABOVE
+	{0x1E68, 0x1E68, prUpper},     // L&       LATIN CAPITAL LETTER S WITH DOT BELOW AND DOT ABOVE
+	{0x1E69, 0x1E69, prLower},     // L&       LATIN SMALL LETTER S WITH DOT BELOW AND DOT ABOVE
+	{0x1E6A, 0x1E6A, prUpper},     // L&       LATIN CAPITAL LETTER T WITH DOT ABOVE
+	{0x1E6B, 0x1E6B, prLower},     // L&       LATIN SMALL LETTER T WITH DOT ABOVE
+	{0x1E6C, 0x1E6C, prUpper},     // L&       LATIN CAPITAL LETTER T WITH DOT BELOW
+	{0x1E6D, 0x1E6D, prLower},     // L&       LATIN SMALL LETTER T WITH DOT BELOW
+	{0x1E6E, 0x1E6E, prUpper},     // L&       LATIN CAPITAL LETTER T WITH LINE BELOW
+	{0x1E6F, 0x1E6F, prLower},     // L&       LATIN SMALL LETTER T WITH LINE BELOW
+	{0x1E70, 0x1E70, prUpper},     // L&       LATIN CAPITAL LETTER T WITH CIRCUMFLEX BELOW
+	{0x1E71, 0x1E71, prLower},     // L&       LATIN SMALL LETTER T WITH CIRCUMFLEX BELOW
+	{0x1E72, 0x1E72, prUpper},     // L&       LATIN CAPITAL LETTER U WITH DIAERESIS BELOW
+	{0x1E73, 0x1E73, prLower},     // L&       LATIN SMALL LETTER U WITH DIAERESIS BELOW
+	{0x1E74, 0x1E74, prUpper},     // L&       LATIN CAPITAL LETTER U WITH TILDE BELOW
+	{0x1E75, 0x1E75, prLower},     // L&       LATIN SMALL LETTER U WITH TILDE BELOW
+	{0x1E76, 0x1E76, prUpper},     // L&       LATIN CAPITAL LETTER U WITH CIRCUMFLEX BELOW
+	{0x1E77, 0x1E77, prLower},     // L&       LATIN SMALL LETTER U WITH CIRCUMFLEX BELOW
+	{0x1E78, 0x1E78, prUpper},     // L&       LATIN CAPITAL LETTER U WITH TILDE AND ACUTE
+	{0x1E79, 0x1E79, prLower},     // L&       LATIN SMALL LETTER U WITH TILDE AND ACUTE
+	{0x1E7A, 0x1E7A, prUpper},     // L&       LATIN CAPITAL LETTER U WITH MACRON AND DIAERESIS
+	{0x1E7B, 0x1E7B, prLower},     // L&       LATIN SMALL LETTER U WITH MACRON AND DIAERESIS
+	{0x1E7C, 0x1E7C, prUpper},     // L&       LATIN CAPITAL LETTER V WITH TILDE
+	{0x1E7D, 0x1E7D, prLower},     // L&       LATIN SMALL LETTER V WITH TILDE
+	{0x1E7E, 0x1E7E, prUpper},     // L&       LATIN CAPITAL LETTER V WITH DOT BELOW
+	{0x1E7F, 0x1E7F, prLower},     // L&       LATIN SMALL LETTER V WITH DOT BELOW
+	{0x1E80, 0x1E80, prUpper},     // L&       LATIN CAPITAL LETTER W WITH GRAVE
+	{0x1E81, 0x1E81, prLower},     // L&       LATIN SMALL LETTER W WITH GRAVE
+	{0x1E82, 0x1E82, prUpper},     // L&       LATIN CAPITAL LETTER W WITH ACUTE
+	{0x1E83, 0x1E83, prLower},     // L&       LATIN SMALL LETTER W WITH ACUTE
+	{0x1E84, 0x1E84, prUpper},     // L&       LATIN CAPITAL LETTER W WITH DIAERESIS
+	{0x1E85, 0x1E85, prLower},     // L&       LATIN SMALL LETTER W WITH DIAERESIS
+	{0x1E86, 0x1E86, prUpper},     // L&       LATIN CAPITAL LETTER W WITH DOT ABOVE
+	{0x1E87, 0x1E87, prLower},     // L&       LATIN SMALL LETTER W WITH DOT ABOVE
+	{0x1E88, 0x1E88, prUpper},     // L&       LATIN CAPITAL LETTER W WITH DOT BELOW
+	{0x1E89, 0x1E89, prLower},     // L&       LATIN SMALL LETTER W WITH DOT BELOW
+	{0x1E8A, 0x1E8A, prUpper},     // L&       LATIN CAPITAL LETTER X WITH DOT ABOVE
+	{0x1E8B, 0x1E8B, prLower},     // L&       LATIN SMALL LETTER X WITH DOT ABOVE
+	{0x1E8C, 0x1E8C, prUpper},     // L&       LATIN CAPITAL LETTER X WITH DIAERESIS
+	{0x1E8D, 0x1E8D, prLower},     // L&       LATIN SMALL LETTER X WITH DIAERESIS
+	{0x1E8E, 0x1E8E, prUpper},     // L&       LATIN CAPITAL LETTER Y WITH DOT ABOVE
+	{0x1E8F, 0x1E8F, prLower},     // L&       LATIN SMALL LETTER Y WITH DOT ABOVE
+	{0x1E90, 0x1E90, prUpper},     // L&       LATIN CAPITAL LETTER Z WITH CIRCUMFLEX
+	{0x1E91, 0x1E91, prLower},     // L&       LATIN SMALL LETTER Z WITH CIRCUMFLEX
+	{0x1E92, 0x1E92, prUpper},     // L&       LATIN CAPITAL LETTER Z WITH DOT BELOW
+	{0x1E93, 0x1E93, prLower},     // L&       LATIN SMALL LETTER Z WITH DOT BELOW
+	{0x1E94, 0x1E94, prUpper},     // L&       LATIN CAPITAL LETTER Z WITH LINE BELOW
+	{0x1E95, 0x1E9D, prLower},     // L&   [9] LATIN SMALL LETTER Z WITH LINE BELOW..LATIN SMALL LETTER LONG S WITH HIGH STROKE
+	{0x1E9E, 0x1E9E, prUpper},     // L&       LATIN CAPITAL LETTER SHARP S
+	{0x1E9F, 0x1E9F, prLower},     // L&       LATIN SMALL LETTER DELTA
+	{0x1EA0, 0x1EA0, prUpper},     // L&       LATIN CAPITAL LETTER A WITH DOT BELOW
+	{0x1EA1, 0x1EA1, prLower},     // L&       LATIN SMALL LETTER A WITH DOT BELOW
+	{0x1EA2, 0x1EA2, prUpper},     // L&       LATIN CAPITAL LETTER A WITH HOOK ABOVE
+	{0x1EA3, 0x1EA3, prLower},     // L&       LATIN SMALL LETTER A WITH HOOK ABOVE
+	{0x1EA4, 0x1EA4, prUpper},     // L&       LATIN CAPITAL LETTER A WITH CIRCUMFLEX AND ACUTE
+	{0x1EA5, 0x1EA5, prLower},     // L&       LATIN SMALL LETTER A WITH CIRCUMFLEX AND ACUTE
+	{0x1EA6, 0x1EA6, prUpper},     // L&       LATIN CAPITAL LETTER A WITH CIRCUMFLEX AND GRAVE
+	{0x1EA7, 0x1EA7, prLower},     // L&       LATIN SMALL LETTER A WITH CIRCUMFLEX AND GRAVE
+	{0x1EA8, 0x1EA8, prUpper},     // L&       LATIN CAPITAL LETTER A WITH CIRCUMFLEX AND HOOK ABOVE
+	{0x1EA9, 0x1EA9, prLower},     // L&       LATIN SMALL LETTER A WITH CIRCUMFLEX AND HOOK ABOVE
+	{0x1EAA, 0x1EAA, prUpper},     // L&       LATIN CAPITAL LETTER A WITH CIRCUMFLEX AND TILDE
+	{0x1EAB, 0x1EAB, prLower},     // L&       LATIN SMALL LETTER A WITH CIRCUMFLEX AND TILDE
+	{0x1EAC, 0x1EAC, prUpper},     // L&       LATIN CAPITAL LETTER A WITH CIRCUMFLEX AND DOT BELOW
+	{0x1EAD, 0x1EAD, prLower},     // L&       LATIN SMALL LETTER A WITH CIRCUMFLEX AND DOT BELOW
+	{0x1EAE, 0x1EAE, prUpper},     // L&       LATIN CAPITAL LETTER A WITH BREVE AND ACUTE
+	{0x1EAF, 0x1EAF, prLower},     // L&       LATIN SMALL LETTER A WITH BREVE AND ACUTE
+	{0x1EB0, 0x1EB0, prUpper},     // L&       LATIN CAPITAL LETTER A WITH BREVE AND GRAVE
+	{0x1EB1, 0x1EB1, prLower},     // L&       LATIN SMALL LETTER A WITH BREVE AND GRAVE
+	{0x1EB2, 0x1EB2, prUpper},     // L&       LATIN CAPITAL LETTER A WITH BREVE AND HOOK ABOVE
+	{0x1EB3, 0x1EB3, prLower},     // L&       LATIN SMALL LETTER A WITH BREVE AND HOOK ABOVE
+	{0x1EB4, 0x1EB4, prUpper},     // L&       LATIN CAPITAL LETTER A WITH BREVE AND TILDE
+	{0x1EB5, 0x1EB5, prLower},     // L&       LATIN SMALL LETTER A WITH BREVE AND TILDE
+	{0x1EB6, 0x1EB6, prUpper},     // L&       LATIN CAPITAL LETTER A WITH BREVE AND DOT BELOW
+	{0x1EB7, 0x1EB7, prLower},     // L&       LATIN SMALL LETTER A WITH BREVE AND DOT BELOW
+	{0x1EB8, 0x1EB8, prUpper},     // L&       LATIN CAPITAL LETTER E WITH DOT BELOW
+	{0x1EB9, 0x1EB9, prLower},     // L&       LATIN SMALL LETTER E WITH DOT BELOW
+	{0x1EBA, 0x1EBA, prUpper},     // L&       LATIN CAPITAL LETTER E WITH HOOK ABOVE
+	{0x1EBB, 0x1EBB, prLower},     // L&       LATIN SMALL LETTER E WITH HOOK ABOVE
+	{0x1EBC, 0x1EBC, prUpper},     // L&       LATIN CAPITAL LETTER E WITH TILDE
+	{0x1EBD, 0x1EBD, prLower},     // L&       LATIN SMALL LETTER E WITH TILDE
+	{0x1EBE, 0x1EBE, prUpper},     // L&       LATIN CAPITAL LETTER E WITH CIRCUMFLEX AND ACUTE
+	{0x1EBF, 0x1EBF, prLower},     // L&       LATIN SMALL LETTER E WITH CIRCUMFLEX AND ACUTE
+	{0x1EC0, 0x1EC0, prUpper},     // L&       LATIN CAPITAL LETTER E WITH CIRCUMFLEX AND GRAVE
+	{0x1EC1, 0x1EC1, prLower},     // L&       LATIN SMALL LETTER E WITH CIRCUMFLEX AND GRAVE
+	{0x1EC2, 0x1EC2, prUpper},     // L&       LATIN CAPITAL LETTER E WITH CIRCUMFLEX AND HOOK ABOVE
+	{0x1EC3, 0x1EC3, prLower},     // L&       LATIN SMALL LETTER E WITH CIRCUMFLEX AND HOOK ABOVE
+	{0x1EC4, 0x1EC4, prUpper},     // L&       LATIN CAPITAL LETTER E WITH CIRCUMFLEX AND TILDE
+	{0x1EC5, 0x1EC5, prLower},     // L&       LATIN SMALL LETTER E WITH CIRCUMFLEX AND TILDE
+	{0x1EC6, 0x1EC6, prUpper},     // L&       LATIN CAPITAL LETTER E WITH CIRCUMFLEX AND DOT BELOW
+	{0x1EC7, 0x1EC7, prLower},     // L&       LATIN SMALL LETTER E WITH CIRCUMFLEX AND DOT BELOW
+	{0x1EC8, 0x1EC8, prUpper},     // L&       LATIN CAPITAL LETTER I WITH HOOK ABOVE
+	{0x1EC9, 0x1EC9, prLower},     // L&       LATIN SMALL LETTER I WITH HOOK ABOVE
+	{0x1ECA, 0x1ECA, prUpper},     // L&       LATIN CAPITAL LETTER I WITH DOT BELOW
+	{0x1ECB, 0x1ECB, prLower},     // L&       LATIN SMALL LETTER I WITH DOT BELOW
+	{0x1ECC, 0x1ECC, prUpper},     // L&       LATIN CAPITAL LETTER O WITH DOT BELOW
+	{0x1ECD, 0x1ECD, prLower},     // L&       LATIN SMALL LETTER O WITH DOT BELOW
+	{0x1ECE, 0x1ECE, prUpper},     // L&       LATIN CAPITAL LETTER O WITH HOOK ABOVE
+	{0x1ECF, 0x1ECF, prLower},     // L&       LATIN SMALL LETTER O WITH HOOK ABOVE
+	{0x1ED0, 0x1ED0, prUpper},     // L&       LATIN CAPITAL LETTER O WITH CIRCUMFLEX AND ACUTE
+	{0x1ED1, 0x1ED1, prLower},     // L&       LATIN SMALL LETTER O WITH CIRCUMFLEX AND ACUTE
+	{0x1ED2, 0x1ED2, prUpper},     // L&       LATIN CAPITAL LETTER O WITH CIRCUMFLEX AND GRAVE
+	{0x1ED3, 0x1ED3, prLower},     // L&       LATIN SMALL LETTER O WITH CIRCUMFLEX AND GRAVE
+	{0x1ED4, 0x1ED4, prUpper},     // L&       LATIN CAPITAL LETTER O WITH CIRCUMFLEX AND HOOK ABOVE
+	{0x1ED5, 0x1ED5, prLower},     // L&       LATIN SMALL LETTER O WITH CIRCUMFLEX AND HOOK ABOVE
+	{0x1ED6, 0x1ED6, prUpper},     // L&       LATIN CAPITAL LETTER O WITH CIRCUMFLEX AND TILDE
+	{0x1ED7, 0x1ED7, prLower},     // L&       LATIN SMALL LETTER O WITH CIRCUMFLEX AND TILDE
+	{0x1ED8, 0x1ED8, prUpper},     // L&       LATIN CAPITAL LETTER O WITH CIRCUMFLEX AND DOT BELOW
+	{0x1ED9, 0x1ED9, prLower},     // L&       LATIN SMALL LETTER O WITH CIRCUMFLEX AND DOT BELOW
+	{0x1EDA, 0x1EDA, prUpper},     // L&       LATIN CAPITAL LETTER O WITH HORN AND ACUTE
+	{0x1EDB, 0x1EDB, prLower},     // L&       LATIN SMALL LETTER O WITH HORN AND ACUTE
+	{0x1EDC, 0x1EDC, prUpper},     // L&       LATIN CAPITAL LETTER O WITH HORN AND GRAVE
+	{0x1EDD, 0x1EDD, prLower},     // L&       LATIN SMALL LETTER O WITH HORN AND GRAVE
+	{0x1EDE, 0x1EDE, prUpper},     // L&       LATIN CAPITAL LETTER O WITH HORN AND HOOK ABOVE
+	{0x1EDF, 0x1EDF, prLower},     // L&       LATIN SMALL LETTER O WITH HORN AND HOOK ABOVE
+	{0x1EE0, 0x1EE0, prUpper},     // L&       LATIN CAPITAL LETTER O WITH HORN AND TILDE
+	{0x1EE1, 0x1EE1, prLower},     // L&       LATIN SMALL LETTER O WITH HORN AND TILDE
+	{0x1EE2, 0x1EE2, prUpper},     // L&       LATIN CAPITAL LETTER O WITH HORN AND DOT BELOW
+	{0x1EE3, 0x1EE3, prLower},     // L&       LATIN SMALL LETTER O WITH HORN AND DOT BELOW
+	{0x1EE4, 0x1EE4, prUpper},     // L&       LATIN CAPITAL LETTER U WITH DOT BELOW
+	{0x1EE5, 0x1EE5, prLower},     // L&       LATIN SMALL LETTER U WITH DOT BELOW
+	{0x1EE6, 0x1EE6, prUpper},     // L&       LATIN CAPITAL LETTER U WITH HOOK ABOVE
+	{0x1EE7, 0x1EE7, prLower},     // L&       LATIN SMALL LETTER U WITH HOOK ABOVE
+	{0x1EE8, 0x1EE8, prUpper},     // L&       LATIN CAPITAL LETTER U WITH HORN AND ACUTE
+	{0x1EE9, 0x1EE9, prLower},     // L&       LATIN SMALL LETTER U WITH HORN AND ACUTE
+	{0x1EEA, 0x1EEA, prUpper},     // L&       LATIN CAPITAL LETTER U WITH HORN AND GRAVE
+	{0x1EEB, 0x1EEB, prLower},     // L&       LATIN SMALL LETTER U WITH HORN AND GRAVE
+	{0x1EEC, 0x1EEC, prUpper},     // L&       LATIN CAPITAL LETTER U WITH HORN AND HOOK ABOVE
+	{0x1EED, 0x1EED, prLower},     // L&       LATIN SMALL LETTER U WITH HORN AND HOOK ABOVE
+	{0x1EEE, 0x1EEE, prUpper},     // L&       LATIN CAPITAL LETTER U WITH HORN AND TILDE
+	{0x1EEF, 0x1EEF, prLower},     // L&       LATIN SMALL LETTER U WITH HORN AND TILDE
+	{0x1EF0, 0x1EF0, prUpper},     // L&       LATIN CAPITAL LETTER U WITH HORN AND DOT BELOW
+	{0x1EF1, 0x1EF1, prLower},     // L&       LATIN SMALL LETTER U WITH HORN AND DOT BELOW
+	{0x1EF2, 0x1EF2, prUpper},     // L&       LATIN CAPITAL LETTER Y WITH GRAVE
+	{0x1EF3, 0x1EF3, prLower},     // L&       LATIN SMALL LETTER Y WITH GRAVE
+	{0x1EF4, 0x1EF4, prUpper},     // L&       LATIN CAPITAL LETTER Y WITH DOT BELOW
+	{0x1EF5, 0x1EF5, prLower},     // L&       LATIN SMALL LETTER Y WITH DOT BELOW
+	{0x1EF6, 0x1EF6, prUpper},     // L&       LATIN CAPITAL LETTER Y WITH HOOK ABOVE
+	{0x1EF7, 0x1EF7, prLower},     // L&       LATIN SMALL LETTER Y WITH HOOK ABOVE
+	{0x1EF8, 0x1EF8, prUpper},     // L&       LATIN CAPITAL LETTER Y WITH TILDE
+	{0x1EF9, 0x1EF9, prLower},     // L&       LATIN SMALL LETTER Y WITH TILDE
+	{0x1EFA, 0x1EFA, prUpper},     // L&       LATIN CAPITAL LETTER MIDDLE-WELSH LL
+	{0x1EFB, 0x1EFB, prLower},     // L&       LATIN SMALL LETTER MIDDLE-WELSH LL
+	{0x1EFC, 0x1EFC, prUpper},     // L&       LATIN CAPITAL LETTER MIDDLE-WELSH V
+	{0x1EFD, 0x1EFD, prLower},     // L&       LATIN SMALL LETTER MIDDLE-WELSH V
+	{0x1EFE, 0x1EFE, prUpper},     // L&       LATIN CAPITAL LETTER Y WITH LOOP
+	{0x1EFF, 0x1F07, prLower},     // L&   [9] LATIN SMALL LETTER Y WITH LOOP..GREEK SMALL LETTER ALPHA WITH DASIA AND PERISPOMENI
+	{0x1F08, 0x1F0F, prUpper},     // L&   [8] GREEK CAPITAL LETTER ALPHA WITH PSILI..GREEK CAPITAL LETTER ALPHA WITH DASIA AND PERISPOMENI
+	{0x1F10, 0x1F15, prLower},     // L&   [6] GREEK SMALL LETTER EPSILON WITH PSILI..GREEK SMALL LETTER EPSILON WITH DASIA AND OXIA
+	{0x1F18, 0x1F1D, prUpper},     // L&   [6] GREEK CAPITAL LETTER EPSILON WITH PSILI..GREEK CAPITAL LETTER EPSILON WITH DASIA AND OXIA
+	{0x1F20, 0x1F27, prLower},     // L&   [8] GREEK SMALL LETTER ETA WITH PSILI..GREEK SMALL LETTER ETA WITH DASIA AND PERISPOMENI
+	{0x1F28, 0x1F2F, prUpper},     // L&   [8] GREEK CAPITAL LETTER ETA WITH PSILI..GREEK CAPITAL LETTER ETA WITH DASIA AND PERISPOMENI
+	{0x1F30, 0x1F37, prLower},     // L&   [8] GREEK SMALL LETTER IOTA WITH PSILI..GREEK SMALL LETTER IOTA WITH DASIA AND PERISPOMENI
+	{0x1F38, 0x1F3F, prUpper},     // L&   [8] GREEK CAPITAL LETTER IOTA WITH PSILI..GREEK CAPITAL LETTER IOTA WITH DASIA AND PERISPOMENI
+	{0x1F40, 0x1F45, prLower},     // L&   [6] GREEK SMALL LETTER OMICRON WITH PSILI..GREEK SMALL LETTER OMICRON WITH DASIA AND OXIA
+	{0x1F48, 0x1F4D, prUpper},     // L&   [6] GREEK CAPITAL LETTER OMICRON WITH PSILI..GREEK CAPITAL LETTER OMICRON WITH DASIA AND OXIA
+	{0x1F50, 0x1F57, prLower},     // L&   [8] GREEK SMALL LETTER UPSILON WITH PSILI..GREEK SMALL LETTER UPSILON WITH DASIA AND PERISPOMENI
+	{0x1F59, 0x1F59, prUpper},     // L&       GREEK CAPITAL LETTER UPSILON WITH DASIA
+	{0x1F5B, 0x1F5B, prUpper},     // L&       GREEK CAPITAL LETTER UPSILON WITH DASIA AND VARIA
+	{0x1F5D, 0x1F5D, prUpper},     // L&       GREEK CAPITAL LETTER UPSILON WITH DASIA AND OXIA
+	{0x1F5F, 0x1F5F, prUpper},     // L&       GREEK CAPITAL LETTER UPSILON WITH DASIA AND PERISPOMENI
+	{0x1F60, 0x1F67, prLower},     // L&   [8] GREEK SMALL LETTER OMEGA WITH PSILI..GREEK SMALL LETTER OMEGA WITH DASIA AND PERISPOMENI
+	{0x1F68, 0x1F6F, prUpper},     // L&   [8] GREEK CAPITAL LETTER OMEGA WITH PSILI..GREEK CAPITAL LETTER OMEGA WITH DASIA AND PERISPOMENI
+	{0x1F70, 0x1F7D, prLower},     // L&  [14] GREEK SMALL LETTER ALPHA WITH VARIA..GREEK SMALL LETTER OMEGA WITH OXIA
+	{0x1F80, 0x1F87, prLower},     // L&   [8] GREEK SMALL LETTER ALPHA WITH PSILI AND YPOGEGRAMMENI..GREEK SMALL LETTER ALPHA WITH DASIA AND PERISPOMENI AND YPOGEGRAMMENI
+	{0x1F88, 0x1F8F, prUpper},     // L&   [8] GREEK CAPITAL LETTER ALPHA WITH PSILI AND PROSGEGRAMMENI..GREEK CAPITAL LETTER ALPHA WITH DASIA AND PERISPOMENI AND PROSGEGRAMMENI
+	{0x1F90, 0x1F97, prLower},     // L&   [8] GREEK SMALL LETTER ETA WITH PSILI AND YPOGEGRAMMENI..GREEK SMALL LETTER ETA WITH DASIA AND PERISPOMENI AND YPOGEGRAMMENI
+	{0x1F98, 0x1F9F, prUpper},     // L&   [8] GREEK CAPITAL LETTER ETA WITH PSILI AND PROSGEGRAMMENI..GREEK CAPITAL LETTER ETA WITH DASIA AND PERISPOMENI AND PROSGEGRAMMENI
+	{0x1FA0, 0x1FA7, prLower},     // L&   [8] GREEK SMALL LETTER OMEGA WITH PSILI AND YPOGEGRAMMENI..GREEK SMALL LETTER OMEGA WITH DASIA AND PERISPOMENI AND YPOGEGRAMMENI
+	{0x1FA8, 0x1FAF, prUpper},     // L&   [8] GREEK CAPITAL LETTER OMEGA WITH PSILI AND PROSGEGRAMMENI..GREEK CAPITAL LETTER OMEGA WITH DASIA AND PERISPOMENI AND PROSGEGRAMMENI
+	{0x1FB0, 0x1FB4, prLower},     // L&   [5] GREEK SMALL LETTER ALPHA WITH VRACHY..GREEK SMALL LETTER ALPHA WITH OXIA AND YPOGEGRAMMENI
+	{0x1FB6, 0x1FB7, prLower},     // L&   [2] GREEK SMALL LETTER ALPHA WITH PERISPOMENI..GREEK SMALL LETTER ALPHA WITH PERISPOMENI AND YPOGEGRAMMENI
+	{0x1FB8, 0x1FBC, prUpper},     // L&   [5] GREEK CAPITAL LETTER ALPHA WITH VRACHY..GREEK CAPITAL LETTER ALPHA WITH PROSGEGRAMMENI
+	{0x1FBE, 0x1FBE, prLower},     // L&       GREEK PROSGEGRAMMENI
+	{0x1FC2, 0x1FC4, prLower},     // L&   [3] GREEK SMALL LETTER ETA WITH VARIA AND YPOGEGRAMMENI..GREEK SMALL LETTER ETA WITH OXIA AND YPOGEGRAMMENI
+	{0x1FC6, 0x1FC7, prLower},     // L&   [2] GREEK SMALL LETTER ETA WITH PERISPOMENI..GREEK SMALL LETTER ETA WITH PERISPOMENI AND YPOGEGRAMMENI
+	{0x1FC8, 0x1FCC, prUpper},     // L&   [5] GREEK CAPITAL LETTER EPSILON WITH VARIA..GREEK CAPITAL LETTER ETA WITH PROSGEGRAMMENI
+	{0x1FD0, 0x1FD3, prLower},     // L&   [4] GREEK SMALL LETTER IOTA WITH VRACHY..GREEK SMALL LETTER IOTA WITH DIALYTIKA AND OXIA
+	{0x1FD6, 0x1FD7, prLower},     // L&   [2] GREEK SMALL LETTER IOTA WITH PERISPOMENI..GREEK SMALL LETTER IOTA WITH DIALYTIKA AND PERISPOMENI
+	{0x1FD8, 0x1FDB, prUpper},     // L&   [4] GREEK CAPITAL LETTER IOTA WITH VRACHY..GREEK CAPITAL LETTER IOTA WITH OXIA
+	{0x1FE0, 0x1FE7, prLower},     // L&   [8] GREEK SMALL LETTER UPSILON WITH VRACHY..GREEK SMALL LETTER UPSILON WITH DIALYTIKA AND PERISPOMENI
+	{0x1FE8, 0x1FEC, prUpper},     // L&   [5] GREEK CAPITAL LETTER UPSILON WITH VRACHY..GREEK CAPITAL LETTER RHO WITH DASIA
+	{0x1FF2, 0x1FF4, prLower},     // L&   [3] GREEK SMALL LETTER OMEGA WITH VARIA AND YPOGEGRAMMENI..GREEK SMALL LETTER OMEGA WITH OXIA AND YPOGEGRAMMENI
+	{0x1FF6, 0x1FF7, prLower},     // L&   [2] GREEK SMALL LETTER OMEGA WITH PERISPOMENI..GREEK SMALL LETTER OMEGA WITH PERISPOMENI AND YPOGEGRAMMENI
+	{0x1FF8, 0x1FFC, prUpper},     // L&   [5] GREEK CAPITAL LETTER OMICRON WITH VARIA..GREEK CAPITAL LETTER OMEGA WITH PROSGEGRAMMENI
+	{0x2000, 0x200A, prSp},        // Zs  [11] EN QUAD..HAIR SPACE
+	{0x200B, 0x200B, prFormat},    // Cf       ZERO WIDTH SPACE
+	{0x200C, 0x200D, prExtend},    // Cf   [2] ZERO WIDTH NON-JOINER..ZERO WIDTH JOINER
+	{0x200E, 0x200F, prFormat},    // Cf   [2] LEFT-TO-RIGHT MARK..RIGHT-TO-LEFT MARK
+	{0x2013, 0x2014, prSContinue}, // Pd   [2] EN DASH..EM DASH
+	{0x2018, 0x2018, prClose},     // Pi       LEFT SINGLE QUOTATION MARK
+	{0x2019, 0x2019, prClose},     // Pf       RIGHT SINGLE QUOTATION MARK
+	{0x201A, 0x201A, prClose},     // Ps       SINGLE LOW-9 QUOTATION MARK
+	{0x201B, 0x201C, prClose},     // Pi   [2] SINGLE HIGH-REVERSED-9 QUOTATION MARK..LEFT DOUBLE QUOTATION MARK
+	{0x201D, 0x201D, prClose},     // Pf       RIGHT DOUBLE QUOTATION MARK
+	{0x201E, 0x201E, prClose},     // Ps       DOUBLE LOW-9 QUOTATION MARK
+	{0x201F, 0x201F, prClose},     // Pi       DOUBLE HIGH-REVERSED-9 QUOTATION MARK
+	{0x2024, 0x2024, prATerm},     // Po       ONE DOT LEADER
+	{0x2028, 0x2028, prSep},       // Zl       LINE SEPARATOR
+	{0x2029, 0x2029, prSep},       // Zp       PARAGRAPH SEPARATOR
+	{0x202A, 0x202E, prFormat},    // Cf   [5] LEFT-TO-RIGHT EMBEDDING..RIGHT-TO-LEFT OVERRIDE
+	{0x202F, 0x202F, prSp},        // Zs       NARROW NO-BREAK SPACE
+	{0x2039, 0x2039, prClose},     // Pi       SINGLE LEFT-POINTING ANGLE QUOTATION MARK
+	{0x203A, 0x203A, prClose},     // Pf       SINGLE RIGHT-POINTING ANGLE QUOTATION MARK
+	{0x203C, 0x203D, prSTerm},     // Po   [2] DOUBLE EXCLAMATION MARK..INTERROBANG
+	{0x2045, 0x2045, prClose},     // Ps       LEFT SQUARE BRACKET WITH QUILL
+	{0x2046, 0x2046, prClose},     // Pe       RIGHT SQUARE BRACKET WITH QUILL
+	{0x2047, 0x2049, prSTerm},     // Po   [3] DOUBLE QUESTION MARK..EXCLAMATION QUESTION MARK
+	{0x205F, 0x205F, prSp},        // Zs       MEDIUM MATHEMATICAL SPACE
+	{0x2060, 0x2064, prFormat},    // Cf   [5] WORD JOINER..INVISIBLE PLUS
+	{0x2066, 0x206F, prFormat},    // Cf  [10] LEFT-TO-RIGHT ISOLATE..NOMINAL DIGIT SHAPES
+	{0x2071, 0x2071, prLower},     // Lm       SUPERSCRIPT LATIN SMALL LETTER I
+	{0x207D, 0x207D, prClose},     // Ps       SUPERSCRIPT LEFT PARENTHESIS
+	{0x207E, 0x207E, prClose},     // Pe       SUPERSCRIPT RIGHT PARENTHESIS
+	{0x207F, 0x207F, prLower},     // Lm       SUPERSCRIPT LATIN SMALL LETTER N
+	{0x208D, 0x208D, prClose},     // Ps       SUBSCRIPT LEFT PARENTHESIS
+	{0x208E, 0x208E, prClose},     // Pe       SUBSCRIPT RIGHT PARENTHESIS
+	{0x2090, 0x209C, prLower},     // Lm  [13] LATIN SUBSCRIPT SMALL LETTER A..LATIN SUBSCRIPT SMALL LETTER T
+	{0x20D0, 0x20DC, prExtend},    // Mn  [13] COMBINING LEFT HARPOON ABOVE..COMBINING FOUR DOTS ABOVE
+	{0x20DD, 0x20E0, prExtend},    // Me   [4] COMBINING ENCLOSING CIRCLE..COMBINING ENCLOSING CIRCLE BACKSLASH
+	{0x20E1, 0x20E1, prExtend},    // Mn       COMBINING LEFT RIGHT ARROW ABOVE
+	{0x20E2, 0x20E4, prExtend},    // Me   [3] COMBINING ENCLOSING SCREEN..COMBINING ENCLOSING UPWARD POINTING TRIANGLE
+	{0x20E5, 0x20F0, prExtend},    // Mn  [12] COMBINING REVERSE SOLIDUS OVERLAY..COMBINING ASTERISK ABOVE
+	{0x2102, 0x2102, prUpper},     // L&       DOUBLE-STRUCK CAPITAL C
+	{0x2107, 0x2107, prUpper},     // L&       EULER CONSTANT
+	{0x210A, 0x210A, prLower},     // L&       SCRIPT SMALL G
+	{0x210B, 0x210D, prUpper},     // L&   [3] SCRIPT CAPITAL H..DOUBLE-STRUCK CAPITAL H
+	{0x210E, 0x210F, prLower},     // L&   [2] PLANCK CONSTANT..PLANCK CONSTANT OVER TWO PI
+	{0x2110, 0x2112, prUpper},     // L&   [3] SCRIPT CAPITAL I..SCRIPT CAPITAL L
+	{0x2113, 0x2113, prLower},     // L&       SCRIPT SMALL L
+	{0x2115, 0x2115, prUpper},     // L&       DOUBLE-STRUCK CAPITAL N
+	{0x2119, 0x211D, prUpper},     // L&   [5] DOUBLE-STRUCK CAPITAL P..DOUBLE-STRUCK CAPITAL R
+	{0x2124, 0x2124, prUpper},     // L&       DOUBLE-STRUCK CAPITAL Z
+	{0x2126, 0x2126, prUpper},     // L&       OHM SIGN
+	{0x2128, 0x2128, prUpper},     // L&       BLACK-LETTER CAPITAL Z
+	{0x212A, 0x212D, prUpper},     // L&   [4] KELVIN SIGN..BLACK-LETTER CAPITAL C
+	{0x212F, 0x212F, prLower},     // L&       SCRIPT SMALL E
+	{0x2130, 0x2133, prUpper},     // L&   [4] SCRIPT CAPITAL E..SCRIPT CAPITAL M
+	{0x2134, 0x2134, prLower},     // L&       SCRIPT SMALL O
+	{0x2135, 0x2138, prOLetter},   // Lo   [4] ALEF SYMBOL..DALET SYMBOL
+	{0x2139, 0x2139, prLower},     // L&       INFORMATION SOURCE
+	{0x213C, 0x213D, prLower},     // L&   [2] DOUBLE-STRUCK SMALL PI..DOUBLE-STRUCK SMALL GAMMA
+	{0x213E, 0x213F, prUpper},     // L&   [2] DOUBLE-STRUCK CAPITAL GAMMA..DOUBLE-STRUCK CAPITAL PI
+	{0x2145, 0x2145, prUpper},     // L&       DOUBLE-STRUCK ITALIC CAPITAL D
+	{0x2146, 0x2149, prLower},     // L&   [4] DOUBLE-STRUCK ITALIC SMALL D..DOUBLE-STRUCK ITALIC SMALL J
+	{0x214E, 0x214E, prLower},     // L&       TURNED SMALL F
+	{0x2160, 0x216F, prUpper},     // Nl  [16] ROMAN NUMERAL ONE..ROMAN NUMERAL ONE THOUSAND
+	{0x2170, 0x217F, prLower},     // Nl  [16] SMALL ROMAN NUMERAL ONE..SMALL ROMAN NUMERAL ONE THOUSAND
+	{0x2180, 0x2182, prOLetter},   // Nl   [3] ROMAN NUMERAL ONE THOUSAND C D..ROMAN NUMERAL TEN THOUSAND
+	{0x2183, 0x2183, prUpper},     // L&       ROMAN NUMERAL REVERSED ONE HUNDRED
+	{0x2184, 0x2184, prLower},     // L&       LATIN SMALL LETTER REVERSED C
+	{0x2185, 0x2188, prOLetter},   // Nl   [4] ROMAN NUMERAL SIX LATE FORM..ROMAN NUMERAL ONE HUNDRED THOUSAND
+	{0x2308, 0x2308, prClose},     // Ps       LEFT CEILING
+	{0x2309, 0x2309, prClose},     // Pe       RIGHT CEILING
+	{0x230A, 0x230A, prClose},     // Ps       LEFT FLOOR
+	{0x230B, 0x230B, prClose},     // Pe       RIGHT FLOOR
+	{0x2329, 0x2329, prClose},     // Ps       LEFT-POINTING ANGLE BRACKET
+	{0x232A, 0x232A, prClose},     // Pe       RIGHT-POINTING ANGLE BRACKET
+	{0x24B6, 0x24CF, prUpper},     // So  [26] CIRCLED LATIN CAPITAL LETTER A..CIRCLED LATIN CAPITAL LETTER Z
+	{0x24D0, 0x24E9, prLower},     // So  [26] CIRCLED LATIN SMALL LETTER A..CIRCLED LATIN SMALL LETTER Z
+	{0x275B, 0x2760, prClose},     // So   [6] HEAVY SINGLE TURNED COMMA QUOTATION MARK ORNAMENT..HEAVY LOW DOUBLE COMMA QUOTATION MARK ORNAMENT
+	{0x2768, 0x2768, prClose},     // Ps       MEDIUM LEFT PARENTHESIS ORNAMENT
+	{0x2769, 0x2769, prClose},     // Pe       MEDIUM RIGHT PARENTHESIS ORNAMENT
+	{0x276A, 0x276A, prClose},     // Ps       MEDIUM FLATTENED LEFT PARENTHESIS ORNAMENT
+	{0x276B, 0x276B, prClose},     // Pe       MEDIUM FLATTENED RIGHT PARENTHESIS ORNAMENT
+	{0x276C, 0x276C, prClose},     // Ps       MEDIUM LEFT-POINTING ANGLE BRACKET ORNAMENT
+	{0x276D, 0x276D, prClose},     // Pe       MEDIUM RIGHT-POINTING ANGLE BRACKET ORNAMENT
+	{0x276E, 0x276E, prClose},     // Ps       HEAVY LEFT-POINTING ANGLE QUOTATION MARK ORNAMENT
+	{0x276F, 0x276F, prClose},     // Pe       HEAVY RIGHT-POINTING ANGLE QUOTATION MARK ORNAMENT
+	{0x2770, 0x2770, prClose},     // Ps       HEAVY LEFT-POINTING ANGLE BRACKET ORNAMENT
+	{0x2771, 0x2771, prClose},     // Pe       HEAVY RIGHT-POINTING ANGLE BRACKET ORNAMENT
+	{0x2772, 0x2772, prClose},     // Ps       LIGHT LEFT TORTOISE SHELL BRACKET ORNAMENT
+	{0x2773, 0x2773, prClose},     // Pe       LIGHT RIGHT TORTOISE SHELL BRACKET ORNAMENT
+	{0x2774, 0x2774, prClose},     // Ps       MEDIUM LEFT CURLY BRACKET ORNAMENT
+	{0x2775, 0x2775, prClose},     // Pe       MEDIUM RIGHT CURLY BRACKET ORNAMENT
+	{0x27C5, 0x27C5, prClose},     // Ps       LEFT S-SHAPED BAG DELIMITER
+	{0x27C6, 0x27C6, prClose},     // Pe       RIGHT S-SHAPED BAG DELIMITER
+	{0x27E6, 0x27E6, prClose},     // Ps       MATHEMATICAL LEFT WHITE SQUARE BRACKET
+	{0x27E7, 0x27E7, prClose},     // Pe       MATHEMATICAL RIGHT WHITE SQUARE BRACKET
+	{0x27E8, 0x27E8, prClose},     // Ps       MATHEMATICAL LEFT ANGLE BRACKET
+	{0x27E9, 0x27E9, prClose},     // Pe       MATHEMATICAL RIGHT ANGLE BRACKET
+	{0x27EA, 0x27EA, prClose},     // Ps       MATHEMATICAL LEFT DOUBLE ANGLE BRACKET
+	{0x27EB, 0x27EB, prClose},     // Pe       MATHEMATICAL RIGHT DOUBLE ANGLE BRACKET
+	{0x27EC, 0x27EC, prClose},     // Ps       MATHEMATICAL LEFT WHITE TORTOISE SHELL BRACKET
+	{0x27ED, 0x27ED, prClose},     // Pe       MATHEMATICAL RIGHT WHITE TORTOISE SHELL BRACKET
+	{0x27EE, 0x27EE, prClose},     // Ps       MATHEMATICAL LEFT FLATTENED PARENTHESIS
+	{0x27EF, 0x27EF, prClose},     // Pe       MATHEMATICAL RIGHT FLATTENED PARENTHESIS
+	{0x2983, 0x2983, prClose},     // Ps       LEFT WHITE CURLY BRACKET
+	{0x2984, 0x2984, prClose},     // Pe       RIGHT WHITE CURLY BRACKET
+	{0x2985, 0x2985, prClose},     // Ps       LEFT WHITE PARENTHESIS
+	{0x2986, 0x2986, prClose},     // Pe       RIGHT WHITE PARENTHESIS
+	{0x2987, 0x2987, prClose},     // Ps       Z NOTATION LEFT IMAGE BRACKET
+	{0x2988, 0x2988, prClose},     // Pe       Z NOTATION RIGHT IMAGE BRACKET
+	{0x2989, 0x2989, prClose},     // Ps       Z NOTATION LEFT BINDING BRACKET
+	{0x298A, 0x298A, prClose},     // Pe       Z NOTATION RIGHT BINDING BRACKET
+	{0x298B, 0x298B, prClose},     // Ps       LEFT SQUARE BRACKET WITH UNDERBAR
+	{0x298C, 0x298C, prClose},     // Pe       RIGHT SQUARE BRACKET WITH UNDERBAR
+	{0x298D, 0x298D, prClose},     // Ps       LEFT SQUARE BRACKET WITH TICK IN TOP CORNER
+	{0x298E, 0x298E, prClose},     // Pe       RIGHT SQUARE BRACKET WITH TICK IN BOTTOM CORNER
+	{0x298F, 0x298F, prClose},     // Ps       LEFT SQUARE BRACKET WITH TICK IN BOTTOM CORNER
+	{0x2990, 0x2990, prClose},     // Pe       RIGHT SQUARE BRACKET WITH TICK IN TOP CORNER
+	{0x2991, 0x2991, prClose},     // Ps       LEFT ANGLE BRACKET WITH DOT
+	{0x2992, 0x2992, prClose},     // Pe       RIGHT ANGLE BRACKET WITH DOT
+	{0x2993, 0x2993, prClose},     // Ps       LEFT ARC LESS-THAN BRACKET
+	{0x2994, 0x2994, prClose},     // Pe       RIGHT ARC GREATER-THAN BRACKET
+	{0x2995, 0x2995, prClose},     // Ps       DOUBLE LEFT ARC GREATER-THAN BRACKET
+	{0x2996, 0x2996, prClose},     // Pe       DOUBLE RIGHT ARC LESS-THAN BRACKET
+	{0x2997, 0x2997, prClose},     // Ps       LEFT BLACK TORTOISE SHELL BRACKET
+	{0x2998, 0x2998, prClose},     // Pe       RIGHT BLACK TORTOISE SHELL BRACKET
+	{0x29D8, 0x29D8, prClose},     // Ps       LEFT WIGGLY FENCE
+	{0x29D9, 0x29D9, prClose},     // Pe       RIGHT WIGGLY FENCE
+	{0x29DA, 0x29DA, prClose},     // Ps       LEFT DOUBLE WIGGLY FENCE
+	{0x29DB, 0x29DB, prClose},     // Pe       RIGHT DOUBLE WIGGLY FENCE
+	{0x29FC, 0x29FC, prClose},     // Ps       LEFT-POINTING CURVED ANGLE BRACKET
+	{0x29FD, 0x29FD, prClose},     // Pe       RIGHT-POINTING CURVED ANGLE BRACKET
+	{0x2C00, 0x2C2F, prUpper},     // L&  [48] GLAGOLITIC CAPITAL LETTER AZU..GLAGOLITIC CAPITAL LETTER CAUDATE CHRIVI
+	{0x2C30, 0x2C5F, prLower},     // L&  [48] GLAGOLITIC SMALL LETTER AZU..GLAGOLITIC SMALL LETTER CAUDATE CHRIVI
+	{0x2C60, 0x2C60, prUpper},     // L&       LATIN CAPITAL LETTER L WITH DOUBLE BAR
+	{0x2C61, 0x2C61, prLower},     // L&       LATIN SMALL LETTER L WITH DOUBLE BAR
+	{0x2C62, 0x2C64, prUpper},     // L&   [3] LATIN CAPITAL LETTER L WITH MIDDLE TILDE..LATIN CAPITAL LETTER R WITH TAIL
+	{0x2C65, 0x2C66, prLower},     // L&   [2] LATIN SMALL LETTER A WITH STROKE..LATIN SMALL LETTER T WITH DIAGONAL STROKE
+	{0x2C67, 0x2C67, prUpper},     // L&       LATIN CAPITAL LETTER H WITH DESCENDER
+	{0x2C68, 0x2C68, prLower},     // L&       LATIN SMALL LETTER H WITH DESCENDER
+	{0x2C69, 0x2C69, prUpper},     // L&       LATIN CAPITAL LETTER K WITH DESCENDER
+	{0x2C6A, 0x2C6A, prLower},     // L&       LATIN SMALL LETTER K WITH DESCENDER
+	{0x2C6B, 0x2C6B, prUpper},     // L&       LATIN CAPITAL LETTER Z WITH DESCENDER
+	{0x2C6C, 0x2C6C, prLower},     // L&       LATIN SMALL LETTER Z WITH DESCENDER
+	{0x2C6D, 0x2C70, prUpper},     // L&   [4] LATIN CAPITAL LETTER ALPHA..LATIN CAPITAL LETTER TURNED ALPHA
+	{0x2C71, 0x2C71, prLower},     // L&       LATIN SMALL LETTER V WITH RIGHT HOOK
+	{0x2C72, 0x2C72, prUpper},     // L&       LATIN CAPITAL LETTER W WITH HOOK
+	{0x2C73, 0x2C74, prLower},     // L&   [2] LATIN SMALL LETTER W WITH HOOK..LATIN SMALL LETTER V WITH CURL
+	{0x2C75, 0x2C75, prUpper},     // L&       LATIN CAPITAL LETTER HALF H
+	{0x2C76, 0x2C7B, prLower},     // L&   [6] LATIN SMALL LETTER HALF H..LATIN LETTER SMALL CAPITAL TURNED E
+	{0x2C7C, 0x2C7D, prLower},     // Lm   [2] LATIN SUBSCRIPT SMALL LETTER J..MODIFIER LETTER CAPITAL V
+	{0x2C7E, 0x2C80, prUpper},     // L&   [3] LATIN CAPITAL LETTER S WITH SWASH TAIL..COPTIC CAPITAL LETTER ALFA
+	{0x2C81, 0x2C81, prLower},     // L&       COPTIC SMALL LETTER ALFA
+	{0x2C82, 0x2C82, prUpper},     // L&       COPTIC CAPITAL LETTER VIDA
+	{0x2C83, 0x2C83, prLower},     // L&       COPTIC SMALL LETTER VIDA
+	{0x2C84, 0x2C84, prUpper},     // L&       COPTIC CAPITAL LETTER GAMMA
+	{0x2C85, 0x2C85, prLower},     // L&       COPTIC SMALL LETTER GAMMA
+	{0x2C86, 0x2C86, prUpper},     // L&       COPTIC CAPITAL LETTER DALDA
+	{0x2C87, 0x2C87, prLower},     // L&       COPTIC SMALL LETTER DALDA
+	{0x2C88, 0x2C88, prUpper},     // L&       COPTIC CAPITAL LETTER EIE
+	{0x2C89, 0x2C89, prLower},     // L&       COPTIC SMALL LETTER EIE
+	{0x2C8A, 0x2C8A, prUpper},     // L&       COPTIC CAPITAL LETTER SOU
+	{0x2C8B, 0x2C8B, prLower},     // L&       COPTIC SMALL LETTER SOU
+	{0x2C8C, 0x2C8C, prUpper},     // L&       COPTIC CAPITAL LETTER ZATA
+	{0x2C8D, 0x2C8D, prLower},     // L&       COPTIC SMALL LETTER ZATA
+	{0x2C8E, 0x2C8E, prUpper},     // L&       COPTIC CAPITAL LETTER HATE
+	{0x2C8F, 0x2C8F, prLower},     // L&       COPTIC SMALL LETTER HATE
+	{0x2C90, 0x2C90, prUpper},     // L&       COPTIC CAPITAL LETTER THETHE
+	{0x2C91, 0x2C91, prLower},     // L&       COPTIC SMALL LETTER THETHE
+	{0x2C92, 0x2C92, prUpper},     // L&       COPTIC CAPITAL LETTER IAUDA
+	{0x2C93, 0x2C93, prLower},     // L&       COPTIC SMALL LETTER IAUDA
+	{0x2C94, 0x2C94, prUpper},     // L&       COPTIC CAPITAL LETTER KAPA
+	{0x2C95, 0x2C95, prLower},     // L&       COPTIC SMALL LETTER KAPA
+	{0x2C96, 0x2C96, prUpper},     // L&       COPTIC CAPITAL LETTER LAULA
+	{0x2C97, 0x2C97, prLower},     // L&       COPTIC SMALL LETTER LAULA
+	{0x2C98, 0x2C98, prUpper},     // L&       COPTIC CAPITAL LETTER MI
+	{0x2C99, 0x2C99, prLower},     // L&       COPTIC SMALL LETTER MI
+	{0x2C9A, 0x2C9A, prUpper},     // L&       COPTIC CAPITAL LETTER NI
+	{0x2C9B, 0x2C9B, prLower},     // L&       COPTIC SMALL LETTER NI
+	{0x2C9C, 0x2C9C, prUpper},     // L&       COPTIC CAPITAL LETTER KSI
+	{0x2C9D, 0x2C9D, prLower},     // L&       COPTIC SMALL LETTER KSI
+	{0x2C9E, 0x2C9E, prUpper},     // L&       COPTIC CAPITAL LETTER O
+	{0x2C9F, 0x2C9F, prLower},     // L&       COPTIC SMALL LETTER O
+	{0x2CA0, 0x2CA0, prUpper},     // L&       COPTIC CAPITAL LETTER PI
+	{0x2CA1, 0x2CA1, prLower},     // L&       COPTIC SMALL LETTER PI
+	{0x2CA2, 0x2CA2, prUpper},     // L&       COPTIC CAPITAL LETTER RO
+	{0x2CA3, 0x2CA3, prLower},     // L&       COPTIC SMALL LETTER RO
+	{0x2CA4, 0x2CA4, prUpper},     // L&       COPTIC CAPITAL LETTER SIMA
+	{0x2CA5, 0x2CA5, prLower},     // L&       COPTIC SMALL LETTER SIMA
+	{0x2CA6, 0x2CA6, prUpper},     // L&       COPTIC CAPITAL LETTER TAU
+	{0x2CA7, 0x2CA7, prLower},     // L&       COPTIC SMALL LETTER TAU
+	{0x2CA8, 0x2CA8, prUpper},     // L&       COPTIC CAPITAL LETTER UA
+	{0x2CA9, 0x2CA9, prLower},     // L&       COPTIC SMALL LETTER UA
+	{0x2CAA, 0x2CAA, prUpper},     // L&       COPTIC CAPITAL LETTER FI
+	{0x2CAB, 0x2CAB, prLower},     // L&       COPTIC SMALL LETTER FI
+	{0x2CAC, 0x2CAC, prUpper},     // L&       COPTIC CAPITAL LETTER KHI
+	{0x2CAD, 0x2CAD, prLower},     // L&       COPTIC SMALL LETTER KHI
+	{0x2CAE, 0x2CAE, prUpper},     // L&       COPTIC CAPITAL LETTER PSI
+	{0x2CAF, 0x2CAF, prLower},     // L&       COPTIC SMALL LETTER PSI
+	{0x2CB0, 0x2CB0, prUpper},     // L&       COPTIC CAPITAL LETTER OOU
+	{0x2CB1, 0x2CB1, prLower},     // L&       COPTIC SMALL LETTER OOU
+	{0x2CB2, 0x2CB2, prUpper},     // L&       COPTIC CAPITAL LETTER DIALECT-P ALEF
+	{0x2CB3, 0x2CB3, prLower},     // L&       COPTIC SMALL LETTER DIALECT-P ALEF
+	{0x2CB4, 0x2CB4, prUpper},     // L&       COPTIC CAPITAL LETTER OLD COPTIC AIN
+	{0x2CB5, 0x2CB5, prLower},     // L&       COPTIC SMALL LETTER OLD COPTIC AIN
+	{0x2CB6, 0x2CB6, prUpper},     // L&       COPTIC CAPITAL LETTER CRYPTOGRAMMIC EIE
+	{0x2CB7, 0x2CB7, prLower},     // L&       COPTIC SMALL LETTER CRYPTOGRAMMIC EIE
+	{0x2CB8, 0x2CB8, prUpper},     // L&       COPTIC CAPITAL LETTER DIALECT-P KAPA
+	{0x2CB9, 0x2CB9, prLower},     // L&       COPTIC SMALL LETTER DIALECT-P KAPA
+	{0x2CBA, 0x2CBA, prUpper},     // L&       COPTIC CAPITAL LETTER DIALECT-P NI
+	{0x2CBB, 0x2CBB, prLower},     // L&       COPTIC SMALL LETTER DIALECT-P NI
+	{0x2CBC, 0x2CBC, prUpper},     // L&       COPTIC CAPITAL LETTER CRYPTOGRAMMIC NI
+	{0x2CBD, 0x2CBD, prLower},     // L&       COPTIC SMALL LETTER CRYPTOGRAMMIC NI
+	{0x2CBE, 0x2CBE, prUpper},     // L&       COPTIC CAPITAL LETTER OLD COPTIC OOU
+	{0x2CBF, 0x2CBF, prLower},     // L&       COPTIC SMALL LETTER OLD COPTIC OOU
+	{0x2CC0, 0x2CC0, prUpper},     // L&       COPTIC CAPITAL LETTER SAMPI
+	{0x2CC1, 0x2CC1, prLower},     // L&       COPTIC SMALL LETTER SAMPI
+	{0x2CC2, 0x2CC2, prUpper},     // L&       COPTIC CAPITAL LETTER CROSSED SHEI
+	{0x2CC3, 0x2CC3, prLower},     // L&       COPTIC SMALL LETTER CROSSED SHEI
+	{0x2CC4, 0x2CC4, prUpper},     // L&       COPTIC CAPITAL LETTER OLD COPTIC SHEI
+	{0x2CC5, 0x2CC5, prLower},     // L&       COPTIC SMALL LETTER OLD COPTIC SHEI
+	{0x2CC6, 0x2CC6, prUpper},     // L&       COPTIC CAPITAL LETTER OLD COPTIC ESH
+	{0x2CC7, 0x2CC7, prLower},     // L&       COPTIC SMALL LETTER OLD COPTIC ESH
+	{0x2CC8, 0x2CC8, prUpper},     // L&       COPTIC CAPITAL LETTER AKHMIMIC KHEI
+	{0x2CC9, 0x2CC9, prLower},     // L&       COPTIC SMALL LETTER AKHMIMIC KHEI
+	{0x2CCA, 0x2CCA, prUpper},     // L&       COPTIC CAPITAL LETTER DIALECT-P HORI
+	{0x2CCB, 0x2CCB, prLower},     // L&       COPTIC SMALL LETTER DIALECT-P HORI
+	{0x2CCC, 0x2CCC, prUpper},     // L&       COPTIC CAPITAL LETTER OLD COPTIC HORI
+	{0x2CCD, 0x2CCD, prLower},     // L&       COPTIC SMALL LETTER OLD COPTIC HORI
+	{0x2CCE, 0x2CCE, prUpper},     // L&       COPTIC CAPITAL LETTER OLD COPTIC HA
+	{0x2CCF, 0x2CCF, prLower},     // L&       COPTIC SMALL LETTER OLD COPTIC HA
+	{0x2CD0, 0x2CD0, prUpper},     // L&       COPTIC CAPITAL LETTER L-SHAPED HA
+	{0x2CD1, 0x2CD1, prLower},     // L&       COPTIC SMALL LETTER L-SHAPED HA
+	{0x2CD2, 0x2CD2, prUpper},     // L&       COPTIC CAPITAL LETTER OLD COPTIC HEI
+	{0x2CD3, 0x2CD3, prLower},     // L&       COPTIC SMALL LETTER OLD COPTIC HEI
+	{0x2CD4, 0x2CD4, prUpper},     // L&       COPTIC CAPITAL LETTER OLD COPTIC HAT
+	{0x2CD5, 0x2CD5, prLower},     // L&       COPTIC SMALL LETTER OLD COPTIC HAT
+	{0x2CD6, 0x2CD6, prUpper},     // L&       COPTIC CAPITAL LETTER OLD COPTIC GANGIA
+	{0x2CD7, 0x2CD7, prLower},     // L&       COPTIC SMALL LETTER OLD COPTIC GANGIA
+	{0x2CD8, 0x2CD8, prUpper},     // L&       COPTIC CAPITAL LETTER OLD COPTIC DJA
+	{0x2CD9, 0x2CD9, prLower},     // L&       COPTIC SMALL LETTER OLD COPTIC DJA
+	{0x2CDA, 0x2CDA, prUpper},     // L&       COPTIC CAPITAL LETTER OLD COPTIC SHIMA
+	{0x2CDB, 0x2CDB, prLower},     // L&       COPTIC SMALL LETTER OLD COPTIC SHIMA
+	{0x2CDC, 0x2CDC, prUpper},     // L&       COPTIC CAPITAL LETTER OLD NUBIAN SHIMA
+	{0x2CDD, 0x2CDD, prLower},     // L&       COPTIC SMALL LETTER OLD NUBIAN SHIMA
+	{0x2CDE, 0x2CDE, prUpper},     // L&       COPTIC CAPITAL LETTER OLD NUBIAN NGI
+	{0x2CDF, 0x2CDF, prLower},     // L&       COPTIC SMALL LETTER OLD NUBIAN NGI
+	{0x2CE0, 0x2CE0, prUpper},     // L&       COPTIC CAPITAL LETTER OLD NUBIAN NYI
+	{0x2CE1, 0x2CE1, prLower},     // L&       COPTIC SMALL LETTER OLD NUBIAN NYI
+	{0x2CE2, 0x2CE2, prUpper},     // L&       COPTIC CAPITAL LETTER OLD NUBIAN WAU
+	{0x2CE3, 0x2CE4, prLower},     // L&   [2] COPTIC SMALL LETTER OLD NUBIAN WAU..COPTIC SYMBOL KAI
+	{0x2CEB, 0x2CEB, prUpper},     // L&       COPTIC CAPITAL LETTER CRYPTOGRAMMIC SHEI
+	{0x2CEC, 0x2CEC, prLower},     // L&       COPTIC SMALL LETTER CRYPTOGRAMMIC SHEI
+	{0x2CED, 0x2CED, prUpper},     // L&       COPTIC CAPITAL LETTER CRYPTOGRAMMIC GANGIA
+	{0x2CEE, 0x2CEE, prLower},     // L&       COPTIC SMALL LETTER CRYPTOGRAMMIC GANGIA
+	{0x2CEF, 0x2CF1, prExtend},    // Mn   [3] COPTIC COMBINING NI ABOVE..COPTIC COMBINING SPIRITUS LENIS
+	{0x2CF2, 0x2CF2, prUpper},     // L&       COPTIC CAPITAL LETTER BOHAIRIC KHEI
+	{0x2CF3, 0x2CF3, prLower},     // L&       COPTIC SMALL LETTER BOHAIRIC KHEI
+	{0x2D00, 0x2D25, prLower},     // L&  [38] GEORGIAN SMALL LETTER AN..GEORGIAN SMALL LETTER HOE
+	{0x2D27, 0x2D27, prLower},     // L&       GEORGIAN SMALL LETTER YN
+	{0x2D2D, 0x2D2D, prLower},     // L&       GEORGIAN SMALL LETTER AEN
+	{0x2D30, 0x2D67, prOLetter},   // Lo  [56] TIFINAGH LETTER YA..TIFINAGH LETTER YO
+	{0x2D6F, 0x2D6F, prOLetter},   // Lm       TIFINAGH MODIFIER LETTER LABIALIZATION MARK
+	{0x2D7F, 0x2D7F, prExtend},    // Mn       TIFINAGH CONSONANT JOINER
+	{0x2D80, 0x2D96, prOLetter},   // Lo  [23] ETHIOPIC SYLLABLE LOA..ETHIOPIC SYLLABLE GGWE
+	{0x2DA0, 0x2DA6, prOLetter},   // Lo   [7] ETHIOPIC SYLLABLE SSA..ETHIOPIC SYLLABLE SSO
+	{0x2DA8, 0x2DAE, prOLetter},   // Lo   [7] ETHIOPIC SYLLABLE CCA..ETHIOPIC SYLLABLE CCO
+	{0x2DB0, 0x2DB6, prOLetter},   // Lo   [7] ETHIOPIC SYLLABLE ZZA..ETHIOPIC SYLLABLE ZZO
+	{0x2DB8, 0x2DBE, prOLetter},   // Lo   [7] ETHIOPIC SYLLABLE CCHA..ETHIOPIC SYLLABLE CCHO
+	{0x2DC0, 0x2DC6, prOLetter},   // Lo   [7] ETHIOPIC SYLLABLE QYA..ETHIOPIC SYLLABLE QYO
+	{0x2DC8, 0x2DCE, prOLetter},   // Lo   [7] ETHIOPIC SYLLABLE KYA..ETHIOPIC SYLLABLE KYO
+	{0x2DD0, 0x2DD6, prOLetter},   // Lo   [7] ETHIOPIC SYLLABLE XYA..ETHIOPIC SYLLABLE XYO
+	{0x2DD8, 0x2DDE, prOLetter},   // Lo   [7] ETHIOPIC SYLLABLE GYA..ETHIOPIC SYLLABLE GYO
+	{0x2DE0, 0x2DFF, prExtend},    // Mn  [32] COMBINING CYRILLIC LETTER BE..COMBINING CYRILLIC LETTER IOTIFIED BIG YUS
+	{0x2E00, 0x2E01, prClose},     // Po   [2] RIGHT ANGLE SUBSTITUTION MARKER..RIGHT ANGLE DOTTED SUBSTITUTION MARKER
+	{0x2E02, 0x2E02, prClose},     // Pi       LEFT SUBSTITUTION BRACKET
+	{0x2E03, 0x2E03, prClose},     // Pf       RIGHT SUBSTITUTION BRACKET
+	{0x2E04, 0x2E04, prClose},     // Pi       LEFT DOTTED SUBSTITUTION BRACKET
+	{0x2E05, 0x2E05, prClose},     // Pf       RIGHT DOTTED SUBSTITUTION BRACKET
+	{0x2E06, 0x2E08, prClose},     // Po   [3] RAISED INTERPOLATION MARKER..DOTTED TRANSPOSITION MARKER
+	{0x2E09, 0x2E09, prClose},     // Pi       LEFT TRANSPOSITION BRACKET
+	{0x2E0A, 0x2E0A, prClose},     // Pf       RIGHT TRANSPOSITION BRACKET
+	{0x2E0B, 0x2E0B, prClose},     // Po       RAISED SQUARE
+	{0x2E0C, 0x2E0C, prClose},     // Pi       LEFT RAISED OMISSION BRACKET
+	{0x2E0D, 0x2E0D, prClose},     // Pf       RIGHT RAISED OMISSION BRACKET
+	{0x2E1C, 0x2E1C, prClose},     // Pi       LEFT LOW PARAPHRASE BRACKET
+	{0x2E1D, 0x2E1D, prClose},     // Pf       RIGHT LOW PARAPHRASE BRACKET
+	{0x2E20, 0x2E20, prClose},     // Pi       LEFT VERTICAL BAR WITH QUILL
+	{0x2E21, 0x2E21, prClose},     // Pf       RIGHT VERTICAL BAR WITH QUILL
+	{0x2E22, 0x2E22, prClose},     // Ps       TOP LEFT HALF BRACKET
+	{0x2E23, 0x2E23, prClose},     // Pe       TOP RIGHT HALF BRACKET
+	{0x2E24, 0x2E24, prClose},     // Ps       BOTTOM LEFT HALF BRACKET
+	{0x2E25, 0x2E25, prClose},     // Pe       BOTTOM RIGHT HALF BRACKET
+	{0x2E26, 0x2E26, prClose},     // Ps       LEFT SIDEWAYS U BRACKET
+	{0x2E27, 0x2E27, prClose},     // Pe       RIGHT SIDEWAYS U BRACKET
+	{0x2E28, 0x2E28, prClose},     // Ps       LEFT DOUBLE PARENTHESIS
+	{0x2E29, 0x2E29, prClose},     // Pe       RIGHT DOUBLE PARENTHESIS
+	{0x2E2E, 0x2E2E, prSTerm},     // Po       REVERSED QUESTION MARK
+	{0x2E2F, 0x2E2F, prOLetter},   // Lm       VERTICAL TILDE
+	{0x2E3C, 0x2E3C, prSTerm},     // Po       STENOGRAPHIC FULL STOP
+	{0x2E42, 0x2E42, prClose},     // Ps       DOUBLE LOW-REVERSED-9 QUOTATION MARK
+	{0x2E53, 0x2E54, prSTerm},     // Po   [2] MEDIEVAL EXCLAMATION MARK..MEDIEVAL QUESTION MARK
+	{0x2E55, 0x2E55, prClose},     // Ps       LEFT SQUARE BRACKET WITH STROKE
+	{0x2E56, 0x2E56, prClose},     // Pe       RIGHT SQUARE BRACKET WITH STROKE
+	{0x2E57, 0x2E57, prClose},     // Ps       LEFT SQUARE BRACKET WITH DOUBLE STROKE
+	{0x2E58, 0x2E58, prClose},     // Pe       RIGHT SQUARE BRACKET WITH DOUBLE STROKE
+	{0x2E59, 0x2E59, prClose},     // Ps       TOP HALF LEFT PARENTHESIS
+	{0x2E5A, 0x2E5A, prClose},     // Pe       TOP HALF RIGHT PARENTHESIS
+	{0x2E5B, 0x2E5B, prClose},     // Ps       BOTTOM HALF LEFT PARENTHESIS
+	{0x2E5C, 0x2E5C, prClose},     // Pe       BOTTOM HALF RIGHT PARENTHESIS
+	{0x3000, 0x3000, prSp},        // Zs       IDEOGRAPHIC SPACE
+	{0x3001, 0x3001, prSContinue}, // Po       IDEOGRAPHIC COMMA
+	{0x3002, 0x3002, prSTerm},     // Po       IDEOGRAPHIC FULL STOP
+	{0x3005, 0x3005, prOLetter},   // Lm       IDEOGRAPHIC ITERATION MARK
+	{0x3006, 0x3006, prOLetter},   // Lo       IDEOGRAPHIC CLOSING MARK
+	{0x3007, 0x3007, prOLetter},   // Nl       IDEOGRAPHIC NUMBER ZERO
+	{0x3008, 0x3008, prClose},     // Ps       LEFT ANGLE BRACKET
+	{0x3009, 0x3009, prClose},     // Pe       RIGHT ANGLE BRACKET
+	{0x300A, 0x300A, prClose},     // Ps       LEFT DOUBLE ANGLE BRACKET
+	{0x300B, 0x300B, prClose},     // Pe       RIGHT DOUBLE ANGLE BRACKET
+	{0x300C, 0x300C, prClose},     // Ps       LEFT CORNER BRACKET
+	{0x300D, 0x300D, prClose},     // Pe       RIGHT CORNER BRACKET
+	{0x300E, 0x300E, prClose},     // Ps       LEFT WHITE CORNER BRACKET
+	{0x300F, 0x300F, prClose},     // Pe       RIGHT WHITE CORNER BRACKET
+	{0x3010, 0x3010, prClose},     // Ps       LEFT BLACK LENTICULAR BRACKET
+	{0x3011, 0x3011, prClose},     // Pe       RIGHT BLACK LENTICULAR BRACKET
+	{0x3014, 0x3014, prClose},     // Ps       LEFT TORTOISE SHELL BRACKET
+	{0x3015, 0x3015, prClose},     // Pe       RIGHT TORTOISE SHELL BRACKET
+	{0x3016, 0x3016, prClose},     // Ps       LEFT WHITE LENTICULAR BRACKET
+	{0x3017, 0x3017, prClose},     // Pe       RIGHT WHITE LENTICULAR BRACKET
+	{0x3018, 0x3018, prClose},     // Ps       LEFT WHITE TORTOISE SHELL BRACKET
+	{0x3019, 0x3019, prClose},     // Pe       RIGHT WHITE TORTOISE SHELL BRACKET
+	{0x301A, 0x301A, prClose},     // Ps       LEFT WHITE SQUARE BRACKET
+	{0x301B, 0x301B, prClose},     // Pe       RIGHT WHITE SQUARE BRACKET
+	{0x301D, 0x301D, prClose},     // Ps       REVERSED DOUBLE PRIME QUOTATION MARK
+	{0x301E, 0x301F, prClose},     // Pe   [2] DOUBLE PRIME QUOTATION MARK..LOW DOUBLE PRIME QUOTATION MARK
+	{0x3021, 0x3029, prOLetter},   // Nl   [9] HANGZHOU NUMERAL ONE..HANGZHOU NUMERAL NINE
+	{0x302A, 0x302D, prExtend},    // Mn   [4] IDEOGRAPHIC LEVEL TONE MARK..IDEOGRAPHIC ENTERING TONE MARK
+	{0x302E, 0x302F, prExtend},    // Mc   [2] HANGUL SINGLE DOT TONE MARK..HANGUL DOUBLE DOT TONE MARK
+	{0x3031, 0x3035, prOLetter},   // Lm   [5] VERTICAL KANA REPEAT MARK..VERTICAL KANA REPEAT MARK LOWER HALF
+	{0x3038, 0x303A, prOLetter},   // Nl   [3] HANGZHOU NUMERAL TEN..HANGZHOU NUMERAL THIRTY
+	{0x303B, 0x303B, prOLetter},   // Lm       VERTICAL IDEOGRAPHIC ITERATION MARK
+	{0x303C, 0x303C, prOLetter},   // Lo       MASU MARK
+	{0x3041, 0x3096, prOLetter},   // Lo  [86] HIRAGANA LETTER SMALL A..HIRAGANA LETTER SMALL KE
+	{0x3099, 0x309A, prExtend},    // Mn   [2] COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK..COMBINING KATAKANA-HIRAGANA SEMI-VOICED SOUND MARK
+	{0x309D, 0x309E, prOLetter},   // Lm   [2] HIRAGANA ITERATION MARK..HIRAGANA VOICED ITERATION MARK
+	{0x309F, 0x309F, prOLetter},   // Lo       HIRAGANA DIGRAPH YORI
+	{0x30A1, 0x30FA, prOLetter},   // Lo  [90] KATAKANA LETTER SMALL A..KATAKANA LETTER VO
+	{0x30FC, 0x30FE, prOLetter},   // Lm   [3] KATAKANA-HIRAGANA PROLONGED SOUND MARK..KATAKANA VOICED ITERATION MARK
+	{0x30FF, 0x30FF, prOLetter},   // Lo       KATAKANA DIGRAPH KOTO
+	{0x3105, 0x312F, prOLetter},   // Lo  [43] BOPOMOFO LETTER B..BOPOMOFO LETTER NN
+	{0x3131, 0x318E, prOLetter},   // Lo  [94] HANGUL LETTER KIYEOK..HANGUL LETTER ARAEAE
+	{0x31A0, 0x31BF, prOLetter},   // Lo  [32] BOPOMOFO LETTER BU..BOPOMOFO LETTER AH
+	{0x31F0, 0x31FF, prOLetter},   // Lo  [16] KATAKANA LETTER SMALL KU..KATAKANA LETTER SMALL RO
+	{0x3400, 0x4DBF, prOLetter},   // Lo [6592] CJK UNIFIED IDEOGRAPH-3400..CJK UNIFIED IDEOGRAPH-4DBF
+	{0x4E00, 0xA014, prOLetter},   // Lo [21013] CJK UNIFIED IDEOGRAPH-4E00..YI SYLLABLE E
+	{0xA015, 0xA015, prOLetter},   // Lm       YI SYLLABLE WU
+	{0xA016, 0xA48C, prOLetter},   // Lo [1143] YI SYLLABLE BIT..YI SYLLABLE YYR
+	{0xA4D0, 0xA4F7, prOLetter},   // Lo  [40] LISU LETTER BA..LISU LETTER OE
+	{0xA4F8, 0xA4FD, prOLetter},   // Lm   [6] LISU LETTER TONE MYA TI..LISU LETTER TONE MYA JEU
+	{0xA4FF, 0xA4FF, prSTerm},     // Po       LISU PUNCTUATION FULL STOP
+	{0xA500, 0xA60B, prOLetter},   // Lo [268] VAI SYLLABLE EE..VAI SYLLABLE NG
+	{0xA60C, 0xA60C, prOLetter},   // Lm       VAI SYLLABLE LENGTHENER
+	{0xA60E, 0xA60F, prSTerm},     // Po   [2] VAI FULL STOP..VAI QUESTION MARK
+	{0xA610, 0xA61F, prOLetter},   // Lo  [16] VAI SYLLABLE NDOLE FA..VAI SYMBOL JONG
+	{0xA620, 0xA629, prNumeric},   // Nd  [10] VAI DIGIT ZERO..VAI DIGIT NINE
+	{0xA62A, 0xA62B, prOLetter},   // Lo   [2] VAI SYLLABLE NDOLE MA..VAI SYLLABLE NDOLE DO
+	{0xA640, 0xA640, prUpper},     // L&       CYRILLIC CAPITAL LETTER ZEMLYA
+	{0xA641, 0xA641, prLower},     // L&       CYRILLIC SMALL LETTER ZEMLYA
+	{0xA642, 0xA642, prUpper},     // L&       CYRILLIC CAPITAL LETTER DZELO
+	{0xA643, 0xA643, prLower},     // L&       CYRILLIC SMALL LETTER DZELO
+	{0xA644, 0xA644, prUpper},     // L&       CYRILLIC CAPITAL LETTER REVERSED DZE
+	{0xA645, 0xA645, prLower},     // L&       CYRILLIC SMALL LETTER REVERSED DZE
+	{0xA646, 0xA646, prUpper},     // L&       CYRILLIC CAPITAL LETTER IOTA
+	{0xA647, 0xA647, prLower},     // L&       CYRILLIC SMALL LETTER IOTA
+	{0xA648, 0xA648, prUpper},     // L&       CYRILLIC CAPITAL LETTER DJERV
+	{0xA649, 0xA649, prLower},     // L&       CYRILLIC SMALL LETTER DJERV
+	{0xA64A, 0xA64A, prUpper},     // L&       CYRILLIC CAPITAL LETTER MONOGRAPH UK
+	{0xA64B, 0xA64B, prLower},     // L&       CYRILLIC SMALL LETTER MONOGRAPH UK
+	{0xA64C, 0xA64C, prUpper},     // L&       CYRILLIC CAPITAL LETTER BROAD OMEGA
+	{0xA64D, 0xA64D, prLower},     // L&       CYRILLIC SMALL LETTER BROAD OMEGA
+	{0xA64E, 0xA64E, prUpper},     // L&       CYRILLIC CAPITAL LETTER NEUTRAL YER
+	{0xA64F, 0xA64F, prLower},     // L&       CYRILLIC SMALL LETTER NEUTRAL YER
+	{0xA650, 0xA650, prUpper},     // L&       CYRILLIC CAPITAL LETTER YERU WITH BACK YER
+	{0xA651, 0xA651, prLower},     // L&       CYRILLIC SMALL LETTER YERU WITH BACK YER
+	{0xA652, 0xA652, prUpper},     // L&       CYRILLIC CAPITAL LETTER IOTIFIED YAT
+	{0xA653, 0xA653, prLower},     // L&       CYRILLIC SMALL LETTER IOTIFIED YAT
+	{0xA654, 0xA654, prUpper},     // L&       CYRILLIC CAPITAL LETTER REVERSED YU
+	{0xA655, 0xA655, prLower},     // L&       CYRILLIC SMALL LETTER REVERSED YU
+	{0xA656, 0xA656, prUpper},     // L&       CYRILLIC CAPITAL LETTER IOTIFIED A
+	{0xA657, 0xA657, prLower},     // L&       CYRILLIC SMALL LETTER IOTIFIED A
+	{0xA658, 0xA658, prUpper},     // L&       CYRILLIC CAPITAL LETTER CLOSED LITTLE YUS
+	{0xA659, 0xA659, prLower},     // L&       CYRILLIC SMALL LETTER CLOSED LITTLE YUS
+	{0xA65A, 0xA65A, prUpper},     // L&       CYRILLIC CAPITAL LETTER BLENDED YUS
+	{0xA65B, 0xA65B, prLower},     // L&       CYRILLIC SMALL LETTER BLENDED YUS
+	{0xA65C, 0xA65C, prUpper},     // L&       CYRILLIC CAPITAL LETTER IOTIFIED CLOSED LITTLE YUS
+	{0xA65D, 0xA65D, prLower},     // L&       CYRILLIC SMALL LETTER IOTIFIED CLOSED LITTLE YUS
+	{0xA65E, 0xA65E, prUpper},     // L&       CYRILLIC CAPITAL LETTER YN
+	{0xA65F, 0xA65F, prLower},     // L&       CYRILLIC SMALL LETTER YN
+	{0xA660, 0xA660, prUpper},     // L&       CYRILLIC CAPITAL LETTER REVERSED TSE
+	{0xA661, 0xA661, prLower},     // L&       CYRILLIC SMALL LETTER REVERSED TSE
+	{0xA662, 0xA662, prUpper},     // L&       CYRILLIC CAPITAL LETTER SOFT DE
+	{0xA663, 0xA663, prLower},     // L&       CYRILLIC SMALL LETTER SOFT DE
+	{0xA664, 0xA664, prUpper},     // L&       CYRILLIC CAPITAL LETTER SOFT EL
+	{0xA665, 0xA665, prLower},     // L&       CYRILLIC SMALL LETTER SOFT EL
+	{0xA666, 0xA666, prUpper},     // L&       CYRILLIC CAPITAL LETTER SOFT EM
+	{0xA667, 0xA667, prLower},     // L&       CYRILLIC SMALL LETTER SOFT EM
+	{0xA668, 0xA668, prUpper},     // L&       CYRILLIC CAPITAL LETTER MONOCULAR O
+	{0xA669, 0xA669, prLower},     // L&       CYRILLIC SMALL LETTER MONOCULAR O
+	{0xA66A, 0xA66A, prUpper},     // L&       CYRILLIC CAPITAL LETTER BINOCULAR O
+	{0xA66B, 0xA66B, prLower},     // L&       CYRILLIC SMALL LETTER BINOCULAR O
+	{0xA66C, 0xA66C, prUpper},     // L&       CYRILLIC CAPITAL LETTER DOUBLE MONOCULAR O
+	{0xA66D, 0xA66D, prLower},     // L&       CYRILLIC SMALL LETTER DOUBLE MONOCULAR O
+	{0xA66E, 0xA66E, prOLetter},   // Lo       CYRILLIC LETTER MULTIOCULAR O
+	{0xA66F, 0xA66F, prExtend},    // Mn       COMBINING CYRILLIC VZMET
+	{0xA670, 0xA672, prExtend},    // Me   [3] COMBINING CYRILLIC TEN MILLIONS SIGN..COMBINING CYRILLIC THOUSAND MILLIONS SIGN
+	{0xA674, 0xA67D, prExtend},    // Mn  [10] COMBINING CYRILLIC LETTER UKRAINIAN IE..COMBINING CYRILLIC PAYEROK
+	{0xA67F, 0xA67F, prOLetter},   // Lm       CYRILLIC PAYEROK
+	{0xA680, 0xA680, prUpper},     // L&       CYRILLIC CAPITAL LETTER DWE
+	{0xA681, 0xA681, prLower},     // L&       CYRILLIC SMALL LETTER DWE
+	{0xA682, 0xA682, prUpper},     // L&       CYRILLIC CAPITAL LETTER DZWE
+	{0xA683, 0xA683, prLower},     // L&       CYRILLIC SMALL LETTER DZWE
+	{0xA684, 0xA684, prUpper},     // L&       CYRILLIC CAPITAL LETTER ZHWE
+	{0xA685, 0xA685, prLower},     // L&       CYRILLIC SMALL LETTER ZHWE
+	{0xA686, 0xA686, prUpper},     // L&       CYRILLIC CAPITAL LETTER CCHE
+	{0xA687, 0xA687, prLower},     // L&       CYRILLIC SMALL LETTER CCHE
+	{0xA688, 0xA688, prUpper},     // L&       CYRILLIC CAPITAL LETTER DZZE
+	{0xA689, 0xA689, prLower},     // L&       CYRILLIC SMALL LETTER DZZE
+	{0xA68A, 0xA68A, prUpper},     // L&       CYRILLIC CAPITAL LETTER TE WITH MIDDLE HOOK
+	{0xA68B, 0xA68B, prLower},     // L&       CYRILLIC SMALL LETTER TE WITH MIDDLE HOOK
+	{0xA68C, 0xA68C, prUpper},     // L&       CYRILLIC CAPITAL LETTER TWE
+	{0xA68D, 0xA68D, prLower},     // L&       CYRILLIC SMALL LETTER TWE
+	{0xA68E, 0xA68E, prUpper},     // L&       CYRILLIC CAPITAL LETTER TSWE
+	{0xA68F, 0xA68F, prLower},     // L&       CYRILLIC SMALL LETTER TSWE
+	{0xA690, 0xA690, prUpper},     // L&       CYRILLIC CAPITAL LETTER TSSE
+	{0xA691, 0xA691, prLower},     // L&       CYRILLIC SMALL LETTER TSSE
+	{0xA692, 0xA692, prUpper},     // L&       CYRILLIC CAPITAL LETTER TCHE
+	{0xA693, 0xA693, prLower},     // L&       CYRILLIC SMALL LETTER TCHE
+	{0xA694, 0xA694, prUpper},     // L&       CYRILLIC CAPITAL LETTER HWE
+	{0xA695, 0xA695, prLower},     // L&       CYRILLIC SMALL LETTER HWE
+	{0xA696, 0xA696, prUpper},     // L&       CYRILLIC CAPITAL LETTER SHWE
+	{0xA697, 0xA697, prLower},     // L&       CYRILLIC SMALL LETTER SHWE
+	{0xA698, 0xA698, prUpper},     // L&       CYRILLIC CAPITAL LETTER DOUBLE O
+	{0xA699, 0xA699, prLower},     // L&       CYRILLIC SMALL LETTER DOUBLE O
+	{0xA69A, 0xA69A, prUpper},     // L&       CYRILLIC CAPITAL LETTER CROSSED O
+	{0xA69B, 0xA69B, prLower},     // L&       CYRILLIC SMALL LETTER CROSSED O
+	{0xA69C, 0xA69D, prLower},     // Lm   [2] MODIFIER LETTER CYRILLIC HARD SIGN..MODIFIER LETTER CYRILLIC SOFT SIGN
+	{0xA69E, 0xA69F, prExtend},    // Mn   [2] COMBINING CYRILLIC LETTER EF..COMBINING CYRILLIC LETTER IOTIFIED E
+	{0xA6A0, 0xA6E5, prOLetter},   // Lo  [70] BAMUM LETTER A..BAMUM LETTER KI
+	{0xA6E6, 0xA6EF, prOLetter},   // Nl  [10] BAMUM LETTER MO..BAMUM LETTER KOGHOM
+	{0xA6F0, 0xA6F1, prExtend},    // Mn   [2] BAMUM COMBINING MARK KOQNDON..BAMUM COMBINING MARK TUKWENTIS
+	{0xA6F3, 0xA6F3, prSTerm},     // Po       BAMUM FULL STOP
+	{0xA6F7, 0xA6F7, prSTerm},     // Po       BAMUM QUESTION MARK
+	{0xA717, 0xA71F, prOLetter},   // Lm   [9] MODIFIER LETTER DOT VERTICAL BAR..MODIFIER LETTER LOW INVERTED EXCLAMATION MARK
+	{0xA722, 0xA722, prUpper},     // L&       LATIN CAPITAL LETTER EGYPTOLOGICAL ALEF
+	{0xA723, 0xA723, prLower},     // L&       LATIN SMALL LETTER EGYPTOLOGICAL ALEF
+	{0xA724, 0xA724, prUpper},     // L&       LATIN CAPITAL LETTER EGYPTOLOGICAL AIN
+	{0xA725, 0xA725, prLower},     // L&       LATIN SMALL LETTER EGYPTOLOGICAL AIN
+	{0xA726, 0xA726, prUpper},     // L&       LATIN CAPITAL LETTER HENG
+	{0xA727, 0xA727, prLower},     // L&       LATIN SMALL LETTER HENG
+	{0xA728, 0xA728, prUpper},     // L&       LATIN CAPITAL LETTER TZ
+	{0xA729, 0xA729, prLower},     // L&       LATIN SMALL LETTER TZ
+	{0xA72A, 0xA72A, prUpper},     // L&       LATIN CAPITAL LETTER TRESILLO
+	{0xA72B, 0xA72B, prLower},     // L&       LATIN SMALL LETTER TRESILLO
+	{0xA72C, 0xA72C, prUpper},     // L&       LATIN CAPITAL LETTER CUATRILLO
+	{0xA72D, 0xA72D, prLower},     // L&       LATIN SMALL LETTER CUATRILLO
+	{0xA72E, 0xA72E, prUpper},     // L&       LATIN CAPITAL LETTER CUATRILLO WITH COMMA
+	{0xA72F, 0xA731, prLower},     // L&   [3] LATIN SMALL LETTER CUATRILLO WITH COMMA..LATIN LETTER SMALL CAPITAL S
+	{0xA732, 0xA732, prUpper},     // L&       LATIN CAPITAL LETTER AA
+	{0xA733, 0xA733, prLower},     // L&       LATIN SMALL LETTER AA
+	{0xA734, 0xA734, prUpper},     // L&       LATIN CAPITAL LETTER AO
+	{0xA735, 0xA735, prLower},     // L&       LATIN SMALL LETTER AO
+	{0xA736, 0xA736, prUpper},     // L&       LATIN CAPITAL LETTER AU
+	{0xA737, 0xA737, prLower},     // L&       LATIN SMALL LETTER AU
+	{0xA738, 0xA738, prUpper},     // L&       LATIN CAPITAL LETTER AV
+	{0xA739, 0xA739, prLower},     // L&       LATIN SMALL LETTER AV
+	{0xA73A, 0xA73A, prUpper},     // L&       LATIN CAPITAL LETTER AV WITH HORIZONTAL BAR
+	{0xA73B, 0xA73B, prLower},     // L&       LATIN SMALL LETTER AV WITH HORIZONTAL BAR
+	{0xA73C, 0xA73C, prUpper},     // L&       LATIN CAPITAL LETTER AY
+	{0xA73D, 0xA73D, prLower},     // L&       LATIN SMALL LETTER AY
+	{0xA73E, 0xA73E, prUpper},     // L&       LATIN CAPITAL LETTER REVERSED C WITH DOT
+	{0xA73F, 0xA73F, prLower},     // L&       LATIN SMALL LETTER REVERSED C WITH DOT
+	{0xA740, 0xA740, prUpper},     // L&       LATIN CAPITAL LETTER K WITH STROKE
+	{0xA741, 0xA741, prLower},     // L&       LATIN SMALL LETTER K WITH STROKE
+	{0xA742, 0xA742, prUpper},     // L&       LATIN CAPITAL LETTER K WITH DIAGONAL STROKE
+	{0xA743, 0xA743, prLower},     // L&       LATIN SMALL LETTER K WITH DIAGONAL STROKE
+	{0xA744, 0xA744, prUpper},     // L&       LATIN CAPITAL LETTER K WITH STROKE AND DIAGONAL STROKE
+	{0xA745, 0xA745, prLower},     // L&       LATIN SMALL LETTER K WITH STROKE AND DIAGONAL STROKE
+	{0xA746, 0xA746, prUpper},     // L&       LATIN CAPITAL LETTER BROKEN L
+	{0xA747, 0xA747, prLower},     // L&       LATIN SMALL LETTER BROKEN L
+	{0xA748, 0xA748, prUpper},     // L&       LATIN CAPITAL LETTER L WITH HIGH STROKE
+	{0xA749, 0xA749, prLower},     // L&       LATIN SMALL LETTER L WITH HIGH STROKE
+	{0xA74A, 0xA74A, prUpper},     // L&       LATIN CAPITAL LETTER O WITH LONG STROKE OVERLAY
+	{0xA74B, 0xA74B, prLower},     // L&       LATIN SMALL LETTER O WITH LONG STROKE OVERLAY
+	{0xA74C, 0xA74C, prUpper},     // L&       LATIN CAPITAL LETTER O WITH LOOP
+	{0xA74D, 0xA74D, prLower},     // L&       LATIN SMALL LETTER O WITH LOOP
+	{0xA74E, 0xA74E, prUpper},     // L&       LATIN CAPITAL LETTER OO
+	{0xA74F, 0xA74F, prLower},     // L&       LATIN SMALL LETTER OO
+	{0xA750, 0xA750, prUpper},     // L&       LATIN CAPITAL LETTER P WITH STROKE THROUGH DESCENDER
+	{0xA751, 0xA751, prLower},     // L&       LATIN SMALL LETTER P WITH STROKE THROUGH DESCENDER
+	{0xA752, 0xA752, prUpper},     // L&       LATIN CAPITAL LETTER P WITH FLOURISH
+	{0xA753, 0xA753, prLower},     // L&       LATIN SMALL LETTER P WITH FLOURISH
+	{0xA754, 0xA754, prUpper},     // L&       LATIN CAPITAL LETTER P WITH SQUIRREL TAIL
+	{0xA755, 0xA755, prLower},     // L&       LATIN SMALL LETTER P WITH SQUIRREL TAIL
+	{0xA756, 0xA756, prUpper},     // L&       LATIN CAPITAL LETTER Q WITH STROKE THROUGH DESCENDER
+	{0xA757, 0xA757, prLower},     // L&       LATIN SMALL LETTER Q WITH STROKE THROUGH DESCENDER
+	{0xA758, 0xA758, prUpper},     // L&       LATIN CAPITAL LETTER Q WITH DIAGONAL STROKE
+	{0xA759, 0xA759, prLower},     // L&       LATIN SMALL LETTER Q WITH DIAGONAL STROKE
+	{0xA75A, 0xA75A, prUpper},     // L&       LATIN CAPITAL LETTER R ROTUNDA
+	{0xA75B, 0xA75B, prLower},     // L&       LATIN SMALL LETTER R ROTUNDA
+	{0xA75C, 0xA75C, prUpper},     // L&       LATIN CAPITAL LETTER RUM ROTUNDA
+	{0xA75D, 0xA75D, prLower},     // L&       LATIN SMALL LETTER RUM ROTUNDA
+	{0xA75E, 0xA75E, prUpper},     // L&       LATIN CAPITAL LETTER V WITH DIAGONAL STROKE
+	{0xA75F, 0xA75F, prLower},     // L&       LATIN SMALL LETTER V WITH DIAGONAL STROKE
+	{0xA760, 0xA760, prUpper},     // L&       LATIN CAPITAL LETTER VY
+	{0xA761, 0xA761, prLower},     // L&       LATIN SMALL LETTER VY
+	{0xA762, 0xA762, prUpper},     // L&       LATIN CAPITAL LETTER VISIGOTHIC Z
+	{0xA763, 0xA763, prLower},     // L&       LATIN SMALL LETTER VISIGOTHIC Z
+	{0xA764, 0xA764, prUpper},     // L&       LATIN CAPITAL LETTER THORN WITH STROKE
+	{0xA765, 0xA765, prLower},     // L&       LATIN SMALL LETTER THORN WITH STROKE
+	{0xA766, 0xA766, prUpper},     // L&       LATIN CAPITAL LETTER THORN WITH STROKE THROUGH DESCENDER
+	{0xA767, 0xA767, prLower},     // L&       LATIN SMALL LETTER THORN WITH STROKE THROUGH DESCENDER
+	{0xA768, 0xA768, prUpper},     // L&       LATIN CAPITAL LETTER VEND
+	{0xA769, 0xA769, prLower},     // L&       LATIN SMALL LETTER VEND
+	{0xA76A, 0xA76A, prUpper},     // L&       LATIN CAPITAL LETTER ET
+	{0xA76B, 0xA76B, prLower},     // L&       LATIN SMALL LETTER ET
+	{0xA76C, 0xA76C, prUpper},     // L&       LATIN CAPITAL LETTER IS
+	{0xA76D, 0xA76D, prLower},     // L&       LATIN SMALL LETTER IS
+	{0xA76E, 0xA76E, prUpper},     // L&       LATIN CAPITAL LETTER CON
+	{0xA76F, 0xA76F, prLower},     // L&       LATIN SMALL LETTER CON
+	{0xA770, 0xA770, prLower},     // Lm       MODIFIER LETTER US
+	{0xA771, 0xA778, prLower},     // L&   [8] LATIN SMALL LETTER DUM..LATIN SMALL LETTER UM
+	{0xA779, 0xA779, prUpper},     // L&       LATIN CAPITAL LETTER INSULAR D
+	{0xA77A, 0xA77A, prLower},     // L&       LATIN SMALL LETTER INSULAR D
+	{0xA77B, 0xA77B, prUpper},     // L&       LATIN CAPITAL LETTER INSULAR F
+	{0xA77C, 0xA77C, prLower},     // L&       LATIN SMALL LETTER INSULAR F
+	{0xA77D, 0xA77E, prUpper},     // L&   [2] LATIN CAPITAL LETTER INSULAR G..LATIN CAPITAL LETTER TURNED INSULAR G
+	{0xA77F, 0xA77F, prLower},     // L&       LATIN SMALL LETTER TURNED INSULAR G
+	{0xA780, 0xA780, prUpper},     // L&       LATIN CAPITAL LETTER TURNED L
+	{0xA781, 0xA781, prLower},     // L&       LATIN SMALL LETTER TURNED L
+	{0xA782, 0xA782, prUpper},     // L&       LATIN CAPITAL LETTER INSULAR R
+	{0xA783, 0xA783, prLower},     // L&       LATIN SMALL LETTER INSULAR R
+	{0xA784, 0xA784, prUpper},     // L&       LATIN CAPITAL LETTER INSULAR S
+	{0xA785, 0xA785, prLower},     // L&       LATIN SMALL LETTER INSULAR S
+	{0xA786, 0xA786, prUpper},     // L&       LATIN CAPITAL LETTER INSULAR T
+	{0xA787, 0xA787, prLower},     // L&       LATIN SMALL LETTER INSULAR T
+	{0xA788, 0xA788, prOLetter},   // Lm       MODIFIER LETTER LOW CIRCUMFLEX ACCENT
+	{0xA78B, 0xA78B, prUpper},     // L&       LATIN CAPITAL LETTER SALTILLO
+	{0xA78C, 0xA78C, prLower},     // L&       LATIN SMALL LETTER SALTILLO
+	{0xA78D, 0xA78D, prUpper},     // L&       LATIN CAPITAL LETTER TURNED H
+	{0xA78E, 0xA78E, prLower},     // L&       LATIN SMALL LETTER L WITH RETROFLEX HOOK AND BELT
+	{0xA78F, 0xA78F, prOLetter},   // Lo       LATIN LETTER SINOLOGICAL DOT
+	{0xA790, 0xA790, prUpper},     // L&       LATIN CAPITAL LETTER N WITH DESCENDER
+	{0xA791, 0xA791, prLower},     // L&       LATIN SMALL LETTER N WITH DESCENDER
+	{0xA792, 0xA792, prUpper},     // L&       LATIN CAPITAL LETTER C WITH BAR
+	{0xA793, 0xA795, prLower},     // L&   [3] LATIN SMALL LETTER C WITH BAR..LATIN SMALL LETTER H WITH PALATAL HOOK
+	{0xA796, 0xA796, prUpper},     // L&       LATIN CAPITAL LETTER B WITH FLOURISH
+	{0xA797, 0xA797, prLower},     // L&       LATIN SMALL LETTER B WITH FLOURISH
+	{0xA798, 0xA798, prUpper},     // L&       LATIN CAPITAL LETTER F WITH STROKE
+	{0xA799, 0xA799, prLower},     // L&       LATIN SMALL LETTER F WITH STROKE
+	{0xA79A, 0xA79A, prUpper},     // L&       LATIN CAPITAL LETTER VOLAPUK AE
+	{0xA79B, 0xA79B, prLower},     // L&       LATIN SMALL LETTER VOLAPUK AE
+	{0xA79C, 0xA79C, prUpper},     // L&       LATIN CAPITAL LETTER VOLAPUK OE
+	{0xA79D, 0xA79D, prLower},     // L&       LATIN SMALL LETTER VOLAPUK OE
+	{0xA79E, 0xA79E, prUpper},     // L&       LATIN CAPITAL LETTER VOLAPUK UE
+	{0xA79F, 0xA79F, prLower},     // L&       LATIN SMALL LETTER VOLAPUK UE
+	{0xA7A0, 0xA7A0, prUpper},     // L&       LATIN CAPITAL LETTER G WITH OBLIQUE STROKE
+	{0xA7A1, 0xA7A1, prLower},     // L&       LATIN SMALL LETTER G WITH OBLIQUE STROKE
+	{0xA7A2, 0xA7A2, prUpper},     // L&       LATIN CAPITAL LETTER K WITH OBLIQUE STROKE
+	{0xA7A3, 0xA7A3, prLower},     // L&       LATIN SMALL LETTER K WITH OBLIQUE STROKE
+	{0xA7A4, 0xA7A4, prUpper},     // L&       LATIN CAPITAL LETTER N WITH OBLIQUE STROKE
+	{0xA7A5, 0xA7A5, prLower},     // L&       LATIN SMALL LETTER N WITH OBLIQUE STROKE
+	{0xA7A6, 0xA7A6, prUpper},     // L&       LATIN CAPITAL LETTER R WITH OBLIQUE STROKE
+	{0xA7A7, 0xA7A7, prLower},     // L&       LATIN SMALL LETTER R WITH OBLIQUE STROKE
+	{0xA7A8, 0xA7A8, prUpper},     // L&       LATIN CAPITAL LETTER S WITH OBLIQUE STROKE
+	{0xA7A9, 0xA7A9, prLower},     // L&       LATIN SMALL LETTER S WITH OBLIQUE STROKE
+	{0xA7AA, 0xA7AE, prUpper},     // L&   [5] LATIN CAPITAL LETTER H WITH HOOK..LATIN CAPITAL LETTER SMALL CAPITAL I
+	{0xA7AF, 0xA7AF, prLower},     // L&       LATIN LETTER SMALL CAPITAL Q
+	{0xA7B0, 0xA7B4, prUpper},     // L&   [5] LATIN CAPITAL LETTER TURNED K..LATIN CAPITAL LETTER BETA
+	{0xA7B5, 0xA7B5, prLower},     // L&       LATIN SMALL LETTER BETA
+	{0xA7B6, 0xA7B6, prUpper},     // L&       LATIN CAPITAL LETTER OMEGA
+	{0xA7B7, 0xA7B7, prLower},     // L&       LATIN SMALL LETTER OMEGA
+	{0xA7B8, 0xA7B8, prUpper},     // L&       LATIN CAPITAL LETTER U WITH STROKE
+	{0xA7B9, 0xA7B9, prLower},     // L&       LATIN SMALL LETTER U WITH STROKE
+	{0xA7BA, 0xA7BA, prUpper},     // L&       LATIN CAPITAL LETTER GLOTTAL A
+	{0xA7BB, 0xA7BB, prLower},     // L&       LATIN SMALL LETTER GLOTTAL A
+	{0xA7BC, 0xA7BC, prUpper},     // L&       LATIN CAPITAL LETTER GLOTTAL I
+	{0xA7BD, 0xA7BD, prLower},     // L&       LATIN SMALL LETTER GLOTTAL I
+	{0xA7BE, 0xA7BE, prUpper},     // L&       LATIN CAPITAL LETTER GLOTTAL U
+	{0xA7BF, 0xA7BF, prLower},     // L&       LATIN SMALL LETTER GLOTTAL U
+	{0xA7C0, 0xA7C0, prUpper},     // L&       LATIN CAPITAL LETTER OLD POLISH O
+	{0xA7C1, 0xA7C1, prLower},     // L&       LATIN SMALL LETTER OLD POLISH O
+	{0xA7C2, 0xA7C2, prUpper},     // L&       LATIN CAPITAL LETTER ANGLICANA W
+	{0xA7C3, 0xA7C3, prLower},     // L&       LATIN SMALL LETTER ANGLICANA W
+	{0xA7C4, 0xA7C7, prUpper},     // L&   [4] LATIN CAPITAL LETTER C WITH PALATAL HOOK..LATIN CAPITAL LETTER D WITH SHORT STROKE OVERLAY
+	{0xA7C8, 0xA7C8, prLower},     // L&       LATIN SMALL LETTER D WITH SHORT STROKE OVERLAY
+	{0xA7C9, 0xA7C9, prUpper},     // L&       LATIN CAPITAL LETTER S WITH SHORT STROKE OVERLAY
+	{0xA7CA, 0xA7CA, prLower},     // L&       LATIN SMALL LETTER S WITH SHORT STROKE OVERLAY
+	{0xA7D0, 0xA7D0, prUpper},     // L&       LATIN CAPITAL LETTER CLOSED INSULAR G
+	{0xA7D1, 0xA7D1, prLower},     // L&       LATIN SMALL LETTER CLOSED INSULAR G
+	{0xA7D3, 0xA7D3, prLower},     // L&       LATIN SMALL LETTER DOUBLE THORN
+	{0xA7D5, 0xA7D5, prLower},     // L&       LATIN SMALL LETTER DOUBLE WYNN
+	{0xA7D6, 0xA7D6, prUpper},     // L&       LATIN CAPITAL LETTER MIDDLE SCOTS S
+	{0xA7D7, 0xA7D7, prLower},     // L&       LATIN SMALL LETTER MIDDLE SCOTS S
+	{0xA7D8, 0xA7D8, prUpper},     // L&       LATIN CAPITAL LETTER SIGMOID S
+	{0xA7D9, 0xA7D9, prLower},     // L&       LATIN SMALL LETTER SIGMOID S
+	{0xA7F2, 0xA7F4, prOLetter},   // Lm   [3] MODIFIER LETTER CAPITAL C..MODIFIER LETTER CAPITAL Q
+	{0xA7F5, 0xA7F5, prUpper},     // L&       LATIN CAPITAL LETTER REVERSED HALF H
+	{0xA7F6, 0xA7F6, prLower},     // L&       LATIN SMALL LETTER REVERSED HALF H
+	{0xA7F7, 0xA7F7, prOLetter},   // Lo       LATIN EPIGRAPHIC LETTER SIDEWAYS I
+	{0xA7F8, 0xA7F9, prLower},     // Lm   [2] MODIFIER LETTER CAPITAL H WITH STROKE..MODIFIER LETTER SMALL LIGATURE OE
+	{0xA7FA, 0xA7FA, prLower},     // L&       LATIN LETTER SMALL CAPITAL TURNED M
+	{0xA7FB, 0xA801, prOLetter},   // Lo   [7] LATIN EPIGRAPHIC LETTER REVERSED F..SYLOTI NAGRI LETTER I
+	{0xA802, 0xA802, prExtend},    // Mn       SYLOTI NAGRI SIGN DVISVARA
+	{0xA803, 0xA805, prOLetter},   // Lo   [3] SYLOTI NAGRI LETTER U..SYLOTI NAGRI LETTER O
+	{0xA806, 0xA806, prExtend},    // Mn       SYLOTI NAGRI SIGN HASANTA
+	{0xA807, 0xA80A, prOLetter},   // Lo   [4] SYLOTI NAGRI LETTER KO..SYLOTI NAGRI LETTER GHO
+	{0xA80B, 0xA80B, prExtend},    // Mn       SYLOTI NAGRI SIGN ANUSVARA
+	{0xA80C, 0xA822, prOLetter},   // Lo  [23] SYLOTI NAGRI LETTER CO..SYLOTI NAGRI LETTER HO
+	{0xA823, 0xA824, prExtend},    // Mc   [2] SYLOTI NAGRI VOWEL SIGN A..SYLOTI NAGRI VOWEL SIGN I
+	{0xA825, 0xA826, prExtend},    // Mn   [2] SYLOTI NAGRI VOWEL SIGN U..SYLOTI NAGRI VOWEL SIGN E
+	{0xA827, 0xA827, prExtend},    // Mc       SYLOTI NAGRI VOWEL SIGN OO
+	{0xA82C, 0xA82C, prExtend},    // Mn       SYLOTI NAGRI SIGN ALTERNATE HASANTA
+	{0xA840, 0xA873, prOLetter},   // Lo  [52] PHAGS-PA LETTER KA..PHAGS-PA LETTER CANDRABINDU
+	{0xA876, 0xA877, prSTerm},     // Po   [2] PHAGS-PA MARK SHAD..PHAGS-PA MARK DOUBLE SHAD
+	{0xA880, 0xA881, prExtend},    // Mc   [2] SAURASHTRA SIGN ANUSVARA..SAURASHTRA SIGN VISARGA
+	{0xA882, 0xA8B3, prOLetter},   // Lo  [50] SAURASHTRA LETTER A..SAURASHTRA LETTER LLA
+	{0xA8B4, 0xA8C3, prExtend},    // Mc  [16] SAURASHTRA CONSONANT SIGN HAARU..SAURASHTRA VOWEL SIGN AU
+	{0xA8C4, 0xA8C5, prExtend},    // Mn   [2] SAURASHTRA SIGN VIRAMA..SAURASHTRA SIGN CANDRABINDU
+	{0xA8CE, 0xA8CF, prSTerm},     // Po   [2] SAURASHTRA DANDA..SAURASHTRA DOUBLE DANDA
+	{0xA8D0, 0xA8D9, prNumeric},   // Nd  [10] SAURASHTRA DIGIT ZERO..SAURASHTRA DIGIT NINE
+	{0xA8E0, 0xA8F1, prExtend},    // Mn  [18] COMBINING DEVANAGARI DIGIT ZERO..COMBINING DEVANAGARI SIGN AVAGRAHA
+	{0xA8F2, 0xA8F7, prOLetter},   // Lo   [6] DEVANAGARI SIGN SPACING CANDRABINDU..DEVANAGARI SIGN CANDRABINDU AVAGRAHA
+	{0xA8FB, 0xA8FB, prOLetter},   // Lo       DEVANAGARI HEADSTROKE
+	{0xA8FD, 0xA8FE, prOLetter},   // Lo   [2] DEVANAGARI JAIN OM..DEVANAGARI LETTER AY
+	{0xA8FF, 0xA8FF, prExtend},    // Mn       DEVANAGARI VOWEL SIGN AY
+	{0xA900, 0xA909, prNumeric},   // Nd  [10] KAYAH LI DIGIT ZERO..KAYAH LI DIGIT NINE
+	{0xA90A, 0xA925, prOLetter},   // Lo  [28] KAYAH LI LETTER KA..KAYAH LI LETTER OO
+	{0xA926, 0xA92D, prExtend},    // Mn   [8] KAYAH LI VOWEL UE..KAYAH LI TONE CALYA PLOPHU
+	{0xA92F, 0xA92F, prSTerm},     // Po       KAYAH LI SIGN SHYA
+	{0xA930, 0xA946, prOLetter},   // Lo  [23] REJANG LETTER KA..REJANG LETTER A
+	{0xA947, 0xA951, prExtend},    // Mn  [11] REJANG VOWEL SIGN I..REJANG CONSONANT SIGN R
+	{0xA952, 0xA953, prExtend},    // Mc   [2] REJANG CONSONANT SIGN H..REJANG VIRAMA
+	{0xA960, 0xA97C, prOLetter},   // Lo  [29] HANGUL CHOSEONG TIKEUT-MIEUM..HANGUL CHOSEONG SSANGYEORINHIEUH
+	{0xA980, 0xA982, prExtend},    // Mn   [3] JAVANESE SIGN PANYANGGA..JAVANESE SIGN LAYAR
+	{0xA983, 0xA983, prExtend},    // Mc       JAVANESE SIGN WIGNYAN
+	{0xA984, 0xA9B2, prOLetter},   // Lo  [47] JAVANESE LETTER A..JAVANESE LETTER HA
+	{0xA9B3, 0xA9B3, prExtend},    // Mn       JAVANESE SIGN CECAK TELU
+	{0xA9B4, 0xA9B5, prExtend},    // Mc   [2] JAVANESE VOWEL SIGN TARUNG..JAVANESE VOWEL SIGN TOLONG
+	{0xA9B6, 0xA9B9, prExtend},    // Mn   [4] JAVANESE VOWEL SIGN WULU..JAVANESE VOWEL SIGN SUKU MENDUT
+	{0xA9BA, 0xA9BB, prExtend},    // Mc   [2] JAVANESE VOWEL SIGN TALING..JAVANESE VOWEL SIGN DIRGA MURE
+	{0xA9BC, 0xA9BD, prExtend},    // Mn   [2] JAVANESE VOWEL SIGN PEPET..JAVANESE CONSONANT SIGN KERET
+	{0xA9BE, 0xA9C0, prExtend},    // Mc   [3] JAVANESE CONSONANT SIGN PENGKAL..JAVANESE PANGKON
+	{0xA9C8, 0xA9C9, prSTerm},     // Po   [2] JAVANESE PADA LINGSA..JAVANESE PADA LUNGSI
+	{0xA9CF, 0xA9CF, prOLetter},   // Lm       JAVANESE PANGRANGKEP
+	{0xA9D0, 0xA9D9, prNumeric},   // Nd  [10] JAVANESE DIGIT ZERO..JAVANESE DIGIT NINE
+	{0xA9E0, 0xA9E4, prOLetter},   // Lo   [5] MYANMAR LETTER SHAN GHA..MYANMAR LETTER SHAN BHA
+	{0xA9E5, 0xA9E5, prExtend},    // Mn       MYANMAR SIGN SHAN SAW
+	{0xA9E6, 0xA9E6, prOLetter},   // Lm       MYANMAR MODIFIER LETTER SHAN REDUPLICATION
+	{0xA9E7, 0xA9EF, prOLetter},   // Lo   [9] MYANMAR LETTER TAI LAING NYA..MYANMAR LETTER TAI LAING NNA
+	{0xA9F0, 0xA9F9, prNumeric},   // Nd  [10] MYANMAR TAI LAING DIGIT ZERO..MYANMAR TAI LAING DIGIT NINE
+	{0xA9FA, 0xA9FE, prOLetter},   // Lo   [5] MYANMAR LETTER TAI LAING LLA..MYANMAR LETTER TAI LAING BHA
+	{0xAA00, 0xAA28, prOLetter},   // Lo  [41] CHAM LETTER A..CHAM LETTER HA
+	{0xAA29, 0xAA2E, prExtend},    // Mn   [6] CHAM VOWEL SIGN AA..CHAM VOWEL SIGN OE
+	{0xAA2F, 0xAA30, prExtend},    // Mc   [2] CHAM VOWEL SIGN O..CHAM VOWEL SIGN AI
+	{0xAA31, 0xAA32, prExtend},    // Mn   [2] CHAM VOWEL SIGN AU..CHAM VOWEL SIGN UE
+	{0xAA33, 0xAA34, prExtend},    // Mc   [2] CHAM CONSONANT SIGN YA..CHAM CONSONANT SIGN RA
+	{0xAA35, 0xAA36, prExtend},    // Mn   [2] CHAM CONSONANT SIGN LA..CHAM CONSONANT SIGN WA
+	{0xAA40, 0xAA42, prOLetter},   // Lo   [3] CHAM LETTER FINAL K..CHAM LETTER FINAL NG
+	{0xAA43, 0xAA43, prExtend},    // Mn       CHAM CONSONANT SIGN FINAL NG
+	{0xAA44, 0xAA4B, prOLetter},   // Lo   [8] CHAM LETTER FINAL CH..CHAM LETTER FINAL SS
+	{0xAA4C, 0xAA4C, prExtend},    // Mn       CHAM CONSONANT SIGN FINAL M
+	{0xAA4D, 0xAA4D, prExtend},    // Mc       CHAM CONSONANT SIGN FINAL H
+	{0xAA50, 0xAA59, prNumeric},   // Nd  [10] CHAM DIGIT ZERO..CHAM DIGIT NINE
+	{0xAA5D, 0xAA5F, prSTerm},     // Po   [3] CHAM PUNCTUATION DANDA..CHAM PUNCTUATION TRIPLE DANDA
+	{0xAA60, 0xAA6F, prOLetter},   // Lo  [16] MYANMAR LETTER KHAMTI GA..MYANMAR LETTER KHAMTI FA
+	{0xAA70, 0xAA70, prOLetter},   // Lm       MYANMAR MODIFIER LETTER KHAMTI REDUPLICATION
+	{0xAA71, 0xAA76, prOLetter},   // Lo   [6] MYANMAR LETTER KHAMTI XA..MYANMAR LOGOGRAM KHAMTI HM
+	{0xAA7A, 0xAA7A, prOLetter},   // Lo       MYANMAR LETTER AITON RA
+	{0xAA7B, 0xAA7B, prExtend},    // Mc       MYANMAR SIGN PAO KAREN TONE
+	{0xAA7C, 0xAA7C, prExtend},    // Mn       MYANMAR SIGN TAI LAING TONE-2
+	{0xAA7D, 0xAA7D, prExtend},    // Mc       MYANMAR SIGN TAI LAING TONE-5
+	{0xAA7E, 0xAAAF, prOLetter},   // Lo  [50] MYANMAR LETTER SHWE PALAUNG CHA..TAI VIET LETTER HIGH O
+	{0xAAB0, 0xAAB0, prExtend},    // Mn       TAI VIET MAI KANG
+	{0xAAB1, 0xAAB1, prOLetter},   // Lo       TAI VIET VOWEL AA
+	{0xAAB2, 0xAAB4, prExtend},    // Mn   [3] TAI VIET VOWEL I..TAI VIET VOWEL U
+	{0xAAB5, 0xAAB6, prOLetter},   // Lo   [2] TAI VIET VOWEL E..TAI VIET VOWEL O
+	{0xAAB7, 0xAAB8, prExtend},    // Mn   [2] TAI VIET MAI KHIT..TAI VIET VOWEL IA
+	{0xAAB9, 0xAABD, prOLetter},   // Lo   [5] TAI VIET VOWEL UEA..TAI VIET VOWEL AN
+	{0xAABE, 0xAABF, prExtend},    // Mn   [2] TAI VIET VOWEL AM..TAI VIET TONE MAI EK
+	{0xAAC0, 0xAAC0, prOLetter},   // Lo       TAI VIET TONE MAI NUENG
+	{0xAAC1, 0xAAC1, prExtend},    // Mn       TAI VIET TONE MAI THO
+	{0xAAC2, 0xAAC2, prOLetter},   // Lo       TAI VIET TONE MAI SONG
+	{0xAADB, 0xAADC, prOLetter},   // Lo   [2] TAI VIET SYMBOL KON..TAI VIET SYMBOL NUENG
+	{0xAADD, 0xAADD, prOLetter},   // Lm       TAI VIET SYMBOL SAM
+	{0xAAE0, 0xAAEA, prOLetter},   // Lo  [11] MEETEI MAYEK LETTER E..MEETEI MAYEK LETTER SSA
+	{0xAAEB, 0xAAEB, prExtend},    // Mc       MEETEI MAYEK VOWEL SIGN II
+	{0xAAEC, 0xAAED, prExtend},    // Mn   [2] MEETEI MAYEK VOWEL SIGN UU..MEETEI MAYEK VOWEL SIGN AAI
+	{0xAAEE, 0xAAEF, prExtend},    // Mc   [2] MEETEI MAYEK VOWEL SIGN AU..MEETEI MAYEK VOWEL SIGN AAU
+	{0xAAF0, 0xAAF1, prSTerm},     // Po   [2] MEETEI MAYEK CHEIKHAN..MEETEI MAYEK AHANG KHUDAM
+	{0xAAF2, 0xAAF2, prOLetter},   // Lo       MEETEI MAYEK ANJI
+	{0xAAF3, 0xAAF4, prOLetter},   // Lm   [2] MEETEI MAYEK SYLLABLE REPETITION MARK..MEETEI MAYEK WORD REPETITION MARK
+	{0xAAF5, 0xAAF5, prExtend},    // Mc       MEETEI MAYEK VOWEL SIGN VISARGA
+	{0xAAF6, 0xAAF6, prExtend},    // Mn       MEETEI MAYEK VIRAMA
+	{0xAB01, 0xAB06, prOLetter},   // Lo   [6] ETHIOPIC SYLLABLE TTHU..ETHIOPIC SYLLABLE TTHO
+	{0xAB09, 0xAB0E, prOLetter},   // Lo   [6] ETHIOPIC SYLLABLE DDHU..ETHIOPIC SYLLABLE DDHO
+	{0xAB11, 0xAB16, prOLetter},   // Lo   [6] ETHIOPIC SYLLABLE DZU..ETHIOPIC SYLLABLE DZO
+	{0xAB20, 0xAB26, prOLetter},   // Lo   [7] ETHIOPIC SYLLABLE CCHHA..ETHIOPIC SYLLABLE CCHHO
+	{0xAB28, 0xAB2E, prOLetter},   // Lo   [7] ETHIOPIC SYLLABLE BBA..ETHIOPIC SYLLABLE BBO
+	{0xAB30, 0xAB5A, prLower},     // L&  [43] LATIN SMALL LETTER BARRED ALPHA..LATIN SMALL LETTER Y WITH SHORT RIGHT LEG
+	{0xAB5C, 0xAB5F, prLower},     // Lm   [4] MODIFIER LETTER SMALL HENG..MODIFIER LETTER SMALL U WITH LEFT HOOK
+	{0xAB60, 0xAB68, prLower},     // L&   [9] LATIN SMALL LETTER SAKHA YAT..LATIN SMALL LETTER TURNED R WITH MIDDLE TILDE
+	{0xAB69, 0xAB69, prOLetter},   // Lm       MODIFIER LETTER SMALL TURNED W
+	{0xAB70, 0xABBF, prLower},     // L&  [80] CHEROKEE SMALL LETTER A..CHEROKEE SMALL LETTER YA
+	{0xABC0, 0xABE2, prOLetter},   // Lo  [35] MEETEI MAYEK LETTER KOK..MEETEI MAYEK LETTER I LONSUM
+	{0xABE3, 0xABE4, prExtend},    // Mc   [2] MEETEI MAYEK VOWEL SIGN ONAP..MEETEI MAYEK VOWEL SIGN INAP
+	{0xABE5, 0xABE5, prExtend},    // Mn       MEETEI MAYEK VOWEL SIGN ANAP
+	{0xABE6, 0xABE7, prExtend},    // Mc   [2] MEETEI MAYEK VOWEL SIGN YENAP..MEETEI MAYEK VOWEL SIGN SOUNAP
+	{0xABE8, 0xABE8, prExtend},    // Mn       MEETEI MAYEK VOWEL SIGN UNAP
+	{0xABE9, 0xABEA, prExtend},    // Mc   [2] MEETEI MAYEK VOWEL SIGN CHEINAP..MEETEI MAYEK VOWEL SIGN NUNG
+	{0xABEB, 0xABEB, prSTerm},     // Po       MEETEI MAYEK CHEIKHEI
+	{0xABEC, 0xABEC, prExtend},    // Mc       MEETEI MAYEK LUM IYEK
+	{0xABED, 0xABED, prExtend},    // Mn       MEETEI MAYEK APUN IYEK
+	{0xABF0, 0xABF9, prNumeric},   // Nd  [10] MEETEI MAYEK DIGIT ZERO..MEETEI MAYEK DIGIT NINE
+	{0xAC00, 0xD7A3, prOLetter},   // Lo [11172] HANGUL SYLLABLE GA..HANGUL SYLLABLE HIH
+	{0xD7B0, 0xD7C6, prOLetter},   // Lo  [23] HANGUL JUNGSEONG O-YEO..HANGUL JUNGSEONG ARAEA-E
+	{0xD7CB, 0xD7FB, prOLetter},   // Lo  [49] HANGUL JONGSEONG NIEUN-RIEUL..HANGUL JONGSEONG PHIEUPH-THIEUTH
+	{0xF900, 0xFA6D, prOLetter},   // Lo [366] CJK COMPATIBILITY IDEOGRAPH-F900..CJK COMPATIBILITY IDEOGRAPH-FA6D
+	{0xFA70, 0xFAD9, prOLetter},   // Lo [106] CJK COMPATIBILITY IDEOGRAPH-FA70..CJK COMPATIBILITY IDEOGRAPH-FAD9
+	{0xFB00, 0xFB06, prLower},     // L&   [7] LATIN SMALL LIGATURE FF..LATIN SMALL LIGATURE ST
+	{0xFB13, 0xFB17, prLower},     // L&   [5] ARMENIAN SMALL LIGATURE MEN NOW..ARMENIAN SMALL LIGATURE MEN XEH
+	{0xFB1D, 0xFB1D, prOLetter},   // Lo       HEBREW LETTER YOD WITH HIRIQ
+	{0xFB1E, 0xFB1E, prExtend},    // Mn       HEBREW POINT JUDEO-SPANISH VARIKA
+	{0xFB1F, 0xFB28, prOLetter},   // Lo  [10] HEBREW LIGATURE YIDDISH YOD YOD PATAH..HEBREW LETTER WIDE TAV
+	{0xFB2A, 0xFB36, prOLetter},   // Lo  [13] HEBREW LETTER SHIN WITH SHIN DOT..HEBREW LETTER ZAYIN WITH DAGESH
+	{0xFB38, 0xFB3C, prOLetter},   // Lo   [5] HEBREW LETTER TET WITH DAGESH..HEBREW LETTER LAMED WITH DAGESH
+	{0xFB3E, 0xFB3E, prOLetter},   // Lo       HEBREW LETTER MEM WITH DAGESH
+	{0xFB40, 0xFB41, prOLetter},   // Lo   [2] HEBREW LETTER NUN WITH DAGESH..HEBREW LETTER SAMEKH WITH DAGESH
+	{0xFB43, 0xFB44, prOLetter},   // Lo   [2] HEBREW LETTER FINAL PE WITH DAGESH..HEBREW LETTER PE WITH DAGESH
+	{0xFB46, 0xFBB1, prOLetter},   // Lo [108] HEBREW LETTER TSADI WITH DAGESH..ARABIC LETTER YEH BARREE WITH HAMZA ABOVE FINAL FORM
+	{0xFBD3, 0xFD3D, prOLetter},   // Lo [363] ARABIC LETTER NG ISOLATED FORM..ARABIC LIGATURE ALEF WITH FATHATAN ISOLATED FORM
+	{0xFD3E, 0xFD3E, prClose},     // Pe       ORNATE LEFT PARENTHESIS
+	{0xFD3F, 0xFD3F, prClose},     // Ps       ORNATE RIGHT PARENTHESIS
+	{0xFD50, 0xFD8F, prOLetter},   // Lo  [64] ARABIC LIGATURE TEH WITH JEEM WITH MEEM INITIAL FORM..ARABIC LIGATURE MEEM WITH KHAH WITH MEEM INITIAL FORM
+	{0xFD92, 0xFDC7, prOLetter},   // Lo  [54] ARABIC LIGATURE MEEM WITH JEEM WITH KHAH INITIAL FORM..ARABIC LIGATURE NOON WITH JEEM WITH YEH FINAL FORM
+	{0xFDF0, 0xFDFB, prOLetter},   // Lo  [12] ARABIC LIGATURE SALLA USED AS KORANIC STOP SIGN ISOLATED FORM..ARABIC LIGATURE JALLAJALALOUHOU
+	{0xFE00, 0xFE0F, prExtend},    // Mn  [16] VARIATION SELECTOR-1..VARIATION SELECTOR-16
+	{0xFE10, 0xFE11, prSContinue}, // Po   [2] PRESENTATION FORM FOR VERTICAL COMMA..PRESENTATION FORM FOR VERTICAL IDEOGRAPHIC COMMA
+	{0xFE13, 0xFE13, prSContinue}, // Po       PRESENTATION FORM FOR VERTICAL COLON
+	{0xFE17, 0xFE17, prClose},     // Ps       PRESENTATION FORM FOR VERTICAL LEFT WHITE LENTICULAR BRACKET
+	{0xFE18, 0xFE18, prClose},     // Pe       PRESENTATION FORM FOR VERTICAL RIGHT WHITE LENTICULAR BRAKCET
+	{0xFE20, 0xFE2F, prExtend},    // Mn  [16] COMBINING LIGATURE LEFT HALF..COMBINING CYRILLIC TITLO RIGHT HALF
+	{0xFE31, 0xFE32, prSContinue}, // Pd   [2] PRESENTATION FORM FOR VERTICAL EM DASH..PRESENTATION FORM FOR VERTICAL EN DASH
+	{0xFE35, 0xFE35, prClose},     // Ps       PRESENTATION FORM FOR VERTICAL LEFT PARENTHESIS
+	{0xFE36, 0xFE36, prClose},     // Pe       PRESENTATION FORM FOR VERTICAL RIGHT PARENTHESIS
+	{0xFE37, 0xFE37, prClose},     // Ps       PRESENTATION FORM FOR VERTICAL LEFT CURLY BRACKET
+	{0xFE38, 0xFE38, prClose},     // Pe       PRESENTATION FORM FOR VERTICAL RIGHT CURLY BRACKET
+	{0xFE39, 0xFE39, prClose},     // Ps       PRESENTATION FORM FOR VERTICAL LEFT TORTOISE SHELL BRACKET
+	{0xFE3A, 0xFE3A, prClose},     // Pe       PRESENTATION FORM FOR VERTICAL RIGHT TORTOISE SHELL BRACKET
+	{0xFE3B, 0xFE3B, prClose},     // Ps       PRESENTATION FORM FOR VERTICAL LEFT BLACK LENTICULAR BRACKET
+	{0xFE3C, 0xFE3C, prClose},     // Pe       PRESENTATION FORM FOR VERTICAL RIGHT BLACK LENTICULAR BRACKET
+	{0xFE3D, 0xFE3D, prClose},     // Ps       PRESENTATION FORM FOR VERTICAL LEFT DOUBLE ANGLE BRACKET
+	{0xFE3E, 0xFE3E, prClose},     // Pe       PRESENTATION FORM FOR VERTICAL RIGHT DOUBLE ANGLE BRACKET
+	{0xFE3F, 0xFE3F, prClose},     // Ps       PRESENTATION FORM FOR VERTICAL LEFT ANGLE BRACKET
+	{0xFE40, 0xFE40, prClose},     // Pe       PRESENTATION FORM FOR VERTICAL RIGHT ANGLE BRACKET
+	{0xFE41, 0xFE41, prClose},     // Ps       PRESENTATION FORM FOR VERTICAL LEFT CORNER BRACKET
+	{0xFE42, 0xFE42, prClose},     // Pe       PRESENTATION FORM FOR VERTICAL RIGHT CORNER BRACKET
+	{0xFE43, 0xFE43, prClose},     // Ps       PRESENTATION FORM FOR VERTICAL LEFT WHITE CORNER BRACKET
+	{0xFE44, 0xFE44, prClose},     // Pe       PRESENTATION FORM FOR VERTICAL RIGHT WHITE CORNER BRACKET
+	{0xFE47, 0xFE47, prClose},     // Ps       PRESENTATION FORM FOR VERTICAL LEFT SQUARE BRACKET
+	{0xFE48, 0xFE48, prClose},     // Pe       PRESENTATION FORM FOR VERTICAL RIGHT SQUARE BRACKET
+	{0xFE50, 0xFE51, prSContinue}, // Po   [2] SMALL COMMA..SMALL IDEOGRAPHIC COMMA
+	{0xFE52, 0xFE52, prATerm},     // Po       SMALL FULL STOP
+	{0xFE55, 0xFE55, prSContinue}, // Po       SMALL COLON
+	{0xFE56, 0xFE57, prSTerm},     // Po   [2] SMALL QUESTION MARK..SMALL EXCLAMATION MARK
+	{0xFE58, 0xFE58, prSContinue}, // Pd       SMALL EM DASH
+	{0xFE59, 0xFE59, prClose},     // Ps       SMALL LEFT PARENTHESIS
+	{0xFE5A, 0xFE5A, prClose},     // Pe       SMALL RIGHT PARENTHESIS
+	{0xFE5B, 0xFE5B, prClose},     // Ps       SMALL LEFT CURLY BRACKET
+	{0xFE5C, 0xFE5C, prClose},     // Pe       SMALL RIGHT CURLY BRACKET
+	{0xFE5D, 0xFE5D, prClose},     // Ps       SMALL LEFT TORTOISE SHELL BRACKET
+	{0xFE5E, 0xFE5E, prClose},     // Pe       SMALL RIGHT TORTOISE SHELL BRACKET
+	{0xFE63, 0xFE63, prSContinue}, // Pd       SMALL HYPHEN-MINUS
+	{0xFE70, 0xFE74, prOLetter},   // Lo   [5] ARABIC FATHATAN ISOLATED FORM..ARABIC KASRATAN ISOLATED FORM
+	{0xFE76, 0xFEFC, prOLetter},   // Lo [135] ARABIC FATHA ISOLATED FORM..ARABIC LIGATURE LAM WITH ALEF FINAL FORM
+	{0xFEFF, 0xFEFF, prFormat},    // Cf       ZERO WIDTH NO-BREAK SPACE
+	{0xFF01, 0xFF01, prSTerm},     // Po       FULLWIDTH EXCLAMATION MARK
+	{0xFF08, 0xFF08, prClose},     // Ps       FULLWIDTH LEFT PARENTHESIS
+	{0xFF09, 0xFF09, prClose},     // Pe       FULLWIDTH RIGHT PARENTHESIS
+	{0xFF0C, 0xFF0C, prSContinue}, // Po       FULLWIDTH COMMA
+	{0xFF0D, 0xFF0D, prSContinue}, // Pd       FULLWIDTH HYPHEN-MINUS
+	{0xFF0E, 0xFF0E, prATerm},     // Po       FULLWIDTH FULL STOP
+	{0xFF10, 0xFF19, prNumeric},   // Nd  [10] FULLWIDTH DIGIT ZERO..FULLWIDTH DIGIT NINE
+	{0xFF1A, 0xFF1A, prSContinue}, // Po       FULLWIDTH COLON
+	{0xFF1F, 0xFF1F, prSTerm},     // Po       FULLWIDTH QUESTION MARK
+	{0xFF21, 0xFF3A, prUpper},     // L&  [26] FULLWIDTH LATIN CAPITAL LETTER A..FULLWIDTH LATIN CAPITAL LETTER Z
+	{0xFF3B, 0xFF3B, prClose},     // Ps       FULLWIDTH LEFT SQUARE BRACKET
+	{0xFF3D, 0xFF3D, prClose},     // Pe       FULLWIDTH RIGHT SQUARE BRACKET
+	{0xFF41, 0xFF5A, prLower},     // L&  [26] FULLWIDTH LATIN SMALL LETTER A..FULLWIDTH LATIN SMALL LETTER Z
+	{0xFF5B, 0xFF5B, prClose},     // Ps       FULLWIDTH LEFT CURLY BRACKET
+	{0xFF5D, 0xFF5D, prClose},     // Pe       FULLWIDTH RIGHT CURLY BRACKET
+	{0xFF5F, 0xFF5F, prClose},     // Ps       FULLWIDTH LEFT WHITE PARENTHESIS
+	{0xFF60, 0xFF60, prClose},     // Pe       FULLWIDTH RIGHT WHITE PARENTHESIS
+	{0xFF61, 0xFF61, prSTerm},     // Po       HALFWIDTH IDEOGRAPHIC FULL STOP
+	{0xFF62, 0xFF62, prClose},     // Ps       HALFWIDTH LEFT CORNER BRACKET
+	{0xFF63, 0xFF63, prClose},     // Pe       HALFWIDTH RIGHT CORNER BRACKET
+	{0xFF64, 0xFF64, prSContinue}, // Po       HALFWIDTH IDEOGRAPHIC COMMA
+	{0xFF66, 0xFF6F, prOLetter},   // Lo  [10] HALFWIDTH KATAKANA LETTER WO..HALFWIDTH KATAKANA LETTER SMALL TU
+	{0xFF70, 0xFF70, prOLetter},   // Lm       HALFWIDTH KATAKANA-HIRAGANA PROLONGED SOUND MARK
+	{0xFF71, 0xFF9D, prOLetter},   // Lo  [45] HALFWIDTH KATAKANA LETTER A..HALFWIDTH KATAKANA LETTER N
+	{0xFF9E, 0xFF9F, prExtend},    // Lm   [2] HALFWIDTH KATAKANA VOICED SOUND MARK..HALFWIDTH KATAKANA SEMI-VOICED SOUND MARK
+	{0xFFA0, 0xFFBE, prOLetter},   // Lo  [31] HALFWIDTH HANGUL FILLER..HALFWIDTH HANGUL LETTER HIEUH
+	{0xFFC2, 0xFFC7, prOLetter},   // Lo   [6] HALFWIDTH HANGUL LETTER A..HALFWIDTH HANGUL LETTER E
+	{0xFFCA, 0xFFCF, prOLetter},   // Lo   [6] HALFWIDTH HANGUL LETTER YEO..HALFWIDTH HANGUL LETTER OE
+	{0xFFD2, 0xFFD7, prOLetter},   // Lo   [6] HALFWIDTH HANGUL LETTER YO..HALFWIDTH HANGUL LETTER YU
+	{0xFFDA, 0xFFDC, prOLetter},   // Lo   [3] HALFWIDTH HANGUL LETTER EU..HALFWIDTH HANGUL LETTER I
+	{0xFFF9, 0xFFFB, prFormat},    // Cf   [3] INTERLINEAR ANNOTATION ANCHOR..INTERLINEAR ANNOTATION TERMINATOR
+	{0x10000, 0x1000B, prOLetter}, // Lo  [12] LINEAR B SYLLABLE B008 A..LINEAR B SYLLABLE B046 JE
+	{0x1000D, 0x10026, prOLetter}, // Lo  [26] LINEAR B SYLLABLE B036 JO..LINEAR B SYLLABLE B032 QO
+	{0x10028, 0x1003A, prOLetter}, // Lo  [19] LINEAR B SYLLABLE B060 RA..LINEAR B SYLLABLE B042 WO
+	{0x1003C, 0x1003D, prOLetter}, // Lo   [2] LINEAR B SYLLABLE B017 ZA..LINEAR B SYLLABLE B074 ZE
+	{0x1003F, 0x1004D, prOLetter}, // Lo  [15] LINEAR B SYLLABLE B020 ZO..LINEAR B SYLLABLE B091 TWO
+	{0x10050, 0x1005D, prOLetter}, // Lo  [14] LINEAR B SYMBOL B018..LINEAR B SYMBOL B089
+	{0x10080, 0x100FA, prOLetter}, // Lo [123] LINEAR B IDEOGRAM B100 MAN..LINEAR B IDEOGRAM VESSEL B305
+	{0x10140, 0x10174, prOLetter}, // Nl  [53] GREEK ACROPHONIC ATTIC ONE QUARTER..GREEK ACROPHONIC STRATIAN FIFTY MNAS
+	{0x101FD, 0x101FD, prExtend},  // Mn       PHAISTOS DISC SIGN COMBINING OBLIQUE STROKE
+	{0x10280, 0x1029C, prOLetter}, // Lo  [29] LYCIAN LETTER A..LYCIAN LETTER X
+	{0x102A0, 0x102D0, prOLetter}, // Lo  [49] CARIAN LETTER A..CARIAN LETTER UUU3
+	{0x102E0, 0x102E0, prExtend},  // Mn       COPTIC EPACT THOUSANDS MARK
+	{0x10300, 0x1031F, prOLetter}, // Lo  [32] OLD ITALIC LETTER A..OLD ITALIC LETTER ESS
+	{0x1032D, 0x10340, prOLetter}, // Lo  [20] OLD ITALIC LETTER YE..GOTHIC LETTER PAIRTHRA
+	{0x10341, 0x10341, prOLetter}, // Nl       GOTHIC LETTER NINETY
+	{0x10342, 0x10349, prOLetter}, // Lo   [8] GOTHIC LETTER RAIDA..GOTHIC LETTER OTHAL
+	{0x1034A, 0x1034A, prOLetter}, // Nl       GOTHIC LETTER NINE HUNDRED
+	{0x10350, 0x10375, prOLetter}, // Lo  [38] OLD PERMIC LETTER AN..OLD PERMIC LETTER IA
+	{0x10376, 0x1037A, prExtend},  // Mn   [5] COMBINING OLD PERMIC LETTER AN..COMBINING OLD PERMIC LETTER SII
+	{0x10380, 0x1039D, prOLetter}, // Lo  [30] UGARITIC LETTER ALPA..UGARITIC LETTER SSU
+	{0x103A0, 0x103C3, prOLetter}, // Lo  [36] OLD PERSIAN SIGN A..OLD PERSIAN SIGN HA
+	{0x103C8, 0x103CF, prOLetter}, // Lo   [8] OLD PERSIAN SIGN AURAMAZDAA..OLD PERSIAN SIGN BUUMISH
+	{0x103D1, 0x103D5, prOLetter}, // Nl   [5] OLD PERSIAN NUMBER ONE..OLD PERSIAN NUMBER HUNDRED
+	{0x10400, 0x10427, prUpper},   // L&  [40] DESERET CAPITAL LETTER LONG I..DESERET CAPITAL LETTER EW
+	{0x10428, 0x1044F, prLower},   // L&  [40] DESERET SMALL LETTER LONG I..DESERET SMALL LETTER EW
+	{0x10450, 0x1049D, prOLetter}, // Lo  [78] SHAVIAN LETTER PEEP..OSMANYA LETTER OO
+	{0x104A0, 0x104A9, prNumeric}, // Nd  [10] OSMANYA DIGIT ZERO..OSMANYA DIGIT NINE
+	{0x104B0, 0x104D3, prUpper},   // L&  [36] OSAGE CAPITAL LETTER A..OSAGE CAPITAL LETTER ZHA
+	{0x104D8, 0x104FB, prLower},   // L&  [36] OSAGE SMALL LETTER A..OSAGE SMALL LETTER ZHA
+	{0x10500, 0x10527, prOLetter}, // Lo  [40] ELBASAN LETTER A..ELBASAN LETTER KHE
+	{0x10530, 0x10563, prOLetter}, // Lo  [52] CAUCASIAN ALBANIAN LETTER ALT..CAUCASIAN ALBANIAN LETTER KIW
+	{0x10570, 0x1057A, prUpper},   // L&  [11] VITHKUQI CAPITAL LETTER A..VITHKUQI CAPITAL LETTER GA
+	{0x1057C, 0x1058A, prUpper},   // L&  [15] VITHKUQI CAPITAL LETTER HA..VITHKUQI CAPITAL LETTER RE
+	{0x1058C, 0x10592, prUpper},   // L&   [7] VITHKUQI CAPITAL LETTER SE..VITHKUQI CAPITAL LETTER XE
+	{0x10594, 0x10595, prUpper},   // L&   [2] VITHKUQI CAPITAL LETTER Y..VITHKUQI CAPITAL LETTER ZE
+	{0x10597, 0x105A1, prLower},   // L&  [11] VITHKUQI SMALL LETTER A..VITHKUQI SMALL LETTER GA
+	{0x105A3, 0x105B1, prLower},   // L&  [15] VITHKUQI SMALL LETTER HA..VITHKUQI SMALL LETTER RE
+	{0x105B3, 0x105B9, prLower},   // L&   [7] VITHKUQI SMALL LETTER SE..VITHKUQI SMALL LETTER XE
+	{0x105BB, 0x105BC, prLower},   // L&   [2] VITHKUQI SMALL LETTER Y..VITHKUQI SMALL LETTER ZE
+	{0x10600, 0x10736, prOLetter}, // Lo [311] LINEAR A SIGN AB001..LINEAR A SIGN A664
+	{0x10740, 0x10755, prOLetter}, // Lo  [22] LINEAR A SIGN A701 A..LINEAR A SIGN A732 JE
+	{0x10760, 0x10767, prOLetter}, // Lo   [8] LINEAR A SIGN A800..LINEAR A SIGN A807
+	{0x10780, 0x10780, prLower},   // Lm       MODIFIER LETTER SMALL CAPITAL AA
+	{0x10781, 0x10782, prOLetter}, // Lm   [2] MODIFIER LETTER SUPERSCRIPT TRIANGULAR COLON..MODIFIER LETTER SUPERSCRIPT HALF TRIANGULAR COLON
+	{0x10783, 0x10785, prLower},   // Lm   [3] MODIFIER LETTER SMALL AE..MODIFIER LETTER SMALL B WITH HOOK
+	{0x10787, 0x107B0, prLower},   // Lm  [42] MODIFIER LETTER SMALL DZ DIGRAPH..MODIFIER LETTER SMALL V WITH RIGHT HOOK
+	{0x107B2, 0x107BA, prLower},   // Lm   [9] MODIFIER LETTER SMALL CAPITAL Y..MODIFIER LETTER SMALL S WITH CURL
+	{0x10800, 0x10805, prOLetter}, // Lo   [6] CYPRIOT SYLLABLE A..CYPRIOT SYLLABLE JA
+	{0x10808, 0x10808, prOLetter}, // Lo       CYPRIOT SYLLABLE JO
+	{0x1080A, 0x10835, prOLetter}, // Lo  [44] CYPRIOT SYLLABLE KA..CYPRIOT SYLLABLE WO
+	{0x10837, 0x10838, prOLetter}, // Lo   [2] CYPRIOT SYLLABLE XA..CYPRIOT SYLLABLE XE
+	{0x1083C, 0x1083C, prOLetter}, // Lo       CYPRIOT SYLLABLE ZA
+	{0x1083F, 0x10855, prOLetter}, // Lo  [23] CYPRIOT SYLLABLE ZO..IMPERIAL ARAMAIC LETTER TAW
+	{0x10860, 0x10876, prOLetter}, // Lo  [23] PALMYRENE LETTER ALEPH..PALMYRENE LETTER TAW
+	{0x10880, 0x1089E, prOLetter}, // Lo  [31] NABATAEAN LETTER FINAL ALEPH..NABATAEAN LETTER TAW
+	{0x108E0, 0x108F2, prOLetter}, // Lo  [19] HATRAN LETTER ALEPH..HATRAN LETTER QOPH
+	{0x108F4, 0x108F5, prOLetter}, // Lo   [2] HATRAN LETTER SHIN..HATRAN LETTER TAW
+	{0x10900, 0x10915, prOLetter}, // Lo  [22] PHOENICIAN LETTER ALF..PHOENICIAN LETTER TAU
+	{0x10920, 0x10939, prOLetter}, // Lo  [26] LYDIAN LETTER A..LYDIAN LETTER C
+	{0x10980, 0x109B7, prOLetter}, // Lo  [56] MEROITIC HIEROGLYPHIC LETTER A..MEROITIC CURSIVE LETTER DA
+	{0x109BE, 0x109BF, prOLetter}, // Lo   [2] MEROITIC CURSIVE LOGOGRAM RMT..MEROITIC CURSIVE LOGOGRAM IMN
+	{0x10A00, 0x10A00, prOLetter}, // Lo       KHAROSHTHI LETTER A
+	{0x10A01, 0x10A03, prExtend},  // Mn   [3] KHAROSHTHI VOWEL SIGN I..KHAROSHTHI VOWEL SIGN VOCALIC R
+	{0x10A05, 0x10A06, prExtend},  // Mn   [2] KHAROSHTHI VOWEL SIGN E..KHAROSHTHI VOWEL SIGN O
+	{0x10A0C, 0x10A0F, prExtend},  // Mn   [4] KHAROSHTHI VOWEL LENGTH MARK..KHAROSHTHI SIGN VISARGA
+	{0x10A10, 0x10A13, prOLetter}, // Lo   [4] KHAROSHTHI LETTER KA..KHAROSHTHI LETTER GHA
+	{0x10A15, 0x10A17, prOLetter}, // Lo   [3] KHAROSHTHI LETTER CA..KHAROSHTHI LETTER JA
+	{0x10A19, 0x10A35, prOLetter}, // Lo  [29] KHAROSHTHI LETTER NYA..KHAROSHTHI LETTER VHA
+	{0x10A38, 0x10A3A, prExtend},  // Mn   [3] KHAROSHTHI SIGN BAR ABOVE..KHAROSHTHI SIGN DOT BELOW
+	{0x10A3F, 0x10A3F, prExtend},  // Mn       KHAROSHTHI VIRAMA
+	{0x10A56, 0x10A57, prSTerm},   // Po   [2] KHAROSHTHI PUNCTUATION DANDA..KHAROSHTHI PUNCTUATION DOUBLE DANDA
+	{0x10A60, 0x10A7C, prOLetter}, // Lo  [29] OLD SOUTH ARABIAN LETTER HE..OLD SOUTH ARABIAN LETTER THETH
+	{0x10A80, 0x10A9C, prOLetter}, // Lo  [29] OLD NORTH ARABIAN LETTER HEH..OLD NORTH ARABIAN LETTER ZAH
+	{0x10AC0, 0x10AC7, prOLetter}, // Lo   [8] MANICHAEAN LETTER ALEPH..MANICHAEAN LETTER WAW
+	{0x10AC9, 0x10AE4, prOLetter}, // Lo  [28] MANICHAEAN LETTER ZAYIN..MANICHAEAN LETTER TAW
+	{0x10AE5, 0x10AE6, prExtend},  // Mn   [2] MANICHAEAN ABBREVIATION MARK ABOVE..MANICHAEAN ABBREVIATION MARK BELOW
+	{0x10B00, 0x10B35, prOLetter}, // Lo  [54] AVESTAN LETTER A..AVESTAN LETTER HE
+	{0x10B40, 0x10B55, prOLetter}, // Lo  [22] INSCRIPTIONAL PARTHIAN LETTER ALEPH..INSCRIPTIONAL PARTHIAN LETTER TAW
+	{0x10B60, 0x10B72, prOLetter}, // Lo  [19] INSCRIPTIONAL PAHLAVI LETTER ALEPH..INSCRIPTIONAL PAHLAVI LETTER TAW
+	{0x10B80, 0x10B91, prOLetter}, // Lo  [18] PSALTER PAHLAVI LETTER ALEPH..PSALTER PAHLAVI LETTER TAW
+	{0x10C00, 0x10C48, prOLetter}, // Lo  [73] OLD TURKIC LETTER ORKHON A..OLD TURKIC LETTER ORKHON BASH
+	{0x10C80, 0x10CB2, prUpper},   // L&  [51] OLD HUNGARIAN CAPITAL LETTER A..OLD HUNGARIAN CAPITAL LETTER US
+	{0x10CC0, 0x10CF2, prLower},   // L&  [51] OLD HUNGARIAN SMALL LETTER A..OLD HUNGARIAN SMALL LETTER US
+	{0x10D00, 0x10D23, prOLetter}, // Lo  [36] HANIFI ROHINGYA LETTER A..HANIFI ROHINGYA MARK NA KHONNA
+	{0x10D24, 0x10D27, prExtend},  // Mn   [4] HANIFI ROHINGYA SIGN HARBAHAY..HANIFI ROHINGYA SIGN TASSI
+	{0x10D30, 0x10D39, prNumeric}, // Nd  [10] HANIFI ROHINGYA DIGIT ZERO..HANIFI ROHINGYA DIGIT NINE
+	{0x10E80, 0x10EA9, prOLetter}, // Lo  [42] YEZIDI LETTER ELIF..YEZIDI LETTER ET
+	{0x10EAB, 0x10EAC, prExtend},  // Mn   [2] YEZIDI COMBINING HAMZA MARK..YEZIDI COMBINING MADDA MARK
+	{0x10EB0, 0x10EB1, prOLetter}, // Lo   [2] YEZIDI LETTER LAM WITH DOT ABOVE..YEZIDI LETTER YOT WITH CIRCUMFLEX ABOVE
+	{0x10F00, 0x10F1C, prOLetter}, // Lo  [29] OLD SOGDIAN LETTER ALEPH..OLD SOGDIAN LETTER FINAL TAW WITH VERTICAL TAIL
+	{0x10F27, 0x10F27, prOLetter}, // Lo       OLD SOGDIAN LIGATURE AYIN-DALETH
+	{0x10F30, 0x10F45, prOLetter}, // Lo  [22] SOGDIAN LETTER ALEPH..SOGDIAN INDEPENDENT SHIN
+	{0x10F46, 0x10F50, prExtend},  // Mn  [11] SOGDIAN COMBINING DOT BELOW..SOGDIAN COMBINING STROKE BELOW
+	{0x10F55, 0x10F59, prSTerm},   // Po   [5] SOGDIAN PUNCTUATION TWO VERTICAL BARS..SOGDIAN PUNCTUATION HALF CIRCLE WITH DOT
+	{0x10F70, 0x10F81, prOLetter}, // Lo  [18] OLD UYGHUR LETTER ALEPH..OLD UYGHUR LETTER LESH
+	{0x10F82, 0x10F85, prExtend},  // Mn   [4] OLD UYGHUR COMBINING DOT ABOVE..OLD UYGHUR COMBINING TWO DOTS BELOW
+	{0x10F86, 0x10F89, prSTerm},   // Po   [4] OLD UYGHUR PUNCTUATION BAR..OLD UYGHUR PUNCTUATION FOUR DOTS
+	{0x10FB0, 0x10FC4, prOLetter}, // Lo  [21] CHORASMIAN LETTER ALEPH..CHORASMIAN LETTER TAW
+	{0x10FE0, 0x10FF6, prOLetter}, // Lo  [23] ELYMAIC LETTER ALEPH..ELYMAIC LIGATURE ZAYIN-YODH
+	{0x11000, 0x11000, prExtend},  // Mc       BRAHMI SIGN CANDRABINDU
+	{0x11001, 0x11001, prExtend},  // Mn       BRAHMI SIGN ANUSVARA
+	{0x11002, 0x11002, prExtend},  // Mc       BRAHMI SIGN VISARGA
+	{0x11003, 0x11037, prOLetter}, // Lo  [53] BRAHMI SIGN JIHVAMULIYA..BRAHMI LETTER OLD TAMIL NNNA
+	{0x11038, 0x11046, prExtend},  // Mn  [15] BRAHMI VOWEL SIGN AA..BRAHMI VIRAMA
+	{0x11047, 0x11048, prSTerm},   // Po   [2] BRAHMI DANDA..BRAHMI DOUBLE DANDA
+	{0x11066, 0x1106F, prNumeric}, // Nd  [10] BRAHMI DIGIT ZERO..BRAHMI DIGIT NINE
+	{0x11070, 0x11070, prExtend},  // Mn       BRAHMI SIGN OLD TAMIL VIRAMA
+	{0x11071, 0x11072, prOLetter}, // Lo   [2] BRAHMI LETTER OLD TAMIL SHORT E..BRAHMI LETTER OLD TAMIL SHORT O
+	{0x11073, 0x11074, prExtend},  // Mn   [2] BRAHMI VOWEL SIGN OLD TAMIL SHORT E..BRAHMI VOWEL SIGN OLD TAMIL SHORT O
+	{0x11075, 0x11075, prOLetter}, // Lo       BRAHMI LETTER OLD TAMIL LLA
+	{0x1107F, 0x11081, prExtend},  // Mn   [3] BRAHMI NUMBER JOINER..KAITHI SIGN ANUSVARA
+	{0x11082, 0x11082, prExtend},  // Mc       KAITHI SIGN VISARGA
+	{0x11083, 0x110AF, prOLetter}, // Lo  [45] KAITHI LETTER A..KAITHI LETTER HA
+	{0x110B0, 0x110B2, prExtend},  // Mc   [3] KAITHI VOWEL SIGN AA..KAITHI VOWEL SIGN II
+	{0x110B3, 0x110B6, prExtend},  // Mn   [4] KAITHI VOWEL SIGN U..KAITHI VOWEL SIGN AI
+	{0x110B7, 0x110B8, prExtend},  // Mc   [2] KAITHI VOWEL SIGN O..KAITHI VOWEL SIGN AU
+	{0x110B9, 0x110BA, prExtend},  // Mn   [2] KAITHI SIGN VIRAMA..KAITHI SIGN NUKTA
+	{0x110BD, 0x110BD, prFormat},  // Cf       KAITHI NUMBER SIGN
+	{0x110BE, 0x110C1, prSTerm},   // Po   [4] KAITHI SECTION MARK..KAITHI DOUBLE DANDA
+	{0x110C2, 0x110C2, prExtend},  // Mn       KAITHI VOWEL SIGN VOCALIC R
+	{0x110CD, 0x110CD, prFormat},  // Cf       KAITHI NUMBER SIGN ABOVE
+	{0x110D0, 0x110E8, prOLetter}, // Lo  [25] SORA SOMPENG LETTER SAH..SORA SOMPENG LETTER MAE
+	{0x110F0, 0x110F9, prNumeric}, // Nd  [10] SORA SOMPENG DIGIT ZERO..SORA SOMPENG DIGIT NINE
+	{0x11100, 0x11102, prExtend},  // Mn   [3] CHAKMA SIGN CANDRABINDU..CHAKMA SIGN VISARGA
+	{0x11103, 0x11126, prOLetter}, // Lo  [36] CHAKMA LETTER AA..CHAKMA LETTER HAA
+	{0x11127, 0x1112B, prExtend},  // Mn   [5] CHAKMA VOWEL SIGN A..CHAKMA VOWEL SIGN UU
+	{0x1112C, 0x1112C, prExtend},  // Mc       CHAKMA VOWEL SIGN E
+	{0x1112D, 0x11134, prExtend},  // Mn   [8] CHAKMA VOWEL SIGN AI..CHAKMA MAAYYAA
+	{0x11136, 0x1113F, prNumeric}, // Nd  [10] CHAKMA DIGIT ZERO..CHAKMA DIGIT NINE
+	{0x11141, 0x11143, prSTerm},   // Po   [3] CHAKMA DANDA..CHAKMA QUESTION MARK
+	{0x11144, 0x11144, prOLetter}, // Lo       CHAKMA LETTER LHAA
+	{0x11145, 0x11146, prExtend},  // Mc   [2] CHAKMA VOWEL SIGN AA..CHAKMA VOWEL SIGN EI
+	{0x11147, 0x11147, prOLetter}, // Lo       CHAKMA LETTER VAA
+	{0x11150, 0x11172, prOLetter}, // Lo  [35] MAHAJANI LETTER A..MAHAJANI LETTER RRA
+	{0x11173, 0x11173, prExtend},  // Mn       MAHAJANI SIGN NUKTA
+	{0x11176, 0x11176, prOLetter}, // Lo       MAHAJANI LIGATURE SHRI
+	{0x11180, 0x11181, prExtend},  // Mn   [2] SHARADA SIGN CANDRABINDU..SHARADA SIGN ANUSVARA
+	{0x11182, 0x11182, prExtend},  // Mc       SHARADA SIGN VISARGA
+	{0x11183, 0x111B2, prOLetter}, // Lo  [48] SHARADA LETTER A..SHARADA LETTER HA
+	{0x111B3, 0x111B5, prExtend},  // Mc   [3] SHARADA VOWEL SIGN AA..SHARADA VOWEL SIGN II
+	{0x111B6, 0x111BE, prExtend},  // Mn   [9] SHARADA VOWEL SIGN U..SHARADA VOWEL SIGN O
+	{0x111BF, 0x111C0, prExtend},  // Mc   [2] SHARADA VOWEL SIGN AU..SHARADA SIGN VIRAMA
+	{0x111C1, 0x111C4, prOLetter}, // Lo   [4] SHARADA SIGN AVAGRAHA..SHARADA OM
+	{0x111C5, 0x111C6, prSTerm},   // Po   [2] SHARADA DANDA..SHARADA DOUBLE DANDA
+	{0x111C9, 0x111CC, prExtend},  // Mn   [4] SHARADA SANDHI MARK..SHARADA EXTRA SHORT VOWEL MARK
+	{0x111CD, 0x111CD, prSTerm},   // Po       SHARADA SUTRA MARK
+	{0x111CE, 0x111CE, prExtend},  // Mc       SHARADA VOWEL SIGN PRISHTHAMATRA E
+	{0x111CF, 0x111CF, prExtend},  // Mn       SHARADA SIGN INVERTED CANDRABINDU
+	{0x111D0, 0x111D9, prNumeric}, // Nd  [10] SHARADA DIGIT ZERO..SHARADA DIGIT NINE
+	{0x111DA, 0x111DA, prOLetter}, // Lo       SHARADA EKAM
+	{0x111DC, 0x111DC, prOLetter}, // Lo       SHARADA HEADSTROKE
+	{0x111DE, 0x111DF, prSTerm},   // Po   [2] SHARADA SECTION MARK-1..SHARADA SECTION MARK-2
+	{0x11200, 0x11211, prOLetter}, // Lo  [18] KHOJKI LETTER A..KHOJKI LETTER JJA
+	{0x11213, 0x1122B, prOLetter}, // Lo  [25] KHOJKI LETTER NYA..KHOJKI LETTER LLA
+	{0x1122C, 0x1122E, prExtend},  // Mc   [3] KHOJKI VOWEL SIGN AA..KHOJKI VOWEL SIGN II
+	{0x1122F, 0x11231, prExtend},  // Mn   [3] KHOJKI VOWEL SIGN U..KHOJKI VOWEL SIGN AI
+	{0x11232, 0x11233, prExtend},  // Mc   [2] KHOJKI VOWEL SIGN O..KHOJKI VOWEL SIGN AU
+	{0x11234, 0x11234, prExtend},  // Mn       KHOJKI SIGN ANUSVARA
+	{0x11235, 0x11235, prExtend},  // Mc       KHOJKI SIGN VIRAMA
+	{0x11236, 0x11237, prExtend},  // Mn   [2] KHOJKI SIGN NUKTA..KHOJKI SIGN SHADDA
+	{0x11238, 0x11239, prSTerm},   // Po   [2] KHOJKI DANDA..KHOJKI DOUBLE DANDA
+	{0x1123B, 0x1123C, prSTerm},   // Po   [2] KHOJKI SECTION MARK..KHOJKI DOUBLE SECTION MARK
+	{0x1123E, 0x1123E, prExtend},  // Mn       KHOJKI SIGN SUKUN
+	{0x11280, 0x11286, prOLetter}, // Lo   [7] MULTANI LETTER A..MULTANI LETTER GA
+	{0x11288, 0x11288, prOLetter}, // Lo       MULTANI LETTER GHA
+	{0x1128A, 0x1128D, prOLetter}, // Lo   [4] MULTANI LETTER CA..MULTANI LETTER JJA
+	{0x1128F, 0x1129D, prOLetter}, // Lo  [15] MULTANI LETTER NYA..MULTANI LETTER BA
+	{0x1129F, 0x112A8, prOLetter}, // Lo  [10] MULTANI LETTER BHA..MULTANI LETTER RHA
+	{0x112A9, 0x112A9, prSTerm},   // Po       MULTANI SECTION MARK
+	{0x112B0, 0x112DE, prOLetter}, // Lo  [47] KHUDAWADI LETTER A..KHUDAWADI LETTER HA
+	{0x112DF, 0x112DF, prExtend},  // Mn       KHUDAWADI SIGN ANUSVARA
+	{0x112E0, 0x112E2, prExtend},  // Mc   [3] KHUDAWADI VOWEL SIGN AA..KHUDAWADI VOWEL SIGN II
+	{0x112E3, 0x112EA, prExtend},  // Mn   [8] KHUDAWADI VOWEL SIGN U..KHUDAWADI SIGN VIRAMA
+	{0x112F0, 0x112F9, prNumeric}, // Nd  [10] KHUDAWADI DIGIT ZERO..KHUDAWADI DIGIT NINE
+	{0x11300, 0x11301, prExtend},  // Mn   [2] GRANTHA SIGN COMBINING ANUSVARA ABOVE..GRANTHA SIGN CANDRABINDU
+	{0x11302, 0x11303, prExtend},  // Mc   [2] GRANTHA SIGN ANUSVARA..GRANTHA SIGN VISARGA
+	{0x11305, 0x1130C, prOLetter}, // Lo   [8] GRANTHA LETTER A..GRANTHA LETTER VOCALIC L
+	{0x1130F, 0x11310, prOLetter}, // Lo   [2] GRANTHA LETTER EE..GRANTHA LETTER AI
+	{0x11313, 0x11328, prOLetter}, // Lo  [22] GRANTHA LETTER OO..GRANTHA LETTER NA
+	{0x1132A, 0x11330, prOLetter}, // Lo   [7] GRANTHA LETTER PA..GRANTHA LETTER RA
+	{0x11332, 0x11333, prOLetter}, // Lo   [2] GRANTHA LETTER LA..GRANTHA LETTER LLA
+	{0x11335, 0x11339, prOLetter}, // Lo   [5] GRANTHA LETTER VA..GRANTHA LETTER HA
+	{0x1133B, 0x1133C, prExtend},  // Mn   [2] COMBINING BINDU BELOW..GRANTHA SIGN NUKTA
+	{0x1133D, 0x1133D, prOLetter}, // Lo       GRANTHA SIGN AVAGRAHA
+	{0x1133E, 0x1133F, prExtend},  // Mc   [2] GRANTHA VOWEL SIGN AA..GRANTHA VOWEL SIGN I
+	{0x11340, 0x11340, prExtend},  // Mn       GRANTHA VOWEL SIGN II
+	{0x11341, 0x11344, prExtend},  // Mc   [4] GRANTHA VOWEL SIGN U..GRANTHA VOWEL SIGN VOCALIC RR
+	{0x11347, 0x11348, prExtend},  // Mc   [2] GRANTHA VOWEL SIGN EE..GRANTHA VOWEL SIGN AI
+	{0x1134B, 0x1134D, prExtend},  // Mc   [3] GRANTHA VOWEL SIGN OO..GRANTHA SIGN VIRAMA
+	{0x11350, 0x11350, prOLetter}, // Lo       GRANTHA OM
+	{0x11357, 0x11357, prExtend},  // Mc       GRANTHA AU LENGTH MARK
+	{0x1135D, 0x11361, prOLetter}, // Lo   [5] GRANTHA SIGN PLUTA..GRANTHA LETTER VOCALIC LL
+	{0x11362, 0x11363, prExtend},  // Mc   [2] GRANTHA VOWEL SIGN VOCALIC L..GRANTHA VOWEL SIGN VOCALIC LL
+	{0x11366, 0x1136C, prExtend},  // Mn   [7] COMBINING GRANTHA DIGIT ZERO..COMBINING GRANTHA DIGIT SIX
+	{0x11370, 0x11374, prExtend},  // Mn   [5] COMBINING GRANTHA LETTER A..COMBINING GRANTHA LETTER PA
+	{0x11400, 0x11434, prOLetter}, // Lo  [53] NEWA LETTER A..NEWA LETTER HA
+	{0x11435, 0x11437, prExtend},  // Mc   [3] NEWA VOWEL SIGN AA..NEWA VOWEL SIGN II
+	{0x11438, 0x1143F, prExtend},  // Mn   [8] NEWA VOWEL SIGN U..NEWA VOWEL SIGN AI
+	{0x11440, 0x11441, prExtend},  // Mc   [2] NEWA VOWEL SIGN O..NEWA VOWEL SIGN AU
+	{0x11442, 0x11444, prExtend},  // Mn   [3] NEWA SIGN VIRAMA..NEWA SIGN ANUSVARA
+	{0x11445, 0x11445, prExtend},  // Mc       NEWA SIGN VISARGA
+	{0x11446, 0x11446, prExtend},  // Mn       NEWA SIGN NUKTA
+	{0x11447, 0x1144A, prOLetter}, // Lo   [4] NEWA SIGN AVAGRAHA..NEWA SIDDHI
+	{0x1144B, 0x1144C, prSTerm},   // Po   [2] NEWA DANDA..NEWA DOUBLE DANDA
+	{0x11450, 0x11459, prNumeric}, // Nd  [10] NEWA DIGIT ZERO..NEWA DIGIT NINE
+	{0x1145E, 0x1145E, prExtend},  // Mn       NEWA SANDHI MARK
+	{0x1145F, 0x11461, prOLetter}, // Lo   [3] NEWA LETTER VEDIC ANUSVARA..NEWA SIGN UPADHMANIYA
+	{0x11480, 0x114AF, prOLetter}, // Lo  [48] TIRHUTA ANJI..TIRHUTA LETTER HA
+	{0x114B0, 0x114B2, prExtend},  // Mc   [3] TIRHUTA VOWEL SIGN AA..TIRHUTA VOWEL SIGN II
+	{0x114B3, 0x114B8, prExtend},  // Mn   [6] TIRHUTA VOWEL SIGN U..TIRHUTA VOWEL SIGN VOCALIC LL
+	{0x114B9, 0x114B9, prExtend},  // Mc       TIRHUTA VOWEL SIGN E
+	{0x114BA, 0x114BA, prExtend},  // Mn       TIRHUTA VOWEL SIGN SHORT E
+	{0x114BB, 0x114BE, prExtend},  // Mc   [4] TIRHUTA VOWEL SIGN AI..TIRHUTA VOWEL SIGN AU
+	{0x114BF, 0x114C0, prExtend},  // Mn   [2] TIRHUTA SIGN CANDRABINDU..TIRHUTA SIGN ANUSVARA
+	{0x114C1, 0x114C1, prExtend},  // Mc       TIRHUTA SIGN VISARGA
+	{0x114C2, 0x114C3, prExtend},  // Mn   [2] TIRHUTA SIGN VIRAMA..TIRHUTA SIGN NUKTA
+	{0x114C4, 0x114C5, prOLetter}, // Lo   [2] TIRHUTA SIGN AVAGRAHA..TIRHUTA GVANG
+	{0x114C7, 0x114C7, prOLetter}, // Lo       TIRHUTA OM
+	{0x114D0, 0x114D9, prNumeric}, // Nd  [10] TIRHUTA DIGIT ZERO..TIRHUTA DIGIT NINE
+	{0x11580, 0x115AE, prOLetter}, // Lo  [47] SIDDHAM LETTER A..SIDDHAM LETTER HA
+	{0x115AF, 0x115B1, prExtend},  // Mc   [3] SIDDHAM VOWEL SIGN AA..SIDDHAM VOWEL SIGN II
+	{0x115B2, 0x115B5, prExtend},  // Mn   [4] SIDDHAM VOWEL SIGN U..SIDDHAM VOWEL SIGN VOCALIC RR
+	{0x115B8, 0x115BB, prExtend},  // Mc   [4] SIDDHAM VOWEL SIGN E..SIDDHAM VOWEL SIGN AU
+	{0x115BC, 0x115BD, prExtend},  // Mn   [2] SIDDHAM SIGN CANDRABINDU..SIDDHAM SIGN ANUSVARA
+	{0x115BE, 0x115BE, prExtend},  // Mc       SIDDHAM SIGN VISARGA
+	{0x115BF, 0x115C0, prExtend},  // Mn   [2] SIDDHAM SIGN VIRAMA..SIDDHAM SIGN NUKTA
+	{0x115C2, 0x115C3, prSTerm},   // Po   [2] SIDDHAM DANDA..SIDDHAM DOUBLE DANDA
+	{0x115C9, 0x115D7, prSTerm},   // Po  [15] SIDDHAM END OF TEXT MARK..SIDDHAM SECTION MARK WITH CIRCLES AND FOUR ENCLOSURES
+	{0x115D8, 0x115DB, prOLetter}, // Lo   [4] SIDDHAM LETTER THREE-CIRCLE ALTERNATE I..SIDDHAM LETTER ALTERNATE U
+	{0x115DC, 0x115DD, prExtend},  // Mn   [2] SIDDHAM VOWEL SIGN ALTERNATE U..SIDDHAM VOWEL SIGN ALTERNATE UU
+	{0x11600, 0x1162F, prOLetter}, // Lo  [48] MODI LETTER A..MODI LETTER LLA
+	{0x11630, 0x11632, prExtend},  // Mc   [3] MODI VOWEL SIGN AA..MODI VOWEL SIGN II
+	{0x11633, 0x1163A, prExtend},  // Mn   [8] MODI VOWEL SIGN U..MODI VOWEL SIGN AI
+	{0x1163B, 0x1163C, prExtend},  // Mc   [2] MODI VOWEL SIGN O..MODI VOWEL SIGN AU
+	{0x1163D, 0x1163D, prExtend},  // Mn       MODI SIGN ANUSVARA
+	{0x1163E, 0x1163E, prExtend},  // Mc       MODI SIGN VISARGA
+	{0x1163F, 0x11640, prExtend},  // Mn   [2] MODI SIGN VIRAMA..MODI SIGN ARDHACANDRA
+	{0x11641, 0x11642, prSTerm},   // Po   [2] MODI DANDA..MODI DOUBLE DANDA
+	{0x11644, 0x11644, prOLetter}, // Lo       MODI SIGN HUVA
+	{0x11650, 0x11659, prNumeric}, // Nd  [10] MODI DIGIT ZERO..MODI DIGIT NINE
+	{0x11680, 0x116AA, prOLetter}, // Lo  [43] TAKRI LETTER A..TAKRI LETTER RRA
+	{0x116AB, 0x116AB, prExtend},  // Mn       TAKRI SIGN ANUSVARA
+	{0x116AC, 0x116AC, prExtend},  // Mc       TAKRI SIGN VISARGA
+	{0x116AD, 0x116AD, prExtend},  // Mn       TAKRI VOWEL SIGN AA
+	{0x116AE, 0x116AF, prExtend},  // Mc   [2] TAKRI VOWEL SIGN I..TAKRI VOWEL SIGN II
+	{0x116B0, 0x116B5, prExtend},  // Mn   [6] TAKRI VOWEL SIGN U..TAKRI VOWEL SIGN AU
+	{0x116B6, 0x116B6, prExtend},  // Mc       TAKRI SIGN VIRAMA
+	{0x116B7, 0x116B7, prExtend},  // Mn       TAKRI SIGN NUKTA
+	{0x116B8, 0x116B8, prOLetter}, // Lo       TAKRI LETTER ARCHAIC KHA
+	{0x116C0, 0x116C9, prNumeric}, // Nd  [10] TAKRI DIGIT ZERO..TAKRI DIGIT NINE
+	{0x11700, 0x1171A, prOLetter}, // Lo  [27] AHOM LETTER KA..AHOM LETTER ALTERNATE BA
+	{0x1171D, 0x1171F, prExtend},  // Mn   [3] AHOM CONSONANT SIGN MEDIAL LA..AHOM CONSONANT SIGN MEDIAL LIGATING RA
+	{0x11720, 0x11721, prExtend},  // Mc   [2] AHOM VOWEL SIGN A..AHOM VOWEL SIGN AA
+	{0x11722, 0x11725, prExtend},  // Mn   [4] AHOM VOWEL SIGN I..AHOM VOWEL SIGN UU
+	{0x11726, 0x11726, prExtend},  // Mc       AHOM VOWEL SIGN E
+	{0x11727, 0x1172B, prExtend},  // Mn   [5] AHOM VOWEL SIGN AW..AHOM SIGN KILLER
+	{0x11730, 0x11739, prNumeric}, // Nd  [10] AHOM DIGIT ZERO..AHOM DIGIT NINE
+	{0x1173C, 0x1173E, prSTerm},   // Po   [3] AHOM SIGN SMALL SECTION..AHOM SIGN RULAI
+	{0x11740, 0x11746, prOLetter}, // Lo   [7] AHOM LETTER CA..AHOM LETTER LLA
+	{0x11800, 0x1182B, prOLetter}, // Lo  [44] DOGRA LETTER A..DOGRA LETTER RRA
+	{0x1182C, 0x1182E, prExtend},  // Mc   [3] DOGRA VOWEL SIGN AA..DOGRA VOWEL SIGN II
+	{0x1182F, 0x11837, prExtend},  // Mn   [9] DOGRA VOWEL SIGN U..DOGRA SIGN ANUSVARA
+	{0x11838, 0x11838, prExtend},  // Mc       DOGRA SIGN VISARGA
+	{0x11839, 0x1183A, prExtend},  // Mn   [2] DOGRA SIGN VIRAMA..DOGRA SIGN NUKTA
+	{0x118A0, 0x118BF, prUpper},   // L&  [32] WARANG CITI CAPITAL LETTER NGAA..WARANG CITI CAPITAL LETTER VIYO
+	{0x118C0, 0x118DF, prLower},   // L&  [32] WARANG CITI SMALL LETTER NGAA..WARANG CITI SMALL LETTER VIYO
+	{0x118E0, 0x118E9, prNumeric}, // Nd  [10] WARANG CITI DIGIT ZERO..WARANG CITI DIGIT NINE
+	{0x118FF, 0x11906, prOLetter}, // Lo   [8] WARANG CITI OM..DIVES AKURU LETTER E
+	{0x11909, 0x11909, prOLetter}, // Lo       DIVES AKURU LETTER O
+	{0x1190C, 0x11913, prOLetter}, // Lo   [8] DIVES AKURU LETTER KA..DIVES AKURU LETTER JA
+	{0x11915, 0x11916, prOLetter}, // Lo   [2] DIVES AKURU LETTER NYA..DIVES AKURU LETTER TTA
+	{0x11918, 0x1192F, prOLetter}, // Lo  [24] DIVES AKURU LETTER DDA..DIVES AKURU LETTER ZA
+	{0x11930, 0x11935, prExtend},  // Mc   [6] DIVES AKURU VOWEL SIGN AA..DIVES AKURU VOWEL SIGN E
+	{0x11937, 0x11938, prExtend},  // Mc   [2] DIVES AKURU VOWEL SIGN AI..DIVES AKURU VOWEL SIGN O
+	{0x1193B, 0x1193C, prExtend},  // Mn   [2] DIVES AKURU SIGN ANUSVARA..DIVES AKURU SIGN CANDRABINDU
+	{0x1193D, 0x1193D, prExtend},  // Mc       DIVES AKURU SIGN HALANTA
+	{0x1193E, 0x1193E, prExtend},  // Mn       DIVES AKURU VIRAMA
+	{0x1193F, 0x1193F, prOLetter}, // Lo       DIVES AKURU PREFIXED NASAL SIGN
+	{0x11940, 0x11940, prExtend},  // Mc       DIVES AKURU MEDIAL YA
+	{0x11941, 0x11941, prOLetter}, // Lo       DIVES AKURU INITIAL RA
+	{0x11942, 0x11942, prExtend},  // Mc       DIVES AKURU MEDIAL RA
+	{0x11943, 0x11943, prExtend},  // Mn       DIVES AKURU SIGN NUKTA
+	{0x11944, 0x11944, prSTerm},   // Po       DIVES AKURU DOUBLE DANDA
+	{0x11946, 0x11946, prSTerm},   // Po       DIVES AKURU END OF TEXT MARK
+	{0x11950, 0x11959, prNumeric}, // Nd  [10] DIVES AKURU DIGIT ZERO..DIVES AKURU DIGIT NINE
+	{0x119A0, 0x119A7, prOLetter}, // Lo   [8] NANDINAGARI LETTER A..NANDINAGARI LETTER VOCALIC RR
+	{0x119AA, 0x119D0, prOLetter}, // Lo  [39] NANDINAGARI LETTER E..NANDINAGARI LETTER RRA
+	{0x119D1, 0x119D3, prExtend},  // Mc   [3] NANDINAGARI VOWEL SIGN AA..NANDINAGARI VOWEL SIGN II
+	{0x119D4, 0x119D7, prExtend},  // Mn   [4] NANDINAGARI VOWEL SIGN U..NANDINAGARI VOWEL SIGN VOCALIC RR
+	{0x119DA, 0x119DB, prExtend},  // Mn   [2] NANDINAGARI VOWEL SIGN E..NANDINAGARI VOWEL SIGN AI
+	{0x119DC, 0x119DF, prExtend},  // Mc   [4] NANDINAGARI VOWEL SIGN O..NANDINAGARI SIGN VISARGA
+	{0x119E0, 0x119E0, prExtend},  // Mn       NANDINAGARI SIGN VIRAMA
+	{0x119E1, 0x119E1, prOLetter}, // Lo       NANDINAGARI SIGN AVAGRAHA
+	{0x119E3, 0x119E3, prOLetter}, // Lo       NANDINAGARI HEADSTROKE
+	{0x119E4, 0x119E4, prExtend},  // Mc       NANDINAGARI VOWEL SIGN PRISHTHAMATRA E
+	{0x11A00, 0x11A00, prOLetter}, // Lo       ZANABAZAR SQUARE LETTER A
+	{0x11A01, 0x11A0A, prExtend},  // Mn  [10] ZANABAZAR SQUARE VOWEL SIGN I..ZANABAZAR SQUARE VOWEL LENGTH MARK
+	{0x11A0B, 0x11A32, prOLetter}, // Lo  [40] ZANABAZAR SQUARE LETTER KA..ZANABAZAR SQUARE LETTER KSSA
+	{0x11A33, 0x11A38, prExtend},  // Mn   [6] ZANABAZAR SQUARE FINAL CONSONANT MARK..ZANABAZAR SQUARE SIGN ANUSVARA
+	{0x11A39, 0x11A39, prExtend},  // Mc       ZANABAZAR SQUARE SIGN VISARGA
+	{0x11A3A, 0x11A3A, prOLetter}, // Lo       ZANABAZAR SQUARE CLUSTER-INITIAL LETTER RA
+	{0x11A3B, 0x11A3E, prExtend},  // Mn   [4] ZANABAZAR SQUARE CLUSTER-FINAL LETTER YA..ZANABAZAR SQUARE CLUSTER-FINAL LETTER VA
+	{0x11A42, 0x11A43, prSTerm},   // Po   [2] ZANABAZAR SQUARE MARK SHAD..ZANABAZAR SQUARE MARK DOUBLE SHAD
+	{0x11A47, 0x11A47, prExtend},  // Mn       ZANABAZAR SQUARE SUBJOINER
+	{0x11A50, 0x11A50, prOLetter}, // Lo       SOYOMBO LETTER A
+	{0x11A51, 0x11A56, prExtend},  // Mn   [6] SOYOMBO VOWEL SIGN I..SOYOMBO VOWEL SIGN OE
+	{0x11A57, 0x11A58, prExtend},  // Mc   [2] SOYOMBO VOWEL SIGN AI..SOYOMBO VOWEL SIGN AU
+	{0x11A59, 0x11A5B, prExtend},  // Mn   [3] SOYOMBO VOWEL SIGN VOCALIC R..SOYOMBO VOWEL LENGTH MARK
+	{0x11A5C, 0x11A89, prOLetter}, // Lo  [46] SOYOMBO LETTER KA..SOYOMBO CLUSTER-INITIAL LETTER SA
+	{0x11A8A, 0x11A96, prExtend},  // Mn  [13] SOYOMBO FINAL CONSONANT SIGN G..SOYOMBO SIGN ANUSVARA
+	{0x11A97, 0x11A97, prExtend},  // Mc       SOYOMBO SIGN VISARGA
+	{0x11A98, 0x11A99, prExtend},  // Mn   [2] SOYOMBO GEMINATION MARK..SOYOMBO SUBJOINER
+	{0x11A9B, 0x11A9C, prSTerm},   // Po   [2] SOYOMBO MARK SHAD..SOYOMBO MARK DOUBLE SHAD
+	{0x11A9D, 0x11A9D, prOLetter}, // Lo       SOYOMBO MARK PLUTA
+	{0x11AB0, 0x11AF8, prOLetter}, // Lo  [73] CANADIAN SYLLABICS NATTILIK HI..PAU CIN HAU GLOTTAL STOP FINAL
+	{0x11C00, 0x11C08, prOLetter}, // Lo   [9] BHAIKSUKI LETTER A..BHAIKSUKI LETTER VOCALIC L
+	{0x11C0A, 0x11C2E, prOLetter}, // Lo  [37] BHAIKSUKI LETTER E..BHAIKSUKI LETTER HA
+	{0x11C2F, 0x11C2F, prExtend},  // Mc       BHAIKSUKI VOWEL SIGN AA
+	{0x11C30, 0x11C36, prExtend},  // Mn   [7] BHAIKSUKI VOWEL SIGN I..BHAIKSUKI VOWEL SIGN VOCALIC L
+	{0x11C38, 0x11C3D, prExtend},  // Mn   [6] BHAIKSUKI VOWEL SIGN E..BHAIKSUKI SIGN ANUSVARA
+	{0x11C3E, 0x11C3E, prExtend},  // Mc       BHAIKSUKI SIGN VISARGA
+	{0x11C3F, 0x11C3F, prExtend},  // Mn       BHAIKSUKI SIGN VIRAMA
+	{0x11C40, 0x11C40, prOLetter}, // Lo       BHAIKSUKI SIGN AVAGRAHA
+	{0x11C41, 0x11C42, prSTerm},   // Po   [2] BHAIKSUKI DANDA..BHAIKSUKI DOUBLE DANDA
+	{0x11C50, 0x11C59, prNumeric}, // Nd  [10] BHAIKSUKI DIGIT ZERO..BHAIKSUKI DIGIT NINE
+	{0x11C72, 0x11C8F, prOLetter}, // Lo  [30] MARCHEN LETTER KA..MARCHEN LETTER A
+	{0x11C92, 0x11CA7, prExtend},  // Mn  [22] MARCHEN SUBJOINED LETTER KA..MARCHEN SUBJOINED LETTER ZA
+	{0x11CA9, 0x11CA9, prExtend},  // Mc       MARCHEN SUBJOINED LETTER YA
+	{0x11CAA, 0x11CB0, prExtend},  // Mn   [7] MARCHEN SUBJOINED LETTER RA..MARCHEN VOWEL SIGN AA
+	{0x11CB1, 0x11CB1, prExtend},  // Mc       MARCHEN VOWEL SIGN I
+	{0x11CB2, 0x11CB3, prExtend},  // Mn   [2] MARCHEN VOWEL SIGN U..MARCHEN VOWEL SIGN E
+	{0x11CB4, 0x11CB4, prExtend},  // Mc       MARCHEN VOWEL SIGN O
+	{0x11CB5, 0x11CB6, prExtend},  // Mn   [2] MARCHEN SIGN ANUSVARA..MARCHEN SIGN CANDRABINDU
+	{0x11D00, 0x11D06, prOLetter}, // Lo   [7] MASARAM GONDI LETTER A..MASARAM GONDI LETTER E
+	{0x11D08, 0x11D09, prOLetter}, // Lo   [2] MASARAM GONDI LETTER AI..MASARAM GONDI LETTER O
+	{0x11D0B, 0x11D30, prOLetter}, // Lo  [38] MASARAM GONDI LETTER AU..MASARAM GONDI LETTER TRA
+	{0x11D31, 0x11D36, prExtend},  // Mn   [6] MASARAM GONDI VOWEL SIGN AA..MASARAM GONDI VOWEL SIGN VOCALIC R
+	{0x11D3A, 0x11D3A, prExtend},  // Mn       MASARAM GONDI VOWEL SIGN E
+	{0x11D3C, 0x11D3D, prExtend},  // Mn   [2] MASARAM GONDI VOWEL SIGN AI..MASARAM GONDI VOWEL SIGN O
+	{0x11D3F, 0x11D45, prExtend},  // Mn   [7] MASARAM GONDI VOWEL SIGN AU..MASARAM GONDI VIRAMA
+	{0x11D46, 0x11D46, prOLetter}, // Lo       MASARAM GONDI REPHA
+	{0x11D47, 0x11D47, prExtend},  // Mn       MASARAM GONDI RA-KARA
+	{0x11D50, 0x11D59, prNumeric}, // Nd  [10] MASARAM GONDI DIGIT ZERO..MASARAM GONDI DIGIT NINE
+	{0x11D60, 0x11D65, prOLetter}, // Lo   [6] GUNJALA GONDI LETTER A..GUNJALA GONDI LETTER UU
+	{0x11D67, 0x11D68, prOLetter}, // Lo   [2] GUNJALA GONDI LETTER EE..GUNJALA GONDI LETTER AI
+	{0x11D6A, 0x11D89, prOLetter}, // Lo  [32] GUNJALA GONDI LETTER OO..GUNJALA GONDI LETTER SA
+	{0x11D8A, 0x11D8E, prExtend},  // Mc   [5] GUNJALA GONDI VOWEL SIGN AA..GUNJALA GONDI VOWEL SIGN UU
+	{0x11D90, 0x11D91, prExtend},  // Mn   [2] GUNJALA GONDI VOWEL SIGN EE..GUNJALA GONDI VOWEL SIGN AI
+	{0x11D93, 0x11D94, prExtend},  // Mc   [2] GUNJALA GONDI VOWEL SIGN OO..GUNJALA GONDI VOWEL SIGN AU
+	{0x11D95, 0x11D95, prExtend},  // Mn       GUNJALA GONDI SIGN ANUSVARA
+	{0x11D96, 0x11D96, prExtend},  // Mc       GUNJALA GONDI SIGN VISARGA
+	{0x11D97, 0x11D97, prExtend},  // Mn       GUNJALA GONDI VIRAMA
+	{0x11D98, 0x11D98, prOLetter}, // Lo       GUNJALA GONDI OM
+	{0x11DA0, 0x11DA9, prNumeric}, // Nd  [10] GUNJALA GONDI DIGIT ZERO..GUNJALA GONDI DIGIT NINE
+	{0x11EE0, 0x11EF2, prOLetter}, // Lo  [19] MAKASAR LETTER KA..MAKASAR ANGKA
+	{0x11EF3, 0x11EF4, prExtend},  // Mn   [2] MAKASAR VOWEL SIGN I..MAKASAR VOWEL SIGN U
+	{0x11EF5, 0x11EF6, prExtend},  // Mc   [2] MAKASAR VOWEL SIGN E..MAKASAR VOWEL SIGN O
+	{0x11EF7, 0x11EF8, prSTerm},   // Po   [2] MAKASAR PASSIMBANG..MAKASAR END OF SECTION
+	{0x11FB0, 0x11FB0, prOLetter}, // Lo       LISU LETTER YHA
+	{0x12000, 0x12399, prOLetter}, // Lo [922] CUNEIFORM SIGN A..CUNEIFORM SIGN U U
+	{0x12400, 0x1246E, prOLetter}, // Nl [111] CUNEIFORM NUMERIC SIGN TWO ASH..CUNEIFORM NUMERIC SIGN NINE U VARIANT FORM
+	{0x12480, 0x12543, prOLetter}, // Lo [196] CUNEIFORM SIGN AB TIMES NUN TENU..CUNEIFORM SIGN ZU5 TIMES THREE DISH TENU
+	{0x12F90, 0x12FF0, prOLetter}, // Lo  [97] CYPRO-MINOAN SIGN CM001..CYPRO-MINOAN SIGN CM114
+	{0x13000, 0x1342E, prOLetter}, // Lo [1071] EGYPTIAN HIEROGLYPH A001..EGYPTIAN HIEROGLYPH AA032
+	{0x13430, 0x13438, prFormat},  // Cf   [9] EGYPTIAN HIEROGLYPH VERTICAL JOINER..EGYPTIAN HIEROGLYPH END SEGMENT
+	{0x14400, 0x14646, prOLetter}, // Lo [583] ANATOLIAN HIEROGLYPH A001..ANATOLIAN HIEROGLYPH A530
+	{0x16800, 0x16A38, prOLetter}, // Lo [569] BAMUM LETTER PHASE-A NGKUE MFON..BAMUM LETTER PHASE-F VUEQ
+	{0x16A40, 0x16A5E, prOLetter}, // Lo  [31] MRO LETTER TA..MRO LETTER TEK
+	{0x16A60, 0x16A69, prNumeric}, // Nd  [10] MRO DIGIT ZERO..MRO DIGIT NINE
+	{0x16A6E, 0x16A6F, prSTerm},   // Po   [2] MRO DANDA..MRO DOUBLE DANDA
+	{0x16A70, 0x16ABE, prOLetter}, // Lo  [79] TANGSA LETTER OZ..TANGSA LETTER ZA
+	{0x16AC0, 0x16AC9, prNumeric}, // Nd  [10] TANGSA DIGIT ZERO..TANGSA DIGIT NINE
+	{0x16AD0, 0x16AED, prOLetter}, // Lo  [30] BASSA VAH LETTER ENNI..BASSA VAH LETTER I
+	{0x16AF0, 0x16AF4, prExtend},  // Mn   [5] BASSA VAH COMBINING HIGH TONE..BASSA VAH COMBINING HIGH-LOW TONE
+	{0x16AF5, 0x16AF5, prSTerm},   // Po       BASSA VAH FULL STOP
+	{0x16B00, 0x16B2F, prOLetter}, // Lo  [48] PAHAWH HMONG VOWEL KEEB..PAHAWH HMONG CONSONANT CAU
+	{0x16B30, 0x16B36, prExtend},  // Mn   [7] PAHAWH HMONG MARK CIM TUB..PAHAWH HMONG MARK CIM TAUM
+	{0x16B37, 0x16B38, prSTerm},   // Po   [2] PAHAWH HMONG SIGN VOS THOM..PAHAWH HMONG SIGN VOS TSHAB CEEB
+	{0x16B40, 0x16B43, prOLetter}, // Lm   [4] PAHAWH HMONG SIGN VOS SEEV..PAHAWH HMONG SIGN IB YAM
+	{0x16B44, 0x16B44, prSTerm},   // Po       PAHAWH HMONG SIGN XAUS
+	{0x16B50, 0x16B59, prNumeric}, // Nd  [10] PAHAWH HMONG DIGIT ZERO..PAHAWH HMONG DIGIT NINE
+	{0x16B63, 0x16B77, prOLetter}, // Lo  [21] PAHAWH HMONG SIGN VOS LUB..PAHAWH HMONG SIGN CIM NRES TOS
+	{0x16B7D, 0x16B8F, prOLetter}, // Lo  [19] PAHAWH HMONG CLAN SIGN TSHEEJ..PAHAWH HMONG CLAN SIGN VWJ
+	{0x16E40, 0x16E5F, prUpper},   // L&  [32] MEDEFAIDRIN CAPITAL LETTER M..MEDEFAIDRIN CAPITAL LETTER Y
+	{0x16E60, 0x16E7F, prLower},   // L&  [32] MEDEFAIDRIN SMALL LETTER M..MEDEFAIDRIN SMALL LETTER Y
+	{0x16E98, 0x16E98, prSTerm},   // Po       MEDEFAIDRIN FULL STOP
+	{0x16F00, 0x16F4A, prOLetter}, // Lo  [75] MIAO LETTER PA..MIAO LETTER RTE
+	{0x16F4F, 0x16F4F, prExtend},  // Mn       MIAO SIGN CONSONANT MODIFIER BAR
+	{0x16F50, 0x16F50, prOLetter}, // Lo       MIAO LETTER NASALIZATION
+	{0x16F51, 0x16F87, prExtend},  // Mc  [55] MIAO SIGN ASPIRATION..MIAO VOWEL SIGN UI
+	{0x16F8F, 0x16F92, prExtend},  // Mn   [4] MIAO TONE RIGHT..MIAO TONE BELOW
+	{0x16F93, 0x16F9F, prOLetter}, // Lm  [13] MIAO LETTER TONE-2..MIAO LETTER REFORMED TONE-8
+	{0x16FE0, 0x16FE1, prOLetter}, // Lm   [2] TANGUT ITERATION MARK..NUSHU ITERATION MARK
+	{0x16FE3, 0x16FE3, prOLetter}, // Lm       OLD CHINESE ITERATION MARK
+	{0x16FE4, 0x16FE4, prExtend},  // Mn       KHITAN SMALL SCRIPT FILLER
+	{0x16FF0, 0x16FF1, prExtend},  // Mc   [2] VIETNAMESE ALTERNATE READING MARK CA..VIETNAMESE ALTERNATE READING MARK NHAY
+	{0x17000, 0x187F7, prOLetter}, // Lo [6136] TANGUT IDEOGRAPH-17000..TANGUT IDEOGRAPH-187F7
+	{0x18800, 0x18CD5, prOLetter}, // Lo [1238] TANGUT COMPONENT-001..KHITAN SMALL SCRIPT CHARACTER-18CD5
+	{0x18D00, 0x18D08, prOLetter}, // Lo   [9] TANGUT IDEOGRAPH-18D00..TANGUT IDEOGRAPH-18D08
+	{0x1AFF0, 0x1AFF3, prOLetter}, // Lm   [4] KATAKANA LETTER MINNAN TONE-2..KATAKANA LETTER MINNAN TONE-5
+	{0x1AFF5, 0x1AFFB, prOLetter}, // Lm   [7] KATAKANA LETTER MINNAN TONE-7..KATAKANA LETTER MINNAN NASALIZED TONE-5
+	{0x1AFFD, 0x1AFFE, prOLetter}, // Lm   [2] KATAKANA LETTER MINNAN NASALIZED TONE-7..KATAKANA LETTER MINNAN NASALIZED TONE-8
+	{0x1B000, 0x1B122, prOLetter}, // Lo [291] KATAKANA LETTER ARCHAIC E..KATAKANA LETTER ARCHAIC WU
+	{0x1B150, 0x1B152, prOLetter}, // Lo   [3] HIRAGANA LETTER SMALL WI..HIRAGANA LETTER SMALL WO
+	{0x1B164, 0x1B167, prOLetter}, // Lo   [4] KATAKANA LETTER SMALL WI..KATAKANA LETTER SMALL N
+	{0x1B170, 0x1B2FB, prOLetter}, // Lo [396] NUSHU CHARACTER-1B170..NUSHU CHARACTER-1B2FB
+	{0x1BC00, 0x1BC6A, prOLetter}, // Lo [107] DUPLOYAN LETTER H..DUPLOYAN LETTER VOCALIC M
+	{0x1BC70, 0x1BC7C, prOLetter}, // Lo  [13] DUPLOYAN AFFIX LEFT HORIZONTAL SECANT..DUPLOYAN AFFIX ATTACHED TANGENT HOOK
+	{0x1BC80, 0x1BC88, prOLetter}, // Lo   [9] DUPLOYAN AFFIX HIGH ACUTE..DUPLOYAN AFFIX HIGH VERTICAL
+	{0x1BC90, 0x1BC99, prOLetter}, // Lo  [10] DUPLOYAN AFFIX LOW ACUTE..DUPLOYAN AFFIX LOW ARROW
+	{0x1BC9D, 0x1BC9E, prExtend},  // Mn   [2] DUPLOYAN THICK LETTER SELECTOR..DUPLOYAN DOUBLE MARK
+	{0x1BC9F, 0x1BC9F, prSTerm},   // Po       DUPLOYAN PUNCTUATION CHINOOK FULL STOP
+	{0x1BCA0, 0x1BCA3, prFormat},  // Cf   [4] SHORTHAND FORMAT LETTER OVERLAP..SHORTHAND FORMAT UP STEP
+	{0x1CF00, 0x1CF2D, prExtend},  // Mn  [46] ZNAMENNY COMBINING MARK GORAZDO NIZKO S KRYZHEM ON LEFT..ZNAMENNY COMBINING MARK KRYZH ON LEFT
+	{0x1CF30, 0x1CF46, prExtend},  // Mn  [23] ZNAMENNY COMBINING TONAL RANGE MARK MRACHNO..ZNAMENNY PRIZNAK MODIFIER ROG
+	{0x1D165, 0x1D166, prExtend},  // Mc   [2] MUSICAL SYMBOL COMBINING STEM..MUSICAL SYMBOL COMBINING SPRECHGESANG STEM
+	{0x1D167, 0x1D169, prExtend},  // Mn   [3] MUSICAL SYMBOL COMBINING TREMOLO-1..MUSICAL SYMBOL COMBINING TREMOLO-3
+	{0x1D16D, 0x1D172, prExtend},  // Mc   [6] MUSICAL SYMBOL COMBINING AUGMENTATION DOT..MUSICAL SYMBOL COMBINING FLAG-5
+	{0x1D173, 0x1D17A, prFormat},  // Cf   [8] MUSICAL SYMBOL BEGIN BEAM..MUSICAL SYMBOL END PHRASE
+	{0x1D17B, 0x1D182, prExtend},  // Mn   [8] MUSICAL SYMBOL COMBINING ACCENT..MUSICAL SYMBOL COMBINING LOURE
+	{0x1D185, 0x1D18B, prExtend},  // Mn   [7] MUSICAL SYMBOL COMBINING DOIT..MUSICAL SYMBOL COMBINING TRIPLE TONGUE
+	{0x1D1AA, 0x1D1AD, prExtend},  // Mn   [4] MUSICAL SYMBOL COMBINING DOWN BOW..MUSICAL SYMBOL COMBINING SNAP PIZZICATO
+	{0x1D242, 0x1D244, prExtend},  // Mn   [3] COMBINING GREEK MUSICAL TRISEME..COMBINING GREEK MUSICAL PENTASEME
+	{0x1D400, 0x1D419, prUpper},   // L&  [26] MATHEMATICAL BOLD CAPITAL A..MATHEMATICAL BOLD CAPITAL Z
+	{0x1D41A, 0x1D433, prLower},   // L&  [26] MATHEMATICAL BOLD SMALL A..MATHEMATICAL BOLD SMALL Z
+	{0x1D434, 0x1D44D, prUpper},   // L&  [26] MATHEMATICAL ITALIC CAPITAL A..MATHEMATICAL ITALIC CAPITAL Z
+	{0x1D44E, 0x1D454, prLower},   // L&   [7] MATHEMATICAL ITALIC SMALL A..MATHEMATICAL ITALIC SMALL G
+	{0x1D456, 0x1D467, prLower},   // L&  [18] MATHEMATICAL ITALIC SMALL I..MATHEMATICAL ITALIC SMALL Z
+	{0x1D468, 0x1D481, prUpper},   // L&  [26] MATHEMATICAL BOLD ITALIC CAPITAL A..MATHEMATICAL BOLD ITALIC CAPITAL Z
+	{0x1D482, 0x1D49B, prLower},   // L&  [26] MATHEMATICAL BOLD ITALIC SMALL A..MATHEMATICAL BOLD ITALIC SMALL Z
+	{0x1D49C, 0x1D49C, prUpper},   // L&       MATHEMATICAL SCRIPT CAPITAL A
+	{0x1D49E, 0x1D49F, prUpper},   // L&   [2] MATHEMATICAL SCRIPT CAPITAL C..MATHEMATICAL SCRIPT CAPITAL D
+	{0x1D4A2, 0x1D4A2, prUpper},   // L&       MATHEMATICAL SCRIPT CAPITAL G
+	{0x1D4A5, 0x1D4A6, prUpper},   // L&   [2] MATHEMATICAL SCRIPT CAPITAL J..MATHEMATICAL SCRIPT CAPITAL K
+	{0x1D4A9, 0x1D4AC, prUpper},   // L&   [4] MATHEMATICAL SCRIPT CAPITAL N..MATHEMATICAL SCRIPT CAPITAL Q
+	{0x1D4AE, 0x1D4B5, prUpper},   // L&   [8] MATHEMATICAL SCRIPT CAPITAL S..MATHEMATICAL SCRIPT CAPITAL Z
+	{0x1D4B6, 0x1D4B9, prLower},   // L&   [4] MATHEMATICAL SCRIPT SMALL A..MATHEMATICAL SCRIPT SMALL D
+	{0x1D4BB, 0x1D4BB, prLower},   // L&       MATHEMATICAL SCRIPT SMALL F
+	{0x1D4BD, 0x1D4C3, prLower},   // L&   [7] MATHEMATICAL SCRIPT SMALL H..MATHEMATICAL SCRIPT SMALL N
+	{0x1D4C5, 0x1D4CF, prLower},   // L&  [11] MATHEMATICAL SCRIPT SMALL P..MATHEMATICAL SCRIPT SMALL Z
+	{0x1D4D0, 0x1D4E9, prUpper},   // L&  [26] MATHEMATICAL BOLD SCRIPT CAPITAL A..MATHEMATICAL BOLD SCRIPT CAPITAL Z
+	{0x1D4EA, 0x1D503, prLower},   // L&  [26] MATHEMATICAL BOLD SCRIPT SMALL A..MATHEMATICAL BOLD SCRIPT SMALL Z
+	{0x1D504, 0x1D505, prUpper},   // L&   [2] MATHEMATICAL FRAKTUR CAPITAL A..MATHEMATICAL FRAKTUR CAPITAL B
+	{0x1D507, 0x1D50A, prUpper},   // L&   [4] MATHEMATICAL FRAKTUR CAPITAL D..MATHEMATICAL FRAKTUR CAPITAL G
+	{0x1D50D, 0x1D514, prUpper},   // L&   [8] MATHEMATICAL FRAKTUR CAPITAL J..MATHEMATICAL FRAKTUR CAPITAL Q
+	{0x1D516, 0x1D51C, prUpper},   // L&   [7] MATHEMATICAL FRAKTUR CAPITAL S..MATHEMATICAL FRAKTUR CAPITAL Y
+	{0x1D51E, 0x1D537, prLower},   // L&  [26] MATHEMATICAL FRAKTUR SMALL A..MATHEMATICAL FRAKTUR SMALL Z
+	{0x1D538, 0x1D539, prUpper},   // L&   [2] MATHEMATICAL DOUBLE-STRUCK CAPITAL A..MATHEMATICAL DOUBLE-STRUCK CAPITAL B
+	{0x1D53B, 0x1D53E, prUpper},   // L&   [4] MATHEMATICAL DOUBLE-STRUCK CAPITAL D..MATHEMATICAL DOUBLE-STRUCK CAPITAL G
+	{0x1D540, 0x1D544, prUpper},   // L&   [5] MATHEMATICAL DOUBLE-STRUCK CAPITAL I..MATHEMATICAL DOUBLE-STRUCK CAPITAL M
+	{0x1D546, 0x1D546, prUpper},   // L&       MATHEMATICAL DOUBLE-STRUCK CAPITAL O
+	{0x1D54A, 0x1D550, prUpper},   // L&   [7] MATHEMATICAL DOUBLE-STRUCK CAPITAL S..MATHEMATICAL DOUBLE-STRUCK CAPITAL Y
+	{0x1D552, 0x1D56B, prLower},   // L&  [26] MATHEMATICAL DOUBLE-STRUCK SMALL A..MATHEMATICAL DOUBLE-STRUCK SMALL Z
+	{0x1D56C, 0x1D585, prUpper},   // L&  [26] MATHEMATICAL BOLD FRAKTUR CAPITAL A..MATHEMATICAL BOLD FRAKTUR CAPITAL Z
+	{0x1D586, 0x1D59F, prLower},   // L&  [26] MATHEMATICAL BOLD FRAKTUR SMALL A..MATHEMATICAL BOLD FRAKTUR SMALL Z
+	{0x1D5A0, 0x1D5B9, prUpper},   // L&  [26] MATHEMATICAL SANS-SERIF CAPITAL A..MATHEMATICAL SANS-SERIF CAPITAL Z
+	{0x1D5BA, 0x1D5D3, prLower},   // L&  [26] MATHEMATICAL SANS-SERIF SMALL A..MATHEMATICAL SANS-SERIF SMALL Z
+	{0x1D5D4, 0x1D5ED, prUpper},   // L&  [26] MATHEMATICAL SANS-SERIF BOLD CAPITAL A..MATHEMATICAL SANS-SERIF BOLD CAPITAL Z
+	{0x1D5EE, 0x1D607, prLower},   // L&  [26] MATHEMATICAL SANS-SERIF BOLD SMALL A..MATHEMATICAL SANS-SERIF BOLD SMALL Z
+	{0x1D608, 0x1D621, prUpper},   // L&  [26] MATHEMATICAL SANS-SERIF ITALIC CAPITAL A..MATHEMATICAL SANS-SERIF ITALIC CAPITAL Z
+	{0x1D622, 0x1D63B, prLower},   // L&  [26] MATHEMATICAL SANS-SERIF ITALIC SMALL A..MATHEMATICAL SANS-SERIF ITALIC SMALL Z
+	{0x1D63C, 0x1D655, prUpper},   // L&  [26] MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL A..MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL Z
+	{0x1D656, 0x1D66F, prLower},   // L&  [26] MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL A..MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL Z
+	{0x1D670, 0x1D689, prUpper},   // L&  [26] MATHEMATICAL MONOSPACE CAPITAL A..MATHEMATICAL MONOSPACE CAPITAL Z
+	{0x1D68A, 0x1D6A5, prLower},   // L&  [28] MATHEMATICAL MONOSPACE SMALL A..MATHEMATICAL ITALIC SMALL DOTLESS J
+	{0x1D6A8, 0x1D6C0, prUpper},   // L&  [25] MATHEMATICAL BOLD CAPITAL ALPHA..MATHEMATICAL BOLD CAPITAL OMEGA
+	{0x1D6C2, 0x1D6DA, prLower},   // L&  [25] MATHEMATICAL BOLD SMALL ALPHA..MATHEMATICAL BOLD SMALL OMEGA
+	{0x1D6DC, 0x1D6E1, prLower},   // L&   [6] MATHEMATICAL BOLD EPSILON SYMBOL..MATHEMATICAL BOLD PI SYMBOL
+	{0x1D6E2, 0x1D6FA, prUpper},   // L&  [25] MATHEMATICAL ITALIC CAPITAL ALPHA..MATHEMATICAL ITALIC CAPITAL OMEGA
+	{0x1D6FC, 0x1D714, prLower},   // L&  [25] MATHEMATICAL ITALIC SMALL ALPHA..MATHEMATICAL ITALIC SMALL OMEGA
+	{0x1D716, 0x1D71B, prLower},   // L&   [6] MATHEMATICAL ITALIC EPSILON SYMBOL..MATHEMATICAL ITALIC PI SYMBOL
+	{0x1D71C, 0x1D734, prUpper},   // L&  [25] MATHEMATICAL BOLD ITALIC CAPITAL ALPHA..MATHEMATICAL BOLD ITALIC CAPITAL OMEGA
+	{0x1D736, 0x1D74E, prLower},   // L&  [25] MATHEMATICAL BOLD ITALIC SMALL ALPHA..MATHEMATICAL BOLD ITALIC SMALL OMEGA
+	{0x1D750, 0x1D755, prLower},   // L&   [6] MATHEMATICAL BOLD ITALIC EPSILON SYMBOL..MATHEMATICAL BOLD ITALIC PI SYMBOL
+	{0x1D756, 0x1D76E, prUpper},   // L&  [25] MATHEMATICAL SANS-SERIF BOLD CAPITAL ALPHA..MATHEMATICAL SANS-SERIF BOLD CAPITAL OMEGA
+	{0x1D770, 0x1D788, prLower},   // L&  [25] MATHEMATICAL SANS-SERIF BOLD SMALL ALPHA..MATHEMATICAL SANS-SERIF BOLD SMALL OMEGA
+	{0x1D78A, 0x1D78F, prLower},   // L&   [6] MATHEMATICAL SANS-SERIF BOLD EPSILON SYMBOL..MATHEMATICAL SANS-SERIF BOLD PI SYMBOL
+	{0x1D790, 0x1D7A8, prUpper},   // L&  [25] MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL ALPHA..MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL OMEGA
+	{0x1D7AA, 0x1D7C2, prLower},   // L&  [25] MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL ALPHA..MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL OMEGA
+	{0x1D7C4, 0x1D7C9, prLower},   // L&   [6] MATHEMATICAL SANS-SERIF BOLD ITALIC EPSILON SYMBOL..MATHEMATICAL SANS-SERIF BOLD ITALIC PI SYMBOL
+	{0x1D7CA, 0x1D7CA, prUpper},   // L&       MATHEMATICAL BOLD CAPITAL DIGAMMA
+	{0x1D7CB, 0x1D7CB, prLower},   // L&       MATHEMATICAL BOLD SMALL DIGAMMA
+	{0x1D7CE, 0x1D7FF, prNumeric}, // Nd  [50] MATHEMATICAL BOLD DIGIT ZERO..MATHEMATICAL MONOSPACE DIGIT NINE
+	{0x1DA00, 0x1DA36, prExtend},  // Mn  [55] SIGNWRITING HEAD RIM..SIGNWRITING AIR SUCKING IN
+	{0x1DA3B, 0x1DA6C, prExtend},  // Mn  [50] SIGNWRITING MOUTH CLOSED NEUTRAL..SIGNWRITING EXCITEMENT
+	{0x1DA75, 0x1DA75, prExtend},  // Mn       SIGNWRITING UPPER BODY TILTING FROM HIP JOINTS
+	{0x1DA84, 0x1DA84, prExtend},  // Mn       SIGNWRITING LOCATION HEAD NECK
+	{0x1DA88, 0x1DA88, prSTerm},   // Po       SIGNWRITING FULL STOP
+	{0x1DA9B, 0x1DA9F, prExtend},  // Mn   [5] SIGNWRITING FILL MODIFIER-2..SIGNWRITING FILL MODIFIER-6
+	{0x1DAA1, 0x1DAAF, prExtend},  // Mn  [15] SIGNWRITING ROTATION MODIFIER-2..SIGNWRITING ROTATION MODIFIER-16
+	{0x1DF00, 0x1DF09, prLower},   // L&  [10] LATIN SMALL LETTER FENG DIGRAPH WITH TRILL..LATIN SMALL LETTER T WITH HOOK AND RETROFLEX HOOK
+	{0x1DF0A, 0x1DF0A, prOLetter}, // Lo       LATIN LETTER RETROFLEX CLICK WITH RETROFLEX HOOK
+	{0x1DF0B, 0x1DF1E, prLower},   // L&  [20] LATIN SMALL LETTER ESH WITH DOUBLE BAR..LATIN SMALL LETTER S WITH CURL
+	{0x1E000, 0x1E006, prExtend},  // Mn   [7] COMBINING GLAGOLITIC LETTER AZU..COMBINING GLAGOLITIC LETTER ZHIVETE
+	{0x1E008, 0x1E018, prExtend},  // Mn  [17] COMBINING GLAGOLITIC LETTER ZEMLJA..COMBINING GLAGOLITIC LETTER HERU
+	{0x1E01B, 0x1E021, prExtend},  // Mn   [7] COMBINING GLAGOLITIC LETTER SHTA..COMBINING GLAGOLITIC LETTER YATI
+	{0x1E023, 0x1E024, prExtend},  // Mn   [2] COMBINING GLAGOLITIC LETTER YU..COMBINING GLAGOLITIC LETTER SMALL YUS
+	{0x1E026, 0x1E02A, prExtend},  // Mn   [5] COMBINING GLAGOLITIC LETTER YO..COMBINING GLAGOLITIC LETTER FITA
+	{0x1E100, 0x1E12C, prOLetter}, // Lo  [45] NYIAKENG PUACHUE HMONG LETTER MA..NYIAKENG PUACHUE HMONG LETTER W
+	{0x1E130, 0x1E136, prExtend},  // Mn   [7] NYIAKENG PUACHUE HMONG TONE-B..NYIAKENG PUACHUE HMONG TONE-D
+	{0x1E137, 0x1E13D, prOLetter}, // Lm   [7] NYIAKENG PUACHUE HMONG SIGN FOR PERSON..NYIAKENG PUACHUE HMONG SYLLABLE LENGTHENER
+	{0x1E140, 0x1E149, prNumeric}, // Nd  [10] NYIAKENG PUACHUE HMONG DIGIT ZERO..NYIAKENG PUACHUE HMONG DIGIT NINE
+	{0x1E14E, 0x1E14E, prOLetter}, // Lo       NYIAKENG PUACHUE HMONG LOGOGRAM NYAJ
+	{0x1E290, 0x1E2AD, prOLetter}, // Lo  [30] TOTO LETTER PA..TOTO LETTER A
+	{0x1E2AE, 0x1E2AE, prExtend},  // Mn       TOTO SIGN RISING TONE
+	{0x1E2C0, 0x1E2EB, prOLetter}, // Lo  [44] WANCHO LETTER AA..WANCHO LETTER YIH
+	{0x1E2EC, 0x1E2EF, prExtend},  // Mn   [4] WANCHO TONE TUP..WANCHO TONE KOINI
+	{0x1E2F0, 0x1E2F9, prNumeric}, // Nd  [10] WANCHO DIGIT ZERO..WANCHO DIGIT NINE
+	{0x1E7E0, 0x1E7E6, prOLetter}, // Lo   [7] ETHIOPIC SYLLABLE HHYA..ETHIOPIC SYLLABLE HHYO
+	{0x1E7E8, 0x1E7EB, prOLetter}, // Lo   [4] ETHIOPIC SYLLABLE GURAGE HHWA..ETHIOPIC SYLLABLE HHWE
+	{0x1E7ED, 0x1E7EE, prOLetter}, // Lo   [2] ETHIOPIC SYLLABLE GURAGE MWI..ETHIOPIC SYLLABLE GURAGE MWEE
+	{0x1E7F0, 0x1E7FE, prOLetter}, // Lo  [15] ETHIOPIC SYLLABLE GURAGE QWI..ETHIOPIC SYLLABLE GURAGE PWEE
+	{0x1E800, 0x1E8C4, prOLetter}, // Lo [197] MENDE KIKAKUI SYLLABLE M001 KI..MENDE KIKAKUI SYLLABLE M060 NYON
+	{0x1E8D0, 0x1E8D6, prExtend},  // Mn   [7] MENDE KIKAKUI COMBINING NUMBER TEENS..MENDE KIKAKUI COMBINING NUMBER MILLIONS
+	{0x1E900, 0x1E921, prUpper},   // L&  [34] ADLAM CAPITAL LETTER ALIF..ADLAM CAPITAL LETTER SHA
+	{0x1E922, 0x1E943, prLower},   // L&  [34] ADLAM SMALL LETTER ALIF..ADLAM SMALL LETTER SHA
+	{0x1E944, 0x1E94A, prExtend},  // Mn   [7] ADLAM ALIF LENGTHENER..ADLAM NUKTA
+	{0x1E94B, 0x1E94B, prOLetter}, // Lm       ADLAM NASALIZATION MARK
+	{0x1E950, 0x1E959, prNumeric}, // Nd  [10] ADLAM DIGIT ZERO..ADLAM DIGIT NINE
+	{0x1EE00, 0x1EE03, prOLetter}, // Lo   [4] ARABIC MATHEMATICAL ALEF..ARABIC MATHEMATICAL DAL
+	{0x1EE05, 0x1EE1F, prOLetter}, // Lo  [27] ARABIC MATHEMATICAL WAW..ARABIC MATHEMATICAL DOTLESS QAF
+	{0x1EE21, 0x1EE22, prOLetter}, // Lo   [2] ARABIC MATHEMATICAL INITIAL BEH..ARABIC MATHEMATICAL INITIAL JEEM
+	{0x1EE24, 0x1EE24, prOLetter}, // Lo       ARABIC MATHEMATICAL INITIAL HEH
+	{0x1EE27, 0x1EE27, prOLetter}, // Lo       ARABIC MATHEMATICAL INITIAL HAH
+	{0x1EE29, 0x1EE32, prOLetter}, // Lo  [10] ARABIC MATHEMATICAL INITIAL YEH..ARABIC MATHEMATICAL INITIAL QAF
+	{0x1EE34, 0x1EE37, prOLetter}, // Lo   [4] ARABIC MATHEMATICAL INITIAL SHEEN..ARABIC MATHEMATICAL INITIAL KHAH
+	{0x1EE39, 0x1EE39, prOLetter}, // Lo       ARABIC MATHEMATICAL INITIAL DAD
+	{0x1EE3B, 0x1EE3B, prOLetter}, // Lo       ARABIC MATHEMATICAL INITIAL GHAIN
+	{0x1EE42, 0x1EE42, prOLetter}, // Lo       ARABIC MATHEMATICAL TAILED JEEM
+	{0x1EE47, 0x1EE47, prOLetter}, // Lo       ARABIC MATHEMATICAL TAILED HAH
+	{0x1EE49, 0x1EE49, prOLetter}, // Lo       ARABIC MATHEMATICAL TAILED YEH
+	{0x1EE4B, 0x1EE4B, prOLetter}, // Lo       ARABIC MATHEMATICAL TAILED LAM
+	{0x1EE4D, 0x1EE4F, prOLetter}, // Lo   [3] ARABIC MATHEMATICAL TAILED NOON..ARABIC MATHEMATICAL TAILED AIN
+	{0x1EE51, 0x1EE52, prOLetter}, // Lo   [2] ARABIC MATHEMATICAL TAILED SAD..ARABIC MATHEMATICAL TAILED QAF
+	{0x1EE54, 0x1EE54, prOLetter}, // Lo       ARABIC MATHEMATICAL TAILED SHEEN
+	{0x1EE57, 0x1EE57, prOLetter}, // Lo       ARABIC MATHEMATICAL TAILED KHAH
+	{0x1EE59, 0x1EE59, prOLetter}, // Lo       ARABIC MATHEMATICAL TAILED DAD
+	{0x1EE5B, 0x1EE5B, prOLetter}, // Lo       ARABIC MATHEMATICAL TAILED GHAIN
+	{0x1EE5D, 0x1EE5D, prOLetter}, // Lo       ARABIC MATHEMATICAL TAILED DOTLESS NOON
+	{0x1EE5F, 0x1EE5F, prOLetter}, // Lo       ARABIC MATHEMATICAL TAILED DOTLESS QAF
+	{0x1EE61, 0x1EE62, prOLetter}, // Lo   [2] ARABIC MATHEMATICAL STRETCHED BEH..ARABIC MATHEMATICAL STRETCHED JEEM
+	{0x1EE64, 0x1EE64, prOLetter}, // Lo       ARABIC MATHEMATICAL STRETCHED HEH
+	{0x1EE67, 0x1EE6A, prOLetter}, // Lo   [4] ARABIC MATHEMATICAL STRETCHED HAH..ARABIC MATHEMATICAL STRETCHED KAF
+	{0x1EE6C, 0x1EE72, prOLetter}, // Lo   [7] ARABIC MATHEMATICAL STRETCHED MEEM..ARABIC MATHEMATICAL STRETCHED QAF
+	{0x1EE74, 0x1EE77, prOLetter}, // Lo   [4] ARABIC MATHEMATICAL STRETCHED SHEEN..ARABIC MATHEMATICAL STRETCHED KHAH
+	{0x1EE79, 0x1EE7C, prOLetter}, // Lo   [4] ARABIC MATHEMATICAL STRETCHED DAD..ARABIC MATHEMATICAL STRETCHED DOTLESS BEH
+	{0x1EE7E, 0x1EE7E, prOLetter}, // Lo       ARABIC MATHEMATICAL STRETCHED DOTLESS FEH
+	{0x1EE80, 0x1EE89, prOLetter}, // Lo  [10] ARABIC MATHEMATICAL LOOPED ALEF..ARABIC MATHEMATICAL LOOPED YEH
+	{0x1EE8B, 0x1EE9B, prOLetter}, // Lo  [17] ARABIC MATHEMATICAL LOOPED LAM..ARABIC MATHEMATICAL LOOPED GHAIN
+	{0x1EEA1, 0x1EEA3, prOLetter}, // Lo   [3] ARABIC MATHEMATICAL DOUBLE-STRUCK BEH..ARABIC MATHEMATICAL DOUBLE-STRUCK DAL
+	{0x1EEA5, 0x1EEA9, prOLetter}, // Lo   [5] ARABIC MATHEMATICAL DOUBLE-STRUCK WAW..ARABIC MATHEMATICAL DOUBLE-STRUCK YEH
+	{0x1EEAB, 0x1EEBB, prOLetter}, // Lo  [17] ARABIC MATHEMATICAL DOUBLE-STRUCK LAM..ARABIC MATHEMATICAL DOUBLE-STRUCK GHAIN
+	{0x1F130, 0x1F149, prUpper},   // So  [26] SQUARED LATIN CAPITAL LETTER A..SQUARED LATIN CAPITAL LETTER Z
+	{0x1F150, 0x1F169, prUpper},   // So  [26] NEGATIVE CIRCLED LATIN CAPITAL LETTER A..NEGATIVE CIRCLED LATIN CAPITAL LETTER Z
+	{0x1F170, 0x1F189, prUpper},   // So  [26] NEGATIVE SQUARED LATIN CAPITAL LETTER A..NEGATIVE SQUARED LATIN CAPITAL LETTER Z
+	{0x1F676, 0x1F678, prClose},   // So   [3] SANS-SERIF HEAVY DOUBLE TURNED COMMA QUOTATION MARK ORNAMENT..SANS-SERIF HEAVY LOW DOUBLE COMMA QUOTATION MARK ORNAMENT
+	{0x1FBF0, 0x1FBF9, prNumeric}, // Nd  [10] SEGMENTED DIGIT ZERO..SEGMENTED DIGIT NINE
+	{0x20000, 0x2A6DF, prOLetter}, // Lo [42720] CJK UNIFIED IDEOGRAPH-20000..CJK UNIFIED IDEOGRAPH-2A6DF
+	{0x2A700, 0x2B738, prOLetter}, // Lo [4153] CJK UNIFIED IDEOGRAPH-2A700..CJK UNIFIED IDEOGRAPH-2B738
+	{0x2B740, 0x2B81D, prOLetter}, // Lo [222] CJK UNIFIED IDEOGRAPH-2B740..CJK UNIFIED IDEOGRAPH-2B81D
+	{0x2B820, 0x2CEA1, prOLetter}, // Lo [5762] CJK UNIFIED IDEOGRAPH-2B820..CJK UNIFIED IDEOGRAPH-2CEA1
+	{0x2CEB0, 0x2EBE0, prOLetter}, // Lo [7473] CJK UNIFIED IDEOGRAPH-2CEB0..CJK UNIFIED IDEOGRAPH-2EBE0
+	{0x2F800, 0x2FA1D, prOLetter}, // Lo [542] CJK COMPATIBILITY IDEOGRAPH-2F800..CJK COMPATIBILITY IDEOGRAPH-2FA1D
+	{0x30000, 0x3134A, prOLetter}, // Lo [4939] CJK UNIFIED IDEOGRAPH-30000..CJK UNIFIED IDEOGRAPH-3134A
+	{0xE0001, 0xE0001, prFormat},  // Cf       LANGUAGE TAG
+	{0xE0020, 0xE007F, prExtend},  // Cf  [96] TAG SPACE..CANCEL TAG
+	{0xE0100, 0xE01EF, prExtend},  // Mn [240] VARIATION SELECTOR-17..VARIATION SELECTOR-256
+}
diff --git a/vendor/github.com/rivo/uniseg/sentencerules.go b/vendor/github.com/rivo/uniseg/sentencerules.go
new file mode 100644
index 0000000000..58c04794e8
--- /dev/null
+++ b/vendor/github.com/rivo/uniseg/sentencerules.go
@@ -0,0 +1,205 @@
+package uniseg
+
+import "unicode/utf8"
+
+// The states of the sentence break parser.
+const (
+	sbAny = iota
+	sbCR
+	sbParaSep
+	sbATerm
+	sbUpper
+	sbLower
+	sbSB7
+	sbSB8Close
+	sbSB8Sp
+	sbSTerm
+	sbSB8aClose
+	sbSB8aSp
+)
+
+// The sentence break parser's breaking instructions.
+const (
+	sbDontBreak = iota
+	sbBreak
+)
+
+// The sentence break parser's state transitions. It's anologous to
+// grTransitions, see comments there for details. Unicode version 14.0.0.
+var sbTransitions = map[[2]int][3]int{
+	// SB3.
+	{sbAny, prCR}: {sbCR, sbDontBreak, 9990},
+	{sbCR, prLF}:  {sbParaSep, sbDontBreak, 30},
+
+	// SB4.
+	{sbAny, prSep}:     {sbParaSep, sbDontBreak, 9990},
+	{sbAny, prLF}:      {sbParaSep, sbDontBreak, 9990},
+	{sbParaSep, prAny}: {sbAny, sbBreak, 40},
+	{sbCR, prAny}:      {sbAny, sbBreak, 40},
+
+	// SB6.
+	{sbAny, prATerm}:     {sbATerm, sbDontBreak, 9990},
+	{sbATerm, prNumeric}: {sbAny, sbDontBreak, 60},
+	{sbSB7, prNumeric}:   {sbAny, sbDontBreak, 60}, // Because ATerm also appears in SB7.
+
+	// SB7.
+	{sbAny, prUpper}:   {sbUpper, sbDontBreak, 9990},
+	{sbAny, prLower}:   {sbLower, sbDontBreak, 9990},
+	{sbUpper, prATerm}: {sbSB7, sbDontBreak, 70},
+	{sbLower, prATerm}: {sbSB7, sbDontBreak, 70},
+	{sbSB7, prUpper}:   {sbUpper, sbDontBreak, 70},
+
+	// SB8a.
+	{sbAny, prSTerm}:           {sbSTerm, sbDontBreak, 9990},
+	{sbATerm, prSContinue}:     {sbAny, sbDontBreak, 81},
+	{sbATerm, prATerm}:         {sbATerm, sbDontBreak, 81},
+	{sbATerm, prSTerm}:         {sbSTerm, sbDontBreak, 81},
+	{sbSB7, prSContinue}:       {sbAny, sbDontBreak, 81},
+	{sbSB7, prATerm}:           {sbATerm, sbDontBreak, 81},
+	{sbSB7, prSTerm}:           {sbSTerm, sbDontBreak, 81},
+	{sbSB8Close, prSContinue}:  {sbAny, sbDontBreak, 81},
+	{sbSB8Close, prATerm}:      {sbATerm, sbDontBreak, 81},
+	{sbSB8Close, prSTerm}:      {sbSTerm, sbDontBreak, 81},
+	{sbSB8Sp, prSContinue}:     {sbAny, sbDontBreak, 81},
+	{sbSB8Sp, prATerm}:         {sbATerm, sbDontBreak, 81},
+	{sbSB8Sp, prSTerm}:         {sbSTerm, sbDontBreak, 81},
+	{sbSTerm, prSContinue}:     {sbAny, sbDontBreak, 81},
+	{sbSTerm, prATerm}:         {sbATerm, sbDontBreak, 81},
+	{sbSTerm, prSTerm}:         {sbSTerm, sbDontBreak, 81},
+	{sbSB8aClose, prSContinue}: {sbAny, sbDontBreak, 81},
+	{sbSB8aClose, prATerm}:     {sbATerm, sbDontBreak, 81},
+	{sbSB8aClose, prSTerm}:     {sbSTerm, sbDontBreak, 81},
+	{sbSB8aSp, prSContinue}:    {sbAny, sbDontBreak, 81},
+	{sbSB8aSp, prATerm}:        {sbATerm, sbDontBreak, 81},
+	{sbSB8aSp, prSTerm}:        {sbSTerm, sbDontBreak, 81},
+
+	// SB9.
+	{sbATerm, prClose}:     {sbSB8Close, sbDontBreak, 90},
+	{sbSB7, prClose}:       {sbSB8Close, sbDontBreak, 90},
+	{sbSB8Close, prClose}:  {sbSB8Close, sbDontBreak, 90},
+	{sbATerm, prSp}:        {sbSB8Sp, sbDontBreak, 90},
+	{sbSB7, prSp}:          {sbSB8Sp, sbDontBreak, 90},
+	{sbSB8Close, prSp}:     {sbSB8Sp, sbDontBreak, 90},
+	{sbSTerm, prClose}:     {sbSB8aClose, sbDontBreak, 90},
+	{sbSB8aClose, prClose}: {sbSB8aClose, sbDontBreak, 90},
+	{sbSTerm, prSp}:        {sbSB8aSp, sbDontBreak, 90},
+	{sbSB8aClose, prSp}:    {sbSB8aSp, sbDontBreak, 90},
+	{sbATerm, prSep}:       {sbParaSep, sbDontBreak, 90},
+	{sbATerm, prCR}:        {sbParaSep, sbDontBreak, 90},
+	{sbATerm, prLF}:        {sbParaSep, sbDontBreak, 90},
+	{sbSB7, prSep}:         {sbParaSep, sbDontBreak, 90},
+	{sbSB7, prCR}:          {sbParaSep, sbDontBreak, 90},
+	{sbSB7, prLF}:          {sbParaSep, sbDontBreak, 90},
+	{sbSB8Close, prSep}:    {sbParaSep, sbDontBreak, 90},
+	{sbSB8Close, prCR}:     {sbParaSep, sbDontBreak, 90},
+	{sbSB8Close, prLF}:     {sbParaSep, sbDontBreak, 90},
+	{sbSTerm, prSep}:       {sbParaSep, sbDontBreak, 90},
+	{sbSTerm, prCR}:        {sbParaSep, sbDontBreak, 90},
+	{sbSTerm, prLF}:        {sbParaSep, sbDontBreak, 90},
+	{sbSB8aClose, prSep}:   {sbParaSep, sbDontBreak, 90},
+	{sbSB8aClose, prCR}:    {sbParaSep, sbDontBreak, 90},
+	{sbSB8aClose, prLF}:    {sbParaSep, sbDontBreak, 90},
+
+	// SB10.
+	{sbSB8Sp, prSp}:  {sbSB8Sp, sbDontBreak, 100},
+	{sbSB8aSp, prSp}: {sbSB8aSp, sbDontBreak, 100},
+	{sbSB8Sp, prSep}: {sbParaSep, sbDontBreak, 100},
+	{sbSB8Sp, prCR}:  {sbParaSep, sbDontBreak, 100},
+	{sbSB8Sp, prLF}:  {sbParaSep, sbDontBreak, 100},
+
+	// SB11.
+	{sbATerm, prAny}:     {sbAny, sbBreak, 110},
+	{sbSB7, prAny}:       {sbAny, sbBreak, 110},
+	{sbSB8Close, prAny}:  {sbAny, sbBreak, 110},
+	{sbSB8Sp, prAny}:     {sbAny, sbBreak, 110},
+	{sbSTerm, prAny}:     {sbAny, sbBreak, 110},
+	{sbSB8aClose, prAny}: {sbAny, sbBreak, 110},
+	{sbSB8aSp, prAny}:    {sbAny, sbBreak, 110},
+	// We'll always break after ParaSep due to SB4.
+}
+
+// transitionSentenceBreakState determines the new state of the sentence break
+// parser given the current state and the next code point. It also returns
+// whether a sentence boundary was detected. If more than one code point is
+// needed to determine the new state, the byte slice or the string starting
+// after rune "r" can be used (whichever is not nil or empty) for further
+// lookups.
+func transitionSentenceBreakState(state int, r rune, b []byte, str string) (newState int, sentenceBreak bool) {
+	// Determine the property of the next character.
+	nextProperty := property(sentenceBreakCodePoints, r)
+
+	// SB5 (Replacing Ignore Rules).
+	if nextProperty == prExtend || nextProperty == prFormat {
+		if state == sbParaSep || state == sbCR {
+			return sbAny, true // Make sure we don't apply SB5 to SB3 or SB4.
+		}
+		if state < 0 {
+			return sbAny, true // SB1.
+		}
+		return state, false
+	}
+
+	// Find the applicable transition in the table.
+	var rule int
+	transition, ok := sbTransitions[[2]int{state, nextProperty}]
+	if ok {
+		// We have a specific transition. We'll use it.
+		newState, sentenceBreak, rule = transition[0], transition[1] == sbBreak, transition[2]
+	} else {
+		// No specific transition found. Try the less specific ones.
+		transAnyProp, okAnyProp := sbTransitions[[2]int{state, prAny}]
+		transAnyState, okAnyState := sbTransitions[[2]int{sbAny, nextProperty}]
+		if okAnyProp && okAnyState {
+			// Both apply. We'll use a mix (see comments for grTransitions).
+			newState, sentenceBreak, rule = transAnyState[0], transAnyState[1] == sbBreak, transAnyState[2]
+			if transAnyProp[2] < transAnyState[2] {
+				sentenceBreak, rule = transAnyProp[1] == sbBreak, transAnyProp[2]
+			}
+		} else if okAnyProp {
+			// We only have a specific state.
+			newState, sentenceBreak, rule = transAnyProp[0], transAnyProp[1] == sbBreak, transAnyProp[2]
+			// This branch will probably never be reached because okAnyState will
+			// always be true given the current transition map. But we keep it here
+			// for future modifications to the transition map where this may not be
+			// true anymore.
+		} else if okAnyState {
+			// We only have a specific property.
+			newState, sentenceBreak, rule = transAnyState[0], transAnyState[1] == sbBreak, transAnyState[2]
+		} else {
+			// No known transition. SB999: Any × Any.
+			newState, sentenceBreak, rule = sbAny, false, 9990
+		}
+	}
+
+	// SB8.
+	if rule > 80 && (state == sbATerm || state == sbSB8Close || state == sbSB8Sp || state == sbSB7) {
+		// Check the right side of the rule.
+		var length int
+		for nextProperty != prOLetter &&
+			nextProperty != prUpper &&
+			nextProperty != prLower &&
+			nextProperty != prSep &&
+			nextProperty != prCR &&
+			nextProperty != prLF &&
+			nextProperty != prATerm &&
+			nextProperty != prSTerm {
+			// Move on to the next rune.
+			if b != nil { // Byte slice version.
+				r, length = utf8.DecodeRune(b)
+				b = b[length:]
+			} else { // String version.
+				r, length = utf8.DecodeRuneInString(str)
+				str = str[length:]
+			}
+			if r == utf8.RuneError {
+				break
+			}
+			nextProperty = property(sentenceBreakCodePoints, r)
+		}
+		if nextProperty == prLower {
+			return sbLower, false
+		}
+	}
+
+	return
+}
diff --git a/vendor/github.com/rivo/uniseg/step.go b/vendor/github.com/rivo/uniseg/step.go
new file mode 100644
index 0000000000..6eca4b5dc7
--- /dev/null
+++ b/vendor/github.com/rivo/uniseg/step.go
@@ -0,0 +1,246 @@
+package uniseg
+
+import "unicode/utf8"
+
+// The bit masks used to extract boundary information returned by [Step].
+const (
+	MaskLine     = 3
+	MaskWord     = 4
+	MaskSentence = 8
+)
+
+// The number of bits to shift the boundary information returned by [Step] to
+// obtain the monospace width of the grapheme cluster.
+const ShiftWidth = 4
+
+// The bit positions by which boundary flags are shifted by the [Step] function.
+// These must correspond to the Mask constants.
+const (
+	shiftWord     = 2
+	shiftSentence = 3
+	// shiftwWidth is ShiftWidth above. No mask as these are always the remaining bits.
+)
+
+// The bit positions by which states are shifted by the [Step] function. These
+// values must ensure state values defined for each of the boundary algorithms
+// don't overlap (and that they all still fit in a single int). These must
+// correspond to the Mask constants.
+const (
+	shiftWordState     = 4
+	shiftSentenceState = 9
+	shiftLineState     = 13
+	shiftPropState     = 21 // No mask as these are always the remaining bits.
+)
+
+// The bit mask used to extract the state returned by the [Step] function, after
+// shifting. These values must correspond to the shift constants.
+const (
+	maskGraphemeState = 0xf
+	maskWordState     = 0x1f
+	maskSentenceState = 0xf
+	maskLineState     = 0xff
+)
+
+// Step returns the first grapheme cluster (user-perceived character) found in
+// the given byte slice. It also returns information about the boundary between
+// that grapheme cluster and the one following it as well as the monospace width
+// of the grapheme cluster. There are three types of boundary information: word
+// boundaries, sentence boundaries, and line breaks. This function is therefore
+// a combination of [FirstGraphemeCluster], [FirstWord], [FirstSentence], and
+// [FirstLineSegment].
+//
+// The "boundaries" return value can be evaluated as follows:
+//
+//   - boundaries&MaskWord != 0: The boundary is a word boundary.
+//   - boundaries&MaskWord == 0: The boundary is not a word boundary.
+//   - boundaries&MaskSentence != 0: The boundary is a sentence boundary.
+//   - boundaries&MaskSentence == 0: The boundary is not a sentence boundary.
+//   - boundaries&MaskLine == LineDontBreak: You must not break the line at the
+//     boundary.
+//   - boundaries&MaskLine == LineMustBreak: You must break the line at the
+//     boundary.
+//   - boundaries&MaskLine == LineCanBreak: You may or may not break the line at
+//     the boundary.
+//   - boundaries >> ShiftWidth: The width of the grapheme cluster for most
+//     monospace fonts where a value of 1 represents one character cell.
+//
+// This function can be called continuously to extract all grapheme clusters
+// from a byte slice, as illustrated in the examples below.
+//
+// If you don't know which state to pass, for example when calling the function
+// for the first time, you must pass -1. For consecutive calls, pass the state
+// and rest slice returned by the previous call.
+//
+// The "rest" slice is the sub-slice of the original byte slice "b" starting
+// after the last byte of the identified grapheme cluster. If the length of the
+// "rest" slice is 0, the entire byte slice "b" has been processed. The
+// "cluster" byte slice is the sub-slice of the input slice containing the
+// first identified grapheme cluster.
+//
+// Given an empty byte slice "b", the function returns nil values.
+//
+// While slightly less convenient than using the Graphemes class, this function
+// has much better performance and makes no allocations. It lends itself well to
+// large byte slices.
+//
+// Note that in accordance with [UAX #14 LB3], the final segment will end with
+// a mandatory line break (boundaries&MaskLine == LineMustBreak). You can choose
+// to ignore this by checking if the length of the "rest" slice is 0 and calling
+// [HasTrailingLineBreak] or [HasTrailingLineBreakInString] on the last rune.
+//
+// [UAX #14 LB3]: https://www.unicode.org/reports/tr14/#Algorithm
+func Step(b []byte, state int) (cluster, rest []byte, boundaries int, newState int) {
+	// An empty byte slice returns nothing.
+	if len(b) == 0 {
+		return
+	}
+
+	// Extract the first rune.
+	r, length := utf8.DecodeRune(b)
+	if len(b) <= length { // If we're already past the end, there is nothing else to parse.
+		var prop int
+		if state < 0 {
+			prop = property(graphemeCodePoints, r)
+		} else {
+			prop = state >> shiftPropState
+		}
+		return b, nil, LineMustBreak | (1 << shiftWord) | (1 << shiftSentence) | (runeWidth(r, prop) << ShiftWidth), grAny | (wbAny << shiftWordState) | (sbAny << shiftSentenceState) | (lbAny << shiftLineState) | (prop << shiftPropState)
+	}
+
+	// If we don't know the state, determine it now.
+	var graphemeState, wordState, sentenceState, lineState, firstProp int
+	remainder := b[length:]
+	if state < 0 {
+		graphemeState, firstProp, _ = transitionGraphemeState(state, r)
+		wordState, _ = transitionWordBreakState(state, r, remainder, "")
+		sentenceState, _ = transitionSentenceBreakState(state, r, remainder, "")
+		lineState, _ = transitionLineBreakState(state, r, remainder, "")
+	} else {
+		graphemeState = state & maskGraphemeState
+		wordState = (state >> shiftWordState) & maskWordState
+		sentenceState = (state >> shiftSentenceState) & maskSentenceState
+		lineState = (state >> shiftLineState) & maskLineState
+		firstProp = state >> shiftPropState
+	}
+
+	// Transition until we find a grapheme cluster boundary.
+	width := runeWidth(r, firstProp)
+	for {
+		var (
+			graphemeBoundary, wordBoundary, sentenceBoundary bool
+			lineBreak, prop                                  int
+		)
+
+		r, l := utf8.DecodeRune(remainder)
+		remainder = b[length+l:]
+
+		graphemeState, prop, graphemeBoundary = transitionGraphemeState(graphemeState, r)
+		wordState, wordBoundary = transitionWordBreakState(wordState, r, remainder, "")
+		sentenceState, sentenceBoundary = transitionSentenceBreakState(sentenceState, r, remainder, "")
+		lineState, lineBreak = transitionLineBreakState(lineState, r, remainder, "")
+
+		if graphemeBoundary {
+			boundary := lineBreak | (width << ShiftWidth)
+			if wordBoundary {
+				boundary |= 1 << shiftWord
+			}
+			if sentenceBoundary {
+				boundary |= 1 << shiftSentence
+			}
+			return b[:length], b[length:], boundary, graphemeState | (wordState << shiftWordState) | (sentenceState << shiftSentenceState) | (lineState << shiftLineState) | (prop << shiftPropState)
+		}
+
+		if r == vs16 {
+			width = 2
+		} else if firstProp != prExtendedPictographic && firstProp != prRegionalIndicator && firstProp != prL {
+			width += runeWidth(r, prop)
+		} else if firstProp == prExtendedPictographic {
+			if r == vs15 {
+				width = 1
+			} else {
+				width = 2
+			}
+		}
+
+		length += l
+		if len(b) <= length {
+			return b, nil, LineMustBreak | (1 << shiftWord) | (1 << shiftSentence) | (width << ShiftWidth), grAny | (wbAny << shiftWordState) | (sbAny << shiftSentenceState) | (lbAny << shiftLineState) | (prop << shiftPropState)
+		}
+	}
+}
+
+// StepString is like [Step] but its input and outputs are strings.
+func StepString(str string, state int) (cluster, rest string, boundaries int, newState int) {
+	// An empty byte slice returns nothing.
+	if len(str) == 0 {
+		return
+	}
+
+	// Extract the first rune.
+	r, length := utf8.DecodeRuneInString(str)
+	if len(str) <= length { // If we're already past the end, there is nothing else to parse.
+		prop := property(graphemeCodePoints, r)
+		return str, "", LineMustBreak | (1 << shiftWord) | (1 << shiftSentence) | (runeWidth(r, prop) << ShiftWidth), grAny | (wbAny << shiftWordState) | (sbAny << shiftSentenceState) | (lbAny << shiftLineState)
+	}
+
+	// If we don't know the state, determine it now.
+	var graphemeState, wordState, sentenceState, lineState, firstProp int
+	remainder := str[length:]
+	if state < 0 {
+		graphemeState, firstProp, _ = transitionGraphemeState(state, r)
+		wordState, _ = transitionWordBreakState(state, r, nil, remainder)
+		sentenceState, _ = transitionSentenceBreakState(state, r, nil, remainder)
+		lineState, _ = transitionLineBreakState(state, r, nil, remainder)
+	} else {
+		graphemeState = state & maskGraphemeState
+		wordState = (state >> shiftWordState) & maskWordState
+		sentenceState = (state >> shiftSentenceState) & maskSentenceState
+		lineState = (state >> shiftLineState) & maskLineState
+		firstProp = state >> shiftPropState
+	}
+
+	// Transition until we find a grapheme cluster boundary.
+	width := runeWidth(r, firstProp)
+	for {
+		var (
+			graphemeBoundary, wordBoundary, sentenceBoundary bool
+			lineBreak, prop                                  int
+		)
+
+		r, l := utf8.DecodeRuneInString(remainder)
+		remainder = str[length+l:]
+
+		graphemeState, prop, graphemeBoundary = transitionGraphemeState(graphemeState, r)
+		wordState, wordBoundary = transitionWordBreakState(wordState, r, nil, remainder)
+		sentenceState, sentenceBoundary = transitionSentenceBreakState(sentenceState, r, nil, remainder)
+		lineState, lineBreak = transitionLineBreakState(lineState, r, nil, remainder)
+
+		if graphemeBoundary {
+			boundary := lineBreak | (width << ShiftWidth)
+			if wordBoundary {
+				boundary |= 1 << shiftWord
+			}
+			if sentenceBoundary {
+				boundary |= 1 << shiftSentence
+			}
+			return str[:length], str[length:], boundary, graphemeState | (wordState << shiftWordState) | (sentenceState << shiftSentenceState) | (lineState << shiftLineState) | (prop << shiftPropState)
+		}
+
+		if r == vs16 {
+			width = 2
+		} else if firstProp != prExtendedPictographic && firstProp != prRegionalIndicator && firstProp != prL {
+			width += runeWidth(r, prop)
+		} else if firstProp == prExtendedPictographic {
+			if r == vs15 {
+				width = 1
+			} else {
+				width = 2
+			}
+		}
+
+		length += l
+		if len(str) <= length {
+			return str, "", LineMustBreak | (1 << shiftWord) | (1 << shiftSentence) | (width << ShiftWidth), grAny | (wbAny << shiftWordState) | (sbAny << shiftSentenceState) | (lbAny << shiftLineState) | (prop << shiftPropState)
+		}
+	}
+}
diff --git a/vendor/github.com/rivo/uniseg/width.go b/vendor/github.com/rivo/uniseg/width.go
new file mode 100644
index 0000000000..12a57cc2e3
--- /dev/null
+++ b/vendor/github.com/rivo/uniseg/width.go
@@ -0,0 +1,54 @@
+package uniseg
+
+// runeWidth returns the monospace width for the given rune. The provided
+// grapheme property is a value mapped by the [graphemeCodePoints] table.
+//
+// Every rune has a width of 1, except for runes with the following properties
+// (evaluated in this order):
+//
+//   - Control, CR, LF, Extend, ZWJ: Width of 0
+//   - \u2e3a, TWO-EM DASH: Width of 3
+//   - \u2e3b, THREE-EM DASH: Width of 4
+//   - East-Asian width Fullwidth and Wide: Width of 2 (Ambiguous and Neutral
+//     have a width of 1)
+//   - Regional Indicator: Width of 2
+//   - Extended Pictographic: Width of 2, unless Emoji Presentation is "No".
+func runeWidth(r rune, graphemeProperty int) int {
+	switch graphemeProperty {
+	case prControl, prCR, prLF, prExtend, prZWJ:
+		return 0
+	case prRegionalIndicator:
+		return 2
+	case prExtendedPictographic:
+		if property(emojiPresentation, r) == prEmojiPresentation {
+			return 2
+		}
+		return 1
+	}
+
+	switch r {
+	case 0x2e3a:
+		return 3
+	case 0x2e3b:
+		return 4
+	}
+
+	switch property(eastAsianWidth, r) {
+	case prW, prF:
+		return 2
+	}
+
+	return 1
+}
+
+// StringWidth returns the monospace width for the given string, that is, the
+// number of same-size cells to be occupied by the string.
+func StringWidth(s string) (width int) {
+	state := -1
+	for len(s) > 0 {
+		var w int
+		_, s, w, state = FirstGraphemeClusterInString(s, state)
+		width += w
+	}
+	return
+}
diff --git a/vendor/github.com/rivo/uniseg/word.go b/vendor/github.com/rivo/uniseg/word.go
new file mode 100644
index 0000000000..34fba7f291
--- /dev/null
+++ b/vendor/github.com/rivo/uniseg/word.go
@@ -0,0 +1,89 @@
+package uniseg
+
+import "unicode/utf8"
+
+// FirstWord returns the first word found in the given byte slice according to
+// the rules of [Unicode Standard Annex #29, Word Boundaries]. This function can
+// be called continuously to extract all words from a byte slice, as illustrated
+// in the example below.
+//
+// If you don't know the current state, for example when calling the function
+// for the first time, you must pass -1. For consecutive calls, pass the state
+// and rest slice returned by the previous call.
+//
+// The "rest" slice is the sub-slice of the original byte slice "b" starting
+// after the last byte of the identified word. If the length of the "rest" slice
+// is 0, the entire byte slice "b" has been processed. The "word" byte slice is
+// the sub-slice of the input slice containing the identified word.
+//
+// Given an empty byte slice "b", the function returns nil values.
+//
+// [Unicode Standard Annex #29, Word Boundaries]: http://unicode.org/reports/tr29/#Word_Boundaries
+func FirstWord(b []byte, state int) (word, rest []byte, newState int) {
+	// An empty byte slice returns nothing.
+	if len(b) == 0 {
+		return
+	}
+
+	// Extract the first rune.
+	r, length := utf8.DecodeRune(b)
+	if len(b) <= length { // If we're already past the end, there is nothing else to parse.
+		return b, nil, wbAny
+	}
+
+	// If we don't know the state, determine it now.
+	if state < 0 {
+		state, _ = transitionWordBreakState(state, r, b[length:], "")
+	}
+
+	// Transition until we find a boundary.
+	var boundary bool
+	for {
+		r, l := utf8.DecodeRune(b[length:])
+		state, boundary = transitionWordBreakState(state, r, b[length+l:], "")
+
+		if boundary {
+			return b[:length], b[length:], state
+		}
+
+		length += l
+		if len(b) <= length {
+			return b, nil, wbAny
+		}
+	}
+}
+
+// FirstWordInString is like [FirstWord] but its input and outputs are strings.
+func FirstWordInString(str string, state int) (word, rest string, newState int) {
+	// An empty byte slice returns nothing.
+	if len(str) == 0 {
+		return
+	}
+
+	// Extract the first rune.
+	r, length := utf8.DecodeRuneInString(str)
+	if len(str) <= length { // If we're already past the end, there is nothing else to parse.
+		return str, "", wbAny
+	}
+
+	// If we don't know the state, determine it now.
+	if state < 0 {
+		state, _ = transitionWordBreakState(state, r, nil, str[length:])
+	}
+
+	// Transition until we find a boundary.
+	var boundary bool
+	for {
+		r, l := utf8.DecodeRuneInString(str[length:])
+		state, boundary = transitionWordBreakState(state, r, nil, str[length+l:])
+
+		if boundary {
+			return str[:length], str[length:], state
+		}
+
+		length += l
+		if len(str) <= length {
+			return str, "", wbAny
+		}
+	}
+}
diff --git a/vendor/github.com/rivo/uniseg/wordproperties.go b/vendor/github.com/rivo/uniseg/wordproperties.go
new file mode 100644
index 0000000000..805cc536cb
--- /dev/null
+++ b/vendor/github.com/rivo/uniseg/wordproperties.go
@@ -0,0 +1,1848 @@
+package uniseg
+
+// Code generated via go generate from gen_properties.go. DO NOT EDIT.
+
+// workBreakCodePoints are taken from
+// https://www.unicode.org/Public/14.0.0/ucd/auxiliary/WordBreakProperty.txt
+// and
+// https://unicode.org/Public/14.0.0/ucd/emoji/emoji-data.txt
+// ("Extended_Pictographic" only)
+// on September 10, 2022. See https://www.unicode.org/license.html for the Unicode
+// license agreement.
+var workBreakCodePoints = [][3]int{
+	{0x000A, 0x000A, prLF},                     // Cc       <control-000A>
+	{0x000B, 0x000C, prNewline},                // Cc   [2] <control-000B>..<control-000C>
+	{0x000D, 0x000D, prCR},                     // Cc       <control-000D>
+	{0x0020, 0x0020, prWSegSpace},              // Zs       SPACE
+	{0x0022, 0x0022, prDoubleQuote},            // Po       QUOTATION MARK
+	{0x0027, 0x0027, prSingleQuote},            // Po       APOSTROPHE
+	{0x002C, 0x002C, prMidNum},                 // Po       COMMA
+	{0x002E, 0x002E, prMidNumLet},              // Po       FULL STOP
+	{0x0030, 0x0039, prNumeric},                // Nd  [10] DIGIT ZERO..DIGIT NINE
+	{0x003A, 0x003A, prMidLetter},              // Po       COLON
+	{0x003B, 0x003B, prMidNum},                 // Po       SEMICOLON
+	{0x0041, 0x005A, prALetter},                // L&  [26] LATIN CAPITAL LETTER A..LATIN CAPITAL LETTER Z
+	{0x005F, 0x005F, prExtendNumLet},           // Pc       LOW LINE
+	{0x0061, 0x007A, prALetter},                // L&  [26] LATIN SMALL LETTER A..LATIN SMALL LETTER Z
+	{0x0085, 0x0085, prNewline},                // Cc       <control-0085>
+	{0x00A9, 0x00A9, prExtendedPictographic},   // E0.6   [1] (©�)       copyright
+	{0x00AA, 0x00AA, prALetter},                // Lo       FEMININE ORDINAL INDICATOR
+	{0x00AD, 0x00AD, prFormat},                 // Cf       SOFT HYPHEN
+	{0x00AE, 0x00AE, prExtendedPictographic},   // E0.6   [1] (®�)       registered
+	{0x00B5, 0x00B5, prALetter},                // L&       MICRO SIGN
+	{0x00B7, 0x00B7, prMidLetter},              // Po       MIDDLE DOT
+	{0x00BA, 0x00BA, prALetter},                // Lo       MASCULINE ORDINAL INDICATOR
+	{0x00C0, 0x00D6, prALetter},                // L&  [23] LATIN CAPITAL LETTER A WITH GRAVE..LATIN CAPITAL LETTER O WITH DIAERESIS
+	{0x00D8, 0x00F6, prALetter},                // L&  [31] LATIN CAPITAL LETTER O WITH STROKE..LATIN SMALL LETTER O WITH DIAERESIS
+	{0x00F8, 0x01BA, prALetter},                // L& [195] LATIN SMALL LETTER O WITH STROKE..LATIN SMALL LETTER EZH WITH TAIL
+	{0x01BB, 0x01BB, prALetter},                // Lo       LATIN LETTER TWO WITH STROKE
+	{0x01BC, 0x01BF, prALetter},                // L&   [4] LATIN CAPITAL LETTER TONE FIVE..LATIN LETTER WYNN
+	{0x01C0, 0x01C3, prALetter},                // Lo   [4] LATIN LETTER DENTAL CLICK..LATIN LETTER RETROFLEX CLICK
+	{0x01C4, 0x0293, prALetter},                // L& [208] LATIN CAPITAL LETTER DZ WITH CARON..LATIN SMALL LETTER EZH WITH CURL
+	{0x0294, 0x0294, prALetter},                // Lo       LATIN LETTER GLOTTAL STOP
+	{0x0295, 0x02AF, prALetter},                // L&  [27] LATIN LETTER PHARYNGEAL VOICED FRICATIVE..LATIN SMALL LETTER TURNED H WITH FISHHOOK AND TAIL
+	{0x02B0, 0x02C1, prALetter},                // Lm  [18] MODIFIER LETTER SMALL H..MODIFIER LETTER REVERSED GLOTTAL STOP
+	{0x02C2, 0x02C5, prALetter},                // Sk   [4] MODIFIER LETTER LEFT ARROWHEAD..MODIFIER LETTER DOWN ARROWHEAD
+	{0x02C6, 0x02D1, prALetter},                // Lm  [12] MODIFIER LETTER CIRCUMFLEX ACCENT..MODIFIER LETTER HALF TRIANGULAR COLON
+	{0x02D2, 0x02D7, prALetter},                // Sk   [6] MODIFIER LETTER CENTRED RIGHT HALF RING..MODIFIER LETTER MINUS SIGN
+	{0x02DE, 0x02DF, prALetter},                // Sk   [2] MODIFIER LETTER RHOTIC HOOK..MODIFIER LETTER CROSS ACCENT
+	{0x02E0, 0x02E4, prALetter},                // Lm   [5] MODIFIER LETTER SMALL GAMMA..MODIFIER LETTER SMALL REVERSED GLOTTAL STOP
+	{0x02E5, 0x02EB, prALetter},                // Sk   [7] MODIFIER LETTER EXTRA-HIGH TONE BAR..MODIFIER LETTER YANG DEPARTING TONE MARK
+	{0x02EC, 0x02EC, prALetter},                // Lm       MODIFIER LETTER VOICING
+	{0x02ED, 0x02ED, prALetter},                // Sk       MODIFIER LETTER UNASPIRATED
+	{0x02EE, 0x02EE, prALetter},                // Lm       MODIFIER LETTER DOUBLE APOSTROPHE
+	{0x02EF, 0x02FF, prALetter},                // Sk  [17] MODIFIER LETTER LOW DOWN ARROWHEAD..MODIFIER LETTER LOW LEFT ARROW
+	{0x0300, 0x036F, prExtend},                 // Mn [112] COMBINING GRAVE ACCENT..COMBINING LATIN SMALL LETTER X
+	{0x0370, 0x0373, prALetter},                // L&   [4] GREEK CAPITAL LETTER HETA..GREEK SMALL LETTER ARCHAIC SAMPI
+	{0x0374, 0x0374, prALetter},                // Lm       GREEK NUMERAL SIGN
+	{0x0376, 0x0377, prALetter},                // L&   [2] GREEK CAPITAL LETTER PAMPHYLIAN DIGAMMA..GREEK SMALL LETTER PAMPHYLIAN DIGAMMA
+	{0x037A, 0x037A, prALetter},                // Lm       GREEK YPOGEGRAMMENI
+	{0x037B, 0x037D, prALetter},                // L&   [3] GREEK SMALL REVERSED LUNATE SIGMA SYMBOL..GREEK SMALL REVERSED DOTTED LUNATE SIGMA SYMBOL
+	{0x037E, 0x037E, prMidNum},                 // Po       GREEK QUESTION MARK
+	{0x037F, 0x037F, prALetter},                // L&       GREEK CAPITAL LETTER YOT
+	{0x0386, 0x0386, prALetter},                // L&       GREEK CAPITAL LETTER ALPHA WITH TONOS
+	{0x0387, 0x0387, prMidLetter},              // Po       GREEK ANO TELEIA
+	{0x0388, 0x038A, prALetter},                // L&   [3] GREEK CAPITAL LETTER EPSILON WITH TONOS..GREEK CAPITAL LETTER IOTA WITH TONOS
+	{0x038C, 0x038C, prALetter},                // L&       GREEK CAPITAL LETTER OMICRON WITH TONOS
+	{0x038E, 0x03A1, prALetter},                // L&  [20] GREEK CAPITAL LETTER UPSILON WITH TONOS..GREEK CAPITAL LETTER RHO
+	{0x03A3, 0x03F5, prALetter},                // L&  [83] GREEK CAPITAL LETTER SIGMA..GREEK LUNATE EPSILON SYMBOL
+	{0x03F7, 0x0481, prALetter},                // L& [139] GREEK CAPITAL LETTER SHO..CYRILLIC SMALL LETTER KOPPA
+	{0x0483, 0x0487, prExtend},                 // Mn   [5] COMBINING CYRILLIC TITLO..COMBINING CYRILLIC POKRYTIE
+	{0x0488, 0x0489, prExtend},                 // Me   [2] COMBINING CYRILLIC HUNDRED THOUSANDS SIGN..COMBINING CYRILLIC MILLIONS SIGN
+	{0x048A, 0x052F, prALetter},                // L& [166] CYRILLIC CAPITAL LETTER SHORT I WITH TAIL..CYRILLIC SMALL LETTER EL WITH DESCENDER
+	{0x0531, 0x0556, prALetter},                // L&  [38] ARMENIAN CAPITAL LETTER AYB..ARMENIAN CAPITAL LETTER FEH
+	{0x0559, 0x0559, prALetter},                // Lm       ARMENIAN MODIFIER LETTER LEFT HALF RING
+	{0x055A, 0x055C, prALetter},                // Po   [3] ARMENIAN APOSTROPHE..ARMENIAN EXCLAMATION MARK
+	{0x055E, 0x055E, prALetter},                // Po       ARMENIAN QUESTION MARK
+	{0x055F, 0x055F, prMidLetter},              // Po       ARMENIAN ABBREVIATION MARK
+	{0x0560, 0x0588, prALetter},                // L&  [41] ARMENIAN SMALL LETTER TURNED AYB..ARMENIAN SMALL LETTER YI WITH STROKE
+	{0x0589, 0x0589, prMidNum},                 // Po       ARMENIAN FULL STOP
+	{0x058A, 0x058A, prALetter},                // Pd       ARMENIAN HYPHEN
+	{0x0591, 0x05BD, prExtend},                 // Mn  [45] HEBREW ACCENT ETNAHTA..HEBREW POINT METEG
+	{0x05BF, 0x05BF, prExtend},                 // Mn       HEBREW POINT RAFE
+	{0x05C1, 0x05C2, prExtend},                 // Mn   [2] HEBREW POINT SHIN DOT..HEBREW POINT SIN DOT
+	{0x05C4, 0x05C5, prExtend},                 // Mn   [2] HEBREW MARK UPPER DOT..HEBREW MARK LOWER DOT
+	{0x05C7, 0x05C7, prExtend},                 // Mn       HEBREW POINT QAMATS QATAN
+	{0x05D0, 0x05EA, prHebrewLetter},           // Lo  [27] HEBREW LETTER ALEF..HEBREW LETTER TAV
+	{0x05EF, 0x05F2, prHebrewLetter},           // Lo   [4] HEBREW YOD TRIANGLE..HEBREW LIGATURE YIDDISH DOUBLE YOD
+	{0x05F3, 0x05F3, prALetter},                // Po       HEBREW PUNCTUATION GERESH
+	{0x05F4, 0x05F4, prMidLetter},              // Po       HEBREW PUNCTUATION GERSHAYIM
+	{0x0600, 0x0605, prFormat},                 // Cf   [6] ARABIC NUMBER SIGN..ARABIC NUMBER MARK ABOVE
+	{0x060C, 0x060D, prMidNum},                 // Po   [2] ARABIC COMMA..ARABIC DATE SEPARATOR
+	{0x0610, 0x061A, prExtend},                 // Mn  [11] ARABIC SIGN SALLALLAHOU ALAYHE WASSALLAM..ARABIC SMALL KASRA
+	{0x061C, 0x061C, prFormat},                 // Cf       ARABIC LETTER MARK
+	{0x0620, 0x063F, prALetter},                // Lo  [32] ARABIC LETTER KASHMIRI YEH..ARABIC LETTER FARSI YEH WITH THREE DOTS ABOVE
+	{0x0640, 0x0640, prALetter},                // Lm       ARABIC TATWEEL
+	{0x0641, 0x064A, prALetter},                // Lo  [10] ARABIC LETTER FEH..ARABIC LETTER YEH
+	{0x064B, 0x065F, prExtend},                 // Mn  [21] ARABIC FATHATAN..ARABIC WAVY HAMZA BELOW
+	{0x0660, 0x0669, prNumeric},                // Nd  [10] ARABIC-INDIC DIGIT ZERO..ARABIC-INDIC DIGIT NINE
+	{0x066B, 0x066B, prNumeric},                // Po       ARABIC DECIMAL SEPARATOR
+	{0x066C, 0x066C, prMidNum},                 // Po       ARABIC THOUSANDS SEPARATOR
+	{0x066E, 0x066F, prALetter},                // Lo   [2] ARABIC LETTER DOTLESS BEH..ARABIC LETTER DOTLESS QAF
+	{0x0670, 0x0670, prExtend},                 // Mn       ARABIC LETTER SUPERSCRIPT ALEF
+	{0x0671, 0x06D3, prALetter},                // Lo  [99] ARABIC LETTER ALEF WASLA..ARABIC LETTER YEH BARREE WITH HAMZA ABOVE
+	{0x06D5, 0x06D5, prALetter},                // Lo       ARABIC LETTER AE
+	{0x06D6, 0x06DC, prExtend},                 // Mn   [7] ARABIC SMALL HIGH LIGATURE SAD WITH LAM WITH ALEF MAKSURA..ARABIC SMALL HIGH SEEN
+	{0x06DD, 0x06DD, prFormat},                 // Cf       ARABIC END OF AYAH
+	{0x06DF, 0x06E4, prExtend},                 // Mn   [6] ARABIC SMALL HIGH ROUNDED ZERO..ARABIC SMALL HIGH MADDA
+	{0x06E5, 0x06E6, prALetter},                // Lm   [2] ARABIC SMALL WAW..ARABIC SMALL YEH
+	{0x06E7, 0x06E8, prExtend},                 // Mn   [2] ARABIC SMALL HIGH YEH..ARABIC SMALL HIGH NOON
+	{0x06EA, 0x06ED, prExtend},                 // Mn   [4] ARABIC EMPTY CENTRE LOW STOP..ARABIC SMALL LOW MEEM
+	{0x06EE, 0x06EF, prALetter},                // Lo   [2] ARABIC LETTER DAL WITH INVERTED V..ARABIC LETTER REH WITH INVERTED V
+	{0x06F0, 0x06F9, prNumeric},                // Nd  [10] EXTENDED ARABIC-INDIC DIGIT ZERO..EXTENDED ARABIC-INDIC DIGIT NINE
+	{0x06FA, 0x06FC, prALetter},                // Lo   [3] ARABIC LETTER SHEEN WITH DOT BELOW..ARABIC LETTER GHAIN WITH DOT BELOW
+	{0x06FF, 0x06FF, prALetter},                // Lo       ARABIC LETTER HEH WITH INVERTED V
+	{0x070F, 0x070F, prFormat},                 // Cf       SYRIAC ABBREVIATION MARK
+	{0x0710, 0x0710, prALetter},                // Lo       SYRIAC LETTER ALAPH
+	{0x0711, 0x0711, prExtend},                 // Mn       SYRIAC LETTER SUPERSCRIPT ALAPH
+	{0x0712, 0x072F, prALetter},                // Lo  [30] SYRIAC LETTER BETH..SYRIAC LETTER PERSIAN DHALATH
+	{0x0730, 0x074A, prExtend},                 // Mn  [27] SYRIAC PTHAHA ABOVE..SYRIAC BARREKH
+	{0x074D, 0x07A5, prALetter},                // Lo  [89] SYRIAC LETTER SOGDIAN ZHAIN..THAANA LETTER WAAVU
+	{0x07A6, 0x07B0, prExtend},                 // Mn  [11] THAANA ABAFILI..THAANA SUKUN
+	{0x07B1, 0x07B1, prALetter},                // Lo       THAANA LETTER NAA
+	{0x07C0, 0x07C9, prNumeric},                // Nd  [10] NKO DIGIT ZERO..NKO DIGIT NINE
+	{0x07CA, 0x07EA, prALetter},                // Lo  [33] NKO LETTER A..NKO LETTER JONA RA
+	{0x07EB, 0x07F3, prExtend},                 // Mn   [9] NKO COMBINING SHORT HIGH TONE..NKO COMBINING DOUBLE DOT ABOVE
+	{0x07F4, 0x07F5, prALetter},                // Lm   [2] NKO HIGH TONE APOSTROPHE..NKO LOW TONE APOSTROPHE
+	{0x07F8, 0x07F8, prMidNum},                 // Po       NKO COMMA
+	{0x07FA, 0x07FA, prALetter},                // Lm       NKO LAJANYALAN
+	{0x07FD, 0x07FD, prExtend},                 // Mn       NKO DANTAYALAN
+	{0x0800, 0x0815, prALetter},                // Lo  [22] SAMARITAN LETTER ALAF..SAMARITAN LETTER TAAF
+	{0x0816, 0x0819, prExtend},                 // Mn   [4] SAMARITAN MARK IN..SAMARITAN MARK DAGESH
+	{0x081A, 0x081A, prALetter},                // Lm       SAMARITAN MODIFIER LETTER EPENTHETIC YUT
+	{0x081B, 0x0823, prExtend},                 // Mn   [9] SAMARITAN MARK EPENTHETIC YUT..SAMARITAN VOWEL SIGN A
+	{0x0824, 0x0824, prALetter},                // Lm       SAMARITAN MODIFIER LETTER SHORT A
+	{0x0825, 0x0827, prExtend},                 // Mn   [3] SAMARITAN VOWEL SIGN SHORT A..SAMARITAN VOWEL SIGN U
+	{0x0828, 0x0828, prALetter},                // Lm       SAMARITAN MODIFIER LETTER I
+	{0x0829, 0x082D, prExtend},                 // Mn   [5] SAMARITAN VOWEL SIGN LONG I..SAMARITAN MARK NEQUDAA
+	{0x0840, 0x0858, prALetter},                // Lo  [25] MANDAIC LETTER HALQA..MANDAIC LETTER AIN
+	{0x0859, 0x085B, prExtend},                 // Mn   [3] MANDAIC AFFRICATION MARK..MANDAIC GEMINATION MARK
+	{0x0860, 0x086A, prALetter},                // Lo  [11] SYRIAC LETTER MALAYALAM NGA..SYRIAC LETTER MALAYALAM SSA
+	{0x0870, 0x0887, prALetter},                // Lo  [24] ARABIC LETTER ALEF WITH ATTACHED FATHA..ARABIC BASELINE ROUND DOT
+	{0x0889, 0x088E, prALetter},                // Lo   [6] ARABIC LETTER NOON WITH INVERTED SMALL V..ARABIC VERTICAL TAIL
+	{0x0890, 0x0891, prFormat},                 // Cf   [2] ARABIC POUND MARK ABOVE..ARABIC PIASTRE MARK ABOVE
+	{0x0898, 0x089F, prExtend},                 // Mn   [8] ARABIC SMALL HIGH WORD AL-JUZ..ARABIC HALF MADDA OVER MADDA
+	{0x08A0, 0x08C8, prALetter},                // Lo  [41] ARABIC LETTER BEH WITH SMALL V BELOW..ARABIC LETTER GRAF
+	{0x08C9, 0x08C9, prALetter},                // Lm       ARABIC SMALL FARSI YEH
+	{0x08CA, 0x08E1, prExtend},                 // Mn  [24] ARABIC SMALL HIGH FARSI YEH..ARABIC SMALL HIGH SIGN SAFHA
+	{0x08E2, 0x08E2, prFormat},                 // Cf       ARABIC DISPUTED END OF AYAH
+	{0x08E3, 0x0902, prExtend},                 // Mn  [32] ARABIC TURNED DAMMA BELOW..DEVANAGARI SIGN ANUSVARA
+	{0x0903, 0x0903, prExtend},                 // Mc       DEVANAGARI SIGN VISARGA
+	{0x0904, 0x0939, prALetter},                // Lo  [54] DEVANAGARI LETTER SHORT A..DEVANAGARI LETTER HA
+	{0x093A, 0x093A, prExtend},                 // Mn       DEVANAGARI VOWEL SIGN OE
+	{0x093B, 0x093B, prExtend},                 // Mc       DEVANAGARI VOWEL SIGN OOE
+	{0x093C, 0x093C, prExtend},                 // Mn       DEVANAGARI SIGN NUKTA
+	{0x093D, 0x093D, prALetter},                // Lo       DEVANAGARI SIGN AVAGRAHA
+	{0x093E, 0x0940, prExtend},                 // Mc   [3] DEVANAGARI VOWEL SIGN AA..DEVANAGARI VOWEL SIGN II
+	{0x0941, 0x0948, prExtend},                 // Mn   [8] DEVANAGARI VOWEL SIGN U..DEVANAGARI VOWEL SIGN AI
+	{0x0949, 0x094C, prExtend},                 // Mc   [4] DEVANAGARI VOWEL SIGN CANDRA O..DEVANAGARI VOWEL SIGN AU
+	{0x094D, 0x094D, prExtend},                 // Mn       DEVANAGARI SIGN VIRAMA
+	{0x094E, 0x094F, prExtend},                 // Mc   [2] DEVANAGARI VOWEL SIGN PRISHTHAMATRA E..DEVANAGARI VOWEL SIGN AW
+	{0x0950, 0x0950, prALetter},                // Lo       DEVANAGARI OM
+	{0x0951, 0x0957, prExtend},                 // Mn   [7] DEVANAGARI STRESS SIGN UDATTA..DEVANAGARI VOWEL SIGN UUE
+	{0x0958, 0x0961, prALetter},                // Lo  [10] DEVANAGARI LETTER QA..DEVANAGARI LETTER VOCALIC LL
+	{0x0962, 0x0963, prExtend},                 // Mn   [2] DEVANAGARI VOWEL SIGN VOCALIC L..DEVANAGARI VOWEL SIGN VOCALIC LL
+	{0x0966, 0x096F, prNumeric},                // Nd  [10] DEVANAGARI DIGIT ZERO..DEVANAGARI DIGIT NINE
+	{0x0971, 0x0971, prALetter},                // Lm       DEVANAGARI SIGN HIGH SPACING DOT
+	{0x0972, 0x0980, prALetter},                // Lo  [15] DEVANAGARI LETTER CANDRA A..BENGALI ANJI
+	{0x0981, 0x0981, prExtend},                 // Mn       BENGALI SIGN CANDRABINDU
+	{0x0982, 0x0983, prExtend},                 // Mc   [2] BENGALI SIGN ANUSVARA..BENGALI SIGN VISARGA
+	{0x0985, 0x098C, prALetter},                // Lo   [8] BENGALI LETTER A..BENGALI LETTER VOCALIC L
+	{0x098F, 0x0990, prALetter},                // Lo   [2] BENGALI LETTER E..BENGALI LETTER AI
+	{0x0993, 0x09A8, prALetter},                // Lo  [22] BENGALI LETTER O..BENGALI LETTER NA
+	{0x09AA, 0x09B0, prALetter},                // Lo   [7] BENGALI LETTER PA..BENGALI LETTER RA
+	{0x09B2, 0x09B2, prALetter},                // Lo       BENGALI LETTER LA
+	{0x09B6, 0x09B9, prALetter},                // Lo   [4] BENGALI LETTER SHA..BENGALI LETTER HA
+	{0x09BC, 0x09BC, prExtend},                 // Mn       BENGALI SIGN NUKTA
+	{0x09BD, 0x09BD, prALetter},                // Lo       BENGALI SIGN AVAGRAHA
+	{0x09BE, 0x09C0, prExtend},                 // Mc   [3] BENGALI VOWEL SIGN AA..BENGALI VOWEL SIGN II
+	{0x09C1, 0x09C4, prExtend},                 // Mn   [4] BENGALI VOWEL SIGN U..BENGALI VOWEL SIGN VOCALIC RR
+	{0x09C7, 0x09C8, prExtend},                 // Mc   [2] BENGALI VOWEL SIGN E..BENGALI VOWEL SIGN AI
+	{0x09CB, 0x09CC, prExtend},                 // Mc   [2] BENGALI VOWEL SIGN O..BENGALI VOWEL SIGN AU
+	{0x09CD, 0x09CD, prExtend},                 // Mn       BENGALI SIGN VIRAMA
+	{0x09CE, 0x09CE, prALetter},                // Lo       BENGALI LETTER KHANDA TA
+	{0x09D7, 0x09D7, prExtend},                 // Mc       BENGALI AU LENGTH MARK
+	{0x09DC, 0x09DD, prALetter},                // Lo   [2] BENGALI LETTER RRA..BENGALI LETTER RHA
+	{0x09DF, 0x09E1, prALetter},                // Lo   [3] BENGALI LETTER YYA..BENGALI LETTER VOCALIC LL
+	{0x09E2, 0x09E3, prExtend},                 // Mn   [2] BENGALI VOWEL SIGN VOCALIC L..BENGALI VOWEL SIGN VOCALIC LL
+	{0x09E6, 0x09EF, prNumeric},                // Nd  [10] BENGALI DIGIT ZERO..BENGALI DIGIT NINE
+	{0x09F0, 0x09F1, prALetter},                // Lo   [2] BENGALI LETTER RA WITH MIDDLE DIAGONAL..BENGALI LETTER RA WITH LOWER DIAGONAL
+	{0x09FC, 0x09FC, prALetter},                // Lo       BENGALI LETTER VEDIC ANUSVARA
+	{0x09FE, 0x09FE, prExtend},                 // Mn       BENGALI SANDHI MARK
+	{0x0A01, 0x0A02, prExtend},                 // Mn   [2] GURMUKHI SIGN ADAK BINDI..GURMUKHI SIGN BINDI
+	{0x0A03, 0x0A03, prExtend},                 // Mc       GURMUKHI SIGN VISARGA
+	{0x0A05, 0x0A0A, prALetter},                // Lo   [6] GURMUKHI LETTER A..GURMUKHI LETTER UU
+	{0x0A0F, 0x0A10, prALetter},                // Lo   [2] GURMUKHI LETTER EE..GURMUKHI LETTER AI
+	{0x0A13, 0x0A28, prALetter},                // Lo  [22] GURMUKHI LETTER OO..GURMUKHI LETTER NA
+	{0x0A2A, 0x0A30, prALetter},                // Lo   [7] GURMUKHI LETTER PA..GURMUKHI LETTER RA
+	{0x0A32, 0x0A33, prALetter},                // Lo   [2] GURMUKHI LETTER LA..GURMUKHI LETTER LLA
+	{0x0A35, 0x0A36, prALetter},                // Lo   [2] GURMUKHI LETTER VA..GURMUKHI LETTER SHA
+	{0x0A38, 0x0A39, prALetter},                // Lo   [2] GURMUKHI LETTER SA..GURMUKHI LETTER HA
+	{0x0A3C, 0x0A3C, prExtend},                 // Mn       GURMUKHI SIGN NUKTA
+	{0x0A3E, 0x0A40, prExtend},                 // Mc   [3] GURMUKHI VOWEL SIGN AA..GURMUKHI VOWEL SIGN II
+	{0x0A41, 0x0A42, prExtend},                 // Mn   [2] GURMUKHI VOWEL SIGN U..GURMUKHI VOWEL SIGN UU
+	{0x0A47, 0x0A48, prExtend},                 // Mn   [2] GURMUKHI VOWEL SIGN EE..GURMUKHI VOWEL SIGN AI
+	{0x0A4B, 0x0A4D, prExtend},                 // Mn   [3] GURMUKHI VOWEL SIGN OO..GURMUKHI SIGN VIRAMA
+	{0x0A51, 0x0A51, prExtend},                 // Mn       GURMUKHI SIGN UDAAT
+	{0x0A59, 0x0A5C, prALetter},                // Lo   [4] GURMUKHI LETTER KHHA..GURMUKHI LETTER RRA
+	{0x0A5E, 0x0A5E, prALetter},                // Lo       GURMUKHI LETTER FA
+	{0x0A66, 0x0A6F, prNumeric},                // Nd  [10] GURMUKHI DIGIT ZERO..GURMUKHI DIGIT NINE
+	{0x0A70, 0x0A71, prExtend},                 // Mn   [2] GURMUKHI TIPPI..GURMUKHI ADDAK
+	{0x0A72, 0x0A74, prALetter},                // Lo   [3] GURMUKHI IRI..GURMUKHI EK ONKAR
+	{0x0A75, 0x0A75, prExtend},                 // Mn       GURMUKHI SIGN YAKASH
+	{0x0A81, 0x0A82, prExtend},                 // Mn   [2] GUJARATI SIGN CANDRABINDU..GUJARATI SIGN ANUSVARA
+	{0x0A83, 0x0A83, prExtend},                 // Mc       GUJARATI SIGN VISARGA
+	{0x0A85, 0x0A8D, prALetter},                // Lo   [9] GUJARATI LETTER A..GUJARATI VOWEL CANDRA E
+	{0x0A8F, 0x0A91, prALetter},                // Lo   [3] GUJARATI LETTER E..GUJARATI VOWEL CANDRA O
+	{0x0A93, 0x0AA8, prALetter},                // Lo  [22] GUJARATI LETTER O..GUJARATI LETTER NA
+	{0x0AAA, 0x0AB0, prALetter},                // Lo   [7] GUJARATI LETTER PA..GUJARATI LETTER RA
+	{0x0AB2, 0x0AB3, prALetter},                // Lo   [2] GUJARATI LETTER LA..GUJARATI LETTER LLA
+	{0x0AB5, 0x0AB9, prALetter},                // Lo   [5] GUJARATI LETTER VA..GUJARATI LETTER HA
+	{0x0ABC, 0x0ABC, prExtend},                 // Mn       GUJARATI SIGN NUKTA
+	{0x0ABD, 0x0ABD, prALetter},                // Lo       GUJARATI SIGN AVAGRAHA
+	{0x0ABE, 0x0AC0, prExtend},                 // Mc   [3] GUJARATI VOWEL SIGN AA..GUJARATI VOWEL SIGN II
+	{0x0AC1, 0x0AC5, prExtend},                 // Mn   [5] GUJARATI VOWEL SIGN U..GUJARATI VOWEL SIGN CANDRA E
+	{0x0AC7, 0x0AC8, prExtend},                 // Mn   [2] GUJARATI VOWEL SIGN E..GUJARATI VOWEL SIGN AI
+	{0x0AC9, 0x0AC9, prExtend},                 // Mc       GUJARATI VOWEL SIGN CANDRA O
+	{0x0ACB, 0x0ACC, prExtend},                 // Mc   [2] GUJARATI VOWEL SIGN O..GUJARATI VOWEL SIGN AU
+	{0x0ACD, 0x0ACD, prExtend},                 // Mn       GUJARATI SIGN VIRAMA
+	{0x0AD0, 0x0AD0, prALetter},                // Lo       GUJARATI OM
+	{0x0AE0, 0x0AE1, prALetter},                // Lo   [2] GUJARATI LETTER VOCALIC RR..GUJARATI LETTER VOCALIC LL
+	{0x0AE2, 0x0AE3, prExtend},                 // Mn   [2] GUJARATI VOWEL SIGN VOCALIC L..GUJARATI VOWEL SIGN VOCALIC LL
+	{0x0AE6, 0x0AEF, prNumeric},                // Nd  [10] GUJARATI DIGIT ZERO..GUJARATI DIGIT NINE
+	{0x0AF9, 0x0AF9, prALetter},                // Lo       GUJARATI LETTER ZHA
+	{0x0AFA, 0x0AFF, prExtend},                 // Mn   [6] GUJARATI SIGN SUKUN..GUJARATI SIGN TWO-CIRCLE NUKTA ABOVE
+	{0x0B01, 0x0B01, prExtend},                 // Mn       ORIYA SIGN CANDRABINDU
+	{0x0B02, 0x0B03, prExtend},                 // Mc   [2] ORIYA SIGN ANUSVARA..ORIYA SIGN VISARGA
+	{0x0B05, 0x0B0C, prALetter},                // Lo   [8] ORIYA LETTER A..ORIYA LETTER VOCALIC L
+	{0x0B0F, 0x0B10, prALetter},                // Lo   [2] ORIYA LETTER E..ORIYA LETTER AI
+	{0x0B13, 0x0B28, prALetter},                // Lo  [22] ORIYA LETTER O..ORIYA LETTER NA
+	{0x0B2A, 0x0B30, prALetter},                // Lo   [7] ORIYA LETTER PA..ORIYA LETTER RA
+	{0x0B32, 0x0B33, prALetter},                // Lo   [2] ORIYA LETTER LA..ORIYA LETTER LLA
+	{0x0B35, 0x0B39, prALetter},                // Lo   [5] ORIYA LETTER VA..ORIYA LETTER HA
+	{0x0B3C, 0x0B3C, prExtend},                 // Mn       ORIYA SIGN NUKTA
+	{0x0B3D, 0x0B3D, prALetter},                // Lo       ORIYA SIGN AVAGRAHA
+	{0x0B3E, 0x0B3E, prExtend},                 // Mc       ORIYA VOWEL SIGN AA
+	{0x0B3F, 0x0B3F, prExtend},                 // Mn       ORIYA VOWEL SIGN I
+	{0x0B40, 0x0B40, prExtend},                 // Mc       ORIYA VOWEL SIGN II
+	{0x0B41, 0x0B44, prExtend},                 // Mn   [4] ORIYA VOWEL SIGN U..ORIYA VOWEL SIGN VOCALIC RR
+	{0x0B47, 0x0B48, prExtend},                 // Mc   [2] ORIYA VOWEL SIGN E..ORIYA VOWEL SIGN AI
+	{0x0B4B, 0x0B4C, prExtend},                 // Mc   [2] ORIYA VOWEL SIGN O..ORIYA VOWEL SIGN AU
+	{0x0B4D, 0x0B4D, prExtend},                 // Mn       ORIYA SIGN VIRAMA
+	{0x0B55, 0x0B56, prExtend},                 // Mn   [2] ORIYA SIGN OVERLINE..ORIYA AI LENGTH MARK
+	{0x0B57, 0x0B57, prExtend},                 // Mc       ORIYA AU LENGTH MARK
+	{0x0B5C, 0x0B5D, prALetter},                // Lo   [2] ORIYA LETTER RRA..ORIYA LETTER RHA
+	{0x0B5F, 0x0B61, prALetter},                // Lo   [3] ORIYA LETTER YYA..ORIYA LETTER VOCALIC LL
+	{0x0B62, 0x0B63, prExtend},                 // Mn   [2] ORIYA VOWEL SIGN VOCALIC L..ORIYA VOWEL SIGN VOCALIC LL
+	{0x0B66, 0x0B6F, prNumeric},                // Nd  [10] ORIYA DIGIT ZERO..ORIYA DIGIT NINE
+	{0x0B71, 0x0B71, prALetter},                // Lo       ORIYA LETTER WA
+	{0x0B82, 0x0B82, prExtend},                 // Mn       TAMIL SIGN ANUSVARA
+	{0x0B83, 0x0B83, prALetter},                // Lo       TAMIL SIGN VISARGA
+	{0x0B85, 0x0B8A, prALetter},                // Lo   [6] TAMIL LETTER A..TAMIL LETTER UU
+	{0x0B8E, 0x0B90, prALetter},                // Lo   [3] TAMIL LETTER E..TAMIL LETTER AI
+	{0x0B92, 0x0B95, prALetter},                // Lo   [4] TAMIL LETTER O..TAMIL LETTER KA
+	{0x0B99, 0x0B9A, prALetter},                // Lo   [2] TAMIL LETTER NGA..TAMIL LETTER CA
+	{0x0B9C, 0x0B9C, prALetter},                // Lo       TAMIL LETTER JA
+	{0x0B9E, 0x0B9F, prALetter},                // Lo   [2] TAMIL LETTER NYA..TAMIL LETTER TTA
+	{0x0BA3, 0x0BA4, prALetter},                // Lo   [2] TAMIL LETTER NNA..TAMIL LETTER TA
+	{0x0BA8, 0x0BAA, prALetter},                // Lo   [3] TAMIL LETTER NA..TAMIL LETTER PA
+	{0x0BAE, 0x0BB9, prALetter},                // Lo  [12] TAMIL LETTER MA..TAMIL LETTER HA
+	{0x0BBE, 0x0BBF, prExtend},                 // Mc   [2] TAMIL VOWEL SIGN AA..TAMIL VOWEL SIGN I
+	{0x0BC0, 0x0BC0, prExtend},                 // Mn       TAMIL VOWEL SIGN II
+	{0x0BC1, 0x0BC2, prExtend},                 // Mc   [2] TAMIL VOWEL SIGN U..TAMIL VOWEL SIGN UU
+	{0x0BC6, 0x0BC8, prExtend},                 // Mc   [3] TAMIL VOWEL SIGN E..TAMIL VOWEL SIGN AI
+	{0x0BCA, 0x0BCC, prExtend},                 // Mc   [3] TAMIL VOWEL SIGN O..TAMIL VOWEL SIGN AU
+	{0x0BCD, 0x0BCD, prExtend},                 // Mn       TAMIL SIGN VIRAMA
+	{0x0BD0, 0x0BD0, prALetter},                // Lo       TAMIL OM
+	{0x0BD7, 0x0BD7, prExtend},                 // Mc       TAMIL AU LENGTH MARK
+	{0x0BE6, 0x0BEF, prNumeric},                // Nd  [10] TAMIL DIGIT ZERO..TAMIL DIGIT NINE
+	{0x0C00, 0x0C00, prExtend},                 // Mn       TELUGU SIGN COMBINING CANDRABINDU ABOVE
+	{0x0C01, 0x0C03, prExtend},                 // Mc   [3] TELUGU SIGN CANDRABINDU..TELUGU SIGN VISARGA
+	{0x0C04, 0x0C04, prExtend},                 // Mn       TELUGU SIGN COMBINING ANUSVARA ABOVE
+	{0x0C05, 0x0C0C, prALetter},                // Lo   [8] TELUGU LETTER A..TELUGU LETTER VOCALIC L
+	{0x0C0E, 0x0C10, prALetter},                // Lo   [3] TELUGU LETTER E..TELUGU LETTER AI
+	{0x0C12, 0x0C28, prALetter},                // Lo  [23] TELUGU LETTER O..TELUGU LETTER NA
+	{0x0C2A, 0x0C39, prALetter},                // Lo  [16] TELUGU LETTER PA..TELUGU LETTER HA
+	{0x0C3C, 0x0C3C, prExtend},                 // Mn       TELUGU SIGN NUKTA
+	{0x0C3D, 0x0C3D, prALetter},                // Lo       TELUGU SIGN AVAGRAHA
+	{0x0C3E, 0x0C40, prExtend},                 // Mn   [3] TELUGU VOWEL SIGN AA..TELUGU VOWEL SIGN II
+	{0x0C41, 0x0C44, prExtend},                 // Mc   [4] TELUGU VOWEL SIGN U..TELUGU VOWEL SIGN VOCALIC RR
+	{0x0C46, 0x0C48, prExtend},                 // Mn   [3] TELUGU VOWEL SIGN E..TELUGU VOWEL SIGN AI
+	{0x0C4A, 0x0C4D, prExtend},                 // Mn   [4] TELUGU VOWEL SIGN O..TELUGU SIGN VIRAMA
+	{0x0C55, 0x0C56, prExtend},                 // Mn   [2] TELUGU LENGTH MARK..TELUGU AI LENGTH MARK
+	{0x0C58, 0x0C5A, prALetter},                // Lo   [3] TELUGU LETTER TSA..TELUGU LETTER RRRA
+	{0x0C5D, 0x0C5D, prALetter},                // Lo       TELUGU LETTER NAKAARA POLLU
+	{0x0C60, 0x0C61, prALetter},                // Lo   [2] TELUGU LETTER VOCALIC RR..TELUGU LETTER VOCALIC LL
+	{0x0C62, 0x0C63, prExtend},                 // Mn   [2] TELUGU VOWEL SIGN VOCALIC L..TELUGU VOWEL SIGN VOCALIC LL
+	{0x0C66, 0x0C6F, prNumeric},                // Nd  [10] TELUGU DIGIT ZERO..TELUGU DIGIT NINE
+	{0x0C80, 0x0C80, prALetter},                // Lo       KANNADA SIGN SPACING CANDRABINDU
+	{0x0C81, 0x0C81, prExtend},                 // Mn       KANNADA SIGN CANDRABINDU
+	{0x0C82, 0x0C83, prExtend},                 // Mc   [2] KANNADA SIGN ANUSVARA..KANNADA SIGN VISARGA
+	{0x0C85, 0x0C8C, prALetter},                // Lo   [8] KANNADA LETTER A..KANNADA LETTER VOCALIC L
+	{0x0C8E, 0x0C90, prALetter},                // Lo   [3] KANNADA LETTER E..KANNADA LETTER AI
+	{0x0C92, 0x0CA8, prALetter},                // Lo  [23] KANNADA LETTER O..KANNADA LETTER NA
+	{0x0CAA, 0x0CB3, prALetter},                // Lo  [10] KANNADA LETTER PA..KANNADA LETTER LLA
+	{0x0CB5, 0x0CB9, prALetter},                // Lo   [5] KANNADA LETTER VA..KANNADA LETTER HA
+	{0x0CBC, 0x0CBC, prExtend},                 // Mn       KANNADA SIGN NUKTA
+	{0x0CBD, 0x0CBD, prALetter},                // Lo       KANNADA SIGN AVAGRAHA
+	{0x0CBE, 0x0CBE, prExtend},                 // Mc       KANNADA VOWEL SIGN AA
+	{0x0CBF, 0x0CBF, prExtend},                 // Mn       KANNADA VOWEL SIGN I
+	{0x0CC0, 0x0CC4, prExtend},                 // Mc   [5] KANNADA VOWEL SIGN II..KANNADA VOWEL SIGN VOCALIC RR
+	{0x0CC6, 0x0CC6, prExtend},                 // Mn       KANNADA VOWEL SIGN E
+	{0x0CC7, 0x0CC8, prExtend},                 // Mc   [2] KANNADA VOWEL SIGN EE..KANNADA VOWEL SIGN AI
+	{0x0CCA, 0x0CCB, prExtend},                 // Mc   [2] KANNADA VOWEL SIGN O..KANNADA VOWEL SIGN OO
+	{0x0CCC, 0x0CCD, prExtend},                 // Mn   [2] KANNADA VOWEL SIGN AU..KANNADA SIGN VIRAMA
+	{0x0CD5, 0x0CD6, prExtend},                 // Mc   [2] KANNADA LENGTH MARK..KANNADA AI LENGTH MARK
+	{0x0CDD, 0x0CDE, prALetter},                // Lo   [2] KANNADA LETTER NAKAARA POLLU..KANNADA LETTER FA
+	{0x0CE0, 0x0CE1, prALetter},                // Lo   [2] KANNADA LETTER VOCALIC RR..KANNADA LETTER VOCALIC LL
+	{0x0CE2, 0x0CE3, prExtend},                 // Mn   [2] KANNADA VOWEL SIGN VOCALIC L..KANNADA VOWEL SIGN VOCALIC LL
+	{0x0CE6, 0x0CEF, prNumeric},                // Nd  [10] KANNADA DIGIT ZERO..KANNADA DIGIT NINE
+	{0x0CF1, 0x0CF2, prALetter},                // Lo   [2] KANNADA SIGN JIHVAMULIYA..KANNADA SIGN UPADHMANIYA
+	{0x0D00, 0x0D01, prExtend},                 // Mn   [2] MALAYALAM SIGN COMBINING ANUSVARA ABOVE..MALAYALAM SIGN CANDRABINDU
+	{0x0D02, 0x0D03, prExtend},                 // Mc   [2] MALAYALAM SIGN ANUSVARA..MALAYALAM SIGN VISARGA
+	{0x0D04, 0x0D0C, prALetter},                // Lo   [9] MALAYALAM LETTER VEDIC ANUSVARA..MALAYALAM LETTER VOCALIC L
+	{0x0D0E, 0x0D10, prALetter},                // Lo   [3] MALAYALAM LETTER E..MALAYALAM LETTER AI
+	{0x0D12, 0x0D3A, prALetter},                // Lo  [41] MALAYALAM LETTER O..MALAYALAM LETTER TTTA
+	{0x0D3B, 0x0D3C, prExtend},                 // Mn   [2] MALAYALAM SIGN VERTICAL BAR VIRAMA..MALAYALAM SIGN CIRCULAR VIRAMA
+	{0x0D3D, 0x0D3D, prALetter},                // Lo       MALAYALAM SIGN AVAGRAHA
+	{0x0D3E, 0x0D40, prExtend},                 // Mc   [3] MALAYALAM VOWEL SIGN AA..MALAYALAM VOWEL SIGN II
+	{0x0D41, 0x0D44, prExtend},                 // Mn   [4] MALAYALAM VOWEL SIGN U..MALAYALAM VOWEL SIGN VOCALIC RR
+	{0x0D46, 0x0D48, prExtend},                 // Mc   [3] MALAYALAM VOWEL SIGN E..MALAYALAM VOWEL SIGN AI
+	{0x0D4A, 0x0D4C, prExtend},                 // Mc   [3] MALAYALAM VOWEL SIGN O..MALAYALAM VOWEL SIGN AU
+	{0x0D4D, 0x0D4D, prExtend},                 // Mn       MALAYALAM SIGN VIRAMA
+	{0x0D4E, 0x0D4E, prALetter},                // Lo       MALAYALAM LETTER DOT REPH
+	{0x0D54, 0x0D56, prALetter},                // Lo   [3] MALAYALAM LETTER CHILLU M..MALAYALAM LETTER CHILLU LLL
+	{0x0D57, 0x0D57, prExtend},                 // Mc       MALAYALAM AU LENGTH MARK
+	{0x0D5F, 0x0D61, prALetter},                // Lo   [3] MALAYALAM LETTER ARCHAIC II..MALAYALAM LETTER VOCALIC LL
+	{0x0D62, 0x0D63, prExtend},                 // Mn   [2] MALAYALAM VOWEL SIGN VOCALIC L..MALAYALAM VOWEL SIGN VOCALIC LL
+	{0x0D66, 0x0D6F, prNumeric},                // Nd  [10] MALAYALAM DIGIT ZERO..MALAYALAM DIGIT NINE
+	{0x0D7A, 0x0D7F, prALetter},                // Lo   [6] MALAYALAM LETTER CHILLU NN..MALAYALAM LETTER CHILLU K
+	{0x0D81, 0x0D81, prExtend},                 // Mn       SINHALA SIGN CANDRABINDU
+	{0x0D82, 0x0D83, prExtend},                 // Mc   [2] SINHALA SIGN ANUSVARAYA..SINHALA SIGN VISARGAYA
+	{0x0D85, 0x0D96, prALetter},                // Lo  [18] SINHALA LETTER AYANNA..SINHALA LETTER AUYANNA
+	{0x0D9A, 0x0DB1, prALetter},                // Lo  [24] SINHALA LETTER ALPAPRAANA KAYANNA..SINHALA LETTER DANTAJA NAYANNA
+	{0x0DB3, 0x0DBB, prALetter},                // Lo   [9] SINHALA LETTER SANYAKA DAYANNA..SINHALA LETTER RAYANNA
+	{0x0DBD, 0x0DBD, prALetter},                // Lo       SINHALA LETTER DANTAJA LAYANNA
+	{0x0DC0, 0x0DC6, prALetter},                // Lo   [7] SINHALA LETTER VAYANNA..SINHALA LETTER FAYANNA
+	{0x0DCA, 0x0DCA, prExtend},                 // Mn       SINHALA SIGN AL-LAKUNA
+	{0x0DCF, 0x0DD1, prExtend},                 // Mc   [3] SINHALA VOWEL SIGN AELA-PILLA..SINHALA VOWEL SIGN DIGA AEDA-PILLA
+	{0x0DD2, 0x0DD4, prExtend},                 // Mn   [3] SINHALA VOWEL SIGN KETTI IS-PILLA..SINHALA VOWEL SIGN KETTI PAA-PILLA
+	{0x0DD6, 0x0DD6, prExtend},                 // Mn       SINHALA VOWEL SIGN DIGA PAA-PILLA
+	{0x0DD8, 0x0DDF, prExtend},                 // Mc   [8] SINHALA VOWEL SIGN GAETTA-PILLA..SINHALA VOWEL SIGN GAYANUKITTA
+	{0x0DE6, 0x0DEF, prNumeric},                // Nd  [10] SINHALA LITH DIGIT ZERO..SINHALA LITH DIGIT NINE
+	{0x0DF2, 0x0DF3, prExtend},                 // Mc   [2] SINHALA VOWEL SIGN DIGA GAETTA-PILLA..SINHALA VOWEL SIGN DIGA GAYANUKITTA
+	{0x0E31, 0x0E31, prExtend},                 // Mn       THAI CHARACTER MAI HAN-AKAT
+	{0x0E34, 0x0E3A, prExtend},                 // Mn   [7] THAI CHARACTER SARA I..THAI CHARACTER PHINTHU
+	{0x0E47, 0x0E4E, prExtend},                 // Mn   [8] THAI CHARACTER MAITAIKHU..THAI CHARACTER YAMAKKAN
+	{0x0E50, 0x0E59, prNumeric},                // Nd  [10] THAI DIGIT ZERO..THAI DIGIT NINE
+	{0x0EB1, 0x0EB1, prExtend},                 // Mn       LAO VOWEL SIGN MAI KAN
+	{0x0EB4, 0x0EBC, prExtend},                 // Mn   [9] LAO VOWEL SIGN I..LAO SEMIVOWEL SIGN LO
+	{0x0EC8, 0x0ECD, prExtend},                 // Mn   [6] LAO TONE MAI EK..LAO NIGGAHITA
+	{0x0ED0, 0x0ED9, prNumeric},                // Nd  [10] LAO DIGIT ZERO..LAO DIGIT NINE
+	{0x0F00, 0x0F00, prALetter},                // Lo       TIBETAN SYLLABLE OM
+	{0x0F18, 0x0F19, prExtend},                 // Mn   [2] TIBETAN ASTROLOGICAL SIGN -KHYUD PA..TIBETAN ASTROLOGICAL SIGN SDONG TSHUGS
+	{0x0F20, 0x0F29, prNumeric},                // Nd  [10] TIBETAN DIGIT ZERO..TIBETAN DIGIT NINE
+	{0x0F35, 0x0F35, prExtend},                 // Mn       TIBETAN MARK NGAS BZUNG NYI ZLA
+	{0x0F37, 0x0F37, prExtend},                 // Mn       TIBETAN MARK NGAS BZUNG SGOR RTAGS
+	{0x0F39, 0x0F39, prExtend},                 // Mn       TIBETAN MARK TSA -PHRU
+	{0x0F3E, 0x0F3F, prExtend},                 // Mc   [2] TIBETAN SIGN YAR TSHES..TIBETAN SIGN MAR TSHES
+	{0x0F40, 0x0F47, prALetter},                // Lo   [8] TIBETAN LETTER KA..TIBETAN LETTER JA
+	{0x0F49, 0x0F6C, prALetter},                // Lo  [36] TIBETAN LETTER NYA..TIBETAN LETTER RRA
+	{0x0F71, 0x0F7E, prExtend},                 // Mn  [14] TIBETAN VOWEL SIGN AA..TIBETAN SIGN RJES SU NGA RO
+	{0x0F7F, 0x0F7F, prExtend},                 // Mc       TIBETAN SIGN RNAM BCAD
+	{0x0F80, 0x0F84, prExtend},                 // Mn   [5] TIBETAN VOWEL SIGN REVERSED I..TIBETAN MARK HALANTA
+	{0x0F86, 0x0F87, prExtend},                 // Mn   [2] TIBETAN SIGN LCI RTAGS..TIBETAN SIGN YANG RTAGS
+	{0x0F88, 0x0F8C, prALetter},                // Lo   [5] TIBETAN SIGN LCE TSA CAN..TIBETAN SIGN INVERTED MCHU CAN
+	{0x0F8D, 0x0F97, prExtend},                 // Mn  [11] TIBETAN SUBJOINED SIGN LCE TSA CAN..TIBETAN SUBJOINED LETTER JA
+	{0x0F99, 0x0FBC, prExtend},                 // Mn  [36] TIBETAN SUBJOINED LETTER NYA..TIBETAN SUBJOINED LETTER FIXED-FORM RA
+	{0x0FC6, 0x0FC6, prExtend},                 // Mn       TIBETAN SYMBOL PADMA GDAN
+	{0x102B, 0x102C, prExtend},                 // Mc   [2] MYANMAR VOWEL SIGN TALL AA..MYANMAR VOWEL SIGN AA
+	{0x102D, 0x1030, prExtend},                 // Mn   [4] MYANMAR VOWEL SIGN I..MYANMAR VOWEL SIGN UU
+	{0x1031, 0x1031, prExtend},                 // Mc       MYANMAR VOWEL SIGN E
+	{0x1032, 0x1037, prExtend},                 // Mn   [6] MYANMAR VOWEL SIGN AI..MYANMAR SIGN DOT BELOW
+	{0x1038, 0x1038, prExtend},                 // Mc       MYANMAR SIGN VISARGA
+	{0x1039, 0x103A, prExtend},                 // Mn   [2] MYANMAR SIGN VIRAMA..MYANMAR SIGN ASAT
+	{0x103B, 0x103C, prExtend},                 // Mc   [2] MYANMAR CONSONANT SIGN MEDIAL YA..MYANMAR CONSONANT SIGN MEDIAL RA
+	{0x103D, 0x103E, prExtend},                 // Mn   [2] MYANMAR CONSONANT SIGN MEDIAL WA..MYANMAR CONSONANT SIGN MEDIAL HA
+	{0x1040, 0x1049, prNumeric},                // Nd  [10] MYANMAR DIGIT ZERO..MYANMAR DIGIT NINE
+	{0x1056, 0x1057, prExtend},                 // Mc   [2] MYANMAR VOWEL SIGN VOCALIC R..MYANMAR VOWEL SIGN VOCALIC RR
+	{0x1058, 0x1059, prExtend},                 // Mn   [2] MYANMAR VOWEL SIGN VOCALIC L..MYANMAR VOWEL SIGN VOCALIC LL
+	{0x105E, 0x1060, prExtend},                 // Mn   [3] MYANMAR CONSONANT SIGN MON MEDIAL NA..MYANMAR CONSONANT SIGN MON MEDIAL LA
+	{0x1062, 0x1064, prExtend},                 // Mc   [3] MYANMAR VOWEL SIGN SGAW KAREN EU..MYANMAR TONE MARK SGAW KAREN KE PHO
+	{0x1067, 0x106D, prExtend},                 // Mc   [7] MYANMAR VOWEL SIGN WESTERN PWO KAREN EU..MYANMAR SIGN WESTERN PWO KAREN TONE-5
+	{0x1071, 0x1074, prExtend},                 // Mn   [4] MYANMAR VOWEL SIGN GEBA KAREN I..MYANMAR VOWEL SIGN KAYAH EE
+	{0x1082, 0x1082, prExtend},                 // Mn       MYANMAR CONSONANT SIGN SHAN MEDIAL WA
+	{0x1083, 0x1084, prExtend},                 // Mc   [2] MYANMAR VOWEL SIGN SHAN AA..MYANMAR VOWEL SIGN SHAN E
+	{0x1085, 0x1086, prExtend},                 // Mn   [2] MYANMAR VOWEL SIGN SHAN E ABOVE..MYANMAR VOWEL SIGN SHAN FINAL Y
+	{0x1087, 0x108C, prExtend},                 // Mc   [6] MYANMAR SIGN SHAN TONE-2..MYANMAR SIGN SHAN COUNCIL TONE-3
+	{0x108D, 0x108D, prExtend},                 // Mn       MYANMAR SIGN SHAN COUNCIL EMPHATIC TONE
+	{0x108F, 0x108F, prExtend},                 // Mc       MYANMAR SIGN RUMAI PALAUNG TONE-5
+	{0x1090, 0x1099, prNumeric},                // Nd  [10] MYANMAR SHAN DIGIT ZERO..MYANMAR SHAN DIGIT NINE
+	{0x109A, 0x109C, prExtend},                 // Mc   [3] MYANMAR SIGN KHAMTI TONE-1..MYANMAR VOWEL SIGN AITON A
+	{0x109D, 0x109D, prExtend},                 // Mn       MYANMAR VOWEL SIGN AITON AI
+	{0x10A0, 0x10C5, prALetter},                // L&  [38] GEORGIAN CAPITAL LETTER AN..GEORGIAN CAPITAL LETTER HOE
+	{0x10C7, 0x10C7, prALetter},                // L&       GEORGIAN CAPITAL LETTER YN
+	{0x10CD, 0x10CD, prALetter},                // L&       GEORGIAN CAPITAL LETTER AEN
+	{0x10D0, 0x10FA, prALetter},                // L&  [43] GEORGIAN LETTER AN..GEORGIAN LETTER AIN
+	{0x10FC, 0x10FC, prALetter},                // Lm       MODIFIER LETTER GEORGIAN NAR
+	{0x10FD, 0x10FF, prALetter},                // L&   [3] GEORGIAN LETTER AEN..GEORGIAN LETTER LABIAL SIGN
+	{0x1100, 0x1248, prALetter},                // Lo [329] HANGUL CHOSEONG KIYEOK..ETHIOPIC SYLLABLE QWA
+	{0x124A, 0x124D, prALetter},                // Lo   [4] ETHIOPIC SYLLABLE QWI..ETHIOPIC SYLLABLE QWE
+	{0x1250, 0x1256, prALetter},                // Lo   [7] ETHIOPIC SYLLABLE QHA..ETHIOPIC SYLLABLE QHO
+	{0x1258, 0x1258, prALetter},                // Lo       ETHIOPIC SYLLABLE QHWA
+	{0x125A, 0x125D, prALetter},                // Lo   [4] ETHIOPIC SYLLABLE QHWI..ETHIOPIC SYLLABLE QHWE
+	{0x1260, 0x1288, prALetter},                // Lo  [41] ETHIOPIC SYLLABLE BA..ETHIOPIC SYLLABLE XWA
+	{0x128A, 0x128D, prALetter},                // Lo   [4] ETHIOPIC SYLLABLE XWI..ETHIOPIC SYLLABLE XWE
+	{0x1290, 0x12B0, prALetter},                // Lo  [33] ETHIOPIC SYLLABLE NA..ETHIOPIC SYLLABLE KWA
+	{0x12B2, 0x12B5, prALetter},                // Lo   [4] ETHIOPIC SYLLABLE KWI..ETHIOPIC SYLLABLE KWE
+	{0x12B8, 0x12BE, prALetter},                // Lo   [7] ETHIOPIC SYLLABLE KXA..ETHIOPIC SYLLABLE KXO
+	{0x12C0, 0x12C0, prALetter},                // Lo       ETHIOPIC SYLLABLE KXWA
+	{0x12C2, 0x12C5, prALetter},                // Lo   [4] ETHIOPIC SYLLABLE KXWI..ETHIOPIC SYLLABLE KXWE
+	{0x12C8, 0x12D6, prALetter},                // Lo  [15] ETHIOPIC SYLLABLE WA..ETHIOPIC SYLLABLE PHARYNGEAL O
+	{0x12D8, 0x1310, prALetter},                // Lo  [57] ETHIOPIC SYLLABLE ZA..ETHIOPIC SYLLABLE GWA
+	{0x1312, 0x1315, prALetter},                // Lo   [4] ETHIOPIC SYLLABLE GWI..ETHIOPIC SYLLABLE GWE
+	{0x1318, 0x135A, prALetter},                // Lo  [67] ETHIOPIC SYLLABLE GGA..ETHIOPIC SYLLABLE FYA
+	{0x135D, 0x135F, prExtend},                 // Mn   [3] ETHIOPIC COMBINING GEMINATION AND VOWEL LENGTH MARK..ETHIOPIC COMBINING GEMINATION MARK
+	{0x1380, 0x138F, prALetter},                // Lo  [16] ETHIOPIC SYLLABLE SEBATBEIT MWA..ETHIOPIC SYLLABLE PWE
+	{0x13A0, 0x13F5, prALetter},                // L&  [86] CHEROKEE LETTER A..CHEROKEE LETTER MV
+	{0x13F8, 0x13FD, prALetter},                // L&   [6] CHEROKEE SMALL LETTER YE..CHEROKEE SMALL LETTER MV
+	{0x1401, 0x166C, prALetter},                // Lo [620] CANADIAN SYLLABICS E..CANADIAN SYLLABICS CARRIER TTSA
+	{0x166F, 0x167F, prALetter},                // Lo  [17] CANADIAN SYLLABICS QAI..CANADIAN SYLLABICS BLACKFOOT W
+	{0x1680, 0x1680, prWSegSpace},              // Zs       OGHAM SPACE MARK
+	{0x1681, 0x169A, prALetter},                // Lo  [26] OGHAM LETTER BEITH..OGHAM LETTER PEITH
+	{0x16A0, 0x16EA, prALetter},                // Lo  [75] RUNIC LETTER FEHU FEOH FE F..RUNIC LETTER X
+	{0x16EE, 0x16F0, prALetter},                // Nl   [3] RUNIC ARLAUG SYMBOL..RUNIC BELGTHOR SYMBOL
+	{0x16F1, 0x16F8, prALetter},                // Lo   [8] RUNIC LETTER K..RUNIC LETTER FRANKS CASKET AESC
+	{0x1700, 0x1711, prALetter},                // Lo  [18] TAGALOG LETTER A..TAGALOG LETTER HA
+	{0x1712, 0x1714, prExtend},                 // Mn   [3] TAGALOG VOWEL SIGN I..TAGALOG SIGN VIRAMA
+	{0x1715, 0x1715, prExtend},                 // Mc       TAGALOG SIGN PAMUDPOD
+	{0x171F, 0x1731, prALetter},                // Lo  [19] TAGALOG LETTER ARCHAIC RA..HANUNOO LETTER HA
+	{0x1732, 0x1733, prExtend},                 // Mn   [2] HANUNOO VOWEL SIGN I..HANUNOO VOWEL SIGN U
+	{0x1734, 0x1734, prExtend},                 // Mc       HANUNOO SIGN PAMUDPOD
+	{0x1740, 0x1751, prALetter},                // Lo  [18] BUHID LETTER A..BUHID LETTER HA
+	{0x1752, 0x1753, prExtend},                 // Mn   [2] BUHID VOWEL SIGN I..BUHID VOWEL SIGN U
+	{0x1760, 0x176C, prALetter},                // Lo  [13] TAGBANWA LETTER A..TAGBANWA LETTER YA
+	{0x176E, 0x1770, prALetter},                // Lo   [3] TAGBANWA LETTER LA..TAGBANWA LETTER SA
+	{0x1772, 0x1773, prExtend},                 // Mn   [2] TAGBANWA VOWEL SIGN I..TAGBANWA VOWEL SIGN U
+	{0x17B4, 0x17B5, prExtend},                 // Mn   [2] KHMER VOWEL INHERENT AQ..KHMER VOWEL INHERENT AA
+	{0x17B6, 0x17B6, prExtend},                 // Mc       KHMER VOWEL SIGN AA
+	{0x17B7, 0x17BD, prExtend},                 // Mn   [7] KHMER VOWEL SIGN I..KHMER VOWEL SIGN UA
+	{0x17BE, 0x17C5, prExtend},                 // Mc   [8] KHMER VOWEL SIGN OE..KHMER VOWEL SIGN AU
+	{0x17C6, 0x17C6, prExtend},                 // Mn       KHMER SIGN NIKAHIT
+	{0x17C7, 0x17C8, prExtend},                 // Mc   [2] KHMER SIGN REAHMUK..KHMER SIGN YUUKALEAPINTU
+	{0x17C9, 0x17D3, prExtend},                 // Mn  [11] KHMER SIGN MUUSIKATOAN..KHMER SIGN BATHAMASAT
+	{0x17DD, 0x17DD, prExtend},                 // Mn       KHMER SIGN ATTHACAN
+	{0x17E0, 0x17E9, prNumeric},                // Nd  [10] KHMER DIGIT ZERO..KHMER DIGIT NINE
+	{0x180B, 0x180D, prExtend},                 // Mn   [3] MONGOLIAN FREE VARIATION SELECTOR ONE..MONGOLIAN FREE VARIATION SELECTOR THREE
+	{0x180E, 0x180E, prFormat},                 // Cf       MONGOLIAN VOWEL SEPARATOR
+	{0x180F, 0x180F, prExtend},                 // Mn       MONGOLIAN FREE VARIATION SELECTOR FOUR
+	{0x1810, 0x1819, prNumeric},                // Nd  [10] MONGOLIAN DIGIT ZERO..MONGOLIAN DIGIT NINE
+	{0x1820, 0x1842, prALetter},                // Lo  [35] MONGOLIAN LETTER A..MONGOLIAN LETTER CHI
+	{0x1843, 0x1843, prALetter},                // Lm       MONGOLIAN LETTER TODO LONG VOWEL SIGN
+	{0x1844, 0x1878, prALetter},                // Lo  [53] MONGOLIAN LETTER TODO E..MONGOLIAN LETTER CHA WITH TWO DOTS
+	{0x1880, 0x1884, prALetter},                // Lo   [5] MONGOLIAN LETTER ALI GALI ANUSVARA ONE..MONGOLIAN LETTER ALI GALI INVERTED UBADAMA
+	{0x1885, 0x1886, prExtend},                 // Mn   [2] MONGOLIAN LETTER ALI GALI BALUDA..MONGOLIAN LETTER ALI GALI THREE BALUDA
+	{0x1887, 0x18A8, prALetter},                // Lo  [34] MONGOLIAN LETTER ALI GALI A..MONGOLIAN LETTER MANCHU ALI GALI BHA
+	{0x18A9, 0x18A9, prExtend},                 // Mn       MONGOLIAN LETTER ALI GALI DAGALGA
+	{0x18AA, 0x18AA, prALetter},                // Lo       MONGOLIAN LETTER MANCHU ALI GALI LHA
+	{0x18B0, 0x18F5, prALetter},                // Lo  [70] CANADIAN SYLLABICS OY..CANADIAN SYLLABICS CARRIER DENTAL S
+	{0x1900, 0x191E, prALetter},                // Lo  [31] LIMBU VOWEL-CARRIER LETTER..LIMBU LETTER TRA
+	{0x1920, 0x1922, prExtend},                 // Mn   [3] LIMBU VOWEL SIGN A..LIMBU VOWEL SIGN U
+	{0x1923, 0x1926, prExtend},                 // Mc   [4] LIMBU VOWEL SIGN EE..LIMBU VOWEL SIGN AU
+	{0x1927, 0x1928, prExtend},                 // Mn   [2] LIMBU VOWEL SIGN E..LIMBU VOWEL SIGN O
+	{0x1929, 0x192B, prExtend},                 // Mc   [3] LIMBU SUBJOINED LETTER YA..LIMBU SUBJOINED LETTER WA
+	{0x1930, 0x1931, prExtend},                 // Mc   [2] LIMBU SMALL LETTER KA..LIMBU SMALL LETTER NGA
+	{0x1932, 0x1932, prExtend},                 // Mn       LIMBU SMALL LETTER ANUSVARA
+	{0x1933, 0x1938, prExtend},                 // Mc   [6] LIMBU SMALL LETTER TA..LIMBU SMALL LETTER LA
+	{0x1939, 0x193B, prExtend},                 // Mn   [3] LIMBU SIGN MUKPHRENG..LIMBU SIGN SA-I
+	{0x1946, 0x194F, prNumeric},                // Nd  [10] LIMBU DIGIT ZERO..LIMBU DIGIT NINE
+	{0x19D0, 0x19D9, prNumeric},                // Nd  [10] NEW TAI LUE DIGIT ZERO..NEW TAI LUE DIGIT NINE
+	{0x1A00, 0x1A16, prALetter},                // Lo  [23] BUGINESE LETTER KA..BUGINESE LETTER HA
+	{0x1A17, 0x1A18, prExtend},                 // Mn   [2] BUGINESE VOWEL SIGN I..BUGINESE VOWEL SIGN U
+	{0x1A19, 0x1A1A, prExtend},                 // Mc   [2] BUGINESE VOWEL SIGN E..BUGINESE VOWEL SIGN O
+	{0x1A1B, 0x1A1B, prExtend},                 // Mn       BUGINESE VOWEL SIGN AE
+	{0x1A55, 0x1A55, prExtend},                 // Mc       TAI THAM CONSONANT SIGN MEDIAL RA
+	{0x1A56, 0x1A56, prExtend},                 // Mn       TAI THAM CONSONANT SIGN MEDIAL LA
+	{0x1A57, 0x1A57, prExtend},                 // Mc       TAI THAM CONSONANT SIGN LA TANG LAI
+	{0x1A58, 0x1A5E, prExtend},                 // Mn   [7] TAI THAM SIGN MAI KANG LAI..TAI THAM CONSONANT SIGN SA
+	{0x1A60, 0x1A60, prExtend},                 // Mn       TAI THAM SIGN SAKOT
+	{0x1A61, 0x1A61, prExtend},                 // Mc       TAI THAM VOWEL SIGN A
+	{0x1A62, 0x1A62, prExtend},                 // Mn       TAI THAM VOWEL SIGN MAI SAT
+	{0x1A63, 0x1A64, prExtend},                 // Mc   [2] TAI THAM VOWEL SIGN AA..TAI THAM VOWEL SIGN TALL AA
+	{0x1A65, 0x1A6C, prExtend},                 // Mn   [8] TAI THAM VOWEL SIGN I..TAI THAM VOWEL SIGN OA BELOW
+	{0x1A6D, 0x1A72, prExtend},                 // Mc   [6] TAI THAM VOWEL SIGN OY..TAI THAM VOWEL SIGN THAM AI
+	{0x1A73, 0x1A7C, prExtend},                 // Mn  [10] TAI THAM VOWEL SIGN OA ABOVE..TAI THAM SIGN KHUEN-LUE KARAN
+	{0x1A7F, 0x1A7F, prExtend},                 // Mn       TAI THAM COMBINING CRYPTOGRAMMIC DOT
+	{0x1A80, 0x1A89, prNumeric},                // Nd  [10] TAI THAM HORA DIGIT ZERO..TAI THAM HORA DIGIT NINE
+	{0x1A90, 0x1A99, prNumeric},                // Nd  [10] TAI THAM THAM DIGIT ZERO..TAI THAM THAM DIGIT NINE
+	{0x1AB0, 0x1ABD, prExtend},                 // Mn  [14] COMBINING DOUBLED CIRCUMFLEX ACCENT..COMBINING PARENTHESES BELOW
+	{0x1ABE, 0x1ABE, prExtend},                 // Me       COMBINING PARENTHESES OVERLAY
+	{0x1ABF, 0x1ACE, prExtend},                 // Mn  [16] COMBINING LATIN SMALL LETTER W BELOW..COMBINING LATIN SMALL LETTER INSULAR T
+	{0x1B00, 0x1B03, prExtend},                 // Mn   [4] BALINESE SIGN ULU RICEM..BALINESE SIGN SURANG
+	{0x1B04, 0x1B04, prExtend},                 // Mc       BALINESE SIGN BISAH
+	{0x1B05, 0x1B33, prALetter},                // Lo  [47] BALINESE LETTER AKARA..BALINESE LETTER HA
+	{0x1B34, 0x1B34, prExtend},                 // Mn       BALINESE SIGN REREKAN
+	{0x1B35, 0x1B35, prExtend},                 // Mc       BALINESE VOWEL SIGN TEDUNG
+	{0x1B36, 0x1B3A, prExtend},                 // Mn   [5] BALINESE VOWEL SIGN ULU..BALINESE VOWEL SIGN RA REPA
+	{0x1B3B, 0x1B3B, prExtend},                 // Mc       BALINESE VOWEL SIGN RA REPA TEDUNG
+	{0x1B3C, 0x1B3C, prExtend},                 // Mn       BALINESE VOWEL SIGN LA LENGA
+	{0x1B3D, 0x1B41, prExtend},                 // Mc   [5] BALINESE VOWEL SIGN LA LENGA TEDUNG..BALINESE VOWEL SIGN TALING REPA TEDUNG
+	{0x1B42, 0x1B42, prExtend},                 // Mn       BALINESE VOWEL SIGN PEPET
+	{0x1B43, 0x1B44, prExtend},                 // Mc   [2] BALINESE VOWEL SIGN PEPET TEDUNG..BALINESE ADEG ADEG
+	{0x1B45, 0x1B4C, prALetter},                // Lo   [8] BALINESE LETTER KAF SASAK..BALINESE LETTER ARCHAIC JNYA
+	{0x1B50, 0x1B59, prNumeric},                // Nd  [10] BALINESE DIGIT ZERO..BALINESE DIGIT NINE
+	{0x1B6B, 0x1B73, prExtend},                 // Mn   [9] BALINESE MUSICAL SYMBOL COMBINING TEGEH..BALINESE MUSICAL SYMBOL COMBINING GONG
+	{0x1B80, 0x1B81, prExtend},                 // Mn   [2] SUNDANESE SIGN PANYECEK..SUNDANESE SIGN PANGLAYAR
+	{0x1B82, 0x1B82, prExtend},                 // Mc       SUNDANESE SIGN PANGWISAD
+	{0x1B83, 0x1BA0, prALetter},                // Lo  [30] SUNDANESE LETTER A..SUNDANESE LETTER HA
+	{0x1BA1, 0x1BA1, prExtend},                 // Mc       SUNDANESE CONSONANT SIGN PAMINGKAL
+	{0x1BA2, 0x1BA5, prExtend},                 // Mn   [4] SUNDANESE CONSONANT SIGN PANYAKRA..SUNDANESE VOWEL SIGN PANYUKU
+	{0x1BA6, 0x1BA7, prExtend},                 // Mc   [2] SUNDANESE VOWEL SIGN PANAELAENG..SUNDANESE VOWEL SIGN PANOLONG
+	{0x1BA8, 0x1BA9, prExtend},                 // Mn   [2] SUNDANESE VOWEL SIGN PAMEPET..SUNDANESE VOWEL SIGN PANEULEUNG
+	{0x1BAA, 0x1BAA, prExtend},                 // Mc       SUNDANESE SIGN PAMAAEH
+	{0x1BAB, 0x1BAD, prExtend},                 // Mn   [3] SUNDANESE SIGN VIRAMA..SUNDANESE CONSONANT SIGN PASANGAN WA
+	{0x1BAE, 0x1BAF, prALetter},                // Lo   [2] SUNDANESE LETTER KHA..SUNDANESE LETTER SYA
+	{0x1BB0, 0x1BB9, prNumeric},                // Nd  [10] SUNDANESE DIGIT ZERO..SUNDANESE DIGIT NINE
+	{0x1BBA, 0x1BE5, prALetter},                // Lo  [44] SUNDANESE AVAGRAHA..BATAK LETTER U
+	{0x1BE6, 0x1BE6, prExtend},                 // Mn       BATAK SIGN TOMPI
+	{0x1BE7, 0x1BE7, prExtend},                 // Mc       BATAK VOWEL SIGN E
+	{0x1BE8, 0x1BE9, prExtend},                 // Mn   [2] BATAK VOWEL SIGN PAKPAK E..BATAK VOWEL SIGN EE
+	{0x1BEA, 0x1BEC, prExtend},                 // Mc   [3] BATAK VOWEL SIGN I..BATAK VOWEL SIGN O
+	{0x1BED, 0x1BED, prExtend},                 // Mn       BATAK VOWEL SIGN KARO O
+	{0x1BEE, 0x1BEE, prExtend},                 // Mc       BATAK VOWEL SIGN U
+	{0x1BEF, 0x1BF1, prExtend},                 // Mn   [3] BATAK VOWEL SIGN U FOR SIMALUNGUN SA..BATAK CONSONANT SIGN H
+	{0x1BF2, 0x1BF3, prExtend},                 // Mc   [2] BATAK PANGOLAT..BATAK PANONGONAN
+	{0x1C00, 0x1C23, prALetter},                // Lo  [36] LEPCHA LETTER KA..LEPCHA LETTER A
+	{0x1C24, 0x1C2B, prExtend},                 // Mc   [8] LEPCHA SUBJOINED LETTER YA..LEPCHA VOWEL SIGN UU
+	{0x1C2C, 0x1C33, prExtend},                 // Mn   [8] LEPCHA VOWEL SIGN E..LEPCHA CONSONANT SIGN T
+	{0x1C34, 0x1C35, prExtend},                 // Mc   [2] LEPCHA CONSONANT SIGN NYIN-DO..LEPCHA CONSONANT SIGN KANG
+	{0x1C36, 0x1C37, prExtend},                 // Mn   [2] LEPCHA SIGN RAN..LEPCHA SIGN NUKTA
+	{0x1C40, 0x1C49, prNumeric},                // Nd  [10] LEPCHA DIGIT ZERO..LEPCHA DIGIT NINE
+	{0x1C4D, 0x1C4F, prALetter},                // Lo   [3] LEPCHA LETTER TTA..LEPCHA LETTER DDA
+	{0x1C50, 0x1C59, prNumeric},                // Nd  [10] OL CHIKI DIGIT ZERO..OL CHIKI DIGIT NINE
+	{0x1C5A, 0x1C77, prALetter},                // Lo  [30] OL CHIKI LETTER LA..OL CHIKI LETTER OH
+	{0x1C78, 0x1C7D, prALetter},                // Lm   [6] OL CHIKI MU TTUDDAG..OL CHIKI AHAD
+	{0x1C80, 0x1C88, prALetter},                // L&   [9] CYRILLIC SMALL LETTER ROUNDED VE..CYRILLIC SMALL LETTER UNBLENDED UK
+	{0x1C90, 0x1CBA, prALetter},                // L&  [43] GEORGIAN MTAVRULI CAPITAL LETTER AN..GEORGIAN MTAVRULI CAPITAL LETTER AIN
+	{0x1CBD, 0x1CBF, prALetter},                // L&   [3] GEORGIAN MTAVRULI CAPITAL LETTER AEN..GEORGIAN MTAVRULI CAPITAL LETTER LABIAL SIGN
+	{0x1CD0, 0x1CD2, prExtend},                 // Mn   [3] VEDIC TONE KARSHANA..VEDIC TONE PRENKHA
+	{0x1CD4, 0x1CE0, prExtend},                 // Mn  [13] VEDIC SIGN YAJURVEDIC MIDLINE SVARITA..VEDIC TONE RIGVEDIC KASHMIRI INDEPENDENT SVARITA
+	{0x1CE1, 0x1CE1, prExtend},                 // Mc       VEDIC TONE ATHARVAVEDIC INDEPENDENT SVARITA
+	{0x1CE2, 0x1CE8, prExtend},                 // Mn   [7] VEDIC SIGN VISARGA SVARITA..VEDIC SIGN VISARGA ANUDATTA WITH TAIL
+	{0x1CE9, 0x1CEC, prALetter},                // Lo   [4] VEDIC SIGN ANUSVARA ANTARGOMUKHA..VEDIC SIGN ANUSVARA VAMAGOMUKHA WITH TAIL
+	{0x1CED, 0x1CED, prExtend},                 // Mn       VEDIC SIGN TIRYAK
+	{0x1CEE, 0x1CF3, prALetter},                // Lo   [6] VEDIC SIGN HEXIFORM LONG ANUSVARA..VEDIC SIGN ROTATED ARDHAVISARGA
+	{0x1CF4, 0x1CF4, prExtend},                 // Mn       VEDIC TONE CANDRA ABOVE
+	{0x1CF5, 0x1CF6, prALetter},                // Lo   [2] VEDIC SIGN JIHVAMULIYA..VEDIC SIGN UPADHMANIYA
+	{0x1CF7, 0x1CF7, prExtend},                 // Mc       VEDIC SIGN ATIKRAMA
+	{0x1CF8, 0x1CF9, prExtend},                 // Mn   [2] VEDIC TONE RING ABOVE..VEDIC TONE DOUBLE RING ABOVE
+	{0x1CFA, 0x1CFA, prALetter},                // Lo       VEDIC SIGN DOUBLE ANUSVARA ANTARGOMUKHA
+	{0x1D00, 0x1D2B, prALetter},                // L&  [44] LATIN LETTER SMALL CAPITAL A..CYRILLIC LETTER SMALL CAPITAL EL
+	{0x1D2C, 0x1D6A, prALetter},                // Lm  [63] MODIFIER LETTER CAPITAL A..GREEK SUBSCRIPT SMALL LETTER CHI
+	{0x1D6B, 0x1D77, prALetter},                // L&  [13] LATIN SMALL LETTER UE..LATIN SMALL LETTER TURNED G
+	{0x1D78, 0x1D78, prALetter},                // Lm       MODIFIER LETTER CYRILLIC EN
+	{0x1D79, 0x1D9A, prALetter},                // L&  [34] LATIN SMALL LETTER INSULAR G..LATIN SMALL LETTER EZH WITH RETROFLEX HOOK
+	{0x1D9B, 0x1DBF, prALetter},                // Lm  [37] MODIFIER LETTER SMALL TURNED ALPHA..MODIFIER LETTER SMALL THETA
+	{0x1DC0, 0x1DFF, prExtend},                 // Mn  [64] COMBINING DOTTED GRAVE ACCENT..COMBINING RIGHT ARROWHEAD AND DOWN ARROWHEAD BELOW
+	{0x1E00, 0x1F15, prALetter},                // L& [278] LATIN CAPITAL LETTER A WITH RING BELOW..GREEK SMALL LETTER EPSILON WITH DASIA AND OXIA
+	{0x1F18, 0x1F1D, prALetter},                // L&   [6] GREEK CAPITAL LETTER EPSILON WITH PSILI..GREEK CAPITAL LETTER EPSILON WITH DASIA AND OXIA
+	{0x1F20, 0x1F45, prALetter},                // L&  [38] GREEK SMALL LETTER ETA WITH PSILI..GREEK SMALL LETTER OMICRON WITH DASIA AND OXIA
+	{0x1F48, 0x1F4D, prALetter},                // L&   [6] GREEK CAPITAL LETTER OMICRON WITH PSILI..GREEK CAPITAL LETTER OMICRON WITH DASIA AND OXIA
+	{0x1F50, 0x1F57, prALetter},                // L&   [8] GREEK SMALL LETTER UPSILON WITH PSILI..GREEK SMALL LETTER UPSILON WITH DASIA AND PERISPOMENI
+	{0x1F59, 0x1F59, prALetter},                // L&       GREEK CAPITAL LETTER UPSILON WITH DASIA
+	{0x1F5B, 0x1F5B, prALetter},                // L&       GREEK CAPITAL LETTER UPSILON WITH DASIA AND VARIA
+	{0x1F5D, 0x1F5D, prALetter},                // L&       GREEK CAPITAL LETTER UPSILON WITH DASIA AND OXIA
+	{0x1F5F, 0x1F7D, prALetter},                // L&  [31] GREEK CAPITAL LETTER UPSILON WITH DASIA AND PERISPOMENI..GREEK SMALL LETTER OMEGA WITH OXIA
+	{0x1F80, 0x1FB4, prALetter},                // L&  [53] GREEK SMALL LETTER ALPHA WITH PSILI AND YPOGEGRAMMENI..GREEK SMALL LETTER ALPHA WITH OXIA AND YPOGEGRAMMENI
+	{0x1FB6, 0x1FBC, prALetter},                // L&   [7] GREEK SMALL LETTER ALPHA WITH PERISPOMENI..GREEK CAPITAL LETTER ALPHA WITH PROSGEGRAMMENI
+	{0x1FBE, 0x1FBE, prALetter},                // L&       GREEK PROSGEGRAMMENI
+	{0x1FC2, 0x1FC4, prALetter},                // L&   [3] GREEK SMALL LETTER ETA WITH VARIA AND YPOGEGRAMMENI..GREEK SMALL LETTER ETA WITH OXIA AND YPOGEGRAMMENI
+	{0x1FC6, 0x1FCC, prALetter},                // L&   [7] GREEK SMALL LETTER ETA WITH PERISPOMENI..GREEK CAPITAL LETTER ETA WITH PROSGEGRAMMENI
+	{0x1FD0, 0x1FD3, prALetter},                // L&   [4] GREEK SMALL LETTER IOTA WITH VRACHY..GREEK SMALL LETTER IOTA WITH DIALYTIKA AND OXIA
+	{0x1FD6, 0x1FDB, prALetter},                // L&   [6] GREEK SMALL LETTER IOTA WITH PERISPOMENI..GREEK CAPITAL LETTER IOTA WITH OXIA
+	{0x1FE0, 0x1FEC, prALetter},                // L&  [13] GREEK SMALL LETTER UPSILON WITH VRACHY..GREEK CAPITAL LETTER RHO WITH DASIA
+	{0x1FF2, 0x1FF4, prALetter},                // L&   [3] GREEK SMALL LETTER OMEGA WITH VARIA AND YPOGEGRAMMENI..GREEK SMALL LETTER OMEGA WITH OXIA AND YPOGEGRAMMENI
+	{0x1FF6, 0x1FFC, prALetter},                // L&   [7] GREEK SMALL LETTER OMEGA WITH PERISPOMENI..GREEK CAPITAL LETTER OMEGA WITH PROSGEGRAMMENI
+	{0x2000, 0x2006, prWSegSpace},              // Zs   [7] EN QUAD..SIX-PER-EM SPACE
+	{0x2008, 0x200A, prWSegSpace},              // Zs   [3] PUNCTUATION SPACE..HAIR SPACE
+	{0x200C, 0x200C, prExtend},                 // Cf       ZERO WIDTH NON-JOINER
+	{0x200D, 0x200D, prZWJ},                    // Cf       ZERO WIDTH JOINER
+	{0x200E, 0x200F, prFormat},                 // Cf   [2] LEFT-TO-RIGHT MARK..RIGHT-TO-LEFT MARK
+	{0x2018, 0x2018, prMidNumLet},              // Pi       LEFT SINGLE QUOTATION MARK
+	{0x2019, 0x2019, prMidNumLet},              // Pf       RIGHT SINGLE QUOTATION MARK
+	{0x2024, 0x2024, prMidNumLet},              // Po       ONE DOT LEADER
+	{0x2027, 0x2027, prMidLetter},              // Po       HYPHENATION POINT
+	{0x2028, 0x2028, prNewline},                // Zl       LINE SEPARATOR
+	{0x2029, 0x2029, prNewline},                // Zp       PARAGRAPH SEPARATOR
+	{0x202A, 0x202E, prFormat},                 // Cf   [5] LEFT-TO-RIGHT EMBEDDING..RIGHT-TO-LEFT OVERRIDE
+	{0x202F, 0x202F, prExtendNumLet},           // Zs       NARROW NO-BREAK SPACE
+	{0x203C, 0x203C, prExtendedPictographic},   // E0.6   [1] (‼�)       double exclamation mark
+	{0x203F, 0x2040, prExtendNumLet},           // Pc   [2] UNDERTIE..CHARACTER TIE
+	{0x2044, 0x2044, prMidNum},                 // Sm       FRACTION SLASH
+	{0x2049, 0x2049, prExtendedPictographic},   // E0.6   [1] (��)       exclamation question mark
+	{0x2054, 0x2054, prExtendNumLet},           // Pc       INVERTED UNDERTIE
+	{0x205F, 0x205F, prWSegSpace},              // Zs       MEDIUM MATHEMATICAL SPACE
+	{0x2060, 0x2064, prFormat},                 // Cf   [5] WORD JOINER..INVISIBLE PLUS
+	{0x2066, 0x206F, prFormat},                 // Cf  [10] LEFT-TO-RIGHT ISOLATE..NOMINAL DIGIT SHAPES
+	{0x2071, 0x2071, prALetter},                // Lm       SUPERSCRIPT LATIN SMALL LETTER I
+	{0x207F, 0x207F, prALetter},                // Lm       SUPERSCRIPT LATIN SMALL LETTER N
+	{0x2090, 0x209C, prALetter},                // Lm  [13] LATIN SUBSCRIPT SMALL LETTER A..LATIN SUBSCRIPT SMALL LETTER T
+	{0x20D0, 0x20DC, prExtend},                 // Mn  [13] COMBINING LEFT HARPOON ABOVE..COMBINING FOUR DOTS ABOVE
+	{0x20DD, 0x20E0, prExtend},                 // Me   [4] COMBINING ENCLOSING CIRCLE..COMBINING ENCLOSING CIRCLE BACKSLASH
+	{0x20E1, 0x20E1, prExtend},                 // Mn       COMBINING LEFT RIGHT ARROW ABOVE
+	{0x20E2, 0x20E4, prExtend},                 // Me   [3] COMBINING ENCLOSING SCREEN..COMBINING ENCLOSING UPWARD POINTING TRIANGLE
+	{0x20E5, 0x20F0, prExtend},                 // Mn  [12] COMBINING REVERSE SOLIDUS OVERLAY..COMBINING ASTERISK ABOVE
+	{0x2102, 0x2102, prALetter},                // L&       DOUBLE-STRUCK CAPITAL C
+	{0x2107, 0x2107, prALetter},                // L&       EULER CONSTANT
+	{0x210A, 0x2113, prALetter},                // L&  [10] SCRIPT SMALL G..SCRIPT SMALL L
+	{0x2115, 0x2115, prALetter},                // L&       DOUBLE-STRUCK CAPITAL N
+	{0x2119, 0x211D, prALetter},                // L&   [5] DOUBLE-STRUCK CAPITAL P..DOUBLE-STRUCK CAPITAL R
+	{0x2122, 0x2122, prExtendedPictographic},   // E0.6   [1] (™�)       trade mark
+	{0x2124, 0x2124, prALetter},                // L&       DOUBLE-STRUCK CAPITAL Z
+	{0x2126, 0x2126, prALetter},                // L&       OHM SIGN
+	{0x2128, 0x2128, prALetter},                // L&       BLACK-LETTER CAPITAL Z
+	{0x212A, 0x212D, prALetter},                // L&   [4] KELVIN SIGN..BLACK-LETTER CAPITAL C
+	{0x212F, 0x2134, prALetter},                // L&   [6] SCRIPT SMALL E..SCRIPT SMALL O
+	{0x2135, 0x2138, prALetter},                // Lo   [4] ALEF SYMBOL..DALET SYMBOL
+	{0x2139, 0x2139, prExtendedPictographic},   // E0.6   [1] (ℹ�)       information
+	{0x2139, 0x2139, prALetter},                // L&       INFORMATION SOURCE
+	{0x213C, 0x213F, prALetter},                // L&   [4] DOUBLE-STRUCK SMALL PI..DOUBLE-STRUCK CAPITAL PI
+	{0x2145, 0x2149, prALetter},                // L&   [5] DOUBLE-STRUCK ITALIC CAPITAL D..DOUBLE-STRUCK ITALIC SMALL J
+	{0x214E, 0x214E, prALetter},                // L&       TURNED SMALL F
+	{0x2160, 0x2182, prALetter},                // Nl  [35] ROMAN NUMERAL ONE..ROMAN NUMERAL TEN THOUSAND
+	{0x2183, 0x2184, prALetter},                // L&   [2] ROMAN NUMERAL REVERSED ONE HUNDRED..LATIN SMALL LETTER REVERSED C
+	{0x2185, 0x2188, prALetter},                // Nl   [4] ROMAN NUMERAL SIX LATE FORM..ROMAN NUMERAL ONE HUNDRED THOUSAND
+	{0x2194, 0x2199, prExtendedPictographic},   // E0.6   [6] (↔�..↙�)    left-right arrow..down-left arrow
+	{0x21A9, 0x21AA, prExtendedPictographic},   // E0.6   [2] (↩�..↪�)    right arrow curving left..left arrow curving right
+	{0x231A, 0x231B, prExtendedPictographic},   // E0.6   [2] (⌚..⌛)    watch..hourglass done
+	{0x2328, 0x2328, prExtendedPictographic},   // E1.0   [1] (⌨�)       keyboard
+	{0x2388, 0x2388, prExtendedPictographic},   // E0.0   [1] (⎈)       HELM SYMBOL
+	{0x23CF, 0x23CF, prExtendedPictographic},   // E1.0   [1] (��)       eject button
+	{0x23E9, 0x23EC, prExtendedPictographic},   // E0.6   [4] (�..�)    fast-forward button..fast down button
+	{0x23ED, 0x23EE, prExtendedPictographic},   // E0.7   [2] (��..��)    next track button..last track button
+	{0x23EF, 0x23EF, prExtendedPictographic},   // E1.0   [1] (��)       play or pause button
+	{0x23F0, 0x23F0, prExtendedPictographic},   // E0.6   [1] (�)       alarm clock
+	{0x23F1, 0x23F2, prExtendedPictographic},   // E1.0   [2] (��..��)    stopwatch..timer clock
+	{0x23F3, 0x23F3, prExtendedPictographic},   // E0.6   [1] (�)       hourglass not done
+	{0x23F8, 0x23FA, prExtendedPictographic},   // E0.7   [3] (��..��)    pause button..record button
+	{0x24B6, 0x24E9, prALetter},                // So  [52] CIRCLED LATIN CAPITAL LETTER A..CIRCLED LATIN SMALL LETTER Z
+	{0x24C2, 0x24C2, prExtendedPictographic},   // E0.6   [1] (Ⓜ�)       circled M
+	{0x25AA, 0x25AB, prExtendedPictographic},   // E0.6   [2] (▪�..▫�)    black small square..white small square
+	{0x25B6, 0x25B6, prExtendedPictographic},   // E0.6   [1] (▶�)       play button
+	{0x25C0, 0x25C0, prExtendedPictographic},   // E0.6   [1] (◀�)       reverse button
+	{0x25FB, 0x25FE, prExtendedPictographic},   // E0.6   [4] (◻�..◾)    white medium square..black medium-small square
+	{0x2600, 0x2601, prExtendedPictographic},   // E0.6   [2] (☀�..��)    sun..cloud
+	{0x2602, 0x2603, prExtendedPictographic},   // E0.7   [2] (☂�..☃�)    umbrella..snowman
+	{0x2604, 0x2604, prExtendedPictographic},   // E1.0   [1] (☄�)       comet
+	{0x2605, 0x2605, prExtendedPictographic},   // E0.0   [1] (★)       BLACK STAR
+	{0x2607, 0x260D, prExtendedPictographic},   // E0.0   [7] (☇..�)    LIGHTNING..OPPOSITION
+	{0x260E, 0x260E, prExtendedPictographic},   // E0.6   [1] (☎�)       telephone
+	{0x260F, 0x2610, prExtendedPictographic},   // E0.0   [2] (�..�)    WHITE TELEPHONE..BALLOT BOX
+	{0x2611, 0x2611, prExtendedPictographic},   // E0.6   [1] (☑�)       check box with check
+	{0x2612, 0x2612, prExtendedPictographic},   // E0.0   [1] (☒)       BALLOT BOX WITH X
+	{0x2614, 0x2615, prExtendedPictographic},   // E0.6   [2] (☔..☕)    umbrella with rain drops..hot beverage
+	{0x2616, 0x2617, prExtendedPictographic},   // E0.0   [2] (☖..☗)    WHITE SHOGI PIECE..BLACK SHOGI PIECE
+	{0x2618, 0x2618, prExtendedPictographic},   // E1.0   [1] (☘�)       shamrock
+	{0x2619, 0x261C, prExtendedPictographic},   // E0.0   [4] (☙..☜)    REVERSED ROTATED FLORAL HEART BULLET..WHITE LEFT POINTING INDEX
+	{0x261D, 0x261D, prExtendedPictographic},   // E0.6   [1] (��)       index pointing up
+	{0x261E, 0x261F, prExtendedPictographic},   // E0.0   [2] (☞..☟)    WHITE RIGHT POINTING INDEX..WHITE DOWN POINTING INDEX
+	{0x2620, 0x2620, prExtendedPictographic},   // E1.0   [1] (☠�)       skull and crossbones
+	{0x2621, 0x2621, prExtendedPictographic},   // E0.0   [1] (☡)       CAUTION SIGN
+	{0x2622, 0x2623, prExtendedPictographic},   // E1.0   [2] (☢�..☣�)    radioactive..biohazard
+	{0x2624, 0x2625, prExtendedPictographic},   // E0.0   [2] (☤..☥)    CADUCEUS..ANKH
+	{0x2626, 0x2626, prExtendedPictographic},   // E1.0   [1] (☦�)       orthodox cross
+	{0x2627, 0x2629, prExtendedPictographic},   // E0.0   [3] (☧..☩)    CHI RHO..CROSS OF JERUSALEM
+	{0x262A, 0x262A, prExtendedPictographic},   // E0.7   [1] (☪�)       star and crescent
+	{0x262B, 0x262D, prExtendedPictographic},   // E0.0   [3] (☫..☭)    FARSI SYMBOL..HAMMER AND SICKLE
+	{0x262E, 0x262E, prExtendedPictographic},   // E1.0   [1] (☮�)       peace symbol
+	{0x262F, 0x262F, prExtendedPictographic},   // E0.7   [1] (☯�)       yin yang
+	{0x2630, 0x2637, prExtendedPictographic},   // E0.0   [8] (☰..☷)    TRIGRAM FOR HEAVEN..TRIGRAM FOR EARTH
+	{0x2638, 0x2639, prExtendedPictographic},   // E0.7   [2] (☸�..☹�)    wheel of dharma..frowning face
+	{0x263A, 0x263A, prExtendedPictographic},   // E0.6   [1] (☺�)       smiling face
+	{0x263B, 0x263F, prExtendedPictographic},   // E0.0   [5] (☻..☿)    BLACK SMILING FACE..MERCURY
+	{0x2640, 0x2640, prExtendedPictographic},   // E4.0   [1] (♀�)       female sign
+	{0x2641, 0x2641, prExtendedPictographic},   // E0.0   [1] (�)       EARTH
+	{0x2642, 0x2642, prExtendedPictographic},   // E4.0   [1] (♂�)       male sign
+	{0x2643, 0x2647, prExtendedPictographic},   // E0.0   [5] (♃..♇)    JUPITER..PLUTO
+	{0x2648, 0x2653, prExtendedPictographic},   // E0.6  [12] (♈..♓)    Aries..Pisces
+	{0x2654, 0x265E, prExtendedPictographic},   // E0.0  [11] (♔..♞)    WHITE CHESS KING..BLACK CHESS KNIGHT
+	{0x265F, 0x265F, prExtendedPictographic},   // E11.0  [1] (♟�)       chess pawn
+	{0x2660, 0x2660, prExtendedPictographic},   // E0.6   [1] (♠�)       spade suit
+	{0x2661, 0x2662, prExtendedPictographic},   // E0.0   [2] (♡..♢)    WHITE HEART SUIT..WHITE DIAMOND SUIT
+	{0x2663, 0x2663, prExtendedPictographic},   // E0.6   [1] (♣�)       club suit
+	{0x2664, 0x2664, prExtendedPictographic},   // E0.0   [1] (♤)       WHITE SPADE SUIT
+	{0x2665, 0x2666, prExtendedPictographic},   // E0.6   [2] (♥�..♦�)    heart suit..diamond suit
+	{0x2667, 0x2667, prExtendedPictographic},   // E0.0   [1] (♧)       WHITE CLUB SUIT
+	{0x2668, 0x2668, prExtendedPictographic},   // E0.6   [1] (♨�)       hot springs
+	{0x2669, 0x267A, prExtendedPictographic},   // E0.0  [18] (♩..♺)    QUARTER NOTE..RECYCLING SYMBOL FOR GENERIC MATERIALS
+	{0x267B, 0x267B, prExtendedPictographic},   // E0.6   [1] (♻�)       recycling symbol
+	{0x267C, 0x267D, prExtendedPictographic},   // E0.0   [2] (♼..♽)    RECYCLED PAPER SYMBOL..PARTIALLY-RECYCLED PAPER SYMBOL
+	{0x267E, 0x267E, prExtendedPictographic},   // E11.0  [1] (♾�)       infinity
+	{0x267F, 0x267F, prExtendedPictographic},   // E0.6   [1] (♿)       wheelchair symbol
+	{0x2680, 0x2685, prExtendedPictographic},   // E0.0   [6] (⚀..⚅)    DIE FACE-1..DIE FACE-6
+	{0x2690, 0x2691, prExtendedPictographic},   // E0.0   [2] (�..⚑)    WHITE FLAG..BLACK FLAG
+	{0x2692, 0x2692, prExtendedPictographic},   // E1.0   [1] (⚒�)       hammer and pick
+	{0x2693, 0x2693, prExtendedPictographic},   // E0.6   [1] (âš“)       anchor
+	{0x2694, 0x2694, prExtendedPictographic},   // E1.0   [1] (⚔�)       crossed swords
+	{0x2695, 0x2695, prExtendedPictographic},   // E4.0   [1] (⚕�)       medical symbol
+	{0x2696, 0x2697, prExtendedPictographic},   // E1.0   [2] (⚖�..⚗�)    balance scale..alembic
+	{0x2698, 0x2698, prExtendedPictographic},   // E0.0   [1] (⚘)       FLOWER
+	{0x2699, 0x2699, prExtendedPictographic},   // E1.0   [1] (⚙�)       gear
+	{0x269A, 0x269A, prExtendedPictographic},   // E0.0   [1] (âšš)       STAFF OF HERMES
+	{0x269B, 0x269C, prExtendedPictographic},   // E1.0   [2] (⚛�..⚜�)    atom symbol..fleur-de-lis
+	{0x269D, 0x269F, prExtendedPictographic},   // E0.0   [3] (�..⚟)    OUTLINED WHITE STAR..THREE LINES CONVERGING LEFT
+	{0x26A0, 0x26A1, prExtendedPictographic},   // E0.6   [2] (⚠�..⚡)    warning..high voltage
+	{0x26A2, 0x26A6, prExtendedPictographic},   // E0.0   [5] (⚢..⚦)    DOUBLED FEMALE SIGN..MALE WITH STROKE SIGN
+	{0x26A7, 0x26A7, prExtendedPictographic},   // E13.0  [1] (⚧�)       transgender symbol
+	{0x26A8, 0x26A9, prExtendedPictographic},   // E0.0   [2] (⚨..⚩)    VERTICAL MALE WITH STROKE SIGN..HORIZONTAL MALE WITH STROKE SIGN
+	{0x26AA, 0x26AB, prExtendedPictographic},   // E0.6   [2] (⚪..⚫)    white circle..black circle
+	{0x26AC, 0x26AF, prExtendedPictographic},   // E0.0   [4] (⚬..⚯)    MEDIUM SMALL WHITE CIRCLE..UNMARRIED PARTNERSHIP SYMBOL
+	{0x26B0, 0x26B1, prExtendedPictographic},   // E1.0   [2] (⚰�..⚱�)    coffin..funeral urn
+	{0x26B2, 0x26BC, prExtendedPictographic},   // E0.0  [11] (âš²..âš¼)    NEUTER..SESQUIQUADRATE
+	{0x26BD, 0x26BE, prExtendedPictographic},   // E0.6   [2] (âš½..âš¾)    soccer ball..baseball
+	{0x26BF, 0x26C3, prExtendedPictographic},   // E0.0   [5] (⚿..⛃)    SQUARED KEY..BLACK DRAUGHTS KING
+	{0x26C4, 0x26C5, prExtendedPictographic},   // E0.6   [2] (⛄..⛅)    snowman without snow..sun behind cloud
+	{0x26C6, 0x26C7, prExtendedPictographic},   // E0.0   [2] (⛆..⛇)    RAIN..BLACK SNOWMAN
+	{0x26C8, 0x26C8, prExtendedPictographic},   // E0.7   [1] (⛈�)       cloud with lightning and rain
+	{0x26C9, 0x26CD, prExtendedPictographic},   // E0.0   [5] (⛉..�)    TURNED WHITE SHOGI PIECE..DISABLED CAR
+	{0x26CE, 0x26CE, prExtendedPictographic},   // E0.6   [1] (⛎)       Ophiuchus
+	{0x26CF, 0x26CF, prExtendedPictographic},   // E0.7   [1] (��)       pick
+	{0x26D0, 0x26D0, prExtendedPictographic},   // E0.0   [1] (�)       CAR SLIDING
+	{0x26D1, 0x26D1, prExtendedPictographic},   // E0.7   [1] (⛑�)       rescue worker’s helmet
+	{0x26D2, 0x26D2, prExtendedPictographic},   // E0.0   [1] (â›’)       CIRCLED CROSSING LANES
+	{0x26D3, 0x26D3, prExtendedPictographic},   // E0.7   [1] (⛓�)       chains
+	{0x26D4, 0x26D4, prExtendedPictographic},   // E0.6   [1] (â›”)       no entry
+	{0x26D5, 0x26E8, prExtendedPictographic},   // E0.0  [20] (⛕..⛨)    ALTERNATE ONE-WAY LEFT WAY TRAFFIC..BLACK CROSS ON SHIELD
+	{0x26E9, 0x26E9, prExtendedPictographic},   // E0.7   [1] (⛩�)       shinto shrine
+	{0x26EA, 0x26EA, prExtendedPictographic},   // E0.6   [1] (⛪)       church
+	{0x26EB, 0x26EF, prExtendedPictographic},   // E0.0   [5] (⛫..⛯)    CASTLE..MAP SYMBOL FOR LIGHTHOUSE
+	{0x26F0, 0x26F1, prExtendedPictographic},   // E0.7   [2] (⛰�..⛱�)    mountain..umbrella on ground
+	{0x26F2, 0x26F3, prExtendedPictographic},   // E0.6   [2] (⛲..⛳)    fountain..flag in hole
+	{0x26F4, 0x26F4, prExtendedPictographic},   // E0.7   [1] (⛴�)       ferry
+	{0x26F5, 0x26F5, prExtendedPictographic},   // E0.6   [1] (⛵)       sailboat
+	{0x26F6, 0x26F6, prExtendedPictographic},   // E0.0   [1] (⛶)       SQUARE FOUR CORNERS
+	{0x26F7, 0x26F9, prExtendedPictographic},   // E0.7   [3] (⛷�..⛹�)    skier..person bouncing ball
+	{0x26FA, 0x26FA, prExtendedPictographic},   // E0.6   [1] (⛺)       tent
+	{0x26FB, 0x26FC, prExtendedPictographic},   // E0.0   [2] (⛻..⛼)    JAPANESE BANK SYMBOL..HEADSTONE GRAVEYARD SYMBOL
+	{0x26FD, 0x26FD, prExtendedPictographic},   // E0.6   [1] (⛽)       fuel pump
+	{0x26FE, 0x2701, prExtendedPictographic},   // E0.0   [4] (⛾..�)    CUP ON BLACK SQUARE..UPPER BLADE SCISSORS
+	{0x2702, 0x2702, prExtendedPictographic},   // E0.6   [1] (✂�)       scissors
+	{0x2703, 0x2704, prExtendedPictographic},   // E0.0   [2] (✃..✄)    LOWER BLADE SCISSORS..WHITE SCISSORS
+	{0x2705, 0x2705, prExtendedPictographic},   // E0.6   [1] (✅)       check mark button
+	{0x2708, 0x270C, prExtendedPictographic},   // E0.6   [5] (✈�..✌�)    airplane..victory hand
+	{0x270D, 0x270D, prExtendedPictographic},   // E0.7   [1] (��)       writing hand
+	{0x270E, 0x270E, prExtendedPictographic},   // E0.0   [1] (✎)       LOWER RIGHT PENCIL
+	{0x270F, 0x270F, prExtendedPictographic},   // E0.6   [1] (��)       pencil
+	{0x2710, 0x2711, prExtendedPictographic},   // E0.0   [2] (�..✑)    UPPER RIGHT PENCIL..WHITE NIB
+	{0x2712, 0x2712, prExtendedPictographic},   // E0.6   [1] (✒�)       black nib
+	{0x2714, 0x2714, prExtendedPictographic},   // E0.6   [1] (✔�)       check mark
+	{0x2716, 0x2716, prExtendedPictographic},   // E0.6   [1] (✖�)       multiply
+	{0x271D, 0x271D, prExtendedPictographic},   // E0.7   [1] (��)       latin cross
+	{0x2721, 0x2721, prExtendedPictographic},   // E0.7   [1] (✡�)       star of David
+	{0x2728, 0x2728, prExtendedPictographic},   // E0.6   [1] (✨)       sparkles
+	{0x2733, 0x2734, prExtendedPictographic},   // E0.6   [2] (✳�..✴�)    eight-spoked asterisk..eight-pointed star
+	{0x2744, 0x2744, prExtendedPictographic},   // E0.6   [1] (��)       snowflake
+	{0x2747, 0x2747, prExtendedPictographic},   // E0.6   [1] (��)       sparkle
+	{0x274C, 0x274C, prExtendedPictographic},   // E0.6   [1] (�)       cross mark
+	{0x274E, 0x274E, prExtendedPictographic},   // E0.6   [1] (�)       cross mark button
+	{0x2753, 0x2755, prExtendedPictographic},   // E0.6   [3] (�..�)    red question mark..white exclamation mark
+	{0x2757, 0x2757, prExtendedPictographic},   // E0.6   [1] (�)       red exclamation mark
+	{0x2763, 0x2763, prExtendedPictographic},   // E1.0   [1] (��)       heart exclamation
+	{0x2764, 0x2764, prExtendedPictographic},   // E0.6   [1] (��)       red heart
+	{0x2765, 0x2767, prExtendedPictographic},   // E0.0   [3] (�..�)    ROTATED HEAVY BLACK HEART BULLET..ROTATED FLORAL HEART BULLET
+	{0x2795, 0x2797, prExtendedPictographic},   // E0.6   [3] (âž•..âž—)    plus..divide
+	{0x27A1, 0x27A1, prExtendedPictographic},   // E0.6   [1] (➡�)       right arrow
+	{0x27B0, 0x27B0, prExtendedPictographic},   // E0.6   [1] (âž°)       curly loop
+	{0x27BF, 0x27BF, prExtendedPictographic},   // E1.0   [1] (âž¿)       double curly loop
+	{0x2934, 0x2935, prExtendedPictographic},   // E0.6   [2] (⤴�..⤵�)    right arrow curving up..right arrow curving down
+	{0x2B05, 0x2B07, prExtendedPictographic},   // E0.6   [3] (⬅�..⬇�)    left arrow..down arrow
+	{0x2B1B, 0x2B1C, prExtendedPictographic},   // E0.6   [2] (⬛..⬜)    black large square..white large square
+	{0x2B50, 0x2B50, prExtendedPictographic},   // E0.6   [1] (â­�)       star
+	{0x2B55, 0x2B55, prExtendedPictographic},   // E0.6   [1] (â­•)       hollow red circle
+	{0x2C00, 0x2C7B, prALetter},                // L& [124] GLAGOLITIC CAPITAL LETTER AZU..LATIN LETTER SMALL CAPITAL TURNED E
+	{0x2C7C, 0x2C7D, prALetter},                // Lm   [2] LATIN SUBSCRIPT SMALL LETTER J..MODIFIER LETTER CAPITAL V
+	{0x2C7E, 0x2CE4, prALetter},                // L& [103] LATIN CAPITAL LETTER S WITH SWASH TAIL..COPTIC SYMBOL KAI
+	{0x2CEB, 0x2CEE, prALetter},                // L&   [4] COPTIC CAPITAL LETTER CRYPTOGRAMMIC SHEI..COPTIC SMALL LETTER CRYPTOGRAMMIC GANGIA
+	{0x2CEF, 0x2CF1, prExtend},                 // Mn   [3] COPTIC COMBINING NI ABOVE..COPTIC COMBINING SPIRITUS LENIS
+	{0x2CF2, 0x2CF3, prALetter},                // L&   [2] COPTIC CAPITAL LETTER BOHAIRIC KHEI..COPTIC SMALL LETTER BOHAIRIC KHEI
+	{0x2D00, 0x2D25, prALetter},                // L&  [38] GEORGIAN SMALL LETTER AN..GEORGIAN SMALL LETTER HOE
+	{0x2D27, 0x2D27, prALetter},                // L&       GEORGIAN SMALL LETTER YN
+	{0x2D2D, 0x2D2D, prALetter},                // L&       GEORGIAN SMALL LETTER AEN
+	{0x2D30, 0x2D67, prALetter},                // Lo  [56] TIFINAGH LETTER YA..TIFINAGH LETTER YO
+	{0x2D6F, 0x2D6F, prALetter},                // Lm       TIFINAGH MODIFIER LETTER LABIALIZATION MARK
+	{0x2D7F, 0x2D7F, prExtend},                 // Mn       TIFINAGH CONSONANT JOINER
+	{0x2D80, 0x2D96, prALetter},                // Lo  [23] ETHIOPIC SYLLABLE LOA..ETHIOPIC SYLLABLE GGWE
+	{0x2DA0, 0x2DA6, prALetter},                // Lo   [7] ETHIOPIC SYLLABLE SSA..ETHIOPIC SYLLABLE SSO
+	{0x2DA8, 0x2DAE, prALetter},                // Lo   [7] ETHIOPIC SYLLABLE CCA..ETHIOPIC SYLLABLE CCO
+	{0x2DB0, 0x2DB6, prALetter},                // Lo   [7] ETHIOPIC SYLLABLE ZZA..ETHIOPIC SYLLABLE ZZO
+	{0x2DB8, 0x2DBE, prALetter},                // Lo   [7] ETHIOPIC SYLLABLE CCHA..ETHIOPIC SYLLABLE CCHO
+	{0x2DC0, 0x2DC6, prALetter},                // Lo   [7] ETHIOPIC SYLLABLE QYA..ETHIOPIC SYLLABLE QYO
+	{0x2DC8, 0x2DCE, prALetter},                // Lo   [7] ETHIOPIC SYLLABLE KYA..ETHIOPIC SYLLABLE KYO
+	{0x2DD0, 0x2DD6, prALetter},                // Lo   [7] ETHIOPIC SYLLABLE XYA..ETHIOPIC SYLLABLE XYO
+	{0x2DD8, 0x2DDE, prALetter},                // Lo   [7] ETHIOPIC SYLLABLE GYA..ETHIOPIC SYLLABLE GYO
+	{0x2DE0, 0x2DFF, prExtend},                 // Mn  [32] COMBINING CYRILLIC LETTER BE..COMBINING CYRILLIC LETTER IOTIFIED BIG YUS
+	{0x2E2F, 0x2E2F, prALetter},                // Lm       VERTICAL TILDE
+	{0x3000, 0x3000, prWSegSpace},              // Zs       IDEOGRAPHIC SPACE
+	{0x3005, 0x3005, prALetter},                // Lm       IDEOGRAPHIC ITERATION MARK
+	{0x302A, 0x302D, prExtend},                 // Mn   [4] IDEOGRAPHIC LEVEL TONE MARK..IDEOGRAPHIC ENTERING TONE MARK
+	{0x302E, 0x302F, prExtend},                 // Mc   [2] HANGUL SINGLE DOT TONE MARK..HANGUL DOUBLE DOT TONE MARK
+	{0x3030, 0x3030, prExtendedPictographic},   // E0.6   [1] (〰�)       wavy dash
+	{0x3031, 0x3035, prKatakana},               // Lm   [5] VERTICAL KANA REPEAT MARK..VERTICAL KANA REPEAT MARK LOWER HALF
+	{0x303B, 0x303B, prALetter},                // Lm       VERTICAL IDEOGRAPHIC ITERATION MARK
+	{0x303C, 0x303C, prALetter},                // Lo       MASU MARK
+	{0x303D, 0x303D, prExtendedPictographic},   // E0.6   [1] (〽�)       part alternation mark
+	{0x3099, 0x309A, prExtend},                 // Mn   [2] COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK..COMBINING KATAKANA-HIRAGANA SEMI-VOICED SOUND MARK
+	{0x309B, 0x309C, prKatakana},               // Sk   [2] KATAKANA-HIRAGANA VOICED SOUND MARK..KATAKANA-HIRAGANA SEMI-VOICED SOUND MARK
+	{0x30A0, 0x30A0, prKatakana},               // Pd       KATAKANA-HIRAGANA DOUBLE HYPHEN
+	{0x30A1, 0x30FA, prKatakana},               // Lo  [90] KATAKANA LETTER SMALL A..KATAKANA LETTER VO
+	{0x30FC, 0x30FE, prKatakana},               // Lm   [3] KATAKANA-HIRAGANA PROLONGED SOUND MARK..KATAKANA VOICED ITERATION MARK
+	{0x30FF, 0x30FF, prKatakana},               // Lo       KATAKANA DIGRAPH KOTO
+	{0x3105, 0x312F, prALetter},                // Lo  [43] BOPOMOFO LETTER B..BOPOMOFO LETTER NN
+	{0x3131, 0x318E, prALetter},                // Lo  [94] HANGUL LETTER KIYEOK..HANGUL LETTER ARAEAE
+	{0x31A0, 0x31BF, prALetter},                // Lo  [32] BOPOMOFO LETTER BU..BOPOMOFO LETTER AH
+	{0x31F0, 0x31FF, prKatakana},               // Lo  [16] KATAKANA LETTER SMALL KU..KATAKANA LETTER SMALL RO
+	{0x3297, 0x3297, prExtendedPictographic},   // E0.6   [1] (㊗�)       Japanese “congratulations� button
+	{0x3299, 0x3299, prExtendedPictographic},   // E0.6   [1] (㊙�)       Japanese “secret� button
+	{0x32D0, 0x32FE, prKatakana},               // So  [47] CIRCLED KATAKANA A..CIRCLED KATAKANA WO
+	{0x3300, 0x3357, prKatakana},               // So  [88] SQUARE APAATO..SQUARE WATTO
+	{0xA000, 0xA014, prALetter},                // Lo  [21] YI SYLLABLE IT..YI SYLLABLE E
+	{0xA015, 0xA015, prALetter},                // Lm       YI SYLLABLE WU
+	{0xA016, 0xA48C, prALetter},                // Lo [1143] YI SYLLABLE BIT..YI SYLLABLE YYR
+	{0xA4D0, 0xA4F7, prALetter},                // Lo  [40] LISU LETTER BA..LISU LETTER OE
+	{0xA4F8, 0xA4FD, prALetter},                // Lm   [6] LISU LETTER TONE MYA TI..LISU LETTER TONE MYA JEU
+	{0xA500, 0xA60B, prALetter},                // Lo [268] VAI SYLLABLE EE..VAI SYLLABLE NG
+	{0xA60C, 0xA60C, prALetter},                // Lm       VAI SYLLABLE LENGTHENER
+	{0xA610, 0xA61F, prALetter},                // Lo  [16] VAI SYLLABLE NDOLE FA..VAI SYMBOL JONG
+	{0xA620, 0xA629, prNumeric},                // Nd  [10] VAI DIGIT ZERO..VAI DIGIT NINE
+	{0xA62A, 0xA62B, prALetter},                // Lo   [2] VAI SYLLABLE NDOLE MA..VAI SYLLABLE NDOLE DO
+	{0xA640, 0xA66D, prALetter},                // L&  [46] CYRILLIC CAPITAL LETTER ZEMLYA..CYRILLIC SMALL LETTER DOUBLE MONOCULAR O
+	{0xA66E, 0xA66E, prALetter},                // Lo       CYRILLIC LETTER MULTIOCULAR O
+	{0xA66F, 0xA66F, prExtend},                 // Mn       COMBINING CYRILLIC VZMET
+	{0xA670, 0xA672, prExtend},                 // Me   [3] COMBINING CYRILLIC TEN MILLIONS SIGN..COMBINING CYRILLIC THOUSAND MILLIONS SIGN
+	{0xA674, 0xA67D, prExtend},                 // Mn  [10] COMBINING CYRILLIC LETTER UKRAINIAN IE..COMBINING CYRILLIC PAYEROK
+	{0xA67F, 0xA67F, prALetter},                // Lm       CYRILLIC PAYEROK
+	{0xA680, 0xA69B, prALetter},                // L&  [28] CYRILLIC CAPITAL LETTER DWE..CYRILLIC SMALL LETTER CROSSED O
+	{0xA69C, 0xA69D, prALetter},                // Lm   [2] MODIFIER LETTER CYRILLIC HARD SIGN..MODIFIER LETTER CYRILLIC SOFT SIGN
+	{0xA69E, 0xA69F, prExtend},                 // Mn   [2] COMBINING CYRILLIC LETTER EF..COMBINING CYRILLIC LETTER IOTIFIED E
+	{0xA6A0, 0xA6E5, prALetter},                // Lo  [70] BAMUM LETTER A..BAMUM LETTER KI
+	{0xA6E6, 0xA6EF, prALetter},                // Nl  [10] BAMUM LETTER MO..BAMUM LETTER KOGHOM
+	{0xA6F0, 0xA6F1, prExtend},                 // Mn   [2] BAMUM COMBINING MARK KOQNDON..BAMUM COMBINING MARK TUKWENTIS
+	{0xA708, 0xA716, prALetter},                // Sk  [15] MODIFIER LETTER EXTRA-HIGH DOTTED TONE BAR..MODIFIER LETTER EXTRA-LOW LEFT-STEM TONE BAR
+	{0xA717, 0xA71F, prALetter},                // Lm   [9] MODIFIER LETTER DOT VERTICAL BAR..MODIFIER LETTER LOW INVERTED EXCLAMATION MARK
+	{0xA720, 0xA721, prALetter},                // Sk   [2] MODIFIER LETTER STRESS AND HIGH TONE..MODIFIER LETTER STRESS AND LOW TONE
+	{0xA722, 0xA76F, prALetter},                // L&  [78] LATIN CAPITAL LETTER EGYPTOLOGICAL ALEF..LATIN SMALL LETTER CON
+	{0xA770, 0xA770, prALetter},                // Lm       MODIFIER LETTER US
+	{0xA771, 0xA787, prALetter},                // L&  [23] LATIN SMALL LETTER DUM..LATIN SMALL LETTER INSULAR T
+	{0xA788, 0xA788, prALetter},                // Lm       MODIFIER LETTER LOW CIRCUMFLEX ACCENT
+	{0xA789, 0xA78A, prALetter},                // Sk   [2] MODIFIER LETTER COLON..MODIFIER LETTER SHORT EQUALS SIGN
+	{0xA78B, 0xA78E, prALetter},                // L&   [4] LATIN CAPITAL LETTER SALTILLO..LATIN SMALL LETTER L WITH RETROFLEX HOOK AND BELT
+	{0xA78F, 0xA78F, prALetter},                // Lo       LATIN LETTER SINOLOGICAL DOT
+	{0xA790, 0xA7CA, prALetter},                // L&  [59] LATIN CAPITAL LETTER N WITH DESCENDER..LATIN SMALL LETTER S WITH SHORT STROKE OVERLAY
+	{0xA7D0, 0xA7D1, prALetter},                // L&   [2] LATIN CAPITAL LETTER CLOSED INSULAR G..LATIN SMALL LETTER CLOSED INSULAR G
+	{0xA7D3, 0xA7D3, prALetter},                // L&       LATIN SMALL LETTER DOUBLE THORN
+	{0xA7D5, 0xA7D9, prALetter},                // L&   [5] LATIN SMALL LETTER DOUBLE WYNN..LATIN SMALL LETTER SIGMOID S
+	{0xA7F2, 0xA7F4, prALetter},                // Lm   [3] MODIFIER LETTER CAPITAL C..MODIFIER LETTER CAPITAL Q
+	{0xA7F5, 0xA7F6, prALetter},                // L&   [2] LATIN CAPITAL LETTER REVERSED HALF H..LATIN SMALL LETTER REVERSED HALF H
+	{0xA7F7, 0xA7F7, prALetter},                // Lo       LATIN EPIGRAPHIC LETTER SIDEWAYS I
+	{0xA7F8, 0xA7F9, prALetter},                // Lm   [2] MODIFIER LETTER CAPITAL H WITH STROKE..MODIFIER LETTER SMALL LIGATURE OE
+	{0xA7FA, 0xA7FA, prALetter},                // L&       LATIN LETTER SMALL CAPITAL TURNED M
+	{0xA7FB, 0xA801, prALetter},                // Lo   [7] LATIN EPIGRAPHIC LETTER REVERSED F..SYLOTI NAGRI LETTER I
+	{0xA802, 0xA802, prExtend},                 // Mn       SYLOTI NAGRI SIGN DVISVARA
+	{0xA803, 0xA805, prALetter},                // Lo   [3] SYLOTI NAGRI LETTER U..SYLOTI NAGRI LETTER O
+	{0xA806, 0xA806, prExtend},                 // Mn       SYLOTI NAGRI SIGN HASANTA
+	{0xA807, 0xA80A, prALetter},                // Lo   [4] SYLOTI NAGRI LETTER KO..SYLOTI NAGRI LETTER GHO
+	{0xA80B, 0xA80B, prExtend},                 // Mn       SYLOTI NAGRI SIGN ANUSVARA
+	{0xA80C, 0xA822, prALetter},                // Lo  [23] SYLOTI NAGRI LETTER CO..SYLOTI NAGRI LETTER HO
+	{0xA823, 0xA824, prExtend},                 // Mc   [2] SYLOTI NAGRI VOWEL SIGN A..SYLOTI NAGRI VOWEL SIGN I
+	{0xA825, 0xA826, prExtend},                 // Mn   [2] SYLOTI NAGRI VOWEL SIGN U..SYLOTI NAGRI VOWEL SIGN E
+	{0xA827, 0xA827, prExtend},                 // Mc       SYLOTI NAGRI VOWEL SIGN OO
+	{0xA82C, 0xA82C, prExtend},                 // Mn       SYLOTI NAGRI SIGN ALTERNATE HASANTA
+	{0xA840, 0xA873, prALetter},                // Lo  [52] PHAGS-PA LETTER KA..PHAGS-PA LETTER CANDRABINDU
+	{0xA880, 0xA881, prExtend},                 // Mc   [2] SAURASHTRA SIGN ANUSVARA..SAURASHTRA SIGN VISARGA
+	{0xA882, 0xA8B3, prALetter},                // Lo  [50] SAURASHTRA LETTER A..SAURASHTRA LETTER LLA
+	{0xA8B4, 0xA8C3, prExtend},                 // Mc  [16] SAURASHTRA CONSONANT SIGN HAARU..SAURASHTRA VOWEL SIGN AU
+	{0xA8C4, 0xA8C5, prExtend},                 // Mn   [2] SAURASHTRA SIGN VIRAMA..SAURASHTRA SIGN CANDRABINDU
+	{0xA8D0, 0xA8D9, prNumeric},                // Nd  [10] SAURASHTRA DIGIT ZERO..SAURASHTRA DIGIT NINE
+	{0xA8E0, 0xA8F1, prExtend},                 // Mn  [18] COMBINING DEVANAGARI DIGIT ZERO..COMBINING DEVANAGARI SIGN AVAGRAHA
+	{0xA8F2, 0xA8F7, prALetter},                // Lo   [6] DEVANAGARI SIGN SPACING CANDRABINDU..DEVANAGARI SIGN CANDRABINDU AVAGRAHA
+	{0xA8FB, 0xA8FB, prALetter},                // Lo       DEVANAGARI HEADSTROKE
+	{0xA8FD, 0xA8FE, prALetter},                // Lo   [2] DEVANAGARI JAIN OM..DEVANAGARI LETTER AY
+	{0xA8FF, 0xA8FF, prExtend},                 // Mn       DEVANAGARI VOWEL SIGN AY
+	{0xA900, 0xA909, prNumeric},                // Nd  [10] KAYAH LI DIGIT ZERO..KAYAH LI DIGIT NINE
+	{0xA90A, 0xA925, prALetter},                // Lo  [28] KAYAH LI LETTER KA..KAYAH LI LETTER OO
+	{0xA926, 0xA92D, prExtend},                 // Mn   [8] KAYAH LI VOWEL UE..KAYAH LI TONE CALYA PLOPHU
+	{0xA930, 0xA946, prALetter},                // Lo  [23] REJANG LETTER KA..REJANG LETTER A
+	{0xA947, 0xA951, prExtend},                 // Mn  [11] REJANG VOWEL SIGN I..REJANG CONSONANT SIGN R
+	{0xA952, 0xA953, prExtend},                 // Mc   [2] REJANG CONSONANT SIGN H..REJANG VIRAMA
+	{0xA960, 0xA97C, prALetter},                // Lo  [29] HANGUL CHOSEONG TIKEUT-MIEUM..HANGUL CHOSEONG SSANGYEORINHIEUH
+	{0xA980, 0xA982, prExtend},                 // Mn   [3] JAVANESE SIGN PANYANGGA..JAVANESE SIGN LAYAR
+	{0xA983, 0xA983, prExtend},                 // Mc       JAVANESE SIGN WIGNYAN
+	{0xA984, 0xA9B2, prALetter},                // Lo  [47] JAVANESE LETTER A..JAVANESE LETTER HA
+	{0xA9B3, 0xA9B3, prExtend},                 // Mn       JAVANESE SIGN CECAK TELU
+	{0xA9B4, 0xA9B5, prExtend},                 // Mc   [2] JAVANESE VOWEL SIGN TARUNG..JAVANESE VOWEL SIGN TOLONG
+	{0xA9B6, 0xA9B9, prExtend},                 // Mn   [4] JAVANESE VOWEL SIGN WULU..JAVANESE VOWEL SIGN SUKU MENDUT
+	{0xA9BA, 0xA9BB, prExtend},                 // Mc   [2] JAVANESE VOWEL SIGN TALING..JAVANESE VOWEL SIGN DIRGA MURE
+	{0xA9BC, 0xA9BD, prExtend},                 // Mn   [2] JAVANESE VOWEL SIGN PEPET..JAVANESE CONSONANT SIGN KERET
+	{0xA9BE, 0xA9C0, prExtend},                 // Mc   [3] JAVANESE CONSONANT SIGN PENGKAL..JAVANESE PANGKON
+	{0xA9CF, 0xA9CF, prALetter},                // Lm       JAVANESE PANGRANGKEP
+	{0xA9D0, 0xA9D9, prNumeric},                // Nd  [10] JAVANESE DIGIT ZERO..JAVANESE DIGIT NINE
+	{0xA9E5, 0xA9E5, prExtend},                 // Mn       MYANMAR SIGN SHAN SAW
+	{0xA9F0, 0xA9F9, prNumeric},                // Nd  [10] MYANMAR TAI LAING DIGIT ZERO..MYANMAR TAI LAING DIGIT NINE
+	{0xAA00, 0xAA28, prALetter},                // Lo  [41] CHAM LETTER A..CHAM LETTER HA
+	{0xAA29, 0xAA2E, prExtend},                 // Mn   [6] CHAM VOWEL SIGN AA..CHAM VOWEL SIGN OE
+	{0xAA2F, 0xAA30, prExtend},                 // Mc   [2] CHAM VOWEL SIGN O..CHAM VOWEL SIGN AI
+	{0xAA31, 0xAA32, prExtend},                 // Mn   [2] CHAM VOWEL SIGN AU..CHAM VOWEL SIGN UE
+	{0xAA33, 0xAA34, prExtend},                 // Mc   [2] CHAM CONSONANT SIGN YA..CHAM CONSONANT SIGN RA
+	{0xAA35, 0xAA36, prExtend},                 // Mn   [2] CHAM CONSONANT SIGN LA..CHAM CONSONANT SIGN WA
+	{0xAA40, 0xAA42, prALetter},                // Lo   [3] CHAM LETTER FINAL K..CHAM LETTER FINAL NG
+	{0xAA43, 0xAA43, prExtend},                 // Mn       CHAM CONSONANT SIGN FINAL NG
+	{0xAA44, 0xAA4B, prALetter},                // Lo   [8] CHAM LETTER FINAL CH..CHAM LETTER FINAL SS
+	{0xAA4C, 0xAA4C, prExtend},                 // Mn       CHAM CONSONANT SIGN FINAL M
+	{0xAA4D, 0xAA4D, prExtend},                 // Mc       CHAM CONSONANT SIGN FINAL H
+	{0xAA50, 0xAA59, prNumeric},                // Nd  [10] CHAM DIGIT ZERO..CHAM DIGIT NINE
+	{0xAA7B, 0xAA7B, prExtend},                 // Mc       MYANMAR SIGN PAO KAREN TONE
+	{0xAA7C, 0xAA7C, prExtend},                 // Mn       MYANMAR SIGN TAI LAING TONE-2
+	{0xAA7D, 0xAA7D, prExtend},                 // Mc       MYANMAR SIGN TAI LAING TONE-5
+	{0xAAB0, 0xAAB0, prExtend},                 // Mn       TAI VIET MAI KANG
+	{0xAAB2, 0xAAB4, prExtend},                 // Mn   [3] TAI VIET VOWEL I..TAI VIET VOWEL U
+	{0xAAB7, 0xAAB8, prExtend},                 // Mn   [2] TAI VIET MAI KHIT..TAI VIET VOWEL IA
+	{0xAABE, 0xAABF, prExtend},                 // Mn   [2] TAI VIET VOWEL AM..TAI VIET TONE MAI EK
+	{0xAAC1, 0xAAC1, prExtend},                 // Mn       TAI VIET TONE MAI THO
+	{0xAAE0, 0xAAEA, prALetter},                // Lo  [11] MEETEI MAYEK LETTER E..MEETEI MAYEK LETTER SSA
+	{0xAAEB, 0xAAEB, prExtend},                 // Mc       MEETEI MAYEK VOWEL SIGN II
+	{0xAAEC, 0xAAED, prExtend},                 // Mn   [2] MEETEI MAYEK VOWEL SIGN UU..MEETEI MAYEK VOWEL SIGN AAI
+	{0xAAEE, 0xAAEF, prExtend},                 // Mc   [2] MEETEI MAYEK VOWEL SIGN AU..MEETEI MAYEK VOWEL SIGN AAU
+	{0xAAF2, 0xAAF2, prALetter},                // Lo       MEETEI MAYEK ANJI
+	{0xAAF3, 0xAAF4, prALetter},                // Lm   [2] MEETEI MAYEK SYLLABLE REPETITION MARK..MEETEI MAYEK WORD REPETITION MARK
+	{0xAAF5, 0xAAF5, prExtend},                 // Mc       MEETEI MAYEK VOWEL SIGN VISARGA
+	{0xAAF6, 0xAAF6, prExtend},                 // Mn       MEETEI MAYEK VIRAMA
+	{0xAB01, 0xAB06, prALetter},                // Lo   [6] ETHIOPIC SYLLABLE TTHU..ETHIOPIC SYLLABLE TTHO
+	{0xAB09, 0xAB0E, prALetter},                // Lo   [6] ETHIOPIC SYLLABLE DDHU..ETHIOPIC SYLLABLE DDHO
+	{0xAB11, 0xAB16, prALetter},                // Lo   [6] ETHIOPIC SYLLABLE DZU..ETHIOPIC SYLLABLE DZO
+	{0xAB20, 0xAB26, prALetter},                // Lo   [7] ETHIOPIC SYLLABLE CCHHA..ETHIOPIC SYLLABLE CCHHO
+	{0xAB28, 0xAB2E, prALetter},                // Lo   [7] ETHIOPIC SYLLABLE BBA..ETHIOPIC SYLLABLE BBO
+	{0xAB30, 0xAB5A, prALetter},                // L&  [43] LATIN SMALL LETTER BARRED ALPHA..LATIN SMALL LETTER Y WITH SHORT RIGHT LEG
+	{0xAB5B, 0xAB5B, prALetter},                // Sk       MODIFIER BREVE WITH INVERTED BREVE
+	{0xAB5C, 0xAB5F, prALetter},                // Lm   [4] MODIFIER LETTER SMALL HENG..MODIFIER LETTER SMALL U WITH LEFT HOOK
+	{0xAB60, 0xAB68, prALetter},                // L&   [9] LATIN SMALL LETTER SAKHA YAT..LATIN SMALL LETTER TURNED R WITH MIDDLE TILDE
+	{0xAB69, 0xAB69, prALetter},                // Lm       MODIFIER LETTER SMALL TURNED W
+	{0xAB70, 0xABBF, prALetter},                // L&  [80] CHEROKEE SMALL LETTER A..CHEROKEE SMALL LETTER YA
+	{0xABC0, 0xABE2, prALetter},                // Lo  [35] MEETEI MAYEK LETTER KOK..MEETEI MAYEK LETTER I LONSUM
+	{0xABE3, 0xABE4, prExtend},                 // Mc   [2] MEETEI MAYEK VOWEL SIGN ONAP..MEETEI MAYEK VOWEL SIGN INAP
+	{0xABE5, 0xABE5, prExtend},                 // Mn       MEETEI MAYEK VOWEL SIGN ANAP
+	{0xABE6, 0xABE7, prExtend},                 // Mc   [2] MEETEI MAYEK VOWEL SIGN YENAP..MEETEI MAYEK VOWEL SIGN SOUNAP
+	{0xABE8, 0xABE8, prExtend},                 // Mn       MEETEI MAYEK VOWEL SIGN UNAP
+	{0xABE9, 0xABEA, prExtend},                 // Mc   [2] MEETEI MAYEK VOWEL SIGN CHEINAP..MEETEI MAYEK VOWEL SIGN NUNG
+	{0xABEC, 0xABEC, prExtend},                 // Mc       MEETEI MAYEK LUM IYEK
+	{0xABED, 0xABED, prExtend},                 // Mn       MEETEI MAYEK APUN IYEK
+	{0xABF0, 0xABF9, prNumeric},                // Nd  [10] MEETEI MAYEK DIGIT ZERO..MEETEI MAYEK DIGIT NINE
+	{0xAC00, 0xD7A3, prALetter},                // Lo [11172] HANGUL SYLLABLE GA..HANGUL SYLLABLE HIH
+	{0xD7B0, 0xD7C6, prALetter},                // Lo  [23] HANGUL JUNGSEONG O-YEO..HANGUL JUNGSEONG ARAEA-E
+	{0xD7CB, 0xD7FB, prALetter},                // Lo  [49] HANGUL JONGSEONG NIEUN-RIEUL..HANGUL JONGSEONG PHIEUPH-THIEUTH
+	{0xFB00, 0xFB06, prALetter},                // L&   [7] LATIN SMALL LIGATURE FF..LATIN SMALL LIGATURE ST
+	{0xFB13, 0xFB17, prALetter},                // L&   [5] ARMENIAN SMALL LIGATURE MEN NOW..ARMENIAN SMALL LIGATURE MEN XEH
+	{0xFB1D, 0xFB1D, prHebrewLetter},           // Lo       HEBREW LETTER YOD WITH HIRIQ
+	{0xFB1E, 0xFB1E, prExtend},                 // Mn       HEBREW POINT JUDEO-SPANISH VARIKA
+	{0xFB1F, 0xFB28, prHebrewLetter},           // Lo  [10] HEBREW LIGATURE YIDDISH YOD YOD PATAH..HEBREW LETTER WIDE TAV
+	{0xFB2A, 0xFB36, prHebrewLetter},           // Lo  [13] HEBREW LETTER SHIN WITH SHIN DOT..HEBREW LETTER ZAYIN WITH DAGESH
+	{0xFB38, 0xFB3C, prHebrewLetter},           // Lo   [5] HEBREW LETTER TET WITH DAGESH..HEBREW LETTER LAMED WITH DAGESH
+	{0xFB3E, 0xFB3E, prHebrewLetter},           // Lo       HEBREW LETTER MEM WITH DAGESH
+	{0xFB40, 0xFB41, prHebrewLetter},           // Lo   [2] HEBREW LETTER NUN WITH DAGESH..HEBREW LETTER SAMEKH WITH DAGESH
+	{0xFB43, 0xFB44, prHebrewLetter},           // Lo   [2] HEBREW LETTER FINAL PE WITH DAGESH..HEBREW LETTER PE WITH DAGESH
+	{0xFB46, 0xFB4F, prHebrewLetter},           // Lo  [10] HEBREW LETTER TSADI WITH DAGESH..HEBREW LIGATURE ALEF LAMED
+	{0xFB50, 0xFBB1, prALetter},                // Lo  [98] ARABIC LETTER ALEF WASLA ISOLATED FORM..ARABIC LETTER YEH BARREE WITH HAMZA ABOVE FINAL FORM
+	{0xFBD3, 0xFD3D, prALetter},                // Lo [363] ARABIC LETTER NG ISOLATED FORM..ARABIC LIGATURE ALEF WITH FATHATAN ISOLATED FORM
+	{0xFD50, 0xFD8F, prALetter},                // Lo  [64] ARABIC LIGATURE TEH WITH JEEM WITH MEEM INITIAL FORM..ARABIC LIGATURE MEEM WITH KHAH WITH MEEM INITIAL FORM
+	{0xFD92, 0xFDC7, prALetter},                // Lo  [54] ARABIC LIGATURE MEEM WITH JEEM WITH KHAH INITIAL FORM..ARABIC LIGATURE NOON WITH JEEM WITH YEH FINAL FORM
+	{0xFDF0, 0xFDFB, prALetter},                // Lo  [12] ARABIC LIGATURE SALLA USED AS KORANIC STOP SIGN ISOLATED FORM..ARABIC LIGATURE JALLAJALALOUHOU
+	{0xFE00, 0xFE0F, prExtend},                 // Mn  [16] VARIATION SELECTOR-1..VARIATION SELECTOR-16
+	{0xFE10, 0xFE10, prMidNum},                 // Po       PRESENTATION FORM FOR VERTICAL COMMA
+	{0xFE13, 0xFE13, prMidLetter},              // Po       PRESENTATION FORM FOR VERTICAL COLON
+	{0xFE14, 0xFE14, prMidNum},                 // Po       PRESENTATION FORM FOR VERTICAL SEMICOLON
+	{0xFE20, 0xFE2F, prExtend},                 // Mn  [16] COMBINING LIGATURE LEFT HALF..COMBINING CYRILLIC TITLO RIGHT HALF
+	{0xFE33, 0xFE34, prExtendNumLet},           // Pc   [2] PRESENTATION FORM FOR VERTICAL LOW LINE..PRESENTATION FORM FOR VERTICAL WAVY LOW LINE
+	{0xFE4D, 0xFE4F, prExtendNumLet},           // Pc   [3] DASHED LOW LINE..WAVY LOW LINE
+	{0xFE50, 0xFE50, prMidNum},                 // Po       SMALL COMMA
+	{0xFE52, 0xFE52, prMidNumLet},              // Po       SMALL FULL STOP
+	{0xFE54, 0xFE54, prMidNum},                 // Po       SMALL SEMICOLON
+	{0xFE55, 0xFE55, prMidLetter},              // Po       SMALL COLON
+	{0xFE70, 0xFE74, prALetter},                // Lo   [5] ARABIC FATHATAN ISOLATED FORM..ARABIC KASRATAN ISOLATED FORM
+	{0xFE76, 0xFEFC, prALetter},                // Lo [135] ARABIC FATHA ISOLATED FORM..ARABIC LIGATURE LAM WITH ALEF FINAL FORM
+	{0xFEFF, 0xFEFF, prFormat},                 // Cf       ZERO WIDTH NO-BREAK SPACE
+	{0xFF07, 0xFF07, prMidNumLet},              // Po       FULLWIDTH APOSTROPHE
+	{0xFF0C, 0xFF0C, prMidNum},                 // Po       FULLWIDTH COMMA
+	{0xFF0E, 0xFF0E, prMidNumLet},              // Po       FULLWIDTH FULL STOP
+	{0xFF10, 0xFF19, prNumeric},                // Nd  [10] FULLWIDTH DIGIT ZERO..FULLWIDTH DIGIT NINE
+	{0xFF1A, 0xFF1A, prMidLetter},              // Po       FULLWIDTH COLON
+	{0xFF1B, 0xFF1B, prMidNum},                 // Po       FULLWIDTH SEMICOLON
+	{0xFF21, 0xFF3A, prALetter},                // L&  [26] FULLWIDTH LATIN CAPITAL LETTER A..FULLWIDTH LATIN CAPITAL LETTER Z
+	{0xFF3F, 0xFF3F, prExtendNumLet},           // Pc       FULLWIDTH LOW LINE
+	{0xFF41, 0xFF5A, prALetter},                // L&  [26] FULLWIDTH LATIN SMALL LETTER A..FULLWIDTH LATIN SMALL LETTER Z
+	{0xFF66, 0xFF6F, prKatakana},               // Lo  [10] HALFWIDTH KATAKANA LETTER WO..HALFWIDTH KATAKANA LETTER SMALL TU
+	{0xFF70, 0xFF70, prKatakana},               // Lm       HALFWIDTH KATAKANA-HIRAGANA PROLONGED SOUND MARK
+	{0xFF71, 0xFF9D, prKatakana},               // Lo  [45] HALFWIDTH KATAKANA LETTER A..HALFWIDTH KATAKANA LETTER N
+	{0xFF9E, 0xFF9F, prExtend},                 // Lm   [2] HALFWIDTH KATAKANA VOICED SOUND MARK..HALFWIDTH KATAKANA SEMI-VOICED SOUND MARK
+	{0xFFA0, 0xFFBE, prALetter},                // Lo  [31] HALFWIDTH HANGUL FILLER..HALFWIDTH HANGUL LETTER HIEUH
+	{0xFFC2, 0xFFC7, prALetter},                // Lo   [6] HALFWIDTH HANGUL LETTER A..HALFWIDTH HANGUL LETTER E
+	{0xFFCA, 0xFFCF, prALetter},                // Lo   [6] HALFWIDTH HANGUL LETTER YEO..HALFWIDTH HANGUL LETTER OE
+	{0xFFD2, 0xFFD7, prALetter},                // Lo   [6] HALFWIDTH HANGUL LETTER YO..HALFWIDTH HANGUL LETTER YU
+	{0xFFDA, 0xFFDC, prALetter},                // Lo   [3] HALFWIDTH HANGUL LETTER EU..HALFWIDTH HANGUL LETTER I
+	{0xFFF9, 0xFFFB, prFormat},                 // Cf   [3] INTERLINEAR ANNOTATION ANCHOR..INTERLINEAR ANNOTATION TERMINATOR
+	{0x10000, 0x1000B, prALetter},              // Lo  [12] LINEAR B SYLLABLE B008 A..LINEAR B SYLLABLE B046 JE
+	{0x1000D, 0x10026, prALetter},              // Lo  [26] LINEAR B SYLLABLE B036 JO..LINEAR B SYLLABLE B032 QO
+	{0x10028, 0x1003A, prALetter},              // Lo  [19] LINEAR B SYLLABLE B060 RA..LINEAR B SYLLABLE B042 WO
+	{0x1003C, 0x1003D, prALetter},              // Lo   [2] LINEAR B SYLLABLE B017 ZA..LINEAR B SYLLABLE B074 ZE
+	{0x1003F, 0x1004D, prALetter},              // Lo  [15] LINEAR B SYLLABLE B020 ZO..LINEAR B SYLLABLE B091 TWO
+	{0x10050, 0x1005D, prALetter},              // Lo  [14] LINEAR B SYMBOL B018..LINEAR B SYMBOL B089
+	{0x10080, 0x100FA, prALetter},              // Lo [123] LINEAR B IDEOGRAM B100 MAN..LINEAR B IDEOGRAM VESSEL B305
+	{0x10140, 0x10174, prALetter},              // Nl  [53] GREEK ACROPHONIC ATTIC ONE QUARTER..GREEK ACROPHONIC STRATIAN FIFTY MNAS
+	{0x101FD, 0x101FD, prExtend},               // Mn       PHAISTOS DISC SIGN COMBINING OBLIQUE STROKE
+	{0x10280, 0x1029C, prALetter},              // Lo  [29] LYCIAN LETTER A..LYCIAN LETTER X
+	{0x102A0, 0x102D0, prALetter},              // Lo  [49] CARIAN LETTER A..CARIAN LETTER UUU3
+	{0x102E0, 0x102E0, prExtend},               // Mn       COPTIC EPACT THOUSANDS MARK
+	{0x10300, 0x1031F, prALetter},              // Lo  [32] OLD ITALIC LETTER A..OLD ITALIC LETTER ESS
+	{0x1032D, 0x10340, prALetter},              // Lo  [20] OLD ITALIC LETTER YE..GOTHIC LETTER PAIRTHRA
+	{0x10341, 0x10341, prALetter},              // Nl       GOTHIC LETTER NINETY
+	{0x10342, 0x10349, prALetter},              // Lo   [8] GOTHIC LETTER RAIDA..GOTHIC LETTER OTHAL
+	{0x1034A, 0x1034A, prALetter},              // Nl       GOTHIC LETTER NINE HUNDRED
+	{0x10350, 0x10375, prALetter},              // Lo  [38] OLD PERMIC LETTER AN..OLD PERMIC LETTER IA
+	{0x10376, 0x1037A, prExtend},               // Mn   [5] COMBINING OLD PERMIC LETTER AN..COMBINING OLD PERMIC LETTER SII
+	{0x10380, 0x1039D, prALetter},              // Lo  [30] UGARITIC LETTER ALPA..UGARITIC LETTER SSU
+	{0x103A0, 0x103C3, prALetter},              // Lo  [36] OLD PERSIAN SIGN A..OLD PERSIAN SIGN HA
+	{0x103C8, 0x103CF, prALetter},              // Lo   [8] OLD PERSIAN SIGN AURAMAZDAA..OLD PERSIAN SIGN BUUMISH
+	{0x103D1, 0x103D5, prALetter},              // Nl   [5] OLD PERSIAN NUMBER ONE..OLD PERSIAN NUMBER HUNDRED
+	{0x10400, 0x1044F, prALetter},              // L&  [80] DESERET CAPITAL LETTER LONG I..DESERET SMALL LETTER EW
+	{0x10450, 0x1049D, prALetter},              // Lo  [78] SHAVIAN LETTER PEEP..OSMANYA LETTER OO
+	{0x104A0, 0x104A9, prNumeric},              // Nd  [10] OSMANYA DIGIT ZERO..OSMANYA DIGIT NINE
+	{0x104B0, 0x104D3, prALetter},              // L&  [36] OSAGE CAPITAL LETTER A..OSAGE CAPITAL LETTER ZHA
+	{0x104D8, 0x104FB, prALetter},              // L&  [36] OSAGE SMALL LETTER A..OSAGE SMALL LETTER ZHA
+	{0x10500, 0x10527, prALetter},              // Lo  [40] ELBASAN LETTER A..ELBASAN LETTER KHE
+	{0x10530, 0x10563, prALetter},              // Lo  [52] CAUCASIAN ALBANIAN LETTER ALT..CAUCASIAN ALBANIAN LETTER KIW
+	{0x10570, 0x1057A, prALetter},              // L&  [11] VITHKUQI CAPITAL LETTER A..VITHKUQI CAPITAL LETTER GA
+	{0x1057C, 0x1058A, prALetter},              // L&  [15] VITHKUQI CAPITAL LETTER HA..VITHKUQI CAPITAL LETTER RE
+	{0x1058C, 0x10592, prALetter},              // L&   [7] VITHKUQI CAPITAL LETTER SE..VITHKUQI CAPITAL LETTER XE
+	{0x10594, 0x10595, prALetter},              // L&   [2] VITHKUQI CAPITAL LETTER Y..VITHKUQI CAPITAL LETTER ZE
+	{0x10597, 0x105A1, prALetter},              // L&  [11] VITHKUQI SMALL LETTER A..VITHKUQI SMALL LETTER GA
+	{0x105A3, 0x105B1, prALetter},              // L&  [15] VITHKUQI SMALL LETTER HA..VITHKUQI SMALL LETTER RE
+	{0x105B3, 0x105B9, prALetter},              // L&   [7] VITHKUQI SMALL LETTER SE..VITHKUQI SMALL LETTER XE
+	{0x105BB, 0x105BC, prALetter},              // L&   [2] VITHKUQI SMALL LETTER Y..VITHKUQI SMALL LETTER ZE
+	{0x10600, 0x10736, prALetter},              // Lo [311] LINEAR A SIGN AB001..LINEAR A SIGN A664
+	{0x10740, 0x10755, prALetter},              // Lo  [22] LINEAR A SIGN A701 A..LINEAR A SIGN A732 JE
+	{0x10760, 0x10767, prALetter},              // Lo   [8] LINEAR A SIGN A800..LINEAR A SIGN A807
+	{0x10780, 0x10785, prALetter},              // Lm   [6] MODIFIER LETTER SMALL CAPITAL AA..MODIFIER LETTER SMALL B WITH HOOK
+	{0x10787, 0x107B0, prALetter},              // Lm  [42] MODIFIER LETTER SMALL DZ DIGRAPH..MODIFIER LETTER SMALL V WITH RIGHT HOOK
+	{0x107B2, 0x107BA, prALetter},              // Lm   [9] MODIFIER LETTER SMALL CAPITAL Y..MODIFIER LETTER SMALL S WITH CURL
+	{0x10800, 0x10805, prALetter},              // Lo   [6] CYPRIOT SYLLABLE A..CYPRIOT SYLLABLE JA
+	{0x10808, 0x10808, prALetter},              // Lo       CYPRIOT SYLLABLE JO
+	{0x1080A, 0x10835, prALetter},              // Lo  [44] CYPRIOT SYLLABLE KA..CYPRIOT SYLLABLE WO
+	{0x10837, 0x10838, prALetter},              // Lo   [2] CYPRIOT SYLLABLE XA..CYPRIOT SYLLABLE XE
+	{0x1083C, 0x1083C, prALetter},              // Lo       CYPRIOT SYLLABLE ZA
+	{0x1083F, 0x10855, prALetter},              // Lo  [23] CYPRIOT SYLLABLE ZO..IMPERIAL ARAMAIC LETTER TAW
+	{0x10860, 0x10876, prALetter},              // Lo  [23] PALMYRENE LETTER ALEPH..PALMYRENE LETTER TAW
+	{0x10880, 0x1089E, prALetter},              // Lo  [31] NABATAEAN LETTER FINAL ALEPH..NABATAEAN LETTER TAW
+	{0x108E0, 0x108F2, prALetter},              // Lo  [19] HATRAN LETTER ALEPH..HATRAN LETTER QOPH
+	{0x108F4, 0x108F5, prALetter},              // Lo   [2] HATRAN LETTER SHIN..HATRAN LETTER TAW
+	{0x10900, 0x10915, prALetter},              // Lo  [22] PHOENICIAN LETTER ALF..PHOENICIAN LETTER TAU
+	{0x10920, 0x10939, prALetter},              // Lo  [26] LYDIAN LETTER A..LYDIAN LETTER C
+	{0x10980, 0x109B7, prALetter},              // Lo  [56] MEROITIC HIEROGLYPHIC LETTER A..MEROITIC CURSIVE LETTER DA
+	{0x109BE, 0x109BF, prALetter},              // Lo   [2] MEROITIC CURSIVE LOGOGRAM RMT..MEROITIC CURSIVE LOGOGRAM IMN
+	{0x10A00, 0x10A00, prALetter},              // Lo       KHAROSHTHI LETTER A
+	{0x10A01, 0x10A03, prExtend},               // Mn   [3] KHAROSHTHI VOWEL SIGN I..KHAROSHTHI VOWEL SIGN VOCALIC R
+	{0x10A05, 0x10A06, prExtend},               // Mn   [2] KHAROSHTHI VOWEL SIGN E..KHAROSHTHI VOWEL SIGN O
+	{0x10A0C, 0x10A0F, prExtend},               // Mn   [4] KHAROSHTHI VOWEL LENGTH MARK..KHAROSHTHI SIGN VISARGA
+	{0x10A10, 0x10A13, prALetter},              // Lo   [4] KHAROSHTHI LETTER KA..KHAROSHTHI LETTER GHA
+	{0x10A15, 0x10A17, prALetter},              // Lo   [3] KHAROSHTHI LETTER CA..KHAROSHTHI LETTER JA
+	{0x10A19, 0x10A35, prALetter},              // Lo  [29] KHAROSHTHI LETTER NYA..KHAROSHTHI LETTER VHA
+	{0x10A38, 0x10A3A, prExtend},               // Mn   [3] KHAROSHTHI SIGN BAR ABOVE..KHAROSHTHI SIGN DOT BELOW
+	{0x10A3F, 0x10A3F, prExtend},               // Mn       KHAROSHTHI VIRAMA
+	{0x10A60, 0x10A7C, prALetter},              // Lo  [29] OLD SOUTH ARABIAN LETTER HE..OLD SOUTH ARABIAN LETTER THETH
+	{0x10A80, 0x10A9C, prALetter},              // Lo  [29] OLD NORTH ARABIAN LETTER HEH..OLD NORTH ARABIAN LETTER ZAH
+	{0x10AC0, 0x10AC7, prALetter},              // Lo   [8] MANICHAEAN LETTER ALEPH..MANICHAEAN LETTER WAW
+	{0x10AC9, 0x10AE4, prALetter},              // Lo  [28] MANICHAEAN LETTER ZAYIN..MANICHAEAN LETTER TAW
+	{0x10AE5, 0x10AE6, prExtend},               // Mn   [2] MANICHAEAN ABBREVIATION MARK ABOVE..MANICHAEAN ABBREVIATION MARK BELOW
+	{0x10B00, 0x10B35, prALetter},              // Lo  [54] AVESTAN LETTER A..AVESTAN LETTER HE
+	{0x10B40, 0x10B55, prALetter},              // Lo  [22] INSCRIPTIONAL PARTHIAN LETTER ALEPH..INSCRIPTIONAL PARTHIAN LETTER TAW
+	{0x10B60, 0x10B72, prALetter},              // Lo  [19] INSCRIPTIONAL PAHLAVI LETTER ALEPH..INSCRIPTIONAL PAHLAVI LETTER TAW
+	{0x10B80, 0x10B91, prALetter},              // Lo  [18] PSALTER PAHLAVI LETTER ALEPH..PSALTER PAHLAVI LETTER TAW
+	{0x10C00, 0x10C48, prALetter},              // Lo  [73] OLD TURKIC LETTER ORKHON A..OLD TURKIC LETTER ORKHON BASH
+	{0x10C80, 0x10CB2, prALetter},              // L&  [51] OLD HUNGARIAN CAPITAL LETTER A..OLD HUNGARIAN CAPITAL LETTER US
+	{0x10CC0, 0x10CF2, prALetter},              // L&  [51] OLD HUNGARIAN SMALL LETTER A..OLD HUNGARIAN SMALL LETTER US
+	{0x10D00, 0x10D23, prALetter},              // Lo  [36] HANIFI ROHINGYA LETTER A..HANIFI ROHINGYA MARK NA KHONNA
+	{0x10D24, 0x10D27, prExtend},               // Mn   [4] HANIFI ROHINGYA SIGN HARBAHAY..HANIFI ROHINGYA SIGN TASSI
+	{0x10D30, 0x10D39, prNumeric},              // Nd  [10] HANIFI ROHINGYA DIGIT ZERO..HANIFI ROHINGYA DIGIT NINE
+	{0x10E80, 0x10EA9, prALetter},              // Lo  [42] YEZIDI LETTER ELIF..YEZIDI LETTER ET
+	{0x10EAB, 0x10EAC, prExtend},               // Mn   [2] YEZIDI COMBINING HAMZA MARK..YEZIDI COMBINING MADDA MARK
+	{0x10EB0, 0x10EB1, prALetter},              // Lo   [2] YEZIDI LETTER LAM WITH DOT ABOVE..YEZIDI LETTER YOT WITH CIRCUMFLEX ABOVE
+	{0x10F00, 0x10F1C, prALetter},              // Lo  [29] OLD SOGDIAN LETTER ALEPH..OLD SOGDIAN LETTER FINAL TAW WITH VERTICAL TAIL
+	{0x10F27, 0x10F27, prALetter},              // Lo       OLD SOGDIAN LIGATURE AYIN-DALETH
+	{0x10F30, 0x10F45, prALetter},              // Lo  [22] SOGDIAN LETTER ALEPH..SOGDIAN INDEPENDENT SHIN
+	{0x10F46, 0x10F50, prExtend},               // Mn  [11] SOGDIAN COMBINING DOT BELOW..SOGDIAN COMBINING STROKE BELOW
+	{0x10F70, 0x10F81, prALetter},              // Lo  [18] OLD UYGHUR LETTER ALEPH..OLD UYGHUR LETTER LESH
+	{0x10F82, 0x10F85, prExtend},               // Mn   [4] OLD UYGHUR COMBINING DOT ABOVE..OLD UYGHUR COMBINING TWO DOTS BELOW
+	{0x10FB0, 0x10FC4, prALetter},              // Lo  [21] CHORASMIAN LETTER ALEPH..CHORASMIAN LETTER TAW
+	{0x10FE0, 0x10FF6, prALetter},              // Lo  [23] ELYMAIC LETTER ALEPH..ELYMAIC LIGATURE ZAYIN-YODH
+	{0x11000, 0x11000, prExtend},               // Mc       BRAHMI SIGN CANDRABINDU
+	{0x11001, 0x11001, prExtend},               // Mn       BRAHMI SIGN ANUSVARA
+	{0x11002, 0x11002, prExtend},               // Mc       BRAHMI SIGN VISARGA
+	{0x11003, 0x11037, prALetter},              // Lo  [53] BRAHMI SIGN JIHVAMULIYA..BRAHMI LETTER OLD TAMIL NNNA
+	{0x11038, 0x11046, prExtend},               // Mn  [15] BRAHMI VOWEL SIGN AA..BRAHMI VIRAMA
+	{0x11066, 0x1106F, prNumeric},              // Nd  [10] BRAHMI DIGIT ZERO..BRAHMI DIGIT NINE
+	{0x11070, 0x11070, prExtend},               // Mn       BRAHMI SIGN OLD TAMIL VIRAMA
+	{0x11071, 0x11072, prALetter},              // Lo   [2] BRAHMI LETTER OLD TAMIL SHORT E..BRAHMI LETTER OLD TAMIL SHORT O
+	{0x11073, 0x11074, prExtend},               // Mn   [2] BRAHMI VOWEL SIGN OLD TAMIL SHORT E..BRAHMI VOWEL SIGN OLD TAMIL SHORT O
+	{0x11075, 0x11075, prALetter},              // Lo       BRAHMI LETTER OLD TAMIL LLA
+	{0x1107F, 0x11081, prExtend},               // Mn   [3] BRAHMI NUMBER JOINER..KAITHI SIGN ANUSVARA
+	{0x11082, 0x11082, prExtend},               // Mc       KAITHI SIGN VISARGA
+	{0x11083, 0x110AF, prALetter},              // Lo  [45] KAITHI LETTER A..KAITHI LETTER HA
+	{0x110B0, 0x110B2, prExtend},               // Mc   [3] KAITHI VOWEL SIGN AA..KAITHI VOWEL SIGN II
+	{0x110B3, 0x110B6, prExtend},               // Mn   [4] KAITHI VOWEL SIGN U..KAITHI VOWEL SIGN AI
+	{0x110B7, 0x110B8, prExtend},               // Mc   [2] KAITHI VOWEL SIGN O..KAITHI VOWEL SIGN AU
+	{0x110B9, 0x110BA, prExtend},               // Mn   [2] KAITHI SIGN VIRAMA..KAITHI SIGN NUKTA
+	{0x110BD, 0x110BD, prFormat},               // Cf       KAITHI NUMBER SIGN
+	{0x110C2, 0x110C2, prExtend},               // Mn       KAITHI VOWEL SIGN VOCALIC R
+	{0x110CD, 0x110CD, prFormat},               // Cf       KAITHI NUMBER SIGN ABOVE
+	{0x110D0, 0x110E8, prALetter},              // Lo  [25] SORA SOMPENG LETTER SAH..SORA SOMPENG LETTER MAE
+	{0x110F0, 0x110F9, prNumeric},              // Nd  [10] SORA SOMPENG DIGIT ZERO..SORA SOMPENG DIGIT NINE
+	{0x11100, 0x11102, prExtend},               // Mn   [3] CHAKMA SIGN CANDRABINDU..CHAKMA SIGN VISARGA
+	{0x11103, 0x11126, prALetter},              // Lo  [36] CHAKMA LETTER AA..CHAKMA LETTER HAA
+	{0x11127, 0x1112B, prExtend},               // Mn   [5] CHAKMA VOWEL SIGN A..CHAKMA VOWEL SIGN UU
+	{0x1112C, 0x1112C, prExtend},               // Mc       CHAKMA VOWEL SIGN E
+	{0x1112D, 0x11134, prExtend},               // Mn   [8] CHAKMA VOWEL SIGN AI..CHAKMA MAAYYAA
+	{0x11136, 0x1113F, prNumeric},              // Nd  [10] CHAKMA DIGIT ZERO..CHAKMA DIGIT NINE
+	{0x11144, 0x11144, prALetter},              // Lo       CHAKMA LETTER LHAA
+	{0x11145, 0x11146, prExtend},               // Mc   [2] CHAKMA VOWEL SIGN AA..CHAKMA VOWEL SIGN EI
+	{0x11147, 0x11147, prALetter},              // Lo       CHAKMA LETTER VAA
+	{0x11150, 0x11172, prALetter},              // Lo  [35] MAHAJANI LETTER A..MAHAJANI LETTER RRA
+	{0x11173, 0x11173, prExtend},               // Mn       MAHAJANI SIGN NUKTA
+	{0x11176, 0x11176, prALetter},              // Lo       MAHAJANI LIGATURE SHRI
+	{0x11180, 0x11181, prExtend},               // Mn   [2] SHARADA SIGN CANDRABINDU..SHARADA SIGN ANUSVARA
+	{0x11182, 0x11182, prExtend},               // Mc       SHARADA SIGN VISARGA
+	{0x11183, 0x111B2, prALetter},              // Lo  [48] SHARADA LETTER A..SHARADA LETTER HA
+	{0x111B3, 0x111B5, prExtend},               // Mc   [3] SHARADA VOWEL SIGN AA..SHARADA VOWEL SIGN II
+	{0x111B6, 0x111BE, prExtend},               // Mn   [9] SHARADA VOWEL SIGN U..SHARADA VOWEL SIGN O
+	{0x111BF, 0x111C0, prExtend},               // Mc   [2] SHARADA VOWEL SIGN AU..SHARADA SIGN VIRAMA
+	{0x111C1, 0x111C4, prALetter},              // Lo   [4] SHARADA SIGN AVAGRAHA..SHARADA OM
+	{0x111C9, 0x111CC, prExtend},               // Mn   [4] SHARADA SANDHI MARK..SHARADA EXTRA SHORT VOWEL MARK
+	{0x111CE, 0x111CE, prExtend},               // Mc       SHARADA VOWEL SIGN PRISHTHAMATRA E
+	{0x111CF, 0x111CF, prExtend},               // Mn       SHARADA SIGN INVERTED CANDRABINDU
+	{0x111D0, 0x111D9, prNumeric},              // Nd  [10] SHARADA DIGIT ZERO..SHARADA DIGIT NINE
+	{0x111DA, 0x111DA, prALetter},              // Lo       SHARADA EKAM
+	{0x111DC, 0x111DC, prALetter},              // Lo       SHARADA HEADSTROKE
+	{0x11200, 0x11211, prALetter},              // Lo  [18] KHOJKI LETTER A..KHOJKI LETTER JJA
+	{0x11213, 0x1122B, prALetter},              // Lo  [25] KHOJKI LETTER NYA..KHOJKI LETTER LLA
+	{0x1122C, 0x1122E, prExtend},               // Mc   [3] KHOJKI VOWEL SIGN AA..KHOJKI VOWEL SIGN II
+	{0x1122F, 0x11231, prExtend},               // Mn   [3] KHOJKI VOWEL SIGN U..KHOJKI VOWEL SIGN AI
+	{0x11232, 0x11233, prExtend},               // Mc   [2] KHOJKI VOWEL SIGN O..KHOJKI VOWEL SIGN AU
+	{0x11234, 0x11234, prExtend},               // Mn       KHOJKI SIGN ANUSVARA
+	{0x11235, 0x11235, prExtend},               // Mc       KHOJKI SIGN VIRAMA
+	{0x11236, 0x11237, prExtend},               // Mn   [2] KHOJKI SIGN NUKTA..KHOJKI SIGN SHADDA
+	{0x1123E, 0x1123E, prExtend},               // Mn       KHOJKI SIGN SUKUN
+	{0x11280, 0x11286, prALetter},              // Lo   [7] MULTANI LETTER A..MULTANI LETTER GA
+	{0x11288, 0x11288, prALetter},              // Lo       MULTANI LETTER GHA
+	{0x1128A, 0x1128D, prALetter},              // Lo   [4] MULTANI LETTER CA..MULTANI LETTER JJA
+	{0x1128F, 0x1129D, prALetter},              // Lo  [15] MULTANI LETTER NYA..MULTANI LETTER BA
+	{0x1129F, 0x112A8, prALetter},              // Lo  [10] MULTANI LETTER BHA..MULTANI LETTER RHA
+	{0x112B0, 0x112DE, prALetter},              // Lo  [47] KHUDAWADI LETTER A..KHUDAWADI LETTER HA
+	{0x112DF, 0x112DF, prExtend},               // Mn       KHUDAWADI SIGN ANUSVARA
+	{0x112E0, 0x112E2, prExtend},               // Mc   [3] KHUDAWADI VOWEL SIGN AA..KHUDAWADI VOWEL SIGN II
+	{0x112E3, 0x112EA, prExtend},               // Mn   [8] KHUDAWADI VOWEL SIGN U..KHUDAWADI SIGN VIRAMA
+	{0x112F0, 0x112F9, prNumeric},              // Nd  [10] KHUDAWADI DIGIT ZERO..KHUDAWADI DIGIT NINE
+	{0x11300, 0x11301, prExtend},               // Mn   [2] GRANTHA SIGN COMBINING ANUSVARA ABOVE..GRANTHA SIGN CANDRABINDU
+	{0x11302, 0x11303, prExtend},               // Mc   [2] GRANTHA SIGN ANUSVARA..GRANTHA SIGN VISARGA
+	{0x11305, 0x1130C, prALetter},              // Lo   [8] GRANTHA LETTER A..GRANTHA LETTER VOCALIC L
+	{0x1130F, 0x11310, prALetter},              // Lo   [2] GRANTHA LETTER EE..GRANTHA LETTER AI
+	{0x11313, 0x11328, prALetter},              // Lo  [22] GRANTHA LETTER OO..GRANTHA LETTER NA
+	{0x1132A, 0x11330, prALetter},              // Lo   [7] GRANTHA LETTER PA..GRANTHA LETTER RA
+	{0x11332, 0x11333, prALetter},              // Lo   [2] GRANTHA LETTER LA..GRANTHA LETTER LLA
+	{0x11335, 0x11339, prALetter},              // Lo   [5] GRANTHA LETTER VA..GRANTHA LETTER HA
+	{0x1133B, 0x1133C, prExtend},               // Mn   [2] COMBINING BINDU BELOW..GRANTHA SIGN NUKTA
+	{0x1133D, 0x1133D, prALetter},              // Lo       GRANTHA SIGN AVAGRAHA
+	{0x1133E, 0x1133F, prExtend},               // Mc   [2] GRANTHA VOWEL SIGN AA..GRANTHA VOWEL SIGN I
+	{0x11340, 0x11340, prExtend},               // Mn       GRANTHA VOWEL SIGN II
+	{0x11341, 0x11344, prExtend},               // Mc   [4] GRANTHA VOWEL SIGN U..GRANTHA VOWEL SIGN VOCALIC RR
+	{0x11347, 0x11348, prExtend},               // Mc   [2] GRANTHA VOWEL SIGN EE..GRANTHA VOWEL SIGN AI
+	{0x1134B, 0x1134D, prExtend},               // Mc   [3] GRANTHA VOWEL SIGN OO..GRANTHA SIGN VIRAMA
+	{0x11350, 0x11350, prALetter},              // Lo       GRANTHA OM
+	{0x11357, 0x11357, prExtend},               // Mc       GRANTHA AU LENGTH MARK
+	{0x1135D, 0x11361, prALetter},              // Lo   [5] GRANTHA SIGN PLUTA..GRANTHA LETTER VOCALIC LL
+	{0x11362, 0x11363, prExtend},               // Mc   [2] GRANTHA VOWEL SIGN VOCALIC L..GRANTHA VOWEL SIGN VOCALIC LL
+	{0x11366, 0x1136C, prExtend},               // Mn   [7] COMBINING GRANTHA DIGIT ZERO..COMBINING GRANTHA DIGIT SIX
+	{0x11370, 0x11374, prExtend},               // Mn   [5] COMBINING GRANTHA LETTER A..COMBINING GRANTHA LETTER PA
+	{0x11400, 0x11434, prALetter},              // Lo  [53] NEWA LETTER A..NEWA LETTER HA
+	{0x11435, 0x11437, prExtend},               // Mc   [3] NEWA VOWEL SIGN AA..NEWA VOWEL SIGN II
+	{0x11438, 0x1143F, prExtend},               // Mn   [8] NEWA VOWEL SIGN U..NEWA VOWEL SIGN AI
+	{0x11440, 0x11441, prExtend},               // Mc   [2] NEWA VOWEL SIGN O..NEWA VOWEL SIGN AU
+	{0x11442, 0x11444, prExtend},               // Mn   [3] NEWA SIGN VIRAMA..NEWA SIGN ANUSVARA
+	{0x11445, 0x11445, prExtend},               // Mc       NEWA SIGN VISARGA
+	{0x11446, 0x11446, prExtend},               // Mn       NEWA SIGN NUKTA
+	{0x11447, 0x1144A, prALetter},              // Lo   [4] NEWA SIGN AVAGRAHA..NEWA SIDDHI
+	{0x11450, 0x11459, prNumeric},              // Nd  [10] NEWA DIGIT ZERO..NEWA DIGIT NINE
+	{0x1145E, 0x1145E, prExtend},               // Mn       NEWA SANDHI MARK
+	{0x1145F, 0x11461, prALetter},              // Lo   [3] NEWA LETTER VEDIC ANUSVARA..NEWA SIGN UPADHMANIYA
+	{0x11480, 0x114AF, prALetter},              // Lo  [48] TIRHUTA ANJI..TIRHUTA LETTER HA
+	{0x114B0, 0x114B2, prExtend},               // Mc   [3] TIRHUTA VOWEL SIGN AA..TIRHUTA VOWEL SIGN II
+	{0x114B3, 0x114B8, prExtend},               // Mn   [6] TIRHUTA VOWEL SIGN U..TIRHUTA VOWEL SIGN VOCALIC LL
+	{0x114B9, 0x114B9, prExtend},               // Mc       TIRHUTA VOWEL SIGN E
+	{0x114BA, 0x114BA, prExtend},               // Mn       TIRHUTA VOWEL SIGN SHORT E
+	{0x114BB, 0x114BE, prExtend},               // Mc   [4] TIRHUTA VOWEL SIGN AI..TIRHUTA VOWEL SIGN AU
+	{0x114BF, 0x114C0, prExtend},               // Mn   [2] TIRHUTA SIGN CANDRABINDU..TIRHUTA SIGN ANUSVARA
+	{0x114C1, 0x114C1, prExtend},               // Mc       TIRHUTA SIGN VISARGA
+	{0x114C2, 0x114C3, prExtend},               // Mn   [2] TIRHUTA SIGN VIRAMA..TIRHUTA SIGN NUKTA
+	{0x114C4, 0x114C5, prALetter},              // Lo   [2] TIRHUTA SIGN AVAGRAHA..TIRHUTA GVANG
+	{0x114C7, 0x114C7, prALetter},              // Lo       TIRHUTA OM
+	{0x114D0, 0x114D9, prNumeric},              // Nd  [10] TIRHUTA DIGIT ZERO..TIRHUTA DIGIT NINE
+	{0x11580, 0x115AE, prALetter},              // Lo  [47] SIDDHAM LETTER A..SIDDHAM LETTER HA
+	{0x115AF, 0x115B1, prExtend},               // Mc   [3] SIDDHAM VOWEL SIGN AA..SIDDHAM VOWEL SIGN II
+	{0x115B2, 0x115B5, prExtend},               // Mn   [4] SIDDHAM VOWEL SIGN U..SIDDHAM VOWEL SIGN VOCALIC RR
+	{0x115B8, 0x115BB, prExtend},               // Mc   [4] SIDDHAM VOWEL SIGN E..SIDDHAM VOWEL SIGN AU
+	{0x115BC, 0x115BD, prExtend},               // Mn   [2] SIDDHAM SIGN CANDRABINDU..SIDDHAM SIGN ANUSVARA
+	{0x115BE, 0x115BE, prExtend},               // Mc       SIDDHAM SIGN VISARGA
+	{0x115BF, 0x115C0, prExtend},               // Mn   [2] SIDDHAM SIGN VIRAMA..SIDDHAM SIGN NUKTA
+	{0x115D8, 0x115DB, prALetter},              // Lo   [4] SIDDHAM LETTER THREE-CIRCLE ALTERNATE I..SIDDHAM LETTER ALTERNATE U
+	{0x115DC, 0x115DD, prExtend},               // Mn   [2] SIDDHAM VOWEL SIGN ALTERNATE U..SIDDHAM VOWEL SIGN ALTERNATE UU
+	{0x11600, 0x1162F, prALetter},              // Lo  [48] MODI LETTER A..MODI LETTER LLA
+	{0x11630, 0x11632, prExtend},               // Mc   [3] MODI VOWEL SIGN AA..MODI VOWEL SIGN II
+	{0x11633, 0x1163A, prExtend},               // Mn   [8] MODI VOWEL SIGN U..MODI VOWEL SIGN AI
+	{0x1163B, 0x1163C, prExtend},               // Mc   [2] MODI VOWEL SIGN O..MODI VOWEL SIGN AU
+	{0x1163D, 0x1163D, prExtend},               // Mn       MODI SIGN ANUSVARA
+	{0x1163E, 0x1163E, prExtend},               // Mc       MODI SIGN VISARGA
+	{0x1163F, 0x11640, prExtend},               // Mn   [2] MODI SIGN VIRAMA..MODI SIGN ARDHACANDRA
+	{0x11644, 0x11644, prALetter},              // Lo       MODI SIGN HUVA
+	{0x11650, 0x11659, prNumeric},              // Nd  [10] MODI DIGIT ZERO..MODI DIGIT NINE
+	{0x11680, 0x116AA, prALetter},              // Lo  [43] TAKRI LETTER A..TAKRI LETTER RRA
+	{0x116AB, 0x116AB, prExtend},               // Mn       TAKRI SIGN ANUSVARA
+	{0x116AC, 0x116AC, prExtend},               // Mc       TAKRI SIGN VISARGA
+	{0x116AD, 0x116AD, prExtend},               // Mn       TAKRI VOWEL SIGN AA
+	{0x116AE, 0x116AF, prExtend},               // Mc   [2] TAKRI VOWEL SIGN I..TAKRI VOWEL SIGN II
+	{0x116B0, 0x116B5, prExtend},               // Mn   [6] TAKRI VOWEL SIGN U..TAKRI VOWEL SIGN AU
+	{0x116B6, 0x116B6, prExtend},               // Mc       TAKRI SIGN VIRAMA
+	{0x116B7, 0x116B7, prExtend},               // Mn       TAKRI SIGN NUKTA
+	{0x116B8, 0x116B8, prALetter},              // Lo       TAKRI LETTER ARCHAIC KHA
+	{0x116C0, 0x116C9, prNumeric},              // Nd  [10] TAKRI DIGIT ZERO..TAKRI DIGIT NINE
+	{0x1171D, 0x1171F, prExtend},               // Mn   [3] AHOM CONSONANT SIGN MEDIAL LA..AHOM CONSONANT SIGN MEDIAL LIGATING RA
+	{0x11720, 0x11721, prExtend},               // Mc   [2] AHOM VOWEL SIGN A..AHOM VOWEL SIGN AA
+	{0x11722, 0x11725, prExtend},               // Mn   [4] AHOM VOWEL SIGN I..AHOM VOWEL SIGN UU
+	{0x11726, 0x11726, prExtend},               // Mc       AHOM VOWEL SIGN E
+	{0x11727, 0x1172B, prExtend},               // Mn   [5] AHOM VOWEL SIGN AW..AHOM SIGN KILLER
+	{0x11730, 0x11739, prNumeric},              // Nd  [10] AHOM DIGIT ZERO..AHOM DIGIT NINE
+	{0x11800, 0x1182B, prALetter},              // Lo  [44] DOGRA LETTER A..DOGRA LETTER RRA
+	{0x1182C, 0x1182E, prExtend},               // Mc   [3] DOGRA VOWEL SIGN AA..DOGRA VOWEL SIGN II
+	{0x1182F, 0x11837, prExtend},               // Mn   [9] DOGRA VOWEL SIGN U..DOGRA SIGN ANUSVARA
+	{0x11838, 0x11838, prExtend},               // Mc       DOGRA SIGN VISARGA
+	{0x11839, 0x1183A, prExtend},               // Mn   [2] DOGRA SIGN VIRAMA..DOGRA SIGN NUKTA
+	{0x118A0, 0x118DF, prALetter},              // L&  [64] WARANG CITI CAPITAL LETTER NGAA..WARANG CITI SMALL LETTER VIYO
+	{0x118E0, 0x118E9, prNumeric},              // Nd  [10] WARANG CITI DIGIT ZERO..WARANG CITI DIGIT NINE
+	{0x118FF, 0x11906, prALetter},              // Lo   [8] WARANG CITI OM..DIVES AKURU LETTER E
+	{0x11909, 0x11909, prALetter},              // Lo       DIVES AKURU LETTER O
+	{0x1190C, 0x11913, prALetter},              // Lo   [8] DIVES AKURU LETTER KA..DIVES AKURU LETTER JA
+	{0x11915, 0x11916, prALetter},              // Lo   [2] DIVES AKURU LETTER NYA..DIVES AKURU LETTER TTA
+	{0x11918, 0x1192F, prALetter},              // Lo  [24] DIVES AKURU LETTER DDA..DIVES AKURU LETTER ZA
+	{0x11930, 0x11935, prExtend},               // Mc   [6] DIVES AKURU VOWEL SIGN AA..DIVES AKURU VOWEL SIGN E
+	{0x11937, 0x11938, prExtend},               // Mc   [2] DIVES AKURU VOWEL SIGN AI..DIVES AKURU VOWEL SIGN O
+	{0x1193B, 0x1193C, prExtend},               // Mn   [2] DIVES AKURU SIGN ANUSVARA..DIVES AKURU SIGN CANDRABINDU
+	{0x1193D, 0x1193D, prExtend},               // Mc       DIVES AKURU SIGN HALANTA
+	{0x1193E, 0x1193E, prExtend},               // Mn       DIVES AKURU VIRAMA
+	{0x1193F, 0x1193F, prALetter},              // Lo       DIVES AKURU PREFIXED NASAL SIGN
+	{0x11940, 0x11940, prExtend},               // Mc       DIVES AKURU MEDIAL YA
+	{0x11941, 0x11941, prALetter},              // Lo       DIVES AKURU INITIAL RA
+	{0x11942, 0x11942, prExtend},               // Mc       DIVES AKURU MEDIAL RA
+	{0x11943, 0x11943, prExtend},               // Mn       DIVES AKURU SIGN NUKTA
+	{0x11950, 0x11959, prNumeric},              // Nd  [10] DIVES AKURU DIGIT ZERO..DIVES AKURU DIGIT NINE
+	{0x119A0, 0x119A7, prALetter},              // Lo   [8] NANDINAGARI LETTER A..NANDINAGARI LETTER VOCALIC RR
+	{0x119AA, 0x119D0, prALetter},              // Lo  [39] NANDINAGARI LETTER E..NANDINAGARI LETTER RRA
+	{0x119D1, 0x119D3, prExtend},               // Mc   [3] NANDINAGARI VOWEL SIGN AA..NANDINAGARI VOWEL SIGN II
+	{0x119D4, 0x119D7, prExtend},               // Mn   [4] NANDINAGARI VOWEL SIGN U..NANDINAGARI VOWEL SIGN VOCALIC RR
+	{0x119DA, 0x119DB, prExtend},               // Mn   [2] NANDINAGARI VOWEL SIGN E..NANDINAGARI VOWEL SIGN AI
+	{0x119DC, 0x119DF, prExtend},               // Mc   [4] NANDINAGARI VOWEL SIGN O..NANDINAGARI SIGN VISARGA
+	{0x119E0, 0x119E0, prExtend},               // Mn       NANDINAGARI SIGN VIRAMA
+	{0x119E1, 0x119E1, prALetter},              // Lo       NANDINAGARI SIGN AVAGRAHA
+	{0x119E3, 0x119E3, prALetter},              // Lo       NANDINAGARI HEADSTROKE
+	{0x119E4, 0x119E4, prExtend},               // Mc       NANDINAGARI VOWEL SIGN PRISHTHAMATRA E
+	{0x11A00, 0x11A00, prALetter},              // Lo       ZANABAZAR SQUARE LETTER A
+	{0x11A01, 0x11A0A, prExtend},               // Mn  [10] ZANABAZAR SQUARE VOWEL SIGN I..ZANABAZAR SQUARE VOWEL LENGTH MARK
+	{0x11A0B, 0x11A32, prALetter},              // Lo  [40] ZANABAZAR SQUARE LETTER KA..ZANABAZAR SQUARE LETTER KSSA
+	{0x11A33, 0x11A38, prExtend},               // Mn   [6] ZANABAZAR SQUARE FINAL CONSONANT MARK..ZANABAZAR SQUARE SIGN ANUSVARA
+	{0x11A39, 0x11A39, prExtend},               // Mc       ZANABAZAR SQUARE SIGN VISARGA
+	{0x11A3A, 0x11A3A, prALetter},              // Lo       ZANABAZAR SQUARE CLUSTER-INITIAL LETTER RA
+	{0x11A3B, 0x11A3E, prExtend},               // Mn   [4] ZANABAZAR SQUARE CLUSTER-FINAL LETTER YA..ZANABAZAR SQUARE CLUSTER-FINAL LETTER VA
+	{0x11A47, 0x11A47, prExtend},               // Mn       ZANABAZAR SQUARE SUBJOINER
+	{0x11A50, 0x11A50, prALetter},              // Lo       SOYOMBO LETTER A
+	{0x11A51, 0x11A56, prExtend},               // Mn   [6] SOYOMBO VOWEL SIGN I..SOYOMBO VOWEL SIGN OE
+	{0x11A57, 0x11A58, prExtend},               // Mc   [2] SOYOMBO VOWEL SIGN AI..SOYOMBO VOWEL SIGN AU
+	{0x11A59, 0x11A5B, prExtend},               // Mn   [3] SOYOMBO VOWEL SIGN VOCALIC R..SOYOMBO VOWEL LENGTH MARK
+	{0x11A5C, 0x11A89, prALetter},              // Lo  [46] SOYOMBO LETTER KA..SOYOMBO CLUSTER-INITIAL LETTER SA
+	{0x11A8A, 0x11A96, prExtend},               // Mn  [13] SOYOMBO FINAL CONSONANT SIGN G..SOYOMBO SIGN ANUSVARA
+	{0x11A97, 0x11A97, prExtend},               // Mc       SOYOMBO SIGN VISARGA
+	{0x11A98, 0x11A99, prExtend},               // Mn   [2] SOYOMBO GEMINATION MARK..SOYOMBO SUBJOINER
+	{0x11A9D, 0x11A9D, prALetter},              // Lo       SOYOMBO MARK PLUTA
+	{0x11AB0, 0x11AF8, prALetter},              // Lo  [73] CANADIAN SYLLABICS NATTILIK HI..PAU CIN HAU GLOTTAL STOP FINAL
+	{0x11C00, 0x11C08, prALetter},              // Lo   [9] BHAIKSUKI LETTER A..BHAIKSUKI LETTER VOCALIC L
+	{0x11C0A, 0x11C2E, prALetter},              // Lo  [37] BHAIKSUKI LETTER E..BHAIKSUKI LETTER HA
+	{0x11C2F, 0x11C2F, prExtend},               // Mc       BHAIKSUKI VOWEL SIGN AA
+	{0x11C30, 0x11C36, prExtend},               // Mn   [7] BHAIKSUKI VOWEL SIGN I..BHAIKSUKI VOWEL SIGN VOCALIC L
+	{0x11C38, 0x11C3D, prExtend},               // Mn   [6] BHAIKSUKI VOWEL SIGN E..BHAIKSUKI SIGN ANUSVARA
+	{0x11C3E, 0x11C3E, prExtend},               // Mc       BHAIKSUKI SIGN VISARGA
+	{0x11C3F, 0x11C3F, prExtend},               // Mn       BHAIKSUKI SIGN VIRAMA
+	{0x11C40, 0x11C40, prALetter},              // Lo       BHAIKSUKI SIGN AVAGRAHA
+	{0x11C50, 0x11C59, prNumeric},              // Nd  [10] BHAIKSUKI DIGIT ZERO..BHAIKSUKI DIGIT NINE
+	{0x11C72, 0x11C8F, prALetter},              // Lo  [30] MARCHEN LETTER KA..MARCHEN LETTER A
+	{0x11C92, 0x11CA7, prExtend},               // Mn  [22] MARCHEN SUBJOINED LETTER KA..MARCHEN SUBJOINED LETTER ZA
+	{0x11CA9, 0x11CA9, prExtend},               // Mc       MARCHEN SUBJOINED LETTER YA
+	{0x11CAA, 0x11CB0, prExtend},               // Mn   [7] MARCHEN SUBJOINED LETTER RA..MARCHEN VOWEL SIGN AA
+	{0x11CB1, 0x11CB1, prExtend},               // Mc       MARCHEN VOWEL SIGN I
+	{0x11CB2, 0x11CB3, prExtend},               // Mn   [2] MARCHEN VOWEL SIGN U..MARCHEN VOWEL SIGN E
+	{0x11CB4, 0x11CB4, prExtend},               // Mc       MARCHEN VOWEL SIGN O
+	{0x11CB5, 0x11CB6, prExtend},               // Mn   [2] MARCHEN SIGN ANUSVARA..MARCHEN SIGN CANDRABINDU
+	{0x11D00, 0x11D06, prALetter},              // Lo   [7] MASARAM GONDI LETTER A..MASARAM GONDI LETTER E
+	{0x11D08, 0x11D09, prALetter},              // Lo   [2] MASARAM GONDI LETTER AI..MASARAM GONDI LETTER O
+	{0x11D0B, 0x11D30, prALetter},              // Lo  [38] MASARAM GONDI LETTER AU..MASARAM GONDI LETTER TRA
+	{0x11D31, 0x11D36, prExtend},               // Mn   [6] MASARAM GONDI VOWEL SIGN AA..MASARAM GONDI VOWEL SIGN VOCALIC R
+	{0x11D3A, 0x11D3A, prExtend},               // Mn       MASARAM GONDI VOWEL SIGN E
+	{0x11D3C, 0x11D3D, prExtend},               // Mn   [2] MASARAM GONDI VOWEL SIGN AI..MASARAM GONDI VOWEL SIGN O
+	{0x11D3F, 0x11D45, prExtend},               // Mn   [7] MASARAM GONDI VOWEL SIGN AU..MASARAM GONDI VIRAMA
+	{0x11D46, 0x11D46, prALetter},              // Lo       MASARAM GONDI REPHA
+	{0x11D47, 0x11D47, prExtend},               // Mn       MASARAM GONDI RA-KARA
+	{0x11D50, 0x11D59, prNumeric},              // Nd  [10] MASARAM GONDI DIGIT ZERO..MASARAM GONDI DIGIT NINE
+	{0x11D60, 0x11D65, prALetter},              // Lo   [6] GUNJALA GONDI LETTER A..GUNJALA GONDI LETTER UU
+	{0x11D67, 0x11D68, prALetter},              // Lo   [2] GUNJALA GONDI LETTER EE..GUNJALA GONDI LETTER AI
+	{0x11D6A, 0x11D89, prALetter},              // Lo  [32] GUNJALA GONDI LETTER OO..GUNJALA GONDI LETTER SA
+	{0x11D8A, 0x11D8E, prExtend},               // Mc   [5] GUNJALA GONDI VOWEL SIGN AA..GUNJALA GONDI VOWEL SIGN UU
+	{0x11D90, 0x11D91, prExtend},               // Mn   [2] GUNJALA GONDI VOWEL SIGN EE..GUNJALA GONDI VOWEL SIGN AI
+	{0x11D93, 0x11D94, prExtend},               // Mc   [2] GUNJALA GONDI VOWEL SIGN OO..GUNJALA GONDI VOWEL SIGN AU
+	{0x11D95, 0x11D95, prExtend},               // Mn       GUNJALA GONDI SIGN ANUSVARA
+	{0x11D96, 0x11D96, prExtend},               // Mc       GUNJALA GONDI SIGN VISARGA
+	{0x11D97, 0x11D97, prExtend},               // Mn       GUNJALA GONDI VIRAMA
+	{0x11D98, 0x11D98, prALetter},              // Lo       GUNJALA GONDI OM
+	{0x11DA0, 0x11DA9, prNumeric},              // Nd  [10] GUNJALA GONDI DIGIT ZERO..GUNJALA GONDI DIGIT NINE
+	{0x11EE0, 0x11EF2, prALetter},              // Lo  [19] MAKASAR LETTER KA..MAKASAR ANGKA
+	{0x11EF3, 0x11EF4, prExtend},               // Mn   [2] MAKASAR VOWEL SIGN I..MAKASAR VOWEL SIGN U
+	{0x11EF5, 0x11EF6, prExtend},               // Mc   [2] MAKASAR VOWEL SIGN E..MAKASAR VOWEL SIGN O
+	{0x11FB0, 0x11FB0, prALetter},              // Lo       LISU LETTER YHA
+	{0x12000, 0x12399, prALetter},              // Lo [922] CUNEIFORM SIGN A..CUNEIFORM SIGN U U
+	{0x12400, 0x1246E, prALetter},              // Nl [111] CUNEIFORM NUMERIC SIGN TWO ASH..CUNEIFORM NUMERIC SIGN NINE U VARIANT FORM
+	{0x12480, 0x12543, prALetter},              // Lo [196] CUNEIFORM SIGN AB TIMES NUN TENU..CUNEIFORM SIGN ZU5 TIMES THREE DISH TENU
+	{0x12F90, 0x12FF0, prALetter},              // Lo  [97] CYPRO-MINOAN SIGN CM001..CYPRO-MINOAN SIGN CM114
+	{0x13000, 0x1342E, prALetter},              // Lo [1071] EGYPTIAN HIEROGLYPH A001..EGYPTIAN HIEROGLYPH AA032
+	{0x13430, 0x13438, prFormat},               // Cf   [9] EGYPTIAN HIEROGLYPH VERTICAL JOINER..EGYPTIAN HIEROGLYPH END SEGMENT
+	{0x14400, 0x14646, prALetter},              // Lo [583] ANATOLIAN HIEROGLYPH A001..ANATOLIAN HIEROGLYPH A530
+	{0x16800, 0x16A38, prALetter},              // Lo [569] BAMUM LETTER PHASE-A NGKUE MFON..BAMUM LETTER PHASE-F VUEQ
+	{0x16A40, 0x16A5E, prALetter},              // Lo  [31] MRO LETTER TA..MRO LETTER TEK
+	{0x16A60, 0x16A69, prNumeric},              // Nd  [10] MRO DIGIT ZERO..MRO DIGIT NINE
+	{0x16A70, 0x16ABE, prALetter},              // Lo  [79] TANGSA LETTER OZ..TANGSA LETTER ZA
+	{0x16AC0, 0x16AC9, prNumeric},              // Nd  [10] TANGSA DIGIT ZERO..TANGSA DIGIT NINE
+	{0x16AD0, 0x16AED, prALetter},              // Lo  [30] BASSA VAH LETTER ENNI..BASSA VAH LETTER I
+	{0x16AF0, 0x16AF4, prExtend},               // Mn   [5] BASSA VAH COMBINING HIGH TONE..BASSA VAH COMBINING HIGH-LOW TONE
+	{0x16B00, 0x16B2F, prALetter},              // Lo  [48] PAHAWH HMONG VOWEL KEEB..PAHAWH HMONG CONSONANT CAU
+	{0x16B30, 0x16B36, prExtend},               // Mn   [7] PAHAWH HMONG MARK CIM TUB..PAHAWH HMONG MARK CIM TAUM
+	{0x16B40, 0x16B43, prALetter},              // Lm   [4] PAHAWH HMONG SIGN VOS SEEV..PAHAWH HMONG SIGN IB YAM
+	{0x16B50, 0x16B59, prNumeric},              // Nd  [10] PAHAWH HMONG DIGIT ZERO..PAHAWH HMONG DIGIT NINE
+	{0x16B63, 0x16B77, prALetter},              // Lo  [21] PAHAWH HMONG SIGN VOS LUB..PAHAWH HMONG SIGN CIM NRES TOS
+	{0x16B7D, 0x16B8F, prALetter},              // Lo  [19] PAHAWH HMONG CLAN SIGN TSHEEJ..PAHAWH HMONG CLAN SIGN VWJ
+	{0x16E40, 0x16E7F, prALetter},              // L&  [64] MEDEFAIDRIN CAPITAL LETTER M..MEDEFAIDRIN SMALL LETTER Y
+	{0x16F00, 0x16F4A, prALetter},              // Lo  [75] MIAO LETTER PA..MIAO LETTER RTE
+	{0x16F4F, 0x16F4F, prExtend},               // Mn       MIAO SIGN CONSONANT MODIFIER BAR
+	{0x16F50, 0x16F50, prALetter},              // Lo       MIAO LETTER NASALIZATION
+	{0x16F51, 0x16F87, prExtend},               // Mc  [55] MIAO SIGN ASPIRATION..MIAO VOWEL SIGN UI
+	{0x16F8F, 0x16F92, prExtend},               // Mn   [4] MIAO TONE RIGHT..MIAO TONE BELOW
+	{0x16F93, 0x16F9F, prALetter},              // Lm  [13] MIAO LETTER TONE-2..MIAO LETTER REFORMED TONE-8
+	{0x16FE0, 0x16FE1, prALetter},              // Lm   [2] TANGUT ITERATION MARK..NUSHU ITERATION MARK
+	{0x16FE3, 0x16FE3, prALetter},              // Lm       OLD CHINESE ITERATION MARK
+	{0x16FE4, 0x16FE4, prExtend},               // Mn       KHITAN SMALL SCRIPT FILLER
+	{0x16FF0, 0x16FF1, prExtend},               // Mc   [2] VIETNAMESE ALTERNATE READING MARK CA..VIETNAMESE ALTERNATE READING MARK NHAY
+	{0x1AFF0, 0x1AFF3, prKatakana},             // Lm   [4] KATAKANA LETTER MINNAN TONE-2..KATAKANA LETTER MINNAN TONE-5
+	{0x1AFF5, 0x1AFFB, prKatakana},             // Lm   [7] KATAKANA LETTER MINNAN TONE-7..KATAKANA LETTER MINNAN NASALIZED TONE-5
+	{0x1AFFD, 0x1AFFE, prKatakana},             // Lm   [2] KATAKANA LETTER MINNAN NASALIZED TONE-7..KATAKANA LETTER MINNAN NASALIZED TONE-8
+	{0x1B000, 0x1B000, prKatakana},             // Lo       KATAKANA LETTER ARCHAIC E
+	{0x1B120, 0x1B122, prKatakana},             // Lo   [3] KATAKANA LETTER ARCHAIC YI..KATAKANA LETTER ARCHAIC WU
+	{0x1B164, 0x1B167, prKatakana},             // Lo   [4] KATAKANA LETTER SMALL WI..KATAKANA LETTER SMALL N
+	{0x1BC00, 0x1BC6A, prALetter},              // Lo [107] DUPLOYAN LETTER H..DUPLOYAN LETTER VOCALIC M
+	{0x1BC70, 0x1BC7C, prALetter},              // Lo  [13] DUPLOYAN AFFIX LEFT HORIZONTAL SECANT..DUPLOYAN AFFIX ATTACHED TANGENT HOOK
+	{0x1BC80, 0x1BC88, prALetter},              // Lo   [9] DUPLOYAN AFFIX HIGH ACUTE..DUPLOYAN AFFIX HIGH VERTICAL
+	{0x1BC90, 0x1BC99, prALetter},              // Lo  [10] DUPLOYAN AFFIX LOW ACUTE..DUPLOYAN AFFIX LOW ARROW
+	{0x1BC9D, 0x1BC9E, prExtend},               // Mn   [2] DUPLOYAN THICK LETTER SELECTOR..DUPLOYAN DOUBLE MARK
+	{0x1BCA0, 0x1BCA3, prFormat},               // Cf   [4] SHORTHAND FORMAT LETTER OVERLAP..SHORTHAND FORMAT UP STEP
+	{0x1CF00, 0x1CF2D, prExtend},               // Mn  [46] ZNAMENNY COMBINING MARK GORAZDO NIZKO S KRYZHEM ON LEFT..ZNAMENNY COMBINING MARK KRYZH ON LEFT
+	{0x1CF30, 0x1CF46, prExtend},               // Mn  [23] ZNAMENNY COMBINING TONAL RANGE MARK MRACHNO..ZNAMENNY PRIZNAK MODIFIER ROG
+	{0x1D165, 0x1D166, prExtend},               // Mc   [2] MUSICAL SYMBOL COMBINING STEM..MUSICAL SYMBOL COMBINING SPRECHGESANG STEM
+	{0x1D167, 0x1D169, prExtend},               // Mn   [3] MUSICAL SYMBOL COMBINING TREMOLO-1..MUSICAL SYMBOL COMBINING TREMOLO-3
+	{0x1D16D, 0x1D172, prExtend},               // Mc   [6] MUSICAL SYMBOL COMBINING AUGMENTATION DOT..MUSICAL SYMBOL COMBINING FLAG-5
+	{0x1D173, 0x1D17A, prFormat},               // Cf   [8] MUSICAL SYMBOL BEGIN BEAM..MUSICAL SYMBOL END PHRASE
+	{0x1D17B, 0x1D182, prExtend},               // Mn   [8] MUSICAL SYMBOL COMBINING ACCENT..MUSICAL SYMBOL COMBINING LOURE
+	{0x1D185, 0x1D18B, prExtend},               // Mn   [7] MUSICAL SYMBOL COMBINING DOIT..MUSICAL SYMBOL COMBINING TRIPLE TONGUE
+	{0x1D1AA, 0x1D1AD, prExtend},               // Mn   [4] MUSICAL SYMBOL COMBINING DOWN BOW..MUSICAL SYMBOL COMBINING SNAP PIZZICATO
+	{0x1D242, 0x1D244, prExtend},               // Mn   [3] COMBINING GREEK MUSICAL TRISEME..COMBINING GREEK MUSICAL PENTASEME
+	{0x1D400, 0x1D454, prALetter},              // L&  [85] MATHEMATICAL BOLD CAPITAL A..MATHEMATICAL ITALIC SMALL G
+	{0x1D456, 0x1D49C, prALetter},              // L&  [71] MATHEMATICAL ITALIC SMALL I..MATHEMATICAL SCRIPT CAPITAL A
+	{0x1D49E, 0x1D49F, prALetter},              // L&   [2] MATHEMATICAL SCRIPT CAPITAL C..MATHEMATICAL SCRIPT CAPITAL D
+	{0x1D4A2, 0x1D4A2, prALetter},              // L&       MATHEMATICAL SCRIPT CAPITAL G
+	{0x1D4A5, 0x1D4A6, prALetter},              // L&   [2] MATHEMATICAL SCRIPT CAPITAL J..MATHEMATICAL SCRIPT CAPITAL K
+	{0x1D4A9, 0x1D4AC, prALetter},              // L&   [4] MATHEMATICAL SCRIPT CAPITAL N..MATHEMATICAL SCRIPT CAPITAL Q
+	{0x1D4AE, 0x1D4B9, prALetter},              // L&  [12] MATHEMATICAL SCRIPT CAPITAL S..MATHEMATICAL SCRIPT SMALL D
+	{0x1D4BB, 0x1D4BB, prALetter},              // L&       MATHEMATICAL SCRIPT SMALL F
+	{0x1D4BD, 0x1D4C3, prALetter},              // L&   [7] MATHEMATICAL SCRIPT SMALL H..MATHEMATICAL SCRIPT SMALL N
+	{0x1D4C5, 0x1D505, prALetter},              // L&  [65] MATHEMATICAL SCRIPT SMALL P..MATHEMATICAL FRAKTUR CAPITAL B
+	{0x1D507, 0x1D50A, prALetter},              // L&   [4] MATHEMATICAL FRAKTUR CAPITAL D..MATHEMATICAL FRAKTUR CAPITAL G
+	{0x1D50D, 0x1D514, prALetter},              // L&   [8] MATHEMATICAL FRAKTUR CAPITAL J..MATHEMATICAL FRAKTUR CAPITAL Q
+	{0x1D516, 0x1D51C, prALetter},              // L&   [7] MATHEMATICAL FRAKTUR CAPITAL S..MATHEMATICAL FRAKTUR CAPITAL Y
+	{0x1D51E, 0x1D539, prALetter},              // L&  [28] MATHEMATICAL FRAKTUR SMALL A..MATHEMATICAL DOUBLE-STRUCK CAPITAL B
+	{0x1D53B, 0x1D53E, prALetter},              // L&   [4] MATHEMATICAL DOUBLE-STRUCK CAPITAL D..MATHEMATICAL DOUBLE-STRUCK CAPITAL G
+	{0x1D540, 0x1D544, prALetter},              // L&   [5] MATHEMATICAL DOUBLE-STRUCK CAPITAL I..MATHEMATICAL DOUBLE-STRUCK CAPITAL M
+	{0x1D546, 0x1D546, prALetter},              // L&       MATHEMATICAL DOUBLE-STRUCK CAPITAL O
+	{0x1D54A, 0x1D550, prALetter},              // L&   [7] MATHEMATICAL DOUBLE-STRUCK CAPITAL S..MATHEMATICAL DOUBLE-STRUCK CAPITAL Y
+	{0x1D552, 0x1D6A5, prALetter},              // L& [340] MATHEMATICAL DOUBLE-STRUCK SMALL A..MATHEMATICAL ITALIC SMALL DOTLESS J
+	{0x1D6A8, 0x1D6C0, prALetter},              // L&  [25] MATHEMATICAL BOLD CAPITAL ALPHA..MATHEMATICAL BOLD CAPITAL OMEGA
+	{0x1D6C2, 0x1D6DA, prALetter},              // L&  [25] MATHEMATICAL BOLD SMALL ALPHA..MATHEMATICAL BOLD SMALL OMEGA
+	{0x1D6DC, 0x1D6FA, prALetter},              // L&  [31] MATHEMATICAL BOLD EPSILON SYMBOL..MATHEMATICAL ITALIC CAPITAL OMEGA
+	{0x1D6FC, 0x1D714, prALetter},              // L&  [25] MATHEMATICAL ITALIC SMALL ALPHA..MATHEMATICAL ITALIC SMALL OMEGA
+	{0x1D716, 0x1D734, prALetter},              // L&  [31] MATHEMATICAL ITALIC EPSILON SYMBOL..MATHEMATICAL BOLD ITALIC CAPITAL OMEGA
+	{0x1D736, 0x1D74E, prALetter},              // L&  [25] MATHEMATICAL BOLD ITALIC SMALL ALPHA..MATHEMATICAL BOLD ITALIC SMALL OMEGA
+	{0x1D750, 0x1D76E, prALetter},              // L&  [31] MATHEMATICAL BOLD ITALIC EPSILON SYMBOL..MATHEMATICAL SANS-SERIF BOLD CAPITAL OMEGA
+	{0x1D770, 0x1D788, prALetter},              // L&  [25] MATHEMATICAL SANS-SERIF BOLD SMALL ALPHA..MATHEMATICAL SANS-SERIF BOLD SMALL OMEGA
+	{0x1D78A, 0x1D7A8, prALetter},              // L&  [31] MATHEMATICAL SANS-SERIF BOLD EPSILON SYMBOL..MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL OMEGA
+	{0x1D7AA, 0x1D7C2, prALetter},              // L&  [25] MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL ALPHA..MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL OMEGA
+	{0x1D7C4, 0x1D7CB, prALetter},              // L&   [8] MATHEMATICAL SANS-SERIF BOLD ITALIC EPSILON SYMBOL..MATHEMATICAL BOLD SMALL DIGAMMA
+	{0x1D7CE, 0x1D7FF, prNumeric},              // Nd  [50] MATHEMATICAL BOLD DIGIT ZERO..MATHEMATICAL MONOSPACE DIGIT NINE
+	{0x1DA00, 0x1DA36, prExtend},               // Mn  [55] SIGNWRITING HEAD RIM..SIGNWRITING AIR SUCKING IN
+	{0x1DA3B, 0x1DA6C, prExtend},               // Mn  [50] SIGNWRITING MOUTH CLOSED NEUTRAL..SIGNWRITING EXCITEMENT
+	{0x1DA75, 0x1DA75, prExtend},               // Mn       SIGNWRITING UPPER BODY TILTING FROM HIP JOINTS
+	{0x1DA84, 0x1DA84, prExtend},               // Mn       SIGNWRITING LOCATION HEAD NECK
+	{0x1DA9B, 0x1DA9F, prExtend},               // Mn   [5] SIGNWRITING FILL MODIFIER-2..SIGNWRITING FILL MODIFIER-6
+	{0x1DAA1, 0x1DAAF, prExtend},               // Mn  [15] SIGNWRITING ROTATION MODIFIER-2..SIGNWRITING ROTATION MODIFIER-16
+	{0x1DF00, 0x1DF09, prALetter},              // L&  [10] LATIN SMALL LETTER FENG DIGRAPH WITH TRILL..LATIN SMALL LETTER T WITH HOOK AND RETROFLEX HOOK
+	{0x1DF0A, 0x1DF0A, prALetter},              // Lo       LATIN LETTER RETROFLEX CLICK WITH RETROFLEX HOOK
+	{0x1DF0B, 0x1DF1E, prALetter},              // L&  [20] LATIN SMALL LETTER ESH WITH DOUBLE BAR..LATIN SMALL LETTER S WITH CURL
+	{0x1E000, 0x1E006, prExtend},               // Mn   [7] COMBINING GLAGOLITIC LETTER AZU..COMBINING GLAGOLITIC LETTER ZHIVETE
+	{0x1E008, 0x1E018, prExtend},               // Mn  [17] COMBINING GLAGOLITIC LETTER ZEMLJA..COMBINING GLAGOLITIC LETTER HERU
+	{0x1E01B, 0x1E021, prExtend},               // Mn   [7] COMBINING GLAGOLITIC LETTER SHTA..COMBINING GLAGOLITIC LETTER YATI
+	{0x1E023, 0x1E024, prExtend},               // Mn   [2] COMBINING GLAGOLITIC LETTER YU..COMBINING GLAGOLITIC LETTER SMALL YUS
+	{0x1E026, 0x1E02A, prExtend},               // Mn   [5] COMBINING GLAGOLITIC LETTER YO..COMBINING GLAGOLITIC LETTER FITA
+	{0x1E100, 0x1E12C, prALetter},              // Lo  [45] NYIAKENG PUACHUE HMONG LETTER MA..NYIAKENG PUACHUE HMONG LETTER W
+	{0x1E130, 0x1E136, prExtend},               // Mn   [7] NYIAKENG PUACHUE HMONG TONE-B..NYIAKENG PUACHUE HMONG TONE-D
+	{0x1E137, 0x1E13D, prALetter},              // Lm   [7] NYIAKENG PUACHUE HMONG SIGN FOR PERSON..NYIAKENG PUACHUE HMONG SYLLABLE LENGTHENER
+	{0x1E140, 0x1E149, prNumeric},              // Nd  [10] NYIAKENG PUACHUE HMONG DIGIT ZERO..NYIAKENG PUACHUE HMONG DIGIT NINE
+	{0x1E14E, 0x1E14E, prALetter},              // Lo       NYIAKENG PUACHUE HMONG LOGOGRAM NYAJ
+	{0x1E290, 0x1E2AD, prALetter},              // Lo  [30] TOTO LETTER PA..TOTO LETTER A
+	{0x1E2AE, 0x1E2AE, prExtend},               // Mn       TOTO SIGN RISING TONE
+	{0x1E2C0, 0x1E2EB, prALetter},              // Lo  [44] WANCHO LETTER AA..WANCHO LETTER YIH
+	{0x1E2EC, 0x1E2EF, prExtend},               // Mn   [4] WANCHO TONE TUP..WANCHO TONE KOINI
+	{0x1E2F0, 0x1E2F9, prNumeric},              // Nd  [10] WANCHO DIGIT ZERO..WANCHO DIGIT NINE
+	{0x1E7E0, 0x1E7E6, prALetter},              // Lo   [7] ETHIOPIC SYLLABLE HHYA..ETHIOPIC SYLLABLE HHYO
+	{0x1E7E8, 0x1E7EB, prALetter},              // Lo   [4] ETHIOPIC SYLLABLE GURAGE HHWA..ETHIOPIC SYLLABLE HHWE
+	{0x1E7ED, 0x1E7EE, prALetter},              // Lo   [2] ETHIOPIC SYLLABLE GURAGE MWI..ETHIOPIC SYLLABLE GURAGE MWEE
+	{0x1E7F0, 0x1E7FE, prALetter},              // Lo  [15] ETHIOPIC SYLLABLE GURAGE QWI..ETHIOPIC SYLLABLE GURAGE PWEE
+	{0x1E800, 0x1E8C4, prALetter},              // Lo [197] MENDE KIKAKUI SYLLABLE M001 KI..MENDE KIKAKUI SYLLABLE M060 NYON
+	{0x1E8D0, 0x1E8D6, prExtend},               // Mn   [7] MENDE KIKAKUI COMBINING NUMBER TEENS..MENDE KIKAKUI COMBINING NUMBER MILLIONS
+	{0x1E900, 0x1E943, prALetter},              // L&  [68] ADLAM CAPITAL LETTER ALIF..ADLAM SMALL LETTER SHA
+	{0x1E944, 0x1E94A, prExtend},               // Mn   [7] ADLAM ALIF LENGTHENER..ADLAM NUKTA
+	{0x1E94B, 0x1E94B, prALetter},              // Lm       ADLAM NASALIZATION MARK
+	{0x1E950, 0x1E959, prNumeric},              // Nd  [10] ADLAM DIGIT ZERO..ADLAM DIGIT NINE
+	{0x1EE00, 0x1EE03, prALetter},              // Lo   [4] ARABIC MATHEMATICAL ALEF..ARABIC MATHEMATICAL DAL
+	{0x1EE05, 0x1EE1F, prALetter},              // Lo  [27] ARABIC MATHEMATICAL WAW..ARABIC MATHEMATICAL DOTLESS QAF
+	{0x1EE21, 0x1EE22, prALetter},              // Lo   [2] ARABIC MATHEMATICAL INITIAL BEH..ARABIC MATHEMATICAL INITIAL JEEM
+	{0x1EE24, 0x1EE24, prALetter},              // Lo       ARABIC MATHEMATICAL INITIAL HEH
+	{0x1EE27, 0x1EE27, prALetter},              // Lo       ARABIC MATHEMATICAL INITIAL HAH
+	{0x1EE29, 0x1EE32, prALetter},              // Lo  [10] ARABIC MATHEMATICAL INITIAL YEH..ARABIC MATHEMATICAL INITIAL QAF
+	{0x1EE34, 0x1EE37, prALetter},              // Lo   [4] ARABIC MATHEMATICAL INITIAL SHEEN..ARABIC MATHEMATICAL INITIAL KHAH
+	{0x1EE39, 0x1EE39, prALetter},              // Lo       ARABIC MATHEMATICAL INITIAL DAD
+	{0x1EE3B, 0x1EE3B, prALetter},              // Lo       ARABIC MATHEMATICAL INITIAL GHAIN
+	{0x1EE42, 0x1EE42, prALetter},              // Lo       ARABIC MATHEMATICAL TAILED JEEM
+	{0x1EE47, 0x1EE47, prALetter},              // Lo       ARABIC MATHEMATICAL TAILED HAH
+	{0x1EE49, 0x1EE49, prALetter},              // Lo       ARABIC MATHEMATICAL TAILED YEH
+	{0x1EE4B, 0x1EE4B, prALetter},              // Lo       ARABIC MATHEMATICAL TAILED LAM
+	{0x1EE4D, 0x1EE4F, prALetter},              // Lo   [3] ARABIC MATHEMATICAL TAILED NOON..ARABIC MATHEMATICAL TAILED AIN
+	{0x1EE51, 0x1EE52, prALetter},              // Lo   [2] ARABIC MATHEMATICAL TAILED SAD..ARABIC MATHEMATICAL TAILED QAF
+	{0x1EE54, 0x1EE54, prALetter},              // Lo       ARABIC MATHEMATICAL TAILED SHEEN
+	{0x1EE57, 0x1EE57, prALetter},              // Lo       ARABIC MATHEMATICAL TAILED KHAH
+	{0x1EE59, 0x1EE59, prALetter},              // Lo       ARABIC MATHEMATICAL TAILED DAD
+	{0x1EE5B, 0x1EE5B, prALetter},              // Lo       ARABIC MATHEMATICAL TAILED GHAIN
+	{0x1EE5D, 0x1EE5D, prALetter},              // Lo       ARABIC MATHEMATICAL TAILED DOTLESS NOON
+	{0x1EE5F, 0x1EE5F, prALetter},              // Lo       ARABIC MATHEMATICAL TAILED DOTLESS QAF
+	{0x1EE61, 0x1EE62, prALetter},              // Lo   [2] ARABIC MATHEMATICAL STRETCHED BEH..ARABIC MATHEMATICAL STRETCHED JEEM
+	{0x1EE64, 0x1EE64, prALetter},              // Lo       ARABIC MATHEMATICAL STRETCHED HEH
+	{0x1EE67, 0x1EE6A, prALetter},              // Lo   [4] ARABIC MATHEMATICAL STRETCHED HAH..ARABIC MATHEMATICAL STRETCHED KAF
+	{0x1EE6C, 0x1EE72, prALetter},              // Lo   [7] ARABIC MATHEMATICAL STRETCHED MEEM..ARABIC MATHEMATICAL STRETCHED QAF
+	{0x1EE74, 0x1EE77, prALetter},              // Lo   [4] ARABIC MATHEMATICAL STRETCHED SHEEN..ARABIC MATHEMATICAL STRETCHED KHAH
+	{0x1EE79, 0x1EE7C, prALetter},              // Lo   [4] ARABIC MATHEMATICAL STRETCHED DAD..ARABIC MATHEMATICAL STRETCHED DOTLESS BEH
+	{0x1EE7E, 0x1EE7E, prALetter},              // Lo       ARABIC MATHEMATICAL STRETCHED DOTLESS FEH
+	{0x1EE80, 0x1EE89, prALetter},              // Lo  [10] ARABIC MATHEMATICAL LOOPED ALEF..ARABIC MATHEMATICAL LOOPED YEH
+	{0x1EE8B, 0x1EE9B, prALetter},              // Lo  [17] ARABIC MATHEMATICAL LOOPED LAM..ARABIC MATHEMATICAL LOOPED GHAIN
+	{0x1EEA1, 0x1EEA3, prALetter},              // Lo   [3] ARABIC MATHEMATICAL DOUBLE-STRUCK BEH..ARABIC MATHEMATICAL DOUBLE-STRUCK DAL
+	{0x1EEA5, 0x1EEA9, prALetter},              // Lo   [5] ARABIC MATHEMATICAL DOUBLE-STRUCK WAW..ARABIC MATHEMATICAL DOUBLE-STRUCK YEH
+	{0x1EEAB, 0x1EEBB, prALetter},              // Lo  [17] ARABIC MATHEMATICAL DOUBLE-STRUCK LAM..ARABIC MATHEMATICAL DOUBLE-STRUCK GHAIN
+	{0x1F000, 0x1F003, prExtendedPictographic}, // E0.0   [4] (🀀..🀃)    MAHJONG TILE EAST WIND..MAHJONG TILE NORTH WIND
+	{0x1F004, 0x1F004, prExtendedPictographic}, // E0.6   [1] (🀄)       mahjong red dragon
+	{0x1F005, 0x1F0CE, prExtendedPictographic}, // E0.0 [202] (🀅..🃎)    MAHJONG TILE GREEN DRAGON..PLAYING CARD KING OF DIAMONDS
+	{0x1F0CF, 0x1F0CF, prExtendedPictographic}, // E0.6   [1] (�)       joker
+	{0x1F0D0, 0x1F0FF, prExtendedPictographic}, // E0.0  [48] (�..🃿)    <reserved-1F0D0>..<reserved-1F0FF>
+	{0x1F10D, 0x1F10F, prExtendedPictographic}, // E0.0   [3] (�..�)    CIRCLED ZERO WITH SLASH..CIRCLED DOLLAR SIGN WITH OVERLAID BACKSLASH
+	{0x1F12F, 0x1F12F, prExtendedPictographic}, // E0.0   [1] (🄯)       COPYLEFT SYMBOL
+	{0x1F130, 0x1F149, prALetter},              // So  [26] SQUARED LATIN CAPITAL LETTER A..SQUARED LATIN CAPITAL LETTER Z
+	{0x1F150, 0x1F169, prALetter},              // So  [26] NEGATIVE CIRCLED LATIN CAPITAL LETTER A..NEGATIVE CIRCLED LATIN CAPITAL LETTER Z
+	{0x1F16C, 0x1F16F, prExtendedPictographic}, // E0.0   [4] (🅬..🅯)    RAISED MR SIGN..CIRCLED HUMAN FIGURE
+	{0x1F170, 0x1F189, prALetter},              // So  [26] NEGATIVE SQUARED LATIN CAPITAL LETTER A..NEGATIVE SQUARED LATIN CAPITAL LETTER Z
+	{0x1F170, 0x1F171, prExtendedPictographic}, // E0.6   [2] (🅰�..🅱�)    A button (blood type)..B button (blood type)
+	{0x1F17E, 0x1F17F, prExtendedPictographic}, // E0.6   [2] (🅾�..🅿�)    O button (blood type)..P button
+	{0x1F18E, 0x1F18E, prExtendedPictographic}, // E0.6   [1] (🆎)       AB button (blood type)
+	{0x1F191, 0x1F19A, prExtendedPictographic}, // E0.6  [10] (🆑..🆚)    CL button..VS button
+	{0x1F1AD, 0x1F1E5, prExtendedPictographic}, // E0.0  [57] (🆭..🇥)    MASK WORK SYMBOL..<reserved-1F1E5>
+	{0x1F1E6, 0x1F1FF, prRegionalIndicator},    // So  [26] REGIONAL INDICATOR SYMBOL LETTER A..REGIONAL INDICATOR SYMBOL LETTER Z
+	{0x1F201, 0x1F202, prExtendedPictographic}, // E0.6   [2] (�..🈂�)    Japanese “here� button..Japanese “service charge� button
+	{0x1F203, 0x1F20F, prExtendedPictographic}, // E0.0  [13] (🈃..�)    <reserved-1F203>..<reserved-1F20F>
+	{0x1F21A, 0x1F21A, prExtendedPictographic}, // E0.6   [1] (🈚)       Japanese “free of charge� button
+	{0x1F22F, 0x1F22F, prExtendedPictographic}, // E0.6   [1] (🈯)       Japanese “reserved� button
+	{0x1F232, 0x1F23A, prExtendedPictographic}, // E0.6   [9] (🈲..🈺)    Japanese “prohibited� button..Japanese “open for business� button
+	{0x1F23C, 0x1F23F, prExtendedPictographic}, // E0.0   [4] (🈼..🈿)    <reserved-1F23C>..<reserved-1F23F>
+	{0x1F249, 0x1F24F, prExtendedPictographic}, // E0.0   [7] (🉉..�)    <reserved-1F249>..<reserved-1F24F>
+	{0x1F250, 0x1F251, prExtendedPictographic}, // E0.6   [2] (�..🉑)    Japanese “bargain� button..Japanese “acceptable� button
+	{0x1F252, 0x1F2FF, prExtendedPictographic}, // E0.0 [174] (🉒..🋿)    <reserved-1F252>..<reserved-1F2FF>
+	{0x1F300, 0x1F30C, prExtendedPictographic}, // E0.6  [13] (🌀..🌌)    cyclone..milky way
+	{0x1F30D, 0x1F30E, prExtendedPictographic}, // E0.7   [2] (�..🌎)    globe showing Europe-Africa..globe showing Americas
+	{0x1F30F, 0x1F30F, prExtendedPictographic}, // E0.6   [1] (�)       globe showing Asia-Australia
+	{0x1F310, 0x1F310, prExtendedPictographic}, // E1.0   [1] (�)       globe with meridians
+	{0x1F311, 0x1F311, prExtendedPictographic}, // E0.6   [1] (🌑)       new moon
+	{0x1F312, 0x1F312, prExtendedPictographic}, // E1.0   [1] (🌒)       waxing crescent moon
+	{0x1F313, 0x1F315, prExtendedPictographic}, // E0.6   [3] (🌓..🌕)    first quarter moon..full moon
+	{0x1F316, 0x1F318, prExtendedPictographic}, // E1.0   [3] (🌖..🌘)    waning gibbous moon..waning crescent moon
+	{0x1F319, 0x1F319, prExtendedPictographic}, // E0.6   [1] (🌙)       crescent moon
+	{0x1F31A, 0x1F31A, prExtendedPictographic}, // E1.0   [1] (🌚)       new moon face
+	{0x1F31B, 0x1F31B, prExtendedPictographic}, // E0.6   [1] (🌛)       first quarter moon face
+	{0x1F31C, 0x1F31C, prExtendedPictographic}, // E0.7   [1] (🌜)       last quarter moon face
+	{0x1F31D, 0x1F31E, prExtendedPictographic}, // E1.0   [2] (�..🌞)    full moon face..sun with face
+	{0x1F31F, 0x1F320, prExtendedPictographic}, // E0.6   [2] (🌟..🌠)    glowing star..shooting star
+	{0x1F321, 0x1F321, prExtendedPictographic}, // E0.7   [1] (🌡�)       thermometer
+	{0x1F322, 0x1F323, prExtendedPictographic}, // E0.0   [2] (🌢..🌣)    BLACK DROPLET..WHITE SUN
+	{0x1F324, 0x1F32C, prExtendedPictographic}, // E0.7   [9] (🌤�..🌬�)    sun behind small cloud..wind face
+	{0x1F32D, 0x1F32F, prExtendedPictographic}, // E1.0   [3] (🌭..🌯)    hot dog..burrito
+	{0x1F330, 0x1F331, prExtendedPictographic}, // E0.6   [2] (🌰..🌱)    chestnut..seedling
+	{0x1F332, 0x1F333, prExtendedPictographic}, // E1.0   [2] (🌲..🌳)    evergreen tree..deciduous tree
+	{0x1F334, 0x1F335, prExtendedPictographic}, // E0.6   [2] (🌴..🌵)    palm tree..cactus
+	{0x1F336, 0x1F336, prExtendedPictographic}, // E0.7   [1] (🌶�)       hot pepper
+	{0x1F337, 0x1F34A, prExtendedPictographic}, // E0.6  [20] (🌷..�)    tulip..tangerine
+	{0x1F34B, 0x1F34B, prExtendedPictographic}, // E1.0   [1] (�)       lemon
+	{0x1F34C, 0x1F34F, prExtendedPictographic}, // E0.6   [4] (�..�)    banana..green apple
+	{0x1F350, 0x1F350, prExtendedPictographic}, // E1.0   [1] (�)       pear
+	{0x1F351, 0x1F37B, prExtendedPictographic}, // E0.6  [43] (�..�)    peach..clinking beer mugs
+	{0x1F37C, 0x1F37C, prExtendedPictographic}, // E1.0   [1] (�)       baby bottle
+	{0x1F37D, 0x1F37D, prExtendedPictographic}, // E0.7   [1] (��)       fork and knife with plate
+	{0x1F37E, 0x1F37F, prExtendedPictographic}, // E1.0   [2] (�..�)    bottle with popping cork..popcorn
+	{0x1F380, 0x1F393, prExtendedPictographic}, // E0.6  [20] (🎀..🎓)    ribbon..graduation cap
+	{0x1F394, 0x1F395, prExtendedPictographic}, // E0.0   [2] (🎔..🎕)    HEART WITH TIP ON THE LEFT..BOUQUET OF FLOWERS
+	{0x1F396, 0x1F397, prExtendedPictographic}, // E0.7   [2] (🎖�..🎗�)    military medal..reminder ribbon
+	{0x1F398, 0x1F398, prExtendedPictographic}, // E0.0   [1] (🎘)       MUSICAL KEYBOARD WITH JACKS
+	{0x1F399, 0x1F39B, prExtendedPictographic}, // E0.7   [3] (🎙�..🎛�)    studio microphone..control knobs
+	{0x1F39C, 0x1F39D, prExtendedPictographic}, // E0.0   [2] (🎜..�)    BEAMED ASCENDING MUSICAL NOTES..BEAMED DESCENDING MUSICAL NOTES
+	{0x1F39E, 0x1F39F, prExtendedPictographic}, // E0.7   [2] (🎞�..🎟�)    film frames..admission tickets
+	{0x1F3A0, 0x1F3C4, prExtendedPictographic}, // E0.6  [37] (🎠..�)    carousel horse..person surfing
+	{0x1F3C5, 0x1F3C5, prExtendedPictographic}, // E1.0   [1] (�)       sports medal
+	{0x1F3C6, 0x1F3C6, prExtendedPictographic}, // E0.6   [1] (�)       trophy
+	{0x1F3C7, 0x1F3C7, prExtendedPictographic}, // E1.0   [1] (�)       horse racing
+	{0x1F3C8, 0x1F3C8, prExtendedPictographic}, // E0.6   [1] (�)       american football
+	{0x1F3C9, 0x1F3C9, prExtendedPictographic}, // E1.0   [1] (�)       rugby football
+	{0x1F3CA, 0x1F3CA, prExtendedPictographic}, // E0.6   [1] (�)       person swimming
+	{0x1F3CB, 0x1F3CE, prExtendedPictographic}, // E0.7   [4] (��..��)    person lifting weights..racing car
+	{0x1F3CF, 0x1F3D3, prExtendedPictographic}, // E1.0   [5] (�..�)    cricket game..ping pong
+	{0x1F3D4, 0x1F3DF, prExtendedPictographic}, // E0.7  [12] (��..��)    snow-capped mountain..stadium
+	{0x1F3E0, 0x1F3E3, prExtendedPictographic}, // E0.6   [4] (�..�)    house..Japanese post office
+	{0x1F3E4, 0x1F3E4, prExtendedPictographic}, // E1.0   [1] (�)       post office
+	{0x1F3E5, 0x1F3F0, prExtendedPictographic}, // E0.6  [12] (�..�)    hospital..castle
+	{0x1F3F1, 0x1F3F2, prExtendedPictographic}, // E0.0   [2] (�..�)    WHITE PENNANT..BLACK PENNANT
+	{0x1F3F3, 0x1F3F3, prExtendedPictographic}, // E0.7   [1] (��)       white flag
+	{0x1F3F4, 0x1F3F4, prExtendedPictographic}, // E1.0   [1] (�)       black flag
+	{0x1F3F5, 0x1F3F5, prExtendedPictographic}, // E0.7   [1] (��)       rosette
+	{0x1F3F6, 0x1F3F6, prExtendedPictographic}, // E0.0   [1] (�)       BLACK ROSETTE
+	{0x1F3F7, 0x1F3F7, prExtendedPictographic}, // E0.7   [1] (��)       label
+	{0x1F3F8, 0x1F3FA, prExtendedPictographic}, // E1.0   [3] (�..�)    badminton..amphora
+	{0x1F3FB, 0x1F3FF, prExtend},               // Sk   [5] EMOJI MODIFIER FITZPATRICK TYPE-1-2..EMOJI MODIFIER FITZPATRICK TYPE-6
+	{0x1F400, 0x1F407, prExtendedPictographic}, // E1.0   [8] (�..�)    rat..rabbit
+	{0x1F408, 0x1F408, prExtendedPictographic}, // E0.7   [1] (�)       cat
+	{0x1F409, 0x1F40B, prExtendedPictographic}, // E1.0   [3] (�..�)    dragon..whale
+	{0x1F40C, 0x1F40E, prExtendedPictographic}, // E0.6   [3] (�..�)    snail..horse
+	{0x1F40F, 0x1F410, prExtendedPictographic}, // E1.0   [2] (�..�)    ram..goat
+	{0x1F411, 0x1F412, prExtendedPictographic}, // E0.6   [2] (�..�)    ewe..monkey
+	{0x1F413, 0x1F413, prExtendedPictographic}, // E1.0   [1] (�)       rooster
+	{0x1F414, 0x1F414, prExtendedPictographic}, // E0.6   [1] (�)       chicken
+	{0x1F415, 0x1F415, prExtendedPictographic}, // E0.7   [1] (�)       dog
+	{0x1F416, 0x1F416, prExtendedPictographic}, // E1.0   [1] (�)       pig
+	{0x1F417, 0x1F429, prExtendedPictographic}, // E0.6  [19] (�..�)    boar..poodle
+	{0x1F42A, 0x1F42A, prExtendedPictographic}, // E1.0   [1] (�)       camel
+	{0x1F42B, 0x1F43E, prExtendedPictographic}, // E0.6  [20] (�..�)    two-hump camel..paw prints
+	{0x1F43F, 0x1F43F, prExtendedPictographic}, // E0.7   [1] (��)       chipmunk
+	{0x1F440, 0x1F440, prExtendedPictographic}, // E0.6   [1] (👀)       eyes
+	{0x1F441, 0x1F441, prExtendedPictographic}, // E0.7   [1] (��)       eye
+	{0x1F442, 0x1F464, prExtendedPictographic}, // E0.6  [35] (👂..👤)    ear..bust in silhouette
+	{0x1F465, 0x1F465, prExtendedPictographic}, // E1.0   [1] (👥)       busts in silhouette
+	{0x1F466, 0x1F46B, prExtendedPictographic}, // E0.6   [6] (👦..👫)    boy..woman and man holding hands
+	{0x1F46C, 0x1F46D, prExtendedPictographic}, // E1.0   [2] (👬..👭)    men holding hands..women holding hands
+	{0x1F46E, 0x1F4AC, prExtendedPictographic}, // E0.6  [63] (👮..💬)    police officer..speech balloon
+	{0x1F4AD, 0x1F4AD, prExtendedPictographic}, // E1.0   [1] (💭)       thought balloon
+	{0x1F4AE, 0x1F4B5, prExtendedPictographic}, // E0.6   [8] (💮..💵)    white flower..dollar banknote
+	{0x1F4B6, 0x1F4B7, prExtendedPictographic}, // E1.0   [2] (💶..💷)    euro banknote..pound banknote
+	{0x1F4B8, 0x1F4EB, prExtendedPictographic}, // E0.6  [52] (💸..📫)    money with wings..closed mailbox with raised flag
+	{0x1F4EC, 0x1F4ED, prExtendedPictographic}, // E0.7   [2] (📬..📭)    open mailbox with raised flag..open mailbox with lowered flag
+	{0x1F4EE, 0x1F4EE, prExtendedPictographic}, // E0.6   [1] (📮)       postbox
+	{0x1F4EF, 0x1F4EF, prExtendedPictographic}, // E1.0   [1] (📯)       postal horn
+	{0x1F4F0, 0x1F4F4, prExtendedPictographic}, // E0.6   [5] (📰..📴)    newspaper..mobile phone off
+	{0x1F4F5, 0x1F4F5, prExtendedPictographic}, // E1.0   [1] (📵)       no mobile phones
+	{0x1F4F6, 0x1F4F7, prExtendedPictographic}, // E0.6   [2] (📶..📷)    antenna bars..camera
+	{0x1F4F8, 0x1F4F8, prExtendedPictographic}, // E1.0   [1] (📸)       camera with flash
+	{0x1F4F9, 0x1F4FC, prExtendedPictographic}, // E0.6   [4] (📹..📼)    video camera..videocassette
+	{0x1F4FD, 0x1F4FD, prExtendedPictographic}, // E0.7   [1] (📽�)       film projector
+	{0x1F4FE, 0x1F4FE, prExtendedPictographic}, // E0.0   [1] (📾)       PORTABLE STEREO
+	{0x1F4FF, 0x1F502, prExtendedPictographic}, // E1.0   [4] (📿..🔂)    prayer beads..repeat single button
+	{0x1F503, 0x1F503, prExtendedPictographic}, // E0.6   [1] (🔃)       clockwise vertical arrows
+	{0x1F504, 0x1F507, prExtendedPictographic}, // E1.0   [4] (🔄..🔇)    counterclockwise arrows button..muted speaker
+	{0x1F508, 0x1F508, prExtendedPictographic}, // E0.7   [1] (🔈)       speaker low volume
+	{0x1F509, 0x1F509, prExtendedPictographic}, // E1.0   [1] (🔉)       speaker medium volume
+	{0x1F50A, 0x1F514, prExtendedPictographic}, // E0.6  [11] (🔊..🔔)    speaker high volume..bell
+	{0x1F515, 0x1F515, prExtendedPictographic}, // E1.0   [1] (🔕)       bell with slash
+	{0x1F516, 0x1F52B, prExtendedPictographic}, // E0.6  [22] (🔖..🔫)    bookmark..water pistol
+	{0x1F52C, 0x1F52D, prExtendedPictographic}, // E1.0   [2] (🔬..🔭)    microscope..telescope
+	{0x1F52E, 0x1F53D, prExtendedPictographic}, // E0.6  [16] (🔮..🔽)    crystal ball..downwards button
+	{0x1F546, 0x1F548, prExtendedPictographic}, // E0.0   [3] (🕆..🕈)    WHITE LATIN CROSS..CELTIC CROSS
+	{0x1F549, 0x1F54A, prExtendedPictographic}, // E0.7   [2] (🕉�..🕊�)    om..dove
+	{0x1F54B, 0x1F54E, prExtendedPictographic}, // E1.0   [4] (🕋..🕎)    kaaba..menorah
+	{0x1F54F, 0x1F54F, prExtendedPictographic}, // E0.0   [1] (�)       BOWL OF HYGIEIA
+	{0x1F550, 0x1F55B, prExtendedPictographic}, // E0.6  [12] (�..🕛)    one o’clock..twelve o’clock
+	{0x1F55C, 0x1F567, prExtendedPictographic}, // E0.7  [12] (🕜..🕧)    one-thirty..twelve-thirty
+	{0x1F568, 0x1F56E, prExtendedPictographic}, // E0.0   [7] (🕨..🕮)    RIGHT SPEAKER..BOOK
+	{0x1F56F, 0x1F570, prExtendedPictographic}, // E0.7   [2] (🕯�..🕰�)    candle..mantelpiece clock
+	{0x1F571, 0x1F572, prExtendedPictographic}, // E0.0   [2] (🕱..🕲)    BLACK SKULL AND CROSSBONES..NO PIRACY
+	{0x1F573, 0x1F579, prExtendedPictographic}, // E0.7   [7] (🕳�..🕹�)    hole..joystick
+	{0x1F57A, 0x1F57A, prExtendedPictographic}, // E3.0   [1] (🕺)       man dancing
+	{0x1F57B, 0x1F586, prExtendedPictographic}, // E0.0  [12] (🕻..🖆)    LEFT HAND TELEPHONE RECEIVER..PEN OVER STAMPED ENVELOPE
+	{0x1F587, 0x1F587, prExtendedPictographic}, // E0.7   [1] (🖇�)       linked paperclips
+	{0x1F588, 0x1F589, prExtendedPictographic}, // E0.0   [2] (🖈..🖉)    BLACK PUSHPIN..LOWER LEFT PENCIL
+	{0x1F58A, 0x1F58D, prExtendedPictographic}, // E0.7   [4] (🖊�..��)    pen..crayon
+	{0x1F58E, 0x1F58F, prExtendedPictographic}, // E0.0   [2] (🖎..�)    LEFT WRITING HAND..TURNED OK HAND SIGN
+	{0x1F590, 0x1F590, prExtendedPictographic}, // E0.7   [1] (��)       hand with fingers splayed
+	{0x1F591, 0x1F594, prExtendedPictographic}, // E0.0   [4] (🖑..🖔)    REVERSED RAISED HAND WITH FINGERS SPLAYED..REVERSED VICTORY HAND
+	{0x1F595, 0x1F596, prExtendedPictographic}, // E1.0   [2] (🖕..🖖)    middle finger..vulcan salute
+	{0x1F597, 0x1F5A3, prExtendedPictographic}, // E0.0  [13] (🖗..🖣)    WHITE DOWN POINTING LEFT HAND INDEX..BLACK DOWN POINTING BACKHAND INDEX
+	{0x1F5A4, 0x1F5A4, prExtendedPictographic}, // E3.0   [1] (🖤)       black heart
+	{0x1F5A5, 0x1F5A5, prExtendedPictographic}, // E0.7   [1] (🖥�)       desktop computer
+	{0x1F5A6, 0x1F5A7, prExtendedPictographic}, // E0.0   [2] (🖦..🖧)    KEYBOARD AND MOUSE..THREE NETWORKED COMPUTERS
+	{0x1F5A8, 0x1F5A8, prExtendedPictographic}, // E0.7   [1] (🖨�)       printer
+	{0x1F5A9, 0x1F5B0, prExtendedPictographic}, // E0.0   [8] (🖩..🖰)    POCKET CALCULATOR..TWO BUTTON MOUSE
+	{0x1F5B1, 0x1F5B2, prExtendedPictographic}, // E0.7   [2] (🖱�..🖲�)    computer mouse..trackball
+	{0x1F5B3, 0x1F5BB, prExtendedPictographic}, // E0.0   [9] (🖳..🖻)    OLD PERSONAL COMPUTER..DOCUMENT WITH PICTURE
+	{0x1F5BC, 0x1F5BC, prExtendedPictographic}, // E0.7   [1] (🖼�)       framed picture
+	{0x1F5BD, 0x1F5C1, prExtendedPictographic}, // E0.0   [5] (🖽..�)    FRAME WITH TILES..OPEN FOLDER
+	{0x1F5C2, 0x1F5C4, prExtendedPictographic}, // E0.7   [3] (🗂�..🗄�)    card index dividers..file cabinet
+	{0x1F5C5, 0x1F5D0, prExtendedPictographic}, // E0.0  [12] (🗅..�)    EMPTY NOTE..PAGES
+	{0x1F5D1, 0x1F5D3, prExtendedPictographic}, // E0.7   [3] (🗑�..🗓�)    wastebasket..spiral calendar
+	{0x1F5D4, 0x1F5DB, prExtendedPictographic}, // E0.0   [8] (🗔..🗛)    DESKTOP WINDOW..DECREASE FONT SIZE SYMBOL
+	{0x1F5DC, 0x1F5DE, prExtendedPictographic}, // E0.7   [3] (🗜�..🗞�)    clamp..rolled-up newspaper
+	{0x1F5DF, 0x1F5E0, prExtendedPictographic}, // E0.0   [2] (🗟..🗠)    PAGE WITH CIRCLED TEXT..STOCK CHART
+	{0x1F5E1, 0x1F5E1, prExtendedPictographic}, // E0.7   [1] (🗡�)       dagger
+	{0x1F5E2, 0x1F5E2, prExtendedPictographic}, // E0.0   [1] (🗢)       LIPS
+	{0x1F5E3, 0x1F5E3, prExtendedPictographic}, // E0.7   [1] (🗣�)       speaking head
+	{0x1F5E4, 0x1F5E7, prExtendedPictographic}, // E0.0   [4] (🗤..🗧)    THREE RAYS ABOVE..THREE RAYS RIGHT
+	{0x1F5E8, 0x1F5E8, prExtendedPictographic}, // E2.0   [1] (🗨�)       left speech bubble
+	{0x1F5E9, 0x1F5EE, prExtendedPictographic}, // E0.0   [6] (🗩..🗮)    RIGHT SPEECH BUBBLE..LEFT ANGER BUBBLE
+	{0x1F5EF, 0x1F5EF, prExtendedPictographic}, // E0.7   [1] (🗯�)       right anger bubble
+	{0x1F5F0, 0x1F5F2, prExtendedPictographic}, // E0.0   [3] (🗰..🗲)    MOOD BUBBLE..LIGHTNING MOOD
+	{0x1F5F3, 0x1F5F3, prExtendedPictographic}, // E0.7   [1] (🗳�)       ballot box with ballot
+	{0x1F5F4, 0x1F5F9, prExtendedPictographic}, // E0.0   [6] (🗴..🗹)    BALLOT SCRIPT X..BALLOT BOX WITH BOLD CHECK
+	{0x1F5FA, 0x1F5FA, prExtendedPictographic}, // E0.7   [1] (🗺�)       world map
+	{0x1F5FB, 0x1F5FF, prExtendedPictographic}, // E0.6   [5] (🗻..🗿)    mount fuji..moai
+	{0x1F600, 0x1F600, prExtendedPictographic}, // E1.0   [1] (😀)       grinning face
+	{0x1F601, 0x1F606, prExtendedPictographic}, // E0.6   [6] (�..😆)    beaming face with smiling eyes..grinning squinting face
+	{0x1F607, 0x1F608, prExtendedPictographic}, // E1.0   [2] (😇..😈)    smiling face with halo..smiling face with horns
+	{0x1F609, 0x1F60D, prExtendedPictographic}, // E0.6   [5] (😉..�)    winking face..smiling face with heart-eyes
+	{0x1F60E, 0x1F60E, prExtendedPictographic}, // E1.0   [1] (😎)       smiling face with sunglasses
+	{0x1F60F, 0x1F60F, prExtendedPictographic}, // E0.6   [1] (�)       smirking face
+	{0x1F610, 0x1F610, prExtendedPictographic}, // E0.7   [1] (�)       neutral face
+	{0x1F611, 0x1F611, prExtendedPictographic}, // E1.0   [1] (😑)       expressionless face
+	{0x1F612, 0x1F614, prExtendedPictographic}, // E0.6   [3] (😒..😔)    unamused face..pensive face
+	{0x1F615, 0x1F615, prExtendedPictographic}, // E1.0   [1] (😕)       confused face
+	{0x1F616, 0x1F616, prExtendedPictographic}, // E0.6   [1] (😖)       confounded face
+	{0x1F617, 0x1F617, prExtendedPictographic}, // E1.0   [1] (😗)       kissing face
+	{0x1F618, 0x1F618, prExtendedPictographic}, // E0.6   [1] (😘)       face blowing a kiss
+	{0x1F619, 0x1F619, prExtendedPictographic}, // E1.0   [1] (😙)       kissing face with smiling eyes
+	{0x1F61A, 0x1F61A, prExtendedPictographic}, // E0.6   [1] (😚)       kissing face with closed eyes
+	{0x1F61B, 0x1F61B, prExtendedPictographic}, // E1.0   [1] (😛)       face with tongue
+	{0x1F61C, 0x1F61E, prExtendedPictographic}, // E0.6   [3] (😜..😞)    winking face with tongue..disappointed face
+	{0x1F61F, 0x1F61F, prExtendedPictographic}, // E1.0   [1] (😟)       worried face
+	{0x1F620, 0x1F625, prExtendedPictographic}, // E0.6   [6] (😠..😥)    angry face..sad but relieved face
+	{0x1F626, 0x1F627, prExtendedPictographic}, // E1.0   [2] (😦..😧)    frowning face with open mouth..anguished face
+	{0x1F628, 0x1F62B, prExtendedPictographic}, // E0.6   [4] (😨..😫)    fearful face..tired face
+	{0x1F62C, 0x1F62C, prExtendedPictographic}, // E1.0   [1] (😬)       grimacing face
+	{0x1F62D, 0x1F62D, prExtendedPictographic}, // E0.6   [1] (😭)       loudly crying face
+	{0x1F62E, 0x1F62F, prExtendedPictographic}, // E1.0   [2] (😮..😯)    face with open mouth..hushed face
+	{0x1F630, 0x1F633, prExtendedPictographic}, // E0.6   [4] (😰..😳)    anxious face with sweat..flushed face
+	{0x1F634, 0x1F634, prExtendedPictographic}, // E1.0   [1] (😴)       sleeping face
+	{0x1F635, 0x1F635, prExtendedPictographic}, // E0.6   [1] (😵)       face with crossed-out eyes
+	{0x1F636, 0x1F636, prExtendedPictographic}, // E1.0   [1] (😶)       face without mouth
+	{0x1F637, 0x1F640, prExtendedPictographic}, // E0.6  [10] (😷..🙀)    face with medical mask..weary cat
+	{0x1F641, 0x1F644, prExtendedPictographic}, // E1.0   [4] (�..🙄)    slightly frowning face..face with rolling eyes
+	{0x1F645, 0x1F64F, prExtendedPictographic}, // E0.6  [11] (🙅..�)    person gesturing NO..folded hands
+	{0x1F680, 0x1F680, prExtendedPictographic}, // E0.6   [1] (🚀)       rocket
+	{0x1F681, 0x1F682, prExtendedPictographic}, // E1.0   [2] (�..🚂)    helicopter..locomotive
+	{0x1F683, 0x1F685, prExtendedPictographic}, // E0.6   [3] (🚃..🚅)    railway car..bullet train
+	{0x1F686, 0x1F686, prExtendedPictographic}, // E1.0   [1] (🚆)       train
+	{0x1F687, 0x1F687, prExtendedPictographic}, // E0.6   [1] (🚇)       metro
+	{0x1F688, 0x1F688, prExtendedPictographic}, // E1.0   [1] (🚈)       light rail
+	{0x1F689, 0x1F689, prExtendedPictographic}, // E0.6   [1] (🚉)       station
+	{0x1F68A, 0x1F68B, prExtendedPictographic}, // E1.0   [2] (🚊..🚋)    tram..tram car
+	{0x1F68C, 0x1F68C, prExtendedPictographic}, // E0.6   [1] (🚌)       bus
+	{0x1F68D, 0x1F68D, prExtendedPictographic}, // E0.7   [1] (�)       oncoming bus
+	{0x1F68E, 0x1F68E, prExtendedPictographic}, // E1.0   [1] (🚎)       trolleybus
+	{0x1F68F, 0x1F68F, prExtendedPictographic}, // E0.6   [1] (�)       bus stop
+	{0x1F690, 0x1F690, prExtendedPictographic}, // E1.0   [1] (�)       minibus
+	{0x1F691, 0x1F693, prExtendedPictographic}, // E0.6   [3] (🚑..🚓)    ambulance..police car
+	{0x1F694, 0x1F694, prExtendedPictographic}, // E0.7   [1] (🚔)       oncoming police car
+	{0x1F695, 0x1F695, prExtendedPictographic}, // E0.6   [1] (🚕)       taxi
+	{0x1F696, 0x1F696, prExtendedPictographic}, // E1.0   [1] (🚖)       oncoming taxi
+	{0x1F697, 0x1F697, prExtendedPictographic}, // E0.6   [1] (🚗)       automobile
+	{0x1F698, 0x1F698, prExtendedPictographic}, // E0.7   [1] (🚘)       oncoming automobile
+	{0x1F699, 0x1F69A, prExtendedPictographic}, // E0.6   [2] (🚙..🚚)    sport utility vehicle..delivery truck
+	{0x1F69B, 0x1F6A1, prExtendedPictographic}, // E1.0   [7] (🚛..🚡)    articulated lorry..aerial tramway
+	{0x1F6A2, 0x1F6A2, prExtendedPictographic}, // E0.6   [1] (🚢)       ship
+	{0x1F6A3, 0x1F6A3, prExtendedPictographic}, // E1.0   [1] (🚣)       person rowing boat
+	{0x1F6A4, 0x1F6A5, prExtendedPictographic}, // E0.6   [2] (🚤..🚥)    speedboat..horizontal traffic light
+	{0x1F6A6, 0x1F6A6, prExtendedPictographic}, // E1.0   [1] (🚦)       vertical traffic light
+	{0x1F6A7, 0x1F6AD, prExtendedPictographic}, // E0.6   [7] (🚧..🚭)    construction..no smoking
+	{0x1F6AE, 0x1F6B1, prExtendedPictographic}, // E1.0   [4] (🚮..🚱)    litter in bin sign..non-potable water
+	{0x1F6B2, 0x1F6B2, prExtendedPictographic}, // E0.6   [1] (🚲)       bicycle
+	{0x1F6B3, 0x1F6B5, prExtendedPictographic}, // E1.0   [3] (🚳..🚵)    no bicycles..person mountain biking
+	{0x1F6B6, 0x1F6B6, prExtendedPictographic}, // E0.6   [1] (🚶)       person walking
+	{0x1F6B7, 0x1F6B8, prExtendedPictographic}, // E1.0   [2] (🚷..🚸)    no pedestrians..children crossing
+	{0x1F6B9, 0x1F6BE, prExtendedPictographic}, // E0.6   [6] (🚹..🚾)    men’s room..water closet
+	{0x1F6BF, 0x1F6BF, prExtendedPictographic}, // E1.0   [1] (🚿)       shower
+	{0x1F6C0, 0x1F6C0, prExtendedPictographic}, // E0.6   [1] (🛀)       person taking bath
+	{0x1F6C1, 0x1F6C5, prExtendedPictographic}, // E1.0   [5] (�..🛅)    bathtub..left luggage
+	{0x1F6C6, 0x1F6CA, prExtendedPictographic}, // E0.0   [5] (🛆..🛊)    TRIANGLE WITH ROUNDED CORNERS..GIRLS SYMBOL
+	{0x1F6CB, 0x1F6CB, prExtendedPictographic}, // E0.7   [1] (🛋�)       couch and lamp
+	{0x1F6CC, 0x1F6CC, prExtendedPictographic}, // E1.0   [1] (🛌)       person in bed
+	{0x1F6CD, 0x1F6CF, prExtendedPictographic}, // E0.7   [3] (��..��)    shopping bags..bed
+	{0x1F6D0, 0x1F6D0, prExtendedPictographic}, // E1.0   [1] (�)       place of worship
+	{0x1F6D1, 0x1F6D2, prExtendedPictographic}, // E3.0   [2] (🛑..🛒)    stop sign..shopping cart
+	{0x1F6D3, 0x1F6D4, prExtendedPictographic}, // E0.0   [2] (🛓..🛔)    STUPA..PAGODA
+	{0x1F6D5, 0x1F6D5, prExtendedPictographic}, // E12.0  [1] (🛕)       hindu temple
+	{0x1F6D6, 0x1F6D7, prExtendedPictographic}, // E13.0  [2] (🛖..🛗)    hut..elevator
+	{0x1F6D8, 0x1F6DC, prExtendedPictographic}, // E0.0   [5] (🛘..🛜)    <reserved-1F6D8>..<reserved-1F6DC>
+	{0x1F6DD, 0x1F6DF, prExtendedPictographic}, // E14.0  [3] (�..🛟)    playground slide..ring buoy
+	{0x1F6E0, 0x1F6E5, prExtendedPictographic}, // E0.7   [6] (🛠�..🛥�)    hammer and wrench..motor boat
+	{0x1F6E6, 0x1F6E8, prExtendedPictographic}, // E0.0   [3] (🛦..🛨)    UP-POINTING MILITARY AIRPLANE..UP-POINTING SMALL AIRPLANE
+	{0x1F6E9, 0x1F6E9, prExtendedPictographic}, // E0.7   [1] (🛩�)       small airplane
+	{0x1F6EA, 0x1F6EA, prExtendedPictographic}, // E0.0   [1] (🛪)       NORTHEAST-POINTING AIRPLANE
+	{0x1F6EB, 0x1F6EC, prExtendedPictographic}, // E1.0   [2] (🛫..🛬)    airplane departure..airplane arrival
+	{0x1F6ED, 0x1F6EF, prExtendedPictographic}, // E0.0   [3] (🛭..🛯)    <reserved-1F6ED>..<reserved-1F6EF>
+	{0x1F6F0, 0x1F6F0, prExtendedPictographic}, // E0.7   [1] (🛰�)       satellite
+	{0x1F6F1, 0x1F6F2, prExtendedPictographic}, // E0.0   [2] (🛱..🛲)    ONCOMING FIRE ENGINE..DIESEL LOCOMOTIVE
+	{0x1F6F3, 0x1F6F3, prExtendedPictographic}, // E0.7   [1] (🛳�)       passenger ship
+	{0x1F6F4, 0x1F6F6, prExtendedPictographic}, // E3.0   [3] (🛴..🛶)    kick scooter..canoe
+	{0x1F6F7, 0x1F6F8, prExtendedPictographic}, // E5.0   [2] (🛷..🛸)    sled..flying saucer
+	{0x1F6F9, 0x1F6F9, prExtendedPictographic}, // E11.0  [1] (🛹)       skateboard
+	{0x1F6FA, 0x1F6FA, prExtendedPictographic}, // E12.0  [1] (🛺)       auto rickshaw
+	{0x1F6FB, 0x1F6FC, prExtendedPictographic}, // E13.0  [2] (🛻..🛼)    pickup truck..roller skate
+	{0x1F6FD, 0x1F6FF, prExtendedPictographic}, // E0.0   [3] (🛽..🛿)    <reserved-1F6FD>..<reserved-1F6FF>
+	{0x1F774, 0x1F77F, prExtendedPictographic}, // E0.0  [12] (�..�)    <reserved-1F774>..<reserved-1F77F>
+	{0x1F7D5, 0x1F7DF, prExtendedPictographic}, // E0.0  [11] (🟕..🟟)    CIRCLED TRIANGLE..<reserved-1F7DF>
+	{0x1F7E0, 0x1F7EB, prExtendedPictographic}, // E12.0 [12] (🟠..🟫)    orange circle..brown square
+	{0x1F7EC, 0x1F7EF, prExtendedPictographic}, // E0.0   [4] (🟬..🟯)    <reserved-1F7EC>..<reserved-1F7EF>
+	{0x1F7F0, 0x1F7F0, prExtendedPictographic}, // E14.0  [1] (🟰)       heavy equals sign
+	{0x1F7F1, 0x1F7FF, prExtendedPictographic}, // E0.0  [15] (🟱..🟿)    <reserved-1F7F1>..<reserved-1F7FF>
+	{0x1F80C, 0x1F80F, prExtendedPictographic}, // E0.0   [4] (🠌..�)    <reserved-1F80C>..<reserved-1F80F>
+	{0x1F848, 0x1F84F, prExtendedPictographic}, // E0.0   [8] (🡈..�)    <reserved-1F848>..<reserved-1F84F>
+	{0x1F85A, 0x1F85F, prExtendedPictographic}, // E0.0   [6] (🡚..🡟)    <reserved-1F85A>..<reserved-1F85F>
+	{0x1F888, 0x1F88F, prExtendedPictographic}, // E0.0   [8] (🢈..�)    <reserved-1F888>..<reserved-1F88F>
+	{0x1F8AE, 0x1F8FF, prExtendedPictographic}, // E0.0  [82] (🢮..🣿)    <reserved-1F8AE>..<reserved-1F8FF>
+	{0x1F90C, 0x1F90C, prExtendedPictographic}, // E13.0  [1] (🤌)       pinched fingers
+	{0x1F90D, 0x1F90F, prExtendedPictographic}, // E12.0  [3] (�..�)    white heart..pinching hand
+	{0x1F910, 0x1F918, prExtendedPictographic}, // E1.0   [9] (�..🤘)    zipper-mouth face..sign of the horns
+	{0x1F919, 0x1F91E, prExtendedPictographic}, // E3.0   [6] (🤙..🤞)    call me hand..crossed fingers
+	{0x1F91F, 0x1F91F, prExtendedPictographic}, // E5.0   [1] (🤟)       love-you gesture
+	{0x1F920, 0x1F927, prExtendedPictographic}, // E3.0   [8] (🤠..🤧)    cowboy hat face..sneezing face
+	{0x1F928, 0x1F92F, prExtendedPictographic}, // E5.0   [8] (🤨..🤯)    face with raised eyebrow..exploding head
+	{0x1F930, 0x1F930, prExtendedPictographic}, // E3.0   [1] (🤰)       pregnant woman
+	{0x1F931, 0x1F932, prExtendedPictographic}, // E5.0   [2] (🤱..🤲)    breast-feeding..palms up together
+	{0x1F933, 0x1F93A, prExtendedPictographic}, // E3.0   [8] (🤳..🤺)    selfie..person fencing
+	{0x1F93C, 0x1F93E, prExtendedPictographic}, // E3.0   [3] (🤼..🤾)    people wrestling..person playing handball
+	{0x1F93F, 0x1F93F, prExtendedPictographic}, // E12.0  [1] (🤿)       diving mask
+	{0x1F940, 0x1F945, prExtendedPictographic}, // E3.0   [6] (🥀..🥅)    wilted flower..goal net
+	{0x1F947, 0x1F94B, prExtendedPictographic}, // E3.0   [5] (🥇..🥋)    1st place medal..martial arts uniform
+	{0x1F94C, 0x1F94C, prExtendedPictographic}, // E5.0   [1] (🥌)       curling stone
+	{0x1F94D, 0x1F94F, prExtendedPictographic}, // E11.0  [3] (�..�)    lacrosse..flying disc
+	{0x1F950, 0x1F95E, prExtendedPictographic}, // E3.0  [15] (�..🥞)    croissant..pancakes
+	{0x1F95F, 0x1F96B, prExtendedPictographic}, // E5.0  [13] (🥟..🥫)    dumpling..canned food
+	{0x1F96C, 0x1F970, prExtendedPictographic}, // E11.0  [5] (🥬..🥰)    leafy green..smiling face with hearts
+	{0x1F971, 0x1F971, prExtendedPictographic}, // E12.0  [1] (🥱)       yawning face
+	{0x1F972, 0x1F972, prExtendedPictographic}, // E13.0  [1] (🥲)       smiling face with tear
+	{0x1F973, 0x1F976, prExtendedPictographic}, // E11.0  [4] (🥳..🥶)    partying face..cold face
+	{0x1F977, 0x1F978, prExtendedPictographic}, // E13.0  [2] (🥷..🥸)    ninja..disguised face
+	{0x1F979, 0x1F979, prExtendedPictographic}, // E14.0  [1] (🥹)       face holding back tears
+	{0x1F97A, 0x1F97A, prExtendedPictographic}, // E11.0  [1] (🥺)       pleading face
+	{0x1F97B, 0x1F97B, prExtendedPictographic}, // E12.0  [1] (🥻)       sari
+	{0x1F97C, 0x1F97F, prExtendedPictographic}, // E11.0  [4] (🥼..🥿)    lab coat..flat shoe
+	{0x1F980, 0x1F984, prExtendedPictographic}, // E1.0   [5] (🦀..🦄)    crab..unicorn
+	{0x1F985, 0x1F991, prExtendedPictographic}, // E3.0  [13] (🦅..🦑)    eagle..squid
+	{0x1F992, 0x1F997, prExtendedPictographic}, // E5.0   [6] (🦒..🦗)    giraffe..cricket
+	{0x1F998, 0x1F9A2, prExtendedPictographic}, // E11.0 [11] (🦘..🦢)    kangaroo..swan
+	{0x1F9A3, 0x1F9A4, prExtendedPictographic}, // E13.0  [2] (🦣..🦤)    mammoth..dodo
+	{0x1F9A5, 0x1F9AA, prExtendedPictographic}, // E12.0  [6] (🦥..🦪)    sloth..oyster
+	{0x1F9AB, 0x1F9AD, prExtendedPictographic}, // E13.0  [3] (🦫..🦭)    beaver..seal
+	{0x1F9AE, 0x1F9AF, prExtendedPictographic}, // E12.0  [2] (🦮..🦯)    guide dog..white cane
+	{0x1F9B0, 0x1F9B9, prExtendedPictographic}, // E11.0 [10] (🦰..🦹)    red hair..supervillain
+	{0x1F9BA, 0x1F9BF, prExtendedPictographic}, // E12.0  [6] (🦺..🦿)    safety vest..mechanical leg
+	{0x1F9C0, 0x1F9C0, prExtendedPictographic}, // E1.0   [1] (🧀)       cheese wedge
+	{0x1F9C1, 0x1F9C2, prExtendedPictographic}, // E11.0  [2] (�..🧂)    cupcake..salt
+	{0x1F9C3, 0x1F9CA, prExtendedPictographic}, // E12.0  [8] (🧃..🧊)    beverage box..ice
+	{0x1F9CB, 0x1F9CB, prExtendedPictographic}, // E13.0  [1] (🧋)       bubble tea
+	{0x1F9CC, 0x1F9CC, prExtendedPictographic}, // E14.0  [1] (🧌)       troll
+	{0x1F9CD, 0x1F9CF, prExtendedPictographic}, // E12.0  [3] (�..�)    person standing..deaf person
+	{0x1F9D0, 0x1F9E6, prExtendedPictographic}, // E5.0  [23] (�..🧦)    face with monocle..socks
+	{0x1F9E7, 0x1F9FF, prExtendedPictographic}, // E11.0 [25] (🧧..🧿)    red envelope..nazar amulet
+	{0x1FA00, 0x1FA6F, prExtendedPictographic}, // E0.0 [112] (🨀..🩯)    NEUTRAL CHESS KING..<reserved-1FA6F>
+	{0x1FA70, 0x1FA73, prExtendedPictographic}, // E12.0  [4] (🩰..🩳)    ballet shoes..shorts
+	{0x1FA74, 0x1FA74, prExtendedPictographic}, // E13.0  [1] (🩴)       thong sandal
+	{0x1FA75, 0x1FA77, prExtendedPictographic}, // E0.0   [3] (🩵..🩷)    <reserved-1FA75>..<reserved-1FA77>
+	{0x1FA78, 0x1FA7A, prExtendedPictographic}, // E12.0  [3] (🩸..🩺)    drop of blood..stethoscope
+	{0x1FA7B, 0x1FA7C, prExtendedPictographic}, // E14.0  [2] (🩻..🩼)    x-ray..crutch
+	{0x1FA7D, 0x1FA7F, prExtendedPictographic}, // E0.0   [3] (🩽..🩿)    <reserved-1FA7D>..<reserved-1FA7F>
+	{0x1FA80, 0x1FA82, prExtendedPictographic}, // E12.0  [3] (🪀..🪂)    yo-yo..parachute
+	{0x1FA83, 0x1FA86, prExtendedPictographic}, // E13.0  [4] (🪃..🪆)    boomerang..nesting dolls
+	{0x1FA87, 0x1FA8F, prExtendedPictographic}, // E0.0   [9] (🪇..�)    <reserved-1FA87>..<reserved-1FA8F>
+	{0x1FA90, 0x1FA95, prExtendedPictographic}, // E12.0  [6] (�..🪕)    ringed planet..banjo
+	{0x1FA96, 0x1FAA8, prExtendedPictographic}, // E13.0 [19] (🪖..🪨)    military helmet..rock
+	{0x1FAA9, 0x1FAAC, prExtendedPictographic}, // E14.0  [4] (🪩..🪬)    mirror ball..hamsa
+	{0x1FAAD, 0x1FAAF, prExtendedPictographic}, // E0.0   [3] (🪭..🪯)    <reserved-1FAAD>..<reserved-1FAAF>
+	{0x1FAB0, 0x1FAB6, prExtendedPictographic}, // E13.0  [7] (🪰..🪶)    fly..feather
+	{0x1FAB7, 0x1FABA, prExtendedPictographic}, // E14.0  [4] (🪷..🪺)    lotus..nest with eggs
+	{0x1FABB, 0x1FABF, prExtendedPictographic}, // E0.0   [5] (🪻..🪿)    <reserved-1FABB>..<reserved-1FABF>
+	{0x1FAC0, 0x1FAC2, prExtendedPictographic}, // E13.0  [3] (🫀..🫂)    anatomical heart..people hugging
+	{0x1FAC3, 0x1FAC5, prExtendedPictographic}, // E14.0  [3] (🫃..🫅)    pregnant man..person with crown
+	{0x1FAC6, 0x1FACF, prExtendedPictographic}, // E0.0  [10] (🫆..�)    <reserved-1FAC6>..<reserved-1FACF>
+	{0x1FAD0, 0x1FAD6, prExtendedPictographic}, // E13.0  [7] (�..🫖)    blueberries..teapot
+	{0x1FAD7, 0x1FAD9, prExtendedPictographic}, // E14.0  [3] (🫗..🫙)    pouring liquid..jar
+	{0x1FADA, 0x1FADF, prExtendedPictographic}, // E0.0   [6] (🫚..🫟)    <reserved-1FADA>..<reserved-1FADF>
+	{0x1FAE0, 0x1FAE7, prExtendedPictographic}, // E14.0  [8] (🫠..🫧)    melting face..bubbles
+	{0x1FAE8, 0x1FAEF, prExtendedPictographic}, // E0.0   [8] (🫨..🫯)    <reserved-1FAE8>..<reserved-1FAEF>
+	{0x1FAF0, 0x1FAF6, prExtendedPictographic}, // E14.0  [7] (🫰..🫶)    hand with index finger and thumb crossed..heart hands
+	{0x1FAF7, 0x1FAFF, prExtendedPictographic}, // E0.0   [9] (🫷..🫿)    <reserved-1FAF7>..<reserved-1FAFF>
+	{0x1FBF0, 0x1FBF9, prNumeric},              // Nd  [10] SEGMENTED DIGIT ZERO..SEGMENTED DIGIT NINE
+	{0x1FC00, 0x1FFFD, prExtendedPictographic}, // E0.0[1022] (🰀..🿽)    <reserved-1FC00>..<reserved-1FFFD>
+	{0xE0001, 0xE0001, prFormat},               // Cf       LANGUAGE TAG
+	{0xE0020, 0xE007F, prExtend},               // Cf  [96] TAG SPACE..CANCEL TAG
+	{0xE0100, 0xE01EF, prExtend},               // Mn [240] VARIATION SELECTOR-17..VARIATION SELECTOR-256
+}
diff --git a/vendor/github.com/rivo/uniseg/wordrules.go b/vendor/github.com/rivo/uniseg/wordrules.go
new file mode 100644
index 0000000000..325407e40b
--- /dev/null
+++ b/vendor/github.com/rivo/uniseg/wordrules.go
@@ -0,0 +1,246 @@
+package uniseg
+
+import "unicode/utf8"
+
+// The states of the word break parser.
+const (
+	wbAny = iota
+	wbCR
+	wbLF
+	wbNewline
+	wbWSegSpace
+	wbHebrewLetter
+	wbALetter
+	wbWB7
+	wbWB7c
+	wbNumeric
+	wbWB11
+	wbKatakana
+	wbExtendNumLet
+	wbOddRI
+	wbEvenRI
+	wbZWJBit = 16 // This bit is set for any states followed by at least one zero-width joiner (see WB4 and WB3c).
+)
+
+// The word break parser's breaking instructions.
+const (
+	wbDontBreak = iota
+	wbBreak
+)
+
+// The word break parser's state transitions. It's anologous to grTransitions,
+// see comments there for details. Unicode version 14.0.0.
+var wbTransitions = map[[2]int][3]int{
+	// WB3b.
+	{wbAny, prNewline}: {wbNewline, wbBreak, 32},
+	{wbAny, prCR}:      {wbCR, wbBreak, 32},
+	{wbAny, prLF}:      {wbLF, wbBreak, 32},
+
+	// WB3a.
+	{wbNewline, prAny}: {wbAny, wbBreak, 31},
+	{wbCR, prAny}:      {wbAny, wbBreak, 31},
+	{wbLF, prAny}:      {wbAny, wbBreak, 31},
+
+	// WB3.
+	{wbCR, prLF}: {wbLF, wbDontBreak, 30},
+
+	// WB3d.
+	{wbAny, prWSegSpace}:       {wbWSegSpace, wbBreak, 9990},
+	{wbWSegSpace, prWSegSpace}: {wbWSegSpace, wbDontBreak, 34},
+
+	// WB5.
+	{wbAny, prALetter}:               {wbALetter, wbBreak, 9990},
+	{wbAny, prHebrewLetter}:          {wbHebrewLetter, wbBreak, 9990},
+	{wbALetter, prALetter}:           {wbALetter, wbDontBreak, 50},
+	{wbALetter, prHebrewLetter}:      {wbHebrewLetter, wbDontBreak, 50},
+	{wbHebrewLetter, prALetter}:      {wbALetter, wbDontBreak, 50},
+	{wbHebrewLetter, prHebrewLetter}: {wbHebrewLetter, wbDontBreak, 50},
+
+	// WB7. Transitions to wbWB7 handled by transitionWordBreakState().
+	{wbWB7, prALetter}:      {wbALetter, wbDontBreak, 70},
+	{wbWB7, prHebrewLetter}: {wbHebrewLetter, wbDontBreak, 70},
+
+	// WB7a.
+	{wbHebrewLetter, prSingleQuote}: {wbAny, wbDontBreak, 71},
+
+	// WB7c. Transitions to wbWB7c handled by transitionWordBreakState().
+	{wbWB7c, prHebrewLetter}: {wbHebrewLetter, wbDontBreak, 73},
+
+	// WB8.
+	{wbAny, prNumeric}:     {wbNumeric, wbBreak, 9990},
+	{wbNumeric, prNumeric}: {wbNumeric, wbDontBreak, 80},
+
+	// WB9.
+	{wbALetter, prNumeric}:      {wbNumeric, wbDontBreak, 90},
+	{wbHebrewLetter, prNumeric}: {wbNumeric, wbDontBreak, 90},
+
+	// WB10.
+	{wbNumeric, prALetter}:      {wbALetter, wbDontBreak, 100},
+	{wbNumeric, prHebrewLetter}: {wbHebrewLetter, wbDontBreak, 100},
+
+	// WB11. Transitions to wbWB11 handled by transitionWordBreakState().
+	{wbWB11, prNumeric}: {wbNumeric, wbDontBreak, 110},
+
+	// WB13.
+	{wbAny, prKatakana}:      {wbKatakana, wbBreak, 9990},
+	{wbKatakana, prKatakana}: {wbKatakana, wbDontBreak, 130},
+
+	// WB13a.
+	{wbAny, prExtendNumLet}:          {wbExtendNumLet, wbBreak, 9990},
+	{wbALetter, prExtendNumLet}:      {wbExtendNumLet, wbDontBreak, 131},
+	{wbHebrewLetter, prExtendNumLet}: {wbExtendNumLet, wbDontBreak, 131},
+	{wbNumeric, prExtendNumLet}:      {wbExtendNumLet, wbDontBreak, 131},
+	{wbKatakana, prExtendNumLet}:     {wbExtendNumLet, wbDontBreak, 131},
+	{wbExtendNumLet, prExtendNumLet}: {wbExtendNumLet, wbDontBreak, 131},
+
+	// WB13b.
+	{wbExtendNumLet, prALetter}:      {wbALetter, wbDontBreak, 132},
+	{wbExtendNumLet, prHebrewLetter}: {wbHebrewLetter, wbDontBreak, 132},
+	{wbExtendNumLet, prNumeric}:      {wbNumeric, wbDontBreak, 132},
+	{wbExtendNumLet, prKatakana}:     {prKatakana, wbDontBreak, 132},
+}
+
+// transitionWordBreakState determines the new state of the word break parser
+// given the current state and the next code point. It also returns whether a
+// word boundary was detected. If more than one code point is needed to
+// determine the new state, the byte slice or the string starting after rune "r"
+// can be used (whichever is not nil or empty) for further lookups.
+func transitionWordBreakState(state int, r rune, b []byte, str string) (newState int, wordBreak bool) {
+	// Determine the property of the next character.
+	nextProperty := property(workBreakCodePoints, r)
+
+	// "Replacing Ignore Rules".
+	if nextProperty == prZWJ {
+		// WB4 (for zero-width joiners).
+		if state == wbNewline || state == wbCR || state == wbLF {
+			return wbAny | wbZWJBit, true // Make sure we don't apply WB4 to WB3a.
+		}
+		if state < 0 {
+			return wbAny | wbZWJBit, false
+		}
+		return state | wbZWJBit, false
+	} else if nextProperty == prExtend || nextProperty == prFormat {
+		// WB4 (for Extend and Format).
+		if state == wbNewline || state == wbCR || state == wbLF {
+			return wbAny, true // Make sure we don't apply WB4 to WB3a.
+		}
+		if state == wbWSegSpace || state == wbAny|wbZWJBit {
+			return wbAny, false // We don't break but this is also not WB3d or WB3c.
+		}
+		if state < 0 {
+			return wbAny, false
+		}
+		return state, false
+	} else if nextProperty == prExtendedPictographic && state >= 0 && state&wbZWJBit != 0 {
+		// WB3c.
+		return wbAny, false
+	}
+	if state >= 0 {
+		state = state &^ wbZWJBit
+	}
+
+	// Find the applicable transition in the table.
+	var rule int
+	transition, ok := wbTransitions[[2]int{state, nextProperty}]
+	if ok {
+		// We have a specific transition. We'll use it.
+		newState, wordBreak, rule = transition[0], transition[1] == wbBreak, transition[2]
+	} else {
+		// No specific transition found. Try the less specific ones.
+		transAnyProp, okAnyProp := wbTransitions[[2]int{state, prAny}]
+		transAnyState, okAnyState := wbTransitions[[2]int{wbAny, nextProperty}]
+		if okAnyProp && okAnyState {
+			// Both apply. We'll use a mix (see comments for grTransitions).
+			newState, wordBreak, rule = transAnyState[0], transAnyState[1] == wbBreak, transAnyState[2]
+			if transAnyProp[2] < transAnyState[2] {
+				wordBreak, rule = transAnyProp[1] == wbBreak, transAnyProp[2]
+			}
+		} else if okAnyProp {
+			// We only have a specific state.
+			newState, wordBreak, rule = transAnyProp[0], transAnyProp[1] == wbBreak, transAnyProp[2]
+			// This branch will probably never be reached because okAnyState will
+			// always be true given the current transition map. But we keep it here
+			// for future modifications to the transition map where this may not be
+			// true anymore.
+		} else if okAnyState {
+			// We only have a specific property.
+			newState, wordBreak, rule = transAnyState[0], transAnyState[1] == wbBreak, transAnyState[2]
+		} else {
+			// No known transition. WB999: Any ÷ Any.
+			newState, wordBreak, rule = wbAny, true, 9990
+		}
+	}
+
+	// For those rules that need to look up runes further in the string, we
+	// determine the property after nextProperty, skipping over Format, Extend,
+	// and ZWJ (according to WB4). It's -1 if not needed, if such a rune cannot
+	// be determined (because the text ends or the rune is faulty).
+	farProperty := -1
+	if rule > 60 &&
+		(state == wbALetter || state == wbHebrewLetter || state == wbNumeric) &&
+		(nextProperty == prMidLetter || nextProperty == prMidNumLet || nextProperty == prSingleQuote || // WB6.
+			nextProperty == prDoubleQuote || // WB7b.
+			nextProperty == prMidNum) { // WB12.
+		for {
+			var (
+				r      rune
+				length int
+			)
+			if b != nil { // Byte slice version.
+				r, length = utf8.DecodeRune(b)
+				b = b[length:]
+			} else { // String version.
+				r, length = utf8.DecodeRuneInString(str)
+				str = str[length:]
+			}
+			if r == utf8.RuneError {
+				break
+			}
+			prop := property(workBreakCodePoints, r)
+			if prop == prExtend || prop == prFormat || prop == prZWJ {
+				continue
+			}
+			farProperty = prop
+			break
+		}
+	}
+
+	// WB6.
+	if rule > 60 &&
+		(state == wbALetter || state == wbHebrewLetter) &&
+		(nextProperty == prMidLetter || nextProperty == prMidNumLet || nextProperty == prSingleQuote) &&
+		(farProperty == prALetter || farProperty == prHebrewLetter) {
+		return wbWB7, false
+	}
+
+	// WB7b.
+	if rule > 72 &&
+		state == wbHebrewLetter &&
+		nextProperty == prDoubleQuote &&
+		farProperty == prHebrewLetter {
+		return wbWB7c, false
+	}
+
+	// WB12.
+	if rule > 120 &&
+		state == wbNumeric &&
+		(nextProperty == prMidNum || nextProperty == prMidNumLet || nextProperty == prSingleQuote) &&
+		farProperty == prNumeric {
+		return wbWB11, false
+	}
+
+	// WB15 and WB16.
+	if newState == wbAny && nextProperty == prRegionalIndicator {
+		if state != wbOddRI && state != wbEvenRI { // Includes state == -1.
+			// Transition into the first RI.
+			return wbOddRI, true
+		}
+		if state == wbOddRI {
+			// Don't break pairs of Regional Indicators.
+			return wbEvenRI, false
+		}
+		return wbOddRI, true // We can break after a pair.
+	}
+
+	return
+}
diff --git a/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/attach.go b/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/attach.go
index 036ed1f1ae..cb7b9a2ceb 100644
--- a/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/attach.go
+++ b/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/attach.go
@@ -32,6 +32,7 @@ type AttachSignatureOptions struct {
 	Cert           string
 	CertChain      string
 	TimeStampedSig string
+	RekorBundle    string
 	Registry       RegistryOptions
 }
 
@@ -57,6 +58,8 @@ func (o *AttachSignatureOptions) AddFlags(cmd *cobra.Command) {
 			"signing certificate and end with the root certificate. Included in the OCI Signature")
 	cmd.Flags().StringVar(&o.TimeStampedSig, "tsr", "",
 		"path to the Time Stamped Signature Response from RFC3161 compliant TSA")
+	cmd.Flags().StringVar(&o.RekorBundle, "rekor-response", "",
+		"path to the rekor bundle")
 }
 
 // AttachSBOMOptions is the top level wrapper for the attach sbom command.
diff --git a/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/clean.go b/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/clean.go
index 67e332809a..540bc4f1cf 100644
--- a/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/clean.go
+++ b/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/clean.go
@@ -65,7 +65,7 @@ var _ Interface = (*CleanOptions)(nil)
 func (c *CleanOptions) AddFlags(cmd *cobra.Command) {
 	c.Registry.AddFlags(cmd)
 	c.CleanType = defaultCleanType()
-	cmd.Flags().Var(&c.CleanType, "type", "a type of clean: <signature|attestation|sbom|all>")
+	cmd.Flags().Var(&c.CleanType, "type", "a type of clean: <signature|attestation|sbom|all> (sbom is deprecated)")
 	// TODO(#2044): Rename to --skip-confirmation for consistency?
 	cmd.Flags().BoolVarP(&c.Force, "force", "f", false, "do not prompt for confirmation")
 }
diff --git a/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/copy.go b/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/copy.go
index e9c5c70134..7f4d5f373c 100644
--- a/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/copy.go
+++ b/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/copy.go
@@ -21,8 +21,10 @@ import (
 
 // CopyOptions is the top level wrapper for the copy command.
 type CopyOptions struct {
+	CopyOnly      string
 	SignatureOnly bool
 	Force         bool
+	Platform      string
 	Registry      RegistryOptions
 }
 
@@ -32,9 +34,15 @@ var _ Interface = (*CopyOptions)(nil)
 func (o *CopyOptions) AddFlags(cmd *cobra.Command) {
 	o.Registry.AddFlags(cmd)
 
+	cmd.Flags().StringVar(&o.CopyOnly, "only", "",
+		"custom string array to only copy specific items, this flag is comma delimited. ex: --only=sbom,sign,att")
+
 	cmd.Flags().BoolVar(&o.SignatureOnly, "sig-only", false,
-		"only copy the image signature")
+		"[DEPRECATED] only copy the image signature")
 
 	cmd.Flags().BoolVarP(&o.Force, "force", "f", false,
 		"overwrite destination image(s), if necessary")
+
+	cmd.Flags().StringVar(&o.Platform, "platform", "",
+		"only copy container image and its signatures for a specific platform image")
 }
diff --git a/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/deprecate.go b/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/deprecate.go
new file mode 100644
index 0000000000..76084afa17
--- /dev/null
+++ b/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/deprecate.go
@@ -0,0 +1,21 @@
+//
+// Copyright 2023 The Sigstore Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package options
+
+const SBOMAttachmentDeprecation = "WARNING: SBOM attachments are deprecated " +
+	"and support will be removed in a Cosign release soon after 2024-02-22 " +
+	"(see https://github.com/sigstore/cosign/issues/2755). " +
+	"Instead, please use SBOM attestations."
diff --git a/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/predicate.go b/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/predicate.go
index 707a38cae4..0c68e279b7 100644
--- a/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/predicate.go
+++ b/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/predicate.go
@@ -19,7 +19,8 @@ import (
 	"fmt"
 	"net/url"
 
-	slsa "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v0.2"
+	slsa02 "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v0.2"
+	slsa1 "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v1"
 
 	"github.com/in-toto/in-toto-golang/in_toto"
 	"github.com/spf13/cobra"
@@ -30,6 +31,8 @@ import (
 const (
 	PredicateCustom    = "custom"
 	PredicateSLSA      = "slsaprovenance"
+	PredicateSLSA02    = "slsaprovenance02"
+	PredicateSLSA1     = "slsaprovenance1"
 	PredicateSPDX      = "spdx"
 	PredicateSPDXJSON  = "spdxjson"
 	PredicateCycloneDX = "cyclonedx"
@@ -40,7 +43,9 @@ const (
 // PredicateTypeMap is the mapping between the predicate `type` option to predicate URI.
 var PredicateTypeMap = map[string]string{
 	PredicateCustom:    attestation.CosignCustomProvenanceV01,
-	PredicateSLSA:      slsa.PredicateSLSAProvenance,
+	PredicateSLSA:      slsa02.PredicateSLSAProvenance,
+	PredicateSLSA02:    slsa02.PredicateSLSAProvenance,
+	PredicateSLSA1:     slsa1.PredicateSLSAProvenance,
 	PredicateSPDX:      in_toto.PredicateSPDX,
 	PredicateSPDXJSON:  in_toto.PredicateSPDX,
 	PredicateCycloneDX: in_toto.PredicateCycloneDX,
@@ -58,7 +63,7 @@ var _ Interface = (*PredicateOptions)(nil)
 // AddFlags implements Interface
 func (o *PredicateOptions) AddFlags(cmd *cobra.Command) {
 	cmd.Flags().StringVar(&o.Type, "type", "custom",
-		"specify a predicate type (slsaprovenance|link|spdx|spdxjson|cyclonedx|vuln|custom) or an URI")
+		"specify a predicate type (slsaprovenance|slsaprovenance02|slsaprovenance1|link|spdx|spdxjson|cyclonedx|vuln|custom) or an URI")
 }
 
 // ParsePredicateType parses the predicate `type` flag passed into a predicate URI, or validates `type` is a valid URI.
diff --git a/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/registry.go b/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/registry.go
index 425a7c60a0..61edb47d48 100644
--- a/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/registry.go
+++ b/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/registry.go
@@ -44,6 +44,7 @@ type RegistryOptions struct {
 	KubernetesKeychain bool
 	RefOpts            ReferenceOptions
 	Keychain           Keychain
+	AuthConfig         authn.AuthConfig
 
 	// RegistryClientOpts allows overriding the result of GetRegistryClientOpts.
 	RegistryClientOpts []remote.Option
@@ -62,6 +63,15 @@ func (o *RegistryOptions) AddFlags(cmd *cobra.Command) {
 	cmd.Flags().BoolVar(&o.KubernetesKeychain, "k8s-keychain", false,
 		"whether to use the kubernetes keychain instead of the default keychain (supports workload identity).")
 
+	cmd.Flags().StringVar(&o.AuthConfig.Username, "registry-username", "",
+		"registry basic auth username")
+
+	cmd.Flags().StringVar(&o.AuthConfig.Password, "registry-password", "",
+		"registry basic auth password")
+
+	cmd.Flags().StringVar(&o.AuthConfig.RegistryToken, "registry-token", "",
+		"registry bearer auth token")
+
 	o.RefOpts.AddFlags(cmd)
 }
 
@@ -113,6 +123,10 @@ func (o *RegistryOptions) GetRegistryClientOpts(ctx context.Context) []remote.Op
 			github.Keychain,
 		)
 		opts = append(opts, remote.WithAuthFromKeychain(kc))
+	case o.AuthConfig.Username != "" && o.AuthConfig.Password != "":
+		opts = append(opts, remote.WithAuth(&authn.Basic{Username: o.AuthConfig.Username, Password: o.AuthConfig.Password}))
+	case o.AuthConfig.RegistryToken != "":
+		opts = append(opts, remote.WithAuth(&authn.Bearer{Token: o.AuthConfig.RegistryToken}))
 	default:
 		opts = append(opts, remote.WithAuthFromKeychain(authn.DefaultKeychain))
 	}
diff --git a/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/sign.go b/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/sign.go
index aeac9cad6e..c7cef86072 100644
--- a/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/sign.go
+++ b/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/sign.go
@@ -100,7 +100,7 @@ func (o *SignOptions) AddFlags(cmd *cobra.Command) {
 		"if a multi-arch image is specified, additionally sign each discrete image")
 
 	cmd.Flags().StringVar(&o.Attachment, "attachment", "",
-		"related image attachment to sign (sbom), default none")
+		"DEPRECATED, related image attachment to sign (sbom), default none")
 
 	cmd.Flags().BoolVarP(&o.SkipConfirmation, "yes", "y", false,
 		"skip confirmation prompts for non-destructive operations")
diff --git a/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/triangulate.go b/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/triangulate.go
index 5a60b38e91..ba76618b08 100644
--- a/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/triangulate.go
+++ b/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/triangulate.go
@@ -32,5 +32,5 @@ func (o *TriangulateOptions) AddFlags(cmd *cobra.Command) {
 	o.Registry.AddFlags(cmd)
 
 	cmd.Flags().StringVar(&o.Type, "type", "signature",
-		"related attachment to triangulate (attestation|sbom|signature), default signature")
+		"related attachment to triangulate (attestation|sbom|signature|digest), default signature (sbom is deprecated)")
 }
diff --git a/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/verify.go b/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/verify.go
index dd2c3f7a4b..0b14797efb 100644
--- a/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/verify.go
+++ b/vendor/github.com/sigstore/cosign/v2/cmd/cosign/cli/options/verify.go
@@ -26,6 +26,9 @@ type CommonVerifyOptions struct {
 	TSACertChainPath string
 	IgnoreTlog       bool
 	MaxWorkers       int
+	// This is added to CommonVerifyOptions to provide a path to support
+	// it for other verify options.
+	ExperimentalOCI11 bool
 }
 
 func (o *CommonVerifyOptions) AddFlags(cmd *cobra.Command) {
@@ -40,6 +43,9 @@ func (o *CommonVerifyOptions) AddFlags(cmd *cobra.Command) {
 		"ignore transparency log verification, to be used when an artifact signature has not been uploaded to the transparency log. Artifacts "+
 			"cannot be publicly verified when not included in a log")
 
+	cmd.Flags().BoolVar(&o.ExperimentalOCI11, "experimental-oci11", false,
+		"set to true to enable experimental OCI 1.1 behaviour")
+
 	cmd.Flags().IntVar(&o.MaxWorkers, "max-workers", cosign.DefaultMaxWorkers,
 		"the amount of maximum workers for parallel executions")
 }
@@ -84,7 +90,7 @@ func (o *VerifyOptions) AddFlags(cmd *cobra.Command) {
 		"whether to check the claims found")
 
 	cmd.Flags().StringVar(&o.Attachment, "attachment", "",
-		"related image attachment to verify (sbom), default none")
+		"DEPRECATED, related image attachment to verify (sbom), default none")
 
 	cmd.Flags().StringVarP(&o.Output, "output", "o", "json",
 		"output format for the signing image information (json|text)")
diff --git a/vendor/github.com/sigstore/cosign/v2/pkg/cosign/attestation/attestation.go b/vendor/github.com/sigstore/cosign/v2/pkg/cosign/attestation/attestation.go
index 52a2008043..f95d8a9ec7 100644
--- a/vendor/github.com/sigstore/cosign/v2/pkg/cosign/attestation/attestation.go
+++ b/vendor/github.com/sigstore/cosign/v2/pkg/cosign/attestation/attestation.go
@@ -23,7 +23,8 @@ import (
 	"strings"
 	"time"
 
-	slsa "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v0.2"
+	slsa02 "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v0.2"
+	slsa1 "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v1"
 
 	"github.com/in-toto/in-toto-golang/in_toto"
 )
@@ -99,7 +100,7 @@ type GenerateOpts struct {
 }
 
 // GenerateStatement returns an in-toto statement based on the provided
-// predicate type (custom|slsaprovenance|spdx|spdxjson|cyclonedx|link).
+// predicate type (custom|slsaprovenance|slsaprovenance02|slsaprovenance1|spdx|spdxjson|cyclonedx|link).
 func GenerateStatement(opts GenerateOpts) (interface{}, error) {
 	predicate, err := io.ReadAll(opts.Predicate)
 	if err != nil {
@@ -108,7 +109,11 @@ func GenerateStatement(opts GenerateOpts) (interface{}, error) {
 
 	switch opts.Type {
 	case "slsaprovenance":
-		return generateSLSAProvenanceStatement(predicate, opts.Digest, opts.Repo)
+		return generateSLSAProvenanceStatementSLSA02(predicate, opts.Digest, opts.Repo)
+	case "slsaprovenance02":
+		return generateSLSAProvenanceStatementSLSA02(predicate, opts.Digest, opts.Repo)
+	case "slsaprovenance1":
+		return generateSLSAProvenanceStatementSLSA1(predicate, opts.Digest, opts.Repo)
 	case "spdx":
 		return generateSPDXStatement(predicate, opts.Digest, opts.Repo, false)
 	case "spdxjson":
@@ -198,8 +203,8 @@ func generateCustomPredicate(rawPayload []byte, customType, timestamp string) (i
 	return result, nil
 }
 
-func generateSLSAProvenanceStatement(rawPayload []byte, digest string, repo string) (interface{}, error) {
-	var predicate slsa.ProvenancePredicate
+func generateSLSAProvenanceStatementSLSA02(rawPayload []byte, digest string, repo string) (interface{}, error) {
+	var predicate slsa02.ProvenancePredicate
 	err := checkRequiredJSONFields(rawPayload, reflect.TypeOf(predicate))
 	if err != nil {
 		return nil, fmt.Errorf("provenance predicate: %w", err)
@@ -208,8 +213,24 @@ func generateSLSAProvenanceStatement(rawPayload []byte, digest string, repo stri
 	if err != nil {
 		return "", fmt.Errorf("unmarshal Provenance predicate: %w", err)
 	}
-	return in_toto.ProvenanceStatement{
-		StatementHeader: generateStatementHeader(digest, repo, slsa.PredicateSLSAProvenance),
+	return in_toto.ProvenanceStatementSLSA02{
+		StatementHeader: generateStatementHeader(digest, repo, slsa02.PredicateSLSAProvenance),
+		Predicate:       predicate,
+	}, nil
+}
+
+func generateSLSAProvenanceStatementSLSA1(rawPayload []byte, digest string, repo string) (interface{}, error) {
+	var predicate slsa1.ProvenancePredicate
+	err := checkRequiredJSONFields(rawPayload, reflect.TypeOf(predicate))
+	if err != nil {
+		return nil, fmt.Errorf("provenance predicate: %w", err)
+	}
+	err = json.Unmarshal(rawPayload, &predicate)
+	if err != nil {
+		return "", fmt.Errorf("unmarshal Provenance predicate: %w", err)
+	}
+	return in_toto.ProvenanceStatementSLSA1{
+		StatementHeader: generateStatementHeader(digest, repo, slsa1.PredicateSLSAProvenance),
 		Predicate:       predicate,
 	}, nil
 }
diff --git a/vendor/github.com/sigstore/cosign/v2/pkg/cosign/bundle/rekor.go b/vendor/github.com/sigstore/cosign/v2/pkg/cosign/bundle/rekor.go
index 497aa7a464..5331302051 100644
--- a/vendor/github.com/sigstore/cosign/v2/pkg/cosign/bundle/rekor.go
+++ b/vendor/github.com/sigstore/cosign/v2/pkg/cosign/bundle/rekor.go
@@ -14,7 +14,9 @@
 
 package bundle
 
-import "github.com/sigstore/rekor/pkg/generated/models"
+import (
+	"github.com/sigstore/rekor/pkg/generated/models"
+)
 
 // RekorBundle holds metadata about recording a Signature's ephemeral key to
 // a Rekor transparency log.
diff --git a/vendor/github.com/sigstore/cosign/v2/pkg/cosign/env/env.go b/vendor/github.com/sigstore/cosign/v2/pkg/cosign/env/env.go
index 599df2e0f4..5c26d4f516 100644
--- a/vendor/github.com/sigstore/cosign/v2/pkg/cosign/env/env.go
+++ b/vendor/github.com/sigstore/cosign/v2/pkg/cosign/env/env.go
@@ -44,12 +44,13 @@ func (v Variable) String() string {
 
 const (
 	// Cosign environment variables
-	VariableExperimental     Variable = "COSIGN_EXPERIMENTAL"
-	VariableDockerMediaTypes Variable = "COSIGN_DOCKER_MEDIA_TYPES"
-	VariablePassword         Variable = "COSIGN_PASSWORD"
-	VariablePKCS11Pin        Variable = "COSIGN_PKCS11_PIN"
-	VariablePKCS11ModulePath Variable = "COSIGN_PKCS11_MODULE_PATH"
-	VariableRepository       Variable = "COSIGN_REPOSITORY"
+	VariableExperimental            Variable = "COSIGN_EXPERIMENTAL"
+	VariableDockerMediaTypes        Variable = "COSIGN_DOCKER_MEDIA_TYPES"
+	VariablePassword                Variable = "COSIGN_PASSWORD"
+	VariablePKCS11Pin               Variable = "COSIGN_PKCS11_PIN"
+	VariablePKCS11ModulePath        Variable = "COSIGN_PKCS11_MODULE_PATH"
+	VariablePKCS11IgnoreCertificate Variable = "COSIGN_PKCS11_IGNORE_CERTIFICATE"
+	VariableRepository              Variable = "COSIGN_REPOSITORY"
 
 	// Sigstore environment variables
 	VariableSigstoreCTLogPublicKeyFile Variable = "SIGSTORE_CT_LOG_PUBLIC_KEY_FILE"
@@ -102,6 +103,11 @@ var (
 			Expects:     "string with a module-path",
 			Sensitive:   false,
 		},
+		VariablePKCS11IgnoreCertificate: {
+			Description: "disables loading certificates with PKCS11",
+			Expects:     "1 if loading certificates should be disabled (0 by default)",
+			Sensitive:   false,
+		},
 		VariableRepository: {
 			Description: "can be used to store signatures in an alternate location",
 			Expects:     "string with a repository",
diff --git a/vendor/github.com/sigstore/cosign/v2/pkg/cosign/fetch.go b/vendor/github.com/sigstore/cosign/v2/pkg/cosign/fetch.go
index 84c9238fe3..ff81be227b 100644
--- a/vendor/github.com/sigstore/cosign/v2/pkg/cosign/fetch.go
+++ b/vendor/github.com/sigstore/cosign/v2/pkg/cosign/fetch.go
@@ -34,6 +34,8 @@ import (
 	"golang.org/x/sync/errgroup"
 )
 
+const maxAllowedSigsOrAtts = 100
+
 type SignedPayload struct {
 	Base64Signature  string
 	Payload          []byte
@@ -64,6 +66,7 @@ const (
 	Signature   = "signature"
 	SBOM        = "sbom"
 	Attestation = "attestation"
+	Digest      = "digest"
 )
 
 func FetchSignaturesForReference(_ context.Context, ref name.Reference, opts ...ociremote.Option) ([]SignedPayload, error) {
@@ -83,6 +86,9 @@ func FetchSignaturesForReference(_ context.Context, ref name.Reference, opts ...
 	if len(l) == 0 {
 		return nil, fmt.Errorf("no signatures associated with %s", ref)
 	}
+	if len(l) > maxAllowedSigsOrAtts {
+		return nil, fmt.Errorf("maximum number of signatures on an image is %d, found %d", maxAllowedSigsOrAtts, len(l))
+	}
 
 	signatures := make([]SignedPayload, len(l))
 	var g errgroup.Group
@@ -144,6 +150,10 @@ func FetchAttestations(se oci.SignedEntity, predicateType string) ([]Attestation
 	if len(l) == 0 {
 		return nil, errors.New("found no attestations")
 	}
+	if len(l) > maxAllowedSigsOrAtts {
+		errMsg := fmt.Sprintf("maximum number of attestations on an image is %d, found %d", maxAllowedSigsOrAtts, len(l))
+		return nil, errors.New(errMsg)
+	}
 
 	attestations := make([]AttestationPayload, 0, len(l))
 	var attMu sync.Mutex
diff --git a/vendor/github.com/sigstore/cosign/v2/pkg/cosign/git/github/github.go b/vendor/github.com/sigstore/cosign/v2/pkg/cosign/git/github/github.go
index 14c7bb2f4e..6aecb0b64f 100644
--- a/vendor/github.com/sigstore/cosign/v2/pkg/cosign/git/github/github.go
+++ b/vendor/github.com/sigstore/cosign/v2/pkg/cosign/git/github/github.go
@@ -25,7 +25,7 @@ import (
 	"os"
 	"strings"
 
-	"github.com/google/go-github/v53/github"
+	"github.com/google/go-github/v55/github"
 	"golang.org/x/crypto/nacl/box"
 	"golang.org/x/oauth2"
 
@@ -57,7 +57,7 @@ func (g *Gh) PutSecret(ctx context.Context, ref string, pf cosign.PassFunc) erro
 	var client *github.Client
 	if host, ok := env.LookupEnv(env.VariableGitHubHost); ok {
 		var err error
-		client, err = github.NewEnterpriseClient(host, host, httpClient)
+		client, err = github.NewClient(httpClient).WithEnterpriseURLs(host, host)
 		if err != nil {
 			return fmt.Errorf("could not create github enterprise client: %w", err)
 		}
diff --git a/vendor/github.com/sigstore/cosign/v2/pkg/cosign/kubernetes/secret.go b/vendor/github.com/sigstore/cosign/v2/pkg/cosign/kubernetes/secret.go
index b822dbb6e8..b05c235e41 100644
--- a/vendor/github.com/sigstore/cosign/v2/pkg/cosign/kubernetes/secret.go
+++ b/vendor/github.com/sigstore/cosign/v2/pkg/cosign/kubernetes/secret.go
@@ -21,11 +21,10 @@ import (
 	"os"
 	"strings"
 
-	"k8s.io/utils/pointer"
-
 	v1 "k8s.io/api/core/v1"
 	k8serrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/utils/ptr"
 
 	"github.com/sigstore/cosign/v2/pkg/cosign"
 )
@@ -120,7 +119,7 @@ func secret(keys *cosign.KeysBytes, namespace, name string, data map[string][]by
 		return &v1.Secret{
 			ObjectMeta: obj,
 			Data:       data,
-			Immutable:  pointer.Bool(true),
+			Immutable:  ptr.To[bool](true),
 		}
 	}
 
diff --git a/vendor/github.com/sigstore/cosign/v2/pkg/cosign/pkcs11key/pkcs11key.go b/vendor/github.com/sigstore/cosign/v2/pkg/cosign/pkcs11key/pkcs11key.go
index 0c735c82f8..c034a3f4fa 100644
--- a/vendor/github.com/sigstore/cosign/v2/pkg/cosign/pkcs11key/pkcs11key.go
+++ b/vendor/github.com/sigstore/cosign/v2/pkg/cosign/pkcs11key/pkcs11key.go
@@ -177,10 +177,15 @@ func GetKeyWithURIConfig(config *Pkcs11UriConfig, askForPinIfNeeded bool) (*Key,
 	// Key's corresponding cert might not exist,
 	// therefore, we do not fail if it is the case.
 	var cert *x509.Certificate
-	if len(config.KeyID) != 0 {
-		cert, _ = ctx.FindCertificate(config.KeyID, nil, nil)
-	} else if len(config.KeyLabel) != 0 {
-		cert, _ = ctx.FindCertificate(nil, config.KeyLabel, nil)
+
+	ignoreCert := env.Getenv(env.VariablePKCS11IgnoreCertificate) == "1"
+
+	if !ignoreCert {
+		if len(config.KeyID) != 0 {
+			cert, _ = ctx.FindCertificate(config.KeyID, nil, nil)
+		} else if len(config.KeyLabel) != 0 {
+			cert, _ = ctx.FindCertificate(nil, config.KeyLabel, nil)
+		}
 	}
 
 	return &Key{ctx: ctx, signer: signer, cert: cert}, nil
diff --git a/vendor/github.com/sigstore/cosign/v2/pkg/cosign/verify.go b/vendor/github.com/sigstore/cosign/v2/pkg/cosign/verify.go
index dffd8691e1..7a4b2b1115 100644
--- a/vendor/github.com/sigstore/cosign/v2/pkg/cosign/verify.go
+++ b/vendor/github.com/sigstore/cosign/v2/pkg/cosign/verify.go
@@ -158,6 +158,10 @@ type CheckOpts struct {
 	// The amount of maximum workers for parallel executions.
 	// Defaults to 10.
 	MaxWorkers int
+
+	// Should the experimental OCI 1.1 behaviour be enabled or not.
+	// Defaults to false.
+	ExperimentalOCI11 bool
 }
 
 // This is a substitutable signature verification function that can be used for verifying
@@ -470,11 +474,15 @@ func (fos *fakeOCISignatures) Get() ([]oci.Signature, error) {
 
 // VerifyImageSignatures does all the main cosign checks in a loop, returning the verified signatures.
 // If there were no valid signatures, we return an error.
+// Note that if co.ExperimentlOCI11 is set, we will attempt to verify
+// signatures using the experimental OCI 1.1 behavior.
 func VerifyImageSignatures(ctx context.Context, signedImgRef name.Reference, co *CheckOpts) (checkedSignatures []oci.Signature, bundleVerified bool, err error) {
-	// Try first using OCI 1.1 behavior
-	verified, bundleVerified, err := verifyImageSignaturesExperimentalOCI(ctx, signedImgRef, co)
-	if err == nil {
-		return verified, bundleVerified, nil
+	// Try first using OCI 1.1 behavior if experimental flag is set.
+	if co.ExperimentalOCI11 {
+		verified, bundleVerified, err := verifyImageSignaturesExperimentalOCI(ctx, signedImgRef, co)
+		if err == nil {
+			return verified, bundleVerified, nil
+		}
 	}
 
 	// Enforce this up front.
@@ -648,14 +656,12 @@ func verifyInternal(ctx context.Context, sig oci.Signature, h v1.Hash,
 	bundleVerified bool, err error) {
 	var acceptableRFC3161Time, acceptableRekorBundleTime *time.Time // Timestamps for the signature we accept, or nil if not applicable.
 
-	if co.TSARootCertificates != nil {
-		acceptableRFC3161Timestamp, err := VerifyRFC3161Timestamp(sig, co)
-		if err != nil {
-			return false, fmt.Errorf("unable to verify RFC3161 timestamp bundle: %w", err)
-		}
-		if acceptableRFC3161Timestamp != nil {
-			acceptableRFC3161Time = &acceptableRFC3161Timestamp.Time
-		}
+	acceptableRFC3161Timestamp, err := VerifyRFC3161Timestamp(sig, co)
+	if err != nil {
+		return false, fmt.Errorf("unable to verify RFC3161 timestamp bundle: %w", err)
+	}
+	if acceptableRFC3161Timestamp != nil {
+		acceptableRFC3161Time = &acceptableRFC3161Timestamp.Time
 	}
 
 	if !co.IgnoreTlog {
@@ -1099,13 +1105,17 @@ func VerifyBundle(sig oci.Signature, co *CheckOpts) (bool, error) {
 
 // VerifyRFC3161Timestamp verifies that the timestamp in sig is correctly signed, and if so,
 // returns the timestamp value.
-// It returns (nil, nil) if there is no timestamp, or (nil, err) if there is an invalid timestamp.
+// It returns (nil, nil) if there is no timestamp, or (nil, err) if there is an invalid timestamp or if
+// no root is provided with a timestamp.
 func VerifyRFC3161Timestamp(sig oci.Signature, co *CheckOpts) (*timestamp.Timestamp, error) {
 	ts, err := sig.RFC3161Timestamp()
-	if err != nil {
+	switch {
+	case err != nil:
 		return nil, err
-	} else if ts == nil {
+	case ts == nil:
 		return nil, nil
+	case co.TSARootCertificates == nil:
+		return nil, errors.New("no TSA root certificate(s) provided to verify timestamp")
 	}
 
 	b64Sig, err := sig.Base64Signature()
diff --git a/vendor/github.com/sigstore/cosign/v2/pkg/oci/mutate/mutate.go b/vendor/github.com/sigstore/cosign/v2/pkg/oci/mutate/mutate.go
index 32d37be576..f934cb358d 100644
--- a/vendor/github.com/sigstore/cosign/v2/pkg/oci/mutate/mutate.go
+++ b/vendor/github.com/sigstore/cosign/v2/pkg/oci/mutate/mutate.go
@@ -96,13 +96,16 @@ func (i *indexWrapper) SignedImage(h v1.Hash) (oci.SignedImage, error) {
 			return si, nil
 		}
 	}
+
 	if sb, ok := i.ogbase.(oci.SignedImageIndex); ok {
 		return sb.SignedImage(h)
-	} else if unsigned, err := i.Image(h); err != nil {
+	}
+
+	unsigned, err := i.Image(h)
+	if err != nil {
 		return nil, err
-	} else {
-		return signed.Image(unsigned), nil
 	}
+	return signed.Image(unsigned), nil
 }
 
 // SignedImageIndex implements oci.SignedImageIndex
@@ -118,13 +121,16 @@ func (i *indexWrapper) SignedImageIndex(h v1.Hash) (oci.SignedImageIndex, error)
 			return sii, nil
 		}
 	}
+
 	if sb, ok := i.ogbase.(oci.SignedImageIndex); ok {
 		return sb.SignedImageIndex(h)
-	} else if unsigned, err := i.ImageIndex(h); err != nil {
+	}
+
+	unsigned, err := i.ImageIndex(h)
+	if err != nil {
 		return nil, err
-	} else {
-		return signed.ImageIndex(unsigned), nil
 	}
+	return signed.ImageIndex(unsigned), nil
 }
 
 // AttachSignatureToEntity attaches the provided signature to the provided entity.
@@ -204,47 +210,12 @@ type signedImage struct {
 
 // Signatures implements oci.SignedImage
 func (si *signedImage) Signatures() (oci.Signatures, error) {
-	base, err := si.SignedImage.Signatures()
-	if err != nil {
-		return nil, err
-	} else if si.sig == nil {
-		return base, nil
-	}
-	if si.so.dd != nil {
-		if existing, err := si.so.dd.Find(base, si.sig); err != nil {
-			return nil, err
-		} else if existing != nil {
-			// Just return base if the signature is redundant
-			return base, nil
-		}
-	}
-	return AppendSignatures(base, si.sig)
+	return si.so.dedupeAndReplace(si.sig, si.SignedImage.Signatures)
 }
 
 // Attestations implements oci.SignedImage
 func (si *signedImage) Attestations() (oci.Signatures, error) {
-	base, err := si.SignedImage.Attestations()
-	if err != nil {
-		return nil, err
-	} else if si.att == nil {
-		return base, nil
-	}
-	if si.so.dd != nil {
-		if existing, err := si.so.dd.Find(base, si.att); err != nil {
-			return nil, err
-		} else if existing != nil {
-			// Just return base if the signature is redundant
-			return base, nil
-		}
-	}
-	if si.so.ro != nil {
-		replace, err := si.so.ro.Replace(base, si.att)
-		if err != nil {
-			return nil, err
-		}
-		return ReplaceSignatures(replace)
-	}
-	return AppendSignatures(base, si.att)
+	return si.so.dedupeAndReplace(si.att, si.SignedImage.Attestations)
 }
 
 // Attachment implements oci.SignedImage
@@ -298,47 +269,12 @@ type signedImageIndex struct {
 
 // Signatures implements oci.SignedImageIndex
 func (sii *signedImageIndex) Signatures() (oci.Signatures, error) {
-	base, err := sii.ociSignedImageIndex.Signatures()
-	if err != nil {
-		return nil, err
-	} else if sii.sig == nil {
-		return base, nil
-	}
-	if sii.so.dd != nil {
-		if existing, err := sii.so.dd.Find(base, sii.sig); err != nil {
-			return nil, err
-		} else if existing != nil {
-			// Just return base if the signature is redundant
-			return base, nil
-		}
-	}
-	return AppendSignatures(base, sii.sig)
+	return sii.so.dedupeAndReplace(sii.sig, sii.ociSignedImageIndex.Signatures)
 }
 
 // Attestations implements oci.SignedImageIndex
 func (sii *signedImageIndex) Attestations() (oci.Signatures, error) {
-	base, err := sii.ociSignedImageIndex.Attestations()
-	if err != nil {
-		return nil, err
-	} else if sii.att == nil {
-		return base, nil
-	}
-	if sii.so.dd != nil {
-		if existing, err := sii.so.dd.Find(base, sii.att); err != nil {
-			return nil, err
-		} else if existing != nil {
-			// Just return base if the signature is redundant
-			return base, nil
-		}
-	}
-	if sii.so.ro != nil {
-		replace, err := sii.so.ro.Replace(base, sii.att)
-		if err != nil {
-			return nil, err
-		}
-		return ReplaceSignatures(replace)
-	}
-	return AppendSignatures(base, sii.att)
+	return sii.so.dedupeAndReplace(sii.att, sii.ociSignedImageIndex.Attestations)
 }
 
 // Attachment implements oci.SignedImageIndex
@@ -403,53 +339,43 @@ func (si *signedUnknown) Digest() (v1.Hash, error) {
 
 // Signatures implements oci.SignedEntity
 func (si *signedUnknown) Signatures() (oci.Signatures, error) {
-	base, err := si.SignedEntity.Signatures()
-	if err != nil {
-		return nil, err
-	} else if si.sig == nil {
-		return base, nil
-	}
-	if si.so.dd != nil {
-		if existing, err := si.so.dd.Find(base, si.sig); err != nil {
-			return nil, err
-		} else if existing != nil {
-			// Just return base if the signature is redundant
-			return base, nil
-		}
-	}
-	return AppendSignatures(base, si.sig)
+	return si.so.dedupeAndReplace(si.sig, si.SignedEntity.Signatures)
 }
 
 // Attestations implements oci.SignedEntity
 func (si *signedUnknown) Attestations() (oci.Signatures, error) {
-	base, err := si.SignedEntity.Attestations()
+	return si.so.dedupeAndReplace(si.att, si.SignedEntity.Attestations)
+}
+
+// Attachment implements oci.SignedEntity
+func (si *signedUnknown) Attachment(attName string) (oci.File, error) {
+	if f, ok := si.attachments[attName]; ok {
+		return f, nil
+	}
+	return nil, fmt.Errorf("attachment %q not found", attName)
+}
+
+func (so *signOpts) dedupeAndReplace(sig oci.Signature, basefn func() (oci.Signatures, error)) (oci.Signatures, error) {
+	base, err := basefn()
 	if err != nil {
 		return nil, err
-	} else if si.att == nil {
+	} else if sig == nil {
 		return base, nil
 	}
-	if si.so.dd != nil {
-		if existing, err := si.so.dd.Find(base, si.att); err != nil {
+	if so.dd != nil {
+		if existing, err := so.dd.Find(base, sig); err != nil {
 			return nil, err
 		} else if existing != nil {
 			// Just return base if the signature is redundant
 			return base, nil
 		}
 	}
-	if si.so.ro != nil {
-		replace, err := si.so.ro.Replace(base, si.att)
+	if so.ro != nil {
+		replace, err := so.ro.Replace(base, sig)
 		if err != nil {
 			return nil, err
 		}
 		return ReplaceSignatures(replace)
 	}
-	return AppendSignatures(base, si.att)
-}
-
-// Attachment implements oci.SignedEntity
-func (si *signedUnknown) Attachment(attName string) (oci.File, error) {
-	if f, ok := si.attachments[attName]; ok {
-		return f, nil
-	}
-	return nil, fmt.Errorf("attachment %q not found", attName)
+	return AppendSignatures(base, sig)
 }
diff --git a/vendor/github.com/sigstore/cosign/v2/pkg/oci/mutate/signatures.go b/vendor/github.com/sigstore/cosign/v2/pkg/oci/mutate/signatures.go
index 4ac356fe7a..648cab0414 100644
--- a/vendor/github.com/sigstore/cosign/v2/pkg/oci/mutate/signatures.go
+++ b/vendor/github.com/sigstore/cosign/v2/pkg/oci/mutate/signatures.go
@@ -74,7 +74,7 @@ func ReplaceSignatures(base oci.Signatures) (oci.Signatures, error) {
 	return &sigAppender{
 		Image: img,
 		base:  base,
-		sigs:  sigs,
+		sigs:  []oci.Signature{},
 	}, nil
 }
 
diff --git a/vendor/github.com/sigstore/cosign/v2/pkg/oci/remote/remote.go b/vendor/github.com/sigstore/cosign/v2/pkg/oci/remote/remote.go
index fab0a76588..a9332d7c61 100644
--- a/vendor/github.com/sigstore/cosign/v2/pkg/oci/remote/remote.go
+++ b/vendor/github.com/sigstore/cosign/v2/pkg/oci/remote/remote.go
@@ -36,12 +36,24 @@ var (
 	remoteIndex = remote.Index
 	remoteGet   = remote.Get
 	remoteWrite = remote.Write
-
-	// ErrEntityNotFound is the error that SignedEntity returns when the
-	// provided ref does not exist.
-	ErrEntityNotFound = errors.New("entity not found in registry")
 )
 
+// EntityNotFoundError is the error that SignedEntity returns when the
+// provided ref does not exist.
+type EntityNotFoundError struct {
+	baseErr error
+}
+
+func (e *EntityNotFoundError) Error() string {
+	return fmt.Sprintf("entity not found in registry, error: %v", e.baseErr)
+}
+
+func NewEntityNotFoundError(err error) error {
+	return &EntityNotFoundError{
+		baseErr: err,
+	}
+}
+
 // SignedEntity provides access to a remote reference, and its signatures.
 // The SignedEntity will be one of SignedImage or SignedImageIndex.
 func SignedEntity(ref name.Reference, options ...Option) (oci.SignedEntity, error) {
@@ -50,7 +62,7 @@ func SignedEntity(ref name.Reference, options ...Option) (oci.SignedEntity, erro
 	got, err := remoteGet(ref, o.ROpt...)
 	var te *transport.Error
 	if errors.As(err, &te) && te.StatusCode == http.StatusNotFound {
-		return nil, ErrEntityNotFound
+		return nil, NewEntityNotFoundError(err)
 	} else if err != nil {
 		return nil, err
 	}
@@ -85,31 +97,43 @@ func SignedEntity(ref name.Reference, options ...Option) (oci.SignedEntity, erro
 // normalize turns image digests into tags with optional prefix & suffix:
 // sha256:d34db33f -> [prefix]sha256-d34db33f[.suffix]
 func normalize(h v1.Hash, prefix string, suffix string) string {
+	return normalizeWithSeparator(h, prefix, suffix, "-")
+}
+
+// normalizeWithSeparator turns image digests into tags with optional prefix & suffix:
+// sha256:d34db33f -> [prefix]sha256[algorithmSeparator]d34db33f[.suffix]
+func normalizeWithSeparator(h v1.Hash, prefix string, suffix string, algorithmSeparator string) string {
 	if suffix == "" {
-		return fmt.Sprint(prefix, h.Algorithm, "-", h.Hex)
+		return fmt.Sprint(prefix, h.Algorithm, algorithmSeparator, h.Hex)
 	}
-	return fmt.Sprint(prefix, h.Algorithm, "-", h.Hex, ".", suffix)
+	return fmt.Sprint(prefix, h.Algorithm, algorithmSeparator, h.Hex, ".", suffix)
 }
 
 // SignatureTag returns the name.Tag that associated signatures with a particular digest.
 func SignatureTag(ref name.Reference, opts ...Option) (name.Tag, error) {
 	o := makeOptions(ref.Context(), opts...)
-	return suffixTag(ref, o.SignatureSuffix, o)
+	return suffixTag(ref, o.SignatureSuffix, "-", o)
 }
 
 // AttestationTag returns the name.Tag that associated attestations with a particular digest.
 func AttestationTag(ref name.Reference, opts ...Option) (name.Tag, error) {
 	o := makeOptions(ref.Context(), opts...)
-	return suffixTag(ref, o.AttestationSuffix, o)
+	return suffixTag(ref, o.AttestationSuffix, "-", o)
 }
 
 // SBOMTag returns the name.Tag that associated SBOMs with a particular digest.
 func SBOMTag(ref name.Reference, opts ...Option) (name.Tag, error) {
 	o := makeOptions(ref.Context(), opts...)
-	return suffixTag(ref, o.SBOMSuffix, o)
+	return suffixTag(ref, o.SBOMSuffix, "-", o)
+}
+
+// DigestTag returns the name.Tag that associated SBOMs with a particular digest.
+func DigestTag(ref name.Reference, opts ...Option) (name.Tag, error) {
+	o := makeOptions(ref.Context(), opts...)
+	return suffixTag(ref, "", ":", o)
 }
 
-func suffixTag(ref name.Reference, suffix string, o *options) (name.Tag, error) {
+func suffixTag(ref name.Reference, suffix string, algorithmSeparator string, o *options) (name.Tag, error) {
 	var h v1.Hash
 	if digest, ok := ref.(name.Digest); ok {
 		var err error
@@ -124,7 +148,7 @@ func suffixTag(ref name.Reference, suffix string, o *options) (name.Tag, error)
 		}
 		h = desc.Digest
 	}
-	return o.TargetRepository.Tag(normalize(h, o.TagPrefix, suffix)), nil
+	return o.TargetRepository.Tag(normalizeWithSeparator(h, o.TagPrefix, suffix, algorithmSeparator)), nil
 }
 
 // signatures is a shared implementation of the oci.Signed* Signatures method.
diff --git a/vendor/github.com/spf13/cobra/.golangci.yml b/vendor/github.com/spf13/cobra/.golangci.yml
index 2578d94b5e..a618ec24d8 100644
--- a/vendor/github.com/spf13/cobra/.golangci.yml
+++ b/vendor/github.com/spf13/cobra/.golangci.yml
@@ -19,7 +19,7 @@ linters:
   disable-all: true
   enable:
     #- bodyclose
-    - deadcode
+    # - deadcode ! deprecated since v1.49.0; replaced by 'unused'
     #- depguard
     #- dogsled
     #- dupl
@@ -51,12 +51,12 @@ linters:
     #- rowserrcheck
     #- scopelint
     #- staticcheck
-    - structcheck
+    #- structcheck ! deprecated since v1.49.0; replaced by 'unused'
     #- stylecheck
     #- typecheck
     - unconvert
     #- unparam
-    #- unused
-    - varcheck
+    - unused
+    # - varcheck ! deprecated since v1.49.0; replaced by 'unused'
     #- whitespace
   fast: false
diff --git a/vendor/github.com/spf13/cobra/README.md b/vendor/github.com/spf13/cobra/README.md
index 592c0b8ab0..6444f4b7f6 100644
--- a/vendor/github.com/spf13/cobra/README.md
+++ b/vendor/github.com/spf13/cobra/README.md
@@ -4,7 +4,7 @@ Cobra is a library for creating powerful modern CLI applications.
 
 Cobra is used in many Go projects such as [Kubernetes](https://kubernetes.io/),
 [Hugo](https://gohugo.io), and [GitHub CLI](https://github.com/cli/cli) to
-name a few. [This list](./projects_using_cobra.md) contains a more extensive list of projects using Cobra.
+name a few. [This list](site/content/projects_using_cobra.md) contains a more extensive list of projects using Cobra.
 
 [![](https://img.shields.io/github/actions/workflow/status/spf13/cobra/test.yml?branch=main&longCache=true&label=Test&logo=github%20actions&logoColor=fff)](https://github.com/spf13/cobra/actions?query=workflow%3ATest)
 [![Go Reference](https://pkg.go.dev/badge/github.com/spf13/cobra.svg)](https://pkg.go.dev/github.com/spf13/cobra)
@@ -80,7 +80,7 @@ which maintains the same interface while adding POSIX compliance.
 
 # Installing
 Using Cobra is easy. First, use `go get` to install the latest version
-of the library.     
+of the library.
 
 ```
 go get -u github.com/spf13/cobra@latest
@@ -105,8 +105,8 @@ go install github.com/spf13/cobra-cli@latest
 
 For complete details on using the Cobra-CLI generator, please read [The Cobra Generator README](https://github.com/spf13/cobra-cli/blob/main/README.md)
 
-For complete details on using the Cobra library, please read the [The Cobra User Guide](user_guide.md).
+For complete details on using the Cobra library, please read the [The Cobra User Guide](site/content/user_guide.md).
 
 # License
 
-Cobra is released under the Apache 2.0 license. See [LICENSE.txt](https://github.com/spf13/cobra/blob/master/LICENSE.txt)
+Cobra is released under the Apache 2.0 license. See [LICENSE.txt](LICENSE.txt)
diff --git a/vendor/github.com/spf13/cobra/active_help.go b/vendor/github.com/spf13/cobra/active_help.go
index 2d0239437a..5f965e057f 100644
--- a/vendor/github.com/spf13/cobra/active_help.go
+++ b/vendor/github.com/spf13/cobra/active_help.go
@@ -17,6 +17,7 @@ package cobra
 import (
 	"fmt"
 	"os"
+	"regexp"
 	"strings"
 )
 
@@ -29,6 +30,8 @@ const (
 	activeHelpGlobalDisable = "0"
 )
 
+var activeHelpEnvVarPrefixSubstRegexp = regexp.MustCompile(`[^A-Z0-9_]`)
+
 // AppendActiveHelp adds the specified string to the specified array to be used as ActiveHelp.
 // Such strings will be processed by the completion script and will be shown as ActiveHelp
 // to the user.
@@ -42,7 +45,7 @@ func AppendActiveHelp(compArray []string, activeHelpStr string) []string {
 
 // GetActiveHelpConfig returns the value of the ActiveHelp environment variable
 // <PROGRAM>_ACTIVE_HELP where <PROGRAM> is the name of the root command in upper
-// case, with all - replaced by _.
+// case, with all non-ASCII-alphanumeric characters replaced by `_`.
 // It will always return "0" if the global environment variable COBRA_ACTIVE_HELP
 // is set to "0".
 func GetActiveHelpConfig(cmd *Command) string {
@@ -55,9 +58,10 @@ func GetActiveHelpConfig(cmd *Command) string {
 
 // activeHelpEnvVar returns the name of the program-specific ActiveHelp environment
 // variable.  It has the format <PROGRAM>_ACTIVE_HELP where <PROGRAM> is the name of the
-// root command in upper case, with all - replaced by _.
+// root command in upper case, with all non-ASCII-alphanumeric characters replaced by `_`.
 func activeHelpEnvVar(name string) string {
 	// This format should not be changed: users will be using it explicitly.
 	activeHelpEnvVar := strings.ToUpper(fmt.Sprintf("%s%s", name, activeHelpEnvVarSuffix))
-	return strings.ReplaceAll(activeHelpEnvVar, "-", "_")
+	activeHelpEnvVar = activeHelpEnvVarPrefixSubstRegexp.ReplaceAllString(activeHelpEnvVar, "_")
+	return activeHelpEnvVar
 }
diff --git a/vendor/github.com/spf13/cobra/active_help.md b/vendor/github.com/spf13/cobra/active_help.md
deleted file mode 100644
index 5e7f59af38..0000000000
--- a/vendor/github.com/spf13/cobra/active_help.md
+++ /dev/null
@@ -1,157 +0,0 @@
-# Active Help
-
-Active Help is a framework provided by Cobra which allows a program to define messages (hints, warnings, etc) that will be printed during program usage.  It aims to make it easier for your users to learn how to use your program.  If configured by the program, Active Help is printed when the user triggers shell completion.
-
-For example, 
-```
-bash-5.1$ helm repo add [tab]
-You must choose a name for the repo you are adding.
-
-bash-5.1$ bin/helm package [tab]
-Please specify the path to the chart to package
-
-bash-5.1$ bin/helm package [tab][tab]
-bin/    internal/    scripts/    pkg/     testdata/
-```
-
-**Hint**: A good place to use Active Help messages is when the normal completion system does not provide any suggestions. In such cases, Active Help nicely supplements the normal shell completions to guide the user in knowing what is expected by the program.
-## Supported shells
-
-Active Help is currently only supported for the following shells:
-- Bash (using [bash completion V2](shell_completions.md#bash-completion-v2) only). Note that bash 4.4 or higher is required for the prompt to appear when an Active Help message is printed.
-- Zsh
-
-## Adding Active Help messages
-
-As Active Help uses the shell completion system, the implementation of Active Help messages is done by enhancing custom dynamic completions.  If you are not familiar with dynamic completions, please refer to [Shell Completions](shell_completions.md).
-
-Adding Active Help is done through the use of the `cobra.AppendActiveHelp(...)` function, where the program repeatedly adds Active Help messages to the list of completions.  Keep reading for details.
-
-### Active Help for nouns
-
-Adding Active Help when completing a noun is done within the `ValidArgsFunction(...)` of a command.  Please notice the use of `cobra.AppendActiveHelp(...)` in the following example:
-
-```go
-cmd := &cobra.Command{
-	Use:   "add [NAME] [URL]",
-	Short: "add a chart repository",
-	Args:  require.ExactArgs(2),
-	RunE: func(cmd *cobra.Command, args []string) error {
-		return addRepo(args)
-	},
-	ValidArgsFunction: func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
-		var comps []string
-		if len(args) == 0 {
-			comps = cobra.AppendActiveHelp(comps, "You must choose a name for the repo you are adding")
-		} else if len(args) == 1 {
-			comps = cobra.AppendActiveHelp(comps, "You must specify the URL for the repo you are adding")
-		} else {
-			comps = cobra.AppendActiveHelp(comps, "This command does not take any more arguments")
-		}
-		return comps, cobra.ShellCompDirectiveNoFileComp
-	},
-}
-```
-The example above defines the completions (none, in this specific example) as well as the Active Help messages for the `helm repo add` command.  It yields the following behavior:
-```
-bash-5.1$ helm repo add [tab]
-You must choose a name for the repo you are adding
-
-bash-5.1$ helm repo add grafana [tab]
-You must specify the URL for the repo you are adding
-
-bash-5.1$ helm repo add grafana https://grafana.github.io/helm-charts [tab]
-This command does not take any more arguments
-```
-**Hint**: As can be seen in the above example, a good place to use Active Help messages is when the normal completion system does not provide any suggestions. In such cases, Active Help nicely supplements the normal shell completions.
-
-### Active Help for flags
-
-Providing Active Help for flags is done in the same fashion as for nouns, but using the completion function registered for the flag.  For example:
-```go
-_ = cmd.RegisterFlagCompletionFunc("version", func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
-		if len(args) != 2 {
-			return cobra.AppendActiveHelp(nil, "You must first specify the chart to install before the --version flag can be completed"), cobra.ShellCompDirectiveNoFileComp
-		}
-		return compVersionFlag(args[1], toComplete)
-	})
-```
-The example above prints an Active Help message when not enough information was given by the user to complete the `--version` flag.
-```
-bash-5.1$ bin/helm install myrelease --version 2.0.[tab]
-You must first specify the chart to install before the --version flag can be completed
-
-bash-5.1$ bin/helm install myrelease bitnami/solr --version 2.0.[tab][tab]
-2.0.1  2.0.2  2.0.3
-```
-
-## User control of Active Help
-
-You may want to allow your users to disable Active Help or choose between different levels of Active Help.  It is entirely up to the program to define the type of configurability of Active Help that it wants to offer, if any.
-Allowing to configure Active Help is entirely optional; you can use Active Help in your program without doing anything about Active Help configuration.
-
-The way to configure Active Help is to use the program's Active Help environment
-variable.  That variable is named `<PROGRAM>_ACTIVE_HELP` where `<PROGRAM>` is the name of your 
-program in uppercase with any `-` replaced by an `_`.  The variable should be set by the user to whatever
-Active Help configuration values are supported by the program.
-
-For example, say `helm` has chosen to support three levels for Active Help: `on`, `off`, `local`.  Then a user
-would set the desired behavior to `local` by doing `export HELM_ACTIVE_HELP=local` in their shell.
-
-For simplicity, when in `cmd.ValidArgsFunction(...)` or a flag's completion function, the program should read the
-Active Help configuration using the `cobra.GetActiveHelpConfig(cmd)` function and select what Active Help messages
-should or should not be added (instead of reading the environment variable directly).
-
-For example:
-```go
-ValidArgsFunction: func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
-	activeHelpLevel := cobra.GetActiveHelpConfig(cmd)
-
-	var comps []string
-	if len(args) == 0 {
-		if activeHelpLevel != "off"  {
-			comps = cobra.AppendActiveHelp(comps, "You must choose a name for the repo you are adding")
-		}
-	} else if len(args) == 1 {
-		if activeHelpLevel != "off" {
-			comps = cobra.AppendActiveHelp(comps, "You must specify the URL for the repo you are adding")
-		}
-	} else {
-		if activeHelpLevel == "local" {
-			comps = cobra.AppendActiveHelp(comps, "This command does not take any more arguments")
-		}
-	}
-	return comps, cobra.ShellCompDirectiveNoFileComp
-},
-```
-**Note 1**: If the `<PROGRAM>_ACTIVE_HELP` environment variable is set to the string "0", Cobra will automatically disable all Active Help output (even if some output was specified by the program using the `cobra.AppendActiveHelp(...)` function).  Using "0" can simplify your code in situations where you want to blindly disable Active Help without having to call `cobra.GetActiveHelpConfig(cmd)` explicitly.
-
-**Note 2**: If a user wants to disable Active Help for every single program based on Cobra, she can set the environment variable `COBRA_ACTIVE_HELP` to "0".  In this case `cobra.GetActiveHelpConfig(cmd)` will return "0" no matter what the variable `<PROGRAM>_ACTIVE_HELP` is set to.
-
-**Note 3**: If the user does not set `<PROGRAM>_ACTIVE_HELP` or `COBRA_ACTIVE_HELP` (which will be a common case), the default value for the Active Help configuration returned by `cobra.GetActiveHelpConfig(cmd)` will be the empty string. 
-## Active Help with Cobra's default completion command
-
-Cobra provides a default `completion` command for programs that wish to use it.
-When using the default `completion` command, Active Help is configurable in the same
-fashion as described above using environment variables.  You may wish to document this in more
-details for your users.
-
-## Debugging Active Help
-
-Debugging your Active Help code is done in the same way as debugging your dynamic completion code, which is with Cobra's hidden `__complete` command.  Please refer to [debugging shell completion](shell_completions.md#debugging) for details.
-
-When debugging with the `__complete` command, if you want to specify different Active Help configurations, you should use the active help environment variable.  That variable is named `<PROGRAM>_ACTIVE_HELP` where any `-` is replaced by an `_`.  For example, we can test deactivating some Active Help as shown below:
-```
-$ HELM_ACTIVE_HELP=1 bin/helm __complete install wordpress bitnami/h<ENTER>
-bitnami/haproxy
-bitnami/harbor
-_activeHelp_ WARNING: cannot re-use a name that is still in use
-:0
-Completion ended with directive: ShellCompDirectiveDefault
-
-$ HELM_ACTIVE_HELP=0 bin/helm __complete install wordpress bitnami/h<ENTER>
-bitnami/haproxy
-bitnami/harbor
-:0
-Completion ended with directive: ShellCompDirectiveDefault
-```
diff --git a/vendor/github.com/spf13/cobra/bash_completions.go b/vendor/github.com/spf13/cobra/bash_completions.go
index 10c78847de..8a53151840 100644
--- a/vendor/github.com/spf13/cobra/bash_completions.go
+++ b/vendor/github.com/spf13/cobra/bash_completions.go
@@ -85,7 +85,7 @@ __%[1]s_handle_go_custom_completion()
     local out requestComp lastParam lastChar comp directive args
 
     # Prepare the command to request completions for the program.
-    # Calling ${words[0]} instead of directly %[1]s allows to handle aliases
+    # Calling ${words[0]} instead of directly %[1]s allows handling aliases
     args=("${words[@]:1}")
     # Disable ActiveHelp which is not supported for bash completion v1
     requestComp="%[8]s=0 ${words[0]} %[2]s ${args[*]}"
diff --git a/vendor/github.com/spf13/cobra/bash_completions.md b/vendor/github.com/spf13/cobra/bash_completions.md
deleted file mode 100644
index 52919b2fa6..0000000000
--- a/vendor/github.com/spf13/cobra/bash_completions.md
+++ /dev/null
@@ -1,93 +0,0 @@
-# Generating Bash Completions For Your cobra.Command
-
-Please refer to [Shell Completions](shell_completions.md) for details.
-
-## Bash legacy dynamic completions
-
-For backward compatibility, Cobra still supports its legacy dynamic completion solution (described below).  Unlike the `ValidArgsFunction` solution, the legacy solution will only work for Bash shell-completion and not for other shells. This legacy solution can be used along-side `ValidArgsFunction` and `RegisterFlagCompletionFunc()`, as long as both solutions are not used for the same command.  This provides a path to gradually migrate from the legacy solution to the new solution.
-
-**Note**: Cobra's default `completion` command uses bash completion V2.  If you are currently using Cobra's legacy dynamic completion solution, you should not use the default `completion` command but continue using your own.
-
-The legacy solution allows you to inject bash functions into the bash completion script.  Those bash functions are responsible for providing the completion choices for your own completions.
-
-Some code that works in kubernetes:
-
-```bash
-const (
-        bash_completion_func = `__kubectl_parse_get()
-{
-    local kubectl_output out
-    if kubectl_output=$(kubectl get --no-headers "$1" 2>/dev/null); then
-        out=($(echo "${kubectl_output}" | awk '{print $1}'))
-        COMPREPLY=( $( compgen -W "${out[*]}" -- "$cur" ) )
-    fi
-}
-
-__kubectl_get_resource()
-{
-    if [[ ${#nouns[@]} -eq 0 ]]; then
-        return 1
-    fi
-    __kubectl_parse_get ${nouns[${#nouns[@]} -1]}
-    if [[ $? -eq 0 ]]; then
-        return 0
-    fi
-}
-
-__kubectl_custom_func() {
-    case ${last_command} in
-        kubectl_get | kubectl_describe | kubectl_delete | kubectl_stop)
-            __kubectl_get_resource
-            return
-            ;;
-        *)
-            ;;
-    esac
-}
-`)
-```
-
-And then I set that in my command definition:
-
-```go
-cmds := &cobra.Command{
-	Use:   "kubectl",
-	Short: "kubectl controls the Kubernetes cluster manager",
-	Long: `kubectl controls the Kubernetes cluster manager.
-
-Find more information at https://github.com/GoogleCloudPlatform/kubernetes.`,
-	Run: runHelp,
-	BashCompletionFunction: bash_completion_func,
-}
-```
-
-The `BashCompletionFunction` option is really only valid/useful on the root command. Doing the above will cause `__kubectl_custom_func()` (`__<command-use>_custom_func()`) to be called when the built in processor was unable to find a solution. In the case of kubernetes a valid command might look something like `kubectl get pod [mypod]`. If you type `kubectl get pod [tab][tab]` the `__kubectl_customc_func()` will run because the cobra.Command only understood "kubectl" and "get." `__kubectl_custom_func()` will see that the cobra.Command is "kubectl_get" and will thus call another helper `__kubectl_get_resource()`.  `__kubectl_get_resource` will look at the 'nouns' collected. In our example the only noun will be `pod`.  So it will call `__kubectl_parse_get pod`.  `__kubectl_parse_get` will actually call out to kubernetes and get any pods.  It will then set `COMPREPLY` to valid pods!
-
-Similarly, for flags:
-
-```go
-	annotation := make(map[string][]string)
-	annotation[cobra.BashCompCustom] = []string{"__kubectl_get_namespaces"}
-
-	flag := &pflag.Flag{
-		Name:        "namespace",
-		Usage:       usage,
-		Annotations: annotation,
-	}
-	cmd.Flags().AddFlag(flag)
-```
-
-In addition add the `__kubectl_get_namespaces` implementation in the `BashCompletionFunction`
-value, e.g.:
-
-```bash
-__kubectl_get_namespaces()
-{
-    local template
-    template="{{ range .items  }}{{ .metadata.name }} {{ end }}"
-    local kubectl_out
-    if kubectl_out=$(kubectl get -o template --template="${template}" namespace 2>/dev/null); then
-        COMPREPLY=( $( compgen -W "${kubectl_out}[*]" -- "$cur" ) )
-    fi
-}
-```
diff --git a/vendor/github.com/spf13/cobra/bash_completionsV2.go b/vendor/github.com/spf13/cobra/bash_completionsV2.go
index 19b09560c1..1cce5c329c 100644
--- a/vendor/github.com/spf13/cobra/bash_completionsV2.go
+++ b/vendor/github.com/spf13/cobra/bash_completionsV2.go
@@ -57,7 +57,7 @@ __%[1]s_get_completion_results() {
     local requestComp lastParam lastChar args
 
     # Prepare the command to request completions for the program.
-    # Calling ${words[0]} instead of directly %[1]s allows to handle aliases
+    # Calling ${words[0]} instead of directly %[1]s allows handling aliases
     args=("${words[@]:1}")
     requestComp="${words[0]} %[2]s ${args[*]}"
 
diff --git a/vendor/github.com/spf13/cobra/cobra.go b/vendor/github.com/spf13/cobra/cobra.go
index b07b44a0ce..a6b160ce53 100644
--- a/vendor/github.com/spf13/cobra/cobra.go
+++ b/vendor/github.com/spf13/cobra/cobra.go
@@ -43,12 +43,13 @@ var initializers []func()
 var finalizers []func()
 
 const (
-	defaultPrefixMatching  = false
-	defaultCommandSorting  = true
-	defaultCaseInsensitive = false
+	defaultPrefixMatching   = false
+	defaultCommandSorting   = true
+	defaultCaseInsensitive  = false
+	defaultTraverseRunHooks = false
 )
 
-// EnablePrefixMatching allows to set automatic prefix matching. Automatic prefix matching can be a dangerous thing
+// EnablePrefixMatching allows setting automatic prefix matching. Automatic prefix matching can be a dangerous thing
 // to automatically enable in CLI tools.
 // Set this to true to enable it.
 var EnablePrefixMatching = defaultPrefixMatching
@@ -60,6 +61,10 @@ var EnableCommandSorting = defaultCommandSorting
 // EnableCaseInsensitive allows case-insensitive commands names. (case sensitive by default)
 var EnableCaseInsensitive = defaultCaseInsensitive
 
+// EnableTraverseRunHooks executes persistent pre-run and post-run hooks from all parents.
+// By default this is disabled, which means only the first run hook to be found is executed.
+var EnableTraverseRunHooks = defaultTraverseRunHooks
+
 // MousetrapHelpText enables an information splash screen on Windows
 // if the CLI is started from explorer.exe.
 // To disable the mousetrap, just set this variable to blank string ("").
diff --git a/vendor/github.com/spf13/cobra/command.go b/vendor/github.com/spf13/cobra/command.go
index 01f7c6f1c5..2fbe6c131a 100644
--- a/vendor/github.com/spf13/cobra/command.go
+++ b/vendor/github.com/spf13/cobra/command.go
@@ -30,7 +30,10 @@ import (
 	flag "github.com/spf13/pflag"
 )
 
-const FlagSetByCobraAnnotation = "cobra_annotation_flag_set_by_cobra"
+const (
+	FlagSetByCobraAnnotation     = "cobra_annotation_flag_set_by_cobra"
+	CommandDisplayNameAnnotation = "cobra_annotation_command_display_name"
+)
 
 // FParseErrWhitelist configures Flag parse errors to be ignored
 type FParseErrWhitelist flag.ParseErrorsWhitelist
@@ -99,7 +102,7 @@ type Command struct {
 	Deprecated string
 
 	// Annotations are key/value pairs that can be used by applications to identify or
-	// group commands.
+	// group commands or set special options.
 	Annotations map[string]string
 
 	// Version defines the version for this command. If this value is non-empty and the command does not
@@ -115,6 +118,8 @@ type Command struct {
 	//   * PostRun()
 	//   * PersistentPostRun()
 	// All functions get the same args, the arguments after the command name.
+	// The *PreRun and *PostRun functions will only be executed if the Run function of the current
+	// command has been declared.
 	//
 	// PersistentPreRun: children of this command will inherit and execute.
 	PersistentPreRun func(cmd *Command, args []string)
@@ -181,6 +186,9 @@ type Command struct {
 	// versionTemplate is the version template defined by user.
 	versionTemplate string
 
+	// errPrefix is the error message prefix defined by user.
+	errPrefix string
+
 	// inReader is a reader defined by the user that replaces stdin
 	inReader io.Reader
 	// outWriter is a writer defined by the user that replaces stdout
@@ -346,6 +354,11 @@ func (c *Command) SetVersionTemplate(s string) {
 	c.versionTemplate = s
 }
 
+// SetErrPrefix sets error message prefix to be used. Application can use it to set custom prefix.
+func (c *Command) SetErrPrefix(s string) {
+	c.errPrefix = s
+}
+
 // SetGlobalNormalizationFunc sets a normalization function to all flag sets and also to child commands.
 // The user should not have a cyclic dependency on commands.
 func (c *Command) SetGlobalNormalizationFunc(n func(f *flag.FlagSet, name string) flag.NormalizedName) {
@@ -595,6 +608,18 @@ func (c *Command) VersionTemplate() string {
 `
 }
 
+// ErrPrefix return error message prefix for the command
+func (c *Command) ErrPrefix() string {
+	if c.errPrefix != "" {
+		return c.errPrefix
+	}
+
+	if c.HasParent() {
+		return c.parent.ErrPrefix()
+	}
+	return "Error:"
+}
+
 func hasNoOptDefVal(name string, fs *flag.FlagSet) bool {
 	flag := fs.Lookup(name)
 	if flag == nil {
@@ -752,7 +777,9 @@ func (c *Command) findNext(next string) *Command {
 	}
 
 	if len(matches) == 1 {
-		return matches[0]
+		// Temporarily disable gosec G602, which produces a false positive.
+		// See https://github.com/securego/gosec/issues/1005.
+		return matches[0] // #nosec G602
 	}
 
 	return nil
@@ -910,15 +937,31 @@ func (c *Command) execute(a []string) (err error) {
 		return err
 	}
 
+	parents := make([]*Command, 0, 5)
 	for p := c; p != nil; p = p.Parent() {
+		if EnableTraverseRunHooks {
+			// When EnableTraverseRunHooks is set:
+			// - Execute all persistent pre-runs from the root parent till this command.
+			// - Execute all persistent post-runs from this command till the root parent.
+			parents = append([]*Command{p}, parents...)
+		} else {
+			// Otherwise, execute only the first found persistent hook.
+			parents = append(parents, p)
+		}
+	}
+	for _, p := range parents {
 		if p.PersistentPreRunE != nil {
 			if err := p.PersistentPreRunE(c, argWoFlags); err != nil {
 				return err
 			}
-			break
+			if !EnableTraverseRunHooks {
+				break
+			}
 		} else if p.PersistentPreRun != nil {
 			p.PersistentPreRun(c, argWoFlags)
-			break
+			if !EnableTraverseRunHooks {
+				break
+			}
 		}
 	}
 	if c.PreRunE != nil {
@@ -955,10 +998,14 @@ func (c *Command) execute(a []string) (err error) {
 			if err := p.PersistentPostRunE(c, argWoFlags); err != nil {
 				return err
 			}
-			break
+			if !EnableTraverseRunHooks {
+				break
+			}
 		} else if p.PersistentPostRun != nil {
 			p.PersistentPostRun(c, argWoFlags)
-			break
+			if !EnableTraverseRunHooks {
+				break
+			}
 		}
 	}
 
@@ -1048,7 +1095,7 @@ func (c *Command) ExecuteC() (cmd *Command, err error) {
 			c = cmd
 		}
 		if !c.SilenceErrors {
-			c.PrintErrln("Error:", err.Error())
+			c.PrintErrln(c.ErrPrefix(), err.Error())
 			c.PrintErrf("Run '%v --help' for usage.\n", c.CommandPath())
 		}
 		return c, err
@@ -1077,7 +1124,7 @@ func (c *Command) ExecuteC() (cmd *Command, err error) {
 		// If root command has SilenceErrors flagged,
 		// all subcommands should respect it
 		if !cmd.SilenceErrors && !c.SilenceErrors {
-			c.PrintErrln("Error:", err.Error())
+			c.PrintErrln(cmd.ErrPrefix(), err.Error())
 		}
 
 		// If root command has SilenceUsage flagged,
@@ -1380,6 +1427,9 @@ func (c *Command) CommandPath() string {
 	if c.HasParent() {
 		return c.Parent().CommandPath() + " " + c.Name()
 	}
+	if displayName, ok := c.Annotations[CommandDisplayNameAnnotation]; ok {
+		return displayName
+	}
 	return c.Name()
 }
 
@@ -1402,6 +1452,7 @@ func (c *Command) UseLine() string {
 
 // DebugFlags used to determine which flags have been assigned to which commands
 // and which persist.
+// nolint:goconst
 func (c *Command) DebugFlags() {
 	c.Println("DebugFlags called on", c.Name())
 	var debugflags func(*Command)
diff --git a/vendor/github.com/spf13/cobra/completions.go b/vendor/github.com/spf13/cobra/completions.go
index ee38c4d0b8..b60f6b2000 100644
--- a/vendor/github.com/spf13/cobra/completions.go
+++ b/vendor/github.com/spf13/cobra/completions.go
@@ -145,6 +145,20 @@ func (c *Command) RegisterFlagCompletionFunc(flagName string, f func(cmd *Comman
 	return nil
 }
 
+// GetFlagCompletionFunc returns the completion function for the given flag of the command, if available.
+func (c *Command) GetFlagCompletionFunc(flagName string) (func(*Command, []string, string) ([]string, ShellCompDirective), bool) {
+	flag := c.Flag(flagName)
+	if flag == nil {
+		return nil, false
+	}
+
+	flagCompletionMutex.RLock()
+	defer flagCompletionMutex.RUnlock()
+
+	completionFunc, exists := flagCompletionFunctions[flag]
+	return completionFunc, exists
+}
+
 // Returns a string listing the different directive enabled in the specified parameter
 func (d ShellCompDirective) string() string {
 	var directives []string
@@ -283,9 +297,13 @@ func (c *Command) getCompletions(args []string) (*Command, []string, ShellCompDi
 
 	// These flags are normally added when `execute()` is called on `finalCmd`,
 	// however, when doing completion, we don't call `finalCmd.execute()`.
-	// Let's add the --help and --version flag ourselves.
-	finalCmd.InitDefaultHelpFlag()
-	finalCmd.InitDefaultVersionFlag()
+	// Let's add the --help and --version flag ourselves but only if the finalCmd
+	// has not disabled flag parsing; if flag parsing is disabled, it is up to the
+	// finalCmd itself to handle the completion of *all* flags.
+	if !finalCmd.DisableFlagParsing {
+		finalCmd.InitDefaultHelpFlag()
+		finalCmd.InitDefaultVersionFlag()
+	}
 
 	// Check if we are doing flag value completion before parsing the flags.
 	// This is important because if we are completing a flag value, we need to also
@@ -389,6 +407,11 @@ func (c *Command) getCompletions(args []string) (*Command, []string, ShellCompDi
 			finalCmd.InheritedFlags().VisitAll(func(flag *pflag.Flag) {
 				doCompleteFlags(flag)
 			})
+			// Try to complete non-inherited flags even if DisableFlagParsing==true.
+			// This allows programs to tell Cobra about flags for completion even
+			// if the actual parsing of flags is not done by Cobra.
+			// For instance, Helm uses this to provide flag name completion for
+			// some of its plugins.
 			finalCmd.NonInheritedFlags().VisitAll(func(flag *pflag.Flag) {
 				doCompleteFlags(flag)
 			})
diff --git a/vendor/github.com/spf13/cobra/fish_completions.go b/vendor/github.com/spf13/cobra/fish_completions.go
index 12ca0d2b11..12d61b6911 100644
--- a/vendor/github.com/spf13/cobra/fish_completions.go
+++ b/vendor/github.com/spf13/cobra/fish_completions.go
@@ -113,7 +113,7 @@ function __%[1]s_clear_perform_completion_once_result
     __%[1]s_debug ""
     __%[1]s_debug "========= clearing previously set __%[1]s_perform_completion_once_result variable =========="
     set --erase __%[1]s_perform_completion_once_result
-    __%[1]s_debug "Succesfully erased the variable __%[1]s_perform_completion_once_result"
+    __%[1]s_debug "Successfully erased the variable __%[1]s_perform_completion_once_result"
 end
 
 function __%[1]s_requires_order_preservation
diff --git a/vendor/github.com/spf13/cobra/fish_completions.md b/vendor/github.com/spf13/cobra/fish_completions.md
deleted file mode 100644
index 19b2ed1293..0000000000
--- a/vendor/github.com/spf13/cobra/fish_completions.md
+++ /dev/null
@@ -1,4 +0,0 @@
-## Generating Fish Completions For Your cobra.Command
-
-Please refer to [Shell Completions](shell_completions.md) for details.
-
diff --git a/vendor/github.com/spf13/cobra/flag_groups.go b/vendor/github.com/spf13/cobra/flag_groups.go
index b35fde1554..0671ec5f20 100644
--- a/vendor/github.com/spf13/cobra/flag_groups.go
+++ b/vendor/github.com/spf13/cobra/flag_groups.go
@@ -24,6 +24,7 @@ import (
 
 const (
 	requiredAsGroup   = "cobra_annotation_required_if_others_set"
+	oneRequired       = "cobra_annotation_one_required"
 	mutuallyExclusive = "cobra_annotation_mutually_exclusive"
 )
 
@@ -43,6 +44,22 @@ func (c *Command) MarkFlagsRequiredTogether(flagNames ...string) {
 	}
 }
 
+// MarkFlagsOneRequired marks the given flags with annotations so that Cobra errors
+// if the command is invoked without at least one flag from the given set of flags.
+func (c *Command) MarkFlagsOneRequired(flagNames ...string) {
+	c.mergePersistentFlags()
+	for _, v := range flagNames {
+		f := c.Flags().Lookup(v)
+		if f == nil {
+			panic(fmt.Sprintf("Failed to find flag %q and mark it as being in a one-required flag group", v))
+		}
+		if err := c.Flags().SetAnnotation(v, oneRequired, append(f.Annotations[oneRequired], strings.Join(flagNames, " "))); err != nil {
+			// Only errs if the flag isn't found.
+			panic(err)
+		}
+	}
+}
+
 // MarkFlagsMutuallyExclusive marks the given flags with annotations so that Cobra errors
 // if the command is invoked with more than one flag from the given set of flags.
 func (c *Command) MarkFlagsMutuallyExclusive(flagNames ...string) {
@@ -59,7 +76,7 @@ func (c *Command) MarkFlagsMutuallyExclusive(flagNames ...string) {
 	}
 }
 
-// ValidateFlagGroups validates the mutuallyExclusive/requiredAsGroup logic and returns the
+// ValidateFlagGroups validates the mutuallyExclusive/oneRequired/requiredAsGroup logic and returns the
 // first error encountered.
 func (c *Command) ValidateFlagGroups() error {
 	if c.DisableFlagParsing {
@@ -71,15 +88,20 @@ func (c *Command) ValidateFlagGroups() error {
 	// groupStatus format is the list of flags as a unique ID,
 	// then a map of each flag name and whether it is set or not.
 	groupStatus := map[string]map[string]bool{}
+	oneRequiredGroupStatus := map[string]map[string]bool{}
 	mutuallyExclusiveGroupStatus := map[string]map[string]bool{}
 	flags.VisitAll(func(pflag *flag.Flag) {
 		processFlagForGroupAnnotation(flags, pflag, requiredAsGroup, groupStatus)
+		processFlagForGroupAnnotation(flags, pflag, oneRequired, oneRequiredGroupStatus)
 		processFlagForGroupAnnotation(flags, pflag, mutuallyExclusive, mutuallyExclusiveGroupStatus)
 	})
 
 	if err := validateRequiredFlagGroups(groupStatus); err != nil {
 		return err
 	}
+	if err := validateOneRequiredFlagGroups(oneRequiredGroupStatus); err != nil {
+		return err
+	}
 	if err := validateExclusiveFlagGroups(mutuallyExclusiveGroupStatus); err != nil {
 		return err
 	}
@@ -142,6 +164,27 @@ func validateRequiredFlagGroups(data map[string]map[string]bool) error {
 	return nil
 }
 
+func validateOneRequiredFlagGroups(data map[string]map[string]bool) error {
+	keys := sortedKeys(data)
+	for _, flagList := range keys {
+		flagnameAndStatus := data[flagList]
+		var set []string
+		for flagname, isSet := range flagnameAndStatus {
+			if isSet {
+				set = append(set, flagname)
+			}
+		}
+		if len(set) >= 1 {
+			continue
+		}
+
+		// Sort values, so they can be tested/scripted against consistently.
+		sort.Strings(set)
+		return fmt.Errorf("at least one of the flags in the group [%v] is required", flagList)
+	}
+	return nil
+}
+
 func validateExclusiveFlagGroups(data map[string]map[string]bool) error {
 	keys := sortedKeys(data)
 	for _, flagList := range keys {
@@ -176,6 +219,7 @@ func sortedKeys(m map[string]map[string]bool) []string {
 
 // enforceFlagGroupsForCompletion will do the following:
 // - when a flag in a group is present, other flags in the group will be marked required
+// - when none of the flags in a one-required group are present, all flags in the group will be marked required
 // - when a flag in a mutually exclusive group is present, other flags in the group will be marked as hidden
 // This allows the standard completion logic to behave appropriately for flag groups
 func (c *Command) enforceFlagGroupsForCompletion() {
@@ -185,9 +229,11 @@ func (c *Command) enforceFlagGroupsForCompletion() {
 
 	flags := c.Flags()
 	groupStatus := map[string]map[string]bool{}
+	oneRequiredGroupStatus := map[string]map[string]bool{}
 	mutuallyExclusiveGroupStatus := map[string]map[string]bool{}
 	c.Flags().VisitAll(func(pflag *flag.Flag) {
 		processFlagForGroupAnnotation(flags, pflag, requiredAsGroup, groupStatus)
+		processFlagForGroupAnnotation(flags, pflag, oneRequired, oneRequiredGroupStatus)
 		processFlagForGroupAnnotation(flags, pflag, mutuallyExclusive, mutuallyExclusiveGroupStatus)
 	})
 
@@ -204,6 +250,26 @@ func (c *Command) enforceFlagGroupsForCompletion() {
 		}
 	}
 
+	// If none of the flags of a one-required group are present, we make all the flags
+	// of that group required so that the shell completion suggests them automatically
+	for flagList, flagnameAndStatus := range oneRequiredGroupStatus {
+		set := 0
+
+		for _, isSet := range flagnameAndStatus {
+			if isSet {
+				set++
+			}
+		}
+
+		// None of the flags of the group are set, mark all flags in the group
+		// as required
+		if set == 0 {
+			for _, fName := range strings.Split(flagList, " ") {
+				_ = c.MarkFlagRequired(fName)
+			}
+		}
+	}
+
 	// If a flag that is mutually exclusive to others is present, we hide the other
 	// flags of that group so the shell completion does not suggest them
 	for flagList, flagnameAndStatus := range mutuallyExclusiveGroupStatus {
diff --git a/vendor/github.com/spf13/cobra/powershell_completions.go b/vendor/github.com/spf13/cobra/powershell_completions.go
index 177d2755f2..5519519394 100644
--- a/vendor/github.com/spf13/cobra/powershell_completions.go
+++ b/vendor/github.com/spf13/cobra/powershell_completions.go
@@ -47,7 +47,7 @@ filter __%[1]s_escapeStringWithSpecialChars {
 `+"    $_ -replace '\\s|#|@|\\$|;|,|''|\\{|\\}|\\(|\\)|\"|`|\\||<|>|&','`$&'"+`
 }
 
-[scriptblock]$__%[2]sCompleterBlock = {
+[scriptblock]${__%[2]sCompleterBlock} = {
     param(
             $WordToComplete,
             $CommandAst,
@@ -122,7 +122,7 @@ filter __%[1]s_escapeStringWithSpecialChars {
 
     __%[1]s_debug "Calling $RequestComp"
     # First disable ActiveHelp which is not supported for Powershell
-    $env:%[10]s=0
+    ${env:%[10]s}=0
 
     #call the command store the output in $out and redirect stderr and stdout to null
     # $Out is an array contains each line per element
@@ -279,7 +279,7 @@ filter __%[1]s_escapeStringWithSpecialChars {
     }
 }
 
-Register-ArgumentCompleter -CommandName '%[1]s' -ScriptBlock $__%[2]sCompleterBlock
+Register-ArgumentCompleter -CommandName '%[1]s' -ScriptBlock ${__%[2]sCompleterBlock}
 `, name, nameForVar, compCmd,
 		ShellCompDirectiveError, ShellCompDirectiveNoSpace, ShellCompDirectiveNoFileComp,
 		ShellCompDirectiveFilterFileExt, ShellCompDirectiveFilterDirs, ShellCompDirectiveKeepOrder, activeHelpEnvVar(name)))
diff --git a/vendor/github.com/spf13/cobra/powershell_completions.md b/vendor/github.com/spf13/cobra/powershell_completions.md
deleted file mode 100644
index c449f1e5c0..0000000000
--- a/vendor/github.com/spf13/cobra/powershell_completions.md
+++ /dev/null
@@ -1,3 +0,0 @@
-# Generating PowerShell Completions For Your Own cobra.Command
-
-Please refer to [Shell Completions](shell_completions.md#powershell-completions) for details.
diff --git a/vendor/github.com/spf13/cobra/projects_using_cobra.md b/vendor/github.com/spf13/cobra/projects_using_cobra.md
deleted file mode 100644
index 8a291eb20e..0000000000
--- a/vendor/github.com/spf13/cobra/projects_using_cobra.md
+++ /dev/null
@@ -1,64 +0,0 @@
-## Projects using Cobra
-
-- [Allero](https://github.com/allero-io/allero)
-- [Arewefastyet](https://benchmark.vitess.io)
-- [Arduino CLI](https://github.com/arduino/arduino-cli)
-- [Bleve](https://blevesearch.com/)
-- [Cilium](https://cilium.io/)
-- [CloudQuery](https://github.com/cloudquery/cloudquery)
-- [CockroachDB](https://www.cockroachlabs.com/)
-- [Constellation](https://github.com/edgelesssys/constellation)
-- [Cosmos SDK](https://github.com/cosmos/cosmos-sdk)
-- [Datree](https://github.com/datreeio/datree)
-- [Delve](https://github.com/derekparker/delve)
-- [Docker (distribution)](https://github.com/docker/distribution)
-- [Etcd](https://etcd.io/)
-- [Gardener](https://github.com/gardener/gardenctl)
-- [Giant Swarm's gsctl](https://github.com/giantswarm/gsctl)
-- [Git Bump](https://github.com/erdaltsksn/git-bump)
-- [GitHub CLI](https://github.com/cli/cli)
-- [GitHub Labeler](https://github.com/erdaltsksn/gh-label)
-- [Golangci-lint](https://golangci-lint.run)
-- [GopherJS](https://github.com/gopherjs/gopherjs)
-- [GoReleaser](https://goreleaser.com)
-- [Helm](https://helm.sh)
-- [Hugo](https://gohugo.io)
-- [Infracost](https://github.com/infracost/infracost)
-- [Istio](https://istio.io)
-- [Kool](https://github.com/kool-dev/kool)
-- [Kubernetes](https://kubernetes.io/)
-- [Kubescape](https://github.com/kubescape/kubescape)
-- [KubeVirt](https://github.com/kubevirt/kubevirt)
-- [Linkerd](https://linkerd.io/)
-- [Mattermost-server](https://github.com/mattermost/mattermost-server)
-- [Mercure](https://mercure.rocks/)
-- [Meroxa CLI](https://github.com/meroxa/cli)
-- [Metal Stack CLI](https://github.com/metal-stack/metalctl)
-- [Moby (former Docker)](https://github.com/moby/moby)
-- [Moldy](https://github.com/Moldy-Community/moldy)
-- [Multi-gitter](https://github.com/lindell/multi-gitter)
-- [Nanobox](https://github.com/nanobox-io/nanobox)/[Nanopack](https://github.com/nanopack)
-- [nFPM](https://nfpm.goreleaser.com)
-- [Okteto](https://github.com/okteto/okteto)
-- [OpenShift](https://www.openshift.com/)
-- [Ory Hydra](https://github.com/ory/hydra)
-- [Ory Kratos](https://github.com/ory/kratos)
-- [Pixie](https://github.com/pixie-io/pixie)
-- [Polygon Edge](https://github.com/0xPolygon/polygon-edge)
-- [Pouch](https://github.com/alibaba/pouch)
-- [ProjectAtomic (enterprise)](https://www.projectatomic.io/)
-- [Prototool](https://github.com/uber/prototool)
-- [Pulumi](https://www.pulumi.com)
-- [QRcp](https://github.com/claudiodangelis/qrcp)
-- [Random](https://github.com/erdaltsksn/random)
-- [Rclone](https://rclone.org/)
-- [Scaleway CLI](https://github.com/scaleway/scaleway-cli)
-- [Sia](https://github.com/SiaFoundation/siad)
-- [Skaffold](https://skaffold.dev/)
-- [Tendermint](https://github.com/tendermint/tendermint)
-- [Twitch CLI](https://github.com/twitchdev/twitch-cli)
-- [UpCloud CLI (`upctl`)](https://github.com/UpCloudLtd/upcloud-cli)
-- [Vitess](https://vitess.io)
-- VMware's [Tanzu Community Edition](https://github.com/vmware-tanzu/community-edition) & [Tanzu Framework](https://github.com/vmware-tanzu/tanzu-framework)
-- [Werf](https://werf.io/)
-- [ZITADEL](https://github.com/zitadel/zitadel)
diff --git a/vendor/github.com/spf13/cobra/shell_completions.md b/vendor/github.com/spf13/cobra/shell_completions.md
deleted file mode 100644
index 065c0621d4..0000000000
--- a/vendor/github.com/spf13/cobra/shell_completions.md
+++ /dev/null
@@ -1,576 +0,0 @@
-# Generating shell completions
-
-Cobra can generate shell completions for multiple shells.
-The currently supported shells are:
-- Bash
-- Zsh
-- fish
-- PowerShell
-
-Cobra will automatically provide your program with a fully functional `completion` command,
-similarly to how it provides the `help` command.
-
-## Creating your own completion command
-
-If you do not wish to use the default `completion` command, you can choose to
-provide your own, which will take precedence over the default one. (This also provides
-backwards-compatibility with programs that already have their own `completion` command.)
-
-If you are using the `cobra-cli` generator,
-which can be found at [spf13/cobra-cli](https://github.com/spf13/cobra-cli),
-you can create a completion command by running
-
-```bash
-cobra-cli add completion
-```
-and then modifying the generated `cmd/completion.go` file to look something like this
-(writing the shell script to stdout allows the most flexible use):
-
-```go
-var completionCmd = &cobra.Command{
-	Use:   "completion [bash|zsh|fish|powershell]",
-	Short: "Generate completion script",
-	Long: fmt.Sprintf(`To load completions:
-
-Bash:
-
-  $ source <(%[1]s completion bash)
-
-  # To load completions for each session, execute once:
-  # Linux:
-  $ %[1]s completion bash > /etc/bash_completion.d/%[1]s
-  # macOS:
-  $ %[1]s completion bash > $(brew --prefix)/etc/bash_completion.d/%[1]s
-
-Zsh:
-
-  # If shell completion is not already enabled in your environment,
-  # you will need to enable it.  You can execute the following once:
-
-  $ echo "autoload -U compinit; compinit" >> ~/.zshrc
-
-  # To load completions for each session, execute once:
-  $ %[1]s completion zsh > "${fpath[1]}/_%[1]s"
-
-  # You will need to start a new shell for this setup to take effect.
-
-fish:
-
-  $ %[1]s completion fish | source
-
-  # To load completions for each session, execute once:
-  $ %[1]s completion fish > ~/.config/fish/completions/%[1]s.fish
-
-PowerShell:
-
-  PS> %[1]s completion powershell | Out-String | Invoke-Expression
-
-  # To load completions for every new session, run:
-  PS> %[1]s completion powershell > %[1]s.ps1
-  # and source this file from your PowerShell profile.
-`,cmd.Root().Name()),
-	DisableFlagsInUseLine: true,
-	ValidArgs:             []string{"bash", "zsh", "fish", "powershell"},
-	Args:                  cobra.MatchAll(cobra.ExactArgs(1), cobra.OnlyValidArgs),
-	Run: func(cmd *cobra.Command, args []string) {
-		switch args[0] {
-		case "bash":
-			cmd.Root().GenBashCompletion(os.Stdout)
-		case "zsh":
-			cmd.Root().GenZshCompletion(os.Stdout)
-		case "fish":
-			cmd.Root().GenFishCompletion(os.Stdout, true)
-		case "powershell":
-			cmd.Root().GenPowerShellCompletionWithDesc(os.Stdout)
-		}
-	},
-}
-```
-
-**Note:** The cobra generator may include messages printed to stdout, for example, if the config file is loaded; this will break the auto-completion script so must be removed.
-
-## Adapting the default completion command
-
-Cobra provides a few options for the default `completion` command.  To configure such options you must set
-the `CompletionOptions` field on the *root* command.
-
-To tell Cobra *not* to provide the default `completion` command:
-```
-rootCmd.CompletionOptions.DisableDefaultCmd = true
-```
-
-To tell Cobra to mark the default `completion` command as *hidden*:
-```
-rootCmd.CompletionOptions.HiddenDefaultCmd = true
-```
-
-To tell Cobra *not* to provide the user with the `--no-descriptions` flag to the completion sub-commands:
-```
-rootCmd.CompletionOptions.DisableNoDescFlag = true
-```
-
-To tell Cobra to completely disable descriptions for completions:
-```
-rootCmd.CompletionOptions.DisableDescriptions = true
-```
-
-# Customizing completions
-
-The generated completion scripts will automatically handle completing commands and flags.  However, you can make your completions much more powerful by providing information to complete your program's nouns and flag values.
-
-## Completion of nouns
-
-### Static completion of nouns
-
-Cobra allows you to provide a pre-defined list of completion choices for your nouns using the `ValidArgs` field.
-For example, if you want `kubectl get [tab][tab]` to show a list of valid "nouns" you have to set them.
-Some simplified code from `kubectl get` looks like:
-
-```go
-validArgs = []string{ "pod", "node", "service", "replicationcontroller" }
-
-cmd := &cobra.Command{
-	Use:     "get [(-o|--output=)json|yaml|template|...] (RESOURCE [NAME] | RESOURCE/NAME ...)",
-	Short:   "Display one or many resources",
-	Long:    get_long,
-	Example: get_example,
-	Run: func(cmd *cobra.Command, args []string) {
-		cobra.CheckErr(RunGet(f, out, cmd, args))
-	},
-	ValidArgs: validArgs,
-}
-```
-
-Notice we put the `ValidArgs` field on the `get` sub-command. Doing so will give results like:
-
-```bash
-$ kubectl get [tab][tab]
-node   pod   replicationcontroller   service
-```
-
-#### Aliases for nouns
-
-If your nouns have aliases, you can define them alongside `ValidArgs` using `ArgAliases`:
-
-```go
-argAliases = []string { "pods", "nodes", "services", "svc", "replicationcontrollers", "rc" }
-
-cmd := &cobra.Command{
-    ...
-	ValidArgs:  validArgs,
-	ArgAliases: argAliases
-}
-```
-
-The aliases are shown to the user on tab completion only if no completions were found within sub-commands or `ValidArgs`.
-
-### Dynamic completion of nouns
-
-In some cases it is not possible to provide a list of completions in advance.  Instead, the list of completions must be determined at execution-time. In a similar fashion as for static completions, you can use the `ValidArgsFunction` field to provide a Go function that Cobra will execute when it needs the list of completion choices for the nouns of a command.  Note that either `ValidArgs` or `ValidArgsFunction` can be used for a single cobra command, but not both.
-Simplified code from `helm status` looks like:
-
-```go
-cmd := &cobra.Command{
-	Use:   "status RELEASE_NAME",
-	Short: "Display the status of the named release",
-	Long:  status_long,
-	RunE: func(cmd *cobra.Command, args []string) {
-		RunGet(args[0])
-	},
-	ValidArgsFunction: func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
-		if len(args) != 0 {
-			return nil, cobra.ShellCompDirectiveNoFileComp
-		}
-		return getReleasesFromCluster(toComplete), cobra.ShellCompDirectiveNoFileComp
-	},
-}
-```
-Where `getReleasesFromCluster()` is a Go function that obtains the list of current Helm releases running on the Kubernetes cluster.
-Notice we put the `ValidArgsFunction` on the `status` sub-command. Let's assume the Helm releases on the cluster are: `harbor`, `notary`, `rook` and `thanos` then this dynamic completion will give results like:
-
-```bash
-$ helm status [tab][tab]
-harbor notary rook thanos
-```
-You may have noticed the use of `cobra.ShellCompDirective`.  These directives are bit fields allowing to control some shell completion behaviors for your particular completion.  You can combine them with the bit-or operator such as `cobra.ShellCompDirectiveNoSpace | cobra.ShellCompDirectiveNoFileComp`
-```go
-// Indicates that the shell will perform its default behavior after completions
-// have been provided (this implies none of the other directives).
-ShellCompDirectiveDefault
-
-// Indicates an error occurred and completions should be ignored.
-ShellCompDirectiveError
-
-// Indicates that the shell should not add a space after the completion,
-// even if there is a single completion provided.
-ShellCompDirectiveNoSpace
-
-// Indicates that the shell should not provide file completion even when
-// no completion is provided.
-ShellCompDirectiveNoFileComp
-
-// Indicates that the returned completions should be used as file extension filters.
-// For example, to complete only files of the form *.json or *.yaml:
-//    return []string{"yaml", "json"}, ShellCompDirectiveFilterFileExt
-// For flags, using MarkFlagFilename() and MarkPersistentFlagFilename()
-// is a shortcut to using this directive explicitly.
-//
-ShellCompDirectiveFilterFileExt
-
-// Indicates that only directory names should be provided in file completion.
-// For example:
-//    return nil, ShellCompDirectiveFilterDirs
-// For flags, using MarkFlagDirname() is a shortcut to using this directive explicitly.
-//
-// To request directory names within another directory, the returned completions
-// should specify a single directory name within which to search. For example,
-// to complete directories within "themes/":
-//    return []string{"themes"}, ShellCompDirectiveFilterDirs
-//
-ShellCompDirectiveFilterDirs
-
-// ShellCompDirectiveKeepOrder indicates that the shell should preserve the order
-// in which the completions are provided
-ShellCompDirectiveKeepOrder
-```
-
-***Note***: When using the `ValidArgsFunction`, Cobra will call your registered function after having parsed all flags and arguments provided in the command-line.  You therefore don't need to do this parsing yourself.  For example, when a user calls `helm status --namespace my-rook-ns [tab][tab]`, Cobra will call your registered `ValidArgsFunction` after having parsed the `--namespace` flag, as it would have done when calling the `RunE` function.
-
-#### Debugging
-
-Cobra achieves dynamic completion through the use of a hidden command called by the completion script.  To debug your Go completion code, you can call this hidden command directly:
-```bash
-$ helm __complete status har<ENTER>
-harbor
-:4
-Completion ended with directive: ShellCompDirectiveNoFileComp # This is on stderr
-```
-***Important:*** If the noun to complete is empty (when the user has not yet typed any letters of that noun), you must pass an empty parameter to the `__complete` command:
-```bash
-$ helm __complete status ""<ENTER>
-harbor
-notary
-rook
-thanos
-:4
-Completion ended with directive: ShellCompDirectiveNoFileComp # This is on stderr
-```
-Calling the `__complete` command directly allows you to run the Go debugger to troubleshoot your code.  You can also add printouts to your code; Cobra provides the following functions to use for printouts in Go completion code:
-```go
-// Prints to the completion script debug file (if BASH_COMP_DEBUG_FILE
-// is set to a file path) and optionally prints to stderr.
-cobra.CompDebug(msg string, printToStdErr bool) {
-cobra.CompDebugln(msg string, printToStdErr bool)
-
-// Prints to the completion script debug file (if BASH_COMP_DEBUG_FILE
-// is set to a file path) and to stderr.
-cobra.CompError(msg string)
-cobra.CompErrorln(msg string)
-```
-***Important:*** You should **not** leave traces that print directly to stdout in your completion code as they will be interpreted as completion choices by the completion script.  Instead, use the cobra-provided debugging traces functions mentioned above.
-
-## Completions for flags
-
-### Mark flags as required
-
-Most of the time completions will only show sub-commands. But if a flag is required to make a sub-command work, you probably want it to show up when the user types [tab][tab].  You can mark a flag as 'Required' like so:
-
-```go
-cmd.MarkFlagRequired("pod")
-cmd.MarkFlagRequired("container")
-```
-
-and you'll get something like
-
-```bash
-$ kubectl exec [tab][tab]
--c            --container=  -p            --pod=
-```
-
-### Specify dynamic flag completion
-
-As for nouns, Cobra provides a way of defining dynamic completion of flags.  To provide a Go function that Cobra will execute when it needs the list of completion choices for a flag, you must register the function using the `command.RegisterFlagCompletionFunc()` function.
-
-```go
-flagName := "output"
-cmd.RegisterFlagCompletionFunc(flagName, func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
-	return []string{"json", "table", "yaml"}, cobra.ShellCompDirectiveDefault
-})
-```
-Notice that calling `RegisterFlagCompletionFunc()` is done through the `command` with which the flag is associated.  In our example this dynamic completion will give results like so:
-
-```bash
-$ helm status --output [tab][tab]
-json table yaml
-```
-
-#### Debugging
-
-You can also easily debug your Go completion code for flags:
-```bash
-$ helm __complete status --output ""
-json
-table
-yaml
-:4
-Completion ended with directive: ShellCompDirectiveNoFileComp # This is on stderr
-```
-***Important:*** You should **not** leave traces that print to stdout in your completion code as they will be interpreted as completion choices by the completion script.  Instead, use the cobra-provided debugging traces functions mentioned further above.
-
-### Specify valid filename extensions for flags that take a filename
-
-To limit completions of flag values to file names with certain extensions you can either use the different `MarkFlagFilename()` functions or a combination of `RegisterFlagCompletionFunc()` and `ShellCompDirectiveFilterFileExt`, like so:
-```go
-flagName := "output"
-cmd.MarkFlagFilename(flagName, "yaml", "json")
-```
-or
-```go
-flagName := "output"
-cmd.RegisterFlagCompletionFunc(flagName, func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
-	return []string{"yaml", "json"}, ShellCompDirectiveFilterFileExt})
-```
-
-### Limit flag completions to directory names
-
-To limit completions of flag values to directory names you can either use the `MarkFlagDirname()` functions or a combination of `RegisterFlagCompletionFunc()` and `ShellCompDirectiveFilterDirs`, like so:
-```go
-flagName := "output"
-cmd.MarkFlagDirname(flagName)
-```
-or
-```go
-flagName := "output"
-cmd.RegisterFlagCompletionFunc(flagName, func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
-	return nil, cobra.ShellCompDirectiveFilterDirs
-})
-```
-To limit completions of flag values to directory names *within another directory* you can use a combination of `RegisterFlagCompletionFunc()` and `ShellCompDirectiveFilterDirs` like so:
-```go
-flagName := "output"
-cmd.RegisterFlagCompletionFunc(flagName, func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
-	return []string{"themes"}, cobra.ShellCompDirectiveFilterDirs
-})
-```
-### Descriptions for completions
-
-Cobra provides support for completion descriptions.  Such descriptions are supported for each shell
-(however, for bash, it is only available in the [completion V2 version](#bash-completion-v2)).
-For commands and flags, Cobra will provide the descriptions automatically, based on usage information.
-For example, using zsh:
-```
-$ helm s[tab]
-search  -- search for a keyword in charts
-show    -- show information of a chart
-status  -- displays the status of the named release
-```
-while using fish:
-```
-$ helm s[tab]
-search  (search for a keyword in charts)  show  (show information of a chart)  status  (displays the status of the named release)
-```
-
-Cobra allows you to add descriptions to your own completions.  Simply add the description text after each completion, following a `\t` separator.  This technique applies to completions returned by `ValidArgs`, `ValidArgsFunction` and `RegisterFlagCompletionFunc()`.  For example:
-```go
-ValidArgsFunction: func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
-	return []string{"harbor\tAn image registry", "thanos\tLong-term metrics"}, cobra.ShellCompDirectiveNoFileComp
-}}
-```
-or
-```go
-ValidArgs: []string{"bash\tCompletions for bash", "zsh\tCompletions for zsh"}
-```
-
-If you don't want to show descriptions in the completions, you can add `--no-descriptions` to the default `completion` command to disable them, like:
-
-```bash
-$ source <(helm completion bash)
-$ helm completion [tab][tab]
-bash        (generate autocompletion script for bash)        powershell  (generate autocompletion script for powershell)
-fish        (generate autocompletion script for fish)        zsh         (generate autocompletion script for zsh)
-
-$ source <(helm completion bash --no-descriptions)
-$ helm completion [tab][tab]
-bash        fish        powershell  zsh
-```
-## Bash completions
-
-### Dependencies
-
-The bash completion script generated by Cobra requires the `bash_completion` package. You should update the help text of your completion command to show how to install the `bash_completion` package ([Kubectl docs](https://kubernetes.io/docs/tasks/tools/install-kubectl/#enabling-shell-autocompletion))
-
-### Aliases
-
-You can also configure `bash` aliases for your program and they will also support completions.
-
-```bash
-alias aliasname=origcommand
-complete -o default -F __start_origcommand aliasname
-
-# and now when you run `aliasname` completion will make
-# suggestions as it did for `origcommand`.
-
-$ aliasname <tab><tab>
-completion     firstcommand   secondcommand
-```
-### Bash legacy dynamic completions
-
-For backward compatibility, Cobra still supports its bash legacy dynamic completion solution.
-Please refer to [Bash Completions](bash_completions.md) for details.
-
-### Bash completion V2
-
-Cobra provides two versions for bash completion.  The original bash completion (which started it all!) can be used by calling
-`GenBashCompletion()` or `GenBashCompletionFile()`.
-
-A new V2 bash completion version is also available.  This version can be used by calling `GenBashCompletionV2()` or
-`GenBashCompletionFileV2()`.  The V2 version does **not** support the legacy dynamic completion
-(see [Bash Completions](bash_completions.md)) but instead works only with the Go dynamic completion
-solution described in this document.
-Unless your program already uses the legacy dynamic completion solution, it is recommended that you use the bash
-completion V2 solution which provides the following extra features:
-- Supports completion descriptions (like the other shells)
-- Small completion script of less than 300 lines (v1 generates scripts of thousands of lines; `kubectl` for example has a bash v1 completion script of over 13K lines)
-- Streamlined user experience thanks to a completion behavior aligned with the other shells 
-
-`Bash` completion V2 supports descriptions for completions. When calling `GenBashCompletionV2()` or `GenBashCompletionFileV2()`
-you must provide these functions with a parameter indicating if the completions should be annotated with a description; Cobra
-will provide the description automatically based on usage information.  You can choose to make this option configurable by
-your users.
-
-```
-# With descriptions
-$ helm s[tab][tab]
-search  (search for a keyword in charts)           status  (display the status of the named release)
-show    (show information of a chart)
-
-# Without descriptions
-$ helm s[tab][tab]
-search  show  status
-```
-**Note**: Cobra's default `completion` command uses bash completion V2.  If for some reason you need to use bash completion V1, you will need to implement your own `completion` command. 
-## Zsh completions
-
-Cobra supports native zsh completion generated from the root `cobra.Command`.
-The generated completion script should be put somewhere in your `$fpath` and be named
-`_<yourProgram>`.  You will need to start a new shell for the completions to become available.
-
-Zsh supports descriptions for completions. Cobra will provide the description automatically,
-based on usage information. Cobra provides a way to completely disable such descriptions by
-using `GenZshCompletionNoDesc()` or `GenZshCompletionFileNoDesc()`. You can choose to make
-this a configurable option to your users.
-```
-# With descriptions
-$ helm s[tab]
-search  -- search for a keyword in charts
-show    -- show information of a chart
-status  -- displays the status of the named release
-
-# Without descriptions
-$ helm s[tab]
-search  show  status
-```
-*Note*: Because of backward-compatibility requirements, we were forced to have a different API to disable completion descriptions between `zsh` and `fish`.
-
-### Limitations
-
-* Custom completions implemented in Bash scripting (legacy) are not supported and will be ignored for `zsh` (including the use of the `BashCompCustom` flag annotation).
-  * You should instead use `ValidArgsFunction` and `RegisterFlagCompletionFunc()` which are portable to the different shells (`bash`, `zsh`, `fish`, `powershell`).
-* The function `MarkFlagCustom()` is not supported and will be ignored for `zsh`.
-  * You should instead use `RegisterFlagCompletionFunc()`.
-
-### Zsh completions standardization
-
-Cobra 1.1 standardized its zsh completion support to align it with its other shell completions.  Although the API was kept backward-compatible, some small changes in behavior were introduced.
-Please refer to [Zsh Completions](zsh_completions.md) for details.
-
-## fish completions
-
-Cobra supports native fish completions generated from the root `cobra.Command`.  You can use the `command.GenFishCompletion()` or `command.GenFishCompletionFile()` functions. You must provide these functions with a parameter indicating if the completions should be annotated with a description; Cobra will provide the description automatically based on usage information.  You can choose to make this option configurable by your users.
-```
-# With descriptions
-$ helm s[tab]
-search  (search for a keyword in charts)  show  (show information of a chart)  status  (displays the status of the named release)
-
-# Without descriptions
-$ helm s[tab]
-search  show  status
-```
-*Note*: Because of backward-compatibility requirements, we were forced to have a different API to disable completion descriptions between `zsh` and `fish`.
-
-### Limitations
-
-* Custom completions implemented in bash scripting (legacy) are not supported and will be ignored for `fish` (including the use of the `BashCompCustom` flag annotation).
-  * You should instead use `ValidArgsFunction` and `RegisterFlagCompletionFunc()` which are portable to the different shells (`bash`, `zsh`, `fish`, `powershell`).
-* The function `MarkFlagCustom()` is not supported and will be ignored for `fish`.
-  * You should instead use `RegisterFlagCompletionFunc()`.
-* The following flag completion annotations are not supported and will be ignored for `fish`:
-  * `BashCompFilenameExt` (filtering by file extension)
-  * `BashCompSubdirsInDir` (filtering by directory)
-* The functions corresponding to the above annotations are consequently not supported and will be ignored for `fish`:
-  * `MarkFlagFilename()` and `MarkPersistentFlagFilename()` (filtering by file extension)
-  * `MarkFlagDirname()` and `MarkPersistentFlagDirname()` (filtering by directory)
-* Similarly, the following completion directives are not supported and will be ignored for `fish`:
-  * `ShellCompDirectiveFilterFileExt` (filtering by file extension)
-  * `ShellCompDirectiveFilterDirs` (filtering by directory)
-
-## PowerShell completions
-
-Cobra supports native PowerShell completions generated from the root `cobra.Command`. You can use the `command.GenPowerShellCompletion()` or `command.GenPowerShellCompletionFile()` functions. To include descriptions use `command.GenPowerShellCompletionWithDesc()` and `command.GenPowerShellCompletionFileWithDesc()`. Cobra will provide the description automatically based on usage information. You can choose to make this option configurable by your users.
-
-The script is designed to support all three PowerShell completion modes:
-
-* TabCompleteNext (default windows style - on each key press the next option is displayed)
-* Complete (works like bash)
-* MenuComplete (works like zsh)
-
-You set the mode with `Set-PSReadLineKeyHandler -Key Tab -Function <mode>`. Descriptions are only displayed when using the `Complete` or `MenuComplete` mode.
-
-Users need PowerShell version 5.0 or above, which comes with Windows 10 and can be downloaded separately for Windows 7 or 8.1. They can then write the completions to a file and source this file from their PowerShell profile, which is referenced by the `$Profile` environment variable. See `Get-Help about_Profiles` for more info about PowerShell profiles.
-
-```
-# With descriptions and Mode 'Complete'
-$ helm s[tab]
-search  (search for a keyword in charts)  show  (show information of a chart)  status  (displays the status of the named release)
-
-# With descriptions and Mode 'MenuComplete' The description of the current selected value will be displayed below the suggestions.
-$ helm s[tab]
-search    show     status  
-
-search for a keyword in charts
-
-# Without descriptions
-$ helm s[tab]
-search  show  status
-```
-### Aliases
-
-You can also configure `powershell` aliases for your program and they will also support completions.
-
-```
-$ sal aliasname origcommand
-$ Register-ArgumentCompleter -CommandName 'aliasname' -ScriptBlock $__origcommandCompleterBlock
-
-# and now when you run `aliasname` completion will make
-# suggestions as it did for `origcommand`.
-
-$ aliasname <tab>
-completion     firstcommand   secondcommand
-```
-The name of the completer block variable is of the form `$__<programName>CompleterBlock` where every `-` and `:` in the program name have been replaced with `_`, to respect powershell naming syntax.
-
-### Limitations
-
-* Custom completions implemented in bash scripting (legacy) are not supported and will be ignored for `powershell` (including the use of the `BashCompCustom` flag annotation).
-  * You should instead use `ValidArgsFunction` and `RegisterFlagCompletionFunc()` which are portable to the different shells (`bash`, `zsh`, `fish`, `powershell`).
-* The function `MarkFlagCustom()` is not supported and will be ignored for `powershell`.
-  * You should instead use `RegisterFlagCompletionFunc()`.
-* The following flag completion annotations are not supported and will be ignored for `powershell`:
-  * `BashCompFilenameExt` (filtering by file extension)
-  * `BashCompSubdirsInDir` (filtering by directory)
-* The functions corresponding to the above annotations are consequently not supported and will be ignored for `powershell`:
-  * `MarkFlagFilename()` and `MarkPersistentFlagFilename()` (filtering by file extension)
-  * `MarkFlagDirname()` and `MarkPersistentFlagDirname()` (filtering by directory)
-* Similarly, the following completion directives are not supported and will be ignored for `powershell`:
-  * `ShellCompDirectiveFilterFileExt` (filtering by file extension)
-  * `ShellCompDirectiveFilterDirs` (filtering by directory)
diff --git a/vendor/github.com/spf13/cobra/user_guide.md b/vendor/github.com/spf13/cobra/user_guide.md
deleted file mode 100644
index 85201d840c..0000000000
--- a/vendor/github.com/spf13/cobra/user_guide.md
+++ /dev/null
@@ -1,726 +0,0 @@
-# User Guide
-
-While you are welcome to provide your own organization, typically a Cobra-based
-application will follow the following organizational structure:
-
-```
-  â–¾ appName/
-    â–¾ cmd/
-        add.go
-        your.go
-        commands.go
-        here.go
-      main.go
-```
-
-In a Cobra app, typically the main.go file is very bare. It serves one purpose: initializing Cobra.
-
-```go
-package main
-
-import (
-  "{pathToYourApp}/cmd"
-)
-
-func main() {
-  cmd.Execute()
-}
-```
-
-## Using the Cobra Generator
-
-Cobra-CLI is its own program that will create your application and add any
-commands you want. It's the easiest way to incorporate Cobra into your application.
-
-For complete details on using the Cobra generator, please refer to [The Cobra-CLI Generator README](https://github.com/spf13/cobra-cli/blob/main/README.md)
-
-## Using the Cobra Library
-
-To manually implement Cobra you need to create a bare main.go file and a rootCmd file.
-You will optionally provide additional commands as you see fit.
-
-### Create rootCmd
-
-Cobra doesn't require any special constructors. Simply create your commands.
-
-Ideally you place this in app/cmd/root.go:
-
-```go
-var rootCmd = &cobra.Command{
-  Use:   "hugo",
-  Short: "Hugo is a very fast static site generator",
-  Long: `A Fast and Flexible Static Site Generator built with
-                love by spf13 and friends in Go.
-                Complete documentation is available at https://gohugo.io/documentation/`,
-  Run: func(cmd *cobra.Command, args []string) {
-    // Do Stuff Here
-  },
-}
-
-func Execute() {
-  if err := rootCmd.Execute(); err != nil {
-    fmt.Fprintln(os.Stderr, err)
-    os.Exit(1)
-  }
-}
-```
-
-You will additionally define flags and handle configuration in your init() function.
-
-For example cmd/root.go:
-
-```go
-package cmd
-
-import (
-	"fmt"
-	"os"
-
-	"github.com/spf13/cobra"
-	"github.com/spf13/viper"
-)
-
-var (
-	// Used for flags.
-	cfgFile     string
-	userLicense string
-
-	rootCmd = &cobra.Command{
-		Use:   "cobra-cli",
-		Short: "A generator for Cobra based Applications",
-		Long: `Cobra is a CLI library for Go that empowers applications.
-This application is a tool to generate the needed files
-to quickly create a Cobra application.`,
-	}
-)
-
-// Execute executes the root command.
-func Execute() error {
-	return rootCmd.Execute()
-}
-
-func init() {
-	cobra.OnInitialize(initConfig)
-
-	rootCmd.PersistentFlags().StringVar(&cfgFile, "config", "", "config file (default is $HOME/.cobra.yaml)")
-	rootCmd.PersistentFlags().StringP("author", "a", "YOUR NAME", "author name for copyright attribution")
-	rootCmd.PersistentFlags().StringVarP(&userLicense, "license", "l", "", "name of license for the project")
-	rootCmd.PersistentFlags().Bool("viper", true, "use Viper for configuration")
-	viper.BindPFlag("author", rootCmd.PersistentFlags().Lookup("author"))
-	viper.BindPFlag("useViper", rootCmd.PersistentFlags().Lookup("viper"))
-	viper.SetDefault("author", "NAME HERE <EMAIL ADDRESS>")
-	viper.SetDefault("license", "apache")
-
-	rootCmd.AddCommand(addCmd)
-	rootCmd.AddCommand(initCmd)
-}
-
-func initConfig() {
-	if cfgFile != "" {
-		// Use config file from the flag.
-		viper.SetConfigFile(cfgFile)
-	} else {
-		// Find home directory.
-		home, err := os.UserHomeDir()
-		cobra.CheckErr(err)
-
-		// Search config in home directory with name ".cobra" (without extension).
-		viper.AddConfigPath(home)
-		viper.SetConfigType("yaml")
-		viper.SetConfigName(".cobra")
-	}
-
-	viper.AutomaticEnv()
-
-	if err := viper.ReadInConfig(); err == nil {
-		fmt.Println("Using config file:", viper.ConfigFileUsed())
-	}
-}
-```
-
-### Create your main.go
-
-With the root command you need to have your main function execute it.
-Execute should be run on the root for clarity, though it can be called on any command.
-
-In a Cobra app, typically the main.go file is very bare. It serves one purpose: to initialize Cobra.
-
-```go
-package main
-
-import (
-  "{pathToYourApp}/cmd"
-)
-
-func main() {
-  cmd.Execute()
-}
-```
-
-### Create additional commands
-
-Additional commands can be defined and typically are each given their own file
-inside of the cmd/ directory.
-
-If you wanted to create a version command you would create cmd/version.go and
-populate it with the following:
-
-```go
-package cmd
-
-import (
-  "fmt"
-
-  "github.com/spf13/cobra"
-)
-
-func init() {
-  rootCmd.AddCommand(versionCmd)
-}
-
-var versionCmd = &cobra.Command{
-  Use:   "version",
-  Short: "Print the version number of Hugo",
-  Long:  `All software has versions. This is Hugo's`,
-  Run: func(cmd *cobra.Command, args []string) {
-    fmt.Println("Hugo Static Site Generator v0.9 -- HEAD")
-  },
-}
-```
-
-### Organizing subcommands
-
-A command may have subcommands which in turn may have other subcommands. This is achieved by using
-`AddCommand`. In some cases, especially in larger applications, each subcommand may be defined in
-its own go package.
-
-The suggested approach is for the parent command to use `AddCommand` to add its most immediate
-subcommands. For example, consider the following directory structure:
-
-```text
-├── cmd
-│   ├── root.go
-│   └── sub1
-│       ├── sub1.go
-│       └── sub2
-│           ├── leafA.go
-│           ├── leafB.go
-│           └── sub2.go
-└── main.go
-```
-
-In this case:
-
-* The `init` function of `root.go` adds the command defined in `sub1.go` to the root command.
-* The `init` function of `sub1.go` adds the command defined in `sub2.go` to the sub1 command.
-* The `init` function of `sub2.go` adds the commands defined in `leafA.go` and `leafB.go` to the
-  sub2 command.
-
-This approach ensures the subcommands are always included at compile time while avoiding cyclic
-references.
-
-### Returning and handling errors
-
-If you wish to return an error to the caller of a command, `RunE` can be used.
-
-```go
-package cmd
-
-import (
-  "fmt"
-
-  "github.com/spf13/cobra"
-)
-
-func init() {
-  rootCmd.AddCommand(tryCmd)
-}
-
-var tryCmd = &cobra.Command{
-  Use:   "try",
-  Short: "Try and possibly fail at something",
-  RunE: func(cmd *cobra.Command, args []string) error {
-    if err := someFunc(); err != nil {
-	return err
-    }
-    return nil
-  },
-}
-```
-
-The error can then be caught at the execute function call.
-
-## Working with Flags
-
-Flags provide modifiers to control how the action command operates.
-
-### Assign flags to a command
-
-Since the flags are defined and used in different locations, we need to
-define a variable outside with the correct scope to assign the flag to
-work with.
-
-```go
-var Verbose bool
-var Source string
-```
-
-There are two different approaches to assign a flag.
-
-### Persistent Flags
-
-A flag can be 'persistent', meaning that this flag will be available to the
-command it's assigned to as well as every command under that command. For
-global flags, assign a flag as a persistent flag on the root.
-
-```go
-rootCmd.PersistentFlags().BoolVarP(&Verbose, "verbose", "v", false, "verbose output")
-```
-
-### Local Flags
-
-A flag can also be assigned locally, which will only apply to that specific command.
-
-```go
-localCmd.Flags().StringVarP(&Source, "source", "s", "", "Source directory to read from")
-```
-
-### Local Flag on Parent Commands
-
-By default, Cobra only parses local flags on the target command, and any local flags on
-parent commands are ignored. By enabling `Command.TraverseChildren`, Cobra will
-parse local flags on each command before executing the target command.
-
-```go
-command := cobra.Command{
-  Use: "print [OPTIONS] [COMMANDS]",
-  TraverseChildren: true,
-}
-```
-
-### Bind Flags with Config
-
-You can also bind your flags with [viper](https://github.com/spf13/viper):
-```go
-var author string
-
-func init() {
-  rootCmd.PersistentFlags().StringVar(&author, "author", "YOUR NAME", "Author name for copyright attribution")
-  viper.BindPFlag("author", rootCmd.PersistentFlags().Lookup("author"))
-}
-```
-
-In this example, the persistent flag `author` is bound with `viper`.
-**Note**: the variable `author` will not be set to the value from config,
-when the `--author` flag is provided by user.
-
-More in [viper documentation](https://github.com/spf13/viper#working-with-flags).
-
-### Required flags
-
-Flags are optional by default. If instead you wish your command to report an error
-when a flag has not been set, mark it as required:
-```go
-rootCmd.Flags().StringVarP(&Region, "region", "r", "", "AWS region (required)")
-rootCmd.MarkFlagRequired("region")
-```
-
-Or, for persistent flags:
-```go
-rootCmd.PersistentFlags().StringVarP(&Region, "region", "r", "", "AWS region (required)")
-rootCmd.MarkPersistentFlagRequired("region")
-```
-
-### Flag Groups
-
-If you have different flags that must be provided together (e.g. if they provide the `--username` flag they MUST provide the `--password` flag as well) then
-Cobra can enforce that requirement:
-```go
-rootCmd.Flags().StringVarP(&u, "username", "u", "", "Username (required if password is set)")
-rootCmd.Flags().StringVarP(&pw, "password", "p", "", "Password (required if username is set)")
-rootCmd.MarkFlagsRequiredTogether("username", "password")
-```
-
-You can also prevent different flags from being provided together if they represent mutually
-exclusive options such as specifying an output format as either `--json` or `--yaml` but never both:
-```go
-rootCmd.Flags().BoolVar(&ofJson, "json", false, "Output in JSON")
-rootCmd.Flags().BoolVar(&ofYaml, "yaml", false, "Output in YAML")
-rootCmd.MarkFlagsMutuallyExclusive("json", "yaml")
-```
-
-In both of these cases:
-  - both local and persistent flags can be used
-    - **NOTE:** the group is only enforced on commands where every flag is defined
-  - a flag may appear in multiple groups
-  - a group may contain any number of flags
-
-## Positional and Custom Arguments
-
-Validation of positional arguments can be specified using the `Args` field of `Command`.
-The following validators are built in:
-
-- Number of arguments:
-  - `NoArgs` - report an error if there are any positional args.
-  - `ArbitraryArgs` - accept any number of args.
-  - `MinimumNArgs(int)` - report an error if less than N positional args are provided.
-  - `MaximumNArgs(int)` - report an error if more than N positional args are provided.
-  - `ExactArgs(int)` - report an error if there are not exactly N positional args.
-  - `RangeArgs(min, max)` - report an error if the number of args is not between `min` and `max`.
-- Content of the arguments:
-  - `OnlyValidArgs` - report an error if there are any positional args not specified in the `ValidArgs` field of `Command`, which can optionally be set to a list of valid values for positional args.
-
-If `Args` is undefined or `nil`, it defaults to `ArbitraryArgs`.
-
-Moreover, `MatchAll(pargs ...PositionalArgs)` enables combining existing checks with arbitrary other checks.
-For instance, if you want to report an error if there are not exactly N positional args OR if there are any positional
-args that are not in the `ValidArgs` field of `Command`, you can call `MatchAll` on `ExactArgs` and `OnlyValidArgs`, as
-shown below:
-
-```go
-var cmd = &cobra.Command{
-  Short: "hello",
-  Args: cobra.MatchAll(cobra.ExactArgs(2), cobra.OnlyValidArgs),
-  Run: func(cmd *cobra.Command, args []string) {
-    fmt.Println("Hello, World!")
-  },
-}
-```
-
-It is possible to set any custom validator that satisfies `func(cmd *cobra.Command, args []string) error`.
-For example:
-
-```go
-var cmd = &cobra.Command{
-  Short: "hello",
-  Args: func(cmd *cobra.Command, args []string) error {
-    // Optionally run one of the validators provided by cobra
-    if err := cobra.MinimumNArgs(1)(cmd, args); err != nil {
-        return err
-    }
-    // Run the custom validation logic
-    if myapp.IsValidColor(args[0]) {
-      return nil
-    }
-    return fmt.Errorf("invalid color specified: %s", args[0])
-  },
-  Run: func(cmd *cobra.Command, args []string) {
-    fmt.Println("Hello, World!")
-  },
-}
-```
-
-## Example
-
-In the example below, we have defined three commands. Two are at the top level
-and one (cmdTimes) is a child of one of the top commands. In this case the root
-is not executable, meaning that a subcommand is required. This is accomplished
-by not providing a 'Run' for the 'rootCmd'.
-
-We have only defined one flag for a single command.
-
-More documentation about flags is available at https://github.com/spf13/pflag
-
-```go
-package main
-
-import (
-  "fmt"
-  "strings"
-
-  "github.com/spf13/cobra"
-)
-
-func main() {
-  var echoTimes int
-
-  var cmdPrint = &cobra.Command{
-    Use:   "print [string to print]",
-    Short: "Print anything to the screen",
-    Long: `print is for printing anything back to the screen.
-For many years people have printed back to the screen.`,
-    Args: cobra.MinimumNArgs(1),
-    Run: func(cmd *cobra.Command, args []string) {
-      fmt.Println("Print: " + strings.Join(args, " "))
-    },
-  }
-
-  var cmdEcho = &cobra.Command{
-    Use:   "echo [string to echo]",
-    Short: "Echo anything to the screen",
-    Long: `echo is for echoing anything back.
-Echo works a lot like print, except it has a child command.`,
-    Args: cobra.MinimumNArgs(1),
-    Run: func(cmd *cobra.Command, args []string) {
-      fmt.Println("Echo: " + strings.Join(args, " "))
-    },
-  }
-
-  var cmdTimes = &cobra.Command{
-    Use:   "times [string to echo]",
-    Short: "Echo anything to the screen more times",
-    Long: `echo things multiple times back to the user by providing
-a count and a string.`,
-    Args: cobra.MinimumNArgs(1),
-    Run: func(cmd *cobra.Command, args []string) {
-      for i := 0; i < echoTimes; i++ {
-        fmt.Println("Echo: " + strings.Join(args, " "))
-      }
-    },
-  }
-
-  cmdTimes.Flags().IntVarP(&echoTimes, "times", "t", 1, "times to echo the input")
-
-  var rootCmd = &cobra.Command{Use: "app"}
-  rootCmd.AddCommand(cmdPrint, cmdEcho)
-  cmdEcho.AddCommand(cmdTimes)
-  rootCmd.Execute()
-}
-```
-
-For a more complete example of a larger application, please checkout [Hugo](https://gohugo.io/).
-
-## Help Command
-
-Cobra automatically adds a help command to your application when you have subcommands.
-This will be called when a user runs 'app help'. Additionally, help will also
-support all other commands as input. Say, for instance, you have a command called
-'create' without any additional configuration; Cobra will work when 'app help
-create' is called.  Every command will automatically have the '--help' flag added.
-
-### Example
-
-The following output is automatically generated by Cobra. Nothing beyond the
-command and flag definitions are needed.
-
-    $ cobra-cli help
-
-    Cobra is a CLI library for Go that empowers applications.
-    This application is a tool to generate the needed files
-    to quickly create a Cobra application.
-
-    Usage:
-      cobra-cli [command]
-
-    Available Commands:
-      add         Add a command to a Cobra Application
-      completion  Generate the autocompletion script for the specified shell
-      help        Help about any command
-      init        Initialize a Cobra Application
-
-    Flags:
-      -a, --author string    author name for copyright attribution (default "YOUR NAME")
-          --config string    config file (default is $HOME/.cobra.yaml)
-      -h, --help             help for cobra-cli
-      -l, --license string   name of license for the project
-          --viper            use Viper for configuration
-
-    Use "cobra-cli [command] --help" for more information about a command.
-
-
-Help is just a command like any other. There is no special logic or behavior
-around it. In fact, you can provide your own if you want.
-
-### Grouping commands in help
-
-Cobra supports grouping of available commands in the help output.  To group commands, each group must be explicitly
-defined using `AddGroup()` on the parent command.  Then a subcommand can be added to a group using the `GroupID` element
-of that subcommand. The groups will appear in the help output in the same order as they are defined using different
-calls to `AddGroup()`.  If you use the generated `help` or `completion` commands, you can set their group ids using
-`SetHelpCommandGroupId()` and `SetCompletionCommandGroupId()` on the root command, respectively.
-
-### Defining your own help
-
-You can provide your own Help command or your own template for the default command to use
-with the following functions:
-
-```go
-cmd.SetHelpCommand(cmd *Command)
-cmd.SetHelpFunc(f func(*Command, []string))
-cmd.SetHelpTemplate(s string)
-```
-
-The latter two will also apply to any children commands.
-
-## Usage Message
-
-When the user provides an invalid flag or invalid command, Cobra responds by
-showing the user the 'usage'.
-
-### Example
-You may recognize this from the help above. That's because the default help
-embeds the usage as part of its output.
-
-    $ cobra-cli --invalid
-    Error: unknown flag: --invalid
-    Usage:
-      cobra-cli [command]
-
-    Available Commands:
-      add         Add a command to a Cobra Application
-      completion  Generate the autocompletion script for the specified shell
-      help        Help about any command
-      init        Initialize a Cobra Application
-
-    Flags:
-      -a, --author string    author name for copyright attribution (default "YOUR NAME")
-          --config string    config file (default is $HOME/.cobra.yaml)
-      -h, --help             help for cobra-cli
-      -l, --license string   name of license for the project
-          --viper            use Viper for configuration
-
-    Use "cobra [command] --help" for more information about a command.
-
-### Defining your own usage
-You can provide your own usage function or template for Cobra to use.
-Like help, the function and template are overridable through public methods:
-
-```go
-cmd.SetUsageFunc(f func(*Command) error)
-cmd.SetUsageTemplate(s string)
-```
-
-## Version Flag
-
-Cobra adds a top-level '--version' flag if the Version field is set on the root command.
-Running an application with the '--version' flag will print the version to stdout using
-the version template. The template can be customized using the
-`cmd.SetVersionTemplate(s string)` function.
-
-## PreRun and PostRun Hooks
-
-It is possible to run functions before or after the main `Run` function of your command. The `PersistentPreRun` and `PreRun` functions will be executed before `Run`. `PersistentPostRun` and `PostRun` will be executed after `Run`.  The `Persistent*Run` functions will be inherited by children if they do not declare their own.  These functions are run in the following order:
-
-- `PersistentPreRun`
-- `PreRun`
-- `Run`
-- `PostRun`
-- `PersistentPostRun`
-
-An example of two commands which use all of these features is below.  When the subcommand is executed, it will run the root command's `PersistentPreRun` but not the root command's `PersistentPostRun`:
-
-```go
-package main
-
-import (
-  "fmt"
-
-  "github.com/spf13/cobra"
-)
-
-func main() {
-
-  var rootCmd = &cobra.Command{
-    Use:   "root [sub]",
-    Short: "My root command",
-    PersistentPreRun: func(cmd *cobra.Command, args []string) {
-      fmt.Printf("Inside rootCmd PersistentPreRun with args: %v\n", args)
-    },
-    PreRun: func(cmd *cobra.Command, args []string) {
-      fmt.Printf("Inside rootCmd PreRun with args: %v\n", args)
-    },
-    Run: func(cmd *cobra.Command, args []string) {
-      fmt.Printf("Inside rootCmd Run with args: %v\n", args)
-    },
-    PostRun: func(cmd *cobra.Command, args []string) {
-      fmt.Printf("Inside rootCmd PostRun with args: %v\n", args)
-    },
-    PersistentPostRun: func(cmd *cobra.Command, args []string) {
-      fmt.Printf("Inside rootCmd PersistentPostRun with args: %v\n", args)
-    },
-  }
-
-  var subCmd = &cobra.Command{
-    Use:   "sub [no options!]",
-    Short: "My subcommand",
-    PreRun: func(cmd *cobra.Command, args []string) {
-      fmt.Printf("Inside subCmd PreRun with args: %v\n", args)
-    },
-    Run: func(cmd *cobra.Command, args []string) {
-      fmt.Printf("Inside subCmd Run with args: %v\n", args)
-    },
-    PostRun: func(cmd *cobra.Command, args []string) {
-      fmt.Printf("Inside subCmd PostRun with args: %v\n", args)
-    },
-    PersistentPostRun: func(cmd *cobra.Command, args []string) {
-      fmt.Printf("Inside subCmd PersistentPostRun with args: %v\n", args)
-    },
-  }
-
-  rootCmd.AddCommand(subCmd)
-
-  rootCmd.SetArgs([]string{""})
-  rootCmd.Execute()
-  fmt.Println()
-  rootCmd.SetArgs([]string{"sub", "arg1", "arg2"})
-  rootCmd.Execute()
-}
-```
-
-Output:
-```
-Inside rootCmd PersistentPreRun with args: []
-Inside rootCmd PreRun with args: []
-Inside rootCmd Run with args: []
-Inside rootCmd PostRun with args: []
-Inside rootCmd PersistentPostRun with args: []
-
-Inside rootCmd PersistentPreRun with args: [arg1 arg2]
-Inside subCmd PreRun with args: [arg1 arg2]
-Inside subCmd Run with args: [arg1 arg2]
-Inside subCmd PostRun with args: [arg1 arg2]
-Inside subCmd PersistentPostRun with args: [arg1 arg2]
-```
-
-## Suggestions when "unknown command" happens
-
-Cobra will print automatic suggestions when "unknown command" errors happen. This allows Cobra to behave similarly to the `git` command when a typo happens. For example:
-
-```
-$ hugo srever
-Error: unknown command "srever" for "hugo"
-
-Did you mean this?
-        server
-
-Run 'hugo --help' for usage.
-```
-
-Suggestions are automatically generated based on existing subcommands and use an implementation of [Levenshtein distance](https://en.wikipedia.org/wiki/Levenshtein_distance). Every registered command that matches a minimum distance of 2 (ignoring case) will be displayed as a suggestion.
-
-If you need to disable suggestions or tweak the string distance in your command, use:
-
-```go
-command.DisableSuggestions = true
-```
-
-or
-
-```go
-command.SuggestionsMinimumDistance = 1
-```
-
-You can also explicitly set names for which a given command will be suggested using the `SuggestFor` attribute. This allows suggestions for strings that are not close in terms of string distance, but make sense in your set of commands but for which
-you don't want aliases. Example:
-
-```
-$ kubectl remove
-Error: unknown command "remove" for "kubectl"
-
-Did you mean this?
-        delete
-
-Run 'kubectl help' for usage.
-```
-
-## Generating documentation for your command
-
-Cobra can generate documentation based on subcommands, flags, etc. Read more about it in the [docs generation documentation](doc/README.md).
-
-## Generating shell completions
-
-Cobra can generate a shell-completion file for the following shells: bash, zsh, fish, PowerShell. If you add more information to your commands, these completions can be amazingly powerful and flexible.  Read more about it in [Shell Completions](shell_completions.md).
-
-## Providing Active Help
-
-Cobra makes use of the shell-completion system to define a framework allowing you to provide Active Help to your users.  Active Help are messages (hints, warnings, etc) printed as the program is being used.  Read more about it in [Active Help](active_help.md).
diff --git a/vendor/github.com/spf13/cobra/zsh_completions.md b/vendor/github.com/spf13/cobra/zsh_completions.md
deleted file mode 100644
index 7cff61787f..0000000000
--- a/vendor/github.com/spf13/cobra/zsh_completions.md
+++ /dev/null
@@ -1,48 +0,0 @@
-## Generating Zsh Completion For Your cobra.Command
-
-Please refer to [Shell Completions](shell_completions.md) for details.
-
-## Zsh completions standardization
-
-Cobra 1.1 standardized its zsh completion support to align it with its other shell completions.  Although the API was kept backwards-compatible, some small changes in behavior were introduced.
-
-### Deprecation summary
-
-See further below for more details on these deprecations.
-
-* `cmd.MarkZshCompPositionalArgumentFile(pos, []string{})` is no longer needed.  It is therefore **deprecated** and silently ignored.
-* `cmd.MarkZshCompPositionalArgumentFile(pos, glob[])` is **deprecated** and silently ignored.
-  * Instead use `ValidArgsFunction` with `ShellCompDirectiveFilterFileExt`.
-* `cmd.MarkZshCompPositionalArgumentWords()` is **deprecated** and silently ignored.
-  * Instead use `ValidArgsFunction`.
-
-### Behavioral changes
-
-**Noun completion**
-|Old behavior|New behavior|
-|---|---|
-|No file completion by default (opposite of bash)|File completion by default; use `ValidArgsFunction` with `ShellCompDirectiveNoFileComp` to turn off file completion on a per-argument basis|
-|Completion of flag names without the `-` prefix having been typed|Flag names are only completed if the user has typed the first `-`|
-`cmd.MarkZshCompPositionalArgumentFile(pos, []string{})` used to turn on file completion on a per-argument position basis|File completion for all arguments by default; `cmd.MarkZshCompPositionalArgumentFile()` is **deprecated** and silently ignored|
-|`cmd.MarkZshCompPositionalArgumentFile(pos, glob[])` used to turn on file completion **with glob filtering** on a per-argument position basis (zsh-specific)|`cmd.MarkZshCompPositionalArgumentFile()` is **deprecated** and silently ignored; use `ValidArgsFunction` with `ShellCompDirectiveFilterFileExt` for file **extension** filtering (not full glob filtering)|
-|`cmd.MarkZshCompPositionalArgumentWords(pos, words[])` used to provide completion choices on a per-argument position basis (zsh-specific)|`cmd.MarkZshCompPositionalArgumentWords()` is **deprecated** and silently ignored; use `ValidArgsFunction` to achieve the same behavior|
-
-**Flag-value completion**
-
-|Old behavior|New behavior|
-|---|---|
-|No file completion by default (opposite of bash)|File completion by default; use `RegisterFlagCompletionFunc()` with `ShellCompDirectiveNoFileComp` to turn off file completion|
-|`cmd.MarkFlagFilename(flag, []string{})` and similar used to turn on file completion|File completion by default; `cmd.MarkFlagFilename(flag, []string{})` no longer needed in this context and silently ignored|
-|`cmd.MarkFlagFilename(flag, glob[])`  used to turn on file completion **with glob filtering** (syntax of `[]string{"*.yaml", "*.yml"}` incompatible with bash)|Will continue to work, however, support for bash syntax is added and should be used instead so as to work for all shells (`[]string{"yaml", "yml"}`)|
-|`cmd.MarkFlagDirname(flag)` only completes directories (zsh-specific)|Has been added for all shells|
-|Completion of a flag name does not repeat, unless flag is of type `*Array` or `*Slice` (not supported by bash)|Retained for `zsh` and added to `fish`|
-|Completion of a flag name does not provide the `=` form (unlike bash)|Retained for `zsh` and added to `fish`|
-
-**Improvements**
-
-* Custom completion support (`ValidArgsFunction` and `RegisterFlagCompletionFunc()`)
-* File completion by default if no other completions found
-* Handling of required flags
-* File extension filtering no longer mutually exclusive with bash usage
-* Completion of directory names *within* another directory
-* Support for `=` form of flags
diff --git a/vendor/github.com/stretchr/objx/README.md b/vendor/github.com/stretchr/objx/README.md
index 246660b21a..736e1eb5a5 100644
--- a/vendor/github.com/stretchr/objx/README.md
+++ b/vendor/github.com/stretchr/objx/README.md
@@ -4,20 +4,20 @@
 [![Maintainability](https://api.codeclimate.com/v1/badges/1d64bc6c8474c2074f2b/maintainability)](https://codeclimate.com/github/stretchr/objx/maintainability)
 [![Test Coverage](https://api.codeclimate.com/v1/badges/1d64bc6c8474c2074f2b/test_coverage)](https://codeclimate.com/github/stretchr/objx/test_coverage)
 [![Sourcegraph](https://sourcegraph.com/github.com/stretchr/objx/-/badge.svg)](https://sourcegraph.com/github.com/stretchr/objx)
-[![GoDoc](https://godoc.org/github.com/stretchr/objx?status.svg)](https://godoc.org/github.com/stretchr/objx)
+[![GoDoc](https://pkg.go.dev/badge/github.com/stretchr/objx?utm_source=godoc)](https://pkg.go.dev/github.com/stretchr/objx)
 
 Objx - Go package for dealing with maps, slices, JSON and other data.
 
 Get started:
 
 - Install Objx with [one line of code](#installation), or [update it with another](#staying-up-to-date)
-- Check out the API Documentation http://godoc.org/github.com/stretchr/objx
+- Check out the API Documentation http://pkg.go.dev/github.com/stretchr/objx
 
 ## Overview
 Objx provides the `objx.Map` type, which is a `map[string]interface{}` that exposes a powerful `Get` method (among others) that allows you to easily and quickly get access to data within the map, without having to worry too much about type assertions, missing data, default values etc.
 
 ### Pattern
-Objx uses a preditable pattern to make access data from within `map[string]interface{}` easy. Call one of the `objx.` functions to create your `objx.Map` to get going:
+Objx uses a predictable pattern to make access data from within `map[string]interface{}` easy. Call one of the `objx.` functions to create your `objx.Map` to get going:
 
     m, err := objx.FromJSON(json)
 
@@ -74,7 +74,7 @@ To update Objx to the latest version, run:
     go get -u github.com/stretchr/objx
 
 ### Supported go versions
-We support the lastest three major Go versions, which are 1.10, 1.11 and 1.12 at the moment.
+We currently support the most recent major Go versions from 1.13 onward.
 
 ## Contributing
 Please feel free to submit issues, fork the repository and send pull requests!
diff --git a/vendor/github.com/stretchr/objx/Taskfile.yml b/vendor/github.com/stretchr/objx/Taskfile.yml
index 7746f516da..39f49d5a56 100644
--- a/vendor/github.com/stretchr/objx/Taskfile.yml
+++ b/vendor/github.com/stretchr/objx/Taskfile.yml
@@ -1,8 +1,5 @@
 version: '2'
 
-env:
-  GOFLAGS: -mod=vendor
-
 tasks:
   default:
     deps: [test]
diff --git a/vendor/github.com/stretchr/objx/accessors.go b/vendor/github.com/stretchr/objx/accessors.go
index 4c60455886..72f1d1c1ce 100644
--- a/vendor/github.com/stretchr/objx/accessors.go
+++ b/vendor/github.com/stretchr/objx/accessors.go
@@ -14,17 +14,17 @@ const (
 	// For example, `location.address.city`
 	PathSeparator string = "."
 
-	// arrayAccesRegexString is the regex used to extract the array number
+	// arrayAccessRegexString is the regex used to extract the array number
 	// from the access path
-	arrayAccesRegexString = `^(.+)\[([0-9]+)\]$`
+	arrayAccessRegexString = `^(.+)\[([0-9]+)\]$`
 
 	// mapAccessRegexString is the regex used to extract the map key
 	// from the access path
 	mapAccessRegexString = `^([^\[]*)\[([^\]]+)\](.*)$`
 )
 
-// arrayAccesRegex is the compiled arrayAccesRegexString
-var arrayAccesRegex = regexp.MustCompile(arrayAccesRegexString)
+// arrayAccessRegex is the compiled arrayAccessRegexString
+var arrayAccessRegex = regexp.MustCompile(arrayAccessRegexString)
 
 // mapAccessRegex is the compiled mapAccessRegexString
 var mapAccessRegex = regexp.MustCompile(mapAccessRegexString)
@@ -37,11 +37,11 @@ var mapAccessRegex = regexp.MustCompile(mapAccessRegexString)
 //
 // Get can only operate directly on map[string]interface{} and []interface.
 //
-// Example
+// # Example
 //
 // To access the title of the third chapter of the second book, do:
 //
-//    o.Get("books[1].chapters[2].title")
+//	o.Get("books[1].chapters[2].title")
 func (m Map) Get(selector string) *Value {
 	rawObj := access(m, selector, nil, false)
 	return &Value{data: rawObj}
@@ -52,26 +52,26 @@ func (m Map) Get(selector string) *Value {
 //
 // Set can only operate directly on map[string]interface{} and []interface
 //
-// Example
+// # Example
 //
 // To set the title of the third chapter of the second book, do:
 //
-//    o.Set("books[1].chapters[2].title","Time to Go")
+//	o.Set("books[1].chapters[2].title","Time to Go")
 func (m Map) Set(selector string, value interface{}) Map {
 	access(m, selector, value, true)
 	return m
 }
 
-// getIndex returns the index, which is hold in s by two braches.
-// It also returns s withour the index part, e.g. name[1] will return (1, name).
+// getIndex returns the index, which is hold in s by two branches.
+// It also returns s without the index part, e.g. name[1] will return (1, name).
 // If no index is found, -1 is returned
 func getIndex(s string) (int, string) {
-	arrayMatches := arrayAccesRegex.FindStringSubmatch(s)
+	arrayMatches := arrayAccessRegex.FindStringSubmatch(s)
 	if len(arrayMatches) > 0 {
 		// Get the key into the map
 		selector := arrayMatches[1]
 		// Get the index into the array at the key
-		// We know this cannt fail because arrayMatches[2] is an int for sure
+		// We know this can't fail because arrayMatches[2] is an int for sure
 		index, _ := strconv.Atoi(arrayMatches[2])
 		return index, selector
 	}
diff --git a/vendor/github.com/stretchr/objx/conversions.go b/vendor/github.com/stretchr/objx/conversions.go
index 080aa46e47..01c63d7d3b 100644
--- a/vendor/github.com/stretchr/objx/conversions.go
+++ b/vendor/github.com/stretchr/objx/conversions.go
@@ -15,7 +15,7 @@ import (
 const SignatureSeparator = "_"
 
 // URLValuesSliceKeySuffix is the character that is used to
-// specify a suffic for slices parsed by URLValues.
+// specify a suffix for slices parsed by URLValues.
 // If the suffix is set to "[i]", then the index of the slice
 // is used in place of i
 // Ex: Suffix "[]" would have the form a[]=b&a[]=c
@@ -30,7 +30,7 @@ const (
 )
 
 // SetURLValuesSliceKeySuffix sets the character that is used to
-// specify a suffic for slices parsed by URLValues.
+// specify a suffix for slices parsed by URLValues.
 // If the suffix is set to "[i]", then the index of the slice
 // is used in place of i
 // Ex: Suffix "[]" would have the form a[]=b&a[]=c
diff --git a/vendor/github.com/stretchr/objx/doc.go b/vendor/github.com/stretchr/objx/doc.go
index 6d6af1a83a..b170af74b3 100644
--- a/vendor/github.com/stretchr/objx/doc.go
+++ b/vendor/github.com/stretchr/objx/doc.go
@@ -1,19 +1,19 @@
 /*
-Objx - Go package for dealing with maps, slices, JSON and other data.
+Package objx provides utilities for dealing with maps, slices, JSON and other data.
 
-Overview
+# Overview
 
 Objx provides the `objx.Map` type, which is a `map[string]interface{}` that exposes
 a powerful `Get` method (among others) that allows you to easily and quickly get
 access to data within the map, without having to worry too much about type assertions,
 missing data, default values etc.
 
-Pattern
+# Pattern
 
-Objx uses a preditable pattern to make access data from within `map[string]interface{}` easy.
+Objx uses a predictable pattern to make access data from within `map[string]interface{}` easy.
 Call one of the `objx.` functions to create your `objx.Map` to get going:
 
-    m, err := objx.FromJSON(json)
+	m, err := objx.FromJSON(json)
 
 NOTE: Any methods or functions with the `Must` prefix will panic if something goes wrong,
 the rest will be optimistic and try to figure things out without panicking.
@@ -21,46 +21,46 @@ the rest will be optimistic and try to figure things out without panicking.
 Use `Get` to access the value you're interested in.  You can use dot and array
 notation too:
 
-     m.Get("places[0].latlng")
+	m.Get("places[0].latlng")
 
 Once you have sought the `Value` you're interested in, you can use the `Is*` methods to determine its type.
 
-     if m.Get("code").IsStr() { // Your code... }
+	if m.Get("code").IsStr() { // Your code... }
 
 Or you can just assume the type, and use one of the strong type methods to extract the real value:
 
-   m.Get("code").Int()
+	m.Get("code").Int()
 
 If there's no value there (or if it's the wrong type) then a default value will be returned,
 or you can be explicit about the default value.
 
-     Get("code").Int(-1)
+	Get("code").Int(-1)
 
 If you're dealing with a slice of data as a value, Objx provides many useful methods for iterating,
 manipulating and selecting that data.  You can find out more by exploring the index below.
 
-Reading data
+# Reading data
 
 A simple example of how to use Objx:
 
-   // Use MustFromJSON to make an objx.Map from some JSON
-   m := objx.MustFromJSON(`{"name": "Mat", "age": 30}`)
+	// Use MustFromJSON to make an objx.Map from some JSON
+	m := objx.MustFromJSON(`{"name": "Mat", "age": 30}`)
 
-   // Get the details
-   name := m.Get("name").Str()
-   age := m.Get("age").Int()
+	// Get the details
+	name := m.Get("name").Str()
+	age := m.Get("age").Int()
 
-   // Get their nickname (or use their name if they don't have one)
-   nickname := m.Get("nickname").Str(name)
+	// Get their nickname (or use their name if they don't have one)
+	nickname := m.Get("nickname").Str(name)
 
-Ranging
+# Ranging
 
 Since `objx.Map` is a `map[string]interface{}` you can treat it as such.
 For example, to `range` the data, do what you would expect:
 
-    m := objx.MustFromJSON(json)
-    for key, value := range m {
-      // Your code...
-    }
+	m := objx.MustFromJSON(json)
+	for key, value := range m {
+	  // Your code...
+	}
 */
 package objx
diff --git a/vendor/github.com/stretchr/objx/map.go b/vendor/github.com/stretchr/objx/map.go
index a64712a08b..ab9f9ae67c 100644
--- a/vendor/github.com/stretchr/objx/map.go
+++ b/vendor/github.com/stretchr/objx/map.go
@@ -47,17 +47,16 @@ func New(data interface{}) Map {
 //
 // The arguments follow a key, value pattern.
 //
-//
 // Returns nil if any key argument is non-string or if there are an odd number of arguments.
 //
-// Example
+// # Example
 //
 // To easily create Maps:
 //
-//     m := objx.MSI("name", "Mat", "age", 29, "subobj", objx.MSI("active", true))
+//	m := objx.MSI("name", "Mat", "age", 29, "subobj", objx.MSI("active", true))
 //
-//     // creates an Map equivalent to
-//     m := objx.Map{"name": "Mat", "age": 29, "subobj": objx.Map{"active": true}}
+//	// creates an Map equivalent to
+//	m := objx.Map{"name": "Mat", "age": 29, "subobj": objx.Map{"active": true}}
 func MSI(keyAndValuePairs ...interface{}) Map {
 	newMap := Map{}
 	keyAndValuePairsLen := len(keyAndValuePairs)
diff --git a/vendor/github.com/tjfoc/gmsm/sm3/ifile b/vendor/github.com/tjfoc/gmsm/sm3/ifile
new file mode 100644
index 0000000000..30d74d2584
--- /dev/null
+++ b/vendor/github.com/tjfoc/gmsm/sm3/ifile
@@ -0,0 +1 @@
+test
\ No newline at end of file
diff --git a/vendor/github.com/tjfoc/gmsm/sm3/sm3.go b/vendor/github.com/tjfoc/gmsm/sm3/sm3.go
index 1a610b9932..7c6094cdad 100644
--- a/vendor/github.com/tjfoc/gmsm/sm3/sm3.go
+++ b/vendor/github.com/tjfoc/gmsm/sm3/sm3.go
@@ -38,7 +38,7 @@ func (sm3 *SM3) p0(x uint32) uint32 { return x ^ sm3.leftRotate(x, 9) ^ sm3.left
 
 func (sm3 *SM3) p1(x uint32) uint32 { return x ^ sm3.leftRotate(x, 15) ^ sm3.leftRotate(x, 23) }
 
-func (sm3 *SM3) leftRotate(x uint32, i uint32) uint32 { return (x<<(i%32) | x>>(32-i%32)) }
+func (sm3 *SM3) leftRotate(x uint32, i uint32) uint32 { return x<<(i%32) | x>>(32-i%32) }
 
 func (sm3 *SM3) pad() []byte {
 	msg := sm3.unhandleMsg
@@ -63,7 +63,7 @@ func (sm3 *SM3) pad() []byte {
 	return msg
 }
 
-func (sm3 *SM3) update(msg []byte, nblocks int) {
+func (sm3 *SM3) update(msg []byte) {
 	var w [68]uint32
 	var w1 [64]uint32
 
@@ -119,7 +119,7 @@ func (sm3 *SM3) update(msg []byte, nblocks int) {
 	}
 	sm3.digest[0], sm3.digest[1], sm3.digest[2], sm3.digest[3], sm3.digest[4], sm3.digest[5], sm3.digest[6], sm3.digest[7] = a, b, c, d, e, f, g, h
 }
-func (sm3 *SM3) update2(msg []byte, nblocks int)([8]uint32){
+func (sm3 *SM3) update2(msg []byte,) [8]uint32 {
 	var w [68]uint32
 	var w1 [64]uint32
 
@@ -175,8 +175,10 @@ func (sm3 *SM3) update2(msg []byte, nblocks int)([8]uint32){
 	}
 	var digest [8]uint32
 	digest[0], digest[1], digest[2], digest[3], digest[4], digest[5], digest[6], digest[7] = a, b, c, d, e, f, g, h
-   return digest
+	return digest
 }
+
+// 创建哈希计算实例
 func New() hash.Hash {
 	var sm3 SM3
 
@@ -184,14 +186,12 @@ func New() hash.Hash {
 	return &sm3
 }
 
-// BlockSize, required by the hash.Hash interface.
 // BlockSize returns the hash's underlying block size.
 // The Write method must be able to accept any amount
 // of data, but it may operate more efficiently if all writes
 // are a multiple of the block size.
 func (sm3 *SM3) BlockSize() int { return 64 }
 
-// Size, required by the hash.Hash interface.
 // Size returns the number of bytes Sum will return.
 func (sm3 *SM3) Size() int { return 32 }
 
@@ -212,7 +212,6 @@ func (sm3 *SM3) Reset() {
 	sm3.unhandleMsg = []byte{}
 }
 
-// Write, required by the hash.Hash interface.
 // Write (via the embedded io.Writer interface) adds more data to the running hash.
 // It never returns an error.
 func (sm3 *SM3) Write(p []byte) (int, error) {
@@ -220,21 +219,21 @@ func (sm3 *SM3) Write(p []byte) (int, error) {
 	sm3.length += uint64(len(p) * 8)
 	msg := append(sm3.unhandleMsg, p...)
 	nblocks := len(msg) / sm3.BlockSize()
-	sm3.update(msg, nblocks)
+	sm3.update(msg)
 	// Update unhandleMsg
 	sm3.unhandleMsg = msg[nblocks*sm3.BlockSize():]
 
 	return toWrite, nil
 }
 
-// Sum, required by the hash.Hash interface.
+// 返回SM3哈希算法摘�值
 // Sum appends the current hash to b and returns the resulting slice.
 // It does not change the underlying hash state.
 func (sm3 *SM3) Sum(in []byte) []byte {
-	sm3.Write(in)
+	_, _ = sm3.Write(in)
 	msg := sm3.pad()
-	//Finialize
-	digest:=sm3.update2(msg, len(msg)/sm3.BlockSize())
+	//Finalize
+	digest := sm3.update2(msg)
 
 	// save hash to in
 	needed := sm3.Size()
@@ -255,6 +254,6 @@ func Sm3Sum(data []byte) []byte {
 	var sm3 SM3
 
 	sm3.Reset()
-	sm3.Write(data)
+	_, _ = sm3.Write(data)
 	return sm3.Sum(nil)
 }
diff --git a/vendor/github.com/vbatts/tar-split/archive/tar/reader.go b/vendor/github.com/vbatts/tar-split/archive/tar/reader.go
index fcf3215539..af006fc92e 100644
--- a/vendor/github.com/vbatts/tar-split/archive/tar/reader.go
+++ b/vendor/github.com/vbatts/tar-split/archive/tar/reader.go
@@ -7,7 +7,6 @@ package tar
 import (
 	"bytes"
 	"io"
-	"io/ioutil"
 	"strconv"
 	"strings"
 	"time"
@@ -140,7 +139,7 @@ func (tr *Reader) next() (*Header, error) {
 			continue // This is a meta header affecting the next header
 		case TypeGNULongName, TypeGNULongLink:
 			format.mayOnlyBe(FormatGNU)
-			realname, err := ioutil.ReadAll(tr)
+			realname, err := io.ReadAll(tr)
 			if err != nil {
 				return nil, err
 			}
@@ -334,7 +333,7 @@ func mergePAX(hdr *Header, paxHdrs map[string]string) (err error) {
 // parsePAX parses PAX headers.
 // If an extended header (type 'x') is invalid, ErrHeader is returned
 func parsePAX(r io.Reader) (map[string]string, error) {
-	buf, err := ioutil.ReadAll(r)
+	buf, err := io.ReadAll(r)
 	if err != nil {
 		return nil, err
 	}
@@ -916,7 +915,7 @@ func discard(tr *Reader, n int64) error {
 		}
 	}
 
-	copySkipped, err = io.CopyN(ioutil.Discard, r, n-seekSkipped)
+	copySkipped, err = io.CopyN(io.Discard, r, n-seekSkipped)
 out:
 	if err == io.EOF && seekSkipped+copySkipped < n {
 		err = io.ErrUnexpectedEOF
diff --git a/vendor/github.com/xanzy/go-gitlab/CONTRIBUTING.md b/vendor/github.com/xanzy/go-gitlab/CONTRIBUTING.md
index ec4ed485db..32bd822745 100644
--- a/vendor/github.com/xanzy/go-gitlab/CONTRIBUTING.md
+++ b/vendor/github.com/xanzy/go-gitlab/CONTRIBUTING.md
@@ -4,8 +4,7 @@ We want to make contributing to this project as easy as possible.
 
 ## Reporting Issues
 
-If you have an issue, please report it on the [issue tracker](
-https://github.com/xanzy/go-gitlab/issues).
+If you have an issue, please report it on the [issue tracker](https://github.com/xanzy/go-gitlab/issues).
 
 When you are up for writing a PR to solve the issue you encountered, it's not
 needed to first open a separate issue. In that case only opening a PR with a
@@ -13,8 +12,8 @@ description of the issue you are trying to solve is just fine.
 
 ## Contributing Code
 
-Pull requests are always welcome. When in doubt if your contribution fits in with
-the rest of the project, free to first open an issue to discuss your idea.
+Pull requests are always welcome. When in doubt if your contribution fits within
+the rest of the project, feel free to first open an issue to discuss your idea.
 
 This is not needed when fixing a bug or adding an enhancement, as long as the
 enhancement you are trying to add can be found in the public GitLab API docs as
@@ -22,8 +21,10 @@ this project only supports what is in the public API docs.
 
 ## Coding style
 
-We try to follow the Go best practices, where it makes sense, and use [`gofumpt`](
-https://github.com/mvdan/gofumpt) to format code in this project.
+We try to follow the Go best practices, where it makes sense, and use
+[`gofumpt`](https://github.com/mvdan/gofumpt) to format code in this project.
+As a general rule of thumb we prefer to keep line width for comments below 80
+chars and for code (where possible and sensible) below 100 chars.
 
 Before making a PR, please look at the rest this package and try to make sure
 your contribution is consistent with the rest of the coding style.
@@ -35,18 +36,18 @@ easier to find things.
 ### Setting up your local development environment to Contribute to `go-gitlab`
 
 1. [Fork](https://github.com/xanzy/go-gitlab/fork), then clone the repository.
-    ```sh
-    git clone https://github.com/<your-username>/go-gitlab.git
-    # or via ssh
-    git clone git@github.com:<your-username>/go-gitlab.git
-    ```
+   ```sh
+   git clone https://github.com/<your-username>/go-gitlab.git
+   # or via ssh
+   git clone git@github.com:<your-username>/go-gitlab.git
+   ```
 1. Install dependencies:
-    ```sh
-    make setup
-    ```
+   ```sh
+   make setup
+   ```
 1. Make your changes on your feature branch
 1. Run the tests and `gofumpt`
-    ```sh
-    make test && make fmt
-    ```
+   ```sh
+   make test && make fmt
+   ```
 1. Open up your pull request
diff --git a/vendor/github.com/xanzy/go-gitlab/appearance.go b/vendor/github.com/xanzy/go-gitlab/appearance.go
new file mode 100644
index 0000000000..f21893c0e0
--- /dev/null
+++ b/vendor/github.com/xanzy/go-gitlab/appearance.go
@@ -0,0 +1,110 @@
+//
+// Copyright 2023, �晓伟 <xuxiaowei@xuxiaowei.com.cn>
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+package gitlab
+
+import "net/http"
+
+// AppearanceService handles communication with appearance of the Gitlab API.
+//
+// Gitlab API docs : https://docs.gitlab.com/ee/api/appearance.html
+type AppearanceService struct {
+	client *Client
+}
+
+// Appearance represents a GitLab appearance.
+//
+// Gitlab API docs : https://docs.gitlab.com/ee/api/appearance.html
+type Appearance struct {
+	Title                       string `json:"title"`
+	Description                 string `json:"description"`
+	PWAName                     string `json:"pwa_name"`
+	PWAShortName                string `json:"pwa_short_name"`
+	PWADescription              string `json:"pwa_description"`
+	PWAIcon                     string `json:"pwa_icon"`
+	Logo                        string `json:"logo"`
+	HeaderLogo                  string `json:"header_logo"`
+	Favicon                     string `json:"favicon"`
+	NewProjectGuidelines        string `json:"new_project_guidelines"`
+	ProfileImageGuidelines      string `json:"profile_image_guidelines"`
+	HeaderMessage               string `json:"header_message"`
+	FooterMessage               string `json:"footer_message"`
+	MessageBackgroundColor      string `json:"message_background_color"`
+	MessageFontColor            string `json:"message_font_color"`
+	EmailHeaderAndFooterEnabled bool   `json:"email_header_and_footer_enabled"`
+}
+
+// GetAppearance gets the current appearance configuration of the GitLab instance.
+//
+// Gitlab API docs:
+// https://docs.gitlab.com/ee/api/appearance.html#get-current-appearance-configuration
+func (s *AppearanceService) GetAppearance(options ...RequestOptionFunc) (*Appearance, *Response, error) {
+	req, err := s.client.NewRequest(http.MethodGet, "application/appearance", nil, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	as := new(Appearance)
+	resp, err := s.client.Do(req, as)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return as, resp, nil
+}
+
+// ChangeAppearanceOptions represents the available ChangeAppearance() options.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/appearance.html#change-appearance-configuration
+type ChangeAppearanceOptions struct {
+	Title                       *string `url:"title,omitempty" json:"title,omitempty"`
+	Description                 *string `url:"description,omitempty" json:"description,omitempty"`
+	PWAName                     *string `url:"pwa_name,omitempty" json:"pwa_name,omitempty"`
+	PWAShortName                *string `url:"pwa_short_name,omitempty" json:"pwa_short_name,omitempty"`
+	PWADescription              *string `url:"pwa_description,omitempty" json:"pwa_description,omitempty"`
+	PWAIcon                     *string `url:"pwa_icon,omitempty" json:"pwa_icon,omitempty"`
+	Logo                        *string `url:"logo,omitempty" json:"logo,omitempty"`
+	HeaderLogo                  *string `url:"header_logo,omitempty" json:"header_logo,omitempty"`
+	Favicon                     *string `url:"favicon,omitempty" json:"favicon,omitempty"`
+	NewProjectGuidelines        *string `url:"new_project_guidelines,omitempty" json:"new_project_guidelines,omitempty"`
+	ProfileImageGuidelines      *string `url:"profile_image_guidelines,omitempty" json:"profile_image_guidelines,omitempty"`
+	HeaderMessage               *string `url:"header_message,omitempty" json:"header_message,omitempty"`
+	FooterMessage               *string `url:"footer_message,omitempty" json:"footer_message,omitempty"`
+	MessageBackgroundColor      *string `url:"message_background_color,omitempty" json:"message_background_color,omitempty"`
+	MessageFontColor            *string `url:"message_font_color,omitempty" json:"message_font_color,omitempty"`
+	EmailHeaderAndFooterEnabled *bool   `url:"email_header_and_footer_enabled,omitempty" json:"email_header_and_footer_enabled,omitempty"`
+	URL                         *string `url:"url,omitempty" json:"url,omitempty"`
+}
+
+// ChangeAppearance changes the appearance configuration.
+//
+// Gitlab API docs:
+// https://docs.gitlab.com/ee/api/appearance.html#change-appearance-configuration
+func (s *AppearanceService) ChangeAppearance(opt *ChangeAppearanceOptions, options ...RequestOptionFunc) (*Appearance, *Response, error) {
+	req, err := s.client.NewRequest(http.MethodPut, "application/appearance", opt, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	as := new(Appearance)
+	resp, err := s.client.Do(req, as)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return as, resp, nil
+}
diff --git a/vendor/github.com/xanzy/go-gitlab/commits.go b/vendor/github.com/xanzy/go-gitlab/commits.go
index 7c724c2b0e..cdb548b074 100644
--- a/vendor/github.com/xanzy/go-gitlab/commits.go
+++ b/vendor/github.com/xanzy/go-gitlab/commits.go
@@ -77,6 +77,7 @@ type ListCommitsOptions struct {
 	Since       *time.Time `url:"since,omitempty" json:"since,omitempty"`
 	Until       *time.Time `url:"until,omitempty" json:"until,omitempty"`
 	Path        *string    `url:"path,omitempty" json:"path,omitempty"`
+	Author      *string    `url:"author,omitempty" json:"author,omitempty"`
 	All         *bool      `url:"all,omitempty" json:"all,omitempty"`
 	WithStats   *bool      `url:"with_stats,omitempty" json:"with_stats,omitempty"`
 	FirstParent *bool      `url:"first_parent,omitempty" json:"first_parent,omitempty"`
@@ -402,6 +403,7 @@ type CommitStatus struct {
 	Name         string     `json:"name"`
 	AllowFailure bool       `json:"allow_failure"`
 	Coverage     float64    `json:"coverage"`
+	PipelineId   int        `json:"pipeline_id"`
 	Author       Author     `json:"author"`
 	Description  string     `json:"description"`
 	TargetURL    string     `json:"target_url"`
@@ -571,10 +573,10 @@ type GPGSignature struct {
 	KeySubkeyID        int    `json:"gpg_key_subkey_id"`
 }
 
-// GetGPGSiganature gets a GPG signature of a commit.
+// GetGPGSignature gets a GPG signature of a commit.
 //
 // GitLab API docs: https://docs.gitlab.com/ee/api/commits.html#get-gpg-signature-of-a-commit
-func (s *CommitsService) GetGPGSiganature(pid interface{}, sha string, options ...RequestOptionFunc) (*GPGSignature, *Response, error) {
+func (s *CommitsService) GetGPGSignature(pid interface{}, sha string, options ...RequestOptionFunc) (*GPGSignature, *Response, error) {
 	project, err := parseID(pid)
 	if err != nil {
 		return nil, nil, err
diff --git a/vendor/github.com/xanzy/go-gitlab/discussions.go b/vendor/github.com/xanzy/go-gitlab/discussions.go
index b4d7f2468c..7f791c585f 100644
--- a/vendor/github.com/xanzy/go-gitlab/discussions.go
+++ b/vendor/github.com/xanzy/go-gitlab/discussions.go
@@ -724,10 +724,39 @@ func (s *DiscussionsService) GetMergeRequestDiscussion(pid interface{}, mergeReq
 // GitLab API docs:
 // https://docs.gitlab.com/ee/api/discussions.html#create-new-merge-request-thread
 type CreateMergeRequestDiscussionOptions struct {
-	Body      *string       `url:"body,omitempty" json:"body,omitempty"`
-	CommitID  *string       `url:"commit_id,omitempty" json:"commit_id,omitempty"`
-	CreatedAt *time.Time    `url:"created_at,omitempty" json:"created_at,omitempty"`
-	Position  *NotePosition `url:"position,omitempty" json:"position,omitempty"`
+	Body      *string          `url:"body,omitempty" json:"body,omitempty"`
+	CommitID  *string          `url:"commit_id,omitempty" json:"commit_id,omitempty"`
+	CreatedAt *time.Time       `url:"created_at,omitempty" json:"created_at,omitempty"`
+	Position  *PositionOptions `url:"position,omitempty" json:"position,omitempty"`
+}
+
+// PositionOptions represents the position option of a discussion.
+type PositionOptions struct {
+	BaseSHA      *string           `url:"base_sha,omitempty" json:"base_sha,omitempty"`
+	HeadSHA      *string           `url:"head_sha,omitempty" json:"head_sha,omitempty"`
+	StartSHA     *string           `url:"start_sha,omitempty" json:"start_sha,omitempty"`
+	NewPath      *string           `url:"new_path,omitempty" json:"new_path,omitempty"`
+	OldPath      *string           `url:"old_path,omitempty" json:"old_path,omitempty"`
+	PositionType *string           `url:"position_type,omitempty" json:"position_type"`
+	NewLine      *int              `url:"new_line,omitempty" json:"new_line,omitempty"`
+	OldLine      *int              `url:"old_line,omitempty" json:"old_line,omitempty"`
+	LineRange    *LineRangeOptions `url:"line_range,omitempty" json:"line_range,omitempty"`
+	Width        *int              `url:"width,omitempty" json:"width,omitempty"`
+	Height       *int              `url:"height,omitempty" json:"height,omitempty"`
+	X            *float64          `url:"x,omitempty" json:"x,omitempty"`
+	Y            *float64          `url:"y,omitempty" json:"y,omitempty"`
+}
+
+// LineRangeOptions represents the line range option of a discussion.
+type LineRangeOptions struct {
+	Start *LinePositionOptions `url:"start,omitempty" json:"start,omitempty"`
+	End   *LinePositionOptions `url:"end,omitempty" json:"end,omitempty"`
+}
+
+// LinePositionOptions represents the line position option of a discussion.
+type LinePositionOptions struct {
+	LineCode *string `url:"line_code,omitempty" json:"line_code,omitempty"`
+	Type     *string `url:"type,omitempty" json:"type,omitempty"`
 }
 
 // CreateMergeRequestDiscussion creates a new discussion for a single merge
diff --git a/vendor/github.com/xanzy/go-gitlab/event_webhook_types.go b/vendor/github.com/xanzy/go-gitlab/event_webhook_types.go
index 4c2dd8e042..fa1fe5c7d9 100644
--- a/vendor/github.com/xanzy/go-gitlab/event_webhook_types.go
+++ b/vendor/github.com/xanzy/go-gitlab/event_webhook_types.go
@@ -652,6 +652,7 @@ type MergeEvent struct {
 		} `json:"last_commit"`
 		BlockingDiscussionsResolved bool          `json:"blocking_discussions_resolved"`
 		WorkInProgress              bool          `json:"work_in_progress"`
+		Draft                       bool          `json:"draft"`
 		TotalTimeSpent              int           `json:"total_time_spent"`
 		TimeChange                  int           `json:"time_change"`
 		HumanTotalTimeSpent         string        `json:"human_total_time_spent"`
@@ -679,6 +680,10 @@ type MergeEvent struct {
 			Previous string `json:"previous"`
 			Current  string `json:"current"`
 		} `json:"description"`
+		Draft struct {
+			Previous bool `json:"previous"`
+			Current  bool `json:"current"`
+		} `json:"draft"`
 		Labels struct {
 			Previous []*EventLabel `json:"previous"`
 			Current  []*EventLabel `json:"current"`
@@ -789,6 +794,7 @@ type PipelineEvent struct {
 	ObjectAttributes struct {
 		ID             int      `json:"id"`
 		IID            int      `json:"iid"`
+		Name           string   `json:"name"`
 		Ref            string   `json:"ref"`
 		Tag            bool     `json:"tag"`
 		SHA            string   `json:"sha"`
diff --git a/vendor/github.com/xanzy/go-gitlab/gitlab.go b/vendor/github.com/xanzy/go-gitlab/gitlab.go
index 322f1a4a03..88d55057c7 100644
--- a/vendor/github.com/xanzy/go-gitlab/gitlab.go
+++ b/vendor/github.com/xanzy/go-gitlab/gitlab.go
@@ -105,6 +105,7 @@ type Client struct {
 
 	// Services used for talking to different parts of the GitLab API.
 	AccessRequests               *AccessRequestsService
+	Appearance                   *AppearanceService
 	Applications                 *ApplicationsService
 	AuditEvents                  *AuditEventsService
 	Avatar                       *AvatarRequestsService
@@ -144,6 +145,7 @@ type Client struct {
 	GroupLabels                  *GroupLabelsService
 	GroupMembers                 *GroupMembersService
 	GroupMilestones              *GroupMilestonesService
+	GroupProtectedEnvironments   *GroupProtectedEnvironmentsService
 	GroupRepositoryStorageMove   *GroupRepositoryStorageMoveService
 	GroupVariables               *GroupVariablesService
 	GroupWikis                   *GroupWikisService
@@ -164,6 +166,7 @@ type Client struct {
 	Markdown                     *MarkdownService
 	MergeRequestApprovals        *MergeRequestApprovalsService
 	MergeRequests                *MergeRequestsService
+	MergeTrains                  *MergeTrainsService
 	Metadata                     *MetadataService
 	Milestones                   *MilestonesService
 	Namespaces                   *NamespacesService
@@ -199,6 +202,7 @@ type Client struct {
 	Repositories                 *RepositoriesService
 	RepositoryFiles              *RepositoryFilesService
 	RepositorySubmodules         *RepositorySubmodulesService
+	ResourceIterationEvents      *ResourceIterationEventsService
 	ResourceLabelEvents          *ResourceLabelEventsService
 	ResourceMilestoneEvents      *ResourceMilestoneEventsService
 	ResourceStateEvents          *ResourceStateEventsService
@@ -326,6 +330,7 @@ func newClient(options ...ClientOptionFunc) (*Client, error) {
 
 	// Create all the public services.
 	c.AccessRequests = &AccessRequestsService{client: c}
+	c.Appearance = &AppearanceService{client: c}
 	c.Applications = &ApplicationsService{client: c}
 	c.AuditEvents = &AuditEventsService{client: c}
 	c.Avatar = &AvatarRequestsService{client: c}
@@ -365,6 +370,7 @@ func newClient(options ...ClientOptionFunc) (*Client, error) {
 	c.GroupLabels = &GroupLabelsService{client: c}
 	c.GroupMembers = &GroupMembersService{client: c}
 	c.GroupMilestones = &GroupMilestonesService{client: c}
+	c.GroupProtectedEnvironments = &GroupProtectedEnvironmentsService{client: c}
 	c.GroupRepositoryStorageMove = &GroupRepositoryStorageMoveService{client: c}
 	c.GroupVariables = &GroupVariablesService{client: c}
 	c.GroupWikis = &GroupWikisService{client: c}
@@ -385,6 +391,7 @@ func newClient(options ...ClientOptionFunc) (*Client, error) {
 	c.Markdown = &MarkdownService{client: c}
 	c.MergeRequestApprovals = &MergeRequestApprovalsService{client: c}
 	c.MergeRequests = &MergeRequestsService{client: c, timeStats: timeStats}
+	c.MergeTrains = &MergeTrainsService{client: c}
 	c.Metadata = &MetadataService{client: c}
 	c.Milestones = &MilestonesService{client: c}
 	c.Namespaces = &NamespacesService{client: c}
@@ -420,6 +427,7 @@ func newClient(options ...ClientOptionFunc) (*Client, error) {
 	c.Repositories = &RepositoriesService{client: c}
 	c.RepositoryFiles = &RepositoryFilesService{client: c}
 	c.RepositorySubmodules = &RepositorySubmodulesService{client: c}
+	c.ResourceIterationEvents = &ResourceIterationEventsService{client: c}
 	c.ResourceLabelEvents = &ResourceLabelEventsService{client: c}
 	c.ResourceMilestoneEvents = &ResourceMilestoneEventsService{client: c}
 	c.ResourceStateEvents = &ResourceStateEventsService{client: c}
@@ -809,6 +817,7 @@ func (c *Client) Do(req *retryablehttp.Request, v interface{}) (*Response, error
 		return c.Do(req, v)
 	}
 	defer resp.Body.Close()
+	defer io.Copy(io.Discard, resp.Body)
 
 	// If not yet configured, try to configure the rate limiter
 	// using the response headers we just received. Fail silently
diff --git a/vendor/github.com/xanzy/go-gitlab/group_access_tokens.go b/vendor/github.com/xanzy/go-gitlab/group_access_tokens.go
index 3d42ab5314..15f303a981 100644
--- a/vendor/github.com/xanzy/go-gitlab/group_access_tokens.go
+++ b/vendor/github.com/xanzy/go-gitlab/group_access_tokens.go
@@ -145,6 +145,31 @@ func (s *GroupAccessTokensService) CreateGroupAccessToken(gid interface{}, opt *
 	return pat, resp, nil
 }
 
+// RotateGroupAccessToken revokes a group access token and returns a new group
+// access token that expires in one week.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/group_access_tokens.html#rotate-a-group-access-token
+func (s *GroupAccessTokensService) RotateGroupAccessToken(gid interface{}, id int, options ...RequestOptionFunc) (*GroupAccessToken, *Response, error) {
+	groups, err := parseID(gid)
+	if err != nil {
+		return nil, nil, err
+	}
+	u := fmt.Sprintf("groups/%s/access_tokens/%d/rotate", PathEscape(groups), id)
+	req, err := s.client.NewRequest(http.MethodPost, u, nil, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	gat := new(GroupAccessToken)
+	resp, err := s.client.Do(req, gat)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return gat, resp, nil
+}
+
 // RevokeGroupAccessToken revokes a group access token.
 //
 // GitLab API docs:
diff --git a/vendor/github.com/xanzy/go-gitlab/group_protected_environments.go b/vendor/github.com/xanzy/go-gitlab/group_protected_environments.go
new file mode 100644
index 0000000000..53bee7079f
--- /dev/null
+++ b/vendor/github.com/xanzy/go-gitlab/group_protected_environments.go
@@ -0,0 +1,278 @@
+//
+// Copyright 2023, Sander van Harmelen
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+package gitlab
+
+import (
+	"fmt"
+	"net/http"
+)
+
+// GroupProtectedEnvironmentsService handles communication with the group-level
+// protected environment methods of the GitLab API.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/group_protected_environments.html
+type GroupProtectedEnvironmentsService struct {
+	client *Client
+}
+
+// GroupProtectedEnvironment represents a group-level protected environment.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/group_protected_environments.html
+type GroupProtectedEnvironment struct {
+	Name                  string                               `json:"name"`
+	DeployAccessLevels    []*GroupEnvironmentAccessDescription `json:"deploy_access_levels"`
+	RequiredApprovalCount int                                  `json:"required_approval_count"`
+	ApprovalRules         []*GroupEnvironmentApprovalRule      `json:"approval_rules"`
+}
+
+// GroupEnvironmentAccessDescription represents the access decription for a
+// group-level protected environment.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/group_protected_environments.html
+type GroupEnvironmentAccessDescription struct {
+	ID                     int              `json:"id"`
+	AccessLevel            AccessLevelValue `json:"access_level"`
+	AccessLevelDescription string           `json:"access_level_description"`
+	UserID                 int              `json:"user_id"`
+	GroupID                int              `json:"group_id"`
+}
+
+// GroupEnvironmentApprovalRule represents the approval rules for a group-level
+// protected environment.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/group_protected_environments.html#protect-a-single-environment
+type GroupEnvironmentApprovalRule struct {
+	ID                     int              `json:"id"`
+	UserID                 int              `json:"user_id"`
+	GroupID                int              `json:"group_id"`
+	AccessLevel            AccessLevelValue `json:"access_level"`
+	AccessLevelDescription string           `json:"access_level_description"`
+	RequiredApprovalCount  int              `json:"required_approvals"`
+	GroupInheritanceType   int              `json:"group_inheritance_type"`
+}
+
+// ListGroupProtectedEnvironmentsOptions represents the available
+// ListGroupProtectedEnvironments() options.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/group_protected_environments.html#list-group-level-protected-environments
+type ListGroupProtectedEnvironmentsOptions ListOptions
+
+// ListGroupProtectedEnvironments returns a list of protected environments from
+// a group.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/group_protected_environments.html#list-group-level-protected-environments
+func (s *GroupProtectedEnvironmentsService) ListGroupProtectedEnvironments(gid interface{}, opt *ListGroupProtectedEnvironmentsOptions, options ...RequestOptionFunc) ([]*GroupProtectedEnvironment, *Response, error) {
+	group, err := parseID(gid)
+	if err != nil {
+		return nil, nil, err
+	}
+	u := fmt.Sprintf("groups/%s/protected_environments", PathEscape(group))
+
+	req, err := s.client.NewRequest(http.MethodGet, u, opt, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var pes []*GroupProtectedEnvironment
+	resp, err := s.client.Do(req, &pes)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return pes, resp, nil
+}
+
+// GetGroupProtectedEnvironment returns a single group-level protected
+// environment.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/group_protected_environments.html#get-a-single-protected-environment
+func (s *GroupProtectedEnvironmentsService) GetGroupProtectedEnvironment(gid interface{}, environment string, options ...RequestOptionFunc) (*GroupProtectedEnvironment, *Response, error) {
+	group, err := parseID(gid)
+	if err != nil {
+		return nil, nil, err
+	}
+	u := fmt.Sprintf("groups/%s/protected_environments/%s", PathEscape(group), environment)
+
+	req, err := s.client.NewRequest(http.MethodGet, u, nil, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	pe := new(GroupProtectedEnvironment)
+	resp, err := s.client.Do(req, pe)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return pe, resp, nil
+}
+
+// ProtectGroupEnvironmentOptions represents the available
+// ProtectGroupEnvironment() options.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/group_protected_environments.html#protect-a-single-environment
+type ProtectGroupEnvironmentOptions struct {
+	Name                  *string                                 `url:"name,omitempty" json:"name,omitempty"`
+	DeployAccessLevels    *[]*GroupEnvironmentAccessOptions       `url:"deploy_access_levels,omitempty" json:"deploy_access_levels,omitempty"`
+	RequiredApprovalCount *int                                    `url:"required_approval_count,omitempty" json:"required_approval_count,omitempty"`
+	ApprovalRules         *[]*GroupEnvironmentApprovalRuleOptions `url:"approval_rules,omitempty" json:"approval_rules,omitempty"`
+}
+
+// GroupEnvironmentAccessOptions represents the options for an access decription
+// for a group-level protected environment.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/group_protected_environments.html#protect-a-single-environment
+type GroupEnvironmentAccessOptions struct {
+	AccessLevel *AccessLevelValue `url:"access_level,omitempty" json:"access_level,omitempty"`
+	UserID      *int              `url:"user_id,omitempty" json:"user_id,omitempty"`
+	GroupID     *int              `url:"group_id,omitempty" json:"group_id,omitempty"`
+}
+
+// GroupEnvironmentApprovalRuleOptions represents the approval rules for a
+// group-level protected environment.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/group_protected_environments.html#protect-a-single-environment
+type GroupEnvironmentApprovalRuleOptions struct {
+	UserID                 *int              `url:"user_id,omitempty" json:"user_id,omitempty"`
+	GroupID                *int              `url:"group_id,omitempty" json:"group_id,omitempty"`
+	AccessLevel            *AccessLevelValue `url:"access_level,omitempty" json:"access_level,omitempty"`
+	AccessLevelDescription *string           `url:"access_level_description,omitempty" json:"access_level_description,omitempty"`
+	RequiredApprovalCount  *int              `url:"required_approvals,omitempty" json:"required_approvals,omitempty"`
+	GroupInheritanceType   *int              `url:"group_inheritance_type,omitempty" json:"group_inheritance_type,omitempty"`
+}
+
+// ProtectGroupEnvironment protects a single group-level environment.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/group_protected_environments.html#protect-a-single-environment
+func (s *GroupProtectedEnvironmentsService) ProtectGroupEnvironment(gid interface{}, opt *ProtectGroupEnvironmentOptions, options ...RequestOptionFunc) (*GroupProtectedEnvironment, *Response, error) {
+	group, err := parseID(gid)
+	if err != nil {
+		return nil, nil, err
+	}
+	u := fmt.Sprintf("groups/%s/protected_environments", PathEscape(group))
+
+	req, err := s.client.NewRequest(http.MethodPost, u, opt, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	pe := new(GroupProtectedEnvironment)
+	resp, err := s.client.Do(req, pe)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return pe, resp, nil
+}
+
+// UpdateGroupProtectedEnvironmentOptions represents the available
+// UpdateGroupProtectedEnvironment() options.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/group_protected_environments.html#update-a-protected-environment
+type UpdateGroupProtectedEnvironmentOptions struct {
+	Name                  *string                                       `url:"name,omitempty" json:"name,omitempty"`
+	DeployAccessLevels    *[]*UpdateGroupEnvironmentAccessOptions       `url:"deploy_access_levels,omitempty" json:"deploy_access_levels,omitempty"`
+	RequiredApprovalCount *int                                          `url:"required_approval_count,omitempty" json:"required_approval_count,omitempty"`
+	ApprovalRules         *[]*UpdateGroupEnvironmentApprovalRuleOptions `url:"approval_rules,omitempty" json:"approval_rules,omitempty"`
+}
+
+// UpdateGroupEnvironmentAccessOptions represents the options for updates to the
+// access decription for a group-level protected environment.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/group_protected_environments.html#update-a-protected-environment
+type UpdateGroupEnvironmentAccessOptions struct {
+	AccessLevel *AccessLevelValue `url:"access_level,omitempty" json:"access_level,omitempty"`
+	ID          *int              `url:"id,omitempty" json:"id,omitempty"`
+	UserID      *int              `url:"user_id,omitempty" json:"user_id,omitempty"`
+	GroupID     *int              `url:"group_id,omitempty" json:"group_id,omitempty"`
+	Destroy     *bool             `url:"_destroy,omitempty" json:"_destroy,omitempty"`
+}
+
+// UpdateGroupEnvironmentApprovalRuleOptions represents the updates to the
+// approval rules for a group-level protected environment.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/group_protected_environments.html#update-a-protected-environment
+type UpdateGroupEnvironmentApprovalRuleOptions struct {
+	ID                     *int              `url:"id,omitempty" json:"id,omitempty"`
+	UserID                 *int              `url:"user_id,omitempty" json:"user_id,omitempty"`
+	GroupID                *int              `url:"group_id,omitempty" json:"group_id,omitempty"`
+	AccessLevel            *AccessLevelValue `url:"access_level,omitempty" json:"access_level,omitempty"`
+	AccessLevelDescription *string           `url:"access_level_description,omitempty" json:"access_level_description,omitempty"`
+	RequiredApprovalCount  *int              `url:"required_approvals,omitempty" json:"required_approvals,omitempty"`
+	GroupInheritanceType   *int              `url:"group_inheritance_type,omitempty" json:"group_inheritance_type,omitempty"`
+	Destroy                *bool             `url:"_destroy,omitempty" json:"_destroy,omitempty"`
+}
+
+// UpdateGroupProtectedEnvironment updates a single group-level protected
+// environment.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/group_protected_environments.html#update-a-protected-environment
+func (s *GroupProtectedEnvironmentsService) UpdateGroupProtectedEnvironment(gid interface{}, environment string, opt *UpdateGroupProtectedEnvironmentOptions, options ...RequestOptionFunc) (*GroupProtectedEnvironment, *Response, error) {
+	group, err := parseID(gid)
+	if err != nil {
+		return nil, nil, err
+	}
+	u := fmt.Sprintf("groups/%s/protected_environments/%s", PathEscape(group), environment)
+
+	req, err := s.client.NewRequest(http.MethodPut, u, opt, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	pe := new(GroupProtectedEnvironment)
+	resp, err := s.client.Do(req, pe)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return pe, resp, nil
+}
+
+// UnprotectGroupEnvironment unprotects the given protected group-level
+// environment.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/group_protected_environments.html#unprotect-a-single-environment
+func (s *GroupProtectedEnvironmentsService) UnprotectGroupEnvironment(gid interface{}, environment string, options ...RequestOptionFunc) (*Response, error) {
+	group, err := parseID(gid)
+	if err != nil {
+		return nil, err
+	}
+	u := fmt.Sprintf("groups/%s/protected_environments/%s", PathEscape(group), environment)
+
+	req, err := s.client.NewRequest(http.MethodDelete, u, nil, options)
+	if err != nil {
+		return nil, err
+	}
+
+	return s.client.Do(req, nil)
+}
diff --git a/vendor/github.com/xanzy/go-gitlab/groups.go b/vendor/github.com/xanzy/go-gitlab/groups.go
index 4a9a996d92..fcbd68de1f 100644
--- a/vendor/github.com/xanzy/go-gitlab/groups.go
+++ b/vendor/github.com/xanzy/go-gitlab/groups.go
@@ -68,7 +68,7 @@ type Group struct {
 	MentionsDisabled        bool                       `json:"mentions_disabled"`
 	RunnersToken            string                     `json:"runners_token"`
 	SharedProjects          []*Project                 `json:"shared_projects"`
-	SharedRunnersEnabled    bool                       `json:"shared_runners_enabled"`
+	SharedRunnersSetting    SharedRunnersSettingValue  `json:"shared_runners_setting"`
 	SharedWithGroups        []struct {
 		GroupID          int      `json:"group_id"`
 		GroupName        string   `json:"group_name"`
diff --git a/vendor/github.com/xanzy/go-gitlab/job_token_scope.go b/vendor/github.com/xanzy/go-gitlab/job_token_scope.go
index 82dc508194..ff96ba6984 100644
--- a/vendor/github.com/xanzy/go-gitlab/job_token_scope.go
+++ b/vendor/github.com/xanzy/go-gitlab/job_token_scope.go
@@ -26,6 +26,67 @@ type JobTokenScopeService struct {
 	client *Client
 }
 
+// JobTokenAccessSettings represents job token access attributes for this project.
+//
+// GitLab API docs: https://docs.gitlab.com/ee/api/project_job_token_scopes.html
+type JobTokenAccessSettings struct {
+	InboundEnabled  bool `json:"inbound_enabled"`
+	OutboundEnabled bool `json:"outbound_enabled"`
+}
+
+// GetProjectJobTokenAccessSettings fetch the CI/CD job token access settings (job token scope) of a project.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/project_job_token_scopes.html#get-a-projects-cicd-job-token-access-settings
+func (j *JobTokenScopeService) GetProjectJobTokenAccessSettings(pid interface{}, options ...RequestOptionFunc) (*JobTokenAccessSettings, *Response, error) {
+	project, err := parseID(pid)
+	if err != nil {
+		return nil, nil, err
+	}
+	u := fmt.Sprintf(`projects/%s/job_token_scope`, PathEscape(project))
+
+	req, err := j.client.NewRequest(http.MethodGet, u, nil, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	jt := new(JobTokenAccessSettings)
+	resp, err := j.client.Do(req, jt)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return jt, resp, err
+}
+
+// PatchProjectJobTokenAccessSettingsOptions represents the available
+// PatchProjectJobTokenAccessSettings() options.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/project_job_token_scopes.html#patch-a-projects-cicd-job-token-access-settings
+type PatchProjectJobTokenAccessSettingsOptions struct {
+	Enabled bool `json:"enabled"`
+}
+
+// PatchProjectJobTokenAccessSettings patch the Limit access to this project setting (job token scope) of a project.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/project_job_token_scopes.html#patch-a-projects-cicd-job-token-access-settings
+func (j *JobTokenScopeService) PatchProjectJobTokenAccessSettings(pid interface{}, opt *PatchProjectJobTokenAccessSettingsOptions, options ...RequestOptionFunc) (*Response, error) {
+	project, err := parseID(pid)
+	if err != nil {
+		return nil, err
+	}
+	u := fmt.Sprintf(`projects/%s/job_token_scope`, PathEscape(project))
+
+	req, err := j.client.NewRequest(http.MethodPatch, u, opt, options)
+	if err != nil {
+		return nil, err
+	}
+
+	return j.client.Do(req, nil)
+}
+
 // JobTokenInboundAllowItem represents a single job token inbound allowlist item.
 //
 // GitLab API docs: https://docs.gitlab.com/ee/api/project_job_token_scopes.html
@@ -95,13 +156,13 @@ func (j *JobTokenScopeService) AddProjectToJobScopeAllowList(pid interface{}, op
 		return nil, nil, err
 	}
 
-	ai := new(JobTokenInboundAllowItem)
-	resp, err := j.client.Do(req, ai)
+	jt := new(JobTokenInboundAllowItem)
+	resp, err := j.client.Do(req, jt)
 	if err != nil {
 		return nil, resp, err
 	}
 
-	return ai, resp, nil
+	return jt, resp, nil
 }
 
 // RemoveProjectFromJobScopeAllowList removes a project from a project's job
diff --git a/vendor/github.com/xanzy/go-gitlab/jobs.go b/vendor/github.com/xanzy/go-gitlab/jobs.go
index 0feaee9898..9ad0066581 100644
--- a/vendor/github.com/xanzy/go-gitlab/jobs.go
+++ b/vendor/github.com/xanzy/go-gitlab/jobs.go
@@ -564,3 +564,22 @@ func (s *JobsService) DeleteArtifacts(pid interface{}, jobID int, options ...Req
 
 	return s.client.Do(req, nil)
 }
+
+// DeleteProjectArtifacts delete artifacts eligible for deletion in a project
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/job_artifacts.html#delete-project-artifacts
+func (s *JobsService) DeleteProjectArtifacts(pid interface{}, options ...RequestOptionFunc) (*Response, error) {
+	project, err := parseID(pid)
+	if err != nil {
+		return nil, err
+	}
+	u := fmt.Sprintf("projects/%s/artifacts", PathEscape(project))
+
+	req, err := s.client.NewRequest(http.MethodDelete, u, nil, options)
+	if err != nil {
+		return nil, err
+	}
+
+	return s.client.Do(req, nil)
+}
diff --git a/vendor/github.com/xanzy/go-gitlab/merge_requests.go b/vendor/github.com/xanzy/go-gitlab/merge_requests.go
index 34a244a1d2..458255f334 100644
--- a/vendor/github.com/xanzy/go-gitlab/merge_requests.go
+++ b/vendor/github.com/xanzy/go-gitlab/merge_requests.go
@@ -17,6 +17,7 @@
 package gitlab
 
 import (
+	"encoding/json"
 	"fmt"
 	"net/http"
 	"time"
@@ -35,58 +36,50 @@ type MergeRequestsService struct {
 //
 // GitLab API docs: https://docs.gitlab.com/ee/api/merge_requests.html
 type MergeRequest struct {
-	ID                        int              `json:"id"`
-	IID                       int              `json:"iid"`
-	TargetBranch              string           `json:"target_branch"`
-	SourceBranch              string           `json:"source_branch"`
-	ProjectID                 int              `json:"project_id"`
-	Title                     string           `json:"title"`
-	State                     string           `json:"state"`
-	CreatedAt                 *time.Time       `json:"created_at"`
-	UpdatedAt                 *time.Time       `json:"updated_at"`
-	Upvotes                   int              `json:"upvotes"`
-	Downvotes                 int              `json:"downvotes"`
-	Author                    *BasicUser       `json:"author"`
-	Assignee                  *BasicUser       `json:"assignee"`
-	Assignees                 []*BasicUser     `json:"assignees"`
-	Reviewers                 []*BasicUser     `json:"reviewers"`
-	SourceProjectID           int              `json:"source_project_id"`
-	TargetProjectID           int              `json:"target_project_id"`
-	Labels                    Labels           `json:"labels"`
-	Description               string           `json:"description"`
-	Draft                     bool             `json:"draft"`
-	WorkInProgress            bool             `json:"work_in_progress"`
-	Milestone                 *Milestone       `json:"milestone"`
-	MergeWhenPipelineSucceeds bool             `json:"merge_when_pipeline_succeeds"`
-	DetailedMergeStatus       string           `json:"detailed_merge_status"`
-	MergeError                string           `json:"merge_error"`
-	MergedBy                  *BasicUser       `json:"merged_by"`
-	MergedAt                  *time.Time       `json:"merged_at"`
-	ClosedBy                  *BasicUser       `json:"closed_by"`
-	ClosedAt                  *time.Time       `json:"closed_at"`
-	Subscribed                bool             `json:"subscribed"`
-	SHA                       string           `json:"sha"`
-	MergeCommitSHA            string           `json:"merge_commit_sha"`
-	SquashCommitSHA           string           `json:"squash_commit_sha"`
-	UserNotesCount            int              `json:"user_notes_count"`
-	ChangesCount              string           `json:"changes_count"`
-	ShouldRemoveSourceBranch  bool             `json:"should_remove_source_branch"`
-	ForceRemoveSourceBranch   bool             `json:"force_remove_source_branch"`
-	AllowCollaboration        bool             `json:"allow_collaboration"`
-	WebURL                    string           `json:"web_url"`
-	References                *IssueReferences `json:"references"`
-	DiscussionLocked          bool             `json:"discussion_locked"`
-	Changes                   []struct {
-		OldPath     string `json:"old_path"`
-		NewPath     string `json:"new_path"`
-		AMode       string `json:"a_mode"`
-		BMode       string `json:"b_mode"`
-		Diff        string `json:"diff"`
-		NewFile     bool   `json:"new_file"`
-		RenamedFile bool   `json:"renamed_file"`
-		DeletedFile bool   `json:"deleted_file"`
-	} `json:"changes"`
-	User struct {
+	ID                        int                 `json:"id"`
+	IID                       int                 `json:"iid"`
+	TargetBranch              string              `json:"target_branch"`
+	SourceBranch              string              `json:"source_branch"`
+	ProjectID                 int                 `json:"project_id"`
+	Title                     string              `json:"title"`
+	State                     string              `json:"state"`
+	CreatedAt                 *time.Time          `json:"created_at"`
+	UpdatedAt                 *time.Time          `json:"updated_at"`
+	Upvotes                   int                 `json:"upvotes"`
+	Downvotes                 int                 `json:"downvotes"`
+	Author                    *BasicUser          `json:"author"`
+	Assignee                  *BasicUser          `json:"assignee"`
+	Assignees                 []*BasicUser        `json:"assignees"`
+	Reviewers                 []*BasicUser        `json:"reviewers"`
+	SourceProjectID           int                 `json:"source_project_id"`
+	TargetProjectID           int                 `json:"target_project_id"`
+	Labels                    Labels              `json:"labels"`
+	LabelDetails              []*LabelDetails     `json:"label_details"`
+	Description               string              `json:"description"`
+	Draft                     bool                `json:"draft"`
+	WorkInProgress            bool                `json:"work_in_progress"`
+	Milestone                 *Milestone          `json:"milestone"`
+	MergeWhenPipelineSucceeds bool                `json:"merge_when_pipeline_succeeds"`
+	DetailedMergeStatus       string              `json:"detailed_merge_status"`
+	MergeError                string              `json:"merge_error"`
+	MergedBy                  *BasicUser          `json:"merged_by"`
+	MergedAt                  *time.Time          `json:"merged_at"`
+	ClosedBy                  *BasicUser          `json:"closed_by"`
+	ClosedAt                  *time.Time          `json:"closed_at"`
+	Subscribed                bool                `json:"subscribed"`
+	SHA                       string              `json:"sha"`
+	MergeCommitSHA            string              `json:"merge_commit_sha"`
+	SquashCommitSHA           string              `json:"squash_commit_sha"`
+	UserNotesCount            int                 `json:"user_notes_count"`
+	ChangesCount              string              `json:"changes_count"`
+	ShouldRemoveSourceBranch  bool                `json:"should_remove_source_branch"`
+	ForceRemoveSourceBranch   bool                `json:"force_remove_source_branch"`
+	AllowCollaboration        bool                `json:"allow_collaboration"`
+	WebURL                    string              `json:"web_url"`
+	References                *IssueReferences    `json:"references"`
+	DiscussionLocked          bool                `json:"discussion_locked"`
+	Changes                   []*MergeRequestDiff `json:"changes"`
+	User                      struct {
 		CanMerge bool `json:"can_merge"`
 	} `json:"user"`
 	TimeStats    *TimeStats    `json:"time_stats"`
@@ -116,6 +109,55 @@ func (m MergeRequest) String() string {
 	return Stringify(m)
 }
 
+func (m *MergeRequest) UnmarshalJSON(data []byte) error {
+	type alias MergeRequest
+
+	raw := make(map[string]interface{})
+	err := json.Unmarshal(data, &raw)
+	if err != nil {
+		return err
+	}
+
+	labelDetails, ok := raw["labels"].([]interface{})
+	if ok && len(labelDetails) > 0 {
+		// We only want to change anything if we got label details.
+		if _, ok := labelDetails[0].(map[string]interface{}); !ok {
+			return json.Unmarshal(data, (*alias)(m))
+		}
+
+		labels := make([]interface{}, len(labelDetails))
+		for i, details := range labelDetails {
+			labels[i] = details.(map[string]interface{})["name"]
+		}
+
+		// Set the correct values
+		raw["labels"] = labels
+		raw["label_details"] = labelDetails
+
+		data, err = json.Marshal(raw)
+		if err != nil {
+			return err
+		}
+	}
+
+	return json.Unmarshal(data, (*alias)(m))
+}
+
+// MergeRequestDiff represents Gitlab merge request diff.
+//
+// Gitlab API docs:
+// https://docs.gitlab.com/ee/api/merge_requests.html#list-merge-request-diffs
+type MergeRequestDiff struct {
+	OldPath     string `json:"old_path"`
+	NewPath     string `json:"new_path"`
+	AMode       string `json:"a_mode"`
+	BMode       string `json:"b_mode"`
+	Diff        string `json:"diff"`
+	NewFile     bool   `json:"new_file"`
+	RenamedFile bool   `json:"renamed_file"`
+	DeletedFile bool   `json:"deleted_file"`
+}
+
 // MergeRequestDiffVersion represents Gitlab merge request version.
 //
 // Gitlab API docs:
@@ -160,6 +202,7 @@ type ListMergeRequestsOptions struct {
 	Scope                  *string           `url:"scope,omitempty" json:"scope,omitempty"`
 	AuthorID               *int              `url:"author_id,omitempty" json:"author_id,omitempty"`
 	AuthorUsername         *string           `url:"author_username,omitempty" json:"author_username,omitempty"`
+	NotAuthorUsername      *string           `url:"not[author_username],omitempty" json:"not[author_username],omitempty"`
 	AssigneeID             *AssigneeIDValue  `url:"assignee_id,omitempty" json:"assignee_id,omitempty"`
 	ApproverIDs            *ApproverIDsValue `url:"approver_ids,omitempty" json:"approver_ids,omitempty"`
 	ApprovedByIDs          *ApproverIDsValue `url:"approved_by_ids,omitempty" json:"approved_by_ids,omitempty"`
@@ -220,6 +263,7 @@ type ListProjectMergeRequestsOptions struct {
 	Scope                  *string           `url:"scope,omitempty" json:"scope,omitempty"`
 	AuthorID               *int              `url:"author_id,omitempty" json:"author_id,omitempty"`
 	AuthorUsername         *string           `url:"author_username,omitempty" json:"author_username,omitempty"`
+	NotAuthorUsername      *string           `url:"not[author_username],omitempty" json:"not[author_username],omitempty"`
 	AssigneeID             *AssigneeIDValue  `url:"assignee_id,omitempty" json:"assignee_id,omitempty"`
 	ApproverIDs            *ApproverIDsValue `url:"approver_ids,omitempty" json:"approver_ids,omitempty"`
 	ApprovedByIDs          *ApproverIDsValue `url:"approved_by_ids,omitempty" json:"approved_by_ids,omitempty"`
@@ -281,6 +325,7 @@ type ListGroupMergeRequestsOptions struct {
 	Scope                  *string           `url:"scope,omitempty" json:"scope,omitempty"`
 	AuthorID               *int              `url:"author_id,omitempty" json:"author_id,omitempty"`
 	AuthorUsername         *string           `url:"author_username,omitempty" json:"author_username,omitempty"`
+	NotAuthorUsername      *string           `url:"not[author_username],omitempty" json:"not[author_username],omitempty"`
 	AssigneeID             *AssigneeIDValue  `url:"assignee_id,omitempty" json:"assignee_id,omitempty"`
 	ApproverIDs            *ApproverIDsValue `url:"approver_ids,omitempty" json:"approver_ids,omitempty"`
 	ApprovedByIDs          *ApproverIDsValue `url:"approved_by_ids,omitempty" json:"approved_by_ids,omitempty"`
@@ -425,6 +470,9 @@ type GetMergeRequestChangesOptions struct {
 // GetMergeRequestChanges shows information about the merge request including
 // its files and changes.
 //
+// Deprecated: This endpoint has been replaced by
+// MergeRequestsService.ListMergeRequestDiffs()
+//
 // GitLab API docs:
 // https://docs.gitlab.com/ee/api/merge_requests.html#get-single-merge-request-changes
 func (s *MergeRequestsService) GetMergeRequestChanges(pid interface{}, mergeRequest int, opt *GetMergeRequestChangesOptions, options ...RequestOptionFunc) (*MergeRequest, *Response, error) {
@@ -448,6 +496,38 @@ func (s *MergeRequestsService) GetMergeRequestChanges(pid interface{}, mergeRequ
 	return m, resp, nil
 }
 
+// ListMergeRequestDiffsOptions represents the available ListMergeRequestDiffs()
+// options.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/merge_requests.html#list-merge-request-diffs
+type ListMergeRequestDiffsOptions ListOptions
+
+// ListMergeRequestDiffs List diffs of the files changed in a merge request
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/merge_requests.html#list-merge-request-diffs
+func (s *MergeRequestsService) ListMergeRequestDiffs(pid interface{}, mergeRequest int, opt *ListMergeRequestDiffsOptions, options ...RequestOptionFunc) ([]*MergeRequestDiff, *Response, error) {
+	project, err := parseID(pid)
+	if err != nil {
+		return nil, nil, err
+	}
+	u := fmt.Sprintf("projects/%s/merge_requests/%d/diffs", PathEscape(project), mergeRequest)
+
+	req, err := s.client.NewRequest(http.MethodGet, u, opt, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var m []*MergeRequestDiff
+	resp, err := s.client.Do(req, &m)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return m, resp, nil
+}
+
 // GetMergeRequestParticipants gets a list of merge request participants.
 //
 // GitLab API docs:
@@ -464,13 +544,48 @@ func (s *MergeRequestsService) GetMergeRequestParticipants(pid interface{}, merg
 		return nil, nil, err
 	}
 
-	var ps []*BasicUser
-	resp, err := s.client.Do(req, &ps)
+	var bu []*BasicUser
+	resp, err := s.client.Do(req, &bu)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return bu, resp, nil
+}
+
+// MergeRequestReviewer represents a GitLab merge request reviewer.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/merge_requests.html#get-single-merge-request-reviewers
+type MergeRequestReviewer struct {
+	User      *BasicUser `json:"user"`
+	State     string     `json:"state"`
+	CreatedAt *time.Time `json:"created_at"`
+}
+
+// GetMergeRequestReviewers gets a list of merge request reviewers.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/merge_requests.html#get-single-merge-request-reviewers
+func (s *MergeRequestsService) GetMergeRequestReviewers(pid interface{}, mergeRequest int, options ...RequestOptionFunc) ([]*MergeRequestReviewer, *Response, error) {
+	project, err := parseID(pid)
+	if err != nil {
+		return nil, nil, err
+	}
+	u := fmt.Sprintf("projects/%s/merge_requests/%d/reviewers", PathEscape(project), mergeRequest)
+
+	req, err := s.client.NewRequest(http.MethodGet, u, nil, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var mrr []*MergeRequestReviewer
+	resp, err := s.client.Do(req, &mrr)
 	if err != nil {
 		return nil, resp, err
 	}
 
-	return ps, resp, nil
+	return mrr, resp, nil
 }
 
 // ListMergeRequestPipelines gets all pipelines for the provided merge request.
diff --git a/vendor/github.com/xanzy/go-gitlab/merge_trains.go b/vendor/github.com/xanzy/go-gitlab/merge_trains.go
new file mode 100644
index 0000000000..e55917fa0c
--- /dev/null
+++ b/vendor/github.com/xanzy/go-gitlab/merge_trains.go
@@ -0,0 +1,170 @@
+package gitlab
+
+import (
+	"fmt"
+	"net/http"
+	"time"
+)
+
+// MergeTrainsService handles communication with the merge trains related
+// methods of the GitLab API.
+//
+// GitLab API docs: https://docs.gitlab.com/ee/api/merge_trains.html
+type MergeTrainsService struct {
+	client *Client
+}
+
+// MergeTrain represents a Gitlab merge train.
+//
+// GitLab API docs: https://docs.gitlab.com/ee/api/merge_trains.html
+type MergeTrain struct {
+	ID           int                     `json:"id"`
+	MergeRequest *MergeTrainMergeRequest `json:"merge_request"`
+	User         *BasicUser              `json:"user"`
+	Pipeline     *Pipeline               `json:"pipeline"`
+	CreatedAt    *time.Time              `json:"created_at"`
+	UpdatedAt    *time.Time              `json:"updated_at"`
+	TargetBranch string                  `json:"target_branch"`
+	Status       string                  `json:"status"`
+	MergedAt     *time.Time              `json:"merged_at"`
+	Duration     int                     `json:"duration"`
+}
+
+// MergeTrainMergeRequest represents a Gitlab merge request inside merge train.
+//
+// GitLab API docs: https://docs.gitlab.com/ee/api/merge_trains.html
+type MergeTrainMergeRequest struct {
+	ID          int        `json:"id"`
+	IID         int        `json:"iid"`
+	ProjectID   int        `json:"project_id"`
+	Title       string     `json:"title"`
+	Description string     `json:"description"`
+	State       string     `json:"state"`
+	CreatedAt   *time.Time `json:"created_at"`
+	UpdatedAt   *time.Time `json:"updated_at"`
+	WebURL      string     `json:"web_url"`
+}
+
+// ListMergeTrainsOptions represents the available ListMergeTrain() options.
+//
+// Gitab API docs:
+// https://docs.gitlab.com/ee/api/merge_trains.html#list-merge-trains-for-a-project
+type ListMergeTrainsOptions struct {
+	ListOptions
+	Scope *string `url:"scope,omitempty" json:"scope,omitempty"`
+	Sort  *string `url:"sort,omitempty" json:"sort,omitempty"`
+}
+
+// ListProjectMergeTrains get a list of merge trains in a project.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/merge_trains.html#list-merge-trains-for-a-project
+func (s *MergeTrainsService) ListProjectMergeTrains(pid interface{}, opt *ListMergeTrainsOptions, options ...RequestOptionFunc) ([]*MergeTrain, *Response, error) {
+	project, err := parseID(pid)
+	if err != nil {
+		return nil, nil, err
+	}
+	u := fmt.Sprintf("projects/%s/merge_trains", PathEscape(project))
+
+	req, err := s.client.NewRequest(http.MethodGet, u, opt, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var mts []*MergeTrain
+	resp, err := s.client.Do(req, &mts)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return mts, resp, nil
+}
+
+// ListMergeRequestInMergeTrain gets a list of merge requests added to a merge
+// train for the requested target branch.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/merge_trains.html#list-merge-requests-in-a-merge-train
+func (s *MergeTrainsService) ListMergeRequestInMergeTrain(pid interface{}, targetBranch string, opts *ListMergeTrainsOptions, options ...RequestOptionFunc) ([]*MergeTrain, *Response, error) {
+	project, err := parseID(pid)
+	if err != nil {
+		return nil, nil, err
+	}
+	u := fmt.Sprintf("projects/%s/merge_trains/%s", PathEscape(project), targetBranch)
+
+	req, err := s.client.NewRequest(http.MethodGet, u, opts, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var mts []*MergeTrain
+	resp, err := s.client.Do(req, &mts)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return mts, resp, nil
+}
+
+// GetMergeRequestOnAMergeTrain Get merge train information for the requested
+// merge request.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/merge_trains.html#get-the-status-of-a-merge-request-on-a-merge-train
+func (s *MergeTrainsService) GetMergeRequestOnAMergeTrain(pid interface{}, mergeRequest int, options ...RequestOptionFunc) (*MergeTrain, *Response, error) {
+	project, err := parseID(pid)
+	if err != nil {
+		return nil, nil, err
+	}
+	u := fmt.Sprintf("projects/%s/merge_trains/merge_requests/%d", PathEscape(project), mergeRequest)
+
+	req, err := s.client.NewRequest(http.MethodGet, u, nil, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	mt := new(MergeTrain)
+	resp, err := s.client.Do(req, mt)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return mt, resp, nil
+}
+
+// AddMergeRequestToMergeTrainOptions represents the available
+// AddMergeRequestToMergeTrain() options.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/merge_trains.html#add-a-merge-request-to-a-merge-train
+type AddMergeRequestToMergeTrainOptions struct {
+	WhenPipelineSucceeds *bool   `url:"when_pipeline_succeeds,omitempty" json:"when_pipeline_succeeds,omitempty"`
+	SHA                  *string `url:"sha,omitempty" json:"sha,omitempty"`
+	Squash               *bool   `url:"squash,omitempty" json:"squash,omitempty"`
+}
+
+// AddMergeRequestToMergeTrain Add a merge request to the merge train targeting
+// the merge request’s target branch.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/merge_trains.html#add-a-merge-request-to-a-merge-train
+func (s *MergeTrainsService) AddMergeRequestToMergeTrain(pid interface{}, mergeRequest int, opts *AddMergeRequestToMergeTrainOptions, options ...RequestOptionFunc) ([]*MergeTrain, *Response, error) {
+	project, err := parseID(pid)
+	if err != nil {
+		return nil, nil, err
+	}
+	u := fmt.Sprintf("projects/%s/merge_trains/merge_requests/%d", PathEscape(project), mergeRequest)
+
+	req, err := s.client.NewRequest(http.MethodPost, u, opts, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var mts []*MergeTrain
+	resp, err := s.client.Do(req, &mts)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return mts, resp, nil
+}
diff --git a/vendor/github.com/xanzy/go-gitlab/notifications.go b/vendor/github.com/xanzy/go-gitlab/notifications.go
index da02415a9f..92c2cb189a 100644
--- a/vendor/github.com/xanzy/go-gitlab/notifications.go
+++ b/vendor/github.com/xanzy/go-gitlab/notifications.go
@@ -45,18 +45,24 @@ type NotificationSettings struct {
 // GitLab API docs:
 // https://docs.gitlab.com/ee/api/notification_settings.html#valid-notification-levels
 type NotificationEvents struct {
-	CloseIssue           bool `json:"close_issue"`
-	CloseMergeRequest    bool `json:"close_merge_request"`
-	FailedPipeline       bool `json:"failed_pipeline"`
-	MergeMergeRequest    bool `json:"merge_merge_request"`
-	NewIssue             bool `json:"new_issue"`
-	NewMergeRequest      bool `json:"new_merge_request"`
-	NewNote              bool `json:"new_note"`
-	ReassignIssue        bool `json:"reassign_issue"`
-	ReassignMergeRequest bool `json:"reassign_merge_request"`
-	ReopenIssue          bool `json:"reopen_issue"`
-	ReopenMergeRequest   bool `json:"reopen_merge_request"`
-	SuccessPipeline      bool `json:"success_pipeline"`
+	CloseIssue                bool `json:"close_issue"`
+	CloseMergeRequest         bool `json:"close_merge_request"`
+	FailedPipeline            bool `json:"failed_pipeline"`
+	FixedPipeline             bool `json:"fixed_pipeline"`
+	IssueDue                  bool `json:"issue_due"`
+	MergeWhenPipelineSucceeds bool `json:"merge_when_pipeline_succeeds"`
+	MergeMergeRequest         bool `json:"merge_merge_request"`
+	MovedProject              bool `json:"moved_project"`
+	NewIssue                  bool `json:"new_issue"`
+	NewMergeRequest           bool `json:"new_merge_request"`
+	NewEpic                   bool `json:"new_epic"`
+	NewNote                   bool `json:"new_note"`
+	PushToMergeRequest        bool `json:"push_to_merge_request"`
+	ReassignIssue             bool `json:"reassign_issue"`
+	ReassignMergeRequest      bool `json:"reassign_merge_request"`
+	ReopenIssue               bool `json:"reopen_issue"`
+	ReopenMergeRequest        bool `json:"reopen_merge_request"`
+	SuccessPipeline           bool `json:"success_pipeline"`
 }
 
 func (ns NotificationSettings) String() string {
@@ -87,20 +93,26 @@ func (s *NotificationSettingsService) GetGlobalSettings(options ...RequestOption
 // NotificationSettingsOptions represents the available options that can be passed
 // to the API when updating the notification settings.
 type NotificationSettingsOptions struct {
-	Level                *NotificationLevelValue `url:"level,omitempty" json:"level,omitempty"`
-	NotificationEmail    *string                 `url:"notification_email,omitempty" json:"notification_email,omitempty"`
-	CloseIssue           *bool                   `url:"close_issue,omitempty" json:"close_issue,omitempty"`
-	CloseMergeRequest    *bool                   `url:"close_merge_request,omitempty" json:"close_merge_request,omitempty"`
-	FailedPipeline       *bool                   `url:"failed_pipeline,omitempty" json:"failed_pipeline,omitempty"`
-	MergeMergeRequest    *bool                   `url:"merge_merge_request,omitempty" json:"merge_merge_request,omitempty"`
-	NewIssue             *bool                   `url:"new_issue,omitempty" json:"new_issue,omitempty"`
-	NewMergeRequest      *bool                   `url:"new_merge_request,omitempty" json:"new_merge_request,omitempty"`
-	NewNote              *bool                   `url:"new_note,omitempty" json:"new_note,omitempty"`
-	ReassignIssue        *bool                   `url:"reassign_issue,omitempty" json:"reassign_issue,omitempty"`
-	ReassignMergeRequest *bool                   `url:"reassign_merge_request,omitempty" json:"reassign_merge_request,omitempty"`
-	ReopenIssue          *bool                   `url:"reopen_issue,omitempty" json:"reopen_issue,omitempty"`
-	ReopenMergeRequest   *bool                   `url:"reopen_merge_request,omitempty" json:"reopen_merge_request,omitempty"`
-	SuccessPipeline      *bool                   `url:"success_pipeline,omitempty" json:"success_pipeline,omitempty"`
+	Level                     *NotificationLevelValue `url:"level,omitempty" json:"level,omitempty"`
+	NotificationEmail         *string                 `url:"notification_email,omitempty" json:"notification_email,omitempty"`
+	CloseIssue                *bool                   `url:"close_issue,omitempty" json:"close_issue,omitempty"`
+	CloseMergeRequest         *bool                   `url:"close_merge_request,omitempty" json:"close_merge_request,omitempty"`
+	FailedPipeline            *bool                   `url:"failed_pipeline,omitempty" json:"failed_pipeline,omitempty"`
+	FixedPipeline             *bool                   `url:"fixed_pipeline,omitempty" json:"fixed_pipeline,omitempty"`
+	IssueDue                  *bool                   `url:"issue_due,omitempty" json:"issue_due,omitempty"`
+	MergeMergeRequest         *bool                   `url:"merge_merge_request,omitempty" json:"merge_merge_request,omitempty"`
+	MergeWhenPipelineSucceeds *bool                   `url:"merge_when_pipeline_succeeds,omitempty" json:"merge_when_pipeline_succeeds,omitempty"`
+	MovedProject              *bool                   `url:"moved_project,omitempty" json:"moved_project,omitempty"`
+	NewEpic                   *bool                   `url:"new_epic,omitempty" json:"new_epic,omitempty"`
+	NewIssue                  *bool                   `url:"new_issue,omitempty" json:"new_issue,omitempty"`
+	NewMergeRequest           *bool                   `url:"new_merge_request,omitempty" json:"new_merge_request,omitempty"`
+	NewNote                   *bool                   `url:"new_note,omitempty" json:"new_note,omitempty"`
+	PushToMergeRequest        *bool                   `url:"push_to_merge_request,omitempty" json:"push_to_merge_request,omitempty"`
+	ReassignIssue             *bool                   `url:"reassign_issue,omitempty" json:"reassign_issue,omitempty"`
+	ReassignMergeRequest      *bool                   `url:"reassign_merge_request,omitempty" json:"reassign_merge_request,omitempty"`
+	ReopenIssue               *bool                   `url:"reopen_issue,omitempty" json:"reopen_issue,omitempty"`
+	ReopenMergeRequest        *bool                   `url:"reopen_merge_request,omitempty" json:"reopen_merge_request,omitempty"`
+	SuccessPipeline           *bool                   `url:"success_pipeline,omitempty" json:"success_pipeline,omitempty"`
 }
 
 // UpdateGlobalSettings updates current notification settings and email address.
diff --git a/vendor/github.com/xanzy/go-gitlab/project_access_tokens.go b/vendor/github.com/xanzy/go-gitlab/project_access_tokens.go
index 9fa510d098..780e59a822 100644
--- a/vendor/github.com/xanzy/go-gitlab/project_access_tokens.go
+++ b/vendor/github.com/xanzy/go-gitlab/project_access_tokens.go
@@ -146,6 +146,31 @@ func (s *ProjectAccessTokensService) CreateProjectAccessToken(pid interface{}, o
 	return pat, resp, nil
 }
 
+// RotateProjectAccessToken revokes a project access token and returns a new
+// project access token that expires in one week.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/project_access_tokens.html#rotate-a-project-access-token
+func (s *ProjectAccessTokensService) RotateProjectAccessToken(pid interface{}, id int, options ...RequestOptionFunc) (*ProjectAccessToken, *Response, error) {
+	projects, err := parseID(pid)
+	if err != nil {
+		return nil, nil, err
+	}
+	u := fmt.Sprintf("projects/%s/access_tokens/%d/rotate", PathEscape(projects), id)
+	req, err := s.client.NewRequest(http.MethodPost, u, nil, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	pat := new(ProjectAccessToken)
+	resp, err := s.client.Do(req, pat)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return pat, resp, nil
+}
+
 // RevokeProjectAccessToken revokes a project access token.
 //
 // GitLab API docs:
diff --git a/vendor/github.com/xanzy/go-gitlab/projects.go b/vendor/github.com/xanzy/go-gitlab/projects.go
index 6d4cfe77ae..6a2b3be018 100644
--- a/vendor/github.com/xanzy/go-gitlab/projects.go
+++ b/vendor/github.com/xanzy/go-gitlab/projects.go
@@ -197,13 +197,14 @@ type ContainerExpirationPolicy struct {
 
 // ForkParent represents the parent project when this is a fork.
 type ForkParent struct {
-	HTTPURLToRepo     string `json:"http_url_to_repo"`
 	ID                int    `json:"id"`
 	Name              string `json:"name"`
 	NameWithNamespace string `json:"name_with_namespace"`
 	Path              string `json:"path"`
 	PathWithNamespace string `json:"path_with_namespace"`
+	HTTPURLToRepo     string `json:"http_url_to_repo"`
 	WebURL            string `json:"web_url"`
+	RepositoryStorage string `json:"repository_storage"`
 }
 
 // GroupAccess represents group access.
@@ -390,6 +391,31 @@ func (s *ProjectsService) ListUserProjects(uid interface{}, opt *ListProjectsOpt
 	return p, resp, nil
 }
 
+// ListUserContributedProjects gets a list of visible projects a given user has contributed to.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/projects.html#list-projects-a-user-has-contributed-to
+func (s *ProjectsService) ListUserContributedProjects(uid interface{}, opt *ListProjectsOptions, options ...RequestOptionFunc) ([]*Project, *Response, error) {
+	user, err := parseID(uid)
+	if err != nil {
+		return nil, nil, err
+	}
+	u := fmt.Sprintf("users/%s/contributed_projects", user)
+
+	req, err := s.client.NewRequest(http.MethodGet, u, opt, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var p []*Project
+	resp, err := s.client.Do(req, &p)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return p, resp, nil
+}
+
 // ListUserStarredProjects gets a list of projects starred by the given user.
 //
 // GitLab API docs:
@@ -1809,6 +1835,7 @@ func (s *ProjectsService) GetProjectApprovalRule(pid interface{}, ruleID int, op
 type CreateProjectLevelRuleOptions struct {
 	Name                          *string `url:"name,omitempty" json:"name,omitempty"`
 	ApprovalsRequired             *int    `url:"approvals_required,omitempty" json:"approvals_required,omitempty"`
+	ReportType                    *string `url:"report_type,omitempty" json:"report_type,omitempty"`
 	RuleType                      *string `url:"rule_type,omitempty" json:"rule_type,omitempty"`
 	UserIDs                       *[]int  `url:"user_ids,omitempty" json:"user_ids,omitempty"`
 	GroupIDs                      *[]int  `url:"group_ids,omitempty" json:"group_ids,omitempty"`
diff --git a/vendor/github.com/xanzy/go-gitlab/protected_environments.go b/vendor/github.com/xanzy/go-gitlab/protected_environments.go
index 21820ab39c..3dc7fbdfba 100644
--- a/vendor/github.com/xanzy/go-gitlab/protected_environments.go
+++ b/vendor/github.com/xanzy/go-gitlab/protected_environments.go
@@ -191,6 +191,73 @@ func (s *ProtectedEnvironmentsService) ProtectRepositoryEnvironments(pid interfa
 	return pe, resp, nil
 }
 
+// UpdateProtectedEnvironmentsOptions represents the available
+// UpdateProtectedEnvironments() options.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/protected_environments.html#update-a-protected-environment
+type UpdateProtectedEnvironmentsOptions struct {
+	Name                  *string                                  `url:"name,omitempty" json:"name,omitempty"`
+	DeployAccessLevels    *[]*UpdateEnvironmentAccessOptions       `url:"deploy_access_levels,omitempty" json:"deploy_access_levels,omitempty"`
+	RequiredApprovalCount *int                                     `url:"required_approval_count,omitempty" json:"required_approval_count,omitempty"`
+	ApprovalRules         *[]*UpdateEnvironmentApprovalRuleOptions `url:"approval_rules,omitempty" json:"approval_rules,omitempty"`
+}
+
+// UpdateEnvironmentAccessOptions represents the options for updates to an
+// access decription for a protected environment.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/protected_environments.html#update-a-protected-environment
+type UpdateEnvironmentAccessOptions struct {
+	AccessLevel *AccessLevelValue `url:"access_level,omitempty" json:"access_level,omitempty"`
+	ID          *int              `url:"id,omitempty" json:"id,omitempty"`
+	UserID      *int              `url:"user_id,omitempty" json:"user_id,omitempty"`
+	GroupID     *int              `url:"group_id,omitempty" json:"group_id,omitempty"`
+	Destroy     *bool             `url:"_destroy,omitempty" json:"_destroy,omitempty"`
+}
+
+// UpdateEnvironmentApprovalRuleOptions represents the updates to the approval
+// rules for a protected environment.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/protected_environments.html#update-a-protected-environment
+type UpdateEnvironmentApprovalRuleOptions struct {
+	ID                     *int              `url:"id,omitempty" json:"id,omitempty"`
+	UserID                 *int              `url:"user_id,omitempty" json:"user_id,omitempty"`
+	GroupID                *int              `url:"group_id,omitempty" json:"group_id,omitempty"`
+	AccessLevel            *AccessLevelValue `url:"access_level,omitempty" json:"access_level,omitempty"`
+	AccessLevelDescription *string           `url:"access_level_description,omitempty" json:"access_level_description,omitempty"`
+	RequiredApprovalCount  *int              `url:"required_approvals,omitempty" json:"required_approvals,omitempty"`
+	GroupInheritanceType   *int              `url:"group_inheritance_type,omitempty" json:"group_inheritance_type,omitempty"`
+	Destroy                *bool             `url:"_destroy,omitempty" json:"_destroy,omitempty"`
+}
+
+// UpdateProtectedEnvironments updates a single repository environment or
+// several project repository environments using wildcard protected environment.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/protected_environments.html#update-a-protected-environment
+func (s *ProtectedEnvironmentsService) UpdateProtectedEnvironments(pid interface{}, environment string, opt *UpdateProtectedEnvironmentsOptions, options ...RequestOptionFunc) (*ProtectedEnvironment, *Response, error) {
+	project, err := parseID(pid)
+	if err != nil {
+		return nil, nil, err
+	}
+	u := fmt.Sprintf("projects/%s/protected_environments/%s", PathEscape(project), environment)
+
+	req, err := s.client.NewRequest(http.MethodPut, u, opt, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	pe := new(ProtectedEnvironment)
+	resp, err := s.client.Do(req, pe)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return pe, resp, nil
+}
+
 // UnprotectEnvironment unprotects the given protected environment or wildcard
 // protected environment.
 //
diff --git a/vendor/github.com/xanzy/go-gitlab/releases.go b/vendor/github.com/xanzy/go-gitlab/releases.go
index 86308c5a9f..3d6a897728 100644
--- a/vendor/github.com/xanzy/go-gitlab/releases.go
+++ b/vendor/github.com/xanzy/go-gitlab/releases.go
@@ -133,6 +133,31 @@ func (s *ReleasesService) GetRelease(pid interface{}, tagName string, options ..
 	return r, resp, nil
 }
 
+// GetLatestRelease returns the latest release for the project.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/releases/#get-the-latest-release
+func (s *ReleasesService) GetLatestRelease(pid interface{}, options ...RequestOptionFunc) (*Release, *Response, error) {
+	project, err := parseID(pid)
+	if err != nil {
+		return nil, nil, err
+	}
+	u := fmt.Sprintf("projects/%s/releases/permalink/latest", PathEscape(project))
+
+	req, err := s.client.NewRequest(http.MethodGet, u, nil, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	r := new(Release)
+	resp, err := s.client.Do(req, r)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return r, resp, err
+}
+
 // CreateReleaseOptions represents CreateRelease() options.
 //
 // GitLab API docs:
diff --git a/vendor/github.com/xanzy/go-gitlab/repositories.go b/vendor/github.com/xanzy/go-gitlab/repositories.go
index b89efc0901..986dd001cd 100644
--- a/vendor/github.com/xanzy/go-gitlab/repositories.go
+++ b/vendor/github.com/xanzy/go-gitlab/repositories.go
@@ -140,6 +140,7 @@ func (s *RepositoriesService) RawBlobContent(pid interface{}, sha string, option
 // https://docs.gitlab.com/ee/api/repositories.html#get-file-archive
 type ArchiveOptions struct {
 	Format *string `url:"-" json:"-"`
+	Path   *string `url:"path,omitempty" json:"path,omitempty"`
 	SHA    *string `url:"sha,omitempty" json:"sha,omitempty"`
 }
 
diff --git a/vendor/github.com/xanzy/go-gitlab/resource_iteration_events.go b/vendor/github.com/xanzy/go-gitlab/resource_iteration_events.go
new file mode 100644
index 0000000000..7ad354a7b2
--- /dev/null
+++ b/vendor/github.com/xanzy/go-gitlab/resource_iteration_events.go
@@ -0,0 +1,122 @@
+//
+// Copyright 2023, Hakki Ceylan, Yavuz Turk
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+package gitlab
+
+import (
+	"fmt"
+	"net/http"
+	"time"
+)
+
+// ResourceIterationEventsService handles communication with the event related
+// methods of the GitLab API.
+//
+// GitLab API docs: https://docs.gitlab.com/ee/api/resource_iteration_events.html
+type ResourceIterationEventsService struct {
+	client *Client
+}
+
+// IterationEvent represents a resource iteration event.
+//
+// GitLab API docs: https://docs.gitlab.com/ee/api/resource_iteration_events.html
+type IterationEvent struct {
+	ID           int        `json:"id"`
+	User         *BasicUser `json:"user"`
+	CreatedAt    *time.Time `json:"created_at"`
+	ResourceType string     `json:"resource_type"`
+	ResourceID   int        `json:"resource_id"`
+	Iteration    *Iteration `json:"iteration"`
+	Action       string     `json:"action"`
+}
+
+// Iteration represents a project issue iteration.
+//
+// GitLab API docs: https://docs.gitlab.com/ee/api/resource_iteration_events.html
+type Iteration struct {
+	ID          int        `json:"id"`
+	IID         int        `json:"iid"`
+	Sequence    int        `json:"sequence"`
+	GroupId     int        `json:"group_id"`
+	Title       string     `json:"title"`
+	Description string     `json:"description"`
+	State       int        `json:"state"`
+	CreatedAt   *time.Time `json:"created_at"`
+	UpdatedAt   *time.Time `json:"updated_at"`
+	DueDate     *ISOTime   `json:"due_date"`
+	StartDate   *ISOTime   `json:"start_date"`
+	WebURL      string     `json:"web_url"`
+}
+
+// ListIterationEventsOptions represents the options for all resource state
+// events list methods.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/resource_iteration_events.html#list-project-issue-iteration-events
+type ListIterationEventsOptions struct {
+	ListOptions
+}
+
+// ListIssueIterationEvents retrieves resource iteration events for the
+// specified project and issue.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/resource_iteration_events.html#list-project-issue-iteration-events
+func (s *ResourceIterationEventsService) ListIssueIterationEvents(pid interface{}, issue int, opt *ListIterationEventsOptions, options ...RequestOptionFunc) ([]*IterationEvent, *Response, error) {
+	project, err := parseID(pid)
+	if err != nil {
+		return nil, nil, err
+	}
+	u := fmt.Sprintf("projects/%s/issues/%d/resource_iteration_events", PathEscape(project), issue)
+
+	req, err := s.client.NewRequest(http.MethodGet, u, opt, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var ies []*IterationEvent
+	resp, err := s.client.Do(req, &ies)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return ies, resp, nil
+}
+
+// GetIssueIterationEvent gets a single issue iteration event.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/resource_iteration_events.html#get-single-issue-iteration-event
+func (s *ResourceIterationEventsService) GetIssueIterationEvent(pid interface{}, issue int, event int, options ...RequestOptionFunc) (*IterationEvent, *Response, error) {
+	project, err := parseID(pid)
+	if err != nil {
+		return nil, nil, err
+	}
+	u := fmt.Sprintf("projects/%s/issues/%d/resource_iteration_events/%d", PathEscape(project), issue, event)
+
+	req, err := s.client.NewRequest(http.MethodGet, u, nil, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	ie := new(IterationEvent)
+	resp, err := s.client.Do(req, ie)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return ie, resp, nil
+}
diff --git a/vendor/github.com/xanzy/go-gitlab/services.go b/vendor/github.com/xanzy/go-gitlab/services.go
index 69842aec14..0313eccdb0 100644
--- a/vendor/github.com/xanzy/go-gitlab/services.go
+++ b/vendor/github.com/xanzy/go-gitlab/services.go
@@ -179,6 +179,106 @@ func (s *ServicesService) DeleteCustomIssueTrackerService(pid interface{}, optio
 	return s.client.Do(req, nil)
 }
 
+// DataDogService represents DataDog service settings.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/services.html#datadog
+type DataDogService struct {
+	Service
+	Properties *DataDogServiceProperties `json:"properties"`
+}
+
+// DataDogServiceProperties represents DataDog specific properties.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/services.html#datadog
+type DataDogServiceProperties struct {
+	APIURL             string `url:"api_url,omitempty" json:"api_url,omitempty"`
+	DataDogEnv         string `url:"datadog_env,omitempty" json:"datadog_env,omitempty"`
+	DataDogService     string `url:"datadog_service,omitempty" json:"datadog_service,omitempty"`
+	DataDogSite        string `url:"datadog_site,omitempty" json:"datadog_site,omitempty"`
+	DataDogTags        string `url:"datadog_tags,omitempty" json:"datadog_tags,omitempty"`
+	ArchiveTraceEvents bool   `url:"archive_trace_events,omitempty" json:"archive_trace_events,omitempty"`
+}
+
+// GetDataDogService gets DataDog service settings for a project.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/services.html#get-datadog-integration-settings
+func (s *ServicesService) GetDataDogService(pid interface{}, options ...RequestOptionFunc) (*DataDogService, *Response, error) {
+	project, err := parseID(pid)
+	if err != nil {
+		return nil, nil, err
+	}
+	u := fmt.Sprintf("projects/%s/services/datadog", PathEscape(project))
+
+	req, err := s.client.NewRequest(http.MethodGet, u, nil, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	svc := new(DataDogService)
+	resp, err := s.client.Do(req, svc)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return svc, resp, nil
+}
+
+// SetDataDogServiceOptions represents the available SetDataDogService()
+// options.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/services.html#createedit-datadog-integration
+type SetDataDogServiceOptions struct {
+	APIKey             *string `url:"api_key,omitempty" json:"api_key,omitempty"`
+	APIURL             *string `url:"api_url,omitempty" json:"api_url,omitempty"`
+	DataDogEnv         *string `url:"datadog_env,omitempty" json:"datadog_env,omitempty"`
+	DataDogService     *string `url:"datadog_service,omitempty" json:"datadog_service,omitempty"`
+	DataDogSite        *string `url:"datadog_site,omitempty" json:"datadog_site,omitempty"`
+	DataDogTags        *string `url:"datadog_tags,omitempty" json:"datadog_tags,omitempty"`
+	ArchiveTraceEvents *bool   `url:"archive_trace_events,omitempty" json:"archive_trace_events,omitempty"`
+}
+
+// SetDataDogService sets DataDog service settings for a project.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/services.html#createedit-datadog-integration
+func (s *ServicesService) SetDataDogService(pid interface{}, opt *SetDataDogServiceOptions, options ...RequestOptionFunc) (*Response, error) {
+	project, err := parseID(pid)
+	if err != nil {
+		return nil, err
+	}
+	u := fmt.Sprintf("projects/%s/services/datadog", PathEscape(project))
+
+	req, err := s.client.NewRequest(http.MethodPut, u, opt, options)
+	if err != nil {
+		return nil, err
+	}
+
+	return s.client.Do(req, nil)
+}
+
+// DeleteDataDogService deletes the DataDog service settings for a project.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/services.html#disable-datadog-integration
+func (s *ServicesService) DeleteDataDogService(pid interface{}, options ...RequestOptionFunc) (*Response, error) {
+	project, err := parseID(pid)
+	if err != nil {
+		return nil, err
+	}
+	u := fmt.Sprintf("projects/%s/services/datadog", PathEscape(project))
+
+	req, err := s.client.NewRequest(http.MethodDelete, u, nil, options)
+	if err != nil {
+		return nil, err
+	}
+
+	return s.client.Do(req, nil)
+}
+
 // DiscordService represents Discord service settings.
 //
 // GitLab API docs:
diff --git a/vendor/github.com/xanzy/go-gitlab/settings.go b/vendor/github.com/xanzy/go-gitlab/settings.go
index 92a1ef656f..a81d892d95 100644
--- a/vendor/github.com/xanzy/go-gitlab/settings.go
+++ b/vendor/github.com/xanzy/go-gitlab/settings.go
@@ -238,7 +238,7 @@ type Settings struct {
 	PasswordSymbolRequired                                bool              `json:"password_symbol_required"`
 	PasswordUppercaseRequired                             bool              `json:"password_uppercase_required"`
 	PasswordLowercaseRequired                             bool              `json:"password_lowercase_required"`
-	PerformanceBarAllowedGroupID                          string            `json:"performance_bar_allowed_group_id"`
+	PerformanceBarAllowedGroupID                          int               `json:"performance_bar_allowed_group_id"`
 	PerformanceBarAllowedGroupPath                        string            `json:"performance_bar_allowed_group_path"`
 	PerformanceBarEnabled                                 bool              `json:"performance_bar_enabled"`
 	PersonalAccessTokenPrefix                             string            `json:"personal_access_token_prefix"`
@@ -617,7 +617,7 @@ type UpdateSettingsOptions struct {
 	PasswordSymbolRequired                                *bool              `url:"password_symbol_required,omitempty" json:"password_symbol_required,omitempty"`
 	PasswordUppercaseRequired                             *bool              `url:"password_uppercase_required,omitempty" json:"password_uppercase_required,omitempty"`
 	PasswordLowercaseRequired                             *bool              `url:"password_lowercase_required,omitempty" json:"password_lowercase_required,omitempty"`
-	PerformanceBarAllowedGroupID                          *string            `url:"performance_bar_allowed_group_id,omitempty" json:"performance_bar_allowed_group_id,omitempty"`
+	PerformanceBarAllowedGroupID                          *int               `url:"performance_bar_allowed_group_id,omitempty" json:"performance_bar_allowed_group_id,omitempty"`
 	PerformanceBarAllowedGroupPath                        *string            `url:"performance_bar_allowed_group_path,omitempty" json:"performance_bar_allowed_group_path,omitempty"`
 	PerformanceBarEnabled                                 *bool              `url:"performance_bar_enabled,omitempty" json:"performance_bar_enabled,omitempty"`
 	PersonalAccessTokenPrefix                             *string            `url:"personal_access_token_prefix,omitempty" json:"personal_access_token_prefix,omitempty"`
diff --git a/vendor/github.com/xanzy/go-gitlab/snippets.go b/vendor/github.com/xanzy/go-gitlab/snippets.go
index 12687c3727..c25548b123 100644
--- a/vendor/github.com/xanzy/go-gitlab/snippets.go
+++ b/vendor/github.com/xanzy/go-gitlab/snippets.go
@@ -57,6 +57,7 @@ type Snippet struct {
 		Path   string `json:"path"`
 		RawURL string `json:"raw_url"`
 	} `json:"files"`
+	RepositoryStorage string `json:"repository_storage"`
 }
 
 func (s Snippet) String() string {
@@ -281,3 +282,33 @@ func (s *SnippetsService) ExploreSnippets(opt *ExploreSnippetsOptions, options .
 
 	return ps, resp, nil
 }
+
+// ListAllSnippetsOptions represents the available ListAllSnippets() options.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/snippets.html#list-all-snippets
+type ListAllSnippetsOptions struct {
+	ListOptions
+	CreatedAfter      *ISOTime `url:"created_after,omitempty" json:"created_after,omitempty"`
+	CreatedBefore     *ISOTime `url:"created_before,omitempty" json:"created_before,omitempty"`
+	RepositoryStorage *string  `url:"repository_storage,omitempty" json:"repository_storage,omitempty"`
+}
+
+// ListAllSnippets gets all snippets the current user has access to.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/snippets.html#list-all-snippets
+func (s *SnippetsService) ListAllSnippets(opt *ListAllSnippetsOptions, options ...RequestOptionFunc) ([]*Snippet, *Response, error) {
+	req, err := s.client.NewRequest(http.MethodGet, "snippets/all", opt, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var ps []*Snippet
+	resp, err := s.client.Do(req, &ps)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return ps, resp, nil
+}
diff --git a/vendor/github.com/xanzy/go-gitlab/time_stats.go b/vendor/github.com/xanzy/go-gitlab/time_stats.go
index c1256b9659..0ce2d6751f 100644
--- a/vendor/github.com/xanzy/go-gitlab/time_stats.go
+++ b/vendor/github.com/xanzy/go-gitlab/time_stats.go
@@ -104,6 +104,7 @@ func (s *timeStatsService) resetTimeEstimate(pid interface{}, entity string, iss
 // GitLab docs: https://docs.gitlab.com/ee/workflow/time_tracking.html
 type AddSpentTimeOptions struct {
 	Duration *string `url:"duration,omitempty" json:"duration,omitempty"`
+	Summary  *string `url:"summary,omitempty" json:"summary,omitempty"`
 }
 
 // addSpentTime adds spent time for a single project issue.
diff --git a/vendor/github.com/xanzy/go-gitlab/types.go b/vendor/github.com/xanzy/go-gitlab/types.go
index 9b2a96cf15..cd8aad7689 100644
--- a/vendor/github.com/xanzy/go-gitlab/types.go
+++ b/vendor/github.com/xanzy/go-gitlab/types.go
@@ -607,8 +607,11 @@ type SharedRunnersSettingValue string
 // https://docs.gitlab.com/ee/api/groups.html#options-for-shared_runners_setting
 const (
 	EnabledSharedRunnersSettingValue                  SharedRunnersSettingValue = "enabled"
-	DisabledWithOverrideSharedRunnersSettingValue     SharedRunnersSettingValue = "disabled_with_override"
+	DisabledAndOverridableSharedRunnersSettingValue   SharedRunnersSettingValue = "disabled_and_overridable"
 	DisabledAndUnoverridableSharedRunnersSettingValue SharedRunnersSettingValue = "disabled_and_unoverridable"
+
+	// Deprecated: DisabledWithOverrideSharedRunnersSettingValue is deprecated in favor of DisabledAndOverridableSharedRunnersSettingValue
+	DisabledWithOverrideSharedRunnersSettingValue SharedRunnersSettingValue = "disabled_with_override"
 )
 
 // SharedRunnersSetting is a helper routine that allocates a new SharedRunnersSettingValue
diff --git a/vendor/github.com/xanzy/go-gitlab/users.go b/vendor/github.com/xanzy/go-gitlab/users.go
index d3eff7615e..4489034e19 100644
--- a/vendor/github.com/xanzy/go-gitlab/users.go
+++ b/vendor/github.com/xanzy/go-gitlab/users.go
@@ -1159,14 +1159,15 @@ func (s *UsersService) RejectUser(user int, options ...RequestOptionFunc) error
 // GitLab API docs:
 // https://docs.gitlab.com/ee/api/users.html#get-all-impersonation-tokens-of-a-user
 type ImpersonationToken struct {
-	ID        int        `json:"id"`
-	Name      string     `json:"name"`
-	Active    bool       `json:"active"`
-	Token     string     `json:"token"`
-	Scopes    []string   `json:"scopes"`
-	Revoked   bool       `json:"revoked"`
-	CreatedAt *time.Time `json:"created_at"`
-	ExpiresAt *ISOTime   `json:"expires_at"`
+	ID         int        `json:"id"`
+	Name       string     `json:"name"`
+	Active     bool       `json:"active"`
+	Token      string     `json:"token"`
+	Scopes     []string   `json:"scopes"`
+	Revoked    bool       `json:"revoked"`
+	CreatedAt  *time.Time `json:"created_at"`
+	ExpiresAt  *ISOTime   `json:"expires_at"`
+	LastUsedAt *time.Time `json:"last_used_at"`
 }
 
 // GetAllImpersonationTokensOptions represents the available
@@ -1300,6 +1301,38 @@ func (s *UsersService) CreatePersonalAccessToken(user int, opt *CreatePersonalAc
 	return t, resp, nil
 }
 
+// CreatePersonalAccessTokenForCurrentUserOptions represents the available
+// CreatePersonalAccessTokenForCurrentUser() options.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/users.html#create-a-personal-access-token-with-limited-scopes-for-the-currently-authenticated-user
+type CreatePersonalAccessTokenForCurrentUserOptions struct {
+	Name      *string   `url:"name,omitempty" json:"name,omitempty"`
+	Scopes    *[]string `url:"scopes,omitempty" json:"scopes,omitempty"`
+	ExpiresAt *ISOTime  `url:"expires_at,omitempty" json:"expires_at,omitempty"`
+}
+
+// CreatePersonalAccessTokenForCurrentUser creates a personal access token with limited scopes for the currently authenticated user.
+//
+// GitLab API docs:
+// https://docs.gitlab.com/ee/api/users.html#create-a-personal-access-token-with-limited-scopes-for-the-currently-authenticated-user
+func (s *UsersService) CreatePersonalAccessTokenForCurrentUser(opt *CreatePersonalAccessTokenForCurrentUserOptions, options ...RequestOptionFunc) (*PersonalAccessToken, *Response, error) {
+	u := "user/personal_access_tokens"
+
+	req, err := s.client.NewRequest(http.MethodPost, u, opt, options)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	t := new(PersonalAccessToken)
+	resp, err := s.client.Do(req, &t)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return t, resp, nil
+}
+
 // UserActivity represents an entry in the user/activities response
 //
 // GitLab API docs:
diff --git a/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/default_value_decoders.go b/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/default_value_decoders.go
index b5e22c498a..e479c3585b 100644
--- a/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/default_value_decoders.go
+++ b/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/default_value_decoders.go
@@ -1540,12 +1540,12 @@ func (dvd DefaultValueDecoders) ValueUnmarshalerDecodeValue(_ DecodeContext, vr
 		return err
 	}
 
-	fn := val.Convert(tValueUnmarshaler).MethodByName("UnmarshalBSONValue")
-	errVal := fn.Call([]reflect.Value{reflect.ValueOf(t), reflect.ValueOf(src)})[0]
-	if !errVal.IsNil() {
-		return errVal.Interface().(error)
+	m, ok := val.Interface().(ValueUnmarshaler)
+	if !ok {
+		// NB: this error should be unreachable due to the above checks
+		return ValueDecoderError{Name: "ValueUnmarshalerDecodeValue", Types: []reflect.Type{tValueUnmarshaler}, Received: val}
 	}
-	return nil
+	return m.UnmarshalBSONValue(t, src)
 }
 
 // UnmarshalerDecodeValue is the ValueDecoderFunc for Unmarshaler implementations.
@@ -1588,12 +1588,12 @@ func (dvd DefaultValueDecoders) UnmarshalerDecodeValue(_ DecodeContext, vr bsonr
 		val = val.Addr() // If the type doesn't implement the interface, a pointer to it must.
 	}
 
-	fn := val.Convert(tUnmarshaler).MethodByName("UnmarshalBSON")
-	errVal := fn.Call([]reflect.Value{reflect.ValueOf(src)})[0]
-	if !errVal.IsNil() {
-		return errVal.Interface().(error)
+	m, ok := val.Interface().(Unmarshaler)
+	if !ok {
+		// NB: this error should be unreachable due to the above checks
+		return ValueDecoderError{Name: "UnmarshalerDecodeValue", Types: []reflect.Type{tUnmarshaler}, Received: val}
 	}
-	return nil
+	return m.UnmarshalBSON(src)
 }
 
 // EmptyInterfaceDecodeValue is the ValueDecoderFunc for interface{}.
diff --git a/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/default_value_encoders.go b/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/default_value_encoders.go
index 7d526c4ef8..4ab14a668c 100644
--- a/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/default_value_encoders.go
+++ b/vendor/go.mongodb.org/mongo-driver/bson/bsoncodec/default_value_encoders.go
@@ -564,12 +564,14 @@ func (dve DefaultValueEncoders) ValueMarshalerEncodeValue(_ EncodeContext, vw bs
 		return ValueEncoderError{Name: "ValueMarshalerEncodeValue", Types: []reflect.Type{tValueMarshaler}, Received: val}
 	}
 
-	fn := val.Convert(tValueMarshaler).MethodByName("MarshalBSONValue")
-	returns := fn.Call(nil)
-	if !returns[2].IsNil() {
-		return returns[2].Interface().(error)
+	m, ok := val.Interface().(ValueMarshaler)
+	if !ok {
+		return vw.WriteNull()
+	}
+	t, data, err := m.MarshalBSONValue()
+	if err != nil {
+		return err
 	}
-	t, data := returns[0].Interface().(bsontype.Type), returns[1].Interface().([]byte)
 	return bsonrw.Copier{}.CopyValueFromBytes(vw, t, data)
 }
 
@@ -593,12 +595,14 @@ func (dve DefaultValueEncoders) MarshalerEncodeValue(_ EncodeContext, vw bsonrw.
 		return ValueEncoderError{Name: "MarshalerEncodeValue", Types: []reflect.Type{tMarshaler}, Received: val}
 	}
 
-	fn := val.Convert(tMarshaler).MethodByName("MarshalBSON")
-	returns := fn.Call(nil)
-	if !returns[1].IsNil() {
-		return returns[1].Interface().(error)
+	m, ok := val.Interface().(Marshaler)
+	if !ok {
+		return vw.WriteNull()
+	}
+	data, err := m.MarshalBSON()
+	if err != nil {
+		return err
 	}
-	data := returns[0].Interface().([]byte)
 	return bsonrw.Copier{}.CopyValueFromBytes(vw, bsontype.EmbeddedDocument, data)
 }
 
@@ -622,23 +626,31 @@ func (dve DefaultValueEncoders) ProxyEncodeValue(ec EncodeContext, vw bsonrw.Val
 		return ValueEncoderError{Name: "ProxyEncodeValue", Types: []reflect.Type{tProxy}, Received: val}
 	}
 
-	fn := val.Convert(tProxy).MethodByName("ProxyBSON")
-	returns := fn.Call(nil)
-	if !returns[1].IsNil() {
-		return returns[1].Interface().(error)
+	m, ok := val.Interface().(Proxy)
+	if !ok {
+		return vw.WriteNull()
+	}
+	v, err := m.ProxyBSON()
+	if err != nil {
+		return err
+	}
+	if v == nil {
+		encoder, err := ec.LookupEncoder(nil)
+		if err != nil {
+			return err
+		}
+		return encoder.EncodeValue(ec, vw, reflect.ValueOf(nil))
 	}
-	data := returns[0]
-	var encoder ValueEncoder
-	var err error
-	if data.Elem().IsValid() {
-		encoder, err = ec.LookupEncoder(data.Elem().Type())
-	} else {
-		encoder, err = ec.LookupEncoder(nil)
+	vv := reflect.ValueOf(v)
+	switch vv.Kind() {
+	case reflect.Ptr, reflect.Interface:
+		vv = vv.Elem()
 	}
+	encoder, err := ec.LookupEncoder(vv.Type())
 	if err != nil {
 		return err
 	}
-	return encoder.EncodeValue(ec, vw, data.Elem())
+	return encoder.EncodeValue(ec, vw, vv)
 }
 
 // JavaScriptEncodeValue is the ValueEncoderFunc for the primitive.JavaScript type.
diff --git a/vendor/go.mongodb.org/mongo-driver/bson/bsontype/bsontype.go b/vendor/go.mongodb.org/mongo-driver/bson/bsontype/bsontype.go
index f38c263a4c..8cff5492d1 100644
--- a/vendor/go.mongodb.org/mongo-driver/bson/bsontype/bsontype.go
+++ b/vendor/go.mongodb.org/mongo-driver/bson/bsontype/bsontype.go
@@ -102,3 +102,14 @@ func (bt Type) String() string {
 		return "invalid"
 	}
 }
+
+// IsValid will return true if the Type is valid.
+func (bt Type) IsValid() bool {
+	switch bt {
+	case Double, String, EmbeddedDocument, Array, Binary, Undefined, ObjectID, Boolean, DateTime, Null, Regex,
+		DBPointer, JavaScript, Symbol, CodeWithScope, Int32, Timestamp, Int64, Decimal128, MinKey, MaxKey:
+		return true
+	default:
+		return false
+	}
+}
diff --git a/vendor/go.mongodb.org/mongo-driver/bson/primitive_codecs.go b/vendor/go.mongodb.org/mongo-driver/bson/primitive_codecs.go
index 6b9602589c..ff32a87a79 100644
--- a/vendor/go.mongodb.org/mongo-driver/bson/primitive_codecs.go
+++ b/vendor/go.mongodb.org/mongo-driver/bson/primitive_codecs.go
@@ -8,6 +8,7 @@ package bson
 
 import (
 	"errors"
+	"fmt"
 	"reflect"
 
 	"go.mongodb.org/mongo-driver/bson/bsoncodec"
@@ -45,15 +46,26 @@ func (pc PrimitiveCodecs) RegisterPrimitiveCodecs(rb *bsoncodec.RegistryBuilder)
 
 // RawValueEncodeValue is the ValueEncoderFunc for RawValue.
 //
-// Deprecated: Use bson.NewRegistry to get a registry with all primitive encoders and decoders
-// registered.
+// If the RawValue's Type is "invalid" and the RawValue's Value is not empty or
+// nil, then this method will return an error.
+//
+// Deprecated: Use bson.NewRegistry to get a registry with all primitive
+// encoders and decoders registered.
 func (PrimitiveCodecs) RawValueEncodeValue(_ bsoncodec.EncodeContext, vw bsonrw.ValueWriter, val reflect.Value) error {
 	if !val.IsValid() || val.Type() != tRawValue {
-		return bsoncodec.ValueEncoderError{Name: "RawValueEncodeValue", Types: []reflect.Type{tRawValue}, Received: val}
+		return bsoncodec.ValueEncoderError{
+			Name:     "RawValueEncodeValue",
+			Types:    []reflect.Type{tRawValue},
+			Received: val,
+		}
 	}
 
 	rawvalue := val.Interface().(RawValue)
 
+	if !rawvalue.Type.IsValid() {
+		return fmt.Errorf("the RawValue Type specifies an invalid BSON type: %#x", byte(rawvalue.Type))
+	}
+
 	return bsonrw.Copier{}.CopyValueFromBytes(vw, rawvalue.Type, rawvalue.Value)
 }
 
diff --git a/vendor/go.mongodb.org/mongo-driver/bson/raw_value.go b/vendor/go.mongodb.org/mongo-driver/bson/raw_value.go
index 6627294c4d..4d1bfb3160 100644
--- a/vendor/go.mongodb.org/mongo-driver/bson/raw_value.go
+++ b/vendor/go.mongodb.org/mongo-driver/bson/raw_value.go
@@ -37,6 +37,12 @@ type RawValue struct {
 	r *bsoncodec.Registry
 }
 
+// IsZero reports whether the RawValue is zero, i.e. no data is present on
+// the RawValue. It returns true if Type is 0 and Value is empty or nil.
+func (rv RawValue) IsZero() bool {
+	return rv.Type == 0x00 && len(rv.Value) == 0
+}
+
 // Unmarshal deserializes BSON into the provided val. If RawValue cannot be unmarshaled into val, an
 // error is returned. This method will use the registry used to create the RawValue, if the RawValue
 // was created from partial BSON processing, or it will use the default registry. Users wishing to
diff --git a/vendor/go.mongodb.org/mongo-driver/internal/logger/logger.go b/vendor/go.mongodb.org/mongo-driver/internal/logger/logger.go
index c4053ea3df..07dcffe66b 100644
--- a/vendor/go.mongodb.org/mongo-driver/internal/logger/logger.go
+++ b/vendor/go.mongodb.org/mongo-driver/internal/logger/logger.go
@@ -75,9 +75,25 @@ func (logger *Logger) Close() error {
 }
 
 // LevelComponentEnabled will return true if the given LogLevel is enabled for
-// the given LogComponent.
+// the given LogComponent. If the ComponentLevels on the logger are enabled for
+// "ComponentAll", then this function will return true for any level bound by
+// the level assigned to "ComponentAll".
+//
+// If the level is not enabled (i.e. LevelOff), then false is returned. This is
+// to avoid false positives, such as returning "true" for a component that is
+// not enabled. For example, without this condition, an empty LevelComponent
+// would be considered "enabled" for "LevelOff".
 func (logger *Logger) LevelComponentEnabled(level Level, component Component) bool {
-	return logger.ComponentLevels[component] >= level
+	if level == LevelOff {
+		return false
+	}
+
+	if logger.ComponentLevels == nil {
+		return false
+	}
+
+	return logger.ComponentLevels[component] >= level ||
+		logger.ComponentLevels[ComponentAll] >= level
 }
 
 // Print will synchronously print the given message to the configured LogSink.
diff --git a/vendor/go.mongodb.org/mongo-driver/mongo/change_stream.go b/vendor/go.mongodb.org/mongo-driver/mongo/change_stream.go
index 76fe86f000..166dfa79f8 100644
--- a/vendor/go.mongodb.org/mongo-driver/mongo/change_stream.go
+++ b/vendor/go.mongodb.org/mongo-driver/mongo/change_stream.go
@@ -527,6 +527,16 @@ func (cs *ChangeStream) ID() int64 {
 	return cs.cursor.ID()
 }
 
+// SetBatchSize sets the number of documents to fetch from the database with
+// each iteration of the ChangeStream's "Next" or "TryNext" method. This setting
+// only affects subsequent document batches fetched from the database.
+func (cs *ChangeStream) SetBatchSize(size int32) {
+	// Set batch size on the cursor options also so any "resumed" change stream
+	// cursors will pick up the latest batch size setting.
+	cs.cursorOptions.BatchSize = size
+	cs.cursor.SetBatchSize(size)
+}
+
 // Decode will unmarshal the current event document into val and return any errors from the unmarshalling process
 // without any modification. If val is nil or is a typed nil, an error will be returned.
 func (cs *ChangeStream) Decode(val interface{}) error {
diff --git a/vendor/go.mongodb.org/mongo-driver/mongo/options/loggeroptions.go b/vendor/go.mongodb.org/mongo-driver/mongo/options/loggeroptions.go
index 4a33e449a5..b837935812 100644
--- a/vendor/go.mongodb.org/mongo-driver/mongo/options/loggeroptions.go
+++ b/vendor/go.mongodb.org/mongo-driver/mongo/options/loggeroptions.go
@@ -51,6 +51,18 @@ type LogSink interface {
 	// Info logs a non-error message with the given key/value pairs. This
 	// method will only be called if the provided level has been defined
 	// for a component in the LoggerOptions.
+	//
+	// Here are the following level mappings for V = "Verbosity":
+	//
+	//  - V(0): off
+	//  - V(1): informational
+	//  - V(2): debugging
+	//
+	// This level mapping is taken from the go-logr/logr library
+	// specifications, specifically:
+	//
+	// "Level V(0) is the default, and logger.V(0).Info() has the same
+	// meaning as logger.Info()."
 	Info(level int, message string, keysAndValues ...interface{})
 
 	// Error logs an error message with the given key/value pairs
diff --git a/vendor/go.mongodb.org/mongo-driver/mongo/readconcern/readconcern.go b/vendor/go.mongodb.org/mongo-driver/mongo/readconcern/readconcern.go
index 987f416055..51408e142d 100644
--- a/vendor/go.mongodb.org/mongo-driver/mongo/readconcern/readconcern.go
+++ b/vendor/go.mongodb.org/mongo-driver/mongo/readconcern/readconcern.go
@@ -11,6 +11,8 @@
 package readconcern // import "go.mongodb.org/mongo-driver/mongo/readconcern"
 
 import (
+	"errors"
+
 	"go.mongodb.org/mongo-driver/bson/bsontype"
 	"go.mongodb.org/mongo-driver/x/bsonx/bsoncore"
 )
@@ -106,6 +108,10 @@ func New(options ...Option) *ReadConcern {
 //
 // Deprecated: Marshaling a ReadConcern to BSON will not be supported in Go Driver 2.0.
 func (rc *ReadConcern) MarshalBSONValue() (bsontype.Type, []byte, error) {
+	if rc == nil {
+		return 0, nil, errors.New("cannot marshal nil ReadConcern")
+	}
+
 	var elems []byte
 
 	if len(rc.Level) > 0 {
diff --git a/vendor/go.mongodb.org/mongo-driver/version/version.go b/vendor/go.mongodb.org/mongo-driver/version/version.go
index 354548fe7a..80d4fb9d53 100644
--- a/vendor/go.mongodb.org/mongo-driver/version/version.go
+++ b/vendor/go.mongodb.org/mongo-driver/version/version.go
@@ -8,4 +8,4 @@
 package version // import "go.mongodb.org/mongo-driver/version"
 
 // Driver is the current version of the driver.
-var Driver = "v1.12.0"
+var Driver = "v1.12.1"
diff --git a/vendor/go.mongodb.org/mongo-driver/x/bsonx/bsoncore/bsoncore.go b/vendor/go.mongodb.org/mongo-driver/x/bsonx/bsoncore/bsoncore.go
index 94d479428f..e52674aacf 100644
--- a/vendor/go.mongodb.org/mongo-driver/x/bsonx/bsoncore/bsoncore.go
+++ b/vendor/go.mongodb.org/mongo-driver/x/bsonx/bsoncore/bsoncore.go
@@ -825,6 +825,9 @@ func readLengthBytes(src []byte) ([]byte, []byte, bool) {
 	if !ok {
 		return nil, src, false
 	}
+	if l < 4 {
+		return nil, src, false
+	}
 	if len(src) < int(l) {
 		return nil, src, false
 	}
diff --git a/vendor/go.mongodb.org/mongo-driver/x/mongo/driver/compression.go b/vendor/go.mongodb.org/mongo-driver/x/mongo/driver/compression.go
index c474714ff4..7f355f61a4 100644
--- a/vendor/go.mongodb.org/mongo-driver/x/mongo/driver/compression.go
+++ b/vendor/go.mongodb.org/mongo-driver/x/mongo/driver/compression.go
@@ -111,6 +111,12 @@ func DecompressPayload(in []byte, opts CompressionOpts) (uncompressed []byte, er
 	case wiremessage.CompressorNoOp:
 		return in, nil
 	case wiremessage.CompressorSnappy:
+		l, err := snappy.DecodedLen(in)
+		if err != nil {
+			return nil, fmt.Errorf("decoding compressed length %w", err)
+		} else if int32(l) != opts.UncompressedSize {
+			return nil, fmt.Errorf("unexpected decompression size, expected %v but got %v", opts.UncompressedSize, l)
+		}
 		uncompressed = make([]byte, opts.UncompressedSize)
 		return snappy.Decode(uncompressed, in)
 	case wiremessage.CompressorZLib:
diff --git a/vendor/go.mongodb.org/mongo-driver/x/mongo/driver/session/client_session.go b/vendor/go.mongodb.org/mongo-driver/x/mongo/driver/session/client_session.go
index ba244b101e..8dac0932de 100644
--- a/vendor/go.mongodb.org/mongo-driver/x/mongo/driver/session/client_session.go
+++ b/vendor/go.mongodb.org/mongo-driver/x/mongo/driver/session/client_session.go
@@ -331,9 +331,10 @@ func (c *Client) ClearPinnedResources() error {
 	return nil
 }
 
-// UnpinConnection gracefully unpins the connection associated with the session if there is one. This is done via
-// the pinned connection's UnpinFromTransaction function.
-func (c *Client) UnpinConnection() error {
+// unpinConnection gracefully unpins the connection associated with the session
+// if there is one. This is done via the pinned connection's
+// UnpinFromTransaction function.
+func (c *Client) unpinConnection() error {
 	if c == nil || c.PinnedConnection == nil {
 		return nil
 	}
@@ -353,6 +354,12 @@ func (c *Client) EndSession() {
 		return
 	}
 	c.Terminated = true
+
+	// Ignore the error when unpinning the connection because we can't do
+	// anything about it if it doesn't work. Typically the only errors that can
+	// happen here indicate that something went wrong with the connection state,
+	// like it wasn't marked as pinned or attempted to return to the wrong pool.
+	_ = c.unpinConnection()
 	c.pool.ReturnSession(c.Server)
 }
 
diff --git a/vendor/go4.org/intern/README.md b/vendor/go4.org/intern/README.md
index 1db456b735..758699dc6f 100644
--- a/vendor/go4.org/intern/README.md
+++ b/vendor/go4.org/intern/README.md
@@ -1,4 +1,19 @@
-# go4.org/intern
+# go4.org/intern [![Go Reference](https://pkg.go.dev/badge/go4.org/intern.svg)](https://pkg.go.dev/go4.org/intern)
 
-See https://godoc.org/go4.org/intern
+## What
 
+Package intern lets you make smaller comparable values by boxing a larger comparable value (such as a string header) down into a single globally unique pointer.
+
+Docs: https://pkg.go.dev/go4.org/intern
+
+## Status
+
+This package is mature and stable. However, it depends on the implementation details of the Go runtime. Use with care.
+
+This package is a core, low-level package with no substantive dependencies.
+
+We take code review, testing, dependencies, and performance seriously, similar to Go's standard library or the golang.org/x repos.
+
+## Motivation
+
+Package intern was initially created for [package inet.af/netaddr](https://pkg.go.dev/inet.af/netaddr).
diff --git a/vendor/go4.org/unsafe/assume-no-moving-gc/assume-no-moving-gc.go b/vendor/go4.org/unsafe/assume-no-moving-gc/assume-no-moving-gc.go
index 14a41e73ed..60561d05d4 100644
--- a/vendor/go4.org/unsafe/assume-no-moving-gc/assume-no-moving-gc.go
+++ b/vendor/go4.org/unsafe/assume-no-moving-gc/assume-no-moving-gc.go
@@ -4,11 +4,16 @@
 
 // Package go4.org/unsafe/assume-no-moving-gc exists so you can depend
 // on it from unsafe code that wants to declare that it assumes that
-// the Go runtime does not using a moving garbage colllector.
+// the Go runtime does not using a moving garbage collector. Specifically,
+// it asserts that the caller is playing stupid games with the addresses
+// of heap-allocated values. It says nothing about values that Go's escape
+// analysis keeps on the stack. Ensuring things aren't stack-allocated
+// is the caller's responsibility.
 //
-// This package is then updated for new Go versions when that
-// is still the case and explodes at runtime with a failure
-// otherwise, unless an environment variable overrides it.
+// This package is then updated as needed for new Go versions when
+// that is still the case and explodes at runtime with a failure
+// otherwise, with the idea that it's better to not start at all than
+// to silently corrupt your data at runtime.
 //
 // To use:
 //
@@ -16,7 +21,12 @@
 //
 // There is no API.
 //
+// As of Go 1.21, this package asks the Go runtime whether it can move
+// heap objects around. If you get an error on versions prior to that,
+// go get go4.org/unsafe/assume-no-moving-gc@latest and things will
+// work.
+//
 // The GitHub repo is at https://github.com/go4org/unsafe-assume-no-moving-gc
 package assume_no_moving_gc
 
-const env = "ASSUME_NO_MOVING_GC_UNSAFE_RISK_IT_WITH"
+const env = "ASSUME_NO_MOVING_GC_UNSAFE"
diff --git a/vendor/go4.org/unsafe/assume-no-moving-gc/check.go b/vendor/go4.org/unsafe/assume-no-moving-gc/check.go
new file mode 100644
index 0000000000..a2fbf46507
--- /dev/null
+++ b/vendor/go4.org/unsafe/assume-no-moving-gc/check.go
@@ -0,0 +1,36 @@
+// Copyright 2020 Brad Fitzpatrick. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build go1.21
+// +build go1.21
+
+package assume_no_moving_gc
+
+import (
+	"os"
+	_ "unsafe"
+)
+
+//go:linkname heapObjectsCanMove runtime.heapObjectsCanMove
+func heapObjectsCanMove() bool
+
+func init() {
+	if !heapObjectsCanMove() {
+		// The unsafe assumptions made by the package
+		// importing this package still hold. All's good. (at
+		// least unless they made other assumption this
+		// package doesn't concern itself with)
+		return
+	}
+	if os.Getenv(env) == "play-with-fire" {
+		return
+	}
+	panic(`
+Something in this program imports go4.org/unsafe/assume-no-moving-gc to
+declare that it assumes a non-moving garbage collector, but the version
+of Go you're using declares that its heap objects can now move around.
+This program is no longer safe. You should update your packages which import
+go4.org/unsafe/assume-no-moving-gc. To risk it and bypass this check, set
+ASSUME_NO_MOVING_GC_UNSAFE=play-with-fire and cross your fingers.`)
+}
diff --git a/vendor/go4.org/unsafe/assume-no-moving-gc/untested.go b/vendor/go4.org/unsafe/assume-no-moving-gc/untested.go
deleted file mode 100644
index da4d943f6b..0000000000
--- a/vendor/go4.org/unsafe/assume-no-moving-gc/untested.go
+++ /dev/null
@@ -1,26 +0,0 @@
-// Copyright 2020 Brad Fitzpatrick. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build go1.20
-// +build go1.20
-
-package assume_no_moving_gc
-
-import (
-	"os"
-	"runtime"
-	"strings"
-)
-
-func init() {
-	dots := strings.SplitN(runtime.Version(), ".", 3)
-	v := runtime.Version()
-	if len(dots) >= 2 {
-		v = dots[0] + "." + dots[1]
-	}
-	if os.Getenv(env) == v {
-		return
-	}
-	panic("Something in this program imports go4.org/unsafe/assume-no-moving-gc to declare that it assumes a non-moving garbage collector, but your version of go4.org/unsafe/assume-no-moving-gc hasn't been updated to assert that it's safe against the " + v + " runtime. If you want to risk it, run with environment variable " + env + "=" + v + " set. Notably, if " + v + " adds a moving garbage collector, this program is unsafe to use.")
-}
diff --git a/vendor/golang.org/x/crypto/argon2/blamka_amd64.go b/vendor/golang.org/x/crypto/argon2/blamka_amd64.go
index a014ac92aa..063e7784f8 100644
--- a/vendor/golang.org/x/crypto/argon2/blamka_amd64.go
+++ b/vendor/golang.org/x/crypto/argon2/blamka_amd64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build amd64 && gc && !purego
-// +build amd64,gc,!purego
 
 package argon2
 
diff --git a/vendor/golang.org/x/crypto/argon2/blamka_amd64.s b/vendor/golang.org/x/crypto/argon2/blamka_amd64.s
index b2cc051504..f3b653a12f 100644
--- a/vendor/golang.org/x/crypto/argon2/blamka_amd64.s
+++ b/vendor/golang.org/x/crypto/argon2/blamka_amd64.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build amd64 && gc && !purego
-// +build amd64,gc,!purego
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/crypto/argon2/blamka_ref.go b/vendor/golang.org/x/crypto/argon2/blamka_ref.go
index 167c59d2d5..16d58c650e 100644
--- a/vendor/golang.org/x/crypto/argon2/blamka_ref.go
+++ b/vendor/golang.org/x/crypto/argon2/blamka_ref.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !amd64 || purego || !gc
-// +build !amd64 purego !gc
 
 package argon2
 
diff --git a/vendor/golang.org/x/crypto/blake2b/blake2bAVX2_amd64.go b/vendor/golang.org/x/crypto/blake2b/blake2bAVX2_amd64.go
index 56bfaaa17d..4f506f8791 100644
--- a/vendor/golang.org/x/crypto/blake2b/blake2bAVX2_amd64.go
+++ b/vendor/golang.org/x/crypto/blake2b/blake2bAVX2_amd64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build go1.7 && amd64 && gc && !purego
-// +build go1.7,amd64,gc,!purego
 
 package blake2b
 
diff --git a/vendor/golang.org/x/crypto/blake2b/blake2bAVX2_amd64.s b/vendor/golang.org/x/crypto/blake2b/blake2bAVX2_amd64.s
index 4b9daa18d9..353bb7cac5 100644
--- a/vendor/golang.org/x/crypto/blake2b/blake2bAVX2_amd64.s
+++ b/vendor/golang.org/x/crypto/blake2b/blake2bAVX2_amd64.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build go1.7 && amd64 && gc && !purego
-// +build go1.7,amd64,gc,!purego
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/crypto/blake2b/blake2b_amd64.go b/vendor/golang.org/x/crypto/blake2b/blake2b_amd64.go
index 5fa1b32841..1d0770abba 100644
--- a/vendor/golang.org/x/crypto/blake2b/blake2b_amd64.go
+++ b/vendor/golang.org/x/crypto/blake2b/blake2b_amd64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !go1.7 && amd64 && gc && !purego
-// +build !go1.7,amd64,gc,!purego
 
 package blake2b
 
diff --git a/vendor/golang.org/x/crypto/blake2b/blake2b_amd64.s b/vendor/golang.org/x/crypto/blake2b/blake2b_amd64.s
index ae75eb9afc..adfac00c15 100644
--- a/vendor/golang.org/x/crypto/blake2b/blake2b_amd64.s
+++ b/vendor/golang.org/x/crypto/blake2b/blake2b_amd64.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build amd64 && gc && !purego
-// +build amd64,gc,!purego
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/crypto/blake2b/blake2b_ref.go b/vendor/golang.org/x/crypto/blake2b/blake2b_ref.go
index b0137cdf02..6e28668cd1 100644
--- a/vendor/golang.org/x/crypto/blake2b/blake2b_ref.go
+++ b/vendor/golang.org/x/crypto/blake2b/blake2b_ref.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !amd64 || purego || !gc
-// +build !amd64 purego !gc
 
 package blake2b
 
diff --git a/vendor/golang.org/x/crypto/blake2b/register.go b/vendor/golang.org/x/crypto/blake2b/register.go
index 9d8633963c..d9fcac3a4d 100644
--- a/vendor/golang.org/x/crypto/blake2b/register.go
+++ b/vendor/golang.org/x/crypto/blake2b/register.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build go1.9
-// +build go1.9
 
 package blake2b
 
diff --git a/vendor/golang.org/x/crypto/chacha20/chacha_arm64.go b/vendor/golang.org/x/crypto/chacha20/chacha_arm64.go
index 5dfacbb983..661ea132e0 100644
--- a/vendor/golang.org/x/crypto/chacha20/chacha_arm64.go
+++ b/vendor/golang.org/x/crypto/chacha20/chacha_arm64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc && !purego
-// +build gc,!purego
 
 package chacha20
 
diff --git a/vendor/golang.org/x/crypto/chacha20/chacha_arm64.s b/vendor/golang.org/x/crypto/chacha20/chacha_arm64.s
index f1f66230d1..7dd2638e88 100644
--- a/vendor/golang.org/x/crypto/chacha20/chacha_arm64.s
+++ b/vendor/golang.org/x/crypto/chacha20/chacha_arm64.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc && !purego
-// +build gc,!purego
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/crypto/chacha20/chacha_noasm.go b/vendor/golang.org/x/crypto/chacha20/chacha_noasm.go
index 02ff3d05e9..db42e6676a 100644
--- a/vendor/golang.org/x/crypto/chacha20/chacha_noasm.go
+++ b/vendor/golang.org/x/crypto/chacha20/chacha_noasm.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (!arm64 && !s390x && !ppc64le) || !gc || purego
-// +build !arm64,!s390x,!ppc64le !gc purego
 
 package chacha20
 
diff --git a/vendor/golang.org/x/crypto/chacha20/chacha_ppc64le.go b/vendor/golang.org/x/crypto/chacha20/chacha_ppc64le.go
index da420b2e97..3a4287f990 100644
--- a/vendor/golang.org/x/crypto/chacha20/chacha_ppc64le.go
+++ b/vendor/golang.org/x/crypto/chacha20/chacha_ppc64le.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc && !purego
-// +build gc,!purego
 
 package chacha20
 
diff --git a/vendor/golang.org/x/crypto/chacha20/chacha_ppc64le.s b/vendor/golang.org/x/crypto/chacha20/chacha_ppc64le.s
index 5c0fed26f8..66aebae258 100644
--- a/vendor/golang.org/x/crypto/chacha20/chacha_ppc64le.s
+++ b/vendor/golang.org/x/crypto/chacha20/chacha_ppc64le.s
@@ -20,7 +20,6 @@
 // due to the calling conventions and initialization of constants.
 
 //go:build gc && !purego
-// +build gc,!purego
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/crypto/chacha20/chacha_s390x.go b/vendor/golang.org/x/crypto/chacha20/chacha_s390x.go
index 4652247b8a..683ccfd1c3 100644
--- a/vendor/golang.org/x/crypto/chacha20/chacha_s390x.go
+++ b/vendor/golang.org/x/crypto/chacha20/chacha_s390x.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc && !purego
-// +build gc,!purego
 
 package chacha20
 
diff --git a/vendor/golang.org/x/crypto/chacha20/chacha_s390x.s b/vendor/golang.org/x/crypto/chacha20/chacha_s390x.s
index f3ef5a019d..1eda91a3d4 100644
--- a/vendor/golang.org/x/crypto/chacha20/chacha_s390x.s
+++ b/vendor/golang.org/x/crypto/chacha20/chacha_s390x.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc && !purego
-// +build gc,!purego
 
 #include "go_asm.h"
 #include "textflag.h"
diff --git a/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_amd64.go b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_amd64.go
index 0c408c5709..50695a14f6 100644
--- a/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_amd64.go
+++ b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_amd64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc && !purego
-// +build gc,!purego
 
 package chacha20poly1305
 
diff --git a/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_amd64.s b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_amd64.s
index 867c181a14..731d2ac6db 100644
--- a/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_amd64.s
+++ b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_amd64.s
@@ -5,7 +5,6 @@
 // This file was originally from https://golang.org/cl/24717 by Vlad Krasnov of CloudFlare.
 
 //go:build gc && !purego
-// +build gc,!purego
 
 #include "textflag.h"
 // General register allocation
@@ -184,11 +183,31 @@ GLOBL ·andMask<>(SB), (NOPTR+RODATA), $240
 #define shiftD1Right BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xd2; BYTE $0x04 // PALIGNR $4, X10, X10
 #define shiftD2Right BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xdb; BYTE $0x04 // PALIGNR $4, X11, X11
 #define shiftD3Right BYTE $0x66; BYTE $0x45; BYTE $0x0f; BYTE $0x3a; BYTE $0x0f; BYTE $0xff; BYTE $0x04 // PALIGNR $4, X15, X15
+
 // Some macros
+
+// ROL rotates the uint32s in register R left by N bits, using temporary T.
+#define ROL(N, R, T) \
+	MOVO R, T; PSLLL $(N), T; PSRLL $(32-(N)), R; PXOR T, R
+
+// ROL16 rotates the uint32s in register R left by 16, using temporary T if needed.
+#ifdef GOAMD64_v2
+#define ROL16(R, T) PSHUFB ·rol16<>(SB), R
+#else
+#define ROL16(R, T) ROL(16, R, T)
+#endif
+
+// ROL8 rotates the uint32s in register R left by 8, using temporary T if needed.
+#ifdef GOAMD64_v2
+#define ROL8(R, T) PSHUFB ·rol8<>(SB), R
+#else
+#define ROL8(R, T) ROL(8, R, T)
+#endif
+
 #define chachaQR(A, B, C, D, T) \
-	PADDD B, A; PXOR A, D; PSHUFB ·rol16<>(SB), D                            \
+	PADDD B, A; PXOR A, D; ROL16(D, T) \
 	PADDD D, C; PXOR C, B; MOVO B, T; PSLLL $12, T; PSRLL $20, B; PXOR T, B \
-	PADDD B, A; PXOR A, D; PSHUFB ·rol8<>(SB), D                             \
+	PADDD B, A; PXOR A, D; ROL8(D, T) \
 	PADDD D, C; PXOR C, B; MOVO B, T; PSLLL $7, T; PSRLL $25, B; PXOR T, B
 
 #define chachaQR_AVX2(A, B, C, D, T) \
diff --git a/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_noasm.go b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_noasm.go
index f832b33d45..34e6ab1df8 100644
--- a/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_noasm.go
+++ b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_noasm.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !amd64 || !gc || purego
-// +build !amd64 !gc purego
 
 package chacha20poly1305
 
diff --git a/vendor/golang.org/x/crypto/curve25519/internal/field/fe_amd64.go b/vendor/golang.org/x/crypto/curve25519/internal/field/fe_amd64.go
index edcf163c4e..70c541692c 100644
--- a/vendor/golang.org/x/crypto/curve25519/internal/field/fe_amd64.go
+++ b/vendor/golang.org/x/crypto/curve25519/internal/field/fe_amd64.go
@@ -1,7 +1,6 @@
 // Code generated by command: go run fe_amd64_asm.go -out ../fe_amd64.s -stubs ../fe_amd64.go -pkg field. DO NOT EDIT.
 
 //go:build amd64 && gc && !purego
-// +build amd64,gc,!purego
 
 package field
 
diff --git a/vendor/golang.org/x/crypto/curve25519/internal/field/fe_amd64.s b/vendor/golang.org/x/crypto/curve25519/internal/field/fe_amd64.s
index 293f013c94..60817acc41 100644
--- a/vendor/golang.org/x/crypto/curve25519/internal/field/fe_amd64.s
+++ b/vendor/golang.org/x/crypto/curve25519/internal/field/fe_amd64.s
@@ -1,7 +1,6 @@
 // Code generated by command: go run fe_amd64_asm.go -out ../fe_amd64.s -stubs ../fe_amd64.go -pkg field. DO NOT EDIT.
 
 //go:build amd64 && gc && !purego
-// +build amd64,gc,!purego
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/crypto/curve25519/internal/field/fe_amd64_noasm.go b/vendor/golang.org/x/crypto/curve25519/internal/field/fe_amd64_noasm.go
index ddb6c9b8f7..9da280d1d8 100644
--- a/vendor/golang.org/x/crypto/curve25519/internal/field/fe_amd64_noasm.go
+++ b/vendor/golang.org/x/crypto/curve25519/internal/field/fe_amd64_noasm.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !amd64 || !gc || purego
-// +build !amd64 !gc purego
 
 package field
 
diff --git a/vendor/golang.org/x/crypto/curve25519/internal/field/fe_arm64.go b/vendor/golang.org/x/crypto/curve25519/internal/field/fe_arm64.go
index af459ef515..075fe9b925 100644
--- a/vendor/golang.org/x/crypto/curve25519/internal/field/fe_arm64.go
+++ b/vendor/golang.org/x/crypto/curve25519/internal/field/fe_arm64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build arm64 && gc && !purego
-// +build arm64,gc,!purego
 
 package field
 
diff --git a/vendor/golang.org/x/crypto/curve25519/internal/field/fe_arm64.s b/vendor/golang.org/x/crypto/curve25519/internal/field/fe_arm64.s
index 5c91e45892..3126a43419 100644
--- a/vendor/golang.org/x/crypto/curve25519/internal/field/fe_arm64.s
+++ b/vendor/golang.org/x/crypto/curve25519/internal/field/fe_arm64.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build arm64 && gc && !purego
-// +build arm64,gc,!purego
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/crypto/curve25519/internal/field/fe_arm64_noasm.go b/vendor/golang.org/x/crypto/curve25519/internal/field/fe_arm64_noasm.go
index 234a5b2e5d..fc029ac12d 100644
--- a/vendor/golang.org/x/crypto/curve25519/internal/field/fe_arm64_noasm.go
+++ b/vendor/golang.org/x/crypto/curve25519/internal/field/fe_arm64_noasm.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !arm64 || !gc || purego
-// +build !arm64 !gc purego
 
 package field
 
diff --git a/vendor/golang.org/x/crypto/hkdf/hkdf.go b/vendor/golang.org/x/crypto/hkdf/hkdf.go
index dda3f143be..f4ded5fee2 100644
--- a/vendor/golang.org/x/crypto/hkdf/hkdf.go
+++ b/vendor/golang.org/x/crypto/hkdf/hkdf.go
@@ -56,7 +56,9 @@ func (f *hkdf) Read(p []byte) (int, error) {
 
 	// Fill the rest of the buffer
 	for len(p) > 0 {
-		f.expander.Reset()
+		if f.counter > 1 {
+			f.expander.Reset()
+		}
 		f.expander.Write(f.prev)
 		f.expander.Write(f.info)
 		f.expander.Write([]byte{f.counter})
diff --git a/vendor/golang.org/x/crypto/internal/alias/alias.go b/vendor/golang.org/x/crypto/internal/alias/alias.go
index 69c17f822b..551ff0c353 100644
--- a/vendor/golang.org/x/crypto/internal/alias/alias.go
+++ b/vendor/golang.org/x/crypto/internal/alias/alias.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !purego
-// +build !purego
 
 // Package alias implements memory aliasing tests.
 package alias
diff --git a/vendor/golang.org/x/crypto/internal/alias/alias_purego.go b/vendor/golang.org/x/crypto/internal/alias/alias_purego.go
index 4775b0a438..6fe61b5c6e 100644
--- a/vendor/golang.org/x/crypto/internal/alias/alias_purego.go
+++ b/vendor/golang.org/x/crypto/internal/alias/alias_purego.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build purego
-// +build purego
 
 // Package alias implements memory aliasing tests.
 package alias
diff --git a/vendor/golang.org/x/crypto/internal/poly1305/bits_compat.go b/vendor/golang.org/x/crypto/internal/poly1305/bits_compat.go
index 45b5c966b2..d33c8890fc 100644
--- a/vendor/golang.org/x/crypto/internal/poly1305/bits_compat.go
+++ b/vendor/golang.org/x/crypto/internal/poly1305/bits_compat.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !go1.13
-// +build !go1.13
 
 package poly1305
 
diff --git a/vendor/golang.org/x/crypto/internal/poly1305/bits_go1.13.go b/vendor/golang.org/x/crypto/internal/poly1305/bits_go1.13.go
index ed52b3418a..495c1fa697 100644
--- a/vendor/golang.org/x/crypto/internal/poly1305/bits_go1.13.go
+++ b/vendor/golang.org/x/crypto/internal/poly1305/bits_go1.13.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build go1.13
-// +build go1.13
 
 package poly1305
 
diff --git a/vendor/golang.org/x/crypto/internal/poly1305/mac_noasm.go b/vendor/golang.org/x/crypto/internal/poly1305/mac_noasm.go
index f184b67d98..333da285b3 100644
--- a/vendor/golang.org/x/crypto/internal/poly1305/mac_noasm.go
+++ b/vendor/golang.org/x/crypto/internal/poly1305/mac_noasm.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (!amd64 && !ppc64le && !s390x) || !gc || purego
-// +build !amd64,!ppc64le,!s390x !gc purego
 
 package poly1305
 
diff --git a/vendor/golang.org/x/crypto/internal/poly1305/sum_amd64.go b/vendor/golang.org/x/crypto/internal/poly1305/sum_amd64.go
index 6d522333f2..164cd47d32 100644
--- a/vendor/golang.org/x/crypto/internal/poly1305/sum_amd64.go
+++ b/vendor/golang.org/x/crypto/internal/poly1305/sum_amd64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc && !purego
-// +build gc,!purego
 
 package poly1305
 
diff --git a/vendor/golang.org/x/crypto/internal/poly1305/sum_amd64.s b/vendor/golang.org/x/crypto/internal/poly1305/sum_amd64.s
index 1d74f0f881..e0d3c64756 100644
--- a/vendor/golang.org/x/crypto/internal/poly1305/sum_amd64.s
+++ b/vendor/golang.org/x/crypto/internal/poly1305/sum_amd64.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc && !purego
-// +build gc,!purego
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/crypto/internal/poly1305/sum_ppc64le.go b/vendor/golang.org/x/crypto/internal/poly1305/sum_ppc64le.go
index 4a069941a6..4aec4874b5 100644
--- a/vendor/golang.org/x/crypto/internal/poly1305/sum_ppc64le.go
+++ b/vendor/golang.org/x/crypto/internal/poly1305/sum_ppc64le.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc && !purego
-// +build gc,!purego
 
 package poly1305
 
diff --git a/vendor/golang.org/x/crypto/internal/poly1305/sum_ppc64le.s b/vendor/golang.org/x/crypto/internal/poly1305/sum_ppc64le.s
index 58422aad23..d2ca5deeb9 100644
--- a/vendor/golang.org/x/crypto/internal/poly1305/sum_ppc64le.s
+++ b/vendor/golang.org/x/crypto/internal/poly1305/sum_ppc64le.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc && !purego
-// +build gc,!purego
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/crypto/internal/poly1305/sum_s390x.go b/vendor/golang.org/x/crypto/internal/poly1305/sum_s390x.go
index ec95966889..e1d033a491 100644
--- a/vendor/golang.org/x/crypto/internal/poly1305/sum_s390x.go
+++ b/vendor/golang.org/x/crypto/internal/poly1305/sum_s390x.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc && !purego
-// +build gc,!purego
 
 package poly1305
 
diff --git a/vendor/golang.org/x/crypto/internal/poly1305/sum_s390x.s b/vendor/golang.org/x/crypto/internal/poly1305/sum_s390x.s
index aa9e0494c9..0fe3a7c217 100644
--- a/vendor/golang.org/x/crypto/internal/poly1305/sum_s390x.s
+++ b/vendor/golang.org/x/crypto/internal/poly1305/sum_s390x.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc && !purego
-// +build gc,!purego
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/crypto/salsa20/salsa/salsa20_amd64.go b/vendor/golang.org/x/crypto/salsa20/salsa/salsa20_amd64.go
index c400dfcf7b..e76b44fe59 100644
--- a/vendor/golang.org/x/crypto/salsa20/salsa/salsa20_amd64.go
+++ b/vendor/golang.org/x/crypto/salsa20/salsa/salsa20_amd64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build amd64 && !purego && gc
-// +build amd64,!purego,gc
 
 package salsa
 
diff --git a/vendor/golang.org/x/crypto/salsa20/salsa/salsa20_amd64.s b/vendor/golang.org/x/crypto/salsa20/salsa/salsa20_amd64.s
index c089277204..fcce0234b6 100644
--- a/vendor/golang.org/x/crypto/salsa20/salsa/salsa20_amd64.s
+++ b/vendor/golang.org/x/crypto/salsa20/salsa/salsa20_amd64.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build amd64 && !purego && gc
-// +build amd64,!purego,gc
 
 // This code was translated into a form compatible with 6a from the public
 // domain sources in SUPERCOP: https://bench.cr.yp.to/supercop.html
diff --git a/vendor/golang.org/x/crypto/salsa20/salsa/salsa20_noasm.go b/vendor/golang.org/x/crypto/salsa20/salsa/salsa20_noasm.go
index 4392cc1ac7..9448760f26 100644
--- a/vendor/golang.org/x/crypto/salsa20/salsa/salsa20_noasm.go
+++ b/vendor/golang.org/x/crypto/salsa20/salsa/salsa20_noasm.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !amd64 || purego || !gc
-// +build !amd64 purego !gc
 
 package salsa
 
diff --git a/vendor/golang.org/x/crypto/sha3/hashes_generic.go b/vendor/golang.org/x/crypto/sha3/hashes_generic.go
index c74fc20fcb..fe8c84793c 100644
--- a/vendor/golang.org/x/crypto/sha3/hashes_generic.go
+++ b/vendor/golang.org/x/crypto/sha3/hashes_generic.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !gc || purego || !s390x
-// +build !gc purego !s390x
 
 package sha3
 
diff --git a/vendor/golang.org/x/crypto/sha3/keccakf.go b/vendor/golang.org/x/crypto/sha3/keccakf.go
index e5faa375c0..ce48b1dd3e 100644
--- a/vendor/golang.org/x/crypto/sha3/keccakf.go
+++ b/vendor/golang.org/x/crypto/sha3/keccakf.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !amd64 || purego || !gc
-// +build !amd64 purego !gc
 
 package sha3
 
diff --git a/vendor/golang.org/x/crypto/sha3/keccakf_amd64.go b/vendor/golang.org/x/crypto/sha3/keccakf_amd64.go
index 248a38241f..b908696be5 100644
--- a/vendor/golang.org/x/crypto/sha3/keccakf_amd64.go
+++ b/vendor/golang.org/x/crypto/sha3/keccakf_amd64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build amd64 && !purego && gc
-// +build amd64,!purego,gc
 
 package sha3
 
diff --git a/vendor/golang.org/x/crypto/sha3/keccakf_amd64.s b/vendor/golang.org/x/crypto/sha3/keccakf_amd64.s
index 4cfa54383b..8fb26aebb2 100644
--- a/vendor/golang.org/x/crypto/sha3/keccakf_amd64.s
+++ b/vendor/golang.org/x/crypto/sha3/keccakf_amd64.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build amd64 && !purego && gc
-// +build amd64,!purego,gc
 
 // This code was translated into a form compatible with 6a from the public
 // domain sources at https://github.com/gvanas/KeccakCodePackage
diff --git a/vendor/golang.org/x/crypto/sha3/register.go b/vendor/golang.org/x/crypto/sha3/register.go
index 8b4453aac3..addfd5049b 100644
--- a/vendor/golang.org/x/crypto/sha3/register.go
+++ b/vendor/golang.org/x/crypto/sha3/register.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build go1.4
-// +build go1.4
 
 package sha3
 
diff --git a/vendor/golang.org/x/crypto/sha3/sha3_s390x.go b/vendor/golang.org/x/crypto/sha3/sha3_s390x.go
index ec26f147ff..d861bca528 100644
--- a/vendor/golang.org/x/crypto/sha3/sha3_s390x.go
+++ b/vendor/golang.org/x/crypto/sha3/sha3_s390x.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc && !purego
-// +build gc,!purego
 
 package sha3
 
diff --git a/vendor/golang.org/x/crypto/sha3/sha3_s390x.s b/vendor/golang.org/x/crypto/sha3/sha3_s390x.s
index a0e051b045..826b862c77 100644
--- a/vendor/golang.org/x/crypto/sha3/sha3_s390x.s
+++ b/vendor/golang.org/x/crypto/sha3/sha3_s390x.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc && !purego
-// +build gc,!purego
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/crypto/sha3/shake_generic.go b/vendor/golang.org/x/crypto/sha3/shake_generic.go
index 5c0710ef98..8d31cf5be2 100644
--- a/vendor/golang.org/x/crypto/sha3/shake_generic.go
+++ b/vendor/golang.org/x/crypto/sha3/shake_generic.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !gc || purego || !s390x
-// +build !gc purego !s390x
 
 package sha3
 
diff --git a/vendor/golang.org/x/crypto/sha3/xor.go b/vendor/golang.org/x/crypto/sha3/xor.go
index 59c8eb9418..7337cca88e 100644
--- a/vendor/golang.org/x/crypto/sha3/xor.go
+++ b/vendor/golang.org/x/crypto/sha3/xor.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (!amd64 && !386 && !ppc64le) || purego
-// +build !amd64,!386,!ppc64le purego
 
 package sha3
 
diff --git a/vendor/golang.org/x/crypto/sha3/xor_unaligned.go b/vendor/golang.org/x/crypto/sha3/xor_unaligned.go
index 1ce606246d..870e2d16e0 100644
--- a/vendor/golang.org/x/crypto/sha3/xor_unaligned.go
+++ b/vendor/golang.org/x/crypto/sha3/xor_unaligned.go
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (amd64 || 386 || ppc64le) && !purego
-// +build amd64 386 ppc64le
-// +build !purego
 
 package sha3
 
diff --git a/vendor/golang.org/x/crypto/ssh/agent/client.go b/vendor/golang.org/x/crypto/ssh/agent/client.go
index 9f09aae7dd..fecba8eb38 100644
--- a/vendor/golang.org/x/crypto/ssh/agent/client.go
+++ b/vendor/golang.org/x/crypto/ssh/agent/client.go
@@ -141,9 +141,14 @@ const (
 	agentAddSmartcardKeyConstrained = 26
 
 	// 3.7 Key constraint identifiers
-	agentConstrainLifetime  = 1
-	agentConstrainConfirm   = 2
-	agentConstrainExtension = 3
+	agentConstrainLifetime = 1
+	agentConstrainConfirm  = 2
+	// Constraint extension identifier up to version 2 of the protocol. A
+	// backward incompatible change will be required if we want to add support
+	// for SSH_AGENT_CONSTRAIN_MAXSIGN which uses the same ID.
+	agentConstrainExtensionV00 = 3
+	// Constraint extension identifier in version 3 and later of the protocol.
+	agentConstrainExtension = 255
 )
 
 // maxAgentResponseBytes is the maximum agent reply size that is accepted. This
@@ -205,7 +210,7 @@ type constrainLifetimeAgentMsg struct {
 }
 
 type constrainExtensionAgentMsg struct {
-	ExtensionName    string `sshtype:"3"`
+	ExtensionName    string `sshtype:"255|3"`
 	ExtensionDetails []byte
 
 	// Rest is a field used for parsing, not part of message
diff --git a/vendor/golang.org/x/crypto/ssh/agent/server.go b/vendor/golang.org/x/crypto/ssh/agent/server.go
index dd2e0a3e71..e35ca7ce31 100644
--- a/vendor/golang.org/x/crypto/ssh/agent/server.go
+++ b/vendor/golang.org/x/crypto/ssh/agent/server.go
@@ -208,7 +208,7 @@ func parseConstraints(constraints []byte) (lifetimeSecs uint32, confirmBeforeUse
 		case agentConstrainConfirm:
 			confirmBeforeUse = true
 			constraints = constraints[1:]
-		case agentConstrainExtension:
+		case agentConstrainExtension, agentConstrainExtensionV00:
 			var msg constrainExtensionAgentMsg
 			if err = ssh.Unmarshal(constraints, &msg); err != nil {
 				return 0, false, nil, err
diff --git a/vendor/golang.org/x/crypto/ssh/common.go b/vendor/golang.org/x/crypto/ssh/common.go
index b419c761ed..dd2ab0d69a 100644
--- a/vendor/golang.org/x/crypto/ssh/common.go
+++ b/vendor/golang.org/x/crypto/ssh/common.go
@@ -10,7 +10,6 @@ import (
 	"fmt"
 	"io"
 	"math"
-	"strings"
 	"sync"
 
 	_ "crypto/sha1"
@@ -140,8 +139,6 @@ var supportedPubKeyAuthAlgos = []string{
 	KeyAlgoDSA,
 }
 
-var supportedPubKeyAuthAlgosList = strings.Join(supportedPubKeyAuthAlgos, ",")
-
 // unexpectedMessageError results when the SSH message that we received didn't
 // match what we wanted.
 func unexpectedMessageError(expected, got uint8) error {
diff --git a/vendor/golang.org/x/crypto/ssh/handshake.go b/vendor/golang.org/x/crypto/ssh/handshake.go
index 70a7369ff9..49bbba7692 100644
--- a/vendor/golang.org/x/crypto/ssh/handshake.go
+++ b/vendor/golang.org/x/crypto/ssh/handshake.go
@@ -11,6 +11,7 @@ import (
 	"io"
 	"log"
 	"net"
+	"strings"
 	"sync"
 )
 
@@ -50,6 +51,10 @@ type handshakeTransport struct {
 	// connection.
 	hostKeys []Signer
 
+	// publicKeyAuthAlgorithms is non-empty if we are the server. In that case,
+	// it contains the supported client public key authentication algorithms.
+	publicKeyAuthAlgorithms []string
+
 	// hostKeyAlgorithms is non-empty if we are the client. In that case,
 	// we accept these key types from the server as host key.
 	hostKeyAlgorithms []string
@@ -141,6 +146,7 @@ func newClientTransport(conn keyingTransport, clientVersion, serverVersion []byt
 func newServerTransport(conn keyingTransport, clientVersion, serverVersion []byte, config *ServerConfig) *handshakeTransport {
 	t := newHandshakeTransport(conn, &config.Config, clientVersion, serverVersion)
 	t.hostKeys = config.hostKeys
+	t.publicKeyAuthAlgorithms = config.PublicKeyAuthAlgorithms
 	go t.readLoop()
 	go t.kexLoop()
 	return t
@@ -649,6 +655,7 @@ func (t *handshakeTransport) enterKeyExchange(otherInitPacket []byte) error {
 	// message with the server-sig-algs extension if the client supports it. See
 	// RFC 8308, Sections 2.4 and 3.1, and [PROTOCOL], Section 1.9.
 	if !isClient && firstKeyExchange && contains(clientInit.KexAlgos, "ext-info-c") {
+		supportedPubKeyAuthAlgosList := strings.Join(t.publicKeyAuthAlgorithms, ",")
 		extInfo := &extInfoMsg{
 			NumExtensions: 2,
 			Payload:       make([]byte, 0, 4+15+4+len(supportedPubKeyAuthAlgosList)+4+16+4+1),
diff --git a/vendor/golang.org/x/crypto/ssh/keys.go b/vendor/golang.org/x/crypto/ssh/keys.go
index ef1bad731b..df4ebdada5 100644
--- a/vendor/golang.org/x/crypto/ssh/keys.go
+++ b/vendor/golang.org/x/crypto/ssh/keys.go
@@ -1232,16 +1232,27 @@ func ParseRawPrivateKeyWithPassphrase(pemBytes, passphrase []byte) (interface{},
 		return nil, fmt.Errorf("ssh: cannot decode encrypted private keys: %v", err)
 	}
 
+	var result interface{}
+
 	switch block.Type {
 	case "RSA PRIVATE KEY":
-		return x509.ParsePKCS1PrivateKey(buf)
+		result, err = x509.ParsePKCS1PrivateKey(buf)
 	case "EC PRIVATE KEY":
-		return x509.ParseECPrivateKey(buf)
+		result, err = x509.ParseECPrivateKey(buf)
 	case "DSA PRIVATE KEY":
-		return ParseDSAPrivateKey(buf)
+		result, err = ParseDSAPrivateKey(buf)
 	default:
-		return nil, fmt.Errorf("ssh: unsupported key type %q", block.Type)
+		err = fmt.Errorf("ssh: unsupported key type %q", block.Type)
 	}
+	// Because of deficiencies in the format, DecryptPEMBlock does not always
+	// detect an incorrect password. In these cases decrypted DER bytes is
+	// random noise. If the parsing of the key returns an asn1.StructuralError
+	// we return x509.IncorrectPasswordError.
+	if _, ok := err.(asn1.StructuralError); ok {
+		return nil, x509.IncorrectPasswordError
+	}
+
+	return result, err
 }
 
 // ParseDSAPrivateKey returns a DSA private key from its ASN.1 DER encoding, as
diff --git a/vendor/golang.org/x/crypto/ssh/server.go b/vendor/golang.org/x/crypto/ssh/server.go
index 727c71b9c7..8f1505af94 100644
--- a/vendor/golang.org/x/crypto/ssh/server.go
+++ b/vendor/golang.org/x/crypto/ssh/server.go
@@ -64,6 +64,13 @@ type ServerConfig struct {
 	// Config contains configuration shared between client and server.
 	Config
 
+	// PublicKeyAuthAlgorithms specifies the supported client public key
+	// authentication algorithms. Note that this should not include certificate
+	// types since those use the underlying algorithm. This list is sent to the
+	// client if it supports the server-sig-algs extension. Order is irrelevant.
+	// If unspecified then a default set of algorithms is used.
+	PublicKeyAuthAlgorithms []string
+
 	hostKeys []Signer
 
 	// NoClientAuth is true if clients are allowed to connect without
@@ -201,6 +208,15 @@ func NewServerConn(c net.Conn, config *ServerConfig) (*ServerConn, <-chan NewCha
 	if fullConf.MaxAuthTries == 0 {
 		fullConf.MaxAuthTries = 6
 	}
+	if len(fullConf.PublicKeyAuthAlgorithms) == 0 {
+		fullConf.PublicKeyAuthAlgorithms = supportedPubKeyAuthAlgos
+	} else {
+		for _, algo := range fullConf.PublicKeyAuthAlgorithms {
+			if !contains(supportedPubKeyAuthAlgos, algo) {
+				return nil, nil, nil, fmt.Errorf("ssh: unsupported public key authentication algorithm %s", algo)
+			}
+		}
+	}
 	// Check if the config contains any unsupported key exchanges
 	for _, kex := range fullConf.KeyExchanges {
 		if _, ok := serverForbiddenKexAlgos[kex]; ok {
@@ -524,7 +540,7 @@ userAuthLoop:
 				return nil, parseError(msgUserAuthRequest)
 			}
 			algo := string(algoBytes)
-			if !contains(supportedPubKeyAuthAlgos, underlyingAlgo(algo)) {
+			if !contains(config.PublicKeyAuthAlgorithms, underlyingAlgo(algo)) {
 				authErr = fmt.Errorf("ssh: algorithm %q not accepted", algo)
 				break
 			}
@@ -591,7 +607,7 @@ userAuthLoop:
 				// algorithm name that corresponds to algo with
 				// sig.Format.  This is usually the same, but
 				// for certs, the names differ.
-				if !contains(supportedPubKeyAuthAlgos, sig.Format) {
+				if !contains(config.PublicKeyAuthAlgorithms, sig.Format) {
 					authErr = fmt.Errorf("ssh: algorithm %q not accepted", sig.Format)
 					break
 				}
diff --git a/vendor/golang.org/x/sync/errgroup/go120.go b/vendor/golang.org/x/sync/errgroup/go120.go
index 7d419d3760..f93c740b63 100644
--- a/vendor/golang.org/x/sync/errgroup/go120.go
+++ b/vendor/golang.org/x/sync/errgroup/go120.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build go1.20
-// +build go1.20
 
 package errgroup
 
diff --git a/vendor/golang.org/x/sync/errgroup/pre_go120.go b/vendor/golang.org/x/sync/errgroup/pre_go120.go
index 1795c18ace..88ce33434e 100644
--- a/vendor/golang.org/x/sync/errgroup/pre_go120.go
+++ b/vendor/golang.org/x/sync/errgroup/pre_go120.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !go1.20
-// +build !go1.20
 
 package errgroup
 
diff --git a/vendor/golang.org/x/sys/cpu/asm_aix_ppc64.s b/vendor/golang.org/x/sys/cpu/asm_aix_ppc64.s
index db9171c2e4..269e173ca4 100644
--- a/vendor/golang.org/x/sys/cpu/asm_aix_ppc64.s
+++ b/vendor/golang.org/x/sys/cpu/asm_aix_ppc64.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_aix.go b/vendor/golang.org/x/sys/cpu/cpu_aix.go
index 8aaeef545a..9bf0c32eb6 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_aix.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_aix.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix
-// +build aix
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_arm64.s b/vendor/golang.org/x/sys/cpu/cpu_arm64.s
index c61f95a05a..fcb9a38882 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_arm64.s
+++ b/vendor/golang.org/x/sys/cpu/cpu_arm64.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go
index ccf542a73d..a8acd3e328 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc
-// +build gc
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gc_s390x.go b/vendor/golang.org/x/sys/cpu/cpu_gc_s390x.go
index 0af2f24841..c8ae6ddc15 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_gc_s390x.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_gc_s390x.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc
-// +build gc
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gc_x86.go b/vendor/golang.org/x/sys/cpu/cpu_gc_x86.go
index fa7cdb9bcd..910728fb16 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_gc_x86.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_gc_x86.go
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (386 || amd64 || amd64p32) && gc
-// +build 386 amd64 amd64p32
-// +build gc
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.go
index 2aff318911..7f1946780b 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gccgo
-// +build gccgo
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gccgo_s390x.go b/vendor/golang.org/x/sys/cpu/cpu_gccgo_s390x.go
index 4bfbda6199..9526d2ce3a 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_gccgo_s390x.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_gccgo_s390x.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gccgo
-// +build gccgo
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.c b/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.c
index 6cc73109f5..3f73a05dcf 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.c
+++ b/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.c
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (386 || amd64 || amd64p32) && gccgo
-// +build 386 amd64 amd64p32
-// +build gccgo
 
 #include <cpuid.h>
 #include <stdint.h>
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.go b/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.go
index 863d415ab4..99c60fe9f9 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.go
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (386 || amd64 || amd64p32) && gccgo
-// +build 386 amd64 amd64p32
-// +build gccgo
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_linux.go b/vendor/golang.org/x/sys/cpu/cpu_linux.go
index 159a686f6f..743eb54354 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_linux.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_linux.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !386 && !amd64 && !amd64p32 && !arm64
-// +build !386,!amd64,!amd64p32,!arm64
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_linux_mips64x.go b/vendor/golang.org/x/sys/cpu/cpu_linux_mips64x.go
index 6000db4cdd..4686c1d541 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_linux_mips64x.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_linux_mips64x.go
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && (mips64 || mips64le)
-// +build linux
-// +build mips64 mips64le
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_linux_noinit.go b/vendor/golang.org/x/sys/cpu/cpu_linux_noinit.go
index f4992b1a59..cd63e73355 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_linux_noinit.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_linux_noinit.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && !arm && !arm64 && !mips64 && !mips64le && !ppc64 && !ppc64le && !s390x
-// +build linux,!arm,!arm64,!mips64,!mips64le,!ppc64,!ppc64le,!s390x
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_linux_ppc64x.go b/vendor/golang.org/x/sys/cpu/cpu_linux_ppc64x.go
index 021356d6de..197188e67f 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_linux_ppc64x.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_linux_ppc64x.go
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && (ppc64 || ppc64le)
-// +build linux
-// +build ppc64 ppc64le
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_loong64.go b/vendor/golang.org/x/sys/cpu/cpu_loong64.go
index 0f57b05bdb..558635850c 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_loong64.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_loong64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build loong64
-// +build loong64
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_mips64x.go b/vendor/golang.org/x/sys/cpu/cpu_mips64x.go
index f4063c6642..fedb00cc4c 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_mips64x.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_mips64x.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build mips64 || mips64le
-// +build mips64 mips64le
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_mipsx.go b/vendor/golang.org/x/sys/cpu/cpu_mipsx.go
index 07c4e36d8f..ffb4ec7eb3 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_mipsx.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_mipsx.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build mips || mipsle
-// +build mips mipsle
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_other_arm.go b/vendor/golang.org/x/sys/cpu/cpu_other_arm.go
index d7b4fb4ccc..e9ecf2a456 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_other_arm.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_other_arm.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !linux && arm
-// +build !linux,arm
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_other_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_other_arm64.go
index f3cde129b6..5341e7f88d 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_other_arm64.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_other_arm64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !linux && !netbsd && !openbsd && arm64
-// +build !linux,!netbsd,!openbsd,arm64
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_other_mips64x.go b/vendor/golang.org/x/sys/cpu/cpu_other_mips64x.go
index 0dafe9644a..5f8f2419ab 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_other_mips64x.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_other_mips64x.go
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !linux && (mips64 || mips64le)
-// +build !linux
-// +build mips64 mips64le
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_other_ppc64x.go b/vendor/golang.org/x/sys/cpu/cpu_other_ppc64x.go
index 060d46b6ea..89608fba27 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_other_ppc64x.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_other_ppc64x.go
@@ -3,9 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !aix && !linux && (ppc64 || ppc64le)
-// +build !aix
-// +build !linux
-// +build ppc64 ppc64le
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_other_riscv64.go b/vendor/golang.org/x/sys/cpu/cpu_other_riscv64.go
index dd10eb79fe..5ab87808f7 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_other_riscv64.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_other_riscv64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !linux && riscv64
-// +build !linux,riscv64
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_ppc64x.go b/vendor/golang.org/x/sys/cpu/cpu_ppc64x.go
index 4e8acd1658..c14f12b149 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_ppc64x.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_ppc64x.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build ppc64 || ppc64le
-// +build ppc64 ppc64le
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_riscv64.go b/vendor/golang.org/x/sys/cpu/cpu_riscv64.go
index ff7da60eb8..7f0c79c004 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_riscv64.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_riscv64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build riscv64
-// +build riscv64
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_s390x.s b/vendor/golang.org/x/sys/cpu/cpu_s390x.s
index 96f81e2097..1fb4b70133 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_s390x.s
+++ b/vendor/golang.org/x/sys/cpu/cpu_s390x.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_wasm.go b/vendor/golang.org/x/sys/cpu/cpu_wasm.go
index 7747d888a6..384787ea30 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_wasm.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_wasm.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build wasm
-// +build wasm
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_x86.go b/vendor/golang.org/x/sys/cpu/cpu_x86.go
index 2dcde8285d..c29f5e4c5a 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_x86.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_x86.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build 386 || amd64 || amd64p32
-// +build 386 amd64 amd64p32
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_x86.s b/vendor/golang.org/x/sys/cpu/cpu_x86.s
index 39acab2ff5..7d7ba33efb 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_x86.s
+++ b/vendor/golang.org/x/sys/cpu/cpu_x86.s
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (386 || amd64 || amd64p32) && gc
-// +build 386 amd64 amd64p32
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/cpu/endian_big.go b/vendor/golang.org/x/sys/cpu/endian_big.go
index 93ce03a346..7fe04b0a13 100644
--- a/vendor/golang.org/x/sys/cpu/endian_big.go
+++ b/vendor/golang.org/x/sys/cpu/endian_big.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build armbe || arm64be || m68k || mips || mips64 || mips64p32 || ppc || ppc64 || s390 || s390x || shbe || sparc || sparc64
-// +build armbe arm64be m68k mips mips64 mips64p32 ppc ppc64 s390 s390x shbe sparc sparc64
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/endian_little.go b/vendor/golang.org/x/sys/cpu/endian_little.go
index 55db853efb..48eccc4c79 100644
--- a/vendor/golang.org/x/sys/cpu/endian_little.go
+++ b/vendor/golang.org/x/sys/cpu/endian_little.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build 386 || amd64 || amd64p32 || alpha || arm || arm64 || loong64 || mipsle || mips64le || mips64p32le || nios2 || ppc64le || riscv || riscv64 || sh || wasm
-// +build 386 amd64 amd64p32 alpha arm arm64 loong64 mipsle mips64le mips64p32le nios2 ppc64le riscv riscv64 sh wasm
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/proc_cpuinfo_linux.go b/vendor/golang.org/x/sys/cpu/proc_cpuinfo_linux.go
index d87bd6b3eb..4cd64c7042 100644
--- a/vendor/golang.org/x/sys/cpu/proc_cpuinfo_linux.go
+++ b/vendor/golang.org/x/sys/cpu/proc_cpuinfo_linux.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && arm64
-// +build linux,arm64
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/runtime_auxv_go121.go b/vendor/golang.org/x/sys/cpu/runtime_auxv_go121.go
index b975ea2a04..4c9788ea8e 100644
--- a/vendor/golang.org/x/sys/cpu/runtime_auxv_go121.go
+++ b/vendor/golang.org/x/sys/cpu/runtime_auxv_go121.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build go1.21
-// +build go1.21
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/syscall_aix_gccgo.go b/vendor/golang.org/x/sys/cpu/syscall_aix_gccgo.go
index 96134157a1..1b9ccb091a 100644
--- a/vendor/golang.org/x/sys/cpu/syscall_aix_gccgo.go
+++ b/vendor/golang.org/x/sys/cpu/syscall_aix_gccgo.go
@@ -9,7 +9,6 @@
 // gccgo's libgo and thus must not used a CGo method.
 
 //go:build aix && gccgo
-// +build aix,gccgo
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/syscall_aix_ppc64_gc.go b/vendor/golang.org/x/sys/cpu/syscall_aix_ppc64_gc.go
index 904be42ffd..e8b6cdbe9a 100644
--- a/vendor/golang.org/x/sys/cpu/syscall_aix_ppc64_gc.go
+++ b/vendor/golang.org/x/sys/cpu/syscall_aix_ppc64_gc.go
@@ -7,7 +7,6 @@
 // (See golang.org/issue/32102)
 
 //go:build aix && ppc64 && gc
-// +build aix,ppc64,gc
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/execabs/execabs_go118.go b/vendor/golang.org/x/sys/execabs/execabs_go118.go
index 2000064a81..5627d70e39 100644
--- a/vendor/golang.org/x/sys/execabs/execabs_go118.go
+++ b/vendor/golang.org/x/sys/execabs/execabs_go118.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !go1.19
-// +build !go1.19
 
 package execabs
 
diff --git a/vendor/golang.org/x/sys/execabs/execabs_go119.go b/vendor/golang.org/x/sys/execabs/execabs_go119.go
index f364b34189..d60ab1b419 100644
--- a/vendor/golang.org/x/sys/execabs/execabs_go119.go
+++ b/vendor/golang.org/x/sys/execabs/execabs_go119.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build go1.19
-// +build go1.19
 
 package execabs
 
diff --git a/vendor/golang.org/x/sys/plan9/pwd_go15_plan9.go b/vendor/golang.org/x/sys/plan9/pwd_go15_plan9.go
index c9b69937a0..73687de748 100644
--- a/vendor/golang.org/x/sys/plan9/pwd_go15_plan9.go
+++ b/vendor/golang.org/x/sys/plan9/pwd_go15_plan9.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build go1.5
-// +build go1.5
 
 package plan9
 
diff --git a/vendor/golang.org/x/sys/plan9/pwd_plan9.go b/vendor/golang.org/x/sys/plan9/pwd_plan9.go
index 98bf56b732..fb94582184 100644
--- a/vendor/golang.org/x/sys/plan9/pwd_plan9.go
+++ b/vendor/golang.org/x/sys/plan9/pwd_plan9.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !go1.5
-// +build !go1.5
 
 package plan9
 
diff --git a/vendor/golang.org/x/sys/plan9/race.go b/vendor/golang.org/x/sys/plan9/race.go
index 62377d2ff9..c02d9ed333 100644
--- a/vendor/golang.org/x/sys/plan9/race.go
+++ b/vendor/golang.org/x/sys/plan9/race.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build plan9 && race
-// +build plan9,race
 
 package plan9
 
diff --git a/vendor/golang.org/x/sys/plan9/race0.go b/vendor/golang.org/x/sys/plan9/race0.go
index f8da30876d..7b15e15f65 100644
--- a/vendor/golang.org/x/sys/plan9/race0.go
+++ b/vendor/golang.org/x/sys/plan9/race0.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build plan9 && !race
-// +build plan9,!race
 
 package plan9
 
diff --git a/vendor/golang.org/x/sys/plan9/str.go b/vendor/golang.org/x/sys/plan9/str.go
index 55fa8d025e..ba3e8ff8a6 100644
--- a/vendor/golang.org/x/sys/plan9/str.go
+++ b/vendor/golang.org/x/sys/plan9/str.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build plan9
-// +build plan9
 
 package plan9
 
diff --git a/vendor/golang.org/x/sys/plan9/syscall.go b/vendor/golang.org/x/sys/plan9/syscall.go
index 67e5b0115c..d631fd664a 100644
--- a/vendor/golang.org/x/sys/plan9/syscall.go
+++ b/vendor/golang.org/x/sys/plan9/syscall.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build plan9
-// +build plan9
 
 // Package plan9 contains an interface to the low-level operating system
 // primitives. OS details vary depending on the underlying system, and
diff --git a/vendor/golang.org/x/sys/plan9/zsyscall_plan9_386.go b/vendor/golang.org/x/sys/plan9/zsyscall_plan9_386.go
index 3f40b9bd74..f780d5c807 100644
--- a/vendor/golang.org/x/sys/plan9/zsyscall_plan9_386.go
+++ b/vendor/golang.org/x/sys/plan9/zsyscall_plan9_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build plan9 && 386
-// +build plan9,386
 
 package plan9
 
diff --git a/vendor/golang.org/x/sys/plan9/zsyscall_plan9_amd64.go b/vendor/golang.org/x/sys/plan9/zsyscall_plan9_amd64.go
index 0e6a96aa4f..7de61065f6 100644
--- a/vendor/golang.org/x/sys/plan9/zsyscall_plan9_amd64.go
+++ b/vendor/golang.org/x/sys/plan9/zsyscall_plan9_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build plan9 && amd64
-// +build plan9,amd64
 
 package plan9
 
diff --git a/vendor/golang.org/x/sys/plan9/zsyscall_plan9_arm.go b/vendor/golang.org/x/sys/plan9/zsyscall_plan9_arm.go
index 244c501b77..ea85780f03 100644
--- a/vendor/golang.org/x/sys/plan9/zsyscall_plan9_arm.go
+++ b/vendor/golang.org/x/sys/plan9/zsyscall_plan9_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build plan9 && arm
-// +build plan9,arm
 
 package plan9
 
diff --git a/vendor/golang.org/x/sys/unix/aliases.go b/vendor/golang.org/x/sys/unix/aliases.go
index abc89c104a..e7d3df4bd3 100644
--- a/vendor/golang.org/x/sys/unix/aliases.go
+++ b/vendor/golang.org/x/sys/unix/aliases.go
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos) && go1.9
-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
-// +build go1.9
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/asm_aix_ppc64.s b/vendor/golang.org/x/sys/unix/asm_aix_ppc64.s
index db9171c2e4..269e173ca4 100644
--- a/vendor/golang.org/x/sys/unix/asm_aix_ppc64.s
+++ b/vendor/golang.org/x/sys/unix/asm_aix_ppc64.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/asm_bsd_386.s b/vendor/golang.org/x/sys/unix/asm_bsd_386.s
index e0fcd9b3de..a4fcef0e0d 100644
--- a/vendor/golang.org/x/sys/unix/asm_bsd_386.s
+++ b/vendor/golang.org/x/sys/unix/asm_bsd_386.s
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (freebsd || netbsd || openbsd) && gc
-// +build freebsd netbsd openbsd
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/asm_bsd_amd64.s b/vendor/golang.org/x/sys/unix/asm_bsd_amd64.s
index 2b99c349a2..1e63615c57 100644
--- a/vendor/golang.org/x/sys/unix/asm_bsd_amd64.s
+++ b/vendor/golang.org/x/sys/unix/asm_bsd_amd64.s
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (darwin || dragonfly || freebsd || netbsd || openbsd) && gc
-// +build darwin dragonfly freebsd netbsd openbsd
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/asm_bsd_arm.s b/vendor/golang.org/x/sys/unix/asm_bsd_arm.s
index d702d4adc7..6496c31008 100644
--- a/vendor/golang.org/x/sys/unix/asm_bsd_arm.s
+++ b/vendor/golang.org/x/sys/unix/asm_bsd_arm.s
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (freebsd || netbsd || openbsd) && gc
-// +build freebsd netbsd openbsd
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/asm_bsd_arm64.s b/vendor/golang.org/x/sys/unix/asm_bsd_arm64.s
index fe36a7391a..4fd1f54daa 100644
--- a/vendor/golang.org/x/sys/unix/asm_bsd_arm64.s
+++ b/vendor/golang.org/x/sys/unix/asm_bsd_arm64.s
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (darwin || freebsd || netbsd || openbsd) && gc
-// +build darwin freebsd netbsd openbsd
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/asm_bsd_ppc64.s b/vendor/golang.org/x/sys/unix/asm_bsd_ppc64.s
index e5b9a84899..42f7eb9e47 100644
--- a/vendor/golang.org/x/sys/unix/asm_bsd_ppc64.s
+++ b/vendor/golang.org/x/sys/unix/asm_bsd_ppc64.s
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (darwin || freebsd || netbsd || openbsd) && gc
-// +build darwin freebsd netbsd openbsd
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/asm_bsd_riscv64.s b/vendor/golang.org/x/sys/unix/asm_bsd_riscv64.s
index d560019ea2..f8902667e9 100644
--- a/vendor/golang.org/x/sys/unix/asm_bsd_riscv64.s
+++ b/vendor/golang.org/x/sys/unix/asm_bsd_riscv64.s
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (darwin || freebsd || netbsd || openbsd) && gc
-// +build darwin freebsd netbsd openbsd
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_386.s b/vendor/golang.org/x/sys/unix/asm_linux_386.s
index 8fd101d071..3b4734870d 100644
--- a/vendor/golang.org/x/sys/unix/asm_linux_386.s
+++ b/vendor/golang.org/x/sys/unix/asm_linux_386.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_amd64.s b/vendor/golang.org/x/sys/unix/asm_linux_amd64.s
index 7ed38e43c6..67e29f3178 100644
--- a/vendor/golang.org/x/sys/unix/asm_linux_amd64.s
+++ b/vendor/golang.org/x/sys/unix/asm_linux_amd64.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_arm.s b/vendor/golang.org/x/sys/unix/asm_linux_arm.s
index 8ef1d51402..d6ae269ce1 100644
--- a/vendor/golang.org/x/sys/unix/asm_linux_arm.s
+++ b/vendor/golang.org/x/sys/unix/asm_linux_arm.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_arm64.s b/vendor/golang.org/x/sys/unix/asm_linux_arm64.s
index 98ae02760d..01e5e253c6 100644
--- a/vendor/golang.org/x/sys/unix/asm_linux_arm64.s
+++ b/vendor/golang.org/x/sys/unix/asm_linux_arm64.s
@@ -3,9 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && arm64 && gc
-// +build linux
-// +build arm64
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_loong64.s b/vendor/golang.org/x/sys/unix/asm_linux_loong64.s
index 565357288a..2abf12f6e8 100644
--- a/vendor/golang.org/x/sys/unix/asm_linux_loong64.s
+++ b/vendor/golang.org/x/sys/unix/asm_linux_loong64.s
@@ -3,9 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && loong64 && gc
-// +build linux
-// +build loong64
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_mips64x.s b/vendor/golang.org/x/sys/unix/asm_linux_mips64x.s
index 21231d2ce1..f84bae7120 100644
--- a/vendor/golang.org/x/sys/unix/asm_linux_mips64x.s
+++ b/vendor/golang.org/x/sys/unix/asm_linux_mips64x.s
@@ -3,9 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && (mips64 || mips64le) && gc
-// +build linux
-// +build mips64 mips64le
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_mipsx.s b/vendor/golang.org/x/sys/unix/asm_linux_mipsx.s
index 6783b26c60..f08f628077 100644
--- a/vendor/golang.org/x/sys/unix/asm_linux_mipsx.s
+++ b/vendor/golang.org/x/sys/unix/asm_linux_mipsx.s
@@ -3,9 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && (mips || mipsle) && gc
-// +build linux
-// +build mips mipsle
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_ppc64x.s b/vendor/golang.org/x/sys/unix/asm_linux_ppc64x.s
index 19d4989344..bdfc024d2d 100644
--- a/vendor/golang.org/x/sys/unix/asm_linux_ppc64x.s
+++ b/vendor/golang.org/x/sys/unix/asm_linux_ppc64x.s
@@ -3,9 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && (ppc64 || ppc64le) && gc
-// +build linux
-// +build ppc64 ppc64le
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_riscv64.s b/vendor/golang.org/x/sys/unix/asm_linux_riscv64.s
index e42eb81d58..2e8c996120 100644
--- a/vendor/golang.org/x/sys/unix/asm_linux_riscv64.s
+++ b/vendor/golang.org/x/sys/unix/asm_linux_riscv64.s
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build riscv64 && gc
-// +build riscv64
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_s390x.s b/vendor/golang.org/x/sys/unix/asm_linux_s390x.s
index c46aab3395..2c394b11eb 100644
--- a/vendor/golang.org/x/sys/unix/asm_linux_s390x.s
+++ b/vendor/golang.org/x/sys/unix/asm_linux_s390x.s
@@ -3,9 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && s390x && gc
-// +build linux
-// +build s390x
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/asm_openbsd_mips64.s b/vendor/golang.org/x/sys/unix/asm_openbsd_mips64.s
index 5e7a1169c0..fab586a2c4 100644
--- a/vendor/golang.org/x/sys/unix/asm_openbsd_mips64.s
+++ b/vendor/golang.org/x/sys/unix/asm_openbsd_mips64.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/asm_solaris_amd64.s b/vendor/golang.org/x/sys/unix/asm_solaris_amd64.s
index f8c5394c1a..f949ec5476 100644
--- a/vendor/golang.org/x/sys/unix/asm_solaris_amd64.s
+++ b/vendor/golang.org/x/sys/unix/asm_solaris_amd64.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/asm_zos_s390x.s b/vendor/golang.org/x/sys/unix/asm_zos_s390x.s
index 3b54e18581..2f67ba86d5 100644
--- a/vendor/golang.org/x/sys/unix/asm_zos_s390x.s
+++ b/vendor/golang.org/x/sys/unix/asm_zos_s390x.s
@@ -3,9 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build zos && s390x && gc
-// +build zos
-// +build s390x
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/cap_freebsd.go b/vendor/golang.org/x/sys/unix/cap_freebsd.go
index 0b7c6adb86..a08657890f 100644
--- a/vendor/golang.org/x/sys/unix/cap_freebsd.go
+++ b/vendor/golang.org/x/sys/unix/cap_freebsd.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build freebsd
-// +build freebsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/constants.go b/vendor/golang.org/x/sys/unix/constants.go
index 394a3965b6..6fb7cb77d0 100644
--- a/vendor/golang.org/x/sys/unix/constants.go
+++ b/vendor/golang.org/x/sys/unix/constants.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/dev_aix_ppc.go b/vendor/golang.org/x/sys/unix/dev_aix_ppc.go
index 65a998508d..d785134617 100644
--- a/vendor/golang.org/x/sys/unix/dev_aix_ppc.go
+++ b/vendor/golang.org/x/sys/unix/dev_aix_ppc.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix && ppc
-// +build aix,ppc
 
 // Functions to access/create device major and minor numbers matching the
 // encoding used by AIX.
diff --git a/vendor/golang.org/x/sys/unix/dev_aix_ppc64.go b/vendor/golang.org/x/sys/unix/dev_aix_ppc64.go
index 8fc08ad0aa..623a5e6973 100644
--- a/vendor/golang.org/x/sys/unix/dev_aix_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/dev_aix_ppc64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix && ppc64
-// +build aix,ppc64
 
 // Functions to access/create device major and minor numbers matching the
 // encoding used AIX.
diff --git a/vendor/golang.org/x/sys/unix/dev_zos.go b/vendor/golang.org/x/sys/unix/dev_zos.go
index a388e59a0e..bb6a64fe92 100644
--- a/vendor/golang.org/x/sys/unix/dev_zos.go
+++ b/vendor/golang.org/x/sys/unix/dev_zos.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build zos && s390x
-// +build zos,s390x
 
 // Functions to access/create device major and minor numbers matching the
 // encoding used by z/OS.
diff --git a/vendor/golang.org/x/sys/unix/dirent.go b/vendor/golang.org/x/sys/unix/dirent.go
index 2499f977b0..1ebf117826 100644
--- a/vendor/golang.org/x/sys/unix/dirent.go
+++ b/vendor/golang.org/x/sys/unix/dirent.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/endian_big.go b/vendor/golang.org/x/sys/unix/endian_big.go
index a520265576..1095fd31d6 100644
--- a/vendor/golang.org/x/sys/unix/endian_big.go
+++ b/vendor/golang.org/x/sys/unix/endian_big.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 //
 //go:build armbe || arm64be || m68k || mips || mips64 || mips64p32 || ppc || ppc64 || s390 || s390x || shbe || sparc || sparc64
-// +build armbe arm64be m68k mips mips64 mips64p32 ppc ppc64 s390 s390x shbe sparc sparc64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/endian_little.go b/vendor/golang.org/x/sys/unix/endian_little.go
index b0f2bc4ae3..b9f0e277b1 100644
--- a/vendor/golang.org/x/sys/unix/endian_little.go
+++ b/vendor/golang.org/x/sys/unix/endian_little.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 //
 //go:build 386 || amd64 || amd64p32 || alpha || arm || arm64 || loong64 || mipsle || mips64le || mips64p32le || nios2 || ppc64le || riscv || riscv64 || sh
-// +build 386 amd64 amd64p32 alpha arm arm64 loong64 mipsle mips64le mips64p32le nios2 ppc64le riscv riscv64 sh
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/env_unix.go b/vendor/golang.org/x/sys/unix/env_unix.go
index 29ccc4d133..a96da71f47 100644
--- a/vendor/golang.org/x/sys/unix/env_unix.go
+++ b/vendor/golang.org/x/sys/unix/env_unix.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
 
 // Unix environment variables.
 
diff --git a/vendor/golang.org/x/sys/unix/epoll_zos.go b/vendor/golang.org/x/sys/unix/epoll_zos.go
index cedaf7e024..7753fddea8 100644
--- a/vendor/golang.org/x/sys/unix/epoll_zos.go
+++ b/vendor/golang.org/x/sys/unix/epoll_zos.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build zos && s390x
-// +build zos,s390x
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/fcntl.go b/vendor/golang.org/x/sys/unix/fcntl.go
index e9b991258c..58c6bfc70f 100644
--- a/vendor/golang.org/x/sys/unix/fcntl.go
+++ b/vendor/golang.org/x/sys/unix/fcntl.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build dragonfly || freebsd || linux || netbsd || openbsd
-// +build dragonfly freebsd linux netbsd openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/fcntl_linux_32bit.go b/vendor/golang.org/x/sys/unix/fcntl_linux_32bit.go
index 29d44808b1..13b4acd5c6 100644
--- a/vendor/golang.org/x/sys/unix/fcntl_linux_32bit.go
+++ b/vendor/golang.org/x/sys/unix/fcntl_linux_32bit.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (linux && 386) || (linux && arm) || (linux && mips) || (linux && mipsle) || (linux && ppc)
-// +build linux,386 linux,arm linux,mips linux,mipsle linux,ppc
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/fdset.go b/vendor/golang.org/x/sys/unix/fdset.go
index a8068f94f2..9e83d18cd0 100644
--- a/vendor/golang.org/x/sys/unix/fdset.go
+++ b/vendor/golang.org/x/sys/unix/fdset.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/fstatfs_zos.go b/vendor/golang.org/x/sys/unix/fstatfs_zos.go
index e377cc9f49..c8bde601e7 100644
--- a/vendor/golang.org/x/sys/unix/fstatfs_zos.go
+++ b/vendor/golang.org/x/sys/unix/fstatfs_zos.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build zos && s390x
-// +build zos,s390x
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/gccgo.go b/vendor/golang.org/x/sys/unix/gccgo.go
index b06f52d748..aca5721ddc 100644
--- a/vendor/golang.org/x/sys/unix/gccgo.go
+++ b/vendor/golang.org/x/sys/unix/gccgo.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gccgo && !aix && !hurd
-// +build gccgo,!aix,!hurd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/gccgo_c.c b/vendor/golang.org/x/sys/unix/gccgo_c.c
index f98a1c542f..d468b7b47f 100644
--- a/vendor/golang.org/x/sys/unix/gccgo_c.c
+++ b/vendor/golang.org/x/sys/unix/gccgo_c.c
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gccgo && !aix && !hurd
-// +build gccgo,!aix,!hurd
 
 #include <errno.h>
 #include <stdint.h>
diff --git a/vendor/golang.org/x/sys/unix/gccgo_linux_amd64.go b/vendor/golang.org/x/sys/unix/gccgo_linux_amd64.go
index e60e49a3d9..972d61bd75 100644
--- a/vendor/golang.org/x/sys/unix/gccgo_linux_amd64.go
+++ b/vendor/golang.org/x/sys/unix/gccgo_linux_amd64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gccgo && linux && amd64
-// +build gccgo,linux,amd64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ifreq_linux.go b/vendor/golang.org/x/sys/unix/ifreq_linux.go
index 15721a5104..848840ae4c 100644
--- a/vendor/golang.org/x/sys/unix/ifreq_linux.go
+++ b/vendor/golang.org/x/sys/unix/ifreq_linux.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux
-// +build linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ioctl_signed.go b/vendor/golang.org/x/sys/unix/ioctl_signed.go
index 7def9580e6..5b0759bd86 100644
--- a/vendor/golang.org/x/sys/unix/ioctl_signed.go
+++ b/vendor/golang.org/x/sys/unix/ioctl_signed.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || solaris
-// +build aix solaris
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ioctl_unsigned.go b/vendor/golang.org/x/sys/unix/ioctl_unsigned.go
index 649913d1ea..20f470b9d0 100644
--- a/vendor/golang.org/x/sys/unix/ioctl_unsigned.go
+++ b/vendor/golang.org/x/sys/unix/ioctl_unsigned.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build darwin || dragonfly || freebsd || hurd || linux || netbsd || openbsd
-// +build darwin dragonfly freebsd hurd linux netbsd openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ioctl_zos.go b/vendor/golang.org/x/sys/unix/ioctl_zos.go
index cdc21bf76d..c8b2a750f8 100644
--- a/vendor/golang.org/x/sys/unix/ioctl_zos.go
+++ b/vendor/golang.org/x/sys/unix/ioctl_zos.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build zos && s390x
-// +build zos,s390x
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/mkerrors.sh b/vendor/golang.org/x/sys/unix/mkerrors.sh
index 47fa6a7ebd..cbe24150a7 100644
--- a/vendor/golang.org/x/sys/unix/mkerrors.sh
+++ b/vendor/golang.org/x/sys/unix/mkerrors.sh
@@ -663,7 +663,6 @@ echo '// mkerrors.sh' "$@"
 echo '// Code generated by the command above; see README.md. DO NOT EDIT.'
 echo
 echo "//go:build ${GOARCH} && ${GOOS}"
-echo "// +build ${GOARCH},${GOOS}"
 echo
 go tool cgo -godefs -- "$@" _const.go >_error.out
 cat _error.out | grep -vf _error.grep | grep -vf _signal.grep
diff --git a/vendor/golang.org/x/sys/unix/mmap_nomremap.go b/vendor/golang.org/x/sys/unix/mmap_nomremap.go
index ca0513632e..4b68e59780 100644
--- a/vendor/golang.org/x/sys/unix/mmap_nomremap.go
+++ b/vendor/golang.org/x/sys/unix/mmap_nomremap.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || darwin || dragonfly || freebsd || openbsd || solaris
-// +build aix darwin dragonfly freebsd openbsd solaris
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/mremap.go b/vendor/golang.org/x/sys/unix/mremap.go
index fa93d0aa90..fd45fe529d 100644
--- a/vendor/golang.org/x/sys/unix/mremap.go
+++ b/vendor/golang.org/x/sys/unix/mremap.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux || netbsd
-// +build linux netbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/pagesize_unix.go b/vendor/golang.org/x/sys/unix/pagesize_unix.go
index 53f1b4c5b8..4d0a3430ed 100644
--- a/vendor/golang.org/x/sys/unix/pagesize_unix.go
+++ b/vendor/golang.org/x/sys/unix/pagesize_unix.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris
-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris
 
 // For Unix, get the pagesize from the runtime.
 
diff --git a/vendor/golang.org/x/sys/unix/pledge_openbsd.go b/vendor/golang.org/x/sys/unix/pledge_openbsd.go
index eb48294b27..6a09af53e6 100644
--- a/vendor/golang.org/x/sys/unix/pledge_openbsd.go
+++ b/vendor/golang.org/x/sys/unix/pledge_openbsd.go
@@ -8,54 +8,31 @@ import (
 	"errors"
 	"fmt"
 	"strconv"
-	"syscall"
-	"unsafe"
 )
 
 // Pledge implements the pledge syscall.
 //
-// The pledge syscall does not accept execpromises on OpenBSD releases
-// before 6.3.
-//
-// execpromises must be empty when Pledge is called on OpenBSD
-// releases predating 6.3, otherwise an error will be returned.
+// This changes both the promises and execpromises; use PledgePromises or
+// PledgeExecpromises to only change the promises or execpromises
+// respectively.
 //
 // For more information see pledge(2).
 func Pledge(promises, execpromises string) error {
-	maj, min, err := majmin()
-	if err != nil {
+	if err := pledgeAvailable(); err != nil {
 		return err
 	}
 
-	err = pledgeAvailable(maj, min, execpromises)
+	pptr, err := BytePtrFromString(promises)
 	if err != nil {
 		return err
 	}
 
-	pptr, err := syscall.BytePtrFromString(promises)
+	exptr, err := BytePtrFromString(execpromises)
 	if err != nil {
 		return err
 	}
 
-	// This variable will hold either a nil unsafe.Pointer or
-	// an unsafe.Pointer to a string (execpromises).
-	var expr unsafe.Pointer
-
-	// If we're running on OpenBSD > 6.2, pass execpromises to the syscall.
-	if maj > 6 || (maj == 6 && min > 2) {
-		exptr, err := syscall.BytePtrFromString(execpromises)
-		if err != nil {
-			return err
-		}
-		expr = unsafe.Pointer(exptr)
-	}
-
-	_, _, e := syscall.Syscall(SYS_PLEDGE, uintptr(unsafe.Pointer(pptr)), uintptr(expr), 0)
-	if e != 0 {
-		return e
-	}
-
-	return nil
+	return pledge(pptr, exptr)
 }
 
 // PledgePromises implements the pledge syscall.
@@ -64,30 +41,16 @@ func Pledge(promises, execpromises string) error {
 //
 // For more information see pledge(2).
 func PledgePromises(promises string) error {
-	maj, min, err := majmin()
-	if err != nil {
-		return err
-	}
-
-	err = pledgeAvailable(maj, min, "")
-	if err != nil {
+	if err := pledgeAvailable(); err != nil {
 		return err
 	}
 
-	// This variable holds the execpromises and is always nil.
-	var expr unsafe.Pointer
-
-	pptr, err := syscall.BytePtrFromString(promises)
+	pptr, err := BytePtrFromString(promises)
 	if err != nil {
 		return err
 	}
 
-	_, _, e := syscall.Syscall(SYS_PLEDGE, uintptr(unsafe.Pointer(pptr)), uintptr(expr), 0)
-	if e != 0 {
-		return e
-	}
-
-	return nil
+	return pledge(pptr, nil)
 }
 
 // PledgeExecpromises implements the pledge syscall.
@@ -96,30 +59,16 @@ func PledgePromises(promises string) error {
 //
 // For more information see pledge(2).
 func PledgeExecpromises(execpromises string) error {
-	maj, min, err := majmin()
-	if err != nil {
+	if err := pledgeAvailable(); err != nil {
 		return err
 	}
 
-	err = pledgeAvailable(maj, min, execpromises)
+	exptr, err := BytePtrFromString(execpromises)
 	if err != nil {
 		return err
 	}
 
-	// This variable holds the promises and is always nil.
-	var pptr unsafe.Pointer
-
-	exptr, err := syscall.BytePtrFromString(execpromises)
-	if err != nil {
-		return err
-	}
-
-	_, _, e := syscall.Syscall(SYS_PLEDGE, uintptr(pptr), uintptr(unsafe.Pointer(exptr)), 0)
-	if e != 0 {
-		return e
-	}
-
-	return nil
+	return pledge(nil, exptr)
 }
 
 // majmin returns major and minor version number for an OpenBSD system.
@@ -147,16 +96,15 @@ func majmin() (major int, minor int, err error) {
 
 // pledgeAvailable checks for availability of the pledge(2) syscall
 // based on the running OpenBSD version.
-func pledgeAvailable(maj, min int, execpromises string) error {
-	// If OpenBSD <= 5.9, pledge is not available.
-	if (maj == 5 && min != 9) || maj < 5 {
-		return fmt.Errorf("pledge syscall is not available on OpenBSD %d.%d", maj, min)
+func pledgeAvailable() error {
+	maj, min, err := majmin()
+	if err != nil {
+		return err
 	}
 
-	// If OpenBSD <= 6.2 and execpromises is not empty,
-	// return an error - execpromises is not available before 6.3
-	if (maj < 6 || (maj == 6 && min <= 2)) && execpromises != "" {
-		return fmt.Errorf("cannot use execpromises on OpenBSD %d.%d", maj, min)
+	// Require OpenBSD 6.4 as a minimum.
+	if maj < 6 || (maj == 6 && min <= 3) {
+		return fmt.Errorf("cannot call Pledge on OpenBSD %d.%d", maj, min)
 	}
 
 	return nil
diff --git a/vendor/golang.org/x/sys/unix/ptrace_darwin.go b/vendor/golang.org/x/sys/unix/ptrace_darwin.go
index 463c3eff7f..3f0975f3de 100644
--- a/vendor/golang.org/x/sys/unix/ptrace_darwin.go
+++ b/vendor/golang.org/x/sys/unix/ptrace_darwin.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build darwin && !ios
-// +build darwin,!ios
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ptrace_ios.go b/vendor/golang.org/x/sys/unix/ptrace_ios.go
index ed0509a011..a4d35db5dc 100644
--- a/vendor/golang.org/x/sys/unix/ptrace_ios.go
+++ b/vendor/golang.org/x/sys/unix/ptrace_ios.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build ios
-// +build ios
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/race.go b/vendor/golang.org/x/sys/unix/race.go
index 6f6c5fec5a..714d2aae7c 100644
--- a/vendor/golang.org/x/sys/unix/race.go
+++ b/vendor/golang.org/x/sys/unix/race.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (darwin && race) || (linux && race) || (freebsd && race)
-// +build darwin,race linux,race freebsd,race
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/race0.go b/vendor/golang.org/x/sys/unix/race0.go
index 706e1322ae..4a9f6634c9 100644
--- a/vendor/golang.org/x/sys/unix/race0.go
+++ b/vendor/golang.org/x/sys/unix/race0.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || (darwin && !race) || (linux && !race) || (freebsd && !race) || netbsd || openbsd || solaris || dragonfly || zos
-// +build aix darwin,!race linux,!race freebsd,!race netbsd openbsd solaris dragonfly zos
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/readdirent_getdents.go b/vendor/golang.org/x/sys/unix/readdirent_getdents.go
index 4d6257569e..dbd2b6ccb1 100644
--- a/vendor/golang.org/x/sys/unix/readdirent_getdents.go
+++ b/vendor/golang.org/x/sys/unix/readdirent_getdents.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || dragonfly || freebsd || linux || netbsd || openbsd
-// +build aix dragonfly freebsd linux netbsd openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/readdirent_getdirentries.go b/vendor/golang.org/x/sys/unix/readdirent_getdirentries.go
index 2a4ba47c45..130398b6b7 100644
--- a/vendor/golang.org/x/sys/unix/readdirent_getdirentries.go
+++ b/vendor/golang.org/x/sys/unix/readdirent_getdirentries.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build darwin
-// +build darwin
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/sockcmsg_unix.go b/vendor/golang.org/x/sys/unix/sockcmsg_unix.go
index 3865943f6e..c3a62dbb1b 100644
--- a/vendor/golang.org/x/sys/unix/sockcmsg_unix.go
+++ b/vendor/golang.org/x/sys/unix/sockcmsg_unix.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
 
 // Socket control messages
 
diff --git a/vendor/golang.org/x/sys/unix/sockcmsg_unix_other.go b/vendor/golang.org/x/sys/unix/sockcmsg_unix_other.go
index 0840fe4a57..4a1eab37ec 100644
--- a/vendor/golang.org/x/sys/unix/sockcmsg_unix_other.go
+++ b/vendor/golang.org/x/sys/unix/sockcmsg_unix_other.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || darwin || freebsd || linux || netbsd || openbsd || solaris || zos
-// +build aix darwin freebsd linux netbsd openbsd solaris zos
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall.go b/vendor/golang.org/x/sys/unix/syscall.go
index 63e8c83831..5ea74da982 100644
--- a/vendor/golang.org/x/sys/unix/syscall.go
+++ b/vendor/golang.org/x/sys/unix/syscall.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
 
 // Package unix contains an interface to the low-level operating system
 // primitives. OS details vary depending on the underlying system, and
diff --git a/vendor/golang.org/x/sys/unix/syscall_aix.go b/vendor/golang.org/x/sys/unix/syscall_aix.go
index e94e6cdac8..67ce6cef2d 100644
--- a/vendor/golang.org/x/sys/unix/syscall_aix.go
+++ b/vendor/golang.org/x/sys/unix/syscall_aix.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix
-// +build aix
 
 // Aix system calls.
 // This file is compiled as ordinary Go code,
@@ -107,7 +106,8 @@ func (sa *SockaddrUnix) sockaddr() (unsafe.Pointer, _Socklen, error) {
 	if n > 0 {
 		sl += _Socklen(n) + 1
 	}
-	if sa.raw.Path[0] == '@' {
+	if sa.raw.Path[0] == '@' || (sa.raw.Path[0] == 0 && sl > 3) {
+		// Check sl > 3 so we don't change unnamed socket behavior.
 		sa.raw.Path[0] = 0
 		// Don't count trailing NUL for abstract address.
 		sl--
diff --git a/vendor/golang.org/x/sys/unix/syscall_aix_ppc.go b/vendor/golang.org/x/sys/unix/syscall_aix_ppc.go
index f2871fa953..1fdaa47600 100644
--- a/vendor/golang.org/x/sys/unix/syscall_aix_ppc.go
+++ b/vendor/golang.org/x/sys/unix/syscall_aix_ppc.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix && ppc
-// +build aix,ppc
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_aix_ppc64.go b/vendor/golang.org/x/sys/unix/syscall_aix_ppc64.go
index 75718ec0f1..c87f9a9f45 100644
--- a/vendor/golang.org/x/sys/unix/syscall_aix_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_aix_ppc64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix && ppc64
-// +build aix,ppc64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_bsd.go b/vendor/golang.org/x/sys/unix/syscall_bsd.go
index 4217de518b..6f328e3a55 100644
--- a/vendor/golang.org/x/sys/unix/syscall_bsd.go
+++ b/vendor/golang.org/x/sys/unix/syscall_bsd.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build darwin || dragonfly || freebsd || netbsd || openbsd
-// +build darwin dragonfly freebsd netbsd openbsd
 
 // BSD system call wrappers shared by *BSD based systems
 // including OS X (Darwin) and FreeBSD.  Like the other
diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go b/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go
index b37310ce9b..0eaecf5fc3 100644
--- a/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build amd64 && darwin
-// +build amd64,darwin
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go b/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go
index d51ec99630..f36c6707cf 100644
--- a/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build arm64 && darwin
-// +build arm64,darwin
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go b/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go
index 53c96641f8..16dc699379 100644
--- a/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go
+++ b/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build darwin && go1.12
-// +build darwin,go1.12
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_dragonfly_amd64.go b/vendor/golang.org/x/sys/unix/syscall_dragonfly_amd64.go
index 4e2d32120a..14bab6b2de 100644
--- a/vendor/golang.org/x/sys/unix/syscall_dragonfly_amd64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_dragonfly_amd64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build amd64 && dragonfly
-// +build amd64,dragonfly
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go
index b8da510043..3967bca772 100644
--- a/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go
+++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build 386 && freebsd
-// +build 386,freebsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go
index 47155c4839..eff19ada23 100644
--- a/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build amd64 && freebsd
-// +build amd64,freebsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go
index 08932093fa..4f24b517a6 100644
--- a/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build arm && freebsd
-// +build arm,freebsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go
index d151a0d0e5..ac30759ece 100644
--- a/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build arm64 && freebsd
-// +build arm64,freebsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go
index d5cd64b378..aab725ca77 100644
--- a/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build riscv64 && freebsd
-// +build riscv64,freebsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_hurd.go b/vendor/golang.org/x/sys/unix/syscall_hurd.go
index 381fd4673b..ba46651f8e 100644
--- a/vendor/golang.org/x/sys/unix/syscall_hurd.go
+++ b/vendor/golang.org/x/sys/unix/syscall_hurd.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build hurd
-// +build hurd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_hurd_386.go b/vendor/golang.org/x/sys/unix/syscall_hurd_386.go
index 7cf54a3e4f..df89f9e6b4 100644
--- a/vendor/golang.org/x/sys/unix/syscall_hurd_386.go
+++ b/vendor/golang.org/x/sys/unix/syscall_hurd_386.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build 386 && hurd
-// +build 386,hurd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_illumos.go b/vendor/golang.org/x/sys/unix/syscall_illumos.go
index 87db5a6a8c..a863f7052c 100644
--- a/vendor/golang.org/x/sys/unix/syscall_illumos.go
+++ b/vendor/golang.org/x/sys/unix/syscall_illumos.go
@@ -5,7 +5,6 @@
 // illumos system calls not present on Solaris.
 
 //go:build amd64 && illumos
-// +build amd64,illumos
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux.go b/vendor/golang.org/x/sys/unix/syscall_linux.go
index fb4e50224c..a5e1c10e34 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux.go
@@ -417,7 +417,8 @@ func (sa *SockaddrUnix) sockaddr() (unsafe.Pointer, _Socklen, error) {
 	if n > 0 {
 		sl += _Socklen(n) + 1
 	}
-	if sa.raw.Path[0] == '@' {
+	if sa.raw.Path[0] == '@' || (sa.raw.Path[0] == 0 && sl > 3) {
+		// Check sl > 3 so we don't change unnamed socket behavior.
 		sa.raw.Path[0] = 0
 		// Don't count trailing NUL for abstract address.
 		sl--
@@ -2482,3 +2483,5 @@ func SchedGetAttr(pid int, flags uint) (*SchedAttr, error) {
 	}
 	return attr, nil
 }
+
+//sys	Cachestat(fd uint, crange *CachestatRange, cstat *Cachestat_t, flags uint) (err error)
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_386.go b/vendor/golang.org/x/sys/unix/syscall_linux_386.go
index c7d9945ea1..506dafa7b4 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_386.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_386.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build 386 && linux
-// +build 386,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_alarm.go b/vendor/golang.org/x/sys/unix/syscall_linux_alarm.go
index 08086ac6a4..38d55641b5 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_alarm.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_alarm.go
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && (386 || amd64 || mips || mipsle || mips64 || mipsle || ppc64 || ppc64le || ppc || s390x || sparc64)
-// +build linux
-// +build 386 amd64 mips mipsle mips64 mipsle ppc64 ppc64le ppc s390x sparc64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go b/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go
index 70601ce369..d557cf8de3 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build amd64 && linux
-// +build amd64,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_amd64_gc.go b/vendor/golang.org/x/sys/unix/syscall_linux_amd64_gc.go
index 8b0f0f3aa5..facdb83b23 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_amd64_gc.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_amd64_gc.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build amd64 && linux && gc
-// +build amd64,linux,gc
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_arm.go b/vendor/golang.org/x/sys/unix/syscall_linux_arm.go
index da2986415a..cd2dd797fd 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_arm.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_arm.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build arm && linux
-// +build arm,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go b/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go
index f5266689af..cf2ee6c75e 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build arm64 && linux
-// +build arm64,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_gc.go b/vendor/golang.org/x/sys/unix/syscall_linux_gc.go
index 2b1168d7d1..ffc4c2b635 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_gc.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_gc.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && gc
-// +build linux,gc
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_gc_386.go b/vendor/golang.org/x/sys/unix/syscall_linux_gc_386.go
index 9843fb4896..9ebfdcf447 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_gc_386.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_gc_386.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && gc && 386
-// +build linux,gc,386
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_gc_arm.go b/vendor/golang.org/x/sys/unix/syscall_linux_gc_arm.go
index a6008fccd5..5f2b57c4c2 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_gc_arm.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_gc_arm.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build arm && gc && linux
-// +build arm,gc,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_386.go b/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_386.go
index 7740af2428..d1a3ad8263 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_386.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_386.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && gccgo && 386
-// +build linux,gccgo,386
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_arm.go b/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_arm.go
index e16a12299a..f2f67423e9 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_arm.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_arm.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && gccgo && arm
-// +build linux,gccgo,arm
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go b/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go
index f6ab02ec15..3d0e98451f 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build loong64 && linux
-// +build loong64,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go b/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go
index 93fe59d25d..70963a95ab 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && (mips64 || mips64le)
-// +build linux
-// +build mips64 mips64le
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go b/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go
index aae7f0ffd3..c218ebd280 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && (mips || mipsle)
-// +build linux
-// +build mips mipsle
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go b/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go
index 66eff19a32..e6c48500ca 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && ppc
-// +build linux,ppc
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go b/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go
index 806aa2574d..7286a9aa88 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && (ppc64 || ppc64le)
-// +build linux
-// +build ppc64 ppc64le
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go b/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go
index 5e6ceee129..6f5a288944 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build riscv64 && linux
-// +build riscv64,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go b/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go
index 2f89e8f5de..66f31210d0 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build s390x && linux
-// +build s390x,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go b/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go
index 7ca064ae76..11d1f16986 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build sparc64 && linux
-// +build sparc64,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_netbsd_386.go b/vendor/golang.org/x/sys/unix/syscall_netbsd_386.go
index 5199d282fd..7a5eb57432 100644
--- a/vendor/golang.org/x/sys/unix/syscall_netbsd_386.go
+++ b/vendor/golang.org/x/sys/unix/syscall_netbsd_386.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build 386 && netbsd
-// +build 386,netbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_netbsd_amd64.go b/vendor/golang.org/x/sys/unix/syscall_netbsd_amd64.go
index 70a9c52e98..62d8957ae6 100644
--- a/vendor/golang.org/x/sys/unix/syscall_netbsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_netbsd_amd64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build amd64 && netbsd
-// +build amd64,netbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_netbsd_arm.go b/vendor/golang.org/x/sys/unix/syscall_netbsd_arm.go
index 3eb5942f93..ce6a068851 100644
--- a/vendor/golang.org/x/sys/unix/syscall_netbsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/syscall_netbsd_arm.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build arm && netbsd
-// +build arm,netbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_netbsd_arm64.go b/vendor/golang.org/x/sys/unix/syscall_netbsd_arm64.go
index fc6ccfd810..d46d689d1b 100644
--- a/vendor/golang.org/x/sys/unix/syscall_netbsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_netbsd_arm64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build arm64 && netbsd
-// +build arm64,netbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_openbsd.go b/vendor/golang.org/x/sys/unix/syscall_openbsd.go
index 6f34479b59..d2882ee04f 100644
--- a/vendor/golang.org/x/sys/unix/syscall_openbsd.go
+++ b/vendor/golang.org/x/sys/unix/syscall_openbsd.go
@@ -137,18 +137,13 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
 }
 
 func Getfsstat(buf []Statfs_t, flags int) (n int, err error) {
-	var _p0 unsafe.Pointer
+	var bufptr *Statfs_t
 	var bufsize uintptr
 	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
+		bufptr = &buf[0]
 		bufsize = unsafe.Sizeof(Statfs_t{}) * uintptr(len(buf))
 	}
-	r0, _, e1 := Syscall(SYS_GETFSSTAT, uintptr(_p0), bufsize, uintptr(flags))
-	n = int(r0)
-	if e1 != 0 {
-		err = e1
-	}
-	return
+	return getfsstat(bufptr, bufsize, flags)
 }
 
 //sysnb	getresuid(ruid *_C_int, euid *_C_int, suid *_C_int)
@@ -326,4 +321,7 @@ func Uname(uname *Utsname) error {
 //sys	write(fd int, p []byte) (n int, err error)
 //sys	mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error)
 //sys	munmap(addr uintptr, length uintptr) (err error)
+//sys	getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error)
 //sys	utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error)
+//sys	pledge(promises *byte, execpromises *byte) (err error)
+//sys	unveil(path *byte, flags *byte) (err error)
diff --git a/vendor/golang.org/x/sys/unix/syscall_openbsd_386.go b/vendor/golang.org/x/sys/unix/syscall_openbsd_386.go
index 6baabcdcb0..9ddc89f4fc 100644
--- a/vendor/golang.org/x/sys/unix/syscall_openbsd_386.go
+++ b/vendor/golang.org/x/sys/unix/syscall_openbsd_386.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build 386 && openbsd
-// +build 386,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_openbsd_amd64.go b/vendor/golang.org/x/sys/unix/syscall_openbsd_amd64.go
index bab25360ea..70a3c96eea 100644
--- a/vendor/golang.org/x/sys/unix/syscall_openbsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_openbsd_amd64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build amd64 && openbsd
-// +build amd64,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_openbsd_arm.go b/vendor/golang.org/x/sys/unix/syscall_openbsd_arm.go
index 8eed3c4d4e..265caa87f7 100644
--- a/vendor/golang.org/x/sys/unix/syscall_openbsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/syscall_openbsd_arm.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build arm && openbsd
-// +build arm,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_openbsd_arm64.go b/vendor/golang.org/x/sys/unix/syscall_openbsd_arm64.go
index 483dde99d4..ac4fda1715 100644
--- a/vendor/golang.org/x/sys/unix/syscall_openbsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_openbsd_arm64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build arm64 && openbsd
-// +build arm64,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_openbsd_libc.go b/vendor/golang.org/x/sys/unix/syscall_openbsd_libc.go
index 04aa43f41b..0a451e6dd4 100644
--- a/vendor/golang.org/x/sys/unix/syscall_openbsd_libc.go
+++ b/vendor/golang.org/x/sys/unix/syscall_openbsd_libc.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build openbsd
-// +build openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_openbsd_ppc64.go b/vendor/golang.org/x/sys/unix/syscall_openbsd_ppc64.go
index c2796139c0..30a308cbb4 100644
--- a/vendor/golang.org/x/sys/unix/syscall_openbsd_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_openbsd_ppc64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build ppc64 && openbsd
-// +build ppc64,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_openbsd_riscv64.go b/vendor/golang.org/x/sys/unix/syscall_openbsd_riscv64.go
index 23199a7ff6..ea954330fa 100644
--- a/vendor/golang.org/x/sys/unix/syscall_openbsd_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_openbsd_riscv64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build riscv64 && openbsd
-// +build riscv64,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_solaris.go b/vendor/golang.org/x/sys/unix/syscall_solaris.go
index b99cfa1342..60c8142d49 100644
--- a/vendor/golang.org/x/sys/unix/syscall_solaris.go
+++ b/vendor/golang.org/x/sys/unix/syscall_solaris.go
@@ -128,7 +128,8 @@ func (sa *SockaddrUnix) sockaddr() (unsafe.Pointer, _Socklen, error) {
 	if n > 0 {
 		sl += _Socklen(n) + 1
 	}
-	if sa.raw.Path[0] == '@' {
+	if sa.raw.Path[0] == '@' || (sa.raw.Path[0] == 0 && sl > 3) {
+		// Check sl > 3 so we don't change unnamed socket behavior.
 		sa.raw.Path[0] = 0
 		// Don't count trailing NUL for abstract address.
 		sl--
diff --git a/vendor/golang.org/x/sys/unix/syscall_solaris_amd64.go b/vendor/golang.org/x/sys/unix/syscall_solaris_amd64.go
index 0bd25ef81f..e02d8ceae3 100644
--- a/vendor/golang.org/x/sys/unix/syscall_solaris_amd64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_solaris_amd64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build amd64 && solaris
-// +build amd64,solaris
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_unix.go b/vendor/golang.org/x/sys/unix/syscall_unix.go
index f6eda27050..77081de8c7 100644
--- a/vendor/golang.org/x/sys/unix/syscall_unix.go
+++ b/vendor/golang.org/x/sys/unix/syscall_unix.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris
-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_unix_gc.go b/vendor/golang.org/x/sys/unix/syscall_unix_gc.go
index b6919ca580..05c95bccfa 100644
--- a/vendor/golang.org/x/sys/unix/syscall_unix_gc.go
+++ b/vendor/golang.org/x/sys/unix/syscall_unix_gc.go
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (darwin || dragonfly || freebsd || (linux && !ppc64 && !ppc64le) || netbsd || openbsd || solaris) && gc
-// +build darwin dragonfly freebsd linux,!ppc64,!ppc64le netbsd openbsd solaris
-// +build gc
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_unix_gc_ppc64x.go b/vendor/golang.org/x/sys/unix/syscall_unix_gc_ppc64x.go
index f6f707acf2..23f39b7af7 100644
--- a/vendor/golang.org/x/sys/unix/syscall_unix_gc_ppc64x.go
+++ b/vendor/golang.org/x/sys/unix/syscall_unix_gc_ppc64x.go
@@ -3,9 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && (ppc64le || ppc64) && gc
-// +build linux
-// +build ppc64le ppc64
-// +build gc
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go b/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go
index 4596d041ce..d99d05f1bc 100644
--- a/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go
+++ b/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build zos && s390x
-// +build zos,s390x
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/sysvshm_linux.go b/vendor/golang.org/x/sys/unix/sysvshm_linux.go
index 2c3a4437f0..4fcd38de27 100644
--- a/vendor/golang.org/x/sys/unix/sysvshm_linux.go
+++ b/vendor/golang.org/x/sys/unix/sysvshm_linux.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux
-// +build linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/sysvshm_unix.go b/vendor/golang.org/x/sys/unix/sysvshm_unix.go
index 5bb41d17bc..79a84f18b4 100644
--- a/vendor/golang.org/x/sys/unix/sysvshm_unix.go
+++ b/vendor/golang.org/x/sys/unix/sysvshm_unix.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (darwin && !ios) || linux
-// +build darwin,!ios linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/sysvshm_unix_other.go b/vendor/golang.org/x/sys/unix/sysvshm_unix_other.go
index 71bddefdb8..9eb0db664c 100644
--- a/vendor/golang.org/x/sys/unix/sysvshm_unix_other.go
+++ b/vendor/golang.org/x/sys/unix/sysvshm_unix_other.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build darwin && !ios
-// +build darwin,!ios
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/timestruct.go b/vendor/golang.org/x/sys/unix/timestruct.go
index 616b1b2848..7997b19022 100644
--- a/vendor/golang.org/x/sys/unix/timestruct.go
+++ b/vendor/golang.org/x/sys/unix/timestruct.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/unveil_openbsd.go b/vendor/golang.org/x/sys/unix/unveil_openbsd.go
index 168d5ae779..cb7e598cef 100644
--- a/vendor/golang.org/x/sys/unix/unveil_openbsd.go
+++ b/vendor/golang.org/x/sys/unix/unveil_openbsd.go
@@ -4,39 +4,48 @@
 
 package unix
 
-import (
-	"syscall"
-	"unsafe"
-)
+import "fmt"
 
 // Unveil implements the unveil syscall.
 // For more information see unveil(2).
 // Note that the special case of blocking further
 // unveil calls is handled by UnveilBlock.
 func Unveil(path string, flags string) error {
-	pathPtr, err := syscall.BytePtrFromString(path)
-	if err != nil {
+	if err := supportsUnveil(); err != nil {
 		return err
 	}
-	flagsPtr, err := syscall.BytePtrFromString(flags)
+	pathPtr, err := BytePtrFromString(path)
 	if err != nil {
 		return err
 	}
-	_, _, e := syscall.Syscall(SYS_UNVEIL, uintptr(unsafe.Pointer(pathPtr)), uintptr(unsafe.Pointer(flagsPtr)), 0)
-	if e != 0 {
-		return e
+	flagsPtr, err := BytePtrFromString(flags)
+	if err != nil {
+		return err
 	}
-	return nil
+	return unveil(pathPtr, flagsPtr)
 }
 
 // UnveilBlock blocks future unveil calls.
 // For more information see unveil(2).
 func UnveilBlock() error {
-	// Both pointers must be nil.
-	var pathUnsafe, flagsUnsafe unsafe.Pointer
-	_, _, e := syscall.Syscall(SYS_UNVEIL, uintptr(pathUnsafe), uintptr(flagsUnsafe), 0)
-	if e != 0 {
-		return e
+	if err := supportsUnveil(); err != nil {
+		return err
 	}
+	return unveil(nil, nil)
+}
+
+// supportsUnveil checks for availability of the unveil(2) system call based
+// on the running OpenBSD version.
+func supportsUnveil() error {
+	maj, min, err := majmin()
+	if err != nil {
+		return err
+	}
+
+	// unveil is not available before 6.4
+	if maj < 6 || (maj == 6 && min <= 3) {
+		return fmt.Errorf("cannot call Unveil on OpenBSD %d.%d", maj, min)
+	}
+
 	return nil
 }
diff --git a/vendor/golang.org/x/sys/unix/xattr_bsd.go b/vendor/golang.org/x/sys/unix/xattr_bsd.go
index f5f8e9f366..e168793961 100644
--- a/vendor/golang.org/x/sys/unix/xattr_bsd.go
+++ b/vendor/golang.org/x/sys/unix/xattr_bsd.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build freebsd || netbsd
-// +build freebsd netbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zerrors_aix_ppc.go b/vendor/golang.org/x/sys/unix/zerrors_aix_ppc.go
index ca9799b79e..2fb219d787 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_aix_ppc.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_aix_ppc.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc && aix
-// +build ppc,aix
 
 // Created by cgo -godefs - DO NOT EDIT
 // cgo -godefs -- -maix32 _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_aix_ppc64.go b/vendor/golang.org/x/sys/unix/zerrors_aix_ppc64.go
index 200c8c26fe..b0e6f5c85c 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_aix_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_aix_ppc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc64 && aix
-// +build ppc64,aix
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -maix64 _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_darwin_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_darwin_amd64.go
index 1430076271..e40fa85245 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_darwin_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_darwin_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && darwin
-// +build amd64,darwin
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_darwin_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_darwin_arm64.go
index ab044a7427..bb02aa6c05 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_darwin_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_darwin_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && darwin
-// +build arm64,darwin
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_dragonfly_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_dragonfly_amd64.go
index 17bba0e44f..c0e0f8694c 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_dragonfly_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_dragonfly_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && dragonfly
-// +build amd64,dragonfly
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_freebsd_386.go b/vendor/golang.org/x/sys/unix/zerrors_freebsd_386.go
index f8c2c51387..6c6923906f 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_freebsd_386.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_freebsd_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build 386 && freebsd
-// +build 386,freebsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m32 _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_freebsd_amd64.go
index 96310c3be1..dd9163f8e8 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_freebsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_freebsd_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && freebsd
-// +build amd64,freebsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm.go b/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm.go
index 777b69defa..493a2a793c 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm && freebsd
-// +build arm,freebsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm64.go
index c557ac2db3..8b437b307d 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && freebsd
-// +build arm64,freebsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_freebsd_riscv64.go b/vendor/golang.org/x/sys/unix/zerrors_freebsd_riscv64.go
index 341b4d9626..67c02dd579 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_freebsd_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_freebsd_riscv64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build riscv64 && freebsd
-// +build riscv64,freebsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux.go b/vendor/golang.org/x/sys/unix/zerrors_linux.go
index f9c7f479b0..9c00cbf512 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux.go
@@ -1,7 +1,6 @@
 // Code generated by mkmerge; DO NOT EDIT.
 
 //go:build linux
-// +build linux
 
 package unix
 
@@ -481,10 +480,14 @@ const (
 	BPF_FROM_BE                                 = 0x8
 	BPF_FROM_LE                                 = 0x0
 	BPF_FS_MAGIC                                = 0xcafe4a11
+	BPF_F_AFTER                                 = 0x10
 	BPF_F_ALLOW_MULTI                           = 0x2
 	BPF_F_ALLOW_OVERRIDE                        = 0x1
 	BPF_F_ANY_ALIGNMENT                         = 0x2
-	BPF_F_KPROBE_MULTI_RETURN                   = 0x1
+	BPF_F_BEFORE                                = 0x8
+	BPF_F_ID                                    = 0x20
+	BPF_F_LINK                                  = 0x2000
+	BPF_F_NETFILTER_IP_DEFRAG                   = 0x1
 	BPF_F_QUERY_EFFECTIVE                       = 0x1
 	BPF_F_REPLACE                               = 0x4
 	BPF_F_SLEEPABLE                             = 0x10
@@ -521,6 +524,7 @@ const (
 	BPF_MAJOR_VERSION                           = 0x1
 	BPF_MAXINSNS                                = 0x1000
 	BPF_MEM                                     = 0x60
+	BPF_MEMSX                                   = 0x80
 	BPF_MEMWORDS                                = 0x10
 	BPF_MINOR_VERSION                           = 0x1
 	BPF_MISC                                    = 0x7
@@ -776,6 +780,8 @@ const (
 	DEVLINK_GENL_MCGRP_CONFIG_NAME              = "config"
 	DEVLINK_GENL_NAME                           = "devlink"
 	DEVLINK_GENL_VERSION                        = 0x1
+	DEVLINK_PORT_FN_CAP_IPSEC_CRYPTO            = 0x4
+	DEVLINK_PORT_FN_CAP_IPSEC_PACKET            = 0x8
 	DEVLINK_PORT_FN_CAP_MIGRATABLE              = 0x2
 	DEVLINK_PORT_FN_CAP_ROCE                    = 0x1
 	DEVLINK_SB_THRESHOLD_TO_ALPHA_MAX           = 0x14
@@ -1698,6 +1704,7 @@ const (
 	KEXEC_ON_CRASH                              = 0x1
 	KEXEC_PRESERVE_CONTEXT                      = 0x2
 	KEXEC_SEGMENT_MAX                           = 0x10
+	KEXEC_UPDATE_ELFCOREHDR                     = 0x4
 	KEYCTL_ASSUME_AUTHORITY                     = 0x10
 	KEYCTL_CAPABILITIES                         = 0x1f
 	KEYCTL_CAPS0_BIG_KEY                        = 0x10
@@ -2275,6 +2282,7 @@ const (
 	PERF_MEM_LVLNUM_PMEM                        = 0xe
 	PERF_MEM_LVLNUM_RAM                         = 0xd
 	PERF_MEM_LVLNUM_SHIFT                       = 0x21
+	PERF_MEM_LVLNUM_UNC                         = 0x8
 	PERF_MEM_LVL_HIT                            = 0x2
 	PERF_MEM_LVL_IO                             = 0x1000
 	PERF_MEM_LVL_L1                             = 0x8
@@ -3461,6 +3469,7 @@ const (
 	XDP_PACKET_HEADROOM                         = 0x100
 	XDP_PGOFF_RX_RING                           = 0x0
 	XDP_PGOFF_TX_RING                           = 0x80000000
+	XDP_PKT_CONTD                               = 0x1
 	XDP_RING_NEED_WAKEUP                        = 0x1
 	XDP_RX_RING                                 = 0x2
 	XDP_SHARED_UMEM                             = 0x1
@@ -3473,6 +3482,7 @@ const (
 	XDP_UMEM_REG                                = 0x4
 	XDP_UMEM_UNALIGNED_CHUNK_FLAG               = 0x1
 	XDP_USE_NEED_WAKEUP                         = 0x8
+	XDP_USE_SG                                  = 0x10
 	XDP_ZEROCOPY                                = 0x4
 	XENFS_SUPER_MAGIC                           = 0xabba1974
 	XFS_SUPER_MAGIC                             = 0x58465342
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go
index 30aee00a53..4920821cf3 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build 386 && linux
-// +build 386,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/386/include -m32 _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
index 8ebfa51278..a0c1e41127 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && linux
-// +build amd64,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/amd64/include -m64 _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
index 271a21cdc7..c63985560f 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm && linux
-// +build arm,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/arm/include _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
index 910c330a39..47cc62e25c 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && linux
-// +build arm64,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/arm64/include -fsigned-char _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go
index a640798c93..27ac4a09e2 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build loong64 && linux
-// +build loong64,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/loong64/include _const.go
@@ -119,6 +118,7 @@ const (
 	IXOFF                            = 0x1000
 	IXON                             = 0x400
 	LASX_CTX_MAGIC                   = 0x41535801
+	LBT_CTX_MAGIC                    = 0x42540001
 	LSX_CTX_MAGIC                    = 0x53580001
 	MAP_ANON                         = 0x20
 	MAP_ANONYMOUS                    = 0x20
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
index 0d5925d340..54694642a5 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips && linux
-// +build mips,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/mips/include _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
index d72a00e0b6..3adb81d758 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips64 && linux
-// +build mips64,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/mips64/include _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
index 02ba129f85..2dfe98f0d1 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips64le && linux
-// +build mips64le,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/mips64le/include _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
index 8daa6dd968..f5398f84f0 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mipsle && linux
-// +build mipsle,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/mipsle/include _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go
index 63c8fa2f7f..c54f152d68 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc && linux
-// +build ppc,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/ppc/include _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
index 930799ec1b..76057dc72f 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc64 && linux
-// +build ppc64,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/ppc64/include _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
index 8605a7dd7e..e0c3725e2b 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc64le && linux
-// +build ppc64le,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/ppc64le/include _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
index 95a016f1c0..18f2813ed5 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build riscv64 && linux
-// +build riscv64,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/riscv64/include _const.go
@@ -228,6 +227,9 @@ const (
 	PPPIOCUNBRIDGECHAN               = 0x7434
 	PPPIOCXFERUNIT                   = 0x744e
 	PR_SET_PTRACER_ANY               = 0xffffffffffffffff
+	PTRACE_GETFDPIC                  = 0x21
+	PTRACE_GETFDPIC_EXEC             = 0x0
+	PTRACE_GETFDPIC_INTERP           = 0x1
 	RLIMIT_AS                        = 0x9
 	RLIMIT_MEMLOCK                   = 0x8
 	RLIMIT_NOFILE                    = 0x7
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
index 1ae0108f57..11619d4ec8 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build s390x && linux
-// +build s390x,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/s390x/include -fsigned-char _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
index 1bb7c6333b..396d994da7 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build sparc64 && linux
-// +build sparc64,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/sparc64/include _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_netbsd_386.go b/vendor/golang.org/x/sys/unix/zerrors_netbsd_386.go
index 72f7420d20..130085df40 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_netbsd_386.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_netbsd_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build 386 && netbsd
-// +build 386,netbsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m32 _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_netbsd_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_netbsd_amd64.go
index 8d4eb0c080..84769a1a38 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_netbsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_netbsd_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && netbsd
-// +build amd64,netbsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm.go b/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm.go
index 9eef9749f6..602ded0033 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm && netbsd
-// +build arm,netbsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -marm _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm64.go
index 3b62ba192c..efc0406ee1 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && netbsd
-// +build arm64,netbsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_openbsd_386.go b/vendor/golang.org/x/sys/unix/zerrors_openbsd_386.go
index af20e474b3..5a6500f837 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_openbsd_386.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_openbsd_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build 386 && openbsd
-// +build 386,openbsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m32 _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_openbsd_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_openbsd_amd64.go
index 6015fcb2bf..a5aeeb979d 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_openbsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_openbsd_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && openbsd
-// +build amd64,openbsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm.go b/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm.go
index 8d44955e44..0e9748a722 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm && openbsd
-// +build arm,openbsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm64.go
index ae16fe7542..4f4449abc1 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && openbsd
-// +build arm64,openbsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_openbsd_mips64.go b/vendor/golang.org/x/sys/unix/zerrors_openbsd_mips64.go
index 03d90fe355..76a363f0fe 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_openbsd_mips64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_openbsd_mips64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips64 && openbsd
-// +build mips64,openbsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_openbsd_ppc64.go b/vendor/golang.org/x/sys/unix/zerrors_openbsd_ppc64.go
index 8e2c51b1ee..43ca0cdfdc 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_openbsd_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_openbsd_ppc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc64 && openbsd
-// +build ppc64,openbsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_openbsd_riscv64.go b/vendor/golang.org/x/sys/unix/zerrors_openbsd_riscv64.go
index 13d403031e..b1b8bb2005 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_openbsd_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_openbsd_riscv64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build riscv64 && openbsd
-// +build riscv64,openbsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_solaris_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_solaris_amd64.go
index 1afee6a089..d2ddd3176e 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_solaris_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_solaris_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && solaris
-// +build amd64,solaris
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_zos_s390x.go b/vendor/golang.org/x/sys/unix/zerrors_zos_s390x.go
index fc7d0506f6..4dfd2e051d 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_zos_s390x.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_zos_s390x.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build zos && s390x
-// +build zos,s390x
 
 // Hand edited based on zerrors_linux_s390x.go
 // TODO: auto-generate.
diff --git a/vendor/golang.org/x/sys/unix/zptrace_armnn_linux.go b/vendor/golang.org/x/sys/unix/zptrace_armnn_linux.go
index 97f20ca282..586317c78e 100644
--- a/vendor/golang.org/x/sys/unix/zptrace_armnn_linux.go
+++ b/vendor/golang.org/x/sys/unix/zptrace_armnn_linux.go
@@ -1,8 +1,6 @@
 // Code generated by linux/mkall.go generatePtracePair("arm", "arm64"). DO NOT EDIT.
 
 //go:build linux && (arm || arm64)
-// +build linux
-// +build arm arm64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zptrace_mipsnn_linux.go b/vendor/golang.org/x/sys/unix/zptrace_mipsnn_linux.go
index 0b5f794305..d7c881be77 100644
--- a/vendor/golang.org/x/sys/unix/zptrace_mipsnn_linux.go
+++ b/vendor/golang.org/x/sys/unix/zptrace_mipsnn_linux.go
@@ -1,8 +1,6 @@
 // Code generated by linux/mkall.go generatePtracePair("mips", "mips64"). DO NOT EDIT.
 
 //go:build linux && (mips || mips64)
-// +build linux
-// +build mips mips64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zptrace_mipsnnle_linux.go b/vendor/golang.org/x/sys/unix/zptrace_mipsnnle_linux.go
index 2807f7e646..2d2de5d292 100644
--- a/vendor/golang.org/x/sys/unix/zptrace_mipsnnle_linux.go
+++ b/vendor/golang.org/x/sys/unix/zptrace_mipsnnle_linux.go
@@ -1,8 +1,6 @@
 // Code generated by linux/mkall.go generatePtracePair("mipsle", "mips64le"). DO NOT EDIT.
 
 //go:build linux && (mipsle || mips64le)
-// +build linux
-// +build mipsle mips64le
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zptrace_x86_linux.go b/vendor/golang.org/x/sys/unix/zptrace_x86_linux.go
index 281ea64e34..5adc79fb5e 100644
--- a/vendor/golang.org/x/sys/unix/zptrace_x86_linux.go
+++ b/vendor/golang.org/x/sys/unix/zptrace_x86_linux.go
@@ -1,8 +1,6 @@
 // Code generated by linux/mkall.go generatePtracePair("386", "amd64"). DO NOT EDIT.
 
 //go:build linux && (386 || amd64)
-// +build linux
-// +build 386 amd64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go
index d1d1d23311..6ea64a3c0c 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build aix && ppc
-// +build aix,ppc
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go
index f99a18adc3..99ee4399a3 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build aix && ppc64
-// +build aix,ppc64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go
index c4d50ae500..b68a78362b 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build aix && ppc64 && gc
-// +build aix,ppc64,gc
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go
index 6903d3b09e..0a87450bf8 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build aix && ppc64 && gccgo
-// +build aix,ppc64,gccgo
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go
index 1cad561e98..ccb02f240a 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build darwin && amd64
-// +build darwin,amd64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go
index b18edbd0e3..1b40b997b5 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build darwin && arm64
-// +build darwin,arm64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go
index 0c67df64a5..aad65fc793 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build dragonfly && amd64
-// +build dragonfly,amd64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go
index e6e05d145b..c0096391af 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build freebsd && 386
-// +build freebsd,386
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go
index 7508accac9..7664df7496 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build freebsd && amd64
-// +build freebsd,amd64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go
index 7b56aead46..ae099182c9 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build freebsd && arm
-// +build freebsd,arm
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go
index cc623dcaae..11fd5d45bb 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build freebsd && arm64
-// +build freebsd,arm64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go
index 5818491974..c3d2d65307 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build freebsd && riscv64
-// +build freebsd,riscv64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_illumos_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_illumos_amd64.go
index 6be25cd190..c698cbc01a 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_illumos_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_illumos_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build illumos && amd64
-// +build illumos,amd64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux.go b/vendor/golang.org/x/sys/unix/zsyscall_linux.go
index 1ff3aec74c..faca7a557b 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux.go
@@ -1,7 +1,6 @@
 // Code generated by mkmerge; DO NOT EDIT.
 
 //go:build linux
-// +build linux
 
 package unix
 
@@ -2195,3 +2194,13 @@ func schedGetattr(pid int, attr *SchedAttr, size uint, flags uint) (err error) {
 	}
 	return
 }
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Cachestat(fd uint, crange *CachestatRange, cstat *Cachestat_t, flags uint) (err error) {
+	_, _, e1 := Syscall6(SYS_CACHESTAT, uintptr(fd), uintptr(unsafe.Pointer(crange)), uintptr(unsafe.Pointer(cstat)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go
index 07b549cc25..4def3e9fcb 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && 386
-// +build linux,386
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go
index 5f481bf83f..fef2bc8ba9 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && amd64
-// +build linux,amd64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go
index 824cd52c7f..a9fd76a884 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && arm
-// +build linux,arm
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go
index e77aecfe98..4600650280 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && arm64
-// +build linux,arm64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_loong64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_loong64.go
index 806ffd1e12..c8987d2646 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_loong64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_loong64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && loong64
-// +build linux,loong64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go
index 961a3afb7b..921f430611 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && mips
-// +build linux,mips
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go
index ed05005e91..44f067829c 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && mips64
-// +build linux,mips64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go
index d365b718f3..e7fa0abf0d 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && mips64le
-// +build linux,mips64le
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go
index c3f1b8bbde..8c5125675e 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && mipsle
-// +build linux,mipsle
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go
index a6574cf98b..7392fd45e4 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && ppc
-// +build linux,ppc
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go
index f40990264f..41180434e6 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && ppc64
-// +build linux,ppc64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go
index 9dfcc29974..40c6ce7ae5 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && ppc64le
-// +build linux,ppc64le
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go
index 0ab4f2ed72..2cfe34adb1 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && riscv64
-// +build linux,riscv64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go
index 6cde32237d..61e6f07097 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && s390x
-// +build linux,s390x
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go
index 5253d65bf1..834b842042 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && sparc64
-// +build linux,sparc64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go
index 2df3c5bac6..e91ebc14a1 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build netbsd && 386
-// +build netbsd,386
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go
index a60556babb..be28babbcd 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build netbsd && amd64
-// +build netbsd,amd64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go
index 9f788917a4..fb587e8261 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build netbsd && arm
-// +build netbsd,arm
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go
index 82a4cb2dc4..d576438bb0 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build netbsd && arm64
-// +build netbsd,arm64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go
index 66b3b64563..88bfc28857 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build openbsd && 386
-// +build openbsd,386
 
 package unix
 
@@ -2213,6 +2212,21 @@ var libc_munmap_trampoline_addr uintptr
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(libc_getfsstat_trampoline_addr, uintptr(unsafe.Pointer(stat)), uintptr(bufsize), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_getfsstat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getfsstat getfsstat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -2229,3 +2243,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error
 var libc_utimensat_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_utimensat utimensat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pledge(promises *byte, execpromises *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_pledge_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pledge pledge "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func unveil(path *byte, flags *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_unveil_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_unveil unveil "libc.so"
+
+
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s
index 3dcacd30d7..4cbeff171b 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s
@@ -668,7 +668,22 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0
 GLOBL	·libc_munmap_trampoline_addr(SB), RODATA, $4
 DATA	·libc_munmap_trampoline_addr(SB)/4, $libc_munmap_trampoline<>(SB)
 
+TEXT libc_getfsstat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getfsstat(SB)
+GLOBL	·libc_getfsstat_trampoline_addr(SB), RODATA, $4
+DATA	·libc_getfsstat_trampoline_addr(SB)/4, $libc_getfsstat_trampoline<>(SB)
+
 TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0
 	JMP	libc_utimensat(SB)
 GLOBL	·libc_utimensat_trampoline_addr(SB), RODATA, $4
 DATA	·libc_utimensat_trampoline_addr(SB)/4, $libc_utimensat_trampoline<>(SB)
+
+TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pledge(SB)
+GLOBL	·libc_pledge_trampoline_addr(SB), RODATA, $4
+DATA	·libc_pledge_trampoline_addr(SB)/4, $libc_pledge_trampoline<>(SB)
+
+TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_unveil(SB)
+GLOBL	·libc_unveil_trampoline_addr(SB), RODATA, $4
+DATA	·libc_unveil_trampoline_addr(SB)/4, $libc_unveil_trampoline<>(SB)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go
index c5c4cc112e..b8a67b99af 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build openbsd && amd64
-// +build openbsd,amd64
 
 package unix
 
@@ -2213,6 +2212,21 @@ var libc_munmap_trampoline_addr uintptr
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(libc_getfsstat_trampoline_addr, uintptr(unsafe.Pointer(stat)), uintptr(bufsize), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_getfsstat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getfsstat getfsstat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -2229,3 +2243,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error
 var libc_utimensat_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_utimensat utimensat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pledge(promises *byte, execpromises *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_pledge_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pledge pledge "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func unveil(path *byte, flags *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_unveil_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_unveil unveil "libc.so"
+
+
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s
index 2763620b01..1123f27571 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s
@@ -668,7 +668,22 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0
 GLOBL	·libc_munmap_trampoline_addr(SB), RODATA, $8
 DATA	·libc_munmap_trampoline_addr(SB)/8, $libc_munmap_trampoline<>(SB)
 
+TEXT libc_getfsstat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getfsstat(SB)
+GLOBL	·libc_getfsstat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getfsstat_trampoline_addr(SB)/8, $libc_getfsstat_trampoline<>(SB)
+
 TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0
 	JMP	libc_utimensat(SB)
 GLOBL	·libc_utimensat_trampoline_addr(SB), RODATA, $8
 DATA	·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB)
+
+TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pledge(SB)
+GLOBL	·libc_pledge_trampoline_addr(SB), RODATA, $8
+DATA	·libc_pledge_trampoline_addr(SB)/8, $libc_pledge_trampoline<>(SB)
+
+TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_unveil(SB)
+GLOBL	·libc_unveil_trampoline_addr(SB), RODATA, $8
+DATA	·libc_unveil_trampoline_addr(SB)/8, $libc_unveil_trampoline<>(SB)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go
index 93bfbb3287..af50a65c0c 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build openbsd && arm
-// +build openbsd,arm
 
 package unix
 
@@ -2213,6 +2212,21 @@ var libc_munmap_trampoline_addr uintptr
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(libc_getfsstat_trampoline_addr, uintptr(unsafe.Pointer(stat)), uintptr(bufsize), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_getfsstat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getfsstat getfsstat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -2229,3 +2243,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error
 var libc_utimensat_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_utimensat utimensat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pledge(promises *byte, execpromises *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_pledge_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pledge pledge "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func unveil(path *byte, flags *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_unveil_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_unveil unveil "libc.so"
+
+
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s
index c922314048..82badae39f 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s
@@ -668,7 +668,22 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0
 GLOBL	·libc_munmap_trampoline_addr(SB), RODATA, $4
 DATA	·libc_munmap_trampoline_addr(SB)/4, $libc_munmap_trampoline<>(SB)
 
+TEXT libc_getfsstat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getfsstat(SB)
+GLOBL	·libc_getfsstat_trampoline_addr(SB), RODATA, $4
+DATA	·libc_getfsstat_trampoline_addr(SB)/4, $libc_getfsstat_trampoline<>(SB)
+
 TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0
 	JMP	libc_utimensat(SB)
 GLOBL	·libc_utimensat_trampoline_addr(SB), RODATA, $4
 DATA	·libc_utimensat_trampoline_addr(SB)/4, $libc_utimensat_trampoline<>(SB)
+
+TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pledge(SB)
+GLOBL	·libc_pledge_trampoline_addr(SB), RODATA, $4
+DATA	·libc_pledge_trampoline_addr(SB)/4, $libc_pledge_trampoline<>(SB)
+
+TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_unveil(SB)
+GLOBL	·libc_unveil_trampoline_addr(SB), RODATA, $4
+DATA	·libc_unveil_trampoline_addr(SB)/4, $libc_unveil_trampoline<>(SB)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go
index a107b8fda5..8fb4ff36a7 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build openbsd && arm64
-// +build openbsd,arm64
 
 package unix
 
@@ -2213,6 +2212,21 @@ var libc_munmap_trampoline_addr uintptr
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(libc_getfsstat_trampoline_addr, uintptr(unsafe.Pointer(stat)), uintptr(bufsize), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_getfsstat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getfsstat getfsstat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -2229,3 +2243,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error
 var libc_utimensat_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_utimensat utimensat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pledge(promises *byte, execpromises *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_pledge_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pledge pledge "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func unveil(path *byte, flags *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_unveil_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_unveil unveil "libc.so"
+
+
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s
index a6bc32c922..24d7eecb93 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s
@@ -668,7 +668,22 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0
 GLOBL	·libc_munmap_trampoline_addr(SB), RODATA, $8
 DATA	·libc_munmap_trampoline_addr(SB)/8, $libc_munmap_trampoline<>(SB)
 
+TEXT libc_getfsstat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getfsstat(SB)
+GLOBL	·libc_getfsstat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getfsstat_trampoline_addr(SB)/8, $libc_getfsstat_trampoline<>(SB)
+
 TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0
 	JMP	libc_utimensat(SB)
 GLOBL	·libc_utimensat_trampoline_addr(SB), RODATA, $8
 DATA	·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB)
+
+TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pledge(SB)
+GLOBL	·libc_pledge_trampoline_addr(SB), RODATA, $8
+DATA	·libc_pledge_trampoline_addr(SB)/8, $libc_pledge_trampoline<>(SB)
+
+TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_unveil(SB)
+GLOBL	·libc_unveil_trampoline_addr(SB), RODATA, $8
+DATA	·libc_unveil_trampoline_addr(SB)/8, $libc_unveil_trampoline<>(SB)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go
index c427de509e..f469a83ee6 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build openbsd && mips64
-// +build openbsd,mips64
 
 package unix
 
@@ -2213,6 +2212,21 @@ var libc_munmap_trampoline_addr uintptr
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(libc_getfsstat_trampoline_addr, uintptr(unsafe.Pointer(stat)), uintptr(bufsize), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_getfsstat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getfsstat getfsstat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -2229,3 +2243,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error
 var libc_utimensat_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_utimensat utimensat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pledge(promises *byte, execpromises *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_pledge_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pledge pledge "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func unveil(path *byte, flags *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_unveil_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_unveil unveil "libc.so"
+
+
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s
index b4e7bceabf..9a498a0677 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s
@@ -668,7 +668,22 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0
 GLOBL	·libc_munmap_trampoline_addr(SB), RODATA, $8
 DATA	·libc_munmap_trampoline_addr(SB)/8, $libc_munmap_trampoline<>(SB)
 
+TEXT libc_getfsstat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getfsstat(SB)
+GLOBL	·libc_getfsstat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getfsstat_trampoline_addr(SB)/8, $libc_getfsstat_trampoline<>(SB)
+
 TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0
 	JMP	libc_utimensat(SB)
 GLOBL	·libc_utimensat_trampoline_addr(SB), RODATA, $8
 DATA	·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB)
+
+TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pledge(SB)
+GLOBL	·libc_pledge_trampoline_addr(SB), RODATA, $8
+DATA	·libc_pledge_trampoline_addr(SB)/8, $libc_pledge_trampoline<>(SB)
+
+TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_unveil(SB)
+GLOBL	·libc_unveil_trampoline_addr(SB), RODATA, $8
+DATA	·libc_unveil_trampoline_addr(SB)/8, $libc_unveil_trampoline<>(SB)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go
index 60c1a99ae4..c26ca2e1aa 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build openbsd && ppc64
-// +build openbsd,ppc64
 
 package unix
 
@@ -2213,6 +2212,21 @@ var libc_munmap_trampoline_addr uintptr
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(libc_getfsstat_trampoline_addr, uintptr(unsafe.Pointer(stat)), uintptr(bufsize), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_getfsstat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getfsstat getfsstat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -2229,3 +2243,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error
 var libc_utimensat_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_utimensat utimensat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pledge(promises *byte, execpromises *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_pledge_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pledge pledge "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func unveil(path *byte, flags *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_unveil_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_unveil unveil "libc.so"
+
+
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s
index ca3f766009..1f224aa416 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s
@@ -801,8 +801,26 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0
 GLOBL	·libc_munmap_trampoline_addr(SB), RODATA, $8
 DATA	·libc_munmap_trampoline_addr(SB)/8, $libc_munmap_trampoline<>(SB)
 
+TEXT libc_getfsstat_trampoline<>(SB),NOSPLIT,$0-0
+	CALL	libc_getfsstat(SB)
+	RET
+GLOBL	·libc_getfsstat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getfsstat_trampoline_addr(SB)/8, $libc_getfsstat_trampoline<>(SB)
+
 TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0
 	CALL	libc_utimensat(SB)
 	RET
 GLOBL	·libc_utimensat_trampoline_addr(SB), RODATA, $8
 DATA	·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB)
+
+TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0
+	CALL	libc_pledge(SB)
+	RET
+GLOBL	·libc_pledge_trampoline_addr(SB), RODATA, $8
+DATA	·libc_pledge_trampoline_addr(SB)/8, $libc_pledge_trampoline<>(SB)
+
+TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0
+	CALL	libc_unveil(SB)
+	RET
+GLOBL	·libc_unveil_trampoline_addr(SB), RODATA, $8
+DATA	·libc_unveil_trampoline_addr(SB)/8, $libc_unveil_trampoline<>(SB)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go
index 52eba360f8..bcc920dd25 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build openbsd && riscv64
-// +build openbsd,riscv64
 
 package unix
 
@@ -2213,6 +2212,21 @@ var libc_munmap_trampoline_addr uintptr
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(libc_getfsstat_trampoline_addr, uintptr(unsafe.Pointer(stat)), uintptr(bufsize), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_getfsstat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getfsstat getfsstat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -2229,3 +2243,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error
 var libc_utimensat_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_utimensat utimensat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pledge(promises *byte, execpromises *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_pledge_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pledge pledge "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func unveil(path *byte, flags *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_unveil_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_unveil unveil "libc.so"
+
+
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s
index 477a7d5b21..87a79c7095 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s
@@ -668,7 +668,22 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0
 GLOBL	·libc_munmap_trampoline_addr(SB), RODATA, $8
 DATA	·libc_munmap_trampoline_addr(SB)/8, $libc_munmap_trampoline<>(SB)
 
+TEXT libc_getfsstat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getfsstat(SB)
+GLOBL	·libc_getfsstat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getfsstat_trampoline_addr(SB)/8, $libc_getfsstat_trampoline<>(SB)
+
 TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0
 	JMP	libc_utimensat(SB)
 GLOBL	·libc_utimensat_trampoline_addr(SB), RODATA, $8
 DATA	·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB)
+
+TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pledge(SB)
+GLOBL	·libc_pledge_trampoline_addr(SB), RODATA, $8
+DATA	·libc_pledge_trampoline_addr(SB)/8, $libc_pledge_trampoline<>(SB)
+
+TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_unveil(SB)
+GLOBL	·libc_unveil_trampoline_addr(SB), RODATA, $8
+DATA	·libc_unveil_trampoline_addr(SB)/8, $libc_unveil_trampoline<>(SB)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go
index b401894644..829b87feb8 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build solaris && amd64
-// +build solaris,amd64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go b/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go
index 1d8fe1d4b2..94f0112383 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build zos && s390x
-// +build zos,s390x
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_386.go b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_386.go
index 55e0484719..3a58ae819a 100644
--- a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_386.go
+++ b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; DO NOT EDIT.
 
 //go:build 386 && openbsd
-// +build 386,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_amd64.go b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_amd64.go
index d2243cf83f..dcb7a0eb72 100644
--- a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; DO NOT EDIT.
 
 //go:build amd64 && openbsd
-// +build amd64,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm.go b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm.go
index 82dc51bd8b..db5a7bf13c 100644
--- a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; DO NOT EDIT.
 
 //go:build arm && openbsd
-// +build arm,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm64.go b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm64.go
index cbdda1a4ae..7be575a777 100644
--- a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; DO NOT EDIT.
 
 //go:build arm64 && openbsd
-// +build arm64,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_mips64.go b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_mips64.go
index f55eae1a82..d6e3174c69 100644
--- a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_mips64.go
+++ b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_mips64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; DO NOT EDIT.
 
 //go:build mips64 && openbsd
-// +build mips64,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_ppc64.go b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_ppc64.go
index e44054470b..ee97157d01 100644
--- a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_ppc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; DO NOT EDIT.
 
 //go:build ppc64 && openbsd
-// +build ppc64,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_riscv64.go b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_riscv64.go
index a0db82fce2..35c3b91d0f 100644
--- a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_riscv64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; DO NOT EDIT.
 
 //go:build riscv64 && openbsd
-// +build riscv64,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_darwin_amd64.go b/vendor/golang.org/x/sys/unix/zsysnum_darwin_amd64.go
index f8298ff9b5..5edda76870 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_darwin_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_darwin_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && darwin
-// +build amd64,darwin
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_darwin_arm64.go b/vendor/golang.org/x/sys/unix/zsysnum_darwin_arm64.go
index 5eb433bbf0..0dc9e8b4d9 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_darwin_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_darwin_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && darwin
-// +build arm64,darwin
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_dragonfly_amd64.go b/vendor/golang.org/x/sys/unix/zsysnum_dragonfly_amd64.go
index 703675c0c4..308ddf3a1f 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_dragonfly_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_dragonfly_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && dragonfly
-// +build amd64,dragonfly
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_freebsd_386.go b/vendor/golang.org/x/sys/unix/zsysnum_freebsd_386.go
index 4e0d96107b..418664e3dc 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_freebsd_386.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_freebsd_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build 386 && freebsd
-// +build 386,freebsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/zsysnum_freebsd_amd64.go
index 01636b838d..34d0b86d7c 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_freebsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_freebsd_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && freebsd
-// +build amd64,freebsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm.go b/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm.go
index ad99bc106a..b71cf45e2e 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm && freebsd
-// +build arm,freebsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm64.go
index 89dcc42747..e32df1c1ee 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && freebsd
-// +build arm64,freebsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_freebsd_riscv64.go b/vendor/golang.org/x/sys/unix/zsysnum_freebsd_riscv64.go
index ee37aaa0c9..15ad6111f3 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_freebsd_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_freebsd_riscv64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build riscv64 && freebsd
-// +build riscv64,freebsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go
index 9862853d34..fcf3ecbdde 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build 386 && linux
-// +build 386,linux
 
 package unix
 
@@ -448,4 +447,5 @@ const (
 	SYS_FUTEX_WAITV                  = 449
 	SYS_SET_MEMPOLICY_HOME_NODE      = 450
 	SYS_CACHESTAT                    = 451
+	SYS_FCHMODAT2                    = 452
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go
index 8901f0f4e5..f56dc2504a 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && linux
-// +build amd64,linux
 
 package unix
 
@@ -370,4 +369,6 @@ const (
 	SYS_FUTEX_WAITV             = 449
 	SYS_SET_MEMPOLICY_HOME_NODE = 450
 	SYS_CACHESTAT               = 451
+	SYS_FCHMODAT2               = 452
+	SYS_MAP_SHADOW_STACK        = 453
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go
index 6902c37eed..974bf24676 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm && linux
-// +build arm,linux
 
 package unix
 
@@ -412,4 +411,5 @@ const (
 	SYS_FUTEX_WAITV                  = 449
 	SYS_SET_MEMPOLICY_HOME_NODE      = 450
 	SYS_CACHESTAT                    = 451
+	SYS_FCHMODAT2                    = 452
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go
index a6d3dff811..39a2739e23 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && linux
-// +build arm64,linux
 
 package unix
 
@@ -315,4 +314,5 @@ const (
 	SYS_FUTEX_WAITV             = 449
 	SYS_SET_MEMPOLICY_HOME_NODE = 450
 	SYS_CACHESTAT               = 451
+	SYS_FCHMODAT2               = 452
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go
index b18f3f7107..cf9c9d77e1 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build loong64 && linux
-// +build loong64,linux
 
 package unix
 
@@ -309,4 +308,5 @@ const (
 	SYS_FUTEX_WAITV             = 449
 	SYS_SET_MEMPOLICY_HOME_NODE = 450
 	SYS_CACHESTAT               = 451
+	SYS_FCHMODAT2               = 452
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go
index 0302e5e3de..10b7362ef4 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips && linux
-// +build mips,linux
 
 package unix
 
@@ -432,4 +431,5 @@ const (
 	SYS_FUTEX_WAITV                  = 4449
 	SYS_SET_MEMPOLICY_HOME_NODE      = 4450
 	SYS_CACHESTAT                    = 4451
+	SYS_FCHMODAT2                    = 4452
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go
index 6693ba4a0f..cd4d8b4fd3 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips64 && linux
-// +build mips64,linux
 
 package unix
 
@@ -362,4 +361,5 @@ const (
 	SYS_FUTEX_WAITV             = 5449
 	SYS_SET_MEMPOLICY_HOME_NODE = 5450
 	SYS_CACHESTAT               = 5451
+	SYS_FCHMODAT2               = 5452
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go
index fd93f4987c..2c0efca818 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips64le && linux
-// +build mips64le,linux
 
 package unix
 
@@ -362,4 +361,5 @@ const (
 	SYS_FUTEX_WAITV             = 5449
 	SYS_SET_MEMPOLICY_HOME_NODE = 5450
 	SYS_CACHESTAT               = 5451
+	SYS_FCHMODAT2               = 5452
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go
index 760ddcadc2..a72e31d391 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mipsle && linux
-// +build mipsle,linux
 
 package unix
 
@@ -432,4 +431,5 @@ const (
 	SYS_FUTEX_WAITV                  = 4449
 	SYS_SET_MEMPOLICY_HOME_NODE      = 4450
 	SYS_CACHESTAT                    = 4451
+	SYS_FCHMODAT2                    = 4452
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go
index cff2b2555b..c7d1e37471 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc && linux
-// +build ppc,linux
 
 package unix
 
@@ -439,4 +438,5 @@ const (
 	SYS_FUTEX_WAITV                  = 449
 	SYS_SET_MEMPOLICY_HOME_NODE      = 450
 	SYS_CACHESTAT                    = 451
+	SYS_FCHMODAT2                    = 452
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go
index a4b2405d09..f4d4838c87 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc64 && linux
-// +build ppc64,linux
 
 package unix
 
@@ -411,4 +410,5 @@ const (
 	SYS_FUTEX_WAITV             = 449
 	SYS_SET_MEMPOLICY_HOME_NODE = 450
 	SYS_CACHESTAT               = 451
+	SYS_FCHMODAT2               = 452
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go
index aca54b4e3a..b64f0e5911 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc64le && linux
-// +build ppc64le,linux
 
 package unix
 
@@ -411,4 +410,5 @@ const (
 	SYS_FUTEX_WAITV             = 449
 	SYS_SET_MEMPOLICY_HOME_NODE = 450
 	SYS_CACHESTAT               = 451
+	SYS_FCHMODAT2               = 452
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go
index 9d1738d641..95711195a0 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build riscv64 && linux
-// +build riscv64,linux
 
 package unix
 
@@ -316,4 +315,5 @@ const (
 	SYS_FUTEX_WAITV             = 449
 	SYS_SET_MEMPOLICY_HOME_NODE = 450
 	SYS_CACHESTAT               = 451
+	SYS_FCHMODAT2               = 452
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go
index 022878dc8d..f94e943bc4 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build s390x && linux
-// +build s390x,linux
 
 package unix
 
@@ -377,4 +376,5 @@ const (
 	SYS_FUTEX_WAITV             = 449
 	SYS_SET_MEMPOLICY_HOME_NODE = 450
 	SYS_CACHESTAT               = 451
+	SYS_FCHMODAT2               = 452
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go
index 4100a761c2..ba0c2bc515 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build sparc64 && linux
-// +build sparc64,linux
 
 package unix
 
@@ -390,4 +389,5 @@ const (
 	SYS_FUTEX_WAITV             = 449
 	SYS_SET_MEMPOLICY_HOME_NODE = 450
 	SYS_CACHESTAT               = 451
+	SYS_FCHMODAT2               = 452
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_netbsd_386.go b/vendor/golang.org/x/sys/unix/zsysnum_netbsd_386.go
index 3a6699eba9..b2aa8cd495 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_netbsd_386.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_netbsd_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build 386 && netbsd
-// +build 386,netbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_netbsd_amd64.go b/vendor/golang.org/x/sys/unix/zsysnum_netbsd_amd64.go
index 5677cd4f15..524a1b1c9a 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_netbsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_netbsd_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && netbsd
-// +build amd64,netbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm.go b/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm.go
index e784cb6db1..d59b943ac2 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm && netbsd
-// +build arm,netbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm64.go b/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm64.go
index bd4952efa5..31e771d53e 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; DO NOT EDIT.
 
 //go:build arm64 && netbsd
-// +build arm64,netbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_386.go b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_386.go
index 597733813e..9fd77c6cb4 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_386.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build 386 && openbsd
-// +build 386,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_amd64.go b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_amd64.go
index 16af291899..af10af28cb 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && openbsd
-// +build amd64,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm.go b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm.go
index f59b18a977..cc2028af4b 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm && openbsd
-// +build arm,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm64.go b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm64.go
index 721ef59103..c06dd4415a 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && openbsd
-// +build arm64,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_mips64.go b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_mips64.go
index 01c43a01fd..9ddbf3e08f 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_mips64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_mips64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips64 && openbsd
-// +build mips64,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_ppc64.go b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_ppc64.go
index f258cfa24e..19a6ee4134 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_ppc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc64 && openbsd
-// +build ppc64,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_riscv64.go b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_riscv64.go
index 07919e0ecc..05192a782d 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_riscv64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build riscv64 && openbsd
-// +build riscv64,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_zos_s390x.go b/vendor/golang.org/x/sys/unix/zsysnum_zos_s390x.go
index 073daad43b..b2e3085819 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_zos_s390x.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_zos_s390x.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build zos && s390x
-// +build zos,s390x
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_aix_ppc.go b/vendor/golang.org/x/sys/unix/ztypes_aix_ppc.go
index 7a8161c1d1..3e6d57cae7 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_aix_ppc.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_aix_ppc.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc && aix
-// +build ppc,aix
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_aix_ppc64.go b/vendor/golang.org/x/sys/unix/ztypes_aix_ppc64.go
index 07ed733c51..3a219bdce7 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_aix_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_aix_ppc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc64 && aix
-// +build ppc64,aix
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go
index 690cefc3d0..091d107f3a 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && darwin
-// +build amd64,darwin
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go
index 5bffc10eac..28ff4ef74d 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && darwin
-// +build arm64,darwin
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_dragonfly_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_dragonfly_amd64.go
index d0ba8e9b86..30e405bb4c 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_dragonfly_amd64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_dragonfly_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && dragonfly
-// +build amd64,dragonfly
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go
index 29dc483378..6cbd094a3a 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build 386 && freebsd
-// +build 386,freebsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go
index 0a89b28906..7c03b6ee77 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && freebsd
-// +build amd64,freebsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go
index c8666bb152..422107ee8b 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm && freebsd
-// +build arm,freebsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go
index 88fb48a887..505a12acfd 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && freebsd
-// +build arm64,freebsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go
index 698dc975e9..cc986c7900 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build riscv64 && freebsd
-// +build riscv64,freebsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux.go b/vendor/golang.org/x/sys/unix/ztypes_linux.go
index 18aa70b426..997bcd55ae 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux.go
@@ -1,7 +1,6 @@
 // Code generated by mkmerge; DO NOT EDIT.
 
 //go:build linux
-// +build linux
 
 package unix
 
@@ -5883,3 +5882,15 @@ type SchedAttr struct {
 }
 
 const SizeofSchedAttr = 0x38
+
+type Cachestat_t struct {
+	Cache            uint64
+	Dirty            uint64
+	Writeback        uint64
+	Evicted          uint64
+	Recently_evicted uint64
+}
+type CachestatRange struct {
+	Off uint64
+	Len uint64
+}
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_386.go b/vendor/golang.org/x/sys/unix/ztypes_linux_386.go
index 6d8acbcc57..438a30affa 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_386.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build 386 && linux
-// +build 386,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go
index 59293c6884..adceca3553 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && linux
-// +build amd64,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go b/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go
index 40cfa38c29..eeaa00a37d 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm && linux
-// +build arm,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go
index 055bc4216d..6739aa91d4 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && linux
-// +build arm64,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go
index f28affbc60..9920ef6317 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build loong64 && linux
-// +build loong64,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go
index 9d71e7ccd8..2923b799a4 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips && linux
-// +build mips,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go
index fd5ccd332a..ce2750ee41 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips64 && linux
-// +build mips64,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go
index 7704de77a2..3038811d70 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips64le && linux
-// +build mips64le,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go
index df00b87571..efc6fed18c 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mipsle && linux
-// +build mipsle,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go
index 0942840db6..9a654b75a9 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc && linux
-// +build ppc,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go
index 0348743950..40d358e33e 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc64 && linux
-// +build ppc64,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go
index bad0670475..148c6ceb86 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc64le && linux
-// +build ppc64le,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go
index 1b4c97c32a..72ba81543e 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build riscv64 && linux
-// +build riscv64,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go b/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
index aa268d025c..71e765508e 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build s390x && linux
-// +build s390x,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go
index 444045b6c5..4abbdb9de9 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build sparc64 && linux
-// +build sparc64,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_netbsd_386.go b/vendor/golang.org/x/sys/unix/ztypes_netbsd_386.go
index 9bc4c8f9d8..f22e7947d9 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_netbsd_386.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_netbsd_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build 386 && netbsd
-// +build 386,netbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_netbsd_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_netbsd_amd64.go
index bb05f655d2..066a7d83d2 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_netbsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_netbsd_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && netbsd
-// +build amd64,netbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go b/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go
index db40e3a19c..439548ec9a 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm && netbsd
-// +build arm,netbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm64.go
index 11121151cc..16085d3bbc 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && netbsd
-// +build arm64,netbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_openbsd_386.go b/vendor/golang.org/x/sys/unix/ztypes_openbsd_386.go
index 26eba23b72..afd13a3af7 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_openbsd_386.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_openbsd_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build 386 && openbsd
-// +build 386,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_openbsd_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_openbsd_amd64.go
index 5a54798869..5d97f1f9b6 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_openbsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_openbsd_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && openbsd
-// +build amd64,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm.go b/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm.go
index be58c4e1ff..34871cdc15 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm && openbsd
-// +build arm,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm64.go
index 52338266cb..5911bceb31 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && openbsd
-// +build arm64,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_openbsd_mips64.go b/vendor/golang.org/x/sys/unix/ztypes_openbsd_mips64.go
index 605cfdb12b..e4f24f3bc9 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_openbsd_mips64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_openbsd_mips64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips64 && openbsd
-// +build mips64,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_openbsd_ppc64.go b/vendor/golang.org/x/sys/unix/ztypes_openbsd_ppc64.go
index d6724c0102..ca50a79303 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_openbsd_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_openbsd_ppc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc64 && openbsd
-// +build ppc64,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_openbsd_riscv64.go b/vendor/golang.org/x/sys/unix/ztypes_openbsd_riscv64.go
index ddfd27a434..d7d7f79023 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_openbsd_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_openbsd_riscv64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build riscv64 && openbsd
-// +build riscv64,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_solaris_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_solaris_amd64.go
index 0400747c67..14160576d2 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_solaris_amd64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_solaris_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && solaris
-// +build amd64,solaris
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go b/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go
index aec1efcb30..54f31be637 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build zos && s390x
-// +build zos,s390x
 
 // Hand edited based on ztypes_linux_s390x.go
 // TODO: auto-generate.
diff --git a/vendor/golang.org/x/sys/windows/aliases.go b/vendor/golang.org/x/sys/windows/aliases.go
index a20ebea633..ce2d713d62 100644
--- a/vendor/golang.org/x/sys/windows/aliases.go
+++ b/vendor/golang.org/x/sys/windows/aliases.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build windows && go1.9
-// +build windows,go1.9
 
 package windows
 
diff --git a/vendor/golang.org/x/sys/windows/empty.s b/vendor/golang.org/x/sys/windows/empty.s
index fdbbbcd317..ba64caca5d 100644
--- a/vendor/golang.org/x/sys/windows/empty.s
+++ b/vendor/golang.org/x/sys/windows/empty.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !go1.12
-// +build !go1.12
 
 // This file is here to allow bodyless functions with go:linkname for Go 1.11
 // and earlier (see https://golang.org/issue/23311).
diff --git a/vendor/golang.org/x/sys/windows/eventlog.go b/vendor/golang.org/x/sys/windows/eventlog.go
index 2cd60645ee..6c366955d9 100644
--- a/vendor/golang.org/x/sys/windows/eventlog.go
+++ b/vendor/golang.org/x/sys/windows/eventlog.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build windows
-// +build windows
 
 package windows
 
diff --git a/vendor/golang.org/x/sys/windows/mksyscall.go b/vendor/golang.org/x/sys/windows/mksyscall.go
index 8563f79c57..dbcdb090c0 100644
--- a/vendor/golang.org/x/sys/windows/mksyscall.go
+++ b/vendor/golang.org/x/sys/windows/mksyscall.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build generate
-// +build generate
 
 package windows
 
diff --git a/vendor/golang.org/x/sys/windows/race.go b/vendor/golang.org/x/sys/windows/race.go
index 9196b089ca..0f1bdc3860 100644
--- a/vendor/golang.org/x/sys/windows/race.go
+++ b/vendor/golang.org/x/sys/windows/race.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build windows && race
-// +build windows,race
 
 package windows
 
diff --git a/vendor/golang.org/x/sys/windows/race0.go b/vendor/golang.org/x/sys/windows/race0.go
index 7bae4817a0..0c78da78b1 100644
--- a/vendor/golang.org/x/sys/windows/race0.go
+++ b/vendor/golang.org/x/sys/windows/race0.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build windows && !race
-// +build windows,!race
 
 package windows
 
diff --git a/vendor/golang.org/x/sys/windows/registry/key.go b/vendor/golang.org/x/sys/windows/registry/key.go
index 6c8d97b6a5..fd8632444e 100644
--- a/vendor/golang.org/x/sys/windows/registry/key.go
+++ b/vendor/golang.org/x/sys/windows/registry/key.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build windows
-// +build windows
 
 // Package registry provides access to the Windows registry.
 //
diff --git a/vendor/golang.org/x/sys/windows/registry/mksyscall.go b/vendor/golang.org/x/sys/windows/registry/mksyscall.go
index ee74927d3c..bbf86ccf0c 100644
--- a/vendor/golang.org/x/sys/windows/registry/mksyscall.go
+++ b/vendor/golang.org/x/sys/windows/registry/mksyscall.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build generate
-// +build generate
 
 package registry
 
diff --git a/vendor/golang.org/x/sys/windows/registry/syscall.go b/vendor/golang.org/x/sys/windows/registry/syscall.go
index 4173351230..f533091c19 100644
--- a/vendor/golang.org/x/sys/windows/registry/syscall.go
+++ b/vendor/golang.org/x/sys/windows/registry/syscall.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build windows
-// +build windows
 
 package registry
 
diff --git a/vendor/golang.org/x/sys/windows/registry/value.go b/vendor/golang.org/x/sys/windows/registry/value.go
index 2789f6f18d..74db26b94d 100644
--- a/vendor/golang.org/x/sys/windows/registry/value.go
+++ b/vendor/golang.org/x/sys/windows/registry/value.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build windows
-// +build windows
 
 package registry
 
diff --git a/vendor/golang.org/x/sys/windows/service.go b/vendor/golang.org/x/sys/windows/service.go
index c44a1b9636..a9dc6308d6 100644
--- a/vendor/golang.org/x/sys/windows/service.go
+++ b/vendor/golang.org/x/sys/windows/service.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build windows
-// +build windows
 
 package windows
 
diff --git a/vendor/golang.org/x/sys/windows/str.go b/vendor/golang.org/x/sys/windows/str.go
index 4fc01434e4..6a4f9ce6aa 100644
--- a/vendor/golang.org/x/sys/windows/str.go
+++ b/vendor/golang.org/x/sys/windows/str.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build windows
-// +build windows
 
 package windows
 
diff --git a/vendor/golang.org/x/sys/windows/syscall.go b/vendor/golang.org/x/sys/windows/syscall.go
index 8732cdb957..e85ed6b9c8 100644
--- a/vendor/golang.org/x/sys/windows/syscall.go
+++ b/vendor/golang.org/x/sys/windows/syscall.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build windows
-// +build windows
 
 // Package windows contains an interface to the low-level operating system
 // primitives. OS details vary depending on the underlying system, and
diff --git a/vendor/golang.org/x/sys/windows/syscall_windows.go b/vendor/golang.org/x/sys/windows/syscall_windows.go
index 35cfc57ca8..fb6cfd0462 100644
--- a/vendor/golang.org/x/sys/windows/syscall_windows.go
+++ b/vendor/golang.org/x/sys/windows/syscall_windows.go
@@ -233,6 +233,7 @@ func NewCallbackCDecl(fn interface{}) uintptr {
 //sys	CreateEnvironmentBlock(block **uint16, token Token, inheritExisting bool) (err error) = userenv.CreateEnvironmentBlock
 //sys	DestroyEnvironmentBlock(block *uint16) (err error) = userenv.DestroyEnvironmentBlock
 //sys	getTickCount64() (ms uint64) = kernel32.GetTickCount64
+//sys   GetFileTime(handle Handle, ctime *Filetime, atime *Filetime, wtime *Filetime) (err error)
 //sys	SetFileTime(handle Handle, ctime *Filetime, atime *Filetime, wtime *Filetime) (err error)
 //sys	GetFileAttributes(name *uint16) (attrs uint32, err error) [failretval==INVALID_FILE_ATTRIBUTES] = kernel32.GetFileAttributesW
 //sys	SetFileAttributes(name *uint16, attrs uint32) (err error) = kernel32.SetFileAttributesW
@@ -969,7 +970,8 @@ func (sa *SockaddrUnix) sockaddr() (unsafe.Pointer, int32, error) {
 	if n > 0 {
 		sl += int32(n) + 1
 	}
-	if sa.raw.Path[0] == '@' {
+	if sa.raw.Path[0] == '@' || (sa.raw.Path[0] == 0 && sl > 3) {
+		// Check sl > 3 so we don't change unnamed socket behavior.
 		sa.raw.Path[0] = 0
 		// Don't count trailing NUL for abstract address.
 		sl--
diff --git a/vendor/golang.org/x/sys/windows/types_windows.go b/vendor/golang.org/x/sys/windows/types_windows.go
index b88dc7c85e..359780f6ac 100644
--- a/vendor/golang.org/x/sys/windows/types_windows.go
+++ b/vendor/golang.org/x/sys/windows/types_windows.go
@@ -1094,7 +1094,33 @@ const (
 
 	SOMAXCONN = 0x7fffffff
 
-	TCP_NODELAY = 1
+	TCP_NODELAY                    = 1
+	TCP_EXPEDITED_1122             = 2
+	TCP_KEEPALIVE                  = 3
+	TCP_MAXSEG                     = 4
+	TCP_MAXRT                      = 5
+	TCP_STDURG                     = 6
+	TCP_NOURG                      = 7
+	TCP_ATMARK                     = 8
+	TCP_NOSYNRETRIES               = 9
+	TCP_TIMESTAMPS                 = 10
+	TCP_OFFLOAD_PREFERENCE         = 11
+	TCP_CONGESTION_ALGORITHM       = 12
+	TCP_DELAY_FIN_ACK              = 13
+	TCP_MAXRTMS                    = 14
+	TCP_FASTOPEN                   = 15
+	TCP_KEEPCNT                    = 16
+	TCP_KEEPIDLE                   = TCP_KEEPALIVE
+	TCP_KEEPINTVL                  = 17
+	TCP_FAIL_CONNECT_ON_ICMP_ERROR = 18
+	TCP_ICMP_ERROR_INFO            = 19
+
+	UDP_NOCHECKSUM              = 1
+	UDP_SEND_MSG_SIZE           = 2
+	UDP_RECV_MAX_COALESCED_SIZE = 3
+	UDP_CHECKSUM_COVERAGE       = 20
+
+	UDP_COALESCED_INFO = 3
 
 	SHUT_RD   = 0
 	SHUT_WR   = 1
diff --git a/vendor/golang.org/x/sys/windows/zsyscall_windows.go b/vendor/golang.org/x/sys/windows/zsyscall_windows.go
index 8b1688de4c..db6282e00a 100644
--- a/vendor/golang.org/x/sys/windows/zsyscall_windows.go
+++ b/vendor/golang.org/x/sys/windows/zsyscall_windows.go
@@ -253,6 +253,7 @@ var (
 	procGetFileAttributesW                                   = modkernel32.NewProc("GetFileAttributesW")
 	procGetFileInformationByHandle                           = modkernel32.NewProc("GetFileInformationByHandle")
 	procGetFileInformationByHandleEx                         = modkernel32.NewProc("GetFileInformationByHandleEx")
+	procGetFileTime                                          = modkernel32.NewProc("GetFileTime")
 	procGetFileType                                          = modkernel32.NewProc("GetFileType")
 	procGetFinalPathNameByHandleW                            = modkernel32.NewProc("GetFinalPathNameByHandleW")
 	procGetFullPathNameW                                     = modkernel32.NewProc("GetFullPathNameW")
@@ -2185,6 +2186,14 @@ func GetFileInformationByHandleEx(handle Handle, class uint32, outBuffer *byte,
 	return
 }
 
+func GetFileTime(handle Handle, ctime *Filetime, atime *Filetime, wtime *Filetime) (err error) {
+	r1, _, e1 := syscall.Syscall6(procGetFileTime.Addr(), 4, uintptr(handle), uintptr(unsafe.Pointer(ctime)), uintptr(unsafe.Pointer(atime)), uintptr(unsafe.Pointer(wtime)), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 func GetFileType(filehandle Handle) (n uint32, err error) {
 	r0, _, e1 := syscall.Syscall(procGetFileType.Addr(), 1, uintptr(filehandle), 0, 0)
 	n = uint32(r0)
diff --git a/vendor/golang.org/x/term/term_unix.go b/vendor/golang.org/x/term/term_unix.go
index 62c2b3f41f..1ad0ddfe30 100644
--- a/vendor/golang.org/x/term/term_unix.go
+++ b/vendor/golang.org/x/term/term_unix.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
 
 package term
 
diff --git a/vendor/golang.org/x/term/term_unix_bsd.go b/vendor/golang.org/x/term/term_unix_bsd.go
index 853b3d6986..9dbf546298 100644
--- a/vendor/golang.org/x/term/term_unix_bsd.go
+++ b/vendor/golang.org/x/term/term_unix_bsd.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build darwin || dragonfly || freebsd || netbsd || openbsd
-// +build darwin dragonfly freebsd netbsd openbsd
 
 package term
 
diff --git a/vendor/golang.org/x/term/term_unix_other.go b/vendor/golang.org/x/term/term_unix_other.go
index 1e8955c934..1b36de799a 100644
--- a/vendor/golang.org/x/term/term_unix_other.go
+++ b/vendor/golang.org/x/term/term_unix_other.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || linux || solaris || zos
-// +build aix linux solaris zos
 
 package term
 
diff --git a/vendor/golang.org/x/term/term_unsupported.go b/vendor/golang.org/x/term/term_unsupported.go
index f1df850651..3c409e5885 100644
--- a/vendor/golang.org/x/term/term_unsupported.go
+++ b/vendor/golang.org/x/term/term_unsupported.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !aix && !darwin && !dragonfly && !freebsd && !linux && !netbsd && !openbsd && !zos && !windows && !solaris && !plan9
-// +build !aix,!darwin,!dragonfly,!freebsd,!linux,!netbsd,!openbsd,!zos,!windows,!solaris,!plan9
 
 package term
 
diff --git a/vendor/golang.org/x/text/secure/bidirule/bidirule10.0.0.go b/vendor/golang.org/x/text/secure/bidirule/bidirule10.0.0.go
index 8a7392c4a1..784bb88087 100644
--- a/vendor/golang.org/x/text/secure/bidirule/bidirule10.0.0.go
+++ b/vendor/golang.org/x/text/secure/bidirule/bidirule10.0.0.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build go1.10
-// +build go1.10
 
 package bidirule
 
diff --git a/vendor/golang.org/x/text/secure/bidirule/bidirule9.0.0.go b/vendor/golang.org/x/text/secure/bidirule/bidirule9.0.0.go
index bb0a920018..8e1e943955 100644
--- a/vendor/golang.org/x/text/secure/bidirule/bidirule9.0.0.go
+++ b/vendor/golang.org/x/text/secure/bidirule/bidirule9.0.0.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !go1.10
-// +build !go1.10
 
 package bidirule
 
diff --git a/vendor/golang.org/x/text/unicode/bidi/tables10.0.0.go b/vendor/golang.org/x/text/unicode/bidi/tables10.0.0.go
index 42fa8d72ce..d2bd71181d 100644
--- a/vendor/golang.org/x/text/unicode/bidi/tables10.0.0.go
+++ b/vendor/golang.org/x/text/unicode/bidi/tables10.0.0.go
@@ -1,7 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
 //go:build go1.10 && !go1.13
-// +build go1.10,!go1.13
 
 package bidi
 
diff --git a/vendor/golang.org/x/text/unicode/bidi/tables11.0.0.go b/vendor/golang.org/x/text/unicode/bidi/tables11.0.0.go
index 56a0e1ea21..f76bdca273 100644
--- a/vendor/golang.org/x/text/unicode/bidi/tables11.0.0.go
+++ b/vendor/golang.org/x/text/unicode/bidi/tables11.0.0.go
@@ -1,7 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
 //go:build go1.13 && !go1.14
-// +build go1.13,!go1.14
 
 package bidi
 
diff --git a/vendor/golang.org/x/text/unicode/bidi/tables12.0.0.go b/vendor/golang.org/x/text/unicode/bidi/tables12.0.0.go
index baacf32b43..3aa2c3bdf8 100644
--- a/vendor/golang.org/x/text/unicode/bidi/tables12.0.0.go
+++ b/vendor/golang.org/x/text/unicode/bidi/tables12.0.0.go
@@ -1,7 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
 //go:build go1.14 && !go1.16
-// +build go1.14,!go1.16
 
 package bidi
 
diff --git a/vendor/golang.org/x/text/unicode/bidi/tables13.0.0.go b/vendor/golang.org/x/text/unicode/bidi/tables13.0.0.go
index ffadb7bebd..a713757906 100644
--- a/vendor/golang.org/x/text/unicode/bidi/tables13.0.0.go
+++ b/vendor/golang.org/x/text/unicode/bidi/tables13.0.0.go
@@ -1,7 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
 //go:build go1.16 && !go1.21
-// +build go1.16,!go1.21
 
 package bidi
 
diff --git a/vendor/golang.org/x/text/unicode/bidi/tables15.0.0.go b/vendor/golang.org/x/text/unicode/bidi/tables15.0.0.go
index 92cce5802c..f15746f7df 100644
--- a/vendor/golang.org/x/text/unicode/bidi/tables15.0.0.go
+++ b/vendor/golang.org/x/text/unicode/bidi/tables15.0.0.go
@@ -1,7 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
 //go:build go1.21
-// +build go1.21
 
 package bidi
 
diff --git a/vendor/golang.org/x/text/unicode/bidi/tables9.0.0.go b/vendor/golang.org/x/text/unicode/bidi/tables9.0.0.go
index f517fdb202..c164d37917 100644
--- a/vendor/golang.org/x/text/unicode/bidi/tables9.0.0.go
+++ b/vendor/golang.org/x/text/unicode/bidi/tables9.0.0.go
@@ -1,7 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
 //go:build !go1.10
-// +build !go1.10
 
 package bidi
 
diff --git a/vendor/golang.org/x/text/unicode/norm/tables10.0.0.go b/vendor/golang.org/x/text/unicode/norm/tables10.0.0.go
index f5a0788277..1af161c756 100644
--- a/vendor/golang.org/x/text/unicode/norm/tables10.0.0.go
+++ b/vendor/golang.org/x/text/unicode/norm/tables10.0.0.go
@@ -1,7 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
 //go:build go1.10 && !go1.13
-// +build go1.10,!go1.13
 
 package norm
 
diff --git a/vendor/golang.org/x/text/unicode/norm/tables11.0.0.go b/vendor/golang.org/x/text/unicode/norm/tables11.0.0.go
index cb7239c437..eb73ecc373 100644
--- a/vendor/golang.org/x/text/unicode/norm/tables11.0.0.go
+++ b/vendor/golang.org/x/text/unicode/norm/tables11.0.0.go
@@ -1,7 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
 //go:build go1.13 && !go1.14
-// +build go1.13,!go1.14
 
 package norm
 
diff --git a/vendor/golang.org/x/text/unicode/norm/tables12.0.0.go b/vendor/golang.org/x/text/unicode/norm/tables12.0.0.go
index 11b2733001..276cb8d8c0 100644
--- a/vendor/golang.org/x/text/unicode/norm/tables12.0.0.go
+++ b/vendor/golang.org/x/text/unicode/norm/tables12.0.0.go
@@ -1,7 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
 //go:build go1.14 && !go1.16
-// +build go1.14,!go1.16
 
 package norm
 
diff --git a/vendor/golang.org/x/text/unicode/norm/tables13.0.0.go b/vendor/golang.org/x/text/unicode/norm/tables13.0.0.go
index f65785e8ac..0cceffd731 100644
--- a/vendor/golang.org/x/text/unicode/norm/tables13.0.0.go
+++ b/vendor/golang.org/x/text/unicode/norm/tables13.0.0.go
@@ -1,7 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
 //go:build go1.16 && !go1.21
-// +build go1.16,!go1.21
 
 package norm
 
diff --git a/vendor/golang.org/x/text/unicode/norm/tables15.0.0.go b/vendor/golang.org/x/text/unicode/norm/tables15.0.0.go
index e1858b879d..b0819e42d0 100644
--- a/vendor/golang.org/x/text/unicode/norm/tables15.0.0.go
+++ b/vendor/golang.org/x/text/unicode/norm/tables15.0.0.go
@@ -1,7 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
 //go:build go1.21
-// +build go1.21
 
 package norm
 
diff --git a/vendor/golang.org/x/text/unicode/norm/tables9.0.0.go b/vendor/golang.org/x/text/unicode/norm/tables9.0.0.go
index 0175eae50a..bf65457d9b 100644
--- a/vendor/golang.org/x/text/unicode/norm/tables9.0.0.go
+++ b/vendor/golang.org/x/text/unicode/norm/tables9.0.0.go
@@ -1,7 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
 //go:build !go1.10
-// +build !go1.10
 
 package norm
 
diff --git a/vendor/golang.org/x/text/width/tables10.0.0.go b/vendor/golang.org/x/text/width/tables10.0.0.go
index cd9d91cafb..07c1cb17af 100644
--- a/vendor/golang.org/x/text/width/tables10.0.0.go
+++ b/vendor/golang.org/x/text/width/tables10.0.0.go
@@ -1,7 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
 //go:build go1.10 && !go1.13
-// +build go1.10,!go1.13
 
 package width
 
diff --git a/vendor/golang.org/x/text/width/tables11.0.0.go b/vendor/golang.org/x/text/width/tables11.0.0.go
index 327eaef9b7..89288b3dae 100644
--- a/vendor/golang.org/x/text/width/tables11.0.0.go
+++ b/vendor/golang.org/x/text/width/tables11.0.0.go
@@ -1,7 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
 //go:build go1.13 && !go1.14
-// +build go1.13,!go1.14
 
 package width
 
diff --git a/vendor/golang.org/x/text/width/tables12.0.0.go b/vendor/golang.org/x/text/width/tables12.0.0.go
index 5c14ade6d9..755ee91221 100644
--- a/vendor/golang.org/x/text/width/tables12.0.0.go
+++ b/vendor/golang.org/x/text/width/tables12.0.0.go
@@ -1,7 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
 //go:build go1.14 && !go1.16
-// +build go1.14,!go1.16
 
 package width
 
diff --git a/vendor/golang.org/x/text/width/tables13.0.0.go b/vendor/golang.org/x/text/width/tables13.0.0.go
index b1fcb522cb..40c169edf6 100644
--- a/vendor/golang.org/x/text/width/tables13.0.0.go
+++ b/vendor/golang.org/x/text/width/tables13.0.0.go
@@ -1,7 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
 //go:build go1.16 && !go1.21
-// +build go1.16,!go1.21
 
 package width
 
diff --git a/vendor/golang.org/x/text/width/tables15.0.0.go b/vendor/golang.org/x/text/width/tables15.0.0.go
index 4b91e3384d..2b85289675 100644
--- a/vendor/golang.org/x/text/width/tables15.0.0.go
+++ b/vendor/golang.org/x/text/width/tables15.0.0.go
@@ -1,7 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
 //go:build go1.21
-// +build go1.21
 
 package width
 
diff --git a/vendor/golang.org/x/text/width/tables9.0.0.go b/vendor/golang.org/x/text/width/tables9.0.0.go
index 6781f3d960..d981330a9f 100644
--- a/vendor/golang.org/x/text/width/tables9.0.0.go
+++ b/vendor/golang.org/x/text/width/tables9.0.0.go
@@ -1,7 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
 //go:build !go1.10
-// +build !go1.10
 
 package width
 
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/datastreams/options/options.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/datastreams/options/options.go
new file mode 100644
index 0000000000..7b2d626ce1
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/datastreams/options/options.go
@@ -0,0 +1,10 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+package options
+
+type CheckpointParams struct {
+	PayloadSize int64
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/abandonedspans.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/abandonedspans.go
new file mode 100644
index 0000000000..defad41831
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/abandonedspans.go
@@ -0,0 +1,300 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+package tracer
+
+import (
+	"container/list"
+	"fmt"
+	"sort"
+	"strings"
+	"sync"
+	"sync/atomic"
+	"time"
+
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/log"
+)
+
+var (
+	tickerInterval = 1 * time.Minute
+	logSize        = 9000
+)
+
+// bucket is a not thread-safe generic implementation of a dynamic collection of elements
+// stored under a value-bound key (like time). Inspired by concentrator.rawBucket.
+type bucket[K comparable, T any] struct {
+	start, duration uint64
+	// index is a map of data's entries by aggregating value to avoid iterating data.
+	index map[K]*list.Element
+	// data is a list because insertion order may be important to users.
+	data *list.List
+}
+
+func newBucket[K comparable, T any](btime uint64, bsize int64) *bucket[K, T] {
+	return &bucket[K, T]{
+		start:    btime,
+		duration: uint64(bsize),
+		index:    make(map[K]*list.Element),
+		data:     list.New(),
+	}
+}
+
+func (b *bucket[K, T]) add(k K, v T) {
+	e := b.data.PushBack(v)
+	b.index[k] = e
+}
+
+func (b *bucket[K, T]) get(k K) (T, bool) {
+	e, ok := b.index[k]
+	if !ok {
+		// Compiler trick to return any zero value in generic code.
+		// https://stackoverflow.com/a/70589302
+		var zero T
+		return zero, ok
+	}
+	return e.Value.(T), ok
+}
+
+func (b *bucket[K, T]) remove(k K) {
+	e, ok := b.index[k]
+	if !ok {
+		return
+	}
+	delete(b.index, k)
+	_ = b.data.Remove(e)
+}
+
+func (b *bucket[K, T]) Len() int {
+	return b.data.Len()
+}
+
+// abandonedSpanCandidate is a struct to store the minimum required information about
+// spans that can be abandoned.
+type abandonedSpanCandidate struct {
+	Name            string
+	TraceID, SpanID uint64
+	Start           int64
+	Finished        bool
+}
+
+func newAbandonedSpanCandidate(s *span, finished bool) *abandonedSpanCandidate {
+	// finished is explicit instead of implicit as s.finished may be not set
+	// at the moment of calling this method.
+	// Also, locking is not required as it's called while the span is already locked or it's
+	// being initialized.
+	return &abandonedSpanCandidate{
+		Name:     s.Name,
+		TraceID:  s.TraceID,
+		SpanID:   s.SpanID,
+		Start:    s.Start,
+		Finished: finished,
+	}
+}
+
+// String takes a span and returns a human-readable string representing that span.
+func (s *abandonedSpanCandidate) String() string {
+	age := now() - s.Start
+	a := fmt.Sprintf("%d sec", age/1e9)
+	return fmt.Sprintf("[name: %s, span_id: %d, trace_id: %d, age: %s],", s.Name, s.SpanID, s.TraceID, a)
+}
+
+type abandonedSpansDebugger struct {
+	// buckets holds all the potentially abandoned tracked spans sharded by the configured interval.
+	buckets map[int64]*bucket[uint64, *abandonedSpanCandidate]
+
+	// In takes candidate spans and adds them to the debugger.
+	In chan *abandonedSpanCandidate
+
+	// waits for any active goroutines
+	wg sync.WaitGroup
+
+	// stop causes the debugger to shut down when closed.
+	stop chan struct{}
+
+	// stopped reports whether the debugger is stopped (when non-zero).
+	stopped uint32
+
+	// addedSpans and removedSpans are internal counters, mainly for testing
+	// purposes
+	addedSpans, removedSpans uint32
+}
+
+// newAbandonedSpansDebugger creates a new abandonedSpansDebugger debugger
+func newAbandonedSpansDebugger() *abandonedSpansDebugger {
+	d := &abandonedSpansDebugger{
+		buckets: make(map[int64]*bucket[uint64, *abandonedSpanCandidate]),
+		In:      make(chan *abandonedSpanCandidate, 10000),
+	}
+	atomic.SwapUint32(&d.stopped, 1)
+	return d
+}
+
+// Start periodically finds and reports potentially abandoned spans that are older
+// than the given interval. These spans are stored in a bucketed linked list,
+// sorted by their `Start` time, where the front of the list contains the oldest spans,
+// and the end of the list contains the newest spans.
+func (d *abandonedSpansDebugger) Start(interval time.Duration) {
+	if atomic.SwapUint32(&d.stopped, 0) == 0 {
+		// already running
+		log.Warn("(*abandonedSpansDebugger).Start called more than once. This is likely a programming error.")
+		return
+	}
+	d.stop = make(chan struct{})
+	d.wg.Add(1)
+	go func() {
+		defer d.wg.Done()
+		tick := time.NewTicker(tickerInterval)
+		defer tick.Stop()
+		d.runConsumer(tick, &interval)
+	}()
+}
+
+func (d *abandonedSpansDebugger) runConsumer(tick *time.Ticker, interval *time.Duration) {
+	for {
+		select {
+		case <-tick.C:
+			d.log(interval)
+		case s := <-d.In:
+			if s.Finished {
+				d.remove(s, *interval)
+			} else {
+				d.add(s, *interval)
+			}
+		case <-d.stop:
+			return
+		}
+	}
+}
+
+func (d *abandonedSpansDebugger) Stop() {
+	if d == nil {
+		return
+	}
+	if atomic.SwapUint32(&d.stopped, 1) > 0 {
+		return
+	}
+	close(d.stop)
+	d.wg.Wait()
+	d.log(nil)
+}
+
+func (d *abandonedSpansDebugger) add(s *abandonedSpanCandidate, interval time.Duration) {
+	// Locking was considered in this method and remove method, but it's not required as long
+	// as these methods are called from the single goroutine responsible for debugging
+	// the abandoned spans.
+	bucketSize := interval.Nanoseconds()
+	btime := alignTs(s.Start, bucketSize)
+	b, ok := d.buckets[btime]
+	if !ok {
+		b = newBucket[uint64, *abandonedSpanCandidate](uint64(btime), bucketSize)
+		d.buckets[btime] = b
+	}
+
+	b.add(s.SpanID, s)
+	atomic.AddUint32(&d.addedSpans, 1)
+}
+
+func (d *abandonedSpansDebugger) remove(s *abandonedSpanCandidate, interval time.Duration) {
+	bucketSize := interval.Nanoseconds()
+	btime := alignTs(s.Start, bucketSize)
+	b, ok := d.buckets[btime]
+	if !ok {
+		return
+	}
+	// If a matching bucket exists, attempt to find the element containing
+	// the finished span, then remove that element from the bucket.
+	// If a bucket becomes empty, also remove that bucket from the
+	// abandoned spans list.
+	b.remove(s.SpanID)
+	atomic.AddUint32(&d.removedSpans, 1)
+	if b.Len() > 0 {
+		return
+	}
+	delete(d.buckets, btime)
+}
+
+// log returns a string containing potentially abandoned spans. If `interval` is
+// `nil`, it will print all unfinished spans. If `interval` holds a time.Duration, it will
+// only print spans that are older than `interval`. It will also truncate the log message to
+// `logSize` bytes to prevent overloading the logger.
+func (d *abandonedSpansDebugger) log(interval *time.Duration) {
+	var (
+		sb        strings.Builder
+		spanCount = 0
+		truncated = false
+		curTime   = now()
+	)
+
+	if len(d.buckets) == 0 {
+		return
+	}
+
+	// maps are iterated in random order, and to guarantee that is iterated in
+	// creation order, it's required to sort first the buckets' keys.
+	keys := make([]int64, 0, len(d.buckets))
+	for k := range d.buckets {
+		keys = append(keys, k)
+	}
+	sort.Slice(keys, func(i, j int) bool {
+		return keys[i] < keys[j]
+	})
+	for _, k := range keys {
+		if truncated {
+			break
+		}
+
+		// Since spans are bucketed by time, finding a bucket that is newer
+		// than the allowed time interval means that all spans in this bucket
+		// and future buckets will be younger than `interval`, and thus aren't
+		// worth checking.
+		b := d.buckets[k]
+		if interval != nil && curTime-int64(b.start) < interval.Nanoseconds() {
+			break
+		}
+
+		msg, nSpans := formatAbandonedSpans(b, interval, curTime)
+		spanCount += nSpans
+		space := logSize - len(sb.String())
+		if len(msg) > space {
+			msg = msg[0:space]
+			truncated = true
+		}
+		sb.WriteString(msg)
+	}
+
+	if spanCount == 0 {
+		return
+	}
+
+	log.Warn("%d abandoned spans:", spanCount)
+	if truncated {
+		log.Warn("Too many abandoned spans. Truncating message.")
+		sb.WriteString("...")
+	}
+	log.Warn(sb.String())
+}
+
+// formatAbandonedSpans takes a bucket and returns a human-readable string representing
+// the contents of it. If `interval` is not nil, it will check if the bucket might
+// contain spans older than the user configured timeout. If it does, it will filter for
+// older spans. If not, it will print all spans without checking their duration.
+func formatAbandonedSpans(b *bucket[uint64, *abandonedSpanCandidate], interval *time.Duration, curTime int64) (string, int) {
+	var (
+		sb        strings.Builder
+		spanCount int
+	)
+	for e := b.data.Front(); e != nil; e = e.Next() {
+		s := e.Value.(*abandonedSpanCandidate)
+		// If `interval` is not nil, it will check if the span is older than the
+		// user configured timeout, and discard it if it is not.
+		if interval != nil && curTime-s.Start < interval.Nanoseconds() {
+			continue
+		}
+		spanCount++
+		msg := s.String()
+		sb.WriteString(msg)
+	}
+	return sb.String(), spanCount
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/context.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/context.go
index 07b72c1ae8..5698dea685 100644
--- a/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/context.go
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/context.go
@@ -9,16 +9,13 @@ import (
 	"context"
 
 	"gopkg.in/DataDog/dd-trace-go.v1/ddtrace"
-	"gopkg.in/DataDog/dd-trace-go.v1/ddtrace/internal"
+	traceinternal "gopkg.in/DataDog/dd-trace-go.v1/ddtrace/internal"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal"
 )
 
-type contextKey struct{}
-
-var activeSpanKey = contextKey{}
-
 // ContextWithSpan returns a copy of the given context which includes the span s.
 func ContextWithSpan(ctx context.Context, s Span) context.Context {
-	return context.WithValue(ctx, activeSpanKey, s)
+	return context.WithValue(ctx, internal.ActiveSpanKey, s)
 }
 
 // SpanFromContext returns the span contained in the given context. A second return
@@ -26,13 +23,13 @@ func ContextWithSpan(ctx context.Context, s Span) context.Context {
 // span is returned.
 func SpanFromContext(ctx context.Context) (Span, bool) {
 	if ctx == nil {
-		return &internal.NoopSpan{}, false
+		return &traceinternal.NoopSpan{}, false
 	}
-	v := ctx.Value(activeSpanKey)
+	v := ctx.Value(internal.ActiveSpanKey)
 	if s, ok := v.(ddtrace.Span); ok {
 		return s, true
 	}
-	return &internal.NoopSpan{}, false
+	return &traceinternal.NoopSpan{}, false
 }
 
 // StartSpanFromContext returns a new span with the given operation name and options. If a span
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/data_streams.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/data_streams.go
new file mode 100644
index 0000000000..32585cd41a
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/data_streams.go
@@ -0,0 +1,64 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+package tracer
+
+import (
+	"context"
+
+	"gopkg.in/DataDog/dd-trace-go.v1/datastreams/options"
+	"gopkg.in/DataDog/dd-trace-go.v1/ddtrace/internal"
+	idatastreams "gopkg.in/DataDog/dd-trace-go.v1/internal/datastreams"
+)
+
+// dataStreamsContainer is an object that contains a data streams processor.
+type dataStreamsContainer interface {
+	GetDataStreamsProcessor() *idatastreams.Processor
+}
+
+// GetDataStreamsProcessor returns the processor tracking data streams stats
+func (t *tracer) GetDataStreamsProcessor() *idatastreams.Processor {
+	return t.dataStreams
+}
+
+// SetDataStreamsCheckpoint sets a consume or produce checkpoint in a Data Streams pathway.
+// This enables tracking data flow & end to end latency.
+// To learn more about the data streams product, see: https://docs.datadoghq.com/data_streams/go/
+func SetDataStreamsCheckpoint(ctx context.Context, edgeTags ...string) (outCtx context.Context, ok bool) {
+	return SetDataStreamsCheckpointWithParams(ctx, options.CheckpointParams{}, edgeTags...)
+}
+
+// SetDataStreamsCheckpointWithParams sets a consume or produce checkpoint in a Data Streams pathway.
+// This enables tracking data flow & end to end latency.
+// To learn more about the data streams product, see: https://docs.datadoghq.com/data_streams/go/
+func SetDataStreamsCheckpointWithParams(ctx context.Context, params options.CheckpointParams, edgeTags ...string) (outCtx context.Context, ok bool) {
+	if t, ok := internal.GetGlobalTracer().(dataStreamsContainer); ok {
+		if processor := t.GetDataStreamsProcessor(); processor != nil {
+			outCtx = processor.SetCheckpointWithParams(ctx, params, edgeTags...)
+			return outCtx, true
+		}
+	}
+	return ctx, false
+}
+
+// TrackKafkaCommitOffset should be used in the consumer, to track when it acks offset.
+// if used together with TrackKafkaProduceOffset it can generate a Kafka lag in seconds metric.
+func TrackKafkaCommitOffset(group, topic string, partition int32, offset int64) {
+	if t, ok := internal.GetGlobalTracer().(dataStreamsContainer); ok {
+		if p := t.GetDataStreamsProcessor(); p != nil {
+			p.TrackKafkaCommitOffset(group, topic, partition, offset)
+		}
+	}
+}
+
+// TrackKafkaProduceOffset should be used in the producer, to track when it produces a message.
+// if used together with TrackKafkaCommitOffset it can generate a Kafka lag in seconds metric.
+func TrackKafkaProduceOffset(topic string, partition int32, offset int64) {
+	if t, ok := internal.GetGlobalTracer().(dataStreamsContainer); ok {
+		if p := t.GetDataStreamsProcessor(); p != nil {
+			p.TrackKafkaProduceOffset(topic, partition, offset)
+		}
+	}
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/log.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/log.go
index 84899fbc5e..654d7a4d25 100644
--- a/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/log.go
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/log.go
@@ -23,34 +23,38 @@ import (
 
 // startupInfo contains various information about the status of the tracer on startup.
 type startupInfo struct {
-	Date                        string            `json:"date"`                           // ISO 8601 date and time of start
-	OSName                      string            `json:"os_name"`                        // Windows, Darwin, Debian, etc.
-	OSVersion                   string            `json:"os_version"`                     // Version of the OS
-	Version                     string            `json:"version"`                        // Tracer version
-	Lang                        string            `json:"lang"`                           // "Go"
-	LangVersion                 string            `json:"lang_version"`                   // Go version, e.g. go1.13
-	Env                         string            `json:"env"`                            // Tracer env
-	Service                     string            `json:"service"`                        // Tracer Service
-	AgentURL                    string            `json:"agent_url"`                      // The address of the agent
-	AgentError                  string            `json:"agent_error"`                    // Any error that occurred trying to connect to agent
-	Debug                       bool              `json:"debug"`                          // Whether debug mode is enabled
-	AnalyticsEnabled            bool              `json:"analytics_enabled"`              // True if there is a global analytics rate set
-	SampleRate                  string            `json:"sample_rate"`                    // The default sampling rate for the rules sampler
-	SampleRateLimit             string            `json:"sample_rate_limit"`              // The rate limit configured with the rules sampler
-	SamplingRules               []SamplingRule    `json:"sampling_rules"`                 // Rules used by the rules sampler
-	SamplingRulesError          string            `json:"sampling_rules_error"`           // Any errors that occurred while parsing sampling rules
-	ServiceMappings             map[string]string `json:"service_mappings"`               // Service Mappings
-	Tags                        map[string]string `json:"tags"`                           // Global tags
-	RuntimeMetricsEnabled       bool              `json:"runtime_metrics_enabled"`        // Whether or not runtime metrics are enabled
-	HealthMetricsEnabled        bool              `json:"health_metrics_enabled"`         // Whether or not health metrics are enabled
-	ProfilerCodeHotspotsEnabled bool              `json:"profiler_code_hotspots_enabled"` // Whether or not profiler code hotspots are enabled
-	ProfilerEndpointsEnabled    bool              `json:"profiler_endpoints_enabled"`     // Whether or not profiler endpoints are enabled
-	ApplicationVersion          string            `json:"dd_version"`                     // Version of the user's application
-	Architecture                string            `json:"architecture"`                   // Architecture of host machine
-	GlobalService               string            `json:"global_service"`                 // Global service string. If not-nil should be same as Service. (#614)
-	LambdaMode                  string            `json:"lambda_mode"`                    // Whether or not the client has enabled lambda mode
-	AppSec                      bool              `json:"appsec"`                         // AppSec status: true when started, false otherwise.
-	AgentFeatures               agentFeatures     `json:"agent_features"`                 // Lists the capabilities of the agent.
+	Date                        string                       `json:"date"`                           // ISO 8601 date and time of start
+	OSName                      string                       `json:"os_name"`                        // Windows, Darwin, Debian, etc.
+	OSVersion                   string                       `json:"os_version"`                     // Version of the OS
+	Version                     string                       `json:"version"`                        // Tracer version
+	Lang                        string                       `json:"lang"`                           // "Go"
+	LangVersion                 string                       `json:"lang_version"`                   // Go version, e.g. go1.13
+	Env                         string                       `json:"env"`                            // Tracer env
+	Service                     string                       `json:"service"`                        // Tracer Service
+	AgentURL                    string                       `json:"agent_url"`                      // The address of the agent
+	AgentError                  string                       `json:"agent_error"`                    // Any error that occurred trying to connect to agent
+	Debug                       bool                         `json:"debug"`                          // Whether debug mode is enabled
+	AnalyticsEnabled            bool                         `json:"analytics_enabled"`              // True if there is a global analytics rate set
+	SampleRate                  string                       `json:"sample_rate"`                    // The default sampling rate for the rules sampler
+	SampleRateLimit             string                       `json:"sample_rate_limit"`              // The rate limit configured with the rules sampler
+	SamplingRules               []SamplingRule               `json:"sampling_rules"`                 // Rules used by the rules sampler
+	SamplingRulesError          string                       `json:"sampling_rules_error"`           // Any errors that occurred while parsing sampling rules
+	ServiceMappings             map[string]string            `json:"service_mappings"`               // Service Mappings
+	Tags                        map[string]string            `json:"tags"`                           // Global tags
+	RuntimeMetricsEnabled       bool                         `json:"runtime_metrics_enabled"`        // Whether runtime metrics are enabled
+	HealthMetricsEnabled        bool                         `json:"health_metrics_enabled"`         // Whether health metrics are enabled
+	ProfilerCodeHotspotsEnabled bool                         `json:"profiler_code_hotspots_enabled"` // Whether profiler code hotspots are enabled
+	ProfilerEndpointsEnabled    bool                         `json:"profiler_endpoints_enabled"`     // Whether profiler endpoints are enabled
+	ApplicationVersion          string                       `json:"dd_version"`                     // Version of the user's application
+	Architecture                string                       `json:"architecture"`                   // Architecture of host machine
+	GlobalService               string                       `json:"global_service"`                 // Global service string. If not-nil should be same as Service. (#614)
+	LambdaMode                  string                       `json:"lambda_mode"`                    // Whether the client has enabled lambda mode
+	AppSec                      bool                         `json:"appsec"`                         // AppSec status: true when started, false otherwise.
+	AgentFeatures               agentFeatures                `json:"agent_features"`                 // Lists the capabilities of the agent.
+	Integrations                map[string]integrationConfig `json:"integrations"`                   // Available tracer integrations
+	PartialFlushEnabled         bool                         `json:"partial_flush_enabled"`          // Whether Partial Flushing is enabled
+	PartialFlushMinSpans        int                          `json:"partial_flush_min_spans"`        // The min number of spans to trigger a partial flush
+	Orchestrion                 orchestrionConfig            `json:"orchestrion"`                    // Orchestrion (auto-instrumentation) configuration.
 }
 
 // checkEndpoint tries to connect to the URL specified by endpoint.
@@ -105,7 +109,11 @@ func logStartup(t *tracer) {
 		GlobalService:               globalconfig.ServiceName(),
 		LambdaMode:                  fmt.Sprintf("%t", t.config.logToStdout),
 		AgentFeatures:               t.config.agent,
+		Integrations:                t.config.integrations,
 		AppSec:                      appsec.Enabled(),
+		PartialFlushEnabled:         t.config.partialFlushEnabled,
+		PartialFlushMinSpans:        t.config.partialFlushMinSpans,
+		Orchestrion:                 t.config.orchestrionCfg,
 	}
 	if _, _, err := samplingRulesFromEnv(); err != nil {
 		info.SamplingRulesError = fmt.Sprintf("%s", err)
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/metrics.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/metrics.go
index a454ca1673..409d8a439a 100644
--- a/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/metrics.go
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/metrics.go
@@ -18,15 +18,6 @@ import (
 // be reported.
 const defaultMetricsReportInterval = 10 * time.Second
 
-type statsdClient interface {
-	Incr(name string, tags []string, rate float64) error
-	Count(name string, value int64, tags []string, rate float64) error
-	Gauge(name string, value float64, tags []string, rate float64) error
-	Timing(name string, value time.Duration, tags []string, rate float64) error
-	Flush() error
-	Close() error
-}
-
 // reportRuntimeMetrics periodically reports go runtime metrics at
 // the given interval.
 func (t *tracer) reportRuntimeMetrics(interval time.Duration) {
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/option.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/option.go
index 00ca5ff4ff..18e8c17397 100644
--- a/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/option.go
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/option.go
@@ -15,7 +15,9 @@ import (
 	"net/url"
 	"os"
 	"path/filepath"
+	"regexp"
 	"runtime"
+	"runtime/debug"
 	"strconv"
 	"strings"
 	"time"
@@ -33,6 +35,66 @@ import (
 	"github.com/DataDog/datadog-go/v5/statsd"
 )
 
+var contribIntegrations = map[string]struct {
+	name     string // user readable name for startup logs
+	imported bool   // true if the user has imported the integration
+}{
+	"github.com/99designs/gqlgen":                   {"gqlgen", false},
+	"github.com/aws/aws-sdk-go":                     {"AWS SDK", false},
+	"github.com/aws/aws-sdk-go-v2":                  {"AWS SDK v2", false},
+	"github.com/bradfitz/gomemcache":                {"Memcache", false},
+	"cloud.google.com/go/pubsub.v1":                 {"Pub/Sub", false},
+	"github.com/confluentinc/confluent-kafka-go":    {"Kafka (confluent)", false},
+	"github.com/confluentinc/confluent-kafka-go/v2": {"Kafka (confluent) v2", false},
+	"database/sql":                                  {"SQL", false},
+	"github.com/dimfeld/httptreemux/v5":             {"HTTP Treemux", false},
+	"github.com/elastic/go-elasticsearch/v6":        {"Elasticsearch v6", false},
+	"github.com/emicklei/go-restful":                {"go-restful", false},
+	"github.com/emicklei/go-restful/v3":             {"go-restful v3", false},
+	"github.com/garyburd/redigo":                    {"Redigo (dep)", false},
+	"github.com/gin-gonic/gin":                      {"Gin", false},
+	"github.com/globalsign/mgo":                     {"MongoDB (mgo)", false},
+	"github.com/go-chi/chi":                         {"chi", false},
+	"github.com/go-chi/chi/v5":                      {"chi v5", false},
+	"github.com/go-pg/pg/v10":                       {"go-pg v10", false},
+	"github.com/go-redis/redis":                     {"Redis", false},
+	"github.com/go-redis/redis/v7":                  {"Redis v7", false},
+	"github.com/go-redis/redis/v8":                  {"Redis v8", false},
+	"go.mongodb.org/mongo-driver":                   {"MongoDB", false},
+	"github.com/gocql/gocql":                        {"Cassandra", false},
+	"github.com/gofiber/fiber/v2":                   {"Fiber", false},
+	"github.com/gomodule/redigo":                    {"Redigo", false},
+	"google.golang.org/api":                         {"Google API", false},
+	"google.golang.org/grpc":                        {"gRPC", false},
+	"google.golang.org/grpc/v12":                    {"gRPC v12", false},
+	"gopkg.in/jinzhu/gorm.v1":                       {"Gorm (gopkg)", false},
+	"github.com/gorilla/mux":                        {"Gorilla Mux", false},
+	"gorm.io/gorm.v1":                               {"Gorm v1", false},
+	"github.com/graph-gophers/graphql-go":           {"GraphQL", false},
+	"github.com/hashicorp/consul/api":               {"Consul", false},
+	"github.com/hashicorp/vault/api":                {"Vault", false},
+	"github.com/jinzhu/gorm":                        {"Gorm", false},
+	"github.com/jmoiron/sqlx":                       {"SQLx", false},
+	"github.com/julienschmidt/httprouter":           {"HTTP Router", false},
+	"k8s.io/client-go/kubernetes":                   {"Kubernetes", false},
+	"github.com/labstack/echo":                      {"echo", false},
+	"github.com/labstack/echo/v4":                   {"echo v4", false},
+	"github.com/miekg/dns":                          {"miekg/dns", false},
+	"net/http":                                      {"HTTP", false},
+	"gopkg.in/olivere/elastic.v5":                   {"Elasticsearch v5", false},
+	"gopkg.in/olivere/elastic.v3":                   {"Elasticsearch v3", false},
+	"github.com/redis/go-redis/v9":                  {"Redis v9", false},
+	"github.com/segmentio/kafka-go":                 {"Kafka v0", false},
+	"github.com/IBM/sarama":                         {"IBM sarama", false},
+	"github.com/Shopify/sarama":                     {"Shopify sarama", false},
+	"github.com/sirupsen/logrus":                    {"Logrus", false},
+	"github.com/syndtr/goleveldb":                   {"LevelDB", false},
+	"github.com/tidwall/buntdb":                     {"BuntDB", false},
+	"github.com/twitchtv/twirp":                     {"Twirp", false},
+	"github.com/urfave/negroni":                     {"Negroni", false},
+	"github.com/zenazn/goji":                        {"Goji", false},
+}
+
 var (
 	// defaultSocketAPM specifies the socket path to use for connecting to the trace-agent.
 	// Replaced in tests
@@ -55,6 +117,10 @@ type config struct {
 	// of the behaviour of the tracer.
 	agent agentFeatures
 
+	// integrations reports if the user has instrumented a Datadog integration and
+	// if they have a version of the library available to integrate.
+	integrations map[string]integrationConfig
+
 	// featureFlags specifies any enabled feature flags.
 	featureFlags map[string]struct{}
 
@@ -123,7 +189,7 @@ type config struct {
 
 	// statsdClient is set when a user provides a custom statsd client for tracking metrics
 	// associated with the runtime and the tracer.
-	statsdClient statsdClient
+	statsdClient internal.StatsdClient
 
 	// spanRules contains user-defined rules to determine the sampling rate to apply
 	// to a single span without affecting the entire trace
@@ -161,6 +227,41 @@ type config struct {
 
 	// peerServiceMappings holds a set of service mappings to dynamically rename peer.service values.
 	peerServiceMappings map[string]string
+
+	// debugAbandonedSpans controls if the tracer should log when old, open spans are found
+	debugAbandonedSpans bool
+
+	// spanTimeout represents how old a span can be before it should be logged as a possible
+	// misconfiguration
+	spanTimeout time.Duration
+
+	// partialFlushMinSpans is the number of finished spans in a single trace to trigger a
+	// partial flush, or 0 if partial flushing is disabled.
+	// Value from DD_TRACE_PARTIAL_FLUSH_MIN_SPANS, default 1000.
+	partialFlushMinSpans int
+
+	// partialFlushEnabled specifices whether the tracer should enable partial flushing. Value
+	// from DD_TRACE_PARTIAL_FLUSH_ENABLED, default false.
+	partialFlushEnabled bool
+
+	// statsComputationEnabled enables client-side stats computation (aka trace metrics).
+	statsComputationEnabled bool
+
+	// dataStreamsMonitoringEnabled specifies whether the tracer should enable monitoring of data streams
+	dataStreamsMonitoringEnabled bool
+
+	// orchestrionCfg holds Orchestrion (aka auto-instrumentation) configuration.
+	// Only used for telemetry currently.
+	orchestrionCfg orchestrionConfig
+}
+
+// orchestrionConfig contains Orchestrion configuration.
+type orchestrionConfig struct {
+	// Enabled indicates whether this tracer was instanciated via Orchestrion.
+	Enabled bool `json:"enabled"`
+
+	// Metadata holds Orchestrion specific metadata (e.g orchestrion version, mode (toolexec or manual) etc..)
+	Metadata map[string]string `json:"metadata,omitempty"`
 }
 
 // HasFeature reports whether feature f is enabled.
@@ -175,6 +276,9 @@ type StartOption func(*config)
 // maxPropagatedTagsLength limits the size of DD_TRACE_X_DATADOG_TAGS_MAX_LENGTH to prevent HTTP 413 responses.
 const maxPropagatedTagsLength = 512
 
+// partialFlushMinSpansDefault is the default number of spans for partial flushing, if enabled.
+const partialFlushMinSpansDefault = 1000
+
 // newConfig renders the tracer configuration based on defaults, environment variables
 // and passed user opts.
 func newConfig(opts ...StartOption) *config {
@@ -234,6 +338,24 @@ func newConfig(opts ...StartOption) *config {
 	c.profilerEndpoints = internal.BoolEnv(traceprof.EndpointEnvVar, true)
 	c.profilerHotspots = internal.BoolEnv(traceprof.CodeHotspotsEnvVar, true)
 	c.enableHostnameDetection = internal.BoolEnv("DD_CLIENT_HOSTNAME_ENABLED", true)
+	c.debugAbandonedSpans = internal.BoolEnv("DD_TRACE_DEBUG_ABANDONED_SPANS", false)
+	if c.debugAbandonedSpans {
+		c.spanTimeout = internal.DurationEnv("DD_TRACE_ABANDONED_SPAN_TIMEOUT", 10*time.Minute)
+	}
+	c.statsComputationEnabled = internal.BoolEnv("DD_TRACE_STATS_COMPUTATION_ENABLED", false)
+	c.dataStreamsMonitoringEnabled = internal.BoolEnv("DD_DATA_STREAMS_ENABLED", false)
+	c.partialFlushEnabled = internal.BoolEnv("DD_TRACE_PARTIAL_FLUSH_ENABLED", false)
+	c.partialFlushMinSpans = internal.IntEnv("DD_TRACE_PARTIAL_FLUSH_MIN_SPANS", partialFlushMinSpansDefault)
+	if c.partialFlushMinSpans <= 0 {
+		log.Warn("DD_TRACE_PARTIAL_FLUSH_MIN_SPANS=%d is not a valid value, setting to default %d", c.partialFlushMinSpans, partialFlushMinSpansDefault)
+		c.partialFlushMinSpans = partialFlushMinSpansDefault
+	} else if c.partialFlushMinSpans >= traceMaxSize {
+		log.Warn("DD_TRACE_PARTIAL_FLUSH_MIN_SPANS=%d is above the max number of spans that can be kept in memory for a single trace (%d spans), so partial flushing will never trigger, setting to default %d", c.partialFlushMinSpans, traceMaxSize, partialFlushMinSpansDefault)
+		c.partialFlushMinSpans = partialFlushMinSpansDefault
+	}
+	// TODO(partialFlush): consider logging a warning if DD_TRACE_PARTIAL_FLUSH_MIN_SPANS
+	// is set, but DD_TRACE_PARTIAL_FLUSH_ENABLED is not true. Or just assume it should be enabled
+	// if it's explicitly set, and don't require both variables to be configured.
 
 	schemaVersionStr := os.Getenv("DD_TRACE_SPAN_ATTRIBUTE_SCHEMA")
 	if v, ok := namingschema.ParseVersion(schemaVersionStr); ok {
@@ -301,6 +423,8 @@ func newConfig(opts ...StartOption) *config {
 				globalconfig.SetServiceName(s)
 			}
 		} else {
+			// There is not an explicit service set, default to binary name.
+			// In this case, don't set a global service name so the contribs continue using their defaults.
 			c.serviceName = filepath.Base(os.Args[0])
 		}
 	}
@@ -328,7 +452,13 @@ func newConfig(opts ...StartOption) *config {
 	if c.debug {
 		log.SetLevel(log.LevelDebug)
 	}
-	c.loadAgentFeatures()
+	c.agent = loadAgentFeatures(c.logToStdout, c.agentURL, c.httpClient)
+	info, ok := debug.ReadBuildInfo()
+	if !ok {
+		c.loadContribIntegrations([]*debug.Module{})
+	} else {
+		c.loadContribIntegrations(info.Deps)
+	}
 	if c.statsdClient == nil {
 		// configure statsd client
 		addr := c.dogstatsdAddr
@@ -355,7 +485,7 @@ func newConfig(opts ...StartOption) *config {
 	return c
 }
 
-func newStatsdClient(c *config) (statsdClient, error) {
+func newStatsdClient(c *config) (internal.StatsdClient, error) {
 	if c.statsdClient != nil {
 		return c.statsdClient, nil
 	}
@@ -413,6 +543,12 @@ func defaultDogstatsdAddr() string {
 	return net.JoinHostPort(host, port)
 }
 
+type integrationConfig struct {
+	Instrumented bool   `json:"instrumented"`      // indicates if the user has imported and used the integration
+	Available    bool   `json:"available"`         // indicates if the user is using a library that can be used with DataDog integrations
+	Version      string `json:"available_version"` // if available, indicates the version of the library the user has
+}
+
 // agentFeatures holds information about the trace-agent's capabilities.
 // When running WithLambdaMode, a zero-value of this struct will be used
 // as features.
@@ -425,6 +561,10 @@ type agentFeatures struct {
 	// the /v0.6/stats endpoint.
 	Stats bool
 
+	// DataStreams reports whether the agent can receive data streams stats on
+	// the /v0.1/pipeline_stats endpoint.
+	DataStreams bool
+
 	// StatsdPort specifies the Dogstatsd port as provided by the agent.
 	// If it's the default, it will be 0, which means 8125.
 	StatsdPort int
@@ -441,13 +581,12 @@ func (a *agentFeatures) HasFlag(feat string) bool {
 
 // loadAgentFeatures queries the trace-agent for its capabilities and updates
 // the tracer's behaviour.
-func (c *config) loadAgentFeatures() {
-	c.agent = agentFeatures{}
-	if c.logToStdout {
+func loadAgentFeatures(logToStdout bool, agentURL *url.URL, httpClient *http.Client) (features agentFeatures) {
+	if logToStdout {
 		// there is no agent; all features off
 		return
 	}
-	resp, err := c.httpClient.Get(fmt.Sprintf("%s/info", c.agentURL))
+	resp, err := httpClient.Get(fmt.Sprintf("%s/info", agentURL))
 	if err != nil {
 		log.Error("Loading features: %v", err)
 		return
@@ -468,22 +607,74 @@ func (c *config) loadAgentFeatures() {
 		log.Error("Decoding features: %v", err)
 		return
 	}
-	c.agent.DropP0s = info.ClientDropP0s
-	c.agent.StatsdPort = info.StatsdPort
+	features.DropP0s = info.ClientDropP0s
+	features.StatsdPort = info.StatsdPort
 	for _, endpoint := range info.Endpoints {
 		switch endpoint {
 		case "/v0.6/stats":
-			c.agent.Stats = true
+			features.Stats = true
+		case "/v0.1/pipeline_stats":
+			features.DataStreams = true
 		}
 	}
-	c.agent.featureFlags = make(map[string]struct{}, len(info.FeatureFlags))
+	features.featureFlags = make(map[string]struct{}, len(info.FeatureFlags))
 	for _, flag := range info.FeatureFlags {
-		c.agent.featureFlags[flag] = struct{}{}
+		features.featureFlags[flag] = struct{}{}
+	}
+	return features
+}
+
+// MarkIntegrationImported labels the given integration as imported
+func MarkIntegrationImported(integration string) bool {
+	s, ok := contribIntegrations[integration]
+	if !ok {
+		return false
+	}
+	s.imported = true
+	contribIntegrations[integration] = s
+	return true
+}
+
+func (c *config) loadContribIntegrations(deps []*debug.Module) {
+	integrations := map[string]integrationConfig{}
+	for _, s := range contribIntegrations {
+		integrations[s.name] = integrationConfig{
+			Instrumented: s.imported,
+		}
 	}
+	for _, d := range deps {
+		p := d.Path
+		// special use case, since gRPC does not update version number
+		if p == "google.golang.org/grpc" {
+			re := regexp.MustCompile(`v(\d.\d)\d*`)
+			match := re.FindStringSubmatch(d.Version)
+			if match == nil {
+				log.Warn("Unable to parse version of GRPC %v", d.Version)
+				continue
+			}
+			ver, err := strconv.ParseFloat(match[1], 32)
+			if err != nil {
+				log.Warn("Unable to parse version of GRPC %v as a float", d.Version)
+				continue
+			}
+			if ver <= 1.2 {
+				p = p + "/v12"
+			}
+		}
+		s, ok := contribIntegrations[p]
+		if !ok {
+			continue
+		}
+		conf := integrations[s.name]
+		conf.Available = true
+		conf.Version = d.Version
+		integrations[s.name] = conf
+	}
+	c.integrations = integrations
 }
 
 func (c *config) canComputeStats() bool {
-	return c.agent.Stats && c.HasFeature("discovery")
+	return c.agent.Stats && (c.HasFeature("discovery") || c.statsComputationEnabled)
 }
 
 func (c *config) canDropP0s() bool {
@@ -842,6 +1033,55 @@ func WithProfilerEndpoints(enabled bool) StartOption {
 	}
 }
 
+// WithDebugSpansMode enables debugging old spans that may have been
+// abandoned, which may prevent traces from being set to the Datadog
+// Agent, especially if partial flushing is off.
+// This setting can also be configured by setting DD_TRACE_DEBUG_ABANDONED_SPANS
+// to true. The timeout will default to 10 minutes, unless overwritten
+// by DD_TRACE_ABANDONED_SPAN_TIMEOUT.
+// This feature is disabled by default. Turning on this debug mode may
+// be expensive, so it should only be enabled for debugging purposes.
+func WithDebugSpansMode(timeout time.Duration) StartOption {
+	return func(c *config) {
+		c.debugAbandonedSpans = true
+		c.spanTimeout = timeout
+	}
+}
+
+// WithPartialFlushing enables flushing of partially finished traces.
+// This is done after "numSpans" have finished in a single local trace at
+// which point all finished spans in that trace will be flushed, freeing up
+// any memory they were consuming. This can also be configured by setting
+// DD_TRACE_PARTIAL_FLUSH_ENABLED to true, which will default to 1000 spans
+// unless overriden with DD_TRACE_PARTIAL_FLUSH_MIN_SPANS. Partial flushing
+// is disabled by default.
+func WithPartialFlushing(numSpans int) StartOption {
+	return func(c *config) {
+		c.partialFlushEnabled = true
+		c.partialFlushMinSpans = numSpans
+	}
+}
+
+// WithStatsComputation enables client-side stats computation, allowing
+// the tracer to compute stats from traces. This can reduce network traffic
+// to the Datadog Agent, and produce more accurate stats data.
+// This can also be configured by setting DD_TRACE_STATS_COMPUTATION_ENABLED to true.
+// Client-side stats is off by default.
+func WithStatsComputation(enabled bool) StartOption {
+	return func(c *config) {
+		c.statsComputationEnabled = enabled
+	}
+}
+
+// WithOrchestrion configures Orchestrion's auto-instrumentation metadata.
+// This option is only intended to be used by Orchestrion https://github.com/DataDog/orchestrion
+func WithOrchestrion(metadata map[string]string) StartOption {
+	return func(c *config) {
+		c.orchestrionCfg.Enabled = true
+		c.orchestrionCfg.Metadata = metadata
+	}
+}
+
 // StartSpanOption is a configuration option for StartSpan. It is aliased in order
 // to help godoc group all the functions returning it together. It is considered
 // more correct to refer to it as the type as the origin, ddtrace.StartSpanOption.
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/span.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/span.go
index 1d5e039d70..c4a0530409 100644
--- a/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/span.go
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/span.go
@@ -79,7 +79,7 @@ type span struct {
 
 	goExecTraced bool         `msg:"-"`
 	noDebugStack bool         `msg:"-"` // disables debug stack traces
-	finished     bool         `msg:"-"` // true if the span has been submitted to a tracer.
+	finished     bool         `msg:"-"` // true if the span has been submitted to a tracer. Can only be read/modified if the trace is locked.
 	context      *spanContext `msg:"-"` // span propagation context
 
 	pprofCtxActive  context.Context `msg:"-"` // contains pprof.WithLabel labels to tell the profiler more about this span
@@ -499,7 +499,6 @@ func (s *span) finish(finishTime int64) {
 	if s.Duration < 0 {
 		s.Duration = 0
 	}
-	s.finished = true
 
 	keep := true
 	if t, ok := internal.GetGlobalTracer().(*tracer); ok {
@@ -517,6 +516,15 @@ func (s *span) finish(finishTime int64) {
 			// the agent supports dropping p0's in the client
 			keep = shouldKeep(s)
 		}
+		if t.config.debugAbandonedSpans {
+			// the tracer supports debugging abandoned spans
+			select {
+			case t.abandonedSpansDebugger.In <- newAbandonedSpanCandidate(s, true):
+				// ok
+			default:
+				log.Error("Abandoned spans channel full, disregarding span.")
+			}
+		}
 	}
 	if keep {
 		// a single kept span keeps the whole trace.
@@ -669,7 +677,8 @@ func (s *span) Format(f fmt.State, c rune) {
 			traceID = fmt.Sprintf("%d", s.TraceID)
 		}
 		fmt.Fprintf(f, `dd.trace_id=%q `, traceID)
-		fmt.Fprintf(f, `dd.span_id="%d"`, s.SpanID)
+		fmt.Fprintf(f, `dd.span_id="%d" `, s.SpanID)
+		fmt.Fprintf(f, `dd.parent_id="%d"`, s.ParentID)
 	default:
 		fmt.Fprintf(f, "%%!%c(ddtrace.Span=%v)", c, s)
 	}
@@ -711,6 +720,8 @@ const (
 	keyPeerServiceSource = "_dd.peer.service.source"
 	// keyPeerServiceRemappedFrom indicates the previous value for peer.service, in case remapping happened.
 	keyPeerServiceRemappedFrom = "_dd.peer.service.remapped_from"
+	// keyBaseService contains the globally configured tracer service name. It is only set for spans that override it.
+	keyBaseService = "_dd.base_service"
 )
 
 // The following set of tags is used for user monitoring and set through calls to span.SetUser().
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/spancontext.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/spancontext.go
index d418329b42..0f71e3f225 100644
--- a/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/spancontext.go
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/spancontext.go
@@ -10,6 +10,7 @@ import (
 	"encoding/hex"
 	"fmt"
 	"strconv"
+	"strings"
 	"sync"
 	"sync/atomic"
 	"time"
@@ -21,6 +22,7 @@ import (
 	sharedinternal "gopkg.in/DataDog/dd-trace-go.v1/internal"
 	"gopkg.in/DataDog/dd-trace-go.v1/internal/log"
 	"gopkg.in/DataDog/dd-trace-go.v1/internal/samplernames"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/telemetry"
 )
 
 var _ ddtrace.SpanContext = (*spanContext)(nil)
@@ -362,20 +364,56 @@ func (t *trace) push(sp *span) {
 	}
 }
 
+// setTraceTags sets all "trace level" tags on the provided span
+// t must already be locked.
+func (t *trace) setTraceTags(s *span, tr *tracer) {
+	for k, v := range t.tags {
+		s.setMeta(k, v)
+	}
+	for k, v := range t.propagatingTags {
+		s.setMeta(k, v)
+	}
+	for k, v := range ginternal.GetTracerGitMetadataTags() {
+		s.setMeta(k, v)
+	}
+	if s.context != nil && s.context.traceID.HasUpper() {
+		s.setMeta(keyTraceID128, s.context.traceID.UpperHex())
+	}
+	if hn := tr.hostname(); hn != "" {
+		s.setMeta(keyTracerHostname, hn)
+	}
+}
+
 // finishedOne acknowledges that another span in the trace has finished, and checks
 // if the trace is complete, in which case it calls the onFinish function. It uses
-// the given priority, if non-nil, to mark the root span.
+// the given priority, if non-nil, to mark the root span. This also will trigger a partial flush
+// if enabled and the total number of finished spans is greater than or equal to the partial flush limit.
+// The provided span must be locked.
 func (t *trace) finishedOne(s *span) {
 	t.mu.Lock()
 	defer t.mu.Unlock()
+	s.finished = true
 	if t.full {
 		// capacity has been reached, the buffer is no longer tracking
 		// all the spans in the trace, so the below conditions will not
 		// be accurate and would trigger a pre-mature flush, exposing us
 		// to a race condition where spans can be modified while flushing.
+		//
+		// TODO(partialFlush): should we do a partial flush in this scenario?
 		return
 	}
 	t.finished++
+	tr, ok := internal.GetGlobalTracer().(*tracer)
+	if !ok {
+		return
+	}
+	setPeerService(s, tr.config)
+
+	// attach the _dd.base_service tag only when the globally configured service name is different from the
+	// span service name.
+	if s.Service != "" && !strings.EqualFold(s.Service, tr.config.serviceName) {
+		s.Meta[keyBaseService] = tr.config.serviceName
+	}
 	if s == t.root && t.priority != nil {
 		// after the root has finished we lock down the priority;
 		// we won't be able to make changes to a span after finishing
@@ -389,42 +427,52 @@ func (t *trace) finishedOne(s *span) {
 		// TODO(barbayar): make sure this doesn't happen in vain when switching to
 		// the new wire format. We won't need to set the tags on the first span
 		// in the chunk there.
-		for k, v := range t.tags {
-			s.setMeta(k, v)
-		}
-		for k, v := range t.propagatingTags {
-			s.setMeta(k, v)
-		}
-		for k, v := range ginternal.GetTracerGitMetadataTags() {
-			s.setMeta(k, v)
-		}
-		if s.context != nil && s.context.traceID.HasUpper() {
-			s.setMeta(keyTraceID128, s.context.traceID.UpperHex())
-		}
+		t.setTraceTags(s, tr)
 	}
-	if len(t.spans) == t.finished {
-		defer func() {
-			t.spans = nil
-			t.finished = 0 // important, because a buffer can be used for several flushes
-		}()
-	}
-	tr, ok := internal.GetGlobalTracer().(*tracer)
-	if !ok {
+
+	if len(t.spans) == t.finished { // perform a full flush of all spans
+		t.finishChunk(tr, &chunk{
+			spans:    t.spans,
+			willSend: decisionKeep == samplingDecision(atomic.LoadUint32((*uint32)(&t.samplingDecision))),
+		})
+		t.spans = nil
 		return
 	}
-	setPeerService(s, tr.config)
-	if len(t.spans) != t.finished {
-		return
+
+	doPartialFlush := tr.config.partialFlushEnabled && t.finished >= tr.config.partialFlushMinSpans
+	if !doPartialFlush {
+		return // The trace hasn't completed and partial flushing will not occur
 	}
-	if hn := tr.hostname(); hn != "" {
-		s.setMeta(keyTracerHostname, hn)
+	log.Debug("Partial flush triggered with %d finished spans", t.finished)
+	telemetry.GlobalClient.Count(telemetry.NamespaceTracers, "trace_partial_flush.count", 1, []string{"reason:large_trace"}, true)
+	finishedSpans := make([]*span, 0, t.finished)
+	leftoverSpans := make([]*span, 0, len(t.spans)-t.finished)
+	for _, s2 := range t.spans {
+		if s2.finished {
+			finishedSpans = append(finishedSpans, s2)
+		} else {
+			leftoverSpans = append(leftoverSpans, s2)
+		}
+	}
+	// TODO: (Support MetricKindDist) Re-enable these when we actually support `MetricKindDist`
+	//telemetry.GlobalClient.Record(telemetry.NamespaceTracers, telemetry.MetricKindDist, "trace_partial_flush.spans_closed", float64(len(finishedSpans)), nil, true)
+	//telemetry.GlobalClient.Record(telemetry.NamespaceTracers, telemetry.MetricKindDist, "trace_partial_flush.spans_remaining", float64(len(leftoverSpans)), nil, true)
+	finishedSpans[0].setMetric(keySamplingPriority, *t.priority)
+	if s != t.spans[0] {
+		// Make sure the first span in the chunk has the trace-level tags
+		t.setTraceTags(finishedSpans[0], tr)
 	}
-	// we have a tracer that can receive completed traces.
-	atomic.AddUint32(&tr.spansFinished, uint32(len(t.spans)))
-	tr.pushTrace(&finishedTrace{
-		spans:    t.spans,
+	t.finishChunk(tr, &chunk{
+		spans:    finishedSpans,
 		willSend: decisionKeep == samplingDecision(atomic.LoadUint32((*uint32)(&t.samplingDecision))),
 	})
+	t.spans = leftoverSpans
+}
+
+func (t *trace) finishChunk(tr *tracer, ch *chunk) {
+	atomic.AddUint32(&tr.spansFinished, uint32(len(ch.spans)))
+	tr.pushChunk(ch)
+	t.finished = 0 // important, because a buffer can be used for several flushes
 }
 
 // setPeerService sets the peer.service, _dd.peer.service.source, and _dd.peer.service.remapped_from
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/stats.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/stats.go
index 95c5caee11..720a2a0230 100644
--- a/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/stats.go
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/stats.go
@@ -12,6 +12,7 @@ import (
 	"sync/atomic"
 	"time"
 
+	"gopkg.in/DataDog/dd-trace-go.v1/internal"
 	"gopkg.in/DataDog/dd-trace-go.v1/internal/log"
 
 	"github.com/DataDog/datadog-go/v5/statsd"
@@ -54,11 +55,11 @@ type concentrator struct {
 	// stopped reports whether the concentrator is stopped (when non-zero)
 	stopped uint32
 
-	wg           sync.WaitGroup // waits for any active goroutines
-	bucketSize   int64          // the size of a bucket in nanoseconds
-	stop         chan struct{}  // closing this channel triggers shutdown
-	cfg          *config        // tracer startup configuration
-	statsdClient statsdClient   // statsd client for sending metrics.
+	wg           sync.WaitGroup        // waits for any active goroutines
+	bucketSize   int64                 // the size of a bucket in nanoseconds
+	stop         chan struct{}         // closing this channel triggers shutdown
+	cfg          *config               // tracer startup configuration
+	statsdClient internal.StatsdClient // statsd client for sending metrics.
 }
 
 // newConcentrator creates a new concentrator using the given tracer
@@ -113,7 +114,7 @@ func (c *concentrator) runFlusher(tick <-chan time.Time) {
 }
 
 // statsd returns any tracer configured statsd client, or a no-op.
-func (c *concentrator) statsd() statsdClient {
+func (c *concentrator) statsd() internal.StatsdClient {
 	if c.statsdClient == nil {
 		return &statsd.NoOpClient{}
 	}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/telemetry.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/telemetry.go
index ae6ffdb4d8..927cff9fff 100644
--- a/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/telemetry.go
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/telemetry.go
@@ -7,6 +7,7 @@ package tracer
 
 import (
 	"fmt"
+	"strings"
 
 	"gopkg.in/DataDog/dd-trace-go.v1/internal/telemetry"
 )
@@ -35,7 +36,7 @@ func startTelemetry(c *config) {
 	telemetryConfigs := []telemetry.Configuration{
 		{Name: "trace_debug_enabled", Value: c.debug},
 		{Name: "agent_feature_drop_p0s", Value: c.agent.DropP0s},
-		{Name: "stats_computation_enabled", Value: c.agent.Stats},
+		{Name: "stats_computation_enabled", Value: c.canComputeStats()},
 		{Name: "dogstatsd_port", Value: c.agent.StatsdPort},
 		{Name: "lambda_mode", Value: c.logToStdout},
 		{Name: "send_retries", Value: c.sendRetries},
@@ -51,6 +52,22 @@ func startTelemetry(c *config) {
 		{Name: "profiling_hotspots_enabled", Value: c.profilerHotspots},
 		{Name: "profiling_endpoints_enabled", Value: c.profilerEndpoints},
 		{Name: "trace_enabled", Value: c.enabled},
+		{Name: "trace_span_attribute_schema", Value: c.spanAttributeSchemaVersion},
+		{Name: "trace_peer_service_defaults_enabled", Value: c.peerServiceDefaultsEnabled},
+		{Name: "orchestrion_enabled", Value: c.orchestrionCfg.Enabled},
+	}
+	var peerServiceMapping []string
+	for key, value := range c.peerServiceMappings {
+		peerServiceMapping = append(peerServiceMapping, fmt.Sprintf("%s:%s", key, value))
+	}
+	telemetryConfigs = append(telemetryConfigs,
+		telemetry.Configuration{Name: "trace_peer_service_mapping", Value: strings.Join(peerServiceMapping, ",")})
+
+	if chained, ok := c.propagator.(*chainedPropagator); ok {
+		telemetryConfigs = append(telemetryConfigs,
+			telemetry.Configuration{Name: "trace_propagation_style_inject", Value: chained.injectorNames})
+		telemetryConfigs = append(telemetryConfigs,
+			telemetry.Configuration{Name: "trace_propagation_style_extract", Value: chained.extractorsNames})
 	}
 	for k, v := range c.featureFlags {
 		telemetryConfigs = append(telemetryConfigs, telemetry.Configuration{Name: k, Value: v})
@@ -75,5 +92,10 @@ func startTelemetry(c *config) {
 			telemetry.Configuration{Name: fmt.Sprintf("sr_%s_(%s)_(%s)", rule.ruleType.String(), service, name),
 				Value: fmt.Sprintf("rate:%f_maxPerSecond:%f", rule.Rate, rule.MaxPerSecond)})
 	}
+	if c.orchestrionCfg.Enabled {
+		for k, v := range c.orchestrionCfg.Metadata {
+			telemetryConfigs = append(telemetryConfigs, telemetry.Configuration{Name: "orchestrion_" + k, Value: v})
+		}
+	}
 	telemetry.GlobalClient.ProductStart(telemetry.NamespaceTracers, telemetryConfigs)
 }
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/textmap.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/textmap.go
index 9a6dfb8eac..c4a7362752 100644
--- a/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/textmap.go
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/textmap.go
@@ -173,9 +173,13 @@ func NewPropagator(cfg *PropagatorConfig, propagators ...Propagator) Propagator
 			log.Warn("%v is deprecated. Please use %v or %v instead.\n", headerPropagationStyleExtractDeprecated, headerPropagationStyleExtract, headerPropagationStyle)
 		}
 	}
+	injectors, injectorNames := getPropagators(cfg, injectorsPs)
+	extractors, extractorsNames := getPropagators(cfg, extractorsPs)
 	return &chainedPropagator{
-		injectors:  getPropagators(cfg, injectorsPs),
-		extractors: getPropagators(cfg, extractorsPs),
+		injectors,
+		extractors,
+		injectorNames,
+		extractorsNames,
 	}
 }
 
@@ -183,48 +187,58 @@ func NewPropagator(cfg *PropagatorConfig, propagators ...Propagator) Propagator
 // When injecting, all injectors are called to propagate the span context.
 // When extracting, it tries each extractor, selecting the first successful one.
 type chainedPropagator struct {
-	injectors  []Propagator
-	extractors []Propagator
+	injectors       []Propagator
+	extractors      []Propagator
+	injectorNames   string
+	extractorsNames string
 }
 
 // getPropagators returns a list of propagators based on ps, which is a comma seperated
 // list of propagators. If the list doesn't contain any valid values, the
 // default propagator will be returned. Any invalid values in the list will log
 // a warning and be ignored.
-func getPropagators(cfg *PropagatorConfig, ps string) []Propagator {
+func getPropagators(cfg *PropagatorConfig, ps string) ([]Propagator, string) {
 	dd := &propagator{cfg}
 	defaultPs := []Propagator{&propagatorW3c{}, dd}
+	defaultPsName := "tracecontext,datadog"
 	if cfg.B3 {
 		defaultPs = append(defaultPs, &propagatorB3{})
+		defaultPsName += ",b3"
 	}
 	if ps == "" {
 		if prop := os.Getenv(headerPropagationStyle); prop != "" {
 			ps = prop // use the generic DD_TRACE_PROPAGATION_STYLE if set
 		} else {
-			return defaultPs // no env set, so use default from configuration
+			return defaultPs, defaultPsName // no env set, so use default from configuration
 		}
 	}
 	ps = strings.ToLower(ps)
 	if ps == "none" {
-		return nil
+		return nil, ""
 	}
 	var list []Propagator
+	var listNames []string
 	if cfg.B3 {
 		list = append(list, &propagatorB3{})
+		listNames = append(listNames, "b3")
 	}
 	for _, v := range strings.Split(ps, ",") {
-		switch strings.ToLower(v) {
+		switch v := strings.ToLower(v); v {
 		case "datadog":
 			list = append(list, dd)
+			listNames = append(listNames, v)
 		case "tracecontext":
 			list = append([]Propagator{&propagatorW3c{}}, list...)
+			listNames = append(listNames, v)
 		case "b3", "b3multi":
 			if !cfg.B3 {
 				// propagatorB3 hasn't already been added, add a new one.
 				list = append(list, &propagatorB3{})
+				listNames = append(listNames, v)
 			}
 		case "b3 single header":
 			list = append(list, &propagatorB3SingleHeader{})
+			listNames = append(listNames, v)
 		case "none":
 			log.Warn("Propagator \"none\" has no effect when combined with other propagators. " +
 				"To disable the propagator, set to `none`")
@@ -233,9 +247,9 @@ func getPropagators(cfg *PropagatorConfig, ps string) []Propagator {
 		}
 	}
 	if len(list) == 0 {
-		return defaultPs // no valid propagators, so return default
+		return defaultPs, defaultPsName // no valid propagators, so return default
 	}
-	return list
+	return list, strings.Join(listNames, ",")
 }
 
 // Inject defines the Propagator to propagate SpanContext data
@@ -324,6 +338,9 @@ func (p *propagator) marshalPropagatingTags(ctx *spanContext) string {
 
 	var properr string
 	ctx.trace.iteratePropagatingTags(func(k, v string) bool {
+		if k == tracestateHeader || k == traceparentHeader {
+			return true // don't propagate W3C headers with the DD propagator
+		}
 		if err := isValidPropagatableTag(k, v); err != nil {
 			log.Warn("Won't propagate tag '%s': %v", k, err.Error())
 			properr = "encoding_error"
@@ -416,7 +433,7 @@ func validateTID(tid string) error {
 	if len(tid) != 16 {
 		return fmt.Errorf("invalid length: %q", tid)
 	}
-	if !validIDRgx.MatchString(tid) {
+	if !isValidID(tid) {
 		return fmt.Errorf("malformed: %q", tid)
 	}
 	return nil
@@ -722,13 +739,35 @@ var (
 	// Equals character must be encoded with a tilde.
 	// Other disallowed characters must be replaced with the underscore.
 	originRgx = regexp.MustCompile(",|~|;|[^\\x21-\\x7E]+")
+)
 
-	// validIDRgx is used to verify that the input is a valid hex string.
-	// The input must match the pattern from start to end.
-	// validIDRgx is applicable for both trace and span IDs.
-	validIDRgx = regexp.MustCompile("^[a-f0-9]+$")
+const (
+	asciiLowerA = 97
+	asciiLowerF = 102
+	asciiZero   = 48
+	asciiNine   = 57
 )
 
+// isValidID is used to verify that the input is a valid hex string.
+// This is an equivalent check to the regexp ^[a-f0-9]+$
+// In benchmarks, this function is roughly 10x faster than the equivalent
+// regexp, which is why we split it out.
+// isValidID is applicable for both trace and span IDs.
+func isValidID(id string) bool {
+	if len(id) == 0 {
+		return false
+	}
+
+	for _, c := range id {
+		ascii := int(c)
+		if ascii < asciiZero || ascii > asciiLowerF || (ascii > asciiNine && ascii < asciiLowerA) {
+			return false
+		}
+	}
+
+	return true
+}
+
 // composeTracestate creates a tracestateHeader from the spancontext.
 // The Datadog tracing library is only responsible for managing the list member with key dd,
 // which holds the values of the sampling decision(`s:<value>`), origin(`o:<origin>`),
@@ -867,7 +906,7 @@ func parseTraceparent(ctx *spanContext, header string) error {
 		return ErrSpanContextCorrupted
 	}
 	// checking that the entire TraceID is a valid hex string
-	if ok := validIDRgx.MatchString(fullTraceID); !ok {
+	if !isValidID(fullTraceID) {
 		return ErrSpanContextCorrupted
 	}
 	if ctx.trace != nil {
@@ -882,7 +921,7 @@ func parseTraceparent(ctx *spanContext, header string) error {
 	if len(spanID) != 16 {
 		return ErrSpanContextCorrupted
 	}
-	if ok := validIDRgx.MatchString(spanID); !ok {
+	if !isValidID(spanID) {
 		return ErrSpanContextCorrupted
 	}
 	if ctx.spanID, err = strconv.ParseUint(spanID, 16, 64); err != nil {
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/tracer.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/tracer.go
index 7efcdaea01..0c333d2d5c 100644
--- a/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/tracer.go
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/tracer.go
@@ -20,9 +20,11 @@ import (
 	"gopkg.in/DataDog/dd-trace-go.v1/ddtrace/internal"
 	globalinternal "gopkg.in/DataDog/dd-trace-go.v1/internal"
 	"gopkg.in/DataDog/dd-trace-go.v1/internal/appsec"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/datastreams"
 	"gopkg.in/DataDog/dd-trace-go.v1/internal/hostname"
 	"gopkg.in/DataDog/dd-trace-go.v1/internal/log"
 	"gopkg.in/DataDog/dd-trace-go.v1/internal/remoteconfig"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/samplernames"
 	"gopkg.in/DataDog/dd-trace-go.v1/internal/telemetry"
 	"gopkg.in/DataDog/dd-trace-go.v1/internal/traceprof"
 
@@ -50,8 +52,8 @@ type tracer struct {
 	// destination, such as the Trace Agent or Datadog Forwarder.
 	traceWriter traceWriter
 
-	// out receives finishedTrace with spans  to be added to the payload.
-	out chan *finishedTrace
+	// out receives chunk with spans to be added to the payload.
+	out chan *chunk
 
 	// flush receives a channel onto which it will confirm after a flush has been
 	// triggered and completed.
@@ -93,7 +95,14 @@ type tracer struct {
 	obfuscator *obfuscate.Obfuscator
 
 	// statsd is used for tracking metrics associated with the runtime and the tracer.
-	statsd statsdClient
+	statsd globalinternal.StatsdClient
+
+	// dataStreams processes data streams monitoring information
+	dataStreams *datastreams.Processor
+
+	// abandonedSpansDebugger specifies where and how potentially abandoned spans are stored
+	// when abandoned spans debugging is enabled.
+	abandonedSpansDebugger *abandonedSpansDebugger
 }
 
 const (
@@ -138,6 +147,9 @@ func Start(opts ...StartOption) {
 	if t.config.logStartup {
 		logStartup(t)
 	}
+	if t.dataStreams != nil {
+		t.dataStreams.Start()
+	}
 	// Start AppSec with remote configuration
 	cfg := remoteconfig.DefaultClientConfig()
 	cfg.AgentURL = t.config.agentURL.String()
@@ -227,10 +239,17 @@ func newUnstartedTracer(opts ...StartOption) *tracer {
 	if spans != nil {
 		c.spanRules = spans
 	}
+	var dataStreamsProcessor *datastreams.Processor
+	if c.dataStreamsMonitoringEnabled {
+		dataStreamsProcessor = datastreams.NewProcessor(statsd, c.env, c.serviceName, c.version, c.agentURL, c.httpClient, func() bool {
+			f := loadAgentFeatures(c.logToStdout, c.agentURL, c.httpClient)
+			return f.DataStreams
+		})
+	}
 	t := &tracer{
 		config:           c,
 		traceWriter:      writer,
-		out:              make(chan *finishedTrace, payloadQueueSize),
+		out:              make(chan *chunk, payloadQueueSize),
 		stop:             make(chan struct{}),
 		flush:            make(chan chan<- struct{}),
 		rulesSampling:    newRulesSampler(c.traceRules, c.spanRules),
@@ -246,11 +265,17 @@ func newUnstartedTracer(opts ...StartOption) *tracer {
 				Cache:            c.agent.HasFlag("sql_cache"),
 			},
 		}),
-		statsd: statsd,
+		statsd:      statsd,
+		dataStreams: dataStreamsProcessor,
 	}
 	return t
 }
 
+// newTracer creates a new no-op tracer for testing.
+// NOTE: This function does NOT set the global tracer, which is required for
+// most finish span/flushing operations to work as expected. If you are calling
+// span.Finish and/or expecting flushing to work, you must call
+// internal.SetGlobalTracer(...) with the tracer provided by this function.
 func newTracer(opts ...StartOption) *tracer {
 	t := newUnstartedTracer(opts...)
 	c := t.config
@@ -263,6 +288,11 @@ func newTracer(opts ...StartOption) *tracer {
 			t.reportRuntimeMetrics(defaultMetricsReportInterval)
 		}()
 	}
+	if c.debugAbandonedSpans {
+		log.Info("Abandoned spans logs enabled.")
+		t.abandonedSpansDebugger = newAbandonedSpansDebugger()
+		t.abandonedSpansDebugger.Start(t.config.spanTimeout)
+	}
 	t.wg.Add(1)
 	go func() {
 		defer t.wg.Done()
@@ -296,6 +326,9 @@ func newTracer(opts ...StartOption) *tracer {
 func Flush() {
 	if t, ok := internal.GetGlobalTracer().(*tracer); ok {
 		t.flushSync()
+		if t.dataStreams != nil {
+			t.dataStreams.Flush()
+		}
 	}
 }
 
@@ -312,7 +345,7 @@ func (t *tracer) worker(tick <-chan time.Time) {
 	for {
 		select {
 		case trace := <-t.out:
-			t.sampleFinishedTrace(trace)
+			t.sampleChunk(trace)
 			if len(trace.spans) != 0 {
 				t.traceWriter.add(trace.spans)
 			}
@@ -337,7 +370,7 @@ func (t *tracer) worker(tick <-chan time.Time) {
 			for {
 				select {
 				case trace := <-t.out:
-					t.sampleFinishedTrace(trace)
+					t.sampleChunk(trace)
 					if len(trace.spans) != 0 {
 						t.traceWriter.add(trace.spans)
 					}
@@ -350,16 +383,18 @@ func (t *tracer) worker(tick <-chan time.Time) {
 	}
 }
 
-// finishedTrace holds information about a trace that has finished, including its spans.
-type finishedTrace struct {
+// chunk holds information about a trace chunk to be flushed, including its spans.
+// The chunk may be a fully finished local trace chunk, or only a portion of the local trace chunk in the case of
+// partial flushing.
+type chunk struct {
 	spans    []*span
 	willSend bool // willSend indicates whether the trace will be sent to the agent.
 }
 
-// sampleFinishedTrace applies single-span sampling to the provided trace, which is considered to be finished.
-func (t *tracer) sampleFinishedTrace(info *finishedTrace) {
-	if len(info.spans) > 0 {
-		if p, ok := info.spans[0].context.samplingPriority(); ok && p > 0 {
+// sampleChunk applies single-span sampling to the provided trace.
+func (t *tracer) sampleChunk(c *chunk) {
+	if len(c.spans) > 0 {
+		if p, ok := c.spans[0].context.samplingPriority(); ok && p > 0 {
 			// The trace is kept, no need to run single span sampling rules.
 			return
 		}
@@ -367,12 +402,12 @@ func (t *tracer) sampleFinishedTrace(info *finishedTrace) {
 	var kept []*span
 	if t.rulesSampling.HasSpanRules() {
 		// Apply sampling rules to individual spans in the trace.
-		for _, span := range info.spans {
+		for _, span := range c.spans {
 			if t.rulesSampling.SampleSpan(span) {
 				kept = append(kept, span)
 			}
 		}
-		if len(kept) > 0 && len(kept) < len(info.spans) {
+		if len(kept) > 0 && len(kept) < len(c.spans) {
 			// Some spans in the trace were kept, so a partial trace will be sent.
 			atomic.AddUint32(&t.partialTraces, 1)
 		}
@@ -380,13 +415,13 @@ func (t *tracer) sampleFinishedTrace(info *finishedTrace) {
 	if len(kept) == 0 {
 		atomic.AddUint32(&t.droppedP0Traces, 1)
 	}
-	atomic.AddUint32(&t.droppedP0Spans, uint32(len(info.spans)-len(kept)))
-	if !info.willSend {
-		info.spans = kept
+	atomic.AddUint32(&t.droppedP0Spans, uint32(len(c.spans)-len(kept)))
+	if !c.willSend {
+		c.spans = kept
 	}
 }
 
-func (t *tracer) pushTrace(trace *finishedTrace) {
+func (t *tracer) pushChunk(trace *chunk) {
 	select {
 	case <-t.stop:
 		return
@@ -531,6 +566,14 @@ func (t *tracer) StartSpan(operationName string, options ...ddtrace.StartSpanOpt
 		log.Debug("Started Span: %v, Operation: %s, Resource: %s, Tags: %v, %v",
 			span, span.Name, span.Resource, span.Meta, span.Metrics)
 	}
+	if t.config.debugAbandonedSpans {
+		select {
+		case t.abandonedSpansDebugger.In <- newAbandonedSpanCandidate(span, false):
+			// ok
+		default:
+			log.Error("Abandoned spans channel full, disregarding span.")
+		}
+	}
 	return span
 }
 
@@ -587,10 +630,14 @@ func (t *tracer) Stop() {
 		close(t.stop)
 		t.statsd.Incr("datadog.tracer.stopped", nil, 1)
 	})
+	t.abandonedSpansDebugger.Stop()
 	t.stats.Stop()
 	t.wg.Wait()
 	t.traceWriter.stop()
 	t.statsd.Close()
+	if t.dataStreams != nil {
+		t.dataStreams.Stop()
+	}
 	appsec.Stop()
 }
 
@@ -616,6 +663,7 @@ func (t *tracer) sample(span *span) {
 	sampler := t.config.sampler
 	if !sampler.Sample(span) {
 		span.context.trace.drop()
+		span.context.trace.setSamplingPriority(ext.PriorityAutoReject, samplernames.RuleRate)
 		return
 	}
 	if rs, ok := sampler.(RateSampler); ok && rs.Rate() < 1 {
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/writer.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/writer.go
index 8027defa79..a4665bddb5 100644
--- a/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/writer.go
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer/writer.go
@@ -16,6 +16,7 @@ import (
 	"sync"
 	"time"
 
+	globalinternal "gopkg.in/DataDog/dd-trace-go.v1/internal"
 	"gopkg.in/DataDog/dd-trace-go.v1/internal/log"
 )
 
@@ -48,10 +49,10 @@ type agentTraceWriter struct {
 	prioritySampling *prioritySampler
 
 	// statsd is used to send metrics
-	statsd statsdClient
+	statsd globalinternal.StatsdClient
 }
 
-func newAgentTraceWriter(c *config, s *prioritySampler, statsdClient statsdClient) *agentTraceWriter {
+func newAgentTraceWriter(c *config, s *prioritySampler, statsdClient globalinternal.StatsdClient) *agentTraceWriter {
 	return &agentTraceWriter{
 		config:           c,
 		payload:          newPayload(),
@@ -135,10 +136,10 @@ type logTraceWriter struct {
 	buf       bytes.Buffer
 	hasTraces bool
 	w         io.Writer
-	statsd    statsdClient
+	statsd    globalinternal.StatsdClient
 }
 
-func newLogTraceWriter(c *config, statsdClient statsdClient) *logTraceWriter {
+func newLogTraceWriter(c *config, statsdClient globalinternal.StatsdClient) *logTraceWriter {
 	w := &logTraceWriter{
 		config: c,
 		w:      logWriter,
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/active_span_key.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/active_span_key.go
new file mode 100644
index 0000000000..090150a587
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/active_span_key.go
@@ -0,0 +1,11 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+package internal
+
+type contextKey struct{}
+
+// ActiveSpanKey is used to set tracer context on a context.Context objects with a unique key
+var ActiveSpanKey = contextKey{}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/grpcsec/tags.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/grpcsec/tags.go
index 871e81c266..f014610608 100644
--- a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/grpcsec/tags.go
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/grpcsec/tags.go
@@ -14,22 +14,23 @@ import (
 	"gopkg.in/DataDog/dd-trace-go.v1/internal/log"
 )
 
-// SetSecurityEventTags sets the AppSec-specific span tags when a security event
-// occurred into the service entry span.
-func SetSecurityEventTags(span ddtrace.Span, events []json.RawMessage, md map[string][]string) {
-	if err := setSecurityEventTags(span, events, md); err != nil {
-		log.Error("appsec: %v", err)
+// SetSecurityEventsTags sets the AppSec events span tags.
+func SetSecurityEventsTags(span ddtrace.Span, events []json.RawMessage) {
+	if err := setSecurityEventsTags(span, events); err != nil {
+		log.Error("appsec: unexpected error while creating the appsec events tags: %v", err)
 	}
 }
 
-func setSecurityEventTags(span ddtrace.Span, events []json.RawMessage, md map[string][]string) error {
-	if err := instrumentation.SetEventSpanTags(span, events); err != nil {
-		return err
+func setSecurityEventsTags(span ddtrace.Span, events []json.RawMessage) error {
+	if events == nil {
+		return nil
 	}
+	return instrumentation.SetEventSpanTags(span, events)
+}
 
+// SetRequestMetadataTags sets the gRPC request metadata span tags.
+func SetRequestMetadataTags(span ddtrace.Span, md map[string][]string) {
 	for h, v := range httpsec.NormalizeHTTPHeaders(md) {
 		span.SetTag("grpc.metadata."+h, v)
 	}
-
-	return nil
 }
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/httpsec/http.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/httpsec/http.go
index f77348cb32..bcb4fb4442 100644
--- a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/httpsec/http.go
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/httpsec/http.go
@@ -120,6 +120,7 @@ func WrapHandler(handler http.Handler, span ddtrace.Span, pathParams map[string]
 	instrumentation.SetAppSecEnabledTags(span)
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		ipTags, clientIP := ClientIPTags(r.Header, true, r.RemoteAddr)
+		log.Debug("appsec: http client ip detection returned `%s` given the http headers `%v`", clientIP, r.Header)
 		instrumentation.SetStringTags(span, ipTags)
 
 		var bypassHandler http.Handler
@@ -138,6 +139,7 @@ func WrapHandler(handler http.Handler, span ddtrace.Span, pathParams map[string]
 			}
 
 			events := op.Finish(HandlerOperationRes{Status: status})
+
 			// Execute the onBlock functions to make sure blocking works properly
 			// in case we are instrumenting the Gin framework
 			if blocking {
@@ -146,14 +148,20 @@ func WrapHandler(handler http.Handler, span ddtrace.Span, pathParams map[string]
 					f()
 				}
 			}
+
 			if bypassHandler != nil {
 				bypassHandler.ServeHTTP(w, r)
 			}
+
+			// Add the request headers span tags out of args.Headers instead of r.Header as it was normalized and some
+			// extra headers have been added such as the Host header which is removed from the original Go request headers
+			// map
+			setRequestHeadersTags(span, args.Headers)
+			setResponseHeadersTags(span, w.Header())
 			instrumentation.SetTags(span, op.Tags())
-			if len(events) == 0 {
-				return
+			if len(events) > 0 {
+				SetSecurityEventsTags(span, events)
 			}
-			SetSecurityEventTags(span, events, args.Headers, w.Header())
 		}()
 
 		if bypassHandler != nil {
@@ -161,13 +169,10 @@ func WrapHandler(handler http.Handler, span ddtrace.Span, pathParams map[string]
 			bypassHandler = nil
 		}
 		handler.ServeHTTP(w, r)
-
 	})
 }
 
-// MakeHandlerOperationArgs creates the HandlerOperationArgs out of a standard
-// http.Request along with the given current span. It returns an empty structure
-// when appsec is disabled.
+// MakeHandlerOperationArgs creates the HandlerOperationArgs value.
 func MakeHandlerOperationArgs(r *http.Request, clientIP netip.Addr, pathParams map[string]string) HandlerOperationArgs {
 	headers := make(http.Header, len(r.Header))
 	for k, v := range r.Header {
@@ -191,6 +196,15 @@ func MakeHandlerOperationArgs(r *http.Request, clientIP netip.Addr, pathParams m
 	}
 }
 
+// MakeHandlerOperationRes creates the HandlerOperationRes value.
+func MakeHandlerOperationRes(w http.ResponseWriter) HandlerOperationRes {
+	var status int
+	if mw, ok := w.(interface{ Status() int }); ok {
+		status = mw.Status()
+	}
+	return HandlerOperationRes{Status: status}
+}
+
 // Return the map of parsed cookies if any and following the specification of
 // the rule address `server.request.cookies`.
 func makeCookies(r *http.Request) map[string][]string {
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/httpsec/tags.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/httpsec/tags.go
index 8f2982dea4..1fa0349ebb 100644
--- a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/httpsec/tags.go
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/httpsec/tags.go
@@ -40,7 +40,7 @@ var (
 	}
 
 	// Configured list of IP-related headers leveraged to retrieve the public
-	//client IP address. Defined at init-time in the init() function below.
+	// client IP address. Defined at init-time in the init() function below.
 	monitoredClientIPHeadersCfg []string
 
 	// List of HTTP headers we collect and send.
@@ -72,16 +72,34 @@ func init() {
 	sort.Strings(collectedHTTPHeaders[:])
 }
 
-// SetSecurityEventTags sets the AppSec-specific span tags when a security event occurred into the service entry span.
-func SetSecurityEventTags(span instrumentation.TagSetter, events []json.RawMessage, headers, respHeaders map[string][]string) {
+// SetSecurityEventsTags sets the AppSec-specific span tags when a security event occurred into the service entry span.
+func SetSecurityEventsTags(span instrumentation.TagSetter, events []json.RawMessage) {
 	if err := instrumentation.SetEventSpanTags(span, events); err != nil {
-		log.Error("appsec: unexpected error while creating the appsec event tags: %v", err)
+		log.Error("appsec: unexpected error while creating the appsec events tags: %v", err)
 	}
-	for h, v := range NormalizeHTTPHeaders(headers) {
-		span.SetTag("http.request.headers."+h, v)
+}
+
+func setSecurityEventsTags(span instrumentation.TagSetter, events []json.RawMessage) error {
+	if len(events) == 0 {
+		return nil
 	}
-	for h, v := range NormalizeHTTPHeaders(respHeaders) {
-		span.SetTag("http.response.headers."+h, v)
+	return instrumentation.SetEventSpanTags(span, events)
+}
+
+// setRequestHeadersTags sets the AppSec-specific request headers span tags.
+func setRequestHeadersTags(span instrumentation.TagSetter, headers map[string][]string) {
+	setHeadersTags(span, "http.request.headers.", headers)
+}
+
+// setResponseHeadersTags sets the AppSec-specific response headers span tags.
+func setResponseHeadersTags(span instrumentation.TagSetter, headers map[string][]string) {
+	setHeadersTags(span, "http.response.headers.", headers)
+}
+
+// setHeadersTags sets the AppSec-specific headers span tags.
+func setHeadersTags(span instrumentation.TagSetter, tagPrefix string, headers map[string][]string) {
+	for h, v := range NormalizeHTTPHeaders(headers) {
+		span.SetTag(tagPrefix+h, v)
 	}
 }
 
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/datastreams/pathway.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/datastreams/pathway.go
new file mode 100644
index 0000000000..5ff05de272
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/datastreams/pathway.go
@@ -0,0 +1,96 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+package datastreams
+
+import (
+	"encoding/binary"
+	"fmt"
+	"hash/fnv"
+	"math/rand"
+	"sort"
+	"strings"
+	"time"
+)
+
+var hashableEdgeTags = map[string]struct{}{"event_type": {}, "exchange": {}, "group": {}, "topic": {}, "type": {}, "direction": {}}
+
+func isWellFormedEdgeTag(t string) bool {
+	if i := strings.IndexByte(t, ':'); i != -1 {
+		if j := strings.LastIndexByte(t, ':'); j == i {
+			if _, exists := hashableEdgeTags[t[:i]]; exists {
+				return true
+			}
+		}
+	}
+	return false
+}
+
+func nodeHash(service, env string, edgeTags []string) uint64 {
+	h := fnv.New64()
+	sort.Strings(edgeTags)
+	h.Write([]byte(service))
+	h.Write([]byte(env))
+	for _, t := range edgeTags {
+		if isWellFormedEdgeTag(t) {
+			h.Write([]byte(t))
+		} else {
+			fmt.Println("not formatted correctly", t)
+		}
+	}
+	return h.Sum64()
+}
+
+func pathwayHash(nodeHash, parentHash uint64) uint64 {
+	b := make([]byte, 16)
+	binary.LittleEndian.PutUint64(b, nodeHash)
+	binary.LittleEndian.PutUint64(b[8:], parentHash)
+	h := fnv.New64()
+	h.Write(b)
+	return h.Sum64()
+}
+
+// Pathway is used to monitor how payloads are sent across different services.
+// An example Pathway would be:
+// service A -- edge 1 --> service B -- edge 2 --> service C
+// So it's a branch of services (we also call them "nodes") connected via edges.
+// As the payload is sent around, we save the start time (start of service A),
+// and the start time of the previous service.
+// This allows us to measure the latency of each edge, as well as the latency from origin of any service.
+type Pathway struct {
+	// hash is the hash of the current node, of the parent node, and of the edge that connects the parent node
+	// to this node.
+	hash uint64
+	// pathwayStart is the start of the first node in the Pathway
+	pathwayStart time.Time
+	// edgeStart is the start of the previous node.
+	edgeStart time.Time
+}
+
+// Merge merges multiple pathways into one.
+// The current implementation samples one resulting Pathway. A future implementation could be more clever
+// and actually merge the Pathways.
+func Merge(pathways []Pathway) Pathway {
+	if len(pathways) == 0 {
+		return Pathway{}
+	}
+	// Randomly select a pathway to propagate downstream.
+	n := rand.Intn(len(pathways))
+	return pathways[n]
+}
+
+// GetHash gets the hash of a pathway.
+func (p Pathway) GetHash() uint64 {
+	return p.hash
+}
+
+// PathwayStart returns the start timestamp of the pathway
+func (p Pathway) PathwayStart() time.Time {
+	return p.pathwayStart
+}
+
+func (p Pathway) EdgeStart() time.Time {
+	return p.edgeStart
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/datastreams/payload.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/datastreams/payload.go
new file mode 100644
index 0000000000..8df4027311
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/datastreams/payload.go
@@ -0,0 +1,84 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+//go:generate msgp -unexported -marshal=false -o=payload_msgp.go -tests=false
+
+package datastreams
+
+// StatsPayload stores client computed stats.
+type StatsPayload struct {
+	// Env specifies the env. of the application, as defined by the user.
+	Env string
+	// Service is the service of the application
+	Service string
+	// Stats holds all stats buckets computed within this payload.
+	Stats []StatsBucket
+	// TracerVersion is the version of the tracer
+	TracerVersion string
+	// Lang is the language of the tracer
+	Lang string
+	// Version is the version of the service
+	Version string
+}
+
+type ProduceOffset struct {
+	Topic     string
+	Partition int32
+	Offset    int64
+}
+
+type CommitOffset struct {
+	ConsumerGroup string
+	Topic         string
+	Partition     int32
+	Offset        int64
+}
+
+// Backlog represents the size of a queue that hasn't been yet read by the consumer.
+type Backlog struct {
+	// Tags that identify the backlog
+	Tags []string
+	// Value of the backlog
+	Value int64
+}
+
+// StatsBucket specifies a set of stats computed over a duration.
+type StatsBucket struct {
+	// Start specifies the beginning of this bucket in unix nanoseconds.
+	Start uint64
+	// Duration specifies the duration of this bucket in nanoseconds.
+	Duration uint64
+	// Stats contains a set of statistics computed for the duration of this bucket.
+	Stats []StatsPoint
+	// Backlogs store information used to compute queue backlog
+	Backlogs []Backlog
+}
+
+// TimestampType can be either current or origin.
+type TimestampType string
+
+const (
+	// TimestampTypeCurrent is for when the recorded timestamp is based on the
+	// timestamp of the current StatsPoint.
+	TimestampTypeCurrent TimestampType = "current"
+	// TimestampTypeOrigin is for when the recorded timestamp is based on the
+	// time that the first StatsPoint in the pathway is sent out.
+	TimestampTypeOrigin TimestampType = "origin"
+)
+
+// StatsPoint contains a set of statistics grouped under various aggregation keys.
+type StatsPoint struct {
+	// These fields indicate the properties under which the stats were aggregated.
+	Service    string // deprecated
+	EdgeTags   []string
+	Hash       uint64
+	ParentHash uint64
+	// These fields specify the stats for the above aggregation.
+	// those are distributions of latency in seconds.
+	PathwayLatency []byte
+	EdgeLatency    []byte
+	PayloadSize    []byte
+	TimestampType  TimestampType
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/datastreams/payload_msgp.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/datastreams/payload_msgp.go
new file mode 100644
index 0000000000..d22fdfea97
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/datastreams/payload_msgp.go
@@ -0,0 +1,907 @@
+package datastreams
+
+// Code generated by github.com/tinylib/msgp DO NOT EDIT.
+
+import (
+	"github.com/tinylib/msgp/msgp"
+)
+
+// DecodeMsg implements msgp.Decodable
+func (z *Backlog) DecodeMsg(dc *msgp.Reader) (err error) {
+	var field []byte
+	_ = field
+	var zb0001 uint32
+	zb0001, err = dc.ReadMapHeader()
+	if err != nil {
+		err = msgp.WrapError(err)
+		return
+	}
+	for zb0001 > 0 {
+		zb0001--
+		field, err = dc.ReadMapKeyPtr()
+		if err != nil {
+			err = msgp.WrapError(err)
+			return
+		}
+		switch msgp.UnsafeString(field) {
+		case "Tags":
+			var zb0002 uint32
+			zb0002, err = dc.ReadArrayHeader()
+			if err != nil {
+				err = msgp.WrapError(err, "Tags")
+				return
+			}
+			if cap(z.Tags) >= int(zb0002) {
+				z.Tags = (z.Tags)[:zb0002]
+			} else {
+				z.Tags = make([]string, zb0002)
+			}
+			for za0001 := range z.Tags {
+				z.Tags[za0001], err = dc.ReadString()
+				if err != nil {
+					err = msgp.WrapError(err, "Tags", za0001)
+					return
+				}
+			}
+		case "Value":
+			z.Value, err = dc.ReadInt64()
+			if err != nil {
+				err = msgp.WrapError(err, "Value")
+				return
+			}
+		default:
+			err = dc.Skip()
+			if err != nil {
+				err = msgp.WrapError(err)
+				return
+			}
+		}
+	}
+	return
+}
+
+// EncodeMsg implements msgp.Encodable
+func (z *Backlog) EncodeMsg(en *msgp.Writer) (err error) {
+	// map header, size 2
+	// write "Tags"
+	err = en.Append(0x82, 0xa4, 0x54, 0x61, 0x67, 0x73)
+	if err != nil {
+		return
+	}
+	err = en.WriteArrayHeader(uint32(len(z.Tags)))
+	if err != nil {
+		err = msgp.WrapError(err, "Tags")
+		return
+	}
+	for za0001 := range z.Tags {
+		err = en.WriteString(z.Tags[za0001])
+		if err != nil {
+			err = msgp.WrapError(err, "Tags", za0001)
+			return
+		}
+	}
+	// write "Value"
+	err = en.Append(0xa5, 0x56, 0x61, 0x6c, 0x75, 0x65)
+	if err != nil {
+		return
+	}
+	err = en.WriteInt64(z.Value)
+	if err != nil {
+		err = msgp.WrapError(err, "Value")
+		return
+	}
+	return
+}
+
+// Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message
+func (z *Backlog) Msgsize() (s int) {
+	s = 1 + 5 + msgp.ArrayHeaderSize
+	for za0001 := range z.Tags {
+		s += msgp.StringPrefixSize + len(z.Tags[za0001])
+	}
+	s += 6 + msgp.Int64Size
+	return
+}
+
+// DecodeMsg implements msgp.Decodable
+func (z *CommitOffset) DecodeMsg(dc *msgp.Reader) (err error) {
+	var field []byte
+	_ = field
+	var zb0001 uint32
+	zb0001, err = dc.ReadMapHeader()
+	if err != nil {
+		err = msgp.WrapError(err)
+		return
+	}
+	for zb0001 > 0 {
+		zb0001--
+		field, err = dc.ReadMapKeyPtr()
+		if err != nil {
+			err = msgp.WrapError(err)
+			return
+		}
+		switch msgp.UnsafeString(field) {
+		case "ConsumerGroup":
+			z.ConsumerGroup, err = dc.ReadString()
+			if err != nil {
+				err = msgp.WrapError(err, "ConsumerGroup")
+				return
+			}
+		case "Topic":
+			z.Topic, err = dc.ReadString()
+			if err != nil {
+				err = msgp.WrapError(err, "Topic")
+				return
+			}
+		case "Partition":
+			z.Partition, err = dc.ReadInt32()
+			if err != nil {
+				err = msgp.WrapError(err, "Partition")
+				return
+			}
+		case "Offset":
+			z.Offset, err = dc.ReadInt64()
+			if err != nil {
+				err = msgp.WrapError(err, "Offset")
+				return
+			}
+		default:
+			err = dc.Skip()
+			if err != nil {
+				err = msgp.WrapError(err)
+				return
+			}
+		}
+	}
+	return
+}
+
+// EncodeMsg implements msgp.Encodable
+func (z *CommitOffset) EncodeMsg(en *msgp.Writer) (err error) {
+	// map header, size 4
+	// write "ConsumerGroup"
+	err = en.Append(0x84, 0xad, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6d, 0x65, 0x72, 0x47, 0x72, 0x6f, 0x75, 0x70)
+	if err != nil {
+		return
+	}
+	err = en.WriteString(z.ConsumerGroup)
+	if err != nil {
+		err = msgp.WrapError(err, "ConsumerGroup")
+		return
+	}
+	// write "Topic"
+	err = en.Append(0xa5, 0x54, 0x6f, 0x70, 0x69, 0x63)
+	if err != nil {
+		return
+	}
+	err = en.WriteString(z.Topic)
+	if err != nil {
+		err = msgp.WrapError(err, "Topic")
+		return
+	}
+	// write "Partition"
+	err = en.Append(0xa9, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e)
+	if err != nil {
+		return
+	}
+	err = en.WriteInt32(z.Partition)
+	if err != nil {
+		err = msgp.WrapError(err, "Partition")
+		return
+	}
+	// write "Offset"
+	err = en.Append(0xa6, 0x4f, 0x66, 0x66, 0x73, 0x65, 0x74)
+	if err != nil {
+		return
+	}
+	err = en.WriteInt64(z.Offset)
+	if err != nil {
+		err = msgp.WrapError(err, "Offset")
+		return
+	}
+	return
+}
+
+// Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message
+func (z *CommitOffset) Msgsize() (s int) {
+	s = 1 + 14 + msgp.StringPrefixSize + len(z.ConsumerGroup) + 6 + msgp.StringPrefixSize + len(z.Topic) + 10 + msgp.Int32Size + 7 + msgp.Int64Size
+	return
+}
+
+// DecodeMsg implements msgp.Decodable
+func (z *ProduceOffset) DecodeMsg(dc *msgp.Reader) (err error) {
+	var field []byte
+	_ = field
+	var zb0001 uint32
+	zb0001, err = dc.ReadMapHeader()
+	if err != nil {
+		err = msgp.WrapError(err)
+		return
+	}
+	for zb0001 > 0 {
+		zb0001--
+		field, err = dc.ReadMapKeyPtr()
+		if err != nil {
+			err = msgp.WrapError(err)
+			return
+		}
+		switch msgp.UnsafeString(field) {
+		case "Topic":
+			z.Topic, err = dc.ReadString()
+			if err != nil {
+				err = msgp.WrapError(err, "Topic")
+				return
+			}
+		case "Partition":
+			z.Partition, err = dc.ReadInt32()
+			if err != nil {
+				err = msgp.WrapError(err, "Partition")
+				return
+			}
+		case "Offset":
+			z.Offset, err = dc.ReadInt64()
+			if err != nil {
+				err = msgp.WrapError(err, "Offset")
+				return
+			}
+		default:
+			err = dc.Skip()
+			if err != nil {
+				err = msgp.WrapError(err)
+				return
+			}
+		}
+	}
+	return
+}
+
+// EncodeMsg implements msgp.Encodable
+func (z ProduceOffset) EncodeMsg(en *msgp.Writer) (err error) {
+	// map header, size 3
+	// write "Topic"
+	err = en.Append(0x83, 0xa5, 0x54, 0x6f, 0x70, 0x69, 0x63)
+	if err != nil {
+		return
+	}
+	err = en.WriteString(z.Topic)
+	if err != nil {
+		err = msgp.WrapError(err, "Topic")
+		return
+	}
+	// write "Partition"
+	err = en.Append(0xa9, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e)
+	if err != nil {
+		return
+	}
+	err = en.WriteInt32(z.Partition)
+	if err != nil {
+		err = msgp.WrapError(err, "Partition")
+		return
+	}
+	// write "Offset"
+	err = en.Append(0xa6, 0x4f, 0x66, 0x66, 0x73, 0x65, 0x74)
+	if err != nil {
+		return
+	}
+	err = en.WriteInt64(z.Offset)
+	if err != nil {
+		err = msgp.WrapError(err, "Offset")
+		return
+	}
+	return
+}
+
+// Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message
+func (z ProduceOffset) Msgsize() (s int) {
+	s = 1 + 6 + msgp.StringPrefixSize + len(z.Topic) + 10 + msgp.Int32Size + 7 + msgp.Int64Size
+	return
+}
+
+// DecodeMsg implements msgp.Decodable
+func (z *StatsBucket) DecodeMsg(dc *msgp.Reader) (err error) {
+	var field []byte
+	_ = field
+	var zb0001 uint32
+	zb0001, err = dc.ReadMapHeader()
+	if err != nil {
+		err = msgp.WrapError(err)
+		return
+	}
+	for zb0001 > 0 {
+		zb0001--
+		field, err = dc.ReadMapKeyPtr()
+		if err != nil {
+			err = msgp.WrapError(err)
+			return
+		}
+		switch msgp.UnsafeString(field) {
+		case "Start":
+			z.Start, err = dc.ReadUint64()
+			if err != nil {
+				err = msgp.WrapError(err, "Start")
+				return
+			}
+		case "Duration":
+			z.Duration, err = dc.ReadUint64()
+			if err != nil {
+				err = msgp.WrapError(err, "Duration")
+				return
+			}
+		case "Stats":
+			var zb0002 uint32
+			zb0002, err = dc.ReadArrayHeader()
+			if err != nil {
+				err = msgp.WrapError(err, "Stats")
+				return
+			}
+			if cap(z.Stats) >= int(zb0002) {
+				z.Stats = (z.Stats)[:zb0002]
+			} else {
+				z.Stats = make([]StatsPoint, zb0002)
+			}
+			for za0001 := range z.Stats {
+				err = z.Stats[za0001].DecodeMsg(dc)
+				if err != nil {
+					err = msgp.WrapError(err, "Stats", za0001)
+					return
+				}
+			}
+		case "Backlogs":
+			var zb0003 uint32
+			zb0003, err = dc.ReadArrayHeader()
+			if err != nil {
+				err = msgp.WrapError(err, "Backlogs")
+				return
+			}
+			if cap(z.Backlogs) >= int(zb0003) {
+				z.Backlogs = (z.Backlogs)[:zb0003]
+			} else {
+				z.Backlogs = make([]Backlog, zb0003)
+			}
+			for za0002 := range z.Backlogs {
+				var zb0004 uint32
+				zb0004, err = dc.ReadMapHeader()
+				if err != nil {
+					err = msgp.WrapError(err, "Backlogs", za0002)
+					return
+				}
+				for zb0004 > 0 {
+					zb0004--
+					field, err = dc.ReadMapKeyPtr()
+					if err != nil {
+						err = msgp.WrapError(err, "Backlogs", za0002)
+						return
+					}
+					switch msgp.UnsafeString(field) {
+					case "Tags":
+						var zb0005 uint32
+						zb0005, err = dc.ReadArrayHeader()
+						if err != nil {
+							err = msgp.WrapError(err, "Backlogs", za0002, "Tags")
+							return
+						}
+						if cap(z.Backlogs[za0002].Tags) >= int(zb0005) {
+							z.Backlogs[za0002].Tags = (z.Backlogs[za0002].Tags)[:zb0005]
+						} else {
+							z.Backlogs[za0002].Tags = make([]string, zb0005)
+						}
+						for za0003 := range z.Backlogs[za0002].Tags {
+							z.Backlogs[za0002].Tags[za0003], err = dc.ReadString()
+							if err != nil {
+								err = msgp.WrapError(err, "Backlogs", za0002, "Tags", za0003)
+								return
+							}
+						}
+					case "Value":
+						z.Backlogs[za0002].Value, err = dc.ReadInt64()
+						if err != nil {
+							err = msgp.WrapError(err, "Backlogs", za0002, "Value")
+							return
+						}
+					default:
+						err = dc.Skip()
+						if err != nil {
+							err = msgp.WrapError(err, "Backlogs", za0002)
+							return
+						}
+					}
+				}
+			}
+		default:
+			err = dc.Skip()
+			if err != nil {
+				err = msgp.WrapError(err)
+				return
+			}
+		}
+	}
+	return
+}
+
+// EncodeMsg implements msgp.Encodable
+func (z *StatsBucket) EncodeMsg(en *msgp.Writer) (err error) {
+	// map header, size 4
+	// write "Start"
+	err = en.Append(0x84, 0xa5, 0x53, 0x74, 0x61, 0x72, 0x74)
+	if err != nil {
+		return
+	}
+	err = en.WriteUint64(z.Start)
+	if err != nil {
+		err = msgp.WrapError(err, "Start")
+		return
+	}
+	// write "Duration"
+	err = en.Append(0xa8, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e)
+	if err != nil {
+		return
+	}
+	err = en.WriteUint64(z.Duration)
+	if err != nil {
+		err = msgp.WrapError(err, "Duration")
+		return
+	}
+	// write "Stats"
+	err = en.Append(0xa5, 0x53, 0x74, 0x61, 0x74, 0x73)
+	if err != nil {
+		return
+	}
+	err = en.WriteArrayHeader(uint32(len(z.Stats)))
+	if err != nil {
+		err = msgp.WrapError(err, "Stats")
+		return
+	}
+	for za0001 := range z.Stats {
+		err = z.Stats[za0001].EncodeMsg(en)
+		if err != nil {
+			err = msgp.WrapError(err, "Stats", za0001)
+			return
+		}
+	}
+	// write "Backlogs"
+	err = en.Append(0xa8, 0x42, 0x61, 0x63, 0x6b, 0x6c, 0x6f, 0x67, 0x73)
+	if err != nil {
+		return
+	}
+	err = en.WriteArrayHeader(uint32(len(z.Backlogs)))
+	if err != nil {
+		err = msgp.WrapError(err, "Backlogs")
+		return
+	}
+	for za0002 := range z.Backlogs {
+		// map header, size 2
+		// write "Tags"
+		err = en.Append(0x82, 0xa4, 0x54, 0x61, 0x67, 0x73)
+		if err != nil {
+			return
+		}
+		err = en.WriteArrayHeader(uint32(len(z.Backlogs[za0002].Tags)))
+		if err != nil {
+			err = msgp.WrapError(err, "Backlogs", za0002, "Tags")
+			return
+		}
+		for za0003 := range z.Backlogs[za0002].Tags {
+			err = en.WriteString(z.Backlogs[za0002].Tags[za0003])
+			if err != nil {
+				err = msgp.WrapError(err, "Backlogs", za0002, "Tags", za0003)
+				return
+			}
+		}
+		// write "Value"
+		err = en.Append(0xa5, 0x56, 0x61, 0x6c, 0x75, 0x65)
+		if err != nil {
+			return
+		}
+		err = en.WriteInt64(z.Backlogs[za0002].Value)
+		if err != nil {
+			err = msgp.WrapError(err, "Backlogs", za0002, "Value")
+			return
+		}
+	}
+	return
+}
+
+// Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message
+func (z *StatsBucket) Msgsize() (s int) {
+	s = 1 + 6 + msgp.Uint64Size + 9 + msgp.Uint64Size + 6 + msgp.ArrayHeaderSize
+	for za0001 := range z.Stats {
+		s += z.Stats[za0001].Msgsize()
+	}
+	s += 9 + msgp.ArrayHeaderSize
+	for za0002 := range z.Backlogs {
+		s += 1 + 5 + msgp.ArrayHeaderSize
+		for za0003 := range z.Backlogs[za0002].Tags {
+			s += msgp.StringPrefixSize + len(z.Backlogs[za0002].Tags[za0003])
+		}
+		s += 6 + msgp.Int64Size
+	}
+	return
+}
+
+// DecodeMsg implements msgp.Decodable
+func (z *StatsPayload) DecodeMsg(dc *msgp.Reader) (err error) {
+	var field []byte
+	_ = field
+	var zb0001 uint32
+	zb0001, err = dc.ReadMapHeader()
+	if err != nil {
+		err = msgp.WrapError(err)
+		return
+	}
+	for zb0001 > 0 {
+		zb0001--
+		field, err = dc.ReadMapKeyPtr()
+		if err != nil {
+			err = msgp.WrapError(err)
+			return
+		}
+		switch msgp.UnsafeString(field) {
+		case "Env":
+			z.Env, err = dc.ReadString()
+			if err != nil {
+				err = msgp.WrapError(err, "Env")
+				return
+			}
+		case "Service":
+			z.Service, err = dc.ReadString()
+			if err != nil {
+				err = msgp.WrapError(err, "Service")
+				return
+			}
+		case "Stats":
+			var zb0002 uint32
+			zb0002, err = dc.ReadArrayHeader()
+			if err != nil {
+				err = msgp.WrapError(err, "Stats")
+				return
+			}
+			if cap(z.Stats) >= int(zb0002) {
+				z.Stats = (z.Stats)[:zb0002]
+			} else {
+				z.Stats = make([]StatsBucket, zb0002)
+			}
+			for za0001 := range z.Stats {
+				err = z.Stats[za0001].DecodeMsg(dc)
+				if err != nil {
+					err = msgp.WrapError(err, "Stats", za0001)
+					return
+				}
+			}
+		case "TracerVersion":
+			z.TracerVersion, err = dc.ReadString()
+			if err != nil {
+				err = msgp.WrapError(err, "TracerVersion")
+				return
+			}
+		case "Lang":
+			z.Lang, err = dc.ReadString()
+			if err != nil {
+				err = msgp.WrapError(err, "Lang")
+				return
+			}
+		case "Version":
+			z.Version, err = dc.ReadString()
+			if err != nil {
+				err = msgp.WrapError(err, "Version")
+				return
+			}
+		default:
+			err = dc.Skip()
+			if err != nil {
+				err = msgp.WrapError(err)
+				return
+			}
+		}
+	}
+	return
+}
+
+// EncodeMsg implements msgp.Encodable
+func (z *StatsPayload) EncodeMsg(en *msgp.Writer) (err error) {
+	// map header, size 6
+	// write "Env"
+	err = en.Append(0x86, 0xa3, 0x45, 0x6e, 0x76)
+	if err != nil {
+		return
+	}
+	err = en.WriteString(z.Env)
+	if err != nil {
+		err = msgp.WrapError(err, "Env")
+		return
+	}
+	// write "Service"
+	err = en.Append(0xa7, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65)
+	if err != nil {
+		return
+	}
+	err = en.WriteString(z.Service)
+	if err != nil {
+		err = msgp.WrapError(err, "Service")
+		return
+	}
+	// write "Stats"
+	err = en.Append(0xa5, 0x53, 0x74, 0x61, 0x74, 0x73)
+	if err != nil {
+		return
+	}
+	err = en.WriteArrayHeader(uint32(len(z.Stats)))
+	if err != nil {
+		err = msgp.WrapError(err, "Stats")
+		return
+	}
+	for za0001 := range z.Stats {
+		err = z.Stats[za0001].EncodeMsg(en)
+		if err != nil {
+			err = msgp.WrapError(err, "Stats", za0001)
+			return
+		}
+	}
+	// write "TracerVersion"
+	err = en.Append(0xad, 0x54, 0x72, 0x61, 0x63, 0x65, 0x72, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e)
+	if err != nil {
+		return
+	}
+	err = en.WriteString(z.TracerVersion)
+	if err != nil {
+		err = msgp.WrapError(err, "TracerVersion")
+		return
+	}
+	// write "Lang"
+	err = en.Append(0xa4, 0x4c, 0x61, 0x6e, 0x67)
+	if err != nil {
+		return
+	}
+	err = en.WriteString(z.Lang)
+	if err != nil {
+		err = msgp.WrapError(err, "Lang")
+		return
+	}
+	// write "Version"
+	err = en.Append(0xa7, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e)
+	if err != nil {
+		return
+	}
+	err = en.WriteString(z.Version)
+	if err != nil {
+		err = msgp.WrapError(err, "Version")
+		return
+	}
+	return
+}
+
+// Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message
+func (z *StatsPayload) Msgsize() (s int) {
+	s = 1 + 4 + msgp.StringPrefixSize + len(z.Env) + 8 + msgp.StringPrefixSize + len(z.Service) + 6 + msgp.ArrayHeaderSize
+	for za0001 := range z.Stats {
+		s += z.Stats[za0001].Msgsize()
+	}
+	s += 14 + msgp.StringPrefixSize + len(z.TracerVersion) + 5 + msgp.StringPrefixSize + len(z.Lang) + 8 + msgp.StringPrefixSize + len(z.Version)
+	return
+}
+
+// DecodeMsg implements msgp.Decodable
+func (z *StatsPoint) DecodeMsg(dc *msgp.Reader) (err error) {
+	var field []byte
+	_ = field
+	var zb0001 uint32
+	zb0001, err = dc.ReadMapHeader()
+	if err != nil {
+		err = msgp.WrapError(err)
+		return
+	}
+	for zb0001 > 0 {
+		zb0001--
+		field, err = dc.ReadMapKeyPtr()
+		if err != nil {
+			err = msgp.WrapError(err)
+			return
+		}
+		switch msgp.UnsafeString(field) {
+		case "Service":
+			z.Service, err = dc.ReadString()
+			if err != nil {
+				err = msgp.WrapError(err, "Service")
+				return
+			}
+		case "EdgeTags":
+			var zb0002 uint32
+			zb0002, err = dc.ReadArrayHeader()
+			if err != nil {
+				err = msgp.WrapError(err, "EdgeTags")
+				return
+			}
+			if cap(z.EdgeTags) >= int(zb0002) {
+				z.EdgeTags = (z.EdgeTags)[:zb0002]
+			} else {
+				z.EdgeTags = make([]string, zb0002)
+			}
+			for za0001 := range z.EdgeTags {
+				z.EdgeTags[za0001], err = dc.ReadString()
+				if err != nil {
+					err = msgp.WrapError(err, "EdgeTags", za0001)
+					return
+				}
+			}
+		case "Hash":
+			z.Hash, err = dc.ReadUint64()
+			if err != nil {
+				err = msgp.WrapError(err, "Hash")
+				return
+			}
+		case "ParentHash":
+			z.ParentHash, err = dc.ReadUint64()
+			if err != nil {
+				err = msgp.WrapError(err, "ParentHash")
+				return
+			}
+		case "PathwayLatency":
+			z.PathwayLatency, err = dc.ReadBytes(z.PathwayLatency)
+			if err != nil {
+				err = msgp.WrapError(err, "PathwayLatency")
+				return
+			}
+		case "EdgeLatency":
+			z.EdgeLatency, err = dc.ReadBytes(z.EdgeLatency)
+			if err != nil {
+				err = msgp.WrapError(err, "EdgeLatency")
+				return
+			}
+		case "PayloadSize":
+			z.PayloadSize, err = dc.ReadBytes(z.PayloadSize)
+			if err != nil {
+				err = msgp.WrapError(err, "PayloadSize")
+				return
+			}
+		case "TimestampType":
+			{
+				var zb0003 string
+				zb0003, err = dc.ReadString()
+				if err != nil {
+					err = msgp.WrapError(err, "TimestampType")
+					return
+				}
+				z.TimestampType = TimestampType(zb0003)
+			}
+		default:
+			err = dc.Skip()
+			if err != nil {
+				err = msgp.WrapError(err)
+				return
+			}
+		}
+	}
+	return
+}
+
+// EncodeMsg implements msgp.Encodable
+func (z *StatsPoint) EncodeMsg(en *msgp.Writer) (err error) {
+	// map header, size 8
+	// write "Service"
+	err = en.Append(0x88, 0xa7, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65)
+	if err != nil {
+		return
+	}
+	err = en.WriteString(z.Service)
+	if err != nil {
+		err = msgp.WrapError(err, "Service")
+		return
+	}
+	// write "EdgeTags"
+	err = en.Append(0xa8, 0x45, 0x64, 0x67, 0x65, 0x54, 0x61, 0x67, 0x73)
+	if err != nil {
+		return
+	}
+	err = en.WriteArrayHeader(uint32(len(z.EdgeTags)))
+	if err != nil {
+		err = msgp.WrapError(err, "EdgeTags")
+		return
+	}
+	for za0001 := range z.EdgeTags {
+		err = en.WriteString(z.EdgeTags[za0001])
+		if err != nil {
+			err = msgp.WrapError(err, "EdgeTags", za0001)
+			return
+		}
+	}
+	// write "Hash"
+	err = en.Append(0xa4, 0x48, 0x61, 0x73, 0x68)
+	if err != nil {
+		return
+	}
+	err = en.WriteUint64(z.Hash)
+	if err != nil {
+		err = msgp.WrapError(err, "Hash")
+		return
+	}
+	// write "ParentHash"
+	err = en.Append(0xaa, 0x50, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x48, 0x61, 0x73, 0x68)
+	if err != nil {
+		return
+	}
+	err = en.WriteUint64(z.ParentHash)
+	if err != nil {
+		err = msgp.WrapError(err, "ParentHash")
+		return
+	}
+	// write "PathwayLatency"
+	err = en.Append(0xae, 0x50, 0x61, 0x74, 0x68, 0x77, 0x61, 0x79, 0x4c, 0x61, 0x74, 0x65, 0x6e, 0x63, 0x79)
+	if err != nil {
+		return
+	}
+	err = en.WriteBytes(z.PathwayLatency)
+	if err != nil {
+		err = msgp.WrapError(err, "PathwayLatency")
+		return
+	}
+	// write "EdgeLatency"
+	err = en.Append(0xab, 0x45, 0x64, 0x67, 0x65, 0x4c, 0x61, 0x74, 0x65, 0x6e, 0x63, 0x79)
+	if err != nil {
+		return
+	}
+	err = en.WriteBytes(z.EdgeLatency)
+	if err != nil {
+		err = msgp.WrapError(err, "EdgeLatency")
+		return
+	}
+	// write "PayloadSize"
+	err = en.Append(0xab, 0x50, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x69, 0x7a, 0x65)
+	if err != nil {
+		return
+	}
+	err = en.WriteBytes(z.PayloadSize)
+	if err != nil {
+		err = msgp.WrapError(err, "PayloadSize")
+		return
+	}
+	// write "TimestampType"
+	err = en.Append(0xad, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x54, 0x79, 0x70, 0x65)
+	if err != nil {
+		return
+	}
+	err = en.WriteString(string(z.TimestampType))
+	if err != nil {
+		err = msgp.WrapError(err, "TimestampType")
+		return
+	}
+	return
+}
+
+// Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message
+func (z *StatsPoint) Msgsize() (s int) {
+	s = 1 + 8 + msgp.StringPrefixSize + len(z.Service) + 9 + msgp.ArrayHeaderSize
+	for za0001 := range z.EdgeTags {
+		s += msgp.StringPrefixSize + len(z.EdgeTags[za0001])
+	}
+	s += 5 + msgp.Uint64Size + 11 + msgp.Uint64Size + 15 + msgp.BytesPrefixSize + len(z.PathwayLatency) + 12 + msgp.BytesPrefixSize + len(z.EdgeLatency) + 12 + msgp.BytesPrefixSize + len(z.PayloadSize) + 14 + msgp.StringPrefixSize + len(string(z.TimestampType))
+	return
+}
+
+// DecodeMsg implements msgp.Decodable
+func (z *TimestampType) DecodeMsg(dc *msgp.Reader) (err error) {
+	{
+		var zb0001 string
+		zb0001, err = dc.ReadString()
+		if err != nil {
+			err = msgp.WrapError(err)
+			return
+		}
+		(*z) = TimestampType(zb0001)
+	}
+	return
+}
+
+// EncodeMsg implements msgp.Encodable
+func (z TimestampType) EncodeMsg(en *msgp.Writer) (err error) {
+	err = en.WriteString(string(z))
+	if err != nil {
+		err = msgp.WrapError(err)
+		return
+	}
+	return
+}
+
+// Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message
+func (z TimestampType) Msgsize() (s int) {
+	s = msgp.StringPrefixSize + len(string(z))
+	return
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/datastreams/processor.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/datastreams/processor.go
new file mode 100644
index 0000000000..1114f10564
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/datastreams/processor.go
@@ -0,0 +1,472 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+package datastreams
+
+import (
+	"context"
+	"fmt"
+	"math"
+	"net/http"
+	"net/url"
+	"sync"
+	"sync/atomic"
+	"time"
+
+	"gopkg.in/DataDog/dd-trace-go.v1/datastreams/options"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/log"
+	"gopkg.in/DataDog/dd-trace-go.v1/internal/version"
+
+	"github.com/DataDog/sketches-go/ddsketch"
+	"github.com/DataDog/sketches-go/ddsketch/mapping"
+	"github.com/DataDog/sketches-go/ddsketch/store"
+	"github.com/golang/protobuf/proto"
+)
+
+const (
+	bucketDuration            = time.Second * 10
+	loadAgentFeaturesInterval = time.Second * 30
+	defaultServiceName        = "unnamed-go-service"
+)
+
+var sketchMapping, _ = mapping.NewLogarithmicMapping(0.01)
+
+type statsPoint struct {
+	edgeTags       []string
+	hash           uint64
+	parentHash     uint64
+	timestamp      int64
+	pathwayLatency int64
+	edgeLatency    int64
+	payloadSize    int64
+}
+
+type statsGroup struct {
+	service        string
+	edgeTags       []string
+	hash           uint64
+	parentHash     uint64
+	pathwayLatency *ddsketch.DDSketch
+	edgeLatency    *ddsketch.DDSketch
+	payloadSize    *ddsketch.DDSketch
+}
+
+type bucket struct {
+	points               map[uint64]statsGroup
+	latestCommitOffsets  map[partitionConsumerKey]int64
+	latestProduceOffsets map[partitionKey]int64
+	start                uint64
+	duration             uint64
+}
+
+func newBucket(start, duration uint64) bucket {
+	return bucket{
+		points:               make(map[uint64]statsGroup),
+		latestCommitOffsets:  make(map[partitionConsumerKey]int64),
+		latestProduceOffsets: make(map[partitionKey]int64),
+		start:                start,
+		duration:             duration,
+	}
+}
+
+func (b bucket) export(timestampType TimestampType) StatsBucket {
+	stats := make([]StatsPoint, 0, len(b.points))
+	for _, s := range b.points {
+		pathwayLatency, err := proto.Marshal(s.pathwayLatency.ToProto())
+		if err != nil {
+			log.Error("can't serialize pathway latency. Ignoring: %v", err)
+			continue
+		}
+		edgeLatency, err := proto.Marshal(s.edgeLatency.ToProto())
+		if err != nil {
+			log.Error("can't serialize edge latency. Ignoring: %v", err)
+			continue
+		}
+		payloadSize, err := proto.Marshal(s.payloadSize.ToProto())
+		if err != nil {
+			log.Error("can't serialize payload size. Ignoring: %v", err)
+			continue
+		}
+		stats = append(stats, StatsPoint{
+			PathwayLatency: pathwayLatency,
+			EdgeLatency:    edgeLatency,
+			Service:        s.service,
+			EdgeTags:       s.edgeTags,
+			Hash:           s.hash,
+			ParentHash:     s.parentHash,
+			TimestampType:  timestampType,
+			PayloadSize:    payloadSize,
+		})
+	}
+	exported := StatsBucket{
+		Start:    b.start,
+		Duration: b.duration,
+		Stats:    stats,
+		Backlogs: make([]Backlog, 0, len(b.latestCommitOffsets)+len(b.latestProduceOffsets)),
+	}
+	for key, offset := range b.latestProduceOffsets {
+		exported.Backlogs = append(exported.Backlogs, Backlog{Tags: []string{fmt.Sprintf("partition:%d", key.partition), fmt.Sprintf("topic:%s", key.topic), "type:kafka_produce"}, Value: offset})
+	}
+	for key, offset := range b.latestCommitOffsets {
+		exported.Backlogs = append(exported.Backlogs, Backlog{Tags: []string{fmt.Sprintf("consumer_group:%s", key.group), fmt.Sprintf("partition:%d", key.partition), fmt.Sprintf("topic:%s", key.topic), "type:kafka_commit"}, Value: offset})
+	}
+	return exported
+}
+
+type processorStats struct {
+	payloadsIn      int64
+	flushedPayloads int64
+	flushedBuckets  int64
+	flushErrors     int64
+	dropped         int64
+}
+
+type partitionKey struct {
+	partition int32
+	topic     string
+}
+
+type partitionConsumerKey struct {
+	partition int32
+	topic     string
+	group     string
+}
+
+type offsetType int
+
+const (
+	produceOffset offsetType = iota
+	commitOffset
+)
+
+type kafkaOffset struct {
+	offset     int64
+	topic      string
+	group      string
+	partition  int32
+	offsetType offsetType
+	timestamp  int64
+}
+
+type Processor struct {
+	in                   chan statsPoint
+	inKafka              chan kafkaOffset
+	tsTypeCurrentBuckets map[int64]bucket
+	tsTypeOriginBuckets  map[int64]bucket
+	wg                   sync.WaitGroup
+	stopped              uint64
+	stop                 chan struct{} // closing this channel triggers shutdown
+	flushRequest         chan chan<- struct{}
+	stats                processorStats
+	transport            *httpTransport
+	statsd               internal.StatsdClient
+	env                  string
+	primaryTag           string
+	service              string
+	version              string
+	// used for tests
+	timeSource                  func() time.Time
+	disableStatsFlushing        uint32
+	getAgentSupportsDataStreams func() bool
+}
+
+func (p *Processor) time() time.Time {
+	if p.timeSource != nil {
+		return p.timeSource()
+	}
+	return time.Now()
+}
+
+func NewProcessor(statsd internal.StatsdClient, env, service, version string, agentURL *url.URL, httpClient *http.Client, getAgentSupportsDataStreams func() bool) *Processor {
+	if service == "" {
+		service = defaultServiceName
+	}
+	p := &Processor{
+		tsTypeCurrentBuckets:        make(map[int64]bucket),
+		tsTypeOriginBuckets:         make(map[int64]bucket),
+		in:                          make(chan statsPoint, 10000),
+		inKafka:                     make(chan kafkaOffset, 10000),
+		stopped:                     1,
+		statsd:                      statsd,
+		env:                         env,
+		service:                     service,
+		version:                     version,
+		transport:                   newHTTPTransport(agentURL, httpClient),
+		timeSource:                  time.Now,
+		getAgentSupportsDataStreams: getAgentSupportsDataStreams,
+	}
+	p.updateAgentSupportsDataStreams(getAgentSupportsDataStreams())
+	return p
+}
+
+// alignTs returns the provided timestamp truncated to the bucket size.
+// It gives us the start time of the time bucket in which such timestamp falls.
+func alignTs(ts, bucketSize int64) int64 { return ts - ts%bucketSize }
+
+func (p *Processor) getBucket(btime int64, buckets map[int64]bucket) bucket {
+	b, ok := buckets[btime]
+	if !ok {
+		b = newBucket(uint64(btime), uint64(bucketDuration.Nanoseconds()))
+		buckets[btime] = b
+	}
+	return b
+}
+func (p *Processor) addToBuckets(point statsPoint, btime int64, buckets map[int64]bucket) {
+	b := p.getBucket(btime, buckets)
+	group, ok := b.points[point.hash]
+	if !ok {
+		group = statsGroup{
+			edgeTags:       point.edgeTags,
+			parentHash:     point.parentHash,
+			hash:           point.hash,
+			pathwayLatency: ddsketch.NewDDSketch(sketchMapping, store.DenseStoreConstructor(), store.DenseStoreConstructor()),
+			edgeLatency:    ddsketch.NewDDSketch(sketchMapping, store.DenseStoreConstructor(), store.DenseStoreConstructor()),
+			payloadSize:    ddsketch.NewDDSketch(sketchMapping, store.DenseStoreConstructor(), store.DenseStoreConstructor()),
+		}
+		b.points[point.hash] = group
+	}
+	if err := group.pathwayLatency.Add(math.Max(float64(point.pathwayLatency)/float64(time.Second), 0)); err != nil {
+		log.Error("failed to add pathway latency. Ignoring %v.", err)
+	}
+	if err := group.edgeLatency.Add(math.Max(float64(point.edgeLatency)/float64(time.Second), 0)); err != nil {
+		log.Error("failed to add edge latency. Ignoring %v.", err)
+	}
+	if err := group.payloadSize.Add(float64(point.payloadSize)); err != nil {
+		log.Error("failed to add payload size. Ignoring %v.", err)
+	}
+}
+
+func (p *Processor) add(point statsPoint) {
+	currentBucketTime := alignTs(point.timestamp, bucketDuration.Nanoseconds())
+	p.addToBuckets(point, currentBucketTime, p.tsTypeCurrentBuckets)
+	originTimestamp := point.timestamp - point.pathwayLatency
+	originBucketTime := alignTs(originTimestamp, bucketDuration.Nanoseconds())
+	p.addToBuckets(point, originBucketTime, p.tsTypeOriginBuckets)
+}
+
+func (p *Processor) addKafkaOffset(o kafkaOffset) {
+	btime := alignTs(o.timestamp, bucketDuration.Nanoseconds())
+	b := p.getBucket(btime, p.tsTypeCurrentBuckets)
+	if o.offsetType == produceOffset {
+		b.latestProduceOffsets[partitionKey{
+			partition: o.partition,
+			topic:     o.topic,
+		}] = o.offset
+		return
+	}
+	b.latestCommitOffsets[partitionConsumerKey{
+		partition: o.partition,
+		group:     o.group,
+		topic:     o.topic,
+	}] = o.offset
+}
+
+func (p *Processor) run(tick <-chan time.Time) {
+	for {
+		select {
+		case s := <-p.in:
+			atomic.AddInt64(&p.stats.payloadsIn, 1)
+			p.add(s)
+		case o := <-p.inKafka:
+			p.addKafkaOffset(o)
+		case now := <-tick:
+			p.sendToAgent(p.flush(now))
+		case done := <-p.flushRequest:
+			p.sendToAgent(p.flush(time.Now().Add(bucketDuration * 10)))
+			close(done)
+		case <-p.stop:
+			// drop in flight payloads on the input channel
+			p.sendToAgent(p.flush(time.Now().Add(bucketDuration * 10)))
+			return
+		}
+	}
+}
+
+func (p *Processor) Start() {
+	if atomic.SwapUint64(&p.stopped, 0) == 0 {
+		// already running
+		log.Warn("(*Processor).Start called more than once. This is likely a programming error.")
+		return
+	}
+	p.stop = make(chan struct{})
+	p.flushRequest = make(chan chan<- struct{})
+	p.wg.Add(2)
+	go p.reportStats()
+	go func() {
+		defer p.wg.Done()
+		tick := time.NewTicker(bucketDuration)
+		defer tick.Stop()
+		p.run(tick.C)
+	}()
+	go func() {
+		defer p.wg.Done()
+		tick := time.NewTicker(loadAgentFeaturesInterval)
+		defer tick.Stop()
+		p.runLoadAgentFeatures(tick.C)
+	}()
+}
+
+// Flush triggers a flush and waits for it to complete.
+func (p *Processor) Flush() {
+	if atomic.LoadUint64(&p.stopped) > 0 {
+		return
+	}
+	done := make(chan struct{})
+	select {
+	case p.flushRequest <- done:
+		<-done
+	case <-p.stop:
+	}
+}
+
+func (p *Processor) Stop() {
+	if atomic.SwapUint64(&p.stopped, 1) > 0 {
+		return
+	}
+	close(p.stop)
+	p.wg.Wait()
+}
+
+func (p *Processor) reportStats() {
+	for range time.NewTicker(time.Second * 10).C {
+		p.statsd.Count("datadog.datastreams.processor.payloads_in", atomic.SwapInt64(&p.stats.payloadsIn, 0), nil, 1)
+		p.statsd.Count("datadog.datastreams.processor.flushed_payloads", atomic.SwapInt64(&p.stats.flushedPayloads, 0), nil, 1)
+		p.statsd.Count("datadog.datastreams.processor.flushed_buckets", atomic.SwapInt64(&p.stats.flushedBuckets, 0), nil, 1)
+		p.statsd.Count("datadog.datastreams.processor.flush_errors", atomic.SwapInt64(&p.stats.flushErrors, 0), nil, 1)
+		p.statsd.Count("datadog.datastreams.processor.dropped_payloads", atomic.SwapInt64(&p.stats.dropped, 0), nil, 1)
+	}
+}
+
+func (p *Processor) flushBucket(buckets map[int64]bucket, bucketStart int64, timestampType TimestampType) StatsBucket {
+	bucket := buckets[bucketStart]
+	delete(buckets, bucketStart)
+	return bucket.export(timestampType)
+}
+
+func (p *Processor) flush(now time.Time) StatsPayload {
+	nowNano := now.UnixNano()
+	sp := StatsPayload{
+		Service:       p.service,
+		Version:       p.version,
+		Env:           p.env,
+		Lang:          "go",
+		TracerVersion: version.Tag,
+		Stats:         make([]StatsBucket, 0, len(p.tsTypeCurrentBuckets)+len(p.tsTypeOriginBuckets)),
+	}
+	for ts := range p.tsTypeCurrentBuckets {
+		if ts > nowNano-bucketDuration.Nanoseconds() {
+			// do not flush the bucket at the current time
+			continue
+		}
+		sp.Stats = append(sp.Stats, p.flushBucket(p.tsTypeCurrentBuckets, ts, TimestampTypeCurrent))
+	}
+	for ts := range p.tsTypeOriginBuckets {
+		if ts > nowNano-bucketDuration.Nanoseconds() {
+			// do not flush the bucket at the current time
+			continue
+		}
+		sp.Stats = append(sp.Stats, p.flushBucket(p.tsTypeOriginBuckets, ts, TimestampTypeOrigin))
+	}
+	return sp
+}
+
+func (p *Processor) sendToAgent(payload StatsPayload) {
+	atomic.AddInt64(&p.stats.flushedPayloads, 1)
+	atomic.AddInt64(&p.stats.flushedBuckets, int64(len(payload.Stats)))
+	if err := p.transport.sendPipelineStats(&payload); err != nil {
+		atomic.AddInt64(&p.stats.flushErrors, 1)
+	}
+}
+
+func (p *Processor) SetCheckpoint(ctx context.Context, edgeTags ...string) context.Context {
+	return p.SetCheckpointWithParams(ctx, options.CheckpointParams{}, edgeTags...)
+}
+
+func (p *Processor) SetCheckpointWithParams(ctx context.Context, params options.CheckpointParams, edgeTags ...string) context.Context {
+	parent, hasParent := PathwayFromContext(ctx)
+	parentHash := uint64(0)
+	now := p.time()
+	pathwayStart := now
+	edgeStart := now
+	if hasParent {
+		pathwayStart = parent.PathwayStart()
+		edgeStart = parent.EdgeStart()
+		parentHash = parent.GetHash()
+	}
+	child := Pathway{
+		hash:         pathwayHash(nodeHash(p.service, p.env, edgeTags), parentHash),
+		pathwayStart: pathwayStart,
+		edgeStart:    now,
+	}
+	select {
+	case p.in <- statsPoint{
+		edgeTags:       edgeTags,
+		parentHash:     parentHash,
+		hash:           child.hash,
+		timestamp:      now.UnixNano(),
+		pathwayLatency: now.Sub(pathwayStart).Nanoseconds(),
+		edgeLatency:    now.Sub(edgeStart).Nanoseconds(),
+		payloadSize:    params.PayloadSize,
+	}:
+	default:
+		atomic.AddInt64(&p.stats.dropped, 1)
+	}
+	return ContextWithPathway(ctx, child)
+}
+
+func (p *Processor) TrackKafkaCommitOffset(group string, topic string, partition int32, offset int64) {
+	select {
+	case p.inKafka <- kafkaOffset{
+		offset:     offset,
+		group:      group,
+		topic:      topic,
+		partition:  partition,
+		offsetType: commitOffset,
+		timestamp:  p.time().UnixNano(),
+	}:
+	default:
+		atomic.AddInt64(&p.stats.dropped, 1)
+	}
+}
+
+func (p *Processor) TrackKafkaProduceOffset(topic string, partition int32, offset int64) {
+	select {
+	case p.inKafka <- kafkaOffset{
+		offset:     offset,
+		topic:      topic,
+		partition:  partition,
+		offsetType: produceOffset,
+		timestamp:  p.time().UnixNano(),
+	}:
+	default:
+		atomic.AddInt64(&p.stats.dropped, 1)
+	}
+}
+
+func (p *Processor) runLoadAgentFeatures(tick <-chan time.Time) {
+	for {
+		select {
+		case <-tick:
+			p.updateAgentSupportsDataStreams(p.getAgentSupportsDataStreams())
+		case <-p.stop:
+			return
+		}
+	}
+}
+
+func (p *Processor) updateAgentSupportsDataStreams(agentSupportsDataStreams bool) {
+	var disableStatsFlushing uint32
+	if !agentSupportsDataStreams {
+		disableStatsFlushing = 1
+	}
+	if atomic.SwapUint32(&p.disableStatsFlushing, disableStatsFlushing) != disableStatsFlushing {
+		if agentSupportsDataStreams {
+			log.Info("Detected agent upgrade. Turning on Data Streams Monitoring.")
+		} else {
+			log.Warn("Turning off Data Streams Monitoring. Upgrade your agent to 7.34+")
+		}
+	}
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/datastreams/propagator.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/datastreams/propagator.go
new file mode 100644
index 0000000000..bd8168a08d
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/datastreams/propagator.go
@@ -0,0 +1,87 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+package datastreams
+
+import (
+	"context"
+	"encoding/base64"
+	"encoding/binary"
+	"errors"
+	"time"
+
+	"github.com/DataDog/sketches-go/ddsketch/encoding"
+)
+
+type contextKey struct{}
+
+var activePathwayKey = contextKey{}
+
+const (
+	// PropagationKeyBase64 is the key to use to propagate the pathway between services.
+	PropagationKeyBase64 = "dd-pathway-ctx-base64"
+)
+
+// Encode encodes the pathway
+func (p Pathway) Encode() []byte {
+	data := make([]byte, 8, 20)
+	binary.LittleEndian.PutUint64(data, p.hash)
+	encoding.EncodeVarint64(&data, p.pathwayStart.UnixNano()/int64(time.Millisecond))
+	encoding.EncodeVarint64(&data, p.edgeStart.UnixNano()/int64(time.Millisecond))
+	return data
+}
+
+// Decode decodes a pathway
+func Decode(ctx context.Context, data []byte) (p Pathway, outCtx context.Context, err error) {
+	if len(data) < 8 {
+		return p, ctx, errors.New("hash smaller than 8 bytes")
+	}
+	p.hash = binary.LittleEndian.Uint64(data)
+	data = data[8:]
+	pathwayStart, err := encoding.DecodeVarint64(&data)
+	if err != nil {
+		return p, ctx, err
+	}
+	edgeStart, err := encoding.DecodeVarint64(&data)
+	if err != nil {
+		return p, ctx, err
+	}
+	p.pathwayStart = time.Unix(0, pathwayStart*int64(time.Millisecond))
+	p.edgeStart = time.Unix(0, edgeStart*int64(time.Millisecond))
+	return p, ContextWithPathway(ctx, p), nil
+}
+
+// EncodeBase64 encodes a pathway context into a string using base64 encoding.
+func (p Pathway) EncodeBase64() string {
+	b := p.Encode()
+	return base64.StdEncoding.EncodeToString(b)
+}
+
+// DecodeBase64 decodes a pathway context from a string using base64 encoding.
+func DecodeBase64(ctx context.Context, str string) (p Pathway, outCtx context.Context, err error) {
+	data, err := base64.StdEncoding.DecodeString(str)
+	if err != nil {
+		return p, ctx, err
+	}
+	return Decode(ctx, data)
+}
+
+// ContextWithPathway returns a copy of the given context which includes the pathway p.
+func ContextWithPathway(ctx context.Context, p Pathway) context.Context {
+	return context.WithValue(ctx, activePathwayKey, p)
+}
+
+// PathwayFromContext returns the pathway contained in the given context, and whether a
+// pathway is found in ctx.
+func PathwayFromContext(ctx context.Context) (p Pathway, ok bool) {
+	if ctx == nil {
+		return p, false
+	}
+	v := ctx.Value(activePathwayKey)
+	if p, ok := v.(Pathway); ok {
+		return p, true
+	}
+	return p, false
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/datastreams/transport.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/datastreams/transport.go
new file mode 100644
index 0000000000..62433c7557
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/datastreams/transport.go
@@ -0,0 +1,115 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+package datastreams
+
+import (
+	"bytes"
+	"compress/gzip"
+	"fmt"
+	"net"
+	"net/http"
+	"net/url"
+	"runtime"
+	"strings"
+	"time"
+
+	"gopkg.in/DataDog/dd-trace-go.v1/internal"
+
+	"github.com/tinylib/msgp/msgp"
+)
+
+const (
+	defaultHostname    = "localhost"
+	defaultPort        = "8126"
+	defaultAddress     = defaultHostname + ":" + defaultPort
+	defaultHTTPTimeout = 2 * time.Second // defines the current timeout before giving up with the send process
+)
+
+var defaultDialer = &net.Dialer{
+	Timeout:   30 * time.Second,
+	KeepAlive: 30 * time.Second,
+	DualStack: true,
+}
+
+var defaultClient = &http.Client{
+	// We copy the transport to avoid using the default one, as it might be
+	// augmented with tracing and we don't want these calls to be recorded.
+	// See https://golang.org/pkg/net/http/#DefaultTransport .
+	Transport: &http.Transport{
+		Proxy:                 http.ProxyFromEnvironment,
+		DialContext:           defaultDialer.DialContext,
+		MaxIdleConns:          100,
+		IdleConnTimeout:       90 * time.Second,
+		TLSHandshakeTimeout:   10 * time.Second,
+		ExpectContinueTimeout: 1 * time.Second,
+	},
+	Timeout: defaultHTTPTimeout,
+}
+
+type httpTransport struct {
+	url     string            // the delivery URL for stats
+	client  *http.Client      // the HTTP client used in the POST
+	headers map[string]string // the Transport headers
+}
+
+func newHTTPTransport(agentURL *url.URL, client *http.Client) *httpTransport {
+	// initialize the default EncoderPool with Encoder headers
+	defaultHeaders := map[string]string{
+		"Datadog-Meta-Lang":             "go",
+		"Datadog-Meta-Lang-Version":     strings.TrimPrefix(runtime.Version(), "go"),
+		"Datadog-Meta-Lang-Interpreter": runtime.Compiler + "-" + runtime.GOARCH + "-" + runtime.GOOS,
+		"Content-Type":                  "application/msgpack",
+		"Content-Encoding":              "gzip",
+	}
+	if cid := internal.ContainerID(); cid != "" {
+		defaultHeaders["Datadog-Container-ID"] = cid
+	}
+	url := fmt.Sprintf("%s/v0.1/pipeline_stats", agentURL.String())
+	return &httpTransport{
+		url:     url,
+		client:  client,
+		headers: defaultHeaders,
+	}
+}
+
+func (t *httpTransport) sendPipelineStats(p *StatsPayload) error {
+	var buf bytes.Buffer
+	gzipWriter, err := gzip.NewWriterLevel(&buf, gzip.BestSpeed)
+	if err != nil {
+		return err
+	}
+	if err := msgp.Encode(gzipWriter, p); err != nil {
+		return err
+	}
+	err = gzipWriter.Close()
+	if err != nil {
+		return err
+	}
+	req, err := http.NewRequest("POST", t.url, &buf)
+	if err != nil {
+		return err
+	}
+	for header, value := range t.headers {
+		req.Header.Set(header, value)
+	}
+	resp, err := t.client.Do(req)
+	if err != nil {
+		return err
+	}
+	if code := resp.StatusCode; code >= 400 {
+		// error, check the body for context information and
+		// return a nice error.
+		msg := make([]byte, 1000)
+		n, _ := resp.Body.Read(msg)
+		resp.Body.Close()
+		txt := http.StatusText(code)
+		if n > 0 {
+			return fmt.Errorf("%s (Status: %s)", msg[:n], txt)
+		}
+		return fmt.Errorf("%s", txt)
+	}
+	return nil
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/statsd.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/statsd.go
new file mode 100644
index 0000000000..cccf35f8f1
--- /dev/null
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/statsd.go
@@ -0,0 +1,17 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016 Datadog, Inc.
+
+package internal
+
+import "time"
+
+type StatsdClient interface {
+	Incr(name string, tags []string, rate float64) error
+	Count(name string, value int64, tags []string, rate float64) error
+	Gauge(name string, value float64, tags []string, rate float64) error
+	Timing(name string, value time.Duration, tags []string, rate float64) error
+	Flush() error
+	Close() error
+}
diff --git a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/version/version.go b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/version/version.go
index dfc9759318..ef5ce3dc3f 100644
--- a/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/version/version.go
+++ b/vendor/gopkg.in/DataDog/dd-trace-go.v1/internal/version/version.go
@@ -13,7 +13,7 @@ import (
 // Tag specifies the current release tag. It needs to be manually
 // updated. A test checks that the value of Tag never points to a
 // git tag that is older than HEAD.
-const Tag = "v1.53.0"
+const Tag = "v1.56.1"
 
 // Dissected version number. Filled during init()
 var (
diff --git a/vendor/gopkg.in/go-jose/go-jose.v2/.gitcookies.sh.enc b/vendor/gopkg.in/go-jose/go-jose.v2/.gitcookies.sh.enc
new file mode 100644
index 0000000000..730e569b06
--- /dev/null
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/.gitcookies.sh.enc
@@ -0,0 +1 @@
+'|Ê&{tÄU|gGê(ì�Cy=+¨œòcû:u:/pœ#~žü["±4¤!­nÙAªDK<ŠufÿhÅa¿Â:ºü¸¡´B/£Ø¤¹¤ò_�hÎÛSãT*wÌx¼¯�¹-ç|�àÀÓƒÑÄäóÌ㣗A$$â6£ÁâG)8nÏpûÆË¡3ÌšœoïÏvŽB–3¿­]xÝ“Ó2l§G•|qRÞ¯
ö2
5R–Ó×Ç$´ñ½Yè¡ÞÝ™l‘Ë«yAI"ÛŒ˜®íû¹¼kÄ|Kåþ[9ÆâÒå=°úÿŸñ|@S•3ó#æ�x?¾V„,¾‚SÆÝõœwPíogÒ6&V6	©D.dBŠ7
\ No newline at end of file
diff --git a/vendor/gopkg.in/go-jose/go-jose.v2/.gitignore b/vendor/gopkg.in/go-jose/go-jose.v2/.gitignore
new file mode 100644
index 0000000000..95a851586a
--- /dev/null
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/.gitignore
@@ -0,0 +1,8 @@
+*~
+.*.swp
+*.out
+*.test
+*.pem
+*.cov
+jose-util/jose-util
+jose-util.t.err
\ No newline at end of file
diff --git a/vendor/gopkg.in/go-jose/go-jose.v2/.travis.yml b/vendor/gopkg.in/go-jose/go-jose.v2/.travis.yml
new file mode 100644
index 0000000000..391b99a401
--- /dev/null
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/.travis.yml
@@ -0,0 +1,45 @@
+language: go
+
+sudo: false
+
+matrix:
+  fast_finish: true
+  allow_failures:
+    - go: tip
+
+go:
+- '1.14.x'
+- '1.15.x'
+- tip
+
+go_import_path: gopkg.in/square/go-jose.v2
+
+before_script:
+- export PATH=$HOME/.local/bin:$PATH
+
+before_install:
+# Install encrypted gitcookies to get around bandwidth-limits
+# that is causing Travis-CI builds to fail. For more info, see
+# https://github.com/golang/go/issues/12933
+- openssl aes-256-cbc -K $encrypted_1528c3c2cafd_key -iv $encrypted_1528c3c2cafd_iv -in .gitcookies.sh.enc -out .gitcookies.sh -d || true
+- bash .gitcookies.sh || true
+- go get github.com/wadey/gocovmerge
+- go get github.com/mattn/goveralls
+- go get github.com/stretchr/testify/assert
+- go get github.com/stretchr/testify/require
+- go get github.com/google/go-cmp/cmp
+- go get golang.org/x/tools/cmd/cover || true
+- go get code.google.com/p/go.tools/cmd/cover || true
+- pip install cram --user
+
+script:
+- go test . -v -covermode=count -coverprofile=profile.cov
+- go test ./cipher -v -covermode=count -coverprofile=cipher/profile.cov
+- go test ./jwt -v -covermode=count -coverprofile=jwt/profile.cov
+- go test ./json -v # no coverage for forked encoding/json package
+- cd jose-util && go build && PATH=$PWD:$PATH cram -v jose-util.t # cram tests jose-util
+- cd ..
+
+after_success:
+- gocovmerge *.cov */*.cov > merged.coverprofile
+- $HOME/gopath/bin/goveralls -coverprofile merged.coverprofile -service=travis-ci
diff --git a/vendor/gopkg.in/go-jose/go-jose.v2/CONTRIBUTING.md b/vendor/gopkg.in/go-jose/go-jose.v2/CONTRIBUTING.md
new file mode 100644
index 0000000000..61b183651c
--- /dev/null
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/CONTRIBUTING.md
@@ -0,0 +1,14 @@
+# Contributing
+
+If you would like to contribute code to go-jose you can do so through GitHub by
+forking the repository and sending a pull request.
+
+When submitting code, please make every effort to follow existing conventions
+and style in order to keep the code as readable as possible. Please also make
+sure all tests pass by running `go test`, and format your code with `go fmt`.
+We also recommend using `golint` and `errcheck`.
+
+Before your code can be accepted into the project you must also sign the
+[Individual Contributor License Agreement][1].
+
+ [1]: https://spreadsheets.google.com/spreadsheet/viewform?formkey=dDViT2xzUHAwRkI3X3k5Z0lQM091OGc6MQ&ndplr=1
diff --git a/vendor/gopkg.in/go-jose/go-jose.v2/LICENSE b/vendor/gopkg.in/go-jose/go-jose.v2/LICENSE
new file mode 100644
index 0000000000..d645695673
--- /dev/null
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/LICENSE
@@ -0,0 +1,202 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
diff --git a/vendor/gopkg.in/go-jose/go-jose.v2/README.md b/vendor/gopkg.in/go-jose/go-jose.v2/README.md
new file mode 100644
index 0000000000..46b02d61d8
--- /dev/null
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/README.md
@@ -0,0 +1,118 @@
+# Go JOSE 
+
+[![godoc](http://img.shields.io/badge/godoc-version_1-blue.svg?style=flat)](https://godoc.org/gopkg.in/go-jose/go-jose.v1)
+[![godoc](http://img.shields.io/badge/godoc-version_2-blue.svg?style=flat)](https://godoc.org/gopkg.in/go-jose/go-jose.v2)
+[![license](http://img.shields.io/badge/license-apache_2.0-blue.svg?style=flat)](https://raw.githubusercontent.com/go-jose/go-jose/master/LICENSE)
+[![build](https://travis-ci.org/go-jose/go-jose.svg?branch=v2)](https://travis-ci.org/go-jose/go-jose)
+[![coverage](https://coveralls.io/repos/github/go-jose/go-jose/badge.svg?branch=v2)](https://coveralls.io/r/go-jose/go-jose)
+
+Package jose aims to provide an implementation of the Javascript Object Signing
+and Encryption set of standards. This includes support for JSON Web Encryption,
+JSON Web Signature, and JSON Web Token standards.
+
+**Disclaimer**: This library contains encryption software that is subject to
+the U.S. Export Administration Regulations. You may not export, re-export,
+transfer or download this code or any part of it in violation of any United
+States law, directive or regulation. In particular this software may not be
+exported or re-exported in any form or on any media to Iran, North Sudan,
+Syria, Cuba, or North Korea, or to denied persons or entities mentioned on any
+US maintained blocked list.
+
+## Overview
+
+The implementation follows the
+[JSON Web Encryption](http://dx.doi.org/10.17487/RFC7516) (RFC 7516),
+[JSON Web Signature](http://dx.doi.org/10.17487/RFC7515) (RFC 7515), and
+[JSON Web Token](http://dx.doi.org/10.17487/RFC7519) (RFC 7519).
+Tables of supported algorithms are shown below. The library supports both
+the compact and full serialization formats, and has optional support for
+multiple recipients. It also comes with a small command-line utility
+([`jose-util`](https://github.com/go-jose/go-jose/tree/v2/jose-util))
+for dealing with JOSE messages in a shell.
+
+**Note**: We use a forked version of the `encoding/json` package from the Go
+standard library which uses case-sensitive matching for member names (instead
+of [case-insensitive matching](https://www.ietf.org/mail-archive/web/json/current/msg03763.html)).
+This is to avoid differences in interpretation of messages between go-jose and
+libraries in other languages.
+
+### Versions
+
+We use [gopkg.in](https://gopkg.in) for versioning.
+
+[Version 2](https://gopkg.in/go-jose/go-jose.v2)
+([branch](https://github.com/go-jose/go-jose/tree/v2),
+[doc](https://godoc.org/gopkg.in/go-jose/go-jose.v2)) is the current version:
+
+    import "gopkg.in/go-jose/go-jose.v2"
+
+The old `v1` branch ([go-jose.v1](https://gopkg.in/go-jose/go-jose.v1)) will
+still receive backported bug fixes and security fixes, but otherwise
+development is frozen. All new feature development takes place on the `v2`
+branch. Version 2 also contains additional sub-packages such as the
+[jwt](https://godoc.org/gopkg.in/go-jose/go-jose.v2/jwt) implementation
+contributed by [@shaxbee](https://github.com/shaxbee).
+
+### Supported algorithms
+
+See below for a table of supported algorithms. Algorithm identifiers match
+the names in the [JSON Web Algorithms](http://dx.doi.org/10.17487/RFC7518)
+standard where possible. The Godoc reference has a list of constants.
+
+ Key encryption             | Algorithm identifier(s)
+ :------------------------- | :------------------------------
+ RSA-PKCS#1v1.5             | RSA1_5
+ RSA-OAEP                   | RSA-OAEP, RSA-OAEP-256
+ AES key wrap               | A128KW, A192KW, A256KW
+ AES-GCM key wrap           | A128GCMKW, A192GCMKW, A256GCMKW
+ ECDH-ES + AES key wrap     | ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW
+ ECDH-ES (direct)           | ECDH-ES<sup>1</sup>
+ Direct encryption          | dir<sup>1</sup>
+
+<sup>1. Not supported in multi-recipient mode</sup>
+
+ Signing / MAC              | Algorithm identifier(s)
+ :------------------------- | :------------------------------
+ RSASSA-PKCS#1v1.5          | RS256, RS384, RS512
+ RSASSA-PSS                 | PS256, PS384, PS512
+ HMAC                       | HS256, HS384, HS512
+ ECDSA                      | ES256, ES384, ES512
+ Ed25519                    | EdDSA<sup>2</sup>
+
+<sup>2. Only available in version 2 of the package</sup>
+
+ Content encryption         | Algorithm identifier(s)
+ :------------------------- | :------------------------------
+ AES-CBC+HMAC               | A128CBC-HS256, A192CBC-HS384, A256CBC-HS512
+ AES-GCM                    | A128GCM, A192GCM, A256GCM 
+
+ Compression                | Algorithm identifiers(s)
+ :------------------------- | -------------------------------
+ DEFLATE (RFC 1951)         | DEF
+
+### Supported key types
+
+See below for a table of supported key types. These are understood by the
+library, and can be passed to corresponding functions such as `NewEncrypter` or
+`NewSigner`. Each of these keys can also be wrapped in a JWK if desired, which
+allows attaching a key id.
+
+ Algorithm(s)               | Corresponding types
+ :------------------------- | -------------------------------
+ RSA                        | *[rsa.PublicKey](http://golang.org/pkg/crypto/rsa/#PublicKey), *[rsa.PrivateKey](http://golang.org/pkg/crypto/rsa/#PrivateKey)
+ ECDH, ECDSA                | *[ecdsa.PublicKey](http://golang.org/pkg/crypto/ecdsa/#PublicKey), *[ecdsa.PrivateKey](http://golang.org/pkg/crypto/ecdsa/#PrivateKey)
+ EdDSA<sup>1</sup>          | [ed25519.PublicKey](https://godoc.org/golang.org/x/crypto/ed25519#PublicKey), [ed25519.PrivateKey](https://godoc.org/golang.org/x/crypto/ed25519#PrivateKey)
+ AES, HMAC                  | []byte
+
+<sup>1. Only available in version 2 of the package</sup>
+
+## Examples
+
+[![godoc](http://img.shields.io/badge/godoc-version_1-blue.svg?style=flat)](https://godoc.org/gopkg.in/go-jose/go-jose.v1)
+[![godoc](http://img.shields.io/badge/godoc-version_2-blue.svg?style=flat)](https://godoc.org/gopkg.in/go-jose/go-jose.v2)
+
+Examples can be found in the Godoc
+reference for this package. The
+[`jose-util`](https://github.com/go-jose/go-jose/tree/v2/jose-util)
+subdirectory also contains a small command-line utility which might be useful
+as an example.
diff --git a/vendor/gopkg.in/go-jose/go-jose.v2/asymmetric.go b/vendor/gopkg.in/go-jose/go-jose.v2/asymmetric.go
new file mode 100644
index 0000000000..3ca79cc268
--- /dev/null
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/asymmetric.go
@@ -0,0 +1,592 @@
+/*-
+ * Copyright 2014 Square Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package jose
+
+import (
+	"crypto"
+	"crypto/aes"
+	"crypto/ecdsa"
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/sha1"
+	"crypto/sha256"
+	"errors"
+	"fmt"
+	"math/big"
+
+	"golang.org/x/crypto/ed25519"
+	josecipher "gopkg.in/go-jose/go-jose.v2/cipher"
+	"gopkg.in/go-jose/go-jose.v2/json"
+)
+
+// A generic RSA-based encrypter/verifier
+type rsaEncrypterVerifier struct {
+	publicKey *rsa.PublicKey
+}
+
+// A generic RSA-based decrypter/signer
+type rsaDecrypterSigner struct {
+	privateKey *rsa.PrivateKey
+}
+
+// A generic EC-based encrypter/verifier
+type ecEncrypterVerifier struct {
+	publicKey *ecdsa.PublicKey
+}
+
+type edEncrypterVerifier struct {
+	publicKey ed25519.PublicKey
+}
+
+// A key generator for ECDH-ES
+type ecKeyGenerator struct {
+	size      int
+	algID     string
+	publicKey *ecdsa.PublicKey
+}
+
+// A generic EC-based decrypter/signer
+type ecDecrypterSigner struct {
+	privateKey *ecdsa.PrivateKey
+}
+
+type edDecrypterSigner struct {
+	privateKey ed25519.PrivateKey
+}
+
+// newRSARecipient creates recipientKeyInfo based on the given key.
+func newRSARecipient(keyAlg KeyAlgorithm, publicKey *rsa.PublicKey) (recipientKeyInfo, error) {
+	// Verify that key management algorithm is supported by this encrypter
+	switch keyAlg {
+	case RSA1_5, RSA_OAEP, RSA_OAEP_256:
+	default:
+		return recipientKeyInfo{}, ErrUnsupportedAlgorithm
+	}
+
+	if publicKey == nil {
+		return recipientKeyInfo{}, errors.New("invalid public key")
+	}
+
+	return recipientKeyInfo{
+		keyAlg: keyAlg,
+		keyEncrypter: &rsaEncrypterVerifier{
+			publicKey: publicKey,
+		},
+	}, nil
+}
+
+// newRSASigner creates a recipientSigInfo based on the given key.
+func newRSASigner(sigAlg SignatureAlgorithm, privateKey *rsa.PrivateKey) (recipientSigInfo, error) {
+	// Verify that key management algorithm is supported by this encrypter
+	switch sigAlg {
+	case RS256, RS384, RS512, PS256, PS384, PS512:
+	default:
+		return recipientSigInfo{}, ErrUnsupportedAlgorithm
+	}
+
+	if privateKey == nil {
+		return recipientSigInfo{}, errors.New("invalid private key")
+	}
+
+	return recipientSigInfo{
+		sigAlg: sigAlg,
+		publicKey: staticPublicKey(&JSONWebKey{
+			Key: privateKey.Public(),
+		}),
+		signer: &rsaDecrypterSigner{
+			privateKey: privateKey,
+		},
+	}, nil
+}
+
+func newEd25519Signer(sigAlg SignatureAlgorithm, privateKey ed25519.PrivateKey) (recipientSigInfo, error) {
+	if sigAlg != EdDSA {
+		return recipientSigInfo{}, ErrUnsupportedAlgorithm
+	}
+
+	if privateKey == nil {
+		return recipientSigInfo{}, errors.New("invalid private key")
+	}
+	return recipientSigInfo{
+		sigAlg: sigAlg,
+		publicKey: staticPublicKey(&JSONWebKey{
+			Key: privateKey.Public(),
+		}),
+		signer: &edDecrypterSigner{
+			privateKey: privateKey,
+		},
+	}, nil
+}
+
+// newECDHRecipient creates recipientKeyInfo based on the given key.
+func newECDHRecipient(keyAlg KeyAlgorithm, publicKey *ecdsa.PublicKey) (recipientKeyInfo, error) {
+	// Verify that key management algorithm is supported by this encrypter
+	switch keyAlg {
+	case ECDH_ES, ECDH_ES_A128KW, ECDH_ES_A192KW, ECDH_ES_A256KW:
+	default:
+		return recipientKeyInfo{}, ErrUnsupportedAlgorithm
+	}
+
+	if publicKey == nil || !publicKey.Curve.IsOnCurve(publicKey.X, publicKey.Y) {
+		return recipientKeyInfo{}, errors.New("invalid public key")
+	}
+
+	return recipientKeyInfo{
+		keyAlg: keyAlg,
+		keyEncrypter: &ecEncrypterVerifier{
+			publicKey: publicKey,
+		},
+	}, nil
+}
+
+// newECDSASigner creates a recipientSigInfo based on the given key.
+func newECDSASigner(sigAlg SignatureAlgorithm, privateKey *ecdsa.PrivateKey) (recipientSigInfo, error) {
+	// Verify that key management algorithm is supported by this encrypter
+	switch sigAlg {
+	case ES256, ES384, ES512:
+	default:
+		return recipientSigInfo{}, ErrUnsupportedAlgorithm
+	}
+
+	if privateKey == nil {
+		return recipientSigInfo{}, errors.New("invalid private key")
+	}
+
+	return recipientSigInfo{
+		sigAlg: sigAlg,
+		publicKey: staticPublicKey(&JSONWebKey{
+			Key: privateKey.Public(),
+		}),
+		signer: &ecDecrypterSigner{
+			privateKey: privateKey,
+		},
+	}, nil
+}
+
+// Encrypt the given payload and update the object.
+func (ctx rsaEncrypterVerifier) encryptKey(cek []byte, alg KeyAlgorithm) (recipientInfo, error) {
+	encryptedKey, err := ctx.encrypt(cek, alg)
+	if err != nil {
+		return recipientInfo{}, err
+	}
+
+	return recipientInfo{
+		encryptedKey: encryptedKey,
+		header:       &rawHeader{},
+	}, nil
+}
+
+// Encrypt the given payload. Based on the key encryption algorithm,
+// this will either use RSA-PKCS1v1.5 or RSA-OAEP (with SHA-1 or SHA-256).
+func (ctx rsaEncrypterVerifier) encrypt(cek []byte, alg KeyAlgorithm) ([]byte, error) {
+	switch alg {
+	case RSA1_5:
+		return rsa.EncryptPKCS1v15(RandReader, ctx.publicKey, cek)
+	case RSA_OAEP:
+		return rsa.EncryptOAEP(sha1.New(), RandReader, ctx.publicKey, cek, []byte{})
+	case RSA_OAEP_256:
+		return rsa.EncryptOAEP(sha256.New(), RandReader, ctx.publicKey, cek, []byte{})
+	}
+
+	return nil, ErrUnsupportedAlgorithm
+}
+
+// Decrypt the given payload and return the content encryption key.
+func (ctx rsaDecrypterSigner) decryptKey(headers rawHeader, recipient *recipientInfo, generator keyGenerator) ([]byte, error) {
+	return ctx.decrypt(recipient.encryptedKey, headers.getAlgorithm(), generator)
+}
+
+// Decrypt the given payload. Based on the key encryption algorithm,
+// this will either use RSA-PKCS1v1.5 or RSA-OAEP (with SHA-1 or SHA-256).
+func (ctx rsaDecrypterSigner) decrypt(jek []byte, alg KeyAlgorithm, generator keyGenerator) ([]byte, error) {
+	// Note: The random reader on decrypt operations is only used for blinding,
+	// so stubbing is meanlingless (hence the direct use of rand.Reader).
+	switch alg {
+	case RSA1_5:
+		defer func() {
+			// DecryptPKCS1v15SessionKey sometimes panics on an invalid payload
+			// because of an index out of bounds error, which we want to ignore.
+			// This has been fixed in Go 1.3.1 (released 2014/08/13), the recover()
+			// only exists for preventing crashes with unpatched versions.
+			// See: https://groups.google.com/forum/#!topic/golang-dev/7ihX6Y6kx9k
+			// See: https://code.google.com/p/go/source/detail?r=58ee390ff31602edb66af41ed10901ec95904d33
+			_ = recover()
+		}()
+
+		// Perform some input validation.
+		keyBytes := ctx.privateKey.PublicKey.N.BitLen() / 8
+		if keyBytes != len(jek) {
+			// Input size is incorrect, the encrypted payload should always match
+			// the size of the public modulus (e.g. using a 2048 bit key will
+			// produce 256 bytes of output). Reject this since it's invalid input.
+			return nil, ErrCryptoFailure
+		}
+
+		cek, _, err := generator.genKey()
+		if err != nil {
+			return nil, ErrCryptoFailure
+		}
+
+		// When decrypting an RSA-PKCS1v1.5 payload, we must take precautions to
+		// prevent chosen-ciphertext attacks as described in RFC 3218, "Preventing
+		// the Million Message Attack on Cryptographic Message Syntax". We are
+		// therefore deliberately ignoring errors here.
+		_ = rsa.DecryptPKCS1v15SessionKey(rand.Reader, ctx.privateKey, jek, cek)
+
+		return cek, nil
+	case RSA_OAEP:
+		// Use rand.Reader for RSA blinding
+		return rsa.DecryptOAEP(sha1.New(), rand.Reader, ctx.privateKey, jek, []byte{})
+	case RSA_OAEP_256:
+		// Use rand.Reader for RSA blinding
+		return rsa.DecryptOAEP(sha256.New(), rand.Reader, ctx.privateKey, jek, []byte{})
+	}
+
+	return nil, ErrUnsupportedAlgorithm
+}
+
+// Sign the given payload
+func (ctx rsaDecrypterSigner) signPayload(payload []byte, alg SignatureAlgorithm) (Signature, error) {
+	var hash crypto.Hash
+
+	switch alg {
+	case RS256, PS256:
+		hash = crypto.SHA256
+	case RS384, PS384:
+		hash = crypto.SHA384
+	case RS512, PS512:
+		hash = crypto.SHA512
+	default:
+		return Signature{}, ErrUnsupportedAlgorithm
+	}
+
+	hasher := hash.New()
+
+	// According to documentation, Write() on hash never fails
+	_, _ = hasher.Write(payload)
+	hashed := hasher.Sum(nil)
+
+	var out []byte
+	var err error
+
+	switch alg {
+	case RS256, RS384, RS512:
+		out, err = rsa.SignPKCS1v15(RandReader, ctx.privateKey, hash, hashed)
+	case PS256, PS384, PS512:
+		out, err = rsa.SignPSS(RandReader, ctx.privateKey, hash, hashed, &rsa.PSSOptions{
+			SaltLength: rsa.PSSSaltLengthEqualsHash,
+		})
+	}
+
+	if err != nil {
+		return Signature{}, err
+	}
+
+	return Signature{
+		Signature: out,
+		protected: &rawHeader{},
+	}, nil
+}
+
+// Verify the given payload
+func (ctx rsaEncrypterVerifier) verifyPayload(payload []byte, signature []byte, alg SignatureAlgorithm) error {
+	var hash crypto.Hash
+
+	switch alg {
+	case RS256, PS256:
+		hash = crypto.SHA256
+	case RS384, PS384:
+		hash = crypto.SHA384
+	case RS512, PS512:
+		hash = crypto.SHA512
+	default:
+		return ErrUnsupportedAlgorithm
+	}
+
+	hasher := hash.New()
+
+	// According to documentation, Write() on hash never fails
+	_, _ = hasher.Write(payload)
+	hashed := hasher.Sum(nil)
+
+	switch alg {
+	case RS256, RS384, RS512:
+		return rsa.VerifyPKCS1v15(ctx.publicKey, hash, hashed, signature)
+	case PS256, PS384, PS512:
+		return rsa.VerifyPSS(ctx.publicKey, hash, hashed, signature, nil)
+	}
+
+	return ErrUnsupportedAlgorithm
+}
+
+// Encrypt the given payload and update the object.
+func (ctx ecEncrypterVerifier) encryptKey(cek []byte, alg KeyAlgorithm) (recipientInfo, error) {
+	switch alg {
+	case ECDH_ES:
+		// ECDH-ES mode doesn't wrap a key, the shared secret is used directly as the key.
+		return recipientInfo{
+			header: &rawHeader{},
+		}, nil
+	case ECDH_ES_A128KW, ECDH_ES_A192KW, ECDH_ES_A256KW:
+	default:
+		return recipientInfo{}, ErrUnsupportedAlgorithm
+	}
+
+	generator := ecKeyGenerator{
+		algID:     string(alg),
+		publicKey: ctx.publicKey,
+	}
+
+	switch alg {
+	case ECDH_ES_A128KW:
+		generator.size = 16
+	case ECDH_ES_A192KW:
+		generator.size = 24
+	case ECDH_ES_A256KW:
+		generator.size = 32
+	}
+
+	kek, header, err := generator.genKey()
+	if err != nil {
+		return recipientInfo{}, err
+	}
+
+	block, err := aes.NewCipher(kek)
+	if err != nil {
+		return recipientInfo{}, err
+	}
+
+	jek, err := josecipher.KeyWrap(block, cek)
+	if err != nil {
+		return recipientInfo{}, err
+	}
+
+	return recipientInfo{
+		encryptedKey: jek,
+		header:       &header,
+	}, nil
+}
+
+// Get key size for EC key generator
+func (ctx ecKeyGenerator) keySize() int {
+	return ctx.size
+}
+
+// Get a content encryption key for ECDH-ES
+func (ctx ecKeyGenerator) genKey() ([]byte, rawHeader, error) {
+	priv, err := ecdsa.GenerateKey(ctx.publicKey.Curve, RandReader)
+	if err != nil {
+		return nil, rawHeader{}, err
+	}
+
+	out := josecipher.DeriveECDHES(ctx.algID, []byte{}, []byte{}, priv, ctx.publicKey, ctx.size)
+
+	b, err := json.Marshal(&JSONWebKey{
+		Key: &priv.PublicKey,
+	})
+	if err != nil {
+		return nil, nil, err
+	}
+
+	headers := rawHeader{
+		headerEPK: makeRawMessage(b),
+	}
+
+	return out, headers, nil
+}
+
+// Decrypt the given payload and return the content encryption key.
+func (ctx ecDecrypterSigner) decryptKey(headers rawHeader, recipient *recipientInfo, generator keyGenerator) ([]byte, error) {
+	epk, err := headers.getEPK()
+	if err != nil {
+		return nil, errors.New("go-jose/go-jose: invalid epk header")
+	}
+	if epk == nil {
+		return nil, errors.New("go-jose/go-jose: missing epk header")
+	}
+
+	publicKey, ok := epk.Key.(*ecdsa.PublicKey)
+	if publicKey == nil || !ok {
+		return nil, errors.New("go-jose/go-jose: invalid epk header")
+	}
+
+	if !ctx.privateKey.Curve.IsOnCurve(publicKey.X, publicKey.Y) {
+		return nil, errors.New("go-jose/go-jose: invalid public key in epk header")
+	}
+
+	apuData, err := headers.getAPU()
+	if err != nil {
+		return nil, errors.New("go-jose/go-jose: invalid apu header")
+	}
+	apvData, err := headers.getAPV()
+	if err != nil {
+		return nil, errors.New("go-jose/go-jose: invalid apv header")
+	}
+
+	deriveKey := func(algID string, size int) []byte {
+		return josecipher.DeriveECDHES(algID, apuData.bytes(), apvData.bytes(), ctx.privateKey, publicKey, size)
+	}
+
+	var keySize int
+
+	algorithm := headers.getAlgorithm()
+	switch algorithm {
+	case ECDH_ES:
+		// ECDH-ES uses direct key agreement, no key unwrapping necessary.
+		return deriveKey(string(headers.getEncryption()), generator.keySize()), nil
+	case ECDH_ES_A128KW:
+		keySize = 16
+	case ECDH_ES_A192KW:
+		keySize = 24
+	case ECDH_ES_A256KW:
+		keySize = 32
+	default:
+		return nil, ErrUnsupportedAlgorithm
+	}
+
+	key := deriveKey(string(algorithm), keySize)
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		return nil, err
+	}
+
+	return josecipher.KeyUnwrap(block, recipient.encryptedKey)
+}
+
+func (ctx edDecrypterSigner) signPayload(payload []byte, alg SignatureAlgorithm) (Signature, error) {
+	if alg != EdDSA {
+		return Signature{}, ErrUnsupportedAlgorithm
+	}
+
+	sig, err := ctx.privateKey.Sign(RandReader, payload, crypto.Hash(0))
+	if err != nil {
+		return Signature{}, err
+	}
+
+	return Signature{
+		Signature: sig,
+		protected: &rawHeader{},
+	}, nil
+}
+
+func (ctx edEncrypterVerifier) verifyPayload(payload []byte, signature []byte, alg SignatureAlgorithm) error {
+	if alg != EdDSA {
+		return ErrUnsupportedAlgorithm
+	}
+	ok := ed25519.Verify(ctx.publicKey, payload, signature)
+	if !ok {
+		return errors.New("go-jose/go-jose: ed25519 signature failed to verify")
+	}
+	return nil
+}
+
+// Sign the given payload
+func (ctx ecDecrypterSigner) signPayload(payload []byte, alg SignatureAlgorithm) (Signature, error) {
+	var expectedBitSize int
+	var hash crypto.Hash
+
+	switch alg {
+	case ES256:
+		expectedBitSize = 256
+		hash = crypto.SHA256
+	case ES384:
+		expectedBitSize = 384
+		hash = crypto.SHA384
+	case ES512:
+		expectedBitSize = 521
+		hash = crypto.SHA512
+	}
+
+	curveBits := ctx.privateKey.Curve.Params().BitSize
+	if expectedBitSize != curveBits {
+		return Signature{}, fmt.Errorf("go-jose/go-jose: expected %d bit key, got %d bits instead", expectedBitSize, curveBits)
+	}
+
+	hasher := hash.New()
+
+	// According to documentation, Write() on hash never fails
+	_, _ = hasher.Write(payload)
+	hashed := hasher.Sum(nil)
+
+	r, s, err := ecdsa.Sign(RandReader, ctx.privateKey, hashed)
+	if err != nil {
+		return Signature{}, err
+	}
+
+	keyBytes := curveBits / 8
+	if curveBits%8 > 0 {
+		keyBytes++
+	}
+
+	// We serialize the outputs (r and s) into big-endian byte arrays and pad
+	// them with zeros on the left to make sure the sizes work out. Both arrays
+	// must be keyBytes long, and the output must be 2*keyBytes long.
+	rBytes := r.Bytes()
+	rBytesPadded := make([]byte, keyBytes)
+	copy(rBytesPadded[keyBytes-len(rBytes):], rBytes)
+
+	sBytes := s.Bytes()
+	sBytesPadded := make([]byte, keyBytes)
+	copy(sBytesPadded[keyBytes-len(sBytes):], sBytes)
+
+	out := append(rBytesPadded, sBytesPadded...)
+
+	return Signature{
+		Signature: out,
+		protected: &rawHeader{},
+	}, nil
+}
+
+// Verify the given payload
+func (ctx ecEncrypterVerifier) verifyPayload(payload []byte, signature []byte, alg SignatureAlgorithm) error {
+	var keySize int
+	var hash crypto.Hash
+
+	switch alg {
+	case ES256:
+		keySize = 32
+		hash = crypto.SHA256
+	case ES384:
+		keySize = 48
+		hash = crypto.SHA384
+	case ES512:
+		keySize = 66
+		hash = crypto.SHA512
+	default:
+		return ErrUnsupportedAlgorithm
+	}
+
+	if len(signature) != 2*keySize {
+		return fmt.Errorf("go-jose/go-jose: invalid signature size, have %d bytes, wanted %d", len(signature), 2*keySize)
+	}
+
+	hasher := hash.New()
+
+	// According to documentation, Write() on hash never fails
+	_, _ = hasher.Write(payload)
+	hashed := hasher.Sum(nil)
+
+	r := big.NewInt(0).SetBytes(signature[:keySize])
+	s := big.NewInt(0).SetBytes(signature[keySize:])
+
+	match := ecdsa.Verify(ctx.publicKey, hashed, r, s)
+	if !match {
+		return errors.New("go-jose/go-jose: ecdsa signature failed to verify")
+	}
+
+	return nil
+}
diff --git a/vendor/gopkg.in/go-jose/go-jose.v2/cipher/cbc_hmac.go b/vendor/gopkg.in/go-jose/go-jose.v2/cipher/cbc_hmac.go
new file mode 100644
index 0000000000..87065a5b96
--- /dev/null
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/cipher/cbc_hmac.go
@@ -0,0 +1,196 @@
+/*-
+ * Copyright 2014 Square Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package josecipher
+
+import (
+	"bytes"
+	"crypto/cipher"
+	"crypto/hmac"
+	"crypto/sha256"
+	"crypto/sha512"
+	"crypto/subtle"
+	"encoding/binary"
+	"errors"
+	"hash"
+)
+
+const (
+	nonceBytes = 16
+)
+
+// NewCBCHMAC instantiates a new AEAD based on CBC+HMAC.
+func NewCBCHMAC(key []byte, newBlockCipher func([]byte) (cipher.Block, error)) (cipher.AEAD, error) {
+	keySize := len(key) / 2
+	integrityKey := key[:keySize]
+	encryptionKey := key[keySize:]
+
+	blockCipher, err := newBlockCipher(encryptionKey)
+	if err != nil {
+		return nil, err
+	}
+
+	var hash func() hash.Hash
+	switch keySize {
+	case 16:
+		hash = sha256.New
+	case 24:
+		hash = sha512.New384
+	case 32:
+		hash = sha512.New
+	}
+
+	return &cbcAEAD{
+		hash:         hash,
+		blockCipher:  blockCipher,
+		authtagBytes: keySize,
+		integrityKey: integrityKey,
+	}, nil
+}
+
+// An AEAD based on CBC+HMAC
+type cbcAEAD struct {
+	hash         func() hash.Hash
+	authtagBytes int
+	integrityKey []byte
+	blockCipher  cipher.Block
+}
+
+func (ctx *cbcAEAD) NonceSize() int {
+	return nonceBytes
+}
+
+func (ctx *cbcAEAD) Overhead() int {
+	// Maximum overhead is block size (for padding) plus auth tag length, where
+	// the length of the auth tag is equivalent to the key size.
+	return ctx.blockCipher.BlockSize() + ctx.authtagBytes
+}
+
+// Seal encrypts and authenticates the plaintext.
+func (ctx *cbcAEAD) Seal(dst, nonce, plaintext, data []byte) []byte {
+	// Output buffer -- must take care not to mangle plaintext input.
+	ciphertext := make([]byte, uint64(len(plaintext))+uint64(ctx.Overhead()))[:len(plaintext)]
+	copy(ciphertext, plaintext)
+	ciphertext = padBuffer(ciphertext, ctx.blockCipher.BlockSize())
+
+	cbc := cipher.NewCBCEncrypter(ctx.blockCipher, nonce)
+
+	cbc.CryptBlocks(ciphertext, ciphertext)
+	authtag := ctx.computeAuthTag(data, nonce, ciphertext)
+
+	ret, out := resize(dst, uint64(len(dst))+uint64(len(ciphertext))+uint64(len(authtag)))
+	copy(out, ciphertext)
+	copy(out[len(ciphertext):], authtag)
+
+	return ret
+}
+
+// Open decrypts and authenticates the ciphertext.
+func (ctx *cbcAEAD) Open(dst, nonce, ciphertext, data []byte) ([]byte, error) {
+	if len(ciphertext) < ctx.authtagBytes {
+		return nil, errors.New("go-jose/go-jose: invalid ciphertext (too short)")
+	}
+
+	offset := len(ciphertext) - ctx.authtagBytes
+	expectedTag := ctx.computeAuthTag(data, nonce, ciphertext[:offset])
+	match := subtle.ConstantTimeCompare(expectedTag, ciphertext[offset:])
+	if match != 1 {
+		return nil, errors.New("go-jose/go-jose: invalid ciphertext (auth tag mismatch)")
+	}
+
+	cbc := cipher.NewCBCDecrypter(ctx.blockCipher, nonce)
+
+	// Make copy of ciphertext buffer, don't want to modify in place
+	buffer := append([]byte{}, []byte(ciphertext[:offset])...)
+
+	if len(buffer)%ctx.blockCipher.BlockSize() > 0 {
+		return nil, errors.New("go-jose/go-jose: invalid ciphertext (invalid length)")
+	}
+
+	cbc.CryptBlocks(buffer, buffer)
+
+	// Remove padding
+	plaintext, err := unpadBuffer(buffer, ctx.blockCipher.BlockSize())
+	if err != nil {
+		return nil, err
+	}
+
+	ret, out := resize(dst, uint64(len(dst))+uint64(len(plaintext)))
+	copy(out, plaintext)
+
+	return ret, nil
+}
+
+// Compute an authentication tag
+func (ctx *cbcAEAD) computeAuthTag(aad, nonce, ciphertext []byte) []byte {
+	buffer := make([]byte, uint64(len(aad))+uint64(len(nonce))+uint64(len(ciphertext))+8)
+	n := 0
+	n += copy(buffer, aad)
+	n += copy(buffer[n:], nonce)
+	n += copy(buffer[n:], ciphertext)
+	binary.BigEndian.PutUint64(buffer[n:], uint64(len(aad))*8)
+
+	// According to documentation, Write() on hash.Hash never fails.
+	hmac := hmac.New(ctx.hash, ctx.integrityKey)
+	_, _ = hmac.Write(buffer)
+
+	return hmac.Sum(nil)[:ctx.authtagBytes]
+}
+
+// resize ensures that the given slice has a capacity of at least n bytes.
+// If the capacity of the slice is less than n, a new slice is allocated
+// and the existing data will be copied.
+func resize(in []byte, n uint64) (head, tail []byte) {
+	if uint64(cap(in)) >= n {
+		head = in[:n]
+	} else {
+		head = make([]byte, n)
+		copy(head, in)
+	}
+
+	tail = head[len(in):]
+	return
+}
+
+// Apply padding
+func padBuffer(buffer []byte, blockSize int) []byte {
+	missing := blockSize - (len(buffer) % blockSize)
+	ret, out := resize(buffer, uint64(len(buffer))+uint64(missing))
+	padding := bytes.Repeat([]byte{byte(missing)}, missing)
+	copy(out, padding)
+	return ret
+}
+
+// Remove padding
+func unpadBuffer(buffer []byte, blockSize int) ([]byte, error) {
+	if len(buffer)%blockSize != 0 {
+		return nil, errors.New("go-jose/go-jose: invalid padding")
+	}
+
+	last := buffer[len(buffer)-1]
+	count := int(last)
+
+	if count == 0 || count > blockSize || count > len(buffer) {
+		return nil, errors.New("go-jose/go-jose: invalid padding")
+	}
+
+	padding := bytes.Repeat([]byte{last}, count)
+	if !bytes.HasSuffix(buffer, padding) {
+		return nil, errors.New("go-jose/go-jose: invalid padding")
+	}
+
+	return buffer[:len(buffer)-count], nil
+}
diff --git a/vendor/gopkg.in/go-jose/go-jose.v2/cipher/concat_kdf.go b/vendor/gopkg.in/go-jose/go-jose.v2/cipher/concat_kdf.go
new file mode 100644
index 0000000000..f62c3bdba5
--- /dev/null
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/cipher/concat_kdf.go
@@ -0,0 +1,75 @@
+/*-
+ * Copyright 2014 Square Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package josecipher
+
+import (
+	"crypto"
+	"encoding/binary"
+	"hash"
+	"io"
+)
+
+type concatKDF struct {
+	z, info []byte
+	i       uint32
+	cache   []byte
+	hasher  hash.Hash
+}
+
+// NewConcatKDF builds a KDF reader based on the given inputs.
+func NewConcatKDF(hash crypto.Hash, z, algID, ptyUInfo, ptyVInfo, supPubInfo, supPrivInfo []byte) io.Reader {
+	buffer := make([]byte, uint64(len(algID))+uint64(len(ptyUInfo))+uint64(len(ptyVInfo))+uint64(len(supPubInfo))+uint64(len(supPrivInfo)))
+	n := 0
+	n += copy(buffer, algID)
+	n += copy(buffer[n:], ptyUInfo)
+	n += copy(buffer[n:], ptyVInfo)
+	n += copy(buffer[n:], supPubInfo)
+	copy(buffer[n:], supPrivInfo)
+
+	hasher := hash.New()
+
+	return &concatKDF{
+		z:      z,
+		info:   buffer,
+		hasher: hasher,
+		cache:  []byte{},
+		i:      1,
+	}
+}
+
+func (ctx *concatKDF) Read(out []byte) (int, error) {
+	copied := copy(out, ctx.cache)
+	ctx.cache = ctx.cache[copied:]
+
+	for copied < len(out) {
+		ctx.hasher.Reset()
+
+		// Write on a hash.Hash never fails
+		_ = binary.Write(ctx.hasher, binary.BigEndian, ctx.i)
+		_, _ = ctx.hasher.Write(ctx.z)
+		_, _ = ctx.hasher.Write(ctx.info)
+
+		hash := ctx.hasher.Sum(nil)
+		chunkCopied := copy(out[copied:], hash)
+		copied += chunkCopied
+		ctx.cache = hash[chunkCopied:]
+
+		ctx.i++
+	}
+
+	return copied, nil
+}
diff --git a/vendor/gopkg.in/go-jose/go-jose.v2/cipher/ecdh_es.go b/vendor/gopkg.in/go-jose/go-jose.v2/cipher/ecdh_es.go
new file mode 100644
index 0000000000..093c646740
--- /dev/null
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/cipher/ecdh_es.go
@@ -0,0 +1,86 @@
+/*-
+ * Copyright 2014 Square Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package josecipher
+
+import (
+	"bytes"
+	"crypto"
+	"crypto/ecdsa"
+	"crypto/elliptic"
+	"encoding/binary"
+)
+
+// DeriveECDHES derives a shared encryption key using ECDH/ConcatKDF as described in JWE/JWA.
+// It is an error to call this function with a private/public key that are not on the same
+// curve. Callers must ensure that the keys are valid before calling this function. Output
+// size may be at most 1<<16 bytes (64 KiB).
+func DeriveECDHES(alg string, apuData, apvData []byte, priv *ecdsa.PrivateKey, pub *ecdsa.PublicKey, size int) []byte {
+	if size > 1<<16 {
+		panic("ECDH-ES output size too large, must be less than or equal to 1<<16")
+	}
+
+	// algId, partyUInfo, partyVInfo inputs must be prefixed with the length
+	algID := lengthPrefixed([]byte(alg))
+	ptyUInfo := lengthPrefixed(apuData)
+	ptyVInfo := lengthPrefixed(apvData)
+
+	// suppPubInfo is the encoded length of the output size in bits
+	supPubInfo := make([]byte, 4)
+	binary.BigEndian.PutUint32(supPubInfo, uint32(size)*8)
+
+	if !priv.PublicKey.Curve.IsOnCurve(pub.X, pub.Y) {
+		panic("public key not on same curve as private key")
+	}
+
+	z, _ := priv.Curve.ScalarMult(pub.X, pub.Y, priv.D.Bytes())
+	zBytes := z.Bytes()
+
+	// Note that calling z.Bytes() on a big.Int may strip leading zero bytes from
+	// the returned byte array. This can lead to a problem where zBytes will be
+	// shorter than expected which breaks the key derivation. Therefore we must pad
+	// to the full length of the expected coordinate here before calling the KDF.
+	octSize := dSize(priv.Curve)
+	if len(zBytes) != octSize {
+		zBytes = append(bytes.Repeat([]byte{0}, octSize-len(zBytes)), zBytes...)
+	}
+
+	reader := NewConcatKDF(crypto.SHA256, zBytes, algID, ptyUInfo, ptyVInfo, supPubInfo, []byte{})
+	key := make([]byte, size)
+
+	// Read on the KDF will never fail
+	_, _ = reader.Read(key)
+
+	return key
+}
+
+// dSize returns the size in octets for a coordinate on a elliptic curve.
+func dSize(curve elliptic.Curve) int {
+	order := curve.Params().P
+	bitLen := order.BitLen()
+	size := bitLen / 8
+	if bitLen%8 != 0 {
+		size++
+	}
+	return size
+}
+
+func lengthPrefixed(data []byte) []byte {
+	out := make([]byte, len(data)+4)
+	binary.BigEndian.PutUint32(out, uint32(len(data)))
+	copy(out[4:], data)
+	return out
+}
diff --git a/vendor/gopkg.in/go-jose/go-jose.v2/cipher/key_wrap.go b/vendor/gopkg.in/go-jose/go-jose.v2/cipher/key_wrap.go
new file mode 100644
index 0000000000..668358f981
--- /dev/null
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/cipher/key_wrap.go
@@ -0,0 +1,109 @@
+/*-
+ * Copyright 2014 Square Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package josecipher
+
+import (
+	"crypto/cipher"
+	"crypto/subtle"
+	"encoding/binary"
+	"errors"
+)
+
+var defaultIV = []byte{0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6}
+
+// KeyWrap implements NIST key wrapping; it wraps a content encryption key (cek) with the given block cipher.
+func KeyWrap(block cipher.Block, cek []byte) ([]byte, error) {
+	if len(cek)%8 != 0 {
+		return nil, errors.New("go-jose/go-jose: key wrap input must be 8 byte blocks")
+	}
+
+	n := len(cek) / 8
+	r := make([][]byte, n)
+
+	for i := range r {
+		r[i] = make([]byte, 8)
+		copy(r[i], cek[i*8:])
+	}
+
+	buffer := make([]byte, 16)
+	tBytes := make([]byte, 8)
+	copy(buffer, defaultIV)
+
+	for t := 0; t < 6*n; t++ {
+		copy(buffer[8:], r[t%n])
+
+		block.Encrypt(buffer, buffer)
+
+		binary.BigEndian.PutUint64(tBytes, uint64(t+1))
+
+		for i := 0; i < 8; i++ {
+			buffer[i] = buffer[i] ^ tBytes[i]
+		}
+		copy(r[t%n], buffer[8:])
+	}
+
+	out := make([]byte, (n+1)*8)
+	copy(out, buffer[:8])
+	for i := range r {
+		copy(out[(i+1)*8:], r[i])
+	}
+
+	return out, nil
+}
+
+// KeyUnwrap implements NIST key unwrapping; it unwraps a content encryption key (cek) with the given block cipher.
+func KeyUnwrap(block cipher.Block, ciphertext []byte) ([]byte, error) {
+	if len(ciphertext)%8 != 0 {
+		return nil, errors.New("go-jose/go-jose: key wrap input must be 8 byte blocks")
+	}
+
+	n := (len(ciphertext) / 8) - 1
+	r := make([][]byte, n)
+
+	for i := range r {
+		r[i] = make([]byte, 8)
+		copy(r[i], ciphertext[(i+1)*8:])
+	}
+
+	buffer := make([]byte, 16)
+	tBytes := make([]byte, 8)
+	copy(buffer[:8], ciphertext[:8])
+
+	for t := 6*n - 1; t >= 0; t-- {
+		binary.BigEndian.PutUint64(tBytes, uint64(t+1))
+
+		for i := 0; i < 8; i++ {
+			buffer[i] = buffer[i] ^ tBytes[i]
+		}
+		copy(buffer[8:], r[t%n])
+
+		block.Decrypt(buffer, buffer)
+
+		copy(r[t%n], buffer[8:])
+	}
+
+	if subtle.ConstantTimeCompare(buffer[:8], defaultIV) == 0 {
+		return nil, errors.New("go-jose/go-jose: failed to unwrap key")
+	}
+
+	out := make([]byte, n*8)
+	for i := range r {
+		copy(out[i*8:], r[i])
+	}
+
+	return out, nil
+}
diff --git a/vendor/gopkg.in/go-jose/go-jose.v2/crypter.go b/vendor/gopkg.in/go-jose/go-jose.v2/crypter.go
new file mode 100644
index 0000000000..73aab0fabb
--- /dev/null
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/crypter.go
@@ -0,0 +1,542 @@
+/*-
+ * Copyright 2014 Square Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package jose
+
+import (
+	"crypto/ecdsa"
+	"crypto/rsa"
+	"errors"
+	"fmt"
+	"reflect"
+
+	"gopkg.in/go-jose/go-jose.v2/json"
+)
+
+// Encrypter represents an encrypter which produces an encrypted JWE object.
+type Encrypter interface {
+	Encrypt(plaintext []byte) (*JSONWebEncryption, error)
+	EncryptWithAuthData(plaintext []byte, aad []byte) (*JSONWebEncryption, error)
+	Options() EncrypterOptions
+}
+
+// A generic content cipher
+type contentCipher interface {
+	keySize() int
+	encrypt(cek []byte, aad, plaintext []byte) (*aeadParts, error)
+	decrypt(cek []byte, aad []byte, parts *aeadParts) ([]byte, error)
+}
+
+// A key generator (for generating/getting a CEK)
+type keyGenerator interface {
+	keySize() int
+	genKey() ([]byte, rawHeader, error)
+}
+
+// A generic key encrypter
+type keyEncrypter interface {
+	encryptKey(cek []byte, alg KeyAlgorithm) (recipientInfo, error) // Encrypt a key
+}
+
+// A generic key decrypter
+type keyDecrypter interface {
+	decryptKey(headers rawHeader, recipient *recipientInfo, generator keyGenerator) ([]byte, error) // Decrypt a key
+}
+
+// A generic encrypter based on the given key encrypter and content cipher.
+type genericEncrypter struct {
+	contentAlg     ContentEncryption
+	compressionAlg CompressionAlgorithm
+	cipher         contentCipher
+	recipients     []recipientKeyInfo
+	keyGenerator   keyGenerator
+	extraHeaders   map[HeaderKey]interface{}
+}
+
+type recipientKeyInfo struct {
+	keyID        string
+	keyAlg       KeyAlgorithm
+	keyEncrypter keyEncrypter
+}
+
+// EncrypterOptions represents options that can be set on new encrypters.
+type EncrypterOptions struct {
+	Compression CompressionAlgorithm
+
+	// Optional map of additional keys to be inserted into the protected header
+	// of a JWS object. Some specifications which make use of JWS like to insert
+	// additional values here. All values must be JSON-serializable.
+	ExtraHeaders map[HeaderKey]interface{}
+}
+
+// WithHeader adds an arbitrary value to the ExtraHeaders map, initializing it
+// if necessary. It returns itself and so can be used in a fluent style.
+func (eo *EncrypterOptions) WithHeader(k HeaderKey, v interface{}) *EncrypterOptions {
+	if eo.ExtraHeaders == nil {
+		eo.ExtraHeaders = map[HeaderKey]interface{}{}
+	}
+	eo.ExtraHeaders[k] = v
+	return eo
+}
+
+// WithContentType adds a content type ("cty") header and returns the updated
+// EncrypterOptions.
+func (eo *EncrypterOptions) WithContentType(contentType ContentType) *EncrypterOptions {
+	return eo.WithHeader(HeaderContentType, contentType)
+}
+
+// WithType adds a type ("typ") header and returns the updated EncrypterOptions.
+func (eo *EncrypterOptions) WithType(typ ContentType) *EncrypterOptions {
+	return eo.WithHeader(HeaderType, typ)
+}
+
+// Recipient represents an algorithm/key to encrypt messages to.
+//
+// PBES2Count and PBES2Salt correspond with the  "p2c" and "p2s" headers used
+// on the password-based encryption algorithms PBES2-HS256+A128KW,
+// PBES2-HS384+A192KW, and PBES2-HS512+A256KW. If they are not provided a safe
+// default of 100000 will be used for the count and a 128-bit random salt will
+// be generated.
+type Recipient struct {
+	Algorithm  KeyAlgorithm
+	Key        interface{}
+	KeyID      string
+	PBES2Count int
+	PBES2Salt  []byte
+}
+
+// NewEncrypter creates an appropriate encrypter based on the key type
+func NewEncrypter(enc ContentEncryption, rcpt Recipient, opts *EncrypterOptions) (Encrypter, error) {
+	encrypter := &genericEncrypter{
+		contentAlg: enc,
+		recipients: []recipientKeyInfo{},
+		cipher:     getContentCipher(enc),
+	}
+	if opts != nil {
+		encrypter.compressionAlg = opts.Compression
+		encrypter.extraHeaders = opts.ExtraHeaders
+	}
+
+	if encrypter.cipher == nil {
+		return nil, ErrUnsupportedAlgorithm
+	}
+
+	var keyID string
+	var rawKey interface{}
+	switch encryptionKey := rcpt.Key.(type) {
+	case JSONWebKey:
+		keyID, rawKey = encryptionKey.KeyID, encryptionKey.Key
+	case *JSONWebKey:
+		keyID, rawKey = encryptionKey.KeyID, encryptionKey.Key
+	case OpaqueKeyEncrypter:
+		keyID, rawKey = encryptionKey.KeyID(), encryptionKey
+	default:
+		rawKey = encryptionKey
+	}
+
+	switch rcpt.Algorithm {
+	case DIRECT:
+		// Direct encryption mode must be treated differently
+		if reflect.TypeOf(rawKey) != reflect.TypeOf([]byte{}) {
+			return nil, ErrUnsupportedKeyType
+		}
+		if encrypter.cipher.keySize() != len(rawKey.([]byte)) {
+			return nil, ErrInvalidKeySize
+		}
+		encrypter.keyGenerator = staticKeyGenerator{
+			key: rawKey.([]byte),
+		}
+		recipientInfo, _ := newSymmetricRecipient(rcpt.Algorithm, rawKey.([]byte))
+		recipientInfo.keyID = keyID
+		if rcpt.KeyID != "" {
+			recipientInfo.keyID = rcpt.KeyID
+		}
+		encrypter.recipients = []recipientKeyInfo{recipientInfo}
+		return encrypter, nil
+	case ECDH_ES:
+		// ECDH-ES (w/o key wrapping) is similar to DIRECT mode
+		typeOf := reflect.TypeOf(rawKey)
+		if typeOf != reflect.TypeOf(&ecdsa.PublicKey{}) {
+			return nil, ErrUnsupportedKeyType
+		}
+		encrypter.keyGenerator = ecKeyGenerator{
+			size:      encrypter.cipher.keySize(),
+			algID:     string(enc),
+			publicKey: rawKey.(*ecdsa.PublicKey),
+		}
+		recipientInfo, _ := newECDHRecipient(rcpt.Algorithm, rawKey.(*ecdsa.PublicKey))
+		recipientInfo.keyID = keyID
+		if rcpt.KeyID != "" {
+			recipientInfo.keyID = rcpt.KeyID
+		}
+		encrypter.recipients = []recipientKeyInfo{recipientInfo}
+		return encrypter, nil
+	default:
+		// Can just add a standard recipient
+		encrypter.keyGenerator = randomKeyGenerator{
+			size: encrypter.cipher.keySize(),
+		}
+		err := encrypter.addRecipient(rcpt)
+		return encrypter, err
+	}
+}
+
+// NewMultiEncrypter creates a multi-encrypter based on the given parameters
+func NewMultiEncrypter(enc ContentEncryption, rcpts []Recipient, opts *EncrypterOptions) (Encrypter, error) {
+	cipher := getContentCipher(enc)
+
+	if cipher == nil {
+		return nil, ErrUnsupportedAlgorithm
+	}
+	if rcpts == nil || len(rcpts) == 0 {
+		return nil, fmt.Errorf("go-jose/go-jose: recipients is nil or empty")
+	}
+
+	encrypter := &genericEncrypter{
+		contentAlg: enc,
+		recipients: []recipientKeyInfo{},
+		cipher:     cipher,
+		keyGenerator: randomKeyGenerator{
+			size: cipher.keySize(),
+		},
+	}
+
+	if opts != nil {
+		encrypter.compressionAlg = opts.Compression
+		encrypter.extraHeaders = opts.ExtraHeaders
+	}
+
+	for _, recipient := range rcpts {
+		err := encrypter.addRecipient(recipient)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	return encrypter, nil
+}
+
+func (ctx *genericEncrypter) addRecipient(recipient Recipient) (err error) {
+	var recipientInfo recipientKeyInfo
+
+	switch recipient.Algorithm {
+	case DIRECT, ECDH_ES:
+		return fmt.Errorf("go-jose/go-jose: key algorithm '%s' not supported in multi-recipient mode", recipient.Algorithm)
+	}
+
+	recipientInfo, err = makeJWERecipient(recipient.Algorithm, recipient.Key)
+	if recipient.KeyID != "" {
+		recipientInfo.keyID = recipient.KeyID
+	}
+
+	switch recipient.Algorithm {
+	case PBES2_HS256_A128KW, PBES2_HS384_A192KW, PBES2_HS512_A256KW:
+		if sr, ok := recipientInfo.keyEncrypter.(*symmetricKeyCipher); ok {
+			sr.p2c = recipient.PBES2Count
+			sr.p2s = recipient.PBES2Salt
+		}
+	}
+
+	if err == nil {
+		ctx.recipients = append(ctx.recipients, recipientInfo)
+	}
+	return err
+}
+
+func makeJWERecipient(alg KeyAlgorithm, encryptionKey interface{}) (recipientKeyInfo, error) {
+	switch encryptionKey := encryptionKey.(type) {
+	case *rsa.PublicKey:
+		return newRSARecipient(alg, encryptionKey)
+	case *ecdsa.PublicKey:
+		return newECDHRecipient(alg, encryptionKey)
+	case []byte:
+		return newSymmetricRecipient(alg, encryptionKey)
+	case string:
+		return newSymmetricRecipient(alg, []byte(encryptionKey))
+	case *JSONWebKey:
+		recipient, err := makeJWERecipient(alg, encryptionKey.Key)
+		recipient.keyID = encryptionKey.KeyID
+		return recipient, err
+	}
+	if encrypter, ok := encryptionKey.(OpaqueKeyEncrypter); ok {
+		return newOpaqueKeyEncrypter(alg, encrypter)
+	}
+	return recipientKeyInfo{}, ErrUnsupportedKeyType
+}
+
+// newDecrypter creates an appropriate decrypter based on the key type
+func newDecrypter(decryptionKey interface{}) (keyDecrypter, error) {
+	switch decryptionKey := decryptionKey.(type) {
+	case *rsa.PrivateKey:
+		return &rsaDecrypterSigner{
+			privateKey: decryptionKey,
+		}, nil
+	case *ecdsa.PrivateKey:
+		return &ecDecrypterSigner{
+			privateKey: decryptionKey,
+		}, nil
+	case []byte:
+		return &symmetricKeyCipher{
+			key: decryptionKey,
+		}, nil
+	case string:
+		return &symmetricKeyCipher{
+			key: []byte(decryptionKey),
+		}, nil
+	case JSONWebKey:
+		return newDecrypter(decryptionKey.Key)
+	case *JSONWebKey:
+		return newDecrypter(decryptionKey.Key)
+	}
+	if okd, ok := decryptionKey.(OpaqueKeyDecrypter); ok {
+		return &opaqueKeyDecrypter{decrypter: okd}, nil
+	}
+	return nil, ErrUnsupportedKeyType
+}
+
+// Implementation of encrypt method producing a JWE object.
+func (ctx *genericEncrypter) Encrypt(plaintext []byte) (*JSONWebEncryption, error) {
+	return ctx.EncryptWithAuthData(plaintext, nil)
+}
+
+// Implementation of encrypt method producing a JWE object.
+func (ctx *genericEncrypter) EncryptWithAuthData(plaintext, aad []byte) (*JSONWebEncryption, error) {
+	obj := &JSONWebEncryption{}
+	obj.aad = aad
+
+	obj.protected = &rawHeader{}
+	err := obj.protected.set(headerEncryption, ctx.contentAlg)
+	if err != nil {
+		return nil, err
+	}
+
+	obj.recipients = make([]recipientInfo, len(ctx.recipients))
+
+	if len(ctx.recipients) == 0 {
+		return nil, fmt.Errorf("go-jose/go-jose: no recipients to encrypt to")
+	}
+
+	cek, headers, err := ctx.keyGenerator.genKey()
+	if err != nil {
+		return nil, err
+	}
+
+	obj.protected.merge(&headers)
+
+	for i, info := range ctx.recipients {
+		recipient, err := info.keyEncrypter.encryptKey(cek, info.keyAlg)
+		if err != nil {
+			return nil, err
+		}
+
+		err = recipient.header.set(headerAlgorithm, info.keyAlg)
+		if err != nil {
+			return nil, err
+		}
+
+		if info.keyID != "" {
+			err = recipient.header.set(headerKeyID, info.keyID)
+			if err != nil {
+				return nil, err
+			}
+		}
+		obj.recipients[i] = recipient
+	}
+
+	if len(ctx.recipients) == 1 {
+		// Move per-recipient headers into main protected header if there's
+		// only a single recipient.
+		obj.protected.merge(obj.recipients[0].header)
+		obj.recipients[0].header = nil
+	}
+
+	if ctx.compressionAlg != NONE {
+		plaintext, err = compress(ctx.compressionAlg, plaintext)
+		if err != nil {
+			return nil, err
+		}
+
+		err = obj.protected.set(headerCompression, ctx.compressionAlg)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	for k, v := range ctx.extraHeaders {
+		b, err := json.Marshal(v)
+		if err != nil {
+			return nil, err
+		}
+		(*obj.protected)[k] = makeRawMessage(b)
+	}
+
+	authData := obj.computeAuthData()
+	parts, err := ctx.cipher.encrypt(cek, authData, plaintext)
+	if err != nil {
+		return nil, err
+	}
+
+	obj.iv = parts.iv
+	obj.ciphertext = parts.ciphertext
+	obj.tag = parts.tag
+
+	return obj, nil
+}
+
+func (ctx *genericEncrypter) Options() EncrypterOptions {
+	return EncrypterOptions{
+		Compression:  ctx.compressionAlg,
+		ExtraHeaders: ctx.extraHeaders,
+	}
+}
+
+// Decrypt and validate the object and return the plaintext. Note that this
+// function does not support multi-recipient, if you desire multi-recipient
+// decryption use DecryptMulti instead.
+func (obj JSONWebEncryption) Decrypt(decryptionKey interface{}) ([]byte, error) {
+	headers := obj.mergedHeaders(nil)
+
+	if len(obj.recipients) > 1 {
+		return nil, errors.New("go-jose/go-jose: too many recipients in payload; expecting only one")
+	}
+
+	critical, err := headers.getCritical()
+	if err != nil {
+		return nil, fmt.Errorf("go-jose/go-jose: invalid crit header")
+	}
+
+	if len(critical) > 0 {
+		return nil, fmt.Errorf("go-jose/go-jose: unsupported crit header")
+	}
+
+	decrypter, err := newDecrypter(decryptionKey)
+	if err != nil {
+		return nil, err
+	}
+
+	cipher := getContentCipher(headers.getEncryption())
+	if cipher == nil {
+		return nil, fmt.Errorf("go-jose/go-jose: unsupported enc value '%s'", string(headers.getEncryption()))
+	}
+
+	generator := randomKeyGenerator{
+		size: cipher.keySize(),
+	}
+
+	parts := &aeadParts{
+		iv:         obj.iv,
+		ciphertext: obj.ciphertext,
+		tag:        obj.tag,
+	}
+
+	authData := obj.computeAuthData()
+
+	var plaintext []byte
+	recipient := obj.recipients[0]
+	recipientHeaders := obj.mergedHeaders(&recipient)
+
+	cek, err := decrypter.decryptKey(recipientHeaders, &recipient, generator)
+	if err == nil {
+		// Found a valid CEK -- let's try to decrypt.
+		plaintext, err = cipher.decrypt(cek, authData, parts)
+	}
+
+	if plaintext == nil {
+		return nil, ErrCryptoFailure
+	}
+
+	// The "zip" header parameter may only be present in the protected header.
+	if comp := obj.protected.getCompression(); comp != "" {
+		plaintext, err = decompress(comp, plaintext)
+	}
+
+	return plaintext, err
+}
+
+// DecryptMulti decrypts and validates the object and returns the plaintexts,
+// with support for multiple recipients. It returns the index of the recipient
+// for which the decryption was successful, the merged headers for that recipient,
+// and the plaintext.
+func (obj JSONWebEncryption) DecryptMulti(decryptionKey interface{}) (int, Header, []byte, error) {
+	globalHeaders := obj.mergedHeaders(nil)
+
+	critical, err := globalHeaders.getCritical()
+	if err != nil {
+		return -1, Header{}, nil, fmt.Errorf("go-jose/go-jose: invalid crit header")
+	}
+
+	if len(critical) > 0 {
+		return -1, Header{}, nil, fmt.Errorf("go-jose/go-jose: unsupported crit header")
+	}
+
+	decrypter, err := newDecrypter(decryptionKey)
+	if err != nil {
+		return -1, Header{}, nil, err
+	}
+
+	encryption := globalHeaders.getEncryption()
+	cipher := getContentCipher(encryption)
+	if cipher == nil {
+		return -1, Header{}, nil, fmt.Errorf("go-jose/go-jose: unsupported enc value '%s'", string(encryption))
+	}
+
+	generator := randomKeyGenerator{
+		size: cipher.keySize(),
+	}
+
+	parts := &aeadParts{
+		iv:         obj.iv,
+		ciphertext: obj.ciphertext,
+		tag:        obj.tag,
+	}
+
+	authData := obj.computeAuthData()
+
+	index := -1
+	var plaintext []byte
+	var headers rawHeader
+
+	for i, recipient := range obj.recipients {
+		recipientHeaders := obj.mergedHeaders(&recipient)
+
+		cek, err := decrypter.decryptKey(recipientHeaders, &recipient, generator)
+		if err == nil {
+			// Found a valid CEK -- let's try to decrypt.
+			plaintext, err = cipher.decrypt(cek, authData, parts)
+			if err == nil {
+				index = i
+				headers = recipientHeaders
+				break
+			}
+		}
+	}
+
+	if plaintext == nil || err != nil {
+		return -1, Header{}, nil, ErrCryptoFailure
+	}
+
+	// The "zip" header parameter may only be present in the protected header.
+	if comp := obj.protected.getCompression(); comp != "" {
+		plaintext, err = decompress(comp, plaintext)
+	}
+
+	sanitized, err := headers.sanitized()
+	if err != nil {
+		return -1, Header{}, nil, fmt.Errorf("go-jose/go-jose: failed to sanitize header: %v", err)
+	}
+
+	return index, sanitized, plaintext, err
+}
diff --git a/vendor/gopkg.in/go-jose/go-jose.v2/doc.go b/vendor/gopkg.in/go-jose/go-jose.v2/doc.go
new file mode 100644
index 0000000000..dd1387f3f0
--- /dev/null
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/doc.go
@@ -0,0 +1,27 @@
+/*-
+ * Copyright 2014 Square Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+
+Package jose aims to provide an implementation of the Javascript Object Signing
+and Encryption set of standards. It implements encryption and signing based on
+the JSON Web Encryption and JSON Web Signature standards, with optional JSON
+Web Token support available in a sub-package. The library supports both the
+compact and full serialization formats, and has optional support for multiple
+recipients.
+
+*/
+package jose
diff --git a/vendor/gopkg.in/go-jose/go-jose.v2/encoding.go b/vendor/gopkg.in/go-jose/go-jose.v2/encoding.go
new file mode 100644
index 0000000000..40b688b3d2
--- /dev/null
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/encoding.go
@@ -0,0 +1,185 @@
+/*-
+ * Copyright 2014 Square Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package jose
+
+import (
+	"bytes"
+	"compress/flate"
+	"encoding/base64"
+	"encoding/binary"
+	"io"
+	"math/big"
+	"strings"
+	"unicode"
+
+	"gopkg.in/go-jose/go-jose.v2/json"
+)
+
+// Helper function to serialize known-good objects.
+// Precondition: value is not a nil pointer.
+func mustSerializeJSON(value interface{}) []byte {
+	out, err := json.Marshal(value)
+	if err != nil {
+		panic(err)
+	}
+	// We never want to serialize the top-level value "null," since it's not a
+	// valid JOSE message. But if a caller passes in a nil pointer to this method,
+	// MarshalJSON will happily serialize it as the top-level value "null". If
+	// that value is then embedded in another operation, for instance by being
+	// base64-encoded and fed as input to a signing algorithm
+	// (https://github.com/go-jose/go-jose/issues/22), the result will be
+	// incorrect. Because this method is intended for known-good objects, and a nil
+	// pointer is not a known-good object, we are free to panic in this case.
+	// Note: It's not possible to directly check whether the data pointed at by an
+	// interface is a nil pointer, so we do this hacky workaround.
+	// https://groups.google.com/forum/#!topic/golang-nuts/wnH302gBa4I
+	if string(out) == "null" {
+		panic("Tried to serialize a nil pointer.")
+	}
+	return out
+}
+
+// Strip all newlines and whitespace
+func stripWhitespace(data string) string {
+	buf := strings.Builder{}
+	buf.Grow(len(data))
+	for _, r := range data {
+		if !unicode.IsSpace(r) {
+			buf.WriteRune(r)
+		}
+	}
+	return buf.String()
+}
+
+// Perform compression based on algorithm
+func compress(algorithm CompressionAlgorithm, input []byte) ([]byte, error) {
+	switch algorithm {
+	case DEFLATE:
+		return deflate(input)
+	default:
+		return nil, ErrUnsupportedAlgorithm
+	}
+}
+
+// Perform decompression based on algorithm
+func decompress(algorithm CompressionAlgorithm, input []byte) ([]byte, error) {
+	switch algorithm {
+	case DEFLATE:
+		return inflate(input)
+	default:
+		return nil, ErrUnsupportedAlgorithm
+	}
+}
+
+// Compress with DEFLATE
+func deflate(input []byte) ([]byte, error) {
+	output := new(bytes.Buffer)
+
+	// Writing to byte buffer, err is always nil
+	writer, _ := flate.NewWriter(output, 1)
+	_, _ = io.Copy(writer, bytes.NewBuffer(input))
+
+	err := writer.Close()
+	return output.Bytes(), err
+}
+
+// Decompress with DEFLATE
+func inflate(input []byte) ([]byte, error) {
+	output := new(bytes.Buffer)
+	reader := flate.NewReader(bytes.NewBuffer(input))
+
+	_, err := io.Copy(output, reader)
+	if err != nil {
+		return nil, err
+	}
+
+	err = reader.Close()
+	return output.Bytes(), err
+}
+
+// byteBuffer represents a slice of bytes that can be serialized to url-safe base64.
+type byteBuffer struct {
+	data []byte
+}
+
+func newBuffer(data []byte) *byteBuffer {
+	if data == nil {
+		return nil
+	}
+	return &byteBuffer{
+		data: data,
+	}
+}
+
+func newFixedSizeBuffer(data []byte, length int) *byteBuffer {
+	if len(data) > length {
+		panic("go-jose/go-jose: invalid call to newFixedSizeBuffer (len(data) > length)")
+	}
+	pad := make([]byte, length-len(data))
+	return newBuffer(append(pad, data...))
+}
+
+func newBufferFromInt(num uint64) *byteBuffer {
+	data := make([]byte, 8)
+	binary.BigEndian.PutUint64(data, num)
+	return newBuffer(bytes.TrimLeft(data, "\x00"))
+}
+
+func (b *byteBuffer) MarshalJSON() ([]byte, error) {
+	return json.Marshal(b.base64())
+}
+
+func (b *byteBuffer) UnmarshalJSON(data []byte) error {
+	var encoded string
+	err := json.Unmarshal(data, &encoded)
+	if err != nil {
+		return err
+	}
+
+	if encoded == "" {
+		return nil
+	}
+
+	decoded, err := base64.RawURLEncoding.DecodeString(encoded)
+	if err != nil {
+		return err
+	}
+
+	*b = *newBuffer(decoded)
+
+	return nil
+}
+
+func (b *byteBuffer) base64() string {
+	return base64.RawURLEncoding.EncodeToString(b.data)
+}
+
+func (b *byteBuffer) bytes() []byte {
+	// Handling nil here allows us to transparently handle nil slices when serializing.
+	if b == nil {
+		return nil
+	}
+	return b.data
+}
+
+func (b byteBuffer) bigInt() *big.Int {
+	return new(big.Int).SetBytes(b.data)
+}
+
+func (b byteBuffer) toInt() int {
+	return int(b.bigInt().Int64())
+}
diff --git a/vendor/gopkg.in/go-jose/go-jose.v2/json/LICENSE b/vendor/gopkg.in/go-jose/go-jose.v2/json/LICENSE
new file mode 100644
index 0000000000..7448756763
--- /dev/null
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/json/LICENSE
@@ -0,0 +1,27 @@
+Copyright (c) 2012 The Go Authors. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+   * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+   * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+   * Neither the name of Google Inc. nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/gopkg.in/go-jose/go-jose.v2/json/README.md b/vendor/gopkg.in/go-jose/go-jose.v2/json/README.md
new file mode 100644
index 0000000000..86de5e5581
--- /dev/null
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/json/README.md
@@ -0,0 +1,13 @@
+# Safe JSON
+
+This repository contains a fork of the `encoding/json` package from Go 1.6.
+
+The following changes were made:
+
+* Object deserialization uses case-sensitive member name matching instead of
+  [case-insensitive matching](https://www.ietf.org/mail-archive/web/json/current/msg03763.html).
+  This is to avoid differences in the interpretation of JOSE messages between
+  go-jose and libraries written in other languages.
+* When deserializing a JSON object, we check for duplicate keys and reject the
+  input whenever we detect a duplicate. Rather than trying to work with malformed
+  data, we prefer to reject it right away.
diff --git a/vendor/gopkg.in/go-jose/go-jose.v2/json/decode.go b/vendor/gopkg.in/go-jose/go-jose.v2/json/decode.go
new file mode 100644
index 0000000000..4dbc4146cf
--- /dev/null
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/json/decode.go
@@ -0,0 +1,1217 @@
+// Copyright 2010 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Represents JSON data structure using native Go types: booleans, floats,
+// strings, arrays, and maps.
+
+package json
+
+import (
+	"bytes"
+	"encoding"
+	"encoding/base64"
+	"errors"
+	"fmt"
+	"math"
+	"reflect"
+	"runtime"
+	"strconv"
+	"unicode"
+	"unicode/utf16"
+	"unicode/utf8"
+)
+
+// Unmarshal parses the JSON-encoded data and stores the result
+// in the value pointed to by v.
+//
+// Unmarshal uses the inverse of the encodings that
+// Marshal uses, allocating maps, slices, and pointers as necessary,
+// with the following additional rules:
+//
+// To unmarshal JSON into a pointer, Unmarshal first handles the case of
+// the JSON being the JSON literal null.  In that case, Unmarshal sets
+// the pointer to nil.  Otherwise, Unmarshal unmarshals the JSON into
+// the value pointed at by the pointer.  If the pointer is nil, Unmarshal
+// allocates a new value for it to point to.
+//
+// To unmarshal JSON into a struct, Unmarshal matches incoming object
+// keys to the keys used by Marshal (either the struct field name or its tag),
+// preferring an exact match but also accepting a case-insensitive match.
+// Unmarshal will only set exported fields of the struct.
+//
+// To unmarshal JSON into an interface value,
+// Unmarshal stores one of these in the interface value:
+//
+//	bool, for JSON booleans
+//	float64, for JSON numbers
+//	string, for JSON strings
+//	[]interface{}, for JSON arrays
+//	map[string]interface{}, for JSON objects
+//	nil for JSON null
+//
+// To unmarshal a JSON array into a slice, Unmarshal resets the slice length
+// to zero and then appends each element to the slice.
+// As a special case, to unmarshal an empty JSON array into a slice,
+// Unmarshal replaces the slice with a new empty slice.
+//
+// To unmarshal a JSON array into a Go array, Unmarshal decodes
+// JSON array elements into corresponding Go array elements.
+// If the Go array is smaller than the JSON array,
+// the additional JSON array elements are discarded.
+// If the JSON array is smaller than the Go array,
+// the additional Go array elements are set to zero values.
+//
+// To unmarshal a JSON object into a string-keyed map, Unmarshal first
+// establishes a map to use, If the map is nil, Unmarshal allocates a new map.
+// Otherwise Unmarshal reuses the existing map, keeping existing entries.
+// Unmarshal then stores key-value pairs from the JSON object into the map.
+//
+// If a JSON value is not appropriate for a given target type,
+// or if a JSON number overflows the target type, Unmarshal
+// skips that field and completes the unmarshaling as best it can.
+// If no more serious errors are encountered, Unmarshal returns
+// an UnmarshalTypeError describing the earliest such error.
+//
+// The JSON null value unmarshals into an interface, map, pointer, or slice
+// by setting that Go value to nil. Because null is often used in JSON to mean
+// ``not present,'' unmarshaling a JSON null into any other Go type has no effect
+// on the value and produces no error.
+//
+// When unmarshaling quoted strings, invalid UTF-8 or
+// invalid UTF-16 surrogate pairs are not treated as an error.
+// Instead, they are replaced by the Unicode replacement
+// character U+FFFD.
+//
+func Unmarshal(data []byte, v interface{}) error {
+	// Check for well-formedness.
+	// Avoids filling out half a data structure
+	// before discovering a JSON syntax error.
+	var d decodeState
+	err := checkValid(data, &d.scan)
+	if err != nil {
+		return err
+	}
+
+	d.init(data)
+	return d.unmarshal(v)
+}
+
+// Unmarshaler is the interface implemented by objects
+// that can unmarshal a JSON description of themselves.
+// The input can be assumed to be a valid encoding of
+// a JSON value. UnmarshalJSON must copy the JSON data
+// if it wishes to retain the data after returning.
+type Unmarshaler interface {
+	UnmarshalJSON([]byte) error
+}
+
+// An UnmarshalTypeError describes a JSON value that was
+// not appropriate for a value of a specific Go type.
+type UnmarshalTypeError struct {
+	Value  string       // description of JSON value - "bool", "array", "number -5"
+	Type   reflect.Type // type of Go value it could not be assigned to
+	Offset int64        // error occurred after reading Offset bytes
+}
+
+func (e *UnmarshalTypeError) Error() string {
+	return "json: cannot unmarshal " + e.Value + " into Go value of type " + e.Type.String()
+}
+
+// An UnmarshalFieldError describes a JSON object key that
+// led to an unexported (and therefore unwritable) struct field.
+// (No longer used; kept for compatibility.)
+type UnmarshalFieldError struct {
+	Key   string
+	Type  reflect.Type
+	Field reflect.StructField
+}
+
+func (e *UnmarshalFieldError) Error() string {
+	return "json: cannot unmarshal object key " + strconv.Quote(e.Key) + " into unexported field " + e.Field.Name + " of type " + e.Type.String()
+}
+
+// An InvalidUnmarshalError describes an invalid argument passed to Unmarshal.
+// (The argument to Unmarshal must be a non-nil pointer.)
+type InvalidUnmarshalError struct {
+	Type reflect.Type
+}
+
+func (e *InvalidUnmarshalError) Error() string {
+	if e.Type == nil {
+		return "json: Unmarshal(nil)"
+	}
+
+	if e.Type.Kind() != reflect.Ptr {
+		return "json: Unmarshal(non-pointer " + e.Type.String() + ")"
+	}
+	return "json: Unmarshal(nil " + e.Type.String() + ")"
+}
+
+func (d *decodeState) unmarshal(v interface{}) (err error) {
+	defer func() {
+		if r := recover(); r != nil {
+			if _, ok := r.(runtime.Error); ok {
+				panic(r)
+			}
+			err = r.(error)
+		}
+	}()
+
+	rv := reflect.ValueOf(v)
+	if rv.Kind() != reflect.Ptr || rv.IsNil() {
+		return &InvalidUnmarshalError{reflect.TypeOf(v)}
+	}
+
+	d.scan.reset()
+	// We decode rv not rv.Elem because the Unmarshaler interface
+	// test must be applied at the top level of the value.
+	d.value(rv)
+	return d.savedError
+}
+
+// A Number represents a JSON number literal.
+type Number string
+
+// String returns the literal text of the number.
+func (n Number) String() string { return string(n) }
+
+// Float64 returns the number as a float64.
+func (n Number) Float64() (float64, error) {
+	return strconv.ParseFloat(string(n), 64)
+}
+
+// Int64 returns the number as an int64.
+func (n Number) Int64() (int64, error) {
+	return strconv.ParseInt(string(n), 10, 64)
+}
+
+// isValidNumber reports whether s is a valid JSON number literal.
+func isValidNumber(s string) bool {
+	// This function implements the JSON numbers grammar.
+	// See https://tools.ietf.org/html/rfc7159#section-6
+	// and http://json.org/number.gif
+
+	if s == "" {
+		return false
+	}
+
+	// Optional -
+	if s[0] == '-' {
+		s = s[1:]
+		if s == "" {
+			return false
+		}
+	}
+
+	// Digits
+	switch {
+	default:
+		return false
+
+	case s[0] == '0':
+		s = s[1:]
+
+	case '1' <= s[0] && s[0] <= '9':
+		s = s[1:]
+		for len(s) > 0 && '0' <= s[0] && s[0] <= '9' {
+			s = s[1:]
+		}
+	}
+
+	// . followed by 1 or more digits.
+	if len(s) >= 2 && s[0] == '.' && '0' <= s[1] && s[1] <= '9' {
+		s = s[2:]
+		for len(s) > 0 && '0' <= s[0] && s[0] <= '9' {
+			s = s[1:]
+		}
+	}
+
+	// e or E followed by an optional - or + and
+	// 1 or more digits.
+	if len(s) >= 2 && (s[0] == 'e' || s[0] == 'E') {
+		s = s[1:]
+		if s[0] == '+' || s[0] == '-' {
+			s = s[1:]
+			if s == "" {
+				return false
+			}
+		}
+		for len(s) > 0 && '0' <= s[0] && s[0] <= '9' {
+			s = s[1:]
+		}
+	}
+
+	// Make sure we are at the end.
+	return s == ""
+}
+
+type NumberUnmarshalType int
+
+const (
+	// unmarshal a JSON number into an interface{} as a float64
+	UnmarshalFloat NumberUnmarshalType = iota
+	// unmarshal a JSON number into an interface{} as a `json.Number`
+	UnmarshalJSONNumber
+	// unmarshal a JSON number into an interface{} as a int64
+	// if value is an integer otherwise float64
+	UnmarshalIntOrFloat
+)
+
+// decodeState represents the state while decoding a JSON value.
+type decodeState struct {
+	data       []byte
+	off        int // read offset in data
+	scan       scanner
+	nextscan   scanner // for calls to nextValue
+	savedError error
+	numberType NumberUnmarshalType
+}
+
+// errPhase is used for errors that should not happen unless
+// there is a bug in the JSON decoder or something is editing
+// the data slice while the decoder executes.
+var errPhase = errors.New("JSON decoder out of sync - data changing underfoot?")
+
+func (d *decodeState) init(data []byte) *decodeState {
+	d.data = data
+	d.off = 0
+	d.savedError = nil
+	return d
+}
+
+// error aborts the decoding by panicking with err.
+func (d *decodeState) error(err error) {
+	panic(err)
+}
+
+// saveError saves the first err it is called with,
+// for reporting at the end of the unmarshal.
+func (d *decodeState) saveError(err error) {
+	if d.savedError == nil {
+		d.savedError = err
+	}
+}
+
+// next cuts off and returns the next full JSON value in d.data[d.off:].
+// The next value is known to be an object or array, not a literal.
+func (d *decodeState) next() []byte {
+	c := d.data[d.off]
+	item, rest, err := nextValue(d.data[d.off:], &d.nextscan)
+	if err != nil {
+		d.error(err)
+	}
+	d.off = len(d.data) - len(rest)
+
+	// Our scanner has seen the opening brace/bracket
+	// and thinks we're still in the middle of the object.
+	// invent a closing brace/bracket to get it out.
+	if c == '{' {
+		d.scan.step(&d.scan, '}')
+	} else {
+		d.scan.step(&d.scan, ']')
+	}
+
+	return item
+}
+
+// scanWhile processes bytes in d.data[d.off:] until it
+// receives a scan code not equal to op.
+// It updates d.off and returns the new scan code.
+func (d *decodeState) scanWhile(op int) int {
+	var newOp int
+	for {
+		if d.off >= len(d.data) {
+			newOp = d.scan.eof()
+			d.off = len(d.data) + 1 // mark processed EOF with len+1
+		} else {
+			c := d.data[d.off]
+			d.off++
+			newOp = d.scan.step(&d.scan, c)
+		}
+		if newOp != op {
+			break
+		}
+	}
+	return newOp
+}
+
+// value decodes a JSON value from d.data[d.off:] into the value.
+// it updates d.off to point past the decoded value.
+func (d *decodeState) value(v reflect.Value) {
+	if !v.IsValid() {
+		_, rest, err := nextValue(d.data[d.off:], &d.nextscan)
+		if err != nil {
+			d.error(err)
+		}
+		d.off = len(d.data) - len(rest)
+
+		// d.scan thinks we're still at the beginning of the item.
+		// Feed in an empty string - the shortest, simplest value -
+		// so that it knows we got to the end of the value.
+		if d.scan.redo {
+			// rewind.
+			d.scan.redo = false
+			d.scan.step = stateBeginValue
+		}
+		d.scan.step(&d.scan, '"')
+		d.scan.step(&d.scan, '"')
+
+		n := len(d.scan.parseState)
+		if n > 0 && d.scan.parseState[n-1] == parseObjectKey {
+			// d.scan thinks we just read an object key; finish the object
+			d.scan.step(&d.scan, ':')
+			d.scan.step(&d.scan, '"')
+			d.scan.step(&d.scan, '"')
+			d.scan.step(&d.scan, '}')
+		}
+
+		return
+	}
+
+	switch op := d.scanWhile(scanSkipSpace); op {
+	default:
+		d.error(errPhase)
+
+	case scanBeginArray:
+		d.array(v)
+
+	case scanBeginObject:
+		d.object(v)
+
+	case scanBeginLiteral:
+		d.literal(v)
+	}
+}
+
+type unquotedValue struct{}
+
+// valueQuoted is like value but decodes a
+// quoted string literal or literal null into an interface value.
+// If it finds anything other than a quoted string literal or null,
+// valueQuoted returns unquotedValue{}.
+func (d *decodeState) valueQuoted() interface{} {
+	switch op := d.scanWhile(scanSkipSpace); op {
+	default:
+		d.error(errPhase)
+
+	case scanBeginArray:
+		d.array(reflect.Value{})
+
+	case scanBeginObject:
+		d.object(reflect.Value{})
+
+	case scanBeginLiteral:
+		switch v := d.literalInterface().(type) {
+		case nil, string:
+			return v
+		}
+	}
+	return unquotedValue{}
+}
+
+// indirect walks down v allocating pointers as needed,
+// until it gets to a non-pointer.
+// if it encounters an Unmarshaler, indirect stops and returns that.
+// if decodingNull is true, indirect stops at the last pointer so it can be set to nil.
+func (d *decodeState) indirect(v reflect.Value, decodingNull bool) (Unmarshaler, encoding.TextUnmarshaler, reflect.Value) {
+	// If v is a named type and is addressable,
+	// start with its address, so that if the type has pointer methods,
+	// we find them.
+	if v.Kind() != reflect.Ptr && v.Type().Name() != "" && v.CanAddr() {
+		v = v.Addr()
+	}
+	for {
+		// Load value from interface, but only if the result will be
+		// usefully addressable.
+		if v.Kind() == reflect.Interface && !v.IsNil() {
+			e := v.Elem()
+			if e.Kind() == reflect.Ptr && !e.IsNil() && (!decodingNull || e.Elem().Kind() == reflect.Ptr) {
+				v = e
+				continue
+			}
+		}
+
+		if v.Kind() != reflect.Ptr {
+			break
+		}
+
+		if v.Elem().Kind() != reflect.Ptr && decodingNull && v.CanSet() {
+			break
+		}
+		if v.IsNil() {
+			v.Set(reflect.New(v.Type().Elem()))
+		}
+		if v.Type().NumMethod() > 0 {
+			if u, ok := v.Interface().(Unmarshaler); ok {
+				return u, nil, reflect.Value{}
+			}
+			if u, ok := v.Interface().(encoding.TextUnmarshaler); ok {
+				return nil, u, reflect.Value{}
+			}
+		}
+		v = v.Elem()
+	}
+	return nil, nil, v
+}
+
+// array consumes an array from d.data[d.off-1:], decoding into the value v.
+// the first byte of the array ('[') has been read already.
+func (d *decodeState) array(v reflect.Value) {
+	// Check for unmarshaler.
+	u, ut, pv := d.indirect(v, false)
+	if u != nil {
+		d.off--
+		err := u.UnmarshalJSON(d.next())
+		if err != nil {
+			d.error(err)
+		}
+		return
+	}
+	if ut != nil {
+		d.saveError(&UnmarshalTypeError{"array", v.Type(), int64(d.off)})
+		d.off--
+		d.next()
+		return
+	}
+
+	v = pv
+
+	// Check type of target.
+	switch v.Kind() {
+	case reflect.Interface:
+		if v.NumMethod() == 0 {
+			// Decoding into nil interface?  Switch to non-reflect code.
+			v.Set(reflect.ValueOf(d.arrayInterface()))
+			return
+		}
+		// Otherwise it's invalid.
+		fallthrough
+	default:
+		d.saveError(&UnmarshalTypeError{"array", v.Type(), int64(d.off)})
+		d.off--
+		d.next()
+		return
+	case reflect.Array:
+	case reflect.Slice:
+		break
+	}
+
+	i := 0
+	for {
+		// Look ahead for ] - can only happen on first iteration.
+		op := d.scanWhile(scanSkipSpace)
+		if op == scanEndArray {
+			break
+		}
+
+		// Back up so d.value can have the byte we just read.
+		d.off--
+		d.scan.undo(op)
+
+		// Get element of array, growing if necessary.
+		if v.Kind() == reflect.Slice {
+			// Grow slice if necessary
+			if i >= v.Cap() {
+				newcap := v.Cap() + v.Cap()/2
+				if newcap < 4 {
+					newcap = 4
+				}
+				newv := reflect.MakeSlice(v.Type(), v.Len(), newcap)
+				reflect.Copy(newv, v)
+				v.Set(newv)
+			}
+			if i >= v.Len() {
+				v.SetLen(i + 1)
+			}
+		}
+
+		if i < v.Len() {
+			// Decode into element.
+			d.value(v.Index(i))
+		} else {
+			// Ran out of fixed array: skip.
+			d.value(reflect.Value{})
+		}
+		i++
+
+		// Next token must be , or ].
+		op = d.scanWhile(scanSkipSpace)
+		if op == scanEndArray {
+			break
+		}
+		if op != scanArrayValue {
+			d.error(errPhase)
+		}
+	}
+
+	if i < v.Len() {
+		if v.Kind() == reflect.Array {
+			// Array.  Zero the rest.
+			z := reflect.Zero(v.Type().Elem())
+			for ; i < v.Len(); i++ {
+				v.Index(i).Set(z)
+			}
+		} else {
+			v.SetLen(i)
+		}
+	}
+	if i == 0 && v.Kind() == reflect.Slice {
+		v.Set(reflect.MakeSlice(v.Type(), 0, 0))
+	}
+}
+
+var nullLiteral = []byte("null")
+
+// object consumes an object from d.data[d.off-1:], decoding into the value v.
+// the first byte ('{') of the object has been read already.
+func (d *decodeState) object(v reflect.Value) {
+	// Check for unmarshaler.
+	u, ut, pv := d.indirect(v, false)
+	if u != nil {
+		d.off--
+		err := u.UnmarshalJSON(d.next())
+		if err != nil {
+			d.error(err)
+		}
+		return
+	}
+	if ut != nil {
+		d.saveError(&UnmarshalTypeError{"object", v.Type(), int64(d.off)})
+		d.off--
+		d.next() // skip over { } in input
+		return
+	}
+	v = pv
+
+	// Decoding into nil interface?  Switch to non-reflect code.
+	if v.Kind() == reflect.Interface && v.NumMethod() == 0 {
+		v.Set(reflect.ValueOf(d.objectInterface()))
+		return
+	}
+
+	// Check type of target: struct or map[string]T
+	switch v.Kind() {
+	case reflect.Map:
+		// map must have string kind
+		t := v.Type()
+		if t.Key().Kind() != reflect.String {
+			d.saveError(&UnmarshalTypeError{"object", v.Type(), int64(d.off)})
+			d.off--
+			d.next() // skip over { } in input
+			return
+		}
+		if v.IsNil() {
+			v.Set(reflect.MakeMap(t))
+		}
+	case reflect.Struct:
+
+	default:
+		d.saveError(&UnmarshalTypeError{"object", v.Type(), int64(d.off)})
+		d.off--
+		d.next() // skip over { } in input
+		return
+	}
+
+	var mapElem reflect.Value
+	keys := map[string]bool{}
+
+	for {
+		// Read opening " of string key or closing }.
+		op := d.scanWhile(scanSkipSpace)
+		if op == scanEndObject {
+			// closing } - can only happen on first iteration.
+			break
+		}
+		if op != scanBeginLiteral {
+			d.error(errPhase)
+		}
+
+		// Read key.
+		start := d.off - 1
+		op = d.scanWhile(scanContinue)
+		item := d.data[start : d.off-1]
+		key, ok := unquote(item)
+		if !ok {
+			d.error(errPhase)
+		}
+
+		// Check for duplicate keys.
+		_, ok = keys[key]
+		if !ok {
+			keys[key] = true
+		} else {
+			d.error(fmt.Errorf("json: duplicate key '%s' in object", key))
+		}
+
+		// Figure out field corresponding to key.
+		var subv reflect.Value
+		destring := false // whether the value is wrapped in a string to be decoded first
+
+		if v.Kind() == reflect.Map {
+			elemType := v.Type().Elem()
+			if !mapElem.IsValid() {
+				mapElem = reflect.New(elemType).Elem()
+			} else {
+				mapElem.Set(reflect.Zero(elemType))
+			}
+			subv = mapElem
+		} else {
+			var f *field
+			fields := cachedTypeFields(v.Type())
+			for i := range fields {
+				ff := &fields[i]
+				if bytes.Equal(ff.nameBytes, []byte(key)) {
+					f = ff
+					break
+				}
+			}
+			if f != nil {
+				subv = v
+				destring = f.quoted
+				for _, i := range f.index {
+					if subv.Kind() == reflect.Ptr {
+						if subv.IsNil() {
+							subv.Set(reflect.New(subv.Type().Elem()))
+						}
+						subv = subv.Elem()
+					}
+					subv = subv.Field(i)
+				}
+			}
+		}
+
+		// Read : before value.
+		if op == scanSkipSpace {
+			op = d.scanWhile(scanSkipSpace)
+		}
+		if op != scanObjectKey {
+			d.error(errPhase)
+		}
+
+		// Read value.
+		if destring {
+			switch qv := d.valueQuoted().(type) {
+			case nil:
+				d.literalStore(nullLiteral, subv, false)
+			case string:
+				d.literalStore([]byte(qv), subv, true)
+			default:
+				d.saveError(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal unquoted value into %v", subv.Type()))
+			}
+		} else {
+			d.value(subv)
+		}
+
+		// Write value back to map;
+		// if using struct, subv points into struct already.
+		if v.Kind() == reflect.Map {
+			kv := reflect.ValueOf(key).Convert(v.Type().Key())
+			v.SetMapIndex(kv, subv)
+		}
+
+		// Next token must be , or }.
+		op = d.scanWhile(scanSkipSpace)
+		if op == scanEndObject {
+			break
+		}
+		if op != scanObjectValue {
+			d.error(errPhase)
+		}
+	}
+}
+
+// literal consumes a literal from d.data[d.off-1:], decoding into the value v.
+// The first byte of the literal has been read already
+// (that's how the caller knows it's a literal).
+func (d *decodeState) literal(v reflect.Value) {
+	// All bytes inside literal return scanContinue op code.
+	start := d.off - 1
+	op := d.scanWhile(scanContinue)
+
+	// Scan read one byte too far; back up.
+	d.off--
+	d.scan.undo(op)
+
+	d.literalStore(d.data[start:d.off], v, false)
+}
+
+// convertNumber converts the number literal s to a float64, int64 or a Number
+// depending on d.numberDecodeType.
+func (d *decodeState) convertNumber(s string) (interface{}, error) {
+	switch d.numberType {
+
+	case UnmarshalJSONNumber:
+		return Number(s), nil
+	case UnmarshalIntOrFloat:
+		v, err := strconv.ParseInt(s, 10, 64)
+		if err == nil {
+			return v, nil
+		}
+
+		// tries to parse integer number in scientific notation
+		f, err := strconv.ParseFloat(s, 64)
+		if err != nil {
+			return nil, &UnmarshalTypeError{"number " + s, reflect.TypeOf(0.0), int64(d.off)}
+		}
+
+		// if it has no decimal value use int64
+		if fi, fd := math.Modf(f); fd == 0.0 {
+			return int64(fi), nil
+		}
+		return f, nil
+	default:
+		f, err := strconv.ParseFloat(s, 64)
+		if err != nil {
+			return nil, &UnmarshalTypeError{"number " + s, reflect.TypeOf(0.0), int64(d.off)}
+		}
+		return f, nil
+	}
+
+}
+
+var numberType = reflect.TypeOf(Number(""))
+
+// literalStore decodes a literal stored in item into v.
+//
+// fromQuoted indicates whether this literal came from unwrapping a
+// string from the ",string" struct tag option. this is used only to
+// produce more helpful error messages.
+func (d *decodeState) literalStore(item []byte, v reflect.Value, fromQuoted bool) {
+	// Check for unmarshaler.
+	if len(item) == 0 {
+		//Empty string given
+		d.saveError(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type()))
+		return
+	}
+	wantptr := item[0] == 'n' // null
+	u, ut, pv := d.indirect(v, wantptr)
+	if u != nil {
+		err := u.UnmarshalJSON(item)
+		if err != nil {
+			d.error(err)
+		}
+		return
+	}
+	if ut != nil {
+		if item[0] != '"' {
+			if fromQuoted {
+				d.saveError(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type()))
+			} else {
+				d.saveError(&UnmarshalTypeError{"string", v.Type(), int64(d.off)})
+			}
+			return
+		}
+		s, ok := unquoteBytes(item)
+		if !ok {
+			if fromQuoted {
+				d.error(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type()))
+			} else {
+				d.error(errPhase)
+			}
+		}
+		err := ut.UnmarshalText(s)
+		if err != nil {
+			d.error(err)
+		}
+		return
+	}
+
+	v = pv
+
+	switch c := item[0]; c {
+	case 'n': // null
+		switch v.Kind() {
+		case reflect.Interface, reflect.Ptr, reflect.Map, reflect.Slice:
+			v.Set(reflect.Zero(v.Type()))
+			// otherwise, ignore null for primitives/string
+		}
+	case 't', 'f': // true, false
+		value := c == 't'
+		switch v.Kind() {
+		default:
+			if fromQuoted {
+				d.saveError(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type()))
+			} else {
+				d.saveError(&UnmarshalTypeError{"bool", v.Type(), int64(d.off)})
+			}
+		case reflect.Bool:
+			v.SetBool(value)
+		case reflect.Interface:
+			if v.NumMethod() == 0 {
+				v.Set(reflect.ValueOf(value))
+			} else {
+				d.saveError(&UnmarshalTypeError{"bool", v.Type(), int64(d.off)})
+			}
+		}
+
+	case '"': // string
+		s, ok := unquoteBytes(item)
+		if !ok {
+			if fromQuoted {
+				d.error(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type()))
+			} else {
+				d.error(errPhase)
+			}
+		}
+		switch v.Kind() {
+		default:
+			d.saveError(&UnmarshalTypeError{"string", v.Type(), int64(d.off)})
+		case reflect.Slice:
+			if v.Type().Elem().Kind() != reflect.Uint8 {
+				d.saveError(&UnmarshalTypeError{"string", v.Type(), int64(d.off)})
+				break
+			}
+			b := make([]byte, base64.StdEncoding.DecodedLen(len(s)))
+			n, err := base64.StdEncoding.Decode(b, s)
+			if err != nil {
+				d.saveError(err)
+				break
+			}
+			v.SetBytes(b[:n])
+		case reflect.String:
+			v.SetString(string(s))
+		case reflect.Interface:
+			if v.NumMethod() == 0 {
+				v.Set(reflect.ValueOf(string(s)))
+			} else {
+				d.saveError(&UnmarshalTypeError{"string", v.Type(), int64(d.off)})
+			}
+		}
+
+	default: // number
+		if c != '-' && (c < '0' || c > '9') {
+			if fromQuoted {
+				d.error(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type()))
+			} else {
+				d.error(errPhase)
+			}
+		}
+		s := string(item)
+		switch v.Kind() {
+		default:
+			if v.Kind() == reflect.String && v.Type() == numberType {
+				v.SetString(s)
+				if !isValidNumber(s) {
+					d.error(fmt.Errorf("json: invalid number literal, trying to unmarshal %q into Number", item))
+				}
+				break
+			}
+			if fromQuoted {
+				d.error(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type()))
+			} else {
+				d.error(&UnmarshalTypeError{"number", v.Type(), int64(d.off)})
+			}
+		case reflect.Interface:
+			n, err := d.convertNumber(s)
+			if err != nil {
+				d.saveError(err)
+				break
+			}
+			if v.NumMethod() != 0 {
+				d.saveError(&UnmarshalTypeError{"number", v.Type(), int64(d.off)})
+				break
+			}
+			v.Set(reflect.ValueOf(n))
+
+		case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+			n, err := strconv.ParseInt(s, 10, 64)
+			if err != nil || v.OverflowInt(n) {
+				d.saveError(&UnmarshalTypeError{"number " + s, v.Type(), int64(d.off)})
+				break
+			}
+			v.SetInt(n)
+
+		case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
+			n, err := strconv.ParseUint(s, 10, 64)
+			if err != nil || v.OverflowUint(n) {
+				d.saveError(&UnmarshalTypeError{"number " + s, v.Type(), int64(d.off)})
+				break
+			}
+			v.SetUint(n)
+
+		case reflect.Float32, reflect.Float64:
+			n, err := strconv.ParseFloat(s, v.Type().Bits())
+			if err != nil || v.OverflowFloat(n) {
+				d.saveError(&UnmarshalTypeError{"number " + s, v.Type(), int64(d.off)})
+				break
+			}
+			v.SetFloat(n)
+		}
+	}
+}
+
+// The xxxInterface routines build up a value to be stored
+// in an empty interface.  They are not strictly necessary,
+// but they avoid the weight of reflection in this common case.
+
+// valueInterface is like value but returns interface{}
+func (d *decodeState) valueInterface() interface{} {
+	switch d.scanWhile(scanSkipSpace) {
+	default:
+		d.error(errPhase)
+		panic("unreachable")
+	case scanBeginArray:
+		return d.arrayInterface()
+	case scanBeginObject:
+		return d.objectInterface()
+	case scanBeginLiteral:
+		return d.literalInterface()
+	}
+}
+
+// arrayInterface is like array but returns []interface{}.
+func (d *decodeState) arrayInterface() []interface{} {
+	var v = make([]interface{}, 0)
+	for {
+		// Look ahead for ] - can only happen on first iteration.
+		op := d.scanWhile(scanSkipSpace)
+		if op == scanEndArray {
+			break
+		}
+
+		// Back up so d.value can have the byte we just read.
+		d.off--
+		d.scan.undo(op)
+
+		v = append(v, d.valueInterface())
+
+		// Next token must be , or ].
+		op = d.scanWhile(scanSkipSpace)
+		if op == scanEndArray {
+			break
+		}
+		if op != scanArrayValue {
+			d.error(errPhase)
+		}
+	}
+	return v
+}
+
+// objectInterface is like object but returns map[string]interface{}.
+func (d *decodeState) objectInterface() map[string]interface{} {
+	m := make(map[string]interface{})
+	keys := map[string]bool{}
+
+	for {
+		// Read opening " of string key or closing }.
+		op := d.scanWhile(scanSkipSpace)
+		if op == scanEndObject {
+			// closing } - can only happen on first iteration.
+			break
+		}
+		if op != scanBeginLiteral {
+			d.error(errPhase)
+		}
+
+		// Read string key.
+		start := d.off - 1
+		op = d.scanWhile(scanContinue)
+		item := d.data[start : d.off-1]
+		key, ok := unquote(item)
+		if !ok {
+			d.error(errPhase)
+		}
+
+		// Check for duplicate keys.
+		_, ok = keys[key]
+		if !ok {
+			keys[key] = true
+		} else {
+			d.error(fmt.Errorf("json: duplicate key '%s' in object", key))
+		}
+
+		// Read : before value.
+		if op == scanSkipSpace {
+			op = d.scanWhile(scanSkipSpace)
+		}
+		if op != scanObjectKey {
+			d.error(errPhase)
+		}
+
+		// Read value.
+		m[key] = d.valueInterface()
+
+		// Next token must be , or }.
+		op = d.scanWhile(scanSkipSpace)
+		if op == scanEndObject {
+			break
+		}
+		if op != scanObjectValue {
+			d.error(errPhase)
+		}
+	}
+	return m
+}
+
+// literalInterface is like literal but returns an interface value.
+func (d *decodeState) literalInterface() interface{} {
+	// All bytes inside literal return scanContinue op code.
+	start := d.off - 1
+	op := d.scanWhile(scanContinue)
+
+	// Scan read one byte too far; back up.
+	d.off--
+	d.scan.undo(op)
+	item := d.data[start:d.off]
+
+	switch c := item[0]; c {
+	case 'n': // null
+		return nil
+
+	case 't', 'f': // true, false
+		return c == 't'
+
+	case '"': // string
+		s, ok := unquote(item)
+		if !ok {
+			d.error(errPhase)
+		}
+		return s
+
+	default: // number
+		if c != '-' && (c < '0' || c > '9') {
+			d.error(errPhase)
+		}
+		n, err := d.convertNumber(string(item))
+		if err != nil {
+			d.saveError(err)
+		}
+		return n
+	}
+}
+
+// getu4 decodes \uXXXX from the beginning of s, returning the hex value,
+// or it returns -1.
+func getu4(s []byte) rune {
+	if len(s) < 6 || s[0] != '\\' || s[1] != 'u' {
+		return -1
+	}
+	r, err := strconv.ParseUint(string(s[2:6]), 16, 64)
+	if err != nil {
+		return -1
+	}
+	return rune(r)
+}
+
+// unquote converts a quoted JSON string literal s into an actual string t.
+// The rules are different than for Go, so cannot use strconv.Unquote.
+func unquote(s []byte) (t string, ok bool) {
+	s, ok = unquoteBytes(s)
+	t = string(s)
+	return
+}
+
+func unquoteBytes(s []byte) (t []byte, ok bool) {
+	if len(s) < 2 || s[0] != '"' || s[len(s)-1] != '"' {
+		return
+	}
+	s = s[1 : len(s)-1]
+
+	// Check for unusual characters. If there are none,
+	// then no unquoting is needed, so return a slice of the
+	// original bytes.
+	r := 0
+	for r < len(s) {
+		c := s[r]
+		if c == '\\' || c == '"' || c < ' ' {
+			break
+		}
+		if c < utf8.RuneSelf {
+			r++
+			continue
+		}
+		rr, size := utf8.DecodeRune(s[r:])
+		if rr == utf8.RuneError && size == 1 {
+			break
+		}
+		r += size
+	}
+	if r == len(s) {
+		return s, true
+	}
+
+	b := make([]byte, len(s)+2*utf8.UTFMax)
+	w := copy(b, s[0:r])
+	for r < len(s) {
+		// Out of room?  Can only happen if s is full of
+		// malformed UTF-8 and we're replacing each
+		// byte with RuneError.
+		if w >= len(b)-2*utf8.UTFMax {
+			nb := make([]byte, (len(b)+utf8.UTFMax)*2)
+			copy(nb, b[0:w])
+			b = nb
+		}
+		switch c := s[r]; {
+		case c == '\\':
+			r++
+			if r >= len(s) {
+				return
+			}
+			switch s[r] {
+			default:
+				return
+			case '"', '\\', '/', '\'':
+				b[w] = s[r]
+				r++
+				w++
+			case 'b':
+				b[w] = '\b'
+				r++
+				w++
+			case 'f':
+				b[w] = '\f'
+				r++
+				w++
+			case 'n':
+				b[w] = '\n'
+				r++
+				w++
+			case 'r':
+				b[w] = '\r'
+				r++
+				w++
+			case 't':
+				b[w] = '\t'
+				r++
+				w++
+			case 'u':
+				r--
+				rr := getu4(s[r:])
+				if rr < 0 {
+					return
+				}
+				r += 6
+				if utf16.IsSurrogate(rr) {
+					rr1 := getu4(s[r:])
+					if dec := utf16.DecodeRune(rr, rr1); dec != unicode.ReplacementChar {
+						// A valid pair; consume.
+						r += 6
+						w += utf8.EncodeRune(b[w:], dec)
+						break
+					}
+					// Invalid surrogate; fall back to replacement rune.
+					rr = unicode.ReplacementChar
+				}
+				w += utf8.EncodeRune(b[w:], rr)
+			}
+
+		// Quote, control characters are invalid.
+		case c == '"', c < ' ':
+			return
+
+		// ASCII
+		case c < utf8.RuneSelf:
+			b[w] = c
+			r++
+			w++
+
+		// Coerce to well-formed UTF-8.
+		default:
+			rr, size := utf8.DecodeRune(s[r:])
+			r += size
+			w += utf8.EncodeRune(b[w:], rr)
+		}
+	}
+	return b[0:w], true
+}
diff --git a/vendor/gopkg.in/go-jose/go-jose.v2/json/encode.go b/vendor/gopkg.in/go-jose/go-jose.v2/json/encode.go
new file mode 100644
index 0000000000..1dae8bb7cd
--- /dev/null
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/json/encode.go
@@ -0,0 +1,1197 @@
+// Copyright 2010 The Go Authors.  All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package json implements encoding and decoding of JSON objects as defined in
+// RFC 4627. The mapping between JSON objects and Go values is described
+// in the documentation for the Marshal and Unmarshal functions.
+//
+// See "JSON and Go" for an introduction to this package:
+// https://golang.org/doc/articles/json_and_go.html
+package json
+
+import (
+	"bytes"
+	"encoding"
+	"encoding/base64"
+	"fmt"
+	"math"
+	"reflect"
+	"runtime"
+	"sort"
+	"strconv"
+	"strings"
+	"sync"
+	"unicode"
+	"unicode/utf8"
+)
+
+// Marshal returns the JSON encoding of v.
+//
+// Marshal traverses the value v recursively.
+// If an encountered value implements the Marshaler interface
+// and is not a nil pointer, Marshal calls its MarshalJSON method
+// to produce JSON. If no MarshalJSON method is present but the
+// value implements encoding.TextMarshaler instead, Marshal calls
+// its MarshalText method.
+// The nil pointer exception is not strictly necessary
+// but mimics a similar, necessary exception in the behavior of
+// UnmarshalJSON.
+//
+// Otherwise, Marshal uses the following type-dependent default encodings:
+//
+// Boolean values encode as JSON booleans.
+//
+// Floating point, integer, and Number values encode as JSON numbers.
+//
+// String values encode as JSON strings coerced to valid UTF-8,
+// replacing invalid bytes with the Unicode replacement rune.
+// The angle brackets "<" and ">" are escaped to "\u003c" and "\u003e"
+// to keep some browsers from misinterpreting JSON output as HTML.
+// Ampersand "&" is also escaped to "\u0026" for the same reason.
+//
+// Array and slice values encode as JSON arrays, except that
+// []byte encodes as a base64-encoded string, and a nil slice
+// encodes as the null JSON object.
+//
+// Struct values encode as JSON objects. Each exported struct field
+// becomes a member of the object unless
+//   - the field's tag is "-", or
+//   - the field is empty and its tag specifies the "omitempty" option.
+// The empty values are false, 0, any
+// nil pointer or interface value, and any array, slice, map, or string of
+// length zero. The object's default key string is the struct field name
+// but can be specified in the struct field's tag value. The "json" key in
+// the struct field's tag value is the key name, followed by an optional comma
+// and options. Examples:
+//
+//   // Field is ignored by this package.
+//   Field int `json:"-"`
+//
+//   // Field appears in JSON as key "myName".
+//   Field int `json:"myName"`
+//
+//   // Field appears in JSON as key "myName" and
+//   // the field is omitted from the object if its value is empty,
+//   // as defined above.
+//   Field int `json:"myName,omitempty"`
+//
+//   // Field appears in JSON as key "Field" (the default), but
+//   // the field is skipped if empty.
+//   // Note the leading comma.
+//   Field int `json:",omitempty"`
+//
+// The "string" option signals that a field is stored as JSON inside a
+// JSON-encoded string. It applies only to fields of string, floating point,
+// integer, or boolean types. This extra level of encoding is sometimes used
+// when communicating with JavaScript programs:
+//
+//    Int64String int64 `json:",string"`
+//
+// The key name will be used if it's a non-empty string consisting of
+// only Unicode letters, digits, dollar signs, percent signs, hyphens,
+// underscores and slashes.
+//
+// Anonymous struct fields are usually marshaled as if their inner exported fields
+// were fields in the outer struct, subject to the usual Go visibility rules amended
+// as described in the next paragraph.
+// An anonymous struct field with a name given in its JSON tag is treated as
+// having that name, rather than being anonymous.
+// An anonymous struct field of interface type is treated the same as having
+// that type as its name, rather than being anonymous.
+//
+// The Go visibility rules for struct fields are amended for JSON when
+// deciding which field to marshal or unmarshal. If there are
+// multiple fields at the same level, and that level is the least
+// nested (and would therefore be the nesting level selected by the
+// usual Go rules), the following extra rules apply:
+//
+// 1) Of those fields, if any are JSON-tagged, only tagged fields are considered,
+// even if there are multiple untagged fields that would otherwise conflict.
+// 2) If there is exactly one field (tagged or not according to the first rule), that is selected.
+// 3) Otherwise there are multiple fields, and all are ignored; no error occurs.
+//
+// Handling of anonymous struct fields is new in Go 1.1.
+// Prior to Go 1.1, anonymous struct fields were ignored. To force ignoring of
+// an anonymous struct field in both current and earlier versions, give the field
+// a JSON tag of "-".
+//
+// Map values encode as JSON objects.
+// The map's key type must be string; the map keys are used as JSON object
+// keys, subject to the UTF-8 coercion described for string values above.
+//
+// Pointer values encode as the value pointed to.
+// A nil pointer encodes as the null JSON object.
+//
+// Interface values encode as the value contained in the interface.
+// A nil interface value encodes as the null JSON object.
+//
+// Channel, complex, and function values cannot be encoded in JSON.
+// Attempting to encode such a value causes Marshal to return
+// an UnsupportedTypeError.
+//
+// JSON cannot represent cyclic data structures and Marshal does not
+// handle them.  Passing cyclic structures to Marshal will result in
+// an infinite recursion.
+//
+func Marshal(v interface{}) ([]byte, error) {
+	e := &encodeState{}
+	err := e.marshal(v)
+	if err != nil {
+		return nil, err
+	}
+	return e.Bytes(), nil
+}
+
+// MarshalIndent is like Marshal but applies Indent to format the output.
+func MarshalIndent(v interface{}, prefix, indent string) ([]byte, error) {
+	b, err := Marshal(v)
+	if err != nil {
+		return nil, err
+	}
+	var buf bytes.Buffer
+	err = Indent(&buf, b, prefix, indent)
+	if err != nil {
+		return nil, err
+	}
+	return buf.Bytes(), nil
+}
+
+// HTMLEscape appends to dst the JSON-encoded src with <, >, &, U+2028 and U+2029
+// characters inside string literals changed to \u003c, \u003e, \u0026, \u2028, \u2029
+// so that the JSON will be safe to embed inside HTML <script> tags.
+// For historical reasons, web browsers don't honor standard HTML
+// escaping within <script> tags, so an alternative JSON encoding must
+// be used.
+func HTMLEscape(dst *bytes.Buffer, src []byte) {
+	// The characters can only appear in string literals,
+	// so just scan the string one byte at a time.
+	start := 0
+	for i, c := range src {
+		if c == '<' || c == '>' || c == '&' {
+			if start < i {
+				dst.Write(src[start:i])
+			}
+			dst.WriteString(`\u00`)
+			dst.WriteByte(hex[c>>4])
+			dst.WriteByte(hex[c&0xF])
+			start = i + 1
+		}
+		// Convert U+2028 and U+2029 (E2 80 A8 and E2 80 A9).
+		if c == 0xE2 && i+2 < len(src) && src[i+1] == 0x80 && src[i+2]&^1 == 0xA8 {
+			if start < i {
+				dst.Write(src[start:i])
+			}
+			dst.WriteString(`\u202`)
+			dst.WriteByte(hex[src[i+2]&0xF])
+			start = i + 3
+		}
+	}
+	if start < len(src) {
+		dst.Write(src[start:])
+	}
+}
+
+// Marshaler is the interface implemented by objects that
+// can marshal themselves into valid JSON.
+type Marshaler interface {
+	MarshalJSON() ([]byte, error)
+}
+
+// An UnsupportedTypeError is returned by Marshal when attempting
+// to encode an unsupported value type.
+type UnsupportedTypeError struct {
+	Type reflect.Type
+}
+
+func (e *UnsupportedTypeError) Error() string {
+	return "json: unsupported type: " + e.Type.String()
+}
+
+type UnsupportedValueError struct {
+	Value reflect.Value
+	Str   string
+}
+
+func (e *UnsupportedValueError) Error() string {
+	return "json: unsupported value: " + e.Str
+}
+
+// Before Go 1.2, an InvalidUTF8Error was returned by Marshal when
+// attempting to encode a string value with invalid UTF-8 sequences.
+// As of Go 1.2, Marshal instead coerces the string to valid UTF-8 by
+// replacing invalid bytes with the Unicode replacement rune U+FFFD.
+// This error is no longer generated but is kept for backwards compatibility
+// with programs that might mention it.
+type InvalidUTF8Error struct {
+	S string // the whole string value that caused the error
+}
+
+func (e *InvalidUTF8Error) Error() string {
+	return "json: invalid UTF-8 in string: " + strconv.Quote(e.S)
+}
+
+type MarshalerError struct {
+	Type reflect.Type
+	Err  error
+}
+
+func (e *MarshalerError) Error() string {
+	return "json: error calling MarshalJSON for type " + e.Type.String() + ": " + e.Err.Error()
+}
+
+var hex = "0123456789abcdef"
+
+// An encodeState encodes JSON into a bytes.Buffer.
+type encodeState struct {
+	bytes.Buffer // accumulated output
+	scratch      [64]byte
+}
+
+var encodeStatePool sync.Pool
+
+func newEncodeState() *encodeState {
+	if v := encodeStatePool.Get(); v != nil {
+		e := v.(*encodeState)
+		e.Reset()
+		return e
+	}
+	return new(encodeState)
+}
+
+func (e *encodeState) marshal(v interface{}) (err error) {
+	defer func() {
+		if r := recover(); r != nil {
+			if _, ok := r.(runtime.Error); ok {
+				panic(r)
+			}
+			if s, ok := r.(string); ok {
+				panic(s)
+			}
+			err = r.(error)
+		}
+	}()
+	e.reflectValue(reflect.ValueOf(v))
+	return nil
+}
+
+func (e *encodeState) error(err error) {
+	panic(err)
+}
+
+func isEmptyValue(v reflect.Value) bool {
+	switch v.Kind() {
+	case reflect.Array, reflect.Map, reflect.Slice, reflect.String:
+		return v.Len() == 0
+	case reflect.Bool:
+		return !v.Bool()
+	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+		return v.Int() == 0
+	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
+		return v.Uint() == 0
+	case reflect.Float32, reflect.Float64:
+		return v.Float() == 0
+	case reflect.Interface, reflect.Ptr:
+		return v.IsNil()
+	}
+	return false
+}
+
+func (e *encodeState) reflectValue(v reflect.Value) {
+	valueEncoder(v)(e, v, false)
+}
+
+type encoderFunc func(e *encodeState, v reflect.Value, quoted bool)
+
+var encoderCache struct {
+	sync.RWMutex
+	m map[reflect.Type]encoderFunc
+}
+
+func valueEncoder(v reflect.Value) encoderFunc {
+	if !v.IsValid() {
+		return invalidValueEncoder
+	}
+	return typeEncoder(v.Type())
+}
+
+func typeEncoder(t reflect.Type) encoderFunc {
+	encoderCache.RLock()
+	f := encoderCache.m[t]
+	encoderCache.RUnlock()
+	if f != nil {
+		return f
+	}
+
+	// To deal with recursive types, populate the map with an
+	// indirect func before we build it. This type waits on the
+	// real func (f) to be ready and then calls it.  This indirect
+	// func is only used for recursive types.
+	encoderCache.Lock()
+	if encoderCache.m == nil {
+		encoderCache.m = make(map[reflect.Type]encoderFunc)
+	}
+	var wg sync.WaitGroup
+	wg.Add(1)
+	encoderCache.m[t] = func(e *encodeState, v reflect.Value, quoted bool) {
+		wg.Wait()
+		f(e, v, quoted)
+	}
+	encoderCache.Unlock()
+
+	// Compute fields without lock.
+	// Might duplicate effort but won't hold other computations back.
+	f = newTypeEncoder(t, true)
+	wg.Done()
+	encoderCache.Lock()
+	encoderCache.m[t] = f
+	encoderCache.Unlock()
+	return f
+}
+
+var (
+	marshalerType     = reflect.TypeOf(new(Marshaler)).Elem()
+	textMarshalerType = reflect.TypeOf(new(encoding.TextMarshaler)).Elem()
+)
+
+// newTypeEncoder constructs an encoderFunc for a type.
+// The returned encoder only checks CanAddr when allowAddr is true.
+func newTypeEncoder(t reflect.Type, allowAddr bool) encoderFunc {
+	if t.Implements(marshalerType) {
+		return marshalerEncoder
+	}
+	if t.Kind() != reflect.Ptr && allowAddr {
+		if reflect.PtrTo(t).Implements(marshalerType) {
+			return newCondAddrEncoder(addrMarshalerEncoder, newTypeEncoder(t, false))
+		}
+	}
+
+	if t.Implements(textMarshalerType) {
+		return textMarshalerEncoder
+	}
+	if t.Kind() != reflect.Ptr && allowAddr {
+		if reflect.PtrTo(t).Implements(textMarshalerType) {
+			return newCondAddrEncoder(addrTextMarshalerEncoder, newTypeEncoder(t, false))
+		}
+	}
+
+	switch t.Kind() {
+	case reflect.Bool:
+		return boolEncoder
+	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+		return intEncoder
+	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
+		return uintEncoder
+	case reflect.Float32:
+		return float32Encoder
+	case reflect.Float64:
+		return float64Encoder
+	case reflect.String:
+		return stringEncoder
+	case reflect.Interface:
+		return interfaceEncoder
+	case reflect.Struct:
+		return newStructEncoder(t)
+	case reflect.Map:
+		return newMapEncoder(t)
+	case reflect.Slice:
+		return newSliceEncoder(t)
+	case reflect.Array:
+		return newArrayEncoder(t)
+	case reflect.Ptr:
+		return newPtrEncoder(t)
+	default:
+		return unsupportedTypeEncoder
+	}
+}
+
+func invalidValueEncoder(e *encodeState, v reflect.Value, quoted bool) {
+	e.WriteString("null")
+}
+
+func marshalerEncoder(e *encodeState, v reflect.Value, quoted bool) {
+	if v.Kind() == reflect.Ptr && v.IsNil() {
+		e.WriteString("null")
+		return
+	}
+	m := v.Interface().(Marshaler)
+	b, err := m.MarshalJSON()
+	if err == nil {
+		// copy JSON into buffer, checking validity.
+		err = compact(&e.Buffer, b, true)
+	}
+	if err != nil {
+		e.error(&MarshalerError{v.Type(), err})
+	}
+}
+
+func addrMarshalerEncoder(e *encodeState, v reflect.Value, quoted bool) {
+	va := v.Addr()
+	if va.IsNil() {
+		e.WriteString("null")
+		return
+	}
+	m := va.Interface().(Marshaler)
+	b, err := m.MarshalJSON()
+	if err == nil {
+		// copy JSON into buffer, checking validity.
+		err = compact(&e.Buffer, b, true)
+	}
+	if err != nil {
+		e.error(&MarshalerError{v.Type(), err})
+	}
+}
+
+func textMarshalerEncoder(e *encodeState, v reflect.Value, quoted bool) {
+	if v.Kind() == reflect.Ptr && v.IsNil() {
+		e.WriteString("null")
+		return
+	}
+	m := v.Interface().(encoding.TextMarshaler)
+	b, err := m.MarshalText()
+	if err != nil {
+		e.error(&MarshalerError{v.Type(), err})
+	}
+	e.stringBytes(b)
+}
+
+func addrTextMarshalerEncoder(e *encodeState, v reflect.Value, quoted bool) {
+	va := v.Addr()
+	if va.IsNil() {
+		e.WriteString("null")
+		return
+	}
+	m := va.Interface().(encoding.TextMarshaler)
+	b, err := m.MarshalText()
+	if err != nil {
+		e.error(&MarshalerError{v.Type(), err})
+	}
+	e.stringBytes(b)
+}
+
+func boolEncoder(e *encodeState, v reflect.Value, quoted bool) {
+	if quoted {
+		e.WriteByte('"')
+	}
+	if v.Bool() {
+		e.WriteString("true")
+	} else {
+		e.WriteString("false")
+	}
+	if quoted {
+		e.WriteByte('"')
+	}
+}
+
+func intEncoder(e *encodeState, v reflect.Value, quoted bool) {
+	b := strconv.AppendInt(e.scratch[:0], v.Int(), 10)
+	if quoted {
+		e.WriteByte('"')
+	}
+	e.Write(b)
+	if quoted {
+		e.WriteByte('"')
+	}
+}
+
+func uintEncoder(e *encodeState, v reflect.Value, quoted bool) {
+	b := strconv.AppendUint(e.scratch[:0], v.Uint(), 10)
+	if quoted {
+		e.WriteByte('"')
+	}
+	e.Write(b)
+	if quoted {
+		e.WriteByte('"')
+	}
+}
+
+type floatEncoder int // number of bits
+
+func (bits floatEncoder) encode(e *encodeState, v reflect.Value, quoted bool) {
+	f := v.Float()
+	if math.IsInf(f, 0) || math.IsNaN(f) {
+		e.error(&UnsupportedValueError{v, strconv.FormatFloat(f, 'g', -1, int(bits))})
+	}
+	b := strconv.AppendFloat(e.scratch[:0], f, 'g', -1, int(bits))
+	if quoted {
+		e.WriteByte('"')
+	}
+	e.Write(b)
+	if quoted {
+		e.WriteByte('"')
+	}
+}
+
+var (
+	float32Encoder = (floatEncoder(32)).encode
+	float64Encoder = (floatEncoder(64)).encode
+)
+
+func stringEncoder(e *encodeState, v reflect.Value, quoted bool) {
+	if v.Type() == numberType {
+		numStr := v.String()
+		// In Go1.5 the empty string encodes to "0", while this is not a valid number literal
+		// we keep compatibility so check validity after this.
+		if numStr == "" {
+			numStr = "0" // Number's zero-val
+		}
+		if !isValidNumber(numStr) {
+			e.error(fmt.Errorf("json: invalid number literal %q", numStr))
+		}
+		e.WriteString(numStr)
+		return
+	}
+	if quoted {
+		sb, err := Marshal(v.String())
+		if err != nil {
+			e.error(err)
+		}
+		e.string(string(sb))
+	} else {
+		e.string(v.String())
+	}
+}
+
+func interfaceEncoder(e *encodeState, v reflect.Value, quoted bool) {
+	if v.IsNil() {
+		e.WriteString("null")
+		return
+	}
+	e.reflectValue(v.Elem())
+}
+
+func unsupportedTypeEncoder(e *encodeState, v reflect.Value, quoted bool) {
+	e.error(&UnsupportedTypeError{v.Type()})
+}
+
+type structEncoder struct {
+	fields    []field
+	fieldEncs []encoderFunc
+}
+
+func (se *structEncoder) encode(e *encodeState, v reflect.Value, quoted bool) {
+	e.WriteByte('{')
+	first := true
+	for i, f := range se.fields {
+		fv := fieldByIndex(v, f.index)
+		if !fv.IsValid() || f.omitEmpty && isEmptyValue(fv) {
+			continue
+		}
+		if first {
+			first = false
+		} else {
+			e.WriteByte(',')
+		}
+		e.string(f.name)
+		e.WriteByte(':')
+		se.fieldEncs[i](e, fv, f.quoted)
+	}
+	e.WriteByte('}')
+}
+
+func newStructEncoder(t reflect.Type) encoderFunc {
+	fields := cachedTypeFields(t)
+	se := &structEncoder{
+		fields:    fields,
+		fieldEncs: make([]encoderFunc, len(fields)),
+	}
+	for i, f := range fields {
+		se.fieldEncs[i] = typeEncoder(typeByIndex(t, f.index))
+	}
+	return se.encode
+}
+
+type mapEncoder struct {
+	elemEnc encoderFunc
+}
+
+func (me *mapEncoder) encode(e *encodeState, v reflect.Value, _ bool) {
+	if v.IsNil() {
+		e.WriteString("null")
+		return
+	}
+	e.WriteByte('{')
+	var sv stringValues = v.MapKeys()
+	sort.Sort(sv)
+	for i, k := range sv {
+		if i > 0 {
+			e.WriteByte(',')
+		}
+		e.string(k.String())
+		e.WriteByte(':')
+		me.elemEnc(e, v.MapIndex(k), false)
+	}
+	e.WriteByte('}')
+}
+
+func newMapEncoder(t reflect.Type) encoderFunc {
+	if t.Key().Kind() != reflect.String {
+		return unsupportedTypeEncoder
+	}
+	me := &mapEncoder{typeEncoder(t.Elem())}
+	return me.encode
+}
+
+func encodeByteSlice(e *encodeState, v reflect.Value, _ bool) {
+	if v.IsNil() {
+		e.WriteString("null")
+		return
+	}
+	s := v.Bytes()
+	e.WriteByte('"')
+	if len(s) < 1024 {
+		// for small buffers, using Encode directly is much faster.
+		dst := make([]byte, base64.StdEncoding.EncodedLen(len(s)))
+		base64.StdEncoding.Encode(dst, s)
+		e.Write(dst)
+	} else {
+		// for large buffers, avoid unnecessary extra temporary
+		// buffer space.
+		enc := base64.NewEncoder(base64.StdEncoding, e)
+		enc.Write(s)
+		enc.Close()
+	}
+	e.WriteByte('"')
+}
+
+// sliceEncoder just wraps an arrayEncoder, checking to make sure the value isn't nil.
+type sliceEncoder struct {
+	arrayEnc encoderFunc
+}
+
+func (se *sliceEncoder) encode(e *encodeState, v reflect.Value, _ bool) {
+	if v.IsNil() {
+		e.WriteString("null")
+		return
+	}
+	se.arrayEnc(e, v, false)
+}
+
+func newSliceEncoder(t reflect.Type) encoderFunc {
+	// Byte slices get special treatment; arrays don't.
+	if t.Elem().Kind() == reflect.Uint8 {
+		return encodeByteSlice
+	}
+	enc := &sliceEncoder{newArrayEncoder(t)}
+	return enc.encode
+}
+
+type arrayEncoder struct {
+	elemEnc encoderFunc
+}
+
+func (ae *arrayEncoder) encode(e *encodeState, v reflect.Value, _ bool) {
+	e.WriteByte('[')
+	n := v.Len()
+	for i := 0; i < n; i++ {
+		if i > 0 {
+			e.WriteByte(',')
+		}
+		ae.elemEnc(e, v.Index(i), false)
+	}
+	e.WriteByte(']')
+}
+
+func newArrayEncoder(t reflect.Type) encoderFunc {
+	enc := &arrayEncoder{typeEncoder(t.Elem())}
+	return enc.encode
+}
+
+type ptrEncoder struct {
+	elemEnc encoderFunc
+}
+
+func (pe *ptrEncoder) encode(e *encodeState, v reflect.Value, quoted bool) {
+	if v.IsNil() {
+		e.WriteString("null")
+		return
+	}
+	pe.elemEnc(e, v.Elem(), quoted)
+}
+
+func newPtrEncoder(t reflect.Type) encoderFunc {
+	enc := &ptrEncoder{typeEncoder(t.Elem())}
+	return enc.encode
+}
+
+type condAddrEncoder struct {
+	canAddrEnc, elseEnc encoderFunc
+}
+
+func (ce *condAddrEncoder) encode(e *encodeState, v reflect.Value, quoted bool) {
+	if v.CanAddr() {
+		ce.canAddrEnc(e, v, quoted)
+	} else {
+		ce.elseEnc(e, v, quoted)
+	}
+}
+
+// newCondAddrEncoder returns an encoder that checks whether its value
+// CanAddr and delegates to canAddrEnc if so, else to elseEnc.
+func newCondAddrEncoder(canAddrEnc, elseEnc encoderFunc) encoderFunc {
+	enc := &condAddrEncoder{canAddrEnc: canAddrEnc, elseEnc: elseEnc}
+	return enc.encode
+}
+
+func isValidTag(s string) bool {
+	if s == "" {
+		return false
+	}
+	for _, c := range s {
+		switch {
+		case strings.ContainsRune("!#$%&()*+-./:<=>?@[]^_{|}~ ", c):
+			// Backslash and quote chars are reserved, but
+			// otherwise any punctuation chars are allowed
+			// in a tag name.
+		default:
+			if !unicode.IsLetter(c) && !unicode.IsDigit(c) {
+				return false
+			}
+		}
+	}
+	return true
+}
+
+func fieldByIndex(v reflect.Value, index []int) reflect.Value {
+	for _, i := range index {
+		if v.Kind() == reflect.Ptr {
+			if v.IsNil() {
+				return reflect.Value{}
+			}
+			v = v.Elem()
+		}
+		v = v.Field(i)
+	}
+	return v
+}
+
+func typeByIndex(t reflect.Type, index []int) reflect.Type {
+	for _, i := range index {
+		if t.Kind() == reflect.Ptr {
+			t = t.Elem()
+		}
+		t = t.Field(i).Type
+	}
+	return t
+}
+
+// stringValues is a slice of reflect.Value holding *reflect.StringValue.
+// It implements the methods to sort by string.
+type stringValues []reflect.Value
+
+func (sv stringValues) Len() int           { return len(sv) }
+func (sv stringValues) Swap(i, j int)      { sv[i], sv[j] = sv[j], sv[i] }
+func (sv stringValues) Less(i, j int) bool { return sv.get(i) < sv.get(j) }
+func (sv stringValues) get(i int) string   { return sv[i].String() }
+
+// NOTE: keep in sync with stringBytes below.
+func (e *encodeState) string(s string) int {
+	len0 := e.Len()
+	e.WriteByte('"')
+	start := 0
+	for i := 0; i < len(s); {
+		if b := s[i]; b < utf8.RuneSelf {
+			if 0x20 <= b && b != '\\' && b != '"' && b != '<' && b != '>' && b != '&' {
+				i++
+				continue
+			}
+			if start < i {
+				e.WriteString(s[start:i])
+			}
+			switch b {
+			case '\\', '"':
+				e.WriteByte('\\')
+				e.WriteByte(b)
+			case '\n':
+				e.WriteByte('\\')
+				e.WriteByte('n')
+			case '\r':
+				e.WriteByte('\\')
+				e.WriteByte('r')
+			case '\t':
+				e.WriteByte('\\')
+				e.WriteByte('t')
+			default:
+				// This encodes bytes < 0x20 except for \n and \r,
+				// as well as <, > and &. The latter are escaped because they
+				// can lead to security holes when user-controlled strings
+				// are rendered into JSON and served to some browsers.
+				e.WriteString(`\u00`)
+				e.WriteByte(hex[b>>4])
+				e.WriteByte(hex[b&0xF])
+			}
+			i++
+			start = i
+			continue
+		}
+		c, size := utf8.DecodeRuneInString(s[i:])
+		if c == utf8.RuneError && size == 1 {
+			if start < i {
+				e.WriteString(s[start:i])
+			}
+			e.WriteString(`\ufffd`)
+			i += size
+			start = i
+			continue
+		}
+		// U+2028 is LINE SEPARATOR.
+		// U+2029 is PARAGRAPH SEPARATOR.
+		// They are both technically valid characters in JSON strings,
+		// but don't work in JSONP, which has to be evaluated as JavaScript,
+		// and can lead to security holes there. It is valid JSON to
+		// escape them, so we do so unconditionally.
+		// See http://timelessrepo.com/json-isnt-a-javascript-subset for discussion.
+		if c == '\u2028' || c == '\u2029' {
+			if start < i {
+				e.WriteString(s[start:i])
+			}
+			e.WriteString(`\u202`)
+			e.WriteByte(hex[c&0xF])
+			i += size
+			start = i
+			continue
+		}
+		i += size
+	}
+	if start < len(s) {
+		e.WriteString(s[start:])
+	}
+	e.WriteByte('"')
+	return e.Len() - len0
+}
+
+// NOTE: keep in sync with string above.
+func (e *encodeState) stringBytes(s []byte) int {
+	len0 := e.Len()
+	e.WriteByte('"')
+	start := 0
+	for i := 0; i < len(s); {
+		if b := s[i]; b < utf8.RuneSelf {
+			if 0x20 <= b && b != '\\' && b != '"' && b != '<' && b != '>' && b != '&' {
+				i++
+				continue
+			}
+			if start < i {
+				e.Write(s[start:i])
+			}
+			switch b {
+			case '\\', '"':
+				e.WriteByte('\\')
+				e.WriteByte(b)
+			case '\n':
+				e.WriteByte('\\')
+				e.WriteByte('n')
+			case '\r':
+				e.WriteByte('\\')
+				e.WriteByte('r')
+			case '\t':
+				e.WriteByte('\\')
+				e.WriteByte('t')
+			default:
+				// This encodes bytes < 0x20 except for \n and \r,
+				// as well as <, >, and &. The latter are escaped because they
+				// can lead to security holes when user-controlled strings
+				// are rendered into JSON and served to some browsers.
+				e.WriteString(`\u00`)
+				e.WriteByte(hex[b>>4])
+				e.WriteByte(hex[b&0xF])
+			}
+			i++
+			start = i
+			continue
+		}
+		c, size := utf8.DecodeRune(s[i:])
+		if c == utf8.RuneError && size == 1 {
+			if start < i {
+				e.Write(s[start:i])
+			}
+			e.WriteString(`\ufffd`)
+			i += size
+			start = i
+			continue
+		}
+		// U+2028 is LINE SEPARATOR.
+		// U+2029 is PARAGRAPH SEPARATOR.
+		// They are both technically valid characters in JSON strings,
+		// but don't work in JSONP, which has to be evaluated as JavaScript,
+		// and can lead to security holes there. It is valid JSON to
+		// escape them, so we do so unconditionally.
+		// See http://timelessrepo.com/json-isnt-a-javascript-subset for discussion.
+		if c == '\u2028' || c == '\u2029' {
+			if start < i {
+				e.Write(s[start:i])
+			}
+			e.WriteString(`\u202`)
+			e.WriteByte(hex[c&0xF])
+			i += size
+			start = i
+			continue
+		}
+		i += size
+	}
+	if start < len(s) {
+		e.Write(s[start:])
+	}
+	e.WriteByte('"')
+	return e.Len() - len0
+}
+
+// A field represents a single field found in a struct.
+type field struct {
+	name      string
+	nameBytes []byte // []byte(name)
+
+	tag       bool
+	index     []int
+	typ       reflect.Type
+	omitEmpty bool
+	quoted    bool
+}
+
+func fillField(f field) field {
+	f.nameBytes = []byte(f.name)
+	return f
+}
+
+// byName sorts field by name, breaking ties with depth,
+// then breaking ties with "name came from json tag", then
+// breaking ties with index sequence.
+type byName []field
+
+func (x byName) Len() int { return len(x) }
+
+func (x byName) Swap(i, j int) { x[i], x[j] = x[j], x[i] }
+
+func (x byName) Less(i, j int) bool {
+	if x[i].name != x[j].name {
+		return x[i].name < x[j].name
+	}
+	if len(x[i].index) != len(x[j].index) {
+		return len(x[i].index) < len(x[j].index)
+	}
+	if x[i].tag != x[j].tag {
+		return x[i].tag
+	}
+	return byIndex(x).Less(i, j)
+}
+
+// byIndex sorts field by index sequence.
+type byIndex []field
+
+func (x byIndex) Len() int { return len(x) }
+
+func (x byIndex) Swap(i, j int) { x[i], x[j] = x[j], x[i] }
+
+func (x byIndex) Less(i, j int) bool {
+	for k, xik := range x[i].index {
+		if k >= len(x[j].index) {
+			return false
+		}
+		if xik != x[j].index[k] {
+			return xik < x[j].index[k]
+		}
+	}
+	return len(x[i].index) < len(x[j].index)
+}
+
+// typeFields returns a list of fields that JSON should recognize for the given type.
+// The algorithm is breadth-first search over the set of structs to include - the top struct
+// and then any reachable anonymous structs.
+func typeFields(t reflect.Type) []field {
+	// Anonymous fields to explore at the current level and the next.
+	current := []field{}
+	next := []field{{typ: t}}
+
+	// Count of queued names for current level and the next.
+	count := map[reflect.Type]int{}
+	nextCount := map[reflect.Type]int{}
+
+	// Types already visited at an earlier level.
+	visited := map[reflect.Type]bool{}
+
+	// Fields found.
+	var fields []field
+
+	for len(next) > 0 {
+		current, next = next, current[:0]
+		count, nextCount = nextCount, map[reflect.Type]int{}
+
+		for _, f := range current {
+			if visited[f.typ] {
+				continue
+			}
+			visited[f.typ] = true
+
+			// Scan f.typ for fields to include.
+			for i := 0; i < f.typ.NumField(); i++ {
+				sf := f.typ.Field(i)
+				if sf.PkgPath != "" && !sf.Anonymous { // unexported
+					continue
+				}
+				tag := sf.Tag.Get("json")
+				if tag == "-" {
+					continue
+				}
+				name, opts := parseTag(tag)
+				if !isValidTag(name) {
+					name = ""
+				}
+				index := make([]int, len(f.index)+1)
+				copy(index, f.index)
+				index[len(f.index)] = i
+
+				ft := sf.Type
+				if ft.Name() == "" && ft.Kind() == reflect.Ptr {
+					// Follow pointer.
+					ft = ft.Elem()
+				}
+
+				// Only strings, floats, integers, and booleans can be quoted.
+				quoted := false
+				if opts.Contains("string") {
+					switch ft.Kind() {
+					case reflect.Bool,
+						reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64,
+						reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64,
+						reflect.Float32, reflect.Float64,
+						reflect.String:
+						quoted = true
+					}
+				}
+
+				// Record found field and index sequence.
+				if name != "" || !sf.Anonymous || ft.Kind() != reflect.Struct {
+					tagged := name != ""
+					if name == "" {
+						name = sf.Name
+					}
+					fields = append(fields, fillField(field{
+						name:      name,
+						tag:       tagged,
+						index:     index,
+						typ:       ft,
+						omitEmpty: opts.Contains("omitempty"),
+						quoted:    quoted,
+					}))
+					if count[f.typ] > 1 {
+						// If there were multiple instances, add a second,
+						// so that the annihilation code will see a duplicate.
+						// It only cares about the distinction between 1 or 2,
+						// so don't bother generating any more copies.
+						fields = append(fields, fields[len(fields)-1])
+					}
+					continue
+				}
+
+				// Record new anonymous struct to explore in next round.
+				nextCount[ft]++
+				if nextCount[ft] == 1 {
+					next = append(next, fillField(field{name: ft.Name(), index: index, typ: ft}))
+				}
+			}
+		}
+	}
+
+	sort.Sort(byName(fields))
+
+	// Delete all fields that are hidden by the Go rules for embedded fields,
+	// except that fields with JSON tags are promoted.
+
+	// The fields are sorted in primary order of name, secondary order
+	// of field index length. Loop over names; for each name, delete
+	// hidden fields by choosing the one dominant field that survives.
+	out := fields[:0]
+	for advance, i := 0, 0; i < len(fields); i += advance {
+		// One iteration per name.
+		// Find the sequence of fields with the name of this first field.
+		fi := fields[i]
+		name := fi.name
+		for advance = 1; i+advance < len(fields); advance++ {
+			fj := fields[i+advance]
+			if fj.name != name {
+				break
+			}
+		}
+		if advance == 1 { // Only one field with this name
+			out = append(out, fi)
+			continue
+		}
+		dominant, ok := dominantField(fields[i : i+advance])
+		if ok {
+			out = append(out, dominant)
+		}
+	}
+
+	fields = out
+	sort.Sort(byIndex(fields))
+
+	return fields
+}
+
+// dominantField looks through the fields, all of which are known to
+// have the same name, to find the single field that dominates the
+// others using Go's embedding rules, modified by the presence of
+// JSON tags. If there are multiple top-level fields, the boolean
+// will be false: This condition is an error in Go and we skip all
+// the fields.
+func dominantField(fields []field) (field, bool) {
+	// The fields are sorted in increasing index-length order. The winner
+	// must therefore be one with the shortest index length. Drop all
+	// longer entries, which is easy: just truncate the slice.
+	length := len(fields[0].index)
+	tagged := -1 // Index of first tagged field.
+	for i, f := range fields {
+		if len(f.index) > length {
+			fields = fields[:i]
+			break
+		}
+		if f.tag {
+			if tagged >= 0 {
+				// Multiple tagged fields at the same level: conflict.
+				// Return no field.
+				return field{}, false
+			}
+			tagged = i
+		}
+	}
+	if tagged >= 0 {
+		return fields[tagged], true
+	}
+	// All remaining fields have the same length. If there's more than one,
+	// we have a conflict (two fields named "X" at the same level) and we
+	// return no field.
+	if len(fields) > 1 {
+		return field{}, false
+	}
+	return fields[0], true
+}
+
+var fieldCache struct {
+	sync.RWMutex
+	m map[reflect.Type][]field
+}
+
+// cachedTypeFields is like typeFields but uses a cache to avoid repeated work.
+func cachedTypeFields(t reflect.Type) []field {
+	fieldCache.RLock()
+	f := fieldCache.m[t]
+	fieldCache.RUnlock()
+	if f != nil {
+		return f
+	}
+
+	// Compute fields without lock.
+	// Might duplicate effort but won't hold other computations back.
+	f = typeFields(t)
+	if f == nil {
+		f = []field{}
+	}
+
+	fieldCache.Lock()
+	if fieldCache.m == nil {
+		fieldCache.m = map[reflect.Type][]field{}
+	}
+	fieldCache.m[t] = f
+	fieldCache.Unlock()
+	return f
+}
diff --git a/vendor/gopkg.in/go-jose/go-jose.v2/json/indent.go b/vendor/gopkg.in/go-jose/go-jose.v2/json/indent.go
new file mode 100644
index 0000000000..7cd9f4db18
--- /dev/null
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/json/indent.go
@@ -0,0 +1,141 @@
+// Copyright 2010 The Go Authors.  All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package json
+
+import "bytes"
+
+// Compact appends to dst the JSON-encoded src with
+// insignificant space characters elided.
+func Compact(dst *bytes.Buffer, src []byte) error {
+	return compact(dst, src, false)
+}
+
+func compact(dst *bytes.Buffer, src []byte, escape bool) error {
+	origLen := dst.Len()
+	var scan scanner
+	scan.reset()
+	start := 0
+	for i, c := range src {
+		if escape && (c == '<' || c == '>' || c == '&') {
+			if start < i {
+				dst.Write(src[start:i])
+			}
+			dst.WriteString(`\u00`)
+			dst.WriteByte(hex[c>>4])
+			dst.WriteByte(hex[c&0xF])
+			start = i + 1
+		}
+		// Convert U+2028 and U+2029 (E2 80 A8 and E2 80 A9).
+		if c == 0xE2 && i+2 < len(src) && src[i+1] == 0x80 && src[i+2]&^1 == 0xA8 {
+			if start < i {
+				dst.Write(src[start:i])
+			}
+			dst.WriteString(`\u202`)
+			dst.WriteByte(hex[src[i+2]&0xF])
+			start = i + 3
+		}
+		v := scan.step(&scan, c)
+		if v >= scanSkipSpace {
+			if v == scanError {
+				break
+			}
+			if start < i {
+				dst.Write(src[start:i])
+			}
+			start = i + 1
+		}
+	}
+	if scan.eof() == scanError {
+		dst.Truncate(origLen)
+		return scan.err
+	}
+	if start < len(src) {
+		dst.Write(src[start:])
+	}
+	return nil
+}
+
+func newline(dst *bytes.Buffer, prefix, indent string, depth int) {
+	dst.WriteByte('\n')
+	dst.WriteString(prefix)
+	for i := 0; i < depth; i++ {
+		dst.WriteString(indent)
+	}
+}
+
+// Indent appends to dst an indented form of the JSON-encoded src.
+// Each element in a JSON object or array begins on a new,
+// indented line beginning with prefix followed by one or more
+// copies of indent according to the indentation nesting.
+// The data appended to dst does not begin with the prefix nor
+// any indentation, to make it easier to embed inside other formatted JSON data.
+// Although leading space characters (space, tab, carriage return, newline)
+// at the beginning of src are dropped, trailing space characters
+// at the end of src are preserved and copied to dst.
+// For example, if src has no trailing spaces, neither will dst;
+// if src ends in a trailing newline, so will dst.
+func Indent(dst *bytes.Buffer, src []byte, prefix, indent string) error {
+	origLen := dst.Len()
+	var scan scanner
+	scan.reset()
+	needIndent := false
+	depth := 0
+	for _, c := range src {
+		scan.bytes++
+		v := scan.step(&scan, c)
+		if v == scanSkipSpace {
+			continue
+		}
+		if v == scanError {
+			break
+		}
+		if needIndent && v != scanEndObject && v != scanEndArray {
+			needIndent = false
+			depth++
+			newline(dst, prefix, indent, depth)
+		}
+
+		// Emit semantically uninteresting bytes
+		// (in particular, punctuation in strings) unmodified.
+		if v == scanContinue {
+			dst.WriteByte(c)
+			continue
+		}
+
+		// Add spacing around real punctuation.
+		switch c {
+		case '{', '[':
+			// delay indent so that empty object and array are formatted as {} and [].
+			needIndent = true
+			dst.WriteByte(c)
+
+		case ',':
+			dst.WriteByte(c)
+			newline(dst, prefix, indent, depth)
+
+		case ':':
+			dst.WriteByte(c)
+			dst.WriteByte(' ')
+
+		case '}', ']':
+			if needIndent {
+				// suppress indent in empty object/array
+				needIndent = false
+			} else {
+				depth--
+				newline(dst, prefix, indent, depth)
+			}
+			dst.WriteByte(c)
+
+		default:
+			dst.WriteByte(c)
+		}
+	}
+	if scan.eof() == scanError {
+		dst.Truncate(origLen)
+		return scan.err
+	}
+	return nil
+}
diff --git a/vendor/gopkg.in/go-jose/go-jose.v2/json/scanner.go b/vendor/gopkg.in/go-jose/go-jose.v2/json/scanner.go
new file mode 100644
index 0000000000..ee6622e8cf
--- /dev/null
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/json/scanner.go
@@ -0,0 +1,623 @@
+// Copyright 2010 The Go Authors.  All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package json
+
+// JSON value parser state machine.
+// Just about at the limit of what is reasonable to write by hand.
+// Some parts are a bit tedious, but overall it nicely factors out the
+// otherwise common code from the multiple scanning functions
+// in this package (Compact, Indent, checkValid, nextValue, etc).
+//
+// This file starts with two simple examples using the scanner
+// before diving into the scanner itself.
+
+import "strconv"
+
+// checkValid verifies that data is valid JSON-encoded data.
+// scan is passed in for use by checkValid to avoid an allocation.
+func checkValid(data []byte, scan *scanner) error {
+	scan.reset()
+	for _, c := range data {
+		scan.bytes++
+		if scan.step(scan, c) == scanError {
+			return scan.err
+		}
+	}
+	if scan.eof() == scanError {
+		return scan.err
+	}
+	return nil
+}
+
+// nextValue splits data after the next whole JSON value,
+// returning that value and the bytes that follow it as separate slices.
+// scan is passed in for use by nextValue to avoid an allocation.
+func nextValue(data []byte, scan *scanner) (value, rest []byte, err error) {
+	scan.reset()
+	for i, c := range data {
+		v := scan.step(scan, c)
+		if v >= scanEndObject {
+			switch v {
+			// probe the scanner with a space to determine whether we will
+			// get scanEnd on the next character. Otherwise, if the next character
+			// is not a space, scanEndTop allocates a needless error.
+			case scanEndObject, scanEndArray:
+				if scan.step(scan, ' ') == scanEnd {
+					return data[:i+1], data[i+1:], nil
+				}
+			case scanError:
+				return nil, nil, scan.err
+			case scanEnd:
+				return data[:i], data[i:], nil
+			}
+		}
+	}
+	if scan.eof() == scanError {
+		return nil, nil, scan.err
+	}
+	return data, nil, nil
+}
+
+// A SyntaxError is a description of a JSON syntax error.
+type SyntaxError struct {
+	msg    string // description of error
+	Offset int64  // error occurred after reading Offset bytes
+}
+
+func (e *SyntaxError) Error() string { return e.msg }
+
+// A scanner is a JSON scanning state machine.
+// Callers call scan.reset() and then pass bytes in one at a time
+// by calling scan.step(&scan, c) for each byte.
+// The return value, referred to as an opcode, tells the
+// caller about significant parsing events like beginning
+// and ending literals, objects, and arrays, so that the
+// caller can follow along if it wishes.
+// The return value scanEnd indicates that a single top-level
+// JSON value has been completed, *before* the byte that
+// just got passed in.  (The indication must be delayed in order
+// to recognize the end of numbers: is 123 a whole value or
+// the beginning of 12345e+6?).
+type scanner struct {
+	// The step is a func to be called to execute the next transition.
+	// Also tried using an integer constant and a single func
+	// with a switch, but using the func directly was 10% faster
+	// on a 64-bit Mac Mini, and it's nicer to read.
+	step func(*scanner, byte) int
+
+	// Reached end of top-level value.
+	endTop bool
+
+	// Stack of what we're in the middle of - array values, object keys, object values.
+	parseState []int
+
+	// Error that happened, if any.
+	err error
+
+	// 1-byte redo (see undo method)
+	redo      bool
+	redoCode  int
+	redoState func(*scanner, byte) int
+
+	// total bytes consumed, updated by decoder.Decode
+	bytes int64
+}
+
+// These values are returned by the state transition functions
+// assigned to scanner.state and the method scanner.eof.
+// They give details about the current state of the scan that
+// callers might be interested to know about.
+// It is okay to ignore the return value of any particular
+// call to scanner.state: if one call returns scanError,
+// every subsequent call will return scanError too.
+const (
+	// Continue.
+	scanContinue     = iota // uninteresting byte
+	scanBeginLiteral        // end implied by next result != scanContinue
+	scanBeginObject         // begin object
+	scanObjectKey           // just finished object key (string)
+	scanObjectValue         // just finished non-last object value
+	scanEndObject           // end object (implies scanObjectValue if possible)
+	scanBeginArray          // begin array
+	scanArrayValue          // just finished array value
+	scanEndArray            // end array (implies scanArrayValue if possible)
+	scanSkipSpace           // space byte; can skip; known to be last "continue" result
+
+	// Stop.
+	scanEnd   // top-level value ended *before* this byte; known to be first "stop" result
+	scanError // hit an error, scanner.err.
+)
+
+// These values are stored in the parseState stack.
+// They give the current state of a composite value
+// being scanned.  If the parser is inside a nested value
+// the parseState describes the nested state, outermost at entry 0.
+const (
+	parseObjectKey   = iota // parsing object key (before colon)
+	parseObjectValue        // parsing object value (after colon)
+	parseArrayValue         // parsing array value
+)
+
+// reset prepares the scanner for use.
+// It must be called before calling s.step.
+func (s *scanner) reset() {
+	s.step = stateBeginValue
+	s.parseState = s.parseState[0:0]
+	s.err = nil
+	s.redo = false
+	s.endTop = false
+}
+
+// eof tells the scanner that the end of input has been reached.
+// It returns a scan status just as s.step does.
+func (s *scanner) eof() int {
+	if s.err != nil {
+		return scanError
+	}
+	if s.endTop {
+		return scanEnd
+	}
+	s.step(s, ' ')
+	if s.endTop {
+		return scanEnd
+	}
+	if s.err == nil {
+		s.err = &SyntaxError{"unexpected end of JSON input", s.bytes}
+	}
+	return scanError
+}
+
+// pushParseState pushes a new parse state p onto the parse stack.
+func (s *scanner) pushParseState(p int) {
+	s.parseState = append(s.parseState, p)
+}
+
+// popParseState pops a parse state (already obtained) off the stack
+// and updates s.step accordingly.
+func (s *scanner) popParseState() {
+	n := len(s.parseState) - 1
+	s.parseState = s.parseState[0:n]
+	s.redo = false
+	if n == 0 {
+		s.step = stateEndTop
+		s.endTop = true
+	} else {
+		s.step = stateEndValue
+	}
+}
+
+func isSpace(c byte) bool {
+	return c == ' ' || c == '\t' || c == '\r' || c == '\n'
+}
+
+// stateBeginValueOrEmpty is the state after reading `[`.
+func stateBeginValueOrEmpty(s *scanner, c byte) int {
+	if c <= ' ' && isSpace(c) {
+		return scanSkipSpace
+	}
+	if c == ']' {
+		return stateEndValue(s, c)
+	}
+	return stateBeginValue(s, c)
+}
+
+// stateBeginValue is the state at the beginning of the input.
+func stateBeginValue(s *scanner, c byte) int {
+	if c <= ' ' && isSpace(c) {
+		return scanSkipSpace
+	}
+	switch c {
+	case '{':
+		s.step = stateBeginStringOrEmpty
+		s.pushParseState(parseObjectKey)
+		return scanBeginObject
+	case '[':
+		s.step = stateBeginValueOrEmpty
+		s.pushParseState(parseArrayValue)
+		return scanBeginArray
+	case '"':
+		s.step = stateInString
+		return scanBeginLiteral
+	case '-':
+		s.step = stateNeg
+		return scanBeginLiteral
+	case '0': // beginning of 0.123
+		s.step = state0
+		return scanBeginLiteral
+	case 't': // beginning of true
+		s.step = stateT
+		return scanBeginLiteral
+	case 'f': // beginning of false
+		s.step = stateF
+		return scanBeginLiteral
+	case 'n': // beginning of null
+		s.step = stateN
+		return scanBeginLiteral
+	}
+	if '1' <= c && c <= '9' { // beginning of 1234.5
+		s.step = state1
+		return scanBeginLiteral
+	}
+	return s.error(c, "looking for beginning of value")
+}
+
+// stateBeginStringOrEmpty is the state after reading `{`.
+func stateBeginStringOrEmpty(s *scanner, c byte) int {
+	if c <= ' ' && isSpace(c) {
+		return scanSkipSpace
+	}
+	if c == '}' {
+		n := len(s.parseState)
+		s.parseState[n-1] = parseObjectValue
+		return stateEndValue(s, c)
+	}
+	return stateBeginString(s, c)
+}
+
+// stateBeginString is the state after reading `{"key": value,`.
+func stateBeginString(s *scanner, c byte) int {
+	if c <= ' ' && isSpace(c) {
+		return scanSkipSpace
+	}
+	if c == '"' {
+		s.step = stateInString
+		return scanBeginLiteral
+	}
+	return s.error(c, "looking for beginning of object key string")
+}
+
+// stateEndValue is the state after completing a value,
+// such as after reading `{}` or `true` or `["x"`.
+func stateEndValue(s *scanner, c byte) int {
+	n := len(s.parseState)
+	if n == 0 {
+		// Completed top-level before the current byte.
+		s.step = stateEndTop
+		s.endTop = true
+		return stateEndTop(s, c)
+	}
+	if c <= ' ' && isSpace(c) {
+		s.step = stateEndValue
+		return scanSkipSpace
+	}
+	ps := s.parseState[n-1]
+	switch ps {
+	case parseObjectKey:
+		if c == ':' {
+			s.parseState[n-1] = parseObjectValue
+			s.step = stateBeginValue
+			return scanObjectKey
+		}
+		return s.error(c, "after object key")
+	case parseObjectValue:
+		if c == ',' {
+			s.parseState[n-1] = parseObjectKey
+			s.step = stateBeginString
+			return scanObjectValue
+		}
+		if c == '}' {
+			s.popParseState()
+			return scanEndObject
+		}
+		return s.error(c, "after object key:value pair")
+	case parseArrayValue:
+		if c == ',' {
+			s.step = stateBeginValue
+			return scanArrayValue
+		}
+		if c == ']' {
+			s.popParseState()
+			return scanEndArray
+		}
+		return s.error(c, "after array element")
+	}
+	return s.error(c, "")
+}
+
+// stateEndTop is the state after finishing the top-level value,
+// such as after reading `{}` or `[1,2,3]`.
+// Only space characters should be seen now.
+func stateEndTop(s *scanner, c byte) int {
+	if c != ' ' && c != '\t' && c != '\r' && c != '\n' {
+		// Complain about non-space byte on next call.
+		s.error(c, "after top-level value")
+	}
+	return scanEnd
+}
+
+// stateInString is the state after reading `"`.
+func stateInString(s *scanner, c byte) int {
+	if c == '"' {
+		s.step = stateEndValue
+		return scanContinue
+	}
+	if c == '\\' {
+		s.step = stateInStringEsc
+		return scanContinue
+	}
+	if c < 0x20 {
+		return s.error(c, "in string literal")
+	}
+	return scanContinue
+}
+
+// stateInStringEsc is the state after reading `"\` during a quoted string.
+func stateInStringEsc(s *scanner, c byte) int {
+	switch c {
+	case 'b', 'f', 'n', 'r', 't', '\\', '/', '"':
+		s.step = stateInString
+		return scanContinue
+	case 'u':
+		s.step = stateInStringEscU
+		return scanContinue
+	}
+	return s.error(c, "in string escape code")
+}
+
+// stateInStringEscU is the state after reading `"\u` during a quoted string.
+func stateInStringEscU(s *scanner, c byte) int {
+	if '0' <= c && c <= '9' || 'a' <= c && c <= 'f' || 'A' <= c && c <= 'F' {
+		s.step = stateInStringEscU1
+		return scanContinue
+	}
+	// numbers
+	return s.error(c, "in \\u hexadecimal character escape")
+}
+
+// stateInStringEscU1 is the state after reading `"\u1` during a quoted string.
+func stateInStringEscU1(s *scanner, c byte) int {
+	if '0' <= c && c <= '9' || 'a' <= c && c <= 'f' || 'A' <= c && c <= 'F' {
+		s.step = stateInStringEscU12
+		return scanContinue
+	}
+	// numbers
+	return s.error(c, "in \\u hexadecimal character escape")
+}
+
+// stateInStringEscU12 is the state after reading `"\u12` during a quoted string.
+func stateInStringEscU12(s *scanner, c byte) int {
+	if '0' <= c && c <= '9' || 'a' <= c && c <= 'f' || 'A' <= c && c <= 'F' {
+		s.step = stateInStringEscU123
+		return scanContinue
+	}
+	// numbers
+	return s.error(c, "in \\u hexadecimal character escape")
+}
+
+// stateInStringEscU123 is the state after reading `"\u123` during a quoted string.
+func stateInStringEscU123(s *scanner, c byte) int {
+	if '0' <= c && c <= '9' || 'a' <= c && c <= 'f' || 'A' <= c && c <= 'F' {
+		s.step = stateInString
+		return scanContinue
+	}
+	// numbers
+	return s.error(c, "in \\u hexadecimal character escape")
+}
+
+// stateNeg is the state after reading `-` during a number.
+func stateNeg(s *scanner, c byte) int {
+	if c == '0' {
+		s.step = state0
+		return scanContinue
+	}
+	if '1' <= c && c <= '9' {
+		s.step = state1
+		return scanContinue
+	}
+	return s.error(c, "in numeric literal")
+}
+
+// state1 is the state after reading a non-zero integer during a number,
+// such as after reading `1` or `100` but not `0`.
+func state1(s *scanner, c byte) int {
+	if '0' <= c && c <= '9' {
+		s.step = state1
+		return scanContinue
+	}
+	return state0(s, c)
+}
+
+// state0 is the state after reading `0` during a number.
+func state0(s *scanner, c byte) int {
+	if c == '.' {
+		s.step = stateDot
+		return scanContinue
+	}
+	if c == 'e' || c == 'E' {
+		s.step = stateE
+		return scanContinue
+	}
+	return stateEndValue(s, c)
+}
+
+// stateDot is the state after reading the integer and decimal point in a number,
+// such as after reading `1.`.
+func stateDot(s *scanner, c byte) int {
+	if '0' <= c && c <= '9' {
+		s.step = stateDot0
+		return scanContinue
+	}
+	return s.error(c, "after decimal point in numeric literal")
+}
+
+// stateDot0 is the state after reading the integer, decimal point, and subsequent
+// digits of a number, such as after reading `3.14`.
+func stateDot0(s *scanner, c byte) int {
+	if '0' <= c && c <= '9' {
+		return scanContinue
+	}
+	if c == 'e' || c == 'E' {
+		s.step = stateE
+		return scanContinue
+	}
+	return stateEndValue(s, c)
+}
+
+// stateE is the state after reading the mantissa and e in a number,
+// such as after reading `314e` or `0.314e`.
+func stateE(s *scanner, c byte) int {
+	if c == '+' || c == '-' {
+		s.step = stateESign
+		return scanContinue
+	}
+	return stateESign(s, c)
+}
+
+// stateESign is the state after reading the mantissa, e, and sign in a number,
+// such as after reading `314e-` or `0.314e+`.
+func stateESign(s *scanner, c byte) int {
+	if '0' <= c && c <= '9' {
+		s.step = stateE0
+		return scanContinue
+	}
+	return s.error(c, "in exponent of numeric literal")
+}
+
+// stateE0 is the state after reading the mantissa, e, optional sign,
+// and at least one digit of the exponent in a number,
+// such as after reading `314e-2` or `0.314e+1` or `3.14e0`.
+func stateE0(s *scanner, c byte) int {
+	if '0' <= c && c <= '9' {
+		return scanContinue
+	}
+	return stateEndValue(s, c)
+}
+
+// stateT is the state after reading `t`.
+func stateT(s *scanner, c byte) int {
+	if c == 'r' {
+		s.step = stateTr
+		return scanContinue
+	}
+	return s.error(c, "in literal true (expecting 'r')")
+}
+
+// stateTr is the state after reading `tr`.
+func stateTr(s *scanner, c byte) int {
+	if c == 'u' {
+		s.step = stateTru
+		return scanContinue
+	}
+	return s.error(c, "in literal true (expecting 'u')")
+}
+
+// stateTru is the state after reading `tru`.
+func stateTru(s *scanner, c byte) int {
+	if c == 'e' {
+		s.step = stateEndValue
+		return scanContinue
+	}
+	return s.error(c, "in literal true (expecting 'e')")
+}
+
+// stateF is the state after reading `f`.
+func stateF(s *scanner, c byte) int {
+	if c == 'a' {
+		s.step = stateFa
+		return scanContinue
+	}
+	return s.error(c, "in literal false (expecting 'a')")
+}
+
+// stateFa is the state after reading `fa`.
+func stateFa(s *scanner, c byte) int {
+	if c == 'l' {
+		s.step = stateFal
+		return scanContinue
+	}
+	return s.error(c, "in literal false (expecting 'l')")
+}
+
+// stateFal is the state after reading `fal`.
+func stateFal(s *scanner, c byte) int {
+	if c == 's' {
+		s.step = stateFals
+		return scanContinue
+	}
+	return s.error(c, "in literal false (expecting 's')")
+}
+
+// stateFals is the state after reading `fals`.
+func stateFals(s *scanner, c byte) int {
+	if c == 'e' {
+		s.step = stateEndValue
+		return scanContinue
+	}
+	return s.error(c, "in literal false (expecting 'e')")
+}
+
+// stateN is the state after reading `n`.
+func stateN(s *scanner, c byte) int {
+	if c == 'u' {
+		s.step = stateNu
+		return scanContinue
+	}
+	return s.error(c, "in literal null (expecting 'u')")
+}
+
+// stateNu is the state after reading `nu`.
+func stateNu(s *scanner, c byte) int {
+	if c == 'l' {
+		s.step = stateNul
+		return scanContinue
+	}
+	return s.error(c, "in literal null (expecting 'l')")
+}
+
+// stateNul is the state after reading `nul`.
+func stateNul(s *scanner, c byte) int {
+	if c == 'l' {
+		s.step = stateEndValue
+		return scanContinue
+	}
+	return s.error(c, "in literal null (expecting 'l')")
+}
+
+// stateError is the state after reaching a syntax error,
+// such as after reading `[1}` or `5.1.2`.
+func stateError(s *scanner, c byte) int {
+	return scanError
+}
+
+// error records an error and switches to the error state.
+func (s *scanner) error(c byte, context string) int {
+	s.step = stateError
+	s.err = &SyntaxError{"invalid character " + quoteChar(c) + " " + context, s.bytes}
+	return scanError
+}
+
+// quoteChar formats c as a quoted character literal
+func quoteChar(c byte) string {
+	// special cases - different from quoted strings
+	if c == '\'' {
+		return `'\''`
+	}
+	if c == '"' {
+		return `'"'`
+	}
+
+	// use quoted string with different quotation marks
+	s := strconv.Quote(string(c))
+	return "'" + s[1:len(s)-1] + "'"
+}
+
+// undo causes the scanner to return scanCode from the next state transition.
+// This gives callers a simple 1-byte undo mechanism.
+func (s *scanner) undo(scanCode int) {
+	if s.redo {
+		panic("json: invalid use of scanner")
+	}
+	s.redoCode = scanCode
+	s.redoState = s.step
+	s.step = stateRedo
+	s.redo = true
+}
+
+// stateRedo helps implement the scanner's 1-byte undo.
+func stateRedo(s *scanner, c byte) int {
+	s.redo = false
+	s.step = s.redoState
+	return s.redoCode
+}
diff --git a/vendor/gopkg.in/go-jose/go-jose.v2/json/stream.go b/vendor/gopkg.in/go-jose/go-jose.v2/json/stream.go
new file mode 100644
index 0000000000..9b2b926b03
--- /dev/null
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/json/stream.go
@@ -0,0 +1,485 @@
+// Copyright 2010 The Go Authors.  All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package json
+
+import (
+	"bytes"
+	"errors"
+	"io"
+)
+
+// A Decoder reads and decodes JSON objects from an input stream.
+type Decoder struct {
+	r     io.Reader
+	buf   []byte
+	d     decodeState
+	scanp int // start of unread data in buf
+	scan  scanner
+	err   error
+
+	tokenState int
+	tokenStack []int
+}
+
+// NewDecoder returns a new decoder that reads from r.
+//
+// The decoder introduces its own buffering and may
+// read data from r beyond the JSON values requested.
+func NewDecoder(r io.Reader) *Decoder {
+	return &Decoder{r: r}
+}
+
+// Deprecated: Use `SetNumberType` instead
+// UseNumber causes the Decoder to unmarshal a number into an interface{} as a
+// Number instead of as a float64.
+func (dec *Decoder) UseNumber() { dec.d.numberType = UnmarshalJSONNumber }
+
+// SetNumberType causes the Decoder to unmarshal a number into an interface{} as a
+// Number, float64 or int64 depending on `t` enum value.
+func (dec *Decoder) SetNumberType(t NumberUnmarshalType) { dec.d.numberType = t }
+
+// Decode reads the next JSON-encoded value from its
+// input and stores it in the value pointed to by v.
+//
+// See the documentation for Unmarshal for details about
+// the conversion of JSON into a Go value.
+func (dec *Decoder) Decode(v interface{}) error {
+	if dec.err != nil {
+		return dec.err
+	}
+
+	if err := dec.tokenPrepareForDecode(); err != nil {
+		return err
+	}
+
+	if !dec.tokenValueAllowed() {
+		return &SyntaxError{msg: "not at beginning of value"}
+	}
+
+	// Read whole value into buffer.
+	n, err := dec.readValue()
+	if err != nil {
+		return err
+	}
+	dec.d.init(dec.buf[dec.scanp : dec.scanp+n])
+	dec.scanp += n
+
+	// Don't save err from unmarshal into dec.err:
+	// the connection is still usable since we read a complete JSON
+	// object from it before the error happened.
+	err = dec.d.unmarshal(v)
+
+	// fixup token streaming state
+	dec.tokenValueEnd()
+
+	return err
+}
+
+// Buffered returns a reader of the data remaining in the Decoder's
+// buffer. The reader is valid until the next call to Decode.
+func (dec *Decoder) Buffered() io.Reader {
+	return bytes.NewReader(dec.buf[dec.scanp:])
+}
+
+// readValue reads a JSON value into dec.buf.
+// It returns the length of the encoding.
+func (dec *Decoder) readValue() (int, error) {
+	dec.scan.reset()
+
+	scanp := dec.scanp
+	var err error
+Input:
+	for {
+		// Look in the buffer for a new value.
+		for i, c := range dec.buf[scanp:] {
+			dec.scan.bytes++
+			v := dec.scan.step(&dec.scan, c)
+			if v == scanEnd {
+				scanp += i
+				break Input
+			}
+			// scanEnd is delayed one byte.
+			// We might block trying to get that byte from src,
+			// so instead invent a space byte.
+			if (v == scanEndObject || v == scanEndArray) && dec.scan.step(&dec.scan, ' ') == scanEnd {
+				scanp += i + 1
+				break Input
+			}
+			if v == scanError {
+				dec.err = dec.scan.err
+				return 0, dec.scan.err
+			}
+		}
+		scanp = len(dec.buf)
+
+		// Did the last read have an error?
+		// Delayed until now to allow buffer scan.
+		if err != nil {
+			if err == io.EOF {
+				if dec.scan.step(&dec.scan, ' ') == scanEnd {
+					break Input
+				}
+				if nonSpace(dec.buf) {
+					err = io.ErrUnexpectedEOF
+				}
+			}
+			dec.err = err
+			return 0, err
+		}
+
+		n := scanp - dec.scanp
+		err = dec.refill()
+		scanp = dec.scanp + n
+	}
+	return scanp - dec.scanp, nil
+}
+
+func (dec *Decoder) refill() error {
+	// Make room to read more into the buffer.
+	// First slide down data already consumed.
+	if dec.scanp > 0 {
+		n := copy(dec.buf, dec.buf[dec.scanp:])
+		dec.buf = dec.buf[:n]
+		dec.scanp = 0
+	}
+
+	// Grow buffer if not large enough.
+	const minRead = 512
+	if cap(dec.buf)-len(dec.buf) < minRead {
+		newBuf := make([]byte, len(dec.buf), 2*cap(dec.buf)+minRead)
+		copy(newBuf, dec.buf)
+		dec.buf = newBuf
+	}
+
+	// Read.  Delay error for next iteration (after scan).
+	n, err := dec.r.Read(dec.buf[len(dec.buf):cap(dec.buf)])
+	dec.buf = dec.buf[0 : len(dec.buf)+n]
+
+	return err
+}
+
+func nonSpace(b []byte) bool {
+	for _, c := range b {
+		if !isSpace(c) {
+			return true
+		}
+	}
+	return false
+}
+
+// An Encoder writes JSON objects to an output stream.
+type Encoder struct {
+	w   io.Writer
+	err error
+}
+
+// NewEncoder returns a new encoder that writes to w.
+func NewEncoder(w io.Writer) *Encoder {
+	return &Encoder{w: w}
+}
+
+// Encode writes the JSON encoding of v to the stream,
+// followed by a newline character.
+//
+// See the documentation for Marshal for details about the
+// conversion of Go values to JSON.
+func (enc *Encoder) Encode(v interface{}) error {
+	if enc.err != nil {
+		return enc.err
+	}
+	e := newEncodeState()
+	err := e.marshal(v)
+	if err != nil {
+		return err
+	}
+
+	// Terminate each value with a newline.
+	// This makes the output look a little nicer
+	// when debugging, and some kind of space
+	// is required if the encoded value was a number,
+	// so that the reader knows there aren't more
+	// digits coming.
+	e.WriteByte('\n')
+
+	if _, err = enc.w.Write(e.Bytes()); err != nil {
+		enc.err = err
+	}
+	encodeStatePool.Put(e)
+	return err
+}
+
+// RawMessage is a raw encoded JSON object.
+// It implements Marshaler and Unmarshaler and can
+// be used to delay JSON decoding or precompute a JSON encoding.
+type RawMessage []byte
+
+// MarshalJSON returns *m as the JSON encoding of m.
+func (m *RawMessage) MarshalJSON() ([]byte, error) {
+	return *m, nil
+}
+
+// UnmarshalJSON sets *m to a copy of data.
+func (m *RawMessage) UnmarshalJSON(data []byte) error {
+	if m == nil {
+		return errors.New("json.RawMessage: UnmarshalJSON on nil pointer")
+	}
+	*m = append((*m)[0:0], data...)
+	return nil
+}
+
+var _ Marshaler = (*RawMessage)(nil)
+var _ Unmarshaler = (*RawMessage)(nil)
+
+// A Token holds a value of one of these types:
+//
+//	Delim, for the four JSON delimiters [ ] { }
+//	bool, for JSON booleans
+//	float64, for JSON numbers
+//	Number, for JSON numbers
+//	string, for JSON string literals
+//	nil, for JSON null
+//
+type Token interface{}
+
+const (
+	tokenTopValue = iota
+	tokenArrayStart
+	tokenArrayValue
+	tokenArrayComma
+	tokenObjectStart
+	tokenObjectKey
+	tokenObjectColon
+	tokenObjectValue
+	tokenObjectComma
+)
+
+// advance tokenstate from a separator state to a value state
+func (dec *Decoder) tokenPrepareForDecode() error {
+	// Note: Not calling peek before switch, to avoid
+	// putting peek into the standard Decode path.
+	// peek is only called when using the Token API.
+	switch dec.tokenState {
+	case tokenArrayComma:
+		c, err := dec.peek()
+		if err != nil {
+			return err
+		}
+		if c != ',' {
+			return &SyntaxError{"expected comma after array element", 0}
+		}
+		dec.scanp++
+		dec.tokenState = tokenArrayValue
+	case tokenObjectColon:
+		c, err := dec.peek()
+		if err != nil {
+			return err
+		}
+		if c != ':' {
+			return &SyntaxError{"expected colon after object key", 0}
+		}
+		dec.scanp++
+		dec.tokenState = tokenObjectValue
+	}
+	return nil
+}
+
+func (dec *Decoder) tokenValueAllowed() bool {
+	switch dec.tokenState {
+	case tokenTopValue, tokenArrayStart, tokenArrayValue, tokenObjectValue:
+		return true
+	}
+	return false
+}
+
+func (dec *Decoder) tokenValueEnd() {
+	switch dec.tokenState {
+	case tokenArrayStart, tokenArrayValue:
+		dec.tokenState = tokenArrayComma
+	case tokenObjectValue:
+		dec.tokenState = tokenObjectComma
+	}
+}
+
+// A Delim is a JSON array or object delimiter, one of [ ] { or }.
+type Delim rune
+
+func (d Delim) String() string {
+	return string(d)
+}
+
+// Token returns the next JSON token in the input stream.
+// At the end of the input stream, Token returns nil, io.EOF.
+//
+// Token guarantees that the delimiters [ ] { } it returns are
+// properly nested and matched: if Token encounters an unexpected
+// delimiter in the input, it will return an error.
+//
+// The input stream consists of basic JSON values—bool, string,
+// number, and null—along with delimiters [ ] { } of type Delim
+// to mark the start and end of arrays and objects.
+// Commas and colons are elided.
+func (dec *Decoder) Token() (Token, error) {
+	for {
+		c, err := dec.peek()
+		if err != nil {
+			return nil, err
+		}
+		switch c {
+		case '[':
+			if !dec.tokenValueAllowed() {
+				return dec.tokenError(c)
+			}
+			dec.scanp++
+			dec.tokenStack = append(dec.tokenStack, dec.tokenState)
+			dec.tokenState = tokenArrayStart
+			return Delim('['), nil
+
+		case ']':
+			if dec.tokenState != tokenArrayStart && dec.tokenState != tokenArrayComma {
+				return dec.tokenError(c)
+			}
+			dec.scanp++
+			dec.tokenState = dec.tokenStack[len(dec.tokenStack)-1]
+			dec.tokenStack = dec.tokenStack[:len(dec.tokenStack)-1]
+			dec.tokenValueEnd()
+			return Delim(']'), nil
+
+		case '{':
+			if !dec.tokenValueAllowed() {
+				return dec.tokenError(c)
+			}
+			dec.scanp++
+			dec.tokenStack = append(dec.tokenStack, dec.tokenState)
+			dec.tokenState = tokenObjectStart
+			return Delim('{'), nil
+
+		case '}':
+			if dec.tokenState != tokenObjectStart && dec.tokenState != tokenObjectComma {
+				return dec.tokenError(c)
+			}
+			dec.scanp++
+			dec.tokenState = dec.tokenStack[len(dec.tokenStack)-1]
+			dec.tokenStack = dec.tokenStack[:len(dec.tokenStack)-1]
+			dec.tokenValueEnd()
+			return Delim('}'), nil
+
+		case ':':
+			if dec.tokenState != tokenObjectColon {
+				return dec.tokenError(c)
+			}
+			dec.scanp++
+			dec.tokenState = tokenObjectValue
+			continue
+
+		case ',':
+			if dec.tokenState == tokenArrayComma {
+				dec.scanp++
+				dec.tokenState = tokenArrayValue
+				continue
+			}
+			if dec.tokenState == tokenObjectComma {
+				dec.scanp++
+				dec.tokenState = tokenObjectKey
+				continue
+			}
+			return dec.tokenError(c)
+
+		case '"':
+			if dec.tokenState == tokenObjectStart || dec.tokenState == tokenObjectKey {
+				var x string
+				old := dec.tokenState
+				dec.tokenState = tokenTopValue
+				err := dec.Decode(&x)
+				dec.tokenState = old
+				if err != nil {
+					clearOffset(err)
+					return nil, err
+				}
+				dec.tokenState = tokenObjectColon
+				return x, nil
+			}
+			fallthrough
+
+		default:
+			if !dec.tokenValueAllowed() {
+				return dec.tokenError(c)
+			}
+			var x interface{}
+			if err := dec.Decode(&x); err != nil {
+				clearOffset(err)
+				return nil, err
+			}
+			return x, nil
+		}
+	}
+}
+
+func clearOffset(err error) {
+	if s, ok := err.(*SyntaxError); ok {
+		s.Offset = 0
+	}
+}
+
+func (dec *Decoder) tokenError(c byte) (Token, error) {
+	var context string
+	switch dec.tokenState {
+	case tokenTopValue:
+		context = " looking for beginning of value"
+	case tokenArrayStart, tokenArrayValue, tokenObjectValue:
+		context = " looking for beginning of value"
+	case tokenArrayComma:
+		context = " after array element"
+	case tokenObjectKey:
+		context = " looking for beginning of object key string"
+	case tokenObjectColon:
+		context = " after object key"
+	case tokenObjectComma:
+		context = " after object key:value pair"
+	}
+	return nil, &SyntaxError{"invalid character " + quoteChar(c) + " " + context, 0}
+}
+
+// More reports whether there is another element in the
+// current array or object being parsed.
+func (dec *Decoder) More() bool {
+	c, err := dec.peek()
+	return err == nil && c != ']' && c != '}'
+}
+
+func (dec *Decoder) peek() (byte, error) {
+	var err error
+	for {
+		for i := dec.scanp; i < len(dec.buf); i++ {
+			c := dec.buf[i]
+			if isSpace(c) {
+				continue
+			}
+			dec.scanp = i
+			return c, nil
+		}
+		// buffer has been scanned, now report any error
+		if err != nil {
+			return 0, err
+		}
+		err = dec.refill()
+	}
+}
+
+/*
+TODO
+
+// EncodeToken writes the given JSON token to the stream.
+// It returns an error if the delimiters [ ] { } are not properly used.
+//
+// EncodeToken does not call Flush, because usually it is part of
+// a larger operation such as Encode, and those will call Flush when finished.
+// Callers that create an Encoder and then invoke EncodeToken directly,
+// without using Encode, need to call Flush when finished to ensure that
+// the JSON is written to the underlying writer.
+func (e *Encoder) EncodeToken(t Token) error  {
+	...
+}
+
+*/
diff --git a/vendor/gopkg.in/go-jose/go-jose.v2/json/tags.go b/vendor/gopkg.in/go-jose/go-jose.v2/json/tags.go
new file mode 100644
index 0000000000..c38fd5102f
--- /dev/null
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/json/tags.go
@@ -0,0 +1,44 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package json
+
+import (
+	"strings"
+)
+
+// tagOptions is the string following a comma in a struct field's "json"
+// tag, or the empty string. It does not include the leading comma.
+type tagOptions string
+
+// parseTag splits a struct field's json tag into its name and
+// comma-separated options.
+func parseTag(tag string) (string, tagOptions) {
+	if idx := strings.Index(tag, ","); idx != -1 {
+		return tag[:idx], tagOptions(tag[idx+1:])
+	}
+	return tag, tagOptions("")
+}
+
+// Contains reports whether a comma-separated list of options
+// contains a particular substr flag. substr must be surrounded by a
+// string boundary or commas.
+func (o tagOptions) Contains(optionName string) bool {
+	if len(o) == 0 {
+		return false
+	}
+	s := string(o)
+	for s != "" {
+		var next string
+		i := strings.Index(s, ",")
+		if i >= 0 {
+			s, next = s[:i], s[i+1:]
+		}
+		if s == optionName {
+			return true
+		}
+		s = next
+	}
+	return false
+}
diff --git a/vendor/gopkg.in/go-jose/go-jose.v2/jwe.go b/vendor/gopkg.in/go-jose/go-jose.v2/jwe.go
new file mode 100644
index 0000000000..a8966ab8e9
--- /dev/null
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/jwe.go
@@ -0,0 +1,294 @@
+/*-
+ * Copyright 2014 Square Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package jose
+
+import (
+	"encoding/base64"
+	"fmt"
+	"strings"
+
+	"gopkg.in/go-jose/go-jose.v2/json"
+)
+
+// rawJSONWebEncryption represents a raw JWE JSON object. Used for parsing/serializing.
+type rawJSONWebEncryption struct {
+	Protected    *byteBuffer        `json:"protected,omitempty"`
+	Unprotected  *rawHeader         `json:"unprotected,omitempty"`
+	Header       *rawHeader         `json:"header,omitempty"`
+	Recipients   []rawRecipientInfo `json:"recipients,omitempty"`
+	Aad          *byteBuffer        `json:"aad,omitempty"`
+	EncryptedKey *byteBuffer        `json:"encrypted_key,omitempty"`
+	Iv           *byteBuffer        `json:"iv,omitempty"`
+	Ciphertext   *byteBuffer        `json:"ciphertext,omitempty"`
+	Tag          *byteBuffer        `json:"tag,omitempty"`
+}
+
+// rawRecipientInfo represents a raw JWE Per-Recipient header JSON object. Used for parsing/serializing.
+type rawRecipientInfo struct {
+	Header       *rawHeader `json:"header,omitempty"`
+	EncryptedKey string     `json:"encrypted_key,omitempty"`
+}
+
+// JSONWebEncryption represents an encrypted JWE object after parsing.
+type JSONWebEncryption struct {
+	Header                   Header
+	protected, unprotected   *rawHeader
+	recipients               []recipientInfo
+	aad, iv, ciphertext, tag []byte
+	original                 *rawJSONWebEncryption
+}
+
+// recipientInfo represents a raw JWE Per-Recipient header JSON object after parsing.
+type recipientInfo struct {
+	header       *rawHeader
+	encryptedKey []byte
+}
+
+// GetAuthData retrieves the (optional) authenticated data attached to the object.
+func (obj JSONWebEncryption) GetAuthData() []byte {
+	if obj.aad != nil {
+		out := make([]byte, len(obj.aad))
+		copy(out, obj.aad)
+		return out
+	}
+
+	return nil
+}
+
+// Get the merged header values
+func (obj JSONWebEncryption) mergedHeaders(recipient *recipientInfo) rawHeader {
+	out := rawHeader{}
+	out.merge(obj.protected)
+	out.merge(obj.unprotected)
+
+	if recipient != nil {
+		out.merge(recipient.header)
+	}
+
+	return out
+}
+
+// Get the additional authenticated data from a JWE object.
+func (obj JSONWebEncryption) computeAuthData() []byte {
+	var protected string
+
+	if obj.original != nil && obj.original.Protected != nil {
+		protected = obj.original.Protected.base64()
+	} else if obj.protected != nil {
+		protected = base64.RawURLEncoding.EncodeToString(mustSerializeJSON((obj.protected)))
+	} else {
+		protected = ""
+	}
+
+	output := []byte(protected)
+	if obj.aad != nil {
+		output = append(output, '.')
+		output = append(output, []byte(base64.RawURLEncoding.EncodeToString(obj.aad))...)
+	}
+
+	return output
+}
+
+// ParseEncrypted parses an encrypted message in compact or full serialization format.
+func ParseEncrypted(input string) (*JSONWebEncryption, error) {
+	input = stripWhitespace(input)
+	if strings.HasPrefix(input, "{") {
+		return parseEncryptedFull(input)
+	}
+
+	return parseEncryptedCompact(input)
+}
+
+// parseEncryptedFull parses a message in compact format.
+func parseEncryptedFull(input string) (*JSONWebEncryption, error) {
+	var parsed rawJSONWebEncryption
+	err := json.Unmarshal([]byte(input), &parsed)
+	if err != nil {
+		return nil, err
+	}
+
+	return parsed.sanitized()
+}
+
+// sanitized produces a cleaned-up JWE object from the raw JSON.
+func (parsed *rawJSONWebEncryption) sanitized() (*JSONWebEncryption, error) {
+	obj := &JSONWebEncryption{
+		original:    parsed,
+		unprotected: parsed.Unprotected,
+	}
+
+	// Check that there is not a nonce in the unprotected headers
+	if parsed.Unprotected != nil {
+		if nonce := parsed.Unprotected.getNonce(); nonce != "" {
+			return nil, ErrUnprotectedNonce
+		}
+	}
+	if parsed.Header != nil {
+		if nonce := parsed.Header.getNonce(); nonce != "" {
+			return nil, ErrUnprotectedNonce
+		}
+	}
+
+	if parsed.Protected != nil && len(parsed.Protected.bytes()) > 0 {
+		err := json.Unmarshal(parsed.Protected.bytes(), &obj.protected)
+		if err != nil {
+			return nil, fmt.Errorf("go-jose/go-jose: invalid protected header: %s, %s", err, parsed.Protected.base64())
+		}
+	}
+
+	// Note: this must be called _after_ we parse the protected header,
+	// otherwise fields from the protected header will not get picked up.
+	var err error
+	mergedHeaders := obj.mergedHeaders(nil)
+	obj.Header, err = mergedHeaders.sanitized()
+	if err != nil {
+		return nil, fmt.Errorf("go-jose/go-jose: cannot sanitize merged headers: %v (%v)", err, mergedHeaders)
+	}
+
+	if len(parsed.Recipients) == 0 {
+		obj.recipients = []recipientInfo{
+			{
+				header:       parsed.Header,
+				encryptedKey: parsed.EncryptedKey.bytes(),
+			},
+		}
+	} else {
+		obj.recipients = make([]recipientInfo, len(parsed.Recipients))
+		for r := range parsed.Recipients {
+			encryptedKey, err := base64.RawURLEncoding.DecodeString(parsed.Recipients[r].EncryptedKey)
+			if err != nil {
+				return nil, err
+			}
+
+			// Check that there is not a nonce in the unprotected header
+			if parsed.Recipients[r].Header != nil && parsed.Recipients[r].Header.getNonce() != "" {
+				return nil, ErrUnprotectedNonce
+			}
+
+			obj.recipients[r].header = parsed.Recipients[r].Header
+			obj.recipients[r].encryptedKey = encryptedKey
+		}
+	}
+
+	for _, recipient := range obj.recipients {
+		headers := obj.mergedHeaders(&recipient)
+		if headers.getAlgorithm() == "" || headers.getEncryption() == "" {
+			return nil, fmt.Errorf("go-jose/go-jose: message is missing alg/enc headers")
+		}
+	}
+
+	obj.iv = parsed.Iv.bytes()
+	obj.ciphertext = parsed.Ciphertext.bytes()
+	obj.tag = parsed.Tag.bytes()
+	obj.aad = parsed.Aad.bytes()
+
+	return obj, nil
+}
+
+// parseEncryptedCompact parses a message in compact format.
+func parseEncryptedCompact(input string) (*JSONWebEncryption, error) {
+	parts := strings.Split(input, ".")
+	if len(parts) != 5 {
+		return nil, fmt.Errorf("go-jose/go-jose: compact JWE format must have five parts")
+	}
+
+	rawProtected, err := base64.RawURLEncoding.DecodeString(parts[0])
+	if err != nil {
+		return nil, err
+	}
+
+	encryptedKey, err := base64.RawURLEncoding.DecodeString(parts[1])
+	if err != nil {
+		return nil, err
+	}
+
+	iv, err := base64.RawURLEncoding.DecodeString(parts[2])
+	if err != nil {
+		return nil, err
+	}
+
+	ciphertext, err := base64.RawURLEncoding.DecodeString(parts[3])
+	if err != nil {
+		return nil, err
+	}
+
+	tag, err := base64.RawURLEncoding.DecodeString(parts[4])
+	if err != nil {
+		return nil, err
+	}
+
+	raw := &rawJSONWebEncryption{
+		Protected:    newBuffer(rawProtected),
+		EncryptedKey: newBuffer(encryptedKey),
+		Iv:           newBuffer(iv),
+		Ciphertext:   newBuffer(ciphertext),
+		Tag:          newBuffer(tag),
+	}
+
+	return raw.sanitized()
+}
+
+// CompactSerialize serializes an object using the compact serialization format.
+func (obj JSONWebEncryption) CompactSerialize() (string, error) {
+	if len(obj.recipients) != 1 || obj.unprotected != nil ||
+		obj.protected == nil || obj.recipients[0].header != nil {
+		return "", ErrNotSupported
+	}
+
+	serializedProtected := mustSerializeJSON(obj.protected)
+
+	return fmt.Sprintf(
+		"%s.%s.%s.%s.%s",
+		base64.RawURLEncoding.EncodeToString(serializedProtected),
+		base64.RawURLEncoding.EncodeToString(obj.recipients[0].encryptedKey),
+		base64.RawURLEncoding.EncodeToString(obj.iv),
+		base64.RawURLEncoding.EncodeToString(obj.ciphertext),
+		base64.RawURLEncoding.EncodeToString(obj.tag)), nil
+}
+
+// FullSerialize serializes an object using the full JSON serialization format.
+func (obj JSONWebEncryption) FullSerialize() string {
+	raw := rawJSONWebEncryption{
+		Unprotected:  obj.unprotected,
+		Iv:           newBuffer(obj.iv),
+		Ciphertext:   newBuffer(obj.ciphertext),
+		EncryptedKey: newBuffer(obj.recipients[0].encryptedKey),
+		Tag:          newBuffer(obj.tag),
+		Aad:          newBuffer(obj.aad),
+		Recipients:   []rawRecipientInfo{},
+	}
+
+	if len(obj.recipients) > 1 {
+		for _, recipient := range obj.recipients {
+			info := rawRecipientInfo{
+				Header:       recipient.header,
+				EncryptedKey: base64.RawURLEncoding.EncodeToString(recipient.encryptedKey),
+			}
+			raw.Recipients = append(raw.Recipients, info)
+		}
+	} else {
+		// Use flattened serialization
+		raw.Header = obj.recipients[0].header
+		raw.EncryptedKey = newBuffer(obj.recipients[0].encryptedKey)
+	}
+
+	if obj.protected != nil {
+		raw.Protected = newBuffer(mustSerializeJSON(obj.protected))
+	}
+
+	return string(mustSerializeJSON(raw))
+}
diff --git a/vendor/gopkg.in/go-jose/go-jose.v2/jwk.go b/vendor/gopkg.in/go-jose/go-jose.v2/jwk.go
new file mode 100644
index 0000000000..ea3d863406
--- /dev/null
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/jwk.go
@@ -0,0 +1,760 @@
+/*-
+ * Copyright 2014 Square Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package jose
+
+import (
+	"bytes"
+	"crypto"
+	"crypto/ecdsa"
+	"crypto/elliptic"
+	"crypto/rsa"
+	"crypto/sha1"
+	"crypto/sha256"
+	"crypto/x509"
+	"encoding/base64"
+	"encoding/hex"
+	"errors"
+	"fmt"
+	"math/big"
+	"net/url"
+	"reflect"
+	"strings"
+
+	"golang.org/x/crypto/ed25519"
+
+	"gopkg.in/go-jose/go-jose.v2/json"
+)
+
+// rawJSONWebKey represents a public or private key in JWK format, used for parsing/serializing.
+type rawJSONWebKey struct {
+	Use string      `json:"use,omitempty"`
+	Kty string      `json:"kty,omitempty"`
+	Kid string      `json:"kid,omitempty"`
+	Crv string      `json:"crv,omitempty"`
+	Alg string      `json:"alg,omitempty"`
+	K   *byteBuffer `json:"k,omitempty"`
+	X   *byteBuffer `json:"x,omitempty"`
+	Y   *byteBuffer `json:"y,omitempty"`
+	N   *byteBuffer `json:"n,omitempty"`
+	E   *byteBuffer `json:"e,omitempty"`
+	// -- Following fields are only used for private keys --
+	// RSA uses D, P and Q, while ECDSA uses only D. Fields Dp, Dq, and Qi are
+	// completely optional. Therefore for RSA/ECDSA, D != nil is a contract that
+	// we have a private key whereas D == nil means we have only a public key.
+	D  *byteBuffer `json:"d,omitempty"`
+	P  *byteBuffer `json:"p,omitempty"`
+	Q  *byteBuffer `json:"q,omitempty"`
+	Dp *byteBuffer `json:"dp,omitempty"`
+	Dq *byteBuffer `json:"dq,omitempty"`
+	Qi *byteBuffer `json:"qi,omitempty"`
+	// Certificates
+	X5c       []string `json:"x5c,omitempty"`
+	X5u       *url.URL `json:"x5u,omitempty"`
+	X5tSHA1   string   `json:"x5t,omitempty"`
+	X5tSHA256 string   `json:"x5t#S256,omitempty"`
+}
+
+// JSONWebKey represents a public or private key in JWK format.
+type JSONWebKey struct {
+	// Cryptographic key, can be a symmetric or asymmetric key.
+	Key interface{}
+	// Key identifier, parsed from `kid` header.
+	KeyID string
+	// Key algorithm, parsed from `alg` header.
+	Algorithm string
+	// Key use, parsed from `use` header.
+	Use string
+
+	// X.509 certificate chain, parsed from `x5c` header.
+	Certificates []*x509.Certificate
+	// X.509 certificate URL, parsed from `x5u` header.
+	CertificatesURL *url.URL
+	// X.509 certificate thumbprint (SHA-1), parsed from `x5t` header.
+	CertificateThumbprintSHA1 []byte
+	// X.509 certificate thumbprint (SHA-256), parsed from `x5t#S256` header.
+	CertificateThumbprintSHA256 []byte
+}
+
+// MarshalJSON serializes the given key to its JSON representation.
+func (k JSONWebKey) MarshalJSON() ([]byte, error) {
+	var raw *rawJSONWebKey
+	var err error
+
+	switch key := k.Key.(type) {
+	case ed25519.PublicKey:
+		raw = fromEdPublicKey(key)
+	case *ecdsa.PublicKey:
+		raw, err = fromEcPublicKey(key)
+	case *rsa.PublicKey:
+		raw = fromRsaPublicKey(key)
+	case ed25519.PrivateKey:
+		raw, err = fromEdPrivateKey(key)
+	case *ecdsa.PrivateKey:
+		raw, err = fromEcPrivateKey(key)
+	case *rsa.PrivateKey:
+		raw, err = fromRsaPrivateKey(key)
+	case []byte:
+		raw, err = fromSymmetricKey(key)
+	default:
+		return nil, fmt.Errorf("go-jose/go-jose: unknown key type '%s'", reflect.TypeOf(key))
+	}
+
+	if err != nil {
+		return nil, err
+	}
+
+	raw.Kid = k.KeyID
+	raw.Alg = k.Algorithm
+	raw.Use = k.Use
+
+	for _, cert := range k.Certificates {
+		raw.X5c = append(raw.X5c, base64.StdEncoding.EncodeToString(cert.Raw))
+	}
+
+	x5tSHA1Len := len(k.CertificateThumbprintSHA1)
+	x5tSHA256Len := len(k.CertificateThumbprintSHA256)
+	if x5tSHA1Len > 0 {
+		if x5tSHA1Len != sha1.Size {
+			return nil, fmt.Errorf("go-jose/go-jose: invalid SHA-1 thumbprint (must be %d bytes, not %d)", sha1.Size, x5tSHA1Len)
+		}
+		raw.X5tSHA1 = base64.RawURLEncoding.EncodeToString(k.CertificateThumbprintSHA1)
+	}
+	if x5tSHA256Len > 0 {
+		if x5tSHA256Len != sha256.Size {
+			return nil, fmt.Errorf("go-jose/go-jose: invalid SHA-256 thumbprint (must be %d bytes, not %d)", sha256.Size, x5tSHA256Len)
+		}
+		raw.X5tSHA256 = base64.RawURLEncoding.EncodeToString(k.CertificateThumbprintSHA256)
+	}
+
+	// If cert chain is attached (as opposed to being behind a URL), check the
+	// keys thumbprints to make sure they match what is expected. This is to
+	// ensure we don't accidentally produce a JWK with semantically inconsistent
+	// data in the headers.
+	if len(k.Certificates) > 0 {
+		expectedSHA1 := sha1.Sum(k.Certificates[0].Raw)
+		expectedSHA256 := sha256.Sum256(k.Certificates[0].Raw)
+
+		if len(k.CertificateThumbprintSHA1) > 0 && !bytes.Equal(k.CertificateThumbprintSHA1, expectedSHA1[:]) {
+			return nil, errors.New("go-jose/go-jose: invalid SHA-1 thumbprint, does not match cert chain")
+		}
+		if len(k.CertificateThumbprintSHA256) > 0 && !bytes.Equal(k.CertificateThumbprintSHA256, expectedSHA256[:]) {
+			return nil, errors.New("go-jose/go-jose: invalid or SHA-256 thumbprint, does not match cert chain")
+		}
+	}
+
+	raw.X5u = k.CertificatesURL
+
+	return json.Marshal(raw)
+}
+
+// UnmarshalJSON reads a key from its JSON representation.
+func (k *JSONWebKey) UnmarshalJSON(data []byte) (err error) {
+	var raw rawJSONWebKey
+	err = json.Unmarshal(data, &raw)
+	if err != nil {
+		return err
+	}
+
+	certs, err := parseCertificateChain(raw.X5c)
+	if err != nil {
+		return fmt.Errorf("go-jose/go-jose: failed to unmarshal x5c field: %s", err)
+	}
+
+	var key interface{}
+	var certPub interface{}
+	var keyPub interface{}
+
+	if len(certs) > 0 {
+		// We need to check that leaf public key matches the key embedded in this
+		// JWK, as required by the standard (see RFC 7517, Section 4.7). Otherwise
+		// the JWK parsed could be semantically invalid. Technically, should also
+		// check key usage fields and other extensions on the cert here, but the
+		// standard doesn't exactly explain how they're supposed to map from the
+		// JWK representation to the X.509 extensions.
+		certPub = certs[0].PublicKey
+	}
+
+	switch raw.Kty {
+	case "EC":
+		if raw.D != nil {
+			key, err = raw.ecPrivateKey()
+			if err == nil {
+				keyPub = key.(*ecdsa.PrivateKey).Public()
+			}
+		} else {
+			key, err = raw.ecPublicKey()
+			keyPub = key
+		}
+	case "RSA":
+		if raw.D != nil {
+			key, err = raw.rsaPrivateKey()
+			if err == nil {
+				keyPub = key.(*rsa.PrivateKey).Public()
+			}
+		} else {
+			key, err = raw.rsaPublicKey()
+			keyPub = key
+		}
+	case "oct":
+		if certPub != nil {
+			return errors.New("go-jose/go-jose: invalid JWK, found 'oct' (symmetric) key with cert chain")
+		}
+		key, err = raw.symmetricKey()
+	case "OKP":
+		if raw.Crv == "Ed25519" && raw.X != nil {
+			if raw.D != nil {
+				key, err = raw.edPrivateKey()
+				if err == nil {
+					keyPub = key.(ed25519.PrivateKey).Public()
+				}
+			} else {
+				key, err = raw.edPublicKey()
+				keyPub = key
+			}
+		} else {
+			err = fmt.Errorf("go-jose/go-jose: unknown curve %s'", raw.Crv)
+		}
+	default:
+		err = fmt.Errorf("go-jose/go-jose: unknown json web key type '%s'", raw.Kty)
+	}
+
+	if err != nil {
+		return
+	}
+
+	if certPub != nil && keyPub != nil {
+		if !reflect.DeepEqual(certPub, keyPub) {
+			return errors.New("go-jose/go-jose: invalid JWK, public keys in key and x5c fields to not match")
+		}
+	}
+
+	*k = JSONWebKey{Key: key, KeyID: raw.Kid, Algorithm: raw.Alg, Use: raw.Use, Certificates: certs}
+
+	k.CertificatesURL = raw.X5u
+
+	// x5t parameters are base64url-encoded SHA thumbprints
+	// See RFC 7517, Section 4.8, https://tools.ietf.org/html/rfc7517#section-4.8
+	x5tSHA1bytes, err := base64.RawURLEncoding.DecodeString(raw.X5tSHA1)
+	if err != nil {
+		return errors.New("go-jose/go-jose: invalid JWK, x5t header has invalid encoding")
+	}
+
+	// RFC 7517, Section 4.8 is ambiguous as to whether the digest output should be byte or hex,
+	// for this reason, after base64 decoding, if the size is sha1.Size it's likely that the value is a byte encoded
+	// checksum so we skip this. Otherwise if the checksum was hex encoded we expect a 40 byte sized array so we'll
+	// try to hex decode it. When Marshalling this value we'll always use a base64 encoded version of byte format checksum.
+	if len(x5tSHA1bytes) == 2*sha1.Size {
+		hx, err := hex.DecodeString(string(x5tSHA1bytes))
+		if err != nil {
+			return fmt.Errorf("go-jose/go-jose: invalid JWK, unable to hex decode x5t: %v", err)
+
+		}
+		x5tSHA1bytes = hx
+	}
+
+	k.CertificateThumbprintSHA1 = x5tSHA1bytes
+
+	x5tSHA256bytes, err := base64.RawURLEncoding.DecodeString(raw.X5tSHA256)
+	if err != nil {
+		return errors.New("go-jose/go-jose: invalid JWK, x5t#S256 header has invalid encoding")
+	}
+
+	if len(x5tSHA256bytes) == 2*sha256.Size {
+		hx256, err := hex.DecodeString(string(x5tSHA256bytes))
+		if err != nil {
+			return fmt.Errorf("go-jose/go-jose: invalid JWK, unable to hex decode x5t#S256: %v", err)
+		}
+		x5tSHA256bytes = hx256
+	}
+
+	k.CertificateThumbprintSHA256 = x5tSHA256bytes
+
+	x5tSHA1Len := len(k.CertificateThumbprintSHA1)
+	x5tSHA256Len := len(k.CertificateThumbprintSHA256)
+	if x5tSHA1Len > 0 && x5tSHA1Len != sha1.Size {
+		return errors.New("go-jose/go-jose: invalid JWK, x5t header is of incorrect size")
+	}
+	if x5tSHA256Len > 0 && x5tSHA256Len != sha256.Size {
+		return errors.New("go-jose/go-jose: invalid JWK, x5t#S256 header is of incorrect size")
+	}
+
+	// If certificate chain *and* thumbprints are set, verify correctness.
+	if len(k.Certificates) > 0 {
+		leaf := k.Certificates[0]
+		sha1sum := sha1.Sum(leaf.Raw)
+		sha256sum := sha256.Sum256(leaf.Raw)
+
+		if len(k.CertificateThumbprintSHA1) > 0 && !bytes.Equal(sha1sum[:], k.CertificateThumbprintSHA1) {
+			return errors.New("go-jose/go-jose: invalid JWK, x5c thumbprint does not match x5t value")
+		}
+
+		if len(k.CertificateThumbprintSHA256) > 0 && !bytes.Equal(sha256sum[:], k.CertificateThumbprintSHA256) {
+			return errors.New("go-jose/go-jose: invalid JWK, x5c thumbprint does not match x5t#S256 value")
+		}
+	}
+
+	return
+}
+
+// JSONWebKeySet represents a JWK Set object.
+type JSONWebKeySet struct {
+	Keys []JSONWebKey `json:"keys"`
+}
+
+// Key convenience method returns keys by key ID. Specification states
+// that a JWK Set "SHOULD" use distinct key IDs, but allows for some
+// cases where they are not distinct. Hence method returns a slice
+// of JSONWebKeys.
+func (s *JSONWebKeySet) Key(kid string) []JSONWebKey {
+	var keys []JSONWebKey
+	for _, key := range s.Keys {
+		if key.KeyID == kid {
+			keys = append(keys, key)
+		}
+	}
+
+	return keys
+}
+
+const rsaThumbprintTemplate = `{"e":"%s","kty":"RSA","n":"%s"}`
+const ecThumbprintTemplate = `{"crv":"%s","kty":"EC","x":"%s","y":"%s"}`
+const edThumbprintTemplate = `{"crv":"%s","kty":"OKP","x":"%s"}`
+
+func ecThumbprintInput(curve elliptic.Curve, x, y *big.Int) (string, error) {
+	coordLength := curveSize(curve)
+	crv, err := curveName(curve)
+	if err != nil {
+		return "", err
+	}
+
+	if len(x.Bytes()) > coordLength || len(y.Bytes()) > coordLength {
+		return "", errors.New("go-jose/go-jose: invalid elliptic key (too large)")
+	}
+
+	return fmt.Sprintf(ecThumbprintTemplate, crv,
+		newFixedSizeBuffer(x.Bytes(), coordLength).base64(),
+		newFixedSizeBuffer(y.Bytes(), coordLength).base64()), nil
+}
+
+func rsaThumbprintInput(n *big.Int, e int) (string, error) {
+	return fmt.Sprintf(rsaThumbprintTemplate,
+		newBufferFromInt(uint64(e)).base64(),
+		newBuffer(n.Bytes()).base64()), nil
+}
+
+func edThumbprintInput(ed ed25519.PublicKey) (string, error) {
+	crv := "Ed25519"
+	if len(ed) > 32 {
+		return "", errors.New("go-jose/go-jose: invalid elliptic key (too large)")
+	}
+	return fmt.Sprintf(edThumbprintTemplate, crv,
+		newFixedSizeBuffer(ed, 32).base64()), nil
+}
+
+// Thumbprint computes the JWK Thumbprint of a key using the
+// indicated hash algorithm.
+func (k *JSONWebKey) Thumbprint(hash crypto.Hash) ([]byte, error) {
+	var input string
+	var err error
+	switch key := k.Key.(type) {
+	case ed25519.PublicKey:
+		input, err = edThumbprintInput(key)
+	case *ecdsa.PublicKey:
+		input, err = ecThumbprintInput(key.Curve, key.X, key.Y)
+	case *ecdsa.PrivateKey:
+		input, err = ecThumbprintInput(key.Curve, key.X, key.Y)
+	case *rsa.PublicKey:
+		input, err = rsaThumbprintInput(key.N, key.E)
+	case *rsa.PrivateKey:
+		input, err = rsaThumbprintInput(key.N, key.E)
+	case ed25519.PrivateKey:
+		input, err = edThumbprintInput(ed25519.PublicKey(key[32:]))
+	default:
+		return nil, fmt.Errorf("go-jose/go-jose: unknown key type '%s'", reflect.TypeOf(key))
+	}
+
+	if err != nil {
+		return nil, err
+	}
+
+	h := hash.New()
+	h.Write([]byte(input))
+	return h.Sum(nil), nil
+}
+
+// IsPublic returns true if the JWK represents a public key (not symmetric, not private).
+func (k *JSONWebKey) IsPublic() bool {
+	switch k.Key.(type) {
+	case *ecdsa.PublicKey, *rsa.PublicKey, ed25519.PublicKey:
+		return true
+	default:
+		return false
+	}
+}
+
+// Public creates JSONWebKey with corresponding public key if JWK represents asymmetric private key.
+func (k *JSONWebKey) Public() JSONWebKey {
+	if k.IsPublic() {
+		return *k
+	}
+	ret := *k
+	switch key := k.Key.(type) {
+	case *ecdsa.PrivateKey:
+		ret.Key = key.Public()
+	case *rsa.PrivateKey:
+		ret.Key = key.Public()
+	case ed25519.PrivateKey:
+		ret.Key = key.Public()
+	default:
+		return JSONWebKey{} // returning invalid key
+	}
+	return ret
+}
+
+// Valid checks that the key contains the expected parameters.
+func (k *JSONWebKey) Valid() bool {
+	if k.Key == nil {
+		return false
+	}
+	switch key := k.Key.(type) {
+	case *ecdsa.PublicKey:
+		if key.Curve == nil || key.X == nil || key.Y == nil {
+			return false
+		}
+	case *ecdsa.PrivateKey:
+		if key.Curve == nil || key.X == nil || key.Y == nil || key.D == nil {
+			return false
+		}
+	case *rsa.PublicKey:
+		if key.N == nil || key.E == 0 {
+			return false
+		}
+	case *rsa.PrivateKey:
+		if key.N == nil || key.E == 0 || key.D == nil || len(key.Primes) < 2 {
+			return false
+		}
+	case ed25519.PublicKey:
+		if len(key) != 32 {
+			return false
+		}
+	case ed25519.PrivateKey:
+		if len(key) != 64 {
+			return false
+		}
+	default:
+		return false
+	}
+	return true
+}
+
+func (key rawJSONWebKey) rsaPublicKey() (*rsa.PublicKey, error) {
+	if key.N == nil || key.E == nil {
+		return nil, fmt.Errorf("go-jose/go-jose: invalid RSA key, missing n/e values")
+	}
+
+	return &rsa.PublicKey{
+		N: key.N.bigInt(),
+		E: key.E.toInt(),
+	}, nil
+}
+
+func fromEdPublicKey(pub ed25519.PublicKey) *rawJSONWebKey {
+	return &rawJSONWebKey{
+		Kty: "OKP",
+		Crv: "Ed25519",
+		X:   newBuffer(pub),
+	}
+}
+
+func fromRsaPublicKey(pub *rsa.PublicKey) *rawJSONWebKey {
+	return &rawJSONWebKey{
+		Kty: "RSA",
+		N:   newBuffer(pub.N.Bytes()),
+		E:   newBufferFromInt(uint64(pub.E)),
+	}
+}
+
+func (key rawJSONWebKey) ecPublicKey() (*ecdsa.PublicKey, error) {
+	var curve elliptic.Curve
+	switch key.Crv {
+	case "P-256":
+		curve = elliptic.P256()
+	case "P-384":
+		curve = elliptic.P384()
+	case "P-521":
+		curve = elliptic.P521()
+	default:
+		return nil, fmt.Errorf("go-jose/go-jose: unsupported elliptic curve '%s'", key.Crv)
+	}
+
+	if key.X == nil || key.Y == nil {
+		return nil, errors.New("go-jose/go-jose: invalid EC key, missing x/y values")
+	}
+
+	// The length of this octet string MUST be the full size of a coordinate for
+	// the curve specified in the "crv" parameter.
+	// https://tools.ietf.org/html/rfc7518#section-6.2.1.2
+	if curveSize(curve) != len(key.X.data) {
+		return nil, fmt.Errorf("go-jose/go-jose: invalid EC public key, wrong length for x")
+	}
+
+	if curveSize(curve) != len(key.Y.data) {
+		return nil, fmt.Errorf("go-jose/go-jose: invalid EC public key, wrong length for y")
+	}
+
+	x := key.X.bigInt()
+	y := key.Y.bigInt()
+
+	if !curve.IsOnCurve(x, y) {
+		return nil, errors.New("go-jose/go-jose: invalid EC key, X/Y are not on declared curve")
+	}
+
+	return &ecdsa.PublicKey{
+		Curve: curve,
+		X:     x,
+		Y:     y,
+	}, nil
+}
+
+func fromEcPublicKey(pub *ecdsa.PublicKey) (*rawJSONWebKey, error) {
+	if pub == nil || pub.X == nil || pub.Y == nil {
+		return nil, fmt.Errorf("go-jose/go-jose: invalid EC key (nil, or X/Y missing)")
+	}
+
+	name, err := curveName(pub.Curve)
+	if err != nil {
+		return nil, err
+	}
+
+	size := curveSize(pub.Curve)
+
+	xBytes := pub.X.Bytes()
+	yBytes := pub.Y.Bytes()
+
+	if len(xBytes) > size || len(yBytes) > size {
+		return nil, fmt.Errorf("go-jose/go-jose: invalid EC key (X/Y too large)")
+	}
+
+	key := &rawJSONWebKey{
+		Kty: "EC",
+		Crv: name,
+		X:   newFixedSizeBuffer(xBytes, size),
+		Y:   newFixedSizeBuffer(yBytes, size),
+	}
+
+	return key, nil
+}
+
+func (key rawJSONWebKey) edPrivateKey() (ed25519.PrivateKey, error) {
+	var missing []string
+	switch {
+	case key.D == nil:
+		missing = append(missing, "D")
+	case key.X == nil:
+		missing = append(missing, "X")
+	}
+
+	if len(missing) > 0 {
+		return nil, fmt.Errorf("go-jose/go-jose: invalid Ed25519 private key, missing %s value(s)", strings.Join(missing, ", "))
+	}
+
+	privateKey := make([]byte, ed25519.PrivateKeySize)
+	copy(privateKey[0:32], key.D.bytes())
+	copy(privateKey[32:], key.X.bytes())
+	rv := ed25519.PrivateKey(privateKey)
+	return rv, nil
+}
+
+func (key rawJSONWebKey) edPublicKey() (ed25519.PublicKey, error) {
+	if key.X == nil {
+		return nil, fmt.Errorf("go-jose/go-jose: invalid Ed key, missing x value")
+	}
+	publicKey := make([]byte, ed25519.PublicKeySize)
+	copy(publicKey[0:32], key.X.bytes())
+	rv := ed25519.PublicKey(publicKey)
+	return rv, nil
+}
+
+func (key rawJSONWebKey) rsaPrivateKey() (*rsa.PrivateKey, error) {
+	var missing []string
+	switch {
+	case key.N == nil:
+		missing = append(missing, "N")
+	case key.E == nil:
+		missing = append(missing, "E")
+	case key.D == nil:
+		missing = append(missing, "D")
+	case key.P == nil:
+		missing = append(missing, "P")
+	case key.Q == nil:
+		missing = append(missing, "Q")
+	}
+
+	if len(missing) > 0 {
+		return nil, fmt.Errorf("go-jose/go-jose: invalid RSA private key, missing %s value(s)", strings.Join(missing, ", "))
+	}
+
+	rv := &rsa.PrivateKey{
+		PublicKey: rsa.PublicKey{
+			N: key.N.bigInt(),
+			E: key.E.toInt(),
+		},
+		D: key.D.bigInt(),
+		Primes: []*big.Int{
+			key.P.bigInt(),
+			key.Q.bigInt(),
+		},
+	}
+
+	if key.Dp != nil {
+		rv.Precomputed.Dp = key.Dp.bigInt()
+	}
+	if key.Dq != nil {
+		rv.Precomputed.Dq = key.Dq.bigInt()
+	}
+	if key.Qi != nil {
+		rv.Precomputed.Qinv = key.Qi.bigInt()
+	}
+
+	err := rv.Validate()
+	return rv, err
+}
+
+func fromEdPrivateKey(ed ed25519.PrivateKey) (*rawJSONWebKey, error) {
+	raw := fromEdPublicKey(ed25519.PublicKey(ed[32:]))
+
+	raw.D = newBuffer(ed[0:32])
+	return raw, nil
+}
+
+func fromRsaPrivateKey(rsa *rsa.PrivateKey) (*rawJSONWebKey, error) {
+	if len(rsa.Primes) != 2 {
+		return nil, ErrUnsupportedKeyType
+	}
+
+	raw := fromRsaPublicKey(&rsa.PublicKey)
+
+	raw.D = newBuffer(rsa.D.Bytes())
+	raw.P = newBuffer(rsa.Primes[0].Bytes())
+	raw.Q = newBuffer(rsa.Primes[1].Bytes())
+
+	if rsa.Precomputed.Dp != nil {
+		raw.Dp = newBuffer(rsa.Precomputed.Dp.Bytes())
+	}
+	if rsa.Precomputed.Dq != nil {
+		raw.Dq = newBuffer(rsa.Precomputed.Dq.Bytes())
+	}
+	if rsa.Precomputed.Qinv != nil {
+		raw.Qi = newBuffer(rsa.Precomputed.Qinv.Bytes())
+	}
+
+	return raw, nil
+}
+
+func (key rawJSONWebKey) ecPrivateKey() (*ecdsa.PrivateKey, error) {
+	var curve elliptic.Curve
+	switch key.Crv {
+	case "P-256":
+		curve = elliptic.P256()
+	case "P-384":
+		curve = elliptic.P384()
+	case "P-521":
+		curve = elliptic.P521()
+	default:
+		return nil, fmt.Errorf("go-jose/go-jose: unsupported elliptic curve '%s'", key.Crv)
+	}
+
+	if key.X == nil || key.Y == nil || key.D == nil {
+		return nil, fmt.Errorf("go-jose/go-jose: invalid EC private key, missing x/y/d values")
+	}
+
+	// The length of this octet string MUST be the full size of a coordinate for
+	// the curve specified in the "crv" parameter.
+	// https://tools.ietf.org/html/rfc7518#section-6.2.1.2
+	if curveSize(curve) != len(key.X.data) {
+		return nil, fmt.Errorf("go-jose/go-jose: invalid EC private key, wrong length for x")
+	}
+
+	if curveSize(curve) != len(key.Y.data) {
+		return nil, fmt.Errorf("go-jose/go-jose: invalid EC private key, wrong length for y")
+	}
+
+	// https://tools.ietf.org/html/rfc7518#section-6.2.2.1
+	if dSize(curve) != len(key.D.data) {
+		return nil, fmt.Errorf("go-jose/go-jose: invalid EC private key, wrong length for d")
+	}
+
+	x := key.X.bigInt()
+	y := key.Y.bigInt()
+
+	if !curve.IsOnCurve(x, y) {
+		return nil, errors.New("go-jose/go-jose: invalid EC key, X/Y are not on declared curve")
+	}
+
+	return &ecdsa.PrivateKey{
+		PublicKey: ecdsa.PublicKey{
+			Curve: curve,
+			X:     x,
+			Y:     y,
+		},
+		D: key.D.bigInt(),
+	}, nil
+}
+
+func fromEcPrivateKey(ec *ecdsa.PrivateKey) (*rawJSONWebKey, error) {
+	raw, err := fromEcPublicKey(&ec.PublicKey)
+	if err != nil {
+		return nil, err
+	}
+
+	if ec.D == nil {
+		return nil, fmt.Errorf("go-jose/go-jose: invalid EC private key")
+	}
+
+	raw.D = newFixedSizeBuffer(ec.D.Bytes(), dSize(ec.PublicKey.Curve))
+
+	return raw, nil
+}
+
+// dSize returns the size in octets for the "d" member of an elliptic curve
+// private key.
+// The length of this octet string MUST be ceiling(log-base-2(n)/8)
+// octets (where n is the order of the curve).
+// https://tools.ietf.org/html/rfc7518#section-6.2.2.1
+func dSize(curve elliptic.Curve) int {
+	order := curve.Params().P
+	bitLen := order.BitLen()
+	size := bitLen / 8
+	if bitLen%8 != 0 {
+		size = size + 1
+	}
+	return size
+}
+
+func fromSymmetricKey(key []byte) (*rawJSONWebKey, error) {
+	return &rawJSONWebKey{
+		Kty: "oct",
+		K:   newBuffer(key),
+	}, nil
+}
+
+func (key rawJSONWebKey) symmetricKey() ([]byte, error) {
+	if key.K == nil {
+		return nil, fmt.Errorf("go-jose/go-jose: invalid OCT (symmetric) key, missing k value")
+	}
+	return key.K.bytes(), nil
+}
diff --git a/vendor/gopkg.in/go-jose/go-jose.v2/jws.go b/vendor/gopkg.in/go-jose/go-jose.v2/jws.go
new file mode 100644
index 0000000000..1a24fa468a
--- /dev/null
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/jws.go
@@ -0,0 +1,366 @@
+/*-
+ * Copyright 2014 Square Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package jose
+
+import (
+	"bytes"
+	"encoding/base64"
+	"errors"
+	"fmt"
+	"strings"
+
+	"gopkg.in/go-jose/go-jose.v2/json"
+)
+
+// rawJSONWebSignature represents a raw JWS JSON object. Used for parsing/serializing.
+type rawJSONWebSignature struct {
+	Payload    *byteBuffer        `json:"payload,omitempty"`
+	Signatures []rawSignatureInfo `json:"signatures,omitempty"`
+	Protected  *byteBuffer        `json:"protected,omitempty"`
+	Header     *rawHeader         `json:"header,omitempty"`
+	Signature  *byteBuffer        `json:"signature,omitempty"`
+}
+
+// rawSignatureInfo represents a single JWS signature over the JWS payload and protected header.
+type rawSignatureInfo struct {
+	Protected *byteBuffer `json:"protected,omitempty"`
+	Header    *rawHeader  `json:"header,omitempty"`
+	Signature *byteBuffer `json:"signature,omitempty"`
+}
+
+// JSONWebSignature represents a signed JWS object after parsing.
+type JSONWebSignature struct {
+	payload []byte
+	// Signatures attached to this object (may be more than one for multi-sig).
+	// Be careful about accessing these directly, prefer to use Verify() or
+	// VerifyMulti() to ensure that the data you're getting is verified.
+	Signatures []Signature
+}
+
+// Signature represents a single signature over the JWS payload and protected header.
+type Signature struct {
+	// Merged header fields. Contains both protected and unprotected header
+	// values. Prefer using Protected and Unprotected fields instead of this.
+	// Values in this header may or may not have been signed and in general
+	// should not be trusted.
+	Header Header
+
+	// Protected header. Values in this header were signed and
+	// will be verified as part of the signature verification process.
+	Protected Header
+
+	// Unprotected header. Values in this header were not signed
+	// and in general should not be trusted.
+	Unprotected Header
+
+	// The actual signature value
+	Signature []byte
+
+	protected *rawHeader
+	header    *rawHeader
+	original  *rawSignatureInfo
+}
+
+// ParseSigned parses a signed message in compact or full serialization format.
+func ParseSigned(signature string) (*JSONWebSignature, error) {
+	signature = stripWhitespace(signature)
+	if strings.HasPrefix(signature, "{") {
+		return parseSignedFull(signature)
+	}
+
+	return parseSignedCompact(signature, nil)
+}
+
+// ParseDetached parses a signed message in compact serialization format with detached payload.
+func ParseDetached(signature string, payload []byte) (*JSONWebSignature, error) {
+	if payload == nil {
+		return nil, errors.New("go-jose/go-jose: nil payload")
+	}
+	return parseSignedCompact(stripWhitespace(signature), payload)
+}
+
+// Get a header value
+func (sig Signature) mergedHeaders() rawHeader {
+	out := rawHeader{}
+	out.merge(sig.protected)
+	out.merge(sig.header)
+	return out
+}
+
+// Compute data to be signed
+func (obj JSONWebSignature) computeAuthData(payload []byte, signature *Signature) ([]byte, error) {
+	var authData bytes.Buffer
+
+	protectedHeader := new(rawHeader)
+
+	if signature.original != nil && signature.original.Protected != nil {
+		if err := json.Unmarshal(signature.original.Protected.bytes(), protectedHeader); err != nil {
+			return nil, err
+		}
+		authData.WriteString(signature.original.Protected.base64())
+	} else if signature.protected != nil {
+		protectedHeader = signature.protected
+		authData.WriteString(base64.RawURLEncoding.EncodeToString(mustSerializeJSON(protectedHeader)))
+	}
+
+	needsBase64 := true
+
+	if protectedHeader != nil {
+		var err error
+		if needsBase64, err = protectedHeader.getB64(); err != nil {
+			needsBase64 = true
+		}
+	}
+
+	authData.WriteByte('.')
+
+	if needsBase64 {
+		authData.WriteString(base64.RawURLEncoding.EncodeToString(payload))
+	} else {
+		authData.Write(payload)
+	}
+
+	return authData.Bytes(), nil
+}
+
+// parseSignedFull parses a message in full format.
+func parseSignedFull(input string) (*JSONWebSignature, error) {
+	var parsed rawJSONWebSignature
+	err := json.Unmarshal([]byte(input), &parsed)
+	if err != nil {
+		return nil, err
+	}
+
+	return parsed.sanitized()
+}
+
+// sanitized produces a cleaned-up JWS object from the raw JSON.
+func (parsed *rawJSONWebSignature) sanitized() (*JSONWebSignature, error) {
+	if parsed.Payload == nil {
+		return nil, fmt.Errorf("go-jose/go-jose: missing payload in JWS message")
+	}
+
+	obj := &JSONWebSignature{
+		payload:    parsed.Payload.bytes(),
+		Signatures: make([]Signature, len(parsed.Signatures)),
+	}
+
+	if len(parsed.Signatures) == 0 {
+		// No signatures array, must be flattened serialization
+		signature := Signature{}
+		if parsed.Protected != nil && len(parsed.Protected.bytes()) > 0 {
+			signature.protected = &rawHeader{}
+			err := json.Unmarshal(parsed.Protected.bytes(), signature.protected)
+			if err != nil {
+				return nil, err
+			}
+		}
+
+		// Check that there is not a nonce in the unprotected header
+		if parsed.Header != nil && parsed.Header.getNonce() != "" {
+			return nil, ErrUnprotectedNonce
+		}
+
+		signature.header = parsed.Header
+		signature.Signature = parsed.Signature.bytes()
+		// Make a fake "original" rawSignatureInfo to store the unprocessed
+		// Protected header. This is necessary because the Protected header can
+		// contain arbitrary fields not registered as part of the spec. See
+		// https://tools.ietf.org/html/draft-ietf-jose-json-web-signature-41#section-4
+		// If we unmarshal Protected into a rawHeader with its explicit list of fields,
+		// we cannot marshal losslessly. So we have to keep around the original bytes.
+		// This is used in computeAuthData, which will first attempt to use
+		// the original bytes of a protected header, and fall back on marshaling the
+		// header struct only if those bytes are not available.
+		signature.original = &rawSignatureInfo{
+			Protected: parsed.Protected,
+			Header:    parsed.Header,
+			Signature: parsed.Signature,
+		}
+
+		var err error
+		signature.Header, err = signature.mergedHeaders().sanitized()
+		if err != nil {
+			return nil, err
+		}
+
+		if signature.header != nil {
+			signature.Unprotected, err = signature.header.sanitized()
+			if err != nil {
+				return nil, err
+			}
+		}
+
+		if signature.protected != nil {
+			signature.Protected, err = signature.protected.sanitized()
+			if err != nil {
+				return nil, err
+			}
+		}
+
+		// As per RFC 7515 Section 4.1.3, only public keys are allowed to be embedded.
+		jwk := signature.Header.JSONWebKey
+		if jwk != nil && (!jwk.Valid() || !jwk.IsPublic()) {
+			return nil, errors.New("go-jose/go-jose: invalid embedded jwk, must be public key")
+		}
+
+		obj.Signatures = append(obj.Signatures, signature)
+	}
+
+	for i, sig := range parsed.Signatures {
+		if sig.Protected != nil && len(sig.Protected.bytes()) > 0 {
+			obj.Signatures[i].protected = &rawHeader{}
+			err := json.Unmarshal(sig.Protected.bytes(), obj.Signatures[i].protected)
+			if err != nil {
+				return nil, err
+			}
+		}
+
+		// Check that there is not a nonce in the unprotected header
+		if sig.Header != nil && sig.Header.getNonce() != "" {
+			return nil, ErrUnprotectedNonce
+		}
+
+		var err error
+		obj.Signatures[i].Header, err = obj.Signatures[i].mergedHeaders().sanitized()
+		if err != nil {
+			return nil, err
+		}
+
+		if obj.Signatures[i].header != nil {
+			obj.Signatures[i].Unprotected, err = obj.Signatures[i].header.sanitized()
+			if err != nil {
+				return nil, err
+			}
+		}
+
+		if obj.Signatures[i].protected != nil {
+			obj.Signatures[i].Protected, err = obj.Signatures[i].protected.sanitized()
+			if err != nil {
+				return nil, err
+			}
+		}
+
+		obj.Signatures[i].Signature = sig.Signature.bytes()
+
+		// As per RFC 7515 Section 4.1.3, only public keys are allowed to be embedded.
+		jwk := obj.Signatures[i].Header.JSONWebKey
+		if jwk != nil && (!jwk.Valid() || !jwk.IsPublic()) {
+			return nil, errors.New("go-jose/go-jose: invalid embedded jwk, must be public key")
+		}
+
+		// Copy value of sig
+		original := sig
+
+		obj.Signatures[i].header = sig.Header
+		obj.Signatures[i].original = &original
+	}
+
+	return obj, nil
+}
+
+// parseSignedCompact parses a message in compact format.
+func parseSignedCompact(input string, payload []byte) (*JSONWebSignature, error) {
+	parts := strings.Split(input, ".")
+	if len(parts) != 3 {
+		return nil, fmt.Errorf("go-jose/go-jose: compact JWS format must have three parts")
+	}
+
+	if parts[1] != "" && payload != nil {
+		return nil, fmt.Errorf("go-jose/go-jose: payload is not detached")
+	}
+
+	rawProtected, err := base64.RawURLEncoding.DecodeString(parts[0])
+	if err != nil {
+		return nil, err
+	}
+
+	if payload == nil {
+		payload, err = base64.RawURLEncoding.DecodeString(parts[1])
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	signature, err := base64.RawURLEncoding.DecodeString(parts[2])
+	if err != nil {
+		return nil, err
+	}
+
+	raw := &rawJSONWebSignature{
+		Payload:   newBuffer(payload),
+		Protected: newBuffer(rawProtected),
+		Signature: newBuffer(signature),
+	}
+	return raw.sanitized()
+}
+
+func (obj JSONWebSignature) compactSerialize(detached bool) (string, error) {
+	if len(obj.Signatures) != 1 || obj.Signatures[0].header != nil || obj.Signatures[0].protected == nil {
+		return "", ErrNotSupported
+	}
+
+	serializedProtected := base64.RawURLEncoding.EncodeToString(mustSerializeJSON(obj.Signatures[0].protected))
+	payload := ""
+	signature := base64.RawURLEncoding.EncodeToString(obj.Signatures[0].Signature)
+
+	if !detached {
+		payload = base64.RawURLEncoding.EncodeToString(obj.payload)
+	}
+
+	return fmt.Sprintf("%s.%s.%s", serializedProtected, payload, signature), nil
+}
+
+// CompactSerialize serializes an object using the compact serialization format.
+func (obj JSONWebSignature) CompactSerialize() (string, error) {
+	return obj.compactSerialize(false)
+}
+
+// DetachedCompactSerialize serializes an object using the compact serialization format with detached payload.
+func (obj JSONWebSignature) DetachedCompactSerialize() (string, error) {
+	return obj.compactSerialize(true)
+}
+
+// FullSerialize serializes an object using the full JSON serialization format.
+func (obj JSONWebSignature) FullSerialize() string {
+	raw := rawJSONWebSignature{
+		Payload: newBuffer(obj.payload),
+	}
+
+	if len(obj.Signatures) == 1 {
+		if obj.Signatures[0].protected != nil {
+			serializedProtected := mustSerializeJSON(obj.Signatures[0].protected)
+			raw.Protected = newBuffer(serializedProtected)
+		}
+		raw.Header = obj.Signatures[0].header
+		raw.Signature = newBuffer(obj.Signatures[0].Signature)
+	} else {
+		raw.Signatures = make([]rawSignatureInfo, len(obj.Signatures))
+		for i, signature := range obj.Signatures {
+			raw.Signatures[i] = rawSignatureInfo{
+				Header:    signature.header,
+				Signature: newBuffer(signature.Signature),
+			}
+
+			if signature.protected != nil {
+				raw.Signatures[i].Protected = newBuffer(mustSerializeJSON(signature.protected))
+			}
+		}
+	}
+
+	return string(mustSerializeJSON(raw))
+}
diff --git a/vendor/gopkg.in/go-jose/go-jose.v2/opaque.go b/vendor/gopkg.in/go-jose/go-jose.v2/opaque.go
new file mode 100644
index 0000000000..fc3e8d2ef6
--- /dev/null
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/opaque.go
@@ -0,0 +1,144 @@
+/*-
+ * Copyright 2018 Square Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package jose
+
+// OpaqueSigner is an interface that supports signing payloads with opaque
+// private key(s). Private key operations performed by implementers may, for
+// example, occur in a hardware module. An OpaqueSigner may rotate signing keys
+// transparently to the user of this interface.
+type OpaqueSigner interface {
+	// Public returns the public key of the current signing key.
+	Public() *JSONWebKey
+	// Algs returns a list of supported signing algorithms.
+	Algs() []SignatureAlgorithm
+	// SignPayload signs a payload with the current signing key using the given
+	// algorithm.
+	SignPayload(payload []byte, alg SignatureAlgorithm) ([]byte, error)
+}
+
+type opaqueSigner struct {
+	signer OpaqueSigner
+}
+
+func newOpaqueSigner(alg SignatureAlgorithm, signer OpaqueSigner) (recipientSigInfo, error) {
+	var algSupported bool
+	for _, salg := range signer.Algs() {
+		if alg == salg {
+			algSupported = true
+			break
+		}
+	}
+	if !algSupported {
+		return recipientSigInfo{}, ErrUnsupportedAlgorithm
+	}
+
+	return recipientSigInfo{
+		sigAlg:    alg,
+		publicKey: signer.Public,
+		signer: &opaqueSigner{
+			signer: signer,
+		},
+	}, nil
+}
+
+func (o *opaqueSigner) signPayload(payload []byte, alg SignatureAlgorithm) (Signature, error) {
+	out, err := o.signer.SignPayload(payload, alg)
+	if err != nil {
+		return Signature{}, err
+	}
+
+	return Signature{
+		Signature: out,
+		protected: &rawHeader{},
+	}, nil
+}
+
+// OpaqueVerifier is an interface that supports verifying payloads with opaque
+// public key(s). An OpaqueSigner may rotate signing keys transparently to the
+// user of this interface.
+type OpaqueVerifier interface {
+	VerifyPayload(payload []byte, signature []byte, alg SignatureAlgorithm) error
+}
+
+type opaqueVerifier struct {
+	verifier OpaqueVerifier
+}
+
+func (o *opaqueVerifier) verifyPayload(payload []byte, signature []byte, alg SignatureAlgorithm) error {
+	return o.verifier.VerifyPayload(payload, signature, alg)
+}
+
+// OpaqueKeyEncrypter is an interface that supports encrypting keys with an opaque key.
+type OpaqueKeyEncrypter interface {
+	// KeyID returns the kid
+	KeyID() string
+	// Algs returns a list of supported key encryption algorithms.
+	Algs() []KeyAlgorithm
+	// encryptKey encrypts the CEK using the given algorithm.
+	encryptKey(cek []byte, alg KeyAlgorithm) (recipientInfo, error)
+}
+
+type opaqueKeyEncrypter struct {
+	encrypter OpaqueKeyEncrypter
+}
+
+func newOpaqueKeyEncrypter(alg KeyAlgorithm, encrypter OpaqueKeyEncrypter) (recipientKeyInfo, error) {
+	var algSupported bool
+	for _, salg := range encrypter.Algs() {
+		if alg == salg {
+			algSupported = true
+			break
+		}
+	}
+	if !algSupported {
+		return recipientKeyInfo{}, ErrUnsupportedAlgorithm
+	}
+
+	return recipientKeyInfo{
+		keyID:  encrypter.KeyID(),
+		keyAlg: alg,
+		keyEncrypter: &opaqueKeyEncrypter{
+			encrypter: encrypter,
+		},
+	}, nil
+}
+
+func (oke *opaqueKeyEncrypter) encryptKey(cek []byte, alg KeyAlgorithm) (recipientInfo, error) {
+	return oke.encrypter.encryptKey(cek, alg)
+}
+
+//OpaqueKeyDecrypter is an interface that supports decrypting keys with an opaque key.
+type OpaqueKeyDecrypter interface {
+	DecryptKey(encryptedKey []byte, header Header) ([]byte, error)
+}
+
+type opaqueKeyDecrypter struct {
+	decrypter OpaqueKeyDecrypter
+}
+
+func (okd *opaqueKeyDecrypter) decryptKey(headers rawHeader, recipient *recipientInfo, generator keyGenerator) ([]byte, error) {
+	mergedHeaders := rawHeader{}
+	mergedHeaders.merge(&headers)
+	mergedHeaders.merge(recipient.header)
+
+	header, err := mergedHeaders.sanitized()
+	if err != nil {
+		return nil, err
+	}
+
+	return okd.decrypter.DecryptKey(recipient.encryptedKey, header)
+}
diff --git a/vendor/gopkg.in/go-jose/go-jose.v2/shared.go b/vendor/gopkg.in/go-jose/go-jose.v2/shared.go
new file mode 100644
index 0000000000..0fa66a44bd
--- /dev/null
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/shared.go
@@ -0,0 +1,520 @@
+/*-
+ * Copyright 2014 Square Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package jose
+
+import (
+	"crypto/elliptic"
+	"crypto/x509"
+	"encoding/base64"
+	"errors"
+	"fmt"
+
+	"gopkg.in/go-jose/go-jose.v2/json"
+)
+
+// KeyAlgorithm represents a key management algorithm.
+type KeyAlgorithm string
+
+// SignatureAlgorithm represents a signature (or MAC) algorithm.
+type SignatureAlgorithm string
+
+// ContentEncryption represents a content encryption algorithm.
+type ContentEncryption string
+
+// CompressionAlgorithm represents an algorithm used for plaintext compression.
+type CompressionAlgorithm string
+
+// ContentType represents type of the contained data.
+type ContentType string
+
+var (
+	// ErrCryptoFailure represents an error in cryptographic primitive. This
+	// occurs when, for example, a message had an invalid authentication tag or
+	// could not be decrypted.
+	ErrCryptoFailure = errors.New("go-jose/go-jose: error in cryptographic primitive")
+
+	// ErrUnsupportedAlgorithm indicates that a selected algorithm is not
+	// supported. This occurs when trying to instantiate an encrypter for an
+	// algorithm that is not yet implemented.
+	ErrUnsupportedAlgorithm = errors.New("go-jose/go-jose: unknown/unsupported algorithm")
+
+	// ErrUnsupportedKeyType indicates that the given key type/format is not
+	// supported. This occurs when trying to instantiate an encrypter and passing
+	// it a key of an unrecognized type or with unsupported parameters, such as
+	// an RSA private key with more than two primes.
+	ErrUnsupportedKeyType = errors.New("go-jose/go-jose: unsupported key type/format")
+
+	// ErrInvalidKeySize indicates that the given key is not the correct size
+	// for the selected algorithm. This can occur, for example, when trying to
+	// encrypt with AES-256 but passing only a 128-bit key as input.
+	ErrInvalidKeySize = errors.New("go-jose/go-jose: invalid key size for algorithm")
+
+	// ErrNotSupported serialization of object is not supported. This occurs when
+	// trying to compact-serialize an object which can't be represented in
+	// compact form.
+	ErrNotSupported = errors.New("go-jose/go-jose: compact serialization not supported for object")
+
+	// ErrUnprotectedNonce indicates that while parsing a JWS or JWE object, a
+	// nonce header parameter was included in an unprotected header object.
+	ErrUnprotectedNonce = errors.New("go-jose/go-jose: Nonce parameter included in unprotected header")
+)
+
+// Key management algorithms
+const (
+	ED25519            = KeyAlgorithm("ED25519")
+	RSA1_5             = KeyAlgorithm("RSA1_5")             // RSA-PKCS1v1.5
+	RSA_OAEP           = KeyAlgorithm("RSA-OAEP")           // RSA-OAEP-SHA1
+	RSA_OAEP_256       = KeyAlgorithm("RSA-OAEP-256")       // RSA-OAEP-SHA256
+	A128KW             = KeyAlgorithm("A128KW")             // AES key wrap (128)
+	A192KW             = KeyAlgorithm("A192KW")             // AES key wrap (192)
+	A256KW             = KeyAlgorithm("A256KW")             // AES key wrap (256)
+	DIRECT             = KeyAlgorithm("dir")                // Direct encryption
+	ECDH_ES            = KeyAlgorithm("ECDH-ES")            // ECDH-ES
+	ECDH_ES_A128KW     = KeyAlgorithm("ECDH-ES+A128KW")     // ECDH-ES + AES key wrap (128)
+	ECDH_ES_A192KW     = KeyAlgorithm("ECDH-ES+A192KW")     // ECDH-ES + AES key wrap (192)
+	ECDH_ES_A256KW     = KeyAlgorithm("ECDH-ES+A256KW")     // ECDH-ES + AES key wrap (256)
+	A128GCMKW          = KeyAlgorithm("A128GCMKW")          // AES-GCM key wrap (128)
+	A192GCMKW          = KeyAlgorithm("A192GCMKW")          // AES-GCM key wrap (192)
+	A256GCMKW          = KeyAlgorithm("A256GCMKW")          // AES-GCM key wrap (256)
+	PBES2_HS256_A128KW = KeyAlgorithm("PBES2-HS256+A128KW") // PBES2 + HMAC-SHA256 + AES key wrap (128)
+	PBES2_HS384_A192KW = KeyAlgorithm("PBES2-HS384+A192KW") // PBES2 + HMAC-SHA384 + AES key wrap (192)
+	PBES2_HS512_A256KW = KeyAlgorithm("PBES2-HS512+A256KW") // PBES2 + HMAC-SHA512 + AES key wrap (256)
+)
+
+// Signature algorithms
+const (
+	EdDSA = SignatureAlgorithm("EdDSA")
+	HS256 = SignatureAlgorithm("HS256") // HMAC using SHA-256
+	HS384 = SignatureAlgorithm("HS384") // HMAC using SHA-384
+	HS512 = SignatureAlgorithm("HS512") // HMAC using SHA-512
+	RS256 = SignatureAlgorithm("RS256") // RSASSA-PKCS-v1.5 using SHA-256
+	RS384 = SignatureAlgorithm("RS384") // RSASSA-PKCS-v1.5 using SHA-384
+	RS512 = SignatureAlgorithm("RS512") // RSASSA-PKCS-v1.5 using SHA-512
+	ES256 = SignatureAlgorithm("ES256") // ECDSA using P-256 and SHA-256
+	ES384 = SignatureAlgorithm("ES384") // ECDSA using P-384 and SHA-384
+	ES512 = SignatureAlgorithm("ES512") // ECDSA using P-521 and SHA-512
+	PS256 = SignatureAlgorithm("PS256") // RSASSA-PSS using SHA256 and MGF1-SHA256
+	PS384 = SignatureAlgorithm("PS384") // RSASSA-PSS using SHA384 and MGF1-SHA384
+	PS512 = SignatureAlgorithm("PS512") // RSASSA-PSS using SHA512 and MGF1-SHA512
+)
+
+// Content encryption algorithms
+const (
+	A128CBC_HS256 = ContentEncryption("A128CBC-HS256") // AES-CBC + HMAC-SHA256 (128)
+	A192CBC_HS384 = ContentEncryption("A192CBC-HS384") // AES-CBC + HMAC-SHA384 (192)
+	A256CBC_HS512 = ContentEncryption("A256CBC-HS512") // AES-CBC + HMAC-SHA512 (256)
+	A128GCM       = ContentEncryption("A128GCM")       // AES-GCM (128)
+	A192GCM       = ContentEncryption("A192GCM")       // AES-GCM (192)
+	A256GCM       = ContentEncryption("A256GCM")       // AES-GCM (256)
+)
+
+// Compression algorithms
+const (
+	NONE    = CompressionAlgorithm("")    // No compression
+	DEFLATE = CompressionAlgorithm("DEF") // DEFLATE (RFC 1951)
+)
+
+// A key in the protected header of a JWS object. Use of the Header...
+// constants is preferred to enhance type safety.
+type HeaderKey string
+
+const (
+	HeaderType        HeaderKey = "typ" // string
+	HeaderContentType           = "cty" // string
+
+	// These are set by go-jose and shouldn't need to be set by consumers of the
+	// library.
+	headerAlgorithm   = "alg"  // string
+	headerEncryption  = "enc"  // ContentEncryption
+	headerCompression = "zip"  // CompressionAlgorithm
+	headerCritical    = "crit" // []string
+
+	headerAPU = "apu" // *byteBuffer
+	headerAPV = "apv" // *byteBuffer
+	headerEPK = "epk" // *JSONWebKey
+	headerIV  = "iv"  // *byteBuffer
+	headerTag = "tag" // *byteBuffer
+	headerX5c = "x5c" // []*x509.Certificate
+
+	headerJWK   = "jwk"   // *JSONWebKey
+	headerKeyID = "kid"   // string
+	headerNonce = "nonce" // string
+	headerB64   = "b64"   // bool
+
+	headerP2C = "p2c" // *byteBuffer (int)
+	headerP2S = "p2s" // *byteBuffer ([]byte)
+
+)
+
+// supportedCritical is the set of supported extensions that are understood and processed.
+var supportedCritical = map[string]bool{
+	headerB64: true,
+}
+
+// rawHeader represents the JOSE header for JWE/JWS objects (used for parsing).
+//
+// The decoding of the constituent items is deferred because we want to marshal
+// some members into particular structs rather than generic maps, but at the
+// same time we need to receive any extra fields unhandled by this library to
+// pass through to consuming code in case it wants to examine them.
+type rawHeader map[HeaderKey]*json.RawMessage
+
+// Header represents the read-only JOSE header for JWE/JWS objects.
+type Header struct {
+	KeyID      string
+	JSONWebKey *JSONWebKey
+	Algorithm  string
+	Nonce      string
+
+	// Unverified certificate chain parsed from x5c header.
+	certificates []*x509.Certificate
+
+	// Any headers not recognised above get unmarshalled
+	// from JSON in a generic manner and placed in this map.
+	ExtraHeaders map[HeaderKey]interface{}
+}
+
+// Certificates verifies & returns the certificate chain present
+// in the x5c header field of a message, if one was present. Returns
+// an error if there was no x5c header present or the chain could
+// not be validated with the given verify options.
+func (h Header) Certificates(opts x509.VerifyOptions) ([][]*x509.Certificate, error) {
+	if len(h.certificates) == 0 {
+		return nil, errors.New("go-jose/go-jose: no x5c header present in message")
+	}
+
+	leaf := h.certificates[0]
+	if opts.Intermediates == nil {
+		opts.Intermediates = x509.NewCertPool()
+		for _, intermediate := range h.certificates[1:] {
+			opts.Intermediates.AddCert(intermediate)
+		}
+	}
+
+	return leaf.Verify(opts)
+}
+
+func (parsed rawHeader) set(k HeaderKey, v interface{}) error {
+	b, err := json.Marshal(v)
+	if err != nil {
+		return err
+	}
+
+	parsed[k] = makeRawMessage(b)
+	return nil
+}
+
+// getString gets a string from the raw JSON, defaulting to "".
+func (parsed rawHeader) getString(k HeaderKey) string {
+	v, ok := parsed[k]
+	if !ok || v == nil {
+		return ""
+	}
+	var s string
+	err := json.Unmarshal(*v, &s)
+	if err != nil {
+		return ""
+	}
+	return s
+}
+
+// getByteBuffer gets a byte buffer from the raw JSON. Returns (nil, nil) if
+// not specified.
+func (parsed rawHeader) getByteBuffer(k HeaderKey) (*byteBuffer, error) {
+	v := parsed[k]
+	if v == nil {
+		return nil, nil
+	}
+	var bb *byteBuffer
+	err := json.Unmarshal(*v, &bb)
+	if err != nil {
+		return nil, err
+	}
+	return bb, nil
+}
+
+// getAlgorithm extracts parsed "alg" from the raw JSON as a KeyAlgorithm.
+func (parsed rawHeader) getAlgorithm() KeyAlgorithm {
+	return KeyAlgorithm(parsed.getString(headerAlgorithm))
+}
+
+// getSignatureAlgorithm extracts parsed "alg" from the raw JSON as a SignatureAlgorithm.
+func (parsed rawHeader) getSignatureAlgorithm() SignatureAlgorithm {
+	return SignatureAlgorithm(parsed.getString(headerAlgorithm))
+}
+
+// getEncryption extracts parsed "enc" from the raw JSON.
+func (parsed rawHeader) getEncryption() ContentEncryption {
+	return ContentEncryption(parsed.getString(headerEncryption))
+}
+
+// getCompression extracts parsed "zip" from the raw JSON.
+func (parsed rawHeader) getCompression() CompressionAlgorithm {
+	return CompressionAlgorithm(parsed.getString(headerCompression))
+}
+
+func (parsed rawHeader) getNonce() string {
+	return parsed.getString(headerNonce)
+}
+
+// getEPK extracts parsed "epk" from the raw JSON.
+func (parsed rawHeader) getEPK() (*JSONWebKey, error) {
+	v := parsed[headerEPK]
+	if v == nil {
+		return nil, nil
+	}
+	var epk *JSONWebKey
+	err := json.Unmarshal(*v, &epk)
+	if err != nil {
+		return nil, err
+	}
+	return epk, nil
+}
+
+// getAPU extracts parsed "apu" from the raw JSON.
+func (parsed rawHeader) getAPU() (*byteBuffer, error) {
+	return parsed.getByteBuffer(headerAPU)
+}
+
+// getAPV extracts parsed "apv" from the raw JSON.
+func (parsed rawHeader) getAPV() (*byteBuffer, error) {
+	return parsed.getByteBuffer(headerAPV)
+}
+
+// getIV extracts parsed "iv" from the raw JSON.
+func (parsed rawHeader) getIV() (*byteBuffer, error) {
+	return parsed.getByteBuffer(headerIV)
+}
+
+// getTag extracts parsed "tag" from the raw JSON.
+func (parsed rawHeader) getTag() (*byteBuffer, error) {
+	return parsed.getByteBuffer(headerTag)
+}
+
+// getJWK extracts parsed "jwk" from the raw JSON.
+func (parsed rawHeader) getJWK() (*JSONWebKey, error) {
+	v := parsed[headerJWK]
+	if v == nil {
+		return nil, nil
+	}
+	var jwk *JSONWebKey
+	err := json.Unmarshal(*v, &jwk)
+	if err != nil {
+		return nil, err
+	}
+	return jwk, nil
+}
+
+// getCritical extracts parsed "crit" from the raw JSON. If omitted, it
+// returns an empty slice.
+func (parsed rawHeader) getCritical() ([]string, error) {
+	v := parsed[headerCritical]
+	if v == nil {
+		return nil, nil
+	}
+
+	var q []string
+	err := json.Unmarshal(*v, &q)
+	if err != nil {
+		return nil, err
+	}
+	return q, nil
+}
+
+// getS2C extracts parsed "p2c" from the raw JSON.
+func (parsed rawHeader) getP2C() (int, error) {
+	v := parsed[headerP2C]
+	if v == nil {
+		return 0, nil
+	}
+
+	var p2c int
+	err := json.Unmarshal(*v, &p2c)
+	if err != nil {
+		return 0, err
+	}
+	return p2c, nil
+}
+
+// getS2S extracts parsed "p2s" from the raw JSON.
+func (parsed rawHeader) getP2S() (*byteBuffer, error) {
+	return parsed.getByteBuffer(headerP2S)
+}
+
+// getB64 extracts parsed "b64" from the raw JSON, defaulting to true.
+func (parsed rawHeader) getB64() (bool, error) {
+	v := parsed[headerB64]
+	if v == nil {
+		return true, nil
+	}
+
+	var b64 bool
+	err := json.Unmarshal(*v, &b64)
+	if err != nil {
+		return true, err
+	}
+	return b64, nil
+}
+
+// sanitized produces a cleaned-up header object from the raw JSON.
+func (parsed rawHeader) sanitized() (h Header, err error) {
+	for k, v := range parsed {
+		if v == nil {
+			continue
+		}
+		switch k {
+		case headerJWK:
+			var jwk *JSONWebKey
+			err = json.Unmarshal(*v, &jwk)
+			if err != nil {
+				err = fmt.Errorf("failed to unmarshal JWK: %v: %#v", err, string(*v))
+				return
+			}
+			h.JSONWebKey = jwk
+		case headerKeyID:
+			var s string
+			err = json.Unmarshal(*v, &s)
+			if err != nil {
+				err = fmt.Errorf("failed to unmarshal key ID: %v: %#v", err, string(*v))
+				return
+			}
+			h.KeyID = s
+		case headerAlgorithm:
+			var s string
+			err = json.Unmarshal(*v, &s)
+			if err != nil {
+				err = fmt.Errorf("failed to unmarshal algorithm: %v: %#v", err, string(*v))
+				return
+			}
+			h.Algorithm = s
+		case headerNonce:
+			var s string
+			err = json.Unmarshal(*v, &s)
+			if err != nil {
+				err = fmt.Errorf("failed to unmarshal nonce: %v: %#v", err, string(*v))
+				return
+			}
+			h.Nonce = s
+		case headerX5c:
+			c := []string{}
+			err = json.Unmarshal(*v, &c)
+			if err != nil {
+				err = fmt.Errorf("failed to unmarshal x5c header: %v: %#v", err, string(*v))
+				return
+			}
+			h.certificates, err = parseCertificateChain(c)
+			if err != nil {
+				err = fmt.Errorf("failed to unmarshal x5c header: %v: %#v", err, string(*v))
+				return
+			}
+		default:
+			if h.ExtraHeaders == nil {
+				h.ExtraHeaders = map[HeaderKey]interface{}{}
+			}
+			var v2 interface{}
+			err = json.Unmarshal(*v, &v2)
+			if err != nil {
+				err = fmt.Errorf("failed to unmarshal value: %v: %#v", err, string(*v))
+				return
+			}
+			h.ExtraHeaders[k] = v2
+		}
+	}
+	return
+}
+
+func parseCertificateChain(chain []string) ([]*x509.Certificate, error) {
+	out := make([]*x509.Certificate, len(chain))
+	for i, cert := range chain {
+		raw, err := base64.StdEncoding.DecodeString(cert)
+		if err != nil {
+			return nil, err
+		}
+		out[i], err = x509.ParseCertificate(raw)
+		if err != nil {
+			return nil, err
+		}
+	}
+	return out, nil
+}
+
+func (dst rawHeader) isSet(k HeaderKey) bool {
+	dvr := dst[k]
+	if dvr == nil {
+		return false
+	}
+
+	var dv interface{}
+	err := json.Unmarshal(*dvr, &dv)
+	if err != nil {
+		return true
+	}
+
+	if dvStr, ok := dv.(string); ok {
+		return dvStr != ""
+	}
+
+	return true
+}
+
+// Merge headers from src into dst, giving precedence to headers from l.
+func (dst rawHeader) merge(src *rawHeader) {
+	if src == nil {
+		return
+	}
+
+	for k, v := range *src {
+		if dst.isSet(k) {
+			continue
+		}
+
+		dst[k] = v
+	}
+}
+
+// Get JOSE name of curve
+func curveName(crv elliptic.Curve) (string, error) {
+	switch crv {
+	case elliptic.P256():
+		return "P-256", nil
+	case elliptic.P384():
+		return "P-384", nil
+	case elliptic.P521():
+		return "P-521", nil
+	default:
+		return "", fmt.Errorf("go-jose/go-jose: unsupported/unknown elliptic curve")
+	}
+}
+
+// Get size of curve in bytes
+func curveSize(crv elliptic.Curve) int {
+	bits := crv.Params().BitSize
+
+	div := bits / 8
+	mod := bits % 8
+
+	if mod == 0 {
+		return div
+	}
+
+	return div + 1
+}
+
+func makeRawMessage(b []byte) *json.RawMessage {
+	rm := json.RawMessage(b)
+	return &rm
+}
diff --git a/vendor/gopkg.in/go-jose/go-jose.v2/signing.go b/vendor/gopkg.in/go-jose/go-jose.v2/signing.go
new file mode 100644
index 0000000000..5195a1a916
--- /dev/null
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/signing.go
@@ -0,0 +1,441 @@
+/*-
+ * Copyright 2014 Square Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package jose
+
+import (
+	"bytes"
+	"crypto/ecdsa"
+	"crypto/rsa"
+	"encoding/base64"
+	"errors"
+	"fmt"
+
+	"golang.org/x/crypto/ed25519"
+
+	"gopkg.in/go-jose/go-jose.v2/json"
+)
+
+// NonceSource represents a source of random nonces to go into JWS objects
+type NonceSource interface {
+	Nonce() (string, error)
+}
+
+// Signer represents a signer which takes a payload and produces a signed JWS object.
+type Signer interface {
+	Sign(payload []byte) (*JSONWebSignature, error)
+	Options() SignerOptions
+}
+
+// SigningKey represents an algorithm/key used to sign a message.
+type SigningKey struct {
+	Algorithm SignatureAlgorithm
+	Key       interface{}
+}
+
+// SignerOptions represents options that can be set when creating signers.
+type SignerOptions struct {
+	NonceSource NonceSource
+	EmbedJWK    bool
+
+	// Optional map of additional keys to be inserted into the protected header
+	// of a JWS object. Some specifications which make use of JWS like to insert
+	// additional values here. All values must be JSON-serializable.
+	ExtraHeaders map[HeaderKey]interface{}
+}
+
+// WithHeader adds an arbitrary value to the ExtraHeaders map, initializing it
+// if necessary. It returns itself and so can be used in a fluent style.
+func (so *SignerOptions) WithHeader(k HeaderKey, v interface{}) *SignerOptions {
+	if so.ExtraHeaders == nil {
+		so.ExtraHeaders = map[HeaderKey]interface{}{}
+	}
+	so.ExtraHeaders[k] = v
+	return so
+}
+
+// WithContentType adds a content type ("cty") header and returns the updated
+// SignerOptions.
+func (so *SignerOptions) WithContentType(contentType ContentType) *SignerOptions {
+	return so.WithHeader(HeaderContentType, contentType)
+}
+
+// WithType adds a type ("typ") header and returns the updated SignerOptions.
+func (so *SignerOptions) WithType(typ ContentType) *SignerOptions {
+	return so.WithHeader(HeaderType, typ)
+}
+
+// WithCritical adds the given names to the critical ("crit") header and returns
+// the updated SignerOptions.
+func (so *SignerOptions) WithCritical(names ...string) *SignerOptions {
+	if so.ExtraHeaders[headerCritical] == nil {
+		so.WithHeader(headerCritical, make([]string, 0, len(names)))
+	}
+	crit := so.ExtraHeaders[headerCritical].([]string)
+	so.ExtraHeaders[headerCritical] = append(crit, names...)
+	return so
+}
+
+// WithBase64 adds a base64url-encode payload ("b64") header and returns the updated
+// SignerOptions. When the "b64" value is "false", the payload is not base64 encoded.
+func (so *SignerOptions) WithBase64(b64 bool) *SignerOptions {
+	if !b64 {
+		so.WithHeader(headerB64, b64)
+		so.WithCritical(headerB64)
+	}
+	return so
+}
+
+type payloadSigner interface {
+	signPayload(payload []byte, alg SignatureAlgorithm) (Signature, error)
+}
+
+type payloadVerifier interface {
+	verifyPayload(payload []byte, signature []byte, alg SignatureAlgorithm) error
+}
+
+type genericSigner struct {
+	recipients   []recipientSigInfo
+	nonceSource  NonceSource
+	embedJWK     bool
+	extraHeaders map[HeaderKey]interface{}
+}
+
+type recipientSigInfo struct {
+	sigAlg    SignatureAlgorithm
+	publicKey func() *JSONWebKey
+	signer    payloadSigner
+}
+
+func staticPublicKey(jwk *JSONWebKey) func() *JSONWebKey {
+	return func() *JSONWebKey {
+		return jwk
+	}
+}
+
+// NewSigner creates an appropriate signer based on the key type
+func NewSigner(sig SigningKey, opts *SignerOptions) (Signer, error) {
+	return NewMultiSigner([]SigningKey{sig}, opts)
+}
+
+// NewMultiSigner creates a signer for multiple recipients
+func NewMultiSigner(sigs []SigningKey, opts *SignerOptions) (Signer, error) {
+	signer := &genericSigner{recipients: []recipientSigInfo{}}
+
+	if opts != nil {
+		signer.nonceSource = opts.NonceSource
+		signer.embedJWK = opts.EmbedJWK
+		signer.extraHeaders = opts.ExtraHeaders
+	}
+
+	for _, sig := range sigs {
+		err := signer.addRecipient(sig.Algorithm, sig.Key)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	return signer, nil
+}
+
+// newVerifier creates a verifier based on the key type
+func newVerifier(verificationKey interface{}) (payloadVerifier, error) {
+	switch verificationKey := verificationKey.(type) {
+	case ed25519.PublicKey:
+		return &edEncrypterVerifier{
+			publicKey: verificationKey,
+		}, nil
+	case *rsa.PublicKey:
+		return &rsaEncrypterVerifier{
+			publicKey: verificationKey,
+		}, nil
+	case *ecdsa.PublicKey:
+		return &ecEncrypterVerifier{
+			publicKey: verificationKey,
+		}, nil
+	case []byte:
+		return &symmetricMac{
+			key: verificationKey,
+		}, nil
+	case JSONWebKey:
+		return newVerifier(verificationKey.Key)
+	case *JSONWebKey:
+		return newVerifier(verificationKey.Key)
+	}
+	if ov, ok := verificationKey.(OpaqueVerifier); ok {
+		return &opaqueVerifier{verifier: ov}, nil
+	}
+	return nil, ErrUnsupportedKeyType
+}
+
+func (ctx *genericSigner) addRecipient(alg SignatureAlgorithm, signingKey interface{}) error {
+	recipient, err := makeJWSRecipient(alg, signingKey)
+	if err != nil {
+		return err
+	}
+
+	ctx.recipients = append(ctx.recipients, recipient)
+	return nil
+}
+
+func makeJWSRecipient(alg SignatureAlgorithm, signingKey interface{}) (recipientSigInfo, error) {
+	switch signingKey := signingKey.(type) {
+	case ed25519.PrivateKey:
+		return newEd25519Signer(alg, signingKey)
+	case *rsa.PrivateKey:
+		return newRSASigner(alg, signingKey)
+	case *ecdsa.PrivateKey:
+		return newECDSASigner(alg, signingKey)
+	case []byte:
+		return newSymmetricSigner(alg, signingKey)
+	case JSONWebKey:
+		return newJWKSigner(alg, signingKey)
+	case *JSONWebKey:
+		return newJWKSigner(alg, *signingKey)
+	}
+	if signer, ok := signingKey.(OpaqueSigner); ok {
+		return newOpaqueSigner(alg, signer)
+	}
+	return recipientSigInfo{}, ErrUnsupportedKeyType
+}
+
+func newJWKSigner(alg SignatureAlgorithm, signingKey JSONWebKey) (recipientSigInfo, error) {
+	recipient, err := makeJWSRecipient(alg, signingKey.Key)
+	if err != nil {
+		return recipientSigInfo{}, err
+	}
+	if recipient.publicKey != nil && recipient.publicKey() != nil {
+		// recipient.publicKey is a JWK synthesized for embedding when recipientSigInfo
+		// was created for the inner key (such as a RSA or ECDSA public key). It contains
+		// the pub key for embedding, but doesn't have extra params like key id.
+		publicKey := signingKey
+		publicKey.Key = recipient.publicKey().Key
+		recipient.publicKey = staticPublicKey(&publicKey)
+
+		// This should be impossible, but let's check anyway.
+		if !recipient.publicKey().IsPublic() {
+			return recipientSigInfo{}, errors.New("go-jose/go-jose: public key was unexpectedly not public")
+		}
+	}
+	return recipient, nil
+}
+
+func (ctx *genericSigner) Sign(payload []byte) (*JSONWebSignature, error) {
+	obj := &JSONWebSignature{}
+	obj.payload = payload
+	obj.Signatures = make([]Signature, len(ctx.recipients))
+
+	for i, recipient := range ctx.recipients {
+		protected := map[HeaderKey]interface{}{
+			headerAlgorithm: string(recipient.sigAlg),
+		}
+
+		if recipient.publicKey != nil && recipient.publicKey() != nil {
+			// We want to embed the JWK or set the kid header, but not both. Having a protected
+			// header that contains an embedded JWK while also simultaneously containing the kid
+			// header is confusing, and at least in ACME the two are considered to be mutually
+			// exclusive. The fact that both can exist at the same time is a somewhat unfortunate
+			// result of the JOSE spec. We've decided that this library will only include one or
+			// the other to avoid this confusion.
+			//
+			// See https://github.com/go-jose/go-jose/issues/157 for more context.
+			if ctx.embedJWK {
+				protected[headerJWK] = recipient.publicKey()
+			} else {
+				keyID := recipient.publicKey().KeyID
+				if keyID != "" {
+					protected[headerKeyID] = keyID
+				}
+			}
+		}
+
+		if ctx.nonceSource != nil {
+			nonce, err := ctx.nonceSource.Nonce()
+			if err != nil {
+				return nil, fmt.Errorf("go-jose/go-jose: Error generating nonce: %v", err)
+			}
+			protected[headerNonce] = nonce
+		}
+
+		for k, v := range ctx.extraHeaders {
+			protected[k] = v
+		}
+
+		serializedProtected := mustSerializeJSON(protected)
+		needsBase64 := true
+
+		if b64, ok := protected[headerB64]; ok {
+			if needsBase64, ok = b64.(bool); !ok {
+				return nil, errors.New("go-jose/go-jose: Invalid b64 header parameter")
+			}
+		}
+
+		var input bytes.Buffer
+
+		input.WriteString(base64.RawURLEncoding.EncodeToString(serializedProtected))
+		input.WriteByte('.')
+
+		if needsBase64 {
+			input.WriteString(base64.RawURLEncoding.EncodeToString(payload))
+		} else {
+			input.Write(payload)
+		}
+
+		signatureInfo, err := recipient.signer.signPayload(input.Bytes(), recipient.sigAlg)
+		if err != nil {
+			return nil, err
+		}
+
+		signatureInfo.protected = &rawHeader{}
+		for k, v := range protected {
+			b, err := json.Marshal(v)
+			if err != nil {
+				return nil, fmt.Errorf("go-jose/go-jose: Error marshalling item %#v: %v", k, err)
+			}
+			(*signatureInfo.protected)[k] = makeRawMessage(b)
+		}
+		obj.Signatures[i] = signatureInfo
+	}
+
+	return obj, nil
+}
+
+func (ctx *genericSigner) Options() SignerOptions {
+	return SignerOptions{
+		NonceSource:  ctx.nonceSource,
+		EmbedJWK:     ctx.embedJWK,
+		ExtraHeaders: ctx.extraHeaders,
+	}
+}
+
+// Verify validates the signature on the object and returns the payload.
+// This function does not support multi-signature, if you desire multi-sig
+// verification use VerifyMulti instead.
+//
+// Be careful when verifying signatures based on embedded JWKs inside the
+// payload header. You cannot assume that the key received in a payload is
+// trusted.
+func (obj JSONWebSignature) Verify(verificationKey interface{}) ([]byte, error) {
+	err := obj.DetachedVerify(obj.payload, verificationKey)
+	if err != nil {
+		return nil, err
+	}
+	return obj.payload, nil
+}
+
+// UnsafePayloadWithoutVerification returns the payload without
+// verifying it. The content returned from this function cannot be
+// trusted.
+func (obj JSONWebSignature) UnsafePayloadWithoutVerification() []byte {
+	return obj.payload
+}
+
+// DetachedVerify validates a detached signature on the given payload. In
+// most cases, you will probably want to use Verify instead. DetachedVerify
+// is only useful if you have a payload and signature that are separated from
+// each other.
+func (obj JSONWebSignature) DetachedVerify(payload []byte, verificationKey interface{}) error {
+	verifier, err := newVerifier(verificationKey)
+	if err != nil {
+		return err
+	}
+
+	if len(obj.Signatures) > 1 {
+		return errors.New("go-jose/go-jose: too many signatures in payload; expecting only one")
+	}
+
+	signature := obj.Signatures[0]
+	headers := signature.mergedHeaders()
+	critical, err := headers.getCritical()
+	if err != nil {
+		return err
+	}
+
+	for _, name := range critical {
+		if !supportedCritical[name] {
+			return ErrCryptoFailure
+		}
+	}
+
+	input, err := obj.computeAuthData(payload, &signature)
+	if err != nil {
+		return ErrCryptoFailure
+	}
+
+	alg := headers.getSignatureAlgorithm()
+	err = verifier.verifyPayload(input, signature.Signature, alg)
+	if err == nil {
+		return nil
+	}
+
+	return ErrCryptoFailure
+}
+
+// VerifyMulti validates (one of the multiple) signatures on the object and
+// returns the index of the signature that was verified, along with the signature
+// object and the payload. We return the signature and index to guarantee that
+// callers are getting the verified value.
+func (obj JSONWebSignature) VerifyMulti(verificationKey interface{}) (int, Signature, []byte, error) {
+	idx, sig, err := obj.DetachedVerifyMulti(obj.payload, verificationKey)
+	if err != nil {
+		return -1, Signature{}, nil, err
+	}
+	return idx, sig, obj.payload, nil
+}
+
+// DetachedVerifyMulti validates a detached signature on the given payload with
+// a signature/object that has potentially multiple signers. This returns the index
+// of the signature that was verified, along with the signature object. We return
+// the signature and index to guarantee that callers are getting the verified value.
+//
+// In most cases, you will probably want to use Verify or VerifyMulti instead.
+// DetachedVerifyMulti is only useful if you have a payload and signature that are
+// separated from each other, and the signature can have multiple signers at the
+// same time.
+func (obj JSONWebSignature) DetachedVerifyMulti(payload []byte, verificationKey interface{}) (int, Signature, error) {
+	verifier, err := newVerifier(verificationKey)
+	if err != nil {
+		return -1, Signature{}, err
+	}
+
+outer:
+	for i, signature := range obj.Signatures {
+		headers := signature.mergedHeaders()
+		critical, err := headers.getCritical()
+		if err != nil {
+			continue
+		}
+
+		for _, name := range critical {
+			if !supportedCritical[name] {
+				continue outer
+			}
+		}
+
+		input, err := obj.computeAuthData(payload, &signature)
+		if err != nil {
+			continue
+		}
+
+		alg := headers.getSignatureAlgorithm()
+		err = verifier.verifyPayload(input, signature.Signature, alg)
+		if err == nil {
+			return i, signature, nil
+		}
+	}
+
+	return -1, Signature{}, ErrCryptoFailure
+}
diff --git a/vendor/gopkg.in/go-jose/go-jose.v2/symmetric.go b/vendor/gopkg.in/go-jose/go-jose.v2/symmetric.go
new file mode 100644
index 0000000000..2b8076f5f3
--- /dev/null
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/symmetric.go
@@ -0,0 +1,482 @@
+/*-
+ * Copyright 2014 Square Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package jose
+
+import (
+	"bytes"
+	"crypto/aes"
+	"crypto/cipher"
+	"crypto/hmac"
+	"crypto/rand"
+	"crypto/sha256"
+	"crypto/sha512"
+	"crypto/subtle"
+	"errors"
+	"fmt"
+	"hash"
+	"io"
+
+	"golang.org/x/crypto/pbkdf2"
+	"gopkg.in/go-jose/go-jose.v2/cipher"
+)
+
+// Random reader (stubbed out in tests)
+var RandReader = rand.Reader
+
+const (
+	// RFC7518 recommends a minimum of 1,000 iterations:
+	// https://tools.ietf.org/html/rfc7518#section-4.8.1.2
+	// NIST recommends a minimum of 10,000:
+	// https://pages.nist.gov/800-63-3/sp800-63b.html
+	// 1Password uses 100,000:
+	// https://support.1password.com/pbkdf2/
+	defaultP2C = 100000
+	// Default salt size: 128 bits
+	defaultP2SSize = 16
+)
+
+// Dummy key cipher for shared symmetric key mode
+type symmetricKeyCipher struct {
+	key []byte // Pre-shared content-encryption key
+	p2c int    // PBES2 Count
+	p2s []byte // PBES2 Salt Input
+}
+
+// Signer/verifier for MAC modes
+type symmetricMac struct {
+	key []byte
+}
+
+// Input/output from an AEAD operation
+type aeadParts struct {
+	iv, ciphertext, tag []byte
+}
+
+// A content cipher based on an AEAD construction
+type aeadContentCipher struct {
+	keyBytes     int
+	authtagBytes int
+	getAead      func(key []byte) (cipher.AEAD, error)
+}
+
+// Random key generator
+type randomKeyGenerator struct {
+	size int
+}
+
+// Static key generator
+type staticKeyGenerator struct {
+	key []byte
+}
+
+// Create a new content cipher based on AES-GCM
+func newAESGCM(keySize int) contentCipher {
+	return &aeadContentCipher{
+		keyBytes:     keySize,
+		authtagBytes: 16,
+		getAead: func(key []byte) (cipher.AEAD, error) {
+			aes, err := aes.NewCipher(key)
+			if err != nil {
+				return nil, err
+			}
+
+			return cipher.NewGCM(aes)
+		},
+	}
+}
+
+// Create a new content cipher based on AES-CBC+HMAC
+func newAESCBC(keySize int) contentCipher {
+	return &aeadContentCipher{
+		keyBytes:     keySize * 2,
+		authtagBytes: keySize,
+		getAead: func(key []byte) (cipher.AEAD, error) {
+			return josecipher.NewCBCHMAC(key, aes.NewCipher)
+		},
+	}
+}
+
+// Get an AEAD cipher object for the given content encryption algorithm
+func getContentCipher(alg ContentEncryption) contentCipher {
+	switch alg {
+	case A128GCM:
+		return newAESGCM(16)
+	case A192GCM:
+		return newAESGCM(24)
+	case A256GCM:
+		return newAESGCM(32)
+	case A128CBC_HS256:
+		return newAESCBC(16)
+	case A192CBC_HS384:
+		return newAESCBC(24)
+	case A256CBC_HS512:
+		return newAESCBC(32)
+	default:
+		return nil
+	}
+}
+
+// getPbkdf2Params returns the key length and hash function used in
+// pbkdf2.Key.
+func getPbkdf2Params(alg KeyAlgorithm) (int, func() hash.Hash) {
+	switch alg {
+	case PBES2_HS256_A128KW:
+		return 16, sha256.New
+	case PBES2_HS384_A192KW:
+		return 24, sha512.New384
+	case PBES2_HS512_A256KW:
+		return 32, sha512.New
+	default:
+		panic("invalid algorithm")
+	}
+}
+
+// getRandomSalt generates a new salt of the given size.
+func getRandomSalt(size int) ([]byte, error) {
+	salt := make([]byte, size)
+	_, err := io.ReadFull(RandReader, salt)
+	if err != nil {
+		return nil, err
+	}
+
+	return salt, nil
+}
+
+// newSymmetricRecipient creates a JWE encrypter based on AES-GCM key wrap.
+func newSymmetricRecipient(keyAlg KeyAlgorithm, key []byte) (recipientKeyInfo, error) {
+	switch keyAlg {
+	case DIRECT, A128GCMKW, A192GCMKW, A256GCMKW, A128KW, A192KW, A256KW:
+	case PBES2_HS256_A128KW, PBES2_HS384_A192KW, PBES2_HS512_A256KW:
+	default:
+		return recipientKeyInfo{}, ErrUnsupportedAlgorithm
+	}
+
+	return recipientKeyInfo{
+		keyAlg: keyAlg,
+		keyEncrypter: &symmetricKeyCipher{
+			key: key,
+		},
+	}, nil
+}
+
+// newSymmetricSigner creates a recipientSigInfo based on the given key.
+func newSymmetricSigner(sigAlg SignatureAlgorithm, key []byte) (recipientSigInfo, error) {
+	// Verify that key management algorithm is supported by this encrypter
+	switch sigAlg {
+	case HS256, HS384, HS512:
+	default:
+		return recipientSigInfo{}, ErrUnsupportedAlgorithm
+	}
+
+	return recipientSigInfo{
+		sigAlg: sigAlg,
+		signer: &symmetricMac{
+			key: key,
+		},
+	}, nil
+}
+
+// Generate a random key for the given content cipher
+func (ctx randomKeyGenerator) genKey() ([]byte, rawHeader, error) {
+	key := make([]byte, ctx.size)
+	_, err := io.ReadFull(RandReader, key)
+	if err != nil {
+		return nil, rawHeader{}, err
+	}
+
+	return key, rawHeader{}, nil
+}
+
+// Key size for random generator
+func (ctx randomKeyGenerator) keySize() int {
+	return ctx.size
+}
+
+// Generate a static key (for direct mode)
+func (ctx staticKeyGenerator) genKey() ([]byte, rawHeader, error) {
+	cek := make([]byte, len(ctx.key))
+	copy(cek, ctx.key)
+	return cek, rawHeader{}, nil
+}
+
+// Key size for static generator
+func (ctx staticKeyGenerator) keySize() int {
+	return len(ctx.key)
+}
+
+// Get key size for this cipher
+func (ctx aeadContentCipher) keySize() int {
+	return ctx.keyBytes
+}
+
+// Encrypt some data
+func (ctx aeadContentCipher) encrypt(key, aad, pt []byte) (*aeadParts, error) {
+	// Get a new AEAD instance
+	aead, err := ctx.getAead(key)
+	if err != nil {
+		return nil, err
+	}
+
+	// Initialize a new nonce
+	iv := make([]byte, aead.NonceSize())
+	_, err = io.ReadFull(RandReader, iv)
+	if err != nil {
+		return nil, err
+	}
+
+	ciphertextAndTag := aead.Seal(nil, iv, pt, aad)
+	offset := len(ciphertextAndTag) - ctx.authtagBytes
+
+	return &aeadParts{
+		iv:         iv,
+		ciphertext: ciphertextAndTag[:offset],
+		tag:        ciphertextAndTag[offset:],
+	}, nil
+}
+
+// Decrypt some data
+func (ctx aeadContentCipher) decrypt(key, aad []byte, parts *aeadParts) ([]byte, error) {
+	aead, err := ctx.getAead(key)
+	if err != nil {
+		return nil, err
+	}
+
+	if len(parts.iv) != aead.NonceSize() || len(parts.tag) < ctx.authtagBytes {
+		return nil, ErrCryptoFailure
+	}
+
+	return aead.Open(nil, parts.iv, append(parts.ciphertext, parts.tag...), aad)
+}
+
+// Encrypt the content encryption key.
+func (ctx *symmetricKeyCipher) encryptKey(cek []byte, alg KeyAlgorithm) (recipientInfo, error) {
+	switch alg {
+	case DIRECT:
+		return recipientInfo{
+			header: &rawHeader{},
+		}, nil
+	case A128GCMKW, A192GCMKW, A256GCMKW:
+		aead := newAESGCM(len(ctx.key))
+
+		parts, err := aead.encrypt(ctx.key, []byte{}, cek)
+		if err != nil {
+			return recipientInfo{}, err
+		}
+
+		header := &rawHeader{}
+		header.set(headerIV, newBuffer(parts.iv))
+		header.set(headerTag, newBuffer(parts.tag))
+
+		return recipientInfo{
+			header:       header,
+			encryptedKey: parts.ciphertext,
+		}, nil
+	case A128KW, A192KW, A256KW:
+		block, err := aes.NewCipher(ctx.key)
+		if err != nil {
+			return recipientInfo{}, err
+		}
+
+		jek, err := josecipher.KeyWrap(block, cek)
+		if err != nil {
+			return recipientInfo{}, err
+		}
+
+		return recipientInfo{
+			encryptedKey: jek,
+			header:       &rawHeader{},
+		}, nil
+	case PBES2_HS256_A128KW, PBES2_HS384_A192KW, PBES2_HS512_A256KW:
+		if len(ctx.p2s) == 0 {
+			salt, err := getRandomSalt(defaultP2SSize)
+			if err != nil {
+				return recipientInfo{}, err
+			}
+			ctx.p2s = salt
+		}
+
+		if ctx.p2c <= 0 {
+			ctx.p2c = defaultP2C
+		}
+
+		// salt is UTF8(Alg) || 0x00 || Salt Input
+		salt := bytes.Join([][]byte{[]byte(alg), ctx.p2s}, []byte{0x00})
+
+		// derive key
+		keyLen, h := getPbkdf2Params(alg)
+		key := pbkdf2.Key(ctx.key, salt, ctx.p2c, keyLen, h)
+
+		// use AES cipher with derived key
+		block, err := aes.NewCipher(key)
+		if err != nil {
+			return recipientInfo{}, err
+		}
+
+		jek, err := josecipher.KeyWrap(block, cek)
+		if err != nil {
+			return recipientInfo{}, err
+		}
+
+		header := &rawHeader{}
+		header.set(headerP2C, ctx.p2c)
+		header.set(headerP2S, newBuffer(ctx.p2s))
+
+		return recipientInfo{
+			encryptedKey: jek,
+			header:       header,
+		}, nil
+	}
+
+	return recipientInfo{}, ErrUnsupportedAlgorithm
+}
+
+// Decrypt the content encryption key.
+func (ctx *symmetricKeyCipher) decryptKey(headers rawHeader, recipient *recipientInfo, generator keyGenerator) ([]byte, error) {
+	switch headers.getAlgorithm() {
+	case DIRECT:
+		cek := make([]byte, len(ctx.key))
+		copy(cek, ctx.key)
+		return cek, nil
+	case A128GCMKW, A192GCMKW, A256GCMKW:
+		aead := newAESGCM(len(ctx.key))
+
+		iv, err := headers.getIV()
+		if err != nil {
+			return nil, fmt.Errorf("go-jose/go-jose: invalid IV: %v", err)
+		}
+		tag, err := headers.getTag()
+		if err != nil {
+			return nil, fmt.Errorf("go-jose/go-jose: invalid tag: %v", err)
+		}
+
+		parts := &aeadParts{
+			iv:         iv.bytes(),
+			ciphertext: recipient.encryptedKey,
+			tag:        tag.bytes(),
+		}
+
+		cek, err := aead.decrypt(ctx.key, []byte{}, parts)
+		if err != nil {
+			return nil, err
+		}
+
+		return cek, nil
+	case A128KW, A192KW, A256KW:
+		block, err := aes.NewCipher(ctx.key)
+		if err != nil {
+			return nil, err
+		}
+
+		cek, err := josecipher.KeyUnwrap(block, recipient.encryptedKey)
+		if err != nil {
+			return nil, err
+		}
+		return cek, nil
+	case PBES2_HS256_A128KW, PBES2_HS384_A192KW, PBES2_HS512_A256KW:
+		p2s, err := headers.getP2S()
+		if err != nil {
+			return nil, fmt.Errorf("go-jose/go-jose: invalid P2S: %v", err)
+		}
+		if p2s == nil || len(p2s.data) == 0 {
+			return nil, fmt.Errorf("go-jose/go-jose: invalid P2S: must be present")
+		}
+
+		p2c, err := headers.getP2C()
+		if err != nil {
+			return nil, fmt.Errorf("go-jose/go-jose: invalid P2C: %v", err)
+		}
+		if p2c <= 0 {
+			return nil, fmt.Errorf("go-jose/go-jose: invalid P2C: must be a positive integer")
+		}
+
+		// salt is UTF8(Alg) || 0x00 || Salt Input
+		alg := headers.getAlgorithm()
+		salt := bytes.Join([][]byte{[]byte(alg), p2s.bytes()}, []byte{0x00})
+
+		// derive key
+		keyLen, h := getPbkdf2Params(alg)
+		key := pbkdf2.Key(ctx.key, salt, p2c, keyLen, h)
+
+		// use AES cipher with derived key
+		block, err := aes.NewCipher(key)
+		if err != nil {
+			return nil, err
+		}
+
+		cek, err := josecipher.KeyUnwrap(block, recipient.encryptedKey)
+		if err != nil {
+			return nil, err
+		}
+		return cek, nil
+	}
+
+	return nil, ErrUnsupportedAlgorithm
+}
+
+// Sign the given payload
+func (ctx symmetricMac) signPayload(payload []byte, alg SignatureAlgorithm) (Signature, error) {
+	mac, err := ctx.hmac(payload, alg)
+	if err != nil {
+		return Signature{}, errors.New("go-jose/go-jose: failed to compute hmac")
+	}
+
+	return Signature{
+		Signature: mac,
+		protected: &rawHeader{},
+	}, nil
+}
+
+// Verify the given payload
+func (ctx symmetricMac) verifyPayload(payload []byte, mac []byte, alg SignatureAlgorithm) error {
+	expected, err := ctx.hmac(payload, alg)
+	if err != nil {
+		return errors.New("go-jose/go-jose: failed to compute hmac")
+	}
+
+	if len(mac) != len(expected) {
+		return errors.New("go-jose/go-jose: invalid hmac")
+	}
+
+	match := subtle.ConstantTimeCompare(mac, expected)
+	if match != 1 {
+		return errors.New("go-jose/go-jose: invalid hmac")
+	}
+
+	return nil
+}
+
+// Compute the HMAC based on the given alg value
+func (ctx symmetricMac) hmac(payload []byte, alg SignatureAlgorithm) ([]byte, error) {
+	var hash func() hash.Hash
+
+	switch alg {
+	case HS256:
+		hash = sha256.New
+	case HS384:
+		hash = sha512.New384
+	case HS512:
+		hash = sha512.New
+	default:
+		return nil, ErrUnsupportedAlgorithm
+	}
+
+	hmac := hmac.New(hash, ctx.key)
+
+	// According to documentation, Write() on hash never fails
+	_, _ = hmac.Write(payload)
+	return hmac.Sum(nil), nil
+}
diff --git a/vendor/k8s.io/api/admissionregistration/v1/generated.proto b/vendor/k8s.io/api/admissionregistration/v1/generated.proto
index cdf1f47655..a8903621c8 100644
--- a/vendor/k8s.io/api/admissionregistration/v1/generated.proto
+++ b/vendor/k8s.io/api/admissionregistration/v1/generated.proto
@@ -215,7 +215,7 @@ message MutatingWebhook {
   //      - If failurePolicy=Fail, reject the request
   //      - If failurePolicy=Ignore, the error is ignored and the webhook is skipped
   //
-  // This is an alpha feature and managed by the AdmissionWebhookMatchConditions feature gate.
+  // This is a beta feature and managed by the AdmissionWebhookMatchConditions feature gate.
   //
   // +patchMergeKey=name
   // +patchStrategy=merge
@@ -473,7 +473,7 @@ message ValidatingWebhook {
   //      - If failurePolicy=Fail, reject the request
   //      - If failurePolicy=Ignore, the error is ignored and the webhook is skipped
   //
-  // This is an alpha feature and managed by the AdmissionWebhookMatchConditions feature gate.
+  // This is a beta feature and managed by the AdmissionWebhookMatchConditions feature gate.
   //
   // +patchMergeKey=name
   // +patchStrategy=merge
diff --git a/vendor/k8s.io/api/admissionregistration/v1/types.go b/vendor/k8s.io/api/admissionregistration/v1/types.go
index 74f17d54a2..07ed7a6246 100644
--- a/vendor/k8s.io/api/admissionregistration/v1/types.go
+++ b/vendor/k8s.io/api/admissionregistration/v1/types.go
@@ -320,7 +320,7 @@ type ValidatingWebhook struct {
 	//      - If failurePolicy=Fail, reject the request
 	//      - If failurePolicy=Ignore, the error is ignored and the webhook is skipped
 	//
-	// This is an alpha feature and managed by the AdmissionWebhookMatchConditions feature gate.
+	// This is a beta feature and managed by the AdmissionWebhookMatchConditions feature gate.
 	//
 	// +patchMergeKey=name
 	// +patchStrategy=merge
@@ -489,7 +489,7 @@ type MutatingWebhook struct {
 	//      - If failurePolicy=Fail, reject the request
 	//      - If failurePolicy=Ignore, the error is ignored and the webhook is skipped
 	//
-	// This is an alpha feature and managed by the AdmissionWebhookMatchConditions feature gate.
+	// This is a beta feature and managed by the AdmissionWebhookMatchConditions feature gate.
 	//
 	// +patchMergeKey=name
 	// +patchStrategy=merge
diff --git a/vendor/k8s.io/api/admissionregistration/v1/types_swagger_doc_generated.go b/vendor/k8s.io/api/admissionregistration/v1/types_swagger_doc_generated.go
index ce306b307a..c41cceb2f2 100644
--- a/vendor/k8s.io/api/admissionregistration/v1/types_swagger_doc_generated.go
+++ b/vendor/k8s.io/api/admissionregistration/v1/types_swagger_doc_generated.go
@@ -50,7 +50,7 @@ var map_MutatingWebhook = map[string]string{
 	"timeoutSeconds":          "TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds.",
 	"admissionReviewVersions": "AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy.",
 	"reinvocationPolicy":      "reinvocationPolicy indicates whether this webhook should be called multiple times as part of a single admission evaluation. Allowed values are \"Never\" and \"IfNeeded\".\n\nNever: the webhook will not be called more than once in a single admission evaluation.\n\nIfNeeded: the webhook will be called at least one additional time as part of the admission evaluation if the object being admitted is modified by other admission plugins after the initial webhook call. Webhooks that specify this option *must* be idempotent, able to process objects they previously admitted. Note: * the number of additional invocations is not guaranteed to be exactly one. * if additional invocations result in further modifications to the object, webhooks are not guaranteed to be invoked again. * webhooks that use this option may be reordered to minimize the number of additional invocations. * to validate an object after all mutations are guaranteed complete, use a validating admission webhook instead.\n\nDefaults to \"Never\".",
-	"matchConditions":         "MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.\n\nThe exact matching logic is (in order):\n  1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.\n  2. If ALL matchConditions evaluate to TRUE, the webhook is called.\n  3. If any matchCondition evaluates to an error (but none are FALSE):\n     - If failurePolicy=Fail, reject the request\n     - If failurePolicy=Ignore, the error is ignored and the webhook is skipped\n\nThis is an alpha feature and managed by the AdmissionWebhookMatchConditions feature gate.",
+	"matchConditions":         "MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.\n\nThe exact matching logic is (in order):\n  1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.\n  2. If ALL matchConditions evaluate to TRUE, the webhook is called.\n  3. If any matchCondition evaluates to an error (but none are FALSE):\n     - If failurePolicy=Fail, reject the request\n     - If failurePolicy=Ignore, the error is ignored and the webhook is skipped\n\nThis is a beta feature and managed by the AdmissionWebhookMatchConditions feature gate.",
 }
 
 func (MutatingWebhook) SwaggerDoc() map[string]string {
@@ -122,7 +122,7 @@ var map_ValidatingWebhook = map[string]string{
 	"sideEffects":             "SideEffects states whether this webhook has side effects. Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission chain and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.",
 	"timeoutSeconds":          "TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds.",
 	"admissionReviewVersions": "AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy.",
-	"matchConditions":         "MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.\n\nThe exact matching logic is (in order):\n  1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.\n  2. If ALL matchConditions evaluate to TRUE, the webhook is called.\n  3. If any matchCondition evaluates to an error (but none are FALSE):\n     - If failurePolicy=Fail, reject the request\n     - If failurePolicy=Ignore, the error is ignored and the webhook is skipped\n\nThis is an alpha feature and managed by the AdmissionWebhookMatchConditions feature gate.",
+	"matchConditions":         "MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.\n\nThe exact matching logic is (in order):\n  1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.\n  2. If ALL matchConditions evaluate to TRUE, the webhook is called.\n  3. If any matchCondition evaluates to an error (but none are FALSE):\n     - If failurePolicy=Fail, reject the request\n     - If failurePolicy=Ignore, the error is ignored and the webhook is skipped\n\nThis is a beta feature and managed by the AdmissionWebhookMatchConditions feature gate.",
 }
 
 func (ValidatingWebhook) SwaggerDoc() map[string]string {
diff --git a/vendor/k8s.io/api/admissionregistration/v1alpha1/generated.pb.go b/vendor/k8s.io/api/admissionregistration/v1alpha1/generated.pb.go
index 7465350263..4f1373ec5a 100644
--- a/vendor/k8s.io/api/admissionregistration/v1alpha1/generated.pb.go
+++ b/vendor/k8s.io/api/admissionregistration/v1alpha1/generated.pb.go
@@ -493,6 +493,34 @@ func (m *Validation) XXX_DiscardUnknown() {
 
 var xxx_messageInfo_Validation proto.InternalMessageInfo
 
+func (m *Variable) Reset()      { *m = Variable{} }
+func (*Variable) ProtoMessage() {}
+func (*Variable) Descriptor() ([]byte, []int) {
+	return fileDescriptor_c3be8d256e3ae3cf, []int{16}
+}
+func (m *Variable) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Variable) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *Variable) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Variable.Merge(m, src)
+}
+func (m *Variable) XXX_Size() int {
+	return m.Size()
+}
+func (m *Variable) XXX_DiscardUnknown() {
+	xxx_messageInfo_Variable.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Variable proto.InternalMessageInfo
+
 func init() {
 	proto.RegisterType((*AuditAnnotation)(nil), "k8s.io.api.admissionregistration.v1alpha1.AuditAnnotation")
 	proto.RegisterType((*ExpressionWarning)(nil), "k8s.io.api.admissionregistration.v1alpha1.ExpressionWarning")
@@ -510,6 +538,7 @@ func init() {
 	proto.RegisterType((*ValidatingAdmissionPolicySpec)(nil), "k8s.io.api.admissionregistration.v1alpha1.ValidatingAdmissionPolicySpec")
 	proto.RegisterType((*ValidatingAdmissionPolicyStatus)(nil), "k8s.io.api.admissionregistration.v1alpha1.ValidatingAdmissionPolicyStatus")
 	proto.RegisterType((*Validation)(nil), "k8s.io.api.admissionregistration.v1alpha1.Validation")
+	proto.RegisterType((*Variable)(nil), "k8s.io.api.admissionregistration.v1alpha1.Variable")
 }
 
 func init() {
@@ -517,95 +546,102 @@ func init() {
 }
 
 var fileDescriptor_c3be8d256e3ae3cf = []byte{
-	// 1407 bytes of a gzipped FileDescriptorProto
+	// 1509 bytes of a gzipped FileDescriptorProto
 	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x58, 0xcb, 0x6f, 0x1b, 0x45,
-	0x18, 0xcf, 0xc6, 0x4e, 0x9a, 0x8c, 0xf3, 0xb0, 0x87, 0x56, 0x75, 0x23, 0x6a, 0x47, 0xab, 0x0a,
-	0x35, 0x12, 0xec, 0x92, 0xb4, 0x50, 0x40, 0x48, 0x28, 0xdb, 0x17, 0x7d, 0xa4, 0x89, 0xa6, 0x28,
-	0x91, 0x10, 0x95, 0x98, 0xec, 0x4e, 0xec, 0xa9, 0xbd, 0x0f, 0x76, 0xd6, 0xa1, 0x11, 0x48, 0x54,
-	0xe2, 0x02, 0x37, 0x0e, 0x5c, 0xf8, 0x5f, 0xb8, 0x70, 0xeb, 0xb1, 0xc7, 0x72, 0xc0, 0x22, 0xe6,
-	0xc2, 0x5f, 0x00, 0x52, 0x2e, 0xa0, 0x99, 0x9d, 0x7d, 0x3b, 0xc4, 0x2e, 0x81, 0x9b, 0xf7, 0x7b,
-	0xfc, 0x7e, 0xf3, 0x7d, 0xf3, 0x7d, 0x33, 0xdf, 0x18, 0xa0, 0xce, 0x3b, 0x4c, 0xa3, 0xae, 0xde,
-	0xe9, 0xed, 0x12, 0xdf, 0x21, 0x01, 0x61, 0xfa, 0x3e, 0x71, 0x2c, 0xd7, 0xd7, 0xa5, 0x02, 0x7b,
-	0x54, 0xc7, 0x96, 0x4d, 0x19, 0xa3, 0xae, 0xe3, 0x93, 0x16, 0x65, 0x81, 0x8f, 0x03, 0xea, 0x3a,
-	0xfa, 0xfe, 0x2a, 0xee, 0x7a, 0x6d, 0xbc, 0xaa, 0xb7, 0x88, 0x43, 0x7c, 0x1c, 0x10, 0x4b, 0xf3,
-	0x7c, 0x37, 0x70, 0xe1, 0x4a, 0xe8, 0xaa, 0x61, 0x8f, 0x6a, 0x43, 0x5d, 0xb5, 0xc8, 0x75, 0xe9,
-	0x8d, 0x16, 0x0d, 0xda, 0xbd, 0x5d, 0xcd, 0x74, 0x6d, 0xbd, 0xe5, 0xb6, 0x5c, 0x5d, 0x20, 0xec,
-	0xf6, 0xf6, 0xc4, 0x97, 0xf8, 0x10, 0xbf, 0x42, 0xe4, 0xa5, 0x2b, 0x23, 0x2c, 0x2a, 0xbf, 0x9c,
-	0xa5, 0xab, 0x89, 0x93, 0x8d, 0xcd, 0x36, 0x75, 0x88, 0x7f, 0xa0, 0x7b, 0x9d, 0x16, 0x17, 0x30,
-	0xdd, 0x26, 0x01, 0x1e, 0xe6, 0xa5, 0x1f, 0xe7, 0xe5, 0xf7, 0x9c, 0x80, 0xda, 0xa4, 0xe0, 0xf0,
-	0xf6, 0x49, 0x0e, 0xcc, 0x6c, 0x13, 0x1b, 0xe7, 0xfd, 0x54, 0x06, 0x16, 0xd7, 0x7b, 0x16, 0x0d,
-	0xd6, 0x1d, 0xc7, 0x0d, 0x44, 0x10, 0xf0, 0x22, 0x28, 0x75, 0xc8, 0x41, 0x5d, 0x59, 0x56, 0x2e,
-	0xcf, 0x1a, 0x95, 0x67, 0xfd, 0xe6, 0xc4, 0xa0, 0xdf, 0x2c, 0xdd, 0x23, 0x07, 0x88, 0xcb, 0xe1,
-	0x3a, 0x58, 0xdc, 0xc7, 0xdd, 0x1e, 0xb9, 0xf9, 0xc4, 0xf3, 0x89, 0x48, 0x41, 0x7d, 0x52, 0x98,
-	0x9e, 0x97, 0xa6, 0x8b, 0xdb, 0x59, 0x35, 0xca, 0xdb, 0xab, 0x5d, 0x50, 0x4b, 0xbe, 0x76, 0xb0,
-	0xef, 0x50, 0xa7, 0x05, 0x5f, 0x07, 0x33, 0x7b, 0x94, 0x74, 0x2d, 0x44, 0xf6, 0x24, 0x60, 0x55,
-	0x02, 0xce, 0xdc, 0x92, 0x72, 0x14, 0x5b, 0xc0, 0x15, 0x70, 0xe6, 0xf3, 0xd0, 0xb1, 0x5e, 0x12,
-	0xc6, 0x8b, 0xd2, 0xf8, 0x8c, 0xc4, 0x43, 0x91, 0x5e, 0xdd, 0x03, 0x0b, 0x1b, 0x38, 0x30, 0xdb,
-	0xd7, 0x5d, 0xc7, 0xa2, 0x22, 0xc2, 0x65, 0x50, 0x76, 0xb0, 0x4d, 0x64, 0x88, 0x73, 0xd2, 0xb3,
-	0xfc, 0x00, 0xdb, 0x04, 0x09, 0x0d, 0x5c, 0x03, 0x80, 0xe4, 0xe3, 0x83, 0xd2, 0x0e, 0xa4, 0x42,
-	0x4b, 0x59, 0xa9, 0x3f, 0x97, 0x25, 0x11, 0x22, 0xcc, 0xed, 0xf9, 0x26, 0x61, 0xf0, 0x09, 0xa8,
-	0x71, 0x38, 0xe6, 0x61, 0x93, 0x3c, 0x24, 0x5d, 0x62, 0x06, 0xae, 0x2f, 0x58, 0x2b, 0x6b, 0x57,
-	0xb4, 0xa4, 0x4e, 0xe3, 0x1d, 0xd3, 0xbc, 0x4e, 0x8b, 0x0b, 0x98, 0xc6, 0x0b, 0x43, 0xdb, 0x5f,
-	0xd5, 0xee, 0xe3, 0x5d, 0xd2, 0x8d, 0x5c, 0x8d, 0x73, 0x83, 0x7e, 0xb3, 0xf6, 0x20, 0x8f, 0x88,
-	0x8a, 0x24, 0xd0, 0x05, 0x0b, 0xee, 0xee, 0x63, 0x62, 0x06, 0x31, 0xed, 0xe4, 0xcb, 0xd3, 0xc2,
-	0x41, 0xbf, 0xb9, 0xb0, 0x99, 0x81, 0x43, 0x39, 0x78, 0xf8, 0x15, 0x98, 0xf7, 0x65, 0xdc, 0xa8,
-	0xd7, 0x25, 0xac, 0x5e, 0x5a, 0x2e, 0x5d, 0xae, 0xac, 0x19, 0xda, 0xc8, 0xed, 0xa8, 0xf1, 0xc0,
-	0x2c, 0xee, 0xbc, 0x43, 0x83, 0xf6, 0xa6, 0x47, 0x42, 0x3d, 0x33, 0xce, 0xc9, 0xc4, 0xcf, 0xa3,
-	0x34, 0x01, 0xca, 0xf2, 0xc1, 0xef, 0x15, 0x70, 0x96, 0x3c, 0x31, 0xbb, 0x3d, 0x8b, 0x64, 0xec,
-	0xea, 0xe5, 0x53, 0x5b, 0xc8, 0xab, 0x72, 0x21, 0x67, 0x6f, 0x0e, 0xe1, 0x41, 0x43, 0xd9, 0xe1,
-	0x0d, 0x50, 0xb1, 0x79, 0x51, 0x6c, 0xb9, 0x5d, 0x6a, 0x1e, 0xd4, 0xcf, 0x88, 0x52, 0x52, 0x07,
-	0xfd, 0x66, 0x65, 0x23, 0x11, 0x1f, 0xf5, 0x9b, 0x8b, 0xa9, 0xcf, 0x8f, 0x0e, 0x3c, 0x82, 0xd2,
-	0x6e, 0xea, 0x0b, 0x05, 0x9c, 0x3f, 0x66, 0x55, 0xf0, 0x5a, 0x92, 0x79, 0x51, 0x1a, 0x75, 0x65,
-	0xb9, 0x74, 0x79, 0xd6, 0xa8, 0xa5, 0x33, 0x26, 0x14, 0x28, 0x6b, 0x07, 0xbf, 0x56, 0x00, 0xf4,
-	0x0b, 0x78, 0xb2, 0x50, 0xae, 0x8d, 0x92, 0x2f, 0x6d, 0x48, 0x92, 0x96, 0x64, 0x92, 0x60, 0x51,
-	0x87, 0x86, 0xd0, 0xa9, 0x18, 0xcc, 0x6e, 0x61, 0x1f, 0xdb, 0xf7, 0xa8, 0x63, 0xf1, 0xbe, 0xc3,
-	0x1e, 0xdd, 0x26, 0xbe, 0xe8, 0x3b, 0x25, 0xdb, 0x77, 0xeb, 0x5b, 0x77, 0xa4, 0x06, 0xa5, 0xac,
-	0x78, 0x37, 0x77, 0xa8, 0x63, 0xc9, 0x2e, 0x8d, 0xbb, 0x99, 0xe3, 0x21, 0xa1, 0x51, 0x1f, 0x81,
-	0x19, 0x41, 0xc1, 0x0f, 0x8e, 0x93, 0x7b, 0x5f, 0x07, 0xb3, 0x71, 0x3f, 0x49, 0xd0, 0x9a, 0x34,
-	0x9b, 0x8d, 0x7b, 0x0f, 0x25, 0x36, 0xea, 0x0f, 0x0a, 0x98, 0xe3, 0x5b, 0x76, 0xbd, 0x4d, 0xcc,
-	0x0e, 0x3f, 0xca, 0xbe, 0x51, 0x00, 0x24, 0xf9, 0x03, 0x2e, 0xdc, 0x97, 0xca, 0xda, 0xfb, 0x63,
-	0x14, 0x62, 0xe1, 0x94, 0x4c, 0xb2, 0x5b, 0x50, 0x31, 0x34, 0x84, 0x53, 0xfd, 0x65, 0x12, 0x5c,
-	0xd8, 0xc6, 0x5d, 0x6a, 0xe1, 0x80, 0x3a, 0xad, 0xf5, 0x88, 0x2e, 0x2c, 0x2b, 0xf8, 0x29, 0x98,
-	0xe1, 0x1d, 0x6f, 0xe1, 0x00, 0xcb, 0x63, 0xe9, 0xcd, 0xd1, 0xce, 0x87, 0xf0, 0x30, 0xd8, 0x20,
-	0x01, 0x4e, 0xb6, 0x27, 0x91, 0xa1, 0x18, 0x15, 0x3e, 0x06, 0x65, 0xe6, 0x11, 0x53, 0x16, 0xd5,
-	0x87, 0x63, 0xc4, 0x7e, 0xec, 0xaa, 0x1f, 0x7a, 0xc4, 0x4c, 0x36, 0x8e, 0x7f, 0x21, 0xc1, 0x01,
-	0x7d, 0x30, 0xcd, 0x02, 0x1c, 0xf4, 0x98, 0xb8, 0x12, 0x2a, 0x6b, 0x77, 0x4f, 0x85, 0x4d, 0x20,
-	0x1a, 0x0b, 0x92, 0x6f, 0x3a, 0xfc, 0x46, 0x92, 0x49, 0xfd, 0x53, 0x01, 0xcb, 0xc7, 0xfa, 0x1a,
-	0xd4, 0xb1, 0x78, 0x3d, 0xfc, 0xf7, 0x69, 0xfe, 0x2c, 0x93, 0xe6, 0xcd, 0xd3, 0x08, 0x5c, 0x2e,
-	0xfe, 0xb8, 0x6c, 0xab, 0x7f, 0x28, 0xe0, 0xd2, 0x49, 0xce, 0xf7, 0x29, 0x0b, 0xe0, 0x27, 0x85,
-	0xe8, 0xb5, 0x11, 0x2f, 0x21, 0xca, 0xc2, 0xd8, 0xe3, 0x41, 0x20, 0x92, 0xa4, 0x22, 0xf7, 0xc0,
-	0x14, 0x0d, 0x88, 0xcd, 0x8f, 0x2d, 0xde, 0x5d, 0xf7, 0x4e, 0x31, 0x74, 0x63, 0x5e, 0xf2, 0x4e,
-	0xdd, 0xe1, 0x0c, 0x28, 0x24, 0x52, 0xbf, 0x2d, 0x9d, 0x1c, 0x38, 0xcf, 0x13, 0x3f, 0xcc, 0x3c,
-	0x21, 0x7c, 0x90, 0x1c, 0x38, 0xf1, 0x36, 0x6e, 0xc5, 0x1a, 0x94, 0xb2, 0x82, 0x8f, 0xc0, 0x8c,
-	0x27, 0x8f, 0xaa, 0x21, 0x37, 0xf6, 0x49, 0x11, 0x45, 0xa7, 0x9c, 0x31, 0xc7, 0xb3, 0x15, 0x7d,
-	0xa1, 0x18, 0x12, 0xf6, 0xc0, 0x82, 0x9d, 0x19, 0x51, 0x64, 0xab, 0xbc, 0x3b, 0x06, 0x49, 0x76,
-	0xc6, 0x09, 0x87, 0x83, 0xac, 0x0c, 0xe5, 0x48, 0xe0, 0x0e, 0xa8, 0xed, 0xcb, 0x8c, 0xb9, 0xce,
-	0xba, 0x19, 0xde, 0x33, 0x65, 0x71, 0x4d, 0xad, 0xf0, 0x91, 0x66, 0x3b, 0xaf, 0x3c, 0xea, 0x37,
-	0xab, 0x79, 0x21, 0x2a, 0x62, 0xa8, 0xbf, 0x2b, 0xe0, 0xe2, 0xb1, 0x7b, 0xf1, 0x3f, 0x54, 0x1f,
-	0xcd, 0x56, 0xdf, 0x8d, 0x53, 0xa9, 0xbe, 0xe1, 0x65, 0xf7, 0xe3, 0xd4, 0x3f, 0x84, 0x2a, 0xea,
-	0x0d, 0x83, 0x59, 0x2f, 0xba, 0x49, 0x65, 0xac, 0x57, 0xc7, 0x2d, 0x1e, 0xee, 0x6b, 0xcc, 0xf3,
-	0xab, 0x2e, 0xfe, 0x44, 0x09, 0x2a, 0xfc, 0x02, 0x54, 0x6d, 0x39, 0x4b, 0x73, 0x00, 0xea, 0x04,
-	0xd1, 0xbc, 0xf0, 0x2f, 0x2a, 0xe8, 0xec, 0xa0, 0xdf, 0xac, 0x6e, 0xe4, 0x60, 0x51, 0x81, 0x08,
-	0x76, 0x41, 0x25, 0xa9, 0x80, 0x68, 0xc0, 0x7c, 0xeb, 0x25, 0x52, 0xee, 0x3a, 0xc6, 0x2b, 0x32,
-	0xc7, 0x95, 0x44, 0xc6, 0x50, 0x1a, 0x1e, 0xde, 0x07, 0xf3, 0x7b, 0x98, 0x76, 0x7b, 0x3e, 0x91,
-	0xa3, 0x5b, 0x59, 0x34, 0xf0, 0x6b, 0x7c, 0xac, 0xba, 0x95, 0x56, 0x1c, 0xf5, 0x9b, 0xb5, 0x8c,
-	0x40, 0x8c, 0x6f, 0x59, 0x67, 0xf8, 0x54, 0x01, 0x55, 0x9c, 0x7d, 0x68, 0xb1, 0xfa, 0x94, 0x88,
-	0xe0, 0xbd, 0x31, 0x22, 0xc8, 0xbd, 0xd5, 0x8c, 0xba, 0x0c, 0xa3, 0x9a, 0x53, 0x30, 0x54, 0x60,
-	0x83, 0x5f, 0x82, 0x45, 0x3b, 0xf3, 0x0e, 0x62, 0xf5, 0x69, 0xb1, 0x80, 0xb1, 0xb7, 0x2e, 0x46,
-	0x48, 0xde, 0x7c, 0x59, 0x39, 0x43, 0x79, 0x2a, 0xf5, 0xa7, 0x49, 0xd0, 0x3c, 0xe1, 0x92, 0x85,
-	0x77, 0x01, 0x74, 0x77, 0x19, 0xf1, 0xf7, 0x89, 0x75, 0x3b, 0x7c, 0xa7, 0x46, 0x53, 0x60, 0x29,
-	0x19, 0x7c, 0x36, 0x0b, 0x16, 0x68, 0x88, 0x17, 0xb4, 0xc1, 0x5c, 0x90, 0x9a, 0xc9, 0xc6, 0x99,
-	0x6a, 0x65, 0xa8, 0xe9, 0x91, 0xce, 0xa8, 0x0e, 0xfa, 0xcd, 0xcc, 0x90, 0x87, 0x32, 0xf0, 0xd0,
-	0x04, 0xc0, 0x4c, 0xf2, 0x1a, 0x96, 0xa6, 0x3e, 0xda, 0x41, 0x93, 0x64, 0x33, 0xbe, 0x1c, 0x52,
-	0x89, 0x4c, 0xc1, 0xaa, 0x7f, 0x29, 0x00, 0x24, 0xf5, 0x0a, 0x2f, 0x81, 0xd4, 0x53, 0x54, 0xde,
-	0x2f, 0x65, 0x0e, 0x81, 0x52, 0x72, 0xfe, 0x52, 0xb6, 0x09, 0x63, 0xb8, 0x15, 0x0d, 0xb3, 0xf1,
-	0x4b, 0x79, 0x23, 0x14, 0xa3, 0x48, 0x0f, 0x77, 0xc0, 0xb4, 0x4f, 0x30, 0x73, 0x1d, 0xf9, 0xa6,
-	0xfe, 0x80, 0x0f, 0x3c, 0x48, 0x48, 0x8e, 0xfa, 0xcd, 0xd5, 0x51, 0xfe, 0xc9, 0xd0, 0xe4, 0x7c,
-	0x24, 0x9c, 0x90, 0x84, 0x83, 0xb7, 0x41, 0x4d, 0x72, 0xa4, 0x16, 0x1c, 0xf6, 0xd3, 0x05, 0xb9,
-	0x9a, 0xda, 0x46, 0xde, 0x00, 0x15, 0x7d, 0x8c, 0xcd, 0x67, 0x87, 0x8d, 0x89, 0xe7, 0x87, 0x8d,
-	0x89, 0x17, 0x87, 0x8d, 0x89, 0xa7, 0x83, 0x86, 0xf2, 0x6c, 0xd0, 0x50, 0x9e, 0x0f, 0x1a, 0xca,
-	0x8b, 0x41, 0x43, 0xf9, 0x75, 0xd0, 0x50, 0xbe, 0xfb, 0xad, 0x31, 0xf1, 0xf1, 0xca, 0xc8, 0xff,
-	0x1e, 0xfd, 0x1d, 0x00, 0x00, 0xff, 0xff, 0x08, 0xaf, 0xaa, 0x52, 0x82, 0x12, 0x00, 0x00,
+	0x18, 0xcf, 0xc6, 0x6e, 0x12, 0x8f, 0xf3, 0xf2, 0xd0, 0x2a, 0x6e, 0xa0, 0xde, 0x68, 0x55, 0xa1,
+	0x46, 0x82, 0x35, 0x49, 0x0b, 0x85, 0x0a, 0x09, 0x65, 0xfb, 0xa2, 0x8f, 0x3c, 0x34, 0x45, 0x89,
+	0x84, 0x40, 0x62, 0xb2, 0x3b, 0x71, 0xa6, 0xf6, 0x3e, 0xd8, 0x59, 0x9b, 0x46, 0x20, 0x51, 0x89,
+	0x0b, 0xdc, 0x38, 0x70, 0xe1, 0xca, 0x9f, 0xc0, 0x7f, 0xc0, 0xad, 0xc7, 0x1e, 0xcb, 0x01, 0x8b,
+	0x9a, 0x0b, 0x7f, 0x01, 0x48, 0xb9, 0x80, 0x66, 0x76, 0xf6, 0x69, 0x9b, 0xd8, 0x25, 0x70, 0xf3,
+	0x7c, 0x8f, 0xdf, 0xf7, 0x98, 0xef, 0xfb, 0xf6, 0x1b, 0x03, 0xd4, 0x7c, 0x9b, 0xe9, 0xd4, 0xad,
+	0x37, 0xdb, 0xfb, 0xc4, 0x77, 0x48, 0x40, 0x58, 0xbd, 0x43, 0x1c, 0xcb, 0xf5, 0xeb, 0x92, 0x81,
+	0x3d, 0x5a, 0xc7, 0x96, 0x4d, 0x19, 0xa3, 0xae, 0xe3, 0x93, 0x06, 0x65, 0x81, 0x8f, 0x03, 0xea,
+	0x3a, 0xf5, 0xce, 0x1a, 0x6e, 0x79, 0x87, 0x78, 0xad, 0xde, 0x20, 0x0e, 0xf1, 0x71, 0x40, 0x2c,
+	0xdd, 0xf3, 0xdd, 0xc0, 0x85, 0xab, 0xa1, 0xaa, 0x8e, 0x3d, 0xaa, 0x0f, 0x54, 0xd5, 0x23, 0xd5,
+	0xe5, 0xd7, 0x1b, 0x34, 0x38, 0x6c, 0xef, 0xeb, 0xa6, 0x6b, 0xd7, 0x1b, 0x6e, 0xc3, 0xad, 0x0b,
+	0x84, 0xfd, 0xf6, 0x81, 0x38, 0x89, 0x83, 0xf8, 0x15, 0x22, 0x2f, 0x5f, 0x1e, 0xc1, 0xa9, 0xbc,
+	0x3b, 0xcb, 0x57, 0x12, 0x25, 0x1b, 0x9b, 0x87, 0xd4, 0x21, 0xfe, 0x51, 0xdd, 0x6b, 0x36, 0x38,
+	0x81, 0xd5, 0x6d, 0x12, 0xe0, 0x41, 0x5a, 0xf5, 0x61, 0x5a, 0x7e, 0xdb, 0x09, 0xa8, 0x4d, 0xfa,
+	0x14, 0xde, 0x3a, 0x49, 0x81, 0x99, 0x87, 0xc4, 0xc6, 0x79, 0x3d, 0x8d, 0x81, 0x85, 0x8d, 0xb6,
+	0x45, 0x83, 0x0d, 0xc7, 0x71, 0x03, 0x11, 0x04, 0xbc, 0x00, 0x0a, 0x4d, 0x72, 0x54, 0x55, 0x56,
+	0x94, 0x4b, 0x25, 0xa3, 0xfc, 0xa4, 0xab, 0x4e, 0xf4, 0xba, 0x6a, 0xe1, 0x1e, 0x39, 0x42, 0x9c,
+	0x0e, 0x37, 0xc0, 0x42, 0x07, 0xb7, 0xda, 0xe4, 0xe6, 0x23, 0xcf, 0x27, 0x22, 0x05, 0xd5, 0x49,
+	0x21, 0xba, 0x24, 0x45, 0x17, 0x76, 0xb3, 0x6c, 0x94, 0x97, 0xd7, 0x5a, 0xa0, 0x92, 0x9c, 0xf6,
+	0xb0, 0xef, 0x50, 0xa7, 0x01, 0x5f, 0x03, 0x33, 0x07, 0x94, 0xb4, 0x2c, 0x44, 0x0e, 0x24, 0xe0,
+	0xa2, 0x04, 0x9c, 0xb9, 0x25, 0xe9, 0x28, 0x96, 0x80, 0xab, 0x60, 0xfa, 0xb3, 0x50, 0xb1, 0x5a,
+	0x10, 0xc2, 0x0b, 0x52, 0x78, 0x5a, 0xe2, 0xa1, 0x88, 0xaf, 0x1d, 0x80, 0xf9, 0x4d, 0x1c, 0x98,
+	0x87, 0xd7, 0x5d, 0xc7, 0xa2, 0x22, 0xc2, 0x15, 0x50, 0x74, 0xb0, 0x4d, 0x64, 0x88, 0xb3, 0x52,
+	0xb3, 0xb8, 0x85, 0x6d, 0x82, 0x04, 0x07, 0xae, 0x03, 0x40, 0xf2, 0xf1, 0x41, 0x29, 0x07, 0x52,
+	0xa1, 0xa5, 0xa4, 0xb4, 0x9f, 0x8b, 0xd2, 0x10, 0x22, 0xcc, 0x6d, 0xfb, 0x26, 0x61, 0xf0, 0x11,
+	0xa8, 0x70, 0x38, 0xe6, 0x61, 0x93, 0x3c, 0x20, 0x2d, 0x62, 0x06, 0xae, 0x2f, 0xac, 0x96, 0xd7,
+	0x2f, 0xeb, 0x49, 0x9d, 0xc6, 0x37, 0xa6, 0x7b, 0xcd, 0x06, 0x27, 0x30, 0x9d, 0x17, 0x86, 0xde,
+	0x59, 0xd3, 0xef, 0xe3, 0x7d, 0xd2, 0x8a, 0x54, 0x8d, 0x73, 0xbd, 0xae, 0x5a, 0xd9, 0xca, 0x23,
+	0xa2, 0x7e, 0x23, 0xd0, 0x05, 0xf3, 0xee, 0xfe, 0x43, 0x62, 0x06, 0xb1, 0xd9, 0xc9, 0x17, 0x37,
+	0x0b, 0x7b, 0x5d, 0x75, 0x7e, 0x3b, 0x03, 0x87, 0x72, 0xf0, 0xf0, 0x4b, 0x30, 0xe7, 0xcb, 0xb8,
+	0x51, 0xbb, 0x45, 0x58, 0xb5, 0xb0, 0x52, 0xb8, 0x54, 0x5e, 0x37, 0xf4, 0x91, 0xdb, 0x51, 0xe7,
+	0x81, 0x59, 0x5c, 0x79, 0x8f, 0x06, 0x87, 0xdb, 0x1e, 0x09, 0xf9, 0xcc, 0x38, 0x27, 0x13, 0x3f,
+	0x87, 0xd2, 0x06, 0x50, 0xd6, 0x1e, 0xfc, 0x4e, 0x01, 0x67, 0xc9, 0x23, 0xb3, 0xd5, 0xb6, 0x48,
+	0x46, 0xae, 0x5a, 0x3c, 0x35, 0x47, 0x5e, 0x91, 0x8e, 0x9c, 0xbd, 0x39, 0xc0, 0x0e, 0x1a, 0x68,
+	0x1d, 0xde, 0x00, 0x65, 0x9b, 0x17, 0xc5, 0x8e, 0xdb, 0xa2, 0xe6, 0x51, 0x75, 0x5a, 0x94, 0x92,
+	0xd6, 0xeb, 0xaa, 0xe5, 0xcd, 0x84, 0x7c, 0xdc, 0x55, 0x17, 0x52, 0xc7, 0x0f, 0x8e, 0x3c, 0x82,
+	0xd2, 0x6a, 0xda, 0x33, 0x05, 0x2c, 0x0d, 0xf1, 0x0a, 0x5e, 0x4d, 0x32, 0x2f, 0x4a, 0xa3, 0xaa,
+	0xac, 0x14, 0x2e, 0x95, 0x8c, 0x4a, 0x3a, 0x63, 0x82, 0x81, 0xb2, 0x72, 0xf0, 0x2b, 0x05, 0x40,
+	0xbf, 0x0f, 0x4f, 0x16, 0xca, 0xd5, 0x51, 0xf2, 0xa5, 0x0f, 0x48, 0xd2, 0xb2, 0x4c, 0x12, 0xec,
+	0xe7, 0xa1, 0x01, 0xe6, 0x34, 0x0c, 0x4a, 0x3b, 0xd8, 0xc7, 0xf6, 0x3d, 0xea, 0x58, 0xbc, 0xef,
+	0xb0, 0x47, 0x77, 0x89, 0x2f, 0xfa, 0x4e, 0xc9, 0xf6, 0xdd, 0xc6, 0xce, 0x1d, 0xc9, 0x41, 0x29,
+	0x29, 0xde, 0xcd, 0x4d, 0xea, 0x58, 0xb2, 0x4b, 0xe3, 0x6e, 0xe6, 0x78, 0x48, 0x70, 0xb4, 0x1f,
+	0x27, 0xc1, 0x8c, 0xb0, 0xc1, 0x27, 0xc7, 0xc9, 0xcd, 0x5f, 0x07, 0xa5, 0xb8, 0xa1, 0x24, 0x6a,
+	0x45, 0x8a, 0x95, 0xe2, 0xe6, 0x43, 0x89, 0x0c, 0xfc, 0x18, 0xcc, 0xb0, 0xa8, 0xcd, 0x0a, 0x2f,
+	0xde, 0x66, 0xb3, 0x7c, 0xd6, 0xc5, 0x0d, 0x16, 0x43, 0xc2, 0x00, 0x2c, 0x79, 0xdc, 0x7b, 0x12,
+	0x10, 0x7f, 0xcb, 0x0d, 0x6e, 0xb9, 0x6d, 0xc7, 0xda, 0x30, 0x79, 0xf6, 0xaa, 0x45, 0xe1, 0xdd,
+	0xb5, 0x5e, 0x57, 0x5d, 0xda, 0x19, 0x2c, 0x72, 0xdc, 0x55, 0x5f, 0x1e, 0xc2, 0x12, 0x65, 0x36,
+	0x0c, 0x5a, 0xfb, 0x5e, 0x01, 0xb3, 0x5c, 0xe2, 0xfa, 0x21, 0x31, 0x9b, 0x7c, 0x40, 0x7f, 0xad,
+	0x00, 0x48, 0xf2, 0x63, 0x3b, 0xac, 0xb6, 0xf2, 0xfa, 0xbb, 0x63, 0xb4, 0x57, 0xdf, 0xec, 0x4f,
+	0x6a, 0xa6, 0x8f, 0xc5, 0xd0, 0x00, 0x9b, 0xda, 0x2f, 0x93, 0xe0, 0xfc, 0x2e, 0x6e, 0x51, 0x0b,
+	0x07, 0xd4, 0x69, 0x6c, 0x44, 0xe6, 0xc2, 0x66, 0x81, 0x9f, 0x80, 0x19, 0x9e, 0x60, 0x0b, 0x07,
+	0x58, 0x0e, 0xdb, 0x37, 0x46, 0xbb, 0x8e, 0x70, 0xc4, 0x6d, 0x92, 0x00, 0x27, 0x45, 0x97, 0xd0,
+	0x50, 0x8c, 0x0a, 0x1f, 0x82, 0x22, 0xf3, 0x88, 0x29, 0x5b, 0xe5, 0xfd, 0x31, 0x62, 0x1f, 0xea,
+	0xf5, 0x03, 0x8f, 0x98, 0x49, 0x35, 0xf2, 0x13, 0x12, 0x36, 0xa0, 0x0f, 0xa6, 0x58, 0x80, 0x83,
+	0x36, 0x93, 0xa5, 0x75, 0xf7, 0x54, 0xac, 0x09, 0x44, 0x63, 0x5e, 0xda, 0x9b, 0x0a, 0xcf, 0x48,
+	0x5a, 0xd2, 0xfe, 0x54, 0xc0, 0xca, 0x50, 0x5d, 0x83, 0x3a, 0x16, 0xaf, 0x87, 0xff, 0x3e, 0xcd,
+	0x9f, 0x66, 0xd2, 0xbc, 0x7d, 0x1a, 0x81, 0x4b, 0xe7, 0x87, 0x65, 0x5b, 0xfb, 0x43, 0x01, 0x17,
+	0x4f, 0x52, 0xbe, 0x4f, 0x59, 0x00, 0x3f, 0xea, 0x8b, 0x5e, 0x1f, 0xb1, 0xe7, 0x29, 0x0b, 0x63,
+	0x8f, 0xd7, 0x9b, 0x88, 0x92, 0x8a, 0xdc, 0x03, 0x67, 0x68, 0x40, 0x6c, 0x3e, 0x8c, 0x79, 0x77,
+	0xdd, 0x3b, 0xc5, 0xd0, 0x8d, 0x39, 0x69, 0xf7, 0xcc, 0x1d, 0x6e, 0x01, 0x85, 0x86, 0xb4, 0x6f,
+	0x0a, 0x27, 0x07, 0xce, 0xf3, 0xc4, 0x47, 0xb4, 0x27, 0x88, 0x5b, 0xc9, 0x14, 0x8d, 0xaf, 0x71,
+	0x27, 0xe6, 0xa0, 0x94, 0x14, 0x1f, 0x90, 0x9e, 0x9c, 0xbf, 0x03, 0xf6, 0x90, 0x93, 0x22, 0x8a,
+	0x46, 0x77, 0x38, 0x20, 0xa3, 0x13, 0x8a, 0x21, 0x61, 0x1b, 0xcc, 0xdb, 0x99, 0xc5, 0x4b, 0xb6,
+	0xca, 0x3b, 0x63, 0x18, 0xc9, 0x6e, 0x6e, 0xe1, 0xca, 0x93, 0xa5, 0xa1, 0x9c, 0x11, 0xb8, 0x07,
+	0x2a, 0x1d, 0x99, 0x31, 0xd7, 0x09, 0xa7, 0x66, 0xb8, 0x6d, 0x94, 0x8c, 0x55, 0xbe, 0xa8, 0xed,
+	0xe6, 0x99, 0xc7, 0x5d, 0x75, 0x31, 0x4f, 0x44, 0xfd, 0x18, 0xda, 0xef, 0x0a, 0xb8, 0x30, 0xf4,
+	0x2e, 0xfe, 0x87, 0xea, 0xa3, 0xd9, 0xea, 0xbb, 0x71, 0x2a, 0xd5, 0x37, 0xb8, 0xec, 0x7e, 0x98,
+	0xfa, 0x87, 0x50, 0x45, 0xbd, 0x61, 0x50, 0xf2, 0xa2, 0xfd, 0x40, 0xc6, 0x7a, 0x65, 0xdc, 0xe2,
+	0xe1, 0xba, 0xc6, 0x1c, 0xff, 0x7e, 0xc7, 0x47, 0x94, 0xa0, 0xc2, 0xcf, 0xc1, 0xa2, 0x2d, 0x5f,
+	0x08, 0x1c, 0x80, 0x3a, 0x41, 0xb4, 0x05, 0xfd, 0x8b, 0x0a, 0x3a, 0xdb, 0xeb, 0xaa, 0x8b, 0x9b,
+	0x39, 0x58, 0xd4, 0x67, 0x08, 0xb6, 0x40, 0x39, 0xa9, 0x80, 0x68, 0x6d, 0x7e, 0xf3, 0x05, 0x52,
+	0xee, 0x3a, 0xc6, 0x4b, 0x32, 0xc7, 0xe5, 0x84, 0xc6, 0x50, 0x1a, 0x1e, 0xde, 0x07, 0x73, 0x07,
+	0x98, 0xb6, 0xda, 0x3e, 0x91, 0x0b, 0x69, 0xb8, 0x41, 0xbc, 0xca, 0x97, 0xc5, 0x5b, 0x69, 0xc6,
+	0x71, 0x57, 0xad, 0x64, 0x08, 0x62, 0x5b, 0xc8, 0x2a, 0xc3, 0xc7, 0x0a, 0x58, 0xc4, 0xd9, 0xe7,
+	0x23, 0xab, 0x9e, 0x11, 0x11, 0x5c, 0x1b, 0x23, 0x82, 0xdc, 0x0b, 0xd4, 0xa8, 0xca, 0x30, 0x16,
+	0x73, 0x0c, 0x86, 0xfa, 0xac, 0xc1, 0x2f, 0xc0, 0x82, 0x9d, 0x79, 0xdd, 0xb1, 0xea, 0x94, 0x70,
+	0x60, 0xec, 0xab, 0x8b, 0x11, 0x92, 0x97, 0x6c, 0x96, 0xce, 0x50, 0xde, 0x14, 0xb4, 0x40, 0xa9,
+	0x83, 0x7d, 0x8a, 0xf7, 0xf9, 0x43, 0x63, 0x5a, 0xd8, 0xbd, 0x3c, 0xd6, 0xd5, 0x85, 0xba, 0xc9,
+	0x7e, 0x19, 0x51, 0x18, 0x4a, 0x80, 0xb5, 0x9f, 0x26, 0x81, 0x7a, 0xc2, 0xa7, 0x1c, 0xde, 0x05,
+	0xd0, 0xdd, 0x67, 0xc4, 0xef, 0x10, 0xeb, 0x76, 0xf8, 0xc6, 0x8f, 0x36, 0xe8, 0x42, 0xb2, 0x5e,
+	0x6d, 0xf7, 0x49, 0xa0, 0x01, 0x5a, 0xd0, 0x06, 0xb3, 0x41, 0x6a, 0xf3, 0x1b, 0xe7, 0x45, 0x20,
+	0x03, 0x4b, 0x2f, 0x8e, 0xc6, 0x62, 0xaf, 0xab, 0x66, 0x56, 0x49, 0x94, 0x81, 0x87, 0x26, 0x00,
+	0x66, 0x72, 0x7b, 0x61, 0x03, 0xd4, 0x47, 0x1b, 0x67, 0xc9, 0x9d, 0xc5, 0x9f, 0xa0, 0xd4, 0x75,
+	0xa5, 0x60, 0xb5, 0xbf, 0x14, 0x00, 0x92, 0xae, 0x80, 0x17, 0x41, 0xea, 0x19, 0x2f, 0xbf, 0x62,
+	0x45, 0x0e, 0x81, 0x52, 0x74, 0xb8, 0x0a, 0xa6, 0x6d, 0xc2, 0x18, 0x6e, 0x44, 0xef, 0x80, 0xf8,
+	0x5f, 0x86, 0xcd, 0x90, 0x8c, 0x22, 0x3e, 0xdc, 0x03, 0x53, 0x3e, 0xc1, 0xcc, 0x75, 0xe4, 0xff,
+	0x11, 0xef, 0xf1, 0xb5, 0x0a, 0x09, 0xca, 0x71, 0x57, 0x5d, 0x1b, 0xe5, 0x5f, 0x20, 0x5d, 0x6e,
+	0x61, 0x42, 0x09, 0x49, 0x38, 0x78, 0x1b, 0x54, 0xa4, 0x8d, 0x94, 0xc3, 0x61, 0xd7, 0x9e, 0x97,
+	0xde, 0x54, 0x36, 0xf3, 0x02, 0xa8, 0x5f, 0x47, 0xbb, 0x0b, 0x66, 0xa2, 0xea, 0x82, 0x55, 0x50,
+	0x4c, 0x7d, 0xbe, 0xc3, 0xc0, 0x05, 0x25, 0x97, 0x98, 0xc9, 0xc1, 0x89, 0x31, 0xb6, 0x9f, 0x3c,
+	0xaf, 0x4d, 0x3c, 0x7d, 0x5e, 0x9b, 0x78, 0xf6, 0xbc, 0x36, 0xf1, 0xb8, 0x57, 0x53, 0x9e, 0xf4,
+	0x6a, 0xca, 0xd3, 0x5e, 0x4d, 0x79, 0xd6, 0xab, 0x29, 0xbf, 0xf6, 0x6a, 0xca, 0xb7, 0xbf, 0xd5,
+	0x26, 0x3e, 0x5c, 0x1d, 0xf9, 0x5f, 0xbc, 0xbf, 0x03, 0x00, 0x00, 0xff, 0xff, 0xad, 0xe2, 0x61,
+	0x96, 0x0a, 0x14, 0x00, 0x00,
 }
 
 func (m *AuditAnnotation) Marshal() (dAtA []byte, err error) {
@@ -884,6 +920,25 @@ func (m *ParamRef) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	_ = i
 	var l int
 	_ = l
+	if m.ParameterNotFoundAction != nil {
+		i -= len(*m.ParameterNotFoundAction)
+		copy(dAtA[i:], *m.ParameterNotFoundAction)
+		i = encodeVarintGenerated(dAtA, i, uint64(len(*m.ParameterNotFoundAction)))
+		i--
+		dAtA[i] = 0x22
+	}
+	if m.Selector != nil {
+		{
+			size, err := m.Selector.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintGenerated(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x1a
+	}
 	i -= len(m.Namespace)
 	copy(dAtA[i:], m.Namespace)
 	i = encodeVarintGenerated(dAtA, i, uint64(len(m.Namespace)))
@@ -1205,6 +1260,20 @@ func (m *ValidatingAdmissionPolicySpec) MarshalToSizedBuffer(dAtA []byte) (int,
 	_ = i
 	var l int
 	_ = l
+	if len(m.Variables) > 0 {
+		for iNdEx := len(m.Variables) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Variables[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintGenerated(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x3a
+		}
+	}
 	if len(m.MatchConditions) > 0 {
 		for iNdEx := len(m.MatchConditions) - 1; iNdEx >= 0; iNdEx-- {
 			{
@@ -1378,6 +1447,39 @@ func (m *Validation) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	return len(dAtA) - i, nil
 }
 
+func (m *Variable) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *Variable) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Variable) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	i -= len(m.Expression)
+	copy(dAtA[i:], m.Expression)
+	i = encodeVarintGenerated(dAtA, i, uint64(len(m.Expression)))
+	i--
+	dAtA[i] = 0x12
+	i -= len(m.Name)
+	copy(dAtA[i:], m.Name)
+	i = encodeVarintGenerated(dAtA, i, uint64(len(m.Name)))
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
+}
+
 func encodeVarintGenerated(dAtA []byte, offset int, v uint64) int {
 	offset -= sovGenerated(v)
 	base := offset
@@ -1501,6 +1603,14 @@ func (m *ParamRef) Size() (n int) {
 	n += 1 + l + sovGenerated(uint64(l))
 	l = len(m.Namespace)
 	n += 1 + l + sovGenerated(uint64(l))
+	if m.Selector != nil {
+		l = m.Selector.Size()
+		n += 1 + l + sovGenerated(uint64(l))
+	}
+	if m.ParameterNotFoundAction != nil {
+		l = len(*m.ParameterNotFoundAction)
+		n += 1 + l + sovGenerated(uint64(l))
+	}
 	return n
 }
 
@@ -1642,6 +1752,12 @@ func (m *ValidatingAdmissionPolicySpec) Size() (n int) {
 			n += 1 + l + sovGenerated(uint64(l))
 		}
 	}
+	if len(m.Variables) > 0 {
+		for _, e := range m.Variables {
+			l = e.Size()
+			n += 1 + l + sovGenerated(uint64(l))
+		}
+	}
 	return n
 }
 
@@ -1684,6 +1800,19 @@ func (m *Validation) Size() (n int) {
 	return n
 }
 
+func (m *Variable) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Name)
+	n += 1 + l + sovGenerated(uint64(l))
+	l = len(m.Expression)
+	n += 1 + l + sovGenerated(uint64(l))
+	return n
+}
+
 func sovGenerated(x uint64) (n int) {
 	return (math_bits.Len64(x|1) + 6) / 7
 }
@@ -1776,6 +1905,8 @@ func (this *ParamRef) String() string {
 	s := strings.Join([]string{`&ParamRef{`,
 		`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
 		`Namespace:` + fmt.Sprintf("%v", this.Namespace) + `,`,
+		`Selector:` + strings.Replace(fmt.Sprintf("%v", this.Selector), "LabelSelector", "v1.LabelSelector", 1) + `,`,
+		`ParameterNotFoundAction:` + valueToStringGenerated(this.ParameterNotFoundAction) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1882,6 +2013,11 @@ func (this *ValidatingAdmissionPolicySpec) String() string {
 		repeatedStringForMatchConditions += strings.Replace(strings.Replace(f.String(), "MatchCondition", "MatchCondition", 1), `&`, ``, 1) + ","
 	}
 	repeatedStringForMatchConditions += "}"
+	repeatedStringForVariables := "[]Variable{"
+	for _, f := range this.Variables {
+		repeatedStringForVariables += strings.Replace(strings.Replace(f.String(), "Variable", "Variable", 1), `&`, ``, 1) + ","
+	}
+	repeatedStringForVariables += "}"
 	s := strings.Join([]string{`&ValidatingAdmissionPolicySpec{`,
 		`ParamKind:` + strings.Replace(this.ParamKind.String(), "ParamKind", "ParamKind", 1) + `,`,
 		`MatchConstraints:` + strings.Replace(this.MatchConstraints.String(), "MatchResources", "MatchResources", 1) + `,`,
@@ -1889,6 +2025,7 @@ func (this *ValidatingAdmissionPolicySpec) String() string {
 		`FailurePolicy:` + valueToStringGenerated(this.FailurePolicy) + `,`,
 		`AuditAnnotations:` + repeatedStringForAuditAnnotations + `,`,
 		`MatchConditions:` + repeatedStringForMatchConditions + `,`,
+		`Variables:` + repeatedStringForVariables + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1923,6 +2060,17 @@ func (this *Validation) String() string {
 	}, "")
 	return s
 }
+func (this *Variable) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&Variable{`,
+		`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
+		`Expression:` + fmt.Sprintf("%v", this.Expression) + `,`,
+		`}`,
+	}, "")
+	return s
+}
 func valueToStringGenerated(v interface{}) string {
 	rv := reflect.ValueOf(v)
 	if rv.IsNil() {
@@ -2818,6 +2966,75 @@ func (m *ParamRef) Unmarshal(dAtA []byte) error {
 			}
 			m.Namespace = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Selector", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Selector == nil {
+				m.Selector = &v1.LabelSelector{}
+			}
+			if err := m.Selector.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 4:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ParameterNotFoundAction", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			s := ParameterNotFoundActionType(dAtA[iNdEx:postIndex])
+			m.ParameterNotFoundAction = &s
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipGenerated(dAtA[iNdEx:])
@@ -3844,6 +4061,40 @@ func (m *ValidatingAdmissionPolicySpec) Unmarshal(dAtA []byte) error {
 				return err
 			}
 			iNdEx = postIndex
+		case 7:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Variables", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Variables = append(m.Variables, Variable{})
+			if err := m.Variables[len(m.Variables)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipGenerated(dAtA[iNdEx:])
@@ -4183,6 +4434,120 @@ func (m *Validation) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
+func (m *Variable) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGenerated
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: Variable: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: Variable: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Name = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Expression", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Expression = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGenerated(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
 func skipGenerated(dAtA []byte) (n int, err error) {
 	l := len(dAtA)
 	iNdEx := 0
diff --git a/vendor/k8s.io/api/admissionregistration/v1alpha1/generated.proto b/vendor/k8s.io/api/admissionregistration/v1alpha1/generated.proto
index c718c5464d..db02dd929f 100644
--- a/vendor/k8s.io/api/admissionregistration/v1alpha1/generated.proto
+++ b/vendor/k8s.io/api/admissionregistration/v1alpha1/generated.proto
@@ -227,16 +227,59 @@ message ParamKind {
   optional string kind = 2;
 }
 
-// ParamRef references a parameter resource
+// ParamRef describes how to locate the params to be used as input to
+// expressions of rules applied by a policy binding.
 // +structType=atomic
 message ParamRef {
-  // Name of the resource being referenced.
+  // `name` is the name of the resource being referenced.
+  //
+  // `name` and `selector` are mutually exclusive properties. If one is set,
+  // the other must be unset.
+  //
+  // +optional
   optional string name = 1;
 
-  // Namespace of the referenced resource.
-  // Should be empty for the cluster-scoped resources
+  // namespace is the namespace of the referenced resource. Allows limiting
+  // the search for params to a specific namespace. Applies to both `name` and
+  // `selector` fields.
+  //
+  // A per-namespace parameter may be used by specifying a namespace-scoped
+  // `paramKind` in the policy and leaving this field empty.
+  //
+  // - If `paramKind` is cluster-scoped, this field MUST be unset. Setting this
+  // field results in a configuration error.
+  //
+  // - If `paramKind` is namespace-scoped, the namespace of the object being
+  // evaluated for admission will be used when this field is left unset. Take
+  // care that if this is left empty the binding must not match any cluster-scoped
+  // resources, which will result in an error.
+  //
   // +optional
   optional string namespace = 2;
+
+  // selector can be used to match multiple param objects based on their labels.
+  // Supply selector: {} to match all resources of the ParamKind.
+  //
+  // If multiple params are found, they are all evaluated with the policy expressions
+  // and the results are ANDed together.
+  //
+  // One of `name` or `selector` must be set, but `name` and `selector` are
+  // mutually exclusive properties. If one is set, the other must be unset.
+  //
+  // +optional
+  optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector selector = 3;
+
+  // `parameterNotFoundAction` controls the behavior of the binding when the resource
+  // exists, and name or selector is valid, but there are no parameters
+  // matched by the binding. If the value is set to `Allow`, then no
+  // matched parameters will be treated as successful validation by the binding.
+  // If set to `Deny`, then no matched parameters will be subject to the
+  // `failurePolicy` of the policy.
+  //
+  // Allowed values are `Allow` or `Deny`
+  // Default to `Deny`
+  // +optional
+  optional string parameterNotFoundAction = 4;
 }
 
 // TypeChecking contains results of type checking the expressions in the
@@ -267,6 +310,15 @@ message ValidatingAdmissionPolicy {
 
 // ValidatingAdmissionPolicyBinding binds the ValidatingAdmissionPolicy with paramerized resources.
 // ValidatingAdmissionPolicyBinding and parameter CRDs together define how cluster administrators configure policies for clusters.
+//
+// For a given admission request, each binding will cause its policy to be
+// evaluated N times, where N is 1 for policies/bindings that don't use
+// params, otherwise N is the number of parameters selected by the binding.
+//
+// The CEL expressions of a policy must have a computed CEL cost below the maximum
+// CEL budget. Each evaluation of the policy is given an independent CEL cost budget.
+// Adding/removing policies, bindings, or params can not affect whether a
+// given (policy, binding, param) combination is within its own CEL budget.
 message ValidatingAdmissionPolicyBinding {
   // Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
   // +optional
@@ -294,9 +346,10 @@ message ValidatingAdmissionPolicyBindingSpec {
   // Required.
   optional string policyName = 1;
 
-  // ParamRef specifies the parameter resource used to configure the admission control policy.
+  // paramRef specifies the parameter resource used to configure the admission control policy.
   // It should point to a resource of the type specified in ParamKind of the bound ValidatingAdmissionPolicy.
   // If the policy specifies a ParamKind and the resource referred to by ParamRef does not exist, this binding is considered mis-configured and the FailurePolicy of the ValidatingAdmissionPolicy applied.
+  // If the policy does not specify a ParamKind then this field is ignored, and the rules are evaluated without a param.
   // +optional
   optional ParamRef paramRef = 2;
 
@@ -430,6 +483,20 @@ message ValidatingAdmissionPolicySpec {
   // +listMapKey=name
   // +optional
   repeated MatchCondition matchConditions = 6;
+
+  // Variables contain definitions of variables that can be used in composition of other expressions.
+  // Each variable is defined as a named CEL expression.
+  // The variables defined here will be available under `variables` in other expressions of the policy
+  // except MatchConditions because MatchConditions are evaluated before the rest of the policy.
+  //
+  // The expression of a variable can refer to other variables defined earlier in the list but not those after.
+  // Thus, Variables must be sorted by the order of first appearance and acyclic.
+  // +patchMergeKey=name
+  // +patchStrategy=merge
+  // +listType=map
+  // +listMapKey=name
+  // +optional
+  repeated Variable variables = 7;
 }
 
 // ValidatingAdmissionPolicyStatus represents the status of a ValidatingAdmissionPolicy.
@@ -460,6 +527,9 @@ message Validation {
   // - 'oldObject' - The existing object. The value is null for CREATE requests.
   // - 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)).
   // - 'params' - Parameter resource referred to by the policy binding being evaluated. Only populated if the policy has a ParamKind.
+  // - 'namespaceObject' - The namespace object that the incoming object belongs to. The value is null for cluster-scoped resources.
+  // - 'variables' - Map of composited variables, from its name to its lazily evaluated value.
+  //   For example, a variable named 'foo' can be accessed as 'variables.foo'.
   // - 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.
   //   See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz
   // - 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the
@@ -525,3 +595,15 @@ message Validation {
   optional string messageExpression = 4;
 }
 
+// Variable is the definition of a variable that is used for composition.
+message Variable {
+  // Name is the name of the variable. The name must be a valid CEL identifier and unique among all variables.
+  // The variable can be accessed in other expressions through `variables`
+  // For example, if name is "foo", the variable will be available as `variables.foo`
+  optional string Name = 1;
+
+  // Expression is the expression that will be evaluated as the value of the variable.
+  // The CEL expression has access to the same identifiers as the CEL expressions in Validation.
+  optional string Expression = 2;
+}
+
diff --git a/vendor/k8s.io/api/admissionregistration/v1alpha1/types.go b/vendor/k8s.io/api/admissionregistration/v1alpha1/types.go
index 2bbb55a47d..575456c838 100644
--- a/vendor/k8s.io/api/admissionregistration/v1alpha1/types.go
+++ b/vendor/k8s.io/api/admissionregistration/v1alpha1/types.go
@@ -39,6 +39,18 @@ const (
 	AllScopes ScopeType = v1.AllScopes
 )
 
+// ParameterNotFoundActionType specifies a failure policy that defines how a binding
+// is evaluated when the param referred by its perNamespaceParamRef is not found.
+// +enum
+type ParameterNotFoundActionType string
+
+const (
+	// Ignore means that an error finding params for a binding is ignored
+	AllowAction ParameterNotFoundActionType = "Allow"
+	// Fail means that an error finding params for a binding is ignored
+	DenyAction ParameterNotFoundActionType = "Deny"
+)
+
 // FailurePolicyType specifies a failure policy that defines how unrecognized errors from the admission endpoint are handled.
 // +enum
 type FailurePolicyType string
@@ -201,6 +213,20 @@ type ValidatingAdmissionPolicySpec struct {
 	// +listMapKey=name
 	// +optional
 	MatchConditions []MatchCondition `json:"matchConditions,omitempty" patchStrategy:"merge" patchMergeKey:"name" protobuf:"bytes,6,rep,name=matchConditions"`
+
+	// Variables contain definitions of variables that can be used in composition of other expressions.
+	// Each variable is defined as a named CEL expression.
+	// The variables defined here will be available under `variables` in other expressions of the policy
+	// except MatchConditions because MatchConditions are evaluated before the rest of the policy.
+	//
+	// The expression of a variable can refer to other variables defined earlier in the list but not those after.
+	// Thus, Variables must be sorted by the order of first appearance and acyclic.
+	// +patchMergeKey=name
+	// +patchStrategy=merge
+	// +listType=map
+	// +listMapKey=name
+	// +optional
+	Variables []Variable `json:"variables" patchStrategy:"merge" patchMergeKey:"name" protobuf:"bytes,7,rep,name=variables"`
 }
 
 type MatchCondition v1.MatchCondition
@@ -228,6 +254,9 @@ type Validation struct {
 	// - 'oldObject' - The existing object. The value is null for CREATE requests.
 	// - 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)).
 	// - 'params' - Parameter resource referred to by the policy binding being evaluated. Only populated if the policy has a ParamKind.
+	// - 'namespaceObject' - The namespace object that the incoming object belongs to. The value is null for cluster-scoped resources.
+	// - 'variables' - Map of composited variables, from its name to its lazily evaluated value.
+	//   For example, a variable named 'foo' can be accessed as 'variables.foo'.
 	// - 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.
 	//   See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz
 	// - 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the
@@ -290,6 +319,18 @@ type Validation struct {
 	MessageExpression string `json:"messageExpression,omitempty" protobuf:"bytes,4,opt,name=messageExpression"`
 }
 
+// Variable is the definition of a variable that is used for composition.
+type Variable struct {
+	// Name is the name of the variable. The name must be a valid CEL identifier and unique among all variables.
+	// The variable can be accessed in other expressions through `variables`
+	// For example, if name is "foo", the variable will be available as `variables.foo`
+	Name string `json:"name" protobuf:"bytes,1,opt,name=Name"`
+
+	// Expression is the expression that will be evaluated as the value of the variable.
+	// The CEL expression has access to the same identifiers as the CEL expressions in Validation.
+	Expression string `json:"expression" protobuf:"bytes,2,opt,name=Expression"`
+}
+
 // AuditAnnotation describes how to produce an audit annotation for an API request.
 type AuditAnnotation struct {
 	// key specifies the audit annotation key. The audit annotation keys of
@@ -334,6 +375,15 @@ type AuditAnnotation struct {
 
 // ValidatingAdmissionPolicyBinding binds the ValidatingAdmissionPolicy with paramerized resources.
 // ValidatingAdmissionPolicyBinding and parameter CRDs together define how cluster administrators configure policies for clusters.
+//
+// For a given admission request, each binding will cause its policy to be
+// evaluated N times, where N is 1 for policies/bindings that don't use
+// params, otherwise N is the number of parameters selected by the binding.
+//
+// The CEL expressions of a policy must have a computed CEL cost below the maximum
+// CEL budget. Each evaluation of the policy is given an independent CEL cost budget.
+// Adding/removing policies, bindings, or params can not affect whether a
+// given (policy, binding, param) combination is within its own CEL budget.
 type ValidatingAdmissionPolicyBinding struct {
 	metav1.TypeMeta `json:",inline"`
 	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
@@ -364,9 +414,10 @@ type ValidatingAdmissionPolicyBindingSpec struct {
 	// Required.
 	PolicyName string `json:"policyName,omitempty" protobuf:"bytes,1,rep,name=policyName"`
 
-	// ParamRef specifies the parameter resource used to configure the admission control policy.
+	// paramRef specifies the parameter resource used to configure the admission control policy.
 	// It should point to a resource of the type specified in ParamKind of the bound ValidatingAdmissionPolicy.
 	// If the policy specifies a ParamKind and the resource referred to by ParamRef does not exist, this binding is considered mis-configured and the FailurePolicy of the ValidatingAdmissionPolicy applied.
+	// If the policy does not specify a ParamKind then this field is ignored, and the rules are evaluated without a param.
 	// +optional
 	ParamRef *ParamRef `json:"paramRef,omitempty" protobuf:"bytes,2,rep,name=paramRef"`
 
@@ -421,15 +472,59 @@ type ValidatingAdmissionPolicyBindingSpec struct {
 	ValidationActions []ValidationAction `json:"validationActions,omitempty" protobuf:"bytes,4,rep,name=validationActions"`
 }
 
-// ParamRef references a parameter resource
+// ParamRef describes how to locate the params to be used as input to
+// expressions of rules applied by a policy binding.
 // +structType=atomic
 type ParamRef struct {
-	// Name of the resource being referenced.
+	// `name` is the name of the resource being referenced.
+	//
+	// `name` and `selector` are mutually exclusive properties. If one is set,
+	// the other must be unset.
+	//
+	// +optional
 	Name string `json:"name,omitempty" protobuf:"bytes,1,rep,name=name"`
-	// Namespace of the referenced resource.
-	// Should be empty for the cluster-scoped resources
+
+	// namespace is the namespace of the referenced resource. Allows limiting
+	// the search for params to a specific namespace. Applies to both `name` and
+	// `selector` fields.
+	//
+	// A per-namespace parameter may be used by specifying a namespace-scoped
+	// `paramKind` in the policy and leaving this field empty.
+	//
+	// - If `paramKind` is cluster-scoped, this field MUST be unset. Setting this
+	// field results in a configuration error.
+	//
+	// - If `paramKind` is namespace-scoped, the namespace of the object being
+	// evaluated for admission will be used when this field is left unset. Take
+	// care that if this is left empty the binding must not match any cluster-scoped
+	// resources, which will result in an error.
+	//
 	// +optional
 	Namespace string `json:"namespace,omitempty" protobuf:"bytes,2,rep,name=namespace"`
+
+	// selector can be used to match multiple param objects based on their labels.
+	// Supply selector: {} to match all resources of the ParamKind.
+	//
+	// If multiple params are found, they are all evaluated with the policy expressions
+	// and the results are ANDed together.
+	//
+	// One of `name` or `selector` must be set, but `name` and `selector` are
+	// mutually exclusive properties. If one is set, the other must be unset.
+	//
+	// +optional
+	Selector *metav1.LabelSelector `json:"selector,omitempty" protobuf:"bytes,3,rep,name=selector"`
+
+	// `parameterNotFoundAction` controls the behavior of the binding when the resource
+	// exists, and name or selector is valid, but there are no parameters
+	// matched by the binding. If the value is set to `Allow`, then no
+	// matched parameters will be treated as successful validation by the binding.
+	// If set to `Deny`, then no matched parameters will be subject to the
+	// `failurePolicy` of the policy.
+	//
+	// Allowed values are `Allow` or `Deny`
+	// Default to `Deny`
+	// +optional
+	ParameterNotFoundAction *ParameterNotFoundActionType `json:"parameterNotFoundAction,omitempty" protobuf:"bytes,4,rep,name=parameterNotFoundAction"`
 }
 
 // MatchResources decides whether to run the admission control policy on an object based
diff --git a/vendor/k8s.io/api/admissionregistration/v1alpha1/types_swagger_doc_generated.go b/vendor/k8s.io/api/admissionregistration/v1alpha1/types_swagger_doc_generated.go
index b3cac1821b..dcf46b324f 100644
--- a/vendor/k8s.io/api/admissionregistration/v1alpha1/types_swagger_doc_generated.go
+++ b/vendor/k8s.io/api/admissionregistration/v1alpha1/types_swagger_doc_generated.go
@@ -80,9 +80,11 @@ func (ParamKind) SwaggerDoc() map[string]string {
 }
 
 var map_ParamRef = map[string]string{
-	"":          "ParamRef references a parameter resource",
-	"name":      "Name of the resource being referenced.",
-	"namespace": "Namespace of the referenced resource. Should be empty for the cluster-scoped resources",
+	"":                        "ParamRef describes how to locate the params to be used as input to expressions of rules applied by a policy binding.",
+	"name":                    "`name` is the name of the resource being referenced.\n\n`name` and `selector` are mutually exclusive properties. If one is set, the other must be unset.",
+	"namespace":               "namespace is the namespace of the referenced resource. Allows limiting the search for params to a specific namespace. Applies to both `name` and `selector` fields.\n\nA per-namespace parameter may be used by specifying a namespace-scoped `paramKind` in the policy and leaving this field empty.\n\n- If `paramKind` is cluster-scoped, this field MUST be unset. Setting this field results in a configuration error.\n\n- If `paramKind` is namespace-scoped, the namespace of the object being evaluated for admission will be used when this field is left unset. Take care that if this is left empty the binding must not match any cluster-scoped resources, which will result in an error.",
+	"selector":                "selector can be used to match multiple param objects based on their labels. Supply selector: {} to match all resources of the ParamKind.\n\nIf multiple params are found, they are all evaluated with the policy expressions and the results are ANDed together.\n\nOne of `name` or `selector` must be set, but `name` and `selector` are mutually exclusive properties. If one is set, the other must be unset.",
+	"parameterNotFoundAction": "`parameterNotFoundAction` controls the behavior of the binding when the resource exists, and name or selector is valid, but there are no parameters matched by the binding. If the value is set to `Allow`, then no matched parameters will be treated as successful validation by the binding. If set to `Deny`, then no matched parameters will be subject to the `failurePolicy` of the policy.\n\nAllowed values are `Allow` or `Deny` Default to `Deny`",
 }
 
 func (ParamRef) SwaggerDoc() map[string]string {
@@ -110,7 +112,7 @@ func (ValidatingAdmissionPolicy) SwaggerDoc() map[string]string {
 }
 
 var map_ValidatingAdmissionPolicyBinding = map[string]string{
-	"":         "ValidatingAdmissionPolicyBinding binds the ValidatingAdmissionPolicy with paramerized resources. ValidatingAdmissionPolicyBinding and parameter CRDs together define how cluster administrators configure policies for clusters.",
+	"":         "ValidatingAdmissionPolicyBinding binds the ValidatingAdmissionPolicy with paramerized resources. ValidatingAdmissionPolicyBinding and parameter CRDs together define how cluster administrators configure policies for clusters.\n\nFor a given admission request, each binding will cause its policy to be evaluated N times, where N is 1 for policies/bindings that don't use params, otherwise N is the number of parameters selected by the binding.\n\nThe CEL expressions of a policy must have a computed CEL cost below the maximum CEL budget. Each evaluation of the policy is given an independent CEL cost budget. Adding/removing policies, bindings, or params can not affect whether a given (policy, binding, param) combination is within its own CEL budget.",
 	"metadata": "Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.",
 	"spec":     "Specification of the desired behavior of the ValidatingAdmissionPolicyBinding.",
 }
@@ -132,7 +134,7 @@ func (ValidatingAdmissionPolicyBindingList) SwaggerDoc() map[string]string {
 var map_ValidatingAdmissionPolicyBindingSpec = map[string]string{
 	"":                  "ValidatingAdmissionPolicyBindingSpec is the specification of the ValidatingAdmissionPolicyBinding.",
 	"policyName":        "PolicyName references a ValidatingAdmissionPolicy name which the ValidatingAdmissionPolicyBinding binds to. If the referenced resource does not exist, this binding is considered invalid and will be ignored Required.",
-	"paramRef":          "ParamRef specifies the parameter resource used to configure the admission control policy. It should point to a resource of the type specified in ParamKind of the bound ValidatingAdmissionPolicy. If the policy specifies a ParamKind and the resource referred to by ParamRef does not exist, this binding is considered mis-configured and the FailurePolicy of the ValidatingAdmissionPolicy applied.",
+	"paramRef":          "paramRef specifies the parameter resource used to configure the admission control policy. It should point to a resource of the type specified in ParamKind of the bound ValidatingAdmissionPolicy. If the policy specifies a ParamKind and the resource referred to by ParamRef does not exist, this binding is considered mis-configured and the FailurePolicy of the ValidatingAdmissionPolicy applied. If the policy does not specify a ParamKind then this field is ignored, and the rules are evaluated without a param.",
 	"matchResources":    "MatchResources declares what resources match this binding and will be validated by it. Note that this is intersected with the policy's matchConstraints, so only requests that are matched by the policy can be selected by this. If this is unset, all resources matched by the policy are validated by this binding When resourceRules is unset, it does not constrain resource matching. If a resource is matched by the other fields of this object, it will be validated. Note that this is differs from ValidatingAdmissionPolicy matchConstraints, where resourceRules are required.",
 	"validationActions": "validationActions declares how Validations of the referenced ValidatingAdmissionPolicy are enforced. If a validation evaluates to false it is always enforced according to these actions.\n\nFailures defined by the ValidatingAdmissionPolicy's FailurePolicy are enforced according to these actions only if the FailurePolicy is set to Fail, otherwise the failures are ignored. This includes compilation errors, runtime errors and misconfigurations of the policy.\n\nvalidationActions is declared as a set of action values. Order does not matter. validationActions may not contain duplicates of the same action.\n\nThe supported actions values are:\n\n\"Deny\" specifies that a validation failure results in a denied request.\n\n\"Warn\" specifies that a validation failure is reported to the request client in HTTP Warning headers, with a warning code of 299. Warnings can be sent both for allowed or denied admission responses.\n\n\"Audit\" specifies that a validation failure is included in the published audit event for the request. The audit event will contain a `validation.policy.admission.k8s.io/validation_failure` audit annotation with a value containing the details of the validation failures, formatted as a JSON list of objects, each with the following fields: - message: The validation failure message string - policy: The resource name of the ValidatingAdmissionPolicy - binding: The resource name of the ValidatingAdmissionPolicyBinding - expressionIndex: The index of the failed validations in the ValidatingAdmissionPolicy - validationActions: The enforcement actions enacted for the validation failure Example audit annotation: `\"validation.policy.admission.k8s.io/validation_failure\": \"[{\"message\": \"Invalid value\", {\"policy\": \"policy.example.com\", {\"binding\": \"policybinding.example.com\", {\"expressionIndex\": \"1\", {\"validationActions\": [\"Audit\"]}]\"`\n\nClients should expect to handle additional values by ignoring any values not recognized.\n\n\"Deny\" and \"Warn\" may not be used together since this combination needlessly duplicates the validation failure both in the API response body and the HTTP warning headers.\n\nRequired.",
 }
@@ -159,6 +161,7 @@ var map_ValidatingAdmissionPolicySpec = map[string]string{
 	"failurePolicy":    "failurePolicy defines how to handle failures for the admission policy. Failures can occur from CEL expression parse errors, type check errors, runtime errors and invalid or mis-configured policy definitions or bindings.\n\nA policy is invalid if spec.paramKind refers to a non-existent Kind. A binding is invalid if spec.paramRef.name refers to a non-existent resource.\n\nfailurePolicy does not define how validations that evaluate to false are handled.\n\nWhen failurePolicy is set to Fail, ValidatingAdmissionPolicyBinding validationActions define how failures are enforced.\n\nAllowed values are Ignore or Fail. Defaults to Fail.",
 	"auditAnnotations": "auditAnnotations contains CEL expressions which are used to produce audit annotations for the audit event of the API request. validations and auditAnnotations may not both be empty; a least one of validations or auditAnnotations is required.",
 	"matchConditions":  "MatchConditions is a list of conditions that must be met for a request to be validated. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.\n\nIf a parameter object is provided, it can be accessed via the `params` handle in the same manner as validation expressions.\n\nThe exact matching logic is (in order):\n  1. If ANY matchCondition evaluates to FALSE, the policy is skipped.\n  2. If ALL matchConditions evaluate to TRUE, the policy is evaluated.\n  3. If any matchCondition evaluates to an error (but none are FALSE):\n     - If failurePolicy=Fail, reject the request\n     - If failurePolicy=Ignore, the policy is skipped",
+	"variables":        "Variables contain definitions of variables that can be used in composition of other expressions. Each variable is defined as a named CEL expression. The variables defined here will be available under `variables` in other expressions of the policy except MatchConditions because MatchConditions are evaluated before the rest of the policy.\n\nThe expression of a variable can refer to other variables defined earlier in the list but not those after. Thus, Variables must be sorted by the order of first appearance and acyclic.",
 }
 
 func (ValidatingAdmissionPolicySpec) SwaggerDoc() map[string]string {
@@ -178,7 +181,7 @@ func (ValidatingAdmissionPolicyStatus) SwaggerDoc() map[string]string {
 
 var map_Validation = map[string]string{
 	"":                  "Validation specifies the CEL expression which is used to apply the validation.",
-	"expression":        "Expression represents the expression which will be evaluated by CEL. ref: https://github.com/google/cel-spec CEL expressions have access to the contents of the API request/response, organized into CEL variables as well as some other useful variables:\n\n- 'object' - The object from the incoming request. The value is null for DELETE requests. - 'oldObject' - The existing object. The value is null for CREATE requests. - 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)). - 'params' - Parameter resource referred to by the policy binding being evaluated. Only populated if the policy has a ParamKind. - 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.\n  See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz\n- 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the\n  request resource.\n\nThe `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the object. No other metadata properties are accessible.\n\nOnly property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible. Accessible property names are escaped according to the following rules when accessed in the expression: - '__' escapes to '__underscores__' - '.' escapes to '__dot__' - '-' escapes to '__dash__' - '/' escapes to '__slash__' - Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are:\n\t  \"true\", \"false\", \"null\", \"in\", \"as\", \"break\", \"const\", \"continue\", \"else\", \"for\", \"function\", \"if\",\n\t  \"import\", \"let\", \"loop\", \"package\", \"namespace\", \"return\".\nExamples:\n  - Expression accessing a property named \"namespace\": {\"Expression\": \"object.__namespace__ > 0\"}\n  - Expression accessing a property named \"x-prop\": {\"Expression\": \"object.x__dash__prop > 0\"}\n  - Expression accessing a property named \"redact__d\": {\"Expression\": \"object.redact__underscores__d > 0\"}\n\nEquality on arrays with list type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1]. Concatenation on arrays with x-kubernetes-list-type use the semantics of the list type:\n  - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and\n    non-intersecting elements in `Y` are appended, retaining their partial order.\n  - 'map': `X + Y` performs a merge where the array positions of all keys in `X` are preserved but the values\n    are overwritten by values in `Y` when the key sets of `X` and `Y` intersect. Elements in `Y` with\n    non-intersecting keys are appended, retaining their partial order.\nRequired.",
+	"expression":        "Expression represents the expression which will be evaluated by CEL. ref: https://github.com/google/cel-spec CEL expressions have access to the contents of the API request/response, organized into CEL variables as well as some other useful variables:\n\n- 'object' - The object from the incoming request. The value is null for DELETE requests. - 'oldObject' - The existing object. The value is null for CREATE requests. - 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)). - 'params' - Parameter resource referred to by the policy binding being evaluated. Only populated if the policy has a ParamKind. - 'namespaceObject' - The namespace object that the incoming object belongs to. The value is null for cluster-scoped resources. - 'variables' - Map of composited variables, from its name to its lazily evaluated value.\n  For example, a variable named 'foo' can be accessed as 'variables.foo'.\n- 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.\n  See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz\n- 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the\n  request resource.\n\nThe `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the object. No other metadata properties are accessible.\n\nOnly property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible. Accessible property names are escaped according to the following rules when accessed in the expression: - '__' escapes to '__underscores__' - '.' escapes to '__dot__' - '-' escapes to '__dash__' - '/' escapes to '__slash__' - Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are:\n\t  \"true\", \"false\", \"null\", \"in\", \"as\", \"break\", \"const\", \"continue\", \"else\", \"for\", \"function\", \"if\",\n\t  \"import\", \"let\", \"loop\", \"package\", \"namespace\", \"return\".\nExamples:\n  - Expression accessing a property named \"namespace\": {\"Expression\": \"object.__namespace__ > 0\"}\n  - Expression accessing a property named \"x-prop\": {\"Expression\": \"object.x__dash__prop > 0\"}\n  - Expression accessing a property named \"redact__d\": {\"Expression\": \"object.redact__underscores__d > 0\"}\n\nEquality on arrays with list type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1]. Concatenation on arrays with x-kubernetes-list-type use the semantics of the list type:\n  - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and\n    non-intersecting elements in `Y` are appended, retaining their partial order.\n  - 'map': `X + Y` performs a merge where the array positions of all keys in `X` are preserved but the values\n    are overwritten by values in `Y` when the key sets of `X` and `Y` intersect. Elements in `Y` with\n    non-intersecting keys are appended, retaining their partial order.\nRequired.",
 	"message":           "Message represents the message displayed when validation fails. The message is required if the Expression contains line breaks. The message must not contain line breaks. If unset, the message is \"failed rule: {Rule}\". e.g. \"must be a URL with the host matching spec.host\" If the Expression contains line breaks. Message is required. The message must not contain line breaks. If unset, the message is \"failed Expression: {Expression}\".",
 	"reason":            "Reason represents a machine-readable description of why this validation failed. If this is the first validation in the list to fail, this reason, as well as the corresponding HTTP response code, are used in the HTTP response to the client. The currently supported reasons are: \"Unauthorized\", \"Forbidden\", \"Invalid\", \"RequestEntityTooLarge\". If not set, StatusReasonInvalid is used in the response to the client.",
 	"messageExpression": "messageExpression declares a CEL expression that evaluates to the validation failure message that is returned when this rule fails. Since messageExpression is used as a failure message, it must evaluate to a string. If both message and messageExpression are present on a validation, then messageExpression will be used if validation fails. If messageExpression results in a runtime error, the runtime error is logged, and the validation failure message is produced as if the messageExpression field were unset. If messageExpression evaluates to an empty string, a string with only spaces, or a string that contains line breaks, then the validation failure message will also be produced as if the messageExpression field were unset, and the fact that messageExpression produced an empty string/string with only spaces/string with line breaks will be logged. messageExpression has access to all the same variables as the `expression` except for 'authorizer' and 'authorizer.requestResource'. Example: \"object.x must be less than max (\"+string(params.max)+\")\"",
@@ -188,4 +191,14 @@ func (Validation) SwaggerDoc() map[string]string {
 	return map_Validation
 }
 
+var map_Variable = map[string]string{
+	"":           "Variable is the definition of a variable that is used for composition.",
+	"name":       "Name is the name of the variable. The name must be a valid CEL identifier and unique among all variables. The variable can be accessed in other expressions through `variables` For example, if name is \"foo\", the variable will be available as `variables.foo`",
+	"expression": "Expression is the expression that will be evaluated as the value of the variable. The CEL expression has access to the same identifiers as the CEL expressions in Validation.",
+}
+
+func (Variable) SwaggerDoc() map[string]string {
+	return map_Variable
+}
+
 // AUTO-GENERATED FUNCTIONS END HERE
diff --git a/vendor/k8s.io/api/admissionregistration/v1alpha1/zz_generated.deepcopy.go b/vendor/k8s.io/api/admissionregistration/v1alpha1/zz_generated.deepcopy.go
index 8e4abfd087..24cd0e4e9b 100644
--- a/vendor/k8s.io/api/admissionregistration/v1alpha1/zz_generated.deepcopy.go
+++ b/vendor/k8s.io/api/admissionregistration/v1alpha1/zz_generated.deepcopy.go
@@ -160,6 +160,16 @@ func (in *ParamKind) DeepCopy() *ParamKind {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ParamRef) DeepCopyInto(out *ParamRef) {
 	*out = *in
+	if in.Selector != nil {
+		in, out := &in.Selector, &out.Selector
+		*out = new(v1.LabelSelector)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.ParameterNotFoundAction != nil {
+		in, out := &in.ParameterNotFoundAction, &out.ParameterNotFoundAction
+		*out = new(ParameterNotFoundActionType)
+		**out = **in
+	}
 	return
 }
 
@@ -288,7 +298,7 @@ func (in *ValidatingAdmissionPolicyBindingSpec) DeepCopyInto(out *ValidatingAdmi
 	if in.ParamRef != nil {
 		in, out := &in.ParamRef, &out.ParamRef
 		*out = new(ParamRef)
-		**out = **in
+		(*in).DeepCopyInto(*out)
 	}
 	if in.MatchResources != nil {
 		in, out := &in.MatchResources, &out.MatchResources
@@ -381,6 +391,11 @@ func (in *ValidatingAdmissionPolicySpec) DeepCopyInto(out *ValidatingAdmissionPo
 		*out = make([]MatchCondition, len(*in))
 		copy(*out, *in)
 	}
+	if in.Variables != nil {
+		in, out := &in.Variables, &out.Variables
+		*out = make([]Variable, len(*in))
+		copy(*out, *in)
+	}
 	return
 }
 
@@ -442,3 +457,19 @@ func (in *Validation) DeepCopy() *Validation {
 	in.DeepCopyInto(out)
 	return out
 }
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *Variable) DeepCopyInto(out *Variable) {
+	*out = *in
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Variable.
+func (in *Variable) DeepCopy() *Variable {
+	if in == nil {
+		return nil
+	}
+	out := new(Variable)
+	in.DeepCopyInto(out)
+	return out
+}
diff --git a/vendor/k8s.io/api/admissionregistration/v1beta1/generated.pb.go b/vendor/k8s.io/api/admissionregistration/v1beta1/generated.pb.go
index 8fb354c319..267ddc1cbd 100644
--- a/vendor/k8s.io/api/admissionregistration/v1beta1/generated.pb.go
+++ b/vendor/k8s.io/api/admissionregistration/v1beta1/generated.pb.go
@@ -25,8 +25,9 @@ import (
 	io "io"
 
 	proto "github.com/gogo/protobuf/proto"
-	v1 "k8s.io/api/admissionregistration/v1"
-	v11 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	v11 "k8s.io/api/admissionregistration/v1"
+	k8s_io_apimachinery_pkg_apis_meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
 	math "math"
 	math_bits "math/bits"
@@ -45,10 +46,66 @@ var _ = math.Inf
 // proto package needs to be updated.
 const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
 
+func (m *AuditAnnotation) Reset()      { *m = AuditAnnotation{} }
+func (*AuditAnnotation) ProtoMessage() {}
+func (*AuditAnnotation) Descriptor() ([]byte, []int) {
+	return fileDescriptor_abeea74cbc46f55a, []int{0}
+}
+func (m *AuditAnnotation) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *AuditAnnotation) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *AuditAnnotation) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_AuditAnnotation.Merge(m, src)
+}
+func (m *AuditAnnotation) XXX_Size() int {
+	return m.Size()
+}
+func (m *AuditAnnotation) XXX_DiscardUnknown() {
+	xxx_messageInfo_AuditAnnotation.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_AuditAnnotation proto.InternalMessageInfo
+
+func (m *ExpressionWarning) Reset()      { *m = ExpressionWarning{} }
+func (*ExpressionWarning) ProtoMessage() {}
+func (*ExpressionWarning) Descriptor() ([]byte, []int) {
+	return fileDescriptor_abeea74cbc46f55a, []int{1}
+}
+func (m *ExpressionWarning) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ExpressionWarning) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *ExpressionWarning) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ExpressionWarning.Merge(m, src)
+}
+func (m *ExpressionWarning) XXX_Size() int {
+	return m.Size()
+}
+func (m *ExpressionWarning) XXX_DiscardUnknown() {
+	xxx_messageInfo_ExpressionWarning.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ExpressionWarning proto.InternalMessageInfo
+
 func (m *MatchCondition) Reset()      { *m = MatchCondition{} }
 func (*MatchCondition) ProtoMessage() {}
 func (*MatchCondition) Descriptor() ([]byte, []int) {
-	return fileDescriptor_abeea74cbc46f55a, []int{0}
+	return fileDescriptor_abeea74cbc46f55a, []int{2}
 }
 func (m *MatchCondition) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -73,10 +130,38 @@ func (m *MatchCondition) XXX_DiscardUnknown() {
 
 var xxx_messageInfo_MatchCondition proto.InternalMessageInfo
 
+func (m *MatchResources) Reset()      { *m = MatchResources{} }
+func (*MatchResources) ProtoMessage() {}
+func (*MatchResources) Descriptor() ([]byte, []int) {
+	return fileDescriptor_abeea74cbc46f55a, []int{3}
+}
+func (m *MatchResources) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *MatchResources) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *MatchResources) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_MatchResources.Merge(m, src)
+}
+func (m *MatchResources) XXX_Size() int {
+	return m.Size()
+}
+func (m *MatchResources) XXX_DiscardUnknown() {
+	xxx_messageInfo_MatchResources.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_MatchResources proto.InternalMessageInfo
+
 func (m *MutatingWebhook) Reset()      { *m = MutatingWebhook{} }
 func (*MutatingWebhook) ProtoMessage() {}
 func (*MutatingWebhook) Descriptor() ([]byte, []int) {
-	return fileDescriptor_abeea74cbc46f55a, []int{1}
+	return fileDescriptor_abeea74cbc46f55a, []int{4}
 }
 func (m *MutatingWebhook) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -104,7 +189,7 @@ var xxx_messageInfo_MutatingWebhook proto.InternalMessageInfo
 func (m *MutatingWebhookConfiguration) Reset()      { *m = MutatingWebhookConfiguration{} }
 func (*MutatingWebhookConfiguration) ProtoMessage() {}
 func (*MutatingWebhookConfiguration) Descriptor() ([]byte, []int) {
-	return fileDescriptor_abeea74cbc46f55a, []int{2}
+	return fileDescriptor_abeea74cbc46f55a, []int{5}
 }
 func (m *MutatingWebhookConfiguration) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -132,7 +217,7 @@ var xxx_messageInfo_MutatingWebhookConfiguration proto.InternalMessageInfo
 func (m *MutatingWebhookConfigurationList) Reset()      { *m = MutatingWebhookConfigurationList{} }
 func (*MutatingWebhookConfigurationList) ProtoMessage() {}
 func (*MutatingWebhookConfigurationList) Descriptor() ([]byte, []int) {
-	return fileDescriptor_abeea74cbc46f55a, []int{3}
+	return fileDescriptor_abeea74cbc46f55a, []int{6}
 }
 func (m *MutatingWebhookConfigurationList) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -157,10 +242,94 @@ func (m *MutatingWebhookConfigurationList) XXX_DiscardUnknown() {
 
 var xxx_messageInfo_MutatingWebhookConfigurationList proto.InternalMessageInfo
 
+func (m *NamedRuleWithOperations) Reset()      { *m = NamedRuleWithOperations{} }
+func (*NamedRuleWithOperations) ProtoMessage() {}
+func (*NamedRuleWithOperations) Descriptor() ([]byte, []int) {
+	return fileDescriptor_abeea74cbc46f55a, []int{7}
+}
+func (m *NamedRuleWithOperations) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *NamedRuleWithOperations) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *NamedRuleWithOperations) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_NamedRuleWithOperations.Merge(m, src)
+}
+func (m *NamedRuleWithOperations) XXX_Size() int {
+	return m.Size()
+}
+func (m *NamedRuleWithOperations) XXX_DiscardUnknown() {
+	xxx_messageInfo_NamedRuleWithOperations.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_NamedRuleWithOperations proto.InternalMessageInfo
+
+func (m *ParamKind) Reset()      { *m = ParamKind{} }
+func (*ParamKind) ProtoMessage() {}
+func (*ParamKind) Descriptor() ([]byte, []int) {
+	return fileDescriptor_abeea74cbc46f55a, []int{8}
+}
+func (m *ParamKind) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ParamKind) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *ParamKind) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ParamKind.Merge(m, src)
+}
+func (m *ParamKind) XXX_Size() int {
+	return m.Size()
+}
+func (m *ParamKind) XXX_DiscardUnknown() {
+	xxx_messageInfo_ParamKind.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ParamKind proto.InternalMessageInfo
+
+func (m *ParamRef) Reset()      { *m = ParamRef{} }
+func (*ParamRef) ProtoMessage() {}
+func (*ParamRef) Descriptor() ([]byte, []int) {
+	return fileDescriptor_abeea74cbc46f55a, []int{9}
+}
+func (m *ParamRef) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ParamRef) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *ParamRef) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ParamRef.Merge(m, src)
+}
+func (m *ParamRef) XXX_Size() int {
+	return m.Size()
+}
+func (m *ParamRef) XXX_DiscardUnknown() {
+	xxx_messageInfo_ParamRef.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ParamRef proto.InternalMessageInfo
+
 func (m *ServiceReference) Reset()      { *m = ServiceReference{} }
 func (*ServiceReference) ProtoMessage() {}
 func (*ServiceReference) Descriptor() ([]byte, []int) {
-	return fileDescriptor_abeea74cbc46f55a, []int{4}
+	return fileDescriptor_abeea74cbc46f55a, []int{10}
 }
 func (m *ServiceReference) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -185,10 +354,234 @@ func (m *ServiceReference) XXX_DiscardUnknown() {
 
 var xxx_messageInfo_ServiceReference proto.InternalMessageInfo
 
+func (m *TypeChecking) Reset()      { *m = TypeChecking{} }
+func (*TypeChecking) ProtoMessage() {}
+func (*TypeChecking) Descriptor() ([]byte, []int) {
+	return fileDescriptor_abeea74cbc46f55a, []int{11}
+}
+func (m *TypeChecking) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *TypeChecking) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *TypeChecking) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_TypeChecking.Merge(m, src)
+}
+func (m *TypeChecking) XXX_Size() int {
+	return m.Size()
+}
+func (m *TypeChecking) XXX_DiscardUnknown() {
+	xxx_messageInfo_TypeChecking.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_TypeChecking proto.InternalMessageInfo
+
+func (m *ValidatingAdmissionPolicy) Reset()      { *m = ValidatingAdmissionPolicy{} }
+func (*ValidatingAdmissionPolicy) ProtoMessage() {}
+func (*ValidatingAdmissionPolicy) Descriptor() ([]byte, []int) {
+	return fileDescriptor_abeea74cbc46f55a, []int{12}
+}
+func (m *ValidatingAdmissionPolicy) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ValidatingAdmissionPolicy) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *ValidatingAdmissionPolicy) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ValidatingAdmissionPolicy.Merge(m, src)
+}
+func (m *ValidatingAdmissionPolicy) XXX_Size() int {
+	return m.Size()
+}
+func (m *ValidatingAdmissionPolicy) XXX_DiscardUnknown() {
+	xxx_messageInfo_ValidatingAdmissionPolicy.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ValidatingAdmissionPolicy proto.InternalMessageInfo
+
+func (m *ValidatingAdmissionPolicyBinding) Reset()      { *m = ValidatingAdmissionPolicyBinding{} }
+func (*ValidatingAdmissionPolicyBinding) ProtoMessage() {}
+func (*ValidatingAdmissionPolicyBinding) Descriptor() ([]byte, []int) {
+	return fileDescriptor_abeea74cbc46f55a, []int{13}
+}
+func (m *ValidatingAdmissionPolicyBinding) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ValidatingAdmissionPolicyBinding) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *ValidatingAdmissionPolicyBinding) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ValidatingAdmissionPolicyBinding.Merge(m, src)
+}
+func (m *ValidatingAdmissionPolicyBinding) XXX_Size() int {
+	return m.Size()
+}
+func (m *ValidatingAdmissionPolicyBinding) XXX_DiscardUnknown() {
+	xxx_messageInfo_ValidatingAdmissionPolicyBinding.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ValidatingAdmissionPolicyBinding proto.InternalMessageInfo
+
+func (m *ValidatingAdmissionPolicyBindingList) Reset()      { *m = ValidatingAdmissionPolicyBindingList{} }
+func (*ValidatingAdmissionPolicyBindingList) ProtoMessage() {}
+func (*ValidatingAdmissionPolicyBindingList) Descriptor() ([]byte, []int) {
+	return fileDescriptor_abeea74cbc46f55a, []int{14}
+}
+func (m *ValidatingAdmissionPolicyBindingList) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ValidatingAdmissionPolicyBindingList) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *ValidatingAdmissionPolicyBindingList) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ValidatingAdmissionPolicyBindingList.Merge(m, src)
+}
+func (m *ValidatingAdmissionPolicyBindingList) XXX_Size() int {
+	return m.Size()
+}
+func (m *ValidatingAdmissionPolicyBindingList) XXX_DiscardUnknown() {
+	xxx_messageInfo_ValidatingAdmissionPolicyBindingList.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ValidatingAdmissionPolicyBindingList proto.InternalMessageInfo
+
+func (m *ValidatingAdmissionPolicyBindingSpec) Reset()      { *m = ValidatingAdmissionPolicyBindingSpec{} }
+func (*ValidatingAdmissionPolicyBindingSpec) ProtoMessage() {}
+func (*ValidatingAdmissionPolicyBindingSpec) Descriptor() ([]byte, []int) {
+	return fileDescriptor_abeea74cbc46f55a, []int{15}
+}
+func (m *ValidatingAdmissionPolicyBindingSpec) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ValidatingAdmissionPolicyBindingSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *ValidatingAdmissionPolicyBindingSpec) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ValidatingAdmissionPolicyBindingSpec.Merge(m, src)
+}
+func (m *ValidatingAdmissionPolicyBindingSpec) XXX_Size() int {
+	return m.Size()
+}
+func (m *ValidatingAdmissionPolicyBindingSpec) XXX_DiscardUnknown() {
+	xxx_messageInfo_ValidatingAdmissionPolicyBindingSpec.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ValidatingAdmissionPolicyBindingSpec proto.InternalMessageInfo
+
+func (m *ValidatingAdmissionPolicyList) Reset()      { *m = ValidatingAdmissionPolicyList{} }
+func (*ValidatingAdmissionPolicyList) ProtoMessage() {}
+func (*ValidatingAdmissionPolicyList) Descriptor() ([]byte, []int) {
+	return fileDescriptor_abeea74cbc46f55a, []int{16}
+}
+func (m *ValidatingAdmissionPolicyList) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ValidatingAdmissionPolicyList) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *ValidatingAdmissionPolicyList) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ValidatingAdmissionPolicyList.Merge(m, src)
+}
+func (m *ValidatingAdmissionPolicyList) XXX_Size() int {
+	return m.Size()
+}
+func (m *ValidatingAdmissionPolicyList) XXX_DiscardUnknown() {
+	xxx_messageInfo_ValidatingAdmissionPolicyList.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ValidatingAdmissionPolicyList proto.InternalMessageInfo
+
+func (m *ValidatingAdmissionPolicySpec) Reset()      { *m = ValidatingAdmissionPolicySpec{} }
+func (*ValidatingAdmissionPolicySpec) ProtoMessage() {}
+func (*ValidatingAdmissionPolicySpec) Descriptor() ([]byte, []int) {
+	return fileDescriptor_abeea74cbc46f55a, []int{17}
+}
+func (m *ValidatingAdmissionPolicySpec) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ValidatingAdmissionPolicySpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *ValidatingAdmissionPolicySpec) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ValidatingAdmissionPolicySpec.Merge(m, src)
+}
+func (m *ValidatingAdmissionPolicySpec) XXX_Size() int {
+	return m.Size()
+}
+func (m *ValidatingAdmissionPolicySpec) XXX_DiscardUnknown() {
+	xxx_messageInfo_ValidatingAdmissionPolicySpec.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ValidatingAdmissionPolicySpec proto.InternalMessageInfo
+
+func (m *ValidatingAdmissionPolicyStatus) Reset()      { *m = ValidatingAdmissionPolicyStatus{} }
+func (*ValidatingAdmissionPolicyStatus) ProtoMessage() {}
+func (*ValidatingAdmissionPolicyStatus) Descriptor() ([]byte, []int) {
+	return fileDescriptor_abeea74cbc46f55a, []int{18}
+}
+func (m *ValidatingAdmissionPolicyStatus) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ValidatingAdmissionPolicyStatus) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *ValidatingAdmissionPolicyStatus) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ValidatingAdmissionPolicyStatus.Merge(m, src)
+}
+func (m *ValidatingAdmissionPolicyStatus) XXX_Size() int {
+	return m.Size()
+}
+func (m *ValidatingAdmissionPolicyStatus) XXX_DiscardUnknown() {
+	xxx_messageInfo_ValidatingAdmissionPolicyStatus.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ValidatingAdmissionPolicyStatus proto.InternalMessageInfo
+
 func (m *ValidatingWebhook) Reset()      { *m = ValidatingWebhook{} }
 func (*ValidatingWebhook) ProtoMessage() {}
 func (*ValidatingWebhook) Descriptor() ([]byte, []int) {
-	return fileDescriptor_abeea74cbc46f55a, []int{5}
+	return fileDescriptor_abeea74cbc46f55a, []int{19}
 }
 func (m *ValidatingWebhook) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -216,7 +609,7 @@ var xxx_messageInfo_ValidatingWebhook proto.InternalMessageInfo
 func (m *ValidatingWebhookConfiguration) Reset()      { *m = ValidatingWebhookConfiguration{} }
 func (*ValidatingWebhookConfiguration) ProtoMessage() {}
 func (*ValidatingWebhookConfiguration) Descriptor() ([]byte, []int) {
-	return fileDescriptor_abeea74cbc46f55a, []int{6}
+	return fileDescriptor_abeea74cbc46f55a, []int{20}
 }
 func (m *ValidatingWebhookConfiguration) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -244,7 +637,7 @@ var xxx_messageInfo_ValidatingWebhookConfiguration proto.InternalMessageInfo
 func (m *ValidatingWebhookConfigurationList) Reset()      { *m = ValidatingWebhookConfigurationList{} }
 func (*ValidatingWebhookConfigurationList) ProtoMessage() {}
 func (*ValidatingWebhookConfigurationList) Descriptor() ([]byte, []int) {
-	return fileDescriptor_abeea74cbc46f55a, []int{7}
+	return fileDescriptor_abeea74cbc46f55a, []int{21}
 }
 func (m *ValidatingWebhookConfigurationList) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -269,15 +662,15 @@ func (m *ValidatingWebhookConfigurationList) XXX_DiscardUnknown() {
 
 var xxx_messageInfo_ValidatingWebhookConfigurationList proto.InternalMessageInfo
 
-func (m *WebhookClientConfig) Reset()      { *m = WebhookClientConfig{} }
-func (*WebhookClientConfig) ProtoMessage() {}
-func (*WebhookClientConfig) Descriptor() ([]byte, []int) {
-	return fileDescriptor_abeea74cbc46f55a, []int{8}
+func (m *Validation) Reset()      { *m = Validation{} }
+func (*Validation) ProtoMessage() {}
+func (*Validation) Descriptor() ([]byte, []int) {
+	return fileDescriptor_abeea74cbc46f55a, []int{22}
 }
-func (m *WebhookClientConfig) XXX_Unmarshal(b []byte) error {
+func (m *Validation) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
 }
-func (m *WebhookClientConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+func (m *Validation) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
 	b = b[:cap(b)]
 	n, err := m.MarshalToSizedBuffer(b)
 	if err != nil {
@@ -285,27 +678,99 @@ func (m *WebhookClientConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte,
 	}
 	return b[:n], nil
 }
-func (m *WebhookClientConfig) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_WebhookClientConfig.Merge(m, src)
+func (m *Validation) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Validation.Merge(m, src)
 }
-func (m *WebhookClientConfig) XXX_Size() int {
+func (m *Validation) XXX_Size() int {
 	return m.Size()
 }
-func (m *WebhookClientConfig) XXX_DiscardUnknown() {
-	xxx_messageInfo_WebhookClientConfig.DiscardUnknown(m)
+func (m *Validation) XXX_DiscardUnknown() {
+	xxx_messageInfo_Validation.DiscardUnknown(m)
 }
 
-var xxx_messageInfo_WebhookClientConfig proto.InternalMessageInfo
+var xxx_messageInfo_Validation proto.InternalMessageInfo
 
-func init() {
-	proto.RegisterType((*MatchCondition)(nil), "k8s.io.api.admissionregistration.v1beta1.MatchCondition")
-	proto.RegisterType((*MutatingWebhook)(nil), "k8s.io.api.admissionregistration.v1beta1.MutatingWebhook")
+func (m *Variable) Reset()      { *m = Variable{} }
+func (*Variable) ProtoMessage() {}
+func (*Variable) Descriptor() ([]byte, []int) {
+	return fileDescriptor_abeea74cbc46f55a, []int{23}
+}
+func (m *Variable) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *Variable) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *Variable) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Variable.Merge(m, src)
+}
+func (m *Variable) XXX_Size() int {
+	return m.Size()
+}
+func (m *Variable) XXX_DiscardUnknown() {
+	xxx_messageInfo_Variable.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Variable proto.InternalMessageInfo
+
+func (m *WebhookClientConfig) Reset()      { *m = WebhookClientConfig{} }
+func (*WebhookClientConfig) ProtoMessage() {}
+func (*WebhookClientConfig) Descriptor() ([]byte, []int) {
+	return fileDescriptor_abeea74cbc46f55a, []int{24}
+}
+func (m *WebhookClientConfig) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *WebhookClientConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *WebhookClientConfig) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_WebhookClientConfig.Merge(m, src)
+}
+func (m *WebhookClientConfig) XXX_Size() int {
+	return m.Size()
+}
+func (m *WebhookClientConfig) XXX_DiscardUnknown() {
+	xxx_messageInfo_WebhookClientConfig.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_WebhookClientConfig proto.InternalMessageInfo
+
+func init() {
+	proto.RegisterType((*AuditAnnotation)(nil), "k8s.io.api.admissionregistration.v1beta1.AuditAnnotation")
+	proto.RegisterType((*ExpressionWarning)(nil), "k8s.io.api.admissionregistration.v1beta1.ExpressionWarning")
+	proto.RegisterType((*MatchCondition)(nil), "k8s.io.api.admissionregistration.v1beta1.MatchCondition")
+	proto.RegisterType((*MatchResources)(nil), "k8s.io.api.admissionregistration.v1beta1.MatchResources")
+	proto.RegisterType((*MutatingWebhook)(nil), "k8s.io.api.admissionregistration.v1beta1.MutatingWebhook")
 	proto.RegisterType((*MutatingWebhookConfiguration)(nil), "k8s.io.api.admissionregistration.v1beta1.MutatingWebhookConfiguration")
 	proto.RegisterType((*MutatingWebhookConfigurationList)(nil), "k8s.io.api.admissionregistration.v1beta1.MutatingWebhookConfigurationList")
+	proto.RegisterType((*NamedRuleWithOperations)(nil), "k8s.io.api.admissionregistration.v1beta1.NamedRuleWithOperations")
+	proto.RegisterType((*ParamKind)(nil), "k8s.io.api.admissionregistration.v1beta1.ParamKind")
+	proto.RegisterType((*ParamRef)(nil), "k8s.io.api.admissionregistration.v1beta1.ParamRef")
 	proto.RegisterType((*ServiceReference)(nil), "k8s.io.api.admissionregistration.v1beta1.ServiceReference")
+	proto.RegisterType((*TypeChecking)(nil), "k8s.io.api.admissionregistration.v1beta1.TypeChecking")
+	proto.RegisterType((*ValidatingAdmissionPolicy)(nil), "k8s.io.api.admissionregistration.v1beta1.ValidatingAdmissionPolicy")
+	proto.RegisterType((*ValidatingAdmissionPolicyBinding)(nil), "k8s.io.api.admissionregistration.v1beta1.ValidatingAdmissionPolicyBinding")
+	proto.RegisterType((*ValidatingAdmissionPolicyBindingList)(nil), "k8s.io.api.admissionregistration.v1beta1.ValidatingAdmissionPolicyBindingList")
+	proto.RegisterType((*ValidatingAdmissionPolicyBindingSpec)(nil), "k8s.io.api.admissionregistration.v1beta1.ValidatingAdmissionPolicyBindingSpec")
+	proto.RegisterType((*ValidatingAdmissionPolicyList)(nil), "k8s.io.api.admissionregistration.v1beta1.ValidatingAdmissionPolicyList")
+	proto.RegisterType((*ValidatingAdmissionPolicySpec)(nil), "k8s.io.api.admissionregistration.v1beta1.ValidatingAdmissionPolicySpec")
+	proto.RegisterType((*ValidatingAdmissionPolicyStatus)(nil), "k8s.io.api.admissionregistration.v1beta1.ValidatingAdmissionPolicyStatus")
 	proto.RegisterType((*ValidatingWebhook)(nil), "k8s.io.api.admissionregistration.v1beta1.ValidatingWebhook")
 	proto.RegisterType((*ValidatingWebhookConfiguration)(nil), "k8s.io.api.admissionregistration.v1beta1.ValidatingWebhookConfiguration")
 	proto.RegisterType((*ValidatingWebhookConfigurationList)(nil), "k8s.io.api.admissionregistration.v1beta1.ValidatingWebhookConfigurationList")
+	proto.RegisterType((*Validation)(nil), "k8s.io.api.admissionregistration.v1beta1.Validation")
+	proto.RegisterType((*Variable)(nil), "k8s.io.api.admissionregistration.v1beta1.Variable")
 	proto.RegisterType((*WebhookClientConfig)(nil), "k8s.io.api.admissionregistration.v1beta1.WebhookClientConfig")
 }
 
@@ -314,73 +779,197 @@ func init() {
 }
 
 var fileDescriptor_abeea74cbc46f55a = []byte{
-	// 1041 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x57, 0x4f, 0x73, 0xdb, 0xc4,
-	0x1b, 0x8e, 0xe2, 0xf8, 0x17, 0x67, 0xed, 0x24, 0xcd, 0xfe, 0x80, 0x88, 0xd0, 0xb1, 0x3c, 0x3e,
-	0x30, 0xbe, 0x20, 0xb5, 0x29, 0x03, 0xa5, 0x0c, 0x87, 0x2a, 0xb4, 0x03, 0x33, 0x49, 0x5a, 0x36,
-	0xfd, 0x33, 0x03, 0x65, 0xa6, 0x6b, 0xf9, 0xb5, 0xbd, 0x58, 0xd2, 0x7a, 0xb4, 0xab, 0xb4, 0x19,
-	0x2e, 0x7c, 0x04, 0xbe, 0x02, 0x1f, 0x84, 0x03, 0xb7, 0x1c, 0x7b, 0xec, 0x05, 0x0d, 0x11, 0x67,
-	0x0e, 0x5c, 0x73, 0x62, 0xb4, 0x52, 0x6c, 0xcb, 0x76, 0x5a, 0x11, 0x66, 0x72, 0xca, 0xcd, 0xfb,
-	0xbc, 0xfb, 0xbe, 0xcf, 0x3e, 0xab, 0x77, 0xdf, 0x67, 0x8c, 0xbe, 0x19, 0xdc, 0x16, 0x26, 0xe3,
-	0xd6, 0x20, 0x6c, 0x43, 0xe0, 0x83, 0x04, 0x61, 0x1d, 0x82, 0xdf, 0xe1, 0x81, 0x95, 0x05, 0xe8,
-	0x90, 0x59, 0xb4, 0xe3, 0x31, 0x21, 0x18, 0xf7, 0x03, 0xe8, 0x31, 0x21, 0x03, 0x2a, 0x19, 0xf7,
-	0xad, 0xc3, 0x9b, 0x6d, 0x90, 0xf4, 0xa6, 0xd5, 0x03, 0x1f, 0x02, 0x2a, 0xa1, 0x63, 0x0e, 0x03,
-	0x2e, 0x39, 0x6e, 0xa5, 0x99, 0x26, 0x1d, 0x32, 0x73, 0x6e, 0xa6, 0x99, 0x65, 0x6e, 0x7d, 0xd4,
-	0x63, 0xb2, 0x1f, 0xb6, 0x4d, 0x87, 0x7b, 0x56, 0x8f, 0xf7, 0xb8, 0xa5, 0x0a, 0xb4, 0xc3, 0xae,
-	0x5a, 0xa9, 0x85, 0xfa, 0x95, 0x16, 0xde, 0xba, 0x55, 0xe0, 0x48, 0xd3, 0xa7, 0xd9, 0xfa, 0x78,
-	0x9c, 0xe4, 0x51, 0xa7, 0xcf, 0x7c, 0x08, 0x8e, 0xac, 0xe1, 0xa0, 0x97, 0x00, 0xc2, 0xf2, 0x40,
-	0xd2, 0x79, 0x59, 0xd6, 0x79, 0x59, 0x41, 0xe8, 0x4b, 0xe6, 0xc1, 0x4c, 0xc2, 0x27, 0x6f, 0x4b,
-	0x10, 0x4e, 0x1f, 0x3c, 0x3a, 0x9d, 0xd7, 0xec, 0xa2, 0xb5, 0x3d, 0x2a, 0x9d, 0xfe, 0x0e, 0xf7,
-	0x3b, 0x2c, 0xd1, 0x80, 0x1b, 0x68, 0xc9, 0xa7, 0x1e, 0xe8, 0x5a, 0x43, 0x6b, 0xad, 0xd8, 0xb5,
-	0xe3, 0xc8, 0x58, 0x88, 0x23, 0x63, 0x69, 0x9f, 0x7a, 0x40, 0x54, 0x04, 0x6f, 0x23, 0x04, 0x2f,
-	0x87, 0x01, 0x28, 0xfd, 0xfa, 0xa2, 0xda, 0x87, 0xb3, 0x7d, 0xe8, 0xde, 0x28, 0x42, 0x26, 0x76,
-	0x35, 0x7f, 0xab, 0xa0, 0xf5, 0xbd, 0x50, 0x52, 0xc9, 0xfc, 0xde, 0x53, 0x68, 0xf7, 0x39, 0x1f,
-	0x14, 0x60, 0x7a, 0x81, 0x6a, 0x8e, 0xcb, 0xc0, 0x97, 0x3b, 0xdc, 0xef, 0xb2, 0x9e, 0xe2, 0xaa,
-	0x6e, 0x7f, 0x61, 0x16, 0xfd, 0xc2, 0x66, 0x46, 0xb5, 0x33, 0x51, 0xc4, 0x7e, 0x27, 0x23, 0xaa,
-	0x4d, 0xa2, 0x24, 0x47, 0x84, 0x9f, 0xa1, 0x72, 0x10, 0xba, 0x20, 0xf4, 0x52, 0xa3, 0xd4, 0xaa,
-	0x6e, 0x7f, 0x5a, 0x84, 0xd1, 0x24, 0xa1, 0x0b, 0x4f, 0x99, 0xec, 0x3f, 0x18, 0x42, 0x0a, 0x0a,
-	0x7b, 0x35, 0xe3, 0x2a, 0x27, 0x31, 0x41, 0xd2, 0xa2, 0x78, 0x17, 0xad, 0x76, 0x29, 0x73, 0xc3,
-	0x00, 0x1e, 0x72, 0x97, 0x39, 0x47, 0xfa, 0x92, 0xba, 0x81, 0x0f, 0xe3, 0xc8, 0x58, 0xbd, 0x3f,
-	0x19, 0x38, 0x8d, 0x8c, 0x8d, 0x1c, 0xf0, 0xe8, 0x68, 0x08, 0x24, 0x9f, 0x8c, 0xbf, 0x44, 0x55,
-	0x2f, 0xf9, 0x84, 0x59, 0xad, 0x15, 0x55, 0xab, 0x19, 0x47, 0x46, 0x75, 0x6f, 0x0c, 0x9f, 0x46,
-	0xc6, 0xfa, 0xc4, 0x52, 0xd5, 0x99, 0x4c, 0xc3, 0x2f, 0xd1, 0x46, 0x72, 0xe5, 0x62, 0x48, 0x1d,
-	0x38, 0x00, 0x17, 0x1c, 0xc9, 0x03, 0xbd, 0xac, 0xee, 0xfb, 0xd6, 0x84, 0xfa, 0x51, 0x73, 0x99,
-	0xc3, 0x41, 0x2f, 0x01, 0x84, 0x99, 0xf4, 0x70, 0x22, 0x7f, 0x97, 0xb6, 0xc1, 0x3d, 0x4b, 0xb5,
-	0xdf, 0x8d, 0x23, 0x63, 0x63, 0x7f, 0xba, 0x22, 0x99, 0x25, 0xc1, 0x1c, 0xad, 0xf1, 0xf6, 0x0f,
-	0xe0, 0xc8, 0x11, 0x6d, 0xf5, 0xe2, 0xb4, 0x38, 0x8e, 0x8c, 0xb5, 0x07, 0xb9, 0x72, 0x64, 0xaa,
-	0x7c, 0x72, 0x61, 0x82, 0x75, 0xe0, 0x5e, 0xb7, 0x0b, 0x8e, 0x14, 0xfa, 0xff, 0xc6, 0x17, 0x76,
-	0x30, 0x86, 0x93, 0x0b, 0x1b, 0x2f, 0x77, 0x5c, 0x2a, 0x04, 0x99, 0x4c, 0xc3, 0x77, 0xd0, 0x5a,
-	0xf2, 0xb0, 0x78, 0x28, 0x0f, 0xc0, 0xe1, 0x7e, 0x47, 0xe8, 0xcb, 0x0d, 0xad, 0x55, 0x4e, 0x4f,
-	0xf0, 0x28, 0x17, 0x21, 0x53, 0x3b, 0xf1, 0x63, 0xb4, 0x39, 0xea, 0x22, 0x02, 0x87, 0x0c, 0x5e,
-	0x3c, 0x81, 0x20, 0x59, 0x08, 0xbd, 0xd2, 0x28, 0xb5, 0x56, 0xec, 0x0f, 0xe2, 0xc8, 0xd8, 0xbc,
-	0x3b, 0x7f, 0x0b, 0x39, 0x2f, 0x17, 0x3f, 0x47, 0x38, 0x00, 0xe6, 0x1f, 0x72, 0x47, 0xb5, 0x5f,
-	0xd6, 0x10, 0x48, 0xe9, 0xbb, 0x11, 0x47, 0x06, 0x26, 0x33, 0xd1, 0xd3, 0xc8, 0x78, 0x6f, 0x16,
-	0x55, 0xed, 0x31, 0xa7, 0x16, 0xfe, 0x11, 0xad, 0x7b, 0xb9, 0x71, 0x21, 0xf4, 0x9a, 0x7a, 0x21,
-	0xb7, 0x8b, 0xbf, 0xc9, 0xfc, 0xbc, 0xb1, 0x37, 0xb3, 0x27, 0xb2, 0x9e, 0xc7, 0x05, 0x99, 0x66,
-	0x6a, 0xfe, 0xae, 0xa1, 0xeb, 0x53, 0x33, 0x24, 0x7d, 0xae, 0x61, 0xca, 0x80, 0x9f, 0xa3, 0x4a,
-	0xd2, 0x15, 0x1d, 0x2a, 0xa9, 0x1a, 0x2a, 0xd5, 0xed, 0x1b, 0xc5, 0x7a, 0x28, 0x6d, 0x98, 0x3d,
-	0x90, 0x74, 0x3c, 0xc8, 0xc6, 0x18, 0x19, 0x55, 0xc5, 0xdf, 0xa1, 0x4a, 0xc6, 0x2c, 0xf4, 0x45,
-	0x25, 0xfc, 0xb3, 0x7f, 0x21, 0x3c, 0x7f, 0x76, 0x7b, 0x29, 0xa1, 0x22, 0xa3, 0x82, 0xcd, 0xbf,
-	0x34, 0xd4, 0x78, 0x93, 0xbe, 0x5d, 0x26, 0x24, 0x7e, 0x36, 0xa3, 0xd1, 0x2c, 0xf8, 0x4e, 0x98,
-	0x48, 0x15, 0x5e, 0xcb, 0x14, 0x56, 0xce, 0x90, 0x09, 0x7d, 0x03, 0x54, 0x66, 0x12, 0xbc, 0x33,
-	0x71, 0xf7, 0x2f, 0x2c, 0x2e, 0x77, 0xf0, 0xf1, 0x18, 0xfc, 0x3a, 0x29, 0x4e, 0x52, 0x8e, 0xe6,
-	0x2f, 0x1a, 0xba, 0x76, 0x00, 0xc1, 0x21, 0x73, 0x80, 0x40, 0x17, 0x02, 0xf0, 0x1d, 0xc0, 0x16,
-	0x5a, 0x19, 0x8d, 0x88, 0xcc, 0x19, 0x36, 0xb2, 0xec, 0x95, 0xd1, 0x38, 0x21, 0xe3, 0x3d, 0x23,
-	0x17, 0x59, 0x3c, 0xd7, 0x45, 0xae, 0xa3, 0xa5, 0x21, 0x95, 0x7d, 0xbd, 0xa4, 0x76, 0x54, 0x92,
-	0xe8, 0x43, 0x2a, 0xfb, 0x44, 0xa1, 0x2a, 0xca, 0x03, 0xa9, 0x66, 0x70, 0x39, 0x8b, 0xf2, 0x40,
-	0x12, 0x85, 0x36, 0x4f, 0x96, 0xd1, 0xc6, 0x13, 0xea, 0xb2, 0xce, 0x95, 0x73, 0x5d, 0x39, 0xd7,
-	0xdb, 0x9d, 0x0b, 0x5d, 0x39, 0xd7, 0x85, 0x9c, 0x6b, 0x8e, 0xaf, 0x54, 0x2f, 0xcd, 0x57, 0x4e,
-	0x34, 0x54, 0x9f, 0x79, 0xe3, 0x97, 0xed, 0x2c, 0xdf, 0xcf, 0x38, 0xcb, 0xe7, 0xc5, 0xa5, 0xcf,
-	0x9c, 0x7e, 0xc6, 0x5b, 0xfe, 0xd6, 0x50, 0xf3, 0xcd, 0x1a, 0x2f, 0xc1, 0x5d, 0xbc, 0xbc, 0xbb,
-	0x7c, 0xf5, 0x1f, 0x04, 0x16, 0xf1, 0x97, 0x5f, 0x35, 0xf4, 0xff, 0x39, 0x63, 0x14, 0xbf, 0x8f,
-	0x4a, 0x61, 0xe0, 0x66, 0x76, 0xb0, 0x1c, 0x47, 0x46, 0xe9, 0x31, 0xd9, 0x25, 0x09, 0x86, 0x29,
-	0x5a, 0x16, 0xa9, 0x23, 0x65, 0xf2, 0xef, 0x14, 0x3f, 0xe3, 0xb4, 0x95, 0xd9, 0xd5, 0x38, 0x32,
-	0x96, 0xcf, 0xd0, 0xb3, 0xba, 0xb8, 0x85, 0x2a, 0x0e, 0xb5, 0x43, 0xbf, 0xe3, 0xa6, 0x9e, 0x55,
-	0xb3, 0x6b, 0xc9, 0x75, 0xed, 0xdc, 0x4d, 0x31, 0x32, 0x8a, 0xda, 0xfb, 0xc7, 0x27, 0xf5, 0x85,
-	0x57, 0x27, 0xf5, 0x85, 0xd7, 0x27, 0xf5, 0x85, 0x9f, 0xe2, 0xba, 0x76, 0x1c, 0xd7, 0xb5, 0x57,
-	0x71, 0x5d, 0x7b, 0x1d, 0xd7, 0xb5, 0x3f, 0xe2, 0xba, 0xf6, 0xf3, 0x9f, 0xf5, 0x85, 0x6f, 0x5b,
-	0x45, 0xff, 0x28, 0xff, 0x13, 0x00, 0x00, 0xff, 0xff, 0x1f, 0xf5, 0x97, 0x1c, 0x6c, 0x0f, 0x00,
-	0x00,
+	// 1973 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x1a, 0x4d, 0x6f, 0x23, 0x49,
+	0x35, 0x1d, 0xe7, 0xc3, 0x7e, 0xce, 0x97, 0x6b, 0x67, 0x89, 0x77, 0x76, 0xd6, 0x8e, 0x5a, 0x2b,
+	0x94, 0x91, 0xc0, 0xde, 0xc9, 0xae, 0x76, 0x97, 0x59, 0x21, 0x14, 0x67, 0x67, 0x86, 0x99, 0x9d,
+	0x64, 0x42, 0x65, 0x37, 0x91, 0x60, 0x57, 0x9a, 0x72, 0x77, 0xd9, 0x6e, 0x6c, 0x77, 0x37, 0x5d,
+	0x6d, 0xcf, 0x04, 0x24, 0x40, 0xe2, 0xb0, 0x57, 0x24, 0x2e, 0x48, 0x9c, 0xf8, 0x0b, 0xdc, 0x91,
+	0xe0, 0x36, 0xc7, 0xbd, 0x31, 0x12, 0xc2, 0x22, 0xe6, 0xc0, 0x89, 0x03, 0x07, 0x38, 0xe4, 0x02,
+	0xaa, 0xea, 0xea, 0x4f, 0xb7, 0x27, 0x9d, 0x90, 0x09, 0x97, 0xb9, 0xa5, 0xdf, 0x67, 0xbd, 0x57,
+	0xef, 0xab, 0x9e, 0x03, 0xdf, 0xeb, 0x7e, 0xc8, 0x6a, 0x86, 0x55, 0xef, 0x0e, 0x9a, 0xd4, 0x31,
+	0xa9, 0x4b, 0x59, 0x7d, 0x48, 0x4d, 0xdd, 0x72, 0xea, 0x12, 0x41, 0x6c, 0xa3, 0x4e, 0xf4, 0xbe,
+	0xc1, 0x98, 0x61, 0x99, 0x0e, 0x6d, 0x1b, 0xcc, 0x75, 0x88, 0x6b, 0x58, 0x66, 0x7d, 0x78, 0xab,
+	0x49, 0x5d, 0x72, 0xab, 0xde, 0xa6, 0x26, 0x75, 0x88, 0x4b, 0xf5, 0x9a, 0xed, 0x58, 0xae, 0x85,
+	0x36, 0x3d, 0xce, 0x1a, 0xb1, 0x8d, 0x5a, 0x2a, 0x67, 0x4d, 0x72, 0x5e, 0xff, 0x66, 0xdb, 0x70,
+	0x3b, 0x83, 0x66, 0x4d, 0xb3, 0xfa, 0xf5, 0xb6, 0xd5, 0xb6, 0xea, 0x42, 0x40, 0x73, 0xd0, 0x12,
+	0x5f, 0xe2, 0x43, 0xfc, 0xe5, 0x09, 0xbe, 0xfe, 0x6e, 0x86, 0x23, 0x25, 0x4f, 0x73, 0xfd, 0xbd,
+	0x90, 0xa9, 0x4f, 0xb4, 0x8e, 0x61, 0x52, 0xe7, 0xb8, 0x6e, 0x77, 0xdb, 0x1c, 0xc0, 0xea, 0x7d,
+	0xea, 0x92, 0x34, 0xae, 0xfa, 0x34, 0x2e, 0x67, 0x60, 0xba, 0x46, 0x9f, 0x4e, 0x30, 0xbc, 0x7f,
+	0x16, 0x03, 0xd3, 0x3a, 0xb4, 0x4f, 0x92, 0x7c, 0x2a, 0x83, 0xd5, 0xed, 0x81, 0x6e, 0xb8, 0xdb,
+	0xa6, 0x69, 0xb9, 0xc2, 0x08, 0xf4, 0x16, 0xe4, 0xba, 0xf4, 0xb8, 0xac, 0x6c, 0x28, 0x9b, 0x85,
+	0x46, 0xf1, 0xd9, 0xa8, 0x3a, 0x33, 0x1e, 0x55, 0x73, 0x9f, 0xd0, 0x63, 0xcc, 0xe1, 0x68, 0x1b,
+	0x56, 0x87, 0xa4, 0x37, 0xa0, 0x77, 0x9e, 0xda, 0x0e, 0x15, 0x2e, 0x28, 0xcf, 0x0a, 0xd2, 0x75,
+	0x49, 0xba, 0x7a, 0x18, 0x47, 0xe3, 0x24, 0xbd, 0xda, 0x83, 0x52, 0xf8, 0x75, 0x44, 0x1c, 0xd3,
+	0x30, 0xdb, 0xe8, 0x1b, 0x90, 0x6f, 0x19, 0xb4, 0xa7, 0x63, 0xda, 0x92, 0x02, 0xd7, 0xa4, 0xc0,
+	0xfc, 0x5d, 0x09, 0xc7, 0x01, 0x05, 0xba, 0x09, 0x8b, 0x4f, 0x3c, 0xc6, 0x72, 0x4e, 0x10, 0xaf,
+	0x4a, 0xe2, 0x45, 0x29, 0x0f, 0xfb, 0x78, 0xb5, 0x05, 0x2b, 0xbb, 0xc4, 0xd5, 0x3a, 0x3b, 0x96,
+	0xa9, 0x1b, 0xc2, 0xc2, 0x0d, 0x98, 0x33, 0x49, 0x9f, 0x4a, 0x13, 0x97, 0x24, 0xe7, 0xdc, 0x1e,
+	0xe9, 0x53, 0x2c, 0x30, 0x68, 0x0b, 0x80, 0x26, 0xed, 0x43, 0x92, 0x0e, 0x22, 0xa6, 0x45, 0xa8,
+	0xd4, 0x3f, 0xcd, 0x49, 0x45, 0x98, 0x32, 0x6b, 0xe0, 0x68, 0x94, 0xa1, 0xa7, 0x50, 0xe2, 0xe2,
+	0x98, 0x4d, 0x34, 0x7a, 0x40, 0x7b, 0x54, 0x73, 0x2d, 0x47, 0x68, 0x2d, 0x6e, 0xbd, 0x5b, 0x0b,
+	0xc3, 0x34, 0xb8, 0xb1, 0x9a, 0xdd, 0x6d, 0x73, 0x00, 0xab, 0xf1, 0xc0, 0xa8, 0x0d, 0x6f, 0xd5,
+	0x1e, 0x92, 0x26, 0xed, 0xf9, 0xac, 0x8d, 0xd7, 0xc7, 0xa3, 0x6a, 0x69, 0x2f, 0x29, 0x11, 0x4f,
+	0x2a, 0x41, 0x16, 0xac, 0x58, 0xcd, 0x1f, 0x52, 0xcd, 0x0d, 0xd4, 0xce, 0x5e, 0x5c, 0x2d, 0x1a,
+	0x8f, 0xaa, 0x2b, 0x8f, 0x62, 0xe2, 0x70, 0x42, 0x3c, 0xfa, 0x29, 0x2c, 0x3b, 0xd2, 0x6e, 0x3c,
+	0xe8, 0x51, 0x56, 0xce, 0x6d, 0xe4, 0x36, 0x8b, 0x5b, 0xdb, 0xb5, 0xac, 0xd9, 0x58, 0xe3, 0x76,
+	0xe9, 0x9c, 0xf7, 0xc8, 0x70, 0x3b, 0x8f, 0x6c, 0xea, 0xa1, 0x59, 0xe3, 0x75, 0xe9, 0xf7, 0x65,
+	0x1c, 0x95, 0x8f, 0xe3, 0xea, 0xd0, 0xaf, 0x14, 0xb8, 0x46, 0x9f, 0x6a, 0xbd, 0x81, 0x4e, 0x63,
+	0x74, 0xe5, 0xb9, 0xcb, 0x3a, 0xc7, 0x0d, 0x79, 0x8e, 0x6b, 0x77, 0x52, 0xd4, 0xe0, 0x54, 0xe5,
+	0xe8, 0x63, 0x28, 0xf6, 0x79, 0x48, 0xec, 0x5b, 0x3d, 0x43, 0x3b, 0x2e, 0x2f, 0x8a, 0x40, 0x52,
+	0xc7, 0xa3, 0x6a, 0x71, 0x37, 0x04, 0x9f, 0x8e, 0xaa, 0xab, 0x91, 0xcf, 0x4f, 0x8f, 0x6d, 0x8a,
+	0xa3, 0x6c, 0xea, 0x1f, 0xf3, 0xb0, 0xba, 0x3b, 0xe0, 0xe9, 0x69, 0xb6, 0x8f, 0x68, 0xb3, 0x63,
+	0x59, 0xdd, 0x0c, 0x31, 0xfc, 0x04, 0x96, 0xb4, 0x9e, 0x41, 0x4d, 0x77, 0xc7, 0x32, 0x5b, 0x46,
+	0x5b, 0x06, 0xc0, 0xb7, 0xb3, 0x3b, 0x42, 0xaa, 0xda, 0x89, 0x08, 0x69, 0x5c, 0x93, 0x8a, 0x96,
+	0xa2, 0x50, 0x1c, 0x53, 0x84, 0x3e, 0x87, 0x79, 0x27, 0x12, 0x02, 0x1f, 0x64, 0xd1, 0x58, 0x4b,
+	0x71, 0xf8, 0xb2, 0xd4, 0x35, 0xef, 0x79, 0xd8, 0x13, 0x8a, 0x1e, 0xc2, 0x72, 0x8b, 0x18, 0xbd,
+	0x81, 0x43, 0xa5, 0x53, 0xe7, 0x84, 0x07, 0xbe, 0xce, 0x23, 0xe4, 0x6e, 0x14, 0x71, 0x3a, 0xaa,
+	0x96, 0x62, 0x00, 0xe1, 0xd8, 0x38, 0x73, 0xf2, 0x82, 0x0a, 0x17, 0xba, 0xa0, 0xf4, 0x3c, 0x9f,
+	0xff, 0xff, 0xe4, 0x79, 0xf1, 0xe5, 0xe6, 0xf9, 0xc7, 0x50, 0x64, 0x86, 0x4e, 0xef, 0xb4, 0x5a,
+	0x54, 0x73, 0x59, 0x79, 0x21, 0x74, 0xd8, 0x41, 0x08, 0xe6, 0x0e, 0x0b, 0x3f, 0x77, 0x7a, 0x84,
+	0x31, 0x1c, 0x65, 0x43, 0xb7, 0x61, 0x85, 0x77, 0x25, 0x6b, 0xe0, 0x1e, 0x50, 0xcd, 0x32, 0x75,
+	0x26, 0x52, 0x63, 0xde, 0x3b, 0xc1, 0xa7, 0x31, 0x0c, 0x4e, 0x50, 0xa2, 0xcf, 0x60, 0x3d, 0x88,
+	0x22, 0x4c, 0x87, 0x06, 0x7d, 0x72, 0x48, 0x1d, 0xfe, 0xc1, 0xca, 0xf9, 0x8d, 0xdc, 0x66, 0xa1,
+	0xf1, 0xe6, 0x78, 0x54, 0x5d, 0xdf, 0x4e, 0x27, 0xc1, 0xd3, 0x78, 0xd1, 0x63, 0x40, 0x0e, 0x35,
+	0xcc, 0xa1, 0xa5, 0x89, 0xf0, 0x93, 0x01, 0x01, 0xc2, 0xbe, 0x77, 0xc6, 0xa3, 0x2a, 0xc2, 0x13,
+	0xd8, 0xd3, 0x51, 0xf5, 0x6b, 0x93, 0x50, 0x11, 0x1e, 0x29, 0xb2, 0xd0, 0x4f, 0x60, 0xb5, 0x1f,
+	0x6b, 0x44, 0xac, 0xbc, 0x24, 0x32, 0xe4, 0xc3, 0xec, 0x39, 0x19, 0xef, 0x64, 0x61, 0xcf, 0x8d,
+	0xc3, 0x19, 0x4e, 0x6a, 0x52, 0xff, 0xa2, 0xc0, 0x8d, 0x44, 0x0d, 0xf1, 0xd2, 0x75, 0xe0, 0x69,
+	0x40, 0x8f, 0x21, 0xcf, 0xa3, 0x42, 0x27, 0x2e, 0x91, 0x2d, 0xea, 0x9d, 0x6c, 0x31, 0xe4, 0x05,
+	0xcc, 0x2e, 0x75, 0x49, 0xd8, 0x22, 0x43, 0x18, 0x0e, 0xa4, 0xa2, 0x1f, 0x40, 0x5e, 0x6a, 0x66,
+	0xe5, 0x59, 0x61, 0xf8, 0xb7, 0xce, 0x61, 0x78, 0xfc, 0xec, 0x8d, 0x39, 0xae, 0x0a, 0x07, 0x02,
+	0xd5, 0x7f, 0x28, 0xb0, 0xf1, 0x22, 0xfb, 0x1e, 0x1a, 0xcc, 0x45, 0x9f, 0x4f, 0xd8, 0x58, 0xcb,
+	0x98, 0x27, 0x06, 0xf3, 0x2c, 0x0c, 0x66, 0x12, 0x1f, 0x12, 0xb1, 0xaf, 0x0b, 0xf3, 0x86, 0x4b,
+	0xfb, 0xbe, 0x71, 0x77, 0x2f, 0x6c, 0x5c, 0xec, 0xe0, 0x61, 0x19, 0xbc, 0xcf, 0x85, 0x63, 0x4f,
+	0x87, 0xfa, 0x5c, 0x81, 0xf5, 0x29, 0x9d, 0x0a, 0x7d, 0x10, 0xf6, 0x62, 0x51, 0x44, 0xca, 0x8a,
+	0xc8, 0x8b, 0x52, 0xb4, 0x89, 0x0a, 0x04, 0x8e, 0xd3, 0xa1, 0x5f, 0x28, 0x80, 0x9c, 0x09, 0x79,
+	0xb2, 0x73, 0x5c, 0xb8, 0x8e, 0x5f, 0x97, 0x06, 0xa0, 0x49, 0x1c, 0x4e, 0x51, 0xa7, 0x12, 0x28,
+	0xec, 0x13, 0x87, 0xf4, 0x3f, 0x31, 0x4c, 0x9d, 0x4f, 0x62, 0xc4, 0x36, 0x64, 0x96, 0xca, 0x6e,
+	0x17, 0x84, 0xd9, 0xf6, 0xfe, 0x7d, 0x89, 0xc1, 0x11, 0x2a, 0xde, 0x1b, 0xbb, 0x86, 0xa9, 0xcb,
+	0xb9, 0x2d, 0xe8, 0x8d, 0x5c, 0x1e, 0x16, 0x18, 0xf5, 0x77, 0xb3, 0x90, 0x17, 0x3a, 0xf8, 0x2c,
+	0x79, 0x76, 0x2b, 0xad, 0x43, 0x21, 0x28, 0xbd, 0x52, 0x6a, 0x49, 0x92, 0x15, 0x82, 0x32, 0x8d,
+	0x43, 0x1a, 0xf4, 0x05, 0xe4, 0x99, 0x5f, 0x90, 0x73, 0x17, 0x2f, 0xc8, 0x4b, 0x3c, 0xd2, 0x82,
+	0x52, 0x1c, 0x88, 0x44, 0x2e, 0xac, 0xdb, 0xfc, 0xf4, 0xd4, 0xa5, 0xce, 0x9e, 0xe5, 0xde, 0xb5,
+	0x06, 0xa6, 0xbe, 0xad, 0x71, 0xef, 0xc9, 0x6e, 0x78, 0x9b, 0x97, 0xc0, 0xfd, 0x74, 0x92, 0xd3,
+	0x51, 0xf5, 0xcd, 0x29, 0x28, 0x51, 0xba, 0xa6, 0x89, 0x56, 0x7f, 0xab, 0xc0, 0xda, 0x01, 0x75,
+	0x86, 0x86, 0x46, 0x31, 0x6d, 0x51, 0x87, 0x9a, 0x5a, 0xc2, 0x35, 0x4a, 0x06, 0xd7, 0xf8, 0xde,
+	0x9e, 0x9d, 0xea, 0xed, 0x1b, 0x30, 0x67, 0x13, 0xb7, 0x23, 0x07, 0xfb, 0x3c, 0xc7, 0xee, 0x13,
+	0xb7, 0x83, 0x05, 0x54, 0x60, 0x2d, 0xc7, 0x15, 0x86, 0xce, 0x4b, 0xac, 0xe5, 0xb8, 0x58, 0x40,
+	0xd5, 0x5f, 0x2b, 0xb0, 0xc4, 0xad, 0xd8, 0xe9, 0x50, 0xad, 0xcb, 0x9f, 0x15, 0x5f, 0x2a, 0x80,
+	0x68, 0xf2, 0xb1, 0xe1, 0x65, 0x44, 0x71, 0xeb, 0xa3, 0xec, 0x29, 0x3a, 0xf1, 0x60, 0x09, 0xc3,
+	0x7a, 0x02, 0xc5, 0x70, 0x8a, 0x4a, 0xf5, 0xcf, 0xb3, 0xf0, 0xc6, 0x21, 0xe9, 0x19, 0xba, 0x48,
+	0xf5, 0xa0, 0x3f, 0xc9, 0xe6, 0xf0, 0xf2, 0xcb, 0xaf, 0x01, 0x73, 0xcc, 0xa6, 0x9a, 0xcc, 0xe6,
+	0x7b, 0xd9, 0x4d, 0x9f, 0x7a, 0xe8, 0x03, 0x9b, 0x6a, 0xe1, 0x0d, 0xf2, 0x2f, 0x2c, 0x54, 0xa0,
+	0x1f, 0xc1, 0x02, 0x73, 0x89, 0x3b, 0x60, 0x32, 0xf8, 0xef, 0x5f, 0x86, 0x32, 0x21, 0xb0, 0xb1,
+	0x22, 0xd5, 0x2d, 0x78, 0xdf, 0x58, 0x2a, 0x52, 0xff, 0xad, 0xc0, 0xc6, 0x54, 0xde, 0x86, 0x61,
+	0xea, 0x3c, 0x18, 0x5e, 0xbe, 0x93, 0xed, 0x98, 0x93, 0xf7, 0x2e, 0xc1, 0x6e, 0x79, 0xf6, 0x69,
+	0xbe, 0x56, 0xff, 0xa5, 0xc0, 0xdb, 0x67, 0x31, 0x5f, 0x41, 0xf3, 0xb3, 0xe2, 0xcd, 0xef, 0xc1,
+	0xe5, 0x59, 0x3e, 0xa5, 0x01, 0x7e, 0x99, 0x3b, 0xdb, 0x6e, 0xee, 0x26, 0xde, 0x41, 0x6c, 0x01,
+	0xdc, 0x0b, 0x8b, 0x7c, 0x70, 0x89, 0xfb, 0x01, 0x06, 0x47, 0xa8, 0xb8, 0xaf, 0x6c, 0xd9, 0x1e,
+	0xe4, 0x55, 0x6e, 0x65, 0x37, 0xc8, 0x6f, 0x2c, 0x5e, 0xf9, 0xf6, 0xbf, 0x70, 0x20, 0x11, 0xb9,
+	0xb0, 0xd2, 0x8f, 0x2d, 0x0a, 0x64, 0x9a, 0x9c, 0x77, 0x0e, 0x0c, 0xf8, 0xbd, 0xb9, 0x39, 0x0e,
+	0xc3, 0x09, 0x1d, 0xe8, 0x08, 0x4a, 0x43, 0xe9, 0x2f, 0xcb, 0xf4, 0x4a, 0xba, 0xf7, 0x3a, 0x2e,
+	0x34, 0x6e, 0xf2, 0xf7, 0xc6, 0x61, 0x12, 0x79, 0x3a, 0xaa, 0xae, 0x25, 0x81, 0x78, 0x52, 0x86,
+	0xfa, 0x77, 0x05, 0xde, 0x9a, 0x7a, 0x13, 0x57, 0x10, 0x7a, 0x9d, 0x78, 0xe8, 0xed, 0x5c, 0x46,
+	0xe8, 0xa5, 0xc7, 0xdc, 0x6f, 0x16, 0x5e, 0x60, 0xa9, 0x08, 0xb6, 0xc7, 0x50, 0xb0, 0xfd, 0xd9,
+	0x25, 0x65, 0xd3, 0x93, 0x25, 0x72, 0x38, 0x6b, 0x63, 0x99, 0xf7, 0xcf, 0xe0, 0x13, 0x87, 0x42,
+	0xd1, 0x8f, 0x61, 0xcd, 0x9f, 0xed, 0x39, 0xbf, 0x61, 0xba, 0xfe, 0x80, 0x76, 0xf1, 0xf0, 0xb9,
+	0x36, 0x1e, 0x55, 0xd7, 0x76, 0x13, 0x52, 0xf1, 0x84, 0x1e, 0xd4, 0x85, 0x62, 0x78, 0xfd, 0xfe,
+	0xfb, 0xfe, 0xbd, 0xf3, 0xfb, 0xdb, 0x32, 0x1b, 0xaf, 0x49, 0x07, 0x17, 0x43, 0x18, 0xc3, 0x51,
+	0xe9, 0x97, 0xfc, 0xd0, 0xff, 0x19, 0xac, 0x91, 0xf8, 0xa2, 0x93, 0x95, 0xe7, 0xcf, 0xfb, 0x08,
+	0x49, 0xac, 0x4a, 0x1b, 0x65, 0x69, 0xc4, 0x5a, 0x02, 0xc1, 0xf0, 0x84, 0xb2, 0xb4, 0xd7, 0xdf,
+	0xc2, 0x55, 0xbd, 0xfe, 0x90, 0x06, 0x85, 0x21, 0x71, 0x0c, 0xd2, 0xec, 0x51, 0xfe, 0xd4, 0xce,
+	0x9d, 0xaf, 0xa0, 0x1d, 0x4a, 0xd6, 0x70, 0xb2, 0xf3, 0x21, 0x0c, 0x87, 0x72, 0xd5, 0x3f, 0xcc,
+	0x42, 0xf5, 0x8c, 0xf6, 0x8d, 0x1e, 0x00, 0xb2, 0x9a, 0x8c, 0x3a, 0x43, 0xaa, 0xdf, 0xf3, 0x56,
+	0xd1, 0xfe, 0x58, 0x9f, 0x0b, 0x07, 0xaa, 0x47, 0x13, 0x14, 0x38, 0x85, 0x0b, 0xf5, 0x60, 0xc9,
+	0x8d, 0x8c, 0x7a, 0x32, 0x0b, 0xde, 0xcf, 0x6e, 0x57, 0x74, 0x50, 0x6c, 0xac, 0x8d, 0x47, 0xd5,
+	0xd8, 0xe8, 0x88, 0x63, 0xd2, 0x91, 0x06, 0xa0, 0x85, 0x57, 0xe7, 0x85, 0x7e, 0x3d, 0x5b, 0x15,
+	0x0b, 0x6f, 0x2c, 0xe8, 0x3b, 0x91, 0xcb, 0x8a, 0x88, 0x55, 0x4f, 0x16, 0xa1, 0x14, 0xba, 0xf0,
+	0xd5, 0xae, 0xef, 0xd5, 0xae, 0xef, 0x85, 0xbb, 0x3e, 0x78, 0xb5, 0xeb, 0xbb, 0xd0, 0xae, 0x2f,
+	0xa5, 0x16, 0x17, 0xaf, 0x6c, 0x13, 0x77, 0xa2, 0x40, 0x65, 0x22, 0xc7, 0xaf, 0x7a, 0x17, 0xf7,
+	0xc5, 0xc4, 0x2e, 0xee, 0xa3, 0x8b, 0x8c, 0x4d, 0xd3, 0xb6, 0x71, 0xff, 0x54, 0x40, 0x7d, 0xb1,
+	0x8d, 0x57, 0x30, 0x17, 0xf6, 0xe3, 0x73, 0xe1, 0x77, 0xff, 0x07, 0x03, 0xb3, 0x6c, 0xe4, 0xfe,
+	0xa3, 0x00, 0x84, 0xc3, 0x0c, 0x7a, 0x1b, 0x22, 0x3f, 0x14, 0xca, 0xd2, 0xed, 0xb9, 0x29, 0x02,
+	0x47, 0x37, 0x61, 0xb1, 0x4f, 0x19, 0x23, 0x6d, 0x7f, 0x21, 0x12, 0xfc, 0x8e, 0xb9, 0xeb, 0x81,
+	0xb1, 0x8f, 0x47, 0x47, 0xb0, 0xe0, 0x50, 0xc2, 0x2c, 0x53, 0x2e, 0x46, 0xbe, 0xc3, 0x5f, 0xc1,
+	0x58, 0x40, 0x4e, 0x47, 0xd5, 0x5b, 0x59, 0x7e, 0x67, 0xae, 0xc9, 0x47, 0xb3, 0x60, 0xc2, 0x52,
+	0x1c, 0xba, 0x07, 0x25, 0xa9, 0x23, 0x72, 0x60, 0xaf, 0xd2, 0xbe, 0x21, 0x4f, 0x53, 0xda, 0x4d,
+	0x12, 0xe0, 0x49, 0x1e, 0xf5, 0x01, 0xe4, 0xfd, 0xc1, 0x00, 0x95, 0x61, 0x2e, 0xf2, 0xde, 0xf2,
+	0x0c, 0x17, 0x90, 0x84, 0x63, 0x66, 0xd3, 0x1d, 0xa3, 0xfe, 0x5e, 0x81, 0xd7, 0x52, 0x9a, 0x12,
+	0x7a, 0x03, 0x72, 0x03, 0xa7, 0x27, 0x5d, 0xb0, 0x38, 0x1e, 0x55, 0x73, 0x9f, 0xe1, 0x87, 0x98,
+	0xc3, 0x10, 0x81, 0x45, 0xe6, 0xad, 0xa7, 0x64, 0x30, 0xdd, 0xce, 0x7e, 0xe3, 0xc9, 0xbd, 0x56,
+	0xa3, 0xc8, 0xef, 0xc0, 0x87, 0xfa, 0x72, 0xd1, 0x26, 0xe4, 0x35, 0xd2, 0x18, 0x98, 0x7a, 0xcf,
+	0xbb, 0xaf, 0x25, 0xef, 0x8d, 0xb7, 0xb3, 0xed, 0xc1, 0x70, 0x80, 0x6d, 0xec, 0x3d, 0x3b, 0xa9,
+	0xcc, 0x7c, 0x75, 0x52, 0x99, 0x79, 0x7e, 0x52, 0x99, 0xf9, 0xf9, 0xb8, 0xa2, 0x3c, 0x1b, 0x57,
+	0x94, 0xaf, 0xc6, 0x15, 0xe5, 0xf9, 0xb8, 0xa2, 0xfc, 0x75, 0x5c, 0x51, 0x7e, 0xf9, 0xb7, 0xca,
+	0xcc, 0xf7, 0x37, 0xb3, 0xfe, 0x97, 0xc3, 0x7f, 0x03, 0x00, 0x00, 0xff, 0xff, 0x71, 0x54, 0x54,
+	0xe6, 0x29, 0x21, 0x00, 0x00,
+}
+
+func (m *AuditAnnotation) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *AuditAnnotation) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *AuditAnnotation) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	i -= len(m.ValueExpression)
+	copy(dAtA[i:], m.ValueExpression)
+	i = encodeVarintGenerated(dAtA, i, uint64(len(m.ValueExpression)))
+	i--
+	dAtA[i] = 0x12
+	i -= len(m.Key)
+	copy(dAtA[i:], m.Key)
+	i = encodeVarintGenerated(dAtA, i, uint64(len(m.Key)))
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
+}
+
+func (m *ExpressionWarning) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *ExpressionWarning) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ExpressionWarning) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	i -= len(m.Warning)
+	copy(dAtA[i:], m.Warning)
+	i = encodeVarintGenerated(dAtA, i, uint64(len(m.Warning)))
+	i--
+	dAtA[i] = 0x1a
+	i -= len(m.FieldRef)
+	copy(dAtA[i:], m.FieldRef)
+	i = encodeVarintGenerated(dAtA, i, uint64(len(m.FieldRef)))
+	i--
+	dAtA[i] = 0x12
+	return len(dAtA) - i, nil
 }
 
 func (m *MatchCondition) Marshal() (dAtA []byte, err error) {
@@ -416,6 +1005,88 @@ func (m *MatchCondition) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	return len(dAtA) - i, nil
 }
 
+func (m *MatchResources) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *MatchResources) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *MatchResources) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.MatchPolicy != nil {
+		i -= len(*m.MatchPolicy)
+		copy(dAtA[i:], *m.MatchPolicy)
+		i = encodeVarintGenerated(dAtA, i, uint64(len(*m.MatchPolicy)))
+		i--
+		dAtA[i] = 0x3a
+	}
+	if len(m.ExcludeResourceRules) > 0 {
+		for iNdEx := len(m.ExcludeResourceRules) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.ExcludeResourceRules[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintGenerated(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x22
+		}
+	}
+	if len(m.ResourceRules) > 0 {
+		for iNdEx := len(m.ResourceRules) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.ResourceRules[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintGenerated(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x1a
+		}
+	}
+	if m.ObjectSelector != nil {
+		{
+			size, err := m.ObjectSelector.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintGenerated(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x12
+	}
+	if m.NamespaceSelector != nil {
+		{
+			size, err := m.NamespaceSelector.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintGenerated(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
 func (m *MutatingWebhook) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
@@ -642,7 +1313,7 @@ func (m *MutatingWebhookConfigurationList) MarshalToSizedBuffer(dAtA []byte) (in
 	return len(dAtA) - i, nil
 }
 
-func (m *ServiceReference) Marshal() (dAtA []byte, err error) {
+func (m *NamedRuleWithOperations) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
 	n, err := m.MarshalToSizedBuffer(dAtA[:size])
@@ -652,42 +1323,72 @@ func (m *ServiceReference) Marshal() (dAtA []byte, err error) {
 	return dAtA[:n], nil
 }
 
-func (m *ServiceReference) MarshalTo(dAtA []byte) (int, error) {
+func (m *NamedRuleWithOperations) MarshalTo(dAtA []byte) (int, error) {
 	size := m.Size()
 	return m.MarshalToSizedBuffer(dAtA[:size])
 }
 
-func (m *ServiceReference) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+func (m *NamedRuleWithOperations) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.Port != nil {
-		i = encodeVarintGenerated(dAtA, i, uint64(*m.Port))
-		i--
-		dAtA[i] = 0x20
+	{
+		size, err := m.RuleWithOperations.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintGenerated(dAtA, i, uint64(size))
 	}
-	if m.Path != nil {
-		i -= len(*m.Path)
-		copy(dAtA[i:], *m.Path)
-		i = encodeVarintGenerated(dAtA, i, uint64(len(*m.Path)))
-		i--
-		dAtA[i] = 0x1a
+	i--
+	dAtA[i] = 0x12
+	if len(m.ResourceNames) > 0 {
+		for iNdEx := len(m.ResourceNames) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.ResourceNames[iNdEx])
+			copy(dAtA[i:], m.ResourceNames[iNdEx])
+			i = encodeVarintGenerated(dAtA, i, uint64(len(m.ResourceNames[iNdEx])))
+			i--
+			dAtA[i] = 0xa
+		}
 	}
-	i -= len(m.Name)
-	copy(dAtA[i:], m.Name)
-	i = encodeVarintGenerated(dAtA, i, uint64(len(m.Name)))
+	return len(dAtA) - i, nil
+}
+
+func (m *ParamKind) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *ParamKind) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ParamKind) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	i -= len(m.Kind)
+	copy(dAtA[i:], m.Kind)
+	i = encodeVarintGenerated(dAtA, i, uint64(len(m.Kind)))
 	i--
 	dAtA[i] = 0x12
-	i -= len(m.Namespace)
-	copy(dAtA[i:], m.Namespace)
-	i = encodeVarintGenerated(dAtA, i, uint64(len(m.Namespace)))
+	i -= len(m.APIVersion)
+	copy(dAtA[i:], m.APIVersion)
+	i = encodeVarintGenerated(dAtA, i, uint64(len(m.APIVersion)))
 	i--
 	dAtA[i] = 0xa
 	return len(dAtA) - i, nil
 }
 
-func (m *ValidatingWebhook) Marshal() (dAtA []byte, err error) {
+func (m *ParamRef) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
 	n, err := m.MarshalToSizedBuffer(dAtA[:size])
@@ -697,33 +1398,26 @@ func (m *ValidatingWebhook) Marshal() (dAtA []byte, err error) {
 	return dAtA[:n], nil
 }
 
-func (m *ValidatingWebhook) MarshalTo(dAtA []byte) (int, error) {
+func (m *ParamRef) MarshalTo(dAtA []byte) (int, error) {
 	size := m.Size()
 	return m.MarshalToSizedBuffer(dAtA[:size])
 }
 
-func (m *ValidatingWebhook) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+func (m *ParamRef) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.MatchConditions) > 0 {
-		for iNdEx := len(m.MatchConditions) - 1; iNdEx >= 0; iNdEx-- {
-			{
-				size, err := m.MatchConditions[iNdEx].MarshalToSizedBuffer(dAtA[:i])
-				if err != nil {
-					return 0, err
-				}
-				i -= size
-				i = encodeVarintGenerated(dAtA, i, uint64(size))
-			}
-			i--
-			dAtA[i] = 0x5a
-		}
+	if m.ParameterNotFoundAction != nil {
+		i -= len(*m.ParameterNotFoundAction)
+		copy(dAtA[i:], *m.ParameterNotFoundAction)
+		i = encodeVarintGenerated(dAtA, i, uint64(len(*m.ParameterNotFoundAction)))
+		i--
+		dAtA[i] = 0x22
 	}
-	if m.ObjectSelector != nil {
+	if m.Selector != nil {
 		{
-			size, err := m.ObjectSelector.MarshalToSizedBuffer(dAtA[:i])
+			size, err := m.Selector.MarshalToSizedBuffer(dAtA[:i])
 			if err != nil {
 				return 0, err
 			}
@@ -731,59 +1425,90 @@ func (m *ValidatingWebhook) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 			i = encodeVarintGenerated(dAtA, i, uint64(size))
 		}
 		i--
-		dAtA[i] = 0x52
-	}
-	if m.MatchPolicy != nil {
-		i -= len(*m.MatchPolicy)
-		copy(dAtA[i:], *m.MatchPolicy)
-		i = encodeVarintGenerated(dAtA, i, uint64(len(*m.MatchPolicy)))
-		i--
-		dAtA[i] = 0x4a
-	}
-	if len(m.AdmissionReviewVersions) > 0 {
-		for iNdEx := len(m.AdmissionReviewVersions) - 1; iNdEx >= 0; iNdEx-- {
-			i -= len(m.AdmissionReviewVersions[iNdEx])
-			copy(dAtA[i:], m.AdmissionReviewVersions[iNdEx])
-			i = encodeVarintGenerated(dAtA, i, uint64(len(m.AdmissionReviewVersions[iNdEx])))
-			i--
-			dAtA[i] = 0x42
-		}
-	}
-	if m.TimeoutSeconds != nil {
-		i = encodeVarintGenerated(dAtA, i, uint64(*m.TimeoutSeconds))
-		i--
-		dAtA[i] = 0x38
+		dAtA[i] = 0x1a
 	}
-	if m.SideEffects != nil {
-		i -= len(*m.SideEffects)
-		copy(dAtA[i:], *m.SideEffects)
-		i = encodeVarintGenerated(dAtA, i, uint64(len(*m.SideEffects)))
-		i--
-		dAtA[i] = 0x32
+	i -= len(m.Namespace)
+	copy(dAtA[i:], m.Namespace)
+	i = encodeVarintGenerated(dAtA, i, uint64(len(m.Namespace)))
+	i--
+	dAtA[i] = 0x12
+	i -= len(m.Name)
+	copy(dAtA[i:], m.Name)
+	i = encodeVarintGenerated(dAtA, i, uint64(len(m.Name)))
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
+}
+
+func (m *ServiceReference) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
 	}
-	if m.NamespaceSelector != nil {
-		{
-			size, err := m.NamespaceSelector.MarshalToSizedBuffer(dAtA[:i])
-			if err != nil {
-				return 0, err
-			}
-			i -= size
-			i = encodeVarintGenerated(dAtA, i, uint64(size))
-		}
+	return dAtA[:n], nil
+}
+
+func (m *ServiceReference) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ServiceReference) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.Port != nil {
+		i = encodeVarintGenerated(dAtA, i, uint64(*m.Port))
 		i--
-		dAtA[i] = 0x2a
+		dAtA[i] = 0x20
 	}
-	if m.FailurePolicy != nil {
-		i -= len(*m.FailurePolicy)
-		copy(dAtA[i:], *m.FailurePolicy)
-		i = encodeVarintGenerated(dAtA, i, uint64(len(*m.FailurePolicy)))
+	if m.Path != nil {
+		i -= len(*m.Path)
+		copy(dAtA[i:], *m.Path)
+		i = encodeVarintGenerated(dAtA, i, uint64(len(*m.Path)))
 		i--
-		dAtA[i] = 0x22
+		dAtA[i] = 0x1a
 	}
-	if len(m.Rules) > 0 {
-		for iNdEx := len(m.Rules) - 1; iNdEx >= 0; iNdEx-- {
+	i -= len(m.Name)
+	copy(dAtA[i:], m.Name)
+	i = encodeVarintGenerated(dAtA, i, uint64(len(m.Name)))
+	i--
+	dAtA[i] = 0x12
+	i -= len(m.Namespace)
+	copy(dAtA[i:], m.Namespace)
+	i = encodeVarintGenerated(dAtA, i, uint64(len(m.Namespace)))
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
+}
+
+func (m *TypeChecking) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *TypeChecking) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *TypeChecking) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if len(m.ExpressionWarnings) > 0 {
+		for iNdEx := len(m.ExpressionWarnings) - 1; iNdEx >= 0; iNdEx-- {
 			{
-				size, err := m.Rules[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				size, err := m.ExpressionWarnings[iNdEx].MarshalToSizedBuffer(dAtA[:i])
 				if err != nil {
 					return 0, err
 				}
@@ -791,11 +1516,44 @@ func (m *ValidatingWebhook) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 				i = encodeVarintGenerated(dAtA, i, uint64(size))
 			}
 			i--
-			dAtA[i] = 0x1a
+			dAtA[i] = 0xa
+		}
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *ValidatingAdmissionPolicy) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *ValidatingAdmissionPolicy) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ValidatingAdmissionPolicy) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	{
+		size, err := m.Status.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
 		}
+		i -= size
+		i = encodeVarintGenerated(dAtA, i, uint64(size))
 	}
+	i--
+	dAtA[i] = 0x1a
 	{
-		size, err := m.ClientConfig.MarshalToSizedBuffer(dAtA[:i])
+		size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
 		if err != nil {
 			return 0, err
 		}
@@ -804,15 +1562,20 @@ func (m *ValidatingWebhook) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	}
 	i--
 	dAtA[i] = 0x12
-	i -= len(m.Name)
-	copy(dAtA[i:], m.Name)
-	i = encodeVarintGenerated(dAtA, i, uint64(len(m.Name)))
+	{
+		size, err := m.ObjectMeta.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintGenerated(dAtA, i, uint64(size))
+	}
 	i--
 	dAtA[i] = 0xa
 	return len(dAtA) - i, nil
 }
 
-func (m *ValidatingWebhookConfiguration) Marshal() (dAtA []byte, err error) {
+func (m *ValidatingAdmissionPolicyBinding) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
 	n, err := m.MarshalToSizedBuffer(dAtA[:size])
@@ -822,30 +1585,26 @@ func (m *ValidatingWebhookConfiguration) Marshal() (dAtA []byte, err error) {
 	return dAtA[:n], nil
 }
 
-func (m *ValidatingWebhookConfiguration) MarshalTo(dAtA []byte) (int, error) {
+func (m *ValidatingAdmissionPolicyBinding) MarshalTo(dAtA []byte) (int, error) {
 	size := m.Size()
 	return m.MarshalToSizedBuffer(dAtA[:size])
 }
 
-func (m *ValidatingWebhookConfiguration) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+func (m *ValidatingAdmissionPolicyBinding) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if len(m.Webhooks) > 0 {
-		for iNdEx := len(m.Webhooks) - 1; iNdEx >= 0; iNdEx-- {
-			{
-				size, err := m.Webhooks[iNdEx].MarshalToSizedBuffer(dAtA[:i])
-				if err != nil {
-					return 0, err
-				}
-				i -= size
-				i = encodeVarintGenerated(dAtA, i, uint64(size))
-			}
-			i--
-			dAtA[i] = 0x12
+	{
+		size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
 		}
+		i -= size
+		i = encodeVarintGenerated(dAtA, i, uint64(size))
 	}
+	i--
+	dAtA[i] = 0x12
 	{
 		size, err := m.ObjectMeta.MarshalToSizedBuffer(dAtA[:i])
 		if err != nil {
@@ -859,7 +1618,7 @@ func (m *ValidatingWebhookConfiguration) MarshalToSizedBuffer(dAtA []byte) (int,
 	return len(dAtA) - i, nil
 }
 
-func (m *ValidatingWebhookConfigurationList) Marshal() (dAtA []byte, err error) {
+func (m *ValidatingAdmissionPolicyBindingList) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
 	n, err := m.MarshalToSizedBuffer(dAtA[:size])
@@ -869,12 +1628,12 @@ func (m *ValidatingWebhookConfigurationList) Marshal() (dAtA []byte, err error)
 	return dAtA[:n], nil
 }
 
-func (m *ValidatingWebhookConfigurationList) MarshalTo(dAtA []byte) (int, error) {
+func (m *ValidatingAdmissionPolicyBindingList) MarshalTo(dAtA []byte) (int, error) {
 	size := m.Size()
 	return m.MarshalToSizedBuffer(dAtA[:size])
 }
 
-func (m *ValidatingWebhookConfigurationList) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+func (m *ValidatingAdmissionPolicyBindingList) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	i := len(dAtA)
 	_ = i
 	var l int
@@ -906,7 +1665,7 @@ func (m *ValidatingWebhookConfigurationList) MarshalToSizedBuffer(dAtA []byte) (
 	return len(dAtA) - i, nil
 }
 
-func (m *WebhookClientConfig) Marshal() (dAtA []byte, err error) {
+func (m *ValidatingAdmissionPolicyBindingSpec) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
 	n, err := m.MarshalToSizedBuffer(dAtA[:size])
@@ -916,33 +1675,40 @@ func (m *WebhookClientConfig) Marshal() (dAtA []byte, err error) {
 	return dAtA[:n], nil
 }
 
-func (m *WebhookClientConfig) MarshalTo(dAtA []byte) (int, error) {
+func (m *ValidatingAdmissionPolicyBindingSpec) MarshalTo(dAtA []byte) (int, error) {
 	size := m.Size()
 	return m.MarshalToSizedBuffer(dAtA[:size])
 }
 
-func (m *WebhookClientConfig) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+func (m *ValidatingAdmissionPolicyBindingSpec) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	if m.URL != nil {
-		i -= len(*m.URL)
-		copy(dAtA[i:], *m.URL)
-		i = encodeVarintGenerated(dAtA, i, uint64(len(*m.URL)))
-		i--
-		dAtA[i] = 0x1a
+	if len(m.ValidationActions) > 0 {
+		for iNdEx := len(m.ValidationActions) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.ValidationActions[iNdEx])
+			copy(dAtA[i:], m.ValidationActions[iNdEx])
+			i = encodeVarintGenerated(dAtA, i, uint64(len(m.ValidationActions[iNdEx])))
+			i--
+			dAtA[i] = 0x22
+		}
 	}
-	if m.CABundle != nil {
-		i -= len(m.CABundle)
-		copy(dAtA[i:], m.CABundle)
-		i = encodeVarintGenerated(dAtA, i, uint64(len(m.CABundle)))
+	if m.MatchResources != nil {
+		{
+			size, err := m.MatchResources.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintGenerated(dAtA, i, uint64(size))
+		}
 		i--
-		dAtA[i] = 0x12
+		dAtA[i] = 0x1a
 	}
-	if m.Service != nil {
+	if m.ParamRef != nil {
 		{
-			size, err := m.Service.MarshalToSizedBuffer(dAtA[:i])
+			size, err := m.ParamRef.MarshalToSizedBuffer(dAtA[:i])
 			if err != nil {
 				return 0, err
 			}
@@ -950,432 +1716,3359 @@ func (m *WebhookClientConfig) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 			i = encodeVarintGenerated(dAtA, i, uint64(size))
 		}
 		i--
-		dAtA[i] = 0xa
+		dAtA[i] = 0x12
 	}
+	i -= len(m.PolicyName)
+	copy(dAtA[i:], m.PolicyName)
+	i = encodeVarintGenerated(dAtA, i, uint64(len(m.PolicyName)))
+	i--
+	dAtA[i] = 0xa
 	return len(dAtA) - i, nil
 }
 
-func encodeVarintGenerated(dAtA []byte, offset int, v uint64) int {
-	offset -= sovGenerated(v)
-	base := offset
-	for v >= 1<<7 {
-		dAtA[offset] = uint8(v&0x7f | 0x80)
-		v >>= 7
-		offset++
+func (m *ValidatingAdmissionPolicyList) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
 	}
-	dAtA[offset] = uint8(v)
-	return base
+	return dAtA[:n], nil
 }
-func (m *MatchCondition) Size() (n int) {
-	if m == nil {
-		return 0
-	}
-	var l int
-	_ = l
-	l = len(m.Name)
-	n += 1 + l + sovGenerated(uint64(l))
-	l = len(m.Expression)
-	n += 1 + l + sovGenerated(uint64(l))
-	return n
+
+func (m *ValidatingAdmissionPolicyList) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
 }
 
-func (m *MutatingWebhook) Size() (n int) {
-	if m == nil {
-		return 0
-	}
+func (m *ValidatingAdmissionPolicyList) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
 	var l int
 	_ = l
-	l = len(m.Name)
-	n += 1 + l + sovGenerated(uint64(l))
-	l = m.ClientConfig.Size()
-	n += 1 + l + sovGenerated(uint64(l))
-	if len(m.Rules) > 0 {
-		for _, e := range m.Rules {
-			l = e.Size()
-			n += 1 + l + sovGenerated(uint64(l))
+	if len(m.Items) > 0 {
+		for iNdEx := len(m.Items) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Items[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintGenerated(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x12
 		}
 	}
-	if m.FailurePolicy != nil {
-		l = len(*m.FailurePolicy)
-		n += 1 + l + sovGenerated(uint64(l))
+	{
+		size, err := m.ListMeta.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintGenerated(dAtA, i, uint64(size))
 	}
-	if m.NamespaceSelector != nil {
-		l = m.NamespaceSelector.Size()
-		n += 1 + l + sovGenerated(uint64(l))
-	}
-	if m.SideEffects != nil {
-		l = len(*m.SideEffects)
-		n += 1 + l + sovGenerated(uint64(l))
-	}
-	if m.TimeoutSeconds != nil {
-		n += 1 + sovGenerated(uint64(*m.TimeoutSeconds))
-	}
-	if len(m.AdmissionReviewVersions) > 0 {
-		for _, s := range m.AdmissionReviewVersions {
-			l = len(s)
-			n += 1 + l + sovGenerated(uint64(l))
-		}
-	}
-	if m.MatchPolicy != nil {
-		l = len(*m.MatchPolicy)
-		n += 1 + l + sovGenerated(uint64(l))
-	}
-	if m.ReinvocationPolicy != nil {
-		l = len(*m.ReinvocationPolicy)
-		n += 1 + l + sovGenerated(uint64(l))
-	}
-	if m.ObjectSelector != nil {
-		l = m.ObjectSelector.Size()
-		n += 1 + l + sovGenerated(uint64(l))
-	}
-	if len(m.MatchConditions) > 0 {
-		for _, e := range m.MatchConditions {
-			l = e.Size()
-			n += 1 + l + sovGenerated(uint64(l))
-		}
-	}
-	return n
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
 }
 
-func (m *MutatingWebhookConfiguration) Size() (n int) {
-	if m == nil {
-		return 0
-	}
-	var l int
-	_ = l
-	l = m.ObjectMeta.Size()
-	n += 1 + l + sovGenerated(uint64(l))
-	if len(m.Webhooks) > 0 {
-		for _, e := range m.Webhooks {
-			l = e.Size()
-			n += 1 + l + sovGenerated(uint64(l))
-		}
+func (m *ValidatingAdmissionPolicySpec) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
 	}
-	return n
+	return dAtA[:n], nil
 }
 
-func (m *MutatingWebhookConfigurationList) Size() (n int) {
-	if m == nil {
-		return 0
-	}
-	var l int
-	_ = l
-	l = m.ListMeta.Size()
-	n += 1 + l + sovGenerated(uint64(l))
-	if len(m.Items) > 0 {
-		for _, e := range m.Items {
-			l = e.Size()
-			n += 1 + l + sovGenerated(uint64(l))
-		}
-	}
-	return n
+func (m *ValidatingAdmissionPolicySpec) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
 }
 
-func (m *ServiceReference) Size() (n int) {
-	if m == nil {
-		return 0
-	}
+func (m *ValidatingAdmissionPolicySpec) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
 	var l int
 	_ = l
-	l = len(m.Namespace)
-	n += 1 + l + sovGenerated(uint64(l))
-	l = len(m.Name)
-	n += 1 + l + sovGenerated(uint64(l))
-	if m.Path != nil {
-		l = len(*m.Path)
-		n += 1 + l + sovGenerated(uint64(l))
-	}
-	if m.Port != nil {
-		n += 1 + sovGenerated(uint64(*m.Port))
+	if len(m.Variables) > 0 {
+		for iNdEx := len(m.Variables) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Variables[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintGenerated(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x3a
+		}
 	}
-	return n
-}
-
-func (m *ValidatingWebhook) Size() (n int) {
-	if m == nil {
-		return 0
+	if len(m.MatchConditions) > 0 {
+		for iNdEx := len(m.MatchConditions) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.MatchConditions[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintGenerated(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x32
+		}
 	}
-	var l int
-	_ = l
-	l = len(m.Name)
-	n += 1 + l + sovGenerated(uint64(l))
-	l = m.ClientConfig.Size()
-	n += 1 + l + sovGenerated(uint64(l))
-	if len(m.Rules) > 0 {
-		for _, e := range m.Rules {
-			l = e.Size()
-			n += 1 + l + sovGenerated(uint64(l))
+	if len(m.AuditAnnotations) > 0 {
+		for iNdEx := len(m.AuditAnnotations) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.AuditAnnotations[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintGenerated(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x2a
 		}
 	}
 	if m.FailurePolicy != nil {
-		l = len(*m.FailurePolicy)
-		n += 1 + l + sovGenerated(uint64(l))
-	}
-	if m.NamespaceSelector != nil {
-		l = m.NamespaceSelector.Size()
-		n += 1 + l + sovGenerated(uint64(l))
-	}
-	if m.SideEffects != nil {
-		l = len(*m.SideEffects)
-		n += 1 + l + sovGenerated(uint64(l))
-	}
-	if m.TimeoutSeconds != nil {
-		n += 1 + sovGenerated(uint64(*m.TimeoutSeconds))
+		i -= len(*m.FailurePolicy)
+		copy(dAtA[i:], *m.FailurePolicy)
+		i = encodeVarintGenerated(dAtA, i, uint64(len(*m.FailurePolicy)))
+		i--
+		dAtA[i] = 0x22
 	}
-	if len(m.AdmissionReviewVersions) > 0 {
-		for _, s := range m.AdmissionReviewVersions {
-			l = len(s)
-			n += 1 + l + sovGenerated(uint64(l))
+	if len(m.Validations) > 0 {
+		for iNdEx := len(m.Validations) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Validations[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintGenerated(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x1a
 		}
 	}
-	if m.MatchPolicy != nil {
-		l = len(*m.MatchPolicy)
-		n += 1 + l + sovGenerated(uint64(l))
-	}
-	if m.ObjectSelector != nil {
-		l = m.ObjectSelector.Size()
-		n += 1 + l + sovGenerated(uint64(l))
+	if m.MatchConstraints != nil {
+		{
+			size, err := m.MatchConstraints.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintGenerated(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x12
 	}
-	if len(m.MatchConditions) > 0 {
-		for _, e := range m.MatchConditions {
-			l = e.Size()
-			n += 1 + l + sovGenerated(uint64(l))
+	if m.ParamKind != nil {
+		{
+			size, err := m.ParamKind.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintGenerated(dAtA, i, uint64(size))
 		}
+		i--
+		dAtA[i] = 0xa
 	}
-	return n
+	return len(dAtA) - i, nil
 }
 
-func (m *ValidatingWebhookConfiguration) Size() (n int) {
-	if m == nil {
-		return 0
-	}
-	var l int
-	_ = l
-	l = m.ObjectMeta.Size()
-	n += 1 + l + sovGenerated(uint64(l))
-	if len(m.Webhooks) > 0 {
-		for _, e := range m.Webhooks {
-			l = e.Size()
-			n += 1 + l + sovGenerated(uint64(l))
-		}
+func (m *ValidatingAdmissionPolicyStatus) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
 	}
-	return n
+	return dAtA[:n], nil
 }
 
-func (m *ValidatingWebhookConfigurationList) Size() (n int) {
-	if m == nil {
-		return 0
-	}
+func (m *ValidatingAdmissionPolicyStatus) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ValidatingAdmissionPolicyStatus) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
 	var l int
 	_ = l
-	l = m.ListMeta.Size()
-	n += 1 + l + sovGenerated(uint64(l))
-	if len(m.Items) > 0 {
-		for _, e := range m.Items {
-			l = e.Size()
-			n += 1 + l + sovGenerated(uint64(l))
+	if len(m.Conditions) > 0 {
+		for iNdEx := len(m.Conditions) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Conditions[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintGenerated(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x1a
 		}
 	}
-	return n
+	if m.TypeChecking != nil {
+		{
+			size, err := m.TypeChecking.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintGenerated(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x12
+	}
+	i = encodeVarintGenerated(dAtA, i, uint64(m.ObservedGeneration))
+	i--
+	dAtA[i] = 0x8
+	return len(dAtA) - i, nil
 }
 
-func (m *WebhookClientConfig) Size() (n int) {
-	if m == nil {
-		return 0
+func (m *ValidatingWebhook) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
 	}
+	return dAtA[:n], nil
+}
+
+func (m *ValidatingWebhook) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ValidatingWebhook) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
 	var l int
 	_ = l
-	if m.Service != nil {
-		l = m.Service.Size()
-		n += 1 + l + sovGenerated(uint64(l))
-	}
-	if m.CABundle != nil {
-		l = len(m.CABundle)
-		n += 1 + l + sovGenerated(uint64(l))
+	if len(m.MatchConditions) > 0 {
+		for iNdEx := len(m.MatchConditions) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.MatchConditions[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintGenerated(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x5a
+		}
 	}
-	if m.URL != nil {
-		l = len(*m.URL)
-		n += 1 + l + sovGenerated(uint64(l))
+	if m.ObjectSelector != nil {
+		{
+			size, err := m.ObjectSelector.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintGenerated(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x52
 	}
-	return n
-}
-
-func sovGenerated(x uint64) (n int) {
-	return (math_bits.Len64(x|1) + 6) / 7
-}
-func sozGenerated(x uint64) (n int) {
-	return sovGenerated(uint64((x << 1) ^ uint64((int64(x) >> 63))))
-}
-func (this *MatchCondition) String() string {
-	if this == nil {
-		return "nil"
+	if m.MatchPolicy != nil {
+		i -= len(*m.MatchPolicy)
+		copy(dAtA[i:], *m.MatchPolicy)
+		i = encodeVarintGenerated(dAtA, i, uint64(len(*m.MatchPolicy)))
+		i--
+		dAtA[i] = 0x4a
 	}
-	s := strings.Join([]string{`&MatchCondition{`,
-		`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
-		`Expression:` + fmt.Sprintf("%v", this.Expression) + `,`,
-		`}`,
-	}, "")
-	return s
-}
-func (this *MutatingWebhook) String() string {
-	if this == nil {
-		return "nil"
+	if len(m.AdmissionReviewVersions) > 0 {
+		for iNdEx := len(m.AdmissionReviewVersions) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.AdmissionReviewVersions[iNdEx])
+			copy(dAtA[i:], m.AdmissionReviewVersions[iNdEx])
+			i = encodeVarintGenerated(dAtA, i, uint64(len(m.AdmissionReviewVersions[iNdEx])))
+			i--
+			dAtA[i] = 0x42
+		}
 	}
-	repeatedStringForRules := "[]RuleWithOperations{"
-	for _, f := range this.Rules {
-		repeatedStringForRules += fmt.Sprintf("%v", f) + ","
+	if m.TimeoutSeconds != nil {
+		i = encodeVarintGenerated(dAtA, i, uint64(*m.TimeoutSeconds))
+		i--
+		dAtA[i] = 0x38
 	}
-	repeatedStringForRules += "}"
-	repeatedStringForMatchConditions := "[]MatchCondition{"
-	for _, f := range this.MatchConditions {
-		repeatedStringForMatchConditions += strings.Replace(strings.Replace(f.String(), "MatchCondition", "MatchCondition", 1), `&`, ``, 1) + ","
+	if m.SideEffects != nil {
+		i -= len(*m.SideEffects)
+		copy(dAtA[i:], *m.SideEffects)
+		i = encodeVarintGenerated(dAtA, i, uint64(len(*m.SideEffects)))
+		i--
+		dAtA[i] = 0x32
 	}
-	repeatedStringForMatchConditions += "}"
-	s := strings.Join([]string{`&MutatingWebhook{`,
-		`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
-		`ClientConfig:` + strings.Replace(strings.Replace(this.ClientConfig.String(), "WebhookClientConfig", "WebhookClientConfig", 1), `&`, ``, 1) + `,`,
-		`Rules:` + repeatedStringForRules + `,`,
-		`FailurePolicy:` + valueToStringGenerated(this.FailurePolicy) + `,`,
-		`NamespaceSelector:` + strings.Replace(fmt.Sprintf("%v", this.NamespaceSelector), "LabelSelector", "v11.LabelSelector", 1) + `,`,
-		`SideEffects:` + valueToStringGenerated(this.SideEffects) + `,`,
-		`TimeoutSeconds:` + valueToStringGenerated(this.TimeoutSeconds) + `,`,
-		`AdmissionReviewVersions:` + fmt.Sprintf("%v", this.AdmissionReviewVersions) + `,`,
-		`MatchPolicy:` + valueToStringGenerated(this.MatchPolicy) + `,`,
-		`ReinvocationPolicy:` + valueToStringGenerated(this.ReinvocationPolicy) + `,`,
-		`ObjectSelector:` + strings.Replace(fmt.Sprintf("%v", this.ObjectSelector), "LabelSelector", "v11.LabelSelector", 1) + `,`,
-		`MatchConditions:` + repeatedStringForMatchConditions + `,`,
-		`}`,
-	}, "")
-	return s
-}
-func (this *MutatingWebhookConfiguration) String() string {
-	if this == nil {
-		return "nil"
+	if m.NamespaceSelector != nil {
+		{
+			size, err := m.NamespaceSelector.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintGenerated(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x2a
 	}
-	repeatedStringForWebhooks := "[]MutatingWebhook{"
-	for _, f := range this.Webhooks {
-		repeatedStringForWebhooks += strings.Replace(strings.Replace(f.String(), "MutatingWebhook", "MutatingWebhook", 1), `&`, ``, 1) + ","
+	if m.FailurePolicy != nil {
+		i -= len(*m.FailurePolicy)
+		copy(dAtA[i:], *m.FailurePolicy)
+		i = encodeVarintGenerated(dAtA, i, uint64(len(*m.FailurePolicy)))
+		i--
+		dAtA[i] = 0x22
 	}
-	repeatedStringForWebhooks += "}"
-	s := strings.Join([]string{`&MutatingWebhookConfiguration{`,
-		`ObjectMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ObjectMeta), "ObjectMeta", "v11.ObjectMeta", 1), `&`, ``, 1) + `,`,
-		`Webhooks:` + repeatedStringForWebhooks + `,`,
-		`}`,
-	}, "")
-	return s
-}
-func (this *MutatingWebhookConfigurationList) String() string {
-	if this == nil {
-		return "nil"
+	if len(m.Rules) > 0 {
+		for iNdEx := len(m.Rules) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Rules[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintGenerated(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x1a
+		}
 	}
-	repeatedStringForItems := "[]MutatingWebhookConfiguration{"
-	for _, f := range this.Items {
-		repeatedStringForItems += strings.Replace(strings.Replace(f.String(), "MutatingWebhookConfiguration", "MutatingWebhookConfiguration", 1), `&`, ``, 1) + ","
+	{
+		size, err := m.ClientConfig.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintGenerated(dAtA, i, uint64(size))
 	}
-	repeatedStringForItems += "}"
-	s := strings.Join([]string{`&MutatingWebhookConfigurationList{`,
-		`ListMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ListMeta), "ListMeta", "v11.ListMeta", 1), `&`, ``, 1) + `,`,
-		`Items:` + repeatedStringForItems + `,`,
-		`}`,
-	}, "")
-	return s
+	i--
+	dAtA[i] = 0x12
+	i -= len(m.Name)
+	copy(dAtA[i:], m.Name)
+	i = encodeVarintGenerated(dAtA, i, uint64(len(m.Name)))
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
 }
-func (this *ServiceReference) String() string {
-	if this == nil {
-		return "nil"
+
+func (m *ValidatingWebhookConfiguration) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
 	}
-	s := strings.Join([]string{`&ServiceReference{`,
-		`Namespace:` + fmt.Sprintf("%v", this.Namespace) + `,`,
-		`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
-		`Path:` + valueToStringGenerated(this.Path) + `,`,
-		`Port:` + valueToStringGenerated(this.Port) + `,`,
-		`}`,
-	}, "")
-	return s
+	return dAtA[:n], nil
 }
-func (this *ValidatingWebhook) String() string {
-	if this == nil {
-		return "nil"
-	}
-	repeatedStringForRules := "[]RuleWithOperations{"
-	for _, f := range this.Rules {
-		repeatedStringForRules += fmt.Sprintf("%v", f) + ","
+
+func (m *ValidatingWebhookConfiguration) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ValidatingWebhookConfiguration) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if len(m.Webhooks) > 0 {
+		for iNdEx := len(m.Webhooks) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Webhooks[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintGenerated(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x12
+		}
 	}
-	repeatedStringForRules += "}"
-	repeatedStringForMatchConditions := "[]MatchCondition{"
-	for _, f := range this.MatchConditions {
-		repeatedStringForMatchConditions += strings.Replace(strings.Replace(f.String(), "MatchCondition", "MatchCondition", 1), `&`, ``, 1) + ","
+	{
+		size, err := m.ObjectMeta.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintGenerated(dAtA, i, uint64(size))
 	}
-	repeatedStringForMatchConditions += "}"
-	s := strings.Join([]string{`&ValidatingWebhook{`,
-		`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
+}
+
+func (m *ValidatingWebhookConfigurationList) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *ValidatingWebhookConfigurationList) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ValidatingWebhookConfigurationList) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if len(m.Items) > 0 {
+		for iNdEx := len(m.Items) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Items[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintGenerated(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x12
+		}
+	}
+	{
+		size, err := m.ListMeta.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintGenerated(dAtA, i, uint64(size))
+	}
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
+}
+
+func (m *Validation) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *Validation) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Validation) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	i -= len(m.MessageExpression)
+	copy(dAtA[i:], m.MessageExpression)
+	i = encodeVarintGenerated(dAtA, i, uint64(len(m.MessageExpression)))
+	i--
+	dAtA[i] = 0x22
+	if m.Reason != nil {
+		i -= len(*m.Reason)
+		copy(dAtA[i:], *m.Reason)
+		i = encodeVarintGenerated(dAtA, i, uint64(len(*m.Reason)))
+		i--
+		dAtA[i] = 0x1a
+	}
+	i -= len(m.Message)
+	copy(dAtA[i:], m.Message)
+	i = encodeVarintGenerated(dAtA, i, uint64(len(m.Message)))
+	i--
+	dAtA[i] = 0x12
+	i -= len(m.Expression)
+	copy(dAtA[i:], m.Expression)
+	i = encodeVarintGenerated(dAtA, i, uint64(len(m.Expression)))
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
+}
+
+func (m *Variable) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *Variable) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *Variable) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	i -= len(m.Expression)
+	copy(dAtA[i:], m.Expression)
+	i = encodeVarintGenerated(dAtA, i, uint64(len(m.Expression)))
+	i--
+	dAtA[i] = 0x12
+	i -= len(m.Name)
+	copy(dAtA[i:], m.Name)
+	i = encodeVarintGenerated(dAtA, i, uint64(len(m.Name)))
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
+}
+
+func (m *WebhookClientConfig) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *WebhookClientConfig) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *WebhookClientConfig) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.URL != nil {
+		i -= len(*m.URL)
+		copy(dAtA[i:], *m.URL)
+		i = encodeVarintGenerated(dAtA, i, uint64(len(*m.URL)))
+		i--
+		dAtA[i] = 0x1a
+	}
+	if m.CABundle != nil {
+		i -= len(m.CABundle)
+		copy(dAtA[i:], m.CABundle)
+		i = encodeVarintGenerated(dAtA, i, uint64(len(m.CABundle)))
+		i--
+		dAtA[i] = 0x12
+	}
+	if m.Service != nil {
+		{
+			size, err := m.Service.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintGenerated(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
+func encodeVarintGenerated(dAtA []byte, offset int, v uint64) int {
+	offset -= sovGenerated(v)
+	base := offset
+	for v >= 1<<7 {
+		dAtA[offset] = uint8(v&0x7f | 0x80)
+		v >>= 7
+		offset++
+	}
+	dAtA[offset] = uint8(v)
+	return base
+}
+func (m *AuditAnnotation) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Key)
+	n += 1 + l + sovGenerated(uint64(l))
+	l = len(m.ValueExpression)
+	n += 1 + l + sovGenerated(uint64(l))
+	return n
+}
+
+func (m *ExpressionWarning) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.FieldRef)
+	n += 1 + l + sovGenerated(uint64(l))
+	l = len(m.Warning)
+	n += 1 + l + sovGenerated(uint64(l))
+	return n
+}
+
+func (m *MatchCondition) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Name)
+	n += 1 + l + sovGenerated(uint64(l))
+	l = len(m.Expression)
+	n += 1 + l + sovGenerated(uint64(l))
+	return n
+}
+
+func (m *MatchResources) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.NamespaceSelector != nil {
+		l = m.NamespaceSelector.Size()
+		n += 1 + l + sovGenerated(uint64(l))
+	}
+	if m.ObjectSelector != nil {
+		l = m.ObjectSelector.Size()
+		n += 1 + l + sovGenerated(uint64(l))
+	}
+	if len(m.ResourceRules) > 0 {
+		for _, e := range m.ResourceRules {
+			l = e.Size()
+			n += 1 + l + sovGenerated(uint64(l))
+		}
+	}
+	if len(m.ExcludeResourceRules) > 0 {
+		for _, e := range m.ExcludeResourceRules {
+			l = e.Size()
+			n += 1 + l + sovGenerated(uint64(l))
+		}
+	}
+	if m.MatchPolicy != nil {
+		l = len(*m.MatchPolicy)
+		n += 1 + l + sovGenerated(uint64(l))
+	}
+	return n
+}
+
+func (m *MutatingWebhook) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Name)
+	n += 1 + l + sovGenerated(uint64(l))
+	l = m.ClientConfig.Size()
+	n += 1 + l + sovGenerated(uint64(l))
+	if len(m.Rules) > 0 {
+		for _, e := range m.Rules {
+			l = e.Size()
+			n += 1 + l + sovGenerated(uint64(l))
+		}
+	}
+	if m.FailurePolicy != nil {
+		l = len(*m.FailurePolicy)
+		n += 1 + l + sovGenerated(uint64(l))
+	}
+	if m.NamespaceSelector != nil {
+		l = m.NamespaceSelector.Size()
+		n += 1 + l + sovGenerated(uint64(l))
+	}
+	if m.SideEffects != nil {
+		l = len(*m.SideEffects)
+		n += 1 + l + sovGenerated(uint64(l))
+	}
+	if m.TimeoutSeconds != nil {
+		n += 1 + sovGenerated(uint64(*m.TimeoutSeconds))
+	}
+	if len(m.AdmissionReviewVersions) > 0 {
+		for _, s := range m.AdmissionReviewVersions {
+			l = len(s)
+			n += 1 + l + sovGenerated(uint64(l))
+		}
+	}
+	if m.MatchPolicy != nil {
+		l = len(*m.MatchPolicy)
+		n += 1 + l + sovGenerated(uint64(l))
+	}
+	if m.ReinvocationPolicy != nil {
+		l = len(*m.ReinvocationPolicy)
+		n += 1 + l + sovGenerated(uint64(l))
+	}
+	if m.ObjectSelector != nil {
+		l = m.ObjectSelector.Size()
+		n += 1 + l + sovGenerated(uint64(l))
+	}
+	if len(m.MatchConditions) > 0 {
+		for _, e := range m.MatchConditions {
+			l = e.Size()
+			n += 1 + l + sovGenerated(uint64(l))
+		}
+	}
+	return n
+}
+
+func (m *MutatingWebhookConfiguration) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = m.ObjectMeta.Size()
+	n += 1 + l + sovGenerated(uint64(l))
+	if len(m.Webhooks) > 0 {
+		for _, e := range m.Webhooks {
+			l = e.Size()
+			n += 1 + l + sovGenerated(uint64(l))
+		}
+	}
+	return n
+}
+
+func (m *MutatingWebhookConfigurationList) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = m.ListMeta.Size()
+	n += 1 + l + sovGenerated(uint64(l))
+	if len(m.Items) > 0 {
+		for _, e := range m.Items {
+			l = e.Size()
+			n += 1 + l + sovGenerated(uint64(l))
+		}
+	}
+	return n
+}
+
+func (m *NamedRuleWithOperations) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if len(m.ResourceNames) > 0 {
+		for _, s := range m.ResourceNames {
+			l = len(s)
+			n += 1 + l + sovGenerated(uint64(l))
+		}
+	}
+	l = m.RuleWithOperations.Size()
+	n += 1 + l + sovGenerated(uint64(l))
+	return n
+}
+
+func (m *ParamKind) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.APIVersion)
+	n += 1 + l + sovGenerated(uint64(l))
+	l = len(m.Kind)
+	n += 1 + l + sovGenerated(uint64(l))
+	return n
+}
+
+func (m *ParamRef) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Name)
+	n += 1 + l + sovGenerated(uint64(l))
+	l = len(m.Namespace)
+	n += 1 + l + sovGenerated(uint64(l))
+	if m.Selector != nil {
+		l = m.Selector.Size()
+		n += 1 + l + sovGenerated(uint64(l))
+	}
+	if m.ParameterNotFoundAction != nil {
+		l = len(*m.ParameterNotFoundAction)
+		n += 1 + l + sovGenerated(uint64(l))
+	}
+	return n
+}
+
+func (m *ServiceReference) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Namespace)
+	n += 1 + l + sovGenerated(uint64(l))
+	l = len(m.Name)
+	n += 1 + l + sovGenerated(uint64(l))
+	if m.Path != nil {
+		l = len(*m.Path)
+		n += 1 + l + sovGenerated(uint64(l))
+	}
+	if m.Port != nil {
+		n += 1 + sovGenerated(uint64(*m.Port))
+	}
+	return n
+}
+
+func (m *TypeChecking) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if len(m.ExpressionWarnings) > 0 {
+		for _, e := range m.ExpressionWarnings {
+			l = e.Size()
+			n += 1 + l + sovGenerated(uint64(l))
+		}
+	}
+	return n
+}
+
+func (m *ValidatingAdmissionPolicy) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = m.ObjectMeta.Size()
+	n += 1 + l + sovGenerated(uint64(l))
+	l = m.Spec.Size()
+	n += 1 + l + sovGenerated(uint64(l))
+	l = m.Status.Size()
+	n += 1 + l + sovGenerated(uint64(l))
+	return n
+}
+
+func (m *ValidatingAdmissionPolicyBinding) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = m.ObjectMeta.Size()
+	n += 1 + l + sovGenerated(uint64(l))
+	l = m.Spec.Size()
+	n += 1 + l + sovGenerated(uint64(l))
+	return n
+}
+
+func (m *ValidatingAdmissionPolicyBindingList) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = m.ListMeta.Size()
+	n += 1 + l + sovGenerated(uint64(l))
+	if len(m.Items) > 0 {
+		for _, e := range m.Items {
+			l = e.Size()
+			n += 1 + l + sovGenerated(uint64(l))
+		}
+	}
+	return n
+}
+
+func (m *ValidatingAdmissionPolicyBindingSpec) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.PolicyName)
+	n += 1 + l + sovGenerated(uint64(l))
+	if m.ParamRef != nil {
+		l = m.ParamRef.Size()
+		n += 1 + l + sovGenerated(uint64(l))
+	}
+	if m.MatchResources != nil {
+		l = m.MatchResources.Size()
+		n += 1 + l + sovGenerated(uint64(l))
+	}
+	if len(m.ValidationActions) > 0 {
+		for _, s := range m.ValidationActions {
+			l = len(s)
+			n += 1 + l + sovGenerated(uint64(l))
+		}
+	}
+	return n
+}
+
+func (m *ValidatingAdmissionPolicyList) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = m.ListMeta.Size()
+	n += 1 + l + sovGenerated(uint64(l))
+	if len(m.Items) > 0 {
+		for _, e := range m.Items {
+			l = e.Size()
+			n += 1 + l + sovGenerated(uint64(l))
+		}
+	}
+	return n
+}
+
+func (m *ValidatingAdmissionPolicySpec) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.ParamKind != nil {
+		l = m.ParamKind.Size()
+		n += 1 + l + sovGenerated(uint64(l))
+	}
+	if m.MatchConstraints != nil {
+		l = m.MatchConstraints.Size()
+		n += 1 + l + sovGenerated(uint64(l))
+	}
+	if len(m.Validations) > 0 {
+		for _, e := range m.Validations {
+			l = e.Size()
+			n += 1 + l + sovGenerated(uint64(l))
+		}
+	}
+	if m.FailurePolicy != nil {
+		l = len(*m.FailurePolicy)
+		n += 1 + l + sovGenerated(uint64(l))
+	}
+	if len(m.AuditAnnotations) > 0 {
+		for _, e := range m.AuditAnnotations {
+			l = e.Size()
+			n += 1 + l + sovGenerated(uint64(l))
+		}
+	}
+	if len(m.MatchConditions) > 0 {
+		for _, e := range m.MatchConditions {
+			l = e.Size()
+			n += 1 + l + sovGenerated(uint64(l))
+		}
+	}
+	if len(m.Variables) > 0 {
+		for _, e := range m.Variables {
+			l = e.Size()
+			n += 1 + l + sovGenerated(uint64(l))
+		}
+	}
+	return n
+}
+
+func (m *ValidatingAdmissionPolicyStatus) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	n += 1 + sovGenerated(uint64(m.ObservedGeneration))
+	if m.TypeChecking != nil {
+		l = m.TypeChecking.Size()
+		n += 1 + l + sovGenerated(uint64(l))
+	}
+	if len(m.Conditions) > 0 {
+		for _, e := range m.Conditions {
+			l = e.Size()
+			n += 1 + l + sovGenerated(uint64(l))
+		}
+	}
+	return n
+}
+
+func (m *ValidatingWebhook) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Name)
+	n += 1 + l + sovGenerated(uint64(l))
+	l = m.ClientConfig.Size()
+	n += 1 + l + sovGenerated(uint64(l))
+	if len(m.Rules) > 0 {
+		for _, e := range m.Rules {
+			l = e.Size()
+			n += 1 + l + sovGenerated(uint64(l))
+		}
+	}
+	if m.FailurePolicy != nil {
+		l = len(*m.FailurePolicy)
+		n += 1 + l + sovGenerated(uint64(l))
+	}
+	if m.NamespaceSelector != nil {
+		l = m.NamespaceSelector.Size()
+		n += 1 + l + sovGenerated(uint64(l))
+	}
+	if m.SideEffects != nil {
+		l = len(*m.SideEffects)
+		n += 1 + l + sovGenerated(uint64(l))
+	}
+	if m.TimeoutSeconds != nil {
+		n += 1 + sovGenerated(uint64(*m.TimeoutSeconds))
+	}
+	if len(m.AdmissionReviewVersions) > 0 {
+		for _, s := range m.AdmissionReviewVersions {
+			l = len(s)
+			n += 1 + l + sovGenerated(uint64(l))
+		}
+	}
+	if m.MatchPolicy != nil {
+		l = len(*m.MatchPolicy)
+		n += 1 + l + sovGenerated(uint64(l))
+	}
+	if m.ObjectSelector != nil {
+		l = m.ObjectSelector.Size()
+		n += 1 + l + sovGenerated(uint64(l))
+	}
+	if len(m.MatchConditions) > 0 {
+		for _, e := range m.MatchConditions {
+			l = e.Size()
+			n += 1 + l + sovGenerated(uint64(l))
+		}
+	}
+	return n
+}
+
+func (m *ValidatingWebhookConfiguration) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = m.ObjectMeta.Size()
+	n += 1 + l + sovGenerated(uint64(l))
+	if len(m.Webhooks) > 0 {
+		for _, e := range m.Webhooks {
+			l = e.Size()
+			n += 1 + l + sovGenerated(uint64(l))
+		}
+	}
+	return n
+}
+
+func (m *ValidatingWebhookConfigurationList) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = m.ListMeta.Size()
+	n += 1 + l + sovGenerated(uint64(l))
+	if len(m.Items) > 0 {
+		for _, e := range m.Items {
+			l = e.Size()
+			n += 1 + l + sovGenerated(uint64(l))
+		}
+	}
+	return n
+}
+
+func (m *Validation) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Expression)
+	n += 1 + l + sovGenerated(uint64(l))
+	l = len(m.Message)
+	n += 1 + l + sovGenerated(uint64(l))
+	if m.Reason != nil {
+		l = len(*m.Reason)
+		n += 1 + l + sovGenerated(uint64(l))
+	}
+	l = len(m.MessageExpression)
+	n += 1 + l + sovGenerated(uint64(l))
+	return n
+}
+
+func (m *Variable) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Name)
+	n += 1 + l + sovGenerated(uint64(l))
+	l = len(m.Expression)
+	n += 1 + l + sovGenerated(uint64(l))
+	return n
+}
+
+func (m *WebhookClientConfig) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Service != nil {
+		l = m.Service.Size()
+		n += 1 + l + sovGenerated(uint64(l))
+	}
+	if m.CABundle != nil {
+		l = len(m.CABundle)
+		n += 1 + l + sovGenerated(uint64(l))
+	}
+	if m.URL != nil {
+		l = len(*m.URL)
+		n += 1 + l + sovGenerated(uint64(l))
+	}
+	return n
+}
+
+func sovGenerated(x uint64) (n int) {
+	return (math_bits.Len64(x|1) + 6) / 7
+}
+func sozGenerated(x uint64) (n int) {
+	return sovGenerated(uint64((x << 1) ^ uint64((int64(x) >> 63))))
+}
+func (this *AuditAnnotation) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&AuditAnnotation{`,
+		`Key:` + fmt.Sprintf("%v", this.Key) + `,`,
+		`ValueExpression:` + fmt.Sprintf("%v", this.ValueExpression) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *ExpressionWarning) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&ExpressionWarning{`,
+		`FieldRef:` + fmt.Sprintf("%v", this.FieldRef) + `,`,
+		`Warning:` + fmt.Sprintf("%v", this.Warning) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *MatchCondition) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&MatchCondition{`,
+		`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
+		`Expression:` + fmt.Sprintf("%v", this.Expression) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *MatchResources) String() string {
+	if this == nil {
+		return "nil"
+	}
+	repeatedStringForResourceRules := "[]NamedRuleWithOperations{"
+	for _, f := range this.ResourceRules {
+		repeatedStringForResourceRules += strings.Replace(strings.Replace(f.String(), "NamedRuleWithOperations", "NamedRuleWithOperations", 1), `&`, ``, 1) + ","
+	}
+	repeatedStringForResourceRules += "}"
+	repeatedStringForExcludeResourceRules := "[]NamedRuleWithOperations{"
+	for _, f := range this.ExcludeResourceRules {
+		repeatedStringForExcludeResourceRules += strings.Replace(strings.Replace(f.String(), "NamedRuleWithOperations", "NamedRuleWithOperations", 1), `&`, ``, 1) + ","
+	}
+	repeatedStringForExcludeResourceRules += "}"
+	s := strings.Join([]string{`&MatchResources{`,
+		`NamespaceSelector:` + strings.Replace(fmt.Sprintf("%v", this.NamespaceSelector), "LabelSelector", "v1.LabelSelector", 1) + `,`,
+		`ObjectSelector:` + strings.Replace(fmt.Sprintf("%v", this.ObjectSelector), "LabelSelector", "v1.LabelSelector", 1) + `,`,
+		`ResourceRules:` + repeatedStringForResourceRules + `,`,
+		`ExcludeResourceRules:` + repeatedStringForExcludeResourceRules + `,`,
+		`MatchPolicy:` + valueToStringGenerated(this.MatchPolicy) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *MutatingWebhook) String() string {
+	if this == nil {
+		return "nil"
+	}
+	repeatedStringForRules := "[]RuleWithOperations{"
+	for _, f := range this.Rules {
+		repeatedStringForRules += fmt.Sprintf("%v", f) + ","
+	}
+	repeatedStringForRules += "}"
+	repeatedStringForMatchConditions := "[]MatchCondition{"
+	for _, f := range this.MatchConditions {
+		repeatedStringForMatchConditions += strings.Replace(strings.Replace(f.String(), "MatchCondition", "MatchCondition", 1), `&`, ``, 1) + ","
+	}
+	repeatedStringForMatchConditions += "}"
+	s := strings.Join([]string{`&MutatingWebhook{`,
+		`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
+		`ClientConfig:` + strings.Replace(strings.Replace(this.ClientConfig.String(), "WebhookClientConfig", "WebhookClientConfig", 1), `&`, ``, 1) + `,`,
+		`Rules:` + repeatedStringForRules + `,`,
+		`FailurePolicy:` + valueToStringGenerated(this.FailurePolicy) + `,`,
+		`NamespaceSelector:` + strings.Replace(fmt.Sprintf("%v", this.NamespaceSelector), "LabelSelector", "v1.LabelSelector", 1) + `,`,
+		`SideEffects:` + valueToStringGenerated(this.SideEffects) + `,`,
+		`TimeoutSeconds:` + valueToStringGenerated(this.TimeoutSeconds) + `,`,
+		`AdmissionReviewVersions:` + fmt.Sprintf("%v", this.AdmissionReviewVersions) + `,`,
+		`MatchPolicy:` + valueToStringGenerated(this.MatchPolicy) + `,`,
+		`ReinvocationPolicy:` + valueToStringGenerated(this.ReinvocationPolicy) + `,`,
+		`ObjectSelector:` + strings.Replace(fmt.Sprintf("%v", this.ObjectSelector), "LabelSelector", "v1.LabelSelector", 1) + `,`,
+		`MatchConditions:` + repeatedStringForMatchConditions + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *MutatingWebhookConfiguration) String() string {
+	if this == nil {
+		return "nil"
+	}
+	repeatedStringForWebhooks := "[]MutatingWebhook{"
+	for _, f := range this.Webhooks {
+		repeatedStringForWebhooks += strings.Replace(strings.Replace(f.String(), "MutatingWebhook", "MutatingWebhook", 1), `&`, ``, 1) + ","
+	}
+	repeatedStringForWebhooks += "}"
+	s := strings.Join([]string{`&MutatingWebhookConfiguration{`,
+		`ObjectMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ObjectMeta), "ObjectMeta", "v1.ObjectMeta", 1), `&`, ``, 1) + `,`,
+		`Webhooks:` + repeatedStringForWebhooks + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *MutatingWebhookConfigurationList) String() string {
+	if this == nil {
+		return "nil"
+	}
+	repeatedStringForItems := "[]MutatingWebhookConfiguration{"
+	for _, f := range this.Items {
+		repeatedStringForItems += strings.Replace(strings.Replace(f.String(), "MutatingWebhookConfiguration", "MutatingWebhookConfiguration", 1), `&`, ``, 1) + ","
+	}
+	repeatedStringForItems += "}"
+	s := strings.Join([]string{`&MutatingWebhookConfigurationList{`,
+		`ListMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ListMeta), "ListMeta", "v1.ListMeta", 1), `&`, ``, 1) + `,`,
+		`Items:` + repeatedStringForItems + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *NamedRuleWithOperations) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&NamedRuleWithOperations{`,
+		`ResourceNames:` + fmt.Sprintf("%v", this.ResourceNames) + `,`,
+		`RuleWithOperations:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.RuleWithOperations), "RuleWithOperations", "v11.RuleWithOperations", 1), `&`, ``, 1) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *ParamKind) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&ParamKind{`,
+		`APIVersion:` + fmt.Sprintf("%v", this.APIVersion) + `,`,
+		`Kind:` + fmt.Sprintf("%v", this.Kind) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *ParamRef) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&ParamRef{`,
+		`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
+		`Namespace:` + fmt.Sprintf("%v", this.Namespace) + `,`,
+		`Selector:` + strings.Replace(fmt.Sprintf("%v", this.Selector), "LabelSelector", "v1.LabelSelector", 1) + `,`,
+		`ParameterNotFoundAction:` + valueToStringGenerated(this.ParameterNotFoundAction) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *ServiceReference) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&ServiceReference{`,
+		`Namespace:` + fmt.Sprintf("%v", this.Namespace) + `,`,
+		`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
+		`Path:` + valueToStringGenerated(this.Path) + `,`,
+		`Port:` + valueToStringGenerated(this.Port) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *TypeChecking) String() string {
+	if this == nil {
+		return "nil"
+	}
+	repeatedStringForExpressionWarnings := "[]ExpressionWarning{"
+	for _, f := range this.ExpressionWarnings {
+		repeatedStringForExpressionWarnings += strings.Replace(strings.Replace(f.String(), "ExpressionWarning", "ExpressionWarning", 1), `&`, ``, 1) + ","
+	}
+	repeatedStringForExpressionWarnings += "}"
+	s := strings.Join([]string{`&TypeChecking{`,
+		`ExpressionWarnings:` + repeatedStringForExpressionWarnings + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *ValidatingAdmissionPolicy) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&ValidatingAdmissionPolicy{`,
+		`ObjectMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ObjectMeta), "ObjectMeta", "v1.ObjectMeta", 1), `&`, ``, 1) + `,`,
+		`Spec:` + strings.Replace(strings.Replace(this.Spec.String(), "ValidatingAdmissionPolicySpec", "ValidatingAdmissionPolicySpec", 1), `&`, ``, 1) + `,`,
+		`Status:` + strings.Replace(strings.Replace(this.Status.String(), "ValidatingAdmissionPolicyStatus", "ValidatingAdmissionPolicyStatus", 1), `&`, ``, 1) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *ValidatingAdmissionPolicyBinding) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&ValidatingAdmissionPolicyBinding{`,
+		`ObjectMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ObjectMeta), "ObjectMeta", "v1.ObjectMeta", 1), `&`, ``, 1) + `,`,
+		`Spec:` + strings.Replace(strings.Replace(this.Spec.String(), "ValidatingAdmissionPolicyBindingSpec", "ValidatingAdmissionPolicyBindingSpec", 1), `&`, ``, 1) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *ValidatingAdmissionPolicyBindingList) String() string {
+	if this == nil {
+		return "nil"
+	}
+	repeatedStringForItems := "[]ValidatingAdmissionPolicyBinding{"
+	for _, f := range this.Items {
+		repeatedStringForItems += strings.Replace(strings.Replace(f.String(), "ValidatingAdmissionPolicyBinding", "ValidatingAdmissionPolicyBinding", 1), `&`, ``, 1) + ","
+	}
+	repeatedStringForItems += "}"
+	s := strings.Join([]string{`&ValidatingAdmissionPolicyBindingList{`,
+		`ListMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ListMeta), "ListMeta", "v1.ListMeta", 1), `&`, ``, 1) + `,`,
+		`Items:` + repeatedStringForItems + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *ValidatingAdmissionPolicyBindingSpec) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&ValidatingAdmissionPolicyBindingSpec{`,
+		`PolicyName:` + fmt.Sprintf("%v", this.PolicyName) + `,`,
+		`ParamRef:` + strings.Replace(this.ParamRef.String(), "ParamRef", "ParamRef", 1) + `,`,
+		`MatchResources:` + strings.Replace(this.MatchResources.String(), "MatchResources", "MatchResources", 1) + `,`,
+		`ValidationActions:` + fmt.Sprintf("%v", this.ValidationActions) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *ValidatingAdmissionPolicyList) String() string {
+	if this == nil {
+		return "nil"
+	}
+	repeatedStringForItems := "[]ValidatingAdmissionPolicy{"
+	for _, f := range this.Items {
+		repeatedStringForItems += strings.Replace(strings.Replace(f.String(), "ValidatingAdmissionPolicy", "ValidatingAdmissionPolicy", 1), `&`, ``, 1) + ","
+	}
+	repeatedStringForItems += "}"
+	s := strings.Join([]string{`&ValidatingAdmissionPolicyList{`,
+		`ListMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ListMeta), "ListMeta", "v1.ListMeta", 1), `&`, ``, 1) + `,`,
+		`Items:` + repeatedStringForItems + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *ValidatingAdmissionPolicySpec) String() string {
+	if this == nil {
+		return "nil"
+	}
+	repeatedStringForValidations := "[]Validation{"
+	for _, f := range this.Validations {
+		repeatedStringForValidations += strings.Replace(strings.Replace(f.String(), "Validation", "Validation", 1), `&`, ``, 1) + ","
+	}
+	repeatedStringForValidations += "}"
+	repeatedStringForAuditAnnotations := "[]AuditAnnotation{"
+	for _, f := range this.AuditAnnotations {
+		repeatedStringForAuditAnnotations += strings.Replace(strings.Replace(f.String(), "AuditAnnotation", "AuditAnnotation", 1), `&`, ``, 1) + ","
+	}
+	repeatedStringForAuditAnnotations += "}"
+	repeatedStringForMatchConditions := "[]MatchCondition{"
+	for _, f := range this.MatchConditions {
+		repeatedStringForMatchConditions += strings.Replace(strings.Replace(f.String(), "MatchCondition", "MatchCondition", 1), `&`, ``, 1) + ","
+	}
+	repeatedStringForMatchConditions += "}"
+	repeatedStringForVariables := "[]Variable{"
+	for _, f := range this.Variables {
+		repeatedStringForVariables += strings.Replace(strings.Replace(f.String(), "Variable", "Variable", 1), `&`, ``, 1) + ","
+	}
+	repeatedStringForVariables += "}"
+	s := strings.Join([]string{`&ValidatingAdmissionPolicySpec{`,
+		`ParamKind:` + strings.Replace(this.ParamKind.String(), "ParamKind", "ParamKind", 1) + `,`,
+		`MatchConstraints:` + strings.Replace(this.MatchConstraints.String(), "MatchResources", "MatchResources", 1) + `,`,
+		`Validations:` + repeatedStringForValidations + `,`,
+		`FailurePolicy:` + valueToStringGenerated(this.FailurePolicy) + `,`,
+		`AuditAnnotations:` + repeatedStringForAuditAnnotations + `,`,
+		`MatchConditions:` + repeatedStringForMatchConditions + `,`,
+		`Variables:` + repeatedStringForVariables + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *ValidatingAdmissionPolicyStatus) String() string {
+	if this == nil {
+		return "nil"
+	}
+	repeatedStringForConditions := "[]Condition{"
+	for _, f := range this.Conditions {
+		repeatedStringForConditions += fmt.Sprintf("%v", f) + ","
+	}
+	repeatedStringForConditions += "}"
+	s := strings.Join([]string{`&ValidatingAdmissionPolicyStatus{`,
+		`ObservedGeneration:` + fmt.Sprintf("%v", this.ObservedGeneration) + `,`,
+		`TypeChecking:` + strings.Replace(this.TypeChecking.String(), "TypeChecking", "TypeChecking", 1) + `,`,
+		`Conditions:` + repeatedStringForConditions + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *ValidatingWebhook) String() string {
+	if this == nil {
+		return "nil"
+	}
+	repeatedStringForRules := "[]RuleWithOperations{"
+	for _, f := range this.Rules {
+		repeatedStringForRules += fmt.Sprintf("%v", f) + ","
+	}
+	repeatedStringForRules += "}"
+	repeatedStringForMatchConditions := "[]MatchCondition{"
+	for _, f := range this.MatchConditions {
+		repeatedStringForMatchConditions += strings.Replace(strings.Replace(f.String(), "MatchCondition", "MatchCondition", 1), `&`, ``, 1) + ","
+	}
+	repeatedStringForMatchConditions += "}"
+	s := strings.Join([]string{`&ValidatingWebhook{`,
+		`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
 		`ClientConfig:` + strings.Replace(strings.Replace(this.ClientConfig.String(), "WebhookClientConfig", "WebhookClientConfig", 1), `&`, ``, 1) + `,`,
 		`Rules:` + repeatedStringForRules + `,`,
 		`FailurePolicy:` + valueToStringGenerated(this.FailurePolicy) + `,`,
-		`NamespaceSelector:` + strings.Replace(fmt.Sprintf("%v", this.NamespaceSelector), "LabelSelector", "v11.LabelSelector", 1) + `,`,
+		`NamespaceSelector:` + strings.Replace(fmt.Sprintf("%v", this.NamespaceSelector), "LabelSelector", "v1.LabelSelector", 1) + `,`,
 		`SideEffects:` + valueToStringGenerated(this.SideEffects) + `,`,
 		`TimeoutSeconds:` + valueToStringGenerated(this.TimeoutSeconds) + `,`,
 		`AdmissionReviewVersions:` + fmt.Sprintf("%v", this.AdmissionReviewVersions) + `,`,
 		`MatchPolicy:` + valueToStringGenerated(this.MatchPolicy) + `,`,
-		`ObjectSelector:` + strings.Replace(fmt.Sprintf("%v", this.ObjectSelector), "LabelSelector", "v11.LabelSelector", 1) + `,`,
+		`ObjectSelector:` + strings.Replace(fmt.Sprintf("%v", this.ObjectSelector), "LabelSelector", "v1.LabelSelector", 1) + `,`,
 		`MatchConditions:` + repeatedStringForMatchConditions + `,`,
 		`}`,
 	}, "")
 	return s
 }
-func (this *ValidatingWebhookConfiguration) String() string {
-	if this == nil {
-		return "nil"
+func (this *ValidatingWebhookConfiguration) String() string {
+	if this == nil {
+		return "nil"
+	}
+	repeatedStringForWebhooks := "[]ValidatingWebhook{"
+	for _, f := range this.Webhooks {
+		repeatedStringForWebhooks += strings.Replace(strings.Replace(f.String(), "ValidatingWebhook", "ValidatingWebhook", 1), `&`, ``, 1) + ","
+	}
+	repeatedStringForWebhooks += "}"
+	s := strings.Join([]string{`&ValidatingWebhookConfiguration{`,
+		`ObjectMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ObjectMeta), "ObjectMeta", "v1.ObjectMeta", 1), `&`, ``, 1) + `,`,
+		`Webhooks:` + repeatedStringForWebhooks + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *ValidatingWebhookConfigurationList) String() string {
+	if this == nil {
+		return "nil"
+	}
+	repeatedStringForItems := "[]ValidatingWebhookConfiguration{"
+	for _, f := range this.Items {
+		repeatedStringForItems += strings.Replace(strings.Replace(f.String(), "ValidatingWebhookConfiguration", "ValidatingWebhookConfiguration", 1), `&`, ``, 1) + ","
+	}
+	repeatedStringForItems += "}"
+	s := strings.Join([]string{`&ValidatingWebhookConfigurationList{`,
+		`ListMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ListMeta), "ListMeta", "v1.ListMeta", 1), `&`, ``, 1) + `,`,
+		`Items:` + repeatedStringForItems + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *Validation) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&Validation{`,
+		`Expression:` + fmt.Sprintf("%v", this.Expression) + `,`,
+		`Message:` + fmt.Sprintf("%v", this.Message) + `,`,
+		`Reason:` + valueToStringGenerated(this.Reason) + `,`,
+		`MessageExpression:` + fmt.Sprintf("%v", this.MessageExpression) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *Variable) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&Variable{`,
+		`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
+		`Expression:` + fmt.Sprintf("%v", this.Expression) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *WebhookClientConfig) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&WebhookClientConfig{`,
+		`Service:` + strings.Replace(this.Service.String(), "ServiceReference", "ServiceReference", 1) + `,`,
+		`CABundle:` + valueToStringGenerated(this.CABundle) + `,`,
+		`URL:` + valueToStringGenerated(this.URL) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func valueToStringGenerated(v interface{}) string {
+	rv := reflect.ValueOf(v)
+	if rv.IsNil() {
+		return "nil"
+	}
+	pv := reflect.Indirect(rv).Interface()
+	return fmt.Sprintf("*%v", pv)
+}
+func (m *AuditAnnotation) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGenerated
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: AuditAnnotation: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: AuditAnnotation: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Key", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Key = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ValueExpression", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.ValueExpression = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGenerated(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *ExpressionWarning) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGenerated
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: ExpressionWarning: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: ExpressionWarning: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field FieldRef", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.FieldRef = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Warning", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Warning = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGenerated(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *MatchCondition) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGenerated
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: MatchCondition: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: MatchCondition: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Name = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Expression", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Expression = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGenerated(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *MatchResources) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGenerated
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: MatchResources: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: MatchResources: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field NamespaceSelector", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.NamespaceSelector == nil {
+				m.NamespaceSelector = &v1.LabelSelector{}
+			}
+			if err := m.NamespaceSelector.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ObjectSelector", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.ObjectSelector == nil {
+				m.ObjectSelector = &v1.LabelSelector{}
+			}
+			if err := m.ObjectSelector.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ResourceRules", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.ResourceRules = append(m.ResourceRules, NamedRuleWithOperations{})
+			if err := m.ResourceRules[len(m.ResourceRules)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 4:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ExcludeResourceRules", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.ExcludeResourceRules = append(m.ExcludeResourceRules, NamedRuleWithOperations{})
+			if err := m.ExcludeResourceRules[len(m.ExcludeResourceRules)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 7:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field MatchPolicy", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			s := MatchPolicyType(dAtA[iNdEx:postIndex])
+			m.MatchPolicy = &s
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGenerated(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *MutatingWebhook) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGenerated
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: MutatingWebhook: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: MutatingWebhook: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Name = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ClientConfig", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if err := m.ClientConfig.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Rules", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Rules = append(m.Rules, v11.RuleWithOperations{})
+			if err := m.Rules[len(m.Rules)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 4:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field FailurePolicy", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			s := FailurePolicyType(dAtA[iNdEx:postIndex])
+			m.FailurePolicy = &s
+			iNdEx = postIndex
+		case 5:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field NamespaceSelector", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.NamespaceSelector == nil {
+				m.NamespaceSelector = &v1.LabelSelector{}
+			}
+			if err := m.NamespaceSelector.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 6:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field SideEffects", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			s := SideEffectClass(dAtA[iNdEx:postIndex])
+			m.SideEffects = &s
+			iNdEx = postIndex
+		case 7:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field TimeoutSeconds", wireType)
+			}
+			var v int32
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int32(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			m.TimeoutSeconds = &v
+		case 8:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field AdmissionReviewVersions", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.AdmissionReviewVersions = append(m.AdmissionReviewVersions, string(dAtA[iNdEx:postIndex]))
+			iNdEx = postIndex
+		case 9:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field MatchPolicy", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			s := MatchPolicyType(dAtA[iNdEx:postIndex])
+			m.MatchPolicy = &s
+			iNdEx = postIndex
+		case 10:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ReinvocationPolicy", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			s := ReinvocationPolicyType(dAtA[iNdEx:postIndex])
+			m.ReinvocationPolicy = &s
+			iNdEx = postIndex
+		case 11:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ObjectSelector", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.ObjectSelector == nil {
+				m.ObjectSelector = &v1.LabelSelector{}
+			}
+			if err := m.ObjectSelector.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 12:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field MatchConditions", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.MatchConditions = append(m.MatchConditions, MatchCondition{})
+			if err := m.MatchConditions[len(m.MatchConditions)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGenerated(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *MutatingWebhookConfiguration) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGenerated
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: MutatingWebhookConfiguration: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: MutatingWebhookConfiguration: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ObjectMeta", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if err := m.ObjectMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Webhooks", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Webhooks = append(m.Webhooks, MutatingWebhook{})
+			if err := m.Webhooks[len(m.Webhooks)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGenerated(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *MutatingWebhookConfigurationList) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGenerated
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: MutatingWebhookConfigurationList: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: MutatingWebhookConfigurationList: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ListMeta", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if err := m.ListMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Items", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Items = append(m.Items, MutatingWebhookConfiguration{})
+			if err := m.Items[len(m.Items)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGenerated(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *NamedRuleWithOperations) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGenerated
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: NamedRuleWithOperations: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: NamedRuleWithOperations: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ResourceNames", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.ResourceNames = append(m.ResourceNames, string(dAtA[iNdEx:postIndex]))
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field RuleWithOperations", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if err := m.RuleWithOperations.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGenerated(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *ParamKind) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGenerated
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: ParamKind: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: ParamKind: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field APIVersion", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.APIVersion = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Kind", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Kind = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGenerated(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
 	}
-	repeatedStringForWebhooks := "[]ValidatingWebhook{"
-	for _, f := range this.Webhooks {
-		repeatedStringForWebhooks += strings.Replace(strings.Replace(f.String(), "ValidatingWebhook", "ValidatingWebhook", 1), `&`, ``, 1) + ","
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
 	}
-	repeatedStringForWebhooks += "}"
-	s := strings.Join([]string{`&ValidatingWebhookConfiguration{`,
-		`ObjectMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ObjectMeta), "ObjectMeta", "v11.ObjectMeta", 1), `&`, ``, 1) + `,`,
-		`Webhooks:` + repeatedStringForWebhooks + `,`,
-		`}`,
-	}, "")
-	return s
+	return nil
 }
-func (this *ValidatingWebhookConfigurationList) String() string {
-	if this == nil {
-		return "nil"
+func (m *ParamRef) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGenerated
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: ParamRef: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: ParamRef: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Name = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Namespace", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Namespace = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Selector", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Selector == nil {
+				m.Selector = &v1.LabelSelector{}
+			}
+			if err := m.Selector.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 4:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ParameterNotFoundAction", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			s := ParameterNotFoundActionType(dAtA[iNdEx:postIndex])
+			m.ParameterNotFoundAction = &s
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGenerated(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
 	}
-	repeatedStringForItems := "[]ValidatingWebhookConfiguration{"
-	for _, f := range this.Items {
-		repeatedStringForItems += strings.Replace(strings.Replace(f.String(), "ValidatingWebhookConfiguration", "ValidatingWebhookConfiguration", 1), `&`, ``, 1) + ","
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
 	}
-	repeatedStringForItems += "}"
-	s := strings.Join([]string{`&ValidatingWebhookConfigurationList{`,
-		`ListMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ListMeta), "ListMeta", "v11.ListMeta", 1), `&`, ``, 1) + `,`,
-		`Items:` + repeatedStringForItems + `,`,
-		`}`,
-	}, "")
-	return s
+	return nil
 }
-func (this *WebhookClientConfig) String() string {
-	if this == nil {
-		return "nil"
+func (m *ServiceReference) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGenerated
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: ServiceReference: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: ServiceReference: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Namespace", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Namespace = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Name = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Path", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			s := string(dAtA[iNdEx:postIndex])
+			m.Path = &s
+			iNdEx = postIndex
+		case 4:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Port", wireType)
+			}
+			var v int32
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int32(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			m.Port = &v
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGenerated(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
 	}
-	s := strings.Join([]string{`&WebhookClientConfig{`,
-		`Service:` + strings.Replace(this.Service.String(), "ServiceReference", "ServiceReference", 1) + `,`,
-		`CABundle:` + valueToStringGenerated(this.CABundle) + `,`,
-		`URL:` + valueToStringGenerated(this.URL) + `,`,
-		`}`,
-	}, "")
-	return s
-}
-func valueToStringGenerated(v interface{}) string {
-	rv := reflect.ValueOf(v)
-	if rv.IsNil() {
-		return "nil"
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
 	}
-	pv := reflect.Indirect(rv).Interface()
-	return fmt.Sprintf("*%v", pv)
+	return nil
 }
-func (m *MatchCondition) Unmarshal(dAtA []byte) error {
+func (m *TypeChecking) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -1398,17 +5091,17 @@ func (m *MatchCondition) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: MatchCondition: wiretype end group for non-group")
+			return fmt.Errorf("proto: TypeChecking: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: MatchCondition: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: TypeChecking: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field ExpressionWarnings", wireType)
 			}
-			var stringLen uint64
+			var msglen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowGenerated
@@ -1418,55 +5111,25 @@ func (m *MatchCondition) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= uint64(b&0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
+			if msglen < 0 {
 				return ErrInvalidLengthGenerated
 			}
-			postIndex := iNdEx + intStringLen
+			postIndex := iNdEx + msglen
 			if postIndex < 0 {
 				return ErrInvalidLengthGenerated
 			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Name = string(dAtA[iNdEx:postIndex])
-			iNdEx = postIndex
-		case 2:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Expression", wireType)
-			}
-			var stringLen uint64
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowGenerated
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				stringLen |= uint64(b&0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
-				return ErrInvalidLengthGenerated
-			}
-			postIndex := iNdEx + intStringLen
-			if postIndex < 0 {
-				return ErrInvalidLengthGenerated
-			}
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
+			m.ExpressionWarnings = append(m.ExpressionWarnings, ExpressionWarning{})
+			if err := m.ExpressionWarnings[len(m.ExpressionWarnings)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
 			}
-			m.Expression = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
@@ -1489,7 +5152,7 @@ func (m *MatchCondition) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *MutatingWebhook) Unmarshal(dAtA []byte) error {
+func (m *ValidatingAdmissionPolicy) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -1512,17 +5175,17 @@ func (m *MutatingWebhook) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: MutatingWebhook: wiretype end group for non-group")
+			return fmt.Errorf("proto: ValidatingAdmissionPolicy: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: MutatingWebhook: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: ValidatingAdmissionPolicy: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field ObjectMeta", wireType)
 			}
-			var stringLen uint64
+			var msglen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowGenerated
@@ -1532,27 +5195,28 @@ func (m *MutatingWebhook) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= uint64(b&0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
+			if msglen < 0 {
 				return ErrInvalidLengthGenerated
 			}
-			postIndex := iNdEx + intStringLen
+			postIndex := iNdEx + msglen
 			if postIndex < 0 {
 				return ErrInvalidLengthGenerated
 			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Name = string(dAtA[iNdEx:postIndex])
+			if err := m.ObjectMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
 			iNdEx = postIndex
 		case 2:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field ClientConfig", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Spec", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -1579,13 +5243,13 @@ func (m *MutatingWebhook) Unmarshal(dAtA []byte) error {
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if err := m.ClientConfig.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			if err := m.Spec.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
 		case 3:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Rules", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Status", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -1612,16 +5276,65 @@ func (m *MutatingWebhook) Unmarshal(dAtA []byte) error {
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Rules = append(m.Rules, v1.RuleWithOperations{})
-			if err := m.Rules[len(m.Rules)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			if err := m.Status.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
-		case 4:
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGenerated(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *ValidatingAdmissionPolicyBinding) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGenerated
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: ValidatingAdmissionPolicyBinding: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: ValidatingAdmissionPolicyBinding: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field FailurePolicy", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field ObjectMeta", wireType)
 			}
-			var stringLen uint64
+			var msglen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowGenerated
@@ -1631,28 +5344,28 @@ func (m *MutatingWebhook) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= uint64(b&0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
+			if msglen < 0 {
 				return ErrInvalidLengthGenerated
 			}
-			postIndex := iNdEx + intStringLen
+			postIndex := iNdEx + msglen
 			if postIndex < 0 {
 				return ErrInvalidLengthGenerated
 			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			s := FailurePolicyType(dAtA[iNdEx:postIndex])
-			m.FailurePolicy = &s
+			if err := m.ObjectMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
 			iNdEx = postIndex
-		case 5:
+		case 2:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field NamespaceSelector", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Spec", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -1679,18 +5392,65 @@ func (m *MutatingWebhook) Unmarshal(dAtA []byte) error {
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.NamespaceSelector == nil {
-				m.NamespaceSelector = &v11.LabelSelector{}
-			}
-			if err := m.NamespaceSelector.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			if err := m.Spec.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
-		case 6:
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGenerated(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *ValidatingAdmissionPolicyBindingList) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGenerated
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: ValidatingAdmissionPolicyBindingList: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: ValidatingAdmissionPolicyBindingList: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field SideEffects", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field ListMeta", wireType)
 			}
-			var stringLen uint64
+			var msglen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowGenerated
@@ -1700,50 +5460,30 @@ func (m *MutatingWebhook) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= uint64(b&0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
+			if msglen < 0 {
 				return ErrInvalidLengthGenerated
 			}
-			postIndex := iNdEx + intStringLen
+			postIndex := iNdEx + msglen
 			if postIndex < 0 {
 				return ErrInvalidLengthGenerated
 			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			s := SideEffectClass(dAtA[iNdEx:postIndex])
-			m.SideEffects = &s
-			iNdEx = postIndex
-		case 7:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field TimeoutSeconds", wireType)
-			}
-			var v int32
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowGenerated
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				v |= int32(b&0x7F) << shift
-				if b < 0x80 {
-					break
-				}
+			if err := m.ListMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
 			}
-			m.TimeoutSeconds = &v
-		case 8:
+			iNdEx = postIndex
+		case 2:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field AdmissionReviewVersions", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Items", wireType)
 			}
-			var stringLen uint64
+			var msglen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowGenerated
@@ -1753,27 +5493,79 @@ func (m *MutatingWebhook) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= uint64(b&0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
+			if msglen < 0 {
 				return ErrInvalidLengthGenerated
 			}
-			postIndex := iNdEx + intStringLen
+			postIndex := iNdEx + msglen
 			if postIndex < 0 {
 				return ErrInvalidLengthGenerated
 			}
-			if postIndex > l {
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Items = append(m.Items, ValidatingAdmissionPolicyBinding{})
+			if err := m.Items[len(m.Items)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGenerated(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *ValidatingAdmissionPolicyBindingSpec) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGenerated
+			}
+			if iNdEx >= l {
 				return io.ErrUnexpectedEOF
 			}
-			m.AdmissionReviewVersions = append(m.AdmissionReviewVersions, string(dAtA[iNdEx:postIndex]))
-			iNdEx = postIndex
-		case 9:
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: ValidatingAdmissionPolicyBindingSpec: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: ValidatingAdmissionPolicyBindingSpec: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field MatchPolicy", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field PolicyName", wireType)
 			}
 			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
@@ -1801,14 +5593,13 @@ func (m *MutatingWebhook) Unmarshal(dAtA []byte) error {
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			s := MatchPolicyType(dAtA[iNdEx:postIndex])
-			m.MatchPolicy = &s
+			m.PolicyName = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
-		case 10:
+		case 2:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field ReinvocationPolicy", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field ParamRef", wireType)
 			}
-			var stringLen uint64
+			var msglen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowGenerated
@@ -1818,28 +5609,31 @@ func (m *MutatingWebhook) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= uint64(b&0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
+			if msglen < 0 {
 				return ErrInvalidLengthGenerated
 			}
-			postIndex := iNdEx + intStringLen
+			postIndex := iNdEx + msglen
 			if postIndex < 0 {
 				return ErrInvalidLengthGenerated
 			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			s := ReinvocationPolicyType(dAtA[iNdEx:postIndex])
-			m.ReinvocationPolicy = &s
+			if m.ParamRef == nil {
+				m.ParamRef = &ParamRef{}
+			}
+			if err := m.ParamRef.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
 			iNdEx = postIndex
-		case 11:
+		case 3:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field ObjectSelector", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field MatchResources", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -1866,18 +5660,18 @@ func (m *MutatingWebhook) Unmarshal(dAtA []byte) error {
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.ObjectSelector == nil {
-				m.ObjectSelector = &v11.LabelSelector{}
+			if m.MatchResources == nil {
+				m.MatchResources = &MatchResources{}
 			}
-			if err := m.ObjectSelector.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			if err := m.MatchResources.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
-		case 12:
+		case 4:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field MatchConditions", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field ValidationActions", wireType)
 			}
-			var msglen int
+			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowGenerated
@@ -1887,25 +5681,23 @@ func (m *MutatingWebhook) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= int(b&0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			if msglen < 0 {
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
 				return ErrInvalidLengthGenerated
 			}
-			postIndex := iNdEx + msglen
+			postIndex := iNdEx + intStringLen
 			if postIndex < 0 {
 				return ErrInvalidLengthGenerated
 			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.MatchConditions = append(m.MatchConditions, MatchCondition{})
-			if err := m.MatchConditions[len(m.MatchConditions)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
+			m.ValidationActions = append(m.ValidationActions, ValidationAction(dAtA[iNdEx:postIndex]))
 			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
@@ -1928,7 +5720,7 @@ func (m *MutatingWebhook) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *MutatingWebhookConfiguration) Unmarshal(dAtA []byte) error {
+func (m *ValidatingAdmissionPolicyList) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -1951,15 +5743,15 @@ func (m *MutatingWebhookConfiguration) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: MutatingWebhookConfiguration: wiretype end group for non-group")
+			return fmt.Errorf("proto: ValidatingAdmissionPolicyList: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: MutatingWebhookConfiguration: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: ValidatingAdmissionPolicyList: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field ObjectMeta", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field ListMeta", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -1986,13 +5778,13 @@ func (m *MutatingWebhookConfiguration) Unmarshal(dAtA []byte) error {
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if err := m.ObjectMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			if err := m.ListMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
 		case 2:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Webhooks", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Items", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -2019,8 +5811,8 @@ func (m *MutatingWebhookConfiguration) Unmarshal(dAtA []byte) error {
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Webhooks = append(m.Webhooks, MutatingWebhook{})
-			if err := m.Webhooks[len(m.Webhooks)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			m.Items = append(m.Items, ValidatingAdmissionPolicy{})
+			if err := m.Items[len(m.Items)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
@@ -2045,7 +5837,7 @@ func (m *MutatingWebhookConfiguration) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *MutatingWebhookConfigurationList) Unmarshal(dAtA []byte) error {
+func (m *ValidatingAdmissionPolicySpec) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -2068,15 +5860,15 @@ func (m *MutatingWebhookConfigurationList) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: MutatingWebhookConfigurationList: wiretype end group for non-group")
+			return fmt.Errorf("proto: ValidatingAdmissionPolicySpec: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: MutatingWebhookConfigurationList: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: ValidatingAdmissionPolicySpec: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field ListMeta", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field ParamKind", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -2103,13 +5895,187 @@ func (m *MutatingWebhookConfigurationList) Unmarshal(dAtA []byte) error {
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if err := m.ListMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			if m.ParamKind == nil {
+				m.ParamKind = &ParamKind{}
+			}
+			if err := m.ParamKind.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
 		case 2:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Items", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field MatchConstraints", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.MatchConstraints == nil {
+				m.MatchConstraints = &MatchResources{}
+			}
+			if err := m.MatchConstraints.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Validations", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Validations = append(m.Validations, Validation{})
+			if err := m.Validations[len(m.Validations)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 4:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field FailurePolicy", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			s := FailurePolicyType(dAtA[iNdEx:postIndex])
+			m.FailurePolicy = &s
+			iNdEx = postIndex
+		case 5:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field AuditAnnotations", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.AuditAnnotations = append(m.AuditAnnotations, AuditAnnotation{})
+			if err := m.AuditAnnotations[len(m.AuditAnnotations)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 6:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field MatchConditions", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.MatchConditions = append(m.MatchConditions, MatchCondition{})
+			if err := m.MatchConditions[len(m.MatchConditions)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 7:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Variables", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -2136,8 +6102,8 @@ func (m *MutatingWebhookConfigurationList) Unmarshal(dAtA []byte) error {
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Items = append(m.Items, MutatingWebhookConfiguration{})
-			if err := m.Items[len(m.Items)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			m.Variables = append(m.Variables, Variable{})
+			if err := m.Variables[len(m.Variables)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
@@ -2162,7 +6128,7 @@ func (m *MutatingWebhookConfigurationList) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *ServiceReference) Unmarshal(dAtA []byte) error {
+func (m *ValidatingAdmissionPolicyStatus) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -2185,17 +6151,17 @@ func (m *ServiceReference) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: ServiceReference: wiretype end group for non-group")
+			return fmt.Errorf("proto: ValidatingAdmissionPolicyStatus: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: ServiceReference: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: ValidatingAdmissionPolicyStatus: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Namespace", wireType)
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ObservedGeneration", wireType)
 			}
-			var stringLen uint64
+			m.ObservedGeneration = 0
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowGenerated
@@ -2205,29 +6171,16 @@ func (m *ServiceReference) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= uint64(b&0x7F) << shift
+				m.ObservedGeneration |= int64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
-				return ErrInvalidLengthGenerated
-			}
-			postIndex := iNdEx + intStringLen
-			if postIndex < 0 {
-				return ErrInvalidLengthGenerated
-			}
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.Namespace = string(dAtA[iNdEx:postIndex])
-			iNdEx = postIndex
 		case 2:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field TypeChecking", wireType)
 			}
-			var stringLen uint64
+			var msglen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowGenerated
@@ -2237,29 +6190,33 @@ func (m *ServiceReference) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= uint64(b&0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
+			if msglen < 0 {
 				return ErrInvalidLengthGenerated
 			}
-			postIndex := iNdEx + intStringLen
+			postIndex := iNdEx + msglen
 			if postIndex < 0 {
 				return ErrInvalidLengthGenerated
 			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Name = string(dAtA[iNdEx:postIndex])
+			if m.TypeChecking == nil {
+				m.TypeChecking = &TypeChecking{}
+			}
+			if err := m.TypeChecking.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
 			iNdEx = postIndex
 		case 3:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Path", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Conditions", wireType)
 			}
-			var stringLen uint64
+			var msglen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowGenerated
@@ -2269,45 +6226,26 @@ func (m *ServiceReference) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= uint64(b&0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
+			if msglen < 0 {
 				return ErrInvalidLengthGenerated
 			}
-			postIndex := iNdEx + intStringLen
+			postIndex := iNdEx + msglen
 			if postIndex < 0 {
 				return ErrInvalidLengthGenerated
 			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			s := string(dAtA[iNdEx:postIndex])
-			m.Path = &s
-			iNdEx = postIndex
-		case 4:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Port", wireType)
-			}
-			var v int32
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowGenerated
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				v |= int32(b&0x7F) << shift
-				if b < 0x80 {
-					break
-				}
+			m.Conditions = append(m.Conditions, v1.Condition{})
+			if err := m.Conditions[len(m.Conditions)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
 			}
-			m.Port = &v
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipGenerated(dAtA[iNdEx:])
@@ -2452,7 +6390,7 @@ func (m *ValidatingWebhook) Unmarshal(dAtA []byte) error {
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Rules = append(m.Rules, v1.RuleWithOperations{})
+			m.Rules = append(m.Rules, v11.RuleWithOperations{})
 			if err := m.Rules[len(m.Rules)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
@@ -2520,7 +6458,7 @@ func (m *ValidatingWebhook) Unmarshal(dAtA []byte) error {
 				return io.ErrUnexpectedEOF
 			}
 			if m.NamespaceSelector == nil {
-				m.NamespaceSelector = &v11.LabelSelector{}
+				m.NamespaceSelector = &v1.LabelSelector{}
 			}
 			if err := m.NamespaceSelector.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
@@ -2563,27 +6501,212 @@ func (m *ValidatingWebhook) Unmarshal(dAtA []byte) error {
 			if wireType != 0 {
 				return fmt.Errorf("proto: wrong wireType = %d for field TimeoutSeconds", wireType)
 			}
-			var v int32
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowGenerated
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				v |= int32(b&0x7F) << shift
-				if b < 0x80 {
-					break
-				}
+			var v int32
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int32(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			m.TimeoutSeconds = &v
+		case 8:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field AdmissionReviewVersions", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.AdmissionReviewVersions = append(m.AdmissionReviewVersions, string(dAtA[iNdEx:postIndex]))
+			iNdEx = postIndex
+		case 9:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field MatchPolicy", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			s := MatchPolicyType(dAtA[iNdEx:postIndex])
+			m.MatchPolicy = &s
+			iNdEx = postIndex
+		case 10:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ObjectSelector", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.ObjectSelector == nil {
+				m.ObjectSelector = &v1.LabelSelector{}
+			}
+			if err := m.ObjectSelector.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 11:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field MatchConditions", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.MatchConditions = append(m.MatchConditions, MatchCondition{})
+			if err := m.MatchConditions[len(m.MatchConditions)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGenerated(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *ValidatingWebhookConfiguration) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGenerated
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
 			}
-			m.TimeoutSeconds = &v
-		case 8:
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: ValidatingWebhookConfiguration: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: ValidatingWebhookConfiguration: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field AdmissionReviewVersions", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field ObjectMeta", wireType)
 			}
-			var stringLen uint64
+			var msglen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowGenerated
@@ -2593,29 +6716,30 @@ func (m *ValidatingWebhook) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= uint64(b&0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
+			if msglen < 0 {
 				return ErrInvalidLengthGenerated
 			}
-			postIndex := iNdEx + intStringLen
+			postIndex := iNdEx + msglen
 			if postIndex < 0 {
 				return ErrInvalidLengthGenerated
 			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.AdmissionReviewVersions = append(m.AdmissionReviewVersions, string(dAtA[iNdEx:postIndex]))
+			if err := m.ObjectMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
 			iNdEx = postIndex
-		case 9:
+		case 2:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field MatchPolicy", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Webhooks", wireType)
 			}
-			var stringLen uint64
+			var msglen int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowGenerated
@@ -2625,28 +6749,79 @@ func (m *ValidatingWebhook) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				stringLen |= uint64(b&0x7F) << shift
+				msglen |= int(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
+			if msglen < 0 {
 				return ErrInvalidLengthGenerated
 			}
-			postIndex := iNdEx + intStringLen
+			postIndex := iNdEx + msglen
 			if postIndex < 0 {
 				return ErrInvalidLengthGenerated
 			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			s := MatchPolicyType(dAtA[iNdEx:postIndex])
-			m.MatchPolicy = &s
+			m.Webhooks = append(m.Webhooks, ValidatingWebhook{})
+			if err := m.Webhooks[len(m.Webhooks)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
 			iNdEx = postIndex
-		case 10:
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGenerated(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *ValidatingWebhookConfigurationList) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGenerated
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: ValidatingWebhookConfigurationList: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: ValidatingWebhookConfigurationList: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field ObjectSelector", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field ListMeta", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -2673,16 +6848,13 @@ func (m *ValidatingWebhook) Unmarshal(dAtA []byte) error {
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.ObjectSelector == nil {
-				m.ObjectSelector = &v11.LabelSelector{}
-			}
-			if err := m.ObjectSelector.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			if err := m.ListMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
-		case 11:
+		case 2:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field MatchConditions", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Items", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -2709,8 +6881,8 @@ func (m *ValidatingWebhook) Unmarshal(dAtA []byte) error {
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.MatchConditions = append(m.MatchConditions, MatchCondition{})
-			if err := m.MatchConditions[len(m.MatchConditions)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			m.Items = append(m.Items, ValidatingWebhookConfiguration{})
+			if err := m.Items[len(m.Items)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
@@ -2735,7 +6907,7 @@ func (m *ValidatingWebhook) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *ValidatingWebhookConfiguration) Unmarshal(dAtA []byte) error {
+func (m *Validation) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -2758,17 +6930,17 @@ func (m *ValidatingWebhookConfiguration) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: ValidatingWebhookConfiguration: wiretype end group for non-group")
+			return fmt.Errorf("proto: Validation: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: ValidatingWebhookConfiguration: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: Validation: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field ObjectMeta", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Expression", wireType)
 			}
-			var msglen int
+			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowGenerated
@@ -2778,30 +6950,29 @@ func (m *ValidatingWebhookConfiguration) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= int(b&0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			if msglen < 0 {
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
 				return ErrInvalidLengthGenerated
 			}
-			postIndex := iNdEx + msglen
+			postIndex := iNdEx + intStringLen
 			if postIndex < 0 {
 				return ErrInvalidLengthGenerated
 			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if err := m.ObjectMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
+			m.Expression = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
 		case 2:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Webhooks", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Message", wireType)
 			}
-			var msglen int
+			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowGenerated
@@ -2811,25 +6982,88 @@ func (m *ValidatingWebhookConfiguration) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= int(b&0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			if msglen < 0 {
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
 				return ErrInvalidLengthGenerated
 			}
-			postIndex := iNdEx + msglen
+			postIndex := iNdEx + intStringLen
 			if postIndex < 0 {
 				return ErrInvalidLengthGenerated
 			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Webhooks = append(m.Webhooks, ValidatingWebhook{})
-			if err := m.Webhooks[len(m.Webhooks)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
+			m.Message = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Reason", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
 			}
+			s := k8s_io_apimachinery_pkg_apis_meta_v1.StatusReason(dAtA[iNdEx:postIndex])
+			m.Reason = &s
+			iNdEx = postIndex
+		case 4:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field MessageExpression", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.MessageExpression = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
@@ -2852,7 +7086,7 @@ func (m *ValidatingWebhookConfiguration) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *ValidatingWebhookConfigurationList) Unmarshal(dAtA []byte) error {
+func (m *Variable) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -2875,17 +7109,17 @@ func (m *ValidatingWebhookConfigurationList) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: ValidatingWebhookConfigurationList: wiretype end group for non-group")
+			return fmt.Errorf("proto: Variable: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: ValidatingWebhookConfigurationList: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: Variable: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field ListMeta", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType)
 			}
-			var msglen int
+			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowGenerated
@@ -2895,30 +7129,29 @@ func (m *ValidatingWebhookConfigurationList) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= int(b&0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			if msglen < 0 {
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
 				return ErrInvalidLengthGenerated
 			}
-			postIndex := iNdEx + msglen
+			postIndex := iNdEx + intStringLen
 			if postIndex < 0 {
 				return ErrInvalidLengthGenerated
 			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if err := m.ListMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
+			m.Name = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
 		case 2:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Items", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Expression", wireType)
 			}
-			var msglen int
+			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowGenerated
@@ -2928,25 +7161,23 @@ func (m *ValidatingWebhookConfigurationList) Unmarshal(dAtA []byte) error {
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
-				msglen |= int(b&0x7F) << shift
+				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
-			if msglen < 0 {
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
 				return ErrInvalidLengthGenerated
 			}
-			postIndex := iNdEx + msglen
+			postIndex := iNdEx + intStringLen
 			if postIndex < 0 {
 				return ErrInvalidLengthGenerated
 			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Items = append(m.Items, ValidatingWebhookConfiguration{})
-			if err := m.Items[len(m.Items)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
+			m.Expression = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
diff --git a/vendor/k8s.io/api/admissionregistration/v1beta1/generated.proto b/vendor/k8s.io/api/admissionregistration/v1beta1/generated.proto
index cfd7592854..1855cdfc4f 100644
--- a/vendor/k8s.io/api/admissionregistration/v1beta1/generated.proto
+++ b/vendor/k8s.io/api/admissionregistration/v1beta1/generated.proto
@@ -29,6 +29,56 @@ import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto";
 // Package-wide variables from generator "generated".
 option go_package = "k8s.io/api/admissionregistration/v1beta1";
 
+// AuditAnnotation describes how to produce an audit annotation for an API request.
+message AuditAnnotation {
+  // key specifies the audit annotation key. The audit annotation keys of
+  // a ValidatingAdmissionPolicy must be unique. The key must be a qualified
+  // name ([A-Za-z0-9][-A-Za-z0-9_.]*) no more than 63 bytes in length.
+  //
+  // The key is combined with the resource name of the
+  // ValidatingAdmissionPolicy to construct an audit annotation key:
+  // "{ValidatingAdmissionPolicy name}/{key}".
+  //
+  // If an admission webhook uses the same resource name as this ValidatingAdmissionPolicy
+  // and the same audit annotation key, the annotation key will be identical.
+  // In this case, the first annotation written with the key will be included
+  // in the audit event and all subsequent annotations with the same key
+  // will be discarded.
+  //
+  // Required.
+  optional string key = 1;
+
+  // valueExpression represents the expression which is evaluated by CEL to
+  // produce an audit annotation value. The expression must evaluate to either
+  // a string or null value. If the expression evaluates to a string, the
+  // audit annotation is included with the string value. If the expression
+  // evaluates to null or empty string the audit annotation will be omitted.
+  // The valueExpression may be no longer than 5kb in length.
+  // If the result of the valueExpression is more than 10kb in length, it
+  // will be truncated to 10kb.
+  //
+  // If multiple ValidatingAdmissionPolicyBinding resources match an
+  // API request, then the valueExpression will be evaluated for
+  // each binding. All unique values produced by the valueExpressions
+  // will be joined together in a comma-separated list.
+  //
+  // Required.
+  optional string valueExpression = 2;
+}
+
+// ExpressionWarning is a warning information that targets a specific expression.
+message ExpressionWarning {
+  // The path to the field that refers the expression.
+  // For example, the reference to the expression of the first item of
+  // validations is "spec.validations[0].expression"
+  optional string fieldRef = 2;
+
+  // The content of type checking information in a human-readable form.
+  // Each line of the warning contains the type that the expression is checked
+  // against, followed by the type check error from the compiler.
+  optional string warning = 3;
+}
+
 // MatchCondition represents a condition which must be fulfilled for a request to be sent to a webhook.
 message MatchCondition {
   // Name is an identifier for this match condition, used for strategic merging of MatchConditions,
@@ -58,6 +108,101 @@ message MatchCondition {
   optional string expression = 2;
 }
 
+// MatchResources decides whether to run the admission control policy on an object based
+// on whether it meets the match criteria.
+// The exclude rules take precedence over include rules (if a resource matches both, it is excluded)
+// +structType=atomic
+message MatchResources {
+  // NamespaceSelector decides whether to run the admission control policy on an object based
+  // on whether the namespace for that object matches the selector. If the
+  // object itself is a namespace, the matching is performed on
+  // object.metadata.labels. If the object is another cluster scoped resource,
+  // it never skips the policy.
+  //
+  // For example, to run the webhook on any objects whose namespace is not
+  // associated with "runlevel" of "0" or "1";  you will set the selector as
+  // follows:
+  // "namespaceSelector": {
+  //   "matchExpressions": [
+  //     {
+  //       "key": "runlevel",
+  //       "operator": "NotIn",
+  //       "values": [
+  //         "0",
+  //         "1"
+  //       ]
+  //     }
+  //   ]
+  // }
+  //
+  // If instead you want to only run the policy on any objects whose
+  // namespace is associated with the "environment" of "prod" or "staging";
+  // you will set the selector as follows:
+  // "namespaceSelector": {
+  //   "matchExpressions": [
+  //     {
+  //       "key": "environment",
+  //       "operator": "In",
+  //       "values": [
+  //         "prod",
+  //         "staging"
+  //       ]
+  //     }
+  //   ]
+  // }
+  //
+  // See
+  // https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+  // for more examples of label selectors.
+  //
+  // Default to the empty LabelSelector, which matches everything.
+  // +optional
+  optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector namespaceSelector = 1;
+
+  // ObjectSelector decides whether to run the validation based on if the
+  // object has matching labels. objectSelector is evaluated against both
+  // the oldObject and newObject that would be sent to the cel validation, and
+  // is considered to match if either object matches the selector. A null
+  // object (oldObject in the case of create, or newObject in the case of
+  // delete) or an object that cannot have labels (like a
+  // DeploymentRollback or a PodProxyOptions object) is not considered to
+  // match.
+  // Use the object selector only if the webhook is opt-in, because end
+  // users may skip the admission webhook by setting the labels.
+  // Default to the empty LabelSelector, which matches everything.
+  // +optional
+  optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector objectSelector = 2;
+
+  // ResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy matches.
+  // The policy cares about an operation if it matches _any_ Rule.
+  // +listType=atomic
+  // +optional
+  repeated NamedRuleWithOperations resourceRules = 3;
+
+  // ExcludeResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy should not care about.
+  // The exclude rules take precedence over include rules (if a resource matches both, it is excluded)
+  // +listType=atomic
+  // +optional
+  repeated NamedRuleWithOperations excludeResourceRules = 4;
+
+  // matchPolicy defines how the "MatchResources" list is used to match incoming requests.
+  // Allowed values are "Exact" or "Equivalent".
+  //
+  // - Exact: match a request only if it exactly matches a specified rule.
+  // For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1,
+  // but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`,
+  // a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the ValidatingAdmissionPolicy.
+  //
+  // - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version.
+  // For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1,
+  // and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`,
+  // a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the ValidatingAdmissionPolicy.
+  //
+  // Defaults to "Equivalent"
+  // +optional
+  optional string matchPolicy = 7;
+}
+
 // MutatingWebhook describes an admission webhook and the resources and operations it applies to.
 message MutatingWebhook {
   // The name of the admission webhook.
@@ -219,7 +364,7 @@ message MutatingWebhook {
   //      - If failurePolicy=Fail, reject the request
   //      - If failurePolicy=Ignore, the error is ignored and the webhook is skipped
   //
-  // This is an alpha feature and managed by the AdmissionWebhookMatchConditions feature gate.
+  // This is a beta feature and managed by the AdmissionWebhookMatchConditions feature gate.
   //
   // +patchMergeKey=name
   // +patchStrategy=merge
@@ -255,6 +400,88 @@ message MutatingWebhookConfigurationList {
   repeated MutatingWebhookConfiguration items = 2;
 }
 
+// NamedRuleWithOperations is a tuple of Operations and Resources with ResourceNames.
+// +structType=atomic
+message NamedRuleWithOperations {
+  // ResourceNames is an optional white list of names that the rule applies to.  An empty set means that everything is allowed.
+  // +listType=atomic
+  // +optional
+  repeated string resourceNames = 1;
+
+  // RuleWithOperations is a tuple of Operations and Resources.
+  optional k8s.io.api.admissionregistration.v1.RuleWithOperations ruleWithOperations = 2;
+}
+
+// ParamKind is a tuple of Group Kind and Version.
+// +structType=atomic
+message ParamKind {
+  // APIVersion is the API group version the resources belong to.
+  // In format of "group/version".
+  // Required.
+  optional string apiVersion = 1;
+
+  // Kind is the API kind the resources belong to.
+  // Required.
+  optional string kind = 2;
+}
+
+// ParamRef describes how to locate the params to be used as input to
+// expressions of rules applied by a policy binding.
+// +structType=atomic
+message ParamRef {
+  // name is the name of the resource being referenced.
+  //
+  // One of `name` or `selector` must be set, but `name` and `selector` are
+  // mutually exclusive properties. If one is set, the other must be unset.
+  //
+  // A single parameter used for all admission requests can be configured
+  // by setting the `name` field, leaving `selector` blank, and setting namespace
+  // if `paramKind` is namespace-scoped.
+  optional string name = 1;
+
+  // namespace is the namespace of the referenced resource. Allows limiting
+  // the search for params to a specific namespace. Applies to both `name` and
+  // `selector` fields.
+  //
+  // A per-namespace parameter may be used by specifying a namespace-scoped
+  // `paramKind` in the policy and leaving this field empty.
+  //
+  // - If `paramKind` is cluster-scoped, this field MUST be unset. Setting this
+  // field results in a configuration error.
+  //
+  // - If `paramKind` is namespace-scoped, the namespace of the object being
+  // evaluated for admission will be used when this field is left unset. Take
+  // care that if this is left empty the binding must not match any cluster-scoped
+  // resources, which will result in an error.
+  //
+  // +optional
+  optional string namespace = 2;
+
+  // selector can be used to match multiple param objects based on their labels.
+  // Supply selector: {} to match all resources of the ParamKind.
+  //
+  // If multiple params are found, they are all evaluated with the policy expressions
+  // and the results are ANDed together.
+  //
+  // One of `name` or `selector` must be set, but `name` and `selector` are
+  // mutually exclusive properties. If one is set, the other must be unset.
+  //
+  // +optional
+  optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector selector = 3;
+
+  // `parameterNotFoundAction` controls the behavior of the binding when the resource
+  // exists, and name or selector is valid, but there are no parameters
+  // matched by the binding. If the value is set to `Allow`, then no
+  // matched parameters will be treated as successful validation by the binding.
+  // If set to `Deny`, then no matched parameters will be subject to the
+  // `failurePolicy` of the policy.
+  //
+  // Allowed values are `Allow` or `Deny`
+  //
+  // Required
+  optional string parameterNotFoundAction = 4;
+}
+
 // ServiceReference holds a reference to Service.legacy.k8s.io
 message ServiceReference {
   // `namespace` is the namespace of the service.
@@ -277,6 +504,248 @@ message ServiceReference {
   optional int32 port = 4;
 }
 
+// TypeChecking contains results of type checking the expressions in the
+// ValidatingAdmissionPolicy
+message TypeChecking {
+  // The type checking warnings for each expression.
+  // +optional
+  // +listType=atomic
+  repeated ExpressionWarning expressionWarnings = 1;
+}
+
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +genclient
+// +genclient:nonNamespaced
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +k8s:prerelease-lifecycle-gen:introduced=1.28
+// ValidatingAdmissionPolicy describes the definition of an admission validation policy that accepts or rejects an object without changing it.
+message ValidatingAdmissionPolicy {
+  // Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
+  // +optional
+  optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
+
+  // Specification of the desired behavior of the ValidatingAdmissionPolicy.
+  optional ValidatingAdmissionPolicySpec spec = 2;
+
+  // The status of the ValidatingAdmissionPolicy, including warnings that are useful to determine if the policy
+  // behaves in the expected way.
+  // Populated by the system.
+  // Read-only.
+  // +optional
+  optional ValidatingAdmissionPolicyStatus status = 3;
+}
+
+// ValidatingAdmissionPolicyBinding binds the ValidatingAdmissionPolicy with paramerized resources.
+// ValidatingAdmissionPolicyBinding and parameter CRDs together define how cluster administrators configure policies for clusters.
+//
+// For a given admission request, each binding will cause its policy to be
+// evaluated N times, where N is 1 for policies/bindings that don't use
+// params, otherwise N is the number of parameters selected by the binding.
+//
+// The CEL expressions of a policy must have a computed CEL cost below the maximum
+// CEL budget. Each evaluation of the policy is given an independent CEL cost budget.
+// Adding/removing policies, bindings, or params can not affect whether a
+// given (policy, binding, param) combination is within its own CEL budget.
+message ValidatingAdmissionPolicyBinding {
+  // Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
+  // +optional
+  optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
+
+  // Specification of the desired behavior of the ValidatingAdmissionPolicyBinding.
+  optional ValidatingAdmissionPolicyBindingSpec spec = 2;
+}
+
+// ValidatingAdmissionPolicyBindingList is a list of ValidatingAdmissionPolicyBinding.
+message ValidatingAdmissionPolicyBindingList {
+  // Standard list metadata.
+  // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+  // +optional
+  optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
+
+  // List of PolicyBinding.
+  repeated ValidatingAdmissionPolicyBinding items = 2;
+}
+
+// ValidatingAdmissionPolicyBindingSpec is the specification of the ValidatingAdmissionPolicyBinding.
+message ValidatingAdmissionPolicyBindingSpec {
+  // PolicyName references a ValidatingAdmissionPolicy name which the ValidatingAdmissionPolicyBinding binds to.
+  // If the referenced resource does not exist, this binding is considered invalid and will be ignored
+  // Required.
+  optional string policyName = 1;
+
+  // paramRef specifies the parameter resource used to configure the admission control policy.
+  // It should point to a resource of the type specified in ParamKind of the bound ValidatingAdmissionPolicy.
+  // If the policy specifies a ParamKind and the resource referred to by ParamRef does not exist, this binding is considered mis-configured and the FailurePolicy of the ValidatingAdmissionPolicy applied.
+  // If the policy does not specify a ParamKind then this field is ignored, and the rules are evaluated without a param.
+  // +optional
+  optional ParamRef paramRef = 2;
+
+  // MatchResources declares what resources match this binding and will be validated by it.
+  // Note that this is intersected with the policy's matchConstraints, so only requests that are matched by the policy can be selected by this.
+  // If this is unset, all resources matched by the policy are validated by this binding
+  // When resourceRules is unset, it does not constrain resource matching. If a resource is matched by the other fields of this object, it will be validated.
+  // Note that this is differs from ValidatingAdmissionPolicy matchConstraints, where resourceRules are required.
+  // +optional
+  optional MatchResources matchResources = 3;
+
+  // validationActions declares how Validations of the referenced ValidatingAdmissionPolicy are enforced.
+  // If a validation evaluates to false it is always enforced according to these actions.
+  //
+  // Failures defined by the ValidatingAdmissionPolicy's FailurePolicy are enforced according
+  // to these actions only if the FailurePolicy is set to Fail, otherwise the failures are
+  // ignored. This includes compilation errors, runtime errors and misconfigurations of the policy.
+  //
+  // validationActions is declared as a set of action values. Order does
+  // not matter. validationActions may not contain duplicates of the same action.
+  //
+  // The supported actions values are:
+  //
+  // "Deny" specifies that a validation failure results in a denied request.
+  //
+  // "Warn" specifies that a validation failure is reported to the request client
+  // in HTTP Warning headers, with a warning code of 299. Warnings can be sent
+  // both for allowed or denied admission responses.
+  //
+  // "Audit" specifies that a validation failure is included in the published
+  // audit event for the request. The audit event will contain a
+  // `validation.policy.admission.k8s.io/validation_failure` audit annotation
+  // with a value containing the details of the validation failures, formatted as
+  // a JSON list of objects, each with the following fields:
+  // - message: The validation failure message string
+  // - policy: The resource name of the ValidatingAdmissionPolicy
+  // - binding: The resource name of the ValidatingAdmissionPolicyBinding
+  // - expressionIndex: The index of the failed validations in the ValidatingAdmissionPolicy
+  // - validationActions: The enforcement actions enacted for the validation failure
+  // Example audit annotation:
+  // `"validation.policy.admission.k8s.io/validation_failure": "[{\"message\": \"Invalid value\", {\"policy\": \"policy.example.com\", {\"binding\": \"policybinding.example.com\", {\"expressionIndex\": \"1\", {\"validationActions\": [\"Audit\"]}]"`
+  //
+  // Clients should expect to handle additional values by ignoring
+  // any values not recognized.
+  //
+  // "Deny" and "Warn" may not be used together since this combination
+  // needlessly duplicates the validation failure both in the
+  // API response body and the HTTP warning headers.
+  //
+  // Required.
+  // +listType=set
+  repeated string validationActions = 4;
+}
+
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +k8s:prerelease-lifecycle-gen:introduced=1.28
+// ValidatingAdmissionPolicyList is a list of ValidatingAdmissionPolicy.
+message ValidatingAdmissionPolicyList {
+  // Standard list metadata.
+  // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+  // +optional
+  optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
+
+  // List of ValidatingAdmissionPolicy.
+  repeated ValidatingAdmissionPolicy items = 2;
+}
+
+// ValidatingAdmissionPolicySpec is the specification of the desired behavior of the AdmissionPolicy.
+message ValidatingAdmissionPolicySpec {
+  // ParamKind specifies the kind of resources used to parameterize this policy.
+  // If absent, there are no parameters for this policy and the param CEL variable will not be provided to validation expressions.
+  // If ParamKind refers to a non-existent kind, this policy definition is mis-configured and the FailurePolicy is applied.
+  // If paramKind is specified but paramRef is unset in ValidatingAdmissionPolicyBinding, the params variable will be null.
+  // +optional
+  optional ParamKind paramKind = 1;
+
+  // MatchConstraints specifies what resources this policy is designed to validate.
+  // The AdmissionPolicy cares about a request if it matches _all_ Constraints.
+  // However, in order to prevent clusters from being put into an unstable state that cannot be recovered from via the API
+  // ValidatingAdmissionPolicy cannot match ValidatingAdmissionPolicy and ValidatingAdmissionPolicyBinding.
+  // Required.
+  optional MatchResources matchConstraints = 2;
+
+  // Validations contain CEL expressions which is used to apply the validation.
+  // Validations and AuditAnnotations may not both be empty; a minimum of one Validations or AuditAnnotations is
+  // required.
+  // +listType=atomic
+  // +optional
+  repeated Validation validations = 3;
+
+  // failurePolicy defines how to handle failures for the admission policy. Failures can
+  // occur from CEL expression parse errors, type check errors, runtime errors and invalid
+  // or mis-configured policy definitions or bindings.
+  //
+  // A policy is invalid if spec.paramKind refers to a non-existent Kind.
+  // A binding is invalid if spec.paramRef.name refers to a non-existent resource.
+  //
+  // failurePolicy does not define how validations that evaluate to false are handled.
+  //
+  // When failurePolicy is set to Fail, ValidatingAdmissionPolicyBinding validationActions
+  // define how failures are enforced.
+  //
+  // Allowed values are Ignore or Fail. Defaults to Fail.
+  // +optional
+  optional string failurePolicy = 4;
+
+  // auditAnnotations contains CEL expressions which are used to produce audit
+  // annotations for the audit event of the API request.
+  // validations and auditAnnotations may not both be empty; a least one of validations or auditAnnotations is
+  // required.
+  // +listType=atomic
+  // +optional
+  repeated AuditAnnotation auditAnnotations = 5;
+
+  // MatchConditions is a list of conditions that must be met for a request to be validated.
+  // Match conditions filter requests that have already been matched by the rules,
+  // namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests.
+  // There are a maximum of 64 match conditions allowed.
+  //
+  // If a parameter object is provided, it can be accessed via the `params` handle in the same
+  // manner as validation expressions.
+  //
+  // The exact matching logic is (in order):
+  //   1. If ANY matchCondition evaluates to FALSE, the policy is skipped.
+  //   2. If ALL matchConditions evaluate to TRUE, the policy is evaluated.
+  //   3. If any matchCondition evaluates to an error (but none are FALSE):
+  //      - If failurePolicy=Fail, reject the request
+  //      - If failurePolicy=Ignore, the policy is skipped
+  //
+  // +patchMergeKey=name
+  // +patchStrategy=merge
+  // +listType=map
+  // +listMapKey=name
+  // +optional
+  repeated MatchCondition matchConditions = 6;
+
+  // Variables contain definitions of variables that can be used in composition of other expressions.
+  // Each variable is defined as a named CEL expression.
+  // The variables defined here will be available under `variables` in other expressions of the policy
+  // except MatchConditions because MatchConditions are evaluated before the rest of the policy.
+  //
+  // The expression of a variable can refer to other variables defined earlier in the list but not those after.
+  // Thus, Variables must be sorted by the order of first appearance and acyclic.
+  // +patchMergeKey=name
+  // +patchStrategy=merge
+  // +listType=map
+  // +listMapKey=name
+  // +optional
+  repeated Variable variables = 7;
+}
+
+// ValidatingAdmissionPolicyStatus represents the status of an admission validation policy.
+message ValidatingAdmissionPolicyStatus {
+  // The generation observed by the controller.
+  // +optional
+  optional int64 observedGeneration = 1;
+
+  // The results of type checking for each expression.
+  // Presence of this field indicates the completion of the type checking.
+  // +optional
+  optional TypeChecking typeChecking = 2;
+
+  // The conditions represent the latest available observations of a policy's current state.
+  // +optional
+  // +listType=map
+  // +listMapKey=type
+  repeated k8s.io.apimachinery.pkg.apis.meta.v1.Condition conditions = 3;
+}
+
 // ValidatingWebhook describes an admission webhook and the resources and operations it applies to.
 message ValidatingWebhook {
   // The name of the admission webhook.
@@ -420,7 +889,7 @@ message ValidatingWebhook {
   //      - If failurePolicy=Fail, reject the request
   //      - If failurePolicy=Ignore, the error is ignored and the webhook is skipped
   //
-  // This is an alpha feature and managed by the AdmissionWebhookMatchConditions feature gate.
+  // This is a beta feature and managed by the AdmissionWebhookMatchConditions feature gate.
   //
   // +patchMergeKey=name
   // +patchStrategy=merge
@@ -456,6 +925,97 @@ message ValidatingWebhookConfigurationList {
   repeated ValidatingWebhookConfiguration items = 2;
 }
 
+// Validation specifies the CEL expression which is used to apply the validation.
+message Validation {
+  // Expression represents the expression which will be evaluated by CEL.
+  // ref: https://github.com/google/cel-spec
+  // CEL expressions have access to the contents of the API request/response, organized into CEL variables as well as some other useful variables:
+  //
+  // - 'object' - The object from the incoming request. The value is null for DELETE requests.
+  // - 'oldObject' - The existing object. The value is null for CREATE requests.
+  // - 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)).
+  // - 'params' - Parameter resource referred to by the policy binding being evaluated. Only populated if the policy has a ParamKind.
+  // - 'namespaceObject' - The namespace object that the incoming object belongs to. The value is null for cluster-scoped resources.
+  // - 'variables' - Map of composited variables, from its name to its lazily evaluated value.
+  //   For example, a variable named 'foo' can be accessed as 'variables.foo'.
+  // - 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.
+  //   See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz
+  // - 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the
+  //   request resource.
+  //
+  // The `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the
+  // object. No other metadata properties are accessible.
+  //
+  // Only property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible.
+  // Accessible property names are escaped according to the following rules when accessed in the expression:
+  // - '__' escapes to '__underscores__'
+  // - '.' escapes to '__dot__'
+  // - '-' escapes to '__dash__'
+  // - '/' escapes to '__slash__'
+  // - Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are:
+  // 	  "true", "false", "null", "in", "as", "break", "const", "continue", "else", "for", "function", "if",
+  // 	  "import", "let", "loop", "package", "namespace", "return".
+  // Examples:
+  //   - Expression accessing a property named "namespace": {"Expression": "object.__namespace__ > 0"}
+  //   - Expression accessing a property named "x-prop": {"Expression": "object.x__dash__prop > 0"}
+  //   - Expression accessing a property named "redact__d": {"Expression": "object.redact__underscores__d > 0"}
+  //
+  // Equality on arrays with list type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1].
+  // Concatenation on arrays with x-kubernetes-list-type use the semantics of the list type:
+  //   - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and
+  //     non-intersecting elements in `Y` are appended, retaining their partial order.
+  //   - 'map': `X + Y` performs a merge where the array positions of all keys in `X` are preserved but the values
+  //     are overwritten by values in `Y` when the key sets of `X` and `Y` intersect. Elements in `Y` with
+  //     non-intersecting keys are appended, retaining their partial order.
+  // Required.
+  optional string Expression = 1;
+
+  // Message represents the message displayed when validation fails. The message is required if the Expression contains
+  // line breaks. The message must not contain line breaks.
+  // If unset, the message is "failed rule: {Rule}".
+  // e.g. "must be a URL with the host matching spec.host"
+  // If the Expression contains line breaks. Message is required.
+  // The message must not contain line breaks.
+  // If unset, the message is "failed Expression: {Expression}".
+  // +optional
+  optional string message = 2;
+
+  // Reason represents a machine-readable description of why this validation failed.
+  // If this is the first validation in the list to fail, this reason, as well as the
+  // corresponding HTTP response code, are used in the
+  // HTTP response to the client.
+  // The currently supported reasons are: "Unauthorized", "Forbidden", "Invalid", "RequestEntityTooLarge".
+  // If not set, StatusReasonInvalid is used in the response to the client.
+  // +optional
+  optional string reason = 3;
+
+  // messageExpression declares a CEL expression that evaluates to the validation failure message that is returned when this rule fails.
+  // Since messageExpression is used as a failure message, it must evaluate to a string.
+  // If both message and messageExpression are present on a validation, then messageExpression will be used if validation fails.
+  // If messageExpression results in a runtime error, the runtime error is logged, and the validation failure message is produced
+  // as if the messageExpression field were unset. If messageExpression evaluates to an empty string, a string with only spaces, or a string
+  // that contains line breaks, then the validation failure message will also be produced as if the messageExpression field were unset, and
+  // the fact that messageExpression produced an empty string/string with only spaces/string with line breaks will be logged.
+  // messageExpression has access to all the same variables as the `expression` except for 'authorizer' and 'authorizer.requestResource'.
+  // Example:
+  // "object.x must be less than max ("+string(params.max)+")"
+  // +optional
+  optional string messageExpression = 4;
+}
+
+// Variable is the definition of a variable that is used for composition. A variable is defined as a named expression.
+// +structType=atomic
+message Variable {
+  // Name is the name of the variable. The name must be a valid CEL identifier and unique among all variables.
+  // The variable can be accessed in other expressions through `variables`
+  // For example, if name is "foo", the variable will be available as `variables.foo`
+  optional string Name = 1;
+
+  // Expression is the expression that will be evaluated as the value of the variable.
+  // The CEL expression has access to the same identifiers as the CEL expressions in Validation.
+  optional string Expression = 2;
+}
+
 // WebhookClientConfig contains the information to make a TLS
 // connection with the webhook
 message WebhookClientConfig {
diff --git a/vendor/k8s.io/api/admissionregistration/v1beta1/register.go b/vendor/k8s.io/api/admissionregistration/v1beta1/register.go
index 098744cf63..363233a2f9 100644
--- a/vendor/k8s.io/api/admissionregistration/v1beta1/register.go
+++ b/vendor/k8s.io/api/admissionregistration/v1beta1/register.go
@@ -50,6 +50,10 @@ func addKnownTypes(scheme *runtime.Scheme) error {
 		&ValidatingWebhookConfigurationList{},
 		&MutatingWebhookConfiguration{},
 		&MutatingWebhookConfigurationList{},
+		&ValidatingAdmissionPolicy{},
+		&ValidatingAdmissionPolicyList{},
+		&ValidatingAdmissionPolicyBinding{},
+		&ValidatingAdmissionPolicyBindingList{},
 	)
 	metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
 	return nil
diff --git a/vendor/k8s.io/api/admissionregistration/v1beta1/types.go b/vendor/k8s.io/api/admissionregistration/v1beta1/types.go
index 82ee7df9ba..c199702fbd 100644
--- a/vendor/k8s.io/api/admissionregistration/v1beta1/types.go
+++ b/vendor/k8s.io/api/admissionregistration/v1beta1/types.go
@@ -38,6 +38,18 @@ const (
 	AllScopes ScopeType = v1.AllScopes
 )
 
+// ParameterNotFoundActionType specifies a failure policy that defines how a binding
+// is evaluated when the param referred by its perNamespaceParamRef is not found.
+type ParameterNotFoundActionType string
+
+const (
+	// Allow means all requests will be admitted if no param resources
+	// could be found.
+	AllowAction ParameterNotFoundActionType = "Allow"
+	// Deny means all requests will be denied if no param resources are found.
+	DenyAction ParameterNotFoundActionType = "Deny"
+)
+
 // FailurePolicyType specifies a failure policy that defines how unrecognized errors from the admission endpoint are handled.
 type FailurePolicyType string
 
@@ -75,6 +87,584 @@ const (
 	SideEffectClassNoneOnDryRun SideEffectClass = "NoneOnDryRun"
 )
 
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +genclient
+// +genclient:nonNamespaced
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +k8s:prerelease-lifecycle-gen:introduced=1.28
+// ValidatingAdmissionPolicy describes the definition of an admission validation policy that accepts or rejects an object without changing it.
+type ValidatingAdmissionPolicy struct {
+	metav1.TypeMeta `json:",inline"`
+	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
+	// +optional
+	metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
+	// Specification of the desired behavior of the ValidatingAdmissionPolicy.
+	Spec ValidatingAdmissionPolicySpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"`
+	// The status of the ValidatingAdmissionPolicy, including warnings that are useful to determine if the policy
+	// behaves in the expected way.
+	// Populated by the system.
+	// Read-only.
+	// +optional
+	Status ValidatingAdmissionPolicyStatus `json:"status,omitempty" protobuf:"bytes,3,opt,name=status"`
+}
+
+// ValidatingAdmissionPolicyStatus represents the status of an admission validation policy.
+type ValidatingAdmissionPolicyStatus struct {
+	// The generation observed by the controller.
+	// +optional
+	ObservedGeneration int64 `json:"observedGeneration,omitempty" protobuf:"varint,1,opt,name=observedGeneration"`
+	// The results of type checking for each expression.
+	// Presence of this field indicates the completion of the type checking.
+	// +optional
+	TypeChecking *TypeChecking `json:"typeChecking,omitempty" protobuf:"bytes,2,opt,name=typeChecking"`
+	// The conditions represent the latest available observations of a policy's current state.
+	// +optional
+	// +listType=map
+	// +listMapKey=type
+	Conditions []metav1.Condition `json:"conditions,omitempty" protobuf:"bytes,3,rep,name=conditions"`
+}
+
+// ValidatingAdmissionPolicyConditionType is the condition type of admission validation policy.
+type ValidatingAdmissionPolicyConditionType string
+
+// TypeChecking contains results of type checking the expressions in the
+// ValidatingAdmissionPolicy
+type TypeChecking struct {
+	// The type checking warnings for each expression.
+	// +optional
+	// +listType=atomic
+	ExpressionWarnings []ExpressionWarning `json:"expressionWarnings,omitempty" protobuf:"bytes,1,rep,name=expressionWarnings"`
+}
+
+// ExpressionWarning is a warning information that targets a specific expression.
+type ExpressionWarning struct {
+	// The path to the field that refers the expression.
+	// For example, the reference to the expression of the first item of
+	// validations is "spec.validations[0].expression"
+	FieldRef string `json:"fieldRef" protobuf:"bytes,2,opt,name=fieldRef"`
+	// The content of type checking information in a human-readable form.
+	// Each line of the warning contains the type that the expression is checked
+	// against, followed by the type check error from the compiler.
+	Warning string `json:"warning" protobuf:"bytes,3,opt,name=warning"`
+}
+
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +k8s:prerelease-lifecycle-gen:introduced=1.28
+// ValidatingAdmissionPolicyList is a list of ValidatingAdmissionPolicy.
+type ValidatingAdmissionPolicyList struct {
+	metav1.TypeMeta `json:",inline"`
+	// Standard list metadata.
+	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+	// +optional
+	metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
+	// List of ValidatingAdmissionPolicy.
+	Items []ValidatingAdmissionPolicy `json:"items,omitempty" protobuf:"bytes,2,rep,name=items"`
+}
+
+// ValidatingAdmissionPolicySpec is the specification of the desired behavior of the AdmissionPolicy.
+type ValidatingAdmissionPolicySpec struct {
+	// ParamKind specifies the kind of resources used to parameterize this policy.
+	// If absent, there are no parameters for this policy and the param CEL variable will not be provided to validation expressions.
+	// If ParamKind refers to a non-existent kind, this policy definition is mis-configured and the FailurePolicy is applied.
+	// If paramKind is specified but paramRef is unset in ValidatingAdmissionPolicyBinding, the params variable will be null.
+	// +optional
+	ParamKind *ParamKind `json:"paramKind,omitempty" protobuf:"bytes,1,rep,name=paramKind"`
+
+	// MatchConstraints specifies what resources this policy is designed to validate.
+	// The AdmissionPolicy cares about a request if it matches _all_ Constraints.
+	// However, in order to prevent clusters from being put into an unstable state that cannot be recovered from via the API
+	// ValidatingAdmissionPolicy cannot match ValidatingAdmissionPolicy and ValidatingAdmissionPolicyBinding.
+	// Required.
+	MatchConstraints *MatchResources `json:"matchConstraints,omitempty" protobuf:"bytes,2,rep,name=matchConstraints"`
+
+	// Validations contain CEL expressions which is used to apply the validation.
+	// Validations and AuditAnnotations may not both be empty; a minimum of one Validations or AuditAnnotations is
+	// required.
+	// +listType=atomic
+	// +optional
+	Validations []Validation `json:"validations,omitempty" protobuf:"bytes,3,rep,name=validations"`
+
+	// failurePolicy defines how to handle failures for the admission policy. Failures can
+	// occur from CEL expression parse errors, type check errors, runtime errors and invalid
+	// or mis-configured policy definitions or bindings.
+	//
+	// A policy is invalid if spec.paramKind refers to a non-existent Kind.
+	// A binding is invalid if spec.paramRef.name refers to a non-existent resource.
+	//
+	// failurePolicy does not define how validations that evaluate to false are handled.
+	//
+	// When failurePolicy is set to Fail, ValidatingAdmissionPolicyBinding validationActions
+	// define how failures are enforced.
+	//
+	// Allowed values are Ignore or Fail. Defaults to Fail.
+	// +optional
+	FailurePolicy *FailurePolicyType `json:"failurePolicy,omitempty" protobuf:"bytes,4,opt,name=failurePolicy,casttype=FailurePolicyType"`
+
+	// auditAnnotations contains CEL expressions which are used to produce audit
+	// annotations for the audit event of the API request.
+	// validations and auditAnnotations may not both be empty; a least one of validations or auditAnnotations is
+	// required.
+	// +listType=atomic
+	// +optional
+	AuditAnnotations []AuditAnnotation `json:"auditAnnotations,omitempty" protobuf:"bytes,5,rep,name=auditAnnotations"`
+
+	// MatchConditions is a list of conditions that must be met for a request to be validated.
+	// Match conditions filter requests that have already been matched by the rules,
+	// namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests.
+	// There are a maximum of 64 match conditions allowed.
+	//
+	// If a parameter object is provided, it can be accessed via the `params` handle in the same
+	// manner as validation expressions.
+	//
+	// The exact matching logic is (in order):
+	//   1. If ANY matchCondition evaluates to FALSE, the policy is skipped.
+	//   2. If ALL matchConditions evaluate to TRUE, the policy is evaluated.
+	//   3. If any matchCondition evaluates to an error (but none are FALSE):
+	//      - If failurePolicy=Fail, reject the request
+	//      - If failurePolicy=Ignore, the policy is skipped
+	//
+	// +patchMergeKey=name
+	// +patchStrategy=merge
+	// +listType=map
+	// +listMapKey=name
+	// +optional
+	MatchConditions []MatchCondition `json:"matchConditions,omitempty" patchStrategy:"merge" patchMergeKey:"name" protobuf:"bytes,6,rep,name=matchConditions"`
+
+	// Variables contain definitions of variables that can be used in composition of other expressions.
+	// Each variable is defined as a named CEL expression.
+	// The variables defined here will be available under `variables` in other expressions of the policy
+	// except MatchConditions because MatchConditions are evaluated before the rest of the policy.
+	//
+	// The expression of a variable can refer to other variables defined earlier in the list but not those after.
+	// Thus, Variables must be sorted by the order of first appearance and acyclic.
+	// +patchMergeKey=name
+	// +patchStrategy=merge
+	// +listType=map
+	// +listMapKey=name
+	// +optional
+	Variables []Variable `json:"variables" patchStrategy:"merge" patchMergeKey:"name" protobuf:"bytes,7,rep,name=variables"`
+}
+
+// ParamKind is a tuple of Group Kind and Version.
+// +structType=atomic
+type ParamKind struct {
+	// APIVersion is the API group version the resources belong to.
+	// In format of "group/version".
+	// Required.
+	APIVersion string `json:"apiVersion,omitempty" protobuf:"bytes,1,rep,name=apiVersion"`
+
+	// Kind is the API kind the resources belong to.
+	// Required.
+	Kind string `json:"kind,omitempty" protobuf:"bytes,2,rep,name=kind"`
+}
+
+// Validation specifies the CEL expression which is used to apply the validation.
+type Validation struct {
+	// Expression represents the expression which will be evaluated by CEL.
+	// ref: https://github.com/google/cel-spec
+	// CEL expressions have access to the contents of the API request/response, organized into CEL variables as well as some other useful variables:
+	//
+	// - 'object' - The object from the incoming request. The value is null for DELETE requests.
+	// - 'oldObject' - The existing object. The value is null for CREATE requests.
+	// - 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)).
+	// - 'params' - Parameter resource referred to by the policy binding being evaluated. Only populated if the policy has a ParamKind.
+	// - 'namespaceObject' - The namespace object that the incoming object belongs to. The value is null for cluster-scoped resources.
+	// - 'variables' - Map of composited variables, from its name to its lazily evaluated value.
+	//   For example, a variable named 'foo' can be accessed as 'variables.foo'.
+	// - 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.
+	//   See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz
+	// - 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the
+	//   request resource.
+	//
+	// The `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the
+	// object. No other metadata properties are accessible.
+	//
+	// Only property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible.
+	// Accessible property names are escaped according to the following rules when accessed in the expression:
+	// - '__' escapes to '__underscores__'
+	// - '.' escapes to '__dot__'
+	// - '-' escapes to '__dash__'
+	// - '/' escapes to '__slash__'
+	// - Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are:
+	//	  "true", "false", "null", "in", "as", "break", "const", "continue", "else", "for", "function", "if",
+	//	  "import", "let", "loop", "package", "namespace", "return".
+	// Examples:
+	//   - Expression accessing a property named "namespace": {"Expression": "object.__namespace__ > 0"}
+	//   - Expression accessing a property named "x-prop": {"Expression": "object.x__dash__prop > 0"}
+	//   - Expression accessing a property named "redact__d": {"Expression": "object.redact__underscores__d > 0"}
+	//
+	// Equality on arrays with list type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1].
+	// Concatenation on arrays with x-kubernetes-list-type use the semantics of the list type:
+	//   - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and
+	//     non-intersecting elements in `Y` are appended, retaining their partial order.
+	//   - 'map': `X + Y` performs a merge where the array positions of all keys in `X` are preserved but the values
+	//     are overwritten by values in `Y` when the key sets of `X` and `Y` intersect. Elements in `Y` with
+	//     non-intersecting keys are appended, retaining their partial order.
+	// Required.
+	Expression string `json:"expression" protobuf:"bytes,1,opt,name=Expression"`
+	// Message represents the message displayed when validation fails. The message is required if the Expression contains
+	// line breaks. The message must not contain line breaks.
+	// If unset, the message is "failed rule: {Rule}".
+	// e.g. "must be a URL with the host matching spec.host"
+	// If the Expression contains line breaks. Message is required.
+	// The message must not contain line breaks.
+	// If unset, the message is "failed Expression: {Expression}".
+	// +optional
+	Message string `json:"message,omitempty" protobuf:"bytes,2,opt,name=message"`
+	// Reason represents a machine-readable description of why this validation failed.
+	// If this is the first validation in the list to fail, this reason, as well as the
+	// corresponding HTTP response code, are used in the
+	// HTTP response to the client.
+	// The currently supported reasons are: "Unauthorized", "Forbidden", "Invalid", "RequestEntityTooLarge".
+	// If not set, StatusReasonInvalid is used in the response to the client.
+	// +optional
+	Reason *metav1.StatusReason `json:"reason,omitempty" protobuf:"bytes,3,opt,name=reason"`
+	// messageExpression declares a CEL expression that evaluates to the validation failure message that is returned when this rule fails.
+	// Since messageExpression is used as a failure message, it must evaluate to a string.
+	// If both message and messageExpression are present on a validation, then messageExpression will be used if validation fails.
+	// If messageExpression results in a runtime error, the runtime error is logged, and the validation failure message is produced
+	// as if the messageExpression field were unset. If messageExpression evaluates to an empty string, a string with only spaces, or a string
+	// that contains line breaks, then the validation failure message will also be produced as if the messageExpression field were unset, and
+	// the fact that messageExpression produced an empty string/string with only spaces/string with line breaks will be logged.
+	// messageExpression has access to all the same variables as the `expression` except for 'authorizer' and 'authorizer.requestResource'.
+	// Example:
+	// "object.x must be less than max ("+string(params.max)+")"
+	// +optional
+	MessageExpression string `json:"messageExpression,omitempty" protobuf:"bytes,4,opt,name=messageExpression"`
+}
+
+// Variable is the definition of a variable that is used for composition. A variable is defined as a named expression.
+// +structType=atomic
+type Variable struct {
+	// Name is the name of the variable. The name must be a valid CEL identifier and unique among all variables.
+	// The variable can be accessed in other expressions through `variables`
+	// For example, if name is "foo", the variable will be available as `variables.foo`
+	Name string `json:"name" protobuf:"bytes,1,opt,name=Name"`
+
+	// Expression is the expression that will be evaluated as the value of the variable.
+	// The CEL expression has access to the same identifiers as the CEL expressions in Validation.
+	Expression string `json:"expression" protobuf:"bytes,2,opt,name=Expression"`
+}
+
+// AuditAnnotation describes how to produce an audit annotation for an API request.
+type AuditAnnotation struct {
+	// key specifies the audit annotation key. The audit annotation keys of
+	// a ValidatingAdmissionPolicy must be unique. The key must be a qualified
+	// name ([A-Za-z0-9][-A-Za-z0-9_.]*) no more than 63 bytes in length.
+	//
+	// The key is combined with the resource name of the
+	// ValidatingAdmissionPolicy to construct an audit annotation key:
+	// "{ValidatingAdmissionPolicy name}/{key}".
+	//
+	// If an admission webhook uses the same resource name as this ValidatingAdmissionPolicy
+	// and the same audit annotation key, the annotation key will be identical.
+	// In this case, the first annotation written with the key will be included
+	// in the audit event and all subsequent annotations with the same key
+	// will be discarded.
+	//
+	// Required.
+	Key string `json:"key" protobuf:"bytes,1,opt,name=key"`
+
+	// valueExpression represents the expression which is evaluated by CEL to
+	// produce an audit annotation value. The expression must evaluate to either
+	// a string or null value. If the expression evaluates to a string, the
+	// audit annotation is included with the string value. If the expression
+	// evaluates to null or empty string the audit annotation will be omitted.
+	// The valueExpression may be no longer than 5kb in length.
+	// If the result of the valueExpression is more than 10kb in length, it
+	// will be truncated to 10kb.
+	//
+	// If multiple ValidatingAdmissionPolicyBinding resources match an
+	// API request, then the valueExpression will be evaluated for
+	// each binding. All unique values produced by the valueExpressions
+	// will be joined together in a comma-separated list.
+	//
+	// Required.
+	ValueExpression string `json:"valueExpression" protobuf:"bytes,2,opt,name=valueExpression"`
+}
+
+// +genclient
+// +genclient:nonNamespaced
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +k8s:prerelease-lifecycle-gen:introduced=1.28
+
+// ValidatingAdmissionPolicyBinding binds the ValidatingAdmissionPolicy with paramerized resources.
+// ValidatingAdmissionPolicyBinding and parameter CRDs together define how cluster administrators configure policies for clusters.
+//
+// For a given admission request, each binding will cause its policy to be
+// evaluated N times, where N is 1 for policies/bindings that don't use
+// params, otherwise N is the number of parameters selected by the binding.
+//
+// The CEL expressions of a policy must have a computed CEL cost below the maximum
+// CEL budget. Each evaluation of the policy is given an independent CEL cost budget.
+// Adding/removing policies, bindings, or params can not affect whether a
+// given (policy, binding, param) combination is within its own CEL budget.
+type ValidatingAdmissionPolicyBinding struct {
+	metav1.TypeMeta `json:",inline"`
+	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
+	// +optional
+	metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
+	// Specification of the desired behavior of the ValidatingAdmissionPolicyBinding.
+	Spec ValidatingAdmissionPolicyBindingSpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"`
+}
+
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +k8s:prerelease-lifecycle-gen:introduced=1.28
+
+// ValidatingAdmissionPolicyBindingList is a list of ValidatingAdmissionPolicyBinding.
+type ValidatingAdmissionPolicyBindingList struct {
+	metav1.TypeMeta `json:",inline"`
+	// Standard list metadata.
+	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+	// +optional
+	metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
+	// List of PolicyBinding.
+	Items []ValidatingAdmissionPolicyBinding `json:"items,omitempty" protobuf:"bytes,2,rep,name=items"`
+}
+
+// ValidatingAdmissionPolicyBindingSpec is the specification of the ValidatingAdmissionPolicyBinding.
+type ValidatingAdmissionPolicyBindingSpec struct {
+	// PolicyName references a ValidatingAdmissionPolicy name which the ValidatingAdmissionPolicyBinding binds to.
+	// If the referenced resource does not exist, this binding is considered invalid and will be ignored
+	// Required.
+	PolicyName string `json:"policyName,omitempty" protobuf:"bytes,1,rep,name=policyName"`
+
+	// paramRef specifies the parameter resource used to configure the admission control policy.
+	// It should point to a resource of the type specified in ParamKind of the bound ValidatingAdmissionPolicy.
+	// If the policy specifies a ParamKind and the resource referred to by ParamRef does not exist, this binding is considered mis-configured and the FailurePolicy of the ValidatingAdmissionPolicy applied.
+	// If the policy does not specify a ParamKind then this field is ignored, and the rules are evaluated without a param.
+	// +optional
+	ParamRef *ParamRef `json:"paramRef,omitempty" protobuf:"bytes,2,rep,name=paramRef"`
+
+	// MatchResources declares what resources match this binding and will be validated by it.
+	// Note that this is intersected with the policy's matchConstraints, so only requests that are matched by the policy can be selected by this.
+	// If this is unset, all resources matched by the policy are validated by this binding
+	// When resourceRules is unset, it does not constrain resource matching. If a resource is matched by the other fields of this object, it will be validated.
+	// Note that this is differs from ValidatingAdmissionPolicy matchConstraints, where resourceRules are required.
+	// +optional
+	MatchResources *MatchResources `json:"matchResources,omitempty" protobuf:"bytes,3,rep,name=matchResources"`
+
+	// validationActions declares how Validations of the referenced ValidatingAdmissionPolicy are enforced.
+	// If a validation evaluates to false it is always enforced according to these actions.
+	//
+	// Failures defined by the ValidatingAdmissionPolicy's FailurePolicy are enforced according
+	// to these actions only if the FailurePolicy is set to Fail, otherwise the failures are
+	// ignored. This includes compilation errors, runtime errors and misconfigurations of the policy.
+	//
+	// validationActions is declared as a set of action values. Order does
+	// not matter. validationActions may not contain duplicates of the same action.
+	//
+	// The supported actions values are:
+	//
+	// "Deny" specifies that a validation failure results in a denied request.
+	//
+	// "Warn" specifies that a validation failure is reported to the request client
+	// in HTTP Warning headers, with a warning code of 299. Warnings can be sent
+	// both for allowed or denied admission responses.
+	//
+	// "Audit" specifies that a validation failure is included in the published
+	// audit event for the request. The audit event will contain a
+	// `validation.policy.admission.k8s.io/validation_failure` audit annotation
+	// with a value containing the details of the validation failures, formatted as
+	// a JSON list of objects, each with the following fields:
+	// - message: The validation failure message string
+	// - policy: The resource name of the ValidatingAdmissionPolicy
+	// - binding: The resource name of the ValidatingAdmissionPolicyBinding
+	// - expressionIndex: The index of the failed validations in the ValidatingAdmissionPolicy
+	// - validationActions: The enforcement actions enacted for the validation failure
+	// Example audit annotation:
+	// `"validation.policy.admission.k8s.io/validation_failure": "[{\"message\": \"Invalid value\", {\"policy\": \"policy.example.com\", {\"binding\": \"policybinding.example.com\", {\"expressionIndex\": \"1\", {\"validationActions\": [\"Audit\"]}]"`
+	//
+	// Clients should expect to handle additional values by ignoring
+	// any values not recognized.
+	//
+	// "Deny" and "Warn" may not be used together since this combination
+	// needlessly duplicates the validation failure both in the
+	// API response body and the HTTP warning headers.
+	//
+	// Required.
+	// +listType=set
+	ValidationActions []ValidationAction `json:"validationActions,omitempty" protobuf:"bytes,4,rep,name=validationActions"`
+}
+
+// ParamRef describes how to locate the params to be used as input to
+// expressions of rules applied by a policy binding.
+// +structType=atomic
+type ParamRef struct {
+	// name is the name of the resource being referenced.
+	//
+	// One of `name` or `selector` must be set, but `name` and `selector` are
+	// mutually exclusive properties. If one is set, the other must be unset.
+	//
+	// A single parameter used for all admission requests can be configured
+	// by setting the `name` field, leaving `selector` blank, and setting namespace
+	// if `paramKind` is namespace-scoped.
+	//
+	Name string `json:"name,omitempty" protobuf:"bytes,1,rep,name=name"`
+
+	// namespace is the namespace of the referenced resource. Allows limiting
+	// the search for params to a specific namespace. Applies to both `name` and
+	// `selector` fields.
+	//
+	// A per-namespace parameter may be used by specifying a namespace-scoped
+	// `paramKind` in the policy and leaving this field empty.
+	//
+	// - If `paramKind` is cluster-scoped, this field MUST be unset. Setting this
+	// field results in a configuration error.
+	//
+	// - If `paramKind` is namespace-scoped, the namespace of the object being
+	// evaluated for admission will be used when this field is left unset. Take
+	// care that if this is left empty the binding must not match any cluster-scoped
+	// resources, which will result in an error.
+	//
+	// +optional
+	Namespace string `json:"namespace,omitempty" protobuf:"bytes,2,rep,name=namespace"`
+
+	// selector can be used to match multiple param objects based on their labels.
+	// Supply selector: {} to match all resources of the ParamKind.
+	//
+	// If multiple params are found, they are all evaluated with the policy expressions
+	// and the results are ANDed together.
+	//
+	// One of `name` or `selector` must be set, but `name` and `selector` are
+	// mutually exclusive properties. If one is set, the other must be unset.
+	//
+	// +optional
+	Selector *metav1.LabelSelector `json:"selector,omitempty" protobuf:"bytes,3,rep,name=selector"`
+
+	// `parameterNotFoundAction` controls the behavior of the binding when the resource
+	// exists, and name or selector is valid, but there are no parameters
+	// matched by the binding. If the value is set to `Allow`, then no
+	// matched parameters will be treated as successful validation by the binding.
+	// If set to `Deny`, then no matched parameters will be subject to the
+	// `failurePolicy` of the policy.
+	//
+	// Allowed values are `Allow` or `Deny`
+	//
+	// Required
+	ParameterNotFoundAction *ParameterNotFoundActionType `json:"parameterNotFoundAction,omitempty" protobuf:"bytes,4,rep,name=parameterNotFoundAction"`
+}
+
+// MatchResources decides whether to run the admission control policy on an object based
+// on whether it meets the match criteria.
+// The exclude rules take precedence over include rules (if a resource matches both, it is excluded)
+// +structType=atomic
+type MatchResources struct {
+	// NamespaceSelector decides whether to run the admission control policy on an object based
+	// on whether the namespace for that object matches the selector. If the
+	// object itself is a namespace, the matching is performed on
+	// object.metadata.labels. If the object is another cluster scoped resource,
+	// it never skips the policy.
+	//
+	// For example, to run the webhook on any objects whose namespace is not
+	// associated with "runlevel" of "0" or "1";  you will set the selector as
+	// follows:
+	// "namespaceSelector": {
+	//   "matchExpressions": [
+	//     {
+	//       "key": "runlevel",
+	//       "operator": "NotIn",
+	//       "values": [
+	//         "0",
+	//         "1"
+	//       ]
+	//     }
+	//   ]
+	// }
+	//
+	// If instead you want to only run the policy on any objects whose
+	// namespace is associated with the "environment" of "prod" or "staging";
+	// you will set the selector as follows:
+	// "namespaceSelector": {
+	//   "matchExpressions": [
+	//     {
+	//       "key": "environment",
+	//       "operator": "In",
+	//       "values": [
+	//         "prod",
+	//         "staging"
+	//       ]
+	//     }
+	//   ]
+	// }
+	//
+	// See
+	// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+	// for more examples of label selectors.
+	//
+	// Default to the empty LabelSelector, which matches everything.
+	// +optional
+	NamespaceSelector *metav1.LabelSelector `json:"namespaceSelector,omitempty" protobuf:"bytes,1,opt,name=namespaceSelector"`
+	// ObjectSelector decides whether to run the validation based on if the
+	// object has matching labels. objectSelector is evaluated against both
+	// the oldObject and newObject that would be sent to the cel validation, and
+	// is considered to match if either object matches the selector. A null
+	// object (oldObject in the case of create, or newObject in the case of
+	// delete) or an object that cannot have labels (like a
+	// DeploymentRollback or a PodProxyOptions object) is not considered to
+	// match.
+	// Use the object selector only if the webhook is opt-in, because end
+	// users may skip the admission webhook by setting the labels.
+	// Default to the empty LabelSelector, which matches everything.
+	// +optional
+	ObjectSelector *metav1.LabelSelector `json:"objectSelector,omitempty" protobuf:"bytes,2,opt,name=objectSelector"`
+	// ResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy matches.
+	// The policy cares about an operation if it matches _any_ Rule.
+	// +listType=atomic
+	// +optional
+	ResourceRules []NamedRuleWithOperations `json:"resourceRules,omitempty" protobuf:"bytes,3,rep,name=resourceRules"`
+	// ExcludeResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy should not care about.
+	// The exclude rules take precedence over include rules (if a resource matches both, it is excluded)
+	// +listType=atomic
+	// +optional
+	ExcludeResourceRules []NamedRuleWithOperations `json:"excludeResourceRules,omitempty" protobuf:"bytes,4,rep,name=excludeResourceRules"`
+	// matchPolicy defines how the "MatchResources" list is used to match incoming requests.
+	// Allowed values are "Exact" or "Equivalent".
+	//
+	// - Exact: match a request only if it exactly matches a specified rule.
+	// For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1,
+	// but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`,
+	// a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the ValidatingAdmissionPolicy.
+	//
+	// - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version.
+	// For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1,
+	// and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`,
+	// a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the ValidatingAdmissionPolicy.
+	//
+	// Defaults to "Equivalent"
+	// +optional
+	MatchPolicy *MatchPolicyType `json:"matchPolicy,omitempty" protobuf:"bytes,7,opt,name=matchPolicy,casttype=MatchPolicyType"`
+}
+
+// ValidationAction specifies a policy enforcement action.
+// +enum
+type ValidationAction string
+
+const (
+	// Deny specifies that a validation failure results in a denied request.
+	Deny ValidationAction = "Deny"
+	// Warn specifies that a validation failure is reported to the request client
+	// in HTTP Warning headers, with a warning code of 299. Warnings can be sent
+	// both for allowed or denied admission responses.
+	Warn ValidationAction = "Warn"
+	// Audit specifies that a validation failure is included in the published
+	// audit event for the request. The audit event will contain a
+	// `validation.policy.admission.k8s.io/validation_failure` audit annotation
+	// with a value containing the details of the validation failure.
+	Audit ValidationAction = "Audit"
+)
+
+// NamedRuleWithOperations is a tuple of Operations and Resources with ResourceNames.
+// +structType=atomic
+type NamedRuleWithOperations struct {
+	// ResourceNames is an optional white list of names that the rule applies to.  An empty set means that everything is allowed.
+	// +listType=atomic
+	// +optional
+	ResourceNames []string `json:"resourceNames,omitempty" protobuf:"bytes,1,rep,name=resourceNames"`
+	// RuleWithOperations is a tuple of Operations and Resources.
+	RuleWithOperations `json:",inline" protobuf:"bytes,2,opt,name=ruleWithOperations"`
+}
+
 // +genclient
 // +genclient:nonNamespaced
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
@@ -296,7 +886,7 @@ type ValidatingWebhook struct {
 	//      - If failurePolicy=Fail, reject the request
 	//      - If failurePolicy=Ignore, the error is ignored and the webhook is skipped
 	//
-	// This is an alpha feature and managed by the AdmissionWebhookMatchConditions feature gate.
+	// This is a beta feature and managed by the AdmissionWebhookMatchConditions feature gate.
 	//
 	// +patchMergeKey=name
 	// +patchStrategy=merge
@@ -468,7 +1058,7 @@ type MutatingWebhook struct {
 	//      - If failurePolicy=Fail, reject the request
 	//      - If failurePolicy=Ignore, the error is ignored and the webhook is skipped
 	//
-	// This is an alpha feature and managed by the AdmissionWebhookMatchConditions feature gate.
+	// This is a beta feature and managed by the AdmissionWebhookMatchConditions feature gate.
 	//
 	// +patchMergeKey=name
 	// +patchStrategy=merge
diff --git a/vendor/k8s.io/api/admissionregistration/v1beta1/types_swagger_doc_generated.go b/vendor/k8s.io/api/admissionregistration/v1beta1/types_swagger_doc_generated.go
index 2c0a9f0117..adaf4bc11d 100644
--- a/vendor/k8s.io/api/admissionregistration/v1beta1/types_swagger_doc_generated.go
+++ b/vendor/k8s.io/api/admissionregistration/v1beta1/types_swagger_doc_generated.go
@@ -27,6 +27,26 @@ package v1beta1
 // Those methods can be generated by using hack/update-codegen.sh
 
 // AUTO-GENERATED FUNCTIONS START HERE. DO NOT EDIT.
+var map_AuditAnnotation = map[string]string{
+	"":                "AuditAnnotation describes how to produce an audit annotation for an API request.",
+	"key":             "key specifies the audit annotation key. The audit annotation keys of a ValidatingAdmissionPolicy must be unique. The key must be a qualified name ([A-Za-z0-9][-A-Za-z0-9_.]*) no more than 63 bytes in length.\n\nThe key is combined with the resource name of the ValidatingAdmissionPolicy to construct an audit annotation key: \"{ValidatingAdmissionPolicy name}/{key}\".\n\nIf an admission webhook uses the same resource name as this ValidatingAdmissionPolicy and the same audit annotation key, the annotation key will be identical. In this case, the first annotation written with the key will be included in the audit event and all subsequent annotations with the same key will be discarded.\n\nRequired.",
+	"valueExpression": "valueExpression represents the expression which is evaluated by CEL to produce an audit annotation value. The expression must evaluate to either a string or null value. If the expression evaluates to a string, the audit annotation is included with the string value. If the expression evaluates to null or empty string the audit annotation will be omitted. The valueExpression may be no longer than 5kb in length. If the result of the valueExpression is more than 10kb in length, it will be truncated to 10kb.\n\nIf multiple ValidatingAdmissionPolicyBinding resources match an API request, then the valueExpression will be evaluated for each binding. All unique values produced by the valueExpressions will be joined together in a comma-separated list.\n\nRequired.",
+}
+
+func (AuditAnnotation) SwaggerDoc() map[string]string {
+	return map_AuditAnnotation
+}
+
+var map_ExpressionWarning = map[string]string{
+	"":         "ExpressionWarning is a warning information that targets a specific expression.",
+	"fieldRef": "The path to the field that refers the expression. For example, the reference to the expression of the first item of validations is \"spec.validations[0].expression\"",
+	"warning":  "The content of type checking information in a human-readable form. Each line of the warning contains the type that the expression is checked against, followed by the type check error from the compiler.",
+}
+
+func (ExpressionWarning) SwaggerDoc() map[string]string {
+	return map_ExpressionWarning
+}
+
 var map_MatchCondition = map[string]string{
 	"":           "MatchCondition represents a condition which must be fulfilled for a request to be sent to a webhook.",
 	"name":       "Name is an identifier for this match condition, used for strategic merging of MatchConditions, as well as providing an identifier for logging purposes. A good name should be descriptive of the associated expression. Name must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyName',  or 'my.name',  or '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')\n\nRequired.",
@@ -37,6 +57,19 @@ func (MatchCondition) SwaggerDoc() map[string]string {
 	return map_MatchCondition
 }
 
+var map_MatchResources = map[string]string{
+	"":                     "MatchResources decides whether to run the admission control policy on an object based on whether it meets the match criteria. The exclude rules take precedence over include rules (if a resource matches both, it is excluded)",
+	"namespaceSelector":    "NamespaceSelector decides whether to run the admission control policy on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the policy.\n\nFor example, to run the webhook on any objects whose namespace is not associated with \"runlevel\" of \"0\" or \"1\";  you will set the selector as follows: \"namespaceSelector\": {\n  \"matchExpressions\": [\n    {\n      \"key\": \"runlevel\",\n      \"operator\": \"NotIn\",\n      \"values\": [\n        \"0\",\n        \"1\"\n      ]\n    }\n  ]\n}\n\nIf instead you want to only run the policy on any objects whose namespace is associated with the \"environment\" of \"prod\" or \"staging\"; you will set the selector as follows: \"namespaceSelector\": {\n  \"matchExpressions\": [\n    {\n      \"key\": \"environment\",\n      \"operator\": \"In\",\n      \"values\": [\n        \"prod\",\n        \"staging\"\n      ]\n    }\n  ]\n}\n\nSee https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more examples of label selectors.\n\nDefault to the empty LabelSelector, which matches everything.",
+	"objectSelector":       "ObjectSelector decides whether to run the validation based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the cel validation, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.",
+	"resourceRules":        "ResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy matches. The policy cares about an operation if it matches _any_ Rule.",
+	"excludeResourceRules": "ExcludeResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy should not care about. The exclude rules take precedence over include rules (if a resource matches both, it is excluded)",
+	"matchPolicy":          "matchPolicy defines how the \"MatchResources\" list is used to match incoming requests. Allowed values are \"Exact\" or \"Equivalent\".\n\n- Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but \"rules\" only included `apiGroups:[\"apps\"], apiVersions:[\"v1\"], resources: [\"deployments\"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the ValidatingAdmissionPolicy.\n\n- Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and \"rules\" only included `apiGroups:[\"apps\"], apiVersions:[\"v1\"], resources: [\"deployments\"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the ValidatingAdmissionPolicy.\n\nDefaults to \"Equivalent\"",
+}
+
+func (MatchResources) SwaggerDoc() map[string]string {
+	return map_MatchResources
+}
+
 var map_MutatingWebhook = map[string]string{
 	"":                        "MutatingWebhook describes an admission webhook and the resources and operations it applies to.",
 	"name":                    "The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where \"imagepolicy\" is the name of the webhook, and kubernetes.io is the name of the organization. Required.",
@@ -50,7 +83,7 @@ var map_MutatingWebhook = map[string]string{
 	"timeoutSeconds":          "TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 30 seconds.",
 	"admissionReviewVersions": "AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy. Default to `['v1beta1']`.",
 	"reinvocationPolicy":      "reinvocationPolicy indicates whether this webhook should be called multiple times as part of a single admission evaluation. Allowed values are \"Never\" and \"IfNeeded\".\n\nNever: the webhook will not be called more than once in a single admission evaluation.\n\nIfNeeded: the webhook will be called at least one additional time as part of the admission evaluation if the object being admitted is modified by other admission plugins after the initial webhook call. Webhooks that specify this option *must* be idempotent, able to process objects they previously admitted. Note: * the number of additional invocations is not guaranteed to be exactly one. * if additional invocations result in further modifications to the object, webhooks are not guaranteed to be invoked again. * webhooks that use this option may be reordered to minimize the number of additional invocations. * to validate an object after all mutations are guaranteed complete, use a validating admission webhook instead.\n\nDefaults to \"Never\".",
-	"matchConditions":         "MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.\n\nThe exact matching logic is (in order):\n  1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.\n  2. If ALL matchConditions evaluate to TRUE, the webhook is called.\n  3. If any matchCondition evaluates to an error (but none are FALSE):\n     - If failurePolicy=Fail, reject the request\n     - If failurePolicy=Ignore, the error is ignored and the webhook is skipped\n\nThis is an alpha feature and managed by the AdmissionWebhookMatchConditions feature gate.",
+	"matchConditions":         "MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.\n\nThe exact matching logic is (in order):\n  1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.\n  2. If ALL matchConditions evaluate to TRUE, the webhook is called.\n  3. If any matchCondition evaluates to an error (but none are FALSE):\n     - If failurePolicy=Fail, reject the request\n     - If failurePolicy=Ignore, the error is ignored and the webhook is skipped\n\nThis is a beta feature and managed by the AdmissionWebhookMatchConditions feature gate.",
 }
 
 func (MutatingWebhook) SwaggerDoc() map[string]string {
@@ -77,6 +110,37 @@ func (MutatingWebhookConfigurationList) SwaggerDoc() map[string]string {
 	return map_MutatingWebhookConfigurationList
 }
 
+var map_NamedRuleWithOperations = map[string]string{
+	"":              "NamedRuleWithOperations is a tuple of Operations and Resources with ResourceNames.",
+	"resourceNames": "ResourceNames is an optional white list of names that the rule applies to.  An empty set means that everything is allowed.",
+}
+
+func (NamedRuleWithOperations) SwaggerDoc() map[string]string {
+	return map_NamedRuleWithOperations
+}
+
+var map_ParamKind = map[string]string{
+	"":           "ParamKind is a tuple of Group Kind and Version.",
+	"apiVersion": "APIVersion is the API group version the resources belong to. In format of \"group/version\". Required.",
+	"kind":       "Kind is the API kind the resources belong to. Required.",
+}
+
+func (ParamKind) SwaggerDoc() map[string]string {
+	return map_ParamKind
+}
+
+var map_ParamRef = map[string]string{
+	"":                        "ParamRef describes how to locate the params to be used as input to expressions of rules applied by a policy binding.",
+	"name":                    "name is the name of the resource being referenced.\n\nOne of `name` or `selector` must be set, but `name` and `selector` are mutually exclusive properties. If one is set, the other must be unset.\n\nA single parameter used for all admission requests can be configured by setting the `name` field, leaving `selector` blank, and setting namespace if `paramKind` is namespace-scoped.",
+	"namespace":               "namespace is the namespace of the referenced resource. Allows limiting the search for params to a specific namespace. Applies to both `name` and `selector` fields.\n\nA per-namespace parameter may be used by specifying a namespace-scoped `paramKind` in the policy and leaving this field empty.\n\n- If `paramKind` is cluster-scoped, this field MUST be unset. Setting this field results in a configuration error.\n\n- If `paramKind` is namespace-scoped, the namespace of the object being evaluated for admission will be used when this field is left unset. Take care that if this is left empty the binding must not match any cluster-scoped resources, which will result in an error.",
+	"selector":                "selector can be used to match multiple param objects based on their labels. Supply selector: {} to match all resources of the ParamKind.\n\nIf multiple params are found, they are all evaluated with the policy expressions and the results are ANDed together.\n\nOne of `name` or `selector` must be set, but `name` and `selector` are mutually exclusive properties. If one is set, the other must be unset.",
+	"parameterNotFoundAction": "`parameterNotFoundAction` controls the behavior of the binding when the resource exists, and name or selector is valid, but there are no parameters matched by the binding. If the value is set to `Allow`, then no matched parameters will be treated as successful validation by the binding. If set to `Deny`, then no matched parameters will be subject to the `failurePolicy` of the policy.\n\nAllowed values are `Allow` or `Deny`\n\nRequired",
+}
+
+func (ParamRef) SwaggerDoc() map[string]string {
+	return map_ParamRef
+}
+
 var map_ServiceReference = map[string]string{
 	"":          "ServiceReference holds a reference to Service.legacy.k8s.io",
 	"namespace": "`namespace` is the namespace of the service. Required",
@@ -89,6 +153,94 @@ func (ServiceReference) SwaggerDoc() map[string]string {
 	return map_ServiceReference
 }
 
+var map_TypeChecking = map[string]string{
+	"":                   "TypeChecking contains results of type checking the expressions in the ValidatingAdmissionPolicy",
+	"expressionWarnings": "The type checking warnings for each expression.",
+}
+
+func (TypeChecking) SwaggerDoc() map[string]string {
+	return map_TypeChecking
+}
+
+var map_ValidatingAdmissionPolicy = map[string]string{
+	"":         "ValidatingAdmissionPolicy describes the definition of an admission validation policy that accepts or rejects an object without changing it.",
+	"metadata": "Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.",
+	"spec":     "Specification of the desired behavior of the ValidatingAdmissionPolicy.",
+	"status":   "The status of the ValidatingAdmissionPolicy, including warnings that are useful to determine if the policy behaves in the expected way. Populated by the system. Read-only.",
+}
+
+func (ValidatingAdmissionPolicy) SwaggerDoc() map[string]string {
+	return map_ValidatingAdmissionPolicy
+}
+
+var map_ValidatingAdmissionPolicyBinding = map[string]string{
+	"":         "ValidatingAdmissionPolicyBinding binds the ValidatingAdmissionPolicy with paramerized resources. ValidatingAdmissionPolicyBinding and parameter CRDs together define how cluster administrators configure policies for clusters.\n\nFor a given admission request, each binding will cause its policy to be evaluated N times, where N is 1 for policies/bindings that don't use params, otherwise N is the number of parameters selected by the binding.\n\nThe CEL expressions of a policy must have a computed CEL cost below the maximum CEL budget. Each evaluation of the policy is given an independent CEL cost budget. Adding/removing policies, bindings, or params can not affect whether a given (policy, binding, param) combination is within its own CEL budget.",
+	"metadata": "Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.",
+	"spec":     "Specification of the desired behavior of the ValidatingAdmissionPolicyBinding.",
+}
+
+func (ValidatingAdmissionPolicyBinding) SwaggerDoc() map[string]string {
+	return map_ValidatingAdmissionPolicyBinding
+}
+
+var map_ValidatingAdmissionPolicyBindingList = map[string]string{
+	"":         "ValidatingAdmissionPolicyBindingList is a list of ValidatingAdmissionPolicyBinding.",
+	"metadata": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
+	"items":    "List of PolicyBinding.",
+}
+
+func (ValidatingAdmissionPolicyBindingList) SwaggerDoc() map[string]string {
+	return map_ValidatingAdmissionPolicyBindingList
+}
+
+var map_ValidatingAdmissionPolicyBindingSpec = map[string]string{
+	"":                  "ValidatingAdmissionPolicyBindingSpec is the specification of the ValidatingAdmissionPolicyBinding.",
+	"policyName":        "PolicyName references a ValidatingAdmissionPolicy name which the ValidatingAdmissionPolicyBinding binds to. If the referenced resource does not exist, this binding is considered invalid and will be ignored Required.",
+	"paramRef":          "paramRef specifies the parameter resource used to configure the admission control policy. It should point to a resource of the type specified in ParamKind of the bound ValidatingAdmissionPolicy. If the policy specifies a ParamKind and the resource referred to by ParamRef does not exist, this binding is considered mis-configured and the FailurePolicy of the ValidatingAdmissionPolicy applied. If the policy does not specify a ParamKind then this field is ignored, and the rules are evaluated without a param.",
+	"matchResources":    "MatchResources declares what resources match this binding and will be validated by it. Note that this is intersected with the policy's matchConstraints, so only requests that are matched by the policy can be selected by this. If this is unset, all resources matched by the policy are validated by this binding When resourceRules is unset, it does not constrain resource matching. If a resource is matched by the other fields of this object, it will be validated. Note that this is differs from ValidatingAdmissionPolicy matchConstraints, where resourceRules are required.",
+	"validationActions": "validationActions declares how Validations of the referenced ValidatingAdmissionPolicy are enforced. If a validation evaluates to false it is always enforced according to these actions.\n\nFailures defined by the ValidatingAdmissionPolicy's FailurePolicy are enforced according to these actions only if the FailurePolicy is set to Fail, otherwise the failures are ignored. This includes compilation errors, runtime errors and misconfigurations of the policy.\n\nvalidationActions is declared as a set of action values. Order does not matter. validationActions may not contain duplicates of the same action.\n\nThe supported actions values are:\n\n\"Deny\" specifies that a validation failure results in a denied request.\n\n\"Warn\" specifies that a validation failure is reported to the request client in HTTP Warning headers, with a warning code of 299. Warnings can be sent both for allowed or denied admission responses.\n\n\"Audit\" specifies that a validation failure is included in the published audit event for the request. The audit event will contain a `validation.policy.admission.k8s.io/validation_failure` audit annotation with a value containing the details of the validation failures, formatted as a JSON list of objects, each with the following fields: - message: The validation failure message string - policy: The resource name of the ValidatingAdmissionPolicy - binding: The resource name of the ValidatingAdmissionPolicyBinding - expressionIndex: The index of the failed validations in the ValidatingAdmissionPolicy - validationActions: The enforcement actions enacted for the validation failure Example audit annotation: `\"validation.policy.admission.k8s.io/validation_failure\": \"[{\"message\": \"Invalid value\", {\"policy\": \"policy.example.com\", {\"binding\": \"policybinding.example.com\", {\"expressionIndex\": \"1\", {\"validationActions\": [\"Audit\"]}]\"`\n\nClients should expect to handle additional values by ignoring any values not recognized.\n\n\"Deny\" and \"Warn\" may not be used together since this combination needlessly duplicates the validation failure both in the API response body and the HTTP warning headers.\n\nRequired.",
+}
+
+func (ValidatingAdmissionPolicyBindingSpec) SwaggerDoc() map[string]string {
+	return map_ValidatingAdmissionPolicyBindingSpec
+}
+
+var map_ValidatingAdmissionPolicyList = map[string]string{
+	"":         "ValidatingAdmissionPolicyList is a list of ValidatingAdmissionPolicy.",
+	"metadata": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
+	"items":    "List of ValidatingAdmissionPolicy.",
+}
+
+func (ValidatingAdmissionPolicyList) SwaggerDoc() map[string]string {
+	return map_ValidatingAdmissionPolicyList
+}
+
+var map_ValidatingAdmissionPolicySpec = map[string]string{
+	"":                 "ValidatingAdmissionPolicySpec is the specification of the desired behavior of the AdmissionPolicy.",
+	"paramKind":        "ParamKind specifies the kind of resources used to parameterize this policy. If absent, there are no parameters for this policy and the param CEL variable will not be provided to validation expressions. If ParamKind refers to a non-existent kind, this policy definition is mis-configured and the FailurePolicy is applied. If paramKind is specified but paramRef is unset in ValidatingAdmissionPolicyBinding, the params variable will be null.",
+	"matchConstraints": "MatchConstraints specifies what resources this policy is designed to validate. The AdmissionPolicy cares about a request if it matches _all_ Constraints. However, in order to prevent clusters from being put into an unstable state that cannot be recovered from via the API ValidatingAdmissionPolicy cannot match ValidatingAdmissionPolicy and ValidatingAdmissionPolicyBinding. Required.",
+	"validations":      "Validations contain CEL expressions which is used to apply the validation. Validations and AuditAnnotations may not both be empty; a minimum of one Validations or AuditAnnotations is required.",
+	"failurePolicy":    "failurePolicy defines how to handle failures for the admission policy. Failures can occur from CEL expression parse errors, type check errors, runtime errors and invalid or mis-configured policy definitions or bindings.\n\nA policy is invalid if spec.paramKind refers to a non-existent Kind. A binding is invalid if spec.paramRef.name refers to a non-existent resource.\n\nfailurePolicy does not define how validations that evaluate to false are handled.\n\nWhen failurePolicy is set to Fail, ValidatingAdmissionPolicyBinding validationActions define how failures are enforced.\n\nAllowed values are Ignore or Fail. Defaults to Fail.",
+	"auditAnnotations": "auditAnnotations contains CEL expressions which are used to produce audit annotations for the audit event of the API request. validations and auditAnnotations may not both be empty; a least one of validations or auditAnnotations is required.",
+	"matchConditions":  "MatchConditions is a list of conditions that must be met for a request to be validated. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.\n\nIf a parameter object is provided, it can be accessed via the `params` handle in the same manner as validation expressions.\n\nThe exact matching logic is (in order):\n  1. If ANY matchCondition evaluates to FALSE, the policy is skipped.\n  2. If ALL matchConditions evaluate to TRUE, the policy is evaluated.\n  3. If any matchCondition evaluates to an error (but none are FALSE):\n     - If failurePolicy=Fail, reject the request\n     - If failurePolicy=Ignore, the policy is skipped",
+	"variables":        "Variables contain definitions of variables that can be used in composition of other expressions. Each variable is defined as a named CEL expression. The variables defined here will be available under `variables` in other expressions of the policy except MatchConditions because MatchConditions are evaluated before the rest of the policy.\n\nThe expression of a variable can refer to other variables defined earlier in the list but not those after. Thus, Variables must be sorted by the order of first appearance and acyclic.",
+}
+
+func (ValidatingAdmissionPolicySpec) SwaggerDoc() map[string]string {
+	return map_ValidatingAdmissionPolicySpec
+}
+
+var map_ValidatingAdmissionPolicyStatus = map[string]string{
+	"":                   "ValidatingAdmissionPolicyStatus represents the status of an admission validation policy.",
+	"observedGeneration": "The generation observed by the controller.",
+	"typeChecking":       "The results of type checking for each expression. Presence of this field indicates the completion of the type checking.",
+	"conditions":         "The conditions represent the latest available observations of a policy's current state.",
+}
+
+func (ValidatingAdmissionPolicyStatus) SwaggerDoc() map[string]string {
+	return map_ValidatingAdmissionPolicyStatus
+}
+
 var map_ValidatingWebhook = map[string]string{
 	"":                        "ValidatingWebhook describes an admission webhook and the resources and operations it applies to.",
 	"name":                    "The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where \"imagepolicy\" is the name of the webhook, and kubernetes.io is the name of the organization. Required.",
@@ -101,7 +253,7 @@ var map_ValidatingWebhook = map[string]string{
 	"sideEffects":             "SideEffects states whether this webhook has side effects. Acceptable values are: Unknown, None, Some, NoneOnDryRun Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission chain and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some. Defaults to Unknown.",
 	"timeoutSeconds":          "TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 30 seconds.",
 	"admissionReviewVersions": "AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy. Default to `['v1beta1']`.",
-	"matchConditions":         "MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.\n\nThe exact matching logic is (in order):\n  1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.\n  2. If ALL matchConditions evaluate to TRUE, the webhook is called.\n  3. If any matchCondition evaluates to an error (but none are FALSE):\n     - If failurePolicy=Fail, reject the request\n     - If failurePolicy=Ignore, the error is ignored and the webhook is skipped\n\nThis is an alpha feature and managed by the AdmissionWebhookMatchConditions feature gate.",
+	"matchConditions":         "MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.\n\nThe exact matching logic is (in order):\n  1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.\n  2. If ALL matchConditions evaluate to TRUE, the webhook is called.\n  3. If any matchCondition evaluates to an error (but none are FALSE):\n     - If failurePolicy=Fail, reject the request\n     - If failurePolicy=Ignore, the error is ignored and the webhook is skipped\n\nThis is a beta feature and managed by the AdmissionWebhookMatchConditions feature gate.",
 }
 
 func (ValidatingWebhook) SwaggerDoc() map[string]string {
@@ -128,6 +280,28 @@ func (ValidatingWebhookConfigurationList) SwaggerDoc() map[string]string {
 	return map_ValidatingWebhookConfigurationList
 }
 
+var map_Validation = map[string]string{
+	"":                  "Validation specifies the CEL expression which is used to apply the validation.",
+	"expression":        "Expression represents the expression which will be evaluated by CEL. ref: https://github.com/google/cel-spec CEL expressions have access to the contents of the API request/response, organized into CEL variables as well as some other useful variables:\n\n- 'object' - The object from the incoming request. The value is null for DELETE requests. - 'oldObject' - The existing object. The value is null for CREATE requests. - 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)). - 'params' - Parameter resource referred to by the policy binding being evaluated. Only populated if the policy has a ParamKind. - 'namespaceObject' - The namespace object that the incoming object belongs to. The value is null for cluster-scoped resources. - 'variables' - Map of composited variables, from its name to its lazily evaluated value.\n  For example, a variable named 'foo' can be accessed as 'variables.foo'.\n- 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.\n  See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz\n- 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the\n  request resource.\n\nThe `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the object. No other metadata properties are accessible.\n\nOnly property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible. Accessible property names are escaped according to the following rules when accessed in the expression: - '__' escapes to '__underscores__' - '.' escapes to '__dot__' - '-' escapes to '__dash__' - '/' escapes to '__slash__' - Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are:\n\t  \"true\", \"false\", \"null\", \"in\", \"as\", \"break\", \"const\", \"continue\", \"else\", \"for\", \"function\", \"if\",\n\t  \"import\", \"let\", \"loop\", \"package\", \"namespace\", \"return\".\nExamples:\n  - Expression accessing a property named \"namespace\": {\"Expression\": \"object.__namespace__ > 0\"}\n  - Expression accessing a property named \"x-prop\": {\"Expression\": \"object.x__dash__prop > 0\"}\n  - Expression accessing a property named \"redact__d\": {\"Expression\": \"object.redact__underscores__d > 0\"}\n\nEquality on arrays with list type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1]. Concatenation on arrays with x-kubernetes-list-type use the semantics of the list type:\n  - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and\n    non-intersecting elements in `Y` are appended, retaining their partial order.\n  - 'map': `X + Y` performs a merge where the array positions of all keys in `X` are preserved but the values\n    are overwritten by values in `Y` when the key sets of `X` and `Y` intersect. Elements in `Y` with\n    non-intersecting keys are appended, retaining their partial order.\nRequired.",
+	"message":           "Message represents the message displayed when validation fails. The message is required if the Expression contains line breaks. The message must not contain line breaks. If unset, the message is \"failed rule: {Rule}\". e.g. \"must be a URL with the host matching spec.host\" If the Expression contains line breaks. Message is required. The message must not contain line breaks. If unset, the message is \"failed Expression: {Expression}\".",
+	"reason":            "Reason represents a machine-readable description of why this validation failed. If this is the first validation in the list to fail, this reason, as well as the corresponding HTTP response code, are used in the HTTP response to the client. The currently supported reasons are: \"Unauthorized\", \"Forbidden\", \"Invalid\", \"RequestEntityTooLarge\". If not set, StatusReasonInvalid is used in the response to the client.",
+	"messageExpression": "messageExpression declares a CEL expression that evaluates to the validation failure message that is returned when this rule fails. Since messageExpression is used as a failure message, it must evaluate to a string. If both message and messageExpression are present on a validation, then messageExpression will be used if validation fails. If messageExpression results in a runtime error, the runtime error is logged, and the validation failure message is produced as if the messageExpression field were unset. If messageExpression evaluates to an empty string, a string with only spaces, or a string that contains line breaks, then the validation failure message will also be produced as if the messageExpression field were unset, and the fact that messageExpression produced an empty string/string with only spaces/string with line breaks will be logged. messageExpression has access to all the same variables as the `expression` except for 'authorizer' and 'authorizer.requestResource'. Example: \"object.x must be less than max (\"+string(params.max)+\")\"",
+}
+
+func (Validation) SwaggerDoc() map[string]string {
+	return map_Validation
+}
+
+var map_Variable = map[string]string{
+	"":           "Variable is the definition of a variable that is used for composition. A variable is defined as a named expression.",
+	"name":       "Name is the name of the variable. The name must be a valid CEL identifier and unique among all variables. The variable can be accessed in other expressions through `variables` For example, if name is \"foo\", the variable will be available as `variables.foo`",
+	"expression": "Expression is the expression that will be evaluated as the value of the variable. The CEL expression has access to the same identifiers as the CEL expressions in Validation.",
+}
+
+func (Variable) SwaggerDoc() map[string]string {
+	return map_Variable
+}
+
 var map_WebhookClientConfig = map[string]string{
 	"":         "WebhookClientConfig contains the information to make a TLS connection with the webhook",
 	"url":      "`url` gives the location of the webhook, in standard URL form (`scheme://host:port/path`). Exactly one of `url` or `service` must be specified.\n\nThe `host` should not refer to a service running in the cluster; use the `service` field instead. The host might be resolved via external DNS in some apiservers (e.g., `kube-apiserver` cannot resolve in-cluster DNS as that would be a layering violation). `host` may also be an IP address.\n\nPlease note that using `localhost` or `127.0.0.1` as a `host` is risky unless you take great care to run this webhook on all hosts which run an apiserver which might need to make calls to this webhook. Such installs are likely to be non-portable, i.e., not easy to turn up in a new cluster.\n\nThe scheme must be \"https\"; the URL must begin with \"https://\".\n\nA path is optional, and if present may be any string permissible in a URL. You may use the path to pass an arbitrary string to the webhook, for example, a cluster identifier.\n\nAttempting to use a user or basic auth e.g. \"user:password@\" is not allowed. Fragments (\"#...\") and query parameters (\"?...\") are not allowed, either.",
diff --git a/vendor/k8s.io/api/admissionregistration/v1beta1/zz_generated.deepcopy.go b/vendor/k8s.io/api/admissionregistration/v1beta1/zz_generated.deepcopy.go
index 9c5299bdfa..4c10b1d113 100644
--- a/vendor/k8s.io/api/admissionregistration/v1beta1/zz_generated.deepcopy.go
+++ b/vendor/k8s.io/api/admissionregistration/v1beta1/zz_generated.deepcopy.go
@@ -22,11 +22,43 @@ limitations under the License.
 package v1beta1
 
 import (
-	v1 "k8s.io/api/admissionregistration/v1"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	runtime "k8s.io/apimachinery/pkg/runtime"
 )
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *AuditAnnotation) DeepCopyInto(out *AuditAnnotation) {
+	*out = *in
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuditAnnotation.
+func (in *AuditAnnotation) DeepCopy() *AuditAnnotation {
+	if in == nil {
+		return nil
+	}
+	out := new(AuditAnnotation)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ExpressionWarning) DeepCopyInto(out *ExpressionWarning) {
+	*out = *in
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExpressionWarning.
+func (in *ExpressionWarning) DeepCopy() *ExpressionWarning {
+	if in == nil {
+		return nil
+	}
+	out := new(ExpressionWarning)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *MatchCondition) DeepCopyInto(out *MatchCondition) {
 	*out = *in
@@ -43,13 +75,58 @@ func (in *MatchCondition) DeepCopy() *MatchCondition {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *MatchResources) DeepCopyInto(out *MatchResources) {
+	*out = *in
+	if in.NamespaceSelector != nil {
+		in, out := &in.NamespaceSelector, &out.NamespaceSelector
+		*out = new(v1.LabelSelector)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.ObjectSelector != nil {
+		in, out := &in.ObjectSelector, &out.ObjectSelector
+		*out = new(v1.LabelSelector)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.ResourceRules != nil {
+		in, out := &in.ResourceRules, &out.ResourceRules
+		*out = make([]NamedRuleWithOperations, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	if in.ExcludeResourceRules != nil {
+		in, out := &in.ExcludeResourceRules, &out.ExcludeResourceRules
+		*out = make([]NamedRuleWithOperations, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	if in.MatchPolicy != nil {
+		in, out := &in.MatchPolicy, &out.MatchPolicy
+		*out = new(MatchPolicyType)
+		**out = **in
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MatchResources.
+func (in *MatchResources) DeepCopy() *MatchResources {
+	if in == nil {
+		return nil
+	}
+	out := new(MatchResources)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *MutatingWebhook) DeepCopyInto(out *MutatingWebhook) {
 	*out = *in
 	in.ClientConfig.DeepCopyInto(&out.ClientConfig)
 	if in.Rules != nil {
 		in, out := &in.Rules, &out.Rules
-		*out = make([]v1.RuleWithOperations, len(*in))
+		*out = make([]admissionregistrationv1.RuleWithOperations, len(*in))
 		for i := range *in {
 			(*in)[i].DeepCopyInto(&(*out)[i])
 		}
@@ -66,12 +143,12 @@ func (in *MutatingWebhook) DeepCopyInto(out *MutatingWebhook) {
 	}
 	if in.NamespaceSelector != nil {
 		in, out := &in.NamespaceSelector, &out.NamespaceSelector
-		*out = new(metav1.LabelSelector)
+		*out = new(v1.LabelSelector)
 		(*in).DeepCopyInto(*out)
 	}
 	if in.ObjectSelector != nil {
 		in, out := &in.ObjectSelector, &out.ObjectSelector
-		*out = new(metav1.LabelSelector)
+		*out = new(v1.LabelSelector)
 		(*in).DeepCopyInto(*out)
 	}
 	if in.SideEffects != nil {
@@ -178,6 +255,70 @@ func (in *MutatingWebhookConfigurationList) DeepCopyObject() runtime.Object {
 	return nil
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *NamedRuleWithOperations) DeepCopyInto(out *NamedRuleWithOperations) {
+	*out = *in
+	if in.ResourceNames != nil {
+		in, out := &in.ResourceNames, &out.ResourceNames
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+	in.RuleWithOperations.DeepCopyInto(&out.RuleWithOperations)
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NamedRuleWithOperations.
+func (in *NamedRuleWithOperations) DeepCopy() *NamedRuleWithOperations {
+	if in == nil {
+		return nil
+	}
+	out := new(NamedRuleWithOperations)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ParamKind) DeepCopyInto(out *ParamKind) {
+	*out = *in
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ParamKind.
+func (in *ParamKind) DeepCopy() *ParamKind {
+	if in == nil {
+		return nil
+	}
+	out := new(ParamKind)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ParamRef) DeepCopyInto(out *ParamRef) {
+	*out = *in
+	if in.Selector != nil {
+		in, out := &in.Selector, &out.Selector
+		*out = new(v1.LabelSelector)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.ParameterNotFoundAction != nil {
+		in, out := &in.ParameterNotFoundAction, &out.ParameterNotFoundAction
+		*out = new(ParameterNotFoundActionType)
+		**out = **in
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ParamRef.
+func (in *ParamRef) DeepCopy() *ParamRef {
+	if in == nil {
+		return nil
+	}
+	out := new(ParamRef)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ServiceReference) DeepCopyInto(out *ServiceReference) {
 	*out = *in
@@ -204,13 +345,267 @@ func (in *ServiceReference) DeepCopy() *ServiceReference {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *TypeChecking) DeepCopyInto(out *TypeChecking) {
+	*out = *in
+	if in.ExpressionWarnings != nil {
+		in, out := &in.ExpressionWarnings, &out.ExpressionWarnings
+		*out = make([]ExpressionWarning, len(*in))
+		copy(*out, *in)
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TypeChecking.
+func (in *TypeChecking) DeepCopy() *TypeChecking {
+	if in == nil {
+		return nil
+	}
+	out := new(TypeChecking)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ValidatingAdmissionPolicy) DeepCopyInto(out *ValidatingAdmissionPolicy) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	in.Spec.DeepCopyInto(&out.Spec)
+	in.Status.DeepCopyInto(&out.Status)
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ValidatingAdmissionPolicy.
+func (in *ValidatingAdmissionPolicy) DeepCopy() *ValidatingAdmissionPolicy {
+	if in == nil {
+		return nil
+	}
+	out := new(ValidatingAdmissionPolicy)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *ValidatingAdmissionPolicy) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ValidatingAdmissionPolicyBinding) DeepCopyInto(out *ValidatingAdmissionPolicyBinding) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	in.Spec.DeepCopyInto(&out.Spec)
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ValidatingAdmissionPolicyBinding.
+func (in *ValidatingAdmissionPolicyBinding) DeepCopy() *ValidatingAdmissionPolicyBinding {
+	if in == nil {
+		return nil
+	}
+	out := new(ValidatingAdmissionPolicyBinding)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *ValidatingAdmissionPolicyBinding) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ValidatingAdmissionPolicyBindingList) DeepCopyInto(out *ValidatingAdmissionPolicyBindingList) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ListMeta.DeepCopyInto(&out.ListMeta)
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]ValidatingAdmissionPolicyBinding, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ValidatingAdmissionPolicyBindingList.
+func (in *ValidatingAdmissionPolicyBindingList) DeepCopy() *ValidatingAdmissionPolicyBindingList {
+	if in == nil {
+		return nil
+	}
+	out := new(ValidatingAdmissionPolicyBindingList)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *ValidatingAdmissionPolicyBindingList) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ValidatingAdmissionPolicyBindingSpec) DeepCopyInto(out *ValidatingAdmissionPolicyBindingSpec) {
+	*out = *in
+	if in.ParamRef != nil {
+		in, out := &in.ParamRef, &out.ParamRef
+		*out = new(ParamRef)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.MatchResources != nil {
+		in, out := &in.MatchResources, &out.MatchResources
+		*out = new(MatchResources)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.ValidationActions != nil {
+		in, out := &in.ValidationActions, &out.ValidationActions
+		*out = make([]ValidationAction, len(*in))
+		copy(*out, *in)
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ValidatingAdmissionPolicyBindingSpec.
+func (in *ValidatingAdmissionPolicyBindingSpec) DeepCopy() *ValidatingAdmissionPolicyBindingSpec {
+	if in == nil {
+		return nil
+	}
+	out := new(ValidatingAdmissionPolicyBindingSpec)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ValidatingAdmissionPolicyList) DeepCopyInto(out *ValidatingAdmissionPolicyList) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ListMeta.DeepCopyInto(&out.ListMeta)
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]ValidatingAdmissionPolicy, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ValidatingAdmissionPolicyList.
+func (in *ValidatingAdmissionPolicyList) DeepCopy() *ValidatingAdmissionPolicyList {
+	if in == nil {
+		return nil
+	}
+	out := new(ValidatingAdmissionPolicyList)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *ValidatingAdmissionPolicyList) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ValidatingAdmissionPolicySpec) DeepCopyInto(out *ValidatingAdmissionPolicySpec) {
+	*out = *in
+	if in.ParamKind != nil {
+		in, out := &in.ParamKind, &out.ParamKind
+		*out = new(ParamKind)
+		**out = **in
+	}
+	if in.MatchConstraints != nil {
+		in, out := &in.MatchConstraints, &out.MatchConstraints
+		*out = new(MatchResources)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.Validations != nil {
+		in, out := &in.Validations, &out.Validations
+		*out = make([]Validation, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	if in.FailurePolicy != nil {
+		in, out := &in.FailurePolicy, &out.FailurePolicy
+		*out = new(FailurePolicyType)
+		**out = **in
+	}
+	if in.AuditAnnotations != nil {
+		in, out := &in.AuditAnnotations, &out.AuditAnnotations
+		*out = make([]AuditAnnotation, len(*in))
+		copy(*out, *in)
+	}
+	if in.MatchConditions != nil {
+		in, out := &in.MatchConditions, &out.MatchConditions
+		*out = make([]MatchCondition, len(*in))
+		copy(*out, *in)
+	}
+	if in.Variables != nil {
+		in, out := &in.Variables, &out.Variables
+		*out = make([]Variable, len(*in))
+		copy(*out, *in)
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ValidatingAdmissionPolicySpec.
+func (in *ValidatingAdmissionPolicySpec) DeepCopy() *ValidatingAdmissionPolicySpec {
+	if in == nil {
+		return nil
+	}
+	out := new(ValidatingAdmissionPolicySpec)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ValidatingAdmissionPolicyStatus) DeepCopyInto(out *ValidatingAdmissionPolicyStatus) {
+	*out = *in
+	if in.TypeChecking != nil {
+		in, out := &in.TypeChecking, &out.TypeChecking
+		*out = new(TypeChecking)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.Conditions != nil {
+		in, out := &in.Conditions, &out.Conditions
+		*out = make([]v1.Condition, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ValidatingAdmissionPolicyStatus.
+func (in *ValidatingAdmissionPolicyStatus) DeepCopy() *ValidatingAdmissionPolicyStatus {
+	if in == nil {
+		return nil
+	}
+	out := new(ValidatingAdmissionPolicyStatus)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ValidatingWebhook) DeepCopyInto(out *ValidatingWebhook) {
 	*out = *in
 	in.ClientConfig.DeepCopyInto(&out.ClientConfig)
 	if in.Rules != nil {
 		in, out := &in.Rules, &out.Rules
-		*out = make([]v1.RuleWithOperations, len(*in))
+		*out = make([]admissionregistrationv1.RuleWithOperations, len(*in))
 		for i := range *in {
 			(*in)[i].DeepCopyInto(&(*out)[i])
 		}
@@ -227,12 +622,12 @@ func (in *ValidatingWebhook) DeepCopyInto(out *ValidatingWebhook) {
 	}
 	if in.NamespaceSelector != nil {
 		in, out := &in.NamespaceSelector, &out.NamespaceSelector
-		*out = new(metav1.LabelSelector)
+		*out = new(v1.LabelSelector)
 		(*in).DeepCopyInto(*out)
 	}
 	if in.ObjectSelector != nil {
 		in, out := &in.ObjectSelector, &out.ObjectSelector
-		*out = new(metav1.LabelSelector)
+		*out = new(v1.LabelSelector)
 		(*in).DeepCopyInto(*out)
 	}
 	if in.SideEffects != nil {
@@ -334,6 +729,43 @@ func (in *ValidatingWebhookConfigurationList) DeepCopyObject() runtime.Object {
 	return nil
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *Validation) DeepCopyInto(out *Validation) {
+	*out = *in
+	if in.Reason != nil {
+		in, out := &in.Reason, &out.Reason
+		*out = new(v1.StatusReason)
+		**out = **in
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Validation.
+func (in *Validation) DeepCopy() *Validation {
+	if in == nil {
+		return nil
+	}
+	out := new(Validation)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *Variable) DeepCopyInto(out *Variable) {
+	*out = *in
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Variable.
+func (in *Variable) DeepCopy() *Variable {
+	if in == nil {
+		return nil
+	}
+	out := new(Variable)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *WebhookClientConfig) DeepCopyInto(out *WebhookClientConfig) {
 	*out = *in
diff --git a/vendor/k8s.io/api/admissionregistration/v1beta1/zz_generated.prerelease-lifecycle.go b/vendor/k8s.io/api/admissionregistration/v1beta1/zz_generated.prerelease-lifecycle.go
index 09a92f4768..c1be5122a8 100644
--- a/vendor/k8s.io/api/admissionregistration/v1beta1/zz_generated.prerelease-lifecycle.go
+++ b/vendor/k8s.io/api/admissionregistration/v1beta1/zz_generated.prerelease-lifecycle.go
@@ -73,6 +73,78 @@ func (in *MutatingWebhookConfigurationList) APILifecycleRemoved() (major, minor
 	return 1, 22
 }
 
+// APILifecycleIntroduced is an autogenerated function, returning the release in which the API struct was introduced as int versions of major and minor for comparison.
+// It is controlled by "k8s:prerelease-lifecycle-gen:introduced" tags in types.go.
+func (in *ValidatingAdmissionPolicy) APILifecycleIntroduced() (major, minor int) {
+	return 1, 28
+}
+
+// APILifecycleDeprecated is an autogenerated function, returning the release in which the API struct was or will be deprecated as int versions of major and minor for comparison.
+// It is controlled by "k8s:prerelease-lifecycle-gen:deprecated" tags in types.go or  "k8s:prerelease-lifecycle-gen:introduced" plus three minor.
+func (in *ValidatingAdmissionPolicy) APILifecycleDeprecated() (major, minor int) {
+	return 1, 31
+}
+
+// APILifecycleRemoved is an autogenerated function, returning the release in which the API is no longer served as int versions of major and minor for comparison.
+// It is controlled by "k8s:prerelease-lifecycle-gen:removed" tags in types.go or  "k8s:prerelease-lifecycle-gen:deprecated" plus three minor.
+func (in *ValidatingAdmissionPolicy) APILifecycleRemoved() (major, minor int) {
+	return 1, 34
+}
+
+// APILifecycleIntroduced is an autogenerated function, returning the release in which the API struct was introduced as int versions of major and minor for comparison.
+// It is controlled by "k8s:prerelease-lifecycle-gen:introduced" tags in types.go.
+func (in *ValidatingAdmissionPolicyBinding) APILifecycleIntroduced() (major, minor int) {
+	return 1, 28
+}
+
+// APILifecycleDeprecated is an autogenerated function, returning the release in which the API struct was or will be deprecated as int versions of major and minor for comparison.
+// It is controlled by "k8s:prerelease-lifecycle-gen:deprecated" tags in types.go or  "k8s:prerelease-lifecycle-gen:introduced" plus three minor.
+func (in *ValidatingAdmissionPolicyBinding) APILifecycleDeprecated() (major, minor int) {
+	return 1, 31
+}
+
+// APILifecycleRemoved is an autogenerated function, returning the release in which the API is no longer served as int versions of major and minor for comparison.
+// It is controlled by "k8s:prerelease-lifecycle-gen:removed" tags in types.go or  "k8s:prerelease-lifecycle-gen:deprecated" plus three minor.
+func (in *ValidatingAdmissionPolicyBinding) APILifecycleRemoved() (major, minor int) {
+	return 1, 34
+}
+
+// APILifecycleIntroduced is an autogenerated function, returning the release in which the API struct was introduced as int versions of major and minor for comparison.
+// It is controlled by "k8s:prerelease-lifecycle-gen:introduced" tags in types.go.
+func (in *ValidatingAdmissionPolicyBindingList) APILifecycleIntroduced() (major, minor int) {
+	return 1, 28
+}
+
+// APILifecycleDeprecated is an autogenerated function, returning the release in which the API struct was or will be deprecated as int versions of major and minor for comparison.
+// It is controlled by "k8s:prerelease-lifecycle-gen:deprecated" tags in types.go or  "k8s:prerelease-lifecycle-gen:introduced" plus three minor.
+func (in *ValidatingAdmissionPolicyBindingList) APILifecycleDeprecated() (major, minor int) {
+	return 1, 31
+}
+
+// APILifecycleRemoved is an autogenerated function, returning the release in which the API is no longer served as int versions of major and minor for comparison.
+// It is controlled by "k8s:prerelease-lifecycle-gen:removed" tags in types.go or  "k8s:prerelease-lifecycle-gen:deprecated" plus three minor.
+func (in *ValidatingAdmissionPolicyBindingList) APILifecycleRemoved() (major, minor int) {
+	return 1, 34
+}
+
+// APILifecycleIntroduced is an autogenerated function, returning the release in which the API struct was introduced as int versions of major and minor for comparison.
+// It is controlled by "k8s:prerelease-lifecycle-gen:introduced" tags in types.go.
+func (in *ValidatingAdmissionPolicyList) APILifecycleIntroduced() (major, minor int) {
+	return 1, 28
+}
+
+// APILifecycleDeprecated is an autogenerated function, returning the release in which the API struct was or will be deprecated as int versions of major and minor for comparison.
+// It is controlled by "k8s:prerelease-lifecycle-gen:deprecated" tags in types.go or  "k8s:prerelease-lifecycle-gen:introduced" plus three minor.
+func (in *ValidatingAdmissionPolicyList) APILifecycleDeprecated() (major, minor int) {
+	return 1, 31
+}
+
+// APILifecycleRemoved is an autogenerated function, returning the release in which the API is no longer served as int versions of major and minor for comparison.
+// It is controlled by "k8s:prerelease-lifecycle-gen:removed" tags in types.go or  "k8s:prerelease-lifecycle-gen:deprecated" plus three minor.
+func (in *ValidatingAdmissionPolicyList) APILifecycleRemoved() (major, minor int) {
+	return 1, 34
+}
+
 // APILifecycleIntroduced is an autogenerated function, returning the release in which the API struct was introduced as int versions of major and minor for comparison.
 // It is controlled by "k8s:prerelease-lifecycle-gen:introduced" tags in types.go.
 func (in *ValidatingWebhookConfiguration) APILifecycleIntroduced() (major, minor int) {
diff --git a/vendor/k8s.io/api/apidiscovery/v2beta1/generated.proto b/vendor/k8s.io/api/apidiscovery/v2beta1/generated.proto
index aa08b4978c..a09af750ba 100644
--- a/vendor/k8s.io/api/apidiscovery/v2beta1/generated.proto
+++ b/vendor/k8s.io/api/apidiscovery/v2beta1/generated.proto
@@ -71,7 +71,7 @@ message APIResourceDiscovery {
 
   // responseKind describes the group, version, and kind of the serialization schema for the object type this endpoint typically returns.
   // APIs may return other objects types at their discretion, such as error conditions, requests for alternate representations, or other operation specific behavior.
-  // This value will be null if an APIService reports subresources but supports no operations on the parent resource
+  // This value will be null or empty if an APIService reports subresources but supports no operations on the parent resource
   optional k8s.io.apimachinery.pkg.apis.meta.v1.GroupVersionKind responseKind = 2;
 
   // scope indicates the scope of a resource, either Cluster or Namespaced
@@ -111,7 +111,7 @@ message APISubresourceDiscovery {
   optional string subresource = 1;
 
   // responseKind describes the group, version, and kind of the serialization schema for the object type this endpoint typically returns.
-  // Some subresources do not return normal resources, these will have null return types.
+  // Some subresources do not return normal resources, these will have null or empty return types.
   optional k8s.io.apimachinery.pkg.apis.meta.v1.GroupVersionKind responseKind = 2;
 
   // acceptedTypes describes the kinds that this endpoint accepts.
diff --git a/vendor/k8s.io/api/apidiscovery/v2beta1/types.go b/vendor/k8s.io/api/apidiscovery/v2beta1/types.go
index 1aff3e3702..8342937730 100644
--- a/vendor/k8s.io/api/apidiscovery/v2beta1/types.go
+++ b/vendor/k8s.io/api/apidiscovery/v2beta1/types.go
@@ -92,7 +92,7 @@ type APIResourceDiscovery struct {
 	Resource string `json:"resource" protobuf:"bytes,1,opt,name=resource"`
 	// responseKind describes the group, version, and kind of the serialization schema for the object type this endpoint typically returns.
 	// APIs may return other objects types at their discretion, such as error conditions, requests for alternate representations, or other operation specific behavior.
-	// This value will be null if an APIService reports subresources but supports no operations on the parent resource
+	// This value will be null or empty if an APIService reports subresources but supports no operations on the parent resource
 	ResponseKind *v1.GroupVersionKind `json:"responseKind,omitempty" protobuf:"bytes,2,opt,name=responseKind"`
 	// scope indicates the scope of a resource, either Cluster or Namespaced
 	Scope ResourceScope `json:"scope" protobuf:"bytes,3,opt,name=scope"`
@@ -141,7 +141,7 @@ type APISubresourceDiscovery struct {
 	// for this resource across all versions.
 	Subresource string `json:"subresource" protobuf:"bytes,1,opt,name=subresource"`
 	// responseKind describes the group, version, and kind of the serialization schema for the object type this endpoint typically returns.
-	// Some subresources do not return normal resources, these will have null return types.
+	// Some subresources do not return normal resources, these will have null or empty return types.
 	ResponseKind *v1.GroupVersionKind `json:"responseKind,omitempty" protobuf:"bytes,2,opt,name=responseKind"`
 	// acceptedTypes describes the kinds that this endpoint accepts.
 	// Subresources may accept the standard content types or define
diff --git a/vendor/k8s.io/api/apiserverinternal/v1alpha1/generated.pb.go b/vendor/k8s.io/api/apiserverinternal/v1alpha1/generated.pb.go
index 4effbc6c17..6871da414c 100644
--- a/vendor/k8s.io/api/apiserverinternal/v1alpha1/generated.pb.go
+++ b/vendor/k8s.io/api/apiserverinternal/v1alpha1/generated.pb.go
@@ -225,55 +225,57 @@ func init() {
 }
 
 var fileDescriptor_a3903ff5e3cc7a03 = []byte{
-	// 768 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x9c, 0x55, 0xdf, 0x4e, 0x13, 0x4d,
-	0x14, 0xef, 0xd2, 0x52, 0x60, 0xfa, 0x7d, 0xf4, 0x63, 0x3e, 0x08, 0xb5, 0x26, 0x5b, 0x6c, 0x82,
-	0x41, 0x8d, 0xbb, 0xd2, 0x88, 0x91, 0x98, 0x68, 0x58, 0x20, 0x06, 0x05, 0x31, 0x03, 0xf1, 0x02,
-	0xbd, 0x70, 0xba, 0x3b, 0x6e, 0xd7, 0x76, 0x77, 0x36, 0x3b, 0xd3, 0x26, 0xdc, 0x18, 0x1f, 0xc1,
-	0x07, 0xf1, 0xd2, 0x87, 0xe0, 0xca, 0x70, 0x63, 0x42, 0x62, 0xd2, 0xc8, 0xfa, 0x16, 0x5c, 0x99,
-	0x99, 0xdd, 0xb6, 0x6c, 0xbb, 0xc4, 0x86, 0x8b, 0x26, 0x9d, 0x73, 0xce, 0xef, 0x77, 0xfe, 0xcc,
-	0x6f, 0xce, 0x82, 0x57, 0xcd, 0xc7, 0x4c, 0x73, 0xa8, 0xde, 0x6c, 0xd7, 0x49, 0xe0, 0x11, 0x4e,
-	0x98, 0xde, 0x21, 0x9e, 0x45, 0x03, 0x3d, 0x76, 0x60, 0xdf, 0x11, 0x3f, 0x46, 0x82, 0x0e, 0x09,
-	0x1c, 0x8f, 0x93, 0xc0, 0xc3, 0x2d, 0xbd, 0xb3, 0x8a, 0x5b, 0x7e, 0x03, 0xaf, 0xea, 0x36, 0xf1,
-	0x48, 0x80, 0x39, 0xb1, 0x34, 0x3f, 0xa0, 0x9c, 0xc2, 0xe5, 0x08, 0xa6, 0x61, 0xdf, 0xd1, 0x46,
-	0x60, 0x5a, 0x0f, 0x56, 0xbe, 0x6f, 0x3b, 0xbc, 0xd1, 0xae, 0x6b, 0x26, 0x75, 0x75, 0x9b, 0xda,
-	0x54, 0x97, 0xe8, 0x7a, 0xfb, 0x83, 0x3c, 0xc9, 0x83, 0xfc, 0x17, 0xb1, 0x96, 0x1f, 0x0e, 0x8a,
-	0x71, 0xb1, 0xd9, 0x70, 0x3c, 0x12, 0x1c, 0xeb, 0x7e, 0xd3, 0x96, 0x95, 0xe9, 0x2e, 0xe1, 0x58,
-	0xef, 0x8c, 0xd4, 0x52, 0xd6, 0xaf, 0x42, 0x05, 0x6d, 0x8f, 0x3b, 0x2e, 0x19, 0x01, 0x3c, 0xfa,
-	0x1b, 0x80, 0x99, 0x0d, 0xe2, 0xe2, 0x61, 0x5c, 0xf5, 0x87, 0x02, 0xe6, 0x0f, 0x64, 0xa7, 0x07,
-	0x9c, 0x06, 0xd8, 0x26, 0x6f, 0x48, 0xc0, 0x1c, 0xea, 0xc1, 0x35, 0x50, 0xc0, 0xbe, 0x13, 0xb9,
-	0x76, 0xb6, 0x4a, 0xca, 0x92, 0xb2, 0x32, 0x63, 0xfc, 0x7f, 0xd2, 0xad, 0x64, 0xc2, 0x6e, 0xa5,
-	0xb0, 0xf1, 0x7a, 0xa7, 0xe7, 0x42, 0x97, 0xe3, 0xe0, 0x06, 0x28, 0x12, 0xcf, 0xa4, 0x96, 0xe3,
-	0xd9, 0x31, 0x53, 0x69, 0x42, 0x42, 0x17, 0x63, 0x68, 0x71, 0x3b, 0xe9, 0x46, 0xc3, 0xf1, 0x70,
-	0x13, 0xcc, 0x59, 0xc4, 0xa4, 0x16, 0xae, 0xb7, 0x7a, 0xd5, 0xb0, 0x52, 0x76, 0x29, 0xbb, 0x32,
-	0x63, 0x2c, 0x84, 0xdd, 0xca, 0xdc, 0xd6, 0xb0, 0x13, 0x8d, 0xc6, 0x57, 0xbf, 0x4d, 0x80, 0xd9,
-	0xa1, 0x8e, 0xde, 0x83, 0x69, 0x31, 0x6e, 0x0b, 0x73, 0x2c, 0xdb, 0x29, 0xd4, 0x1e, 0x68, 0x83,
-	0x2b, 0xef, 0x4f, 0x4d, 0xf3, 0x9b, 0xb6, 0xbc, 0x7f, 0x4d, 0x44, 0x6b, 0x9d, 0x55, 0x6d, 0xbf,
-	0xfe, 0x91, 0x98, 0x7c, 0x8f, 0x70, 0x6c, 0xc0, 0xb8, 0x0b, 0x30, 0xb0, 0xa1, 0x3e, 0x2b, 0x7c,
-	0x0b, 0x72, 0xcc, 0x27, 0xa6, 0xec, 0xb8, 0x50, 0x5b, 0xd7, 0xc6, 0x12, 0x94, 0x96, 0x2c, 0xf3,
-	0xc0, 0x27, 0xa6, 0xf1, 0x4f, 0x9c, 0x26, 0x27, 0x4e, 0x48, 0x92, 0x42, 0x13, 0xe4, 0x19, 0xc7,
-	0xbc, 0x2d, 0x66, 0x21, 0xe8, 0x9f, 0x5c, 0x8f, 0x5e, 0x52, 0x18, 0xb3, 0x71, 0x82, 0x7c, 0x74,
-	0x46, 0x31, 0x75, 0xf5, 0x6b, 0x16, 0x2c, 0x26, 0x01, 0x9b, 0xd4, 0xb3, 0x1c, 0x2e, 0xe6, 0xf7,
-	0x0c, 0xe4, 0xf8, 0xb1, 0x4f, 0x62, 0x29, 0xdc, 0xeb, 0x95, 0x78, 0x78, 0xec, 0x93, 0x8b, 0x6e,
-	0xe5, 0xe6, 0x15, 0x30, 0xe1, 0x46, 0x12, 0x08, 0xd7, 0xfb, 0x1d, 0x44, 0x92, 0xb8, 0x95, 0x2c,
-	0xe2, 0xa2, 0x5b, 0x29, 0xf6, 0x61, 0xc9, 0xba, 0xe0, 0x0b, 0x00, 0x69, 0x5d, 0x76, 0x68, 0x3d,
-	0x8f, 0x14, 0x2c, 0x94, 0x25, 0x06, 0x91, 0x35, 0xca, 0x31, 0x0d, 0xdc, 0x1f, 0x89, 0x40, 0x29,
-	0x28, 0xd8, 0x01, 0xb0, 0x85, 0x19, 0x3f, 0x0c, 0xb0, 0xc7, 0xa2, 0x12, 0x1d, 0x97, 0x94, 0x72,
-	0x72, 0xa8, 0x77, 0xc7, 0x53, 0x84, 0x40, 0x0c, 0xf2, 0xee, 0x8e, 0xb0, 0xa1, 0x94, 0x0c, 0xf0,
-	0x36, 0xc8, 0x07, 0x04, 0x33, 0xea, 0x95, 0x26, 0x65, 0xfb, 0xfd, 0x3b, 0x40, 0xd2, 0x8a, 0x62,
-	0x2f, 0xbc, 0x03, 0xa6, 0x5c, 0xc2, 0x18, 0xb6, 0x49, 0x29, 0x2f, 0x03, 0x8b, 0x71, 0xe0, 0xd4,
-	0x5e, 0x64, 0x46, 0x3d, 0x7f, 0xf5, 0xbb, 0x02, 0x60, 0x72, 0xee, 0xbb, 0x0e, 0xe3, 0xf0, 0xdd,
-	0x88, 0xd2, 0xb5, 0xf1, 0xfa, 0x12, 0x68, 0xa9, 0xf3, 0xff, 0xe2, 0x94, 0xd3, 0x3d, 0xcb, 0x25,
-	0x95, 0x1f, 0x81, 0x49, 0x87, 0x13, 0x57, 0xdc, 0x62, 0x76, 0xa5, 0x50, 0x5b, 0xbb, 0x96, 0x0e,
-	0x8d, 0x7f, 0xe3, 0x0c, 0x93, 0x3b, 0x82, 0x0b, 0x45, 0x94, 0xd5, 0xf9, 0xe1, 0x7e, 0xc4, 0x03,
-	0xa8, 0xfe, 0x9c, 0x00, 0xf3, 0x69, 0x32, 0x86, 0x9f, 0x40, 0x91, 0x25, 0xec, 0xac, 0xa4, 0xc8,
-	0xa2, 0xc6, 0x7e, 0x1c, 0x29, 0xab, 0x6f, 0xb0, 0xaa, 0x92, 0x76, 0x86, 0x86, 0x93, 0xc1, 0x7d,
-	0xb0, 0x60, 0x52, 0xd7, 0xa5, 0xde, 0x76, 0xea, 0xce, 0xbb, 0x11, 0x76, 0x2b, 0x0b, 0x9b, 0x69,
-	0x01, 0x28, 0x1d, 0x07, 0x03, 0x00, 0xcc, 0xde, 0x13, 0x88, 0x96, 0x5e, 0xa1, 0xf6, 0xf4, 0x5a,
-	0x03, 0xee, 0xbf, 0xa4, 0xc1, 0xce, 0xea, 0x9b, 0x18, 0xba, 0x94, 0xc5, 0x78, 0x79, 0x72, 0xae,
-	0x66, 0x4e, 0xcf, 0xd5, 0xcc, 0xd9, 0xb9, 0x9a, 0xf9, 0x1c, 0xaa, 0xca, 0x49, 0xa8, 0x2a, 0xa7,
-	0xa1, 0xaa, 0x9c, 0x85, 0xaa, 0xf2, 0x2b, 0x54, 0x95, 0x2f, 0xbf, 0xd5, 0xcc, 0xd1, 0xf2, 0x58,
-	0x1f, 0xd5, 0x3f, 0x01, 0x00, 0x00, 0xff, 0xff, 0xa0, 0xd0, 0x65, 0xbc, 0x95, 0x07, 0x00, 0x00,
+	// 790 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x9c, 0x55, 0x41, 0x4f, 0xdb, 0x48,
+	0x14, 0x8e, 0x49, 0x08, 0x30, 0xd9, 0x4d, 0x96, 0x59, 0x10, 0xd9, 0xac, 0xe4, 0xb0, 0x91, 0x58,
+	0xb1, 0xbb, 0x5a, 0x7b, 0x89, 0x96, 0xaa, 0xb4, 0x52, 0x2b, 0x0c, 0xa8, 0xa2, 0x85, 0x52, 0x4d,
+	0x50, 0x0f, 0xb4, 0x87, 0x4e, 0xec, 0xa9, 0xe3, 0x26, 0xf6, 0x58, 0x9e, 0x49, 0x24, 0x2e, 0x55,
+	0x7f, 0x42, 0xfb, 0x3f, 0x7a, 0xec, 0x8f, 0xe0, 0x54, 0x71, 0x44, 0xaa, 0x14, 0x15, 0xf7, 0x5f,
+	0x70, 0xaa, 0x66, 0xec, 0x38, 0x38, 0x09, 0x6a, 0xc4, 0x21, 0x52, 0xe6, 0xbd, 0xf7, 0x7d, 0xef,
+	0xcd, 0x37, 0xdf, 0x8c, 0xc1, 0xd3, 0xf6, 0x5d, 0xa6, 0x39, 0x54, 0x6f, 0x77, 0x9b, 0x24, 0xf0,
+	0x08, 0x27, 0x4c, 0xef, 0x11, 0xcf, 0xa2, 0x81, 0x1e, 0x27, 0xb0, 0xef, 0x88, 0x1f, 0x23, 0x41,
+	0x8f, 0x04, 0x8e, 0xc7, 0x49, 0xe0, 0xe1, 0x8e, 0xde, 0xdb, 0xc0, 0x1d, 0xbf, 0x85, 0x37, 0x74,
+	0x9b, 0x78, 0x24, 0xc0, 0x9c, 0x58, 0x9a, 0x1f, 0x50, 0x4e, 0xe1, 0x5a, 0x04, 0xd3, 0xb0, 0xef,
+	0x68, 0x63, 0x30, 0x6d, 0x00, 0xab, 0xfc, 0x6b, 0x3b, 0xbc, 0xd5, 0x6d, 0x6a, 0x26, 0x75, 0x75,
+	0x9b, 0xda, 0x54, 0x97, 0xe8, 0x66, 0xf7, 0xb5, 0x5c, 0xc9, 0x85, 0xfc, 0x17, 0xb1, 0x56, 0xfe,
+	0x1f, 0x0e, 0xe3, 0x62, 0xb3, 0xe5, 0x78, 0x24, 0x38, 0xd5, 0xfd, 0xb6, 0x2d, 0x27, 0xd3, 0x5d,
+	0xc2, 0xb1, 0xde, 0x1b, 0x9b, 0xa5, 0xa2, 0xdf, 0x84, 0x0a, 0xba, 0x1e, 0x77, 0x5c, 0x32, 0x06,
+	0xb8, 0xf3, 0x23, 0x00, 0x33, 0x5b, 0xc4, 0xc5, 0xa3, 0xb8, 0xda, 0x87, 0x19, 0xb0, 0xd4, 0x90,
+	0x3b, 0x6d, 0x70, 0x1a, 0x60, 0x9b, 0x3c, 0x27, 0x01, 0x73, 0xa8, 0x07, 0x37, 0x41, 0x01, 0xfb,
+	0x4e, 0x94, 0xda, 0xdf, 0x2d, 0x2b, 0xab, 0xca, 0xfa, 0x82, 0xf1, 0xeb, 0x59, 0xbf, 0x9a, 0x09,
+	0xfb, 0xd5, 0xc2, 0xf6, 0xb3, 0xfd, 0x41, 0x0a, 0x5d, 0xaf, 0x83, 0xdb, 0xa0, 0x44, 0x3c, 0x93,
+	0x5a, 0x8e, 0x67, 0xc7, 0x4c, 0xe5, 0x19, 0x09, 0x5d, 0x89, 0xa1, 0xa5, 0xbd, 0x74, 0x1a, 0x8d,
+	0xd6, 0xc3, 0x1d, 0xb0, 0x68, 0x11, 0x93, 0x5a, 0xb8, 0xd9, 0x19, 0x4c, 0xc3, 0xca, 0xd9, 0xd5,
+	0xec, 0xfa, 0x82, 0xb1, 0x1c, 0xf6, 0xab, 0x8b, 0xbb, 0xa3, 0x49, 0x34, 0x5e, 0x0f, 0xef, 0x81,
+	0xa2, 0x3c, 0x40, 0x2b, 0x61, 0xc8, 0x49, 0x06, 0x18, 0xf6, 0xab, 0xc5, 0x46, 0x2a, 0x83, 0x46,
+	0x2a, 0x6b, 0x9f, 0x66, 0x40, 0x71, 0x44, 0x8d, 0x57, 0x60, 0x5e, 0x1c, 0x95, 0x85, 0x39, 0x96,
+	0x52, 0x14, 0xea, 0xff, 0x69, 0x43, 0xbb, 0x24, 0x8a, 0x6b, 0x7e, 0xdb, 0x96, 0xde, 0xd1, 0x44,
+	0xb5, 0xd6, 0xdb, 0xd0, 0x8e, 0x9a, 0x6f, 0x88, 0xc9, 0x0f, 0x09, 0xc7, 0x06, 0x8c, 0x15, 0x00,
+	0xc3, 0x18, 0x4a, 0x58, 0xe1, 0x0b, 0x90, 0x63, 0x3e, 0x31, 0xa5, 0x5a, 0x85, 0xfa, 0x96, 0x36,
+	0x95, 0x19, 0xb5, 0xf4, 0x98, 0x0d, 0x9f, 0x98, 0xc6, 0x4f, 0x71, 0x9b, 0x9c, 0x58, 0x21, 0x49,
+	0x0a, 0x4d, 0x90, 0x67, 0x1c, 0xf3, 0xae, 0xd0, 0x51, 0xd0, 0xdf, 0xbf, 0x1d, 0xbd, 0xa4, 0x30,
+	0x8a, 0x71, 0x83, 0x7c, 0xb4, 0x46, 0x31, 0x75, 0xed, 0x63, 0x16, 0xac, 0xa4, 0x01, 0x3b, 0xd4,
+	0xb3, 0x1c, 0x2e, 0xf4, 0x7b, 0x08, 0x72, 0xfc, 0xd4, 0x27, 0xb1, 0x8d, 0xfe, 0x19, 0x8c, 0x78,
+	0x7c, 0xea, 0x93, 0xab, 0x7e, 0xf5, 0xf7, 0x1b, 0x60, 0x22, 0x8d, 0x24, 0x10, 0x6e, 0x25, 0x3b,
+	0x88, 0xec, 0xf4, 0x47, 0x7a, 0x88, 0xab, 0x7e, 0xb5, 0x94, 0xc0, 0xd2, 0x73, 0xc1, 0xc7, 0x00,
+	0xd2, 0x66, 0x74, 0xc4, 0x8f, 0x22, 0xf7, 0x0b, 0x57, 0x0a, 0x21, 0xb2, 0x46, 0x25, 0xa6, 0x81,
+	0x47, 0x63, 0x15, 0x68, 0x02, 0x0a, 0xf6, 0x00, 0xec, 0x60, 0xc6, 0x8f, 0x03, 0xec, 0xb1, 0x68,
+	0x44, 0xc7, 0x25, 0xe5, 0x9c, 0x14, 0xf5, 0xef, 0xe9, 0x1c, 0x21, 0x10, 0xc3, 0xbe, 0x07, 0x63,
+	0x6c, 0x68, 0x42, 0x07, 0xf8, 0x27, 0xc8, 0x07, 0x04, 0x33, 0xea, 0x95, 0x67, 0xe5, 0xf6, 0x93,
+	0x33, 0x40, 0x32, 0x8a, 0xe2, 0x2c, 0xfc, 0x0b, 0xcc, 0xb9, 0x84, 0x31, 0x6c, 0x93, 0x72, 0x5e,
+	0x16, 0x96, 0xe2, 0xc2, 0xb9, 0xc3, 0x28, 0x8c, 0x06, 0xf9, 0xda, 0x67, 0x05, 0xc0, 0xb4, 0xee,
+	0x07, 0x0e, 0xe3, 0xf0, 0xe5, 0x98, 0xd3, 0xb5, 0xe9, 0xf6, 0x25, 0xd0, 0xd2, 0xe7, 0xbf, 0xc4,
+	0x2d, 0xe7, 0x07, 0x91, 0x6b, 0x2e, 0x3f, 0x01, 0xb3, 0x0e, 0x27, 0xae, 0x38, 0xc5, 0xec, 0x7a,
+	0xa1, 0xbe, 0x79, 0x2b, 0x1f, 0x1a, 0x3f, 0xc7, 0x1d, 0x66, 0xf7, 0x05, 0x17, 0x8a, 0x28, 0x6b,
+	0x4b, 0xa3, 0xfb, 0x11, 0x17, 0xa0, 0xf6, 0x45, 0x3c, 0x70, 0x13, 0x6c, 0x0c, 0xdf, 0x82, 0x12,
+	0x4b, 0xc5, 0x59, 0x59, 0x91, 0x43, 0x4d, 0x7d, 0x39, 0x26, 0x3c, 0x9b, 0xc3, 0x67, 0x2e, 0x1d,
+	0x67, 0x68, 0xb4, 0x19, 0x3c, 0x02, 0xcb, 0x26, 0x75, 0x5d, 0xea, 0xed, 0x4d, 0x7c, 0x2f, 0x7f,
+	0x0b, 0xfb, 0xd5, 0xe5, 0x9d, 0x49, 0x05, 0x68, 0x32, 0x0e, 0x06, 0x00, 0x98, 0x83, 0x2b, 0x10,
+	0x3d, 0x98, 0x85, 0xfa, 0x83, 0x5b, 0x09, 0x9c, 0xdc, 0xa4, 0xe1, 0x9b, 0x95, 0x84, 0x18, 0xba,
+	0xd6, 0xc5, 0x78, 0x72, 0x76, 0xa9, 0x66, 0xce, 0x2f, 0xd5, 0xcc, 0xc5, 0xa5, 0x9a, 0x79, 0x17,
+	0xaa, 0xca, 0x59, 0xa8, 0x2a, 0xe7, 0xa1, 0xaa, 0x5c, 0x84, 0xaa, 0xf2, 0x35, 0x54, 0x95, 0xf7,
+	0xdf, 0xd4, 0xcc, 0xc9, 0xda, 0x54, 0x1f, 0xe4, 0xef, 0x01, 0x00, 0x00, 0xff, 0xff, 0xa0, 0x3a,
+	0x2e, 0x07, 0xd1, 0x07, 0x00, 0x00,
 }
 
 func (m *ServerStorageVersion) Marshal() (dAtA []byte, err error) {
@@ -296,6 +298,15 @@ func (m *ServerStorageVersion) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	_ = i
 	var l int
 	_ = l
+	if len(m.ServedVersions) > 0 {
+		for iNdEx := len(m.ServedVersions) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.ServedVersions[iNdEx])
+			copy(dAtA[i:], m.ServedVersions[iNdEx])
+			i = encodeVarintGenerated(dAtA, i, uint64(len(m.ServedVersions[iNdEx])))
+			i--
+			dAtA[i] = 0x22
+		}
+	}
 	if len(m.DecodableVersions) > 0 {
 		for iNdEx := len(m.DecodableVersions) - 1; iNdEx >= 0; iNdEx-- {
 			i -= len(m.DecodableVersions[iNdEx])
@@ -582,6 +593,12 @@ func (m *ServerStorageVersion) Size() (n int) {
 			n += 1 + l + sovGenerated(uint64(l))
 		}
 	}
+	if len(m.ServedVersions) > 0 {
+		for _, s := range m.ServedVersions {
+			l = len(s)
+			n += 1 + l + sovGenerated(uint64(l))
+		}
+	}
 	return n
 }
 
@@ -685,6 +702,7 @@ func (this *ServerStorageVersion) String() string {
 		`APIServerID:` + fmt.Sprintf("%v", this.APIServerID) + `,`,
 		`EncodingVersion:` + fmt.Sprintf("%v", this.EncodingVersion) + `,`,
 		`DecodableVersions:` + fmt.Sprintf("%v", this.DecodableVersions) + `,`,
+		`ServedVersions:` + fmt.Sprintf("%v", this.ServedVersions) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -896,6 +914,38 @@ func (m *ServerStorageVersion) Unmarshal(dAtA []byte) error {
 			}
 			m.DecodableVersions = append(m.DecodableVersions, string(dAtA[iNdEx:postIndex]))
 			iNdEx = postIndex
+		case 4:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ServedVersions", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.ServedVersions = append(m.ServedVersions, string(dAtA[iNdEx:postIndex]))
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipGenerated(dAtA[iNdEx:])
diff --git a/vendor/k8s.io/api/apiserverinternal/v1alpha1/generated.proto b/vendor/k8s.io/api/apiserverinternal/v1alpha1/generated.proto
index 63c45d54d7..6e6bab5218 100644
--- a/vendor/k8s.io/api/apiserverinternal/v1alpha1/generated.proto
+++ b/vendor/k8s.io/api/apiserverinternal/v1alpha1/generated.proto
@@ -42,6 +42,11 @@ message ServerStorageVersion {
   // The encodingVersion must be included in the decodableVersions.
   // +listType=set
   repeated string decodableVersions = 3;
+
+  // The API server can serve these versions.
+  // DecodableVersions must include all ServedVersions.
+  // +listType=set
+  repeated string servedVersions = 4;
 }
 
 // Storage version of a specific resource.
diff --git a/vendor/k8s.io/api/apiserverinternal/v1alpha1/types.go b/vendor/k8s.io/api/apiserverinternal/v1alpha1/types.go
index a0437b5074..0ffcf95f06 100644
--- a/vendor/k8s.io/api/apiserverinternal/v1alpha1/types.go
+++ b/vendor/k8s.io/api/apiserverinternal/v1alpha1/types.go
@@ -77,6 +77,11 @@ type ServerStorageVersion struct {
 	// The encodingVersion must be included in the decodableVersions.
 	// +listType=set
 	DecodableVersions []string `json:"decodableVersions,omitempty" protobuf:"bytes,3,opt,name=decodableVersions"`
+
+	// The API server can serve these versions.
+	// DecodableVersions must include all ServedVersions.
+	// +listType=set
+	ServedVersions []string `json:"servedVersions,omitempty" protobuf:"bytes,4,opt,name=servedVersions"`
 }
 
 type StorageVersionConditionType string
diff --git a/vendor/k8s.io/api/apiserverinternal/v1alpha1/types_swagger_doc_generated.go b/vendor/k8s.io/api/apiserverinternal/v1alpha1/types_swagger_doc_generated.go
index 3b75fa65bc..6fd1c3ebe8 100644
--- a/vendor/k8s.io/api/apiserverinternal/v1alpha1/types_swagger_doc_generated.go
+++ b/vendor/k8s.io/api/apiserverinternal/v1alpha1/types_swagger_doc_generated.go
@@ -32,6 +32,7 @@ var map_ServerStorageVersion = map[string]string{
 	"apiServerID":       "The ID of the reporting API server.",
 	"encodingVersion":   "The API server encodes the object to this version when persisting it in the backend (e.g., etcd).",
 	"decodableVersions": "The API server can decode objects encoded in these versions. The encodingVersion must be included in the decodableVersions.",
+	"servedVersions":    "The API server can serve these versions. DecodableVersions must include all ServedVersions.",
 }
 
 func (ServerStorageVersion) SwaggerDoc() map[string]string {
diff --git a/vendor/k8s.io/api/apiserverinternal/v1alpha1/zz_generated.deepcopy.go b/vendor/k8s.io/api/apiserverinternal/v1alpha1/zz_generated.deepcopy.go
index 44dffa7512..638d801402 100644
--- a/vendor/k8s.io/api/apiserverinternal/v1alpha1/zz_generated.deepcopy.go
+++ b/vendor/k8s.io/api/apiserverinternal/v1alpha1/zz_generated.deepcopy.go
@@ -33,6 +33,11 @@ func (in *ServerStorageVersion) DeepCopyInto(out *ServerStorageVersion) {
 		*out = make([]string, len(*in))
 		copy(*out, *in)
 	}
+	if in.ServedVersions != nil {
+		in, out := &in.ServedVersions, &out.ServedVersions
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
 	return
 }
 
diff --git a/vendor/k8s.io/api/apps/v1/types.go b/vendor/k8s.io/api/apps/v1/types.go
index 15dc3150a6..644d368fe4 100644
--- a/vendor/k8s.io/api/apps/v1/types.go
+++ b/vendor/k8s.io/api/apps/v1/types.go
@@ -17,7 +17,7 @@ limitations under the License.
 package v1
 
 import (
-	"k8s.io/api/core/v1"
+	v1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	runtime "k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/util/intstr"
@@ -29,6 +29,7 @@ const (
 	DeprecatedRollbackTo           = "deprecated.deployment.rollback.to"
 	DeprecatedTemplateGeneration   = "deprecated.daemonset.template.generation"
 	StatefulSetPodNameLabel        = "statefulset.kubernetes.io/pod-name"
+	PodIndexLabel                  = "apps.kubernetes.io/pod-index"
 )
 
 // +genclient
diff --git a/vendor/k8s.io/api/authentication/v1/generated.pb.go b/vendor/k8s.io/api/authentication/v1/generated.pb.go
index efbecf02c5..304bbd0744 100644
--- a/vendor/k8s.io/api/authentication/v1/generated.pb.go
+++ b/vendor/k8s.io/api/authentication/v1/generated.pb.go
@@ -102,10 +102,66 @@ func (m *ExtraValue) XXX_DiscardUnknown() {
 
 var xxx_messageInfo_ExtraValue proto.InternalMessageInfo
 
+func (m *SelfSubjectReview) Reset()      { *m = SelfSubjectReview{} }
+func (*SelfSubjectReview) ProtoMessage() {}
+func (*SelfSubjectReview) Descriptor() ([]byte, []int) {
+	return fileDescriptor_2953ea822e7ffe1e, []int{2}
+}
+func (m *SelfSubjectReview) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *SelfSubjectReview) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *SelfSubjectReview) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_SelfSubjectReview.Merge(m, src)
+}
+func (m *SelfSubjectReview) XXX_Size() int {
+	return m.Size()
+}
+func (m *SelfSubjectReview) XXX_DiscardUnknown() {
+	xxx_messageInfo_SelfSubjectReview.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_SelfSubjectReview proto.InternalMessageInfo
+
+func (m *SelfSubjectReviewStatus) Reset()      { *m = SelfSubjectReviewStatus{} }
+func (*SelfSubjectReviewStatus) ProtoMessage() {}
+func (*SelfSubjectReviewStatus) Descriptor() ([]byte, []int) {
+	return fileDescriptor_2953ea822e7ffe1e, []int{3}
+}
+func (m *SelfSubjectReviewStatus) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *SelfSubjectReviewStatus) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *SelfSubjectReviewStatus) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_SelfSubjectReviewStatus.Merge(m, src)
+}
+func (m *SelfSubjectReviewStatus) XXX_Size() int {
+	return m.Size()
+}
+func (m *SelfSubjectReviewStatus) XXX_DiscardUnknown() {
+	xxx_messageInfo_SelfSubjectReviewStatus.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_SelfSubjectReviewStatus proto.InternalMessageInfo
+
 func (m *TokenRequest) Reset()      { *m = TokenRequest{} }
 func (*TokenRequest) ProtoMessage() {}
 func (*TokenRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_2953ea822e7ffe1e, []int{2}
+	return fileDescriptor_2953ea822e7ffe1e, []int{4}
 }
 func (m *TokenRequest) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -133,7 +189,7 @@ var xxx_messageInfo_TokenRequest proto.InternalMessageInfo
 func (m *TokenRequestSpec) Reset()      { *m = TokenRequestSpec{} }
 func (*TokenRequestSpec) ProtoMessage() {}
 func (*TokenRequestSpec) Descriptor() ([]byte, []int) {
-	return fileDescriptor_2953ea822e7ffe1e, []int{3}
+	return fileDescriptor_2953ea822e7ffe1e, []int{5}
 }
 func (m *TokenRequestSpec) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -161,7 +217,7 @@ var xxx_messageInfo_TokenRequestSpec proto.InternalMessageInfo
 func (m *TokenRequestStatus) Reset()      { *m = TokenRequestStatus{} }
 func (*TokenRequestStatus) ProtoMessage() {}
 func (*TokenRequestStatus) Descriptor() ([]byte, []int) {
-	return fileDescriptor_2953ea822e7ffe1e, []int{4}
+	return fileDescriptor_2953ea822e7ffe1e, []int{6}
 }
 func (m *TokenRequestStatus) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -189,7 +245,7 @@ var xxx_messageInfo_TokenRequestStatus proto.InternalMessageInfo
 func (m *TokenReview) Reset()      { *m = TokenReview{} }
 func (*TokenReview) ProtoMessage() {}
 func (*TokenReview) Descriptor() ([]byte, []int) {
-	return fileDescriptor_2953ea822e7ffe1e, []int{5}
+	return fileDescriptor_2953ea822e7ffe1e, []int{7}
 }
 func (m *TokenReview) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -217,7 +273,7 @@ var xxx_messageInfo_TokenReview proto.InternalMessageInfo
 func (m *TokenReviewSpec) Reset()      { *m = TokenReviewSpec{} }
 func (*TokenReviewSpec) ProtoMessage() {}
 func (*TokenReviewSpec) Descriptor() ([]byte, []int) {
-	return fileDescriptor_2953ea822e7ffe1e, []int{6}
+	return fileDescriptor_2953ea822e7ffe1e, []int{8}
 }
 func (m *TokenReviewSpec) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -245,7 +301,7 @@ var xxx_messageInfo_TokenReviewSpec proto.InternalMessageInfo
 func (m *TokenReviewStatus) Reset()      { *m = TokenReviewStatus{} }
 func (*TokenReviewStatus) ProtoMessage() {}
 func (*TokenReviewStatus) Descriptor() ([]byte, []int) {
-	return fileDescriptor_2953ea822e7ffe1e, []int{7}
+	return fileDescriptor_2953ea822e7ffe1e, []int{9}
 }
 func (m *TokenReviewStatus) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -273,7 +329,7 @@ var xxx_messageInfo_TokenReviewStatus proto.InternalMessageInfo
 func (m *UserInfo) Reset()      { *m = UserInfo{} }
 func (*UserInfo) ProtoMessage() {}
 func (*UserInfo) Descriptor() ([]byte, []int) {
-	return fileDescriptor_2953ea822e7ffe1e, []int{8}
+	return fileDescriptor_2953ea822e7ffe1e, []int{10}
 }
 func (m *UserInfo) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -301,6 +357,8 @@ var xxx_messageInfo_UserInfo proto.InternalMessageInfo
 func init() {
 	proto.RegisterType((*BoundObjectReference)(nil), "k8s.io.api.authentication.v1.BoundObjectReference")
 	proto.RegisterType((*ExtraValue)(nil), "k8s.io.api.authentication.v1.ExtraValue")
+	proto.RegisterType((*SelfSubjectReview)(nil), "k8s.io.api.authentication.v1.SelfSubjectReview")
+	proto.RegisterType((*SelfSubjectReviewStatus)(nil), "k8s.io.api.authentication.v1.SelfSubjectReviewStatus")
 	proto.RegisterType((*TokenRequest)(nil), "k8s.io.api.authentication.v1.TokenRequest")
 	proto.RegisterType((*TokenRequestSpec)(nil), "k8s.io.api.authentication.v1.TokenRequestSpec")
 	proto.RegisterType((*TokenRequestStatus)(nil), "k8s.io.api.authentication.v1.TokenRequestStatus")
@@ -316,64 +374,67 @@ func init() {
 }
 
 var fileDescriptor_2953ea822e7ffe1e = []byte{
-	// 907 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x56, 0xcf, 0x6f, 0xe3, 0x44,
-	0x14, 0x8e, 0xf3, 0xa3, 0x4a, 0x26, 0xdb, 0xd2, 0xce, 0xb2, 0x52, 0x54, 0x96, 0xa4, 0x78, 0x25,
-	0x54, 0x01, 0x6b, 0x6f, 0x23, 0x04, 0xab, 0x45, 0x42, 0xaa, 0x69, 0x04, 0x11, 0x82, 0x5d, 0xcd,
-	0x6e, 0x0b, 0xe2, 0xc4, 0xc4, 0x7e, 0x4d, 0x87, 0xe0, 0xb1, 0xb1, 0xc7, 0x61, 0x73, 0xdb, 0x3f,
-	0x81, 0x23, 0x48, 0x1c, 0xf8, 0x23, 0x90, 0xf8, 0x17, 0x7a, 0x5c, 0x71, 0xea, 0x01, 0x45, 0xd4,
-	0x5c, 0x39, 0x72, 0xe2, 0x84, 0x66, 0x3c, 0xad, 0xe3, 0xa4, 0x4d, 0x73, 0xe2, 0x96, 0x79, 0xef,
-	0x7b, 0xdf, 0xbc, 0xf7, 0xcd, 0xe7, 0x99, 0xa0, 0xde, 0xe8, 0x61, 0x6c, 0xb1, 0xc0, 0x1e, 0x25,
-	0x03, 0x88, 0x38, 0x08, 0x88, 0xed, 0x31, 0x70, 0x2f, 0x88, 0x6c, 0x9d, 0xa0, 0x21, 0xb3, 0x69,
-	0x22, 0x4e, 0x80, 0x0b, 0xe6, 0x52, 0xc1, 0x02, 0x6e, 0x8f, 0xf7, 0xec, 0x21, 0x70, 0x88, 0xa8,
-	0x00, 0xcf, 0x0a, 0xa3, 0x40, 0x04, 0xf8, 0x6e, 0x86, 0xb6, 0x68, 0xc8, 0xac, 0x22, 0xda, 0x1a,
-	0xef, 0x6d, 0xdf, 0x1f, 0x32, 0x71, 0x92, 0x0c, 0x2c, 0x37, 0xf0, 0xed, 0x61, 0x30, 0x0c, 0x6c,
-	0x55, 0x34, 0x48, 0x8e, 0xd5, 0x4a, 0x2d, 0xd4, 0xaf, 0x8c, 0x6c, 0xfb, 0xdd, 0x7c, 0x6b, 0x9f,
-	0xba, 0x27, 0x8c, 0x43, 0x34, 0xb1, 0xc3, 0xd1, 0x50, 0x06, 0x62, 0xdb, 0x07, 0x41, 0xaf, 0x68,
-	0x61, 0xdb, 0xbe, 0xae, 0x2a, 0x4a, 0xb8, 0x60, 0x3e, 0x2c, 0x14, 0xbc, 0x77, 0x53, 0x41, 0xec,
-	0x9e, 0x80, 0x4f, 0xe7, 0xeb, 0xcc, 0xdf, 0x0d, 0xf4, 0xaa, 0x13, 0x24, 0xdc, 0x7b, 0x3c, 0xf8,
-	0x06, 0x5c, 0x41, 0xe0, 0x18, 0x22, 0xe0, 0x2e, 0xe0, 0x1d, 0x54, 0x1d, 0x31, 0xee, 0xb5, 0x8c,
-	0x1d, 0x63, 0xb7, 0xe1, 0xdc, 0x3a, 0x9d, 0x76, 0x4a, 0xe9, 0xb4, 0x53, 0xfd, 0x94, 0x71, 0x8f,
-	0xa8, 0x0c, 0xee, 0x22, 0x44, 0x43, 0x76, 0x04, 0x51, 0xcc, 0x02, 0xde, 0x2a, 0x2b, 0x1c, 0xd6,
-	0x38, 0xb4, 0xff, 0xa4, 0xaf, 0x33, 0x64, 0x06, 0x25, 0x59, 0x39, 0xf5, 0xa1, 0x55, 0x29, 0xb2,
-	0x7e, 0x4e, 0x7d, 0x20, 0x2a, 0x83, 0x1d, 0x54, 0x49, 0xfa, 0x07, 0xad, 0xaa, 0x02, 0x3c, 0xd0,
-	0x80, 0xca, 0x61, 0xff, 0xe0, 0xdf, 0x69, 0xe7, 0x8d, 0xeb, 0x86, 0x14, 0x93, 0x10, 0x62, 0xeb,
-	0xb0, 0x7f, 0x40, 0x64, 0xb1, 0xf9, 0x3e, 0x42, 0xbd, 0xe7, 0x22, 0xa2, 0x47, 0xf4, 0xdb, 0x04,
-	0x70, 0x07, 0xd5, 0x98, 0x00, 0x3f, 0x6e, 0x19, 0x3b, 0x95, 0xdd, 0x86, 0xd3, 0x48, 0xa7, 0x9d,
-	0x5a, 0x5f, 0x06, 0x48, 0x16, 0x7f, 0x54, 0xff, 0xf1, 0x97, 0x4e, 0xe9, 0xc5, 0x1f, 0x3b, 0x25,
-	0xf3, 0xe7, 0x32, 0xba, 0xf5, 0x2c, 0x18, 0x01, 0x27, 0xf0, 0x5d, 0x02, 0xb1, 0xc0, 0x5f, 0xa3,
-	0xba, 0x3c, 0x22, 0x8f, 0x0a, 0xaa, 0x94, 0x68, 0x76, 0x1f, 0x58, 0xb9, 0x3b, 0x2e, 0x9b, 0xb0,
-	0xc2, 0xd1, 0x50, 0x06, 0x62, 0x4b, 0xa2, 0xad, 0xf1, 0x9e, 0x95, 0xc9, 0xf9, 0x19, 0x08, 0x9a,
-	0x6b, 0x92, 0xc7, 0xc8, 0x25, 0x2b, 0x7e, 0x82, 0xaa, 0x71, 0x08, 0xae, 0xd2, 0xaf, 0xd9, 0xb5,
-	0xac, 0x65, 0xde, 0xb3, 0x66, 0x7b, 0x7b, 0x1a, 0x82, 0x9b, 0x2b, 0x28, 0x57, 0x44, 0x31, 0xe1,
-	0x2f, 0xd1, 0x5a, 0x2c, 0xa8, 0x48, 0x62, 0xa5, 0x72, 0xb1, 0xe3, 0x9b, 0x38, 0x55, 0x9d, 0xb3,
-	0xa1, 0x59, 0xd7, 0xb2, 0x35, 0xd1, 0x7c, 0xe6, 0x3f, 0x06, 0xda, 0x9c, 0x6f, 0x01, 0xbf, 0x8d,
-	0x1a, 0x34, 0xf1, 0x98, 0x34, 0xcd, 0x85, 0xc4, 0xeb, 0xe9, 0xb4, 0xd3, 0xd8, 0xbf, 0x08, 0x92,
-	0x3c, 0x8f, 0x3f, 0x42, 0x5b, 0xf0, 0x3c, 0x64, 0x91, 0xda, 0xfd, 0x29, 0xb8, 0x01, 0xf7, 0x62,
-	0x75, 0xd6, 0x15, 0xe7, 0x4e, 0x3a, 0xed, 0x6c, 0xf5, 0xe6, 0x93, 0x64, 0x11, 0x8f, 0x39, 0xda,
-	0x18, 0x14, 0x2c, 0xab, 0x07, 0xed, 0x2e, 0x1f, 0xf4, 0x2a, 0x9b, 0x3b, 0x38, 0x9d, 0x76, 0x36,
-	0x8a, 0x19, 0x32, 0xc7, 0x6e, 0xfe, 0x6a, 0x20, 0xbc, 0xa8, 0x12, 0xbe, 0x87, 0x6a, 0x42, 0x46,
-	0xf5, 0x27, 0xb2, 0xae, 0x45, 0xab, 0x65, 0xd0, 0x2c, 0x87, 0x27, 0xe8, 0x76, 0x3e, 0xc0, 0x33,
-	0xe6, 0x43, 0x2c, 0xa8, 0x1f, 0xea, 0xd3, 0x7e, 0x6b, 0x35, 0x2f, 0xc9, 0x32, 0xe7, 0x35, 0x4d,
-	0x7f, 0xbb, 0xb7, 0x48, 0x47, 0xae, 0xda, 0xc3, 0xfc, 0xa9, 0x8c, 0x9a, 0xba, 0xed, 0x31, 0x83,
-	0xef, 0xff, 0x07, 0x2f, 0x3f, 0x2e, 0x78, 0xf9, 0xfe, 0x4a, 0xbe, 0x93, 0xad, 0x5d, 0x6b, 0xe5,
-	0x2f, 0xe6, 0xac, 0x6c, 0xaf, 0x4e, 0xb9, 0xdc, 0xc9, 0x2e, 0x7a, 0x65, 0x6e, 0xff, 0xd5, 0x8e,
-	0xb3, 0x60, 0xf6, 0xf2, 0x72, 0xb3, 0x9b, 0x7f, 0x1b, 0x68, 0x6b, 0xa1, 0x25, 0xfc, 0x01, 0x5a,
-	0x9f, 0xe9, 0x1c, 0xb2, 0x1b, 0xb6, 0xee, 0xdc, 0xd1, 0xfb, 0xad, 0xef, 0xcf, 0x26, 0x49, 0x11,
-	0x8b, 0x3f, 0x41, 0xd5, 0x24, 0x86, 0x48, 0x2b, 0xfc, 0xe6, 0x72, 0x39, 0x0e, 0x63, 0x88, 0xfa,
-	0xfc, 0x38, 0xc8, 0xa5, 0x95, 0x11, 0xa2, 0x18, 0x8a, 0x93, 0x54, 0x6f, 0xf8, 0x6c, 0xef, 0xa1,
-	0x1a, 0x44, 0x51, 0x10, 0xe9, 0x7b, 0xfb, 0x52, 0x9b, 0x9e, 0x0c, 0x92, 0x2c, 0x67, 0xfe, 0x56,
-	0x46, 0xf5, 0x8b, 0x2d, 0xf1, 0x3b, 0xa8, 0x2e, 0xb7, 0x51, 0x97, 0x7d, 0x26, 0xe8, 0xa6, 0x2e,
-	0x52, 0x18, 0x19, 0x27, 0x97, 0x08, 0xfc, 0x3a, 0xaa, 0x24, 0xcc, 0xd3, 0x6f, 0x48, 0x73, 0xe6,
-	0xd2, 0x27, 0x32, 0x8e, 0x4d, 0xb4, 0x36, 0x8c, 0x82, 0x24, 0x94, 0x36, 0x90, 0x8d, 0x22, 0x79,
-	0xa2, 0x1f, 0xab, 0x08, 0xd1, 0x19, 0x7c, 0x84, 0x6a, 0x20, 0xef, 0x7c, 0x35, 0x4b, 0xb3, 0xbb,
-	0xb7, 0x9a, 0x34, 0x96, 0x7a, 0x27, 0x7a, 0x5c, 0x44, 0x93, 0x99, 0xa9, 0x64, 0x8c, 0x64, 0x74,
-	0xdb, 0x03, 0xfd, 0x96, 0x28, 0x0c, 0xde, 0x44, 0x95, 0x11, 0x4c, 0xb2, 0x89, 0x88, 0xfc, 0x89,
-	0x3f, 0x44, 0xb5, 0xb1, 0x7c, 0x66, 0xf4, 0x91, 0xec, 0x2e, 0xdf, 0x37, 0x7f, 0x96, 0x48, 0x56,
-	0xf6, 0xa8, 0xfc, 0xd0, 0x70, 0x9c, 0xd3, 0xf3, 0x76, 0xe9, 0xe5, 0x79, 0xbb, 0x74, 0x76, 0xde,
-	0x2e, 0xbd, 0x48, 0xdb, 0xc6, 0x69, 0xda, 0x36, 0x5e, 0xa6, 0x6d, 0xe3, 0x2c, 0x6d, 0x1b, 0x7f,
-	0xa6, 0x6d, 0xe3, 0x87, 0xbf, 0xda, 0xa5, 0xaf, 0xee, 0x2e, 0xfb, 0x13, 0xf3, 0x5f, 0x00, 0x00,
-	0x00, 0xff, 0xff, 0x12, 0xb8, 0x31, 0x91, 0xfc, 0x08, 0x00, 0x00,
+	// 958 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x56, 0x4b, 0x6f, 0x23, 0x45,
+	0x10, 0xf6, 0xf8, 0x11, 0xd9, 0xe5, 0x4d, 0x48, 0x7a, 0x59, 0x61, 0x85, 0xc5, 0x0e, 0xb3, 0x12,
+	0x8a, 0x80, 0x9d, 0xd9, 0x58, 0x3c, 0x56, 0x8b, 0x84, 0x94, 0x21, 0x16, 0x58, 0x08, 0x76, 0xd5,
+	0x4e, 0x02, 0x42, 0x42, 0xa2, 0x3d, 0xae, 0x38, 0x83, 0x77, 0x1e, 0xcc, 0xf4, 0x98, 0xf5, 0x6d,
+	0x7f, 0x02, 0x47, 0x90, 0x38, 0xf0, 0x23, 0x90, 0xf8, 0x0b, 0x39, 0xae, 0x10, 0x87, 0x3d, 0x20,
+	0x8b, 0x0c, 0x57, 0x8e, 0x9c, 0x38, 0xa1, 0xee, 0xe9, 0xf8, 0x99, 0x4c, 0x7c, 0xda, 0x9b, 0xa7,
+	0x1e, 0x5f, 0x55, 0x7d, 0x55, 0x5d, 0x65, 0x68, 0x0d, 0xee, 0x47, 0x86, 0xe3, 0x9b, 0x83, 0xb8,
+	0x8b, 0xa1, 0x87, 0x1c, 0x23, 0x73, 0x88, 0x5e, 0xcf, 0x0f, 0x4d, 0xa5, 0x60, 0x81, 0x63, 0xb2,
+	0x98, 0x9f, 0xa2, 0xc7, 0x1d, 0x9b, 0x71, 0xc7, 0xf7, 0xcc, 0xe1, 0x9e, 0xd9, 0x47, 0x0f, 0x43,
+	0xc6, 0xb1, 0x67, 0x04, 0xa1, 0xcf, 0x7d, 0x72, 0x3b, 0xb5, 0x36, 0x58, 0xe0, 0x18, 0xf3, 0xd6,
+	0xc6, 0x70, 0x6f, 0xfb, 0x6e, 0xdf, 0xe1, 0xa7, 0x71, 0xd7, 0xb0, 0x7d, 0xd7, 0xec, 0xfb, 0x7d,
+	0xdf, 0x94, 0x4e, 0xdd, 0xf8, 0x44, 0x7e, 0xc9, 0x0f, 0xf9, 0x2b, 0x05, 0xdb, 0x7e, 0x67, 0x1a,
+	0xda, 0x65, 0xf6, 0xa9, 0xe3, 0x61, 0x38, 0x32, 0x83, 0x41, 0x5f, 0x08, 0x22, 0xd3, 0x45, 0xce,
+	0x2e, 0x49, 0x61, 0xdb, 0xbc, 0xca, 0x2b, 0x8c, 0x3d, 0xee, 0xb8, 0xb8, 0xe4, 0xf0, 0xde, 0x75,
+	0x0e, 0x91, 0x7d, 0x8a, 0x2e, 0x5b, 0xf4, 0xd3, 0x7f, 0xd7, 0xe0, 0x65, 0xcb, 0x8f, 0xbd, 0xde,
+	0xc3, 0xee, 0xb7, 0x68, 0x73, 0x8a, 0x27, 0x18, 0xa2, 0x67, 0x23, 0xd9, 0x81, 0xe2, 0xc0, 0xf1,
+	0x7a, 0x35, 0x6d, 0x47, 0xdb, 0xad, 0x58, 0x37, 0xce, 0xc6, 0x8d, 0x5c, 0x32, 0x6e, 0x14, 0x3f,
+	0x75, 0xbc, 0x1e, 0x95, 0x1a, 0xd2, 0x04, 0x60, 0x81, 0x73, 0x8c, 0x61, 0xe4, 0xf8, 0x5e, 0x2d,
+	0x2f, 0xed, 0x88, 0xb2, 0x83, 0xfd, 0x47, 0x6d, 0xa5, 0xa1, 0x33, 0x56, 0x02, 0xd5, 0x63, 0x2e,
+	0xd6, 0x0a, 0xf3, 0xa8, 0x9f, 0x33, 0x17, 0xa9, 0xd4, 0x10, 0x0b, 0x0a, 0x71, 0xfb, 0xa0, 0x56,
+	0x94, 0x06, 0xf7, 0x94, 0x41, 0xe1, 0xa8, 0x7d, 0xf0, 0xdf, 0xb8, 0xf1, 0xfa, 0x55, 0x45, 0xf2,
+	0x51, 0x80, 0x91, 0x71, 0xd4, 0x3e, 0xa0, 0xc2, 0x59, 0x7f, 0x1f, 0xa0, 0xf5, 0x84, 0x87, 0xec,
+	0x98, 0x3d, 0x8e, 0x91, 0x34, 0xa0, 0xe4, 0x70, 0x74, 0xa3, 0x9a, 0xb6, 0x53, 0xd8, 0xad, 0x58,
+	0x95, 0x64, 0xdc, 0x28, 0xb5, 0x85, 0x80, 0xa6, 0xf2, 0x07, 0xe5, 0x1f, 0x7f, 0x69, 0xe4, 0x9e,
+	0xfe, 0xb9, 0x93, 0xd3, 0xff, 0xd0, 0x60, 0xab, 0x83, 0x8f, 0x4f, 0x3a, 0xb1, 0x62, 0x63, 0xe8,
+	0xe0, 0xf7, 0xe4, 0x1b, 0x28, 0x8b, 0x3e, 0xf5, 0x18, 0x67, 0x92, 0x8e, 0x6a, 0xf3, 0x9e, 0x31,
+	0x1d, 0x91, 0x49, 0x26, 0x46, 0x30, 0xe8, 0x0b, 0x41, 0x64, 0x08, 0x6b, 0x63, 0xb8, 0x67, 0xa4,
+	0x9c, 0x7e, 0x86, 0x9c, 0x4d, 0x89, 0x99, 0xca, 0xe8, 0x04, 0x95, 0x7c, 0x0d, 0x6b, 0x11, 0x67,
+	0x3c, 0x8e, 0x24, 0x8d, 0xd5, 0xe6, 0xbb, 0x46, 0xd6, 0x08, 0x1a, 0x4b, 0x29, 0x76, 0xa4, 0xb3,
+	0xb5, 0xa1, 0x82, 0xac, 0xa5, 0xdf, 0x54, 0x81, 0xea, 0x3e, 0xbc, 0x72, 0x85, 0x0b, 0x39, 0x84,
+	0x72, 0x1c, 0x61, 0xd8, 0xf6, 0x4e, 0x7c, 0x55, 0xdb, 0x1b, 0xd9, 0xb1, 0x8f, 0x94, 0xb5, 0xb5,
+	0xa9, 0x82, 0x95, 0x2f, 0x24, 0x74, 0x82, 0xa4, 0xff, 0x9c, 0x87, 0x1b, 0x87, 0xfe, 0x00, 0x3d,
+	0x8a, 0xdf, 0xc5, 0x18, 0xf1, 0x17, 0x40, 0xe1, 0x23, 0x28, 0x46, 0x01, 0xda, 0x8a, 0x40, 0x23,
+	0xbb, 0x88, 0xd9, 0xdc, 0x3a, 0x01, 0xda, 0xd3, 0x49, 0x14, 0x5f, 0x54, 0x22, 0x91, 0x2f, 0x27,
+	0x4d, 0x29, 0x2c, 0x65, 0x7c, 0x1d, 0x66, 0x76, 0x3f, 0xfe, 0xd5, 0x60, 0x73, 0x31, 0x05, 0xf2,
+	0x16, 0x54, 0x58, 0xdc, 0x73, 0xc4, 0xe3, 0xbb, 0x18, 0xd5, 0xf5, 0x64, 0xdc, 0xa8, 0xec, 0x5f,
+	0x08, 0xe9, 0x54, 0x4f, 0x3e, 0x82, 0x2d, 0x7c, 0x12, 0x38, 0xa1, 0x8c, 0xde, 0x41, 0xdb, 0xf7,
+	0x7a, 0x91, 0x7c, 0x33, 0x05, 0xeb, 0x56, 0x32, 0x6e, 0x6c, 0xb5, 0x16, 0x95, 0x74, 0xd9, 0x9e,
+	0x78, 0xb0, 0xd1, 0x9d, 0x7b, 0xfa, 0xaa, 0xd0, 0x66, 0x76, 0xa1, 0x97, 0xad, 0x0b, 0x8b, 0x24,
+	0xe3, 0xc6, 0xc6, 0xbc, 0x86, 0x2e, 0xa0, 0xeb, 0xbf, 0x6a, 0x40, 0x96, 0x59, 0x22, 0x77, 0xa0,
+	0xc4, 0x85, 0x54, 0xad, 0x9a, 0x75, 0x45, 0x5a, 0x29, 0x35, 0x4d, 0x75, 0x64, 0x04, 0x37, 0xa7,
+	0x05, 0x1c, 0x3a, 0x2e, 0x46, 0x9c, 0xb9, 0x81, 0xea, 0xf6, 0x9b, 0xab, 0xcd, 0x92, 0x70, 0xb3,
+	0x5e, 0x55, 0xf0, 0x37, 0x5b, 0xcb, 0x70, 0xf4, 0xb2, 0x18, 0xfa, 0x4f, 0x79, 0xa8, 0xaa, 0xb4,
+	0x5f, 0xd0, 0x3a, 0x78, 0x38, 0x37, 0xcb, 0x77, 0x57, 0x9a, 0x3b, 0xf9, 0xa6, 0xaf, 0x1a, 0xe5,
+	0x2f, 0x16, 0x46, 0xd9, 0x5c, 0x1d, 0x32, 0x7b, 0x92, 0x6d, 0x78, 0x69, 0x21, 0xfe, 0x6a, 0xed,
+	0x9c, 0x1b, 0xf6, 0x7c, 0xf6, 0xb0, 0xeb, 0xff, 0x68, 0xb0, 0xb5, 0x94, 0x12, 0xf9, 0x00, 0xd6,
+	0x67, 0x32, 0xc7, 0xf4, 0x52, 0x95, 0xad, 0x5b, 0x2a, 0xde, 0xfa, 0xfe, 0xac, 0x92, 0xce, 0xdb,
+	0x92, 0x4f, 0xa0, 0x28, 0x96, 0x95, 0x62, 0x78, 0xd5, 0x95, 0x37, 0xa1, 0x56, 0x48, 0xa8, 0x44,
+	0x98, 0xaf, 0xa4, 0x78, 0xcd, 0xb3, 0xbd, 0x03, 0x25, 0x0c, 0x43, 0x3f, 0x54, 0xf7, 0x6f, 0xc2,
+	0x4d, 0x4b, 0x08, 0x69, 0xaa, 0xd3, 0x7f, 0xcb, 0xc3, 0x64, 0xa7, 0x92, 0xb7, 0xd3, 0xfd, 0x2c,
+	0x8f, 0x66, 0x4a, 0xe8, 0xdc, 0xde, 0x15, 0x72, 0x3a, 0xb1, 0x20, 0xaf, 0x41, 0x21, 0x76, 0x7a,
+	0xea, 0x16, 0x57, 0x67, 0x8e, 0x27, 0x15, 0x72, 0xa2, 0xc3, 0x5a, 0x3f, 0xf4, 0xe3, 0x40, 0x8c,
+	0x81, 0x48, 0x14, 0x44, 0x47, 0x3f, 0x96, 0x12, 0xaa, 0x34, 0xe4, 0x18, 0x4a, 0x28, 0x6e, 0xa7,
+	0xac, 0xa5, 0xda, 0xdc, 0x5b, 0x8d, 0x1a, 0x43, 0xde, 0xdb, 0x96, 0xc7, 0xc3, 0xd1, 0x4c, 0x55,
+	0x42, 0x46, 0x53, 0xb8, 0xed, 0xae, 0xba, 0xc9, 0xd2, 0x86, 0x6c, 0x42, 0x61, 0x80, 0xa3, 0xb4,
+	0x22, 0x2a, 0x7e, 0x92, 0x0f, 0xa1, 0x34, 0x14, 0xe7, 0x5a, 0xb5, 0x64, 0x37, 0x3b, 0xee, 0xf4,
+	0xbc, 0xd3, 0xd4, 0xed, 0x41, 0xfe, 0xbe, 0x66, 0x59, 0x67, 0xe7, 0xf5, 0xdc, 0xb3, 0xf3, 0x7a,
+	0xee, 0xf9, 0x79, 0x3d, 0xf7, 0x34, 0xa9, 0x6b, 0x67, 0x49, 0x5d, 0x7b, 0x96, 0xd4, 0xb5, 0xe7,
+	0x49, 0x5d, 0xfb, 0x2b, 0xa9, 0x6b, 0x3f, 0xfc, 0x5d, 0xcf, 0x7d, 0x75, 0x3b, 0xeb, 0xcf, 0xe0,
+	0xff, 0x01, 0x00, 0x00, 0xff, 0xff, 0x0d, 0x9a, 0x38, 0x17, 0x44, 0x0a, 0x00, 0x00,
 }
 
 func (m *BoundObjectReference) Marshal() (dAtA []byte, err error) {
@@ -451,6 +512,82 @@ func (m ExtraValue) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	return len(dAtA) - i, nil
 }
 
+func (m *SelfSubjectReview) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *SelfSubjectReview) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *SelfSubjectReview) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	{
+		size, err := m.Status.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintGenerated(dAtA, i, uint64(size))
+	}
+	i--
+	dAtA[i] = 0x12
+	{
+		size, err := m.ObjectMeta.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintGenerated(dAtA, i, uint64(size))
+	}
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
+}
+
+func (m *SelfSubjectReviewStatus) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *SelfSubjectReviewStatus) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *SelfSubjectReviewStatus) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	{
+		size, err := m.UserInfo.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintGenerated(dAtA, i, uint64(size))
+	}
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
+}
+
 func (m *TokenRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
@@ -850,6 +987,30 @@ func (m ExtraValue) Size() (n int) {
 	return n
 }
 
+func (m *SelfSubjectReview) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = m.ObjectMeta.Size()
+	n += 1 + l + sovGenerated(uint64(l))
+	l = m.Status.Size()
+	n += 1 + l + sovGenerated(uint64(l))
+	return n
+}
+
+func (m *SelfSubjectReviewStatus) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = m.UserInfo.Size()
+	n += 1 + l + sovGenerated(uint64(l))
+	return n
+}
+
 func (m *TokenRequest) Size() (n int) {
 	if m == nil {
 		return 0
@@ -999,6 +1160,27 @@ func (this *BoundObjectReference) String() string {
 	}, "")
 	return s
 }
+func (this *SelfSubjectReview) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&SelfSubjectReview{`,
+		`ObjectMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ObjectMeta), "ObjectMeta", "v1.ObjectMeta", 1), `&`, ``, 1) + `,`,
+		`Status:` + strings.Replace(strings.Replace(this.Status.String(), "SelfSubjectReviewStatus", "SelfSubjectReviewStatus", 1), `&`, ``, 1) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *SelfSubjectReviewStatus) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&SelfSubjectReviewStatus{`,
+		`UserInfo:` + strings.Replace(strings.Replace(this.UserInfo.String(), "UserInfo", "UserInfo", 1), `&`, ``, 1) + `,`,
+		`}`,
+	}, "")
+	return s
+}
 func (this *TokenRequest) String() string {
 	if this == nil {
 		return "nil"
@@ -1361,6 +1543,205 @@ func (m *ExtraValue) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
+func (m *SelfSubjectReview) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGenerated
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: SelfSubjectReview: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: SelfSubjectReview: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ObjectMeta", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if err := m.ObjectMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Status", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if err := m.Status.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGenerated(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *SelfSubjectReviewStatus) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGenerated
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: SelfSubjectReviewStatus: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: SelfSubjectReviewStatus: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field UserInfo", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if err := m.UserInfo.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGenerated(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
 func (m *TokenRequest) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
diff --git a/vendor/k8s.io/api/authentication/v1/generated.proto b/vendor/k8s.io/api/authentication/v1/generated.proto
index f4806a3c63..1632070c87 100644
--- a/vendor/k8s.io/api/authentication/v1/generated.proto
+++ b/vendor/k8s.io/api/authentication/v1/generated.proto
@@ -56,6 +56,26 @@ message ExtraValue {
   repeated string items = 1;
 }
 
+// SelfSubjectReview contains the user information that the kube-apiserver has about the user making this request.
+// When using impersonation, users will receive the user info of the user being impersonated.  If impersonation or
+// request header authentication is used, any extra keys will have their case ignored and returned as lowercase.
+message SelfSubjectReview {
+  // Standard object's metadata.
+  // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+  // +optional
+  optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
+
+  // Status is filled in by the server with the user attributes.
+  optional SelfSubjectReviewStatus status = 2;
+}
+
+// SelfSubjectReviewStatus is filled by the kube-apiserver and sent back to a user.
+message SelfSubjectReviewStatus {
+  // User attributes of the user making this request.
+  // +optional
+  optional UserInfo userInfo = 1;
+}
+
 // TokenRequest requests a token for a given service account.
 message TokenRequest {
   // Standard object's metadata.
diff --git a/vendor/k8s.io/api/authentication/v1/register.go b/vendor/k8s.io/api/authentication/v1/register.go
index c522e4a46d..6a32b5926b 100644
--- a/vendor/k8s.io/api/authentication/v1/register.go
+++ b/vendor/k8s.io/api/authentication/v1/register.go
@@ -46,6 +46,7 @@ func addKnownTypes(scheme *runtime.Scheme) error {
 	scheme.AddKnownTypes(SchemeGroupVersion,
 		&TokenReview{},
 		&TokenRequest{},
+		&SelfSubjectReview{},
 	)
 	metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
 	return nil
diff --git a/vendor/k8s.io/api/authentication/v1/types.go b/vendor/k8s.io/api/authentication/v1/types.go
index 4e221e58c7..b498007c00 100644
--- a/vendor/k8s.io/api/authentication/v1/types.go
+++ b/vendor/k8s.io/api/authentication/v1/types.go
@@ -197,3 +197,28 @@ type BoundObjectReference struct {
 	// +optional
 	UID types.UID `json:"uid,omitempty" protobuf:"bytes,4,opt,name=uID,casttype=k8s.io/apimachinery/pkg/types.UID"`
 }
+
+// +genclient
+// +genclient:nonNamespaced
+// +genclient:onlyVerbs=create
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// SelfSubjectReview contains the user information that the kube-apiserver has about the user making this request.
+// When using impersonation, users will receive the user info of the user being impersonated.  If impersonation or
+// request header authentication is used, any extra keys will have their case ignored and returned as lowercase.
+type SelfSubjectReview struct {
+	metav1.TypeMeta `json:",inline"`
+	// Standard object's metadata.
+	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+	// +optional
+	metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
+	// Status is filled in by the server with the user attributes.
+	Status SelfSubjectReviewStatus `json:"status,omitempty" protobuf:"bytes,2,opt,name=status"`
+}
+
+// SelfSubjectReviewStatus is filled by the kube-apiserver and sent back to a user.
+type SelfSubjectReviewStatus struct {
+	// User attributes of the user making this request.
+	// +optional
+	UserInfo UserInfo `json:"userInfo,omitempty" protobuf:"bytes,1,opt,name=userInfo"`
+}
diff --git a/vendor/k8s.io/api/authentication/v1/types_swagger_doc_generated.go b/vendor/k8s.io/api/authentication/v1/types_swagger_doc_generated.go
index b1a730b816..ebfd4852c0 100644
--- a/vendor/k8s.io/api/authentication/v1/types_swagger_doc_generated.go
+++ b/vendor/k8s.io/api/authentication/v1/types_swagger_doc_generated.go
@@ -39,6 +39,25 @@ func (BoundObjectReference) SwaggerDoc() map[string]string {
 	return map_BoundObjectReference
 }
 
+var map_SelfSubjectReview = map[string]string{
+	"":         "SelfSubjectReview contains the user information that the kube-apiserver has about the user making this request. When using impersonation, users will receive the user info of the user being impersonated.  If impersonation or request header authentication is used, any extra keys will have their case ignored and returned as lowercase.",
+	"metadata": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata",
+	"status":   "Status is filled in by the server with the user attributes.",
+}
+
+func (SelfSubjectReview) SwaggerDoc() map[string]string {
+	return map_SelfSubjectReview
+}
+
+var map_SelfSubjectReviewStatus = map[string]string{
+	"":         "SelfSubjectReviewStatus is filled by the kube-apiserver and sent back to a user.",
+	"userInfo": "User attributes of the user making this request.",
+}
+
+func (SelfSubjectReviewStatus) SwaggerDoc() map[string]string {
+	return map_SelfSubjectReviewStatus
+}
+
 var map_TokenRequest = map[string]string{
 	"":         "TokenRequest requests a token for a given service account.",
 	"metadata": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata",
diff --git a/vendor/k8s.io/api/authentication/v1/zz_generated.deepcopy.go b/vendor/k8s.io/api/authentication/v1/zz_generated.deepcopy.go
index 2af533191b..369c89b863 100644
--- a/vendor/k8s.io/api/authentication/v1/zz_generated.deepcopy.go
+++ b/vendor/k8s.io/api/authentication/v1/zz_generated.deepcopy.go
@@ -61,6 +61,50 @@ func (in ExtraValue) DeepCopy() ExtraValue {
 	return *out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *SelfSubjectReview) DeepCopyInto(out *SelfSubjectReview) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	in.Status.DeepCopyInto(&out.Status)
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SelfSubjectReview.
+func (in *SelfSubjectReview) DeepCopy() *SelfSubjectReview {
+	if in == nil {
+		return nil
+	}
+	out := new(SelfSubjectReview)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *SelfSubjectReview) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *SelfSubjectReviewStatus) DeepCopyInto(out *SelfSubjectReviewStatus) {
+	*out = *in
+	in.UserInfo.DeepCopyInto(&out.UserInfo)
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SelfSubjectReviewStatus.
+func (in *SelfSubjectReviewStatus) DeepCopy() *SelfSubjectReviewStatus {
+	if in == nil {
+		return nil
+	}
+	out := new(SelfSubjectReviewStatus)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *TokenRequest) DeepCopyInto(out *TokenRequest) {
 	*out = *in
diff --git a/vendor/k8s.io/api/batch/v1/generated.pb.go b/vendor/k8s.io/api/batch/v1/generated.pb.go
index feafc23c2b..59a7482a0d 100644
--- a/vendor/k8s.io/api/batch/v1/generated.pb.go
+++ b/vendor/k8s.io/api/batch/v1/generated.pb.go
@@ -495,113 +495,120 @@ func init() {
 }
 
 var fileDescriptor_3b52da57c93de713 = []byte{
-	// 1696 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xcc, 0x58, 0x4f, 0x73, 0xe3, 0x48,
-	0x15, 0x8f, 0xe2, 0xd8, 0xb1, 0xdb, 0xc9, 0xc4, 0xd3, 0xb3, 0x33, 0x63, 0xc2, 0x96, 0x95, 0xd5,
-	0xec, 0x6e, 0x65, 0xa9, 0x45, 0x66, 0xb2, 0x53, 0x2c, 0xff, 0x8b, 0x91, 0x87, 0x59, 0x26, 0x78,
-	0x36, 0xa6, 0x9d, 0x40, 0xd5, 0xb2, 0x50, 0xc8, 0x52, 0xdb, 0xd1, 0x46, 0x56, 0x1b, 0x75, 0x2b,
-	0xb5, 0xb9, 0x50, 0x54, 0xf1, 0x05, 0xe0, 0xc8, 0x17, 0xe0, 0xc8, 0x05, 0xce, 0x70, 0xa3, 0x72,
-	0xdc, 0xe2, 0xb4, 0xc5, 0x41, 0xc5, 0x88, 0x0f, 0xc0, 0x3d, 0x5c, 0xa8, 0x6e, 0xb5, 0xf5, 0xcf,
-	0x52, 0xc8, 0x6c, 0x15, 0x5b, 0xdc, 0xa2, 0xf7, 0x7e, 0xef, 0xd7, 0x4f, 0xfd, 0x9e, 0x7e, 0xef,
-	0xc5, 0xe0, 0x5b, 0x67, 0x5f, 0xa3, 0xba, 0x43, 0xfa, 0x67, 0xc1, 0x04, 0xfb, 0x1e, 0x66, 0x98,
-	0xf6, 0xcf, 0xb1, 0x67, 0x13, 0xbf, 0x2f, 0x1d, 0xe6, 0xc2, 0xe9, 0x4f, 0x4c, 0x66, 0x9d, 0xf6,
-	0xcf, 0x1f, 0xf6, 0x67, 0xd8, 0xc3, 0xbe, 0xc9, 0xb0, 0xad, 0x2f, 0x7c, 0xc2, 0x08, 0xbc, 0x13,
-	0x83, 0x74, 0x73, 0xe1, 0xe8, 0x02, 0xa4, 0x9f, 0x3f, 0xdc, 0xfd, 0xf2, 0xcc, 0x61, 0xa7, 0xc1,
-	0x44, 0xb7, 0xc8, 0xbc, 0x3f, 0x23, 0x33, 0xd2, 0x17, 0xd8, 0x49, 0x30, 0x15, 0x4f, 0xe2, 0x41,
-	0xfc, 0x15, 0x73, 0xec, 0x6a, 0x99, 0x83, 0x2c, 0xe2, 0xe3, 0x92, 0x73, 0x76, 0x1f, 0xa5, 0x98,
-	0xb9, 0x69, 0x9d, 0x3a, 0x1e, 0xf6, 0x2f, 0xfa, 0x8b, 0xb3, 0x19, 0x37, 0xd0, 0xfe, 0x1c, 0x33,
-	0xb3, 0x2c, 0xaa, 0x5f, 0x15, 0xe5, 0x07, 0x1e, 0x73, 0xe6, 0x78, 0x25, 0xe0, 0xab, 0xff, 0x2d,
-	0x80, 0x5a, 0xa7, 0x78, 0x6e, 0x16, 0xe3, 0xb4, 0x7f, 0x2b, 0x60, 0x73, 0xe0, 0x13, 0xef, 0x90,
-	0x4c, 0xe0, 0xcf, 0x41, 0x93, 0xe7, 0x63, 0x9b, 0xcc, 0xec, 0x2a, 0x7b, 0xca, 0x7e, 0xfb, 0xe0,
-	0x2b, 0x7a, 0x7a, 0x4b, 0x09, 0xad, 0xbe, 0x38, 0x9b, 0x71, 0x03, 0xd5, 0x39, 0x5a, 0x3f, 0x7f,
-	0xa8, 0x1f, 0x4d, 0x3e, 0xc2, 0x16, 0x7b, 0x8e, 0x99, 0x69, 0xc0, 0xcb, 0x50, 0x5d, 0x8b, 0x42,
-	0x15, 0xa4, 0x36, 0x94, 0xb0, 0x42, 0x03, 0x6c, 0xd0, 0x05, 0xb6, 0xba, 0xeb, 0x82, 0x7d, 0x4f,
-	0x2f, 0xa9, 0x81, 0x2e, 0xb3, 0x19, 0x2f, 0xb0, 0x65, 0x6c, 0x49, 0xb6, 0x0d, 0xfe, 0x84, 0x44,
-	0x2c, 0x3c, 0x04, 0x0d, 0xca, 0x4c, 0x16, 0xd0, 0x6e, 0x4d, 0xb0, 0x68, 0xd7, 0xb2, 0x08, 0xa4,
-	0x71, 0x4b, 0xf2, 0x34, 0xe2, 0x67, 0x24, 0x19, 0xb4, 0x3f, 0x28, 0xa0, 0x2d, 0x91, 0x43, 0x87,
-	0x32, 0xf8, 0xe1, 0xca, 0x0d, 0xe8, 0x37, 0xbb, 0x01, 0x1e, 0x2d, 0xde, 0xbf, 0x23, 0x4f, 0x6a,
-	0x2e, 0x2d, 0x99, 0xb7, 0x7f, 0x0c, 0xea, 0x0e, 0xc3, 0x73, 0xda, 0x5d, 0xdf, 0xab, 0xed, 0xb7,
-	0x0f, 0x5e, 0xbd, 0x2e, 0x71, 0x63, 0x5b, 0x12, 0xd5, 0x9f, 0xf1, 0x10, 0x14, 0x47, 0x6a, 0x7f,
-	0xdb, 0x48, 0x12, 0xe6, 0x57, 0x02, 0xdf, 0x06, 0x4d, 0x5e, 0x58, 0x3b, 0x70, 0xb1, 0x48, 0xb8,
-	0x95, 0x26, 0x30, 0x96, 0x76, 0x94, 0x20, 0xe0, 0x3e, 0x68, 0xf2, 0x5e, 0xf8, 0x80, 0x78, 0xb8,
-	0xdb, 0x14, 0xe8, 0x2d, 0x8e, 0x3c, 0x96, 0x36, 0x94, 0x78, 0xe1, 0x09, 0xb8, 0x4f, 0x99, 0xe9,
-	0x33, 0xc7, 0x9b, 0x3d, 0xc1, 0xa6, 0xed, 0x3a, 0x1e, 0x1e, 0x63, 0x8b, 0x78, 0x36, 0x15, 0xb5,
-	0xab, 0x19, 0x5f, 0x8c, 0x42, 0xf5, 0xfe, 0xb8, 0x1c, 0x82, 0xaa, 0x62, 0xe1, 0x87, 0xe0, 0xb6,
-	0x45, 0x3c, 0x2b, 0xf0, 0x7d, 0xec, 0x59, 0x17, 0x23, 0xe2, 0x3a, 0xd6, 0x85, 0x28, 0x63, 0xcb,
-	0xd0, 0x65, 0xde, 0xb7, 0x07, 0x45, 0xc0, 0x55, 0x99, 0x11, 0xad, 0x12, 0xc1, 0x37, 0xc0, 0x26,
-	0x0d, 0xe8, 0x02, 0x7b, 0x76, 0x77, 0x63, 0x4f, 0xd9, 0x6f, 0x1a, 0xed, 0x28, 0x54, 0x37, 0xc7,
-	0xb1, 0x09, 0x2d, 0x7d, 0xf0, 0x27, 0xa0, 0xfd, 0x11, 0x99, 0x1c, 0xe3, 0xf9, 0xc2, 0x35, 0x19,
-	0xee, 0xd6, 0x45, 0x9d, 0x5f, 0x2f, 0x2d, 0xc6, 0x61, 0x8a, 0x13, 0xfd, 0x78, 0x47, 0x26, 0xd9,
-	0xce, 0x38, 0x50, 0x96, 0x0d, 0xfe, 0x0c, 0xec, 0xd2, 0xc0, 0xb2, 0x30, 0xa5, 0xd3, 0xc0, 0x3d,
-	0x24, 0x13, 0xfa, 0x7d, 0x87, 0x32, 0xe2, 0x5f, 0x0c, 0x9d, 0xb9, 0xc3, 0xba, 0x8d, 0x3d, 0x65,
-	0xbf, 0x6e, 0xf4, 0xa2, 0x50, 0xdd, 0x1d, 0x57, 0xa2, 0xd0, 0x35, 0x0c, 0x10, 0x81, 0x7b, 0x53,
-	0xd3, 0x71, 0xb1, 0xbd, 0xc2, 0xbd, 0x29, 0xb8, 0x77, 0xa3, 0x50, 0xbd, 0xf7, 0xb4, 0x14, 0x81,
-	0x2a, 0x22, 0xb5, 0x3f, 0xaf, 0x83, 0xed, 0xdc, 0xf7, 0x02, 0x7f, 0x00, 0x1a, 0xa6, 0xc5, 0x9c,
-	0x73, 0xde, 0x54, 0xbc, 0x55, 0x1f, 0x64, 0x6f, 0x87, 0x2b, 0x5d, 0xfa, 0xd5, 0x23, 0x3c, 0xc5,
-	0xbc, 0x08, 0x38, 0xfd, 0xc8, 0x1e, 0x8b, 0x50, 0x24, 0x29, 0xa0, 0x0b, 0x3a, 0xae, 0x49, 0xd9,
-	0xb2, 0x1f, 0x79, 0xb7, 0x89, 0xfa, 0xb4, 0x0f, 0xbe, 0x74, 0xb3, 0x8f, 0x8b, 0x47, 0x18, 0xaf,
-	0x44, 0xa1, 0xda, 0x19, 0x16, 0x78, 0xd0, 0x0a, 0x33, 0xf4, 0x01, 0x14, 0xb6, 0xe4, 0x0a, 0xc5,
-	0x79, 0xf5, 0x97, 0x3e, 0xef, 0x5e, 0x14, 0xaa, 0x70, 0xb8, 0xc2, 0x84, 0x4a, 0xd8, 0xb5, 0x7f,
-	0x29, 0xa0, 0xf6, 0xf9, 0x08, 0xe8, 0x77, 0x72, 0x02, 0xfa, 0x6a, 0x55, 0xd3, 0x56, 0x8a, 0xe7,
-	0xd3, 0x82, 0x78, 0xf6, 0x2a, 0x19, 0xae, 0x17, 0xce, 0xbf, 0xd6, 0xc0, 0xd6, 0x21, 0x99, 0x0c,
-	0x88, 0x67, 0x3b, 0xcc, 0x21, 0x1e, 0x7c, 0x04, 0x36, 0xd8, 0xc5, 0x62, 0x29, 0x42, 0x7b, 0xcb,
-	0xa3, 0x8f, 0x2f, 0x16, 0xf8, 0x2a, 0x54, 0x3b, 0x59, 0x2c, 0xb7, 0x21, 0x81, 0x86, 0xc3, 0x24,
-	0x9d, 0x75, 0x11, 0xf7, 0x28, 0x7f, 0xdc, 0x55, 0xa8, 0x96, 0x8c, 0x58, 0x3d, 0x61, 0xca, 0x27,
-	0x05, 0x67, 0x60, 0x9b, 0x17, 0x67, 0xe4, 0x93, 0x49, 0xdc, 0x65, 0xb5, 0x97, 0xae, 0xfa, 0x5d,
-	0x99, 0xc0, 0xf6, 0x30, 0x4b, 0x84, 0xf2, 0xbc, 0xf0, 0x3c, 0xee, 0xb1, 0x63, 0xdf, 0xf4, 0x68,
-	0xfc, 0x4a, 0x9f, 0xad, 0xa7, 0x77, 0xe5, 0x69, 0xa2, 0xcf, 0xf2, 0x6c, 0xa8, 0xe4, 0x04, 0xf8,
-	0x26, 0x68, 0xf8, 0xd8, 0xa4, 0xc4, 0x13, 0xfd, 0xdc, 0x4a, 0xab, 0x83, 0x84, 0x15, 0x49, 0x2f,
-	0x7c, 0x0b, 0x6c, 0xce, 0x31, 0xa5, 0xe6, 0x0c, 0x0b, 0xc5, 0x69, 0x19, 0x3b, 0x12, 0xb8, 0xf9,
-	0x3c, 0x36, 0xa3, 0xa5, 0x5f, 0xfb, 0xbd, 0x02, 0x36, 0x3f, 0x9f, 0xe9, 0xf7, 0xed, 0xfc, 0xf4,
-	0xeb, 0x56, 0x75, 0x5e, 0xc5, 0xe4, 0xfb, 0x5d, 0x43, 0x24, 0x2a, 0xa6, 0xde, 0x43, 0xd0, 0x5e,
-	0x98, 0xbe, 0xe9, 0xba, 0xd8, 0x75, 0xe8, 0x5c, 0xe4, 0x5a, 0x37, 0x76, 0xb8, 0x2e, 0x8f, 0x52,
-	0x33, 0xca, 0x62, 0x78, 0x88, 0x45, 0xe6, 0x0b, 0x17, 0xf3, 0xcb, 0x8c, 0xdb, 0x4d, 0x86, 0x0c,
-	0x52, 0x33, 0xca, 0x62, 0xe0, 0x11, 0xb8, 0x1b, 0x2b, 0x58, 0x71, 0x02, 0xd6, 0xc4, 0x04, 0xfc,
-	0x42, 0x14, 0xaa, 0x77, 0x1f, 0x97, 0x01, 0x50, 0x79, 0x1c, 0x9c, 0x81, 0xce, 0x82, 0xd8, 0x5c,
-	0x9c, 0x03, 0x1f, 0xcb, 0xe1, 0xd7, 0x16, 0xf7, 0xfc, 0x46, 0xe9, 0x65, 0x8c, 0x0a, 0xe0, 0x58,
-	0x03, 0x8b, 0x56, 0xb4, 0x42, 0x0a, 0x1f, 0x81, 0xad, 0x89, 0x69, 0x9d, 0x91, 0xe9, 0x34, 0x3b,
-	0x1a, 0x3a, 0x51, 0xa8, 0x6e, 0x19, 0x19, 0x3b, 0xca, 0xa1, 0xe0, 0x4f, 0x41, 0x93, 0x62, 0x17,
-	0x5b, 0x8c, 0xf8, 0xb2, 0x97, 0xdf, 0xb9, 0x61, 0xf9, 0xcd, 0x09, 0x76, 0xc7, 0x32, 0x34, 0x5e,
-	0x29, 0x96, 0x4f, 0x28, 0xa1, 0x84, 0xdf, 0x00, 0xb7, 0xe6, 0xa6, 0x17, 0x98, 0x09, 0x52, 0x34,
-	0x71, 0xd3, 0x80, 0x51, 0xa8, 0xde, 0x7a, 0x9e, 0xf3, 0xa0, 0x02, 0x12, 0xfe, 0x10, 0x34, 0xd9,
-	0x72, 0x5e, 0x37, 0x44, 0x6a, 0xa5, 0x13, 0x69, 0x44, 0xec, 0xdc, 0xb8, 0x4e, 0xda, 0x31, 0x99,
-	0xd5, 0x09, 0x0d, 0xdf, 0x70, 0x18, 0x73, 0x65, 0x69, 0x1e, 0x4f, 0x19, 0xf6, 0x9f, 0x3a, 0x9e,
-	0x43, 0x4f, 0xb1, 0x2d, 0x56, 0xa3, 0x7a, 0xbc, 0xe1, 0x1c, 0x1f, 0x0f, 0xcb, 0x20, 0xa8, 0x2a,
-	0x16, 0x0e, 0xc1, 0xad, 0xb4, 0x87, 0x9e, 0x13, 0x1b, 0x77, 0x5b, 0xe2, 0x0b, 0x7c, 0x9d, 0xbf,
-	0xe5, 0x20, 0xe7, 0xb9, 0x5a, 0xb1, 0xa0, 0x42, 0x6c, 0x76, 0xa3, 0x01, 0xd5, 0x1b, 0x8d, 0xf6,
-	0xdb, 0x3a, 0x68, 0xa5, 0xc3, 0xfb, 0x04, 0x00, 0x6b, 0xa9, 0x90, 0x54, 0x0e, 0xf0, 0xd7, 0xaa,
-	0xbe, 0xb6, 0x44, 0x4b, 0xd3, 0xc1, 0x93, 0x98, 0x28, 0xca, 0x10, 0xc1, 0x1f, 0x83, 0x96, 0x58,
-	0xeb, 0x84, 0xd6, 0xad, 0xbf, 0xb4, 0xd6, 0x6d, 0x47, 0xa1, 0xda, 0x1a, 0x2f, 0x09, 0x50, 0xca,
-	0x05, 0xa7, 0xd9, 0x2b, 0xfb, 0x8c, 0xba, 0x0d, 0xf3, 0xd7, 0x2b, 0x8e, 0x28, 0xb0, 0x72, 0xf5,
-	0x94, 0x4b, 0xcd, 0x86, 0x28, 0x70, 0xd5, 0xbe, 0xd2, 0x07, 0x2d, 0xb1, 0x80, 0x61, 0x1b, 0xdb,
-	0xa2, 0x47, 0xeb, 0xc6, 0x6d, 0x09, 0x6d, 0x8d, 0x97, 0x0e, 0x94, 0x62, 0x38, 0x71, 0xbc, 0x59,
-	0xc9, 0xfd, 0x2e, 0x21, 0x8e, 0xf7, 0x30, 0x24, 0xbd, 0xf0, 0x09, 0xe8, 0xc8, 0x94, 0xb0, 0xfd,
-	0xcc, 0xb3, 0xf1, 0xc7, 0x98, 0x8a, 0x4f, 0xb3, 0x65, 0x74, 0x65, 0x44, 0x67, 0x50, 0xf0, 0xa3,
-	0x95, 0x08, 0xf8, 0x6b, 0x05, 0xdc, 0x0f, 0x3c, 0x8b, 0x04, 0x1e, 0xc3, 0xf6, 0x31, 0xf6, 0xe7,
-	0x8e, 0xc7, 0xff, 0x9f, 0x1b, 0x11, 0x9b, 0x8a, 0xce, 0x6d, 0x1f, 0xbc, 0x5d, 0x5a, 0xec, 0x93,
-	0xf2, 0x98, 0xb8, 0xcf, 0x2b, 0x9c, 0xa8, 0xea, 0x24, 0xa8, 0x82, 0xba, 0x8f, 0x4d, 0xfb, 0x42,
-	0xb4, 0x77, 0xdd, 0x68, 0x71, 0xbd, 0x46, 0xdc, 0x80, 0x62, 0xbb, 0xf6, 0x47, 0x05, 0xec, 0x14,
-	0xd6, 0xe7, 0xff, 0xff, 0xfd, 0x48, 0x9b, 0x80, 0x15, 0x7d, 0x85, 0xef, 0x83, 0xba, 0x1f, 0xb8,
-	0x78, 0xf9, 0x29, 0xbd, 0x75, 0x23, 0xad, 0x46, 0x81, 0x8b, 0xd3, 0x49, 0xc6, 0x9f, 0x28, 0x8a,
-	0x69, 0xb4, 0xbf, 0x2b, 0xe0, 0xcd, 0x22, 0xfc, 0xc8, 0xfb, 0xde, 0xc7, 0x0e, 0x1b, 0x10, 0x1b,
-	0x53, 0x84, 0x7f, 0x11, 0x38, 0x3e, 0x9e, 0x63, 0x8f, 0xc1, 0x77, 0xc1, 0xb6, 0x45, 0x3c, 0x66,
-	0xf2, 0x6b, 0x79, 0xdf, 0x9c, 0x2f, 0xd7, 0xab, 0xdb, 0x7c, 0x43, 0x19, 0x64, 0x1d, 0x28, 0x8f,
-	0x83, 0x63, 0xd0, 0x24, 0x0b, 0xfe, 0x8f, 0x3e, 0xf1, 0xe5, 0x6a, 0xf5, 0xee, 0x52, 0x0b, 0x8f,
-	0xa4, 0xfd, 0x2a, 0x54, 0x1f, 0x5c, 0x93, 0xc6, 0x12, 0x86, 0x12, 0x22, 0xa8, 0x81, 0xc6, 0xb9,
-	0xe9, 0x06, 0x98, 0x4f, 0xc0, 0xda, 0x7e, 0xdd, 0x00, 0xbc, 0xc7, 0x7f, 0x24, 0x2c, 0x48, 0x7a,
-	0xb4, 0xbf, 0x94, 0xbe, 0xdc, 0x88, 0xd8, 0xa9, 0xaa, 0x8c, 0x4c, 0xc6, 0xb0, 0xef, 0xc1, 0xf7,
-	0x72, 0x2b, 0xe3, 0x3b, 0x85, 0x95, 0xf1, 0x41, 0xc9, 0xe2, 0x97, 0xa5, 0xf9, 0x5f, 0x6d, 0x91,
-	0xda, 0xe5, 0x3a, 0x78, 0xa5, 0xac, 0x9a, 0xf0, 0xbb, 0xb1, 0x7e, 0x10, 0x4f, 0x66, 0xbc, 0x9f,
-	0xd5, 0x0f, 0xe2, 0x5d, 0x85, 0xea, 0xbd, 0x62, 0x5c, 0xec, 0x41, 0x32, 0x0e, 0x7a, 0xa0, 0x4d,
-	0xd2, 0x1b, 0x96, 0x4d, 0xfa, 0xcd, 0x1b, 0xf5, 0x53, 0x79, 0x83, 0xc4, 0x1b, 0x4c, 0xd6, 0x97,
-	0x3d, 0x00, 0xfe, 0x12, 0xec, 0x90, 0xfc, 0xdd, 0x8b, 0xca, 0xdd, 0xfc, 0xcc, 0xb2, 0xba, 0x19,
-	0xf7, 0xe5, 0x7b, 0xef, 0x14, 0xfc, 0xa8, 0x78, 0x98, 0xf6, 0x27, 0x05, 0x54, 0x29, 0x0b, 0x1c,
-	0x65, 0x55, 0x96, 0x7f, 0x59, 0x2d, 0xe3, 0x20, 0xa7, 0xb0, 0x57, 0xa1, 0xfa, 0x5a, 0xd5, 0x8f,
-	0x5a, 0xbc, 0xec, 0x54, 0x3f, 0x79, 0xf6, 0x24, 0x2b, 0xc3, 0xef, 0x25, 0x32, 0xbc, 0x2e, 0xe8,
-	0xfa, 0xa9, 0x04, 0xdf, 0x8c, 0x4b, 0x86, 0x1b, 0x5f, 0xbf, 0x7c, 0xd1, 0x5b, 0xfb, 0xe4, 0x45,
-	0x6f, 0xed, 0xd3, 0x17, 0xbd, 0xb5, 0x5f, 0x45, 0x3d, 0xe5, 0x32, 0xea, 0x29, 0x9f, 0x44, 0x3d,
-	0xe5, 0xd3, 0xa8, 0xa7, 0xfc, 0x23, 0xea, 0x29, 0xbf, 0xf9, 0x67, 0x6f, 0xed, 0x83, 0x3b, 0x25,
-	0xbf, 0x32, 0xfe, 0x27, 0x00, 0x00, 0xff, 0xff, 0xf2, 0x8e, 0x19, 0x59, 0x94, 0x14, 0x00, 0x00,
+	// 1797 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xcc, 0x58, 0xcd, 0x6f, 0x23, 0x49,
+	0x15, 0x8f, 0x93, 0x38, 0xb1, 0xcb, 0xf9, 0xf0, 0xd4, 0x64, 0x66, 0x4c, 0x58, 0xb9, 0xb3, 0x9e,
+	0xdd, 0x55, 0x16, 0x2d, 0xed, 0x9d, 0xec, 0x88, 0xe5, 0x5b, 0x3b, 0x9d, 0x61, 0x96, 0x09, 0xce,
+	0x8e, 0x29, 0x67, 0x40, 0x5a, 0x16, 0x44, 0xb9, 0xbb, 0xec, 0xf4, 0xa6, 0xdd, 0xd5, 0x74, 0x55,
+	0x47, 0x93, 0x0b, 0x42, 0xe2, 0x0f, 0x80, 0xbf, 0x82, 0x23, 0x17, 0x38, 0xc3, 0x0d, 0xcd, 0x71,
+	0xc5, 0x69, 0xc5, 0xa1, 0xc5, 0x34, 0x7f, 0x00, 0xf7, 0x20, 0x24, 0x54, 0xd5, 0xe5, 0xfe, 0x72,
+	0x77, 0xc8, 0xac, 0xc4, 0x88, 0x5b, 0xfa, 0xbd, 0xdf, 0xfb, 0xd5, 0xc7, 0x7b, 0xf5, 0x7b, 0x2f,
+	0x06, 0xdf, 0x3e, 0xfb, 0x3a, 0xd3, 0x6d, 0xda, 0x3f, 0x0b, 0xc6, 0xc4, 0x77, 0x09, 0x27, 0xac,
+	0x7f, 0x4e, 0x5c, 0x8b, 0xfa, 0x7d, 0xe5, 0xc0, 0x9e, 0xdd, 0x1f, 0x63, 0x6e, 0x9e, 0xf6, 0xcf,
+	0xef, 0xf5, 0xa7, 0xc4, 0x25, 0x3e, 0xe6, 0xc4, 0xd2, 0x3d, 0x9f, 0x72, 0x0a, 0x6f, 0xc6, 0x20,
+	0x1d, 0x7b, 0xb6, 0x2e, 0x41, 0xfa, 0xf9, 0xbd, 0xdd, 0xaf, 0x4e, 0x6d, 0x7e, 0x1a, 0x8c, 0x75,
+	0x93, 0xce, 0xfa, 0x53, 0x3a, 0xa5, 0x7d, 0x89, 0x1d, 0x07, 0x13, 0xf9, 0x25, 0x3f, 0xe4, 0x5f,
+	0x31, 0xc7, 0x6e, 0x2f, 0xb3, 0x90, 0x49, 0x7d, 0x52, 0xb2, 0xce, 0xee, 0xfd, 0x14, 0x33, 0xc3,
+	0xe6, 0xa9, 0xed, 0x12, 0xff, 0xa2, 0xef, 0x9d, 0x4d, 0x85, 0x81, 0xf5, 0x67, 0x84, 0xe3, 0xb2,
+	0xa8, 0x7e, 0x55, 0x94, 0x1f, 0xb8, 0xdc, 0x9e, 0x91, 0x85, 0x80, 0xaf, 0xfd, 0xb7, 0x00, 0x66,
+	0x9e, 0x92, 0x19, 0x2e, 0xc6, 0xf5, 0xfe, 0x55, 0x03, 0xeb, 0x87, 0x3e, 0x75, 0x8f, 0xe8, 0x18,
+	0xfe, 0x1c, 0x34, 0xc4, 0x7e, 0x2c, 0xcc, 0x71, 0xa7, 0xb6, 0x57, 0xdb, 0x6f, 0x1d, 0xbc, 0xab,
+	0xa7, 0xb7, 0x94, 0xd0, 0xea, 0xde, 0xd9, 0x54, 0x18, 0x98, 0x2e, 0xd0, 0xfa, 0xf9, 0x3d, 0xfd,
+	0xc9, 0xf8, 0x53, 0x62, 0xf2, 0x63, 0xc2, 0xb1, 0x01, 0x9f, 0x87, 0xda, 0x52, 0x14, 0x6a, 0x20,
+	0xb5, 0xa1, 0x84, 0x15, 0x1a, 0x60, 0x95, 0x79, 0xc4, 0xec, 0x2c, 0x4b, 0xf6, 0x3d, 0xbd, 0x24,
+	0x07, 0xba, 0xda, 0xcd, 0xc8, 0x23, 0xa6, 0xb1, 0xa1, 0xd8, 0x56, 0xc5, 0x17, 0x92, 0xb1, 0xf0,
+	0x08, 0xac, 0x31, 0x8e, 0x79, 0xc0, 0x3a, 0x2b, 0x92, 0xa5, 0x77, 0x25, 0x8b, 0x44, 0x1a, 0x5b,
+	0x8a, 0x67, 0x2d, 0xfe, 0x46, 0x8a, 0xa1, 0xf7, 0xfb, 0x1a, 0x68, 0x29, 0xe4, 0xc0, 0x66, 0x1c,
+	0x7e, 0xb2, 0x70, 0x03, 0xfa, 0xf5, 0x6e, 0x40, 0x44, 0xcb, 0xf3, 0xb7, 0xd5, 0x4a, 0x8d, 0xb9,
+	0x25, 0x73, 0xfa, 0x07, 0xa0, 0x6e, 0x73, 0x32, 0x63, 0x9d, 0xe5, 0xbd, 0x95, 0xfd, 0xd6, 0xc1,
+	0x6b, 0x57, 0x6d, 0xdc, 0xd8, 0x54, 0x44, 0xf5, 0xc7, 0x22, 0x04, 0xc5, 0x91, 0xbd, 0xbf, 0xae,
+	0x26, 0x1b, 0x16, 0x57, 0x02, 0xdf, 0x01, 0x0d, 0x91, 0x58, 0x2b, 0x70, 0x88, 0xdc, 0x70, 0x33,
+	0xdd, 0xc0, 0x48, 0xd9, 0x51, 0x82, 0x80, 0xfb, 0xa0, 0x21, 0x6a, 0xe1, 0x63, 0xea, 0x92, 0x4e,
+	0x43, 0xa2, 0x37, 0x04, 0xf2, 0x44, 0xd9, 0x50, 0xe2, 0x85, 0x4f, 0xc1, 0x1d, 0xc6, 0xb1, 0xcf,
+	0x6d, 0x77, 0xfa, 0x90, 0x60, 0xcb, 0xb1, 0x5d, 0x32, 0x22, 0x26, 0x75, 0x2d, 0x26, 0x73, 0xb7,
+	0x62, 0x7c, 0x39, 0x0a, 0xb5, 0x3b, 0xa3, 0x72, 0x08, 0xaa, 0x8a, 0x85, 0x9f, 0x80, 0x1b, 0x26,
+	0x75, 0xcd, 0xc0, 0xf7, 0x89, 0x6b, 0x5e, 0x0c, 0xa9, 0x63, 0x9b, 0x17, 0x32, 0x8d, 0x4d, 0x43,
+	0x57, 0xfb, 0xbe, 0x71, 0x58, 0x04, 0x5c, 0x96, 0x19, 0xd1, 0x22, 0x11, 0x7c, 0x13, 0xac, 0xb3,
+	0x80, 0x79, 0xc4, 0xb5, 0x3a, 0xab, 0x7b, 0xb5, 0xfd, 0x86, 0xd1, 0x8a, 0x42, 0x6d, 0x7d, 0x14,
+	0x9b, 0xd0, 0xdc, 0x07, 0x7f, 0x02, 0x5a, 0x9f, 0xd2, 0xf1, 0x09, 0x99, 0x79, 0x0e, 0xe6, 0xa4,
+	0x53, 0x97, 0x79, 0x7e, 0xa3, 0x34, 0x19, 0x47, 0x29, 0x4e, 0xd6, 0xe3, 0x4d, 0xb5, 0xc9, 0x56,
+	0xc6, 0x81, 0xb2, 0x6c, 0xf0, 0x67, 0x60, 0x97, 0x05, 0xa6, 0x49, 0x18, 0x9b, 0x04, 0xce, 0x11,
+	0x1d, 0xb3, 0xef, 0xdb, 0x8c, 0x53, 0xff, 0x62, 0x60, 0xcf, 0x6c, 0xde, 0x59, 0xdb, 0xab, 0xed,
+	0xd7, 0x8d, 0x6e, 0x14, 0x6a, 0xbb, 0xa3, 0x4a, 0x14, 0xba, 0x82, 0x01, 0x22, 0x70, 0x7b, 0x82,
+	0x6d, 0x87, 0x58, 0x0b, 0xdc, 0xeb, 0x92, 0x7b, 0x37, 0x0a, 0xb5, 0xdb, 0x8f, 0x4a, 0x11, 0xa8,
+	0x22, 0xb2, 0xf7, 0xa7, 0x65, 0xb0, 0x99, 0x7b, 0x2f, 0xf0, 0x07, 0x60, 0x0d, 0x9b, 0xdc, 0x3e,
+	0x17, 0x45, 0x25, 0x4a, 0xf5, 0x6e, 0xf6, 0x76, 0x84, 0xd2, 0xa5, 0xaf, 0x1e, 0x91, 0x09, 0x11,
+	0x49, 0x20, 0xe9, 0x23, 0x7b, 0x20, 0x43, 0x91, 0xa2, 0x80, 0x0e, 0x68, 0x3b, 0x98, 0xf1, 0x79,
+	0x3d, 0x8a, 0x6a, 0x93, 0xf9, 0x69, 0x1d, 0x7c, 0xe5, 0x7a, 0x8f, 0x4b, 0x44, 0x18, 0x3b, 0x51,
+	0xa8, 0xb5, 0x07, 0x05, 0x1e, 0xb4, 0xc0, 0x0c, 0x7d, 0x00, 0xa5, 0x2d, 0xb9, 0x42, 0xb9, 0x5e,
+	0xfd, 0xa5, 0xd7, 0xbb, 0x1d, 0x85, 0x1a, 0x1c, 0x2c, 0x30, 0xa1, 0x12, 0xf6, 0xde, 0x3f, 0x6b,
+	0x60, 0xe5, 0xd5, 0x08, 0xe8, 0x77, 0x73, 0x02, 0xfa, 0x5a, 0x55, 0xd1, 0x56, 0x8a, 0xe7, 0xa3,
+	0x82, 0x78, 0x76, 0x2b, 0x19, 0xae, 0x16, 0xce, 0xbf, 0xac, 0x80, 0x8d, 0x23, 0x3a, 0x3e, 0xa4,
+	0xae, 0x65, 0x73, 0x9b, 0xba, 0xf0, 0x3e, 0x58, 0xe5, 0x17, 0xde, 0x5c, 0x84, 0xf6, 0xe6, 0x4b,
+	0x9f, 0x5c, 0x78, 0xe4, 0x32, 0xd4, 0xda, 0x59, 0xac, 0xb0, 0x21, 0x89, 0x86, 0x83, 0x64, 0x3b,
+	0xcb, 0x32, 0xee, 0x7e, 0x7e, 0xb9, 0xcb, 0x50, 0x2b, 0x69, 0xb1, 0x7a, 0xc2, 0x94, 0xdf, 0x14,
+	0x9c, 0x82, 0x4d, 0x91, 0x9c, 0xa1, 0x4f, 0xc7, 0x71, 0x95, 0xad, 0xbc, 0x74, 0xd6, 0x6f, 0xa9,
+	0x0d, 0x6c, 0x0e, 0xb2, 0x44, 0x28, 0xcf, 0x0b, 0xcf, 0xe3, 0x1a, 0x3b, 0xf1, 0xb1, 0xcb, 0xe2,
+	0x23, 0x7d, 0xb1, 0x9a, 0xde, 0x55, 0xab, 0xc9, 0x3a, 0xcb, 0xb3, 0xa1, 0x92, 0x15, 0xe0, 0x5b,
+	0x60, 0xcd, 0x27, 0x98, 0x51, 0x57, 0xd6, 0x73, 0x33, 0xcd, 0x0e, 0x92, 0x56, 0xa4, 0xbc, 0xf0,
+	0x6d, 0xb0, 0x3e, 0x23, 0x8c, 0xe1, 0x29, 0x91, 0x8a, 0xd3, 0x34, 0xb6, 0x15, 0x70, 0xfd, 0x38,
+	0x36, 0xa3, 0xb9, 0xbf, 0xf7, 0xbb, 0x1a, 0x58, 0x7f, 0x35, 0xdd, 0xef, 0x3b, 0xf9, 0xee, 0xd7,
+	0xa9, 0xaa, 0xbc, 0x8a, 0xce, 0xf7, 0x9b, 0x86, 0xdc, 0xa8, 0xec, 0x7a, 0xf7, 0x40, 0xcb, 0xc3,
+	0x3e, 0x76, 0x1c, 0xe2, 0xd8, 0x6c, 0x26, 0xf7, 0x5a, 0x37, 0xb6, 0x85, 0x2e, 0x0f, 0x53, 0x33,
+	0xca, 0x62, 0x44, 0x88, 0x49, 0x67, 0x9e, 0x43, 0xc4, 0x65, 0xc6, 0xe5, 0xa6, 0x42, 0x0e, 0x53,
+	0x33, 0xca, 0x62, 0xe0, 0x13, 0x70, 0x2b, 0x56, 0xb0, 0x62, 0x07, 0x5c, 0x91, 0x1d, 0xf0, 0x4b,
+	0x51, 0xa8, 0xdd, 0x7a, 0x50, 0x06, 0x40, 0xe5, 0x71, 0x70, 0x0a, 0xda, 0x1e, 0xb5, 0x84, 0x38,
+	0x07, 0x3e, 0x51, 0xcd, 0xaf, 0x25, 0xef, 0xf9, 0xcd, 0xd2, 0xcb, 0x18, 0x16, 0xc0, 0xb1, 0x06,
+	0x16, 0xad, 0x68, 0x81, 0x14, 0xde, 0x07, 0x1b, 0x63, 0x6c, 0x9e, 0xd1, 0xc9, 0x24, 0xdb, 0x1a,
+	0xda, 0x51, 0xa8, 0x6d, 0x18, 0x19, 0x3b, 0xca, 0xa1, 0xe0, 0x00, 0xec, 0x64, 0xbf, 0x87, 0xc4,
+	0x7f, 0xec, 0x5a, 0xe4, 0x59, 0x67, 0x43, 0x46, 0x77, 0xa2, 0x50, 0xdb, 0x31, 0x4a, 0xfc, 0xa8,
+	0x34, 0x0a, 0x7e, 0x00, 0xda, 0x33, 0xfc, 0x2c, 0xee, 0x44, 0xd2, 0x42, 0x58, 0x67, 0x53, 0x32,
+	0xc9, 0x53, 0x1c, 0x17, 0x7c, 0x68, 0x01, 0x0d, 0x7f, 0x0a, 0x1a, 0x8c, 0x38, 0xc4, 0xe4, 0xd4,
+	0x57, 0x6f, 0xeb, 0xbd, 0x6b, 0x96, 0x23, 0x1e, 0x13, 0x67, 0xa4, 0x42, 0xe3, 0x11, 0x67, 0xfe,
+	0x85, 0x12, 0x4a, 0xf8, 0x4d, 0xb0, 0x35, 0xc3, 0x6e, 0x80, 0x13, 0xa4, 0x7c, 0x54, 0x0d, 0x03,
+	0x46, 0xa1, 0xb6, 0x75, 0x9c, 0xf3, 0xa0, 0x02, 0x12, 0xfe, 0x10, 0x34, 0xf8, 0x7c, 0x7e, 0x58,
+	0x93, 0x5b, 0x2b, 0xed, 0x90, 0x43, 0x6a, 0xe5, 0xc6, 0x87, 0xe4, 0x79, 0x24, 0xb3, 0x43, 0x42,
+	0x23, 0x26, 0x2e, 0xce, 0x1d, 0x55, 0x2a, 0x0f, 0x26, 0x9c, 0xf8, 0x8f, 0x6c, 0xd7, 0x66, 0xa7,
+	0xc4, 0x92, 0xa3, 0x5a, 0x3d, 0x9e, 0xb8, 0x4e, 0x4e, 0x06, 0x65, 0x10, 0x54, 0x15, 0x0b, 0x07,
+	0x60, 0x2b, 0xad, 0xe9, 0x63, 0x6a, 0x91, 0x4e, 0x53, 0x2a, 0xc2, 0x1b, 0xe2, 0x94, 0x87, 0x39,
+	0xcf, 0xe5, 0x82, 0x05, 0x15, 0x62, 0xb3, 0x13, 0x16, 0xb8, 0x62, 0xc2, 0xb2, 0xc0, 0x8e, 0x47,
+	0x2d, 0x44, 0x3c, 0x07, 0x9b, 0x64, 0x46, 0x5c, 0xae, 0x8a, 0x7d, 0x4b, 0x2e, 0xfd, 0xae, 0xa8,
+	0xa4, 0x61, 0x89, 0xff, 0xb2, 0xc2, 0x8e, 0x4a, 0xd9, 0x7a, 0xff, 0xae, 0x83, 0x66, 0x3a, 0xb2,
+	0x3c, 0x05, 0xc0, 0x9c, 0xf7, 0x05, 0xa6, 0xc6, 0x96, 0xd7, 0xab, 0x34, 0x26, 0xe9, 0x20, 0x69,
+	0xbb, 0x4d, 0x4c, 0x0c, 0x65, 0x88, 0xe0, 0x8f, 0x41, 0x53, 0x0e, 0xb3, 0x52, 0xe1, 0x97, 0x5f,
+	0x5a, 0xe1, 0x37, 0xa3, 0x50, 0x6b, 0x8e, 0xe6, 0x04, 0x28, 0xe5, 0x82, 0x93, 0x6c, 0x62, 0xbe,
+	0x60, 0xb7, 0x82, 0xf9, 0x24, 0xca, 0x25, 0x0a, 0xac, 0xa2, 0x67, 0xa8, 0x51, 0x6e, 0x55, 0x96,
+	0x51, 0xd5, 0x94, 0xd6, 0x07, 0x4d, 0x39, 0x76, 0x12, 0x8b, 0x58, 0xf2, 0x25, 0xd4, 0x8d, 0x1b,
+	0x0a, 0xda, 0x1c, 0xcd, 0x1d, 0x28, 0xc5, 0x08, 0xe2, 0x78, 0x9e, 0x54, 0x53, 0x6d, 0x42, 0x1c,
+	0xbf, 0x62, 0xa4, 0xbc, 0x42, 0x79, 0x39, 0xf1, 0x67, 0xb6, 0x8b, 0xc5, 0x7f, 0x04, 0x52, 0xf0,
+	0x94, 0xf2, 0x9e, 0xa4, 0x66, 0x94, 0xc5, 0xc0, 0x87, 0xa0, 0xad, 0x4e, 0x91, 0x6a, 0xc7, 0xba,
+	0xac, 0x9d, 0x8e, 0x5a, 0xa4, 0x7d, 0x58, 0xf0, 0xa3, 0x85, 0x08, 0xf8, 0x3e, 0xd8, 0x9c, 0xe4,
+	0xe4, 0x07, 0x48, 0x8a, 0x1b, 0xa2, 0xbd, 0xe7, 0xb5, 0x27, 0x8f, 0x83, 0xbf, 0xae, 0x81, 0x3b,
+	0x81, 0x6b, 0xd2, 0xc0, 0xe5, 0xc4, 0x9a, 0x6f, 0x92, 0x58, 0x43, 0x6a, 0x31, 0xf9, 0x16, 0x5b,
+	0x07, 0xef, 0x94, 0x16, 0xd6, 0xd3, 0xf2, 0x98, 0xf8, 0xe5, 0x56, 0x38, 0x51, 0xd5, 0x4a, 0x50,
+	0x03, 0x75, 0x9f, 0x60, 0xeb, 0x42, 0x3e, 0xd8, 0xba, 0xd1, 0x14, 0x1d, 0x11, 0x09, 0x03, 0x8a,
+	0xed, 0xbd, 0x3f, 0xd4, 0xc0, 0x76, 0xe1, 0x1f, 0x94, 0xff, 0xff, 0x09, 0xb4, 0x37, 0x06, 0x0b,
+	0x1d, 0x0c, 0x7e, 0x04, 0xea, 0x7e, 0xe0, 0x90, 0xf9, 0xb3, 0x7d, 0xfb, 0x5a, 0xdd, 0x10, 0x05,
+	0x0e, 0x49, 0x67, 0x05, 0xf1, 0xc5, 0x50, 0x4c, 0xd3, 0xfb, 0x5b, 0x0d, 0xbc, 0x55, 0x84, 0x3f,
+	0x71, 0xbf, 0xf7, 0xcc, 0xe6, 0x87, 0xd4, 0x22, 0x0c, 0x91, 0x5f, 0x04, 0xb6, 0x2f, 0xa5, 0x44,
+	0x14, 0x89, 0x49, 0x5d, 0x8e, 0xc5, 0xb5, 0x7c, 0x84, 0x67, 0xf3, 0x01, 0x56, 0x16, 0xc9, 0x61,
+	0xd6, 0x81, 0xf2, 0x38, 0x38, 0x02, 0x0d, 0xea, 0x11, 0x1f, 0x8b, 0xc6, 0x11, 0x0f, 0xaf, 0xef,
+	0xcf, 0xd5, 0xfd, 0x89, 0xb2, 0x5f, 0x86, 0xda, 0xdd, 0x2b, 0xb6, 0x31, 0x87, 0xa1, 0x84, 0x08,
+	0xf6, 0xc0, 0xda, 0x39, 0x76, 0x02, 0x22, 0x66, 0x8c, 0x95, 0xfd, 0xba, 0x01, 0xc4, 0x7b, 0xfa,
+	0x91, 0xb4, 0x20, 0xe5, 0xe9, 0xfd, 0xb9, 0xf4, 0x70, 0x43, 0x6a, 0xa5, 0x0a, 0x36, 0xc4, 0x9c,
+	0x13, 0xdf, 0x85, 0x1f, 0xe6, 0x86, 0xf2, 0xf7, 0x0a, 0x43, 0xf9, 0xdd, 0x92, 0xd1, 0x3a, 0x4b,
+	0xf3, 0xbf, 0x9a, 0xd3, 0x7b, 0xcf, 0x97, 0xc1, 0x4e, 0x59, 0x36, 0xe1, 0x07, 0xb1, 0x56, 0x51,
+	0x57, 0xed, 0x78, 0x3f, 0xab, 0x55, 0xd4, 0xbd, 0x0c, 0xb5, 0xdb, 0xc5, 0xb8, 0xd8, 0x83, 0x54,
+	0x1c, 0x74, 0x41, 0x8b, 0xa6, 0x37, 0xac, 0x8a, 0xf4, 0x5b, 0xd7, 0xaa, 0xa7, 0xf2, 0x02, 0x89,
+	0x95, 0x2a, 0xeb, 0xcb, 0x2e, 0x00, 0x7f, 0x09, 0xb6, 0x69, 0xfe, 0xee, 0x65, 0xe6, 0xae, 0xbf,
+	0x66, 0x59, 0xde, 0x8c, 0x3b, 0xea, 0xdc, 0xdb, 0x05, 0x3f, 0x2a, 0x2e, 0xd6, 0xfb, 0x63, 0x0d,
+	0x54, 0x29, 0x0b, 0x1c, 0x66, 0x15, 0x5d, 0xbc, 0xac, 0xa6, 0x71, 0x90, 0x53, 0xf3, 0xcb, 0x50,
+	0x7b, 0xbd, 0xea, 0x67, 0x43, 0x91, 0x76, 0xa6, 0x3f, 0x7d, 0xfc, 0x30, 0x2b, 0xf9, 0x1f, 0x26,
+	0x92, 0xbf, 0x2c, 0xe9, 0xfa, 0xa9, 0xdc, 0x5f, 0x8f, 0x4b, 0x85, 0x1b, 0xdf, 0x78, 0xfe, 0xa2,
+	0xbb, 0xf4, 0xd9, 0x8b, 0xee, 0xd2, 0xe7, 0x2f, 0xba, 0x4b, 0xbf, 0x8a, 0xba, 0xb5, 0xe7, 0x51,
+	0xb7, 0xf6, 0x59, 0xd4, 0xad, 0x7d, 0x1e, 0x75, 0x6b, 0x7f, 0x8f, 0xba, 0xb5, 0xdf, 0xfe, 0xa3,
+	0xbb, 0xf4, 0xf1, 0xcd, 0x92, 0xdf, 0x71, 0xff, 0x13, 0x00, 0x00, 0xff, 0xff, 0x43, 0xdf, 0xa6,
+	0x7c, 0xf6, 0x15, 0x00, 0x00,
 }
 
 func (m *CronJob) Marshal() (dAtA []byte, err error) {
@@ -1023,6 +1030,23 @@ func (m *JobSpec) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	_ = i
 	var l int
 	_ = l
+	if m.PodReplacementPolicy != nil {
+		i -= len(*m.PodReplacementPolicy)
+		copy(dAtA[i:], *m.PodReplacementPolicy)
+		i = encodeVarintGenerated(dAtA, i, uint64(len(*m.PodReplacementPolicy)))
+		i--
+		dAtA[i] = 0x72
+	}
+	if m.MaxFailedIndexes != nil {
+		i = encodeVarintGenerated(dAtA, i, uint64(*m.MaxFailedIndexes))
+		i--
+		dAtA[i] = 0x68
+	}
+	if m.BackoffLimitPerIndex != nil {
+		i = encodeVarintGenerated(dAtA, i, uint64(*m.BackoffLimitPerIndex))
+		i--
+		dAtA[i] = 0x60
+	}
 	if m.PodFailurePolicy != nil {
 		{
 			size, err := m.PodFailurePolicy.MarshalToSizedBuffer(dAtA[:i])
@@ -1132,6 +1156,18 @@ func (m *JobStatus) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	_ = i
 	var l int
 	_ = l
+	if m.Terminating != nil {
+		i = encodeVarintGenerated(dAtA, i, uint64(*m.Terminating))
+		i--
+		dAtA[i] = 0x58
+	}
+	if m.FailedIndexes != nil {
+		i -= len(*m.FailedIndexes)
+		copy(dAtA[i:], *m.FailedIndexes)
+		i = encodeVarintGenerated(dAtA, i, uint64(len(*m.FailedIndexes)))
+		i--
+		dAtA[i] = 0x52
+	}
 	if m.Ready != nil {
 		i = encodeVarintGenerated(dAtA, i, uint64(*m.Ready))
 		i--
@@ -1645,6 +1681,16 @@ func (m *JobSpec) Size() (n int) {
 		l = m.PodFailurePolicy.Size()
 		n += 1 + l + sovGenerated(uint64(l))
 	}
+	if m.BackoffLimitPerIndex != nil {
+		n += 1 + sovGenerated(uint64(*m.BackoffLimitPerIndex))
+	}
+	if m.MaxFailedIndexes != nil {
+		n += 1 + sovGenerated(uint64(*m.MaxFailedIndexes))
+	}
+	if m.PodReplacementPolicy != nil {
+		l = len(*m.PodReplacementPolicy)
+		n += 1 + l + sovGenerated(uint64(l))
+	}
 	return n
 }
 
@@ -1680,6 +1726,13 @@ func (m *JobStatus) Size() (n int) {
 	if m.Ready != nil {
 		n += 1 + sovGenerated(uint64(*m.Ready))
 	}
+	if m.FailedIndexes != nil {
+		l = len(*m.FailedIndexes)
+		n += 1 + l + sovGenerated(uint64(l))
+	}
+	if m.Terminating != nil {
+		n += 1 + sovGenerated(uint64(*m.Terminating))
+	}
 	return n
 }
 
@@ -1913,6 +1966,9 @@ func (this *JobSpec) String() string {
 		`CompletionMode:` + valueToStringGenerated(this.CompletionMode) + `,`,
 		`Suspend:` + valueToStringGenerated(this.Suspend) + `,`,
 		`PodFailurePolicy:` + strings.Replace(this.PodFailurePolicy.String(), "PodFailurePolicy", "PodFailurePolicy", 1) + `,`,
+		`BackoffLimitPerIndex:` + valueToStringGenerated(this.BackoffLimitPerIndex) + `,`,
+		`MaxFailedIndexes:` + valueToStringGenerated(this.MaxFailedIndexes) + `,`,
+		`PodReplacementPolicy:` + valueToStringGenerated(this.PodReplacementPolicy) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1936,6 +1992,8 @@ func (this *JobStatus) String() string {
 		`CompletedIndexes:` + fmt.Sprintf("%v", this.CompletedIndexes) + `,`,
 		`UncountedTerminatedPods:` + strings.Replace(this.UncountedTerminatedPods.String(), "UncountedTerminatedPods", "UncountedTerminatedPods", 1) + `,`,
 		`Ready:` + valueToStringGenerated(this.Ready) + `,`,
+		`FailedIndexes:` + valueToStringGenerated(this.FailedIndexes) + `,`,
+		`Terminating:` + valueToStringGenerated(this.Terminating) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -3527,6 +3585,79 @@ func (m *JobSpec) Unmarshal(dAtA []byte) error {
 				return err
 			}
 			iNdEx = postIndex
+		case 12:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field BackoffLimitPerIndex", wireType)
+			}
+			var v int32
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int32(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			m.BackoffLimitPerIndex = &v
+		case 13:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field MaxFailedIndexes", wireType)
+			}
+			var v int32
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int32(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			m.MaxFailedIndexes = &v
+		case 14:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field PodReplacementPolicy", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			s := PodReplacementPolicy(dAtA[iNdEx:postIndex])
+			m.PodReplacementPolicy = &s
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipGenerated(dAtA[iNdEx:])
@@ -3828,6 +3959,59 @@ func (m *JobStatus) Unmarshal(dAtA []byte) error {
 				}
 			}
 			m.Ready = &v
+		case 10:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field FailedIndexes", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			s := string(dAtA[iNdEx:postIndex])
+			m.FailedIndexes = &s
+			iNdEx = postIndex
+		case 11:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Terminating", wireType)
+			}
+			var v int32
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int32(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			m.Terminating = &v
 		default:
 			iNdEx = preIndex
 			skippy, err := skipGenerated(dAtA[iNdEx:])
diff --git a/vendor/k8s.io/api/batch/v1/generated.proto b/vendor/k8s.io/api/batch/v1/generated.proto
index df4381c737..4f0822440f 100644
--- a/vendor/k8s.io/api/batch/v1/generated.proto
+++ b/vendor/k8s.io/api/batch/v1/generated.proto
@@ -223,6 +223,30 @@ message JobSpec {
   // +optional
   optional int32 backoffLimit = 7;
 
+  // Specifies the limit for the number of retries within an
+  // index before marking this index as failed. When enabled the number of
+  // failures per index is kept in the pod's
+  // batch.kubernetes.io/job-index-failure-count annotation. It can only
+  // be set when Job's completionMode=Indexed, and the Pod's restart
+  // policy is Never. The field is immutable.
+  // This field is alpha-level. It can be used when the `JobBackoffLimitPerIndex`
+  // feature gate is enabled (disabled by default).
+  // +optional
+  optional int32 backoffLimitPerIndex = 12;
+
+  // Specifies the maximal number of failed indexes before marking the Job as
+  // failed, when backoffLimitPerIndex is set. Once the number of failed
+  // indexes exceeds this number the entire Job is marked as Failed and its
+  // execution is terminated. When left as null the job continues execution of
+  // all of its indexes and is marked with the `Complete` Job condition.
+  // It can only be specified when backoffLimitPerIndex is set.
+  // It can be null or up to completions. It is required and must be
+  // less than or equal to 10^4 when is completions greater than 10^5.
+  // This field is alpha-level. It can be used when the `JobBackoffLimitPerIndex`
+  // feature gate is enabled (disabled by default).
+  // +optional
+  optional int32 maxFailedIndexes = 13;
+
   // A label query over pods that should match the pod count.
   // Normally, the system sets this field for you.
   // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
@@ -292,6 +316,19 @@ message JobSpec {
   //
   // +optional
   optional bool suspend = 10;
+
+  // podReplacementPolicy specifies when to create replacement Pods.
+  // Possible values are:
+  // - TerminatingOrFailed means that we recreate pods
+  //   when they are terminating (has a metadata.deletionTimestamp) or failed.
+  // - Failed means to wait until a previously created Pod is fully terminated (has phase
+  //   Failed or Succeeded) before creating a replacement Pod.
+  //
+  // When using podFailurePolicy, Failed is the the only allowed value.
+  // TerminatingOrFailed and Failed are allowed values when podFailurePolicy is not in use.
+  // This is an alpha field. Enable JobPodReplacementPolicy to be able to use this field.
+  // +optional
+  optional string podReplacementPolicy = 14;
 }
 
 // JobStatus represents the current state of a Job.
@@ -335,6 +372,14 @@ message JobStatus {
   // +optional
   optional int32 failed = 6;
 
+  // The number of pods which are terminating (in phase Pending or Running
+  // and have a deletionTimestamp).
+  //
+  // This field is alpha-level. The job controller populates the field when
+  // the feature gate JobPodReplacementPolicy is enabled (disabled by default).
+  // +optional
+  optional int32 terminating = 11;
+
   // completedIndexes holds the completed indexes when .spec.completionMode =
   // "Indexed" in a text format. The indexes are represented as decimal integers
   // separated by commas. The numbers are listed in increasing order. Three or
@@ -345,6 +390,19 @@ message JobStatus {
   // +optional
   optional string completedIndexes = 7;
 
+  // FailedIndexes holds the failed indexes when backoffLimitPerIndex=true.
+  // The indexes are represented in the text format analogous as for the
+  // `completedIndexes` field, ie. they are kept as decimal integers
+  // separated by commas. The numbers are listed in increasing order. Three or
+  // more consecutive numbers are compressed and represented by the first and
+  // last element of the series, separated by a hyphen.
+  // For example, if the failed indexes are 1, 3, 4, 5 and 7, they are
+  // represented as "1,3-5,7".
+  // This field is alpha-level. It can be used when the `JobBackoffLimitPerIndex`
+  // feature gate is enabled (disabled by default).
+  // +optional
+  optional string failedIndexes = 10;
+
   // uncountedTerminatedPods holds the UIDs of Pods that have terminated but
   // the job controller hasn't yet accounted for in the status counters.
   //
@@ -452,6 +510,10 @@ message PodFailurePolicyRule {
   //
   // - FailJob: indicates that the pod's job is marked as Failed and all
   //   running pods are terminated.
+  // - FailIndex: indicates that the pod's index is marked as Failed and will
+  //   not be restarted.
+  //   This value is alpha-level. It can be used when the
+  //   `JobBackoffLimitPerIndex` feature gate is enabled (disabled by default).
   // - Ignore: indicates that the counter towards the .backoffLimit is not
   //   incremented and a replacement pod is created.
   // - Count: indicates that the pod is handled in the default way - the
@@ -468,6 +530,7 @@ message PodFailurePolicyRule {
   // as a list of pod condition patterns. The requirement is satisfied if at
   // least one pattern matches an actual pod condition. At most 20 elements are allowed.
   // +listType=atomic
+  // +optional
   repeated PodFailurePolicyOnPodConditionsPattern onPodConditions = 3;
 }
 
diff --git a/vendor/k8s.io/api/batch/v1/types.go b/vendor/k8s.io/api/batch/v1/types.go
index 22cf9ee9cb..8a28614c0b 100644
--- a/vendor/k8s.io/api/batch/v1/types.go
+++ b/vendor/k8s.io/api/batch/v1/types.go
@@ -27,6 +27,11 @@ const (
 	// More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#label-selector-and-annotation-conventions
 	labelPrefix = "batch.kubernetes.io/"
 
+	// CronJobScheduledTimestampAnnotation is the scheduled timestamp annotation for the Job.
+	// It records the original/expected scheduled timestamp for the running job, represented in RFC3339.
+	// The CronJob controller adds this annotation if the CronJobsScheduledAnnotation feature gate (beta in 1.28) is enabled.
+	CronJobScheduledTimestampAnnotation = labelPrefix + "cronjob-scheduled-timestamp"
+
 	JobCompletionIndexAnnotation = labelPrefix + "job-completion-index"
 	// JobTrackingFinalizer is a finalizer for Job's pods. It prevents them from
 	// being deleted before being accounted in the Job status.
@@ -45,6 +50,13 @@ const (
 	// ControllerUid is used to programatically get pods corresponding to a Job.
 	// There is a corresponding label without the batch.kubernetes.io that we support for legacy reasons.
 	ControllerUidLabel = labelPrefix + "controller-uid"
+	// Annotation indicating the number of failures for the index corresponding
+	// to the pod, which are counted towards the backoff limit.
+	JobIndexFailureCountAnnotation = labelPrefix + "job-index-failure-count"
+	// Annotation indicating the number of failures for the index corresponding
+	// to the pod, which don't count towards the backoff limit, according to the
+	// pod failure policy. When the annotation is absent zero is implied.
+	JobIndexIgnoredFailureCountAnnotation = labelPrefix + "job-index-ignored-failure-count"
 )
 
 // +genclient
@@ -109,6 +121,11 @@ const (
 	// pod's job as Failed and terminate all running pods.
 	PodFailurePolicyActionFailJob PodFailurePolicyAction = "FailJob"
 
+	// This is an action which might be taken on a pod failure - mark the
+	// Job's index as failed to avoid restarts within this index. This action
+	// can only be used when backoffLimitPerIndex is set.
+	PodFailurePolicyActionFailIndex PodFailurePolicyAction = "FailIndex"
+
 	// This is an action which might be taken on a pod failure - the counter towards
 	// .backoffLimit, represented by the job's .status.failed field, is not
 	// incremented and a replacement pod is created.
@@ -128,6 +145,19 @@ const (
 	PodFailurePolicyOnExitCodesOpNotIn PodFailurePolicyOnExitCodesOperator = "NotIn"
 )
 
+// PodReplacementPolicy specifies the policy for creating pod replacements.
+// +enum
+type PodReplacementPolicy string
+
+const (
+	// TerminatingOrFailed means that we recreate pods
+	// when they are terminating (has a metadata.deletionTimestamp) or failed.
+	TerminatingOrFailed PodReplacementPolicy = "TerminatingOrFailed"
+	// Failed means to wait until a previously created Pod is fully terminated (has phase
+	// Failed or Succeeded) before creating a replacement Pod.
+	Failed PodReplacementPolicy = "Failed"
+)
+
 // PodFailurePolicyOnExitCodesRequirement describes the requirement for handling
 // a failed pod based on its container exit codes. In particular, it lookups the
 // .state.terminated.exitCode for each app container and init container status,
@@ -186,6 +216,10 @@ type PodFailurePolicyRule struct {
 	//
 	// - FailJob: indicates that the pod's job is marked as Failed and all
 	//   running pods are terminated.
+	// - FailIndex: indicates that the pod's index is marked as Failed and will
+	//   not be restarted.
+	//   This value is alpha-level. It can be used when the
+	//   `JobBackoffLimitPerIndex` feature gate is enabled (disabled by default).
 	// - Ignore: indicates that the counter towards the .backoffLimit is not
 	//   incremented and a replacement pod is created.
 	// - Count: indicates that the pod is handled in the default way - the
@@ -202,6 +236,7 @@ type PodFailurePolicyRule struct {
 	// as a list of pod condition patterns. The requirement is satisfied if at
 	// least one pattern matches an actual pod condition. At most 20 elements are allowed.
 	// +listType=atomic
+	// +optional
 	OnPodConditions []PodFailurePolicyOnPodConditionsPattern `json:"onPodConditions" protobuf:"bytes,3,opt,name=onPodConditions"`
 }
 
@@ -262,6 +297,30 @@ type JobSpec struct {
 	// +optional
 	BackoffLimit *int32 `json:"backoffLimit,omitempty" protobuf:"varint,7,opt,name=backoffLimit"`
 
+	// Specifies the limit for the number of retries within an
+	// index before marking this index as failed. When enabled the number of
+	// failures per index is kept in the pod's
+	// batch.kubernetes.io/job-index-failure-count annotation. It can only
+	// be set when Job's completionMode=Indexed, and the Pod's restart
+	// policy is Never. The field is immutable.
+	// This field is alpha-level. It can be used when the `JobBackoffLimitPerIndex`
+	// feature gate is enabled (disabled by default).
+	// +optional
+	BackoffLimitPerIndex *int32 `json:"backoffLimitPerIndex,omitempty" protobuf:"varint,12,opt,name=backoffLimitPerIndex"`
+
+	// Specifies the maximal number of failed indexes before marking the Job as
+	// failed, when backoffLimitPerIndex is set. Once the number of failed
+	// indexes exceeds this number the entire Job is marked as Failed and its
+	// execution is terminated. When left as null the job continues execution of
+	// all of its indexes and is marked with the `Complete` Job condition.
+	// It can only be specified when backoffLimitPerIndex is set.
+	// It can be null or up to completions. It is required and must be
+	// less than or equal to 10^4 when is completions greater than 10^5.
+	// This field is alpha-level. It can be used when the `JobBackoffLimitPerIndex`
+	// feature gate is enabled (disabled by default).
+	// +optional
+	MaxFailedIndexes *int32 `json:"maxFailedIndexes,omitempty" protobuf:"varint,13,opt,name=maxFailedIndexes"`
+
 	// TODO enabled it when https://github.com/kubernetes/kubernetes/issues/28486 has been fixed
 	// Optional number of failed pods to retain.
 	// +optional
@@ -336,6 +395,19 @@ type JobSpec struct {
 	//
 	// +optional
 	Suspend *bool `json:"suspend,omitempty" protobuf:"varint,10,opt,name=suspend"`
+
+	// podReplacementPolicy specifies when to create replacement Pods.
+	// Possible values are:
+	// - TerminatingOrFailed means that we recreate pods
+	//   when they are terminating (has a metadata.deletionTimestamp) or failed.
+	// - Failed means to wait until a previously created Pod is fully terminated (has phase
+	//   Failed or Succeeded) before creating a replacement Pod.
+	//
+	// When using podFailurePolicy, Failed is the the only allowed value.
+	// TerminatingOrFailed and Failed are allowed values when podFailurePolicy is not in use.
+	// This is an alpha field. Enable JobPodReplacementPolicy to be able to use this field.
+	// +optional
+	PodReplacementPolicy *PodReplacementPolicy `json:"podReplacementPolicy,omitempty" protobuf:"bytes,14,opt,name=podReplacementPolicy,casttype=podReplacementPolicy"`
 }
 
 // JobStatus represents the current state of a Job.
@@ -379,6 +451,14 @@ type JobStatus struct {
 	// +optional
 	Failed int32 `json:"failed,omitempty" protobuf:"varint,6,opt,name=failed"`
 
+	// The number of pods which are terminating (in phase Pending or Running
+	// and have a deletionTimestamp).
+	//
+	// This field is alpha-level. The job controller populates the field when
+	// the feature gate JobPodReplacementPolicy is enabled (disabled by default).
+	// +optional
+	Terminating *int32 `json:"terminating,omitempty" protobuf:"varint,11,opt,name=terminating"`
+
 	// completedIndexes holds the completed indexes when .spec.completionMode =
 	// "Indexed" in a text format. The indexes are represented as decimal integers
 	// separated by commas. The numbers are listed in increasing order. Three or
@@ -389,6 +469,19 @@ type JobStatus struct {
 	// +optional
 	CompletedIndexes string `json:"completedIndexes,omitempty" protobuf:"bytes,7,opt,name=completedIndexes"`
 
+	// FailedIndexes holds the failed indexes when backoffLimitPerIndex=true.
+	// The indexes are represented in the text format analogous as for the
+	// `completedIndexes` field, ie. they are kept as decimal integers
+	// separated by commas. The numbers are listed in increasing order. Three or
+	// more consecutive numbers are compressed and represented by the first and
+	// last element of the series, separated by a hyphen.
+	// For example, if the failed indexes are 1, 3, 4, 5 and 7, they are
+	// represented as "1,3-5,7".
+	// This field is alpha-level. It can be used when the `JobBackoffLimitPerIndex`
+	// feature gate is enabled (disabled by default).
+	// +optional
+	FailedIndexes *string `json:"failedIndexes,omitempty" protobuf:"bytes,10,opt,name=failedIndexes"`
+
 	// uncountedTerminatedPods holds the UIDs of Pods that have terminated but
 	// the job controller hasn't yet accounted for in the status counters.
 	//
diff --git a/vendor/k8s.io/api/batch/v1/types_swagger_doc_generated.go b/vendor/k8s.io/api/batch/v1/types_swagger_doc_generated.go
index f6f3141f18..43b4e1e7d9 100644
--- a/vendor/k8s.io/api/batch/v1/types_swagger_doc_generated.go
+++ b/vendor/k8s.io/api/batch/v1/types_swagger_doc_generated.go
@@ -117,12 +117,15 @@ var map_JobSpec = map[string]string{
 	"activeDeadlineSeconds":   "Specifies the duration in seconds relative to the startTime that the job may be continuously active before the system tries to terminate it; value must be positive integer. If a Job is suspended (at creation or through an update), this timer will effectively be stopped and reset when the Job is resumed again.",
 	"podFailurePolicy":        "Specifies the policy of handling failed pods. In particular, it allows to specify the set of actions and conditions which need to be satisfied to take the associated action. If empty, the default behaviour applies - the counter of failed pods, represented by the jobs's .status.failed field, is incremented and it is checked against the backoffLimit. This field cannot be used in combination with restartPolicy=OnFailure.\n\nThis field is beta-level. It can be used when the `JobPodFailurePolicy` feature gate is enabled (enabled by default).",
 	"backoffLimit":            "Specifies the number of retries before marking this job failed. Defaults to 6",
+	"backoffLimitPerIndex":    "Specifies the limit for the number of retries within an index before marking this index as failed. When enabled the number of failures per index is kept in the pod's batch.kubernetes.io/job-index-failure-count annotation. It can only be set when Job's completionMode=Indexed, and the Pod's restart policy is Never. The field is immutable. This field is alpha-level. It can be used when the `JobBackoffLimitPerIndex` feature gate is enabled (disabled by default).",
+	"maxFailedIndexes":        "Specifies the maximal number of failed indexes before marking the Job as failed, when backoffLimitPerIndex is set. Once the number of failed indexes exceeds this number the entire Job is marked as Failed and its execution is terminated. When left as null the job continues execution of all of its indexes and is marked with the `Complete` Job condition. It can only be specified when backoffLimitPerIndex is set. It can be null or up to completions. It is required and must be less than or equal to 10^4 when is completions greater than 10^5. This field is alpha-level. It can be used when the `JobBackoffLimitPerIndex` feature gate is enabled (disabled by default).",
 	"selector":                "A label query over pods that should match the pod count. Normally, the system sets this field for you. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors",
 	"manualSelector":          "manualSelector controls generation of pod labels and pod selectors. Leave `manualSelector` unset unless you are certain what you are doing. When false or unset, the system pick labels unique to this job and appends those labels to the pod template.  When true, the user is responsible for picking unique labels and specifying the selector.  Failure to pick a unique label may cause this and other jobs to not function correctly.  However, You may see `manualSelector=true` in jobs that were created with the old `extensions/v1beta1` API. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/#specifying-your-own-pod-selector",
 	"template":                "Describes the pod that will be created when executing a job. The only allowed template.spec.restartPolicy values are \"Never\" or \"OnFailure\". More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/",
 	"ttlSecondsAfterFinished": "ttlSecondsAfterFinished limits the lifetime of a Job that has finished execution (either Complete or Failed). If this field is set, ttlSecondsAfterFinished after the Job finishes, it is eligible to be automatically deleted. When the Job is being deleted, its lifecycle guarantees (e.g. finalizers) will be honored. If this field is unset, the Job won't be automatically deleted. If this field is set to zero, the Job becomes eligible to be deleted immediately after it finishes.",
 	"completionMode":          "completionMode specifies how Pod completions are tracked. It can be `NonIndexed` (default) or `Indexed`.\n\n`NonIndexed` means that the Job is considered complete when there have been .spec.completions successfully completed Pods. Each Pod completion is homologous to each other.\n\n`Indexed` means that the Pods of a Job get an associated completion index from 0 to (.spec.completions - 1), available in the annotation batch.kubernetes.io/job-completion-index. The Job is considered complete when there is one successfully completed Pod for each index. When value is `Indexed`, .spec.completions must be specified and `.spec.parallelism` must be less than or equal to 10^5. In addition, The Pod name takes the form `$(job-name)-$(index)-$(random-string)`, the Pod hostname takes the form `$(job-name)-$(index)`.\n\nMore completion modes can be added in the future. If the Job controller observes a mode that it doesn't recognize, which is possible during upgrades due to version skew, the controller skips updates for the Job.",
 	"suspend":                 "suspend specifies whether the Job controller should create Pods or not. If a Job is created with suspend set to true, no Pods are created by the Job controller. If a Job is suspended after creation (i.e. the flag goes from false to true), the Job controller will delete all active Pods associated with this Job. Users must design their workload to gracefully handle this. Suspending a Job will reset the StartTime field of the Job, effectively resetting the ActiveDeadlineSeconds timer too. Defaults to false.",
+	"podReplacementPolicy":    "podReplacementPolicy specifies when to create replacement Pods. Possible values are: - TerminatingOrFailed means that we recreate pods\n  when they are terminating (has a metadata.deletionTimestamp) or failed.\n- Failed means to wait until a previously created Pod is fully terminated (has phase\n  Failed or Succeeded) before creating a replacement Pod.\n\nWhen using podFailurePolicy, Failed is the the only allowed value. TerminatingOrFailed and Failed are allowed values when podFailurePolicy is not in use. This is an alpha field. Enable JobPodReplacementPolicy to be able to use this field.",
 }
 
 func (JobSpec) SwaggerDoc() map[string]string {
@@ -137,7 +140,9 @@ var map_JobStatus = map[string]string{
 	"active":                  "The number of pending and running pods.",
 	"succeeded":               "The number of pods which reached phase Succeeded.",
 	"failed":                  "The number of pods which reached phase Failed.",
+	"terminating":             "The number of pods which are terminating (in phase Pending or Running and have a deletionTimestamp).\n\nThis field is alpha-level. The job controller populates the field when the feature gate JobPodReplacementPolicy is enabled (disabled by default).",
 	"completedIndexes":        "completedIndexes holds the completed indexes when .spec.completionMode = \"Indexed\" in a text format. The indexes are represented as decimal integers separated by commas. The numbers are listed in increasing order. Three or more consecutive numbers are compressed and represented by the first and last element of the series, separated by a hyphen. For example, if the completed indexes are 1, 3, 4, 5 and 7, they are represented as \"1,3-5,7\".",
+	"failedIndexes":           "FailedIndexes holds the failed indexes when backoffLimitPerIndex=true. The indexes are represented in the text format analogous as for the `completedIndexes` field, ie. they are kept as decimal integers separated by commas. The numbers are listed in increasing order. Three or more consecutive numbers are compressed and represented by the first and last element of the series, separated by a hyphen. For example, if the failed indexes are 1, 3, 4, 5 and 7, they are represented as \"1,3-5,7\". This field is alpha-level. It can be used when the `JobBackoffLimitPerIndex` feature gate is enabled (disabled by default).",
 	"uncountedTerminatedPods": "uncountedTerminatedPods holds the UIDs of Pods that have terminated but the job controller hasn't yet accounted for in the status counters.\n\nThe job controller creates pods with a finalizer. When a pod terminates (succeeded or failed), the controller does three steps to account for it in the job status:\n\n1. Add the pod UID to the arrays in this field. 2. Remove the pod finalizer. 3. Remove the pod UID from the arrays while increasing the corresponding\n    counter.\n\nOld jobs might not be tracked using this field, in which case the field remains null.",
 	"ready":                   "The number of pods which have a Ready condition.\n\nThis field is beta-level. The job controller populates the field when the feature gate JobReadyPods is enabled (enabled by default).",
 }
@@ -188,7 +193,7 @@ func (PodFailurePolicyOnPodConditionsPattern) SwaggerDoc() map[string]string {
 
 var map_PodFailurePolicyRule = map[string]string{
 	"":                "PodFailurePolicyRule describes how a pod failure is handled when the requirements are met. One of onExitCodes and onPodConditions, but not both, can be used in each rule.",
-	"action":          "Specifies the action taken on a pod failure when the requirements are satisfied. Possible values are:\n\n- FailJob: indicates that the pod's job is marked as Failed and all\n  running pods are terminated.\n- Ignore: indicates that the counter towards the .backoffLimit is not\n  incremented and a replacement pod is created.\n- Count: indicates that the pod is handled in the default way - the\n  counter towards the .backoffLimit is incremented.\nAdditional values are considered to be added in the future. Clients should react to an unknown action by skipping the rule.",
+	"action":          "Specifies the action taken on a pod failure when the requirements are satisfied. Possible values are:\n\n- FailJob: indicates that the pod's job is marked as Failed and all\n  running pods are terminated.\n- FailIndex: indicates that the pod's index is marked as Failed and will\n  not be restarted.\n  This value is alpha-level. It can be used when the\n  `JobBackoffLimitPerIndex` feature gate is enabled (disabled by default).\n- Ignore: indicates that the counter towards the .backoffLimit is not\n  incremented and a replacement pod is created.\n- Count: indicates that the pod is handled in the default way - the\n  counter towards the .backoffLimit is incremented.\nAdditional values are considered to be added in the future. Clients should react to an unknown action by skipping the rule.",
 	"onExitCodes":     "Represents the requirement on the container exit codes.",
 	"onPodConditions": "Represents the requirement on the pod conditions. The requirement is represented as a list of pod condition patterns. The requirement is satisfied if at least one pattern matches an actual pod condition. At most 20 elements are allowed.",
 }
diff --git a/vendor/k8s.io/api/batch/v1/zz_generated.deepcopy.go b/vendor/k8s.io/api/batch/v1/zz_generated.deepcopy.go
index 2a901e9d0f..43fc41515b 100644
--- a/vendor/k8s.io/api/batch/v1/zz_generated.deepcopy.go
+++ b/vendor/k8s.io/api/batch/v1/zz_generated.deepcopy.go
@@ -267,6 +267,16 @@ func (in *JobSpec) DeepCopyInto(out *JobSpec) {
 		*out = new(int32)
 		**out = **in
 	}
+	if in.BackoffLimitPerIndex != nil {
+		in, out := &in.BackoffLimitPerIndex, &out.BackoffLimitPerIndex
+		*out = new(int32)
+		**out = **in
+	}
+	if in.MaxFailedIndexes != nil {
+		in, out := &in.MaxFailedIndexes, &out.MaxFailedIndexes
+		*out = new(int32)
+		**out = **in
+	}
 	if in.Selector != nil {
 		in, out := &in.Selector, &out.Selector
 		*out = new(metav1.LabelSelector)
@@ -293,6 +303,11 @@ func (in *JobSpec) DeepCopyInto(out *JobSpec) {
 		*out = new(bool)
 		**out = **in
 	}
+	if in.PodReplacementPolicy != nil {
+		in, out := &in.PodReplacementPolicy, &out.PodReplacementPolicy
+		*out = new(PodReplacementPolicy)
+		**out = **in
+	}
 	return
 }
 
@@ -324,6 +339,16 @@ func (in *JobStatus) DeepCopyInto(out *JobStatus) {
 		in, out := &in.CompletionTime, &out.CompletionTime
 		*out = (*in).DeepCopy()
 	}
+	if in.Terminating != nil {
+		in, out := &in.Terminating, &out.Terminating
+		*out = new(int32)
+		**out = **in
+	}
+	if in.FailedIndexes != nil {
+		in, out := &in.FailedIndexes, &out.FailedIndexes
+		*out = new(string)
+		**out = **in
+	}
 	if in.UncountedTerminatedPods != nil {
 		in, out := &in.UncountedTerminatedPods, &out.UncountedTerminatedPods
 		*out = new(UncountedTerminatedPods)
diff --git a/vendor/k8s.io/api/core/v1/annotation_key_constants.go b/vendor/k8s.io/api/core/v1/annotation_key_constants.go
index 61f86f850a..106ba14c3d 100644
--- a/vendor/k8s.io/api/core/v1/annotation_key_constants.go
+++ b/vendor/k8s.io/api/core/v1/annotation_key_constants.go
@@ -56,9 +56,9 @@ const (
 
 	// AppArmorBetaContainerAnnotationKeyPrefix is the prefix to an annotation key specifying a container's apparmor profile.
 	AppArmorBetaContainerAnnotationKeyPrefix = "container.apparmor.security.beta.kubernetes.io/"
-	// AppArmorBetaDefaultProfileAnnotatoinKey is the annotation key specifying the default AppArmor profile.
+	// AppArmorBetaDefaultProfileAnnotationKey is the annotation key specifying the default AppArmor profile.
 	AppArmorBetaDefaultProfileAnnotationKey = "apparmor.security.beta.kubernetes.io/defaultProfileName"
-	// AppArmorBetaAllowedProfileAnnotationKey is the annotation key specifying the allowed AppArmor profiles.
+	// AppArmorBetaAllowedProfilesAnnotationKey is the annotation key specifying the allowed AppArmor profiles.
 	AppArmorBetaAllowedProfilesAnnotationKey = "apparmor.security.beta.kubernetes.io/allowedProfileNames"
 
 	// AppArmorBetaProfileRuntimeDefault is the profile specifying the runtime default.
@@ -78,7 +78,7 @@ const (
 	// in the Annotations of a Node.
 	PreferAvoidPodsAnnotationKey string = "scheduler.alpha.kubernetes.io/preferAvoidPods"
 
-	// ObjectTTLAnnotations represents a suggestion for kubelet for how long it can cache
+	// ObjectTTLAnnotationKey represents a suggestion for kubelet for how long it can cache
 	// an object (e.g. secret, config map) before fetching it again from apiserver.
 	// This annotation can be attached to node.
 	ObjectTTLAnnotationKey string = "node.alpha.kubernetes.io/ttl"
diff --git a/vendor/k8s.io/api/core/v1/generated.pb.go b/vendor/k8s.io/api/core/v1/generated.pb.go
index c766462960..c267a5febd 100644
--- a/vendor/k8s.io/api/core/v1/generated.pb.go
+++ b/vendor/k8s.io/api/core/v1/generated.pb.go
@@ -1981,10 +1981,38 @@ func (m *HostAlias) XXX_DiscardUnknown() {
 
 var xxx_messageInfo_HostAlias proto.InternalMessageInfo
 
+func (m *HostIP) Reset()      { *m = HostIP{} }
+func (*HostIP) ProtoMessage() {}
+func (*HostIP) Descriptor() ([]byte, []int) {
+	return fileDescriptor_83c10c24ec417dc9, []int{69}
+}
+func (m *HostIP) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *HostIP) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *HostIP) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_HostIP.Merge(m, src)
+}
+func (m *HostIP) XXX_Size() int {
+	return m.Size()
+}
+func (m *HostIP) XXX_DiscardUnknown() {
+	xxx_messageInfo_HostIP.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_HostIP proto.InternalMessageInfo
+
 func (m *HostPathVolumeSource) Reset()      { *m = HostPathVolumeSource{} }
 func (*HostPathVolumeSource) ProtoMessage() {}
 func (*HostPathVolumeSource) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{69}
+	return fileDescriptor_83c10c24ec417dc9, []int{70}
 }
 func (m *HostPathVolumeSource) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2012,7 +2040,7 @@ var xxx_messageInfo_HostPathVolumeSource proto.InternalMessageInfo
 func (m *ISCSIPersistentVolumeSource) Reset()      { *m = ISCSIPersistentVolumeSource{} }
 func (*ISCSIPersistentVolumeSource) ProtoMessage() {}
 func (*ISCSIPersistentVolumeSource) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{70}
+	return fileDescriptor_83c10c24ec417dc9, []int{71}
 }
 func (m *ISCSIPersistentVolumeSource) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2040,7 +2068,7 @@ var xxx_messageInfo_ISCSIPersistentVolumeSource proto.InternalMessageInfo
 func (m *ISCSIVolumeSource) Reset()      { *m = ISCSIVolumeSource{} }
 func (*ISCSIVolumeSource) ProtoMessage() {}
 func (*ISCSIVolumeSource) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{71}
+	return fileDescriptor_83c10c24ec417dc9, []int{72}
 }
 func (m *ISCSIVolumeSource) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2068,7 +2096,7 @@ var xxx_messageInfo_ISCSIVolumeSource proto.InternalMessageInfo
 func (m *KeyToPath) Reset()      { *m = KeyToPath{} }
 func (*KeyToPath) ProtoMessage() {}
 func (*KeyToPath) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{72}
+	return fileDescriptor_83c10c24ec417dc9, []int{73}
 }
 func (m *KeyToPath) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2096,7 +2124,7 @@ var xxx_messageInfo_KeyToPath proto.InternalMessageInfo
 func (m *Lifecycle) Reset()      { *m = Lifecycle{} }
 func (*Lifecycle) ProtoMessage() {}
 func (*Lifecycle) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{73}
+	return fileDescriptor_83c10c24ec417dc9, []int{74}
 }
 func (m *Lifecycle) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2124,7 +2152,7 @@ var xxx_messageInfo_Lifecycle proto.InternalMessageInfo
 func (m *LifecycleHandler) Reset()      { *m = LifecycleHandler{} }
 func (*LifecycleHandler) ProtoMessage() {}
 func (*LifecycleHandler) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{74}
+	return fileDescriptor_83c10c24ec417dc9, []int{75}
 }
 func (m *LifecycleHandler) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2152,7 +2180,7 @@ var xxx_messageInfo_LifecycleHandler proto.InternalMessageInfo
 func (m *LimitRange) Reset()      { *m = LimitRange{} }
 func (*LimitRange) ProtoMessage() {}
 func (*LimitRange) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{75}
+	return fileDescriptor_83c10c24ec417dc9, []int{76}
 }
 func (m *LimitRange) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2180,7 +2208,7 @@ var xxx_messageInfo_LimitRange proto.InternalMessageInfo
 func (m *LimitRangeItem) Reset()      { *m = LimitRangeItem{} }
 func (*LimitRangeItem) ProtoMessage() {}
 func (*LimitRangeItem) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{76}
+	return fileDescriptor_83c10c24ec417dc9, []int{77}
 }
 func (m *LimitRangeItem) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2208,7 +2236,7 @@ var xxx_messageInfo_LimitRangeItem proto.InternalMessageInfo
 func (m *LimitRangeList) Reset()      { *m = LimitRangeList{} }
 func (*LimitRangeList) ProtoMessage() {}
 func (*LimitRangeList) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{77}
+	return fileDescriptor_83c10c24ec417dc9, []int{78}
 }
 func (m *LimitRangeList) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2236,7 +2264,7 @@ var xxx_messageInfo_LimitRangeList proto.InternalMessageInfo
 func (m *LimitRangeSpec) Reset()      { *m = LimitRangeSpec{} }
 func (*LimitRangeSpec) ProtoMessage() {}
 func (*LimitRangeSpec) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{78}
+	return fileDescriptor_83c10c24ec417dc9, []int{79}
 }
 func (m *LimitRangeSpec) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2264,7 +2292,7 @@ var xxx_messageInfo_LimitRangeSpec proto.InternalMessageInfo
 func (m *List) Reset()      { *m = List{} }
 func (*List) ProtoMessage() {}
 func (*List) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{79}
+	return fileDescriptor_83c10c24ec417dc9, []int{80}
 }
 func (m *List) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2292,7 +2320,7 @@ var xxx_messageInfo_List proto.InternalMessageInfo
 func (m *LoadBalancerIngress) Reset()      { *m = LoadBalancerIngress{} }
 func (*LoadBalancerIngress) ProtoMessage() {}
 func (*LoadBalancerIngress) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{80}
+	return fileDescriptor_83c10c24ec417dc9, []int{81}
 }
 func (m *LoadBalancerIngress) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2320,7 +2348,7 @@ var xxx_messageInfo_LoadBalancerIngress proto.InternalMessageInfo
 func (m *LoadBalancerStatus) Reset()      { *m = LoadBalancerStatus{} }
 func (*LoadBalancerStatus) ProtoMessage() {}
 func (*LoadBalancerStatus) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{81}
+	return fileDescriptor_83c10c24ec417dc9, []int{82}
 }
 func (m *LoadBalancerStatus) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2348,7 +2376,7 @@ var xxx_messageInfo_LoadBalancerStatus proto.InternalMessageInfo
 func (m *LocalObjectReference) Reset()      { *m = LocalObjectReference{} }
 func (*LocalObjectReference) ProtoMessage() {}
 func (*LocalObjectReference) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{82}
+	return fileDescriptor_83c10c24ec417dc9, []int{83}
 }
 func (m *LocalObjectReference) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2376,7 +2404,7 @@ var xxx_messageInfo_LocalObjectReference proto.InternalMessageInfo
 func (m *LocalVolumeSource) Reset()      { *m = LocalVolumeSource{} }
 func (*LocalVolumeSource) ProtoMessage() {}
 func (*LocalVolumeSource) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{83}
+	return fileDescriptor_83c10c24ec417dc9, []int{84}
 }
 func (m *LocalVolumeSource) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2404,7 +2432,7 @@ var xxx_messageInfo_LocalVolumeSource proto.InternalMessageInfo
 func (m *NFSVolumeSource) Reset()      { *m = NFSVolumeSource{} }
 func (*NFSVolumeSource) ProtoMessage() {}
 func (*NFSVolumeSource) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{84}
+	return fileDescriptor_83c10c24ec417dc9, []int{85}
 }
 func (m *NFSVolumeSource) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2432,7 +2460,7 @@ var xxx_messageInfo_NFSVolumeSource proto.InternalMessageInfo
 func (m *Namespace) Reset()      { *m = Namespace{} }
 func (*Namespace) ProtoMessage() {}
 func (*Namespace) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{85}
+	return fileDescriptor_83c10c24ec417dc9, []int{86}
 }
 func (m *Namespace) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2460,7 +2488,7 @@ var xxx_messageInfo_Namespace proto.InternalMessageInfo
 func (m *NamespaceCondition) Reset()      { *m = NamespaceCondition{} }
 func (*NamespaceCondition) ProtoMessage() {}
 func (*NamespaceCondition) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{86}
+	return fileDescriptor_83c10c24ec417dc9, []int{87}
 }
 func (m *NamespaceCondition) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2488,7 +2516,7 @@ var xxx_messageInfo_NamespaceCondition proto.InternalMessageInfo
 func (m *NamespaceList) Reset()      { *m = NamespaceList{} }
 func (*NamespaceList) ProtoMessage() {}
 func (*NamespaceList) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{87}
+	return fileDescriptor_83c10c24ec417dc9, []int{88}
 }
 func (m *NamespaceList) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2516,7 +2544,7 @@ var xxx_messageInfo_NamespaceList proto.InternalMessageInfo
 func (m *NamespaceSpec) Reset()      { *m = NamespaceSpec{} }
 func (*NamespaceSpec) ProtoMessage() {}
 func (*NamespaceSpec) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{88}
+	return fileDescriptor_83c10c24ec417dc9, []int{89}
 }
 func (m *NamespaceSpec) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2544,7 +2572,7 @@ var xxx_messageInfo_NamespaceSpec proto.InternalMessageInfo
 func (m *NamespaceStatus) Reset()      { *m = NamespaceStatus{} }
 func (*NamespaceStatus) ProtoMessage() {}
 func (*NamespaceStatus) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{89}
+	return fileDescriptor_83c10c24ec417dc9, []int{90}
 }
 func (m *NamespaceStatus) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2572,7 +2600,7 @@ var xxx_messageInfo_NamespaceStatus proto.InternalMessageInfo
 func (m *Node) Reset()      { *m = Node{} }
 func (*Node) ProtoMessage() {}
 func (*Node) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{90}
+	return fileDescriptor_83c10c24ec417dc9, []int{91}
 }
 func (m *Node) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2600,7 +2628,7 @@ var xxx_messageInfo_Node proto.InternalMessageInfo
 func (m *NodeAddress) Reset()      { *m = NodeAddress{} }
 func (*NodeAddress) ProtoMessage() {}
 func (*NodeAddress) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{91}
+	return fileDescriptor_83c10c24ec417dc9, []int{92}
 }
 func (m *NodeAddress) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2628,7 +2656,7 @@ var xxx_messageInfo_NodeAddress proto.InternalMessageInfo
 func (m *NodeAffinity) Reset()      { *m = NodeAffinity{} }
 func (*NodeAffinity) ProtoMessage() {}
 func (*NodeAffinity) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{92}
+	return fileDescriptor_83c10c24ec417dc9, []int{93}
 }
 func (m *NodeAffinity) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2656,7 +2684,7 @@ var xxx_messageInfo_NodeAffinity proto.InternalMessageInfo
 func (m *NodeCondition) Reset()      { *m = NodeCondition{} }
 func (*NodeCondition) ProtoMessage() {}
 func (*NodeCondition) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{93}
+	return fileDescriptor_83c10c24ec417dc9, []int{94}
 }
 func (m *NodeCondition) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2684,7 +2712,7 @@ var xxx_messageInfo_NodeCondition proto.InternalMessageInfo
 func (m *NodeConfigSource) Reset()      { *m = NodeConfigSource{} }
 func (*NodeConfigSource) ProtoMessage() {}
 func (*NodeConfigSource) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{94}
+	return fileDescriptor_83c10c24ec417dc9, []int{95}
 }
 func (m *NodeConfigSource) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2712,7 +2740,7 @@ var xxx_messageInfo_NodeConfigSource proto.InternalMessageInfo
 func (m *NodeConfigStatus) Reset()      { *m = NodeConfigStatus{} }
 func (*NodeConfigStatus) ProtoMessage() {}
 func (*NodeConfigStatus) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{95}
+	return fileDescriptor_83c10c24ec417dc9, []int{96}
 }
 func (m *NodeConfigStatus) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2740,7 +2768,7 @@ var xxx_messageInfo_NodeConfigStatus proto.InternalMessageInfo
 func (m *NodeDaemonEndpoints) Reset()      { *m = NodeDaemonEndpoints{} }
 func (*NodeDaemonEndpoints) ProtoMessage() {}
 func (*NodeDaemonEndpoints) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{96}
+	return fileDescriptor_83c10c24ec417dc9, []int{97}
 }
 func (m *NodeDaemonEndpoints) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2768,7 +2796,7 @@ var xxx_messageInfo_NodeDaemonEndpoints proto.InternalMessageInfo
 func (m *NodeList) Reset()      { *m = NodeList{} }
 func (*NodeList) ProtoMessage() {}
 func (*NodeList) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{97}
+	return fileDescriptor_83c10c24ec417dc9, []int{98}
 }
 func (m *NodeList) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2796,7 +2824,7 @@ var xxx_messageInfo_NodeList proto.InternalMessageInfo
 func (m *NodeProxyOptions) Reset()      { *m = NodeProxyOptions{} }
 func (*NodeProxyOptions) ProtoMessage() {}
 func (*NodeProxyOptions) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{98}
+	return fileDescriptor_83c10c24ec417dc9, []int{99}
 }
 func (m *NodeProxyOptions) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2824,7 +2852,7 @@ var xxx_messageInfo_NodeProxyOptions proto.InternalMessageInfo
 func (m *NodeResources) Reset()      { *m = NodeResources{} }
 func (*NodeResources) ProtoMessage() {}
 func (*NodeResources) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{99}
+	return fileDescriptor_83c10c24ec417dc9, []int{100}
 }
 func (m *NodeResources) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2852,7 +2880,7 @@ var xxx_messageInfo_NodeResources proto.InternalMessageInfo
 func (m *NodeSelector) Reset()      { *m = NodeSelector{} }
 func (*NodeSelector) ProtoMessage() {}
 func (*NodeSelector) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{100}
+	return fileDescriptor_83c10c24ec417dc9, []int{101}
 }
 func (m *NodeSelector) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2880,7 +2908,7 @@ var xxx_messageInfo_NodeSelector proto.InternalMessageInfo
 func (m *NodeSelectorRequirement) Reset()      { *m = NodeSelectorRequirement{} }
 func (*NodeSelectorRequirement) ProtoMessage() {}
 func (*NodeSelectorRequirement) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{101}
+	return fileDescriptor_83c10c24ec417dc9, []int{102}
 }
 func (m *NodeSelectorRequirement) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2908,7 +2936,7 @@ var xxx_messageInfo_NodeSelectorRequirement proto.InternalMessageInfo
 func (m *NodeSelectorTerm) Reset()      { *m = NodeSelectorTerm{} }
 func (*NodeSelectorTerm) ProtoMessage() {}
 func (*NodeSelectorTerm) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{102}
+	return fileDescriptor_83c10c24ec417dc9, []int{103}
 }
 func (m *NodeSelectorTerm) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2936,7 +2964,7 @@ var xxx_messageInfo_NodeSelectorTerm proto.InternalMessageInfo
 func (m *NodeSpec) Reset()      { *m = NodeSpec{} }
 func (*NodeSpec) ProtoMessage() {}
 func (*NodeSpec) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{103}
+	return fileDescriptor_83c10c24ec417dc9, []int{104}
 }
 func (m *NodeSpec) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2964,7 +2992,7 @@ var xxx_messageInfo_NodeSpec proto.InternalMessageInfo
 func (m *NodeStatus) Reset()      { *m = NodeStatus{} }
 func (*NodeStatus) ProtoMessage() {}
 func (*NodeStatus) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{104}
+	return fileDescriptor_83c10c24ec417dc9, []int{105}
 }
 func (m *NodeStatus) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2992,7 +3020,7 @@ var xxx_messageInfo_NodeStatus proto.InternalMessageInfo
 func (m *NodeSystemInfo) Reset()      { *m = NodeSystemInfo{} }
 func (*NodeSystemInfo) ProtoMessage() {}
 func (*NodeSystemInfo) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{105}
+	return fileDescriptor_83c10c24ec417dc9, []int{106}
 }
 func (m *NodeSystemInfo) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3020,7 +3048,7 @@ var xxx_messageInfo_NodeSystemInfo proto.InternalMessageInfo
 func (m *ObjectFieldSelector) Reset()      { *m = ObjectFieldSelector{} }
 func (*ObjectFieldSelector) ProtoMessage() {}
 func (*ObjectFieldSelector) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{106}
+	return fileDescriptor_83c10c24ec417dc9, []int{107}
 }
 func (m *ObjectFieldSelector) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3048,7 +3076,7 @@ var xxx_messageInfo_ObjectFieldSelector proto.InternalMessageInfo
 func (m *ObjectReference) Reset()      { *m = ObjectReference{} }
 func (*ObjectReference) ProtoMessage() {}
 func (*ObjectReference) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{107}
+	return fileDescriptor_83c10c24ec417dc9, []int{108}
 }
 func (m *ObjectReference) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3076,7 +3104,7 @@ var xxx_messageInfo_ObjectReference proto.InternalMessageInfo
 func (m *PersistentVolume) Reset()      { *m = PersistentVolume{} }
 func (*PersistentVolume) ProtoMessage() {}
 func (*PersistentVolume) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{108}
+	return fileDescriptor_83c10c24ec417dc9, []int{109}
 }
 func (m *PersistentVolume) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3104,7 +3132,7 @@ var xxx_messageInfo_PersistentVolume proto.InternalMessageInfo
 func (m *PersistentVolumeClaim) Reset()      { *m = PersistentVolumeClaim{} }
 func (*PersistentVolumeClaim) ProtoMessage() {}
 func (*PersistentVolumeClaim) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{109}
+	return fileDescriptor_83c10c24ec417dc9, []int{110}
 }
 func (m *PersistentVolumeClaim) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3132,7 +3160,7 @@ var xxx_messageInfo_PersistentVolumeClaim proto.InternalMessageInfo
 func (m *PersistentVolumeClaimCondition) Reset()      { *m = PersistentVolumeClaimCondition{} }
 func (*PersistentVolumeClaimCondition) ProtoMessage() {}
 func (*PersistentVolumeClaimCondition) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{110}
+	return fileDescriptor_83c10c24ec417dc9, []int{111}
 }
 func (m *PersistentVolumeClaimCondition) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3160,7 +3188,7 @@ var xxx_messageInfo_PersistentVolumeClaimCondition proto.InternalMessageInfo
 func (m *PersistentVolumeClaimList) Reset()      { *m = PersistentVolumeClaimList{} }
 func (*PersistentVolumeClaimList) ProtoMessage() {}
 func (*PersistentVolumeClaimList) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{111}
+	return fileDescriptor_83c10c24ec417dc9, []int{112}
 }
 func (m *PersistentVolumeClaimList) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3188,7 +3216,7 @@ var xxx_messageInfo_PersistentVolumeClaimList proto.InternalMessageInfo
 func (m *PersistentVolumeClaimSpec) Reset()      { *m = PersistentVolumeClaimSpec{} }
 func (*PersistentVolumeClaimSpec) ProtoMessage() {}
 func (*PersistentVolumeClaimSpec) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{112}
+	return fileDescriptor_83c10c24ec417dc9, []int{113}
 }
 func (m *PersistentVolumeClaimSpec) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3216,7 +3244,7 @@ var xxx_messageInfo_PersistentVolumeClaimSpec proto.InternalMessageInfo
 func (m *PersistentVolumeClaimStatus) Reset()      { *m = PersistentVolumeClaimStatus{} }
 func (*PersistentVolumeClaimStatus) ProtoMessage() {}
 func (*PersistentVolumeClaimStatus) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{113}
+	return fileDescriptor_83c10c24ec417dc9, []int{114}
 }
 func (m *PersistentVolumeClaimStatus) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3244,7 +3272,7 @@ var xxx_messageInfo_PersistentVolumeClaimStatus proto.InternalMessageInfo
 func (m *PersistentVolumeClaimTemplate) Reset()      { *m = PersistentVolumeClaimTemplate{} }
 func (*PersistentVolumeClaimTemplate) ProtoMessage() {}
 func (*PersistentVolumeClaimTemplate) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{114}
+	return fileDescriptor_83c10c24ec417dc9, []int{115}
 }
 func (m *PersistentVolumeClaimTemplate) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3272,7 +3300,7 @@ var xxx_messageInfo_PersistentVolumeClaimTemplate proto.InternalMessageInfo
 func (m *PersistentVolumeClaimVolumeSource) Reset()      { *m = PersistentVolumeClaimVolumeSource{} }
 func (*PersistentVolumeClaimVolumeSource) ProtoMessage() {}
 func (*PersistentVolumeClaimVolumeSource) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{115}
+	return fileDescriptor_83c10c24ec417dc9, []int{116}
 }
 func (m *PersistentVolumeClaimVolumeSource) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3300,7 +3328,7 @@ var xxx_messageInfo_PersistentVolumeClaimVolumeSource proto.InternalMessageInfo
 func (m *PersistentVolumeList) Reset()      { *m = PersistentVolumeList{} }
 func (*PersistentVolumeList) ProtoMessage() {}
 func (*PersistentVolumeList) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{116}
+	return fileDescriptor_83c10c24ec417dc9, []int{117}
 }
 func (m *PersistentVolumeList) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3328,7 +3356,7 @@ var xxx_messageInfo_PersistentVolumeList proto.InternalMessageInfo
 func (m *PersistentVolumeSource) Reset()      { *m = PersistentVolumeSource{} }
 func (*PersistentVolumeSource) ProtoMessage() {}
 func (*PersistentVolumeSource) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{117}
+	return fileDescriptor_83c10c24ec417dc9, []int{118}
 }
 func (m *PersistentVolumeSource) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3356,7 +3384,7 @@ var xxx_messageInfo_PersistentVolumeSource proto.InternalMessageInfo
 func (m *PersistentVolumeSpec) Reset()      { *m = PersistentVolumeSpec{} }
 func (*PersistentVolumeSpec) ProtoMessage() {}
 func (*PersistentVolumeSpec) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{118}
+	return fileDescriptor_83c10c24ec417dc9, []int{119}
 }
 func (m *PersistentVolumeSpec) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3384,7 +3412,7 @@ var xxx_messageInfo_PersistentVolumeSpec proto.InternalMessageInfo
 func (m *PersistentVolumeStatus) Reset()      { *m = PersistentVolumeStatus{} }
 func (*PersistentVolumeStatus) ProtoMessage() {}
 func (*PersistentVolumeStatus) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{119}
+	return fileDescriptor_83c10c24ec417dc9, []int{120}
 }
 func (m *PersistentVolumeStatus) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3412,7 +3440,7 @@ var xxx_messageInfo_PersistentVolumeStatus proto.InternalMessageInfo
 func (m *PhotonPersistentDiskVolumeSource) Reset()      { *m = PhotonPersistentDiskVolumeSource{} }
 func (*PhotonPersistentDiskVolumeSource) ProtoMessage() {}
 func (*PhotonPersistentDiskVolumeSource) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{120}
+	return fileDescriptor_83c10c24ec417dc9, []int{121}
 }
 func (m *PhotonPersistentDiskVolumeSource) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3440,7 +3468,7 @@ var xxx_messageInfo_PhotonPersistentDiskVolumeSource proto.InternalMessageInfo
 func (m *Pod) Reset()      { *m = Pod{} }
 func (*Pod) ProtoMessage() {}
 func (*Pod) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{121}
+	return fileDescriptor_83c10c24ec417dc9, []int{122}
 }
 func (m *Pod) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3468,7 +3496,7 @@ var xxx_messageInfo_Pod proto.InternalMessageInfo
 func (m *PodAffinity) Reset()      { *m = PodAffinity{} }
 func (*PodAffinity) ProtoMessage() {}
 func (*PodAffinity) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{122}
+	return fileDescriptor_83c10c24ec417dc9, []int{123}
 }
 func (m *PodAffinity) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3496,7 +3524,7 @@ var xxx_messageInfo_PodAffinity proto.InternalMessageInfo
 func (m *PodAffinityTerm) Reset()      { *m = PodAffinityTerm{} }
 func (*PodAffinityTerm) ProtoMessage() {}
 func (*PodAffinityTerm) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{123}
+	return fileDescriptor_83c10c24ec417dc9, []int{124}
 }
 func (m *PodAffinityTerm) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3524,7 +3552,7 @@ var xxx_messageInfo_PodAffinityTerm proto.InternalMessageInfo
 func (m *PodAntiAffinity) Reset()      { *m = PodAntiAffinity{} }
 func (*PodAntiAffinity) ProtoMessage() {}
 func (*PodAntiAffinity) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{124}
+	return fileDescriptor_83c10c24ec417dc9, []int{125}
 }
 func (m *PodAntiAffinity) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3552,7 +3580,7 @@ var xxx_messageInfo_PodAntiAffinity proto.InternalMessageInfo
 func (m *PodAttachOptions) Reset()      { *m = PodAttachOptions{} }
 func (*PodAttachOptions) ProtoMessage() {}
 func (*PodAttachOptions) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{125}
+	return fileDescriptor_83c10c24ec417dc9, []int{126}
 }
 func (m *PodAttachOptions) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3580,7 +3608,7 @@ var xxx_messageInfo_PodAttachOptions proto.InternalMessageInfo
 func (m *PodCondition) Reset()      { *m = PodCondition{} }
 func (*PodCondition) ProtoMessage() {}
 func (*PodCondition) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{126}
+	return fileDescriptor_83c10c24ec417dc9, []int{127}
 }
 func (m *PodCondition) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3608,7 +3636,7 @@ var xxx_messageInfo_PodCondition proto.InternalMessageInfo
 func (m *PodDNSConfig) Reset()      { *m = PodDNSConfig{} }
 func (*PodDNSConfig) ProtoMessage() {}
 func (*PodDNSConfig) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{127}
+	return fileDescriptor_83c10c24ec417dc9, []int{128}
 }
 func (m *PodDNSConfig) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3636,7 +3664,7 @@ var xxx_messageInfo_PodDNSConfig proto.InternalMessageInfo
 func (m *PodDNSConfigOption) Reset()      { *m = PodDNSConfigOption{} }
 func (*PodDNSConfigOption) ProtoMessage() {}
 func (*PodDNSConfigOption) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{128}
+	return fileDescriptor_83c10c24ec417dc9, []int{129}
 }
 func (m *PodDNSConfigOption) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3664,7 +3692,7 @@ var xxx_messageInfo_PodDNSConfigOption proto.InternalMessageInfo
 func (m *PodExecOptions) Reset()      { *m = PodExecOptions{} }
 func (*PodExecOptions) ProtoMessage() {}
 func (*PodExecOptions) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{129}
+	return fileDescriptor_83c10c24ec417dc9, []int{130}
 }
 func (m *PodExecOptions) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3692,7 +3720,7 @@ var xxx_messageInfo_PodExecOptions proto.InternalMessageInfo
 func (m *PodIP) Reset()      { *m = PodIP{} }
 func (*PodIP) ProtoMessage() {}
 func (*PodIP) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{130}
+	return fileDescriptor_83c10c24ec417dc9, []int{131}
 }
 func (m *PodIP) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3720,7 +3748,7 @@ var xxx_messageInfo_PodIP proto.InternalMessageInfo
 func (m *PodList) Reset()      { *m = PodList{} }
 func (*PodList) ProtoMessage() {}
 func (*PodList) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{131}
+	return fileDescriptor_83c10c24ec417dc9, []int{132}
 }
 func (m *PodList) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3748,7 +3776,7 @@ var xxx_messageInfo_PodList proto.InternalMessageInfo
 func (m *PodLogOptions) Reset()      { *m = PodLogOptions{} }
 func (*PodLogOptions) ProtoMessage() {}
 func (*PodLogOptions) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{132}
+	return fileDescriptor_83c10c24ec417dc9, []int{133}
 }
 func (m *PodLogOptions) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3776,7 +3804,7 @@ var xxx_messageInfo_PodLogOptions proto.InternalMessageInfo
 func (m *PodOS) Reset()      { *m = PodOS{} }
 func (*PodOS) ProtoMessage() {}
 func (*PodOS) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{133}
+	return fileDescriptor_83c10c24ec417dc9, []int{134}
 }
 func (m *PodOS) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3804,7 +3832,7 @@ var xxx_messageInfo_PodOS proto.InternalMessageInfo
 func (m *PodPortForwardOptions) Reset()      { *m = PodPortForwardOptions{} }
 func (*PodPortForwardOptions) ProtoMessage() {}
 func (*PodPortForwardOptions) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{134}
+	return fileDescriptor_83c10c24ec417dc9, []int{135}
 }
 func (m *PodPortForwardOptions) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3832,7 +3860,7 @@ var xxx_messageInfo_PodPortForwardOptions proto.InternalMessageInfo
 func (m *PodProxyOptions) Reset()      { *m = PodProxyOptions{} }
 func (*PodProxyOptions) ProtoMessage() {}
 func (*PodProxyOptions) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{135}
+	return fileDescriptor_83c10c24ec417dc9, []int{136}
 }
 func (m *PodProxyOptions) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3860,7 +3888,7 @@ var xxx_messageInfo_PodProxyOptions proto.InternalMessageInfo
 func (m *PodReadinessGate) Reset()      { *m = PodReadinessGate{} }
 func (*PodReadinessGate) ProtoMessage() {}
 func (*PodReadinessGate) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{136}
+	return fileDescriptor_83c10c24ec417dc9, []int{137}
 }
 func (m *PodReadinessGate) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3888,7 +3916,7 @@ var xxx_messageInfo_PodReadinessGate proto.InternalMessageInfo
 func (m *PodResourceClaim) Reset()      { *m = PodResourceClaim{} }
 func (*PodResourceClaim) ProtoMessage() {}
 func (*PodResourceClaim) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{137}
+	return fileDescriptor_83c10c24ec417dc9, []int{138}
 }
 func (m *PodResourceClaim) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3913,10 +3941,38 @@ func (m *PodResourceClaim) XXX_DiscardUnknown() {
 
 var xxx_messageInfo_PodResourceClaim proto.InternalMessageInfo
 
+func (m *PodResourceClaimStatus) Reset()      { *m = PodResourceClaimStatus{} }
+func (*PodResourceClaimStatus) ProtoMessage() {}
+func (*PodResourceClaimStatus) Descriptor() ([]byte, []int) {
+	return fileDescriptor_83c10c24ec417dc9, []int{139}
+}
+func (m *PodResourceClaimStatus) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *PodResourceClaimStatus) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *PodResourceClaimStatus) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_PodResourceClaimStatus.Merge(m, src)
+}
+func (m *PodResourceClaimStatus) XXX_Size() int {
+	return m.Size()
+}
+func (m *PodResourceClaimStatus) XXX_DiscardUnknown() {
+	xxx_messageInfo_PodResourceClaimStatus.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_PodResourceClaimStatus proto.InternalMessageInfo
+
 func (m *PodSchedulingGate) Reset()      { *m = PodSchedulingGate{} }
 func (*PodSchedulingGate) ProtoMessage() {}
 func (*PodSchedulingGate) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{138}
+	return fileDescriptor_83c10c24ec417dc9, []int{140}
 }
 func (m *PodSchedulingGate) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3944,7 +4000,7 @@ var xxx_messageInfo_PodSchedulingGate proto.InternalMessageInfo
 func (m *PodSecurityContext) Reset()      { *m = PodSecurityContext{} }
 func (*PodSecurityContext) ProtoMessage() {}
 func (*PodSecurityContext) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{139}
+	return fileDescriptor_83c10c24ec417dc9, []int{141}
 }
 func (m *PodSecurityContext) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3972,7 +4028,7 @@ var xxx_messageInfo_PodSecurityContext proto.InternalMessageInfo
 func (m *PodSignature) Reset()      { *m = PodSignature{} }
 func (*PodSignature) ProtoMessage() {}
 func (*PodSignature) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{140}
+	return fileDescriptor_83c10c24ec417dc9, []int{142}
 }
 func (m *PodSignature) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4000,7 +4056,7 @@ var xxx_messageInfo_PodSignature proto.InternalMessageInfo
 func (m *PodSpec) Reset()      { *m = PodSpec{} }
 func (*PodSpec) ProtoMessage() {}
 func (*PodSpec) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{141}
+	return fileDescriptor_83c10c24ec417dc9, []int{143}
 }
 func (m *PodSpec) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4028,7 +4084,7 @@ var xxx_messageInfo_PodSpec proto.InternalMessageInfo
 func (m *PodStatus) Reset()      { *m = PodStatus{} }
 func (*PodStatus) ProtoMessage() {}
 func (*PodStatus) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{142}
+	return fileDescriptor_83c10c24ec417dc9, []int{144}
 }
 func (m *PodStatus) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4056,7 +4112,7 @@ var xxx_messageInfo_PodStatus proto.InternalMessageInfo
 func (m *PodStatusResult) Reset()      { *m = PodStatusResult{} }
 func (*PodStatusResult) ProtoMessage() {}
 func (*PodStatusResult) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{143}
+	return fileDescriptor_83c10c24ec417dc9, []int{145}
 }
 func (m *PodStatusResult) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4084,7 +4140,7 @@ var xxx_messageInfo_PodStatusResult proto.InternalMessageInfo
 func (m *PodTemplate) Reset()      { *m = PodTemplate{} }
 func (*PodTemplate) ProtoMessage() {}
 func (*PodTemplate) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{144}
+	return fileDescriptor_83c10c24ec417dc9, []int{146}
 }
 func (m *PodTemplate) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4112,7 +4168,7 @@ var xxx_messageInfo_PodTemplate proto.InternalMessageInfo
 func (m *PodTemplateList) Reset()      { *m = PodTemplateList{} }
 func (*PodTemplateList) ProtoMessage() {}
 func (*PodTemplateList) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{145}
+	return fileDescriptor_83c10c24ec417dc9, []int{147}
 }
 func (m *PodTemplateList) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4140,7 +4196,7 @@ var xxx_messageInfo_PodTemplateList proto.InternalMessageInfo
 func (m *PodTemplateSpec) Reset()      { *m = PodTemplateSpec{} }
 func (*PodTemplateSpec) ProtoMessage() {}
 func (*PodTemplateSpec) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{146}
+	return fileDescriptor_83c10c24ec417dc9, []int{148}
 }
 func (m *PodTemplateSpec) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4168,7 +4224,7 @@ var xxx_messageInfo_PodTemplateSpec proto.InternalMessageInfo
 func (m *PortStatus) Reset()      { *m = PortStatus{} }
 func (*PortStatus) ProtoMessage() {}
 func (*PortStatus) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{147}
+	return fileDescriptor_83c10c24ec417dc9, []int{149}
 }
 func (m *PortStatus) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4196,7 +4252,7 @@ var xxx_messageInfo_PortStatus proto.InternalMessageInfo
 func (m *PortworxVolumeSource) Reset()      { *m = PortworxVolumeSource{} }
 func (*PortworxVolumeSource) ProtoMessage() {}
 func (*PortworxVolumeSource) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{148}
+	return fileDescriptor_83c10c24ec417dc9, []int{150}
 }
 func (m *PortworxVolumeSource) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4224,7 +4280,7 @@ var xxx_messageInfo_PortworxVolumeSource proto.InternalMessageInfo
 func (m *Preconditions) Reset()      { *m = Preconditions{} }
 func (*Preconditions) ProtoMessage() {}
 func (*Preconditions) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{149}
+	return fileDescriptor_83c10c24ec417dc9, []int{151}
 }
 func (m *Preconditions) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4252,7 +4308,7 @@ var xxx_messageInfo_Preconditions proto.InternalMessageInfo
 func (m *PreferAvoidPodsEntry) Reset()      { *m = PreferAvoidPodsEntry{} }
 func (*PreferAvoidPodsEntry) ProtoMessage() {}
 func (*PreferAvoidPodsEntry) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{150}
+	return fileDescriptor_83c10c24ec417dc9, []int{152}
 }
 func (m *PreferAvoidPodsEntry) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4280,7 +4336,7 @@ var xxx_messageInfo_PreferAvoidPodsEntry proto.InternalMessageInfo
 func (m *PreferredSchedulingTerm) Reset()      { *m = PreferredSchedulingTerm{} }
 func (*PreferredSchedulingTerm) ProtoMessage() {}
 func (*PreferredSchedulingTerm) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{151}
+	return fileDescriptor_83c10c24ec417dc9, []int{153}
 }
 func (m *PreferredSchedulingTerm) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4308,7 +4364,7 @@ var xxx_messageInfo_PreferredSchedulingTerm proto.InternalMessageInfo
 func (m *Probe) Reset()      { *m = Probe{} }
 func (*Probe) ProtoMessage() {}
 func (*Probe) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{152}
+	return fileDescriptor_83c10c24ec417dc9, []int{154}
 }
 func (m *Probe) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4336,7 +4392,7 @@ var xxx_messageInfo_Probe proto.InternalMessageInfo
 func (m *ProbeHandler) Reset()      { *m = ProbeHandler{} }
 func (*ProbeHandler) ProtoMessage() {}
 func (*ProbeHandler) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{153}
+	return fileDescriptor_83c10c24ec417dc9, []int{155}
 }
 func (m *ProbeHandler) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4364,7 +4420,7 @@ var xxx_messageInfo_ProbeHandler proto.InternalMessageInfo
 func (m *ProjectedVolumeSource) Reset()      { *m = ProjectedVolumeSource{} }
 func (*ProjectedVolumeSource) ProtoMessage() {}
 func (*ProjectedVolumeSource) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{154}
+	return fileDescriptor_83c10c24ec417dc9, []int{156}
 }
 func (m *ProjectedVolumeSource) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4392,7 +4448,7 @@ var xxx_messageInfo_ProjectedVolumeSource proto.InternalMessageInfo
 func (m *QuobyteVolumeSource) Reset()      { *m = QuobyteVolumeSource{} }
 func (*QuobyteVolumeSource) ProtoMessage() {}
 func (*QuobyteVolumeSource) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{155}
+	return fileDescriptor_83c10c24ec417dc9, []int{157}
 }
 func (m *QuobyteVolumeSource) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4420,7 +4476,7 @@ var xxx_messageInfo_QuobyteVolumeSource proto.InternalMessageInfo
 func (m *RBDPersistentVolumeSource) Reset()      { *m = RBDPersistentVolumeSource{} }
 func (*RBDPersistentVolumeSource) ProtoMessage() {}
 func (*RBDPersistentVolumeSource) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{156}
+	return fileDescriptor_83c10c24ec417dc9, []int{158}
 }
 func (m *RBDPersistentVolumeSource) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4448,7 +4504,7 @@ var xxx_messageInfo_RBDPersistentVolumeSource proto.InternalMessageInfo
 func (m *RBDVolumeSource) Reset()      { *m = RBDVolumeSource{} }
 func (*RBDVolumeSource) ProtoMessage() {}
 func (*RBDVolumeSource) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{157}
+	return fileDescriptor_83c10c24ec417dc9, []int{159}
 }
 func (m *RBDVolumeSource) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4476,7 +4532,7 @@ var xxx_messageInfo_RBDVolumeSource proto.InternalMessageInfo
 func (m *RangeAllocation) Reset()      { *m = RangeAllocation{} }
 func (*RangeAllocation) ProtoMessage() {}
 func (*RangeAllocation) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{158}
+	return fileDescriptor_83c10c24ec417dc9, []int{160}
 }
 func (m *RangeAllocation) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4504,7 +4560,7 @@ var xxx_messageInfo_RangeAllocation proto.InternalMessageInfo
 func (m *ReplicationController) Reset()      { *m = ReplicationController{} }
 func (*ReplicationController) ProtoMessage() {}
 func (*ReplicationController) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{159}
+	return fileDescriptor_83c10c24ec417dc9, []int{161}
 }
 func (m *ReplicationController) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4532,7 +4588,7 @@ var xxx_messageInfo_ReplicationController proto.InternalMessageInfo
 func (m *ReplicationControllerCondition) Reset()      { *m = ReplicationControllerCondition{} }
 func (*ReplicationControllerCondition) ProtoMessage() {}
 func (*ReplicationControllerCondition) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{160}
+	return fileDescriptor_83c10c24ec417dc9, []int{162}
 }
 func (m *ReplicationControllerCondition) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4560,7 +4616,7 @@ var xxx_messageInfo_ReplicationControllerCondition proto.InternalMessageInfo
 func (m *ReplicationControllerList) Reset()      { *m = ReplicationControllerList{} }
 func (*ReplicationControllerList) ProtoMessage() {}
 func (*ReplicationControllerList) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{161}
+	return fileDescriptor_83c10c24ec417dc9, []int{163}
 }
 func (m *ReplicationControllerList) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4588,7 +4644,7 @@ var xxx_messageInfo_ReplicationControllerList proto.InternalMessageInfo
 func (m *ReplicationControllerSpec) Reset()      { *m = ReplicationControllerSpec{} }
 func (*ReplicationControllerSpec) ProtoMessage() {}
 func (*ReplicationControllerSpec) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{162}
+	return fileDescriptor_83c10c24ec417dc9, []int{164}
 }
 func (m *ReplicationControllerSpec) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4616,7 +4672,7 @@ var xxx_messageInfo_ReplicationControllerSpec proto.InternalMessageInfo
 func (m *ReplicationControllerStatus) Reset()      { *m = ReplicationControllerStatus{} }
 func (*ReplicationControllerStatus) ProtoMessage() {}
 func (*ReplicationControllerStatus) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{163}
+	return fileDescriptor_83c10c24ec417dc9, []int{165}
 }
 func (m *ReplicationControllerStatus) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4644,7 +4700,7 @@ var xxx_messageInfo_ReplicationControllerStatus proto.InternalMessageInfo
 func (m *ResourceClaim) Reset()      { *m = ResourceClaim{} }
 func (*ResourceClaim) ProtoMessage() {}
 func (*ResourceClaim) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{164}
+	return fileDescriptor_83c10c24ec417dc9, []int{166}
 }
 func (m *ResourceClaim) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4672,7 +4728,7 @@ var xxx_messageInfo_ResourceClaim proto.InternalMessageInfo
 func (m *ResourceFieldSelector) Reset()      { *m = ResourceFieldSelector{} }
 func (*ResourceFieldSelector) ProtoMessage() {}
 func (*ResourceFieldSelector) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{165}
+	return fileDescriptor_83c10c24ec417dc9, []int{167}
 }
 func (m *ResourceFieldSelector) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4700,7 +4756,7 @@ var xxx_messageInfo_ResourceFieldSelector proto.InternalMessageInfo
 func (m *ResourceQuota) Reset()      { *m = ResourceQuota{} }
 func (*ResourceQuota) ProtoMessage() {}
 func (*ResourceQuota) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{166}
+	return fileDescriptor_83c10c24ec417dc9, []int{168}
 }
 func (m *ResourceQuota) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4728,7 +4784,7 @@ var xxx_messageInfo_ResourceQuota proto.InternalMessageInfo
 func (m *ResourceQuotaList) Reset()      { *m = ResourceQuotaList{} }
 func (*ResourceQuotaList) ProtoMessage() {}
 func (*ResourceQuotaList) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{167}
+	return fileDescriptor_83c10c24ec417dc9, []int{169}
 }
 func (m *ResourceQuotaList) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4756,7 +4812,7 @@ var xxx_messageInfo_ResourceQuotaList proto.InternalMessageInfo
 func (m *ResourceQuotaSpec) Reset()      { *m = ResourceQuotaSpec{} }
 func (*ResourceQuotaSpec) ProtoMessage() {}
 func (*ResourceQuotaSpec) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{168}
+	return fileDescriptor_83c10c24ec417dc9, []int{170}
 }
 func (m *ResourceQuotaSpec) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4784,7 +4840,7 @@ var xxx_messageInfo_ResourceQuotaSpec proto.InternalMessageInfo
 func (m *ResourceQuotaStatus) Reset()      { *m = ResourceQuotaStatus{} }
 func (*ResourceQuotaStatus) ProtoMessage() {}
 func (*ResourceQuotaStatus) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{169}
+	return fileDescriptor_83c10c24ec417dc9, []int{171}
 }
 func (m *ResourceQuotaStatus) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4812,7 +4868,7 @@ var xxx_messageInfo_ResourceQuotaStatus proto.InternalMessageInfo
 func (m *ResourceRequirements) Reset()      { *m = ResourceRequirements{} }
 func (*ResourceRequirements) ProtoMessage() {}
 func (*ResourceRequirements) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{170}
+	return fileDescriptor_83c10c24ec417dc9, []int{172}
 }
 func (m *ResourceRequirements) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4840,7 +4896,7 @@ var xxx_messageInfo_ResourceRequirements proto.InternalMessageInfo
 func (m *SELinuxOptions) Reset()      { *m = SELinuxOptions{} }
 func (*SELinuxOptions) ProtoMessage() {}
 func (*SELinuxOptions) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{171}
+	return fileDescriptor_83c10c24ec417dc9, []int{173}
 }
 func (m *SELinuxOptions) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4868,7 +4924,7 @@ var xxx_messageInfo_SELinuxOptions proto.InternalMessageInfo
 func (m *ScaleIOPersistentVolumeSource) Reset()      { *m = ScaleIOPersistentVolumeSource{} }
 func (*ScaleIOPersistentVolumeSource) ProtoMessage() {}
 func (*ScaleIOPersistentVolumeSource) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{172}
+	return fileDescriptor_83c10c24ec417dc9, []int{174}
 }
 func (m *ScaleIOPersistentVolumeSource) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4896,7 +4952,7 @@ var xxx_messageInfo_ScaleIOPersistentVolumeSource proto.InternalMessageInfo
 func (m *ScaleIOVolumeSource) Reset()      { *m = ScaleIOVolumeSource{} }
 func (*ScaleIOVolumeSource) ProtoMessage() {}
 func (*ScaleIOVolumeSource) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{173}
+	return fileDescriptor_83c10c24ec417dc9, []int{175}
 }
 func (m *ScaleIOVolumeSource) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4924,7 +4980,7 @@ var xxx_messageInfo_ScaleIOVolumeSource proto.InternalMessageInfo
 func (m *ScopeSelector) Reset()      { *m = ScopeSelector{} }
 func (*ScopeSelector) ProtoMessage() {}
 func (*ScopeSelector) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{174}
+	return fileDescriptor_83c10c24ec417dc9, []int{176}
 }
 func (m *ScopeSelector) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4952,7 +5008,7 @@ var xxx_messageInfo_ScopeSelector proto.InternalMessageInfo
 func (m *ScopedResourceSelectorRequirement) Reset()      { *m = ScopedResourceSelectorRequirement{} }
 func (*ScopedResourceSelectorRequirement) ProtoMessage() {}
 func (*ScopedResourceSelectorRequirement) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{175}
+	return fileDescriptor_83c10c24ec417dc9, []int{177}
 }
 func (m *ScopedResourceSelectorRequirement) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4980,7 +5036,7 @@ var xxx_messageInfo_ScopedResourceSelectorRequirement proto.InternalMessageInfo
 func (m *SeccompProfile) Reset()      { *m = SeccompProfile{} }
 func (*SeccompProfile) ProtoMessage() {}
 func (*SeccompProfile) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{176}
+	return fileDescriptor_83c10c24ec417dc9, []int{178}
 }
 func (m *SeccompProfile) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5008,7 +5064,7 @@ var xxx_messageInfo_SeccompProfile proto.InternalMessageInfo
 func (m *Secret) Reset()      { *m = Secret{} }
 func (*Secret) ProtoMessage() {}
 func (*Secret) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{177}
+	return fileDescriptor_83c10c24ec417dc9, []int{179}
 }
 func (m *Secret) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5036,7 +5092,7 @@ var xxx_messageInfo_Secret proto.InternalMessageInfo
 func (m *SecretEnvSource) Reset()      { *m = SecretEnvSource{} }
 func (*SecretEnvSource) ProtoMessage() {}
 func (*SecretEnvSource) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{178}
+	return fileDescriptor_83c10c24ec417dc9, []int{180}
 }
 func (m *SecretEnvSource) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5064,7 +5120,7 @@ var xxx_messageInfo_SecretEnvSource proto.InternalMessageInfo
 func (m *SecretKeySelector) Reset()      { *m = SecretKeySelector{} }
 func (*SecretKeySelector) ProtoMessage() {}
 func (*SecretKeySelector) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{179}
+	return fileDescriptor_83c10c24ec417dc9, []int{181}
 }
 func (m *SecretKeySelector) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5092,7 +5148,7 @@ var xxx_messageInfo_SecretKeySelector proto.InternalMessageInfo
 func (m *SecretList) Reset()      { *m = SecretList{} }
 func (*SecretList) ProtoMessage() {}
 func (*SecretList) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{180}
+	return fileDescriptor_83c10c24ec417dc9, []int{182}
 }
 func (m *SecretList) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5120,7 +5176,7 @@ var xxx_messageInfo_SecretList proto.InternalMessageInfo
 func (m *SecretProjection) Reset()      { *m = SecretProjection{} }
 func (*SecretProjection) ProtoMessage() {}
 func (*SecretProjection) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{181}
+	return fileDescriptor_83c10c24ec417dc9, []int{183}
 }
 func (m *SecretProjection) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5148,7 +5204,7 @@ var xxx_messageInfo_SecretProjection proto.InternalMessageInfo
 func (m *SecretReference) Reset()      { *m = SecretReference{} }
 func (*SecretReference) ProtoMessage() {}
 func (*SecretReference) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{182}
+	return fileDescriptor_83c10c24ec417dc9, []int{184}
 }
 func (m *SecretReference) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5176,7 +5232,7 @@ var xxx_messageInfo_SecretReference proto.InternalMessageInfo
 func (m *SecretVolumeSource) Reset()      { *m = SecretVolumeSource{} }
 func (*SecretVolumeSource) ProtoMessage() {}
 func (*SecretVolumeSource) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{183}
+	return fileDescriptor_83c10c24ec417dc9, []int{185}
 }
 func (m *SecretVolumeSource) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5204,7 +5260,7 @@ var xxx_messageInfo_SecretVolumeSource proto.InternalMessageInfo
 func (m *SecurityContext) Reset()      { *m = SecurityContext{} }
 func (*SecurityContext) ProtoMessage() {}
 func (*SecurityContext) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{184}
+	return fileDescriptor_83c10c24ec417dc9, []int{186}
 }
 func (m *SecurityContext) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5232,7 +5288,7 @@ var xxx_messageInfo_SecurityContext proto.InternalMessageInfo
 func (m *SerializedReference) Reset()      { *m = SerializedReference{} }
 func (*SerializedReference) ProtoMessage() {}
 func (*SerializedReference) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{185}
+	return fileDescriptor_83c10c24ec417dc9, []int{187}
 }
 func (m *SerializedReference) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5260,7 +5316,7 @@ var xxx_messageInfo_SerializedReference proto.InternalMessageInfo
 func (m *Service) Reset()      { *m = Service{} }
 func (*Service) ProtoMessage() {}
 func (*Service) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{186}
+	return fileDescriptor_83c10c24ec417dc9, []int{188}
 }
 func (m *Service) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5288,7 +5344,7 @@ var xxx_messageInfo_Service proto.InternalMessageInfo
 func (m *ServiceAccount) Reset()      { *m = ServiceAccount{} }
 func (*ServiceAccount) ProtoMessage() {}
 func (*ServiceAccount) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{187}
+	return fileDescriptor_83c10c24ec417dc9, []int{189}
 }
 func (m *ServiceAccount) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5316,7 +5372,7 @@ var xxx_messageInfo_ServiceAccount proto.InternalMessageInfo
 func (m *ServiceAccountList) Reset()      { *m = ServiceAccountList{} }
 func (*ServiceAccountList) ProtoMessage() {}
 func (*ServiceAccountList) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{188}
+	return fileDescriptor_83c10c24ec417dc9, []int{190}
 }
 func (m *ServiceAccountList) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5344,7 +5400,7 @@ var xxx_messageInfo_ServiceAccountList proto.InternalMessageInfo
 func (m *ServiceAccountTokenProjection) Reset()      { *m = ServiceAccountTokenProjection{} }
 func (*ServiceAccountTokenProjection) ProtoMessage() {}
 func (*ServiceAccountTokenProjection) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{189}
+	return fileDescriptor_83c10c24ec417dc9, []int{191}
 }
 func (m *ServiceAccountTokenProjection) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5372,7 +5428,7 @@ var xxx_messageInfo_ServiceAccountTokenProjection proto.InternalMessageInfo
 func (m *ServiceList) Reset()      { *m = ServiceList{} }
 func (*ServiceList) ProtoMessage() {}
 func (*ServiceList) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{190}
+	return fileDescriptor_83c10c24ec417dc9, []int{192}
 }
 func (m *ServiceList) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5400,7 +5456,7 @@ var xxx_messageInfo_ServiceList proto.InternalMessageInfo
 func (m *ServicePort) Reset()      { *m = ServicePort{} }
 func (*ServicePort) ProtoMessage() {}
 func (*ServicePort) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{191}
+	return fileDescriptor_83c10c24ec417dc9, []int{193}
 }
 func (m *ServicePort) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5428,7 +5484,7 @@ var xxx_messageInfo_ServicePort proto.InternalMessageInfo
 func (m *ServiceProxyOptions) Reset()      { *m = ServiceProxyOptions{} }
 func (*ServiceProxyOptions) ProtoMessage() {}
 func (*ServiceProxyOptions) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{192}
+	return fileDescriptor_83c10c24ec417dc9, []int{194}
 }
 func (m *ServiceProxyOptions) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5456,7 +5512,7 @@ var xxx_messageInfo_ServiceProxyOptions proto.InternalMessageInfo
 func (m *ServiceSpec) Reset()      { *m = ServiceSpec{} }
 func (*ServiceSpec) ProtoMessage() {}
 func (*ServiceSpec) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{193}
+	return fileDescriptor_83c10c24ec417dc9, []int{195}
 }
 func (m *ServiceSpec) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5484,7 +5540,7 @@ var xxx_messageInfo_ServiceSpec proto.InternalMessageInfo
 func (m *ServiceStatus) Reset()      { *m = ServiceStatus{} }
 func (*ServiceStatus) ProtoMessage() {}
 func (*ServiceStatus) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{194}
+	return fileDescriptor_83c10c24ec417dc9, []int{196}
 }
 func (m *ServiceStatus) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5512,7 +5568,7 @@ var xxx_messageInfo_ServiceStatus proto.InternalMessageInfo
 func (m *SessionAffinityConfig) Reset()      { *m = SessionAffinityConfig{} }
 func (*SessionAffinityConfig) ProtoMessage() {}
 func (*SessionAffinityConfig) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{195}
+	return fileDescriptor_83c10c24ec417dc9, []int{197}
 }
 func (m *SessionAffinityConfig) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5540,7 +5596,7 @@ var xxx_messageInfo_SessionAffinityConfig proto.InternalMessageInfo
 func (m *StorageOSPersistentVolumeSource) Reset()      { *m = StorageOSPersistentVolumeSource{} }
 func (*StorageOSPersistentVolumeSource) ProtoMessage() {}
 func (*StorageOSPersistentVolumeSource) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{196}
+	return fileDescriptor_83c10c24ec417dc9, []int{198}
 }
 func (m *StorageOSPersistentVolumeSource) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5568,7 +5624,7 @@ var xxx_messageInfo_StorageOSPersistentVolumeSource proto.InternalMessageInfo
 func (m *StorageOSVolumeSource) Reset()      { *m = StorageOSVolumeSource{} }
 func (*StorageOSVolumeSource) ProtoMessage() {}
 func (*StorageOSVolumeSource) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{197}
+	return fileDescriptor_83c10c24ec417dc9, []int{199}
 }
 func (m *StorageOSVolumeSource) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5596,7 +5652,7 @@ var xxx_messageInfo_StorageOSVolumeSource proto.InternalMessageInfo
 func (m *Sysctl) Reset()      { *m = Sysctl{} }
 func (*Sysctl) ProtoMessage() {}
 func (*Sysctl) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{198}
+	return fileDescriptor_83c10c24ec417dc9, []int{200}
 }
 func (m *Sysctl) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5624,7 +5680,7 @@ var xxx_messageInfo_Sysctl proto.InternalMessageInfo
 func (m *TCPSocketAction) Reset()      { *m = TCPSocketAction{} }
 func (*TCPSocketAction) ProtoMessage() {}
 func (*TCPSocketAction) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{199}
+	return fileDescriptor_83c10c24ec417dc9, []int{201}
 }
 func (m *TCPSocketAction) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5652,7 +5708,7 @@ var xxx_messageInfo_TCPSocketAction proto.InternalMessageInfo
 func (m *Taint) Reset()      { *m = Taint{} }
 func (*Taint) ProtoMessage() {}
 func (*Taint) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{200}
+	return fileDescriptor_83c10c24ec417dc9, []int{202}
 }
 func (m *Taint) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5680,7 +5736,7 @@ var xxx_messageInfo_Taint proto.InternalMessageInfo
 func (m *Toleration) Reset()      { *m = Toleration{} }
 func (*Toleration) ProtoMessage() {}
 func (*Toleration) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{201}
+	return fileDescriptor_83c10c24ec417dc9, []int{203}
 }
 func (m *Toleration) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5708,7 +5764,7 @@ var xxx_messageInfo_Toleration proto.InternalMessageInfo
 func (m *TopologySelectorLabelRequirement) Reset()      { *m = TopologySelectorLabelRequirement{} }
 func (*TopologySelectorLabelRequirement) ProtoMessage() {}
 func (*TopologySelectorLabelRequirement) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{202}
+	return fileDescriptor_83c10c24ec417dc9, []int{204}
 }
 func (m *TopologySelectorLabelRequirement) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5736,7 +5792,7 @@ var xxx_messageInfo_TopologySelectorLabelRequirement proto.InternalMessageInfo
 func (m *TopologySelectorTerm) Reset()      { *m = TopologySelectorTerm{} }
 func (*TopologySelectorTerm) ProtoMessage() {}
 func (*TopologySelectorTerm) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{203}
+	return fileDescriptor_83c10c24ec417dc9, []int{205}
 }
 func (m *TopologySelectorTerm) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5764,7 +5820,7 @@ var xxx_messageInfo_TopologySelectorTerm proto.InternalMessageInfo
 func (m *TopologySpreadConstraint) Reset()      { *m = TopologySpreadConstraint{} }
 func (*TopologySpreadConstraint) ProtoMessage() {}
 func (*TopologySpreadConstraint) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{204}
+	return fileDescriptor_83c10c24ec417dc9, []int{206}
 }
 func (m *TopologySpreadConstraint) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5792,7 +5848,7 @@ var xxx_messageInfo_TopologySpreadConstraint proto.InternalMessageInfo
 func (m *TypedLocalObjectReference) Reset()      { *m = TypedLocalObjectReference{} }
 func (*TypedLocalObjectReference) ProtoMessage() {}
 func (*TypedLocalObjectReference) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{205}
+	return fileDescriptor_83c10c24ec417dc9, []int{207}
 }
 func (m *TypedLocalObjectReference) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5820,7 +5876,7 @@ var xxx_messageInfo_TypedLocalObjectReference proto.InternalMessageInfo
 func (m *TypedObjectReference) Reset()      { *m = TypedObjectReference{} }
 func (*TypedObjectReference) ProtoMessage() {}
 func (*TypedObjectReference) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{206}
+	return fileDescriptor_83c10c24ec417dc9, []int{208}
 }
 func (m *TypedObjectReference) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5848,7 +5904,7 @@ var xxx_messageInfo_TypedObjectReference proto.InternalMessageInfo
 func (m *Volume) Reset()      { *m = Volume{} }
 func (*Volume) ProtoMessage() {}
 func (*Volume) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{207}
+	return fileDescriptor_83c10c24ec417dc9, []int{209}
 }
 func (m *Volume) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5876,7 +5932,7 @@ var xxx_messageInfo_Volume proto.InternalMessageInfo
 func (m *VolumeDevice) Reset()      { *m = VolumeDevice{} }
 func (*VolumeDevice) ProtoMessage() {}
 func (*VolumeDevice) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{208}
+	return fileDescriptor_83c10c24ec417dc9, []int{210}
 }
 func (m *VolumeDevice) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5904,7 +5960,7 @@ var xxx_messageInfo_VolumeDevice proto.InternalMessageInfo
 func (m *VolumeMount) Reset()      { *m = VolumeMount{} }
 func (*VolumeMount) ProtoMessage() {}
 func (*VolumeMount) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{209}
+	return fileDescriptor_83c10c24ec417dc9, []int{211}
 }
 func (m *VolumeMount) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5932,7 +5988,7 @@ var xxx_messageInfo_VolumeMount proto.InternalMessageInfo
 func (m *VolumeNodeAffinity) Reset()      { *m = VolumeNodeAffinity{} }
 func (*VolumeNodeAffinity) ProtoMessage() {}
 func (*VolumeNodeAffinity) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{210}
+	return fileDescriptor_83c10c24ec417dc9, []int{212}
 }
 func (m *VolumeNodeAffinity) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5960,7 +6016,7 @@ var xxx_messageInfo_VolumeNodeAffinity proto.InternalMessageInfo
 func (m *VolumeProjection) Reset()      { *m = VolumeProjection{} }
 func (*VolumeProjection) ProtoMessage() {}
 func (*VolumeProjection) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{211}
+	return fileDescriptor_83c10c24ec417dc9, []int{213}
 }
 func (m *VolumeProjection) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -5988,7 +6044,7 @@ var xxx_messageInfo_VolumeProjection proto.InternalMessageInfo
 func (m *VolumeSource) Reset()      { *m = VolumeSource{} }
 func (*VolumeSource) ProtoMessage() {}
 func (*VolumeSource) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{212}
+	return fileDescriptor_83c10c24ec417dc9, []int{214}
 }
 func (m *VolumeSource) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -6016,7 +6072,7 @@ var xxx_messageInfo_VolumeSource proto.InternalMessageInfo
 func (m *VsphereVirtualDiskVolumeSource) Reset()      { *m = VsphereVirtualDiskVolumeSource{} }
 func (*VsphereVirtualDiskVolumeSource) ProtoMessage() {}
 func (*VsphereVirtualDiskVolumeSource) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{213}
+	return fileDescriptor_83c10c24ec417dc9, []int{215}
 }
 func (m *VsphereVirtualDiskVolumeSource) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -6044,7 +6100,7 @@ var xxx_messageInfo_VsphereVirtualDiskVolumeSource proto.InternalMessageInfo
 func (m *WeightedPodAffinityTerm) Reset()      { *m = WeightedPodAffinityTerm{} }
 func (*WeightedPodAffinityTerm) ProtoMessage() {}
 func (*WeightedPodAffinityTerm) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{214}
+	return fileDescriptor_83c10c24ec417dc9, []int{216}
 }
 func (m *WeightedPodAffinityTerm) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -6072,7 +6128,7 @@ var xxx_messageInfo_WeightedPodAffinityTerm proto.InternalMessageInfo
 func (m *WindowsSecurityContextOptions) Reset()      { *m = WindowsSecurityContextOptions{} }
 func (*WindowsSecurityContextOptions) ProtoMessage() {}
 func (*WindowsSecurityContextOptions) Descriptor() ([]byte, []int) {
-	return fileDescriptor_83c10c24ec417dc9, []int{215}
+	return fileDescriptor_83c10c24ec417dc9, []int{217}
 }
 func (m *WindowsSecurityContextOptions) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -6174,6 +6230,7 @@ func init() {
 	proto.RegisterType((*HTTPGetAction)(nil), "k8s.io.api.core.v1.HTTPGetAction")
 	proto.RegisterType((*HTTPHeader)(nil), "k8s.io.api.core.v1.HTTPHeader")
 	proto.RegisterType((*HostAlias)(nil), "k8s.io.api.core.v1.HostAlias")
+	proto.RegisterType((*HostIP)(nil), "k8s.io.api.core.v1.HostIP")
 	proto.RegisterType((*HostPathVolumeSource)(nil), "k8s.io.api.core.v1.HostPathVolumeSource")
 	proto.RegisterType((*ISCSIPersistentVolumeSource)(nil), "k8s.io.api.core.v1.ISCSIPersistentVolumeSource")
 	proto.RegisterType((*ISCSIVolumeSource)(nil), "k8s.io.api.core.v1.ISCSIVolumeSource")
@@ -6227,6 +6284,7 @@ func init() {
 	proto.RegisterType((*PersistentVolumeClaimList)(nil), "k8s.io.api.core.v1.PersistentVolumeClaimList")
 	proto.RegisterType((*PersistentVolumeClaimSpec)(nil), "k8s.io.api.core.v1.PersistentVolumeClaimSpec")
 	proto.RegisterType((*PersistentVolumeClaimStatus)(nil), "k8s.io.api.core.v1.PersistentVolumeClaimStatus")
+	proto.RegisterMapType((map[ResourceName]ClaimResourceStatus)(nil), "k8s.io.api.core.v1.PersistentVolumeClaimStatus.AllocatedResourceStatusesEntry")
 	proto.RegisterMapType((ResourceList)(nil), "k8s.io.api.core.v1.PersistentVolumeClaimStatus.AllocatedResourcesEntry")
 	proto.RegisterMapType((ResourceList)(nil), "k8s.io.api.core.v1.PersistentVolumeClaimStatus.CapacityEntry")
 	proto.RegisterType((*PersistentVolumeClaimTemplate)(nil), "k8s.io.api.core.v1.PersistentVolumeClaimTemplate")
@@ -6254,6 +6312,7 @@ func init() {
 	proto.RegisterType((*PodProxyOptions)(nil), "k8s.io.api.core.v1.PodProxyOptions")
 	proto.RegisterType((*PodReadinessGate)(nil), "k8s.io.api.core.v1.PodReadinessGate")
 	proto.RegisterType((*PodResourceClaim)(nil), "k8s.io.api.core.v1.PodResourceClaim")
+	proto.RegisterType((*PodResourceClaimStatus)(nil), "k8s.io.api.core.v1.PodResourceClaimStatus")
 	proto.RegisterType((*PodSchedulingGate)(nil), "k8s.io.api.core.v1.PodSchedulingGate")
 	proto.RegisterType((*PodSecurityContext)(nil), "k8s.io.api.core.v1.PodSecurityContext")
 	proto.RegisterType((*PodSignature)(nil), "k8s.io.api.core.v1.PodSignature")
@@ -6350,925 +6409,934 @@ func init() {
 }
 
 var fileDescriptor_83c10c24ec417dc9 = []byte{
-	// 14685 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0xbd, 0x69, 0x90, 0x5c, 0xd7,
-	0x75, 0x18, 0xac, 0xd7, 0x3d, 0x5b, 0x9f, 0xd9, 0xef, 0x00, 0xe0, 0x60, 0x48, 0xa0, 0xc1, 0x47,
-	0x12, 0x04, 0x45, 0x72, 0x20, 0x70, 0x91, 0x28, 0x52, 0xa2, 0x35, 0x2b, 0x30, 0x04, 0x66, 0xd0,
-	0xbc, 0x3d, 0x00, 0x24, 0x8a, 0x52, 0xe9, 0x4d, 0xf7, 0x9d, 0x99, 0xa7, 0xe9, 0x7e, 0xaf, 0xf9,
-	0xde, 0xeb, 0x01, 0x06, 0x9f, 0x54, 0x9f, 0x2d, 0xc7, 0x8b, 0x6c, 0x27, 0xa5, 0x4a, 0x39, 0x4b,
-	0xc9, 0x2e, 0x57, 0xca, 0x76, 0x6c, 0x2b, 0xca, 0xa6, 0xc8, 0xb1, 0x1d, 0xcb, 0x5b, 0xb6, 0x8a,
-	0x93, 0x4a, 0x39, 0x8e, 0xab, 0x62, 0xb9, 0xe2, 0xca, 0xc4, 0x82, 0x53, 0xe5, 0x52, 0x55, 0x62,
-	0x3b, 0xcb, 0x8f, 0x64, 0xe2, 0xc4, 0xa9, 0xbb, 0xbe, 0x7b, 0xdf, 0xd2, 0xdd, 0x03, 0x0e, 0x46,
-	0x94, 0x8a, 0xff, 0xba, 0xcf, 0x39, 0xf7, 0xdc, 0xfb, 0xee, 0x7a, 0xee, 0x39, 0xe7, 0x9e, 0x03,
-	0xaf, 0xec, 0xbc, 0x14, 0xce, 0xba, 0xfe, 0xc5, 0x9d, 0xf6, 0x06, 0x09, 0x3c, 0x12, 0x91, 0xf0,
-	0xe2, 0x2e, 0xf1, 0xea, 0x7e, 0x70, 0x51, 0x20, 0x9c, 0x96, 0x7b, 0xb1, 0xe6, 0x07, 0xe4, 0xe2,
-	0xee, 0xa5, 0x8b, 0x5b, 0xc4, 0x23, 0x81, 0x13, 0x91, 0xfa, 0x6c, 0x2b, 0xf0, 0x23, 0x1f, 0x21,
-	0x4e, 0x33, 0xeb, 0xb4, 0xdc, 0x59, 0x4a, 0x33, 0xbb, 0x7b, 0x69, 0xe6, 0xd9, 0x2d, 0x37, 0xda,
-	0x6e, 0x6f, 0xcc, 0xd6, 0xfc, 0xe6, 0xc5, 0x2d, 0x7f, 0xcb, 0xbf, 0xc8, 0x48, 0x37, 0xda, 0x9b,
-	0xec, 0x1f, 0xfb, 0xc3, 0x7e, 0x71, 0x16, 0x33, 0x2f, 0xc4, 0xd5, 0x34, 0x9d, 0xda, 0xb6, 0xeb,
-	0x91, 0x60, 0xef, 0x62, 0x6b, 0x67, 0x8b, 0xd5, 0x1b, 0x90, 0xd0, 0x6f, 0x07, 0x35, 0x92, 0xac,
-	0xb8, 0x63, 0xa9, 0xf0, 0x62, 0x93, 0x44, 0x4e, 0x46, 0x73, 0x67, 0x2e, 0xe6, 0x95, 0x0a, 0xda,
-	0x5e, 0xe4, 0x36, 0xd3, 0xd5, 0xbc, 0xbf, 0x5b, 0x81, 0xb0, 0xb6, 0x4d, 0x9a, 0x4e, 0xaa, 0xdc,
-	0xf3, 0x79, 0xe5, 0xda, 0x91, 0xdb, 0xb8, 0xe8, 0x7a, 0x51, 0x18, 0x05, 0xc9, 0x42, 0xf6, 0xd7,
-	0x2d, 0x38, 0x37, 0x77, 0xab, 0xba, 0xd4, 0x70, 0xc2, 0xc8, 0xad, 0xcd, 0x37, 0xfc, 0xda, 0x4e,
-	0x35, 0xf2, 0x03, 0x72, 0xd3, 0x6f, 0xb4, 0x9b, 0xa4, 0xca, 0x3a, 0x02, 0x3d, 0x03, 0x43, 0xbb,
-	0xec, 0xff, 0xca, 0xe2, 0xb4, 0x75, 0xce, 0xba, 0x50, 0x9a, 0x9f, 0xf8, 0xcd, 0xfd, 0xf2, 0x7b,
-	0xee, 0xed, 0x97, 0x87, 0x6e, 0x0a, 0x38, 0x56, 0x14, 0xe8, 0x3c, 0x0c, 0x6c, 0x86, 0xeb, 0x7b,
-	0x2d, 0x32, 0x5d, 0x60, 0xb4, 0x63, 0x82, 0x76, 0x60, 0xb9, 0x4a, 0xa1, 0x58, 0x60, 0xd1, 0x45,
-	0x28, 0xb5, 0x9c, 0x20, 0x72, 0x23, 0xd7, 0xf7, 0xa6, 0x8b, 0xe7, 0xac, 0x0b, 0xfd, 0xf3, 0x93,
-	0x82, 0xb4, 0x54, 0x91, 0x08, 0x1c, 0xd3, 0xd0, 0x66, 0x04, 0xc4, 0xa9, 0x5f, 0xf7, 0x1a, 0x7b,
-	0xd3, 0x7d, 0xe7, 0xac, 0x0b, 0x43, 0x71, 0x33, 0xb0, 0x80, 0x63, 0x45, 0x61, 0x7f, 0xb1, 0x00,
-	0x43, 0x73, 0x9b, 0x9b, 0xae, 0xe7, 0x46, 0x7b, 0xe8, 0x26, 0x8c, 0x78, 0x7e, 0x9d, 0xc8, 0xff,
-	0xec, 0x2b, 0x86, 0x9f, 0x3b, 0x37, 0x9b, 0x9e, 0x4a, 0xb3, 0x6b, 0x1a, 0xdd, 0xfc, 0xc4, 0xbd,
-	0xfd, 0xf2, 0x88, 0x0e, 0xc1, 0x06, 0x1f, 0x84, 0x61, 0xb8, 0xe5, 0xd7, 0x15, 0xdb, 0x02, 0x63,
-	0x5b, 0xce, 0x62, 0x5b, 0x89, 0xc9, 0xe6, 0xc7, 0xef, 0xed, 0x97, 0x87, 0x35, 0x00, 0xd6, 0x99,
-	0xa0, 0x0d, 0x18, 0xa7, 0x7f, 0xbd, 0xc8, 0x55, 0x7c, 0x8b, 0x8c, 0xef, 0x63, 0x79, 0x7c, 0x35,
-	0xd2, 0xf9, 0xa9, 0x7b, 0xfb, 0xe5, 0xf1, 0x04, 0x10, 0x27, 0x19, 0xda, 0x77, 0x61, 0x6c, 0x2e,
-	0x8a, 0x9c, 0xda, 0x36, 0xa9, 0xf3, 0x11, 0x44, 0x2f, 0x40, 0x9f, 0xe7, 0x34, 0x89, 0x18, 0xdf,
-	0x73, 0xa2, 0x63, 0xfb, 0xd6, 0x9c, 0x26, 0x39, 0xd8, 0x2f, 0x4f, 0xdc, 0xf0, 0xdc, 0xb7, 0xda,
-	0x62, 0x56, 0x50, 0x18, 0x66, 0xd4, 0xe8, 0x39, 0x80, 0x3a, 0xd9, 0x75, 0x6b, 0xa4, 0xe2, 0x44,
-	0xdb, 0x62, 0xbc, 0x91, 0x28, 0x0b, 0x8b, 0x0a, 0x83, 0x35, 0x2a, 0xfb, 0x0e, 0x94, 0xe6, 0x76,
-	0x7d, 0xb7, 0x5e, 0xf1, 0xeb, 0x21, 0xda, 0x81, 0xf1, 0x56, 0x40, 0x36, 0x49, 0xa0, 0x40, 0xd3,
-	0xd6, 0xb9, 0xe2, 0x85, 0xe1, 0xe7, 0x2e, 0x64, 0x7e, 0xac, 0x49, 0xba, 0xe4, 0x45, 0xc1, 0xde,
-	0xfc, 0x43, 0xa2, 0xbe, 0xf1, 0x04, 0x16, 0x27, 0x39, 0xdb, 0xff, 0xac, 0x00, 0x27, 0xe7, 0xee,
-	0xb6, 0x03, 0xb2, 0xe8, 0x86, 0x3b, 0xc9, 0x19, 0x5e, 0x77, 0xc3, 0x9d, 0xb5, 0xb8, 0x07, 0xd4,
-	0xd4, 0x5a, 0x14, 0x70, 0xac, 0x28, 0xd0, 0xb3, 0x30, 0x48, 0x7f, 0xdf, 0xc0, 0x2b, 0xe2, 0x93,
-	0xa7, 0x04, 0xf1, 0xf0, 0xa2, 0x13, 0x39, 0x8b, 0x1c, 0x85, 0x25, 0x0d, 0x5a, 0x85, 0xe1, 0x1a,
-	0x5b, 0x90, 0x5b, 0xab, 0x7e, 0x9d, 0xb0, 0xc1, 0x2c, 0xcd, 0x3f, 0x4d, 0xc9, 0x17, 0x62, 0xf0,
-	0xc1, 0x7e, 0x79, 0x9a, 0xb7, 0x4d, 0xb0, 0xd0, 0x70, 0x58, 0x2f, 0x8f, 0x6c, 0xb5, 0xbe, 0xfa,
-	0x18, 0x27, 0xc8, 0x58, 0x5b, 0x17, 0xb4, 0xa5, 0xd2, 0xcf, 0x96, 0xca, 0x48, 0xf6, 0x32, 0x41,
-	0x97, 0xa0, 0x6f, 0xc7, 0xf5, 0xea, 0xd3, 0x03, 0x8c, 0xd7, 0x19, 0x3a, 0xe6, 0x57, 0x5d, 0xaf,
-	0x7e, 0xb0, 0x5f, 0x9e, 0x34, 0x9a, 0x43, 0x81, 0x98, 0x91, 0xda, 0xff, 0xdd, 0x82, 0x32, 0xc3,
-	0x2d, 0xbb, 0x0d, 0x52, 0x21, 0x41, 0xe8, 0x86, 0x11, 0xf1, 0x22, 0xa3, 0x43, 0x9f, 0x03, 0x08,
-	0x49, 0x2d, 0x20, 0x91, 0xd6, 0xa5, 0x6a, 0x62, 0x54, 0x15, 0x06, 0x6b, 0x54, 0x74, 0x43, 0x08,
-	0xb7, 0x9d, 0x80, 0xcd, 0x2f, 0xd1, 0xb1, 0x6a, 0x43, 0xa8, 0x4a, 0x04, 0x8e, 0x69, 0x8c, 0x0d,
-	0xa1, 0xd8, 0x6d, 0x43, 0x40, 0x1f, 0x86, 0xf1, 0xb8, 0xb2, 0xb0, 0xe5, 0xd4, 0x64, 0x07, 0xb2,
-	0x25, 0x53, 0x35, 0x51, 0x38, 0x49, 0x6b, 0xff, 0x2d, 0x4b, 0x4c, 0x1e, 0xfa, 0xd5, 0xef, 0xf0,
-	0x6f, 0xb5, 0x7f, 0xc9, 0x82, 0xc1, 0x79, 0xd7, 0xab, 0xbb, 0xde, 0x16, 0xfa, 0x14, 0x0c, 0xd1,
-	0xb3, 0xa9, 0xee, 0x44, 0x8e, 0xd8, 0xf7, 0xde, 0xa7, 0xad, 0x2d, 0x75, 0x54, 0xcc, 0xb6, 0x76,
-	0xb6, 0x28, 0x20, 0x9c, 0xa5, 0xd4, 0x74, 0xb5, 0x5d, 0xdf, 0xf8, 0x34, 0xa9, 0x45, 0xab, 0x24,
-	0x72, 0xe2, 0xcf, 0x89, 0x61, 0x58, 0x71, 0x45, 0x57, 0x61, 0x20, 0x72, 0x82, 0x2d, 0x12, 0x89,
-	0x0d, 0x30, 0x73, 0xa3, 0xe2, 0x25, 0x31, 0x5d, 0x91, 0xc4, 0xab, 0x91, 0xf8, 0x58, 0x58, 0x67,
-	0x45, 0xb1, 0x60, 0x61, 0xff, 0x9f, 0x41, 0x38, 0xbd, 0x50, 0x5d, 0xc9, 0x99, 0x57, 0xe7, 0x61,
-	0xa0, 0x1e, 0xb8, 0xbb, 0x24, 0x10, 0xfd, 0xac, 0xb8, 0x2c, 0x32, 0x28, 0x16, 0x58, 0xf4, 0x12,
-	0x8c, 0xf0, 0x03, 0xe9, 0x8a, 0xe3, 0xd5, 0x1b, 0xb2, 0x8b, 0x4f, 0x08, 0xea, 0x91, 0x9b, 0x1a,
-	0x0e, 0x1b, 0x94, 0x87, 0x9c, 0x54, 0xe7, 0x13, 0x8b, 0x31, 0xef, 0xb0, 0xfb, 0xbc, 0x05, 0x13,
-	0xbc, 0x9a, 0xb9, 0x28, 0x0a, 0xdc, 0x8d, 0x76, 0x44, 0xc2, 0xe9, 0x7e, 0xb6, 0xd3, 0x2d, 0x64,
-	0xf5, 0x56, 0x6e, 0x0f, 0xcc, 0xde, 0x4c, 0x70, 0xe1, 0x9b, 0xe0, 0xb4, 0xa8, 0x77, 0x22, 0x89,
-	0xc6, 0xa9, 0x6a, 0xd1, 0xf7, 0x5a, 0x30, 0x53, 0xf3, 0xbd, 0x28, 0xf0, 0x1b, 0x0d, 0x12, 0x54,
-	0xda, 0x1b, 0x0d, 0x37, 0xdc, 0xe6, 0xf3, 0x14, 0x93, 0x4d, 0xb6, 0x13, 0xe4, 0x8c, 0xa1, 0x22,
-	0x12, 0x63, 0x78, 0xf6, 0xde, 0x7e, 0x79, 0x66, 0x21, 0x97, 0x15, 0xee, 0x50, 0x0d, 0xda, 0x01,
-	0x44, 0x8f, 0xd2, 0x6a, 0xe4, 0x6c, 0x91, 0xb8, 0xf2, 0xc1, 0xde, 0x2b, 0x3f, 0x75, 0x6f, 0xbf,
-	0x8c, 0xd6, 0x52, 0x2c, 0x70, 0x06, 0x5b, 0xf4, 0x16, 0x9c, 0xa0, 0xd0, 0xd4, 0xb7, 0x0e, 0xf5,
-	0x5e, 0xdd, 0xf4, 0xbd, 0xfd, 0xf2, 0x89, 0xb5, 0x0c, 0x26, 0x38, 0x93, 0x35, 0xfa, 0x6e, 0x0b,
-	0x4e, 0xc7, 0x9f, 0xbf, 0x74, 0xa7, 0xe5, 0x78, 0xf5, 0xb8, 0xe2, 0x52, 0xef, 0x15, 0xd3, 0x3d,
-	0xf9, 0xf4, 0x42, 0x1e, 0x27, 0x9c, 0x5f, 0x09, 0xf2, 0x60, 0x8a, 0x36, 0x2d, 0x59, 0x37, 0xf4,
-	0x5e, 0xf7, 0x43, 0xf7, 0xf6, 0xcb, 0x53, 0x6b, 0x69, 0x1e, 0x38, 0x8b, 0xf1, 0xcc, 0x02, 0x9c,
-	0xcc, 0x9c, 0x9d, 0x68, 0x02, 0x8a, 0x3b, 0x84, 0x4b, 0x5d, 0x25, 0x4c, 0x7f, 0xa2, 0x13, 0xd0,
-	0xbf, 0xeb, 0x34, 0xda, 0x62, 0x61, 0x62, 0xfe, 0xe7, 0xe5, 0xc2, 0x4b, 0x96, 0xfd, 0xcf, 0x8b,
-	0x30, 0xbe, 0x50, 0x5d, 0xb9, 0xaf, 0x55, 0xaf, 0x1f, 0x7b, 0x85, 0x8e, 0xc7, 0x5e, 0x7c, 0x88,
-	0x16, 0x73, 0x0f, 0xd1, 0xff, 0x3f, 0x63, 0xc9, 0xf6, 0xb1, 0x25, 0xfb, 0xc1, 0x9c, 0x25, 0x7b,
-	0xc4, 0x0b, 0x75, 0x37, 0x67, 0xd6, 0xf6, 0xb3, 0x01, 0xcc, 0x94, 0x90, 0xae, 0xf9, 0x35, 0xa7,
-	0x91, 0xdc, 0x6a, 0x0f, 0x39, 0x75, 0x8f, 0x66, 0x1c, 0x6b, 0x30, 0xb2, 0xe0, 0xb4, 0x9c, 0x0d,
-	0xb7, 0xe1, 0x46, 0x2e, 0x09, 0xd1, 0x93, 0x50, 0x74, 0xea, 0x75, 0x26, 0xdd, 0x95, 0xe6, 0x4f,
-	0xde, 0xdb, 0x2f, 0x17, 0xe7, 0xea, 0x54, 0xcc, 0x00, 0x45, 0xb5, 0x87, 0x29, 0x05, 0x7a, 0x2f,
-	0xf4, 0xd5, 0x03, 0xbf, 0x35, 0x5d, 0x60, 0x94, 0x74, 0x95, 0xf7, 0x2d, 0x06, 0x7e, 0x2b, 0x41,
-	0xca, 0x68, 0xec, 0xdf, 0x28, 0xc0, 0x23, 0x0b, 0xa4, 0xb5, 0xbd, 0x5c, 0xcd, 0x39, 0x2f, 0x2e,
-	0xc0, 0x50, 0xd3, 0xf7, 0xdc, 0xc8, 0x0f, 0x42, 0x51, 0x35, 0x9b, 0x11, 0xab, 0x02, 0x86, 0x15,
-	0x16, 0x9d, 0x83, 0xbe, 0x56, 0x2c, 0xc4, 0x8e, 0x48, 0x01, 0x98, 0x89, 0xaf, 0x0c, 0x43, 0x29,
-	0xda, 0x21, 0x09, 0xc4, 0x8c, 0x51, 0x14, 0x37, 0x42, 0x12, 0x60, 0x86, 0x89, 0x25, 0x01, 0x2a,
-	0x23, 0x88, 0x13, 0x21, 0x21, 0x09, 0x50, 0x0c, 0xd6, 0xa8, 0x50, 0x05, 0x4a, 0x61, 0x62, 0x64,
-	0x7b, 0x5a, 0x9a, 0xa3, 0x4c, 0x54, 0x50, 0x23, 0x19, 0x33, 0x31, 0x4e, 0xb0, 0x81, 0xae, 0xa2,
-	0xc2, 0xd7, 0x0a, 0x80, 0x78, 0x17, 0x7e, 0x9b, 0x75, 0xdc, 0x8d, 0x74, 0xc7, 0xf5, 0xbe, 0x24,
-	0x8e, 0xaa, 0xf7, 0xfe, 0x87, 0x05, 0x8f, 0x2c, 0xb8, 0x5e, 0x9d, 0x04, 0x39, 0x13, 0xf0, 0xc1,
-	0xdc, 0x9d, 0x0f, 0x27, 0xa4, 0x18, 0x53, 0xac, 0xef, 0x08, 0xa6, 0x98, 0xfd, 0x27, 0x16, 0x20,
-	0xfe, 0xd9, 0xef, 0xb8, 0x8f, 0xbd, 0x91, 0xfe, 0xd8, 0x23, 0x98, 0x16, 0xf6, 0xdf, 0xb3, 0x60,
-	0x78, 0xa1, 0xe1, 0xb8, 0x4d, 0xf1, 0xa9, 0x0b, 0x30, 0x29, 0x15, 0x45, 0x0c, 0xac, 0xc9, 0xfe,
-	0x74, 0x73, 0x9b, 0xc4, 0x49, 0x24, 0x4e, 0xd3, 0xa3, 0x8f, 0xc3, 0x69, 0x03, 0xb8, 0x4e, 0x9a,
-	0xad, 0x86, 0x13, 0xe9, 0xb7, 0x02, 0x76, 0xfa, 0xe3, 0x3c, 0x22, 0x9c, 0x5f, 0xde, 0xbe, 0x06,
-	0x63, 0x0b, 0x0d, 0x97, 0x78, 0xd1, 0x4a, 0x65, 0xc1, 0xf7, 0x36, 0xdd, 0x2d, 0xf4, 0x32, 0x8c,
-	0x45, 0x6e, 0x93, 0xf8, 0xed, 0xa8, 0x4a, 0x6a, 0xbe, 0xc7, 0xee, 0xda, 0xd6, 0x85, 0xfe, 0x79,
-	0x74, 0x6f, 0xbf, 0x3c, 0xb6, 0x6e, 0x60, 0x70, 0x82, 0xd2, 0xfe, 0x7d, 0x3a, 0xe2, 0x7e, 0xb3,
-	0xe5, 0x7b, 0xc4, 0x8b, 0x16, 0x7c, 0xaf, 0xce, 0x75, 0x32, 0x2f, 0x43, 0x5f, 0x44, 0x47, 0x90,
-	0x7f, 0xf9, 0x79, 0xb9, 0xb4, 0xe9, 0xb8, 0x1d, 0xec, 0x97, 0x4f, 0xa5, 0x4b, 0xb0, 0x91, 0x65,
-	0x65, 0xd0, 0x07, 0x61, 0x20, 0x8c, 0x9c, 0xa8, 0x1d, 0x8a, 0x4f, 0x7d, 0x54, 0x8e, 0x7f, 0x95,
-	0x41, 0x0f, 0xf6, 0xcb, 0xe3, 0xaa, 0x18, 0x07, 0x61, 0x51, 0x00, 0x3d, 0x05, 0x83, 0x4d, 0x12,
-	0x86, 0xce, 0x96, 0x3c, 0xbf, 0xc7, 0x45, 0xd9, 0xc1, 0x55, 0x0e, 0xc6, 0x12, 0x8f, 0x1e, 0x83,
-	0x7e, 0x12, 0x04, 0x7e, 0x20, 0x76, 0x95, 0x51, 0x41, 0xd8, 0xbf, 0x44, 0x81, 0x98, 0xe3, 0xec,
-	0x7f, 0x63, 0xc1, 0xb8, 0x6a, 0x2b, 0xaf, 0xeb, 0x18, 0xee, 0x4d, 0x6f, 0x00, 0xd4, 0xe4, 0x07,
-	0x86, 0xec, 0xbc, 0x1b, 0x7e, 0xee, 0x7c, 0xa6, 0x68, 0x91, 0xea, 0xc6, 0x98, 0xb3, 0x02, 0x85,
-	0x58, 0xe3, 0x66, 0xff, 0xaa, 0x05, 0x53, 0x89, 0x2f, 0xba, 0xe6, 0x86, 0x11, 0x7a, 0x33, 0xf5,
-	0x55, 0xb3, 0xbd, 0x7d, 0x15, 0x2d, 0xcd, 0xbe, 0x49, 0x2d, 0x3e, 0x09, 0xd1, 0xbe, 0xe8, 0x0a,
-	0xf4, 0xbb, 0x11, 0x69, 0xca, 0x8f, 0x79, 0xac, 0xe3, 0xc7, 0xf0, 0x56, 0xc5, 0x23, 0xb2, 0x42,
-	0x4b, 0x62, 0xce, 0xc0, 0xfe, 0x8d, 0x22, 0x94, 0xf8, 0xb4, 0x5d, 0x75, 0x5a, 0xc7, 0x30, 0x16,
-	0x4f, 0x43, 0xc9, 0x6d, 0x36, 0xdb, 0x91, 0xb3, 0x21, 0x0e, 0xa0, 0x21, 0xbe, 0x19, 0xac, 0x48,
-	0x20, 0x8e, 0xf1, 0x68, 0x05, 0xfa, 0x58, 0x53, 0xf8, 0x57, 0x3e, 0x99, 0xfd, 0x95, 0xa2, 0xed,
-	0xb3, 0x8b, 0x4e, 0xe4, 0x70, 0xd9, 0x4f, 0x9d, 0x7c, 0x14, 0x84, 0x19, 0x0b, 0xe4, 0x00, 0x6c,
-	0xb8, 0x9e, 0x13, 0xec, 0x51, 0xd8, 0x74, 0x91, 0x31, 0x7c, 0xb6, 0x33, 0xc3, 0x79, 0x45, 0xcf,
-	0xd9, 0xaa, 0x0f, 0x8b, 0x11, 0x58, 0x63, 0x3a, 0xf3, 0x01, 0x28, 0x29, 0xe2, 0xc3, 0x88, 0x70,
-	0x33, 0x1f, 0x86, 0xf1, 0x44, 0x5d, 0xdd, 0x8a, 0x8f, 0xe8, 0x12, 0xe0, 0x2f, 0xb3, 0x2d, 0x43,
-	0xb4, 0x7a, 0xc9, 0xdb, 0x15, 0x3b, 0xe7, 0x5d, 0x38, 0xd1, 0xc8, 0xd8, 0x7b, 0xc5, 0xb8, 0xf6,
-	0xbe, 0x57, 0x3f, 0x22, 0x3e, 0xfb, 0x44, 0x16, 0x16, 0x67, 0xd6, 0x41, 0xa5, 0x1a, 0xbf, 0x45,
-	0x17, 0x88, 0xd3, 0xd0, 0x2f, 0x08, 0xd7, 0x05, 0x0c, 0x2b, 0x2c, 0xdd, 0xef, 0x4e, 0xa8, 0xc6,
-	0x5f, 0x25, 0x7b, 0x55, 0xd2, 0x20, 0xb5, 0xc8, 0x0f, 0xbe, 0xa5, 0xcd, 0x3f, 0xc3, 0x7b, 0x9f,
-	0x6f, 0x97, 0xc3, 0x82, 0x41, 0xf1, 0x2a, 0xd9, 0xe3, 0x43, 0xa1, 0x7f, 0x5d, 0xb1, 0xe3, 0xd7,
-	0x7d, 0xc5, 0x82, 0x51, 0xf5, 0x75, 0xc7, 0xb0, 0x2f, 0xcc, 0x9b, 0xfb, 0xc2, 0x99, 0x8e, 0x13,
-	0x3c, 0x67, 0x47, 0xf8, 0x5a, 0x01, 0x4e, 0x2b, 0x1a, 0x7a, 0x9b, 0xe1, 0x7f, 0xc4, 0xac, 0xba,
-	0x08, 0x25, 0x4f, 0xe9, 0xf5, 0x2c, 0x53, 0xa1, 0x16, 0x6b, 0xf5, 0x62, 0x1a, 0x2a, 0x94, 0x7a,
-	0xf1, 0x31, 0x3b, 0xa2, 0x2b, 0xbc, 0x85, 0x72, 0x7b, 0x1e, 0x8a, 0x6d, 0xb7, 0x2e, 0x0e, 0x98,
-	0xf7, 0xc9, 0xde, 0xbe, 0xb1, 0xb2, 0x78, 0xb0, 0x5f, 0x7e, 0x34, 0xcf, 0xd8, 0x42, 0x4f, 0xb6,
-	0x70, 0xf6, 0xc6, 0xca, 0x22, 0xa6, 0x85, 0xd1, 0x1c, 0x8c, 0xcb, 0x13, 0xfa, 0x26, 0x15, 0x10,
-	0x7d, 0x4f, 0x9c, 0x43, 0x4a, 0x6b, 0x8d, 0x4d, 0x34, 0x4e, 0xd2, 0xa3, 0x45, 0x98, 0xd8, 0x69,
-	0x6f, 0x90, 0x06, 0x89, 0xf8, 0x07, 0x5f, 0x25, 0x5c, 0xa7, 0x5b, 0x8a, 0xef, 0x92, 0x57, 0x13,
-	0x78, 0x9c, 0x2a, 0x61, 0xff, 0x39, 0x3b, 0x0f, 0x44, 0xef, 0x55, 0x02, 0x9f, 0x4e, 0x2c, 0xca,
-	0xfd, 0x5b, 0x39, 0x9d, 0x7b, 0x99, 0x15, 0x57, 0xc9, 0xde, 0xba, 0x4f, 0xef, 0x12, 0xd9, 0xb3,
-	0xc2, 0x98, 0xf3, 0x7d, 0x1d, 0xe7, 0xfc, 0xcf, 0x17, 0xe0, 0xa4, 0xea, 0x01, 0x43, 0x6c, 0xfd,
-	0x76, 0xef, 0x83, 0x4b, 0x30, 0x5c, 0x27, 0x9b, 0x4e, 0xbb, 0x11, 0x29, 0x03, 0x43, 0x3f, 0x37,
-	0x32, 0x2d, 0xc6, 0x60, 0xac, 0xd3, 0x1c, 0xa2, 0xdb, 0xfe, 0xfd, 0x08, 0x3b, 0x88, 0x23, 0x87,
-	0xce, 0x71, 0xb5, 0x6a, 0xac, 0xdc, 0x55, 0xf3, 0x18, 0xf4, 0xbb, 0x4d, 0x2a, 0x98, 0x15, 0x4c,
-	0x79, 0x6b, 0x85, 0x02, 0x31, 0xc7, 0xa1, 0x27, 0x60, 0xb0, 0xe6, 0x37, 0x9b, 0x8e, 0x57, 0x67,
-	0x47, 0x5e, 0x69, 0x7e, 0x98, 0xca, 0x6e, 0x0b, 0x1c, 0x84, 0x25, 0x0e, 0x3d, 0x02, 0x7d, 0x4e,
-	0xb0, 0xc5, 0xb5, 0x2e, 0xa5, 0xf9, 0x21, 0x5a, 0xd3, 0x5c, 0xb0, 0x15, 0x62, 0x06, 0xa5, 0x97,
-	0xc6, 0xdb, 0x7e, 0xb0, 0xe3, 0x7a, 0x5b, 0x8b, 0x6e, 0x20, 0x96, 0x84, 0x3a, 0x0b, 0x6f, 0x29,
-	0x0c, 0xd6, 0xa8, 0xd0, 0x32, 0xf4, 0xb7, 0xfc, 0x20, 0x0a, 0xa7, 0x07, 0x58, 0x77, 0x3f, 0x9a,
-	0xb3, 0x11, 0xf1, 0xaf, 0xad, 0xf8, 0x41, 0x14, 0x7f, 0x00, 0xfd, 0x17, 0x62, 0x5e, 0x1c, 0x5d,
-	0x83, 0x41, 0xe2, 0xed, 0x2e, 0x07, 0x7e, 0x73, 0x7a, 0x2a, 0x9f, 0xd3, 0x12, 0x27, 0xe1, 0xd3,
-	0x2c, 0x96, 0x51, 0x05, 0x18, 0x4b, 0x16, 0xe8, 0x83, 0x50, 0x24, 0xde, 0xee, 0xf4, 0x20, 0xe3,
-	0x34, 0x93, 0xc3, 0xe9, 0xa6, 0x13, 0xc4, 0x7b, 0xfe, 0x92, 0xb7, 0x8b, 0x69, 0x19, 0xf4, 0x31,
-	0x28, 0xc9, 0x0d, 0x23, 0x14, 0xea, 0xcc, 0xcc, 0x09, 0x2b, 0xb7, 0x19, 0x4c, 0xde, 0x6a, 0xbb,
-	0x01, 0x69, 0x12, 0x2f, 0x0a, 0xe3, 0x1d, 0x52, 0x62, 0x43, 0x1c, 0x73, 0x43, 0x35, 0x18, 0x09,
-	0x48, 0xe8, 0xde, 0x25, 0x15, 0xbf, 0xe1, 0xd6, 0xf6, 0xa6, 0x1f, 0x62, 0xcd, 0x7b, 0xaa, 0x63,
-	0x97, 0x61, 0xad, 0x40, 0xac, 0x6e, 0xd7, 0xa1, 0xd8, 0x60, 0x8a, 0x3e, 0x26, 0x15, 0xf5, 0xab,
-	0x7e, 0xdb, 0x8b, 0xc2, 0xe9, 0x12, 0xab, 0x24, 0xd3, 0x84, 0x7a, 0x33, 0xa6, 0x4b, 0x6a, 0xf2,
-	0x79, 0x61, 0x6c, 0xb0, 0x42, 0x9f, 0x80, 0x51, 0xfe, 0x9f, 0x1b, 0x22, 0xc3, 0xe9, 0x93, 0x8c,
-	0xf7, 0xb9, 0x7c, 0xde, 0x9c, 0x70, 0xfe, 0xa4, 0x60, 0x3e, 0xaa, 0x43, 0x43, 0x6c, 0x72, 0x43,
-	0x18, 0x46, 0x1b, 0xee, 0x2e, 0xf1, 0x48, 0x18, 0x56, 0x02, 0x7f, 0x83, 0x08, 0xbd, 0xea, 0xe9,
-	0x6c, 0xc3, 0xa5, 0xbf, 0x41, 0xe6, 0x27, 0x29, 0xcf, 0x6b, 0x7a, 0x19, 0x6c, 0xb2, 0x40, 0x37,
-	0x60, 0x8c, 0x5e, 0x64, 0xdd, 0x98, 0xe9, 0x70, 0x37, 0xa6, 0xec, 0xf2, 0x86, 0x8d, 0x42, 0x38,
-	0xc1, 0x04, 0x5d, 0x87, 0x91, 0x30, 0x72, 0x82, 0xa8, 0xdd, 0xe2, 0x4c, 0x4f, 0x75, 0x63, 0xca,
-	0xec, 0xde, 0x55, 0xad, 0x08, 0x36, 0x18, 0xa0, 0xd7, 0xa0, 0xd4, 0x70, 0x37, 0x49, 0x6d, 0xaf,
-	0xd6, 0x20, 0xd3, 0x23, 0x8c, 0x5b, 0xe6, 0xce, 0x75, 0x4d, 0x12, 0x71, 0x61, 0x5a, 0xfd, 0xc5,
-	0x71, 0x71, 0x74, 0x13, 0x4e, 0x45, 0x24, 0x68, 0xba, 0x9e, 0x43, 0x77, 0x1c, 0x71, 0x7f, 0x63,
-	0xf6, 0xe4, 0x51, 0xb6, 0xa4, 0xcf, 0x8a, 0xd1, 0x38, 0xb5, 0x9e, 0x49, 0x85, 0x73, 0x4a, 0xa3,
-	0x3b, 0x30, 0x9d, 0x81, 0xe1, 0x53, 0xf9, 0x04, 0xe3, 0xfc, 0x21, 0xc1, 0x79, 0x7a, 0x3d, 0x87,
-	0xee, 0xa0, 0x03, 0x0e, 0xe7, 0x72, 0x47, 0xd7, 0x61, 0x9c, 0x6d, 0x73, 0x95, 0x76, 0xa3, 0x21,
-	0x2a, 0x1c, 0x63, 0x15, 0x3e, 0x21, 0x0f, 0xfd, 0x15, 0x13, 0x7d, 0xb0, 0x5f, 0x86, 0xf8, 0x1f,
-	0x4e, 0x96, 0x46, 0x1b, 0xcc, 0x74, 0xd9, 0x0e, 0xdc, 0x68, 0x8f, 0xae, 0x34, 0x72, 0x27, 0x9a,
-	0x1e, 0xef, 0xa8, 0xc6, 0xd1, 0x49, 0x95, 0x7d, 0x53, 0x07, 0xe2, 0x24, 0x43, 0xba, 0x6f, 0x87,
-	0x51, 0xdd, 0xf5, 0xa6, 0x27, 0xf8, 0xe5, 0x47, 0x6e, 0x7b, 0x55, 0x0a, 0xc4, 0x1c, 0xc7, 0xcc,
-	0x96, 0xf4, 0xc7, 0x75, 0x7a, 0x3c, 0x4e, 0x32, 0xc2, 0xd8, 0x6c, 0x29, 0x11, 0x38, 0xa6, 0xa1,
-	0x12, 0x6b, 0x14, 0xed, 0x4d, 0x23, 0x46, 0xaa, 0x76, 0xaf, 0xf5, 0xf5, 0x8f, 0x61, 0x0a, 0xb7,
-	0x37, 0x60, 0x4c, 0x6d, 0x1d, 0xac, 0x4f, 0x50, 0x19, 0xfa, 0x99, 0x8c, 0x26, 0x94, 0x8e, 0x25,
-	0xda, 0x04, 0x26, 0xbf, 0x61, 0x0e, 0x67, 0x4d, 0x70, 0xef, 0x92, 0xf9, 0xbd, 0x88, 0x70, 0xc5,
-	0x41, 0x51, 0x6b, 0x82, 0x44, 0xe0, 0x98, 0xc6, 0xfe, 0xbf, 0x5c, 0xd6, 0x8d, 0xb7, 0xf4, 0x1e,
-	0x0e, 0xb1, 0x67, 0x60, 0x68, 0xdb, 0x0f, 0x23, 0x4a, 0xcd, 0xea, 0xe8, 0x8f, 0xa5, 0xdb, 0x2b,
-	0x02, 0x8e, 0x15, 0x05, 0x7a, 0x05, 0x46, 0x6b, 0x7a, 0x05, 0xe2, 0x04, 0x56, 0xdb, 0x88, 0x51,
-	0x3b, 0x36, 0x69, 0xd1, 0x4b, 0x30, 0xc4, 0x5c, 0x71, 0x6a, 0x7e, 0x43, 0x88, 0x86, 0x52, 0x8c,
-	0x18, 0xaa, 0x08, 0xf8, 0x81, 0xf6, 0x1b, 0x2b, 0x6a, 0x74, 0x1e, 0x06, 0x68, 0x13, 0x56, 0x2a,
-	0xe2, 0xec, 0x53, 0xfa, 0xb3, 0x2b, 0x0c, 0x8a, 0x05, 0xd6, 0xfe, 0x55, 0x8b, 0x09, 0x3e, 0xe9,
-	0x0d, 0x1a, 0x5d, 0x61, 0x3b, 0x3c, 0xdb, 0xee, 0x35, 0xfd, 0xd5, 0xe3, 0xda, 0xb6, 0xad, 0x70,
-	0x07, 0x89, 0xff, 0xd8, 0x28, 0x89, 0xde, 0x80, 0xd1, 0x80, 0xb0, 0x2d, 0x42, 0x4c, 0x78, 0x7e,
-	0xfa, 0xbf, 0x20, 0xbb, 0x00, 0xeb, 0xc8, 0x83, 0xfd, 0xf2, 0xc3, 0xf1, 0x79, 0x44, 0xdb, 0x63,
-	0xa0, 0xb1, 0xc9, 0xca, 0xfe, 0xcb, 0x05, 0x6d, 0x96, 0x54, 0x23, 0x27, 0x22, 0xa8, 0x02, 0x83,
-	0xb7, 0x1d, 0x37, 0x72, 0xbd, 0x2d, 0x21, 0xa4, 0x75, 0x3e, 0x95, 0x58, 0xa1, 0x5b, 0xbc, 0x00,
-	0x17, 0x35, 0xc4, 0x1f, 0x2c, 0xd9, 0x50, 0x8e, 0x41, 0xdb, 0xf3, 0x28, 0xc7, 0x42, 0xaf, 0x1c,
-	0x31, 0x2f, 0xc0, 0x39, 0x8a, 0x3f, 0x58, 0xb2, 0x41, 0x6f, 0x02, 0xc8, 0x1d, 0x82, 0xd4, 0x85,
-	0x0b, 0xcf, 0x33, 0xdd, 0x99, 0xae, 0xab, 0x32, 0xf3, 0x63, 0x54, 0x90, 0x89, 0xff, 0x63, 0x8d,
-	0x9f, 0x1d, 0x69, 0x63, 0xaa, 0x37, 0x06, 0x7d, 0x9c, 0x2e, 0x51, 0x27, 0x88, 0x48, 0x7d, 0x2e,
-	0x12, 0x9d, 0xf3, 0xde, 0xde, 0x6e, 0x72, 0xeb, 0x6e, 0x93, 0xe8, 0xcb, 0x59, 0x30, 0xc1, 0x31,
-	0x3f, 0xfb, 0x17, 0x8b, 0x30, 0x9d, 0xd7, 0x5c, 0xba, 0x68, 0xc8, 0x1d, 0x37, 0x5a, 0xa0, 0x32,
-	0xa8, 0x65, 0x2e, 0x9a, 0x25, 0x01, 0xc7, 0x8a, 0x82, 0xce, 0xde, 0xd0, 0xdd, 0x92, 0x17, 0xf1,
-	0xfe, 0x78, 0xf6, 0x56, 0x19, 0x14, 0x0b, 0x2c, 0xa5, 0x0b, 0x88, 0x13, 0x0a, 0x1f, 0x31, 0x6d,
-	0x96, 0x63, 0x06, 0xc5, 0x02, 0xab, 0xab, 0x04, 0xfb, 0xba, 0xa8, 0x04, 0x8d, 0x2e, 0xea, 0x3f,
-	0xda, 0x2e, 0x42, 0x9f, 0x04, 0xd8, 0x74, 0x3d, 0x37, 0xdc, 0x66, 0xdc, 0x07, 0x0e, 0xcd, 0x5d,
-	0x49, 0xb0, 0xcb, 0x8a, 0x0b, 0xd6, 0x38, 0xa2, 0x17, 0x61, 0x58, 0x6d, 0x20, 0x2b, 0x8b, 0xcc,
-	0x60, 0xae, 0x39, 0x20, 0xc5, 0xbb, 0xe9, 0x22, 0xd6, 0xe9, 0xec, 0x4f, 0x27, 0xe7, 0x8b, 0x58,
-	0x01, 0x5a, 0xff, 0x5a, 0xbd, 0xf6, 0x6f, 0xa1, 0x73, 0xff, 0xda, 0xdf, 0x18, 0x80, 0x71, 0xa3,
-	0xb2, 0x76, 0xd8, 0xc3, 0x9e, 0x7b, 0x99, 0x1e, 0x40, 0x4e, 0x44, 0xc4, 0xfa, 0xb3, 0xbb, 0x2f,
-	0x15, 0xfd, 0x90, 0xa2, 0x2b, 0x80, 0x97, 0x47, 0x9f, 0x84, 0x52, 0xc3, 0x09, 0x99, 0x7a, 0x91,
-	0x88, 0x75, 0xd7, 0x0b, 0xb3, 0xf8, 0xf6, 0xe6, 0x84, 0x91, 0x76, 0xea, 0x73, 0xde, 0x31, 0x4b,
-	0x7a, 0x52, 0x52, 0xf9, 0x4a, 0x3a, 0x21, 0xaa, 0x46, 0x50, 0x21, 0x6c, 0x0f, 0x73, 0x1c, 0x7a,
-	0x89, 0x6d, 0xad, 0x74, 0x56, 0x2c, 0x50, 0x69, 0x94, 0x4d, 0xb3, 0x7e, 0x43, 0x22, 0x56, 0x38,
-	0x6c, 0x50, 0xc6, 0x17, 0xa8, 0x81, 0x0e, 0x17, 0xa8, 0xa7, 0x60, 0x90, 0xfd, 0x50, 0x33, 0x40,
-	0x8d, 0xc6, 0x0a, 0x07, 0x63, 0x89, 0x4f, 0x4e, 0x98, 0xa1, 0xde, 0x26, 0x0c, 0xbd, 0xa2, 0x89,
-	0x49, 0xcd, 0x9c, 0x15, 0x86, 0xf8, 0x2e, 0x27, 0xa6, 0x3c, 0x96, 0x38, 0xf4, 0xb3, 0x16, 0x20,
-	0xa7, 0x41, 0xaf, 0xb6, 0x14, 0xac, 0x6e, 0x22, 0xc0, 0x44, 0xed, 0x57, 0xba, 0x76, 0x7b, 0x3b,
-	0x9c, 0x9d, 0x4b, 0x95, 0xe6, 0x6a, 0xcd, 0x97, 0x45, 0x13, 0x51, 0x9a, 0x40, 0x3f, 0x8c, 0xae,
-	0xb9, 0x61, 0xf4, 0xb9, 0xff, 0x98, 0x38, 0x9c, 0x32, 0x9a, 0x84, 0x6e, 0xe8, 0x37, 0xa5, 0xe1,
-	0x43, 0xde, 0x94, 0x46, 0xf3, 0x6e, 0x49, 0x33, 0x6d, 0x78, 0x28, 0xe7, 0x0b, 0x32, 0x94, 0xa5,
-	0x8b, 0xba, 0xb2, 0xb4, 0x8b, 0x8a, 0x6d, 0x56, 0xd6, 0x31, 0xfb, 0x7a, 0xdb, 0xf1, 0x22, 0x37,
-	0xda, 0xd3, 0x95, 0xab, 0xef, 0x85, 0xb1, 0x45, 0x87, 0x34, 0x7d, 0x6f, 0xc9, 0xab, 0xb7, 0x7c,
-	0xd7, 0x8b, 0xd0, 0x34, 0xf4, 0x31, 0xe1, 0x83, 0x6f, 0xbd, 0x7d, 0xb4, 0xf7, 0x30, 0x83, 0xd8,
-	0x5b, 0x70, 0x72, 0xd1, 0xbf, 0xed, 0xdd, 0x76, 0x82, 0xfa, 0x5c, 0x65, 0x45, 0x53, 0xfe, 0xac,
-	0x49, 0xe5, 0x83, 0x95, 0x7f, 0xb5, 0xd3, 0x4a, 0xf2, 0xeb, 0xd0, 0xb2, 0xdb, 0x20, 0x39, 0x2a,
-	0xba, 0xbf, 0x56, 0x30, 0x6a, 0x8a, 0xe9, 0x95, 0x91, 0xd8, 0xca, 0x35, 0x12, 0xbf, 0x0e, 0x43,
-	0x9b, 0x2e, 0x69, 0xd4, 0x31, 0xd9, 0x14, 0xbd, 0xf3, 0x64, 0xbe, 0x1b, 0xd9, 0x32, 0xa5, 0x94,
-	0x2a, 0x59, 0xae, 0xba, 0x58, 0x16, 0x85, 0xb1, 0x62, 0x83, 0x76, 0x60, 0x42, 0xf6, 0xa1, 0xc4,
-	0x8a, 0xfd, 0xe0, 0xa9, 0x4e, 0x03, 0x6f, 0x32, 0x3f, 0x71, 0x6f, 0xbf, 0x3c, 0x81, 0x13, 0x6c,
-	0x70, 0x8a, 0x31, 0x7a, 0x04, 0xfa, 0x9a, 0xf4, 0xe4, 0xeb, 0x63, 0xdd, 0xcf, 0x74, 0x15, 0x4c,
-	0xed, 0xc2, 0xa0, 0xf6, 0x8f, 0x5b, 0xf0, 0x50, 0xaa, 0x67, 0x84, 0xfa, 0xe9, 0x88, 0x47, 0x21,
-	0xa9, 0x0e, 0x2a, 0x74, 0x57, 0x07, 0xd9, 0x7f, 0xdb, 0x82, 0x13, 0x4b, 0xcd, 0x56, 0xb4, 0xb7,
-	0xe8, 0x9a, 0x16, 0xdd, 0x0f, 0xc0, 0x40, 0x93, 0xd4, 0xdd, 0x76, 0x53, 0x8c, 0x5c, 0x59, 0x9e,
-	0x0e, 0xab, 0x0c, 0x7a, 0xb0, 0x5f, 0x1e, 0xad, 0x46, 0x7e, 0xe0, 0x6c, 0x11, 0x0e, 0xc0, 0x82,
-	0x9c, 0x9d, 0xb1, 0xee, 0x5d, 0x72, 0xcd, 0x6d, 0xba, 0xd1, 0xfd, 0xcd, 0x76, 0x61, 0x8c, 0x95,
-	0x4c, 0x70, 0xcc, 0xcf, 0xfe, 0xba, 0x05, 0xe3, 0x72, 0xde, 0xcf, 0xd5, 0xeb, 0x01, 0x09, 0x43,
-	0x34, 0x03, 0x05, 0xb7, 0x25, 0x5a, 0x09, 0xa2, 0x95, 0x85, 0x95, 0x0a, 0x2e, 0xb8, 0x2d, 0x29,
-	0xce, 0xb3, 0x03, 0xa8, 0x68, 0xda, 0xa5, 0xaf, 0x08, 0x38, 0x56, 0x14, 0xe8, 0x02, 0x0c, 0x79,
-	0x7e, 0x9d, 0x4b, 0xc4, 0x5c, 0x94, 0x60, 0x13, 0x6c, 0x4d, 0xc0, 0xb0, 0xc2, 0xa2, 0x0a, 0x94,
-	0xb8, 0xd7, 0x62, 0x3c, 0x69, 0x7b, 0xf2, 0x7d, 0x64, 0x5f, 0xb6, 0x2e, 0x4b, 0xe2, 0x98, 0x89,
-	0xfd, 0xeb, 0x16, 0x8c, 0xc8, 0x2f, 0xeb, 0xf1, 0xae, 0x42, 0x97, 0x56, 0x7c, 0x4f, 0x89, 0x97,
-	0x16, 0xbd, 0x6b, 0x30, 0x8c, 0x71, 0xc5, 0x28, 0x1e, 0xea, 0x8a, 0x71, 0x09, 0x86, 0x9d, 0x56,
-	0xab, 0x62, 0xde, 0x4f, 0xd8, 0x54, 0x9a, 0x8b, 0xc1, 0x58, 0xa7, 0xb1, 0x7f, 0xac, 0x00, 0x63,
-	0xf2, 0x0b, 0xaa, 0xed, 0x8d, 0x90, 0x44, 0x68, 0x1d, 0x4a, 0x0e, 0x1f, 0x25, 0x22, 0x27, 0xf9,
-	0x63, 0xd9, 0x4a, 0x2e, 0x63, 0x48, 0x63, 0x41, 0x6b, 0x4e, 0x96, 0xc6, 0x31, 0x23, 0xd4, 0x80,
-	0x49, 0xcf, 0x8f, 0xd8, 0xa1, 0xab, 0xf0, 0x9d, 0xec, 0x8e, 0x49, 0xee, 0xa7, 0x05, 0xf7, 0xc9,
-	0xb5, 0x24, 0x17, 0x9c, 0x66, 0x8c, 0x96, 0xa4, 0xe2, 0xb0, 0x98, 0xaf, 0x44, 0xd2, 0x07, 0x2e,
-	0x5b, 0x6f, 0x68, 0xff, 0x8a, 0x05, 0x25, 0x49, 0x76, 0x1c, 0x26, 0xe6, 0x55, 0x18, 0x0c, 0xd9,
-	0x20, 0xc8, 0xae, 0xb1, 0x3b, 0x35, 0x9c, 0x8f, 0x57, 0x2c, 0x4b, 0xf0, 0xff, 0x21, 0x96, 0x3c,
-	0x98, 0xdd, 0x48, 0x35, 0xff, 0x1d, 0x62, 0x37, 0x52, 0xed, 0xc9, 0x39, 0x94, 0xfe, 0x88, 0xb5,
-	0x59, 0x53, 0xc4, 0x52, 0x91, 0xb7, 0x15, 0x90, 0x4d, 0xf7, 0x4e, 0x52, 0xe4, 0xad, 0x30, 0x28,
-	0x16, 0x58, 0xf4, 0x26, 0x8c, 0xd4, 0xa4, 0xc1, 0x20, 0x5e, 0xe1, 0xe7, 0x3b, 0x1a, 0xaf, 0x94,
-	0x9d, 0x93, 0xeb, 0xd0, 0x16, 0xb4, 0xf2, 0xd8, 0xe0, 0x66, 0x7a, 0xe5, 0x14, 0xbb, 0x79, 0xe5,
-	0xc4, 0x7c, 0xf3, 0x7d, 0x54, 0x7e, 0xc2, 0x82, 0x01, 0xae, 0x28, 0xee, 0x4d, 0x4f, 0xaf, 0x99,
-	0x7d, 0xe3, 0xbe, 0xbb, 0x49, 0x81, 0x42, 0xd2, 0x40, 0xab, 0x50, 0x62, 0x3f, 0x98, 0xa2, 0xbb,
-	0x98, 0xff, 0x68, 0x86, 0xd7, 0xaa, 0x37, 0xf0, 0xa6, 0x2c, 0x86, 0x63, 0x0e, 0xf6, 0x8f, 0x16,
-	0xe9, 0xee, 0x16, 0x93, 0x1a, 0x87, 0xbe, 0xf5, 0xe0, 0x0e, 0xfd, 0xc2, 0x83, 0x3a, 0xf4, 0xb7,
-	0x60, 0xbc, 0xa6, 0x19, 0x89, 0xe3, 0x91, 0xbc, 0xd0, 0x71, 0x92, 0x68, 0xf6, 0x64, 0xae, 0x9d,
-	0x5b, 0x30, 0x99, 0xe0, 0x24, 0x57, 0xf4, 0x71, 0x18, 0xe1, 0xe3, 0x2c, 0x6a, 0xe1, 0x8e, 0x4d,
-	0x4f, 0xe4, 0xcf, 0x17, 0xbd, 0x0a, 0xae, 0xcd, 0xd5, 0x8a, 0x63, 0x83, 0x99, 0xfd, 0xa7, 0x16,
-	0xa0, 0xa5, 0xd6, 0x36, 0x69, 0x92, 0xc0, 0x69, 0xc4, 0xb6, 0x9e, 0x1f, 0xb2, 0x60, 0x9a, 0xa4,
-	0xc0, 0x0b, 0x7e, 0xb3, 0x29, 0x2e, 0x8b, 0x39, 0xfa, 0x8c, 0xa5, 0x9c, 0x32, 0xea, 0x55, 0xd1,
-	0x74, 0x1e, 0x05, 0xce, 0xad, 0x0f, 0xad, 0xc2, 0x14, 0x3f, 0x25, 0x15, 0x42, 0x73, 0x92, 0x7a,
-	0x58, 0x30, 0x9e, 0x5a, 0x4f, 0x93, 0xe0, 0xac, 0x72, 0xf6, 0x37, 0x47, 0x20, 0xb7, 0x15, 0xef,
-	0x1a, 0xb9, 0xde, 0x35, 0x72, 0xbd, 0x6b, 0xe4, 0x7a, 0xd7, 0xc8, 0xf5, 0xae, 0x91, 0xeb, 0x5d,
-	0x23, 0xd7, 0x51, 0x18, 0xb9, 0xfe, 0x8a, 0x05, 0x27, 0xd5, 0x59, 0x63, 0xdc, 0xae, 0x3f, 0x03,
-	0x53, 0x7c, 0xb9, 0x19, 0xde, 0xbb, 0xe2, 0x6c, 0xbd, 0x94, 0x39, 0x73, 0x13, 0x5e, 0xe6, 0x46,
-	0x41, 0xfe, 0x5c, 0x27, 0x03, 0x81, 0xb3, 0xaa, 0xb1, 0x7f, 0x71, 0x08, 0xfa, 0x97, 0x76, 0x89,
-	0x17, 0x1d, 0xc3, 0x3d, 0xa4, 0x06, 0x63, 0xae, 0xb7, 0xeb, 0x37, 0x76, 0x49, 0x9d, 0xe3, 0x0f,
-	0x73, 0x5d, 0x3e, 0x25, 0x58, 0x8f, 0xad, 0x18, 0x2c, 0x70, 0x82, 0xe5, 0x83, 0x30, 0x15, 0x5c,
-	0x86, 0x01, 0x7e, 0x52, 0x08, 0x3b, 0x41, 0xe6, 0x9e, 0xcd, 0x3a, 0x51, 0x9c, 0x7f, 0xb1, 0x19,
-	0x83, 0x9f, 0x44, 0xa2, 0x38, 0xfa, 0x34, 0x8c, 0x6d, 0xba, 0x41, 0x18, 0xad, 0xbb, 0x4d, 0x12,
-	0x46, 0x4e, 0xb3, 0x75, 0x1f, 0xa6, 0x01, 0xd5, 0x0f, 0xcb, 0x06, 0x27, 0x9c, 0xe0, 0x8c, 0xb6,
-	0x60, 0xb4, 0xe1, 0xe8, 0x55, 0x0d, 0x1e, 0xba, 0x2a, 0x75, 0x3a, 0x5c, 0xd3, 0x19, 0x61, 0x93,
-	0x2f, 0x5d, 0x4e, 0x35, 0xa6, 0xdd, 0x1e, 0x62, 0xba, 0x07, 0xb5, 0x9c, 0xb8, 0x5a, 0x9b, 0xe3,
-	0xa8, 0x34, 0xc5, 0x5c, 0xc4, 0x4b, 0xa6, 0x34, 0xa5, 0x39, 0x82, 0x7f, 0x0a, 0x4a, 0x84, 0x76,
-	0x21, 0x65, 0x2c, 0x0e, 0x98, 0x8b, 0xbd, 0xb5, 0x75, 0xd5, 0xad, 0x05, 0xbe, 0x69, 0x94, 0x59,
-	0x92, 0x9c, 0x70, 0xcc, 0x14, 0x2d, 0xc0, 0x40, 0x48, 0x02, 0x57, 0x29, 0x7e, 0x3b, 0x0c, 0x23,
-	0x23, 0xe3, 0xef, 0xc1, 0xf8, 0x6f, 0x2c, 0x8a, 0xd2, 0xe9, 0xe5, 0x30, 0xbd, 0x29, 0x3b, 0x0c,
-	0xb4, 0xe9, 0x35, 0xc7, 0xa0, 0x58, 0x60, 0xd1, 0x6b, 0x30, 0x18, 0x90, 0x06, 0xb3, 0xfa, 0x8d,
-	0xf6, 0x3e, 0xc9, 0xb9, 0x11, 0x91, 0x97, 0xc3, 0x92, 0x01, 0xba, 0x0a, 0x28, 0x20, 0x54, 0x1a,
-	0x73, 0xbd, 0x2d, 0xe5, 0x38, 0x2d, 0x36, 0x5a, 0x25, 0xf5, 0xe2, 0x98, 0x42, 0x3e, 0x05, 0xc4,
-	0x19, 0xc5, 0xd0, 0x65, 0x98, 0x54, 0xd0, 0x15, 0x2f, 0x8c, 0x1c, 0xba, 0xc1, 0x8d, 0x33, 0x5e,
-	0x4a, 0x19, 0x82, 0x93, 0x04, 0x38, 0x5d, 0xc6, 0xfe, 0x92, 0x05, 0xbc, 0x9f, 0x8f, 0x41, 0x05,
-	0xf0, 0xaa, 0xa9, 0x02, 0x38, 0x9d, 0x3b, 0x72, 0x39, 0xd7, 0xff, 0x2f, 0x59, 0x30, 0xac, 0x8d,
-	0x6c, 0x3c, 0x67, 0xad, 0x0e, 0x73, 0xb6, 0x0d, 0x13, 0x74, 0xa6, 0x5f, 0xdf, 0x08, 0x49, 0xb0,
-	0x4b, 0xea, 0x6c, 0x62, 0x16, 0xee, 0x6f, 0x62, 0x2a, 0x27, 0xcd, 0x6b, 0x09, 0x86, 0x38, 0x55,
-	0x85, 0xfd, 0x29, 0xd9, 0x54, 0xe5, 0xd3, 0x5a, 0x53, 0x63, 0x9e, 0xf0, 0x69, 0x55, 0xa3, 0x8a,
-	0x63, 0x1a, 0xba, 0xd4, 0xb6, 0xfd, 0x30, 0x4a, 0xfa, 0xb4, 0x5e, 0xf1, 0xc3, 0x08, 0x33, 0x8c,
-	0xfd, 0x3c, 0xc0, 0xd2, 0x1d, 0x52, 0xe3, 0x33, 0x56, 0xbf, 0xa1, 0x58, 0xf9, 0x37, 0x14, 0xfb,
-	0x77, 0x2c, 0x18, 0x5b, 0x5e, 0x30, 0x4e, 0xae, 0x59, 0x00, 0x7e, 0xad, 0xba, 0x75, 0x6b, 0x4d,
-	0xfa, 0x6a, 0x70, 0x73, 0xb5, 0x82, 0x62, 0x8d, 0x02, 0x9d, 0x86, 0x62, 0xa3, 0xed, 0x09, 0x1d,
-	0xe5, 0x20, 0x3d, 0x1e, 0xaf, 0xb5, 0x3d, 0x4c, 0x61, 0xda, 0x33, 0xa0, 0x62, 0xcf, 0xcf, 0x80,
-	0xba, 0x86, 0xff, 0x40, 0x65, 0xe8, 0xbf, 0x7d, 0xdb, 0xad, 0xf3, 0x47, 0xd6, 0xc2, 0x8f, 0xe4,
-	0xd6, 0xad, 0x95, 0xc5, 0x10, 0x73, 0xb8, 0xfd, 0x85, 0x22, 0xcc, 0x2c, 0x37, 0xc8, 0x9d, 0xb7,
-	0xf9, 0xd0, 0xbc, 0xd7, 0x47, 0x4c, 0x87, 0xd3, 0xf6, 0x1c, 0xf6, 0xa1, 0x5a, 0xf7, 0xfe, 0xd8,
-	0x84, 0x41, 0xee, 0xd2, 0x29, 0x9f, 0x9d, 0x67, 0xda, 0xe6, 0xf2, 0x3b, 0x64, 0x96, 0xbb, 0x86,
-	0x0a, 0xdb, 0x9c, 0x3a, 0x30, 0x05, 0x14, 0x4b, 0xe6, 0x33, 0x2f, 0xc3, 0x88, 0x4e, 0x79, 0xa8,
-	0x27, 0xa3, 0xdf, 0x53, 0x84, 0x09, 0xda, 0x82, 0x07, 0x3a, 0x10, 0x37, 0xd2, 0x03, 0x71, 0xd4,
-	0xcf, 0x06, 0xbb, 0x8f, 0xc6, 0x9b, 0xc9, 0xd1, 0xb8, 0x94, 0x37, 0x1a, 0xc7, 0x3d, 0x06, 0xdf,
-	0x6b, 0xc1, 0xd4, 0x72, 0xc3, 0xaf, 0xed, 0x24, 0x9e, 0xf6, 0xbd, 0x08, 0xc3, 0x74, 0x3b, 0x0e,
-	0x8d, 0x28, 0x17, 0x46, 0xdc, 0x13, 0x81, 0xc2, 0x3a, 0x9d, 0x56, 0xec, 0xc6, 0x8d, 0x95, 0xc5,
-	0xac, 0x70, 0x29, 0x02, 0x85, 0x75, 0x3a, 0xfb, 0xb7, 0x2c, 0x38, 0x73, 0x79, 0x61, 0x29, 0x9e,
-	0x8a, 0xa9, 0x88, 0x2d, 0xe7, 0x61, 0xa0, 0x55, 0xd7, 0x9a, 0x12, 0xeb, 0x70, 0x17, 0x59, 0x2b,
-	0x04, 0xf6, 0x9d, 0x12, 0x8d, 0xe8, 0x06, 0xc0, 0x65, 0x5c, 0x59, 0x10, 0xfb, 0xae, 0x34, 0xd9,
-	0x58, 0xb9, 0x26, 0x9b, 0x27, 0x60, 0x90, 0x9e, 0x0b, 0x6e, 0x4d, 0xb6, 0x9b, 0x5b, 0xdf, 0x39,
-	0x08, 0x4b, 0x9c, 0xfd, 0x73, 0x16, 0x4c, 0x5d, 0x76, 0x23, 0x7a, 0x68, 0x27, 0x43, 0x92, 0xd0,
-	0x53, 0x3b, 0x74, 0x23, 0x3f, 0xd8, 0x4b, 0x86, 0x24, 0xc1, 0x0a, 0x83, 0x35, 0x2a, 0xfe, 0x41,
-	0xbb, 0x2e, 0x7b, 0xa3, 0x50, 0x30, 0x8d, 0x64, 0x58, 0xc0, 0xb1, 0xa2, 0xa0, 0xfd, 0x55, 0x77,
-	0x03, 0xa6, 0x5f, 0xdc, 0x13, 0x1b, 0xb7, 0xea, 0xaf, 0x45, 0x89, 0xc0, 0x31, 0x8d, 0xfd, 0xc7,
-	0x16, 0x94, 0x2f, 0x37, 0xda, 0x61, 0x44, 0x82, 0xcd, 0x30, 0x67, 0xd3, 0x7d, 0x1e, 0x4a, 0x44,
-	0x6a, 0xf3, 0xe5, 0x63, 0x4a, 0x29, 0x88, 0x2a, 0x35, 0x3f, 0x8f, 0x8c, 0xa2, 0xe8, 0x7a, 0x78,
-	0x7f, 0x7c, 0xb8, 0x07, 0xa4, 0xcb, 0x80, 0x88, 0x5e, 0x97, 0x1e, 0x2a, 0x86, 0xc5, 0x9c, 0x58,
-	0x4a, 0x61, 0x71, 0x46, 0x09, 0xfb, 0xc7, 0x2d, 0x38, 0xa9, 0x3e, 0xf8, 0x1d, 0xf7, 0x99, 0xf6,
-	0x57, 0x0b, 0x30, 0x7a, 0x65, 0x7d, 0xbd, 0x72, 0x99, 0x44, 0xda, 0xac, 0xec, 0x6c, 0xa3, 0xc7,
-	0x9a, 0xa9, 0xb1, 0xd3, 0x1d, 0xb1, 0x1d, 0xb9, 0x8d, 0x59, 0x1e, 0x71, 0x6c, 0x76, 0xc5, 0x8b,
-	0xae, 0x07, 0xd5, 0x28, 0x70, 0xbd, 0xad, 0xcc, 0x99, 0x2e, 0x65, 0x96, 0x62, 0x9e, 0xcc, 0x82,
-	0x9e, 0x87, 0x01, 0x16, 0xf2, 0x4c, 0x0e, 0xc2, 0xc3, 0xea, 0x8a, 0xc5, 0xa0, 0x07, 0xfb, 0xe5,
-	0xd2, 0x0d, 0xbc, 0xc2, 0xff, 0x60, 0x41, 0x8a, 0x6e, 0xc0, 0xf0, 0x76, 0x14, 0xb5, 0xae, 0x10,
-	0xa7, 0x4e, 0x02, 0xb9, 0xcb, 0x9e, 0xcd, 0xda, 0x65, 0x69, 0x27, 0x70, 0xb2, 0x78, 0x63, 0x8a,
-	0x61, 0x21, 0xd6, 0xf9, 0xd8, 0x55, 0x80, 0x18, 0x77, 0x44, 0x56, 0x16, 0x7b, 0x1d, 0x4a, 0xf4,
-	0x73, 0xe7, 0x1a, 0xae, 0xd3, 0xd9, 0x8e, 0xfd, 0x34, 0x94, 0xa4, 0x95, 0x3a, 0x14, 0xf1, 0x11,
-	0xd8, 0x89, 0x24, 0x8d, 0xd8, 0x21, 0x8e, 0xf1, 0xf6, 0x26, 0x9c, 0x60, 0xbe, 0xaa, 0x4e, 0xb4,
-	0x6d, 0xcc, 0xbe, 0xee, 0xc3, 0xfc, 0x8c, 0xb8, 0xb1, 0xf1, 0x36, 0x4f, 0x6b, 0x0f, 0x7a, 0x47,
-	0x24, 0xc7, 0xf8, 0xf6, 0x66, 0x7f, 0xb3, 0x0f, 0x1e, 0x5e, 0xa9, 0xe6, 0x87, 0xec, 0x79, 0x09,
-	0x46, 0xb8, 0x20, 0x48, 0x07, 0xdd, 0x69, 0x88, 0x7a, 0x95, 0x6e, 0x73, 0x5d, 0xc3, 0x61, 0x83,
-	0x12, 0x9d, 0x81, 0xa2, 0xfb, 0x96, 0x97, 0x7c, 0xee, 0xb6, 0xf2, 0xfa, 0x1a, 0xa6, 0x70, 0x8a,
-	0xa6, 0x32, 0x25, 0xdf, 0xac, 0x15, 0x5a, 0xc9, 0x95, 0xaf, 0xc2, 0x98, 0x1b, 0xd6, 0x42, 0x77,
-	0xc5, 0xa3, 0x2b, 0x50, 0x5b, 0xc3, 0x4a, 0x9b, 0x40, 0x1b, 0xad, 0xb0, 0x38, 0x41, 0xad, 0x9d,
-	0x1c, 0xfd, 0x3d, 0xcb, 0xa5, 0x5d, 0x03, 0x06, 0xd0, 0x8d, 0xbd, 0xc5, 0xbe, 0x2e, 0x64, 0x9a,
-	0x70, 0xb1, 0xb1, 0xf3, 0x0f, 0x0e, 0xb1, 0xc4, 0xd1, 0xab, 0x5a, 0x6d, 0xdb, 0x69, 0xcd, 0xb5,
-	0xa3, 0xed, 0x45, 0x37, 0xac, 0xf9, 0xbb, 0x24, 0xd8, 0x63, 0xb7, 0xec, 0xa1, 0xf8, 0xaa, 0xa6,
-	0x10, 0x0b, 0x57, 0xe6, 0x2a, 0x94, 0x12, 0xa7, 0xcb, 0xa0, 0x39, 0x18, 0x97, 0xc0, 0x2a, 0x09,
-	0xd9, 0xe6, 0x3e, 0xcc, 0xd8, 0xa8, 0x07, 0x68, 0x02, 0xac, 0x98, 0x24, 0xe9, 0x4d, 0xd1, 0x15,
-	0x8e, 0x42, 0x74, 0xfd, 0x00, 0x8c, 0xba, 0x9e, 0x1b, 0xb9, 0x4e, 0xe4, 0x73, 0x33, 0x0e, 0xbf,
-	0x50, 0x33, 0xd5, 0xf1, 0x8a, 0x8e, 0xc0, 0x26, 0x9d, 0xfd, 0x9f, 0xfa, 0x60, 0x92, 0x0d, 0xdb,
-	0xbb, 0x33, 0xec, 0x3b, 0x69, 0x86, 0xdd, 0x48, 0xcf, 0xb0, 0xa3, 0x90, 0xc9, 0xef, 0x7b, 0x9a,
-	0x7d, 0x1a, 0x4a, 0xea, 0xcd, 0x9d, 0x7c, 0x74, 0x6b, 0xe5, 0x3c, 0xba, 0xed, 0x7e, 0x2e, 0x4b,
-	0xcf, 0xb0, 0x62, 0xa6, 0x67, 0xd8, 0x97, 0x2d, 0x88, 0x4d, 0x06, 0xe8, 0x75, 0x28, 0xb5, 0x7c,
-	0xe6, 0x68, 0x1a, 0x48, 0xef, 0xed, 0xc7, 0x3b, 0xda, 0x1c, 0x78, 0xd4, 0xb2, 0x80, 0xf7, 0x42,
-	0x45, 0x16, 0xc5, 0x31, 0x17, 0x74, 0x15, 0x06, 0x5b, 0x01, 0xa9, 0x46, 0x2c, 0xa4, 0x4e, 0xef,
-	0x0c, 0xf9, 0xac, 0xe1, 0x05, 0xb1, 0xe4, 0x60, 0xff, 0x67, 0x0b, 0x26, 0x92, 0xa4, 0xe8, 0x43,
-	0xd0, 0x47, 0xee, 0x90, 0x9a, 0x68, 0x6f, 0xe6, 0x21, 0x1b, 0x2b, 0x1d, 0x78, 0x07, 0xd0, 0xff,
-	0x98, 0x95, 0x42, 0x57, 0x60, 0x90, 0x9e, 0xb0, 0x97, 0x55, 0xf8, 0xb8, 0x47, 0xf3, 0x4e, 0x69,
-	0x25, 0xaa, 0xf0, 0xc6, 0x09, 0x10, 0x96, 0xc5, 0x99, 0x3b, 0x56, 0xad, 0x55, 0xa5, 0x97, 0x97,
-	0xa8, 0xd3, 0x1d, 0x7b, 0x7d, 0xa1, 0xc2, 0x89, 0x04, 0x37, 0xee, 0x8e, 0x25, 0x81, 0x38, 0x66,
-	0x62, 0xff, 0xbc, 0x05, 0xc0, 0xbd, 0xcf, 0x1c, 0x6f, 0x8b, 0x1c, 0x83, 0x9e, 0x7c, 0x11, 0xfa,
-	0xc2, 0x16, 0xa9, 0x75, 0xf2, 0x81, 0x8e, 0xdb, 0x53, 0x6d, 0x91, 0x5a, 0x3c, 0xe3, 0xe8, 0x3f,
-	0xcc, 0x4a, 0xdb, 0xdf, 0x07, 0x30, 0x16, 0x93, 0xad, 0x44, 0xa4, 0x89, 0x9e, 0x35, 0x02, 0x75,
-	0x9c, 0x4e, 0x04, 0xea, 0x28, 0x31, 0x6a, 0x4d, 0x25, 0xfb, 0x69, 0x28, 0x36, 0x9d, 0x3b, 0x42,
-	0xe7, 0xf6, 0x74, 0xe7, 0x66, 0x50, 0xfe, 0xb3, 0xab, 0xce, 0x1d, 0x7e, 0x2d, 0x7d, 0x5a, 0xae,
-	0x90, 0x55, 0xe7, 0x4e, 0x57, 0x3f, 0x5d, 0x5a, 0x09, 0xab, 0xcb, 0xf5, 0x84, 0x63, 0x55, 0x4f,
-	0x75, 0xb9, 0x5e, 0xb2, 0x2e, 0xd7, 0xeb, 0xa1, 0x2e, 0xd7, 0x43, 0x77, 0x61, 0x50, 0xf8, 0x3d,
-	0x8a, 0x50, 0x5e, 0x17, 0x7b, 0xa8, 0x4f, 0xb8, 0x4d, 0xf2, 0x3a, 0x2f, 0xca, 0x6b, 0xb7, 0x80,
-	0x76, 0xad, 0x57, 0x56, 0x88, 0xfe, 0xaa, 0x05, 0x63, 0xe2, 0x37, 0x26, 0x6f, 0xb5, 0x49, 0x18,
-	0x09, 0xb1, 0xf4, 0xfd, 0xbd, 0xb7, 0x41, 0x14, 0xe4, 0x4d, 0x79, 0xbf, 0x3c, 0x67, 0x4c, 0x64,
-	0xd7, 0x16, 0x25, 0x5a, 0x81, 0xfe, 0xae, 0x05, 0x27, 0x9a, 0xce, 0x1d, 0x5e, 0x23, 0x87, 0x61,
-	0x27, 0x72, 0x7d, 0xe1, 0x3f, 0xf0, 0xa1, 0xde, 0x86, 0x3f, 0x55, 0x9c, 0x37, 0x52, 0xda, 0x1f,
-	0x4f, 0x64, 0x91, 0x74, 0x6d, 0x6a, 0x66, 0xbb, 0x66, 0x36, 0x61, 0x48, 0xce, 0xb7, 0x07, 0xe9,
-	0x64, 0xcd, 0xea, 0x11, 0x73, 0xed, 0x81, 0xd6, 0xf3, 0x69, 0x18, 0xd1, 0xe7, 0xd8, 0x03, 0xad,
-	0xeb, 0x2d, 0x98, 0xca, 0x98, 0x4b, 0x0f, 0xb4, 0xca, 0xdb, 0x70, 0x3a, 0x77, 0x7e, 0x3c, 0x50,
-	0x27, 0xf9, 0xaf, 0x5a, 0xfa, 0x3e, 0x78, 0x0c, 0xc6, 0x8a, 0x05, 0xd3, 0x58, 0x71, 0xb6, 0xf3,
-	0xca, 0xc9, 0xb1, 0x58, 0xbc, 0xa9, 0x37, 0x9a, 0xee, 0xea, 0xe8, 0x35, 0x18, 0x68, 0x50, 0x88,
-	0xf4, 0x9e, 0xb5, 0xbb, 0xaf, 0xc8, 0x58, 0x98, 0x64, 0xf0, 0x10, 0x0b, 0x0e, 0xf6, 0x2f, 0x59,
-	0xd0, 0x77, 0x0c, 0x3d, 0x81, 0xcd, 0x9e, 0x78, 0x36, 0x97, 0xb5, 0x88, 0x6a, 0x3e, 0x8b, 0x9d,
-	0xdb, 0x4b, 0x77, 0x22, 0xe2, 0x85, 0xec, 0x44, 0xce, 0xec, 0x98, 0x9f, 0xb6, 0x60, 0xea, 0x9a,
-	0xef, 0xd4, 0xe7, 0x9d, 0x86, 0xe3, 0xd5, 0x48, 0xb0, 0xe2, 0x6d, 0x1d, 0xca, 0xf5, 0xbb, 0xd0,
-	0xd5, 0xf5, 0x7b, 0x41, 0x7a, 0x4e, 0xf5, 0xe5, 0x8f, 0x1f, 0x95, 0xa4, 0x93, 0xa1, 0x8b, 0x0c,
-	0x1f, 0xdf, 0x6d, 0x40, 0x7a, 0x2b, 0xc5, 0x03, 0x28, 0x0c, 0x83, 0x2e, 0x6f, 0xaf, 0x18, 0xc4,
-	0x27, 0xb3, 0x25, 0xdc, 0xd4, 0xe7, 0x69, 0x4f, 0x7b, 0x38, 0x00, 0x4b, 0x46, 0xf6, 0x4b, 0x90,
-	0x19, 0x6a, 0xa2, 0xbb, 0x5e, 0xc2, 0xfe, 0x18, 0x4c, 0xb2, 0x92, 0x87, 0xd4, 0x0c, 0xd8, 0x09,
-	0x6d, 0x6a, 0x46, 0xd8, 0x4c, 0xfb, 0xf3, 0x16, 0x8c, 0xaf, 0x25, 0xa2, 0x09, 0x9e, 0x67, 0xf6,
-	0xd7, 0x0c, 0x25, 0x7e, 0x95, 0x41, 0xb1, 0xc0, 0x1e, 0xb9, 0x92, 0xeb, 0xcf, 0x2d, 0x88, 0xa3,
-	0xbf, 0x1c, 0x83, 0xf8, 0xb6, 0x60, 0x88, 0x6f, 0x99, 0x82, 0xac, 0x6a, 0x4e, 0x9e, 0xf4, 0x86,
-	0xae, 0xaa, 0xb8, 0x68, 0x1d, 0x64, 0xd8, 0x98, 0x0d, 0x9f, 0x8a, 0x63, 0x66, 0xf0, 0x34, 0x19,
-	0x29, 0xcd, 0xfe, 0xdd, 0x02, 0x20, 0x45, 0xdb, 0x73, 0xdc, 0xb6, 0x74, 0x89, 0xa3, 0x89, 0xdb,
-	0xb6, 0x0b, 0x88, 0x79, 0x10, 0x04, 0x8e, 0x17, 0x72, 0xb6, 0xae, 0x50, 0xeb, 0x1d, 0xce, 0x3d,
-	0x61, 0x46, 0xbe, 0x0d, 0xbb, 0x96, 0xe2, 0x86, 0x33, 0x6a, 0xd0, 0x3c, 0x43, 0xfa, 0x7b, 0xf5,
-	0x0c, 0x19, 0xe8, 0xf2, 0xc8, 0xf1, 0x2b, 0x16, 0x8c, 0xaa, 0x6e, 0x7a, 0x87, 0xb8, 0xc2, 0xab,
-	0xf6, 0xe4, 0x6c, 0xa0, 0x15, 0xad, 0xc9, 0xec, 0x60, 0xf9, 0x2e, 0xf6, 0x58, 0xd5, 0x69, 0xb8,
-	0x77, 0x89, 0x8a, 0xf3, 0x59, 0x16, 0x8f, 0x4f, 0x05, 0xf4, 0x60, 0xbf, 0x3c, 0xaa, 0xfe, 0xf1,
-	0x38, 0xe6, 0x71, 0x11, 0xba, 0x25, 0x8f, 0x27, 0xa6, 0x22, 0x7a, 0x11, 0xfa, 0x5b, 0xdb, 0x4e,
-	0x48, 0x12, 0x4f, 0x86, 0xfa, 0x2b, 0x14, 0x78, 0xb0, 0x5f, 0x1e, 0x53, 0x05, 0x18, 0x04, 0x73,
-	0xea, 0xde, 0xa3, 0xe1, 0xa5, 0x27, 0x67, 0xd7, 0x68, 0x78, 0x7f, 0x6a, 0x41, 0xdf, 0x9a, 0x5f,
-	0x3f, 0x8e, 0x2d, 0xe0, 0x55, 0x63, 0x0b, 0x78, 0x24, 0x2f, 0xc5, 0x44, 0xee, 0xea, 0x5f, 0x4e,
-	0xac, 0xfe, 0xb3, 0xb9, 0x1c, 0x3a, 0x2f, 0xfc, 0x26, 0x0c, 0xb3, 0xc4, 0x15, 0xe2, 0x79, 0xd4,
-	0xf3, 0xc6, 0x82, 0x2f, 0x27, 0x16, 0xfc, 0xb8, 0x46, 0xaa, 0xad, 0xf4, 0xa7, 0x60, 0x50, 0xbc,
-	0xb7, 0x49, 0xbe, 0xf9, 0x15, 0xb4, 0x58, 0xe2, 0xed, 0x9f, 0x28, 0x82, 0x91, 0x28, 0x03, 0xfd,
-	0x8a, 0x05, 0xb3, 0x01, 0xf7, 0xc3, 0xad, 0x2f, 0xb6, 0x03, 0xd7, 0xdb, 0xaa, 0xd6, 0xb6, 0x49,
-	0xbd, 0xdd, 0x70, 0xbd, 0xad, 0x95, 0x2d, 0xcf, 0x57, 0xe0, 0xa5, 0x3b, 0xa4, 0xd6, 0x66, 0x66,
-	0xb7, 0x2e, 0x59, 0x39, 0x94, 0x3f, 0xfb, 0x73, 0xf7, 0xf6, 0xcb, 0xb3, 0xf8, 0x50, 0xbc, 0xf1,
-	0x21, 0xdb, 0x82, 0x7e, 0xcb, 0x82, 0x8b, 0x3c, 0x7f, 0x44, 0xef, 0xed, 0xef, 0x70, 0x5b, 0xae,
-	0x48, 0x56, 0x31, 0x93, 0x75, 0x12, 0x34, 0xe7, 0x3f, 0x20, 0x3a, 0xf4, 0x62, 0xe5, 0x70, 0x75,
-	0xe1, 0xc3, 0x36, 0xce, 0xfe, 0xc7, 0x45, 0x18, 0x15, 0x51, 0xd3, 0xc4, 0x19, 0xf0, 0xa2, 0x31,
-	0x25, 0x1e, 0x4d, 0x4c, 0x89, 0x49, 0x83, 0xf8, 0x68, 0xb6, 0xff, 0x10, 0x26, 0xe9, 0xe6, 0x7c,
-	0x85, 0x38, 0x41, 0xb4, 0x41, 0x1c, 0xee, 0xf0, 0x55, 0x3c, 0xf4, 0xee, 0xaf, 0xf4, 0x93, 0xd7,
-	0x92, 0xcc, 0x70, 0x9a, 0xff, 0x77, 0xd2, 0x99, 0xe3, 0xc1, 0x44, 0x2a, 0xf0, 0xdd, 0x1b, 0x50,
-	0x52, 0x8f, 0x45, 0xc4, 0xa6, 0xd3, 0x39, 0x7e, 0x64, 0x92, 0x03, 0x57, 0x7f, 0xc5, 0x0f, 0x95,
-	0x62, 0x76, 0xf6, 0xdf, 0x2f, 0x18, 0x15, 0xf2, 0x41, 0x5c, 0x83, 0x21, 0x27, 0x0c, 0xdd, 0x2d,
-	0x8f, 0xd4, 0x3b, 0x69, 0x28, 0x53, 0xd5, 0xb0, 0x07, 0x3b, 0x73, 0xa2, 0x24, 0x56, 0x3c, 0xd0,
-	0x15, 0xee, 0x56, 0xb7, 0x4b, 0x3a, 0xa9, 0x27, 0x53, 0xdc, 0x40, 0x3a, 0xde, 0xed, 0x12, 0x2c,
-	0xca, 0xa3, 0x4f, 0x70, 0xbf, 0xc7, 0xab, 0x9e, 0x7f, 0xdb, 0xbb, 0xec, 0xfb, 0x32, 0xe8, 0x46,
-	0x6f, 0x0c, 0x27, 0xa5, 0xb7, 0xa3, 0x2a, 0x8e, 0x4d, 0x6e, 0xbd, 0x45, 0x92, 0xfd, 0x0c, 0xb0,
-	0x78, 0xf9, 0xe6, 0xdb, 0xec, 0x10, 0x11, 0x18, 0x17, 0x21, 0xf9, 0x24, 0x4c, 0xf4, 0x5d, 0xe6,
-	0x55, 0xce, 0x2c, 0x1d, 0x2b, 0xd2, 0xaf, 0x9a, 0x2c, 0x70, 0x92, 0xa7, 0xfd, 0xb3, 0x16, 0xb0,
-	0x77, 0xaa, 0xc7, 0x20, 0x8f, 0x7c, 0xd8, 0x94, 0x47, 0xa6, 0xf3, 0x3a, 0x39, 0x47, 0x14, 0x79,
-	0x81, 0xcf, 0xac, 0x4a, 0xe0, 0xdf, 0xd9, 0x13, 0xce, 0x2a, 0xdd, 0xef, 0x1f, 0xf6, 0xff, 0xb6,
-	0xf8, 0x26, 0x16, 0xbf, 0xea, 0xff, 0x2c, 0x0c, 0xd5, 0x9c, 0x96, 0x53, 0xe3, 0x59, 0x9d, 0x72,
-	0x35, 0x7a, 0x46, 0xa1, 0xd9, 0x05, 0x51, 0x82, 0x6b, 0xa8, 0x64, 0x68, 0xc7, 0x21, 0x09, 0xee,
-	0xaa, 0x95, 0x52, 0x55, 0xce, 0xec, 0xc0, 0xa8, 0xc1, 0xec, 0x81, 0xaa, 0x33, 0x3e, 0xcb, 0x8f,
-	0x58, 0x15, 0x8a, 0xb4, 0x09, 0x93, 0x9e, 0xf6, 0x9f, 0x1e, 0x28, 0xf2, 0x72, 0xf9, 0x78, 0xb7,
-	0x43, 0x94, 0x9d, 0x3e, 0xda, 0x13, 0xd8, 0x04, 0x1b, 0x9c, 0xe6, 0x6c, 0xff, 0xa4, 0x05, 0x0f,
-	0xe9, 0x84, 0xda, 0x2b, 0x9b, 0x6e, 0x46, 0x92, 0x45, 0x18, 0xf2, 0x5b, 0x24, 0x70, 0x22, 0x3f,
-	0x10, 0xa7, 0xc6, 0x05, 0xd9, 0xe9, 0xd7, 0x05, 0xfc, 0x40, 0xe4, 0x28, 0x90, 0xdc, 0x25, 0x1c,
-	0xab, 0x92, 0xf4, 0xf6, 0xc9, 0x3a, 0x23, 0x14, 0xef, 0xa9, 0xd8, 0x1e, 0xc0, 0x2c, 0xe9, 0x21,
-	0x16, 0x18, 0xfb, 0x9b, 0x16, 0x9f, 0x58, 0x7a, 0xd3, 0xd1, 0x5b, 0x30, 0xd1, 0x74, 0xa2, 0xda,
-	0xf6, 0xd2, 0x9d, 0x56, 0xc0, 0x4d, 0x4e, 0xb2, 0x9f, 0x9e, 0xee, 0xd6, 0x4f, 0xda, 0x47, 0xc6,
-	0xae, 0x9c, 0xab, 0x09, 0x66, 0x38, 0xc5, 0x1e, 0x6d, 0xc0, 0x30, 0x83, 0xb1, 0xa7, 0x82, 0x61,
-	0x27, 0xd1, 0x20, 0xaf, 0x36, 0xe5, 0x8c, 0xb0, 0x1a, 0xf3, 0xc1, 0x3a, 0x53, 0xfb, 0xcb, 0x45,
-	0xbe, 0xda, 0x99, 0x28, 0xff, 0x14, 0x0c, 0xb6, 0xfc, 0xfa, 0xc2, 0xca, 0x22, 0x16, 0xa3, 0xa0,
-	0x8e, 0x91, 0x0a, 0x07, 0x63, 0x89, 0x47, 0x17, 0x60, 0x48, 0xfc, 0x94, 0x26, 0x42, 0xb6, 0x37,
-	0x0b, 0xba, 0x10, 0x2b, 0x2c, 0x7a, 0x0e, 0xa0, 0x15, 0xf8, 0xbb, 0x6e, 0x9d, 0x85, 0x0e, 0x29,
-	0x9a, 0x7e, 0x44, 0x15, 0x85, 0xc1, 0x1a, 0x15, 0x7a, 0x05, 0x46, 0xdb, 0x5e, 0xc8, 0xc5, 0x11,
-	0x2d, 0x9a, 0xb2, 0xf2, 0x70, 0xb9, 0xa1, 0x23, 0xb1, 0x49, 0x8b, 0xe6, 0x60, 0x20, 0x72, 0x98,
-	0x5f, 0x4c, 0x7f, 0xbe, 0xbb, 0xef, 0x3a, 0xa5, 0xd0, 0x13, 0x08, 0xd1, 0x02, 0x58, 0x14, 0x44,
-	0x6f, 0xc8, 0x57, 0xbb, 0x7c, 0x63, 0x17, 0x7e, 0xf6, 0xbd, 0x1d, 0x02, 0xda, 0x9b, 0x5d, 0xe1,
-	0xbf, 0x6f, 0xf0, 0x42, 0x2f, 0x03, 0x90, 0x3b, 0x11, 0x09, 0x3c, 0xa7, 0xa1, 0xbc, 0xd9, 0x94,
-	0x5c, 0xb0, 0xe8, 0xaf, 0xf9, 0xd1, 0x8d, 0x90, 0x2c, 0x29, 0x0a, 0xac, 0x51, 0xdb, 0xbf, 0x55,
-	0x02, 0x88, 0xe5, 0x76, 0x74, 0x37, 0xb5, 0x71, 0x3d, 0xd3, 0x59, 0xd2, 0x3f, 0xba, 0x5d, 0x0b,
-	0x7d, 0xbf, 0x05, 0xc3, 0x22, 0x42, 0x0a, 0x1b, 0xa1, 0x42, 0xe7, 0x8d, 0xd3, 0x0c, 0xd4, 0x42,
-	0x4b, 0xf0, 0x26, 0x3c, 0x2f, 0x67, 0xa8, 0x86, 0xe9, 0xda, 0x0a, 0xbd, 0x62, 0xf4, 0x3e, 0x79,
-	0x55, 0x2c, 0x1a, 0x5d, 0xa9, 0xae, 0x8a, 0x25, 0x76, 0x46, 0xe8, 0xb7, 0xc4, 0x1b, 0xc6, 0x2d,
-	0xb1, 0x2f, 0xff, 0x59, 0xa2, 0x21, 0xbe, 0x76, 0xbb, 0x20, 0xa2, 0x8a, 0x1e, 0xa2, 0xa0, 0x3f,
-	0xff, 0x79, 0x9e, 0x76, 0x4f, 0xea, 0x12, 0x9e, 0xe0, 0xd3, 0x30, 0x5e, 0x37, 0x85, 0x00, 0x31,
-	0x13, 0x9f, 0xcc, 0xe3, 0x9b, 0x90, 0x19, 0xe2, 0x63, 0x3f, 0x81, 0xc0, 0x49, 0xc6, 0xa8, 0xc2,
-	0x23, 0x56, 0xac, 0x78, 0x9b, 0xbe, 0x78, 0xeb, 0x61, 0xe7, 0x8e, 0xe5, 0x5e, 0x18, 0x91, 0x26,
-	0xa5, 0x8c, 0x4f, 0xf7, 0x35, 0x51, 0x16, 0x2b, 0x2e, 0xe8, 0x35, 0x18, 0x60, 0xef, 0xb3, 0xc2,
-	0xe9, 0xa1, 0x7c, 0x8d, 0xb3, 0x19, 0xba, 0x2f, 0x5e, 0x90, 0xec, 0x6f, 0x88, 0x05, 0x07, 0x74,
-	0x45, 0xbe, 0x7e, 0x0c, 0x57, 0xbc, 0x1b, 0x21, 0x61, 0xaf, 0x1f, 0x4b, 0xf3, 0x8f, 0xc7, 0x0f,
-	0x1b, 0x39, 0x3c, 0x33, 0xcd, 0xa0, 0x51, 0x92, 0x4a, 0x51, 0xe2, 0xbf, 0xcc, 0x5e, 0x28, 0x02,
-	0x0d, 0x65, 0x36, 0xcf, 0xcc, 0x70, 0x18, 0x77, 0xe7, 0x4d, 0x93, 0x05, 0x4e, 0xf2, 0xa4, 0x12,
-	0x29, 0x5f, 0xf5, 0xe2, 0xb5, 0x48, 0xb7, 0xbd, 0x83, 0x5f, 0xc4, 0xd9, 0x69, 0xc4, 0x21, 0x58,
-	0x94, 0x3f, 0x56, 0xf1, 0x60, 0xc6, 0x83, 0x89, 0xe4, 0x12, 0x7d, 0xa0, 0xe2, 0xc8, 0x1f, 0xf6,
-	0xc1, 0x98, 0x39, 0xa5, 0xd0, 0x45, 0x28, 0x09, 0x26, 0x2a, 0x03, 0x88, 0x5a, 0x25, 0xab, 0x12,
-	0x81, 0x63, 0x1a, 0x96, 0xf8, 0x85, 0x15, 0xd7, 0xdc, 0x83, 0xe3, 0xc4, 0x2f, 0x0a, 0x83, 0x35,
-	0x2a, 0x7a, 0xb1, 0xda, 0xf0, 0xfd, 0x48, 0x1d, 0x48, 0x6a, 0xde, 0xcd, 0x33, 0x28, 0x16, 0x58,
-	0x7a, 0x10, 0xed, 0x90, 0xc0, 0x23, 0x0d, 0x33, 0xf2, 0xb6, 0x3a, 0x88, 0xae, 0xea, 0x48, 0x6c,
-	0xd2, 0xd2, 0xe3, 0xd4, 0x0f, 0xd9, 0x44, 0x16, 0xd7, 0xb7, 0xd8, 0xdd, 0xba, 0xca, 0x5f, 0x79,
-	0x4b, 0x3c, 0xfa, 0x18, 0x3c, 0xa4, 0x02, 0x67, 0x61, 0x6e, 0xcd, 0x90, 0x35, 0x0e, 0x18, 0xda,
-	0x96, 0x87, 0x16, 0xb2, 0xc9, 0x70, 0x5e, 0x79, 0xf4, 0x2a, 0x8c, 0x09, 0x11, 0x5f, 0x72, 0x1c,
-	0x34, 0x3d, 0x8c, 0xae, 0x1a, 0x58, 0x9c, 0xa0, 0x96, 0xb1, 0xc3, 0x99, 0x94, 0x2d, 0x39, 0x0c,
-	0xa5, 0x63, 0x87, 0xeb, 0x78, 0x9c, 0x2a, 0x81, 0xe6, 0x60, 0x9c, 0xcb, 0x60, 0xae, 0xb7, 0xc5,
-	0xc7, 0x44, 0x3c, 0xe6, 0x52, 0x4b, 0xea, 0xba, 0x89, 0xc6, 0x49, 0x7a, 0xf4, 0x12, 0x8c, 0x38,
-	0x41, 0x6d, 0xdb, 0x8d, 0x48, 0x2d, 0x6a, 0x07, 0xfc, 0x95, 0x97, 0xe6, 0xa2, 0x35, 0xa7, 0xe1,
-	0xb0, 0x41, 0x69, 0xdf, 0x85, 0xa9, 0x8c, 0xf0, 0x0f, 0x74, 0xe2, 0x38, 0x2d, 0x57, 0x7e, 0x53,
-	0xc2, 0xc3, 0x79, 0xae, 0xb2, 0x22, 0xbf, 0x46, 0xa3, 0xa2, 0xb3, 0x93, 0x85, 0x89, 0xd0, 0x92,
-	0x95, 0xaa, 0xd9, 0xb9, 0x2c, 0x11, 0x38, 0xa6, 0xb1, 0xff, 0x5b, 0x01, 0xc6, 0x33, 0x6c, 0x2b,
-	0x2c, 0x61, 0x66, 0xe2, 0x92, 0x12, 0xe7, 0xc7, 0x34, 0x43, 0xd1, 0x17, 0x0e, 0x11, 0x8a, 0xbe,
-	0xd8, 0x2d, 0x14, 0x7d, 0xdf, 0xdb, 0x09, 0x45, 0x6f, 0xf6, 0x58, 0x7f, 0x4f, 0x3d, 0x96, 0x11,
-	0xbe, 0x7e, 0xe0, 0x90, 0xe1, 0xeb, 0x8d, 0x4e, 0x1f, 0xec, 0xa1, 0xd3, 0x7f, 0xb4, 0x00, 0x13,
-	0x49, 0x57, 0xd2, 0x63, 0xd0, 0xdb, 0xbe, 0x66, 0xe8, 0x6d, 0x2f, 0xf4, 0xf2, 0xf8, 0x36, 0x57,
-	0x87, 0x8b, 0x13, 0x3a, 0xdc, 0xf7, 0xf6, 0xc4, 0xad, 0xb3, 0x3e, 0xf7, 0xa7, 0x0a, 0x70, 0x32,
-	0xf3, 0xf5, 0xef, 0x31, 0xf4, 0xcd, 0x75, 0xa3, 0x6f, 0x9e, 0xed, 0xf9, 0x61, 0x72, 0x6e, 0x07,
-	0xdd, 0x4a, 0x74, 0xd0, 0xc5, 0xde, 0x59, 0x76, 0xee, 0xa5, 0xaf, 0x17, 0xe1, 0x6c, 0x66, 0xb9,
-	0x58, 0xed, 0xb9, 0x6c, 0xa8, 0x3d, 0x9f, 0x4b, 0xa8, 0x3d, 0xed, 0xce, 0xa5, 0x8f, 0x46, 0x0f,
-	0x2a, 0x1e, 0xe8, 0xb2, 0x30, 0x03, 0xf7, 0xa9, 0x03, 0x35, 0x1e, 0xe8, 0x2a, 0x46, 0xd8, 0xe4,
-	0xfb, 0x9d, 0xa4, 0xfb, 0xfc, 0x97, 0x16, 0x9c, 0xce, 0x1c, 0x9b, 0x63, 0xd0, 0x75, 0xad, 0x99,
-	0xba, 0xae, 0xa7, 0x7a, 0x9e, 0xad, 0x39, 0xca, 0xaf, 0x9f, 0xe9, 0xcf, 0xf9, 0x16, 0x76, 0x93,
-	0xbf, 0x0e, 0xc3, 0x4e, 0xad, 0x46, 0xc2, 0x70, 0xd5, 0xaf, 0xab, 0x40, 0xd8, 0xcf, 0xb2, 0x7b,
-	0x56, 0x0c, 0x3e, 0xd8, 0x2f, 0xcf, 0x24, 0x59, 0xc4, 0x68, 0xac, 0x73, 0x40, 0x9f, 0x80, 0xa1,
-	0x50, 0x9c, 0x9b, 0x62, 0xec, 0x9f, 0xef, 0xb1, 0x73, 0x9c, 0x0d, 0xd2, 0x30, 0x23, 0x2e, 0x29,
-	0x4d, 0x85, 0x62, 0x69, 0x46, 0x67, 0x29, 0x1c, 0x69, 0x74, 0x96, 0xe7, 0x00, 0x76, 0xd5, 0x65,
-	0x20, 0xa9, 0x7f, 0xd0, 0xae, 0x09, 0x1a, 0x15, 0xfa, 0x08, 0x4c, 0x84, 0x3c, 0x24, 0xe1, 0x42,
-	0xc3, 0x09, 0xd9, 0x3b, 0x1a, 0x31, 0x0b, 0x59, 0x54, 0xa7, 0x6a, 0x02, 0x87, 0x53, 0xd4, 0x68,
-	0x59, 0xd6, 0xca, 0xe2, 0x27, 0xf2, 0x89, 0x79, 0x3e, 0xae, 0x51, 0xa4, 0xeb, 0x3e, 0x91, 0xec,
-	0x7e, 0xd6, 0xf1, 0x5a, 0x49, 0xf4, 0x09, 0x00, 0x3a, 0x7d, 0x84, 0x1e, 0x62, 0x30, 0x7f, 0xf3,
-	0xa4, 0xbb, 0x4a, 0x3d, 0xd3, 0xb9, 0x99, 0xbd, 0xa9, 0x5d, 0x54, 0x4c, 0xb0, 0xc6, 0x10, 0x39,
-	0x30, 0x1a, 0xff, 0x8b, 0xb3, 0xd9, 0x5e, 0xc8, 0xad, 0x21, 0xc9, 0x9c, 0xa9, 0xbc, 0x17, 0x75,
-	0x16, 0xd8, 0xe4, 0x68, 0xff, 0xf8, 0x20, 0x3c, 0xdc, 0x61, 0x1b, 0x46, 0x73, 0xa6, 0xa9, 0xf7,
-	0xe9, 0xe4, 0xfd, 0x7d, 0x26, 0xb3, 0xb0, 0x71, 0xa1, 0x4f, 0xcc, 0xf6, 0xc2, 0xdb, 0x9e, 0xed,
-	0x3f, 0x6c, 0x69, 0x9a, 0x15, 0xee, 0x54, 0xfa, 0xe1, 0x43, 0x1e, 0x2f, 0x47, 0xa8, 0x6a, 0xd9,
-	0xcc, 0xd0, 0x57, 0x3c, 0xd7, 0x73, 0x73, 0x7a, 0x57, 0x60, 0x7c, 0x35, 0x3b, 0x0e, 0x2f, 0x57,
-	0x65, 0x5c, 0x3e, 0xec, 0xf7, 0x1f, 0x57, 0x4c, 0xde, 0x8f, 0xc9, 0xe8, 0x4b, 0xbc, 0x5e, 0xb1,
-	0xd6, 0x5e, 0x8c, 0xc3, 0x29, 0xa9, 0xb3, 0xf4, 0xd1, 0xcc, 0xe6, 0xea, 0x44, 0xd8, 0x60, 0x75,
-	0xbc, 0x57, 0xef, 0x6f, 0x51, 0x10, 0xe0, 0xdf, 0xb1, 0xe0, 0x4c, 0xc7, 0x88, 0x30, 0xdf, 0x86,
-	0xb2, 0xa1, 0xfd, 0x39, 0x0b, 0xb2, 0x07, 0xdb, 0xf0, 0x28, 0xbb, 0x08, 0xa5, 0x5a, 0x22, 0xef,
-	0x66, 0x1c, 0x1b, 0x41, 0xe5, 0xdc, 0x8c, 0x69, 0x0c, 0xc7, 0xb1, 0x42, 0x57, 0xc7, 0xb1, 0x5f,
-	0xb7, 0x20, 0xb5, 0xbf, 0x1f, 0x83, 0xa0, 0xb1, 0x62, 0x0a, 0x1a, 0x8f, 0xf7, 0xd2, 0x9b, 0x39,
-	0x32, 0xc6, 0x9f, 0x8c, 0xc3, 0xa9, 0x9c, 0x17, 0x79, 0xbb, 0x30, 0xb9, 0x55, 0x23, 0xe6, 0xe3,
-	0xea, 0x4e, 0x41, 0x87, 0x3a, 0xbe, 0xc4, 0xe6, 0xe9, 0x4e, 0x53, 0x24, 0x38, 0x5d, 0x05, 0xfa,
-	0x9c, 0x05, 0x27, 0x9c, 0xdb, 0xe1, 0x12, 0x15, 0x18, 0xdd, 0xda, 0x7c, 0xc3, 0xaf, 0xed, 0xd0,
-	0xd3, 0x58, 0x2e, 0x84, 0x17, 0x32, 0x95, 0x78, 0xb7, 0xaa, 0x29, 0x7a, 0xa3, 0x7a, 0x96, 0xdc,
-	0x3a, 0x8b, 0x0a, 0x67, 0xd6, 0x85, 0xb0, 0x48, 0xed, 0x41, 0xaf, 0xa3, 0x1d, 0x9e, 0xff, 0x67,
-	0x3d, 0x9d, 0xe4, 0x12, 0x90, 0xc4, 0x60, 0xc5, 0x07, 0x7d, 0x0a, 0x4a, 0x5b, 0xf2, 0xa5, 0x6f,
-	0x86, 0x84, 0x15, 0x77, 0x64, 0xe7, 0xf7, 0xcf, 0xdc, 0x12, 0xaf, 0x88, 0x70, 0xcc, 0x14, 0xbd,
-	0x0a, 0x45, 0x6f, 0x33, 0xec, 0x94, 0x1f, 0x3a, 0xe1, 0x72, 0xc9, 0x83, 0x6c, 0xac, 0x2d, 0x57,
-	0x31, 0x2d, 0x88, 0xae, 0x40, 0x31, 0xd8, 0xa8, 0x0b, 0x0d, 0x74, 0xe6, 0x22, 0xc5, 0xf3, 0x8b,
-	0x39, 0xad, 0x62, 0x9c, 0xf0, 0xfc, 0x22, 0xa6, 0x2c, 0x50, 0x05, 0xfa, 0xd9, 0x33, 0x36, 0x21,
-	0xcf, 0x64, 0xde, 0xdc, 0x3a, 0x3c, 0x07, 0xe5, 0x91, 0x38, 0x18, 0x01, 0xe6, 0x8c, 0xd0, 0x3a,
-	0x0c, 0xd4, 0x58, 0x2e, 0x61, 0x21, 0xc0, 0xbc, 0x2f, 0x53, 0xd7, 0xdc, 0x21, 0xc9, 0xb2, 0x50,
-	0xbd, 0x32, 0x0a, 0x2c, 0x78, 0x31, 0xae, 0xa4, 0xb5, 0xbd, 0x19, 0x8a, 0x5c, 0xfb, 0xd9, 0x5c,
-	0x3b, 0xe4, 0x0e, 0x17, 0x5c, 0x19, 0x05, 0x16, 0xbc, 0xd0, 0xcb, 0x50, 0xd8, 0xac, 0x89, 0x27,
-	0x6a, 0x99, 0x4a, 0x67, 0x33, 0x4e, 0xca, 0xfc, 0xc0, 0xbd, 0xfd, 0x72, 0x61, 0x79, 0x01, 0x17,
-	0x36, 0x6b, 0x68, 0x0d, 0x06, 0x37, 0x79, 0x64, 0x05, 0xa1, 0x57, 0x7e, 0x32, 0x3b, 0xe8, 0x43,
-	0x2a, 0xf8, 0x02, 0x7f, 0xee, 0x24, 0x10, 0x58, 0x32, 0x61, 0x99, 0x26, 0x54, 0x84, 0x08, 0x11,
-	0xa0, 0x6e, 0xf6, 0x70, 0x51, 0x3d, 0xb8, 0x7c, 0x19, 0xc7, 0x99, 0xc0, 0x1a, 0x47, 0x3a, 0xab,
-	0x9d, 0xbb, 0xed, 0x80, 0x85, 0x1a, 0x17, 0x91, 0x8c, 0x32, 0x67, 0xf5, 0x9c, 0x24, 0xea, 0x34,
-	0xab, 0x15, 0x11, 0x8e, 0x99, 0xa2, 0x1d, 0x18, 0xdd, 0x0d, 0x5b, 0xdb, 0x44, 0x2e, 0x69, 0x16,
-	0xd8, 0x28, 0x47, 0x3e, 0xba, 0x29, 0x08, 0xdd, 0x20, 0x6a, 0x3b, 0x8d, 0xd4, 0x2e, 0xc4, 0x64,
-	0xd9, 0x9b, 0x3a, 0x33, 0x6c, 0xf2, 0xa6, 0xdd, 0xff, 0x56, 0xdb, 0xdf, 0xd8, 0x8b, 0x88, 0x88,
-	0x2b, 0x97, 0xd9, 0xfd, 0xaf, 0x73, 0x92, 0x74, 0xf7, 0x0b, 0x04, 0x96, 0x4c, 0xd0, 0x4d, 0xd1,
-	0x3d, 0x6c, 0xf7, 0x9c, 0xc8, 0x8f, 0x30, 0x3b, 0x27, 0x89, 0x72, 0x3a, 0x85, 0xed, 0x96, 0x31,
-	0x2b, 0xb6, 0x4b, 0xb6, 0xb6, 0xfd, 0xc8, 0xf7, 0x12, 0x3b, 0xf4, 0x64, 0xfe, 0x2e, 0x59, 0xc9,
-	0xa0, 0x4f, 0xef, 0x92, 0x59, 0x54, 0x38, 0xb3, 0x2e, 0x54, 0x87, 0xb1, 0x96, 0x1f, 0x44, 0xb7,
-	0xfd, 0x40, 0xce, 0x2f, 0xd4, 0x41, 0x2f, 0x66, 0x50, 0x8a, 0x1a, 0x59, 0xc8, 0x46, 0x13, 0x83,
-	0x13, 0x3c, 0xd1, 0x47, 0x61, 0x30, 0xac, 0x39, 0x0d, 0xb2, 0x72, 0x7d, 0x7a, 0x2a, 0xff, 0xf8,
-	0xa9, 0x72, 0x92, 0x9c, 0xd9, 0xc5, 0x03, 0x63, 0x70, 0x12, 0x2c, 0xd9, 0xa1, 0x65, 0xe8, 0x67,
-	0xe9, 0x16, 0x59, 0x10, 0xc4, 0x9c, 0x40, 0xb9, 0x29, 0x07, 0x78, 0xbe, 0x37, 0x31, 0x30, 0xe6,
-	0xc5, 0xe9, 0x1a, 0x10, 0xd7, 0x43, 0x3f, 0x9c, 0x3e, 0x99, 0xbf, 0x06, 0xc4, 0xad, 0xf2, 0x7a,
-	0xb5, 0xd3, 0x1a, 0x50, 0x44, 0x38, 0x66, 0x4a, 0x77, 0x66, 0xba, 0x9b, 0x9e, 0xea, 0xe0, 0xb9,
-	0x95, 0xbb, 0x97, 0xb2, 0x9d, 0x99, 0xee, 0xa4, 0x94, 0x85, 0xfd, 0x07, 0x83, 0x69, 0x99, 0x85,
-	0x29, 0x14, 0xfe, 0x82, 0x95, 0xb2, 0x35, 0xbf, 0xbf, 0x57, 0xfd, 0xe6, 0x11, 0x5e, 0x85, 0x3e,
-	0x67, 0xc1, 0xa9, 0x56, 0xe6, 0x87, 0x08, 0x01, 0xa0, 0x37, 0x35, 0x29, 0xff, 0x74, 0x15, 0x30,
-	0x33, 0x1b, 0x8f, 0x73, 0x6a, 0x4a, 0x5e, 0x37, 0x8b, 0x6f, 0xfb, 0xba, 0xb9, 0x0a, 0x43, 0x35,
-	0x7e, 0x15, 0xe9, 0x98, 0x5b, 0x3f, 0x79, 0xf7, 0x66, 0xa2, 0x84, 0xb8, 0xc3, 0x6c, 0x62, 0xc5,
-	0x02, 0xfd, 0x88, 0x05, 0x67, 0x92, 0x4d, 0xc7, 0x84, 0xa1, 0x45, 0x94, 0x4d, 0xae, 0xcb, 0x58,
-	0x16, 0xdf, 0x9f, 0x92, 0xff, 0x0d, 0xe2, 0x83, 0x6e, 0x04, 0xb8, 0x73, 0x65, 0x68, 0x31, 0x43,
-	0x99, 0x32, 0x60, 0x1a, 0x90, 0x7a, 0x50, 0xa8, 0xbc, 0x00, 0x23, 0x4d, 0xbf, 0xed, 0x45, 0xc2,
-	0xd1, 0x4b, 0x38, 0x9d, 0x30, 0x67, 0x8b, 0x55, 0x0d, 0x8e, 0x0d, 0xaa, 0x84, 0x1a, 0x66, 0xe8,
-	0xbe, 0xd5, 0x30, 0x6f, 0xc2, 0x88, 0xa7, 0x79, 0x26, 0x0b, 0x79, 0xe0, 0x7c, 0x7e, 0x84, 0x5c,
-	0xdd, 0x8f, 0x99, 0xb7, 0x52, 0x87, 0x60, 0x83, 0xdb, 0xf1, 0x7a, 0x80, 0x7d, 0xc9, 0xca, 0x10,
-	0xea, 0xb9, 0x2a, 0xe6, 0x43, 0xa6, 0x2a, 0xe6, 0x7c, 0x52, 0x15, 0x93, 0x32, 0x1e, 0x18, 0x5a,
-	0x98, 0xde, 0xb3, 0x3b, 0xf5, 0x1a, 0x65, 0xd3, 0x6e, 0xc0, 0xb9, 0x6e, 0xc7, 0x12, 0xf3, 0xf8,
-	0xab, 0x2b, 0x53, 0x71, 0xec, 0xf1, 0x57, 0x5f, 0x59, 0xc4, 0x0c, 0xd3, 0x6b, 0xfc, 0x26, 0xfb,
-	0xbf, 0x58, 0x50, 0xac, 0xf8, 0xf5, 0x63, 0xb8, 0xf0, 0x7e, 0xd8, 0xb8, 0xf0, 0x3e, 0x9c, 0x7d,
-	0x20, 0xd6, 0x73, 0x4d, 0x1f, 0x4b, 0x09, 0xd3, 0xc7, 0x99, 0x3c, 0x06, 0x9d, 0x0d, 0x1d, 0x3f,
-	0x5d, 0x84, 0xe1, 0x8a, 0x5f, 0x57, 0xee, 0xf6, 0xff, 0xf4, 0x7e, 0xdc, 0xed, 0x73, 0x73, 0x65,
-	0x68, 0x9c, 0x99, 0xa3, 0xa0, 0x7c, 0x69, 0xfc, 0x6d, 0xe6, 0x75, 0x7f, 0x8b, 0xb8, 0x5b, 0xdb,
-	0x11, 0xa9, 0x27, 0x3f, 0xe7, 0xf8, 0xbc, 0xee, 0xff, 0xa0, 0x00, 0xe3, 0x89, 0xda, 0x51, 0x03,
-	0x46, 0x1b, 0xba, 0x62, 0x5d, 0xcc, 0xd3, 0xfb, 0xd2, 0xc9, 0x0b, 0xaf, 0x65, 0x0d, 0x84, 0x4d,
-	0xe6, 0x68, 0x16, 0x40, 0x59, 0x9a, 0xa5, 0x7a, 0x95, 0x49, 0xfd, 0xca, 0x14, 0x1d, 0x62, 0x8d,
-	0x02, 0xbd, 0x08, 0xc3, 0x91, 0xdf, 0xf2, 0x1b, 0xfe, 0xd6, 0xde, 0x55, 0x22, 0x43, 0x7b, 0x29,
-	0x5f, 0xc4, 0xf5, 0x18, 0x85, 0x75, 0x3a, 0x74, 0x07, 0x26, 0x15, 0x93, 0xea, 0x11, 0x18, 0x1b,
-	0x98, 0x56, 0x61, 0x2d, 0xc9, 0x11, 0xa7, 0x2b, 0xb1, 0x7f, 0xae, 0xc8, 0xbb, 0xd8, 0x8b, 0xdc,
-	0x77, 0x57, 0xc3, 0x3b, 0x7b, 0x35, 0x7c, 0xdd, 0x82, 0x09, 0x5a, 0x3b, 0x73, 0xb4, 0x92, 0xc7,
-	0xbc, 0x8a, 0xc9, 0x6d, 0x75, 0x88, 0xc9, 0x7d, 0x9e, 0xee, 0x9a, 0x75, 0xbf, 0x1d, 0x09, 0xdd,
-	0x9d, 0xb6, 0x2d, 0x52, 0x28, 0x16, 0x58, 0x41, 0x47, 0x82, 0x40, 0x3c, 0x0e, 0xd5, 0xe9, 0x48,
-	0x10, 0x60, 0x81, 0x95, 0x21, 0xbb, 0xfb, 0xb2, 0x43, 0x76, 0xf3, 0xc8, 0xab, 0xc2, 0x25, 0x47,
-	0x08, 0x5c, 0x5a, 0xe4, 0x55, 0xe9, 0xab, 0x13, 0xd3, 0xd8, 0x5f, 0x2d, 0xc2, 0x48, 0xc5, 0xaf,
-	0xc7, 0x56, 0xe6, 0x17, 0x0c, 0x2b, 0xf3, 0xb9, 0x84, 0x95, 0x79, 0x42, 0xa7, 0x7d, 0xd7, 0xa6,
-	0xfc, 0xad, 0xb2, 0x29, 0xff, 0x9a, 0xc5, 0x46, 0x6d, 0x71, 0xad, 0xca, 0xfd, 0xf6, 0xd0, 0x25,
-	0x18, 0x66, 0x1b, 0x0c, 0x7b, 0x8d, 0x2c, 0x4d, 0xaf, 0x2c, 0xdf, 0xd5, 0x5a, 0x0c, 0xc6, 0x3a,
-	0x0d, 0xba, 0x00, 0x43, 0x21, 0x71, 0x82, 0xda, 0xb6, 0xda, 0x5d, 0x85, 0x9d, 0x94, 0xc3, 0xb0,
-	0xc2, 0xa2, 0xd7, 0xe3, 0xa0, 0x9f, 0xc5, 0xfc, 0xd7, 0x8d, 0x7a, 0x7b, 0xf8, 0x12, 0xc9, 0x8f,
-	0xf4, 0x69, 0xdf, 0x02, 0x94, 0xa6, 0xef, 0x21, 0x2c, 0x5d, 0xd9, 0x0c, 0x4b, 0x57, 0x4a, 0x85,
-	0xa4, 0xfb, 0x33, 0x0b, 0xc6, 0x2a, 0x7e, 0x9d, 0x2e, 0xdd, 0xef, 0xa4, 0x75, 0xaa, 0x47, 0x3c,
-	0x1e, 0xe8, 0x10, 0xf1, 0xf8, 0x31, 0xe8, 0xaf, 0xf8, 0xf5, 0x95, 0x4a, 0xa7, 0xd0, 0x02, 0xf6,
-	0xdf, 0xb4, 0x60, 0xb0, 0xe2, 0xd7, 0x8f, 0xc1, 0x2c, 0xf0, 0x21, 0xd3, 0x2c, 0xf0, 0x50, 0xce,
-	0xbc, 0xc9, 0xb1, 0x04, 0xfc, 0x8d, 0x3e, 0x18, 0xa5, 0xed, 0xf4, 0xb7, 0xe4, 0x50, 0x1a, 0xdd,
-	0x66, 0xf5, 0xd0, 0x6d, 0x54, 0x0a, 0xf7, 0x1b, 0x0d, 0xff, 0x76, 0x72, 0x58, 0x97, 0x19, 0x14,
-	0x0b, 0x2c, 0x7a, 0x06, 0x86, 0x5a, 0x01, 0xd9, 0x75, 0x7d, 0x21, 0xde, 0x6a, 0x46, 0x96, 0x8a,
-	0x80, 0x63, 0x45, 0x41, 0xaf, 0x85, 0xa1, 0xeb, 0xd1, 0xa3, 0xbc, 0xe6, 0x7b, 0x75, 0xae, 0x39,
-	0x2f, 0x8a, 0xb4, 0x1c, 0x1a, 0x1c, 0x1b, 0x54, 0xe8, 0x16, 0x94, 0xd8, 0x7f, 0xb6, 0xed, 0x1c,
-	0x3e, 0x7b, 0xaf, 0xc8, 0x2a, 0x28, 0x18, 0xe0, 0x98, 0x17, 0x7a, 0x0e, 0x20, 0x92, 0xa1, 0xed,
-	0x43, 0x11, 0x68, 0x4d, 0x5d, 0x05, 0x54, 0xd0, 0xfb, 0x10, 0x6b, 0x54, 0xe8, 0x69, 0x28, 0x45,
-	0x8e, 0xdb, 0xb8, 0xe6, 0x7a, 0x24, 0x64, 0x1a, 0xf1, 0xa2, 0x4c, 0xee, 0x27, 0x80, 0x38, 0xc6,
-	0x53, 0x51, 0x8c, 0x05, 0xe1, 0xe0, 0xb9, 0xcb, 0x87, 0x18, 0x35, 0x13, 0xc5, 0xae, 0x29, 0x28,
-	0xd6, 0x28, 0xd0, 0x36, 0x3c, 0xe2, 0x7a, 0x2c, 0x85, 0x05, 0xa9, 0xee, 0xb8, 0xad, 0xf5, 0x6b,
-	0xd5, 0x9b, 0x24, 0x70, 0x37, 0xf7, 0xe6, 0x9d, 0xda, 0x0e, 0xf1, 0x64, 0x5e, 0x56, 0x99, 0xae,
-	0xfb, 0x91, 0x95, 0x0e, 0xb4, 0xb8, 0x23, 0x27, 0xfb, 0x79, 0x36, 0xdf, 0xaf, 0x57, 0xd1, 0x7b,
-	0x8d, 0xad, 0xe3, 0x94, 0xbe, 0x75, 0x1c, 0xec, 0x97, 0x07, 0xae, 0x57, 0xb5, 0x18, 0x12, 0x2f,
-	0xc1, 0xc9, 0x8a, 0x5f, 0xaf, 0xf8, 0x41, 0xb4, 0xec, 0x07, 0xb7, 0x9d, 0xa0, 0x2e, 0xa7, 0x57,
-	0x59, 0x46, 0xd1, 0xa0, 0xfb, 0x67, 0x3f, 0xdf, 0x5d, 0x8c, 0x08, 0x19, 0xcf, 0x33, 0x89, 0xed,
-	0x90, 0x6f, 0xbf, 0x6a, 0x4c, 0x76, 0x50, 0x49, 0x60, 0x2e, 0x3b, 0x11, 0x41, 0xd7, 0x59, 0xe6,
-	0xf5, 0xf8, 0x18, 0x15, 0xc5, 0x9f, 0xd2, 0x32, 0xaf, 0xc7, 0xc8, 0xcc, 0x73, 0xd7, 0x2c, 0x6f,
-	0x7f, 0x56, 0x54, 0xc2, 0xef, 0xe0, 0xdc, 0xbf, 0xae, 0x97, 0xd4, 0xc5, 0x32, 0x4b, 0x44, 0x21,
-	0x3f, 0xbd, 0x00, 0xb7, 0x7a, 0x76, 0xcc, 0x12, 0x61, 0xbf, 0x08, 0x93, 0xf4, 0xea, 0xa7, 0xe4,
-	0x28, 0xf6, 0x91, 0xdd, 0xa3, 0x79, 0xfc, 0xd7, 0x7e, 0x76, 0x0e, 0x24, 0xd2, 0x9f, 0xa0, 0x4f,
-	0xc2, 0x58, 0x48, 0xae, 0xb9, 0x5e, 0xfb, 0x8e, 0x54, 0xbc, 0x74, 0x78, 0x73, 0x58, 0x5d, 0xd2,
-	0x29, 0xb9, 0xfa, 0xd6, 0x84, 0xe1, 0x04, 0x37, 0xd4, 0x84, 0xb1, 0xdb, 0xae, 0x57, 0xf7, 0x6f,
-	0x87, 0x92, 0xff, 0x50, 0xbe, 0x16, 0xf7, 0x16, 0xa7, 0x4c, 0xb4, 0xd1, 0xa8, 0xee, 0x96, 0xc1,
-	0x0c, 0x27, 0x98, 0xd3, 0xb5, 0x16, 0xb4, 0xbd, 0xb9, 0xf0, 0x46, 0x48, 0x02, 0x91, 0xf9, 0x9f,
-	0xa7, 0xe5, 0x95, 0x40, 0x1c, 0xe3, 0xe9, 0x5a, 0x63, 0x7f, 0x2e, 0x07, 0x7e, 0x9b, 0xe7, 0xda,
-	0x10, 0x6b, 0x0d, 0x2b, 0x28, 0xd6, 0x28, 0xe8, 0x5e, 0xc4, 0xfe, 0xad, 0xf9, 0x1e, 0xf6, 0xfd,
-	0x48, 0xee, 0x5e, 0xcc, 0x13, 0x41, 0x83, 0x63, 0x83, 0x0a, 0x2d, 0x03, 0x0a, 0xdb, 0xad, 0x56,
-	0x83, 0x39, 0x33, 0x39, 0x0d, 0xc6, 0x8a, 0x7b, 0x79, 0x14, 0x79, 0xac, 0xe0, 0x6a, 0x0a, 0x8b,
-	0x33, 0x4a, 0xd0, 0x63, 0x69, 0x53, 0x34, 0xb5, 0x9f, 0x35, 0x95, 0x5b, 0x7c, 0xaa, 0xbc, 0x9d,
-	0x12, 0x87, 0x96, 0x60, 0x30, 0xdc, 0x0b, 0x6b, 0x91, 0x08, 0xed, 0x98, 0x93, 0x46, 0xab, 0xca,
-	0x48, 0xb4, 0x2c, 0x8e, 0xbc, 0x08, 0x96, 0x65, 0x51, 0x0d, 0xa6, 0x04, 0xc7, 0x85, 0x6d, 0xc7,
-	0x53, 0xf9, 0x82, 0xb8, 0x4f, 0xf7, 0xa5, 0x7b, 0xfb, 0xe5, 0x29, 0x51, 0xb3, 0x8e, 0x3e, 0xd8,
-	0x2f, 0x9f, 0xaa, 0xf8, 0xf5, 0x0c, 0x0c, 0xce, 0xe2, 0xc6, 0x27, 0x5f, 0xad, 0xe6, 0x37, 0x5b,
-	0x95, 0xc0, 0xdf, 0x74, 0x1b, 0xa4, 0x93, 0xd5, 0xac, 0x6a, 0x50, 0x8a, 0xc9, 0x67, 0xc0, 0x70,
-	0x82, 0x9b, 0xfd, 0x59, 0x26, 0xba, 0xb1, 0x64, 0xf1, 0x51, 0x3b, 0x20, 0xa8, 0x09, 0xa3, 0x2d,
-	0xb6, 0xb8, 0x45, 0x06, 0x0c, 0x31, 0xd7, 0x5f, 0xe8, 0x51, 0xfb, 0x73, 0x9b, 0xe5, 0xf5, 0x32,
-	0x3c, 0xa3, 0x2a, 0x3a, 0x3b, 0x6c, 0x72, 0xb7, 0xff, 0xf5, 0x69, 0x76, 0xf8, 0x57, 0xb9, 0x4a,
-	0x67, 0x50, 0x3c, 0x21, 0x11, 0xb7, 0xc8, 0x99, 0x7c, 0xdd, 0x62, 0x3c, 0x2c, 0xe2, 0x19, 0x0a,
-	0x96, 0x65, 0xd1, 0x27, 0x60, 0x8c, 0x5e, 0xca, 0xd4, 0x01, 0x1c, 0x4e, 0x9f, 0xc8, 0x0f, 0xf5,
-	0xa1, 0xa8, 0xf4, 0xec, 0x38, 0x7a, 0x61, 0x9c, 0x60, 0x86, 0x5e, 0x67, 0x9e, 0x48, 0x92, 0x75,
-	0xa1, 0x17, 0xd6, 0xba, 0xd3, 0x91, 0x64, 0xab, 0x31, 0x41, 0x6d, 0x98, 0x4a, 0x27, 0xec, 0x0b,
-	0xa7, 0xed, 0x7c, 0xe9, 0x36, 0x9d, 0x73, 0x2f, 0x4e, 0x63, 0x92, 0xc6, 0x85, 0x38, 0x8b, 0x3f,
-	0xba, 0x06, 0xa3, 0x22, 0x63, 0xba, 0x98, 0xb9, 0x45, 0x43, 0xe5, 0x39, 0x8a, 0x75, 0xe4, 0x41,
-	0x12, 0x80, 0xcd, 0xc2, 0x68, 0x0b, 0xce, 0x68, 0x49, 0xae, 0x2e, 0x07, 0x0e, 0xf3, 0x5b, 0x70,
-	0xd9, 0x76, 0xaa, 0x89, 0x25, 0x8f, 0xde, 0xdb, 0x2f, 0x9f, 0x59, 0xef, 0x44, 0x88, 0x3b, 0xf3,
-	0x41, 0xd7, 0xe1, 0x24, 0x7f, 0xa8, 0xbe, 0x48, 0x9c, 0x7a, 0xc3, 0xf5, 0x94, 0xdc, 0xc3, 0x97,
-	0xfc, 0xe9, 0x7b, 0xfb, 0xe5, 0x93, 0x73, 0x59, 0x04, 0x38, 0xbb, 0x1c, 0xfa, 0x10, 0x94, 0xea,
-	0x5e, 0x28, 0xfa, 0x60, 0xc0, 0xc8, 0x23, 0x56, 0x5a, 0x5c, 0xab, 0xaa, 0xef, 0x8f, 0xff, 0xe0,
-	0xb8, 0x00, 0xda, 0xe2, 0x6a, 0x71, 0xa5, 0xac, 0x19, 0x4c, 0x05, 0xea, 0x4a, 0xea, 0x33, 0x8d,
-	0xa7, 0xaa, 0xdc, 0x1e, 0xa4, 0x5e, 0x70, 0x18, 0xaf, 0x58, 0x0d, 0xc6, 0xe8, 0x35, 0x40, 0x22,
-	0x5e, 0xfd, 0x5c, 0x8d, 0xa5, 0x57, 0x61, 0x56, 0x84, 0x21, 0xf3, 0xf1, 0x64, 0x35, 0x45, 0x81,
-	0x33, 0x4a, 0xa1, 0x2b, 0x74, 0x57, 0xd1, 0xa1, 0x62, 0xd7, 0x52, 0xa9, 0x25, 0x17, 0x49, 0x2b,
-	0x20, 0xcc, 0x0f, 0xcb, 0xe4, 0x88, 0x13, 0xe5, 0x50, 0x1d, 0x1e, 0x71, 0xda, 0x91, 0xcf, 0x2c,
-	0x0e, 0x26, 0xe9, 0xba, 0xbf, 0x43, 0x3c, 0x66, 0xec, 0x1b, 0x9a, 0x3f, 0x47, 0x05, 0xab, 0xb9,
-	0x0e, 0x74, 0xb8, 0x23, 0x17, 0x2a, 0x10, 0xab, 0x5c, 0xd2, 0x60, 0x86, 0x1f, 0xcb, 0xc8, 0x27,
-	0xfd, 0x22, 0x0c, 0x6f, 0xfb, 0x61, 0xb4, 0x46, 0xa2, 0xdb, 0x7e, 0xb0, 0x23, 0xc2, 0xe8, 0xc6,
-	0x41, 0xc9, 0x63, 0x14, 0xd6, 0xe9, 0xe8, 0x8d, 0x97, 0xb9, 0xa2, 0xac, 0x2c, 0x32, 0x2f, 0x80,
-	0xa1, 0x78, 0x8f, 0xb9, 0xc2, 0xc1, 0x58, 0xe2, 0x25, 0xe9, 0x4a, 0x65, 0x81, 0x59, 0xf4, 0x13,
-	0xa4, 0x2b, 0x95, 0x05, 0x2c, 0xf1, 0x74, 0xba, 0x86, 0xdb, 0x4e, 0x40, 0x2a, 0x81, 0x5f, 0x23,
-	0xa1, 0x16, 0x0a, 0xff, 0x61, 0x1e, 0x24, 0x98, 0x4e, 0xd7, 0x6a, 0x16, 0x01, 0xce, 0x2e, 0x87,
-	0x48, 0x3a, 0xc1, 0xdb, 0x58, 0xbe, 0x29, 0x26, 0x2d, 0xcf, 0xf4, 0x98, 0xe3, 0xcd, 0x83, 0x09,
-	0x95, 0x5a, 0x8e, 0x87, 0x05, 0x0e, 0xa7, 0xc7, 0xd9, 0xdc, 0xee, 0x3d, 0xa6, 0xb0, 0x32, 0x6e,
-	0xad, 0x24, 0x38, 0xe1, 0x14, 0x6f, 0x23, 0xc2, 0xdc, 0x44, 0xd7, 0x08, 0x73, 0x17, 0xa1, 0x14,
-	0xb6, 0x37, 0xea, 0x7e, 0xd3, 0x71, 0x3d, 0x66, 0xd1, 0xd7, 0xae, 0x5e, 0x55, 0x89, 0xc0, 0x31,
-	0x0d, 0x5a, 0x86, 0x21, 0x47, 0x5a, 0xae, 0x50, 0x7e, 0x4c, 0x21, 0x65, 0xaf, 0xe2, 0x61, 0x36,
-	0xa4, 0xad, 0x4a, 0x95, 0x45, 0xaf, 0xc0, 0xa8, 0x78, 0x68, 0x2d, 0x52, 0xa7, 0x4e, 0x99, 0xaf,
-	0xe1, 0xaa, 0x3a, 0x12, 0x9b, 0xb4, 0xe8, 0x06, 0x0c, 0x47, 0x7e, 0x83, 0x3d, 0xe9, 0xa2, 0x62,
-	0xde, 0xa9, 0xfc, 0xe8, 0x78, 0xeb, 0x8a, 0x4c, 0x57, 0x1a, 0xab, 0xa2, 0x58, 0xe7, 0x83, 0xd6,
-	0xf9, 0x7c, 0x67, 0x81, 0xef, 0x49, 0x28, 0x72, 0x6f, 0x9e, 0xc9, 0x73, 0xc7, 0x62, 0x64, 0xe6,
-	0x72, 0x10, 0x25, 0xb1, 0xce, 0x06, 0x5d, 0x86, 0xc9, 0x56, 0xe0, 0xfa, 0x6c, 0x4e, 0x28, 0xa3,
-	0xe5, 0xb4, 0x99, 0xe6, 0xaa, 0x92, 0x24, 0xc0, 0xe9, 0x32, 0xec, 0x9d, 0xbc, 0x00, 0x4e, 0x9f,
-	0xe6, 0xa9, 0x3a, 0xf8, 0x4d, 0x96, 0xc3, 0xb0, 0xc2, 0xa2, 0x55, 0xb6, 0x13, 0x73, 0x25, 0xcc,
-	0xf4, 0x4c, 0x7e, 0x18, 0x23, 0x5d, 0x59, 0xc3, 0x85, 0x57, 0xf5, 0x17, 0xc7, 0x1c, 0x50, 0x5d,
-	0xcb, 0x90, 0x49, 0xaf, 0x00, 0xe1, 0xf4, 0x23, 0x1d, 0xfc, 0x01, 0x13, 0x97, 0xa2, 0x58, 0x20,
-	0x30, 0xc0, 0x21, 0x4e, 0xf0, 0x44, 0x1f, 0x81, 0x09, 0x11, 0x7c, 0x31, 0xee, 0xa6, 0x33, 0xb1,
-	0xa3, 0x3c, 0x4e, 0xe0, 0x70, 0x8a, 0x9a, 0xa7, 0xca, 0x70, 0x36, 0x1a, 0x44, 0x6c, 0x7d, 0xd7,
-	0x5c, 0x6f, 0x27, 0x9c, 0x3e, 0xcb, 0xf6, 0x07, 0x91, 0x2a, 0x23, 0x89, 0xc5, 0x19, 0x25, 0xd0,
-	0x3a, 0x4c, 0xb4, 0x02, 0x42, 0x9a, 0x4c, 0xd0, 0x17, 0xe7, 0x59, 0x99, 0x87, 0x89, 0xa0, 0x2d,
-	0xa9, 0x24, 0x70, 0x07, 0x19, 0x30, 0x9c, 0xe2, 0x80, 0x6e, 0xc3, 0x90, 0xbf, 0x4b, 0x82, 0x6d,
-	0xe2, 0xd4, 0xa7, 0xcf, 0x75, 0x78, 0xb8, 0x21, 0x0e, 0xb7, 0xeb, 0x82, 0x36, 0xe1, 0xe8, 0x20,
-	0xc1, 0xdd, 0x1d, 0x1d, 0x64, 0x65, 0xe8, 0x2f, 0x5a, 0x70, 0x5a, 0xda, 0x46, 0xaa, 0x2d, 0xda,
-	0xeb, 0x0b, 0xbe, 0x17, 0x46, 0x01, 0x0f, 0x6c, 0xf0, 0x68, 0xfe, 0x63, 0xff, 0xf5, 0x9c, 0x42,
-	0x4a, 0x0f, 0x7c, 0x3a, 0x8f, 0x22, 0xc4, 0xf9, 0x35, 0xa2, 0x05, 0x98, 0x0c, 0x49, 0x24, 0x37,
-	0xa3, 0xb9, 0x70, 0xf9, 0xf5, 0xc5, 0xb5, 0xe9, 0xc7, 0x78, 0x54, 0x06, 0xba, 0x18, 0xaa, 0x49,
-	0x24, 0x4e, 0xd3, 0xa3, 0x4b, 0x50, 0xf0, 0xc3, 0xe9, 0xc7, 0x3b, 0x24, 0x55, 0xf5, 0xeb, 0xd7,
-	0xab, 0xdc, 0xe1, 0xed, 0x7a, 0x15, 0x17, 0xfc, 0x50, 0xa6, 0xab, 0xa0, 0xf7, 0xb1, 0x70, 0xfa,
-	0x09, 0xae, 0x35, 0x94, 0xe9, 0x2a, 0x18, 0x10, 0xc7, 0x78, 0xb4, 0x0d, 0xe3, 0xa1, 0x71, 0xef,
-	0x0d, 0xa7, 0xcf, 0xb3, 0x9e, 0x7a, 0x22, 0x6f, 0xd0, 0x0c, 0x6a, 0x2d, 0xda, 0xbc, 0xc9, 0x05,
-	0x27, 0xd9, 0xf2, 0xd5, 0xa5, 0x5d, 0xf0, 0xc3, 0xe9, 0x27, 0xbb, 0xac, 0x2e, 0x8d, 0x58, 0x5f,
-	0x5d, 0x3a, 0x0f, 0x9c, 0xe0, 0x39, 0xf3, 0x5d, 0x30, 0x99, 0x12, 0x97, 0x0e, 0x93, 0x89, 0x69,
-	0x66, 0x07, 0x46, 0x8d, 0x29, 0xf9, 0x40, 0x1d, 0x0b, 0xbe, 0x67, 0x08, 0x4a, 0xca, 0xe8, 0x8c,
-	0x2e, 0x9a, 0xbe, 0x04, 0xa7, 0x93, 0xbe, 0x04, 0x43, 0x15, 0xbf, 0x6e, 0xb8, 0x0f, 0xac, 0x67,
-	0xc4, 0xee, 0xcb, 0xdb, 0x00, 0x7b, 0x7f, 0xd3, 0xa0, 0x69, 0xf2, 0x8b, 0x3d, 0x3b, 0x25, 0xf4,
-	0x75, 0x34, 0x0e, 0x5c, 0x86, 0x49, 0xcf, 0x67, 0x32, 0x3a, 0xa9, 0x4b, 0x01, 0x8c, 0xc9, 0x59,
-	0x25, 0x3d, 0x18, 0x4e, 0x82, 0x00, 0xa7, 0xcb, 0xd0, 0x0a, 0xb9, 0xa0, 0x94, 0xb4, 0x46, 0x70,
-	0x39, 0x0a, 0x0b, 0x2c, 0x7a, 0x0c, 0xfa, 0x5b, 0x7e, 0x7d, 0xa5, 0x22, 0xe4, 0x73, 0x2d, 0x62,
-	0x6c, 0x7d, 0xa5, 0x82, 0x39, 0x0e, 0xcd, 0xc1, 0x00, 0xfb, 0x11, 0x4e, 0x8f, 0xe4, 0x47, 0x3d,
-	0x61, 0x25, 0xb4, 0x3c, 0x57, 0xac, 0x00, 0x16, 0x05, 0x99, 0x56, 0x94, 0x5e, 0x6a, 0x98, 0x56,
-	0x74, 0xf0, 0x3e, 0xb5, 0xa2, 0x92, 0x01, 0x8e, 0x79, 0xa1, 0x3b, 0x70, 0xd2, 0xb8, 0x48, 0xf2,
-	0x29, 0x42, 0x42, 0x11, 0x79, 0xe1, 0xb1, 0x8e, 0x37, 0x48, 0xe1, 0xc4, 0x70, 0x46, 0x34, 0xfa,
-	0xe4, 0x4a, 0x16, 0x27, 0x9c, 0x5d, 0x01, 0x6a, 0xc0, 0x64, 0x2d, 0x55, 0xeb, 0x50, 0xef, 0xb5,
-	0xaa, 0x01, 0x4d, 0xd7, 0x98, 0x66, 0x8c, 0x5e, 0x81, 0xa1, 0xb7, 0xfc, 0x90, 0x9d, 0x6d, 0xe2,
-	0x4e, 0x21, 0x9f, 0xed, 0x0f, 0xbd, 0x7e, 0xbd, 0xca, 0xe0, 0x07, 0xfb, 0xe5, 0xe1, 0x8a, 0x5f,
-	0x97, 0x7f, 0xb1, 0x2a, 0x80, 0x7e, 0xc0, 0x82, 0x99, 0xf4, 0x4d, 0x55, 0x35, 0x7a, 0xb4, 0xf7,
-	0x46, 0xdb, 0xa2, 0xd2, 0x99, 0xa5, 0x5c, 0x76, 0xb8, 0x43, 0x55, 0xe8, 0x83, 0x74, 0x21, 0x84,
-	0xee, 0x5d, 0x22, 0x92, 0x84, 0x3e, 0x1a, 0x2f, 0x04, 0x0a, 0x3d, 0xd8, 0x2f, 0x8f, 0xf3, 0x2d,
-	0x2d, 0x7e, 0x37, 0x23, 0x0a, 0xd8, 0xbf, 0x6c, 0x31, 0xb5, 0xac, 0x80, 0x92, 0xb0, 0xdd, 0x38,
-	0x8e, 0xcc, 0xc0, 0x4b, 0x86, 0xc9, 0xf3, 0xbe, 0xfd, 0x61, 0xfe, 0x89, 0xc5, 0xfc, 0x61, 0x8e,
-	0xf1, 0xe1, 0xcb, 0xeb, 0x30, 0x14, 0xc9, 0x8c, 0xcd, 0x1d, 0x92, 0x19, 0x6b, 0x8d, 0x62, 0x3e,
-	0x41, 0xea, 0x72, 0xa0, 0x92, 0x33, 0x2b, 0x36, 0xf6, 0x3f, 0xe4, 0x23, 0x20, 0x31, 0xc7, 0x60,
-	0x59, 0x5a, 0x34, 0x2d, 0x4b, 0xe5, 0x2e, 0x5f, 0x90, 0x63, 0x61, 0xfa, 0x07, 0x66, 0xbb, 0x99,
-	0x52, 0xec, 0x9d, 0xee, 0x88, 0x65, 0x7f, 0xde, 0x02, 0x88, 0x63, 0x79, 0xf7, 0x90, 0x93, 0xef,
-	0x25, 0x7a, 0x1d, 0xf0, 0x23, 0xbf, 0xe6, 0x37, 0x84, 0xdd, 0xf4, 0x91, 0xd8, 0xb8, 0xc5, 0xe1,
-	0x07, 0xda, 0x6f, 0xac, 0xa8, 0x51, 0x59, 0x46, 0x0e, 0x2c, 0xc6, 0xe6, 0x56, 0x23, 0x6a, 0xe0,
-	0x17, 0x2d, 0x38, 0x91, 0xe5, 0x45, 0x4d, 0x2f, 0x97, 0x5c, 0x3d, 0xa8, 0x9c, 0xe4, 0xd4, 0x68,
-	0xde, 0x14, 0x70, 0xac, 0x28, 0x7a, 0x4e, 0x76, 0x78, 0xb8, 0x20, 0xda, 0xd7, 0x61, 0xb4, 0x12,
-	0x10, 0xed, 0x5c, 0x7e, 0x95, 0x47, 0xa3, 0xe0, 0xed, 0x79, 0xe6, 0xd0, 0x91, 0x28, 0xec, 0x2f,
-	0x17, 0xe0, 0x04, 0xf7, 0x35, 0x99, 0xdb, 0xf5, 0xdd, 0x7a, 0xc5, 0xaf, 0x8b, 0xb7, 0x72, 0x6f,
-	0xc0, 0x48, 0x4b, 0xd3, 0xe9, 0x76, 0x0a, 0x08, 0xab, 0xeb, 0x7e, 0x63, 0x2d, 0x94, 0x0e, 0xc5,
-	0x06, 0x2f, 0x54, 0x87, 0x11, 0xb2, 0xeb, 0xd6, 0x94, 0xc3, 0x42, 0xe1, 0xd0, 0x67, 0xa4, 0xaa,
-	0x65, 0x49, 0xe3, 0x83, 0x0d, 0xae, 0x0f, 0x20, 0x05, 0xb9, 0xfd, 0x63, 0x16, 0x3c, 0x94, 0x13,
-	0x3e, 0x96, 0x56, 0x77, 0x9b, 0x79, 0xf5, 0x88, 0x69, 0xab, 0xaa, 0xe3, 0xbe, 0x3e, 0x58, 0x60,
-	0xd1, 0x47, 0x01, 0xb8, 0xaf, 0x0e, 0xf1, 0x6a, 0x5d, 0xe3, 0x6c, 0x1a, 0x21, 0x02, 0xb5, 0x68,
-	0x6f, 0xb2, 0x3c, 0xd6, 0x78, 0xd9, 0x5f, 0xec, 0x83, 0x7e, 0xe6, 0x1b, 0x82, 0x2a, 0x30, 0xb8,
-	0xcd, 0x13, 0x02, 0x75, 0x1c, 0x37, 0x4a, 0x2b, 0x73, 0x0c, 0xc5, 0xe3, 0xa6, 0x41, 0xb1, 0x64,
-	0x83, 0x56, 0x61, 0x8a, 0xe7, 0x65, 0x6a, 0x2c, 0x92, 0x86, 0xb3, 0x27, 0xd5, 0xa5, 0x3c, 0x89,
-	0xb0, 0x52, 0x1b, 0xaf, 0xa4, 0x49, 0x70, 0x56, 0x39, 0xf4, 0x2a, 0x8c, 0xd1, 0xeb, 0xab, 0xdf,
-	0x8e, 0x24, 0x27, 0x9e, 0x91, 0x49, 0x49, 0xf4, 0xeb, 0x06, 0x16, 0x27, 0xa8, 0xd1, 0x2b, 0x30,
-	0xda, 0x4a, 0x29, 0x86, 0xfb, 0x63, 0x0d, 0x8a, 0xa9, 0x0c, 0x36, 0x69, 0x99, 0x23, 0x75, 0x9b,
-	0xb9, 0x8d, 0xaf, 0x6f, 0x07, 0x24, 0xdc, 0xf6, 0x1b, 0x75, 0x26, 0x39, 0xf6, 0x6b, 0x8e, 0xd4,
-	0x09, 0x3c, 0x4e, 0x95, 0xa0, 0x5c, 0x36, 0x1d, 0xb7, 0xd1, 0x0e, 0x48, 0xcc, 0x65, 0xc0, 0xe4,
-	0xb2, 0x9c, 0xc0, 0xe3, 0x54, 0x89, 0xee, 0x1a, 0xef, 0xc1, 0xa3, 0xd1, 0x78, 0xdb, 0x3f, 0x53,
-	0x00, 0x63, 0x68, 0xbf, 0x73, 0x33, 0x45, 0xd1, 0x2f, 0xdb, 0x0a, 0x5a, 0x35, 0xe1, 0x07, 0x95,
-	0xf9, 0x65, 0x71, 0x02, 0x58, 0xfe, 0x65, 0xf4, 0x3f, 0x66, 0xa5, 0xe8, 0x1a, 0x3f, 0x59, 0x09,
-	0x7c, 0x7a, 0xc8, 0xc9, 0x78, 0x65, 0xea, 0xbd, 0xc2, 0xa0, 0x7c, 0xcb, 0xdd, 0x21, 0xb2, 0xa7,
-	0xf0, 0xe8, 0xe6, 0x1c, 0x0c, 0x97, 0xa1, 0xaa, 0x08, 0xaa, 0x20, 0xb9, 0xa0, 0x4b, 0x30, 0x2c,
-	0xd2, 0xff, 0x30, 0xb7, 0x7a, 0xbe, 0x98, 0x98, 0x8b, 0xd3, 0x62, 0x0c, 0xc6, 0x3a, 0x8d, 0xfd,
-	0x83, 0x05, 0x98, 0xca, 0x78, 0x17, 0xc5, 0x8f, 0x91, 0x2d, 0x37, 0x8c, 0x54, 0x8e, 0x59, 0xed,
-	0x18, 0xe1, 0x70, 0xac, 0x28, 0xe8, 0x5e, 0xc5, 0x0f, 0xaa, 0xe4, 0xe1, 0x24, 0xde, 0x1d, 0x08,
-	0xec, 0x21, 0xb3, 0xb5, 0x9e, 0x83, 0xbe, 0x76, 0x48, 0x64, 0x4c, 0x5e, 0x75, 0x6c, 0x33, 0x73,
-	0x30, 0xc3, 0xd0, 0x1b, 0xd8, 0x96, 0xb2, 0xac, 0x6a, 0x37, 0x30, 0x6e, 0x5b, 0xe5, 0x38, 0xda,
-	0xb8, 0x88, 0x78, 0x8e, 0x17, 0x89, 0x7b, 0x5a, 0x1c, 0x5c, 0x92, 0x41, 0xb1, 0xc0, 0xda, 0x5f,
-	0x28, 0xc2, 0xe9, 0xdc, 0x97, 0x92, 0xb4, 0xe9, 0x4d, 0xdf, 0x73, 0x23, 0x5f, 0xf9, 0x8e, 0xf1,
-	0x80, 0x92, 0xa4, 0xb5, 0xbd, 0x2a, 0xe0, 0x58, 0x51, 0xa0, 0xf3, 0xd0, 0xcf, 0x94, 0xc9, 0xa9,
-	0x6c, 0xbb, 0xf3, 0x8b, 0x3c, 0xc2, 0x18, 0x47, 0xf7, 0x9c, 0x20, 0xfd, 0x31, 0x2a, 0xc1, 0xf8,
-	0x8d, 0xe4, 0x81, 0x42, 0x9b, 0xeb, 0xfb, 0x0d, 0xcc, 0x90, 0xe8, 0x09, 0xd1, 0x5f, 0x09, 0x67,
-	0x29, 0xec, 0xd4, 0xfd, 0x50, 0xeb, 0xb4, 0xa7, 0x60, 0x70, 0x87, 0xec, 0x05, 0xae, 0xb7, 0x95,
-	0x74, 0xa2, 0xbb, 0xca, 0xc1, 0x58, 0xe2, 0xcd, 0xf4, 0x90, 0x83, 0x47, 0x9d, 0xd9, 0x7c, 0xa8,
-	0xab, 0x78, 0xf2, 0xc3, 0x45, 0x18, 0xc7, 0xf3, 0x8b, 0xef, 0x0e, 0xc4, 0x8d, 0xf4, 0x40, 0x1c,
-	0x75, 0x66, 0xf3, 0xee, 0xa3, 0xf1, 0x0b, 0x16, 0x8c, 0xb3, 0x24, 0x44, 0x22, 0x1e, 0x82, 0xeb,
-	0x7b, 0xc7, 0x70, 0x15, 0x78, 0x0c, 0xfa, 0x03, 0x5a, 0x69, 0x32, 0xcd, 0x2e, 0x6b, 0x09, 0xe6,
-	0x38, 0xf4, 0x08, 0xf4, 0xb1, 0x26, 0xd0, 0xc1, 0x1b, 0xe1, 0x5b, 0xf0, 0xa2, 0x13, 0x39, 0x98,
-	0x41, 0x59, 0x7c, 0x2d, 0x4c, 0x5a, 0x0d, 0x97, 0x37, 0x3a, 0x36, 0xf5, 0xbf, 0x33, 0x62, 0x28,
-	0x64, 0x36, 0xed, 0xed, 0xc5, 0xd7, 0xca, 0x66, 0xd9, 0xf9, 0x9a, 0xfd, 0xc7, 0x05, 0x38, 0x9b,
-	0x59, 0xae, 0xe7, 0xf8, 0x5a, 0x9d, 0x4b, 0x3f, 0xc8, 0x34, 0x33, 0xc5, 0x63, 0x74, 0x51, 0xee,
-	0xeb, 0x55, 0xfa, 0xef, 0xef, 0x21, 0xec, 0x55, 0x66, 0x97, 0xbd, 0x43, 0xc2, 0x5e, 0x65, 0xb6,
-	0x2d, 0x47, 0x4d, 0xf0, 0xe7, 0x85, 0x9c, 0x6f, 0x61, 0x0a, 0x83, 0x0b, 0x74, 0x9f, 0x61, 0xc8,
-	0x50, 0x5e, 0xc2, 0xf9, 0x1e, 0xc3, 0x61, 0x58, 0x61, 0xd1, 0x1c, 0x8c, 0x37, 0x5d, 0x8f, 0x6e,
-	0x3e, 0x7b, 0xa6, 0x28, 0xae, 0x6c, 0x00, 0xab, 0x26, 0x1a, 0x27, 0xe9, 0x91, 0xab, 0x85, 0xc4,
-	0xe2, 0x5f, 0xf7, 0xca, 0xa1, 0x56, 0xdd, 0xac, 0xe9, 0x06, 0xa1, 0x7a, 0x31, 0x23, 0x3c, 0xd6,
-	0xaa, 0xa6, 0x27, 0x2a, 0xf6, 0xae, 0x27, 0x1a, 0xc9, 0xd6, 0x11, 0xcd, 0xbc, 0x02, 0xa3, 0xf7,
-	0x6d, 0x53, 0xb0, 0xbf, 0x5e, 0x84, 0x87, 0x3b, 0x2c, 0x7b, 0xbe, 0xd7, 0x1b, 0x63, 0xa0, 0xed,
-	0xf5, 0xa9, 0x71, 0xa8, 0xc0, 0x89, 0xcd, 0x76, 0xa3, 0xb1, 0xc7, 0x5e, 0xee, 0x90, 0xba, 0xa4,
-	0x10, 0x32, 0xa5, 0x54, 0x8e, 0x9c, 0x58, 0xce, 0xa0, 0xc1, 0x99, 0x25, 0xe9, 0x15, 0x8b, 0x9e,
-	0x24, 0x7b, 0x8a, 0x55, 0xe2, 0x8a, 0x85, 0x75, 0x24, 0x36, 0x69, 0xd1, 0x65, 0x98, 0x74, 0x76,
-	0x1d, 0x97, 0xc7, 0x15, 0x97, 0x0c, 0xf8, 0x1d, 0x4b, 0xa9, 0x82, 0xe7, 0x92, 0x04, 0x38, 0x5d,
-	0x06, 0xbd, 0x06, 0xc8, 0xdf, 0x60, 0xfe, 0xfd, 0xf5, 0xcb, 0xc4, 0x13, 0xd6, 0x6a, 0x36, 0x76,
-	0xc5, 0x78, 0x4b, 0xb8, 0x9e, 0xa2, 0xc0, 0x19, 0xa5, 0x12, 0xf1, 0x9f, 0x06, 0xf2, 0xe3, 0x3f,
-	0x75, 0xde, 0x17, 0xbb, 0x66, 0x38, 0xba, 0x04, 0xa3, 0x87, 0xf4, 0x5a, 0xb5, 0xff, 0x83, 0x45,
-	0x4f, 0x3c, 0x5e, 0xc6, 0x0c, 0xae, 0xfa, 0x0a, 0x73, 0xab, 0xe5, 0x9a, 0x65, 0x2d, 0xc0, 0xce,
-	0x49, 0xcd, 0xad, 0x36, 0x46, 0x62, 0x93, 0x96, 0xcf, 0x21, 0xcd, 0x1d, 0xd6, 0xb8, 0x15, 0x88,
-	0x08, 0x70, 0x8a, 0x02, 0x7d, 0x0c, 0x06, 0xeb, 0xee, 0xae, 0x1b, 0x0a, 0xe5, 0xd8, 0xa1, 0x8d,
-	0x58, 0xf1, 0xd6, 0xb9, 0xc8, 0xd9, 0x60, 0xc9, 0xcf, 0xfe, 0xe1, 0x42, 0xdc, 0x27, 0xaf, 0xb7,
-	0xfd, 0xc8, 0x39, 0x86, 0x93, 0xfc, 0xb2, 0x71, 0x92, 0x3f, 0xd1, 0x29, 0x0c, 0x1e, 0x6b, 0x52,
-	0xee, 0x09, 0x7e, 0x3d, 0x71, 0x82, 0x3f, 0xd9, 0x9d, 0x55, 0xe7, 0x93, 0xfb, 0x1f, 0x59, 0x30,
-	0x69, 0xd0, 0x1f, 0xc3, 0x01, 0xb2, 0x6c, 0x1e, 0x20, 0x8f, 0x76, 0xfd, 0x86, 0x9c, 0x83, 0xe3,
-	0xfb, 0x8a, 0x89, 0xb6, 0xb3, 0x03, 0xe3, 0x2d, 0xe8, 0xdb, 0x76, 0x82, 0x7a, 0xa7, 0xb4, 0x1f,
-	0xa9, 0x42, 0xb3, 0x57, 0x9c, 0x40, 0x58, 0xf8, 0x9f, 0x91, 0xbd, 0x4e, 0x41, 0x5d, 0xad, 0xfb,
-	0xac, 0x2a, 0xf4, 0x12, 0x0c, 0x84, 0x35, 0xbf, 0xa5, 0x9e, 0xfa, 0x9c, 0x63, 0x1d, 0xcd, 0x20,
-	0x07, 0xfb, 0x65, 0x64, 0x56, 0x47, 0xc1, 0x58, 0xd0, 0xa3, 0x37, 0x60, 0x94, 0xfd, 0x52, 0xee,
-	0x76, 0xc5, 0x7c, 0x0d, 0x46, 0x55, 0x27, 0xe4, 0xbe, 0xa8, 0x06, 0x08, 0x9b, 0xac, 0x66, 0xb6,
-	0xa0, 0xa4, 0x3e, 0xeb, 0x81, 0x5a, 0x89, 0xff, 0x6d, 0x11, 0xa6, 0x32, 0xe6, 0x1c, 0x0a, 0x8d,
-	0x91, 0xb8, 0xd4, 0xe3, 0x54, 0x7d, 0x9b, 0x63, 0x11, 0xb2, 0x0b, 0x54, 0x5d, 0xcc, 0xad, 0x9e,
-	0x2b, 0xbd, 0x11, 0x92, 0x64, 0xa5, 0x14, 0xd4, 0xbd, 0x52, 0x5a, 0xd9, 0xb1, 0x75, 0x35, 0xad,
-	0x48, 0xb5, 0xf4, 0x81, 0x8e, 0xe9, 0xaf, 0xf5, 0xc1, 0x89, 0xac, 0xc8, 0x9c, 0xe8, 0x33, 0x89,
-	0xa4, 0xb3, 0x2f, 0xf4, 0x1a, 0xd3, 0x93, 0x67, 0xa2, 0x15, 0x11, 0x03, 0x67, 0xcd, 0x34, 0xb4,
-	0x5d, 0xbb, 0x59, 0xd4, 0xc9, 0x62, 0x96, 0x04, 0x3c, 0x59, 0xb0, 0xdc, 0x3e, 0xde, 0xdf, 0x73,
-	0x03, 0x44, 0x96, 0xe1, 0x30, 0xe1, 0xca, 0x23, 0xc1, 0xdd, 0x5d, 0x79, 0x64, 0xcd, 0x68, 0x05,
-	0x06, 0x6a, 0xdc, 0x47, 0xa4, 0xd8, 0x7d, 0x0b, 0xe3, 0x0e, 0x22, 0x6a, 0x03, 0x16, 0x8e, 0x21,
-	0x82, 0xc1, 0x8c, 0x0b, 0xc3, 0x5a, 0xc7, 0x3c, 0xd0, 0xc9, 0xb3, 0x43, 0x0f, 0x3e, 0xad, 0x0b,
-	0x1e, 0xe8, 0x04, 0xfa, 0x31, 0x0b, 0x12, 0x0f, 0x45, 0x94, 0x52, 0xce, 0xca, 0x55, 0xca, 0x9d,
-	0x83, 0xbe, 0xc0, 0x6f, 0x90, 0x64, 0xa2, 0x57, 0xec, 0x37, 0x08, 0x66, 0x18, 0x4a, 0x11, 0xc5,
-	0xaa, 0x96, 0x11, 0xfd, 0x1a, 0x29, 0x2e, 0x88, 0x8f, 0x41, 0x7f, 0x83, 0xec, 0x92, 0x46, 0x32,
-	0x1f, 0xd7, 0x35, 0x0a, 0xc4, 0x1c, 0x67, 0xff, 0x42, 0x1f, 0x9c, 0xe9, 0x18, 0x40, 0x88, 0x5e,
-	0xc6, 0xb6, 0x9c, 0x88, 0xdc, 0x76, 0xf6, 0x92, 0x89, 0x73, 0x2e, 0x73, 0x30, 0x96, 0x78, 0xf6,
-	0x6a, 0x91, 0xc7, 0xbf, 0x4f, 0xa8, 0x30, 0x45, 0xd8, 0x7b, 0x81, 0x35, 0x55, 0x62, 0xc5, 0xa3,
-	0x50, 0x89, 0x3d, 0x07, 0x10, 0x86, 0x0d, 0xee, 0x4e, 0x57, 0x17, 0xcf, 0x21, 0xe3, 0x3c, 0x09,
-	0xd5, 0x6b, 0x02, 0x83, 0x35, 0x2a, 0xb4, 0x08, 0x13, 0xad, 0xc0, 0x8f, 0xb8, 0x46, 0x78, 0x91,
-	0x7b, 0x9c, 0xf6, 0x9b, 0xb1, 0x5b, 0x2a, 0x09, 0x3c, 0x4e, 0x95, 0x40, 0x2f, 0xc2, 0xb0, 0x88,
-	0xe7, 0x52, 0xf1, 0xfd, 0x86, 0x50, 0x42, 0x29, 0x27, 0xcc, 0x6a, 0x8c, 0xc2, 0x3a, 0x9d, 0x56,
-	0x8c, 0xa9, 0x99, 0x07, 0x33, 0x8b, 0x71, 0x55, 0xb3, 0x46, 0x97, 0x08, 0xf8, 0x3b, 0xd4, 0x53,
-	0xc0, 0xdf, 0x58, 0x2d, 0x57, 0xea, 0xd9, 0xea, 0x09, 0x5d, 0x15, 0x59, 0x5f, 0xe9, 0x83, 0x29,
-	0x31, 0x71, 0x1e, 0xf4, 0x74, 0xb9, 0x91, 0x9e, 0x2e, 0x47, 0xa1, 0xb8, 0x7b, 0x77, 0xce, 0x1c,
-	0xf7, 0x9c, 0xf9, 0x11, 0x0b, 0x4c, 0x49, 0x0d, 0xfd, 0x7f, 0xb9, 0x99, 0xc7, 0x5e, 0xcc, 0x95,
-	0xfc, 0x94, 0xc3, 0xe1, 0xdb, 0xcc, 0x41, 0x66, 0xff, 0x3b, 0x0b, 0x1e, 0xed, 0xca, 0x11, 0x2d,
-	0x41, 0x89, 0x89, 0x93, 0xda, 0x45, 0xef, 0x49, 0xe5, 0x91, 0x2e, 0x11, 0x39, 0xd2, 0x6d, 0x5c,
-	0x12, 0x2d, 0xa5, 0x52, 0xbc, 0x3d, 0x95, 0x91, 0xe2, 0xed, 0xa4, 0xd1, 0x3d, 0xf7, 0x99, 0xe3,
-	0xed, 0x87, 0xe8, 0x89, 0x63, 0xbc, 0x06, 0x43, 0xef, 0x37, 0x94, 0x8e, 0x76, 0x42, 0xe9, 0x88,
-	0x4c, 0x6a, 0xed, 0x0c, 0xf9, 0x08, 0x4c, 0xb0, 0x40, 0x6f, 0xec, 0x7d, 0x84, 0x78, 0xa7, 0x56,
-	0x88, 0x7d, 0xa0, 0xaf, 0x25, 0x70, 0x38, 0x45, 0x6d, 0xff, 0x51, 0x11, 0x06, 0xf8, 0xf2, 0x3b,
-	0x86, 0xeb, 0xe5, 0xd3, 0x50, 0x72, 0x9b, 0xcd, 0x36, 0xcf, 0xda, 0xd5, 0x1f, 0x7b, 0xd4, 0xae,
-	0x48, 0x20, 0x8e, 0xf1, 0x68, 0x59, 0xe8, 0xbb, 0x3b, 0xc4, 0x92, 0xe5, 0x0d, 0x9f, 0x5d, 0x74,
-	0x22, 0x87, 0xcb, 0x4a, 0xea, 0x9c, 0x8d, 0x35, 0xe3, 0xe8, 0x93, 0x00, 0x61, 0x14, 0xb8, 0xde,
-	0x16, 0x85, 0x89, 0x10, 0xd6, 0xef, 0xed, 0xc0, 0xad, 0xaa, 0x88, 0x39, 0xcf, 0x78, 0xcf, 0x51,
-	0x08, 0xac, 0x71, 0x44, 0xb3, 0xc6, 0x49, 0x3f, 0x93, 0x18, 0x3b, 0xe0, 0x5c, 0xe3, 0x31, 0x9b,
-	0xf9, 0x00, 0x94, 0x14, 0xf3, 0x6e, 0xda, 0xaf, 0x11, 0x5d, 0x2c, 0xfa, 0x30, 0x8c, 0x27, 0xda,
-	0x76, 0x28, 0xe5, 0xd9, 0x2f, 0x5a, 0x30, 0xce, 0x1b, 0xb3, 0xe4, 0xed, 0x8a, 0xd3, 0xe0, 0x2e,
-	0x9c, 0x68, 0x64, 0xec, 0xca, 0x62, 0xf8, 0x7b, 0xdf, 0xc5, 0x95, 0xb2, 0x2c, 0x0b, 0x8b, 0x33,
-	0xeb, 0x40, 0x17, 0xe8, 0x8a, 0xa3, 0xbb, 0xae, 0xd3, 0x10, 0xcf, 0xf2, 0x47, 0xf8, 0x6a, 0xe3,
-	0x30, 0xac, 0xb0, 0xf6, 0xef, 0x59, 0x30, 0xc9, 0x5b, 0x7e, 0x95, 0xec, 0xa9, 0xbd, 0xe9, 0x5b,
-	0xd9, 0x76, 0x91, 0x2f, 0xb2, 0x90, 0x93, 0x2f, 0x52, 0xff, 0xb4, 0x62, 0xc7, 0x4f, 0xfb, 0xb2,
-	0x05, 0x62, 0x86, 0x1c, 0x83, 0x3e, 0xe3, 0xbb, 0x4c, 0x7d, 0xc6, 0x4c, 0xfe, 0x22, 0xc8, 0x51,
-	0x64, 0xfc, 0x99, 0x05, 0x13, 0x9c, 0x20, 0xb6, 0xd5, 0x7f, 0x4b, 0xc7, 0xa1, 0x97, 0xac, 0xf2,
-	0x57, 0xc9, 0xde, 0xba, 0x5f, 0x71, 0xa2, 0xed, 0xec, 0x8f, 0x32, 0x06, 0xab, 0xaf, 0xe3, 0x60,
-	0xd5, 0xe5, 0x02, 0x32, 0xd2, 0x29, 0x75, 0x79, 0x5c, 0x7f, 0xd8, 0x74, 0x4a, 0xf6, 0x37, 0x2d,
-	0x40, 0xbc, 0x1a, 0x43, 0x70, 0xa3, 0xe2, 0x10, 0x83, 0x6a, 0x07, 0x5d, 0xbc, 0x35, 0x29, 0x0c,
-	0xd6, 0xa8, 0x8e, 0xa4, 0x7b, 0x12, 0x0e, 0x17, 0xc5, 0xee, 0x0e, 0x17, 0x87, 0xe8, 0xd1, 0x7f,
-	0x31, 0x00, 0xc9, 0x17, 0x71, 0xe8, 0x26, 0x8c, 0xd4, 0x9c, 0x96, 0xb3, 0xe1, 0x36, 0xdc, 0xc8,
-	0x25, 0x61, 0x27, 0x6f, 0xac, 0x05, 0x8d, 0x4e, 0x98, 0xc8, 0x35, 0x08, 0x36, 0xf8, 0xa0, 0x59,
-	0x80, 0x56, 0xe0, 0xee, 0xba, 0x0d, 0xb2, 0xc5, 0xd4, 0x2e, 0x2c, 0x10, 0x08, 0x77, 0x0d, 0x93,
-	0x50, 0xac, 0x51, 0x64, 0x84, 0x1f, 0x28, 0x3e, 0xe0, 0xf0, 0x03, 0x70, 0x6c, 0xe1, 0x07, 0xfa,
-	0x0e, 0x15, 0x7e, 0x60, 0xe8, 0xd0, 0xe1, 0x07, 0xfa, 0x7b, 0x0a, 0x3f, 0x80, 0xe1, 0x94, 0x94,
-	0x3d, 0xe9, 0xff, 0x65, 0xb7, 0x41, 0xc4, 0x85, 0x83, 0x47, 0x2f, 0x99, 0xb9, 0xb7, 0x5f, 0x3e,
-	0x85, 0x33, 0x29, 0x70, 0x4e, 0x49, 0xf4, 0x51, 0x98, 0x76, 0x1a, 0x0d, 0xff, 0xb6, 0x1a, 0xd4,
-	0xa5, 0xb0, 0xe6, 0x34, 0xb8, 0x09, 0x64, 0x90, 0x71, 0x7d, 0xe4, 0xde, 0x7e, 0x79, 0x7a, 0x2e,
-	0x87, 0x06, 0xe7, 0x96, 0x46, 0x1f, 0x82, 0x52, 0x2b, 0xf0, 0x6b, 0xab, 0xda, 0xb3, 0xdd, 0xb3,
-	0xb4, 0x03, 0x2b, 0x12, 0x78, 0xb0, 0x5f, 0x1e, 0x55, 0x7f, 0xd8, 0x81, 0x1f, 0x17, 0xc8, 0x88,
-	0x27, 0x30, 0x7c, 0xa4, 0xf1, 0x04, 0x76, 0x60, 0xaa, 0x4a, 0x02, 0xd7, 0x69, 0xb8, 0x77, 0xa9,
-	0xbc, 0x2c, 0xf7, 0xa7, 0x75, 0x28, 0x05, 0x89, 0x1d, 0xb9, 0xa7, 0xf8, 0xae, 0x5a, 0x5e, 0x1b,
-	0xb9, 0x03, 0xc7, 0x8c, 0xec, 0xff, 0x65, 0xc1, 0xa0, 0x78, 0x01, 0x77, 0x0c, 0x52, 0xe3, 0x9c,
-	0x61, 0x94, 0x28, 0x67, 0x77, 0x18, 0x6b, 0x4c, 0xae, 0x39, 0x62, 0x25, 0x61, 0x8e, 0x78, 0xb4,
-	0x13, 0x93, 0xce, 0x86, 0x88, 0xbf, 0x5e, 0xa4, 0xd2, 0xbb, 0xf1, 0x16, 0xfb, 0xc1, 0x77, 0xc1,
-	0x1a, 0x0c, 0x86, 0xe2, 0x2d, 0x70, 0x21, 0xff, 0x31, 0x46, 0x72, 0x10, 0x63, 0x2f, 0x3a, 0xf1,
-	0xfa, 0x57, 0x32, 0xc9, 0x7c, 0x64, 0x5c, 0x7c, 0x80, 0x8f, 0x8c, 0xbb, 0xbd, 0x56, 0xef, 0x3b,
-	0x8a, 0xd7, 0xea, 0xf6, 0xd7, 0xd8, 0xc9, 0xa9, 0xc3, 0x8f, 0x41, 0xa8, 0xba, 0x6c, 0x9e, 0xb1,
-	0x76, 0x87, 0x99, 0x25, 0x1a, 0x95, 0x23, 0x5c, 0xfd, 0xbc, 0x05, 0x67, 0x32, 0xbe, 0x4a, 0x93,
-	0xb4, 0x9e, 0x81, 0x21, 0xa7, 0x5d, 0x77, 0xd5, 0x5a, 0xd6, 0x4c, 0x93, 0x73, 0x02, 0x8e, 0x15,
-	0x05, 0x5a, 0x80, 0x49, 0x72, 0xa7, 0xe5, 0x72, 0x43, 0xae, 0xee, 0x7c, 0x5c, 0xe4, 0xcf, 0x26,
-	0x97, 0x92, 0x48, 0x9c, 0xa6, 0x57, 0x71, 0x8d, 0x8a, 0xb9, 0x71, 0x8d, 0xfe, 0x8e, 0x05, 0xc3,
-	0xea, 0x35, 0xec, 0x03, 0xef, 0xed, 0x8f, 0x98, 0xbd, 0xfd, 0x70, 0x87, 0xde, 0xce, 0xe9, 0xe6,
-	0xdf, 0x29, 0xa8, 0xf6, 0x56, 0xfc, 0x20, 0xea, 0x41, 0x82, 0xbb, 0xff, 0x87, 0x13, 0x97, 0x60,
-	0xd8, 0x69, 0xb5, 0x24, 0x42, 0x7a, 0xc0, 0xb1, 0x68, 0xdd, 0x31, 0x18, 0xeb, 0x34, 0xea, 0x1d,
-	0x47, 0x31, 0xf7, 0x1d, 0x47, 0x1d, 0x20, 0x72, 0x82, 0x2d, 0x12, 0x51, 0x98, 0x70, 0xd8, 0xcd,
-	0xdf, 0x6f, 0xda, 0x91, 0xdb, 0x98, 0x75, 0xbd, 0x28, 0x8c, 0x82, 0xd9, 0x15, 0x2f, 0xba, 0x1e,
-	0xf0, 0x2b, 0xa4, 0x16, 0x19, 0x4c, 0xf1, 0xc2, 0x1a, 0x5f, 0x19, 0xf9, 0x81, 0xd5, 0xd1, 0x6f,
-	0xba, 0x52, 0xac, 0x09, 0x38, 0x56, 0x14, 0xf6, 0x07, 0xd8, 0xe9, 0xc3, 0xfa, 0xf4, 0x70, 0x51,
-	0xb1, 0x7e, 0x6a, 0x44, 0x8d, 0x06, 0x33, 0x8a, 0x2e, 0xea, 0xb1, 0xb7, 0x3a, 0x6f, 0xf6, 0xb4,
-	0x62, 0xfd, 0x41, 0x62, 0x1c, 0xa0, 0x0b, 0x7d, 0x3c, 0xe5, 0x1e, 0xf3, 0x6c, 0x97, 0x53, 0xe3,
-	0x10, 0x0e, 0x31, 0x2c, 0x75, 0x0f, 0x4b, 0x6c, 0xb2, 0x52, 0x11, 0xeb, 0x42, 0x4b, 0xdd, 0x23,
-	0x10, 0x38, 0xa6, 0xa1, 0xc2, 0x94, 0xfa, 0x13, 0x4e, 0xa3, 0x38, 0x84, 0xad, 0xa2, 0x0e, 0xb1,
-	0x46, 0x81, 0x2e, 0x0a, 0x85, 0x02, 0xb7, 0x0b, 0x3c, 0x9c, 0x50, 0x28, 0xc8, 0xee, 0xd2, 0xb4,
-	0x40, 0x97, 0x60, 0x58, 0x25, 0x6a, 0xaf, 0xf0, 0xa4, 0x59, 0x62, 0x9a, 0x2d, 0xc5, 0x60, 0xac,
-	0xd3, 0xa0, 0x75, 0x18, 0x0f, 0xb9, 0x9e, 0x4d, 0xc5, 0x15, 0xe7, 0xfa, 0xca, 0xf7, 0xaa, 0x77,
-	0xc8, 0x26, 0xfa, 0x80, 0x81, 0xf8, 0xee, 0x24, 0xa3, 0x33, 0x24, 0x59, 0xa0, 0x57, 0x61, 0xac,
-	0xe1, 0x3b, 0xf5, 0x79, 0xa7, 0xe1, 0x78, 0x35, 0xd6, 0x3f, 0x43, 0x66, 0xbe, 0xdf, 0x6b, 0x06,
-	0x16, 0x27, 0xa8, 0xa9, 0xf0, 0xa6, 0x43, 0x44, 0x74, 0x31, 0xc7, 0xdb, 0x22, 0xa1, 0x48, 0xbb,
-	0xcd, 0x84, 0xb7, 0x6b, 0x39, 0x34, 0x38, 0xb7, 0x34, 0x7a, 0x09, 0x46, 0xe4, 0xe7, 0x6b, 0xc1,
-	0x4c, 0xe2, 0x27, 0x31, 0x1a, 0x0e, 0x1b, 0x94, 0x28, 0x84, 0x93, 0xf2, 0xff, 0x7a, 0xe0, 0x6c,
-	0x6e, 0xba, 0x35, 0xf1, 0xc2, 0x9f, 0x3f, 0xbb, 0xfd, 0xb0, 0x7c, 0x1b, 0xba, 0x94, 0x45, 0x74,
-	0xb0, 0x5f, 0x7e, 0x44, 0xf4, 0x5a, 0x26, 0x1e, 0x67, 0xf3, 0x46, 0xab, 0x30, 0xb5, 0x4d, 0x9c,
-	0x46, 0xb4, 0xbd, 0xb0, 0x4d, 0x6a, 0x3b, 0x72, 0xc1, 0xb1, 0xf0, 0x28, 0xda, 0xd3, 0x91, 0x2b,
-	0x69, 0x12, 0x9c, 0x55, 0x0e, 0xbd, 0x09, 0xd3, 0xad, 0xf6, 0x46, 0xc3, 0x0d, 0xb7, 0xd7, 0xfc,
-	0x88, 0x39, 0x21, 0xa9, 0x9c, 0xef, 0x22, 0x8e, 0x8a, 0x0a, 0x40, 0x53, 0xc9, 0xa1, 0xc3, 0xb9,
-	0x1c, 0xd0, 0x5d, 0x38, 0x99, 0x98, 0x08, 0x22, 0x92, 0xc4, 0x58, 0x7e, 0x56, 0x91, 0x6a, 0x56,
-	0x01, 0x11, 0x94, 0x25, 0x0b, 0x85, 0xb3, 0xab, 0x40, 0x2f, 0x03, 0xb8, 0xad, 0x65, 0xa7, 0xe9,
-	0x36, 0xe8, 0x55, 0x71, 0x8a, 0xcd, 0x11, 0x7a, 0x6d, 0x80, 0x95, 0x8a, 0x84, 0xd2, 0xbd, 0x59,
-	0xfc, 0xdb, 0xc3, 0x1a, 0x35, 0xba, 0x06, 0x63, 0xe2, 0xdf, 0x9e, 0x18, 0x52, 0x1e, 0xd0, 0xe4,
-	0x71, 0x16, 0x8d, 0xaa, 0xa2, 0x63, 0x0e, 0x52, 0x10, 0x9c, 0x28, 0x8b, 0xb6, 0xe0, 0x8c, 0xcc,
-	0x10, 0xa7, 0xcf, 0x4f, 0x39, 0x06, 0x21, 0x4b, 0xe5, 0x31, 0xc4, 0x5f, 0xa5, 0xcc, 0x75, 0x22,
-	0xc4, 0x9d, 0xf9, 0xd0, 0x73, 0x5d, 0x9f, 0xe6, 0xfc, 0xc9, 0xef, 0x49, 0xee, 0xe1, 0x44, 0xcf,
-	0xf5, 0x6b, 0x49, 0x24, 0x4e, 0xd3, 0x23, 0x1f, 0x4e, 0xba, 0x5e, 0xd6, 0xac, 0x3e, 0xc5, 0x18,
-	0x7d, 0x90, 0xbf, 0x76, 0xee, 0x3c, 0xa3, 0x33, 0xf1, 0x38, 0x9b, 0xef, 0xdb, 0xf3, 0xfb, 0xfb,
-	0x5d, 0x8b, 0x96, 0xd6, 0xa4, 0x73, 0xf4, 0x29, 0x18, 0xd1, 0x3f, 0x4a, 0x48, 0x1a, 0xe7, 0xb3,
-	0x85, 0x57, 0x6d, 0x4f, 0xe0, 0xb2, 0xbd, 0x5a, 0xf7, 0x3a, 0x0e, 0x1b, 0x1c, 0x51, 0x2d, 0x23,
-	0x26, 0xc0, 0xc5, 0xde, 0x24, 0x99, 0xde, 0xdd, 0xde, 0x08, 0x64, 0x4f, 0x77, 0x74, 0x0d, 0x86,
-	0x6a, 0x0d, 0x97, 0x78, 0xd1, 0x4a, 0xa5, 0x53, 0xd4, 0xc3, 0x05, 0x41, 0x23, 0xd6, 0x8f, 0xc8,
-	0xca, 0xc1, 0x61, 0x58, 0x71, 0xb0, 0x7f, 0xa3, 0x00, 0xe5, 0x2e, 0x29, 0x5e, 0x12, 0x66, 0x28,
-	0xab, 0x27, 0x33, 0xd4, 0x1c, 0x8c, 0xc7, 0xff, 0x74, 0x0d, 0x97, 0xf2, 0x64, 0xbd, 0x69, 0xa2,
-	0x71, 0x92, 0xbe, 0xe7, 0x47, 0x09, 0xba, 0x25, 0xab, 0xaf, 0xeb, 0xb3, 0x1a, 0xc3, 0x82, 0xdd,
-	0xdf, 0xfb, 0xb5, 0x37, 0xd7, 0x1a, 0x69, 0x7f, 0xad, 0x00, 0x27, 0x55, 0x17, 0x7e, 0xe7, 0x76,
-	0xdc, 0x8d, 0x74, 0xc7, 0x1d, 0x81, 0x2d, 0xd7, 0xbe, 0x0e, 0x03, 0x3c, 0x8c, 0x63, 0x0f, 0xe2,
-	0xf6, 0x63, 0x66, 0x70, 0x67, 0x25, 0xe1, 0x19, 0x01, 0x9e, 0x7f, 0xc0, 0x82, 0xf1, 0xc4, 0xeb,
-	0x36, 0x84, 0xb5, 0x27, 0xd0, 0xf7, 0x23, 0x12, 0x67, 0x09, 0xdb, 0xe7, 0xa0, 0x6f, 0xdb, 0x0f,
-	0xa3, 0xa4, 0xa3, 0xc7, 0x15, 0x3f, 0x8c, 0x30, 0xc3, 0xd8, 0xbf, 0x6f, 0x41, 0xff, 0xba, 0xe3,
-	0x7a, 0x91, 0x34, 0x0a, 0x58, 0x39, 0x46, 0x81, 0x5e, 0xbe, 0x0b, 0xbd, 0x08, 0x03, 0x64, 0x73,
-	0x93, 0xd4, 0x22, 0x31, 0xaa, 0x32, 0xf4, 0xc4, 0xc0, 0x12, 0x83, 0x52, 0xf9, 0x8f, 0x55, 0xc6,
-	0xff, 0x62, 0x41, 0x8c, 0x6e, 0x41, 0x29, 0x72, 0x9b, 0x64, 0xae, 0x5e, 0x17, 0xa6, 0xf2, 0xfb,
-	0x08, 0x9f, 0xb1, 0x2e, 0x19, 0xe0, 0x98, 0x97, 0xfd, 0x85, 0x02, 0x40, 0x1c, 0xff, 0xaa, 0xdb,
-	0x27, 0xce, 0xa7, 0x8c, 0xa8, 0xe7, 0x33, 0x8c, 0xa8, 0x28, 0x66, 0x98, 0x61, 0x41, 0x55, 0xdd,
-	0x54, 0xec, 0xa9, 0x9b, 0xfa, 0x0e, 0xd3, 0x4d, 0x0b, 0x30, 0x19, 0xc7, 0xef, 0x32, 0xc3, 0x17,
-	0xb2, 0xa3, 0x73, 0x3d, 0x89, 0xc4, 0x69, 0x7a, 0x9b, 0xc0, 0x39, 0x15, 0xc6, 0x48, 0x9c, 0x68,
-	0xcc, 0x0f, 0x5c, 0x37, 0x4a, 0x77, 0xe9, 0xa7, 0xd8, 0x4a, 0x5c, 0xc8, 0xb5, 0x12, 0xff, 0xa4,
-	0x05, 0x27, 0x92, 0xf5, 0xb0, 0x47, 0xd3, 0x9f, 0xb7, 0xe0, 0x24, 0xb3, 0x95, 0xb3, 0x5a, 0xd3,
-	0x96, 0xf9, 0x17, 0x3a, 0x86, 0x66, 0xca, 0x69, 0x71, 0x1c, 0xe3, 0x64, 0x35, 0x8b, 0x35, 0xce,
-	0xae, 0xd1, 0xfe, 0x9f, 0x7d, 0x30, 0x9d, 0x17, 0xd3, 0x89, 0x3d, 0x13, 0x71, 0xee, 0x54, 0x77,
-	0xc8, 0x6d, 0xe1, 0x8c, 0x1f, 0x3f, 0x13, 0xe1, 0x60, 0x2c, 0xf1, 0xc9, 0xac, 0x1d, 0x85, 0x1e,
-	0xb3, 0x76, 0x6c, 0xc3, 0xe4, 0xed, 0x6d, 0xe2, 0xdd, 0xf0, 0x42, 0x27, 0x72, 0xc3, 0x4d, 0x97,
-	0xd9, 0x95, 0xf9, 0xbc, 0x91, 0xa9, 0x7e, 0x27, 0x6f, 0x25, 0x09, 0x0e, 0xf6, 0xcb, 0x67, 0x0c,
-	0x40, 0xdc, 0x64, 0xbe, 0x91, 0xe0, 0x34, 0xd3, 0x74, 0xd2, 0x93, 0xbe, 0x07, 0x9c, 0xf4, 0xa4,
-	0xe9, 0x0a, 0x6f, 0x14, 0xf9, 0x06, 0x80, 0xdd, 0x18, 0x57, 0x15, 0x14, 0x6b, 0x14, 0xe8, 0x13,
-	0x80, 0xf4, 0xa4, 0x4e, 0x46, 0x48, 0xcd, 0x67, 0xef, 0xed, 0x97, 0xd1, 0x5a, 0x0a, 0x7b, 0xb0,
-	0x5f, 0x9e, 0xa2, 0xd0, 0x15, 0x8f, 0xde, 0x3c, 0xe3, 0x38, 0x64, 0x19, 0x8c, 0xd0, 0x2d, 0x98,
-	0xa0, 0x50, 0xb6, 0xa2, 0x64, 0xbc, 0x4e, 0x7e, 0x5b, 0x7c, 0xfa, 0xde, 0x7e, 0x79, 0x62, 0x2d,
-	0x81, 0xcb, 0x63, 0x9d, 0x62, 0x82, 0x5e, 0x86, 0xb1, 0x78, 0x5e, 0x5d, 0x25, 0x7b, 0x3c, 0x3e,
-	0x4e, 0x89, 0x2b, 0xbc, 0x57, 0x0d, 0x0c, 0x4e, 0x50, 0xda, 0x9f, 0xb7, 0xe0, 0x74, 0x6e, 0xe2,
-	0x71, 0x74, 0x01, 0x86, 0x9c, 0x96, 0xcb, 0xcd, 0x17, 0xe2, 0xa8, 0x61, 0x6a, 0xb2, 0xca, 0x0a,
-	0x37, 0x5e, 0x28, 0x2c, 0xdd, 0xe1, 0x77, 0x5c, 0xaf, 0x9e, 0xdc, 0xe1, 0xaf, 0xba, 0x5e, 0x1d,
-	0x33, 0x8c, 0x3a, 0xb2, 0x8a, 0xb9, 0x4f, 0x11, 0xbe, 0x42, 0xd7, 0x6a, 0x46, 0x8a, 0xf2, 0xe3,
-	0x6d, 0x06, 0x7a, 0x5a, 0x37, 0x35, 0x0a, 0xaf, 0xc2, 0x5c, 0x33, 0xe3, 0xf7, 0x5b, 0x20, 0x9e,
-	0x2e, 0xf7, 0x70, 0x26, 0xbf, 0x01, 0x23, 0xbb, 0xe9, 0x84, 0x77, 0xe7, 0xf2, 0xdf, 0x72, 0x8b,
-	0x40, 0xe1, 0x4a, 0xd0, 0x36, 0x92, 0xdb, 0x19, 0xbc, 0xec, 0x3a, 0x08, 0xec, 0x22, 0x61, 0x06,
-	0x85, 0xee, 0xad, 0x79, 0x0e, 0xa0, 0xce, 0x68, 0x59, 0x16, 0xdc, 0x82, 0x29, 0x71, 0x2d, 0x2a,
-	0x0c, 0xd6, 0xa8, 0xec, 0x7f, 0x55, 0x80, 0x61, 0x99, 0x60, 0xad, 0xed, 0xf5, 0xa2, 0xf6, 0x3b,
-	0x54, 0xc6, 0x65, 0x74, 0x11, 0x4a, 0x4c, 0x2f, 0x5d, 0x89, 0xb5, 0xa5, 0x4a, 0x2b, 0xb4, 0x2a,
-	0x11, 0x38, 0xa6, 0xa1, 0xbb, 0x63, 0xd8, 0xde, 0x60, 0xe4, 0x89, 0x87, 0xb6, 0x55, 0x0e, 0xc6,
-	0x12, 0x8f, 0x3e, 0x0a, 0x13, 0xbc, 0x5c, 0xe0, 0xb7, 0x9c, 0x2d, 0x6e, 0xcb, 0xea, 0x57, 0xd1,
-	0x4b, 0x26, 0x56, 0x13, 0xb8, 0x83, 0xfd, 0xf2, 0x89, 0x24, 0x8c, 0x19, 0x69, 0x53, 0x5c, 0x98,
-	0xcb, 0x1a, 0xaf, 0x84, 0xee, 0xea, 0x29, 0x4f, 0xb7, 0x18, 0x85, 0x75, 0x3a, 0xfb, 0x53, 0x80,
-	0xd2, 0xa9, 0xe6, 0xd0, 0x6b, 0xdc, 0xe5, 0xd9, 0x0d, 0x48, 0xbd, 0x93, 0xd1, 0x56, 0x8f, 0xd1,
-	0x21, 0xdf, 0xc8, 0xf1, 0x52, 0x58, 0x95, 0xb7, 0xff, 0x52, 0x11, 0x26, 0x92, 0x51, 0x01, 0xd0,
-	0x15, 0x18, 0xe0, 0x22, 0xa5, 0x60, 0xdf, 0xc1, 0x27, 0x48, 0x8b, 0x25, 0xc0, 0x0e, 0x57, 0x21,
-	0x95, 0x8a, 0xf2, 0xe8, 0x4d, 0x18, 0xae, 0xfb, 0xb7, 0xbd, 0xdb, 0x4e, 0x50, 0x9f, 0xab, 0xac,
-	0x88, 0xe9, 0x9c, 0xa9, 0xa8, 0x58, 0x8c, 0xc9, 0xf4, 0xf8, 0x04, 0xcc, 0xfe, 0x1d, 0xa3, 0xb0,
-	0xce, 0x0e, 0xad, 0xb3, 0xfc, 0x14, 0x9b, 0xee, 0xd6, 0xaa, 0xd3, 0xea, 0xf4, 0xfe, 0x65, 0x41,
-	0x12, 0x69, 0x9c, 0x47, 0x45, 0x12, 0x0b, 0x8e, 0xc0, 0x31, 0x23, 0xf4, 0x19, 0x98, 0x0a, 0x73,
-	0x4c, 0x27, 0x79, 0x99, 0x47, 0x3b, 0x59, 0x13, 0xe6, 0x1f, 0xba, 0xb7, 0x5f, 0x9e, 0xca, 0x32,
-	0xb2, 0x64, 0x55, 0x63, 0x7f, 0xf1, 0x04, 0x18, 0x8b, 0xd8, 0x48, 0x44, 0x6d, 0x1d, 0x51, 0x22,
-	0x6a, 0x0c, 0x43, 0xa4, 0xd9, 0x8a, 0xf6, 0x16, 0xdd, 0x40, 0x8c, 0x49, 0x26, 0xcf, 0x25, 0x41,
-	0x93, 0xe6, 0x29, 0x31, 0x58, 0xf1, 0xc9, 0xce, 0x16, 0x5e, 0xfc, 0x16, 0x66, 0x0b, 0xef, 0x3b,
-	0xc6, 0x6c, 0xe1, 0x6b, 0x30, 0xb8, 0xe5, 0x46, 0x98, 0xb4, 0x7c, 0x71, 0x99, 0xcb, 0x9c, 0x87,
-	0x97, 0x39, 0x49, 0x3a, 0x2f, 0xad, 0x40, 0x60, 0xc9, 0x04, 0xbd, 0xa6, 0x56, 0xe0, 0x40, 0xbe,
-	0xc2, 0x25, 0xed, 0xbc, 0x92, 0xb9, 0x06, 0x45, 0x4e, 0xf0, 0xc1, 0xfb, 0xcd, 0x09, 0xbe, 0x2c,
-	0x33, 0x79, 0x0f, 0xe5, 0x3f, 0x56, 0x63, 0x89, 0xba, 0xbb, 0xe4, 0xef, 0xbe, 0xa9, 0x67, 0x3f,
-	0x2f, 0xe5, 0xef, 0x04, 0x2a, 0xb1, 0x79, 0x8f, 0x39, 0xcf, 0xbf, 0xdf, 0x82, 0x93, 0xc9, 0xec,
-	0xa4, 0xec, 0x4d, 0x85, 0xf0, 0xf3, 0x78, 0xb1, 0x97, 0x74, 0xb1, 0xac, 0x80, 0x51, 0x21, 0xd3,
-	0x91, 0x66, 0x92, 0xe1, 0xec, 0xea, 0x68, 0x47, 0x07, 0x1b, 0x75, 0xe1, 0x6f, 0xf0, 0x58, 0x4e,
-	0xf2, 0xf4, 0x0e, 0x29, 0xd3, 0xd7, 0x33, 0x12, 0x75, 0x3f, 0x9e, 0x97, 0xa8, 0xbb, 0xe7, 0xf4,
-	0xdc, 0xaf, 0xa9, 0xb4, 0xe9, 0xa3, 0xf9, 0x53, 0x89, 0x27, 0x45, 0xef, 0x9a, 0x2c, 0xfd, 0x35,
-	0x95, 0x2c, 0xbd, 0x43, 0x44, 0x6e, 0x9e, 0x0a, 0xbd, 0x6b, 0x8a, 0x74, 0x2d, 0xcd, 0xf9, 0xf8,
-	0xd1, 0xa4, 0x39, 0x37, 0x8e, 0x1a, 0x9e, 0x69, 0xfb, 0xe9, 0x2e, 0x47, 0x8d, 0xc1, 0xb7, 0xf3,
-	0x61, 0xc3, 0x53, 0xba, 0x4f, 0xde, 0x57, 0x4a, 0xf7, 0x9b, 0x7a, 0x8a, 0x74, 0xd4, 0x25, 0x07,
-	0x38, 0x25, 0xea, 0x31, 0x31, 0xfa, 0x4d, 0xfd, 0x00, 0x9c, 0xca, 0xe7, 0xab, 0xce, 0xb9, 0x34,
-	0xdf, 0xcc, 0x23, 0x30, 0x95, 0x70, 0xfd, 0xc4, 0xf1, 0x24, 0x5c, 0x3f, 0x79, 0xe4, 0x09, 0xd7,
-	0x4f, 0x1d, 0x43, 0xc2, 0xf5, 0x87, 0x8e, 0x31, 0xe1, 0xfa, 0x4d, 0xe6, 0x1c, 0xc5, 0x03, 0x40,
-	0x89, 0x08, 0xe2, 0x4f, 0xe5, 0xc4, 0x4f, 0x4b, 0x47, 0x89, 0xe2, 0x1f, 0xa7, 0x50, 0x38, 0x66,
-	0x95, 0x91, 0xc8, 0x7d, 0xfa, 0x01, 0x24, 0x72, 0x5f, 0x8b, 0x13, 0xb9, 0x9f, 0xce, 0x1f, 0xea,
-	0x8c, 0xe7, 0x34, 0x39, 0xe9, 0xdb, 0x6f, 0xea, 0x69, 0xd7, 0x1f, 0xee, 0x60, 0x05, 0xcb, 0x52,
-	0x28, 0x77, 0x48, 0xb6, 0xfe, 0x2a, 0x4f, 0xb6, 0xfe, 0x48, 0xfe, 0x4e, 0x9e, 0x3c, 0xee, 0x8c,
-	0x14, 0xeb, 0xb4, 0x5d, 0x2a, 0xf6, 0x2a, 0x8b, 0x95, 0x9e, 0xd3, 0x2e, 0x15, 0xbc, 0x35, 0xdd,
-	0x2e, 0x85, 0xc2, 0x31, 0x2b, 0xfb, 0x07, 0x0b, 0x70, 0xb6, 0xf3, 0x7a, 0x8b, 0xb5, 0xe4, 0x95,
-	0xd8, 0x21, 0x20, 0xa1, 0x25, 0xe7, 0x77, 0xb6, 0x98, 0xaa, 0xe7, 0x78, 0x90, 0x97, 0x61, 0x52,
-	0xbd, 0xc3, 0x69, 0xb8, 0xb5, 0xbd, 0xb5, 0xf8, 0x9a, 0xac, 0x22, 0x27, 0x54, 0x93, 0x04, 0x38,
-	0x5d, 0x06, 0xcd, 0xc1, 0xb8, 0x01, 0x5c, 0x59, 0x14, 0x77, 0xb3, 0x38, 0x3a, 0xb7, 0x89, 0xc6,
-	0x49, 0x7a, 0xfb, 0x4b, 0x16, 0x3c, 0x94, 0x93, 0xa9, 0xb4, 0xe7, 0x70, 0x87, 0x9b, 0x30, 0xde,
-	0x32, 0x8b, 0x76, 0x89, 0xd0, 0x6a, 0xe4, 0x43, 0x55, 0x6d, 0x4d, 0x20, 0x70, 0x92, 0xa9, 0xfd,
-	0xb3, 0x05, 0x38, 0xd3, 0xd1, 0xb1, 0x14, 0x61, 0x38, 0xb5, 0xd5, 0x0c, 0x9d, 0x85, 0x80, 0xd4,
-	0x89, 0x17, 0xb9, 0x4e, 0xa3, 0xda, 0x22, 0x35, 0xcd, 0xce, 0xc1, 0x3c, 0x34, 0x2f, 0xaf, 0x56,
-	0xe7, 0xd2, 0x14, 0x38, 0xa7, 0x24, 0x5a, 0x06, 0x94, 0xc6, 0x88, 0x11, 0x66, 0x51, 0xf7, 0xd3,
-	0xfc, 0x70, 0x46, 0x09, 0xf4, 0x01, 0x18, 0x55, 0x0e, 0xab, 0xda, 0x88, 0xb3, 0x8d, 0x1d, 0xeb,
-	0x08, 0x6c, 0xd2, 0xa1, 0x4b, 0x3c, 0x6d, 0x83, 0x48, 0xf0, 0x21, 0x8c, 0x22, 0xe3, 0x32, 0x27,
-	0x83, 0x00, 0x63, 0x9d, 0x66, 0xfe, 0xa5, 0xdf, 0xfc, 0xc6, 0xd9, 0xf7, 0xfc, 0xf6, 0x37, 0xce,
-	0xbe, 0xe7, 0xf7, 0xbe, 0x71, 0xf6, 0x3d, 0xdf, 0x7d, 0xef, 0xac, 0xf5, 0x9b, 0xf7, 0xce, 0x5a,
-	0xbf, 0x7d, 0xef, 0xac, 0xf5, 0x7b, 0xf7, 0xce, 0x5a, 0x7f, 0x70, 0xef, 0xac, 0xf5, 0x85, 0x3f,
-	0x3c, 0xfb, 0x9e, 0x37, 0x50, 0x1c, 0x40, 0xf4, 0x22, 0x1d, 0x9d, 0x8b, 0xbb, 0x97, 0xfe, 0x5f,
-	0x00, 0x00, 0x00, 0xff, 0xff, 0xb0, 0x6c, 0x51, 0x7f, 0x2c, 0x10, 0x01, 0x00,
+	// 14822 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0xbd, 0x69, 0x70, 0x24, 0xc9,
+	0x75, 0x18, 0xcc, 0xea, 0xc6, 0xd5, 0x0f, 0x77, 0x62, 0x0e, 0x0c, 0x76, 0x66, 0x7a, 0xb6, 0x76,
+	0x77, 0x76, 0xf6, 0xc2, 0x70, 0xf6, 0x20, 0x97, 0xbb, 0xe4, 0x8a, 0x38, 0x67, 0xb0, 0x03, 0x60,
+	0x7a, 0xb3, 0x31, 0x33, 0xe4, 0x72, 0xc9, 0x60, 0xa1, 0x3b, 0x01, 0x14, 0xd1, 0xa8, 0xea, 0xad,
+	0xaa, 0xc6, 0x0c, 0xe6, 0x23, 0x43, 0x12, 0xf5, 0xe9, 0xa0, 0xa4, 0xef, 0x0b, 0xc6, 0x17, 0xfa,
+	0x8e, 0xa0, 0x14, 0x8a, 0x2f, 0x24, 0x59, 0x87, 0x69, 0xd9, 0xa6, 0x29, 0x4b, 0xb2, 0xa8, 0xcb,
+	0x57, 0x58, 0x72, 0x38, 0x64, 0x59, 0x11, 0x16, 0x15, 0xa1, 0x30, 0x24, 0x8e, 0x1c, 0x21, 0x2b,
+	0xc2, 0x96, 0xe4, 0xe3, 0x87, 0x0d, 0xcb, 0x96, 0x23, 0xcf, 0xca, 0xac, 0xa3, 0xbb, 0x31, 0x8b,
+	0x01, 0x97, 0x8c, 0xfd, 0xd7, 0xfd, 0xde, 0xcb, 0x97, 0x59, 0x79, 0xbe, 0x7c, 0xef, 0xe5, 0x7b,
+	0xf0, 0xea, 0xf6, 0xcb, 0xe1, 0xb4, 0xeb, 0x5f, 0xde, 0x6e, 0xad, 0x93, 0xc0, 0x23, 0x11, 0x09,
+	0x2f, 0xef, 0x12, 0xaf, 0xee, 0x07, 0x97, 0x05, 0xc2, 0x69, 0xba, 0x97, 0x6b, 0x7e, 0x40, 0x2e,
+	0xef, 0x5e, 0xb9, 0xbc, 0x49, 0x3c, 0x12, 0x38, 0x11, 0xa9, 0x4f, 0x37, 0x03, 0x3f, 0xf2, 0x11,
+	0xe2, 0x34, 0xd3, 0x4e, 0xd3, 0x9d, 0xa6, 0x34, 0xd3, 0xbb, 0x57, 0xa6, 0x9e, 0xdb, 0x74, 0xa3,
+	0xad, 0xd6, 0xfa, 0x74, 0xcd, 0xdf, 0xb9, 0xbc, 0xe9, 0x6f, 0xfa, 0x97, 0x19, 0xe9, 0x7a, 0x6b,
+	0x83, 0xfd, 0x63, 0x7f, 0xd8, 0x2f, 0xce, 0x62, 0xea, 0xc5, 0xb8, 0x9a, 0x1d, 0xa7, 0xb6, 0xe5,
+	0x7a, 0x24, 0xd8, 0xbb, 0xdc, 0xdc, 0xde, 0x64, 0xf5, 0x06, 0x24, 0xf4, 0x5b, 0x41, 0x8d, 0x24,
+	0x2b, 0x6e, 0x5b, 0x2a, 0xbc, 0xbc, 0x43, 0x22, 0x27, 0xa3, 0xb9, 0x53, 0x97, 0xf3, 0x4a, 0x05,
+	0x2d, 0x2f, 0x72, 0x77, 0xd2, 0xd5, 0x7c, 0xa0, 0x53, 0x81, 0xb0, 0xb6, 0x45, 0x76, 0x9c, 0x54,
+	0xb9, 0x17, 0xf2, 0xca, 0xb5, 0x22, 0xb7, 0x71, 0xd9, 0xf5, 0xa2, 0x30, 0x0a, 0x92, 0x85, 0xec,
+	0xaf, 0x5b, 0x70, 0x61, 0xe6, 0x76, 0x75, 0xa1, 0xe1, 0x84, 0x91, 0x5b, 0x9b, 0x6d, 0xf8, 0xb5,
+	0xed, 0x6a, 0xe4, 0x07, 0xe4, 0x96, 0xdf, 0x68, 0xed, 0x90, 0x2a, 0xeb, 0x08, 0xf4, 0x2c, 0x0c,
+	0xec, 0xb2, 0xff, 0x4b, 0xf3, 0x93, 0xd6, 0x05, 0xeb, 0x52, 0x69, 0x76, 0xec, 0xb7, 0xf6, 0xcb,
+	0xef, 0xbb, 0xbf, 0x5f, 0x1e, 0xb8, 0x25, 0xe0, 0x58, 0x51, 0xa0, 0x8b, 0xd0, 0xb7, 0x11, 0xae,
+	0xed, 0x35, 0xc9, 0x64, 0x81, 0xd1, 0x8e, 0x08, 0xda, 0xbe, 0xc5, 0x2a, 0x85, 0x62, 0x81, 0x45,
+	0x97, 0xa1, 0xd4, 0x74, 0x82, 0xc8, 0x8d, 0x5c, 0xdf, 0x9b, 0x2c, 0x5e, 0xb0, 0x2e, 0xf5, 0xce,
+	0x8e, 0x0b, 0xd2, 0x52, 0x45, 0x22, 0x70, 0x4c, 0x43, 0x9b, 0x11, 0x10, 0xa7, 0x7e, 0xc3, 0x6b,
+	0xec, 0x4d, 0xf6, 0x5c, 0xb0, 0x2e, 0x0d, 0xc4, 0xcd, 0xc0, 0x02, 0x8e, 0x15, 0x85, 0xfd, 0xa5,
+	0x02, 0x0c, 0xcc, 0x6c, 0x6c, 0xb8, 0x9e, 0x1b, 0xed, 0xa1, 0x5b, 0x30, 0xe4, 0xf9, 0x75, 0x22,
+	0xff, 0xb3, 0xaf, 0x18, 0x7c, 0xfe, 0xc2, 0x74, 0x7a, 0x2a, 0x4d, 0xaf, 0x6a, 0x74, 0xb3, 0x63,
+	0xf7, 0xf7, 0xcb, 0x43, 0x3a, 0x04, 0x1b, 0x7c, 0x10, 0x86, 0xc1, 0xa6, 0x5f, 0x57, 0x6c, 0x0b,
+	0x8c, 0x6d, 0x39, 0x8b, 0x6d, 0x25, 0x26, 0x9b, 0x1d, 0xbd, 0xbf, 0x5f, 0x1e, 0xd4, 0x00, 0x58,
+	0x67, 0x82, 0xd6, 0x61, 0x94, 0xfe, 0xf5, 0x22, 0x57, 0xf1, 0x2d, 0x32, 0xbe, 0x8f, 0xe5, 0xf1,
+	0xd5, 0x48, 0x67, 0x27, 0xee, 0xef, 0x97, 0x47, 0x13, 0x40, 0x9c, 0x64, 0x68, 0xdf, 0x83, 0x91,
+	0x99, 0x28, 0x72, 0x6a, 0x5b, 0xa4, 0xce, 0x47, 0x10, 0xbd, 0x08, 0x3d, 0x9e, 0xb3, 0x43, 0xc4,
+	0xf8, 0x5e, 0x10, 0x1d, 0xdb, 0xb3, 0xea, 0xec, 0x90, 0x83, 0xfd, 0xf2, 0xd8, 0x4d, 0xcf, 0x7d,
+	0xbb, 0x25, 0x66, 0x05, 0x85, 0x61, 0x46, 0x8d, 0x9e, 0x07, 0xa8, 0x93, 0x5d, 0xb7, 0x46, 0x2a,
+	0x4e, 0xb4, 0x25, 0xc6, 0x1b, 0x89, 0xb2, 0x30, 0xaf, 0x30, 0x58, 0xa3, 0xb2, 0xef, 0x42, 0x69,
+	0x66, 0xd7, 0x77, 0xeb, 0x15, 0xbf, 0x1e, 0xa2, 0x6d, 0x18, 0x6d, 0x06, 0x64, 0x83, 0x04, 0x0a,
+	0x34, 0x69, 0x5d, 0x28, 0x5e, 0x1a, 0x7c, 0xfe, 0x52, 0xe6, 0xc7, 0x9a, 0xa4, 0x0b, 0x5e, 0x14,
+	0xec, 0xcd, 0x9e, 0x16, 0xf5, 0x8d, 0x26, 0xb0, 0x38, 0xc9, 0xd9, 0xfe, 0x27, 0x05, 0x38, 0x39,
+	0x73, 0xaf, 0x15, 0x90, 0x79, 0x37, 0xdc, 0x4e, 0xce, 0xf0, 0xba, 0x1b, 0x6e, 0xaf, 0xc6, 0x3d,
+	0xa0, 0xa6, 0xd6, 0xbc, 0x80, 0x63, 0x45, 0x81, 0x9e, 0x83, 0x7e, 0xfa, 0xfb, 0x26, 0x5e, 0x12,
+	0x9f, 0x3c, 0x21, 0x88, 0x07, 0xe7, 0x9d, 0xc8, 0x99, 0xe7, 0x28, 0x2c, 0x69, 0xd0, 0x0a, 0x0c,
+	0xd6, 0xd8, 0x82, 0xdc, 0x5c, 0xf1, 0xeb, 0x84, 0x0d, 0x66, 0x69, 0xf6, 0x19, 0x4a, 0x3e, 0x17,
+	0x83, 0x0f, 0xf6, 0xcb, 0x93, 0xbc, 0x6d, 0x82, 0x85, 0x86, 0xc3, 0x7a, 0x79, 0x64, 0xab, 0xf5,
+	0xd5, 0xc3, 0x38, 0x41, 0xc6, 0xda, 0xba, 0xa4, 0x2d, 0x95, 0x5e, 0xb6, 0x54, 0x86, 0xb2, 0x97,
+	0x09, 0xba, 0x02, 0x3d, 0xdb, 0xae, 0x57, 0x9f, 0xec, 0x63, 0xbc, 0xce, 0xd1, 0x31, 0xbf, 0xee,
+	0x7a, 0xf5, 0x83, 0xfd, 0xf2, 0xb8, 0xd1, 0x1c, 0x0a, 0xc4, 0x8c, 0xd4, 0xfe, 0xcf, 0x16, 0x94,
+	0x19, 0x6e, 0xd1, 0x6d, 0x90, 0x0a, 0x09, 0x42, 0x37, 0x8c, 0x88, 0x17, 0x19, 0x1d, 0xfa, 0x3c,
+	0x40, 0x48, 0x6a, 0x01, 0x89, 0xb4, 0x2e, 0x55, 0x13, 0xa3, 0xaa, 0x30, 0x58, 0xa3, 0xa2, 0x1b,
+	0x42, 0xb8, 0xe5, 0x04, 0x6c, 0x7e, 0x89, 0x8e, 0x55, 0x1b, 0x42, 0x55, 0x22, 0x70, 0x4c, 0x63,
+	0x6c, 0x08, 0xc5, 0x4e, 0x1b, 0x02, 0xfa, 0x08, 0x8c, 0xc6, 0x95, 0x85, 0x4d, 0xa7, 0x26, 0x3b,
+	0x90, 0x2d, 0x99, 0xaa, 0x89, 0xc2, 0x49, 0x5a, 0xfb, 0x6f, 0x5a, 0x62, 0xf2, 0xd0, 0xaf, 0x7e,
+	0x97, 0x7f, 0xab, 0xfd, 0xcb, 0x16, 0xf4, 0xcf, 0xba, 0x5e, 0xdd, 0xf5, 0x36, 0xd1, 0xa7, 0x61,
+	0x80, 0x9e, 0x4d, 0x75, 0x27, 0x72, 0xc4, 0xbe, 0xf7, 0x7e, 0x6d, 0x6d, 0xa9, 0xa3, 0x62, 0xba,
+	0xb9, 0xbd, 0x49, 0x01, 0xe1, 0x34, 0xa5, 0xa6, 0xab, 0xed, 0xc6, 0xfa, 0x67, 0x48, 0x2d, 0x5a,
+	0x21, 0x91, 0x13, 0x7f, 0x4e, 0x0c, 0xc3, 0x8a, 0x2b, 0xba, 0x0e, 0x7d, 0x91, 0x13, 0x6c, 0x92,
+	0x48, 0x6c, 0x80, 0x99, 0x1b, 0x15, 0x2f, 0x89, 0xe9, 0x8a, 0x24, 0x5e, 0x8d, 0xc4, 0xc7, 0xc2,
+	0x1a, 0x2b, 0x8a, 0x05, 0x0b, 0xfb, 0x7f, 0xf4, 0xc3, 0x99, 0xb9, 0xea, 0x52, 0xce, 0xbc, 0xba,
+	0x08, 0x7d, 0xf5, 0xc0, 0xdd, 0x25, 0x81, 0xe8, 0x67, 0xc5, 0x65, 0x9e, 0x41, 0xb1, 0xc0, 0xa2,
+	0x97, 0x61, 0x88, 0x1f, 0x48, 0xd7, 0x1c, 0xaf, 0xde, 0x90, 0x5d, 0x7c, 0x42, 0x50, 0x0f, 0xdd,
+	0xd2, 0x70, 0xd8, 0xa0, 0x3c, 0xe4, 0xa4, 0xba, 0x98, 0x58, 0x8c, 0x79, 0x87, 0xdd, 0x17, 0x2c,
+	0x18, 0xe3, 0xd5, 0xcc, 0x44, 0x51, 0xe0, 0xae, 0xb7, 0x22, 0x12, 0x4e, 0xf6, 0xb2, 0x9d, 0x6e,
+	0x2e, 0xab, 0xb7, 0x72, 0x7b, 0x60, 0xfa, 0x56, 0x82, 0x0b, 0xdf, 0x04, 0x27, 0x45, 0xbd, 0x63,
+	0x49, 0x34, 0x4e, 0x55, 0x8b, 0xbe, 0xc7, 0x82, 0xa9, 0x9a, 0xef, 0x45, 0x81, 0xdf, 0x68, 0x90,
+	0xa0, 0xd2, 0x5a, 0x6f, 0xb8, 0xe1, 0x16, 0x9f, 0xa7, 0x98, 0x6c, 0xb0, 0x9d, 0x20, 0x67, 0x0c,
+	0x15, 0x91, 0x18, 0xc3, 0xf3, 0xf7, 0xf7, 0xcb, 0x53, 0x73, 0xb9, 0xac, 0x70, 0x9b, 0x6a, 0xd0,
+	0x36, 0x20, 0x7a, 0x94, 0x56, 0x23, 0x67, 0x93, 0xc4, 0x95, 0xf7, 0x77, 0x5f, 0xf9, 0xa9, 0xfb,
+	0xfb, 0x65, 0xb4, 0x9a, 0x62, 0x81, 0x33, 0xd8, 0xa2, 0xb7, 0xe1, 0x04, 0x85, 0xa6, 0xbe, 0x75,
+	0xa0, 0xfb, 0xea, 0x26, 0xef, 0xef, 0x97, 0x4f, 0xac, 0x66, 0x30, 0xc1, 0x99, 0xac, 0xd1, 0x77,
+	0x59, 0x70, 0x26, 0xfe, 0xfc, 0x85, 0xbb, 0x4d, 0xc7, 0xab, 0xc7, 0x15, 0x97, 0xba, 0xaf, 0x98,
+	0xee, 0xc9, 0x67, 0xe6, 0xf2, 0x38, 0xe1, 0xfc, 0x4a, 0x90, 0x07, 0x13, 0xb4, 0x69, 0xc9, 0xba,
+	0xa1, 0xfb, 0xba, 0x4f, 0xdf, 0xdf, 0x2f, 0x4f, 0xac, 0xa6, 0x79, 0xe0, 0x2c, 0xc6, 0x53, 0x73,
+	0x70, 0x32, 0x73, 0x76, 0xa2, 0x31, 0x28, 0x6e, 0x13, 0x2e, 0x75, 0x95, 0x30, 0xfd, 0x89, 0x4e,
+	0x40, 0xef, 0xae, 0xd3, 0x68, 0x89, 0x85, 0x89, 0xf9, 0x9f, 0x57, 0x0a, 0x2f, 0x5b, 0xf6, 0x3f,
+	0x2d, 0xc2, 0xe8, 0x5c, 0x75, 0xe9, 0x81, 0x56, 0xbd, 0x7e, 0xec, 0x15, 0xda, 0x1e, 0x7b, 0xf1,
+	0x21, 0x5a, 0xcc, 0x3d, 0x44, 0xbf, 0x33, 0x63, 0xc9, 0xf6, 0xb0, 0x25, 0xfb, 0xa1, 0x9c, 0x25,
+	0x7b, 0xc4, 0x0b, 0x75, 0x37, 0x67, 0xd6, 0xf6, 0xb2, 0x01, 0xcc, 0x94, 0x90, 0x96, 0xfd, 0x9a,
+	0xd3, 0x48, 0x6e, 0xb5, 0x87, 0x9c, 0xba, 0x47, 0x33, 0x8e, 0x35, 0x18, 0x9a, 0x73, 0x9a, 0xce,
+	0xba, 0xdb, 0x70, 0x23, 0x97, 0x84, 0xe8, 0x49, 0x28, 0x3a, 0xf5, 0x3a, 0x93, 0xee, 0x4a, 0xb3,
+	0x27, 0xef, 0xef, 0x97, 0x8b, 0x33, 0x75, 0x2a, 0x66, 0x80, 0xa2, 0xda, 0xc3, 0x94, 0x02, 0x3d,
+	0x0d, 0x3d, 0xf5, 0xc0, 0x6f, 0x4e, 0x16, 0x18, 0x25, 0x5d, 0xe5, 0x3d, 0xf3, 0x81, 0xdf, 0x4c,
+	0x90, 0x32, 0x1a, 0xfb, 0x37, 0x0b, 0x70, 0x76, 0x8e, 0x34, 0xb7, 0x16, 0xab, 0x39, 0xe7, 0xc5,
+	0x25, 0x18, 0xd8, 0xf1, 0x3d, 0x37, 0xf2, 0x83, 0x50, 0x54, 0xcd, 0x66, 0xc4, 0x8a, 0x80, 0x61,
+	0x85, 0x45, 0x17, 0xa0, 0xa7, 0x19, 0x0b, 0xb1, 0x43, 0x52, 0x00, 0x66, 0xe2, 0x2b, 0xc3, 0x50,
+	0x8a, 0x56, 0x48, 0x02, 0x31, 0x63, 0x14, 0xc5, 0xcd, 0x90, 0x04, 0x98, 0x61, 0x62, 0x49, 0x80,
+	0xca, 0x08, 0xe2, 0x44, 0x48, 0x48, 0x02, 0x14, 0x83, 0x35, 0x2a, 0x54, 0x81, 0x52, 0x98, 0x18,
+	0xd9, 0xae, 0x96, 0xe6, 0x30, 0x13, 0x15, 0xd4, 0x48, 0xc6, 0x4c, 0x8c, 0x13, 0xac, 0xaf, 0xa3,
+	0xa8, 0xf0, 0xb5, 0x02, 0x20, 0xde, 0x85, 0xdf, 0x62, 0x1d, 0x77, 0x33, 0xdd, 0x71, 0xdd, 0x2f,
+	0x89, 0xa3, 0xea, 0xbd, 0xff, 0x62, 0xc1, 0xd9, 0x39, 0xd7, 0xab, 0x93, 0x20, 0x67, 0x02, 0x3e,
+	0x9c, 0xbb, 0xf3, 0xe1, 0x84, 0x14, 0x63, 0x8a, 0xf5, 0x1c, 0xc1, 0x14, 0xb3, 0xff, 0xc2, 0x02,
+	0xc4, 0x3f, 0xfb, 0x5d, 0xf7, 0xb1, 0x37, 0xd3, 0x1f, 0x7b, 0x04, 0xd3, 0xc2, 0xfe, 0x3b, 0x16,
+	0x0c, 0xce, 0x35, 0x1c, 0x77, 0x47, 0x7c, 0xea, 0x1c, 0x8c, 0x4b, 0x45, 0x11, 0x03, 0x6b, 0xb2,
+	0x3f, 0xdd, 0xdc, 0xc6, 0x71, 0x12, 0x89, 0xd3, 0xf4, 0xe8, 0x13, 0x70, 0xc6, 0x00, 0xae, 0x91,
+	0x9d, 0x66, 0xc3, 0x89, 0xf4, 0x5b, 0x01, 0x3b, 0xfd, 0x71, 0x1e, 0x11, 0xce, 0x2f, 0x6f, 0x2f,
+	0xc3, 0xc8, 0x5c, 0xc3, 0x25, 0x5e, 0xb4, 0x54, 0x99, 0xf3, 0xbd, 0x0d, 0x77, 0x13, 0xbd, 0x02,
+	0x23, 0x91, 0xbb, 0x43, 0xfc, 0x56, 0x54, 0x25, 0x35, 0xdf, 0x63, 0x77, 0x6d, 0xeb, 0x52, 0xef,
+	0x2c, 0xba, 0xbf, 0x5f, 0x1e, 0x59, 0x33, 0x30, 0x38, 0x41, 0x69, 0xff, 0x21, 0x1d, 0x71, 0x7f,
+	0xa7, 0xe9, 0x7b, 0xc4, 0x8b, 0xe6, 0x7c, 0xaf, 0xce, 0x75, 0x32, 0xaf, 0x40, 0x4f, 0x44, 0x47,
+	0x90, 0x7f, 0xf9, 0x45, 0xb9, 0xb4, 0xe9, 0xb8, 0x1d, 0xec, 0x97, 0x4f, 0xa5, 0x4b, 0xb0, 0x91,
+	0x65, 0x65, 0xd0, 0x87, 0xa0, 0x2f, 0x8c, 0x9c, 0xa8, 0x15, 0x8a, 0x4f, 0x7d, 0x54, 0x8e, 0x7f,
+	0x95, 0x41, 0x0f, 0xf6, 0xcb, 0xa3, 0xaa, 0x18, 0x07, 0x61, 0x51, 0x00, 0x3d, 0x05, 0xfd, 0x3b,
+	0x24, 0x0c, 0x9d, 0x4d, 0x79, 0x7e, 0x8f, 0x8a, 0xb2, 0xfd, 0x2b, 0x1c, 0x8c, 0x25, 0x1e, 0x3d,
+	0x06, 0xbd, 0x24, 0x08, 0xfc, 0x40, 0xec, 0x2a, 0xc3, 0x82, 0xb0, 0x77, 0x81, 0x02, 0x31, 0xc7,
+	0xd9, 0xff, 0xd2, 0x82, 0x51, 0xd5, 0x56, 0x5e, 0xd7, 0x31, 0xdc, 0x9b, 0xde, 0x04, 0xa8, 0xc9,
+	0x0f, 0x0c, 0xd9, 0x79, 0x37, 0xf8, 0xfc, 0xc5, 0x4c, 0xd1, 0x22, 0xd5, 0x8d, 0x31, 0x67, 0x05,
+	0x0a, 0xb1, 0xc6, 0xcd, 0xfe, 0x35, 0x0b, 0x26, 0x12, 0x5f, 0xb4, 0xec, 0x86, 0x11, 0x7a, 0x2b,
+	0xf5, 0x55, 0xd3, 0xdd, 0x7d, 0x15, 0x2d, 0xcd, 0xbe, 0x49, 0x2d, 0x3e, 0x09, 0xd1, 0xbe, 0xe8,
+	0x1a, 0xf4, 0xba, 0x11, 0xd9, 0x91, 0x1f, 0xf3, 0x58, 0xdb, 0x8f, 0xe1, 0xad, 0x8a, 0x47, 0x64,
+	0x89, 0x96, 0xc4, 0x9c, 0x81, 0xfd, 0x9b, 0x45, 0x28, 0xf1, 0x69, 0xbb, 0xe2, 0x34, 0x8f, 0x61,
+	0x2c, 0x9e, 0x81, 0x92, 0xbb, 0xb3, 0xd3, 0x8a, 0x9c, 0x75, 0x71, 0x00, 0x0d, 0xf0, 0xcd, 0x60,
+	0x49, 0x02, 0x71, 0x8c, 0x47, 0x4b, 0xd0, 0xc3, 0x9a, 0xc2, 0xbf, 0xf2, 0xc9, 0xec, 0xaf, 0x14,
+	0x6d, 0x9f, 0x9e, 0x77, 0x22, 0x87, 0xcb, 0x7e, 0xea, 0xe4, 0xa3, 0x20, 0xcc, 0x58, 0x20, 0x07,
+	0x60, 0xdd, 0xf5, 0x9c, 0x60, 0x8f, 0xc2, 0x26, 0x8b, 0x8c, 0xe1, 0x73, 0xed, 0x19, 0xce, 0x2a,
+	0x7a, 0xce, 0x56, 0x7d, 0x58, 0x8c, 0xc0, 0x1a, 0xd3, 0xa9, 0x0f, 0x42, 0x49, 0x11, 0x1f, 0x46,
+	0x84, 0x9b, 0xfa, 0x08, 0x8c, 0x26, 0xea, 0xea, 0x54, 0x7c, 0x48, 0x97, 0x00, 0x7f, 0x85, 0x6d,
+	0x19, 0xa2, 0xd5, 0x0b, 0xde, 0xae, 0xd8, 0x39, 0xef, 0xc1, 0x89, 0x46, 0xc6, 0xde, 0x2b, 0xc6,
+	0xb5, 0xfb, 0xbd, 0xfa, 0xac, 0xf8, 0xec, 0x13, 0x59, 0x58, 0x9c, 0x59, 0x07, 0x95, 0x6a, 0xfc,
+	0x26, 0x5d, 0x20, 0x4e, 0x43, 0xbf, 0x20, 0xdc, 0x10, 0x30, 0xac, 0xb0, 0x74, 0xbf, 0x3b, 0xa1,
+	0x1a, 0x7f, 0x9d, 0xec, 0x55, 0x49, 0x83, 0xd4, 0x22, 0x3f, 0xf8, 0xa6, 0x36, 0xff, 0x1c, 0xef,
+	0x7d, 0xbe, 0x5d, 0x0e, 0x0a, 0x06, 0xc5, 0xeb, 0x64, 0x8f, 0x0f, 0x85, 0xfe, 0x75, 0xc5, 0xb6,
+	0x5f, 0xf7, 0x15, 0x0b, 0x86, 0xd5, 0xd7, 0x1d, 0xc3, 0xbe, 0x30, 0x6b, 0xee, 0x0b, 0xe7, 0xda,
+	0x4e, 0xf0, 0x9c, 0x1d, 0xe1, 0x6b, 0x05, 0x38, 0xa3, 0x68, 0xe8, 0x6d, 0x86, 0xff, 0x11, 0xb3,
+	0xea, 0x32, 0x94, 0x3c, 0xa5, 0xd7, 0xb3, 0x4c, 0x85, 0x5a, 0xac, 0xd5, 0x8b, 0x69, 0xa8, 0x50,
+	0xea, 0xc5, 0xc7, 0xec, 0x90, 0xae, 0xf0, 0x16, 0xca, 0xed, 0x59, 0x28, 0xb6, 0xdc, 0xba, 0x38,
+	0x60, 0xde, 0x2f, 0x7b, 0xfb, 0xe6, 0xd2, 0xfc, 0xc1, 0x7e, 0xf9, 0xd1, 0x3c, 0x63, 0x0b, 0x3d,
+	0xd9, 0xc2, 0xe9, 0x9b, 0x4b, 0xf3, 0x98, 0x16, 0x46, 0x33, 0x30, 0x2a, 0x4f, 0xe8, 0x5b, 0x54,
+	0x40, 0xf4, 0x3d, 0x71, 0x0e, 0x29, 0xad, 0x35, 0x36, 0xd1, 0x38, 0x49, 0x8f, 0xe6, 0x61, 0x6c,
+	0xbb, 0xb5, 0x4e, 0x1a, 0x24, 0xe2, 0x1f, 0x7c, 0x9d, 0x70, 0x9d, 0x6e, 0x29, 0xbe, 0x4b, 0x5e,
+	0x4f, 0xe0, 0x71, 0xaa, 0x84, 0xfd, 0xd7, 0xec, 0x3c, 0x10, 0xbd, 0x57, 0x09, 0x7c, 0x3a, 0xb1,
+	0x28, 0xf7, 0x6f, 0xe6, 0x74, 0xee, 0x66, 0x56, 0x5c, 0x27, 0x7b, 0x6b, 0x3e, 0xbd, 0x4b, 0x64,
+	0xcf, 0x0a, 0x63, 0xce, 0xf7, 0xb4, 0x9d, 0xf3, 0xbf, 0x50, 0x80, 0x93, 0xaa, 0x07, 0x0c, 0xb1,
+	0xf5, 0x5b, 0xbd, 0x0f, 0xae, 0xc0, 0x60, 0x9d, 0x6c, 0x38, 0xad, 0x46, 0xa4, 0x0c, 0x0c, 0xbd,
+	0xdc, 0xc8, 0x34, 0x1f, 0x83, 0xb1, 0x4e, 0x73, 0x88, 0x6e, 0xfb, 0xf9, 0x61, 0x76, 0x10, 0x47,
+	0x0e, 0x9d, 0xe3, 0x6a, 0xd5, 0x58, 0xb9, 0xab, 0xe6, 0x31, 0xe8, 0x75, 0x77, 0xa8, 0x60, 0x56,
+	0x30, 0xe5, 0xad, 0x25, 0x0a, 0xc4, 0x1c, 0x87, 0x9e, 0x80, 0xfe, 0x9a, 0xbf, 0xb3, 0xe3, 0x78,
+	0x75, 0x76, 0xe4, 0x95, 0x66, 0x07, 0xa9, 0xec, 0x36, 0xc7, 0x41, 0x58, 0xe2, 0xd0, 0x59, 0xe8,
+	0x71, 0x82, 0x4d, 0xae, 0x75, 0x29, 0xcd, 0x0e, 0xd0, 0x9a, 0x66, 0x82, 0xcd, 0x10, 0x33, 0x28,
+	0xbd, 0x34, 0xde, 0xf1, 0x83, 0x6d, 0xd7, 0xdb, 0x9c, 0x77, 0x03, 0xb1, 0x24, 0xd4, 0x59, 0x78,
+	0x5b, 0x61, 0xb0, 0x46, 0x85, 0x16, 0xa1, 0xb7, 0xe9, 0x07, 0x51, 0x38, 0xd9, 0xc7, 0xba, 0xfb,
+	0xd1, 0x9c, 0x8d, 0x88, 0x7f, 0x6d, 0xc5, 0x0f, 0xa2, 0xf8, 0x03, 0xe8, 0xbf, 0x10, 0xf3, 0xe2,
+	0x68, 0x19, 0xfa, 0x89, 0xb7, 0xbb, 0x18, 0xf8, 0x3b, 0x93, 0x13, 0xf9, 0x9c, 0x16, 0x38, 0x09,
+	0x9f, 0x66, 0xb1, 0x8c, 0x2a, 0xc0, 0x58, 0xb2, 0x40, 0x1f, 0x82, 0x22, 0xf1, 0x76, 0x27, 0xfb,
+	0x19, 0xa7, 0xa9, 0x1c, 0x4e, 0xb7, 0x9c, 0x20, 0xde, 0xf3, 0x17, 0xbc, 0x5d, 0x4c, 0xcb, 0xa0,
+	0x8f, 0x43, 0x49, 0x6e, 0x18, 0xa1, 0x50, 0x67, 0x66, 0x4e, 0x58, 0xb9, 0xcd, 0x60, 0xf2, 0x76,
+	0xcb, 0x0d, 0xc8, 0x0e, 0xf1, 0xa2, 0x30, 0xde, 0x21, 0x25, 0x36, 0xc4, 0x31, 0x37, 0x54, 0x83,
+	0xa1, 0x80, 0x84, 0xee, 0x3d, 0x52, 0xf1, 0x1b, 0x6e, 0x6d, 0x6f, 0xf2, 0x34, 0x6b, 0xde, 0x53,
+	0x6d, 0xbb, 0x0c, 0x6b, 0x05, 0x62, 0x75, 0xbb, 0x0e, 0xc5, 0x06, 0x53, 0xf4, 0x06, 0x0c, 0x07,
+	0x24, 0x8c, 0x9c, 0x20, 0x12, 0xb5, 0x4c, 0x2a, 0xf3, 0xd8, 0x30, 0xd6, 0x11, 0xfc, 0x3a, 0x11,
+	0x57, 0x13, 0x63, 0xb0, 0xc9, 0x01, 0x7d, 0x5c, 0xea, 0xfe, 0x57, 0xfc, 0x96, 0x17, 0x85, 0x93,
+	0x25, 0xd6, 0xee, 0x4c, 0xab, 0xec, 0xad, 0x98, 0x2e, 0x69, 0x1c, 0xe0, 0x85, 0xb1, 0xc1, 0x0a,
+	0x7d, 0x12, 0x86, 0xf9, 0x7f, 0x6e, 0xdb, 0x0c, 0x27, 0x4f, 0x32, 0xde, 0x17, 0xf2, 0x79, 0x73,
+	0xc2, 0xd9, 0x93, 0x82, 0xf9, 0xb0, 0x0e, 0x0d, 0xb1, 0xc9, 0x0d, 0x61, 0x18, 0x6e, 0xb8, 0xbb,
+	0xc4, 0x23, 0x61, 0x58, 0x09, 0xfc, 0x75, 0x22, 0x54, 0xb5, 0x67, 0xb2, 0x6d, 0xa1, 0xfe, 0x3a,
+	0x99, 0x1d, 0xa7, 0x3c, 0x97, 0xf5, 0x32, 0xd8, 0x64, 0x81, 0x6e, 0xc2, 0x08, 0xbd, 0x1b, 0xbb,
+	0x31, 0xd3, 0xc1, 0x4e, 0x4c, 0xd9, 0x7d, 0x10, 0x1b, 0x85, 0x70, 0x82, 0x09, 0xba, 0x01, 0x43,
+	0xac, 0xcf, 0x5b, 0x4d, 0xce, 0xf4, 0x54, 0x27, 0xa6, 0xcc, 0x94, 0x5e, 0xd5, 0x8a, 0x60, 0x83,
+	0x01, 0x7a, 0x1d, 0x4a, 0x0d, 0x77, 0x83, 0xd4, 0xf6, 0x6a, 0x0d, 0x32, 0x39, 0xc4, 0xb8, 0x65,
+	0x6e, 0x86, 0xcb, 0x92, 0x88, 0xcb, 0xe7, 0xea, 0x2f, 0x8e, 0x8b, 0xa3, 0x5b, 0x70, 0x2a, 0x22,
+	0xc1, 0x8e, 0xeb, 0x39, 0x74, 0x13, 0x13, 0x57, 0x42, 0x66, 0xa2, 0x1e, 0x66, 0xb3, 0xeb, 0xbc,
+	0x18, 0x8d, 0x53, 0x6b, 0x99, 0x54, 0x38, 0xa7, 0x34, 0xba, 0x0b, 0x93, 0x19, 0x18, 0x3e, 0x6f,
+	0x4f, 0x30, 0xce, 0x1f, 0x16, 0x9c, 0x27, 0xd7, 0x72, 0xe8, 0x0e, 0xda, 0xe0, 0x70, 0x2e, 0x77,
+	0x74, 0x03, 0x46, 0xd9, 0xce, 0x59, 0x69, 0x35, 0x1a, 0xa2, 0xc2, 0x11, 0x56, 0xe1, 0x13, 0x52,
+	0x8e, 0x58, 0x32, 0xd1, 0x07, 0xfb, 0x65, 0x88, 0xff, 0xe1, 0x64, 0x69, 0xb4, 0xce, 0xac, 0xa1,
+	0xad, 0xc0, 0x8d, 0xf6, 0xe8, 0xaa, 0x22, 0x77, 0xa3, 0xc9, 0xd1, 0xb6, 0x9a, 0x21, 0x9d, 0x54,
+	0x99, 0x4c, 0x75, 0x20, 0x4e, 0x32, 0xa4, 0x47, 0x41, 0x18, 0xd5, 0x5d, 0x6f, 0x72, 0x8c, 0xdf,
+	0xa7, 0xe4, 0x4e, 0x5a, 0xa5, 0x40, 0xcc, 0x71, 0xcc, 0x12, 0x4a, 0x7f, 0xdc, 0xa0, 0x27, 0xee,
+	0x38, 0x23, 0x8c, 0x2d, 0xa1, 0x12, 0x81, 0x63, 0x1a, 0x2a, 0x04, 0x47, 0xd1, 0xde, 0x24, 0x62,
+	0xa4, 0x6a, 0x43, 0x5c, 0x5b, 0xfb, 0x38, 0xa6, 0x70, 0x7b, 0x1d, 0x46, 0xd4, 0x36, 0xc1, 0xfa,
+	0x04, 0x95, 0xa1, 0x97, 0x89, 0x7d, 0x42, 0x8f, 0x59, 0xa2, 0x4d, 0x60, 0x22, 0x21, 0xe6, 0x70,
+	0xd6, 0x04, 0xf7, 0x1e, 0x99, 0xdd, 0x8b, 0x08, 0xd7, 0x45, 0x14, 0xb5, 0x26, 0x48, 0x04, 0x8e,
+	0x69, 0xec, 0xff, 0xc9, 0xc5, 0xe7, 0xf8, 0x94, 0xe8, 0xe2, 0x5c, 0x7c, 0x16, 0x06, 0xb6, 0xfc,
+	0x30, 0xa2, 0xd4, 0xac, 0x8e, 0xde, 0x58, 0x60, 0xbe, 0x26, 0xe0, 0x58, 0x51, 0xa0, 0x57, 0x61,
+	0xb8, 0xa6, 0x57, 0x20, 0x0e, 0x75, 0xb5, 0x8d, 0x18, 0xb5, 0x63, 0x93, 0x16, 0xbd, 0x0c, 0x03,
+	0xcc, 0xbb, 0xa7, 0xe6, 0x37, 0x84, 0xb4, 0x29, 0x25, 0x93, 0x81, 0x8a, 0x80, 0x1f, 0x68, 0xbf,
+	0xb1, 0xa2, 0x46, 0x17, 0xa1, 0x8f, 0x36, 0x61, 0xa9, 0x22, 0x8e, 0x53, 0xa5, 0x92, 0xbb, 0xc6,
+	0xa0, 0x58, 0x60, 0xed, 0x5f, 0xb3, 0x98, 0x2c, 0x95, 0xde, 0xf3, 0xd1, 0x35, 0x76, 0x68, 0xb0,
+	0x13, 0x44, 0x53, 0x89, 0x3d, 0xae, 0x9d, 0x04, 0x0a, 0x77, 0x90, 0xf8, 0x8f, 0x8d, 0x92, 0xe8,
+	0xcd, 0xe4, 0xc9, 0xc0, 0x05, 0x8a, 0x17, 0x65, 0x17, 0x24, 0x4f, 0x87, 0x47, 0xe2, 0x23, 0x8e,
+	0xb6, 0xa7, 0xdd, 0x11, 0x61, 0xff, 0x5f, 0x05, 0x6d, 0x96, 0x54, 0x23, 0x27, 0x22, 0xa8, 0x02,
+	0xfd, 0x77, 0x1c, 0x37, 0x72, 0xbd, 0x4d, 0x21, 0xf7, 0xb5, 0x3f, 0xe8, 0x58, 0xa1, 0xdb, 0xbc,
+	0x00, 0x97, 0x5e, 0xc4, 0x1f, 0x2c, 0xd9, 0x50, 0x8e, 0x41, 0xcb, 0xf3, 0x28, 0xc7, 0x42, 0xb7,
+	0x1c, 0x31, 0x2f, 0xc0, 0x39, 0x8a, 0x3f, 0x58, 0xb2, 0x41, 0x6f, 0x01, 0xc8, 0x1d, 0x82, 0xd4,
+	0x85, 0x57, 0xd0, 0xb3, 0x9d, 0x99, 0xae, 0xa9, 0x32, 0xb3, 0x23, 0x54, 0x36, 0x8a, 0xff, 0x63,
+	0x8d, 0x9f, 0x1d, 0x69, 0x63, 0xaa, 0x37, 0x06, 0x7d, 0x82, 0x2e, 0x51, 0x27, 0x88, 0x48, 0x7d,
+	0x26, 0x12, 0x9d, 0xf3, 0x74, 0x77, 0x97, 0xc3, 0x35, 0x77, 0x87, 0xe8, 0xcb, 0x59, 0x30, 0xc1,
+	0x31, 0x3f, 0xfb, 0x97, 0x8a, 0x30, 0x99, 0xd7, 0x5c, 0xba, 0x68, 0xc8, 0x5d, 0x37, 0x9a, 0xa3,
+	0x62, 0xad, 0x65, 0x2e, 0x9a, 0x05, 0x01, 0xc7, 0x8a, 0x82, 0xce, 0xde, 0xd0, 0xdd, 0x94, 0x77,
+	0xfb, 0xde, 0x78, 0xf6, 0x56, 0x19, 0x14, 0x0b, 0x2c, 0xa5, 0x0b, 0x88, 0x13, 0x0a, 0xb7, 0x33,
+	0x6d, 0x96, 0x63, 0x06, 0xc5, 0x02, 0xab, 0x6b, 0x19, 0x7b, 0x3a, 0x68, 0x19, 0x8d, 0x2e, 0xea,
+	0x3d, 0xda, 0x2e, 0x42, 0x9f, 0x02, 0xd8, 0x70, 0x3d, 0x37, 0xdc, 0x62, 0xdc, 0xfb, 0x0e, 0xcd,
+	0x5d, 0x09, 0xc5, 0x8b, 0x8a, 0x0b, 0xd6, 0x38, 0xa2, 0x97, 0x60, 0x50, 0x6d, 0x20, 0x4b, 0xf3,
+	0xcc, 0x06, 0xaf, 0xf9, 0x34, 0xc5, 0xbb, 0xe9, 0x3c, 0xd6, 0xe9, 0xec, 0xcf, 0x24, 0xe7, 0x8b,
+	0x58, 0x01, 0x5a, 0xff, 0x5a, 0xdd, 0xf6, 0x6f, 0xa1, 0x7d, 0xff, 0xda, 0xdf, 0xe8, 0x83, 0x51,
+	0xa3, 0xb2, 0x56, 0xd8, 0xc5, 0x9e, 0x7b, 0x95, 0x1e, 0x40, 0x4e, 0x44, 0xc4, 0xfa, 0xb3, 0x3b,
+	0x2f, 0x15, 0xfd, 0x90, 0xa2, 0x2b, 0x80, 0x97, 0x47, 0x9f, 0x82, 0x52, 0xc3, 0x09, 0x99, 0xc6,
+	0x92, 0x88, 0x75, 0xd7, 0x0d, 0xb3, 0xf8, 0x42, 0xe8, 0x84, 0x91, 0x76, 0xea, 0x73, 0xde, 0x31,
+	0x4b, 0x7a, 0x52, 0x52, 0xf9, 0x4a, 0xfa, 0x35, 0xaa, 0x46, 0x50, 0x21, 0x6c, 0x0f, 0x73, 0x1c,
+	0x7a, 0x99, 0x6d, 0xad, 0x74, 0x56, 0xcc, 0x51, 0x69, 0x94, 0x4d, 0xb3, 0x5e, 0x43, 0xc8, 0x56,
+	0x38, 0x6c, 0x50, 0xc6, 0x77, 0xb2, 0xbe, 0x36, 0x77, 0xb2, 0xa7, 0xa0, 0x9f, 0xfd, 0x50, 0x33,
+	0x40, 0x8d, 0xc6, 0x12, 0x07, 0x63, 0x89, 0x4f, 0x4e, 0x98, 0x81, 0xee, 0x26, 0x0c, 0xbd, 0xf5,
+	0x89, 0x49, 0xcd, 0xfc, 0x1f, 0x06, 0xf8, 0x2e, 0x27, 0xa6, 0x3c, 0x96, 0x38, 0xf4, 0x33, 0x16,
+	0x20, 0xa7, 0x41, 0x6f, 0xcb, 0x14, 0xac, 0x2e, 0x37, 0xc0, 0x44, 0xed, 0x57, 0x3b, 0x76, 0x7b,
+	0x2b, 0x9c, 0x9e, 0x49, 0x95, 0xe6, 0x9a, 0xd2, 0x57, 0x44, 0x13, 0x51, 0x9a, 0x40, 0x3f, 0x8c,
+	0x96, 0xdd, 0x30, 0xfa, 0xfc, 0x1f, 0x25, 0x0e, 0xa7, 0x8c, 0x26, 0xa1, 0x9b, 0xfa, 0xe5, 0x6b,
+	0xf0, 0x90, 0x97, 0xaf, 0xe1, 0xbc, 0x8b, 0xd7, 0x54, 0x0b, 0x4e, 0xe7, 0x7c, 0x41, 0x86, 0xfe,
+	0x75, 0x5e, 0xd7, 0xbf, 0x76, 0xd0, 0xda, 0x4d, 0xcb, 0x3a, 0xa6, 0xdf, 0x68, 0x39, 0x5e, 0xe4,
+	0x46, 0x7b, 0xba, 0xbe, 0xf6, 0x69, 0x18, 0x99, 0x77, 0xc8, 0x8e, 0xef, 0x2d, 0x78, 0xf5, 0xa6,
+	0xef, 0x7a, 0x11, 0x9a, 0x84, 0x1e, 0x26, 0x7c, 0xf0, 0xad, 0xb7, 0x87, 0xf6, 0x1e, 0x66, 0x10,
+	0x7b, 0x13, 0x4e, 0xce, 0xfb, 0x77, 0xbc, 0x3b, 0x4e, 0x50, 0x9f, 0xa9, 0x2c, 0x69, 0xfa, 0xa4,
+	0x55, 0xa9, 0xcf, 0xb0, 0xf2, 0x6f, 0x8b, 0x5a, 0x49, 0x7e, 0x1d, 0x5a, 0x74, 0x1b, 0x24, 0x47,
+	0xeb, 0xf7, 0xff, 0x16, 0x8c, 0x9a, 0x62, 0x7a, 0x65, 0x77, 0xb6, 0x72, 0xed, 0xce, 0x6f, 0xc0,
+	0xc0, 0x86, 0x4b, 0x1a, 0x75, 0x4c, 0x36, 0x44, 0xef, 0x3c, 0x99, 0xef, 0x99, 0xb6, 0x48, 0x29,
+	0xa5, 0x96, 0x97, 0x6b, 0x43, 0x16, 0x45, 0x61, 0xac, 0xd8, 0xa0, 0x6d, 0x18, 0x93, 0x7d, 0x28,
+	0xb1, 0x62, 0x3f, 0x78, 0xaa, 0xdd, 0xc0, 0x9b, 0xcc, 0x4f, 0xdc, 0xdf, 0x2f, 0x8f, 0xe1, 0x04,
+	0x1b, 0x9c, 0x62, 0x8c, 0xce, 0x42, 0xcf, 0x0e, 0x3d, 0xf9, 0x7a, 0x58, 0xf7, 0x33, 0xf5, 0x07,
+	0xd3, 0xe4, 0x30, 0xa8, 0xfd, 0x63, 0x16, 0x9c, 0x4e, 0xf5, 0x8c, 0xd0, 0x68, 0x1d, 0xf1, 0x28,
+	0x24, 0x35, 0x4c, 0x85, 0xce, 0x1a, 0x26, 0xfb, 0x6f, 0x59, 0x70, 0x62, 0x61, 0xa7, 0x19, 0xed,
+	0xcd, 0xbb, 0xa6, 0x91, 0xf8, 0x83, 0xd0, 0xb7, 0x43, 0xea, 0x6e, 0x6b, 0x47, 0x8c, 0x5c, 0x59,
+	0x9e, 0x0e, 0x2b, 0x0c, 0x7a, 0xb0, 0x5f, 0x1e, 0xae, 0x46, 0x7e, 0xe0, 0x6c, 0x12, 0x0e, 0xc0,
+	0x82, 0x9c, 0x9d, 0xb1, 0xee, 0x3d, 0xb2, 0xec, 0xee, 0xb8, 0xd1, 0x83, 0xcd, 0x76, 0x61, 0xdf,
+	0x95, 0x4c, 0x70, 0xcc, 0xcf, 0xfe, 0xba, 0x05, 0xa3, 0x72, 0xde, 0xcf, 0xd4, 0xeb, 0x01, 0x09,
+	0x43, 0x34, 0x05, 0x05, 0xb7, 0x29, 0x5a, 0x09, 0xa2, 0x95, 0x85, 0xa5, 0x0a, 0x2e, 0xb8, 0x4d,
+	0x29, 0xce, 0xb3, 0x03, 0xa8, 0x68, 0x9a, 0xba, 0xaf, 0x09, 0x38, 0x56, 0x14, 0xe8, 0x12, 0x0c,
+	0x78, 0x7e, 0x9d, 0x4b, 0xc4, 0x5c, 0x94, 0x60, 0x13, 0x6c, 0x55, 0xc0, 0xb0, 0xc2, 0xa2, 0x0a,
+	0x94, 0xb8, 0x23, 0x64, 0x3c, 0x69, 0xbb, 0x72, 0xa7, 0x64, 0x5f, 0xb6, 0x26, 0x4b, 0xe2, 0x98,
+	0x89, 0xfd, 0x1b, 0x16, 0x0c, 0xc9, 0x2f, 0xeb, 0xf2, 0xae, 0x42, 0x97, 0x56, 0x7c, 0x4f, 0x89,
+	0x97, 0x16, 0xbd, 0x6b, 0x30, 0x8c, 0x71, 0xc5, 0x28, 0x1e, 0xea, 0x8a, 0x71, 0x05, 0x06, 0x9d,
+	0x66, 0xb3, 0x62, 0xde, 0x4f, 0xd8, 0x54, 0x9a, 0x89, 0xc1, 0x58, 0xa7, 0xb1, 0x7f, 0xb4, 0x00,
+	0x23, 0xf2, 0x0b, 0xaa, 0xad, 0xf5, 0x90, 0x44, 0x68, 0x0d, 0x4a, 0x0e, 0x1f, 0x25, 0x22, 0x27,
+	0xf9, 0x63, 0xd9, 0x7a, 0x33, 0x63, 0x48, 0x63, 0x41, 0x6b, 0x46, 0x96, 0xc6, 0x31, 0x23, 0xd4,
+	0x80, 0x71, 0xcf, 0x8f, 0xd8, 0xa1, 0xab, 0xf0, 0xed, 0x4c, 0x99, 0x49, 0xee, 0x67, 0x04, 0xf7,
+	0xf1, 0xd5, 0x24, 0x17, 0x9c, 0x66, 0x8c, 0x16, 0xa4, 0x2e, 0xb2, 0x98, 0xaf, 0x44, 0xd2, 0x07,
+	0x2e, 0x5b, 0x15, 0x69, 0xff, 0xaa, 0x05, 0x25, 0x49, 0x76, 0x1c, 0x56, 0xeb, 0x15, 0xe8, 0x0f,
+	0xd9, 0x20, 0xc8, 0xae, 0xb1, 0xdb, 0x35, 0x9c, 0x8f, 0x57, 0x2c, 0x4b, 0xf0, 0xff, 0x21, 0x96,
+	0x3c, 0x98, 0x29, 0x4a, 0x35, 0xff, 0x5d, 0x62, 0x8a, 0x52, 0xed, 0xc9, 0x39, 0x94, 0xfe, 0x94,
+	0xb5, 0x59, 0xd3, 0xed, 0x52, 0x91, 0xb7, 0x19, 0x90, 0x0d, 0xf7, 0x6e, 0x52, 0xe4, 0xad, 0x30,
+	0x28, 0x16, 0x58, 0xf4, 0x16, 0x0c, 0xd5, 0xa4, 0x0d, 0x22, 0x5e, 0xe1, 0x17, 0xdb, 0xda, 0xc3,
+	0x94, 0xe9, 0x94, 0xeb, 0xd0, 0xe6, 0xb4, 0xf2, 0xd8, 0xe0, 0x66, 0x3a, 0xfa, 0x14, 0x3b, 0x39,
+	0xfa, 0xc4, 0x7c, 0xf3, 0xdd, 0x5e, 0x7e, 0xdc, 0x82, 0x3e, 0xae, 0x7b, 0xee, 0x4e, 0xf5, 0xaf,
+	0x59, 0x92, 0xe3, 0xbe, 0xbb, 0x45, 0x81, 0x42, 0xd2, 0x40, 0x2b, 0x50, 0x62, 0x3f, 0x98, 0xee,
+	0xbc, 0x98, 0xff, 0x0e, 0x87, 0xd7, 0xaa, 0x37, 0xf0, 0x96, 0x2c, 0x86, 0x63, 0x0e, 0xf6, 0x8f,
+	0x14, 0xe9, 0xee, 0x16, 0x93, 0x1a, 0x87, 0xbe, 0xf5, 0xf0, 0x0e, 0xfd, 0xc2, 0xc3, 0x3a, 0xf4,
+	0x37, 0x61, 0xb4, 0xa6, 0xd9, 0x9d, 0xe3, 0x91, 0xbc, 0xd4, 0x76, 0x92, 0x68, 0x26, 0x6a, 0xae,
+	0x9d, 0x9b, 0x33, 0x99, 0xe0, 0x24, 0x57, 0xf4, 0x09, 0x18, 0xe2, 0xe3, 0x2c, 0x6a, 0xe1, 0xbe,
+	0x52, 0x4f, 0xe4, 0xcf, 0x17, 0xbd, 0x0a, 0xae, 0xcd, 0xd5, 0x8a, 0x63, 0x83, 0x99, 0xfd, 0x97,
+	0x16, 0xa0, 0x85, 0xe6, 0x16, 0xd9, 0x21, 0x81, 0xd3, 0x88, 0xcd, 0x47, 0x3f, 0x68, 0xc1, 0x24,
+	0x49, 0x81, 0xe7, 0xfc, 0x9d, 0x1d, 0x71, 0x59, 0xcc, 0xd1, 0x67, 0x2c, 0xe4, 0x94, 0x51, 0x0f,
+	0x95, 0x26, 0xf3, 0x28, 0x70, 0x6e, 0x7d, 0x68, 0x05, 0x26, 0xf8, 0x29, 0xa9, 0x10, 0x9a, 0xdf,
+	0xd5, 0x23, 0x82, 0xf1, 0xc4, 0x5a, 0x9a, 0x04, 0x67, 0x95, 0xb3, 0x7f, 0x75, 0x18, 0x72, 0x5b,
+	0xf1, 0x9e, 0xdd, 0xec, 0x3d, 0xbb, 0xd9, 0x7b, 0x76, 0xb3, 0xf7, 0xec, 0x66, 0xef, 0xd9, 0xcd,
+	0xde, 0xb3, 0x9b, 0xbd, 0x4b, 0xed, 0x66, 0xff, 0xb7, 0x05, 0x27, 0xd5, 0xf1, 0x65, 0x5c, 0xd8,
+	0x3f, 0x0b, 0x13, 0x7c, 0xb9, 0x19, 0x3e, 0xc6, 0xe2, 0xb8, 0xbe, 0x92, 0x39, 0x73, 0x13, 0xbe,
+	0xf0, 0x46, 0x41, 0xfe, 0xa8, 0x28, 0x03, 0x81, 0xb3, 0xaa, 0xb1, 0x7f, 0x69, 0x00, 0x7a, 0x17,
+	0x76, 0x89, 0x17, 0x1d, 0xc3, 0xd5, 0xa6, 0x06, 0x23, 0xae, 0xb7, 0xeb, 0x37, 0x76, 0x49, 0x9d,
+	0xe3, 0x0f, 0x73, 0x03, 0x3f, 0x25, 0x58, 0x8f, 0x2c, 0x19, 0x2c, 0x70, 0x82, 0xe5, 0xc3, 0xb0,
+	0x3e, 0x5c, 0x85, 0x3e, 0x7e, 0xf8, 0x08, 0xd3, 0x43, 0xe6, 0x9e, 0xcd, 0x3a, 0x51, 0x1c, 0xa9,
+	0xb1, 0x65, 0x84, 0x1f, 0x6e, 0xa2, 0x38, 0xfa, 0x0c, 0x8c, 0x6c, 0xb8, 0x41, 0x18, 0xad, 0xb9,
+	0x3b, 0xf4, 0x68, 0xd8, 0x69, 0x3e, 0x80, 0xb5, 0x41, 0xf5, 0xc3, 0xa2, 0xc1, 0x09, 0x27, 0x38,
+	0xa3, 0x4d, 0x18, 0x6e, 0x38, 0x7a, 0x55, 0xfd, 0x87, 0xae, 0x4a, 0x9d, 0x0e, 0xcb, 0x3a, 0x23,
+	0x6c, 0xf2, 0xa5, 0xcb, 0xa9, 0xc6, 0x14, 0xe6, 0x03, 0x4c, 0x9d, 0xa1, 0x96, 0x13, 0xd7, 0x94,
+	0x73, 0x1c, 0x15, 0xd0, 0x98, 0x23, 0x7b, 0xc9, 0x14, 0xd0, 0x34, 0x77, 0xf5, 0x4f, 0x43, 0x89,
+	0xd0, 0x2e, 0xa4, 0x8c, 0xc5, 0x01, 0x73, 0xb9, 0xbb, 0xb6, 0xae, 0xb8, 0xb5, 0xc0, 0x37, 0xed,
+	0x3c, 0x0b, 0x92, 0x13, 0x8e, 0x99, 0xa2, 0x39, 0xe8, 0x0b, 0x49, 0xe0, 0x2a, 0x5d, 0x72, 0x9b,
+	0x61, 0x64, 0x64, 0xfc, 0xd5, 0x1a, 0xff, 0x8d, 0x45, 0x51, 0x3a, 0xbd, 0x1c, 0xa6, 0x8a, 0x65,
+	0x87, 0x81, 0x36, 0xbd, 0x66, 0x18, 0x14, 0x0b, 0x2c, 0x7a, 0x1d, 0xfa, 0x03, 0xd2, 0x60, 0x86,
+	0xc4, 0xe1, 0xee, 0x27, 0x39, 0xb7, 0x4b, 0xf2, 0x72, 0x58, 0x32, 0x40, 0xd7, 0x01, 0x05, 0x84,
+	0x0a, 0x78, 0xae, 0xb7, 0xa9, 0xdc, 0xbb, 0xc5, 0x46, 0xab, 0x04, 0x69, 0x1c, 0x53, 0xc8, 0x07,
+	0x8b, 0x38, 0xa3, 0x18, 0xba, 0x0a, 0xe3, 0x0a, 0xba, 0xe4, 0x85, 0x91, 0x43, 0x37, 0xb8, 0x51,
+	0xc6, 0x4b, 0xe9, 0x57, 0x70, 0x92, 0x00, 0xa7, 0xcb, 0xd8, 0x3f, 0x67, 0x01, 0xef, 0xe7, 0x63,
+	0xd0, 0x2a, 0xbc, 0x66, 0x6a, 0x15, 0xce, 0xe4, 0x8e, 0x5c, 0x8e, 0x46, 0xe1, 0xe7, 0x2c, 0x18,
+	0xd4, 0x46, 0x36, 0x9e, 0xb3, 0x56, 0x9b, 0x39, 0xdb, 0x82, 0x31, 0x3a, 0xd3, 0x6f, 0xac, 0x87,
+	0x24, 0xd8, 0x25, 0x75, 0x36, 0x31, 0x0b, 0x0f, 0x36, 0x31, 0x95, 0x2b, 0xe9, 0x72, 0x82, 0x21,
+	0x4e, 0x55, 0x61, 0x7f, 0x5a, 0x36, 0x55, 0x79, 0xde, 0xd6, 0xd4, 0x98, 0x27, 0x3c, 0x6f, 0xd5,
+	0xa8, 0xe2, 0x98, 0x86, 0x2e, 0xb5, 0x2d, 0x3f, 0x8c, 0x92, 0x9e, 0xb7, 0xd7, 0xfc, 0x30, 0xc2,
+	0x0c, 0x63, 0xbf, 0x00, 0xb0, 0x70, 0x97, 0xd4, 0xf8, 0x8c, 0xd5, 0x2f, 0x3d, 0x56, 0xfe, 0xa5,
+	0xc7, 0xfe, 0x3d, 0x0b, 0x46, 0x16, 0xe7, 0x8c, 0x93, 0x6b, 0x1a, 0x80, 0xdf, 0xd4, 0x6e, 0xdf,
+	0x5e, 0x95, 0xee, 0x1f, 0xdc, 0x02, 0xae, 0xa0, 0x58, 0xa3, 0x40, 0x67, 0xa0, 0xd8, 0x68, 0x79,
+	0x42, 0xed, 0xd9, 0x4f, 0x8f, 0xc7, 0xe5, 0x96, 0x87, 0x29, 0x4c, 0x7b, 0xac, 0x54, 0xec, 0xfa,
+	0xb1, 0x52, 0xc7, 0x20, 0x25, 0xa8, 0x0c, 0xbd, 0x77, 0xee, 0xb8, 0x75, 0xfe, 0x14, 0x5c, 0xb8,
+	0xa6, 0xdc, 0xbe, 0xbd, 0x34, 0x1f, 0x62, 0x0e, 0xb7, 0xbf, 0x58, 0x84, 0xa9, 0xc5, 0x06, 0xb9,
+	0xfb, 0x0e, 0x9f, 0xc3, 0x77, 0xfb, 0xd4, 0xea, 0x70, 0x0a, 0xa4, 0xc3, 0x3e, 0xa7, 0xeb, 0xdc,
+	0x1f, 0x1b, 0xd0, 0xcf, 0x1d, 0x4f, 0xe5, 0xe3, 0xf8, 0x4c, 0x73, 0x5f, 0x7e, 0x87, 0x4c, 0x73,
+	0x07, 0x56, 0x61, 0xee, 0x53, 0x07, 0xa6, 0x80, 0x62, 0xc9, 0x7c, 0xea, 0x15, 0x18, 0xd2, 0x29,
+	0x0f, 0xf5, 0xb0, 0xf5, 0xbb, 0x8b, 0x30, 0x46, 0x5b, 0xf0, 0x50, 0x07, 0xe2, 0x66, 0x7a, 0x20,
+	0x8e, 0xfa, 0x71, 0x63, 0xe7, 0xd1, 0x78, 0x2b, 0x39, 0x1a, 0x57, 0xf2, 0x46, 0xe3, 0xb8, 0xc7,
+	0xe0, 0x7b, 0x2c, 0x98, 0x58, 0x6c, 0xf8, 0xb5, 0xed, 0xc4, 0x03, 0xc4, 0x97, 0x60, 0x90, 0x6e,
+	0xc7, 0xa1, 0x11, 0x8b, 0xc3, 0x88, 0xce, 0x22, 0x50, 0x58, 0xa7, 0xd3, 0x8a, 0xdd, 0xbc, 0xb9,
+	0x34, 0x9f, 0x15, 0xd4, 0x45, 0xa0, 0xb0, 0x4e, 0x67, 0xff, 0x8e, 0x05, 0xe7, 0xae, 0xce, 0x2d,
+	0xc4, 0x53, 0x31, 0x15, 0x57, 0xe6, 0x22, 0xf4, 0x35, 0xeb, 0x5a, 0x53, 0x62, 0xb5, 0xf0, 0x3c,
+	0x6b, 0x85, 0xc0, 0xbe, 0x5b, 0x62, 0x26, 0xdd, 0x04, 0xb8, 0x8a, 0x2b, 0x73, 0x62, 0xdf, 0x95,
+	0x56, 0x20, 0x2b, 0xd7, 0x0a, 0xf4, 0x04, 0xf4, 0xd3, 0x73, 0xc1, 0xad, 0xc9, 0x76, 0x73, 0x83,
+	0x3e, 0x07, 0x61, 0x89, 0xb3, 0x7f, 0xd6, 0x82, 0x89, 0xab, 0x6e, 0x44, 0x0f, 0xed, 0x64, 0xe0,
+	0x14, 0x7a, 0x6a, 0x87, 0x6e, 0xe4, 0x07, 0x7b, 0xc9, 0xc0, 0x29, 0x58, 0x61, 0xb0, 0x46, 0xc5,
+	0x3f, 0x68, 0xd7, 0x65, 0x2f, 0x29, 0x0a, 0xa6, 0xdd, 0x0d, 0x0b, 0x38, 0x56, 0x14, 0xb4, 0xbf,
+	0xea, 0x6e, 0xc0, 0x54, 0x96, 0x7b, 0x62, 0xe3, 0x56, 0xfd, 0x35, 0x2f, 0x11, 0x38, 0xa6, 0xb1,
+	0xff, 0xdc, 0x82, 0xf2, 0xd5, 0x46, 0x2b, 0x8c, 0x48, 0xb0, 0x11, 0xe6, 0x6c, 0xba, 0x2f, 0x40,
+	0x89, 0x48, 0x03, 0x81, 0x7c, 0xf2, 0x29, 0x05, 0x51, 0x65, 0x39, 0xe0, 0xf1, 0x5b, 0x14, 0x5d,
+	0x17, 0xaf, 0xa4, 0x0f, 0xf7, 0xcc, 0x75, 0x11, 0x10, 0xd1, 0xeb, 0xd2, 0x03, 0xda, 0xb0, 0xc8,
+	0x18, 0x0b, 0x29, 0x2c, 0xce, 0x28, 0x61, 0xff, 0x98, 0x05, 0x27, 0xd5, 0x07, 0xbf, 0xeb, 0x3e,
+	0xd3, 0xfe, 0x6a, 0x01, 0x86, 0xaf, 0xad, 0xad, 0x55, 0xae, 0x92, 0x48, 0x9b, 0x95, 0xed, 0xcd,
+	0xfe, 0x58, 0xb3, 0x5e, 0xb6, 0xbb, 0x23, 0xb6, 0x22, 0xb7, 0x31, 0xcd, 0xe3, 0xa2, 0x4d, 0x2f,
+	0x79, 0xd1, 0x8d, 0xa0, 0x1a, 0x05, 0xae, 0xb7, 0x99, 0x39, 0xd3, 0xa5, 0xcc, 0x52, 0xcc, 0x93,
+	0x59, 0xd0, 0x0b, 0xd0, 0xc7, 0x02, 0xb3, 0xc9, 0x41, 0x78, 0x44, 0x5d, 0xb1, 0x18, 0xf4, 0x60,
+	0xbf, 0x5c, 0xba, 0x89, 0x97, 0xf8, 0x1f, 0x2c, 0x48, 0xd1, 0x4d, 0x18, 0xdc, 0x8a, 0xa2, 0xe6,
+	0x35, 0xe2, 0xd4, 0x49, 0x20, 0x77, 0xd9, 0xf3, 0x59, 0xbb, 0x2c, 0xed, 0x04, 0x4e, 0x16, 0x6f,
+	0x4c, 0x31, 0x2c, 0xc4, 0x3a, 0x1f, 0xbb, 0x0a, 0x10, 0xe3, 0x8e, 0xc8, 0x70, 0x63, 0xaf, 0x41,
+	0x89, 0x7e, 0xee, 0x4c, 0xc3, 0x75, 0xda, 0x9b, 0xc6, 0x9f, 0x81, 0x92, 0x34, 0x7c, 0x87, 0x22,
+	0x8a, 0x03, 0x3b, 0x91, 0xa4, 0x5d, 0x3c, 0xc4, 0x31, 0xde, 0x7e, 0x1c, 0x84, 0x6f, 0x69, 0x3b,
+	0x96, 0xf6, 0x06, 0x9c, 0x60, 0x4e, 0xb2, 0x4e, 0xb4, 0x65, 0xcc, 0xd1, 0xce, 0x93, 0xe1, 0x59,
+	0x71, 0xaf, 0xe3, 0x5f, 0x36, 0xa9, 0x3d, 0x4e, 0x1e, 0x92, 0x1c, 0xe3, 0x3b, 0x9e, 0xfd, 0x67,
+	0x3d, 0xf0, 0xc8, 0x52, 0x35, 0x3f, 0xfc, 0xd0, 0xcb, 0x30, 0xc4, 0xc5, 0x45, 0x3a, 0x35, 0x9c,
+	0x86, 0xa8, 0x57, 0x69, 0x40, 0xd7, 0x34, 0x1c, 0x36, 0x28, 0xd1, 0x39, 0x28, 0xba, 0x6f, 0x7b,
+	0xc9, 0xa7, 0x7b, 0x4b, 0x6f, 0xac, 0x62, 0x0a, 0xa7, 0x68, 0x2a, 0x79, 0xf2, 0x2d, 0x5d, 0xa1,
+	0x95, 0xf4, 0xf9, 0x1a, 0x8c, 0xb8, 0x61, 0x2d, 0x74, 0x97, 0x3c, 0xba, 0x4e, 0xb5, 0x95, 0xae,
+	0x74, 0x0e, 0xb4, 0xd1, 0x0a, 0x8b, 0x13, 0xd4, 0xda, 0xf9, 0xd2, 0xdb, 0xb5, 0xf4, 0xda, 0x31,
+	0xf8, 0x01, 0xdd, 0xfe, 0x9b, 0xec, 0xeb, 0x42, 0xa6, 0x82, 0x17, 0xdb, 0x3f, 0xff, 0xe0, 0x10,
+	0x4b, 0x1c, 0xbd, 0xd0, 0xd5, 0xb6, 0x9c, 0xe6, 0x4c, 0x2b, 0xda, 0x9a, 0x77, 0xc3, 0x9a, 0xbf,
+	0x4b, 0x82, 0x3d, 0x76, 0x17, 0x1f, 0x88, 0x2f, 0x74, 0x0a, 0x31, 0x77, 0x6d, 0xa6, 0x42, 0x29,
+	0x71, 0xba, 0x0c, 0x9a, 0x81, 0x51, 0x09, 0xac, 0x92, 0x90, 0x1d, 0x01, 0x83, 0x8c, 0x8d, 0x7a,
+	0x4c, 0x27, 0xc0, 0x8a, 0x49, 0x92, 0xde, 0x14, 0x70, 0xe1, 0x28, 0x04, 0xdc, 0x0f, 0xc2, 0xb0,
+	0xeb, 0xb9, 0x91, 0xeb, 0x44, 0x3e, 0xb7, 0x1f, 0xf1, 0x6b, 0x37, 0x53, 0x30, 0x2f, 0xe9, 0x08,
+	0x6c, 0xd2, 0xd9, 0xff, 0xb6, 0x07, 0xc6, 0xd9, 0xb0, 0xbd, 0x37, 0xc3, 0xbe, 0x9d, 0x66, 0xd8,
+	0xcd, 0xf4, 0x0c, 0x3b, 0x0a, 0xc9, 0xfd, 0x81, 0xa7, 0xd9, 0x67, 0xa0, 0xa4, 0xde, 0x0f, 0xca,
+	0x07, 0xc4, 0x56, 0xce, 0x03, 0xe2, 0xce, 0xa7, 0xb7, 0x74, 0x49, 0x2b, 0x66, 0xba, 0xa4, 0x7d,
+	0xd9, 0x82, 0xd8, 0xb0, 0x80, 0xde, 0x80, 0x52, 0xd3, 0x67, 0x1e, 0xae, 0x81, 0x74, 0x1b, 0x7f,
+	0xbc, 0xad, 0x65, 0x82, 0x47, 0x60, 0x0b, 0x78, 0x2f, 0x54, 0x64, 0x51, 0x1c, 0x73, 0x41, 0xd7,
+	0xa1, 0xbf, 0x19, 0x90, 0x6a, 0xc4, 0xc2, 0x03, 0x75, 0xcf, 0x90, 0xcf, 0x1a, 0x5e, 0x10, 0x4b,
+	0x0e, 0xf6, 0xbf, 0xb7, 0x60, 0x2c, 0x49, 0x8a, 0x3e, 0x0c, 0x3d, 0xe4, 0x2e, 0xa9, 0x89, 0xf6,
+	0x66, 0x1e, 0xc5, 0xb1, 0x6a, 0x82, 0x77, 0x00, 0xfd, 0x8f, 0x59, 0x29, 0x74, 0x0d, 0xfa, 0xe9,
+	0x39, 0x7c, 0x55, 0x85, 0xc2, 0x7b, 0x34, 0xef, 0x2c, 0x57, 0x02, 0x0d, 0x6f, 0x9c, 0x00, 0x61,
+	0x59, 0x9c, 0xf9, 0x81, 0xd5, 0x9a, 0x55, 0x7a, 0xc5, 0x89, 0xda, 0xdd, 0xc4, 0xd7, 0xe6, 0x2a,
+	0x9c, 0x48, 0x70, 0xe3, 0x7e, 0x60, 0x12, 0x88, 0x63, 0x26, 0xf6, 0x2f, 0x58, 0x00, 0xdc, 0xed,
+	0xcd, 0xf1, 0x36, 0xc9, 0x31, 0x68, 0xd3, 0xe7, 0xa1, 0x27, 0x6c, 0x92, 0x5a, 0x3b, 0xe7, 0xeb,
+	0xb8, 0x3d, 0xd5, 0x26, 0xa9, 0xc5, 0x33, 0x8e, 0xfe, 0xc3, 0xac, 0xb4, 0xfd, 0xbd, 0x00, 0x23,
+	0x31, 0xd9, 0x52, 0x44, 0x76, 0xd0, 0x73, 0x46, 0xd0, 0x91, 0x33, 0x89, 0xa0, 0x23, 0x25, 0x46,
+	0xad, 0x29, 0x6e, 0x3f, 0x03, 0xc5, 0x1d, 0xe7, 0xae, 0xd0, 0xcc, 0x3d, 0xd3, 0xbe, 0x19, 0x94,
+	0xff, 0xf4, 0x8a, 0x73, 0x97, 0x5f, 0x5e, 0x9f, 0x91, 0x2b, 0x64, 0xc5, 0xb9, 0xdb, 0xd1, 0x41,
+	0x98, 0x56, 0xc2, 0xea, 0x72, 0x3d, 0xe1, 0xd1, 0xd5, 0x55, 0x5d, 0xae, 0x97, 0xac, 0xcb, 0xf5,
+	0xba, 0xa8, 0xcb, 0xf5, 0xd0, 0x3d, 0xe8, 0x17, 0x0e, 0x97, 0x22, 0x2c, 0xd9, 0xe5, 0x2e, 0xea,
+	0x13, 0xfe, 0x9a, 0xbc, 0xce, 0xcb, 0xf2, 0x72, 0x2e, 0xa0, 0x1d, 0xeb, 0x95, 0x15, 0xa2, 0xff,
+	0xc7, 0x82, 0x11, 0xf1, 0x1b, 0x93, 0xb7, 0x5b, 0x24, 0x8c, 0x84, 0xf0, 0xfa, 0x81, 0xee, 0xdb,
+	0x20, 0x0a, 0xf2, 0xa6, 0x7c, 0x40, 0x9e, 0x33, 0x26, 0xb2, 0x63, 0x8b, 0x12, 0xad, 0x40, 0x7f,
+	0xdb, 0x82, 0x13, 0x3b, 0xce, 0x5d, 0x5e, 0x23, 0x87, 0x61, 0x27, 0x72, 0x7d, 0xe1, 0xb8, 0xf0,
+	0xe1, 0xee, 0x86, 0x3f, 0x55, 0x9c, 0x37, 0x52, 0x5a, 0x29, 0x4f, 0x64, 0x91, 0x74, 0x6c, 0x6a,
+	0x66, 0xbb, 0xa6, 0x36, 0x60, 0x40, 0xce, 0xb7, 0x87, 0xe9, 0xdd, 0xcd, 0xea, 0x11, 0x73, 0xed,
+	0xa1, 0xd6, 0xf3, 0x19, 0x18, 0xd2, 0xe7, 0xd8, 0x43, 0xad, 0xeb, 0x6d, 0x98, 0xc8, 0x98, 0x4b,
+	0x0f, 0xb5, 0xca, 0x3b, 0x70, 0x26, 0x77, 0x7e, 0x3c, 0x54, 0xef, 0xfc, 0xaf, 0x5a, 0xfa, 0x3e,
+	0x78, 0x0c, 0x26, 0x8d, 0x39, 0xd3, 0xa4, 0x71, 0xbe, 0xfd, 0xca, 0xc9, 0xb1, 0x6b, 0xbc, 0xa5,
+	0x37, 0x9a, 0xee, 0xea, 0xe8, 0x75, 0xe8, 0x6b, 0x50, 0x88, 0x74, 0xdb, 0xb5, 0x3b, 0xaf, 0xc8,
+	0x58, 0x98, 0x64, 0xf0, 0x10, 0x0b, 0x0e, 0xf6, 0x2f, 0x5b, 0xd0, 0x73, 0x0c, 0x3d, 0x81, 0xcd,
+	0x9e, 0x78, 0x2e, 0x97, 0xb5, 0x88, 0xd0, 0x3e, 0x8d, 0x9d, 0x3b, 0x0b, 0x77, 0x23, 0xe2, 0x85,
+	0xec, 0x44, 0xce, 0xec, 0x98, 0x9f, 0xb2, 0x60, 0x62, 0xd9, 0x77, 0xea, 0xb3, 0x4e, 0xc3, 0xf1,
+	0x6a, 0x24, 0x58, 0xf2, 0x36, 0x0f, 0xe5, 0x73, 0x5e, 0xe8, 0xe8, 0x73, 0x3e, 0x27, 0x5d, 0xb6,
+	0x7a, 0xf2, 0xc7, 0x8f, 0x4a, 0xd2, 0xc9, 0x30, 0x4c, 0x86, 0x73, 0xf1, 0x16, 0x20, 0xbd, 0x95,
+	0xe2, 0xe5, 0x15, 0x86, 0x7e, 0x97, 0xb7, 0x57, 0x0c, 0xe2, 0x93, 0xd9, 0x12, 0x6e, 0xea, 0xf3,
+	0xb4, 0x37, 0x45, 0x1c, 0x80, 0x25, 0x23, 0xfb, 0x65, 0xc8, 0x0c, 0x9b, 0xd1, 0x59, 0x7b, 0x61,
+	0x7f, 0x1c, 0xc6, 0x59, 0xc9, 0x43, 0x6a, 0x06, 0xec, 0x84, 0xce, 0x35, 0x23, 0x04, 0xa8, 0xfd,
+	0x05, 0x0b, 0x46, 0x57, 0x13, 0x91, 0x11, 0x2f, 0x32, 0x2b, 0x6d, 0x86, 0xaa, 0xbf, 0xca, 0xa0,
+	0x58, 0x60, 0x8f, 0x5c, 0x15, 0xf6, 0xd7, 0x16, 0xc4, 0x91, 0x6c, 0x8e, 0x41, 0x7c, 0x9b, 0x33,
+	0xc4, 0xb7, 0x4c, 0x41, 0x56, 0x35, 0x27, 0x4f, 0x7a, 0x43, 0xd7, 0x55, 0x8c, 0xb7, 0x36, 0x32,
+	0x6c, 0xcc, 0x86, 0x4f, 0xc5, 0x11, 0x33, 0x10, 0x9c, 0x8c, 0xfa, 0x66, 0xff, 0x7e, 0x01, 0x90,
+	0xa2, 0xed, 0x3a, 0x06, 0x5d, 0xba, 0xc4, 0xd1, 0xc4, 0xa0, 0xdb, 0x05, 0xc4, 0xfc, 0x0c, 0x02,
+	0xc7, 0x0b, 0x39, 0x5b, 0x57, 0x28, 0xff, 0x0e, 0xe7, 0xc4, 0x30, 0x25, 0x1f, 0xa5, 0x2d, 0xa7,
+	0xb8, 0xe1, 0x8c, 0x1a, 0x34, 0xff, 0x91, 0xde, 0x6e, 0xfd, 0x47, 0xfa, 0x3a, 0xbc, 0xae, 0xfc,
+	0x8a, 0x05, 0xc3, 0xaa, 0x9b, 0xde, 0x25, 0x3e, 0xf8, 0xaa, 0x3d, 0x39, 0x1b, 0x68, 0x45, 0x6b,
+	0x32, 0x3b, 0x58, 0xbe, 0x83, 0xbd, 0x92, 0x75, 0x1a, 0xee, 0x3d, 0xa2, 0x62, 0x96, 0x96, 0xc5,
+	0xab, 0x57, 0x01, 0x3d, 0xd8, 0x2f, 0x0f, 0xab, 0x7f, 0x3c, 0x26, 0x7b, 0x5c, 0x84, 0x6e, 0xc9,
+	0xa3, 0x89, 0xa9, 0x88, 0x5e, 0x82, 0xde, 0xe6, 0x96, 0x13, 0x92, 0xc4, 0x5b, 0xa5, 0xde, 0x0a,
+	0x05, 0x1e, 0xec, 0x97, 0x47, 0x54, 0x01, 0x06, 0xc1, 0x9c, 0xba, 0xfb, 0xc8, 0x7e, 0xe9, 0xc9,
+	0xd9, 0x31, 0xb2, 0xdf, 0x5f, 0x5a, 0xd0, 0xb3, 0xea, 0xd7, 0x8f, 0x63, 0x0b, 0x78, 0xcd, 0xd8,
+	0x02, 0xce, 0xe6, 0xa5, 0xcb, 0xc8, 0x5d, 0xfd, 0x8b, 0x89, 0xd5, 0x7f, 0x3e, 0x97, 0x43, 0xfb,
+	0x85, 0xbf, 0x03, 0x83, 0x2c, 0x09, 0x87, 0x78, 0x97, 0xf5, 0x82, 0xb1, 0xe0, 0xcb, 0x89, 0x05,
+	0x3f, 0xaa, 0x91, 0x6a, 0x2b, 0xfd, 0x29, 0xe8, 0x17, 0x0f, 0x7d, 0x92, 0x8f, 0x8d, 0x05, 0x2d,
+	0x96, 0x78, 0xfb, 0xc7, 0x8b, 0x60, 0x24, 0xfd, 0x40, 0xbf, 0x6a, 0xc1, 0x74, 0xc0, 0x1d, 0x80,
+	0xeb, 0xf3, 0xad, 0xc0, 0xf5, 0x36, 0xab, 0xb5, 0x2d, 0x52, 0x6f, 0x35, 0x5c, 0x6f, 0x73, 0x69,
+	0xd3, 0xf3, 0x15, 0x78, 0xe1, 0x2e, 0xa9, 0xb5, 0x98, 0x71, 0xae, 0x43, 0x86, 0x11, 0xe5, 0x48,
+	0xff, 0xfc, 0xfd, 0xfd, 0xf2, 0x34, 0x3e, 0x14, 0x6f, 0x7c, 0xc8, 0xb6, 0xa0, 0xdf, 0xb1, 0xe0,
+	0x32, 0xcf, 0x85, 0xd1, 0x7d, 0xfb, 0xdb, 0xdc, 0x96, 0x2b, 0x92, 0x55, 0xcc, 0x64, 0x8d, 0x04,
+	0x3b, 0xb3, 0x1f, 0x14, 0x1d, 0x7a, 0xb9, 0x72, 0xb8, 0xba, 0xf0, 0x61, 0x1b, 0x67, 0xff, 0xc3,
+	0x22, 0x0c, 0x8b, 0x08, 0x70, 0xe2, 0x0c, 0x78, 0xc9, 0x98, 0x12, 0x8f, 0x26, 0xa6, 0xc4, 0xb8,
+	0x41, 0x7c, 0x34, 0xdb, 0x7f, 0x08, 0xe3, 0x74, 0x73, 0xbe, 0x46, 0x9c, 0x20, 0x5a, 0x27, 0x0e,
+	0x77, 0x0b, 0x2b, 0x1e, 0x7a, 0xf7, 0x57, 0xfa, 0xc9, 0xe5, 0x24, 0x33, 0x9c, 0xe6, 0xff, 0xed,
+	0x74, 0xe6, 0x78, 0x30, 0x96, 0x0a, 0xe2, 0xf7, 0x26, 0x94, 0xd4, 0x2b, 0x15, 0xb1, 0xe9, 0xb4,
+	0x8f, 0x85, 0x99, 0xe4, 0xc0, 0xd5, 0x5f, 0xf1, 0x0b, 0xa9, 0x98, 0x9d, 0xfd, 0x77, 0x0b, 0x46,
+	0x85, 0x7c, 0x10, 0x57, 0x61, 0xc0, 0x09, 0x43, 0x77, 0xd3, 0x23, 0xf5, 0x76, 0x1a, 0xca, 0x54,
+	0x35, 0xec, 0xa5, 0xd0, 0x8c, 0x28, 0x89, 0x15, 0x0f, 0x74, 0x8d, 0x3b, 0xdf, 0xed, 0x92, 0x76,
+	0xea, 0xc9, 0x14, 0x37, 0x90, 0xee, 0x79, 0xbb, 0x04, 0x8b, 0xf2, 0xe8, 0x93, 0xdc, 0x3b, 0xf2,
+	0xba, 0xe7, 0xdf, 0xf1, 0xae, 0xfa, 0xbe, 0x8c, 0xf6, 0xd1, 0x1d, 0xc3, 0x71, 0xe9, 0x13, 0xa9,
+	0x8a, 0x63, 0x93, 0x5b, 0x77, 0x51, 0x71, 0x3f, 0x0b, 0x2c, 0xf6, 0xbf, 0xf9, 0x28, 0x3c, 0x44,
+	0x04, 0x46, 0x45, 0x78, 0x41, 0x09, 0x13, 0x7d, 0x97, 0x79, 0x95, 0x33, 0x4b, 0xc7, 0x8a, 0xf4,
+	0xeb, 0x26, 0x0b, 0x9c, 0xe4, 0x69, 0xff, 0x8c, 0x05, 0xec, 0x81, 0xec, 0x31, 0xc8, 0x23, 0x1f,
+	0x31, 0xe5, 0x91, 0xc9, 0xbc, 0x4e, 0xce, 0x11, 0x45, 0x5e, 0xe4, 0x33, 0xab, 0x12, 0xf8, 0x77,
+	0xf7, 0x84, 0x4b, 0x4b, 0xe7, 0xfb, 0x87, 0xfd, 0xdf, 0x2d, 0xbe, 0x89, 0xc5, 0xe1, 0x04, 0x3e,
+	0x07, 0x03, 0x35, 0xa7, 0xe9, 0xd4, 0x78, 0x86, 0xaa, 0x5c, 0x8d, 0x9e, 0x51, 0x68, 0x7a, 0x4e,
+	0x94, 0xe0, 0x1a, 0x2a, 0x19, 0xa6, 0x72, 0x40, 0x82, 0x3b, 0x6a, 0xa5, 0x54, 0x95, 0x53, 0xdb,
+	0x30, 0x6c, 0x30, 0x7b, 0xa8, 0xea, 0x8c, 0xcf, 0xf1, 0x23, 0x56, 0x85, 0x55, 0xdd, 0x81, 0x71,
+	0x4f, 0xfb, 0x4f, 0x0f, 0x14, 0x79, 0xb9, 0x7c, 0xbc, 0xd3, 0x21, 0xca, 0x4e, 0x1f, 0xed, 0xed,
+	0x6d, 0x82, 0x0d, 0x4e, 0x73, 0xb6, 0x7f, 0xc2, 0x82, 0xd3, 0x3a, 0xa1, 0xf6, 0xbc, 0xa7, 0x93,
+	0x91, 0x64, 0x1e, 0x06, 0xfc, 0x26, 0x09, 0x9c, 0xc8, 0x0f, 0xc4, 0xa9, 0x71, 0x49, 0x76, 0xfa,
+	0x0d, 0x01, 0x3f, 0x10, 0xf9, 0x16, 0x24, 0x77, 0x09, 0xc7, 0xaa, 0x24, 0xbd, 0x7d, 0xb2, 0xce,
+	0x08, 0xc5, 0x43, 0x2e, 0xb6, 0x07, 0x30, 0x7b, 0x7b, 0x88, 0x05, 0xc6, 0xfe, 0x33, 0x8b, 0x4f,
+	0x2c, 0xbd, 0xe9, 0xe8, 0x6d, 0x18, 0xdb, 0x71, 0xa2, 0xda, 0xd6, 0xc2, 0xdd, 0x66, 0xc0, 0x4d,
+	0x4e, 0xb2, 0x9f, 0x9e, 0xe9, 0xd4, 0x4f, 0xda, 0x47, 0xc6, 0x0e, 0x9f, 0x2b, 0x09, 0x66, 0x38,
+	0xc5, 0x1e, 0xad, 0xc3, 0x20, 0x83, 0xb1, 0x37, 0x8a, 0x61, 0x3b, 0xd1, 0x20, 0xaf, 0x36, 0xe5,
+	0xb2, 0xb0, 0x12, 0xf3, 0xc1, 0x3a, 0x53, 0xfb, 0xcb, 0x45, 0xbe, 0xda, 0x99, 0x28, 0xff, 0x14,
+	0xf4, 0x37, 0xfd, 0xfa, 0xdc, 0xd2, 0x3c, 0x16, 0xa3, 0xa0, 0x8e, 0x91, 0x0a, 0x07, 0x63, 0x89,
+	0x47, 0x97, 0x60, 0x40, 0xfc, 0x94, 0x26, 0x42, 0xb6, 0x37, 0x0b, 0xba, 0x10, 0x2b, 0x2c, 0x7a,
+	0x1e, 0xa0, 0x19, 0xf8, 0xbb, 0x6e, 0x9d, 0xc5, 0x2c, 0x29, 0x9a, 0xde, 0x46, 0x15, 0x85, 0xc1,
+	0x1a, 0x15, 0x7a, 0x15, 0x86, 0x5b, 0x5e, 0xc8, 0xc5, 0x11, 0x2d, 0x32, 0xb4, 0xf2, 0x83, 0xb9,
+	0xa9, 0x23, 0xb1, 0x49, 0x8b, 0x66, 0xa0, 0x2f, 0x72, 0x98, 0xf7, 0x4c, 0x6f, 0xbe, 0x53, 0xf0,
+	0x1a, 0xa5, 0xd0, 0x93, 0x21, 0xd1, 0x02, 0x58, 0x14, 0x44, 0x6f, 0xca, 0xe7, 0xc2, 0x7c, 0x63,
+	0x17, 0xde, 0xf8, 0xdd, 0x1d, 0x02, 0xda, 0x63, 0x61, 0xe1, 0xe5, 0x6f, 0xf0, 0x42, 0xaf, 0x00,
+	0x90, 0xbb, 0x11, 0x09, 0x3c, 0xa7, 0xa1, 0x7c, 0xde, 0x94, 0x5c, 0x30, 0xef, 0xaf, 0xfa, 0xd1,
+	0xcd, 0x90, 0x2c, 0x28, 0x0a, 0xac, 0x51, 0xdb, 0xbf, 0x53, 0x02, 0x88, 0xe5, 0x76, 0x74, 0x2f,
+	0xb5, 0x71, 0x3d, 0xdb, 0x5e, 0xd2, 0x3f, 0xba, 0x5d, 0x0b, 0x7d, 0x9f, 0x05, 0x83, 0x22, 0x34,
+	0x0b, 0x1b, 0xa1, 0x42, 0xfb, 0x8d, 0xd3, 0x8c, 0x10, 0x43, 0x4b, 0xf0, 0x26, 0xbc, 0x20, 0x67,
+	0xa8, 0x86, 0xe9, 0xd8, 0x0a, 0xbd, 0x62, 0xf4, 0x7e, 0x79, 0x55, 0x2c, 0x1a, 0x5d, 0xa9, 0xae,
+	0x8a, 0x25, 0x76, 0x46, 0xe8, 0xb7, 0xc4, 0x9b, 0xc6, 0x2d, 0xb1, 0x27, 0xff, 0x3d, 0xa4, 0x21,
+	0xbe, 0x76, 0xba, 0x20, 0xa2, 0x8a, 0x1e, 0x1b, 0xa1, 0x37, 0xff, 0x11, 0x9f, 0x76, 0x4f, 0xea,
+	0x10, 0x17, 0xe1, 0x33, 0x30, 0x5a, 0x37, 0x85, 0x00, 0x31, 0x13, 0x9f, 0xcc, 0xe3, 0x9b, 0x90,
+	0x19, 0xe2, 0x63, 0x3f, 0x81, 0xc0, 0x49, 0xc6, 0xa8, 0xc2, 0x43, 0x65, 0x2c, 0x79, 0x1b, 0xbe,
+	0x78, 0x11, 0x62, 0xe7, 0x8e, 0xe5, 0x5e, 0x18, 0x91, 0x1d, 0x4a, 0x19, 0x9f, 0xee, 0xab, 0xa2,
+	0x2c, 0x56, 0x5c, 0xd0, 0xeb, 0xd0, 0xc7, 0x5e, 0x71, 0x85, 0x93, 0x03, 0xf9, 0x1a, 0x67, 0x33,
+	0x66, 0x60, 0xbc, 0x20, 0xd9, 0xdf, 0x10, 0x0b, 0x0e, 0xe8, 0x9a, 0x7c, 0x23, 0x19, 0x2e, 0x79,
+	0x37, 0x43, 0xc2, 0xde, 0x48, 0x96, 0x66, 0x1f, 0x8f, 0x9f, 0x3f, 0x72, 0x78, 0x66, 0xca, 0x44,
+	0xa3, 0x24, 0x95, 0xa2, 0xc4, 0x7f, 0x99, 0x89, 0x51, 0x44, 0x38, 0xca, 0x6c, 0x9e, 0x99, 0xad,
+	0x31, 0xee, 0xce, 0x5b, 0x26, 0x0b, 0x9c, 0xe4, 0x49, 0x25, 0x52, 0xbe, 0xea, 0xc5, 0x9b, 0x92,
+	0x4e, 0x7b, 0x07, 0xbf, 0x88, 0xb3, 0xd3, 0x88, 0x43, 0xb0, 0x28, 0x7f, 0xac, 0xe2, 0xc1, 0x94,
+	0x07, 0x63, 0xc9, 0x25, 0xfa, 0x50, 0xc5, 0x91, 0x3f, 0xe9, 0x81, 0x11, 0x73, 0x4a, 0xa1, 0xcb,
+	0x50, 0x12, 0x4c, 0x54, 0x36, 0x13, 0xb5, 0x4a, 0x56, 0x24, 0x02, 0xc7, 0x34, 0x2c, 0x89, 0x0d,
+	0x2b, 0xae, 0x39, 0x11, 0xc7, 0x49, 0x6c, 0x14, 0x06, 0x6b, 0x54, 0xf4, 0x62, 0xb5, 0xee, 0xfb,
+	0x91, 0x3a, 0x90, 0xd4, 0xbc, 0x9b, 0x65, 0x50, 0x2c, 0xb0, 0xf4, 0x20, 0xda, 0x26, 0x81, 0x47,
+	0x1a, 0x66, 0x14, 0x71, 0x75, 0x10, 0x5d, 0xd7, 0x91, 0xd8, 0xa4, 0xa5, 0xc7, 0xa9, 0x1f, 0xb2,
+	0x89, 0x2c, 0xae, 0x6f, 0xb1, 0x53, 0x76, 0x95, 0x3f, 0x2f, 0x97, 0x78, 0xf4, 0x71, 0x38, 0xad,
+	0x22, 0x76, 0x61, 0x6e, 0xcd, 0x90, 0x35, 0xf6, 0x19, 0xda, 0x96, 0xd3, 0x73, 0xd9, 0x64, 0x38,
+	0xaf, 0x3c, 0x7a, 0x0d, 0x46, 0x84, 0x88, 0x2f, 0x39, 0xf6, 0x9b, 0x1e, 0x46, 0xd7, 0x0d, 0x2c,
+	0x4e, 0x50, 0xcb, 0x38, 0xe8, 0x4c, 0xca, 0x96, 0x1c, 0x06, 0xd2, 0x71, 0xd0, 0x75, 0x3c, 0x4e,
+	0x95, 0x40, 0x33, 0x30, 0xca, 0x65, 0x30, 0xd7, 0xdb, 0xe4, 0x63, 0x22, 0x9e, 0x7c, 0xa9, 0x25,
+	0x75, 0xc3, 0x44, 0xe3, 0x24, 0x3d, 0x7a, 0x19, 0x86, 0x9c, 0xa0, 0xb6, 0xe5, 0x46, 0xa4, 0x16,
+	0xb5, 0x02, 0xfe, 0x16, 0x4c, 0x73, 0xd1, 0x9a, 0xd1, 0x70, 0xd8, 0xa0, 0xb4, 0xef, 0xc1, 0x44,
+	0x46, 0xdc, 0x09, 0x3a, 0x71, 0x9c, 0xa6, 0x2b, 0xbf, 0x29, 0xe1, 0x07, 0x3d, 0x53, 0x59, 0x92,
+	0x5f, 0xa3, 0x51, 0xd1, 0xd9, 0xc9, 0xe2, 0x53, 0x68, 0x89, 0x57, 0xd5, 0xec, 0x5c, 0x94, 0x08,
+	0x1c, 0xd3, 0xd8, 0xff, 0xa9, 0x00, 0xa3, 0x19, 0xb6, 0x15, 0x96, 0xfc, 0x33, 0x71, 0x49, 0x89,
+	0x73, 0x7d, 0x9a, 0x61, 0xf5, 0x0b, 0x87, 0x08, 0xab, 0x5f, 0xec, 0x14, 0x56, 0xbf, 0xe7, 0x9d,
+	0x84, 0xd5, 0x37, 0x7b, 0xac, 0xb7, 0xab, 0x1e, 0xcb, 0x08, 0xc5, 0xdf, 0x77, 0xc8, 0x50, 0xfc,
+	0x46, 0xa7, 0xf7, 0x77, 0xd1, 0xe9, 0x3f, 0x52, 0x80, 0xb1, 0xa4, 0x2b, 0xe9, 0x31, 0xe8, 0x6d,
+	0x5f, 0x37, 0xf4, 0xb6, 0x97, 0xba, 0x79, 0xa2, 0x9b, 0xab, 0xc3, 0xc5, 0x09, 0x1d, 0xee, 0xd3,
+	0x5d, 0x71, 0x6b, 0xaf, 0xcf, 0xfd, 0xc9, 0x02, 0x9c, 0xcc, 0x7c, 0x23, 0x7c, 0x0c, 0x7d, 0x73,
+	0xc3, 0xe8, 0x9b, 0xe7, 0xba, 0x7e, 0xbe, 0x9c, 0xdb, 0x41, 0xb7, 0x13, 0x1d, 0x74, 0xb9, 0x7b,
+	0x96, 0xed, 0x7b, 0xe9, 0xeb, 0x45, 0x38, 0x9f, 0x59, 0x2e, 0x56, 0x7b, 0x2e, 0x1a, 0x6a, 0xcf,
+	0xe7, 0x13, 0x6a, 0x4f, 0xbb, 0x7d, 0xe9, 0xa3, 0xd1, 0x83, 0x8a, 0x67, 0xbc, 0x2c, 0x18, 0xc1,
+	0x03, 0xea, 0x40, 0x8d, 0x67, 0xbc, 0x8a, 0x11, 0x36, 0xf9, 0x7e, 0x3b, 0xe9, 0x3e, 0x7f, 0xdb,
+	0x82, 0x33, 0x99, 0x63, 0x73, 0x0c, 0xba, 0xae, 0x55, 0x53, 0xd7, 0xf5, 0x54, 0xd7, 0xb3, 0x35,
+	0x47, 0xf9, 0xf5, 0xd3, 0xbd, 0x39, 0xdf, 0xc2, 0x6e, 0xf2, 0x37, 0x60, 0xd0, 0xa9, 0xd5, 0x48,
+	0x18, 0xae, 0xf8, 0x75, 0x15, 0x81, 0xfb, 0x39, 0x76, 0xcf, 0x8a, 0xc1, 0x07, 0xfb, 0xe5, 0xa9,
+	0x24, 0x8b, 0x18, 0x8d, 0x75, 0x0e, 0xe8, 0x93, 0x30, 0x10, 0x8a, 0x73, 0x53, 0x8c, 0xfd, 0x0b,
+	0x5d, 0x76, 0x8e, 0xb3, 0x4e, 0x1a, 0x66, 0xa8, 0x27, 0xa5, 0xa9, 0x50, 0x2c, 0xcd, 0xb0, 0x30,
+	0x85, 0x23, 0x0d, 0x0b, 0xf3, 0x3c, 0xc0, 0xae, 0xba, 0x0c, 0x24, 0xf5, 0x0f, 0xda, 0x35, 0x41,
+	0xa3, 0x42, 0x1f, 0x85, 0xb1, 0x90, 0xc7, 0x42, 0x9c, 0x6b, 0x38, 0x21, 0x7b, 0x6d, 0x23, 0x66,
+	0x21, 0x0b, 0x27, 0x55, 0x4d, 0xe0, 0x70, 0x8a, 0x1a, 0x2d, 0xca, 0x5a, 0x59, 0xe0, 0x46, 0x3e,
+	0x31, 0x2f, 0xc6, 0x35, 0x8a, 0xd4, 0xe3, 0x27, 0x92, 0xdd, 0xcf, 0x3a, 0x5e, 0x2b, 0x89, 0x3e,
+	0x09, 0x40, 0xa7, 0x8f, 0xd0, 0x43, 0xf4, 0xe7, 0x6f, 0x9e, 0x74, 0x57, 0xa9, 0x67, 0x3a, 0x37,
+	0xb3, 0x97, 0xb7, 0xf3, 0x8a, 0x09, 0xd6, 0x18, 0x22, 0x07, 0x86, 0xe3, 0x7f, 0x71, 0x66, 0xde,
+	0x4b, 0xb9, 0x35, 0x24, 0x99, 0x33, 0x95, 0xf7, 0xbc, 0xce, 0x02, 0x9b, 0x1c, 0xed, 0x7f, 0x37,
+	0x00, 0x8f, 0xb4, 0xd9, 0x86, 0xd1, 0x8c, 0x69, 0xea, 0x7d, 0x26, 0x79, 0x7f, 0x9f, 0xca, 0x2c,
+	0x6c, 0x5c, 0xe8, 0x13, 0xb3, 0xbd, 0xf0, 0x8e, 0x67, 0xfb, 0x0f, 0x59, 0x9a, 0x66, 0x85, 0x3b,
+	0x95, 0x7e, 0xe4, 0x90, 0xc7, 0xcb, 0x11, 0xaa, 0x5a, 0x36, 0x32, 0xf4, 0x15, 0xcf, 0x77, 0xdd,
+	0x9c, 0xee, 0x15, 0x18, 0x5f, 0xcd, 0x0e, 0x00, 0xcc, 0x55, 0x19, 0x57, 0x0f, 0xfb, 0xfd, 0xc7,
+	0x15, 0x0c, 0xf8, 0xf7, 0x2d, 0x38, 0x93, 0x02, 0xf3, 0x36, 0x90, 0x50, 0xc4, 0xa8, 0x5a, 0x7d,
+	0xc7, 0x8d, 0x97, 0x0c, 0xf9, 0x37, 0x5c, 0x13, 0xdf, 0x70, 0x26, 0x97, 0x2e, 0xd9, 0xf4, 0x1f,
+	0xfc, 0xa3, 0xf2, 0x04, 0xab, 0xc0, 0x24, 0xc4, 0xf9, 0x4d, 0x3f, 0xde, 0x8b, 0xff, 0x37, 0x27,
+	0xf6, 0xf1, 0xd4, 0x32, 0x9c, 0x6f, 0xdf, 0xd5, 0x87, 0x7a, 0x9e, 0xfc, 0x7b, 0x16, 0x9c, 0x6b,
+	0x1b, 0x03, 0xe7, 0x5b, 0x50, 0xce, 0xb5, 0x3f, 0x6f, 0xc1, 0xa3, 0x99, 0x25, 0x0c, 0xef, 0xb8,
+	0xcb, 0x50, 0xaa, 0x25, 0xf2, 0xa1, 0xc6, 0xd1, 0x20, 0x54, 0x2e, 0xd4, 0x98, 0xc6, 0x70, 0x82,
+	0x2b, 0x74, 0x74, 0x82, 0xfb, 0x0d, 0x0b, 0x52, 0x67, 0xd5, 0x31, 0x08, 0x4d, 0x4b, 0xa6, 0xd0,
+	0xf4, 0x78, 0x37, 0xbd, 0x99, 0x23, 0x2f, 0xfd, 0xc5, 0x28, 0x9c, 0xca, 0x79, 0x5d, 0xb8, 0x0b,
+	0xe3, 0x9b, 0x35, 0x62, 0x3e, 0x27, 0x6f, 0x17, 0x66, 0xa9, 0xed, 0xdb, 0x73, 0x9e, 0x86, 0x36,
+	0x45, 0x82, 0xd3, 0x55, 0xa0, 0xcf, 0x5b, 0x70, 0xc2, 0xb9, 0x13, 0x2e, 0x50, 0xe1, 0xd7, 0xad,
+	0xcd, 0x36, 0xfc, 0xda, 0x36, 0x95, 0x2c, 0xe4, 0xb2, 0x7a, 0x31, 0x53, 0x21, 0x79, 0xbb, 0x9a,
+	0xa2, 0x37, 0xaa, 0x67, 0x49, 0xc7, 0xb3, 0xa8, 0x70, 0x66, 0x5d, 0x08, 0x8b, 0xfc, 0x28, 0xf4,
+	0x6a, 0xdd, 0x26, 0xe0, 0x41, 0xd6, 0x33, 0x50, 0x2e, 0xcd, 0x49, 0x0c, 0x56, 0x7c, 0xd0, 0xa7,
+	0xa1, 0xb4, 0x29, 0xdf, 0x36, 0x67, 0x48, 0x8b, 0x71, 0x47, 0xb6, 0x7f, 0xf1, 0xcd, 0xbd, 0x0a,
+	0x14, 0x11, 0x8e, 0x99, 0xa2, 0xd7, 0xa0, 0xe8, 0x6d, 0x84, 0xed, 0xf2, 0x76, 0x27, 0xdc, 0x47,
+	0x79, 0x58, 0x91, 0xd5, 0xc5, 0x2a, 0xa6, 0x05, 0xd1, 0x35, 0x28, 0x06, 0xeb, 0x75, 0xa1, 0x4d,
+	0xcf, 0x5c, 0xa4, 0x78, 0x76, 0x3e, 0xa7, 0x55, 0x8c, 0x13, 0x9e, 0x9d, 0xc7, 0x94, 0x05, 0xaa,
+	0x40, 0x2f, 0x7b, 0x92, 0x27, 0x64, 0xb3, 0xcc, 0x5b, 0x68, 0x9b, 0xa7, 0xad, 0x3c, 0xf6, 0x08,
+	0x23, 0xc0, 0x9c, 0x11, 0x5a, 0x83, 0xbe, 0x1a, 0xcb, 0xf1, 0x2c, 0x84, 0xb1, 0xf7, 0x67, 0xea,
+	0xcd, 0xdb, 0x24, 0xbf, 0x16, 0x6a, 0x64, 0x46, 0x81, 0x05, 0x2f, 0xc6, 0x95, 0x34, 0xb7, 0x36,
+	0x42, 0xa6, 0x77, 0xcb, 0xe3, 0xda, 0x26, 0xa7, 0xbb, 0xe0, 0xca, 0x28, 0xb0, 0xe0, 0x85, 0x5e,
+	0x81, 0xc2, 0x46, 0x4d, 0x3c, 0xb7, 0xcb, 0x54, 0xa0, 0x9b, 0x91, 0x61, 0x66, 0xfb, 0xee, 0xef,
+	0x97, 0x0b, 0x8b, 0x73, 0xb8, 0xb0, 0x51, 0x43, 0xab, 0xd0, 0xbf, 0xc1, 0x63, 0x49, 0x08, 0x1d,
+	0xf9, 0x93, 0xd9, 0x61, 0x2e, 0x52, 0xe1, 0x26, 0xf8, 0xd3, 0x2d, 0x81, 0xc0, 0x92, 0x09, 0x4b,
+	0xd7, 0xa1, 0x62, 0x62, 0x88, 0x90, 0x7c, 0xd3, 0x87, 0x8b, 0x63, 0xc2, 0x65, 0xe5, 0x38, 0xb2,
+	0x06, 0xd6, 0x38, 0xd2, 0x59, 0xed, 0xdc, 0x6b, 0x05, 0x2c, 0x5e, 0xbb, 0x88, 0xdd, 0x94, 0x39,
+	0xab, 0x67, 0x24, 0x51, 0xbb, 0x59, 0xad, 0x88, 0x70, 0xcc, 0x14, 0x6d, 0xc3, 0xf0, 0x6e, 0xd8,
+	0xdc, 0x22, 0x72, 0x49, 0xb3, 0x50, 0x4e, 0x39, 0xb2, 0xde, 0x2d, 0x41, 0xe8, 0x06, 0x51, 0xcb,
+	0x69, 0xa4, 0x76, 0x21, 0x26, 0x97, 0xdf, 0xd2, 0x99, 0x61, 0x93, 0x37, 0xed, 0xfe, 0xb7, 0x5b,
+	0xfe, 0xfa, 0x5e, 0x44, 0x44, 0x24, 0xbd, 0xcc, 0xee, 0x7f, 0x83, 0x93, 0xa4, 0xbb, 0x5f, 0x20,
+	0xb0, 0x64, 0x82, 0x6e, 0x89, 0xee, 0x61, 0xbb, 0xe7, 0x58, 0x7e, 0x98, 0xde, 0x19, 0x49, 0x94,
+	0xd3, 0x29, 0x6c, 0xb7, 0x8c, 0x59, 0xb1, 0x5d, 0xb2, 0xb9, 0xe5, 0x47, 0xbe, 0x97, 0xd8, 0xa1,
+	0xc7, 0xf3, 0x77, 0xc9, 0x4a, 0x06, 0x7d, 0x7a, 0x97, 0xcc, 0xa2, 0xc2, 0x99, 0x75, 0xa1, 0x3a,
+	0x8c, 0x34, 0xfd, 0x20, 0xba, 0xe3, 0x07, 0x72, 0x7e, 0xa1, 0x36, 0x3a, 0x3e, 0x83, 0x52, 0xd4,
+	0xc8, 0x82, 0x54, 0x9a, 0x18, 0x9c, 0xe0, 0x89, 0x3e, 0x06, 0xfd, 0x61, 0xcd, 0x69, 0x90, 0xa5,
+	0x1b, 0x93, 0x13, 0xf9, 0xc7, 0x4f, 0x95, 0x93, 0xe4, 0xcc, 0x2e, 0x1e, 0x0a, 0x84, 0x93, 0x60,
+	0xc9, 0x0e, 0x2d, 0x42, 0x2f, 0x4b, 0x83, 0xc9, 0xc2, 0x3e, 0xe6, 0x44, 0x1b, 0x4e, 0x39, 0xf3,
+	0xf3, 0xbd, 0x89, 0x81, 0x31, 0x2f, 0x4e, 0xd7, 0x80, 0xb8, 0xea, 0xfa, 0xe1, 0xe4, 0xc9, 0xfc,
+	0x35, 0x20, 0x6e, 0xc8, 0x37, 0xaa, 0xed, 0xd6, 0x80, 0x22, 0xc2, 0x31, 0x53, 0xba, 0x33, 0xd3,
+	0xdd, 0xf4, 0x54, 0x1b, 0x2f, 0xb4, 0xdc, 0xbd, 0x94, 0xed, 0xcc, 0x74, 0x27, 0xa5, 0x2c, 0xec,
+	0x3f, 0xee, 0x4f, 0xcb, 0x2c, 0x4c, 0x39, 0xf2, 0xbf, 0x5b, 0x29, 0xbb, 0xf9, 0x07, 0xba, 0xd5,
+	0xd5, 0x1e, 0xe1, 0xb5, 0xee, 0xf3, 0x16, 0x9c, 0x6a, 0x66, 0x7e, 0x88, 0x10, 0x00, 0xba, 0x53,
+	0xf9, 0xf2, 0x4f, 0x57, 0x21, 0x42, 0xb3, 0xf1, 0x38, 0xa7, 0xa6, 0xe4, 0xd5, 0xb9, 0xf8, 0x8e,
+	0xaf, 0xce, 0x2b, 0x30, 0x50, 0xe3, 0xf7, 0x1c, 0x19, 0xda, 0xba, 0xab, 0x00, 0x77, 0x4c, 0x94,
+	0x10, 0x17, 0xa4, 0x0d, 0xac, 0x58, 0xa0, 0x1f, 0xb6, 0xe0, 0x5c, 0xb2, 0xe9, 0x98, 0x30, 0xb4,
+	0x88, 0x2b, 0xca, 0xf5, 0x32, 0x8b, 0xe2, 0xfb, 0x53, 0xf2, 0xbf, 0x41, 0x7c, 0xd0, 0x89, 0x00,
+	0xb7, 0xaf, 0x0c, 0xcd, 0x67, 0x28, 0x86, 0xfa, 0x4c, 0x63, 0x58, 0x17, 0xca, 0xa1, 0x17, 0x61,
+	0x68, 0xc7, 0x6f, 0x79, 0x91, 0x70, 0x5a, 0x13, 0x0e, 0x34, 0xcc, 0x71, 0x64, 0x45, 0x83, 0x63,
+	0x83, 0x2a, 0xa1, 0x52, 0x1a, 0x78, 0x60, 0x95, 0xd2, 0x5b, 0x30, 0xe4, 0x69, 0x5e, 0xd6, 0x42,
+	0x1e, 0xb8, 0x98, 0x1f, 0x13, 0x58, 0xf7, 0xc9, 0xe6, 0xad, 0xd4, 0x21, 0xd8, 0xe0, 0x76, 0xbc,
+	0xde, 0x6c, 0x3f, 0x5f, 0xc8, 0x10, 0xea, 0xb9, 0x5a, 0xe9, 0xc3, 0xa6, 0x5a, 0xe9, 0x62, 0x52,
+	0xad, 0x94, 0x32, 0x84, 0x18, 0x1a, 0xa5, 0xee, 0x53, 0x64, 0x75, 0x1d, 0x57, 0xf4, 0xbb, 0x2d,
+	0x38, 0xcd, 0x34, 0xeb, 0xb4, 0x82, 0x77, 0xac, 0x4d, 0x7f, 0xe4, 0xfe, 0x7e, 0xf9, 0xf4, 0x72,
+	0x36, 0x3b, 0x9c, 0x57, 0x8f, 0xdd, 0x80, 0x0b, 0x9d, 0x8e, 0x46, 0xe6, 0x41, 0x59, 0x57, 0xa6,
+	0xf7, 0xd8, 0x83, 0xb2, 0xbe, 0x34, 0x8f, 0x19, 0xa6, 0xdb, 0xa8, 0x59, 0xf6, 0x7f, 0xb0, 0xa0,
+	0x58, 0xf1, 0xeb, 0xc7, 0x70, 0xe9, 0xfe, 0x88, 0x71, 0xe9, 0x7e, 0x24, 0xfb, 0x50, 0xae, 0xe7,
+	0x9a, 0x92, 0x16, 0x12, 0xa6, 0xa4, 0x73, 0x79, 0x0c, 0xda, 0x1b, 0x8e, 0x7e, 0xaa, 0x08, 0x83,
+	0x15, 0xbf, 0xae, 0x9e, 0x2f, 0xfc, 0xe3, 0x07, 0x79, 0xbe, 0x90, 0x9b, 0xf4, 0x44, 0xe3, 0xcc,
+	0x1c, 0x2f, 0xe5, 0xcb, 0xed, 0x6f, 0xb1, 0x57, 0x0c, 0xb7, 0x89, 0xbb, 0xb9, 0x15, 0x91, 0x7a,
+	0xf2, 0x73, 0x8e, 0xef, 0x15, 0xc3, 0x1f, 0x17, 0x60, 0x34, 0x51, 0x3b, 0x6a, 0xc0, 0x70, 0x43,
+	0x37, 0x54, 0x88, 0x79, 0xfa, 0x40, 0x36, 0x0e, 0xe1, 0x05, 0xae, 0x81, 0xb0, 0xc9, 0x1c, 0x4d,
+	0x03, 0x28, 0xcb, 0xbd, 0x54, 0x57, 0xb3, 0x9b, 0x87, 0x32, 0xed, 0x87, 0x58, 0xa3, 0x40, 0x2f,
+	0xc1, 0x60, 0xe4, 0x37, 0xfd, 0x86, 0xbf, 0xb9, 0x77, 0x9d, 0xc8, 0x80, 0x6a, 0xca, 0xb7, 0x73,
+	0x2d, 0x46, 0x61, 0x9d, 0x0e, 0xdd, 0x85, 0x71, 0xc5, 0xa4, 0x7a, 0x04, 0xc6, 0x1b, 0xa6, 0xd9,
+	0x58, 0x4d, 0x72, 0xc4, 0xe9, 0x4a, 0xec, 0x9f, 0x2d, 0xf2, 0x2e, 0xf6, 0x22, 0xf7, 0xbd, 0xd5,
+	0xf0, 0xee, 0x5e, 0x0d, 0x5f, 0xb7, 0x60, 0x8c, 0xd6, 0xce, 0x1c, 0xd7, 0xa4, 0xa8, 0xa1, 0x22,
+	0xa1, 0x5b, 0x6d, 0x22, 0xa1, 0x5f, 0xa4, 0xbb, 0x66, 0xdd, 0x6f, 0x45, 0x42, 0x7f, 0xa8, 0x6d,
+	0x8b, 0x14, 0x8a, 0x05, 0x56, 0xd0, 0x91, 0x20, 0x10, 0x8f, 0x6d, 0x75, 0x3a, 0x12, 0x04, 0x58,
+	0x60, 0x65, 0xa0, 0xf4, 0x9e, 0xec, 0x40, 0xe9, 0x3c, 0xde, 0xad, 0x70, 0x71, 0x12, 0x42, 0x9f,
+	0x16, 0xef, 0x56, 0xfa, 0x3e, 0xc5, 0x34, 0xf6, 0x57, 0x8b, 0x30, 0x54, 0xf1, 0xeb, 0xb1, 0xd5,
+	0xfe, 0x45, 0xc3, 0x6a, 0x7f, 0x21, 0x61, 0xb5, 0x1f, 0xd3, 0x69, 0xdf, 0xb3, 0xd1, 0x7f, 0xb3,
+	0x6c, 0xf4, 0xbf, 0x6e, 0xb1, 0x51, 0x9b, 0x5f, 0xad, 0x72, 0x3f, 0x48, 0x74, 0x05, 0x06, 0xd9,
+	0x06, 0xc3, 0x5e, 0x77, 0x4b, 0x53, 0x36, 0x4b, 0x5c, 0xb6, 0x1a, 0x83, 0xb1, 0x4e, 0x83, 0x2e,
+	0xc1, 0x40, 0x48, 0x9c, 0xa0, 0xb6, 0xa5, 0x76, 0x57, 0x61, 0x77, 0xe6, 0x30, 0xac, 0xb0, 0xe8,
+	0x8d, 0x38, 0xd4, 0x6a, 0x31, 0xff, 0xb5, 0xa8, 0xde, 0x1e, 0xbe, 0x44, 0xf2, 0xe3, 0xab, 0xda,
+	0xb7, 0x01, 0xa5, 0xe9, 0xbb, 0x08, 0x06, 0x58, 0x36, 0x83, 0x01, 0x96, 0x52, 0x81, 0x00, 0xff,
+	0xca, 0x82, 0x91, 0x8a, 0x5f, 0xa7, 0x4b, 0xf7, 0xdb, 0x69, 0x9d, 0xea, 0x71, 0xa6, 0xfb, 0xda,
+	0xc4, 0x99, 0x7e, 0x0c, 0x7a, 0x2b, 0x7e, 0xbd, 0x43, 0xc0, 0xc2, 0xbf, 0x61, 0x41, 0x7f, 0xc5,
+	0xaf, 0x1f, 0x83, 0x69, 0xe2, 0xc3, 0xa6, 0x69, 0xe2, 0x74, 0xce, 0xbc, 0xc9, 0xb1, 0x46, 0xfc,
+	0xff, 0x3d, 0x30, 0x4c, 0xdb, 0xe9, 0x6f, 0xca, 0xa1, 0x34, 0xba, 0xcd, 0xea, 0xa2, 0xdb, 0xa8,
+	0x14, 0xee, 0x37, 0x1a, 0xfe, 0x9d, 0xe4, 0xb0, 0x2e, 0x32, 0x28, 0x16, 0x58, 0xf4, 0x2c, 0x0c,
+	0x34, 0x03, 0xb2, 0xeb, 0xfa, 0x42, 0xbc, 0xd5, 0x0c, 0x3d, 0x15, 0x01, 0xc7, 0x8a, 0x82, 0x5e,
+	0x4d, 0x43, 0xd7, 0xa3, 0x47, 0x79, 0xcd, 0xf7, 0xea, 0x5c, 0x7b, 0x5f, 0x14, 0xc9, 0x50, 0x34,
+	0x38, 0x36, 0xa8, 0xd0, 0x6d, 0x28, 0xb1, 0xff, 0x6c, 0xdb, 0x39, 0x7c, 0x1a, 0x66, 0x91, 0x1e,
+	0x52, 0x30, 0xc0, 0x31, 0x2f, 0xf4, 0x3c, 0x40, 0x24, 0x13, 0x0a, 0x84, 0x22, 0x70, 0x9d, 0xba,
+	0x0a, 0xa8, 0x54, 0x03, 0x21, 0xd6, 0xa8, 0xd0, 0x33, 0x50, 0x8a, 0x1c, 0xb7, 0xb1, 0xec, 0x7a,
+	0xcc, 0xfe, 0x4b, 0xdb, 0x2f, 0xb2, 0x34, 0x0a, 0x20, 0x8e, 0xf1, 0x54, 0x14, 0x63, 0x41, 0x4d,
+	0x78, 0x12, 0xfa, 0x01, 0x46, 0xcd, 0x44, 0xb1, 0x65, 0x05, 0xc5, 0x1a, 0x05, 0xda, 0x82, 0xb3,
+	0xae, 0xc7, 0x12, 0x87, 0x90, 0xea, 0xb6, 0xdb, 0x5c, 0x5b, 0xae, 0xde, 0x22, 0x81, 0xbb, 0xb1,
+	0x37, 0xeb, 0xd4, 0xb6, 0x89, 0x27, 0x13, 0xec, 0xca, 0xbc, 0xeb, 0x67, 0x97, 0xda, 0xd0, 0xe2,
+	0xb6, 0x9c, 0xec, 0x17, 0xd8, 0x7c, 0xbf, 0x51, 0x45, 0x4f, 0x1b, 0x5b, 0xc7, 0x29, 0x7d, 0xeb,
+	0x38, 0xd8, 0x2f, 0xf7, 0xdd, 0xa8, 0x6a, 0x31, 0x39, 0x5e, 0x86, 0x93, 0x15, 0xbf, 0x5e, 0xf1,
+	0x83, 0x68, 0xd1, 0x0f, 0xee, 0x38, 0x41, 0x5d, 0x4e, 0xaf, 0xb2, 0x8c, 0x4a, 0x42, 0xf7, 0xcf,
+	0x5e, 0xbe, 0xbb, 0x18, 0x11, 0x47, 0x5e, 0x60, 0x12, 0xdb, 0x21, 0xdf, 0xd2, 0xd5, 0x98, 0xec,
+	0xa0, 0x52, 0xef, 0x5c, 0x75, 0x22, 0x82, 0x6e, 0xb0, 0x14, 0xfa, 0xf1, 0x31, 0x2a, 0x8a, 0x3f,
+	0xa5, 0xa5, 0xd0, 0x8f, 0x91, 0x99, 0xe7, 0xae, 0x59, 0xde, 0xfe, 0x9c, 0xa8, 0x84, 0xeb, 0x01,
+	0xb8, 0xbf, 0x62, 0x37, 0x39, 0xa8, 0x65, 0x6e, 0x8e, 0x42, 0x7e, 0x52, 0x07, 0x6e, 0x79, 0x6d,
+	0x9b, 0x9b, 0xc3, 0xfe, 0x4e, 0x38, 0x95, 0xac, 0xbe, 0xeb, 0x44, 0xd8, 0x73, 0x30, 0x1e, 0xe8,
+	0x05, 0xb5, 0x44, 0x67, 0x27, 0x79, 0x3e, 0x85, 0x04, 0x12, 0xa7, 0xe9, 0xed, 0x97, 0x60, 0x9c,
+	0xde, 0x3d, 0x95, 0x20, 0xc7, 0x7a, 0xb9, 0x73, 0x78, 0x96, 0xff, 0xd8, 0xcb, 0x0e, 0xa2, 0x44,
+	0xd6, 0x1b, 0xf4, 0x29, 0x18, 0x09, 0xc9, 0xb2, 0xeb, 0xb5, 0xee, 0x4a, 0xed, 0x53, 0x9b, 0x47,
+	0xa4, 0xd5, 0x05, 0x9d, 0x92, 0xeb, 0xb0, 0x4d, 0x18, 0x4e, 0x70, 0x43, 0x3b, 0x30, 0x72, 0xc7,
+	0xf5, 0xea, 0xfe, 0x9d, 0x50, 0xf2, 0x1f, 0xc8, 0x57, 0x65, 0xdf, 0xe6, 0x94, 0x89, 0x36, 0x1a,
+	0xd5, 0xdd, 0x36, 0x98, 0xe1, 0x04, 0x73, 0xba, 0xd8, 0x83, 0x96, 0x37, 0x13, 0xde, 0x0c, 0x09,
+	0x7f, 0x16, 0x28, 0x16, 0x3b, 0x96, 0x40, 0x1c, 0xe3, 0xe9, 0x62, 0x67, 0x7f, 0xae, 0x06, 0x7e,
+	0x8b, 0xa7, 0x58, 0x11, 0x8b, 0x1d, 0x2b, 0x28, 0xd6, 0x28, 0xe8, 0x66, 0xc8, 0xfe, 0xad, 0xfa,
+	0x1e, 0xf6, 0xfd, 0x48, 0x6e, 0x9f, 0x2c, 0x45, 0x98, 0x06, 0xc7, 0x06, 0x15, 0x5a, 0x04, 0x14,
+	0xb6, 0x9a, 0xcd, 0x06, 0xf3, 0x4e, 0x73, 0x1a, 0x8c, 0x15, 0x77, 0xdb, 0x29, 0xf2, 0x10, 0xd1,
+	0xd5, 0x14, 0x16, 0x67, 0x94, 0xa0, 0xe7, 0xe2, 0x86, 0x68, 0x6a, 0x2f, 0x6b, 0x2a, 0x37, 0x7b,
+	0x55, 0x79, 0x3b, 0x25, 0x0e, 0x2d, 0x40, 0x7f, 0xb8, 0x17, 0xd6, 0xa2, 0x46, 0xd8, 0x2e, 0x21,
+	0x5b, 0x95, 0x91, 0x68, 0xf9, 0x40, 0x79, 0x11, 0x2c, 0xcb, 0xa2, 0x1a, 0x4c, 0x08, 0x8e, 0x73,
+	0x5b, 0x8e, 0xa7, 0xd2, 0x44, 0x71, 0x27, 0xfd, 0x2b, 0xf7, 0xf7, 0xcb, 0x13, 0xa2, 0x66, 0x1d,
+	0x7d, 0xb0, 0x5f, 0xa6, 0x8b, 0x23, 0x03, 0x83, 0xb3, 0xb8, 0xf1, 0xc9, 0x57, 0xab, 0xf9, 0x3b,
+	0xcd, 0x4a, 0xe0, 0x6f, 0xb8, 0x0d, 0xd2, 0xce, 0x74, 0x58, 0x35, 0x28, 0xc5, 0xe4, 0x33, 0x60,
+	0x38, 0xc1, 0xcd, 0xfe, 0x1c, 0x93, 0x1d, 0xab, 0xee, 0xa6, 0xe7, 0x44, 0xad, 0x80, 0xa0, 0x1d,
+	0x18, 0x6e, 0xb2, 0xdd, 0x45, 0x24, 0x3e, 0x11, 0x73, 0xfd, 0xc5, 0x2e, 0xd5, 0x4f, 0x77, 0x58,
+	0xea, 0x36, 0xc3, 0xd5, 0xad, 0xa2, 0xb3, 0xc3, 0x26, 0x77, 0xfb, 0x5f, 0x9c, 0x61, 0xd2, 0x47,
+	0x95, 0xeb, 0x94, 0xfa, 0xc5, 0x9b, 0x20, 0x71, 0x8d, 0x9d, 0xca, 0x57, 0xb0, 0xc6, 0xc3, 0x22,
+	0xde, 0x15, 0x61, 0x59, 0x16, 0x7d, 0x12, 0x46, 0xe8, 0xad, 0x50, 0x49, 0x00, 0xe1, 0xe4, 0x89,
+	0xfc, 0xd8, 0x2d, 0x8a, 0x4a, 0x4f, 0x8a, 0xa4, 0x17, 0xc6, 0x09, 0x66, 0xe8, 0x0d, 0xe6, 0x5a,
+	0x26, 0x59, 0x17, 0xba, 0x61, 0xad, 0x7b, 0x91, 0x49, 0xb6, 0x1a, 0x13, 0xd4, 0x82, 0x89, 0x74,
+	0xea, 0xc7, 0x70, 0xd2, 0xce, 0x17, 0xaf, 0xd3, 0xd9, 0x1b, 0xe3, 0xec, 0x35, 0x69, 0x5c, 0x88,
+	0xb3, 0xf8, 0xa3, 0xe5, 0x64, 0x62, 0xbe, 0xa2, 0xa1, 0xf7, 0x4d, 0x25, 0xe7, 0x1b, 0x6e, 0x9b,
+	0x93, 0x6f, 0x13, 0xce, 0x69, 0xb9, 0xcd, 0xae, 0x06, 0x0e, 0x73, 0xde, 0x70, 0xd9, 0x76, 0xaa,
+	0xc9, 0x45, 0x8f, 0xde, 0xdf, 0x2f, 0x9f, 0x5b, 0x6b, 0x47, 0x88, 0xdb, 0xf3, 0x41, 0x37, 0xe0,
+	0x24, 0x8f, 0x3c, 0x30, 0x4f, 0x9c, 0x7a, 0xc3, 0xf5, 0x94, 0xe0, 0xc5, 0x97, 0xfc, 0x99, 0xfb,
+	0xfb, 0xe5, 0x93, 0x33, 0x59, 0x04, 0x38, 0xbb, 0x1c, 0xfa, 0x30, 0x94, 0xea, 0x5e, 0x28, 0xfa,
+	0xa0, 0xcf, 0x48, 0x1f, 0x57, 0x9a, 0x5f, 0xad, 0xaa, 0xef, 0x8f, 0xff, 0xe0, 0xb8, 0x00, 0xda,
+	0xe4, 0xb6, 0x01, 0xa5, 0x2d, 0xea, 0x4f, 0x45, 0x5e, 0x4b, 0x2a, 0x54, 0x8d, 0xb7, 0xc7, 0xdc,
+	0x28, 0xa6, 0x9e, 0xe4, 0x18, 0xcf, 0x92, 0x0d, 0xc6, 0xe8, 0x75, 0x40, 0x22, 0x4d, 0xc1, 0x4c,
+	0x8d, 0x65, 0xd5, 0x61, 0x47, 0xe3, 0x80, 0xf9, 0x1a, 0xb6, 0x9a, 0xa2, 0xc0, 0x19, 0xa5, 0xd0,
+	0x35, 0xba, 0xab, 0xe8, 0x50, 0xb1, 0x6b, 0xa9, 0x24, 0xa5, 0xf3, 0xa4, 0x19, 0x10, 0xe6, 0x63,
+	0x66, 0x72, 0xc4, 0x89, 0x72, 0xa8, 0x0e, 0x67, 0x9d, 0x56, 0xe4, 0x33, 0xb3, 0x8b, 0x49, 0xba,
+	0xe6, 0x6f, 0x13, 0x8f, 0x59, 0x3c, 0x07, 0x66, 0x2f, 0x50, 0xc9, 0x6e, 0xa6, 0x0d, 0x1d, 0x6e,
+	0xcb, 0x85, 0x4a, 0xe4, 0x2a, 0x2b, 0x39, 0x98, 0xf1, 0xe4, 0x32, 0x32, 0x93, 0xbf, 0x04, 0x83,
+	0x5b, 0x7e, 0x18, 0xad, 0x92, 0xe8, 0x8e, 0x1f, 0x6c, 0x8b, 0xb8, 0xc8, 0x71, 0x2c, 0xfa, 0x18,
+	0x85, 0x75, 0x3a, 0x7a, 0xe5, 0x66, 0xfe, 0x38, 0x4b, 0xf3, 0xcc, 0x15, 0x62, 0x20, 0xde, 0x63,
+	0xae, 0x71, 0x30, 0x96, 0x78, 0x49, 0xba, 0x54, 0x99, 0x63, 0x6e, 0x0d, 0x09, 0xd2, 0xa5, 0xca,
+	0x1c, 0x96, 0x78, 0x3a, 0x5d, 0xc3, 0x2d, 0x27, 0x20, 0x95, 0xc0, 0xaf, 0x91, 0x50, 0xcb, 0x80,
+	0xf0, 0x08, 0x8f, 0xfa, 0x4c, 0xa7, 0x6b, 0x35, 0x8b, 0x00, 0x67, 0x97, 0x43, 0x24, 0x9d, 0xd7,
+	0x6f, 0x24, 0xdf, 0x1e, 0x95, 0x96, 0x67, 0xba, 0x4c, 0xed, 0xe7, 0xc1, 0x98, 0xca, 0x28, 0xc8,
+	0xe3, 0x3c, 0x87, 0x93, 0xa3, 0x6c, 0x6e, 0x77, 0x1f, 0x24, 0x5a, 0x59, 0xf8, 0x96, 0x12, 0x9c,
+	0x70, 0x8a, 0xb7, 0x11, 0x32, 0x70, 0xac, 0x63, 0xc8, 0xc0, 0xcb, 0x50, 0x0a, 0x5b, 0xeb, 0x75,
+	0x7f, 0xc7, 0x71, 0x3d, 0xe6, 0xd6, 0xa0, 0xdd, 0xfd, 0xaa, 0x12, 0x81, 0x63, 0x1a, 0xb4, 0x08,
+	0x03, 0x8e, 0x34, 0xdf, 0xa1, 0xfc, 0x20, 0x51, 0xca, 0x68, 0xc7, 0xe3, 0xa6, 0x48, 0x83, 0x9d,
+	0x2a, 0x8b, 0x5e, 0x85, 0x61, 0xf1, 0x72, 0x5e, 0x24, 0xe1, 0x9d, 0x30, 0x9f, 0x37, 0x56, 0x75,
+	0x24, 0x36, 0x69, 0xd1, 0x4d, 0x18, 0x8c, 0xfc, 0x06, 0x7b, 0xa3, 0x47, 0xc5, 0xbc, 0x53, 0xf9,
+	0xe1, 0x0e, 0xd7, 0x14, 0x99, 0xae, 0xb5, 0x56, 0x45, 0xb1, 0xce, 0x07, 0xad, 0xf1, 0xf9, 0xce,
+	0xf2, 0x1d, 0x90, 0x50, 0x64, 0x71, 0x3d, 0x97, 0xe7, 0x93, 0xc6, 0xc8, 0xcc, 0xe5, 0x20, 0x4a,
+	0x62, 0x9d, 0x0d, 0xba, 0x0a, 0xe3, 0xcd, 0xc0, 0xf5, 0xd9, 0x9c, 0x50, 0x96, 0xdb, 0x49, 0x33,
+	0xbb, 0x59, 0x25, 0x49, 0x80, 0xd3, 0x65, 0x58, 0xe0, 0x03, 0x01, 0x9c, 0x3c, 0xc3, 0x33, 0xb4,
+	0xf0, 0xab, 0x34, 0x87, 0x61, 0x85, 0x45, 0x2b, 0x6c, 0x27, 0xe6, 0x5a, 0xa0, 0xc9, 0xa9, 0xfc,
+	0xb8, 0x54, 0xba, 0xb6, 0x88, 0x0b, 0xaf, 0xea, 0x2f, 0x8e, 0x39, 0xa0, 0xba, 0x96, 0x18, 0x95,
+	0x5e, 0x01, 0xc2, 0xc9, 0xb3, 0x6d, 0x9c, 0x22, 0x13, 0xb7, 0xb2, 0x58, 0x20, 0x30, 0xc0, 0x21,
+	0x4e, 0xf0, 0x44, 0x1f, 0x85, 0x31, 0x11, 0x4d, 0x33, 0xee, 0xa6, 0x73, 0xf1, 0xcb, 0x07, 0x9c,
+	0xc0, 0xe1, 0x14, 0x35, 0xcf, 0x90, 0xe2, 0xac, 0x37, 0x88, 0xd8, 0xfa, 0x96, 0x5d, 0x6f, 0x3b,
+	0x9c, 0x3c, 0xcf, 0xf6, 0x07, 0x91, 0x21, 0x25, 0x89, 0xc5, 0x19, 0x25, 0xd0, 0x1a, 0x8c, 0x35,
+	0x03, 0x42, 0x76, 0x98, 0xa0, 0x2f, 0xce, 0xb3, 0x32, 0x8f, 0xfb, 0x41, 0x5b, 0x52, 0x49, 0xe0,
+	0x0e, 0x32, 0x60, 0x38, 0xc5, 0x01, 0xdd, 0x81, 0x01, 0x7f, 0x97, 0x04, 0x5b, 0xc4, 0xa9, 0x4f,
+	0x5e, 0x68, 0xf3, 0x12, 0x47, 0x1c, 0x6e, 0x37, 0x04, 0x6d, 0xc2, 0xdb, 0x43, 0x82, 0x3b, 0x7b,
+	0x7b, 0xc8, 0xca, 0xd0, 0xff, 0x61, 0xc1, 0x19, 0x69, 0x9c, 0xa9, 0x36, 0x69, 0xaf, 0xcf, 0xf9,
+	0x5e, 0x18, 0x05, 0x3c, 0x52, 0xc5, 0xa3, 0xf9, 0xd1, 0x1b, 0xd6, 0x72, 0x0a, 0x29, 0x45, 0xf4,
+	0x99, 0x3c, 0x8a, 0x10, 0xe7, 0xd7, 0x48, 0xaf, 0xa6, 0x21, 0x89, 0xe4, 0x66, 0x34, 0x13, 0x2e,
+	0xbe, 0x31, 0xbf, 0x3a, 0xf9, 0x18, 0x0f, 0xb3, 0x41, 0x17, 0x43, 0x35, 0x89, 0xc4, 0x69, 0x7a,
+	0x74, 0x05, 0x0a, 0x7e, 0x38, 0xf9, 0x78, 0x9b, 0x5c, 0xba, 0x7e, 0xfd, 0x46, 0x95, 0x7b, 0xfd,
+	0xdd, 0xa8, 0xe2, 0x82, 0x1f, 0xca, 0x2c, 0x25, 0xf4, 0x3e, 0x16, 0x4e, 0x3e, 0xc1, 0xd5, 0x96,
+	0x32, 0x4b, 0x09, 0x03, 0xe2, 0x18, 0x8f, 0xb6, 0x60, 0x34, 0x34, 0xee, 0xbd, 0xe1, 0xe4, 0x45,
+	0xd6, 0x53, 0x4f, 0xe4, 0x0d, 0x9a, 0x41, 0xad, 0xa5, 0x0f, 0x30, 0xb9, 0xe0, 0x24, 0x5b, 0xbe,
+	0xba, 0xb4, 0x9b, 0x77, 0x38, 0xf9, 0x64, 0x87, 0xd5, 0xa5, 0x11, 0xeb, 0xab, 0x4b, 0xe7, 0x81,
+	0x13, 0x3c, 0xa7, 0xbe, 0x03, 0xc6, 0x53, 0xe2, 0xd2, 0x61, 0x3c, 0xdc, 0xa7, 0xb6, 0x61, 0xd8,
+	0x98, 0x92, 0x0f, 0xd5, 0xbb, 0xe2, 0xb7, 0x4b, 0x50, 0x52, 0x56, 0x6f, 0x74, 0xd9, 0x74, 0xa8,
+	0x38, 0x93, 0x74, 0xa8, 0x18, 0xa8, 0xf8, 0x75, 0xc3, 0x87, 0x62, 0x2d, 0x23, 0x18, 0x63, 0xde,
+	0x06, 0xd8, 0xfd, 0x23, 0x15, 0xcd, 0x94, 0x50, 0xec, 0xda, 0x33, 0xa3, 0xa7, 0xad, 0x75, 0xe2,
+	0x2a, 0x8c, 0x7b, 0x3e, 0x93, 0xd1, 0x49, 0x5d, 0x0a, 0x60, 0x4c, 0xce, 0x2a, 0xe9, 0xd1, 0x8d,
+	0x12, 0x04, 0x38, 0x5d, 0x86, 0x56, 0xc8, 0x05, 0xa5, 0xa4, 0x39, 0x84, 0xcb, 0x51, 0x58, 0x60,
+	0xe9, 0xdd, 0x90, 0xff, 0x0a, 0x27, 0xc7, 0xf2, 0xef, 0x86, 0xbc, 0x50, 0x52, 0x18, 0x0b, 0xa5,
+	0x30, 0xc6, 0xb4, 0xff, 0x4d, 0xbf, 0xbe, 0x54, 0x11, 0x62, 0xbe, 0x16, 0x49, 0xb8, 0xbe, 0x54,
+	0xc1, 0x1c, 0x87, 0x66, 0xa0, 0x8f, 0xfd, 0x08, 0x27, 0x87, 0xf2, 0xa3, 0xe1, 0xb0, 0x12, 0x5a,
+	0x96, 0x34, 0x56, 0x00, 0x8b, 0x82, 0x4c, 0xbb, 0x4b, 0xef, 0x46, 0x4c, 0xbb, 0xdb, 0xff, 0x80,
+	0xda, 0x5d, 0xc9, 0x00, 0xc7, 0xbc, 0xd0, 0x5d, 0x38, 0x69, 0xdc, 0x47, 0xd5, 0xab, 0x1d, 0xc8,
+	0x37, 0xfc, 0x26, 0x88, 0x67, 0xcf, 0x89, 0x46, 0x9f, 0x5c, 0xca, 0xe2, 0x84, 0xb3, 0x2b, 0x40,
+	0x0d, 0x18, 0xaf, 0xa5, 0x6a, 0x1d, 0xe8, 0xbe, 0x56, 0x35, 0x2f, 0xd2, 0x35, 0xa6, 0x19, 0xa3,
+	0x57, 0x61, 0xe0, 0x6d, 0x3f, 0x64, 0x47, 0xa4, 0xb8, 0x9a, 0xc8, 0x70, 0x0e, 0x03, 0x6f, 0xdc,
+	0xa8, 0x32, 0xf8, 0xc1, 0x7e, 0x79, 0xb0, 0xe2, 0xd7, 0xe5, 0x5f, 0xac, 0x0a, 0xa0, 0xef, 0xb7,
+	0x60, 0x2a, 0x7d, 0xe1, 0x55, 0x8d, 0x1e, 0xee, 0xbe, 0xd1, 0xb6, 0xa8, 0x74, 0x6a, 0x21, 0x97,
+	0x1d, 0x6e, 0x53, 0x15, 0xfa, 0x10, 0x5d, 0x4f, 0xa1, 0x7b, 0x8f, 0x88, 0x14, 0xb3, 0x8f, 0xc6,
+	0xeb, 0x89, 0x42, 0x0f, 0xf6, 0xcb, 0xa3, 0x7c, 0x67, 0x74, 0xef, 0xc9, 0xe7, 0x4d, 0xa2, 0x00,
+	0xfa, 0x4e, 0x38, 0x19, 0xa4, 0x35, 0xa8, 0x44, 0x0a, 0xe1, 0x4f, 0x77, 0xb3, 0xcb, 0x26, 0x07,
+	0x1c, 0x67, 0x31, 0xc4, 0xd9, 0xf5, 0xd8, 0xbf, 0x62, 0x31, 0xfd, 0xb6, 0x68, 0x16, 0x09, 0x5b,
+	0x8d, 0xe3, 0x48, 0x6c, 0xbd, 0x60, 0xd8, 0x8e, 0x1f, 0xd8, 0xb1, 0xe8, 0x1f, 0x59, 0xcc, 0xb1,
+	0xe8, 0x18, 0x5f, 0x31, 0xbd, 0x01, 0x03, 0x91, 0x4c, 0x38, 0xde, 0x26, 0x17, 0xb7, 0xd6, 0x28,
+	0xe6, 0x5c, 0xa5, 0x2e, 0x39, 0x2a, 0xb7, 0xb8, 0x62, 0x63, 0xff, 0x7d, 0x3e, 0x02, 0x12, 0x73,
+	0x0c, 0x26, 0xba, 0x79, 0xd3, 0x44, 0x57, 0xee, 0xf0, 0x05, 0x39, 0xa6, 0xba, 0xbf, 0x67, 0xb6,
+	0x9b, 0x29, 0xf7, 0xde, 0xed, 0x1e, 0x6d, 0xf6, 0x17, 0x2c, 0x80, 0x38, 0xc8, 0x7c, 0x17, 0x29,
+	0x25, 0x5f, 0xa6, 0xd7, 0x1a, 0x3f, 0xf2, 0x6b, 0x7e, 0x43, 0x18, 0x28, 0xce, 0xc6, 0x56, 0x42,
+	0x0e, 0x3f, 0xd0, 0x7e, 0x63, 0x45, 0x8d, 0xca, 0x32, 0xa4, 0x65, 0x31, 0xb6, 0x5b, 0x1b, 0xe1,
+	0x2c, 0xbf, 0x64, 0xc1, 0x89, 0x2c, 0x97, 0x78, 0x7a, 0x49, 0xe6, 0x6a, 0x4e, 0xe5, 0x6d, 0xa8,
+	0x46, 0xf3, 0x96, 0x80, 0x63, 0x45, 0xd1, 0x75, 0xae, 0xce, 0xc3, 0x45, 0x77, 0xbf, 0x01, 0xc3,
+	0x95, 0x80, 0x68, 0xf2, 0xc5, 0x6b, 0x3c, 0x4c, 0x0a, 0x6f, 0xcf, 0xb3, 0x87, 0x0e, 0x91, 0x62,
+	0x7f, 0xb9, 0x00, 0x27, 0xb8, 0xd3, 0xce, 0xcc, 0xae, 0xef, 0xd6, 0x2b, 0x7e, 0x5d, 0x3c, 0x64,
+	0x7c, 0x13, 0x86, 0x9a, 0x9a, 0x6e, 0xba, 0x5d, 0xa4, 0x62, 0x5d, 0x87, 0x1d, 0x6b, 0xd3, 0x74,
+	0x28, 0x36, 0x78, 0xa1, 0x3a, 0x0c, 0x91, 0x5d, 0xb7, 0xa6, 0x3c, 0x3f, 0x0a, 0x87, 0x3e, 0xa4,
+	0x55, 0x2d, 0x0b, 0x1a, 0x1f, 0x6c, 0x70, 0x7d, 0x08, 0x19, 0xf4, 0xed, 0x1f, 0xb5, 0xe0, 0x74,
+	0x4e, 0x5c, 0x63, 0x5a, 0xdd, 0x1d, 0xe6, 0x1e, 0x25, 0xa6, 0xad, 0xaa, 0x8e, 0x3b, 0x4d, 0x61,
+	0x81, 0x45, 0x1f, 0x03, 0xe0, 0x4e, 0x4f, 0xc4, 0xab, 0x75, 0x0c, 0x00, 0x6b, 0xc4, 0xae, 0xd4,
+	0xc2, 0x10, 0xca, 0xf2, 0x58, 0xe3, 0x65, 0x7f, 0xa9, 0x07, 0x7a, 0x99, 0x93, 0x0d, 0xaa, 0x40,
+	0xff, 0x16, 0xcf, 0x54, 0xd5, 0x76, 0xdc, 0x28, 0xad, 0x4c, 0x7e, 0x15, 0x8f, 0x9b, 0x06, 0xc5,
+	0x92, 0x0d, 0x5a, 0x81, 0x09, 0x9e, 0x30, 0xac, 0x31, 0x4f, 0x1a, 0xce, 0x9e, 0x54, 0xfb, 0xf2,
+	0x1c, 0xd8, 0x4a, 0xfd, 0xbd, 0x94, 0x26, 0xc1, 0x59, 0xe5, 0xd0, 0x6b, 0x30, 0x42, 0xaf, 0xe1,
+	0x7e, 0x2b, 0x92, 0x9c, 0x78, 0xaa, 0x30, 0x75, 0x33, 0x59, 0x33, 0xb0, 0x38, 0x41, 0x8d, 0x5e,
+	0x85, 0xe1, 0x66, 0x4a, 0xc1, 0xdd, 0x1b, 0x6b, 0x82, 0x4c, 0xa5, 0xb6, 0x49, 0xcb, 0xbc, 0xe2,
+	0x5b, 0xec, 0x0d, 0xc0, 0xda, 0x56, 0x40, 0xc2, 0x2d, 0xbf, 0x51, 0x67, 0x12, 0x70, 0xaf, 0xe6,
+	0x15, 0x9f, 0xc0, 0xe3, 0x54, 0x09, 0xca, 0x65, 0xc3, 0x71, 0x1b, 0xad, 0x80, 0xc4, 0x5c, 0xfa,
+	0x4c, 0x2e, 0x8b, 0x09, 0x3c, 0x4e, 0x95, 0xe8, 0xac, 0xb9, 0xef, 0x3f, 0x1a, 0xcd, 0xbd, 0xfd,
+	0xd3, 0x05, 0x30, 0x86, 0xf6, 0xdb, 0x37, 0x85, 0x19, 0xfd, 0xb2, 0xcd, 0xa0, 0x59, 0x13, 0x0e,
+	0x65, 0x99, 0x5f, 0x16, 0xe7, 0x2f, 0xe6, 0x5f, 0x46, 0xff, 0x63, 0x56, 0x8a, 0xae, 0xf1, 0x93,
+	0x95, 0xc0, 0xa7, 0x87, 0x9c, 0x0c, 0xa4, 0xa7, 0x1e, 0x9f, 0xf4, 0xcb, 0x20, 0x03, 0x6d, 0x42,
+	0xce, 0x0a, 0xf7, 0x7c, 0xce, 0xc1, 0xf0, 0xbd, 0xaa, 0x8a, 0x68, 0x1f, 0x92, 0x0b, 0xba, 0x02,
+	0x83, 0x22, 0x2f, 0x15, 0x7b, 0x23, 0xc1, 0x17, 0x13, 0xf3, 0x15, 0x9b, 0x8f, 0xc1, 0x58, 0xa7,
+	0xb1, 0x7f, 0xa0, 0x00, 0x13, 0x19, 0x8f, 0xdc, 0xf8, 0x31, 0xb2, 0xe9, 0x86, 0x91, 0x4a, 0x91,
+	0xac, 0x1d, 0x23, 0x1c, 0x8e, 0x15, 0x05, 0xdd, 0xab, 0xf8, 0x41, 0x95, 0x3c, 0x9c, 0xc4, 0x23,
+	0x12, 0x81, 0x3d, 0x64, 0xb2, 0xe1, 0x0b, 0xd0, 0xd3, 0x0a, 0x89, 0x0c, 0x16, 0xad, 0x8e, 0x6d,
+	0x66, 0xd6, 0x66, 0x18, 0x7a, 0x05, 0xdc, 0x54, 0x16, 0x62, 0xed, 0x0a, 0xc8, 0x6d, 0xc4, 0x1c,
+	0x47, 0x1b, 0x17, 0x11, 0xcf, 0xf1, 0x22, 0x71, 0x51, 0x8c, 0xa3, 0x9e, 0x32, 0x28, 0x16, 0x58,
+	0xfb, 0x8b, 0x45, 0x38, 0x93, 0xfb, 0xec, 0x95, 0x36, 0x7d, 0xc7, 0xf7, 0xdc, 0xc8, 0x57, 0x4e,
+	0x78, 0x3c, 0xd2, 0x29, 0x69, 0x6e, 0xad, 0x08, 0x38, 0x56, 0x14, 0xe8, 0x22, 0xf4, 0x32, 0xa5,
+	0x78, 0x2a, 0x59, 0xf4, 0xec, 0x3c, 0x0f, 0x7d, 0xc7, 0xd1, 0x5d, 0xe7, 0xf7, 0x7f, 0x8c, 0x4a,
+	0x30, 0x7e, 0x23, 0x79, 0xa0, 0xd0, 0xe6, 0xfa, 0x7e, 0x03, 0x33, 0x24, 0x7a, 0x42, 0xf4, 0x57,
+	0xc2, 0xeb, 0x0c, 0x3b, 0x75, 0x3f, 0xd4, 0x3a, 0xed, 0x29, 0xe8, 0xdf, 0x26, 0x7b, 0x81, 0xeb,
+	0x6d, 0x26, 0xbd, 0x11, 0xaf, 0x73, 0x30, 0x96, 0x78, 0x33, 0x6f, 0x69, 0xff, 0x51, 0x27, 0xe6,
+	0x1f, 0xe8, 0x28, 0x9e, 0xfc, 0x50, 0x11, 0x46, 0xf1, 0xec, 0xfc, 0x7b, 0x03, 0x71, 0x33, 0x3d,
+	0x10, 0x47, 0x9d, 0x98, 0xbf, 0xf3, 0x68, 0xfc, 0xa2, 0x05, 0xa3, 0x2c, 0x3b, 0x96, 0x88, 0x59,
+	0xe1, 0xfa, 0xde, 0x31, 0x5c, 0x05, 0x1e, 0x83, 0xde, 0x80, 0x56, 0x9a, 0xcc, 0x12, 0xcd, 0x5a,
+	0x82, 0x39, 0x0e, 0x9d, 0x85, 0x1e, 0xd6, 0x04, 0x3a, 0x78, 0x43, 0x7c, 0x0b, 0x9e, 0x77, 0x22,
+	0x07, 0x33, 0x28, 0x0b, 0xfc, 0x86, 0x49, 0xb3, 0xe1, 0xf2, 0x46, 0xc7, 0x2e, 0x0b, 0xef, 0x8e,
+	0x80, 0x18, 0x99, 0x4d, 0x7b, 0x67, 0x81, 0xdf, 0xb2, 0x59, 0xb6, 0xbf, 0x66, 0xff, 0x79, 0x01,
+	0xce, 0x67, 0x96, 0xeb, 0x3a, 0xf0, 0x5b, 0xfb, 0xd2, 0x0f, 0x33, 0xff, 0x51, 0xf1, 0x18, 0x7d,
+	0xbd, 0x7b, 0xba, 0x95, 0xfe, 0x7b, 0xbb, 0x88, 0xc7, 0x96, 0xd9, 0x65, 0xef, 0x92, 0x78, 0x6c,
+	0x99, 0x6d, 0xcb, 0x51, 0x13, 0xfc, 0x75, 0x21, 0xe7, 0x5b, 0x98, 0xc2, 0xe0, 0x12, 0xdd, 0x67,
+	0x18, 0x32, 0x94, 0x97, 0x70, 0xbe, 0xc7, 0x70, 0x18, 0x56, 0x58, 0x34, 0x03, 0xa3, 0x3b, 0xae,
+	0x47, 0x37, 0x9f, 0x3d, 0x53, 0x14, 0x57, 0xb6, 0x8c, 0x15, 0x13, 0x8d, 0x93, 0xf4, 0xc8, 0xd5,
+	0x62, 0xb5, 0xf1, 0xaf, 0x7b, 0xf5, 0x50, 0xab, 0x6e, 0xda, 0x74, 0xe7, 0x50, 0xbd, 0x98, 0x11,
+	0xb7, 0x6d, 0x45, 0xd3, 0x13, 0x15, 0xbb, 0xd7, 0x13, 0x0d, 0x65, 0xeb, 0x88, 0xa6, 0x5e, 0x85,
+	0xe1, 0x07, 0xb6, 0x8d, 0xd8, 0x5f, 0x2f, 0xc2, 0x23, 0x6d, 0x96, 0x3d, 0xdf, 0xeb, 0x8d, 0x31,
+	0xd0, 0xf6, 0xfa, 0xd4, 0x38, 0x54, 0xe0, 0xc4, 0x46, 0xab, 0xd1, 0xd8, 0x63, 0x4f, 0xa0, 0x48,
+	0x5d, 0x52, 0x08, 0x99, 0x52, 0x2a, 0x47, 0x4e, 0x2c, 0x66, 0xd0, 0xe0, 0xcc, 0x92, 0xf4, 0x8a,
+	0x45, 0x4f, 0x92, 0x3d, 0xc5, 0x2a, 0x71, 0xc5, 0xc2, 0x3a, 0x12, 0x9b, 0xb4, 0xe8, 0x2a, 0x8c,
+	0x3b, 0xbb, 0x8e, 0xcb, 0x03, 0xde, 0x4b, 0x06, 0xfc, 0x8e, 0xa5, 0x74, 0xd1, 0x33, 0x49, 0x02,
+	0x9c, 0x2e, 0x83, 0x5e, 0x07, 0xe4, 0xaf, 0xb3, 0x87, 0x12, 0xf5, 0xab, 0xc4, 0x13, 0x56, 0x77,
+	0x36, 0x76, 0xc5, 0x78, 0x4b, 0xb8, 0x91, 0xa2, 0xc0, 0x19, 0xa5, 0x12, 0x81, 0xc9, 0xfa, 0xf2,
+	0x03, 0x93, 0xb5, 0xdf, 0x17, 0x3b, 0xa6, 0xde, 0xba, 0x02, 0xc3, 0x87, 0x74, 0xff, 0xb5, 0xff,
+	0x8d, 0x05, 0x4a, 0x41, 0x6c, 0x46, 0xfd, 0x7d, 0x95, 0xf9, 0x27, 0x73, 0xd5, 0xb6, 0x16, 0x2d,
+	0xe9, 0xa4, 0xe6, 0x9f, 0x1c, 0x23, 0xb1, 0x49, 0xcb, 0xe7, 0x90, 0xe6, 0x57, 0x6c, 0xdc, 0x0a,
+	0x44, 0x68, 0x42, 0x45, 0x81, 0x3e, 0x0e, 0xfd, 0x75, 0x77, 0xd7, 0x0d, 0x85, 0x72, 0xec, 0xd0,
+	0xc6, 0xb8, 0x78, 0xeb, 0x9c, 0xe7, 0x6c, 0xb0, 0xe4, 0x67, 0xff, 0x50, 0x21, 0xee, 0x93, 0x37,
+	0x5a, 0x7e, 0xe4, 0x1c, 0xc3, 0x49, 0x7e, 0xd5, 0x38, 0xc9, 0x9f, 0x68, 0x17, 0x9f, 0x91, 0x35,
+	0x29, 0xf7, 0x04, 0xbf, 0x91, 0x38, 0xc1, 0x9f, 0xec, 0xcc, 0xaa, 0xfd, 0xc9, 0xfd, 0x0f, 0x2c,
+	0x18, 0x37, 0xe8, 0x8f, 0xe1, 0x00, 0x59, 0x34, 0x0f, 0x90, 0x47, 0x3b, 0x7e, 0x43, 0xce, 0xc1,
+	0xf1, 0xbd, 0xc5, 0x44, 0xdb, 0xd9, 0x81, 0xf1, 0x36, 0xf4, 0x6c, 0x39, 0x41, 0xbd, 0x5d, 0x3e,
+	0x9a, 0x54, 0xa1, 0xe9, 0x6b, 0x4e, 0x20, 0x3c, 0x15, 0x9e, 0x95, 0xbd, 0x4e, 0x41, 0x1d, 0xbd,
+	0x14, 0x58, 0x55, 0xe8, 0x65, 0xe8, 0x0b, 0x6b, 0x7e, 0x53, 0xbd, 0x99, 0xba, 0xc0, 0x3a, 0x9a,
+	0x41, 0x0e, 0xf6, 0xcb, 0xc8, 0xac, 0x8e, 0x82, 0xb1, 0xa0, 0x47, 0x6f, 0xc2, 0x30, 0xfb, 0xa5,
+	0xdc, 0x06, 0x8b, 0xf9, 0x1a, 0x8c, 0xaa, 0x4e, 0xc8, 0x7d, 0x6a, 0x0d, 0x10, 0x36, 0x59, 0x4d,
+	0x6d, 0x42, 0x49, 0x7d, 0xd6, 0x43, 0xb5, 0x76, 0xff, 0xab, 0x22, 0x4c, 0x64, 0xcc, 0x39, 0x14,
+	0x1a, 0x23, 0x71, 0xa5, 0xcb, 0xa9, 0xfa, 0x0e, 0xc7, 0x22, 0x64, 0x17, 0xa8, 0xba, 0x98, 0x5b,
+	0x5d, 0x57, 0x7a, 0x33, 0x24, 0xc9, 0x4a, 0x29, 0xa8, 0x73, 0xa5, 0xb4, 0xb2, 0x63, 0xeb, 0x6a,
+	0x5a, 0x91, 0x6a, 0xe9, 0x43, 0x1d, 0xd3, 0x5f, 0xef, 0x81, 0x13, 0x59, 0x21, 0x63, 0xd1, 0x67,
+	0x13, 0xd9, 0x90, 0x5f, 0xec, 0x36, 0xd8, 0x2c, 0x4f, 0x91, 0x2c, 0xc2, 0x40, 0x4e, 0x9b, 0xf9,
+	0x91, 0x3b, 0x76, 0xb3, 0xa8, 0x93, 0x05, 0xa0, 0x09, 0x78, 0x16, 0x6b, 0xb9, 0x7d, 0x7c, 0xa0,
+	0xeb, 0x06, 0x88, 0xf4, 0xd7, 0x61, 0xc2, 0x25, 0x49, 0x82, 0x3b, 0xbb, 0x24, 0xc9, 0x9a, 0xd1,
+	0x12, 0xf4, 0xd5, 0xb8, 0xaf, 0x4b, 0xb1, 0xf3, 0x16, 0xc6, 0x1d, 0x5d, 0xd4, 0x06, 0x2c, 0x1c,
+	0x5c, 0x04, 0x83, 0x29, 0x17, 0x06, 0xb5, 0x8e, 0x79, 0xa8, 0x93, 0x67, 0x9b, 0x1e, 0x7c, 0x5a,
+	0x17, 0x3c, 0xd4, 0x09, 0xf4, 0xa3, 0x16, 0x24, 0x1e, 0xbc, 0x28, 0xa5, 0x9c, 0x95, 0xab, 0x94,
+	0xbb, 0x00, 0x3d, 0x81, 0xdf, 0x20, 0xc9, 0x0c, 0xc4, 0xd8, 0x6f, 0x10, 0xcc, 0x30, 0x94, 0x22,
+	0x8a, 0x55, 0x2d, 0x43, 0xfa, 0x35, 0x52, 0x5c, 0x10, 0x1f, 0x83, 0xde, 0x06, 0xd9, 0x25, 0x8d,
+	0x64, 0xa2, 0xb8, 0x65, 0x0a, 0xc4, 0x1c, 0x67, 0xff, 0x62, 0x0f, 0x9c, 0x6b, 0x1b, 0x0d, 0x8a,
+	0x5e, 0xc6, 0x36, 0x9d, 0x88, 0xdc, 0x71, 0xf6, 0x92, 0x19, 0x9d, 0xae, 0x72, 0x30, 0x96, 0x78,
+	0xf6, 0xfc, 0x93, 0x27, 0x66, 0x48, 0xa8, 0x30, 0x45, 0x3e, 0x06, 0x81, 0x35, 0x55, 0x62, 0xc5,
+	0xa3, 0x50, 0x89, 0x3d, 0x0f, 0x10, 0x86, 0x0d, 0xee, 0x16, 0x58, 0x17, 0xef, 0x4a, 0xe3, 0x04,
+	0x1e, 0xd5, 0x65, 0x81, 0xc1, 0x1a, 0x15, 0x9a, 0x87, 0xb1, 0x66, 0xe0, 0x47, 0x5c, 0x23, 0x3c,
+	0xcf, 0x3d, 0x67, 0x7b, 0xcd, 0x40, 0x3c, 0x95, 0x04, 0x1e, 0xa7, 0x4a, 0xa0, 0x97, 0x60, 0x50,
+	0x04, 0xe7, 0xa9, 0xf8, 0x7e, 0x43, 0x28, 0xa1, 0x94, 0x33, 0x69, 0x35, 0x46, 0x61, 0x9d, 0x4e,
+	0x2b, 0xc6, 0xd4, 0xcc, 0xfd, 0x99, 0xc5, 0xb8, 0xaa, 0x59, 0xa3, 0x4b, 0x44, 0xa2, 0x1e, 0xe8,
+	0x2a, 0x12, 0x75, 0xac, 0x96, 0x2b, 0x75, 0x6d, 0xf5, 0x84, 0x8e, 0x8a, 0xac, 0xaf, 0xf4, 0xc0,
+	0x84, 0x98, 0x38, 0x0f, 0x7b, 0xba, 0xdc, 0x4c, 0x4f, 0x97, 0xa3, 0x50, 0xdc, 0xbd, 0x37, 0x67,
+	0x8e, 0x7b, 0xce, 0xfc, 0xb0, 0x05, 0xa6, 0xa4, 0x86, 0xfe, 0xb7, 0xdc, 0x94, 0x78, 0x2f, 0xe5,
+	0x4a, 0x7e, 0x71, 0x94, 0xdf, 0x77, 0x96, 0x1c, 0xcf, 0xfe, 0xd7, 0x16, 0x3c, 0xda, 0x91, 0x23,
+	0x5a, 0x80, 0x12, 0x13, 0x27, 0xb5, 0x8b, 0xde, 0x93, 0xca, 0xb3, 0x5e, 0x22, 0x72, 0xa4, 0xdb,
+	0xb8, 0x24, 0x5a, 0x48, 0xe5, 0x1e, 0x7c, 0x2a, 0x23, 0xf7, 0xe0, 0x49, 0xa3, 0x7b, 0x1e, 0x30,
+	0xf9, 0xe0, 0x0f, 0xd2, 0x13, 0xc7, 0x78, 0xd5, 0x86, 0x3e, 0x60, 0x28, 0x1d, 0xed, 0x84, 0xd2,
+	0x11, 0x99, 0xd4, 0xda, 0x19, 0xf2, 0x51, 0x18, 0x63, 0x51, 0xfb, 0xd8, 0x3b, 0x0f, 0xf1, 0xde,
+	0xae, 0x10, 0xfb, 0x72, 0x2f, 0x27, 0x70, 0x38, 0x45, 0x6d, 0xff, 0x69, 0x11, 0xfa, 0xf8, 0xf2,
+	0x3b, 0x86, 0xeb, 0xe5, 0x33, 0x50, 0x72, 0x77, 0x76, 0x5a, 0x3c, 0x9d, 0x5c, 0x6f, 0xec, 0x19,
+	0xbc, 0x24, 0x81, 0x38, 0xc6, 0xa3, 0x45, 0xa1, 0xef, 0x6e, 0x13, 0x18, 0x98, 0x37, 0x7c, 0x7a,
+	0xde, 0x89, 0x1c, 0x2e, 0x2b, 0xa9, 0x73, 0x36, 0xd6, 0x8c, 0xa3, 0x4f, 0x01, 0x84, 0x51, 0xe0,
+	0x7a, 0x9b, 0x14, 0x26, 0x62, 0xab, 0x3f, 0xdd, 0x86, 0x5b, 0x55, 0x11, 0x73, 0x9e, 0xf1, 0x9e,
+	0xa3, 0x10, 0x58, 0xe3, 0x88, 0xa6, 0x8d, 0x93, 0x7e, 0x2a, 0x31, 0x76, 0xc0, 0xb9, 0xc6, 0x63,
+	0x36, 0xf5, 0x41, 0x28, 0x29, 0xe6, 0x9d, 0xb4, 0x5f, 0x43, 0xba, 0x58, 0xf4, 0x11, 0x18, 0x4d,
+	0xb4, 0xed, 0x50, 0xca, 0xb3, 0x5f, 0xb2, 0x60, 0x94, 0x37, 0x66, 0xc1, 0xdb, 0x15, 0xa7, 0xc1,
+	0x3d, 0x38, 0xd1, 0xc8, 0xd8, 0x95, 0xc5, 0xf0, 0x77, 0xbf, 0x8b, 0x2b, 0x65, 0x59, 0x16, 0x16,
+	0x67, 0xd6, 0x81, 0x2e, 0xd1, 0x15, 0x47, 0x77, 0x5d, 0xa7, 0x21, 0xe2, 0x1b, 0x0c, 0xf1, 0xd5,
+	0xc6, 0x61, 0x58, 0x61, 0xed, 0x3f, 0xb0, 0x60, 0x9c, 0xb7, 0xfc, 0x3a, 0xd9, 0x53, 0x7b, 0xd3,
+	0x37, 0xb3, 0xed, 0x22, 0x91, 0x69, 0x21, 0x27, 0x91, 0xa9, 0xfe, 0x69, 0xc5, 0xb6, 0x9f, 0xf6,
+	0x65, 0x0b, 0xc4, 0x0c, 0x39, 0x06, 0x7d, 0xc6, 0x77, 0x98, 0xfa, 0x8c, 0xa9, 0xfc, 0x45, 0x90,
+	0xa3, 0xc8, 0xf8, 0x2b, 0x0b, 0xc6, 0x38, 0x41, 0x6c, 0xab, 0xff, 0xa6, 0x8e, 0xc3, 0xac, 0xf9,
+	0x45, 0x99, 0xce, 0x97, 0xd7, 0xc9, 0xde, 0x9a, 0x5f, 0x71, 0xa2, 0xad, 0xec, 0x8f, 0x32, 0x06,
+	0xab, 0xa7, 0xed, 0x60, 0xd5, 0xe5, 0x02, 0x32, 0xf2, 0x7c, 0x75, 0x08, 0x10, 0x70, 0xd8, 0x3c,
+	0x5f, 0xf6, 0x9f, 0x59, 0x80, 0x78, 0x35, 0x86, 0xe0, 0x46, 0xc5, 0x21, 0x06, 0xd5, 0x0e, 0xba,
+	0x78, 0x6b, 0x52, 0x18, 0xac, 0x51, 0x1d, 0x49, 0xf7, 0x24, 0x1c, 0x2e, 0x8a, 0x9d, 0x1d, 0x2e,
+	0x0e, 0xd1, 0xa3, 0xff, 0xac, 0x0f, 0x92, 0x2f, 0xfb, 0xd0, 0x2d, 0x18, 0xaa, 0x39, 0x4d, 0x67,
+	0xdd, 0x6d, 0xb8, 0x91, 0x4b, 0xc2, 0x76, 0xde, 0x58, 0x73, 0x1a, 0x9d, 0x30, 0x91, 0x6b, 0x10,
+	0x6c, 0xf0, 0x41, 0xd3, 0x00, 0xcd, 0xc0, 0xdd, 0x75, 0x1b, 0x64, 0x93, 0xa9, 0x5d, 0x58, 0x44,
+	0x15, 0xee, 0x1a, 0x26, 0xa1, 0x58, 0xa3, 0xc8, 0x08, 0xa3, 0x50, 0x7c, 0xc8, 0x61, 0x14, 0xe0,
+	0xd8, 0xc2, 0x28, 0xf4, 0x1c, 0x2a, 0x8c, 0xc2, 0xc0, 0xa1, 0xc3, 0x28, 0xf4, 0x76, 0x15, 0x46,
+	0x01, 0xc3, 0x29, 0x29, 0x7b, 0xd2, 0xff, 0x8b, 0x6e, 0x83, 0x88, 0x0b, 0x07, 0x0f, 0x03, 0x33,
+	0x75, 0x7f, 0xbf, 0x7c, 0x0a, 0x67, 0x52, 0xe0, 0x9c, 0x92, 0xe8, 0x63, 0x30, 0xe9, 0x34, 0x1a,
+	0xfe, 0x1d, 0x35, 0xa8, 0x0b, 0x61, 0xcd, 0x69, 0x70, 0x13, 0x48, 0x3f, 0xe3, 0x7a, 0xf6, 0xfe,
+	0x7e, 0x79, 0x72, 0x26, 0x87, 0x06, 0xe7, 0x96, 0x46, 0x1f, 0x86, 0x52, 0x33, 0xf0, 0x6b, 0x2b,
+	0xda, 0xf3, 0xe3, 0xf3, 0xb4, 0x03, 0x2b, 0x12, 0x78, 0xb0, 0x5f, 0x1e, 0x56, 0x7f, 0xd8, 0x81,
+	0x1f, 0x17, 0xc8, 0x88, 0x8b, 0x30, 0x78, 0xa4, 0x71, 0x11, 0xb6, 0x61, 0xa2, 0x4a, 0x02, 0xd7,
+	0x69, 0xb8, 0xf7, 0xa8, 0xbc, 0x2c, 0xf7, 0xa7, 0x35, 0x28, 0x05, 0x89, 0x1d, 0xb9, 0xab, 0x60,
+	0xbd, 0x5a, 0xc2, 0x25, 0xb9, 0x03, 0xc7, 0x8c, 0xec, 0xff, 0x66, 0x41, 0xbf, 0x78, 0xc9, 0x77,
+	0x0c, 0x52, 0xe3, 0x8c, 0x61, 0x94, 0x28, 0x67, 0x77, 0x18, 0x6b, 0x4c, 0xae, 0x39, 0x62, 0x29,
+	0x61, 0x8e, 0x78, 0xb4, 0x1d, 0x93, 0xf6, 0x86, 0x88, 0xff, 0xaf, 0x48, 0xa5, 0x77, 0xe3, 0x4d,
+	0xf9, 0xc3, 0xef, 0x82, 0x55, 0xe8, 0x0f, 0xc5, 0x9b, 0xe6, 0x42, 0xfe, 0x6b, 0x90, 0xe4, 0x20,
+	0xc6, 0x5e, 0x74, 0xe2, 0x15, 0xb3, 0x64, 0x92, 0xf9, 0x58, 0xba, 0xf8, 0x10, 0x1f, 0x4b, 0x77,
+	0x7a, 0x75, 0xdf, 0x73, 0x14, 0xaf, 0xee, 0xed, 0xaf, 0xb1, 0x93, 0x53, 0x87, 0x1f, 0x83, 0x50,
+	0x75, 0xd5, 0x3c, 0x63, 0xed, 0x36, 0x33, 0x4b, 0x34, 0x2a, 0x47, 0xb8, 0xfa, 0x05, 0x0b, 0xce,
+	0x65, 0x7c, 0x95, 0x26, 0x69, 0x3d, 0x0b, 0x03, 0x4e, 0xab, 0xee, 0xaa, 0xb5, 0xac, 0x99, 0x26,
+	0x67, 0x04, 0x1c, 0x2b, 0x0a, 0x34, 0x07, 0xe3, 0xe4, 0x6e, 0xd3, 0xe5, 0x86, 0x5c, 0xdd, 0xf9,
+	0xb8, 0xc8, 0x9f, 0x7f, 0x2e, 0x24, 0x91, 0x38, 0x4d, 0xaf, 0x02, 0x44, 0x15, 0x73, 0x03, 0x44,
+	0xfd, 0xbc, 0x05, 0x83, 0xea, 0x55, 0xef, 0x43, 0xef, 0xed, 0x8f, 0x9a, 0xbd, 0xfd, 0x48, 0x9b,
+	0xde, 0xce, 0xe9, 0xe6, 0xdf, 0x2b, 0xa8, 0xf6, 0x56, 0xfc, 0x20, 0xea, 0x42, 0x82, 0x7b, 0xf0,
+	0x87, 0x13, 0x57, 0x60, 0xd0, 0x69, 0x36, 0x25, 0x42, 0x7a, 0xc0, 0xb1, 0xd0, 0xeb, 0x31, 0x18,
+	0xeb, 0x34, 0xea, 0x1d, 0x47, 0x31, 0xf7, 0x1d, 0x47, 0x1d, 0x20, 0x72, 0x82, 0x4d, 0x12, 0x51,
+	0x98, 0x70, 0xd8, 0xcd, 0xdf, 0x6f, 0x5a, 0x91, 0xdb, 0x98, 0x76, 0xbd, 0x28, 0x8c, 0x82, 0xe9,
+	0x25, 0x2f, 0xba, 0x11, 0xf0, 0x2b, 0xa4, 0x16, 0x62, 0x4d, 0xf1, 0xc2, 0x1a, 0x5f, 0x19, 0xc1,
+	0x82, 0xd5, 0xd1, 0x6b, 0xba, 0x52, 0xac, 0x0a, 0x38, 0x56, 0x14, 0xf6, 0x07, 0xd9, 0xe9, 0xc3,
+	0xfa, 0xf4, 0x70, 0xe1, 0xc5, 0x7e, 0x72, 0x48, 0x8d, 0x06, 0x33, 0x8a, 0xce, 0xeb, 0x41, 0xcc,
+	0xda, 0x6f, 0xf6, 0xb4, 0x62, 0xfd, 0x45, 0x64, 0x1c, 0xe9, 0x0c, 0x7d, 0x22, 0xe5, 0x1e, 0xf3,
+	0x5c, 0x87, 0x53, 0xe3, 0x10, 0x0e, 0x31, 0x2c, 0x0f, 0x13, 0xcb, 0x52, 0xb3, 0x54, 0x11, 0xeb,
+	0x42, 0xcb, 0xc3, 0x24, 0x10, 0x38, 0xa6, 0xa1, 0xc2, 0x94, 0xfa, 0x13, 0x4e, 0xa2, 0x38, 0x16,
+	0xb0, 0xa2, 0x0e, 0xb1, 0x46, 0x81, 0x2e, 0x0b, 0x85, 0x02, 0xb7, 0x0b, 0x3c, 0x92, 0x50, 0x28,
+	0xc8, 0xee, 0xd2, 0xb4, 0x40, 0x57, 0x60, 0x90, 0xdc, 0x8d, 0x48, 0xe0, 0x39, 0x0d, 0x5a, 0x43,
+	0x6f, 0x1c, 0x3f, 0x73, 0x21, 0x06, 0x63, 0x9d, 0x06, 0xad, 0xc1, 0x68, 0xc8, 0xf5, 0x6c, 0x2a,
+	0x48, 0x3c, 0xd7, 0x57, 0x3e, 0xad, 0xde, 0x53, 0x9b, 0xe8, 0x03, 0x06, 0xe2, 0xbb, 0x93, 0x8c,
+	0x32, 0x91, 0x64, 0x81, 0x5e, 0x83, 0x91, 0x86, 0xef, 0xd4, 0x67, 0x9d, 0x86, 0xe3, 0xd5, 0x58,
+	0xff, 0x0c, 0x98, 0x89, 0xa8, 0x97, 0x0d, 0x2c, 0x4e, 0x50, 0x53, 0xe1, 0x4d, 0x87, 0x88, 0x30,
+	0x6d, 0x8e, 0xb7, 0x49, 0x42, 0x91, 0x0f, 0x9e, 0x09, 0x6f, 0xcb, 0x39, 0x34, 0x38, 0xb7, 0x34,
+	0x7a, 0x19, 0x86, 0xe4, 0xe7, 0x6b, 0x41, 0x59, 0xe2, 0x27, 0x31, 0x1a, 0x0e, 0x1b, 0x94, 0x28,
+	0x84, 0x93, 0xf2, 0xff, 0x5a, 0xe0, 0x6c, 0x6c, 0xb8, 0x35, 0x11, 0xa9, 0x80, 0x3f, 0x1f, 0xfe,
+	0x88, 0x7c, 0xab, 0xb8, 0x90, 0x45, 0x74, 0xb0, 0x5f, 0x3e, 0x2b, 0x7a, 0x2d, 0x13, 0x8f, 0xb3,
+	0x79, 0xa3, 0x15, 0x98, 0xd8, 0x22, 0x4e, 0x23, 0xda, 0x9a, 0xdb, 0x22, 0xb5, 0x6d, 0xb9, 0xe0,
+	0x58, 0x98, 0x17, 0xed, 0xe9, 0xc8, 0xb5, 0x34, 0x09, 0xce, 0x2a, 0x87, 0xde, 0x82, 0xc9, 0x66,
+	0x6b, 0xbd, 0xe1, 0x86, 0x5b, 0xab, 0x7e, 0xc4, 0x9c, 0x90, 0x66, 0xea, 0xf5, 0x80, 0x84, 0xfc,
+	0x75, 0x29, 0x3b, 0x7a, 0x65, 0x20, 0x9d, 0x4a, 0x0e, 0x1d, 0xce, 0xe5, 0x80, 0xee, 0xc1, 0xc9,
+	0xc4, 0x44, 0x10, 0x11, 0x31, 0x46, 0xf2, 0x53, 0xc4, 0x54, 0xb3, 0x0a, 0x88, 0xe0, 0x32, 0x59,
+	0x28, 0x9c, 0x5d, 0x05, 0x7a, 0x05, 0xc0, 0x6d, 0x2e, 0x3a, 0x3b, 0x6e, 0x83, 0x5e, 0x15, 0x27,
+	0xd8, 0x1c, 0xa1, 0xd7, 0x06, 0x58, 0xaa, 0x48, 0x28, 0xdd, 0x9b, 0xc5, 0xbf, 0x3d, 0xac, 0x51,
+	0xa3, 0x65, 0x18, 0x11, 0xff, 0xf6, 0xc4, 0x90, 0xf2, 0xc0, 0x2c, 0x8f, 0xb3, 0xa8, 0x5a, 0x15,
+	0x1d, 0x73, 0x90, 0x82, 0xe0, 0x44, 0x59, 0xb4, 0x09, 0xe7, 0x64, 0xa2, 0x3f, 0x7d, 0x7e, 0xca,
+	0x31, 0x08, 0x59, 0x5e, 0x96, 0x01, 0xfe, 0x2a, 0x65, 0xa6, 0x1d, 0x21, 0x6e, 0xcf, 0x87, 0x9e,
+	0xeb, 0xfa, 0x34, 0xe7, 0x6f, 0x8e, 0x4f, 0xc6, 0x11, 0x07, 0x97, 0x93, 0x48, 0x9c, 0xa6, 0x47,
+	0x3e, 0x9c, 0x74, 0xbd, 0xac, 0x59, 0x7d, 0x8a, 0x31, 0xfa, 0x10, 0x7f, 0x6e, 0xdd, 0x7e, 0x46,
+	0x67, 0xe2, 0x71, 0x36, 0xdf, 0x77, 0xe6, 0xf7, 0xf7, 0xfb, 0x16, 0x2d, 0xad, 0x49, 0xe7, 0xe8,
+	0xd3, 0x30, 0xa4, 0x7f, 0x94, 0x90, 0x34, 0x2e, 0x66, 0x0b, 0xaf, 0xda, 0x9e, 0xc0, 0x65, 0x7b,
+	0xb5, 0xee, 0x75, 0x1c, 0x36, 0x38, 0xa2, 0x5a, 0x46, 0x6c, 0x83, 0xcb, 0xdd, 0x49, 0x32, 0xdd,
+	0xbb, 0xbd, 0x11, 0xc8, 0x9e, 0xee, 0x68, 0x19, 0x06, 0x6a, 0x0d, 0x97, 0x78, 0xd1, 0x52, 0xa5,
+	0x5d, 0xf4, 0xc6, 0x39, 0x41, 0x23, 0xd6, 0x8f, 0x48, 0xb1, 0xc2, 0x61, 0x58, 0x71, 0xb0, 0x7f,
+	0xb3, 0x00, 0xe5, 0x0e, 0xf9, 0x7a, 0x12, 0x66, 0x28, 0xab, 0x2b, 0x33, 0xd4, 0x0c, 0x8c, 0xc6,
+	0xff, 0x74, 0x0d, 0x97, 0xf2, 0x64, 0xbd, 0x65, 0xa2, 0x71, 0x92, 0xbe, 0xeb, 0x47, 0x09, 0xba,
+	0x25, 0xab, 0xa7, 0xe3, 0xb3, 0x1a, 0xc3, 0x82, 0xdd, 0xdb, 0xfd, 0xb5, 0x37, 0xd7, 0x1a, 0x69,
+	0x7f, 0xad, 0x00, 0x27, 0x55, 0x17, 0x7e, 0xfb, 0x76, 0xdc, 0xcd, 0x74, 0xc7, 0x1d, 0x81, 0x2d,
+	0xd7, 0xbe, 0x01, 0x7d, 0x3c, 0x1c, 0x65, 0x17, 0xe2, 0xf6, 0x63, 0x66, 0x94, 0x6c, 0x25, 0xe1,
+	0x19, 0x91, 0xb2, 0xbf, 0xdf, 0x82, 0xd1, 0xc4, 0xeb, 0x36, 0x84, 0xb5, 0x27, 0xd0, 0x0f, 0x22,
+	0x12, 0x67, 0x09, 0xdb, 0x17, 0xa0, 0x67, 0xcb, 0x0f, 0xa3, 0xa4, 0xa3, 0xc7, 0x35, 0x3f, 0x8c,
+	0x30, 0xc3, 0xd8, 0x7f, 0x68, 0x41, 0xef, 0x9a, 0xe3, 0x7a, 0x91, 0x34, 0x0a, 0x58, 0x39, 0x46,
+	0x81, 0x6e, 0xbe, 0x0b, 0xbd, 0x04, 0x7d, 0x64, 0x63, 0x83, 0xd4, 0x22, 0x31, 0xaa, 0x32, 0x14,
+	0x42, 0xdf, 0x02, 0x83, 0x52, 0xf9, 0x8f, 0x55, 0xc6, 0xff, 0x62, 0x41, 0x8c, 0x6e, 0x43, 0x29,
+	0x72, 0x77, 0xc8, 0x4c, 0xbd, 0x2e, 0x4c, 0xe5, 0x0f, 0x10, 0xbf, 0x63, 0x4d, 0x32, 0xc0, 0x31,
+	0x2f, 0xfb, 0x8b, 0x05, 0x80, 0x38, 0x8e, 0x57, 0xa7, 0x4f, 0x9c, 0x4d, 0x19, 0x51, 0x2f, 0x66,
+	0x18, 0x51, 0x51, 0xcc, 0x30, 0xc3, 0x82, 0xaa, 0xba, 0xa9, 0xd8, 0x55, 0x37, 0xf5, 0x1c, 0xa6,
+	0x9b, 0xe6, 0x60, 0x3c, 0x8e, 0x43, 0x66, 0x86, 0x61, 0x64, 0x47, 0xe7, 0x5a, 0x12, 0x89, 0xd3,
+	0xf4, 0x36, 0x81, 0x0b, 0x2a, 0x1c, 0x93, 0x38, 0xd1, 0x98, 0x1f, 0xb8, 0x6e, 0x94, 0xee, 0xd0,
+	0x4f, 0xb1, 0x95, 0xb8, 0x90, 0x6b, 0x25, 0xfe, 0x09, 0x0b, 0x4e, 0x24, 0xeb, 0x61, 0x8f, 0xa6,
+	0xbf, 0x60, 0xc1, 0x49, 0x66, 0x2b, 0x67, 0xb5, 0xa6, 0x2d, 0xf3, 0x2f, 0xb6, 0x0d, 0x31, 0x95,
+	0xd3, 0xe2, 0x38, 0xe6, 0xc6, 0x4a, 0x16, 0x6b, 0x9c, 0x5d, 0xa3, 0xfd, 0x5f, 0x7b, 0x60, 0x32,
+	0x2f, 0x36, 0x15, 0x7b, 0x26, 0xe2, 0xdc, 0xad, 0x6e, 0x93, 0x3b, 0xc2, 0x19, 0x3f, 0x7e, 0x26,
+	0xc2, 0xc1, 0x58, 0xe2, 0x93, 0xe9, 0x4f, 0x0a, 0x5d, 0xa6, 0x3f, 0xd9, 0x82, 0xf1, 0x3b, 0x5b,
+	0xc4, 0xbb, 0xe9, 0x85, 0x4e, 0xe4, 0x86, 0x1b, 0x2e, 0xb3, 0x2b, 0xf3, 0x79, 0x23, 0x73, 0x50,
+	0x8f, 0xdf, 0x4e, 0x12, 0x1c, 0xec, 0x97, 0xcf, 0x19, 0x80, 0xb8, 0xc9, 0x7c, 0x23, 0xc1, 0x69,
+	0xa6, 0xe9, 0xec, 0x31, 0x3d, 0x0f, 0x39, 0x7b, 0xcc, 0x8e, 0x2b, 0xbc, 0x51, 0xe4, 0x1b, 0x00,
+	0x76, 0x63, 0x5c, 0x51, 0x50, 0xac, 0x51, 0xa0, 0x4f, 0x02, 0xd2, 0x33, 0x74, 0x19, 0xa1, 0x41,
+	0x9f, 0xbb, 0xbf, 0x5f, 0x46, 0xab, 0x29, 0xec, 0xc1, 0x7e, 0x79, 0x82, 0x42, 0x97, 0x3c, 0x7a,
+	0xf3, 0x8c, 0xe3, 0xa9, 0x65, 0x30, 0x42, 0xb7, 0x61, 0x8c, 0x42, 0xd9, 0x8a, 0x92, 0x71, 0x47,
+	0xf9, 0x6d, 0xf1, 0x99, 0xfb, 0xfb, 0xe5, 0xb1, 0xd5, 0x04, 0x2e, 0x8f, 0x75, 0x8a, 0x09, 0x7a,
+	0x05, 0x46, 0xe2, 0x79, 0x75, 0x9d, 0xec, 0xf1, 0x00, 0x3d, 0x25, 0xae, 0xf0, 0x5e, 0x31, 0x30,
+	0x38, 0x41, 0x69, 0x7f, 0xc1, 0x82, 0x33, 0xb9, 0x19, 0xf1, 0xd1, 0x25, 0x18, 0x70, 0x9a, 0x2e,
+	0x37, 0x5f, 0x88, 0xa3, 0x86, 0xa9, 0xc9, 0x2a, 0x4b, 0xdc, 0x78, 0xa1, 0xb0, 0x74, 0x87, 0xdf,
+	0x76, 0xbd, 0x7a, 0x72, 0x87, 0xbf, 0xee, 0x7a, 0x75, 0xcc, 0x30, 0xea, 0xc8, 0x2a, 0xe6, 0x3e,
+	0x45, 0xf8, 0x0a, 0x5d, 0xab, 0x19, 0xb9, 0xf3, 0x8f, 0xb7, 0x19, 0xe8, 0x19, 0xdd, 0xd4, 0x28,
+	0xbc, 0x0a, 0x73, 0xcd, 0x8c, 0xdf, 0x67, 0x81, 0x78, 0xba, 0xdc, 0xc5, 0x99, 0xfc, 0x26, 0x0c,
+	0xed, 0xa6, 0xb3, 0x17, 0x5e, 0xc8, 0x7f, 0xcb, 0x2d, 0x22, 0xae, 0x2b, 0x41, 0xdb, 0xc8, 0x54,
+	0x68, 0xf0, 0xb2, 0xeb, 0x20, 0xb0, 0xf3, 0x84, 0x19, 0x14, 0x3a, 0xb7, 0xe6, 0x79, 0x80, 0x3a,
+	0xa3, 0x65, 0x29, 0x8d, 0x0b, 0xa6, 0xc4, 0x35, 0xaf, 0x30, 0x58, 0xa3, 0xb2, 0xff, 0x79, 0x01,
+	0x06, 0x65, 0xb6, 0xbc, 0x96, 0xd7, 0x8d, 0xda, 0xef, 0x50, 0xe9, 0xb3, 0xd1, 0x65, 0x28, 0x31,
+	0xbd, 0x74, 0x25, 0xd6, 0x96, 0x2a, 0xad, 0xd0, 0x8a, 0x44, 0xe0, 0x98, 0x86, 0xee, 0x8e, 0x61,
+	0x6b, 0x9d, 0x91, 0x27, 0x1e, 0xda, 0x56, 0x39, 0x18, 0x4b, 0x3c, 0xfa, 0x18, 0x8c, 0xf1, 0x72,
+	0x81, 0xdf, 0x74, 0x36, 0xb9, 0x2d, 0xab, 0x57, 0x45, 0x2f, 0x19, 0x5b, 0x49, 0xe0, 0x0e, 0xf6,
+	0xcb, 0x27, 0x92, 0x30, 0x66, 0xa4, 0x4d, 0x71, 0x61, 0x2e, 0x6b, 0xbc, 0x12, 0xba, 0xab, 0xa7,
+	0x3c, 0xdd, 0x62, 0x14, 0xd6, 0xe9, 0xec, 0x4f, 0x03, 0x4a, 0xe7, 0x0d, 0x44, 0xaf, 0x73, 0x97,
+	0x67, 0x37, 0x20, 0xf5, 0x76, 0x46, 0x5b, 0x3d, 0x46, 0x87, 0x7c, 0x23, 0xc7, 0x4b, 0x61, 0x55,
+	0xde, 0xfe, 0x3f, 0x8b, 0x30, 0x96, 0x8c, 0x0a, 0x80, 0xae, 0x41, 0x1f, 0x17, 0x29, 0x05, 0xfb,
+	0x36, 0x3e, 0x41, 0x5a, 0x2c, 0x01, 0x76, 0xb8, 0x0a, 0xa9, 0x54, 0x94, 0x47, 0x6f, 0xc1, 0x60,
+	0xdd, 0xbf, 0xe3, 0xdd, 0x71, 0x82, 0xfa, 0x4c, 0x65, 0x49, 0x4c, 0xe7, 0x4c, 0x45, 0xc5, 0x7c,
+	0x4c, 0xa6, 0xc7, 0x27, 0x60, 0xf6, 0xef, 0x18, 0x85, 0x75, 0x76, 0x68, 0x8d, 0x25, 0xfa, 0xd8,
+	0x70, 0x37, 0x57, 0x9c, 0x66, 0xbb, 0xf7, 0x2f, 0x73, 0x92, 0x48, 0xe3, 0x3c, 0x2c, 0xb2, 0x81,
+	0x70, 0x04, 0x8e, 0x19, 0xa1, 0xcf, 0xc2, 0x44, 0x98, 0x63, 0x3a, 0xc9, 0x4b, 0x23, 0xdb, 0xce,
+	0x9a, 0x30, 0x7b, 0xfa, 0xfe, 0x7e, 0x79, 0x22, 0xcb, 0xc8, 0x92, 0x55, 0x8d, 0xfd, 0xa5, 0x13,
+	0x60, 0x2c, 0x62, 0x23, 0xab, 0xb8, 0x75, 0x44, 0x59, 0xc5, 0x31, 0x0c, 0x90, 0x9d, 0x66, 0xb4,
+	0x37, 0xef, 0x06, 0x62, 0x4c, 0x32, 0x79, 0x2e, 0x08, 0x9a, 0x34, 0x4f, 0x89, 0xc1, 0x8a, 0x4f,
+	0x76, 0xea, 0xf7, 0xe2, 0x37, 0x31, 0xf5, 0x7b, 0xcf, 0x31, 0xa6, 0x7e, 0x5f, 0x85, 0xfe, 0x4d,
+	0x37, 0xc2, 0xa4, 0xe9, 0x8b, 0xcb, 0x5c, 0xe6, 0x3c, 0xbc, 0xca, 0x49, 0xd2, 0x49, 0x86, 0x05,
+	0x02, 0x4b, 0x26, 0xe8, 0x75, 0xb5, 0x02, 0xfb, 0xf2, 0x15, 0x2e, 0x69, 0xe7, 0x95, 0xcc, 0x35,
+	0x28, 0x12, 0xbc, 0xf7, 0x3f, 0x68, 0x82, 0xf7, 0x45, 0x99, 0x96, 0x7d, 0x20, 0xff, 0xb1, 0x1a,
+	0xcb, 0xba, 0xde, 0x21, 0x19, 0xfb, 0x2d, 0x3d, 0x95, 0x7d, 0x29, 0x7f, 0x27, 0x50, 0x59, 0xea,
+	0xbb, 0x4c, 0x60, 0xff, 0x7d, 0x16, 0x9c, 0x4c, 0xa6, 0x9a, 0x65, 0x6f, 0x2a, 0x84, 0x9f, 0xc7,
+	0x4b, 0xdd, 0xe4, 0xfe, 0x65, 0x05, 0x8c, 0x0a, 0x99, 0x8e, 0x34, 0x93, 0x0c, 0x67, 0x57, 0x47,
+	0x3b, 0x3a, 0x58, 0xaf, 0x0b, 0x7f, 0x83, 0xc7, 0x72, 0x32, 0xe1, 0xb7, 0xc9, 0x7f, 0xbf, 0x96,
+	0x91, 0x75, 0xfd, 0xf1, 0xbc, 0xac, 0xeb, 0x5d, 0xe7, 0x5a, 0x7f, 0x5d, 0xe5, 0xc0, 0x1f, 0xce,
+	0x9f, 0x4a, 0x3c, 0xc3, 0x7d, 0xc7, 0xcc, 0xf7, 0xaf, 0xab, 0xcc, 0xf7, 0x6d, 0x22, 0x8b, 0xf3,
+	0xbc, 0xf6, 0x1d, 0xf3, 0xdd, 0x6b, 0x39, 0xeb, 0x47, 0x8f, 0x26, 0x67, 0xbd, 0x71, 0xd4, 0xf0,
+	0xb4, 0xe9, 0xcf, 0x74, 0x38, 0x6a, 0x0c, 0xbe, 0xed, 0x0f, 0x1b, 0x9e, 0x9f, 0x7f, 0xfc, 0x81,
+	0xf2, 0xf3, 0xdf, 0xd2, 0xf3, 0xdd, 0xa3, 0x0e, 0x09, 0xdd, 0x29, 0x51, 0x97, 0x59, 0xee, 0x6f,
+	0xe9, 0x07, 0xe0, 0x44, 0x3e, 0x5f, 0x75, 0xce, 0xa5, 0xf9, 0x66, 0x1e, 0x81, 0xa9, 0xec, 0xf9,
+	0x27, 0x8e, 0x27, 0x7b, 0xfe, 0xc9, 0x23, 0xcf, 0x9e, 0x7f, 0xea, 0x18, 0xb2, 0xe7, 0x9f, 0x3e,
+	0xc6, 0xec, 0xf9, 0xb7, 0x98, 0x73, 0x14, 0x0f, 0x00, 0x25, 0x22, 0xa1, 0x3f, 0x95, 0x13, 0x3f,
+	0x2d, 0x1d, 0x25, 0x8a, 0x7f, 0x9c, 0x42, 0xe1, 0x98, 0x55, 0x46, 0x56, 0xfe, 0xc9, 0x87, 0x90,
+	0x95, 0x7f, 0x35, 0xce, 0xca, 0x7f, 0x26, 0x7f, 0xa8, 0x33, 0x9e, 0xd3, 0xe4, 0xe4, 0xe2, 0xbf,
+	0xa5, 0xe7, 0xd0, 0x7f, 0xa4, 0x8d, 0x15, 0x2c, 0x4b, 0xa1, 0xdc, 0x26, 0x73, 0xfe, 0x6b, 0x3c,
+	0x73, 0xfe, 0xd9, 0xfc, 0x9d, 0x3c, 0x79, 0xdc, 0x19, 0xf9, 0xf2, 0x69, 0xbb, 0x54, 0xf0, 0x57,
+	0x16, 0xf3, 0x3d, 0xa7, 0x5d, 0x2a, 0x7a, 0x6c, 0xba, 0x5d, 0x0a, 0x85, 0x63, 0x56, 0xf6, 0x0f,
+	0x14, 0xe0, 0x7c, 0xfb, 0xf5, 0x16, 0x6b, 0xc9, 0x2b, 0xb1, 0x43, 0x40, 0x42, 0x4b, 0xce, 0xef,
+	0x6c, 0x31, 0x55, 0xd7, 0xf1, 0x20, 0xaf, 0xc2, 0xb8, 0x7a, 0x87, 0xd3, 0x70, 0x6b, 0x7b, 0xab,
+	0xf1, 0x35, 0x59, 0x45, 0x4e, 0xa8, 0x26, 0x09, 0x70, 0xba, 0x0c, 0x9a, 0x81, 0x51, 0x03, 0xb8,
+	0x34, 0x2f, 0xee, 0x66, 0x71, 0x94, 0x71, 0x13, 0x8d, 0x93, 0xf4, 0xf6, 0xcf, 0x59, 0x70, 0x3a,
+	0x27, 0xe5, 0x6b, 0xd7, 0xe1, 0x0e, 0x37, 0x60, 0xb4, 0x69, 0x16, 0xed, 0x10, 0xa1, 0xd5, 0x48,
+	0x2c, 0xab, 0xda, 0x9a, 0x40, 0xe0, 0x24, 0x53, 0xfb, 0x67, 0x0a, 0x70, 0xae, 0xad, 0x63, 0x29,
+	0xc2, 0x70, 0x6a, 0x73, 0x27, 0x74, 0xe6, 0x02, 0x52, 0x27, 0x5e, 0xe4, 0x3a, 0x8d, 0x6a, 0x93,
+	0xd4, 0x34, 0x3b, 0x07, 0xf3, 0xd0, 0xbc, 0xba, 0x52, 0x9d, 0x49, 0x53, 0xe0, 0x9c, 0x92, 0x68,
+	0x11, 0x50, 0x1a, 0x23, 0x46, 0x98, 0x65, 0x0f, 0x48, 0xf3, 0xc3, 0x19, 0x25, 0xd0, 0x07, 0x61,
+	0x58, 0x39, 0xac, 0x6a, 0x23, 0xce, 0x36, 0x76, 0xac, 0x23, 0xb0, 0x49, 0x87, 0xae, 0xf0, 0xf4,
+	0x13, 0x22, 0x51, 0x89, 0x30, 0x8a, 0x8c, 0xca, 0xdc, 0x12, 0x02, 0x8c, 0x75, 0x9a, 0xd9, 0x97,
+	0x7f, 0xeb, 0x1b, 0xe7, 0xdf, 0xf7, 0xbb, 0xdf, 0x38, 0xff, 0xbe, 0x3f, 0xf8, 0xc6, 0xf9, 0xf7,
+	0x7d, 0xd7, 0xfd, 0xf3, 0xd6, 0x6f, 0xdd, 0x3f, 0x6f, 0xfd, 0xee, 0xfd, 0xf3, 0xd6, 0x1f, 0xdc,
+	0x3f, 0x6f, 0xfd, 0xf1, 0xfd, 0xf3, 0xd6, 0x17, 0xff, 0xe4, 0xfc, 0xfb, 0xde, 0x44, 0x71, 0x00,
+	0xd1, 0xcb, 0x74, 0x74, 0x2e, 0xef, 0x5e, 0xf9, 0x5f, 0x01, 0x00, 0x00, 0xff, 0xff, 0xbd, 0x0b,
+	0x0a, 0x3d, 0x91, 0x13, 0x01, 0x00,
 }
 
 func (m *AWSElasticBlockStoreVolumeSource) Marshal() (dAtA []byte, err error) {
@@ -8752,6 +8820,15 @@ func (m *Container) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	_ = i
 	var l int
 	_ = l
+	if m.RestartPolicy != nil {
+		i -= len(*m.RestartPolicy)
+		copy(dAtA[i:], *m.RestartPolicy)
+		i = encodeVarintGenerated(dAtA, i, uint64(len(*m.RestartPolicy)))
+		i--
+		dAtA[i] = 0x1
+		i--
+		dAtA[i] = 0xc2
+	}
 	if len(m.ResizePolicy) > 0 {
 		for iNdEx := len(m.ResizePolicy) - 1; iNdEx >= 0; iNdEx-- {
 			{
@@ -10105,6 +10182,15 @@ func (m *EphemeralContainerCommon) MarshalToSizedBuffer(dAtA []byte) (int, error
 	_ = i
 	var l int
 	_ = l
+	if m.RestartPolicy != nil {
+		i -= len(*m.RestartPolicy)
+		copy(dAtA[i:], *m.RestartPolicy)
+		i = encodeVarintGenerated(dAtA, i, uint64(len(*m.RestartPolicy)))
+		i--
+		dAtA[i] = 0x1
+		i--
+		dAtA[i] = 0xc2
+	}
 	if len(m.ResizePolicy) > 0 {
 		for iNdEx := len(m.ResizePolicy) - 1; iNdEx >= 0; iNdEx-- {
 			{
@@ -11255,6 +11341,34 @@ func (m *HostAlias) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	return len(dAtA) - i, nil
 }
 
+func (m *HostIP) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *HostIP) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *HostIP) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	i -= len(m.IP)
+	copy(dAtA[i:], m.IP)
+	i = encodeVarintGenerated(dAtA, i, uint64(len(m.IP)))
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
+}
+
 func (m *HostPathVolumeSource) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
@@ -13740,12 +13854,29 @@ func (m *PersistentVolumeClaimStatus) MarshalToSizedBuffer(dAtA []byte) (int, er
 	_ = i
 	var l int
 	_ = l
-	if m.ResizeStatus != nil {
-		i -= len(*m.ResizeStatus)
-		copy(dAtA[i:], *m.ResizeStatus)
-		i = encodeVarintGenerated(dAtA, i, uint64(len(*m.ResizeStatus)))
-		i--
-		dAtA[i] = 0x32
+	if len(m.AllocatedResourceStatuses) > 0 {
+		keysForAllocatedResourceStatuses := make([]string, 0, len(m.AllocatedResourceStatuses))
+		for k := range m.AllocatedResourceStatuses {
+			keysForAllocatedResourceStatuses = append(keysForAllocatedResourceStatuses, string(k))
+		}
+		github_com_gogo_protobuf_sortkeys.Strings(keysForAllocatedResourceStatuses)
+		for iNdEx := len(keysForAllocatedResourceStatuses) - 1; iNdEx >= 0; iNdEx-- {
+			v := m.AllocatedResourceStatuses[ResourceName(keysForAllocatedResourceStatuses[iNdEx])]
+			baseI := i
+			i -= len(v)
+			copy(dAtA[i:], v)
+			i = encodeVarintGenerated(dAtA, i, uint64(len(v)))
+			i--
+			dAtA[i] = 0x12
+			i -= len(keysForAllocatedResourceStatuses[iNdEx])
+			copy(dAtA[i:], keysForAllocatedResourceStatuses[iNdEx])
+			i = encodeVarintGenerated(dAtA, i, uint64(len(keysForAllocatedResourceStatuses[iNdEx])))
+			i--
+			dAtA[i] = 0xa
+			i = encodeVarintGenerated(dAtA, i, uint64(baseI-i))
+			i--
+			dAtA[i] = 0x3a
+		}
 	}
 	if len(m.AllocatedResources) > 0 {
 		keysForAllocatedResources := make([]string, 0, len(m.AllocatedResources))
@@ -14404,6 +14535,18 @@ func (m *PersistentVolumeStatus) MarshalToSizedBuffer(dAtA []byte) (int, error)
 	_ = i
 	var l int
 	_ = l
+	if m.LastPhaseTransitionTime != nil {
+		{
+			size, err := m.LastPhaseTransitionTime.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintGenerated(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x22
+	}
 	i -= len(m.Reason)
 	copy(dAtA[i:], m.Reason)
 	i = encodeVarintGenerated(dAtA, i, uint64(len(m.Reason)))
@@ -15267,6 +15410,41 @@ func (m *PodResourceClaim) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	return len(dAtA) - i, nil
 }
 
+func (m *PodResourceClaimStatus) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *PodResourceClaimStatus) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *PodResourceClaimStatus) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.ResourceClaimName != nil {
+		i -= len(*m.ResourceClaimName)
+		copy(dAtA[i:], *m.ResourceClaimName)
+		i = encodeVarintGenerated(dAtA, i, uint64(len(*m.ResourceClaimName)))
+		i--
+		dAtA[i] = 0x12
+	}
+	i -= len(m.Name)
+	copy(dAtA[i:], m.Name)
+	i = encodeVarintGenerated(dAtA, i, uint64(len(m.Name)))
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
+}
+
 func (m *PodSchedulingGate) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
@@ -15936,6 +16114,36 @@ func (m *PodStatus) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	_ = i
 	var l int
 	_ = l
+	if len(m.HostIPs) > 0 {
+		for iNdEx := len(m.HostIPs) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.HostIPs[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintGenerated(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x1
+			i--
+			dAtA[i] = 0x82
+		}
+	}
+	if len(m.ResourceClaimStatuses) > 0 {
+		for iNdEx := len(m.ResourceClaimStatuses) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.ResourceClaimStatuses[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintGenerated(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x7a
+		}
+	}
 	i -= len(m.Resize)
 	copy(dAtA[i:], m.Resize)
 	i = encodeVarintGenerated(dAtA, i, uint64(len(m.Resize)))
@@ -20970,6 +21178,10 @@ func (m *Container) Size() (n int) {
 			n += 2 + l + sovGenerated(uint64(l))
 		}
 	}
+	if m.RestartPolicy != nil {
+		l = len(*m.RestartPolicy)
+		n += 2 + l + sovGenerated(uint64(l))
+	}
 	return n
 }
 
@@ -21469,6 +21681,10 @@ func (m *EphemeralContainerCommon) Size() (n int) {
 			n += 2 + l + sovGenerated(uint64(l))
 		}
 	}
+	if m.RestartPolicy != nil {
+		l = len(*m.RestartPolicy)
+		n += 2 + l + sovGenerated(uint64(l))
+	}
 	return n
 }
 
@@ -21805,6 +22021,17 @@ func (m *HostAlias) Size() (n int) {
 	return n
 }
 
+func (m *HostIP) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.IP)
+	n += 1 + l + sovGenerated(uint64(l))
+	return n
+}
+
 func (m *HostPathVolumeSource) Size() (n int) {
 	if m == nil {
 		return 0
@@ -22744,9 +22971,13 @@ func (m *PersistentVolumeClaimStatus) Size() (n int) {
 			n += mapEntrySize + 1 + sovGenerated(uint64(mapEntrySize))
 		}
 	}
-	if m.ResizeStatus != nil {
-		l = len(*m.ResizeStatus)
-		n += 1 + l + sovGenerated(uint64(l))
+	if len(m.AllocatedResourceStatuses) > 0 {
+		for k, v := range m.AllocatedResourceStatuses {
+			_ = k
+			_ = v
+			mapEntrySize := 1 + len(k) + sovGenerated(uint64(len(k))) + 1 + len(v) + sovGenerated(uint64(len(v)))
+			n += mapEntrySize + 1 + sovGenerated(uint64(mapEntrySize))
+		}
 	}
 	return n
 }
@@ -22950,6 +23181,10 @@ func (m *PersistentVolumeStatus) Size() (n int) {
 	n += 1 + l + sovGenerated(uint64(l))
 	l = len(m.Reason)
 	n += 1 + l + sovGenerated(uint64(l))
+	if m.LastPhaseTransitionTime != nil {
+		l = m.LastPhaseTransitionTime.Size()
+		n += 1 + l + sovGenerated(uint64(l))
+	}
 	return n
 }
 
@@ -23263,6 +23498,21 @@ func (m *PodResourceClaim) Size() (n int) {
 	return n
 }
 
+func (m *PodResourceClaimStatus) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Name)
+	n += 1 + l + sovGenerated(uint64(l))
+	if m.ResourceClaimName != nil {
+		l = len(*m.ResourceClaimName)
+		n += 1 + l + sovGenerated(uint64(l))
+	}
+	return n
+}
+
 func (m *PodSchedulingGate) Size() (n int) {
 	if m == nil {
 		return 0
@@ -23552,6 +23802,18 @@ func (m *PodStatus) Size() (n int) {
 	}
 	l = len(m.Resize)
 	n += 1 + l + sovGenerated(uint64(l))
+	if len(m.ResourceClaimStatuses) > 0 {
+		for _, e := range m.ResourceClaimStatuses {
+			l = e.Size()
+			n += 1 + l + sovGenerated(uint64(l))
+		}
+	}
+	if len(m.HostIPs) > 0 {
+		for _, e := range m.HostIPs {
+			l = e.Size()
+			n += 2 + l + sovGenerated(uint64(l))
+		}
+	}
 	return n
 }
 
@@ -25585,6 +25847,7 @@ func (this *Container) String() string {
 		`VolumeDevices:` + repeatedStringForVolumeDevices + `,`,
 		`StartupProbe:` + strings.Replace(this.StartupProbe.String(), "Probe", "Probe", 1) + `,`,
 		`ResizePolicy:` + repeatedStringForResizePolicy + `,`,
+		`RestartPolicy:` + valueToStringGenerated(this.RestartPolicy) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -25960,6 +26223,7 @@ func (this *EphemeralContainerCommon) String() string {
 		`VolumeDevices:` + repeatedStringForVolumeDevices + `,`,
 		`StartupProbe:` + strings.Replace(this.StartupProbe.String(), "Probe", "Probe", 1) + `,`,
 		`ResizePolicy:` + repeatedStringForResizePolicy + `,`,
+		`RestartPolicy:` + valueToStringGenerated(this.RestartPolicy) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -26221,6 +26485,16 @@ func (this *HostAlias) String() string {
 	}, "")
 	return s
 }
+func (this *HostIP) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&HostIP{`,
+		`IP:` + fmt.Sprintf("%v", this.IP) + `,`,
+		`}`,
+	}, "")
+	return s
+}
 func (this *HostPathVolumeSource) String() string {
 	if this == nil {
 		return "nil"
@@ -26972,13 +27246,23 @@ func (this *PersistentVolumeClaimStatus) String() string {
 		mapStringForAllocatedResources += fmt.Sprintf("%v: %v,", k, this.AllocatedResources[ResourceName(k)])
 	}
 	mapStringForAllocatedResources += "}"
+	keysForAllocatedResourceStatuses := make([]string, 0, len(this.AllocatedResourceStatuses))
+	for k := range this.AllocatedResourceStatuses {
+		keysForAllocatedResourceStatuses = append(keysForAllocatedResourceStatuses, string(k))
+	}
+	github_com_gogo_protobuf_sortkeys.Strings(keysForAllocatedResourceStatuses)
+	mapStringForAllocatedResourceStatuses := "map[ResourceName]ClaimResourceStatus{"
+	for _, k := range keysForAllocatedResourceStatuses {
+		mapStringForAllocatedResourceStatuses += fmt.Sprintf("%v: %v,", k, this.AllocatedResourceStatuses[ResourceName(k)])
+	}
+	mapStringForAllocatedResourceStatuses += "}"
 	s := strings.Join([]string{`&PersistentVolumeClaimStatus{`,
 		`Phase:` + fmt.Sprintf("%v", this.Phase) + `,`,
 		`AccessModes:` + fmt.Sprintf("%v", this.AccessModes) + `,`,
 		`Capacity:` + mapStringForCapacity + `,`,
 		`Conditions:` + repeatedStringForConditions + `,`,
 		`AllocatedResources:` + mapStringForAllocatedResources + `,`,
-		`ResizeStatus:` + valueToStringGenerated(this.ResizeStatus) + `,`,
+		`AllocatedResourceStatuses:` + mapStringForAllocatedResourceStatuses + `,`,
 		`}`,
 	}, "")
 	return s
@@ -27088,6 +27372,7 @@ func (this *PersistentVolumeStatus) String() string {
 		`Phase:` + fmt.Sprintf("%v", this.Phase) + `,`,
 		`Message:` + fmt.Sprintf("%v", this.Message) + `,`,
 		`Reason:` + fmt.Sprintf("%v", this.Reason) + `,`,
+		`LastPhaseTransitionTime:` + strings.Replace(fmt.Sprintf("%v", this.LastPhaseTransitionTime), "Time", "v1.Time", 1) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -27337,6 +27622,17 @@ func (this *PodResourceClaim) String() string {
 	}, "")
 	return s
 }
+func (this *PodResourceClaimStatus) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&PodResourceClaimStatus{`,
+		`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
+		`ResourceClaimName:` + valueToStringGenerated(this.ResourceClaimName) + `,`,
+		`}`,
+	}, "")
+	return s
+}
 func (this *PodSchedulingGate) String() string {
 	if this == nil {
 		return "nil"
@@ -27533,6 +27829,16 @@ func (this *PodStatus) String() string {
 		repeatedStringForEphemeralContainerStatuses += strings.Replace(strings.Replace(f.String(), "ContainerStatus", "ContainerStatus", 1), `&`, ``, 1) + ","
 	}
 	repeatedStringForEphemeralContainerStatuses += "}"
+	repeatedStringForResourceClaimStatuses := "[]PodResourceClaimStatus{"
+	for _, f := range this.ResourceClaimStatuses {
+		repeatedStringForResourceClaimStatuses += strings.Replace(strings.Replace(f.String(), "PodResourceClaimStatus", "PodResourceClaimStatus", 1), `&`, ``, 1) + ","
+	}
+	repeatedStringForResourceClaimStatuses += "}"
+	repeatedStringForHostIPs := "[]HostIP{"
+	for _, f := range this.HostIPs {
+		repeatedStringForHostIPs += strings.Replace(strings.Replace(f.String(), "HostIP", "HostIP", 1), `&`, ``, 1) + ","
+	}
+	repeatedStringForHostIPs += "}"
 	s := strings.Join([]string{`&PodStatus{`,
 		`Phase:` + fmt.Sprintf("%v", this.Phase) + `,`,
 		`Conditions:` + repeatedStringForConditions + `,`,
@@ -27548,6 +27854,8 @@ func (this *PodStatus) String() string {
 		`PodIPs:` + repeatedStringForPodIPs + `,`,
 		`EphemeralContainerStatuses:` + repeatedStringForEphemeralContainerStatuses + `,`,
 		`Resize:` + fmt.Sprintf("%v", this.Resize) + `,`,
+		`ResourceClaimStatuses:` + repeatedStringForResourceClaimStatuses + `,`,
+		`HostIPs:` + repeatedStringForHostIPs + `,`,
 		`}`,
 	}, "")
 	return s
@@ -34125,6 +34433,39 @@ func (m *Container) Unmarshal(dAtA []byte) error {
 				return err
 			}
 			iNdEx = postIndex
+		case 24:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field RestartPolicy", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			s := ContainerRestartPolicy(dAtA[iNdEx:postIndex])
+			m.RestartPolicy = &s
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipGenerated(dAtA[iNdEx:])
@@ -38278,6 +38619,39 @@ func (m *EphemeralContainerCommon) Unmarshal(dAtA []byte) error {
 				return err
 			}
 			iNdEx = postIndex
+		case 24:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field RestartPolicy", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			s := ContainerRestartPolicy(dAtA[iNdEx:postIndex])
+			m.RestartPolicy = &s
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipGenerated(dAtA[iNdEx:])
@@ -41368,6 +41742,88 @@ func (m *HostAlias) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
+func (m *HostIP) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGenerated
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: HostIP: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: HostIP: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field IP", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.IP = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGenerated(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
 func (m *HostPathVolumeSource) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
@@ -49625,11 +50081,140 @@ func (m *PersistentVolumeClaimStatus) Unmarshal(dAtA []byte) error {
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if m.AllocatedResources == nil {
-				m.AllocatedResources = make(ResourceList)
+			if m.AllocatedResources == nil {
+				m.AllocatedResources = make(ResourceList)
+			}
+			var mapkey ResourceName
+			mapvalue := &resource.Quantity{}
+			for iNdEx < postIndex {
+				entryPreIndex := iNdEx
+				var wire uint64
+				for shift := uint(0); ; shift += 7 {
+					if shift >= 64 {
+						return ErrIntOverflowGenerated
+					}
+					if iNdEx >= l {
+						return io.ErrUnexpectedEOF
+					}
+					b := dAtA[iNdEx]
+					iNdEx++
+					wire |= uint64(b&0x7F) << shift
+					if b < 0x80 {
+						break
+					}
+				}
+				fieldNum := int32(wire >> 3)
+				if fieldNum == 1 {
+					var stringLenmapkey uint64
+					for shift := uint(0); ; shift += 7 {
+						if shift >= 64 {
+							return ErrIntOverflowGenerated
+						}
+						if iNdEx >= l {
+							return io.ErrUnexpectedEOF
+						}
+						b := dAtA[iNdEx]
+						iNdEx++
+						stringLenmapkey |= uint64(b&0x7F) << shift
+						if b < 0x80 {
+							break
+						}
+					}
+					intStringLenmapkey := int(stringLenmapkey)
+					if intStringLenmapkey < 0 {
+						return ErrInvalidLengthGenerated
+					}
+					postStringIndexmapkey := iNdEx + intStringLenmapkey
+					if postStringIndexmapkey < 0 {
+						return ErrInvalidLengthGenerated
+					}
+					if postStringIndexmapkey > l {
+						return io.ErrUnexpectedEOF
+					}
+					mapkey = ResourceName(dAtA[iNdEx:postStringIndexmapkey])
+					iNdEx = postStringIndexmapkey
+				} else if fieldNum == 2 {
+					var mapmsglen int
+					for shift := uint(0); ; shift += 7 {
+						if shift >= 64 {
+							return ErrIntOverflowGenerated
+						}
+						if iNdEx >= l {
+							return io.ErrUnexpectedEOF
+						}
+						b := dAtA[iNdEx]
+						iNdEx++
+						mapmsglen |= int(b&0x7F) << shift
+						if b < 0x80 {
+							break
+						}
+					}
+					if mapmsglen < 0 {
+						return ErrInvalidLengthGenerated
+					}
+					postmsgIndex := iNdEx + mapmsglen
+					if postmsgIndex < 0 {
+						return ErrInvalidLengthGenerated
+					}
+					if postmsgIndex > l {
+						return io.ErrUnexpectedEOF
+					}
+					mapvalue = &resource.Quantity{}
+					if err := mapvalue.Unmarshal(dAtA[iNdEx:postmsgIndex]); err != nil {
+						return err
+					}
+					iNdEx = postmsgIndex
+				} else {
+					iNdEx = entryPreIndex
+					skippy, err := skipGenerated(dAtA[iNdEx:])
+					if err != nil {
+						return err
+					}
+					if (skippy < 0) || (iNdEx+skippy) < 0 {
+						return ErrInvalidLengthGenerated
+					}
+					if (iNdEx + skippy) > postIndex {
+						return io.ErrUnexpectedEOF
+					}
+					iNdEx += skippy
+				}
+			}
+			m.AllocatedResources[ResourceName(mapkey)] = *mapvalue
+			iNdEx = postIndex
+		case 7:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field AllocatedResourceStatuses", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.AllocatedResourceStatuses == nil {
+				m.AllocatedResourceStatuses = make(map[ResourceName]ClaimResourceStatus)
 			}
 			var mapkey ResourceName
-			mapvalue := &resource.Quantity{}
+			var mapvalue ClaimResourceStatus
 			for iNdEx < postIndex {
 				entryPreIndex := iNdEx
 				var wire uint64
@@ -49678,7 +50263,7 @@ func (m *PersistentVolumeClaimStatus) Unmarshal(dAtA []byte) error {
 					mapkey = ResourceName(dAtA[iNdEx:postStringIndexmapkey])
 					iNdEx = postStringIndexmapkey
 				} else if fieldNum == 2 {
-					var mapmsglen int
+					var stringLenmapvalue uint64
 					for shift := uint(0); ; shift += 7 {
 						if shift >= 64 {
 							return ErrIntOverflowGenerated
@@ -49688,26 +50273,24 @@ func (m *PersistentVolumeClaimStatus) Unmarshal(dAtA []byte) error {
 						}
 						b := dAtA[iNdEx]
 						iNdEx++
-						mapmsglen |= int(b&0x7F) << shift
+						stringLenmapvalue |= uint64(b&0x7F) << shift
 						if b < 0x80 {
 							break
 						}
 					}
-					if mapmsglen < 0 {
+					intStringLenmapvalue := int(stringLenmapvalue)
+					if intStringLenmapvalue < 0 {
 						return ErrInvalidLengthGenerated
 					}
-					postmsgIndex := iNdEx + mapmsglen
-					if postmsgIndex < 0 {
+					postStringIndexmapvalue := iNdEx + intStringLenmapvalue
+					if postStringIndexmapvalue < 0 {
 						return ErrInvalidLengthGenerated
 					}
-					if postmsgIndex > l {
+					if postStringIndexmapvalue > l {
 						return io.ErrUnexpectedEOF
 					}
-					mapvalue = &resource.Quantity{}
-					if err := mapvalue.Unmarshal(dAtA[iNdEx:postmsgIndex]); err != nil {
-						return err
-					}
-					iNdEx = postmsgIndex
+					mapvalue = ClaimResourceStatus(dAtA[iNdEx:postStringIndexmapvalue])
+					iNdEx = postStringIndexmapvalue
 				} else {
 					iNdEx = entryPreIndex
 					skippy, err := skipGenerated(dAtA[iNdEx:])
@@ -49723,40 +50306,7 @@ func (m *PersistentVolumeClaimStatus) Unmarshal(dAtA []byte) error {
 					iNdEx += skippy
 				}
 			}
-			m.AllocatedResources[ResourceName(mapkey)] = *mapvalue
-			iNdEx = postIndex
-		case 6:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field ResizeStatus", wireType)
-			}
-			var stringLen uint64
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowGenerated
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				stringLen |= uint64(b&0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
-				return ErrInvalidLengthGenerated
-			}
-			postIndex := iNdEx + intStringLen
-			if postIndex < 0 {
-				return ErrInvalidLengthGenerated
-			}
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			s := PersistentVolumeClaimResizeStatus(dAtA[iNdEx:postIndex])
-			m.ResizeStatus = &s
+			m.AllocatedResourceStatuses[ResourceName(mapkey)] = ((ClaimResourceStatus)(mapvalue))
 			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
@@ -51526,6 +52076,42 @@ func (m *PersistentVolumeStatus) Unmarshal(dAtA []byte) error {
 			}
 			m.Reason = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
+		case 4:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field LastPhaseTransitionTime", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.LastPhaseTransitionTime == nil {
+				m.LastPhaseTransitionTime = &v1.Time{}
+			}
+			if err := m.LastPhaseTransitionTime.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipGenerated(dAtA[iNdEx:])
@@ -54039,6 +54625,121 @@ func (m *PodResourceClaim) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
+func (m *PodResourceClaimStatus) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGenerated
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: PodResourceClaimStatus: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: PodResourceClaimStatus: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Name = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ResourceClaimName", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			s := string(dAtA[iNdEx:postIndex])
+			m.ResourceClaimName = &s
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGenerated(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
 func (m *PodSchedulingGate) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
@@ -56483,6 +57184,74 @@ func (m *PodStatus) Unmarshal(dAtA []byte) error {
 			}
 			m.Resize = PodResizeStatus(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
+		case 15:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ResourceClaimStatuses", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.ResourceClaimStatuses = append(m.ResourceClaimStatuses, PodResourceClaimStatus{})
+			if err := m.ResourceClaimStatuses[len(m.ResourceClaimStatuses)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 16:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field HostIPs", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.HostIPs = append(m.HostIPs, HostIP{})
+			if err := m.HostIPs[len(m.HostIPs)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipGenerated(dAtA[iNdEx:])
diff --git a/vendor/k8s.io/api/core/v1/generated.proto b/vendor/k8s.io/api/core/v1/generated.proto
index 8ef67ca40b..901e837313 100644
--- a/vendor/k8s.io/api/core/v1/generated.proto
+++ b/vendor/k8s.io/api/core/v1/generated.proto
@@ -414,15 +414,9 @@ message ClaimSource {
   //
   // The template will be used to create a new ResourceClaim, which will
   // be bound to this pod. When this pod is deleted, the ResourceClaim
-  // will also be deleted. The name of the ResourceClaim will be <pod
-  // name>-<resource name>, where <resource name> is the
-  // PodResourceClaim.Name. Pod validation will reject the pod if the
-  // concatenated name is not valid for a ResourceClaim (e.g. too long).
-  //
-  // An existing ResourceClaim with that name that is not owned by the
-  // pod will not be used for the pod to avoid using an unrelated
-  // resource by mistake. Scheduling and pod startup are then blocked
-  // until the unrelated ResourceClaim is removed.
+  // will also be deleted. The pod name and resource name, along with a
+  // generated component, will be used to form a unique name for the
+  // ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.
   //
   // This field is immutable and no changes will be made to the
   // corresponding ResourceClaim by the control plane after creating the
@@ -729,6 +723,25 @@ message Container {
   // +listType=atomic
   repeated ContainerResizePolicy resizePolicy = 23;
 
+  // RestartPolicy defines the restart behavior of individual containers in a pod.
+  // This field may only be set for init containers, and the only allowed value is "Always".
+  // For non-init containers or when this field is not specified,
+  // the restart behavior is defined by the Pod's restart policy and the container type.
+  // Setting the RestartPolicy as "Always" for the init container will have the following effect:
+  // this init container will be continually restarted on
+  // exit until all regular containers have terminated. Once all regular
+  // containers have completed, all init containers with restartPolicy "Always"
+  // will be shut down. This lifecycle differs from normal init containers and
+  // is often referred to as a "sidecar" container. Although this init
+  // container still starts in the init container sequence, it does not wait
+  // for the container to complete before proceeding to the next init
+  // container. Instead, the next init container starts immediately after this
+  // init container is started, or after any startupProbe has successfully
+  // completed.
+  // +featureGate=SidecarContainers
+  // +optional
+  optional string restartPolicy = 24;
+
   // Pod volumes to mount into the container's filesystem.
   // Cannot be updated.
   // +optional
@@ -1147,6 +1160,8 @@ message EndpointPort {
   //
   // * Kubernetes-defined prefixed names:
   //   * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540
+  //   * 'kubernetes.io/ws'  - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455
+  //   * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455
   //
   // * Other protocols should use implementation-defined prefixed names such as
   // mycompany.com/my-custom-protocol.
@@ -1386,6 +1401,14 @@ message EphemeralContainerCommon {
   // +listType=atomic
   repeated ContainerResizePolicy resizePolicy = 23;
 
+  // Restart policy for the container to manage the restart behavior of each
+  // container within a pod.
+  // This may only be set for init containers. You cannot set this field on
+  // ephemeral containers.
+  // +featureGate=SidecarContainers
+  // +optional
+  optional string restartPolicy = 24;
+
   // Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers.
   // Cannot be updated.
   // +optional
@@ -1871,6 +1894,12 @@ message HostAlias {
   repeated string hostnames = 2;
 }
 
+// HostIP represents a single IP address allocated to the host.
+message HostIP {
+  // IP is the IP address assigned to the host
+  optional string ip = 1;
+}
+
 // Represents a host path mapped into a pod.
 // Host path volumes do not support ownership management or SELinux relabeling.
 message HostPathVolumeSource {
@@ -2863,25 +2892,71 @@ message PersistentVolumeClaimStatus {
   // +patchStrategy=merge
   repeated PersistentVolumeClaimCondition conditions = 4;
 
-  // allocatedResources is the storage resource within AllocatedResources tracks the capacity allocated to a PVC. It may
-  // be larger than the actual capacity when a volume expansion operation is requested.
+  // allocatedResources tracks the resources allocated to a PVC including its capacity.
+  // Key names follow standard Kubernetes label syntax. Valid values are either:
+  // 	* Un-prefixed keys:
+  // 		- storage - the capacity of the volume.
+  // 	* Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource"
+  // Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered
+  // reserved and hence may not be used.
+  //
+  // Capacity reported here may be larger than the actual capacity when a volume expansion operation
+  // is requested.
   // For storage quota, the larger value from allocatedResources and PVC.spec.resources is used.
   // If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.
   // If a volume expansion capacity request is lowered, allocatedResources is only
   // lowered if there are no expansion operations in progress and if the actual volume capacity
   // is equal or lower than the requested capacity.
+  //
+  // A controller that receives PVC update with previously unknown resourceName
+  // should ignore the update for the purpose it was designed. For example - a controller that
+  // only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid
+  // resources associated with PVC.
+  //
   // This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
   // +featureGate=RecoverVolumeExpansionFailure
   // +optional
   map<string, k8s.io.apimachinery.pkg.api.resource.Quantity> allocatedResources = 5;
 
-  // resizeStatus stores status of resize operation.
-  // ResizeStatus is not set by default but when expansion is complete resizeStatus is set to empty
-  // string by resize controller or kubelet.
+  // allocatedResourceStatuses stores status of resource being resized for the given PVC.
+  // Key names follow standard Kubernetes label syntax. Valid values are either:
+  // 	* Un-prefixed keys:
+  // 		- storage - the capacity of the volume.
+  // 	* Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource"
+  // Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered
+  // reserved and hence may not be used.
+  //
+  // ClaimResourceStatus can be in any of following states:
+  // 	- ControllerResizeInProgress:
+  // 		State set when resize controller starts resizing the volume in control-plane.
+  // 	- ControllerResizeFailed:
+  // 		State set when resize has failed in resize controller with a terminal error.
+  // 	- NodeResizePending:
+  // 		State set when resize controller has finished resizing the volume but further resizing of
+  // 		volume is needed on the node.
+  // 	- NodeResizeInProgress:
+  // 		State set when kubelet starts resizing the volume.
+  // 	- NodeResizeFailed:
+  // 		State set when resizing has failed in kubelet with a terminal error. Transient errors don't set
+  // 		NodeResizeFailed.
+  // For example: if expanding a PVC for more capacity - this field can be one of the following states:
+  // 	- pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeInProgress"
+  //      - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeFailed"
+  //      - pvc.status.allocatedResourceStatus['storage'] = "NodeResizePending"
+  //      - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeInProgress"
+  //      - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeFailed"
+  // When this field is not set, it means that no resize operation is in progress for the given PVC.
+  //
+  // A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus
+  // should ignore the update for the purpose it was designed. For example - a controller that
+  // only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid
+  // resources associated with PVC.
+  //
   // This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
   // +featureGate=RecoverVolumeExpansionFailure
+  // +mapType=granular
   // +optional
-  optional string resizeStatus = 6;
+  map<string, string> allocatedResourceStatuses = 7;
 }
 
 // PersistentVolumeClaimTemplate is used to produce
@@ -3103,6 +3178,13 @@ message PersistentVolumeStatus {
   // for machine parsing and tidy display in the CLI.
   // +optional
   optional string reason = 3;
+
+  // lastPhaseTransitionTime is the time the phase transitioned from one to another
+  // and automatically resets to current time everytime a volume phase transitions.
+  // This is an alpha field and requires enabling PersistentVolumeLastPhaseTransitionTime feature.
+  // +featureGate=PersistentVolumeLastPhaseTransitionTime
+  // +optional
+  optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastPhaseTransitionTime = 4;
 }
 
 // Represents a Photon Controller persistent disk resource.
@@ -3347,12 +3429,9 @@ message PodExecOptions {
   repeated string command = 6;
 }
 
-// IP address information for entries in the (plural) PodIPs field.
-// Each entry includes:
-//
-// 	IP: An IP address allocated to the pod. Routable at least within the cluster.
+// PodIP represents a single IP address allocated to the pod.
 message PodIP {
-  // ip is an IP address (IPv4 or IPv6) assigned to the pod
+  // IP is the IP address assigned to the pod
   optional string ip = 1;
 }
 
@@ -3469,6 +3548,24 @@ message PodResourceClaim {
   optional ClaimSource source = 2;
 }
 
+// PodResourceClaimStatus is stored in the PodStatus for each PodResourceClaim
+// which references a ResourceClaimTemplate. It stores the generated name for
+// the corresponding ResourceClaim.
+message PodResourceClaimStatus {
+  // Name uniquely identifies this resource claim inside the pod.
+  // This must match the name of an entry in pod.spec.resourceClaims,
+  // which implies that the string must be a DNS_LABEL.
+  optional string name = 1;
+
+  // ResourceClaimName is the name of the ResourceClaim that was
+  // generated for the Pod in the namespace of the Pod. It this is
+  // unset, then generating a ResourceClaim was not necessary. The
+  // pod.spec.resourceClaims entry can be ignored in this case.
+  //
+  // +optional
+  optional string resourceClaimName = 2;
+}
+
 // PodSchedulingGate is associated to a Pod to guard its scheduling.
 message PodSchedulingGate {
   // Name of the scheduling gate.
@@ -3960,11 +4057,23 @@ message PodStatus {
   // +optional
   optional string nominatedNodeName = 11;
 
-  // IP address of the host to which the pod is assigned. Empty if not yet scheduled.
+  // hostIP holds the IP address of the host to which the pod is assigned. Empty if the pod has not started yet.
+  // A pod can be assigned to a node that has a problem in kubelet which in turns mean that HostIP will
+  // not be updated even if there is a node is assigned to pod
   // +optional
   optional string hostIP = 5;
 
-  // IP address allocated to the pod. Routable at least within the cluster.
+  // hostIPs holds the IP addresses allocated to the host. If this field is specified, the first entry must
+  // match the hostIP field. This list is empty if the pod has not started yet.
+  // A pod can be assigned to a node that has a problem in kubelet which in turns means that HostIPs will
+  // not be updated even if there is a node is assigned to this pod.
+  // +optional
+  // +patchStrategy=merge
+  // +patchMergeKey=ip
+  // +listType=atomic
+  repeated HostIP hostIPs = 16;
+
+  // podIP address allocated to the pod. Routable at least within the cluster.
   // Empty if not yet allocated.
   // +optional
   optional string podIP = 6;
@@ -4009,6 +4118,15 @@ message PodStatus {
   // +featureGate=InPlacePodVerticalScaling
   // +optional
   optional string resize = 14;
+
+  // Status of resource claims.
+  // +patchMergeKey=name
+  // +patchStrategy=merge,retainKeys
+  // +listType=map
+  // +listMapKey=name
+  // +featureGate=DynamicResourceAllocation
+  // +optional
+  repeated PodResourceClaimStatus resourceClaimStatuses = 15;
 }
 
 // PodStatusResult is a wrapper for PodStatus returned by kubelet that can be encode/decoded
@@ -4753,7 +4871,7 @@ message SeccompProfile {
   // localhostProfile indicates a profile defined in a file on the node should be used.
   // The profile must be preconfigured on the node to work.
   // Must be a descending path, relative to the kubelet's configured seccomp profile location.
-  // Must only be set if type is "Localhost".
+  // Must be set if type is "Localhost". Must NOT be set for any other type.
   // +optional
   optional string localhostProfile = 2;
 }
@@ -5124,10 +5242,19 @@ message ServicePort {
   optional string protocol = 2;
 
   // The application protocol for this port.
+  // This is used as a hint for implementations to offer richer behavior for protocols that they understand.
   // This field follows standard Kubernetes label syntax.
-  // Un-prefixed names are reserved for IANA standard service names (as per
+  // Valid values are either:
+  //
+  // * Un-prefixed protocol names - reserved for IANA standard service names (as per
   // RFC-6335 and https://www.iana.org/assignments/service-names).
-  // Non-standard protocols should use prefixed names such as
+  //
+  // * Kubernetes-defined prefixed names:
+  //   * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540
+  //   * 'kubernetes.io/ws'  - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455
+  //   * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455
+  //
+  // * Other protocols should use implementation-defined prefixed names such as
   // mycompany.com/my-custom-protocol.
   // +optional
   optional string appProtocol = 6;
@@ -5275,10 +5402,9 @@ message ServiceSpec {
   // This feature depends on whether the underlying cloud-provider supports specifying
   // the loadBalancerIP when a load balancer is created.
   // This field will be ignored if the cloud-provider does not support the feature.
-  // Deprecated: This field was under-specified and its meaning varies across implementations,
-  // and it cannot support dual-stack.
-  // As of Kubernetes v1.24, users are encouraged to use implementation-specific annotations when available.
-  // This field may be removed in a future API version.
+  // Deprecated: This field was under-specified and its meaning varies across implementations.
+  // Using it is non-portable and it may not support dual-stack.
+  // Users are encouraged to use implementation-specific annotations when available.
   // +optional
   optional string loadBalancerIP = 8;
 
@@ -6053,12 +6179,9 @@ message WindowsSecurityContextOptions {
   optional string runAsUserName = 3;
 
   // HostProcess determines if a container should be run as a 'Host Process' container.
-  // This field is alpha-level and will only be honored by components that enable the
-  // WindowsHostProcessContainers feature flag. Setting this field without the feature
-  // flag will result in errors when validating the Pod. All of a Pod's containers must
-  // have the same effective HostProcess value (it is not allowed to have a mix of HostProcess
-  // containers and non-HostProcess containers).  In addition, if HostProcess is true
-  // then HostNetwork must also be set to true.
+  // All of a Pod's containers must have the same effective HostProcess value
+  // (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+  // In addition, if HostProcess is true then HostNetwork must also be set to true.
   // +optional
   optional bool hostProcess = 4;
 }
diff --git a/vendor/k8s.io/api/core/v1/types.go b/vendor/k8s.io/api/core/v1/types.go
index c831d5961c..9e05c22356 100644
--- a/vendor/k8s.io/api/core/v1/types.go
+++ b/vendor/k8s.io/api/core/v1/types.go
@@ -411,6 +411,12 @@ type PersistentVolumeStatus struct {
 	// for machine parsing and tidy display in the CLI.
 	// +optional
 	Reason string `json:"reason,omitempty" protobuf:"bytes,3,opt,name=reason"`
+	// lastPhaseTransitionTime is the time the phase transitioned from one to another
+	// and automatically resets to current time everytime a volume phase transitions.
+	// This is an alpha field and requires enabling PersistentVolumeLastPhaseTransitionTime feature.
+	// +featureGate=PersistentVolumeLastPhaseTransitionTime
+	// +optional
+	LastPhaseTransitionTime *metav1.Time `json:"lastPhaseTransitionTime,omitempty" protobuf:"bytes,4,opt,name=lastPhaseTransitionTime"`
 }
 
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
@@ -558,23 +564,27 @@ const (
 )
 
 // +enum
-type PersistentVolumeClaimResizeStatus string
+// When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource
+// that it does not recognizes, then it should ignore that update and let other controllers
+// handle it.
+type ClaimResourceStatus string
 
 const (
-	// When expansion is complete, the empty string is set by resize controller or kubelet.
-	PersistentVolumeClaimNoExpansionInProgress PersistentVolumeClaimResizeStatus = ""
-	// State set when resize controller starts expanding the volume in control-plane
-	PersistentVolumeClaimControllerExpansionInProgress PersistentVolumeClaimResizeStatus = "ControllerExpansionInProgress"
-	// State set when expansion has failed in resize controller with a terminal error.
-	// Transient errors such as timeout should not set this status and should leave ResizeStatus
+	// State set when resize controller starts resizing the volume in control-plane.
+	PersistentVolumeClaimControllerResizeInProgress ClaimResourceStatus = "ControllerResizeInProgress"
+
+	// State set when resize has failed in resize controller with a terminal error.
+	// Transient errors such as timeout should not set this status and should leave allocatedResourceStatus
 	// unmodified, so as resize controller can resume the volume expansion.
-	PersistentVolumeClaimControllerExpansionFailed PersistentVolumeClaimResizeStatus = "ControllerExpansionFailed"
-	// State set when resize controller has finished expanding the volume but further expansion is needed on the node.
-	PersistentVolumeClaimNodeExpansionPending PersistentVolumeClaimResizeStatus = "NodeExpansionPending"
-	// State set when kubelet starts expanding the volume.
-	PersistentVolumeClaimNodeExpansionInProgress PersistentVolumeClaimResizeStatus = "NodeExpansionInProgress"
-	// State set when expansion has failed in kubelet with a terminal error. Transient errors don't set NodeExpansionFailed.
-	PersistentVolumeClaimNodeExpansionFailed PersistentVolumeClaimResizeStatus = "NodeExpansionFailed"
+	PersistentVolumeClaimControllerResizeFailed ClaimResourceStatus = "ControllerResizeFailed"
+
+	// State set when resize controller has finished resizing the volume but further resizing of volume
+	// is needed on the node.
+	PersistentVolumeClaimNodeResizePending ClaimResourceStatus = "NodeResizePending"
+	// State set when kubelet starts resizing the volume.
+	PersistentVolumeClaimNodeResizeInProgress ClaimResourceStatus = "NodeResizeInProgress"
+	// State set when resizing has failed in kubelet with a terminal error. Transient errors don't set NodeResizeFailed
+	PersistentVolumeClaimNodeResizeFailed ClaimResourceStatus = "NodeResizeFailed"
 )
 
 // PersistentVolumeClaimCondition contains details about state of pvc
@@ -615,24 +625,74 @@ type PersistentVolumeClaimStatus struct {
 	// +patchMergeKey=type
 	// +patchStrategy=merge
 	Conditions []PersistentVolumeClaimCondition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,4,rep,name=conditions"`
-	// allocatedResources is the storage resource within AllocatedResources tracks the capacity allocated to a PVC. It may
-	// be larger than the actual capacity when a volume expansion operation is requested.
+	// allocatedResources tracks the resources allocated to a PVC including its capacity.
+	// Key names follow standard Kubernetes label syntax. Valid values are either:
+	// 	* Un-prefixed keys:
+	//		- storage - the capacity of the volume.
+	//	* Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource"
+	// Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered
+	// reserved and hence may not be used.
+	//
+	// Capacity reported here may be larger than the actual capacity when a volume expansion operation
+	// is requested.
 	// For storage quota, the larger value from allocatedResources and PVC.spec.resources is used.
 	// If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.
 	// If a volume expansion capacity request is lowered, allocatedResources is only
 	// lowered if there are no expansion operations in progress and if the actual volume capacity
 	// is equal or lower than the requested capacity.
+	//
+	// A controller that receives PVC update with previously unknown resourceName
+	// should ignore the update for the purpose it was designed. For example - a controller that
+	// only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid
+	// resources associated with PVC.
+	//
 	// This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
 	// +featureGate=RecoverVolumeExpansionFailure
 	// +optional
 	AllocatedResources ResourceList `json:"allocatedResources,omitempty" protobuf:"bytes,5,rep,name=allocatedResources,casttype=ResourceList,castkey=ResourceName"`
-	// resizeStatus stores status of resize operation.
-	// ResizeStatus is not set by default but when expansion is complete resizeStatus is set to empty
-	// string by resize controller or kubelet.
+
+	// resizestatus is tombstoned since the field was replaced by allocatedResourceStatus
+	// ResizeStatus *PersistentVolumeClaimResizeStatus `json:"resizeStatus,omitempty" protobuf:"bytes,6,opt,name=resizeStatus,casttype=PersistentVolumeClaimResizeStatus"`
+
+	// allocatedResourceStatuses stores status of resource being resized for the given PVC.
+	// Key names follow standard Kubernetes label syntax. Valid values are either:
+	// 	* Un-prefixed keys:
+	//		- storage - the capacity of the volume.
+	//	* Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource"
+	// Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered
+	// reserved and hence may not be used.
+	//
+	// ClaimResourceStatus can be in any of following states:
+	//	- ControllerResizeInProgress:
+	//		State set when resize controller starts resizing the volume in control-plane.
+	// 	- ControllerResizeFailed:
+	//		State set when resize has failed in resize controller with a terminal error.
+	//	- NodeResizePending:
+	//		State set when resize controller has finished resizing the volume but further resizing of
+	//		volume is needed on the node.
+	//	- NodeResizeInProgress:
+	//		State set when kubelet starts resizing the volume.
+	//	- NodeResizeFailed:
+	//		State set when resizing has failed in kubelet with a terminal error. Transient errors don't set
+	//		NodeResizeFailed.
+	// For example: if expanding a PVC for more capacity - this field can be one of the following states:
+	// 	- pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeInProgress"
+	//      - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeFailed"
+	//      - pvc.status.allocatedResourceStatus['storage'] = "NodeResizePending"
+	//      - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeInProgress"
+	//      - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeFailed"
+	// When this field is not set, it means that no resize operation is in progress for the given PVC.
+	//
+	// A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus
+	// should ignore the update for the purpose it was designed. For example - a controller that
+	// only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid
+	// resources associated with PVC.
+	//
 	// This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
 	// +featureGate=RecoverVolumeExpansionFailure
+	// +mapType=granular
 	// +optional
-	ResizeStatus *PersistentVolumeClaimResizeStatus `json:"resizeStatus,omitempty" protobuf:"bytes,6,opt,name=resizeStatus,casttype=PersistentVolumeClaimResizeStatus"`
+	AllocatedResourceStatuses map[ResourceName]ClaimResourceStatus `json:"allocatedResourceStatuses,omitempty" protobuf:"bytes,7,rep,name=allocatedResourceStatuses"`
 }
 
 // +enum
@@ -2446,6 +2506,24 @@ type Container struct {
 	// +optional
 	// +listType=atomic
 	ResizePolicy []ContainerResizePolicy `json:"resizePolicy,omitempty" protobuf:"bytes,23,rep,name=resizePolicy"`
+	// RestartPolicy defines the restart behavior of individual containers in a pod.
+	// This field may only be set for init containers, and the only allowed value is "Always".
+	// For non-init containers or when this field is not specified,
+	// the restart behavior is defined by the Pod's restart policy and the container type.
+	// Setting the RestartPolicy as "Always" for the init container will have the following effect:
+	// this init container will be continually restarted on
+	// exit until all regular containers have terminated. Once all regular
+	// containers have completed, all init containers with restartPolicy "Always"
+	// will be shut down. This lifecycle differs from normal init containers and
+	// is often referred to as a "sidecar" container. Although this init
+	// container still starts in the init container sequence, it does not wait
+	// for the container to complete before proceeding to the next init
+	// container. Instead, the next init container starts immediately after this
+	// init container is started, or after any startupProbe has successfully
+	// completed.
+	// +featureGate=SidecarContainers
+	// +optional
+	RestartPolicy *ContainerRestartPolicy `json:"restartPolicy,omitempty" protobuf:"bytes,24,opt,name=restartPolicy,casttype=ContainerRestartPolicy"`
 	// Pod volumes to mount into the container's filesystem.
 	// Cannot be updated.
 	// +optional
@@ -2842,6 +2920,14 @@ const (
 	RestartPolicyNever     RestartPolicy = "Never"
 )
 
+// ContainerRestartPolicy is the restart policy for a single container.
+// This may only be set for init containers and only allowed value is "Always".
+type ContainerRestartPolicy string
+
+const (
+	ContainerRestartPolicyAlways ContainerRestartPolicy = "Always"
+)
+
 // DNSPolicy defines how a pod's DNS will be configured.
 // +enum
 type DNSPolicy string
@@ -3524,15 +3610,9 @@ type ClaimSource struct {
 	//
 	// The template will be used to create a new ResourceClaim, which will
 	// be bound to this pod. When this pod is deleted, the ResourceClaim
-	// will also be deleted. The name of the ResourceClaim will be <pod
-	// name>-<resource name>, where <resource name> is the
-	// PodResourceClaim.Name. Pod validation will reject the pod if the
-	// concatenated name is not valid for a ResourceClaim (e.g. too long).
-	//
-	// An existing ResourceClaim with that name that is not owned by the
-	// pod will not be used for the pod to avoid using an unrelated
-	// resource by mistake. Scheduling and pod startup are then blocked
-	// until the unrelated ResourceClaim is removed.
+	// will also be deleted. The pod name and resource name, along with a
+	// generated component, will be used to form a unique name for the
+	// ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.
 	//
 	// This field is immutable and no changes will be made to the
 	// corresponding ResourceClaim by the control plane after creating the
@@ -3540,6 +3620,24 @@ type ClaimSource struct {
 	ResourceClaimTemplateName *string `json:"resourceClaimTemplateName,omitempty" protobuf:"bytes,2,opt,name=resourceClaimTemplateName"`
 }
 
+// PodResourceClaimStatus is stored in the PodStatus for each PodResourceClaim
+// which references a ResourceClaimTemplate. It stores the generated name for
+// the corresponding ResourceClaim.
+type PodResourceClaimStatus struct {
+	// Name uniquely identifies this resource claim inside the pod.
+	// This must match the name of an entry in pod.spec.resourceClaims,
+	// which implies that the string must be a DNS_LABEL.
+	Name string `json:"name" protobuf:"bytes,1,name=name"`
+
+	// ResourceClaimName is the name of the ResourceClaim that was
+	// generated for the Pod in the namespace of the Pod. It this is
+	// unset, then generating a ResourceClaim was not necessary. The
+	// pod.spec.resourceClaims entry can be ignored in this case.
+	//
+	// +optional
+	ResourceClaimName *string `json:"resourceClaimName,omitempty" protobuf:"bytes,2,opt,name=resourceClaimName"`
+}
+
 // OSName is the set of OS'es that can be used in OS.
 type OSName string
 
@@ -3838,7 +3936,7 @@ type SeccompProfile struct {
 	// localhostProfile indicates a profile defined in a file on the node should be used.
 	// The profile must be preconfigured on the node to work.
 	// Must be a descending path, relative to the kubelet's configured seccomp profile location.
-	// Must only be set if type is "Localhost".
+	// Must be set if type is "Localhost". Must NOT be set for any other type.
 	// +optional
 	LocalhostProfile *string `json:"localhostProfile,omitempty" protobuf:"bytes,2,opt,name=localhostProfile"`
 }
@@ -3899,12 +3997,15 @@ type PodDNSConfigOption struct {
 	Value *string `json:"value,omitempty" protobuf:"bytes,2,opt,name=value"`
 }
 
-// IP address information for entries in the (plural) PodIPs field.
-// Each entry includes:
-//
-//	IP: An IP address allocated to the pod. Routable at least within the cluster.
+// PodIP represents a single IP address allocated to the pod.
 type PodIP struct {
-	// ip is an IP address (IPv4 or IPv6) assigned to the pod
+	// IP is the IP address assigned to the pod
+	IP string `json:"ip,omitempty" protobuf:"bytes,1,opt,name=ip"`
+}
+
+// HostIP represents a single IP address allocated to the host.
+type HostIP struct {
+	// IP is the IP address assigned to the host
 	IP string `json:"ip,omitempty" protobuf:"bytes,1,opt,name=ip"`
 }
 
@@ -3976,6 +4077,13 @@ type EphemeralContainerCommon struct {
 	// +optional
 	// +listType=atomic
 	ResizePolicy []ContainerResizePolicy `json:"resizePolicy,omitempty" protobuf:"bytes,23,rep,name=resizePolicy"`
+	// Restart policy for the container to manage the restart behavior of each
+	// container within a pod.
+	// This may only be set for init containers. You cannot set this field on
+	// ephemeral containers.
+	// +featureGate=SidecarContainers
+	// +optional
+	RestartPolicy *ContainerRestartPolicy `json:"restartPolicy,omitempty" protobuf:"bytes,24,opt,name=restartPolicy,casttype=ContainerRestartPolicy"`
 	// Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers.
 	// Cannot be updated.
 	// +optional
@@ -4128,10 +4236,23 @@ type PodStatus struct {
 	// +optional
 	NominatedNodeName string `json:"nominatedNodeName,omitempty" protobuf:"bytes,11,opt,name=nominatedNodeName"`
 
-	// IP address of the host to which the pod is assigned. Empty if not yet scheduled.
+	// hostIP holds the IP address of the host to which the pod is assigned. Empty if the pod has not started yet.
+	// A pod can be assigned to a node that has a problem in kubelet which in turns mean that HostIP will
+	// not be updated even if there is a node is assigned to pod
 	// +optional
 	HostIP string `json:"hostIP,omitempty" protobuf:"bytes,5,opt,name=hostIP"`
-	// IP address allocated to the pod. Routable at least within the cluster.
+
+	// hostIPs holds the IP addresses allocated to the host. If this field is specified, the first entry must
+	// match the hostIP field. This list is empty if the pod has not started yet.
+	// A pod can be assigned to a node that has a problem in kubelet which in turns means that HostIPs will
+	// not be updated even if there is a node is assigned to this pod.
+	// +optional
+	// +patchStrategy=merge
+	// +patchMergeKey=ip
+	// +listType=atomic
+	HostIPs []HostIP `json:"hostIPs,omitempty" protobuf:"bytes,16,rep,name=hostIPs" patchStrategy:"merge" patchMergeKey:"ip"`
+
+	// podIP address allocated to the pod. Routable at least within the cluster.
 	// Empty if not yet allocated.
 	// +optional
 	PodIP string `json:"podIP,omitempty" protobuf:"bytes,6,opt,name=podIP"`
@@ -4174,6 +4295,15 @@ type PodStatus struct {
 	// +featureGate=InPlacePodVerticalScaling
 	// +optional
 	Resize PodResizeStatus `json:"resize,omitempty" protobuf:"bytes,14,opt,name=resize,casttype=PodResizeStatus"`
+
+	// Status of resource claims.
+	// +patchMergeKey=name
+	// +patchStrategy=merge,retainKeys
+	// +listType=map
+	// +listMapKey=name
+	// +featureGate=DynamicResourceAllocation
+	// +optional
+	ResourceClaimStatuses []PodResourceClaimStatus `json:"resourceClaimStatuses,omitempty" patchStrategy:"merge,retainKeys" patchMergeKey:"name" protobuf:"bytes,15,rep,name=resourceClaimStatuses"`
 }
 
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
@@ -4714,10 +4844,9 @@ type ServiceSpec struct {
 	// This feature depends on whether the underlying cloud-provider supports specifying
 	// the loadBalancerIP when a load balancer is created.
 	// This field will be ignored if the cloud-provider does not support the feature.
-	// Deprecated: This field was under-specified and its meaning varies across implementations,
-	// and it cannot support dual-stack.
-	// As of Kubernetes v1.24, users are encouraged to use implementation-specific annotations when available.
-	// This field may be removed in a future API version.
+	// Deprecated: This field was under-specified and its meaning varies across implementations.
+	// Using it is non-portable and it may not support dual-stack.
+	// Users are encouraged to use implementation-specific annotations when available.
 	// +optional
 	LoadBalancerIP string `json:"loadBalancerIP,omitempty" protobuf:"bytes,8,opt,name=loadBalancerIP"`
 
@@ -4866,10 +4995,19 @@ type ServicePort struct {
 	Protocol Protocol `json:"protocol,omitempty" protobuf:"bytes,2,opt,name=protocol,casttype=Protocol"`
 
 	// The application protocol for this port.
+	// This is used as a hint for implementations to offer richer behavior for protocols that they understand.
 	// This field follows standard Kubernetes label syntax.
-	// Un-prefixed names are reserved for IANA standard service names (as per
+	// Valid values are either:
+	//
+	// * Un-prefixed protocol names - reserved for IANA standard service names (as per
 	// RFC-6335 and https://www.iana.org/assignments/service-names).
-	// Non-standard protocols should use prefixed names such as
+	//
+	// * Kubernetes-defined prefixed names:
+	//   * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540
+	//   * 'kubernetes.io/ws'  - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455
+	//   * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455
+	//
+	// * Other protocols should use implementation-defined prefixed names such as
 	// mycompany.com/my-custom-protocol.
 	// +optional
 	AppProtocol *string `json:"appProtocol,omitempty" protobuf:"bytes,6,opt,name=appProtocol"`
@@ -5110,6 +5248,8 @@ type EndpointPort struct {
 	//
 	// * Kubernetes-defined prefixed names:
 	//   * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540
+	//   * 'kubernetes.io/ws'  - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455
+	//   * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455
 	//
 	// * Other protocols should use implementation-defined prefixed names such as
 	// mycompany.com/my-custom-protocol.
@@ -6802,12 +6942,9 @@ type WindowsSecurityContextOptions struct {
 	RunAsUserName *string `json:"runAsUserName,omitempty" protobuf:"bytes,3,opt,name=runAsUserName"`
 
 	// HostProcess determines if a container should be run as a 'Host Process' container.
-	// This field is alpha-level and will only be honored by components that enable the
-	// WindowsHostProcessContainers feature flag. Setting this field without the feature
-	// flag will result in errors when validating the Pod. All of a Pod's containers must
-	// have the same effective HostProcess value (it is not allowed to have a mix of HostProcess
-	// containers and non-HostProcess containers).  In addition, if HostProcess is true
-	// then HostNetwork must also be set to true.
+	// All of a Pod's containers must have the same effective HostProcess value
+	// (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+	// In addition, if HostProcess is true then HostNetwork must also be set to true.
 	// +optional
 	HostProcess *bool `json:"hostProcess,omitempty" protobuf:"bytes,4,opt,name=hostProcess"`
 }
diff --git a/vendor/k8s.io/api/core/v1/types_swagger_doc_generated.go b/vendor/k8s.io/api/core/v1/types_swagger_doc_generated.go
index a01ae37173..9734d8b41e 100644
--- a/vendor/k8s.io/api/core/v1/types_swagger_doc_generated.go
+++ b/vendor/k8s.io/api/core/v1/types_swagger_doc_generated.go
@@ -212,7 +212,7 @@ func (CinderVolumeSource) SwaggerDoc() map[string]string {
 var map_ClaimSource = map[string]string{
 	"":                          "ClaimSource describes a reference to a ResourceClaim.\n\nExactly one of these fields should be set.  Consumers of this type must treat an empty object as if it has an unknown value.",
 	"resourceClaimName":         "ResourceClaimName is the name of a ResourceClaim object in the same namespace as this pod.",
-	"resourceClaimTemplateName": "ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod.\n\nThe template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The name of the ResourceClaim will be <pod name>-<resource name>, where <resource name> is the PodResourceClaim.Name. Pod validation will reject the pod if the concatenated name is not valid for a ResourceClaim (e.g. too long).\n\nAn existing ResourceClaim with that name that is not owned by the pod will not be used for the pod to avoid using an unrelated resource by mistake. Scheduling and pod startup are then blocked until the unrelated ResourceClaim is removed.\n\nThis field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim.",
+	"resourceClaimTemplateName": "ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod.\n\nThe template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The pod name and resource name, along with a generated component, will be used to form a unique name for the ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.\n\nThis field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim.",
 }
 
 func (ClaimSource) SwaggerDoc() map[string]string {
@@ -347,6 +347,7 @@ var map_Container = map[string]string{
 	"env":                      "List of environment variables to set in the container. Cannot be updated.",
 	"resources":                "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/",
 	"resizePolicy":             "Resources resize policy for the container.",
+	"restartPolicy":            "RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is \"Always\". For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as \"Always\" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy \"Always\" will be shut down. This lifecycle differs from normal init containers and is often referred to as a \"sidecar\" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.",
 	"volumeMounts":             "Pod volumes to mount into the container's filesystem. Cannot be updated.",
 	"volumeDevices":            "volumeDevices is the list of block devices to be used by the container.",
 	"livenessProbe":            "Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes",
@@ -530,7 +531,7 @@ var map_EndpointPort = map[string]string{
 	"name":        "The name of this port.  This must match the 'name' field in the corresponding ServicePort. Must be a DNS_LABEL. Optional only if one port is defined.",
 	"port":        "The port number of the endpoint.",
 	"protocol":    "The IP protocol for this port. Must be UDP, TCP, or SCTP. Default is TCP.",
-	"appProtocol": "The application protocol for this port. This is used as a hint for implementations to offer richer behavior for protocols that they understand. This field follows standard Kubernetes label syntax. Valid values are either:\n\n* Un-prefixed protocol names - reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names).\n\n* Kubernetes-defined prefixed names:\n  * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540\n\n* Other protocols should use implementation-defined prefixed names such as mycompany.com/my-custom-protocol.",
+	"appProtocol": "The application protocol for this port. This is used as a hint for implementations to offer richer behavior for protocols that they understand. This field follows standard Kubernetes label syntax. Valid values are either:\n\n* Un-prefixed protocol names - reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names).\n\n* Kubernetes-defined prefixed names:\n  * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540\n  * 'kubernetes.io/ws'  - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455\n  * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455\n\n* Other protocols should use implementation-defined prefixed names such as mycompany.com/my-custom-protocol.",
 }
 
 func (EndpointPort) SwaggerDoc() map[string]string {
@@ -623,6 +624,7 @@ var map_EphemeralContainerCommon = map[string]string{
 	"env":                      "List of environment variables to set in the container. Cannot be updated.",
 	"resources":                "Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.",
 	"resizePolicy":             "Resources resize policy for the container.",
+	"restartPolicy":            "Restart policy for the container to manage the restart behavior of each container within a pod. This may only be set for init containers. You cannot set this field on ephemeral containers.",
 	"volumeMounts":             "Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. Cannot be updated.",
 	"volumeDevices":            "volumeDevices is the list of block devices to be used by the container.",
 	"livenessProbe":            "Probes are not allowed for ephemeral containers.",
@@ -850,6 +852,15 @@ func (HostAlias) SwaggerDoc() map[string]string {
 	return map_HostAlias
 }
 
+var map_HostIP = map[string]string{
+	"":   "HostIP represents a single IP address allocated to the host.",
+	"ip": "IP is the IP address assigned to the host",
+}
+
+func (HostIP) SwaggerDoc() map[string]string {
+	return map_HostIP
+}
+
 var map_HostPathVolumeSource = map[string]string{
 	"":     "Represents a host path mapped into a pod. Host path volumes do not support ownership management or SELinux relabeling.",
 	"path": "path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath",
@@ -1344,13 +1355,13 @@ func (PersistentVolumeClaimSpec) SwaggerDoc() map[string]string {
 }
 
 var map_PersistentVolumeClaimStatus = map[string]string{
-	"":                   "PersistentVolumeClaimStatus is the current status of a persistent volume claim.",
-	"phase":              "phase represents the current phase of PersistentVolumeClaim.",
-	"accessModes":        "accessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1",
-	"capacity":           "capacity represents the actual resources of the underlying volume.",
-	"conditions":         "conditions is the current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'.",
-	"allocatedResources": "allocatedResources is the storage resource within AllocatedResources tracks the capacity allocated to a PVC. It may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.",
-	"resizeStatus":       "resizeStatus stores status of resize operation. ResizeStatus is not set by default but when expansion is complete resizeStatus is set to empty string by resize controller or kubelet. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.",
+	"":                          "PersistentVolumeClaimStatus is the current status of a persistent volume claim.",
+	"phase":                     "phase represents the current phase of PersistentVolumeClaim.",
+	"accessModes":               "accessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1",
+	"capacity":                  "capacity represents the actual resources of the underlying volume.",
+	"conditions":                "conditions is the current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'.",
+	"allocatedResources":        "allocatedResources tracks the resources allocated to a PVC including its capacity. Key names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used.\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.",
+	"allocatedResourceStatuses": "allocatedResourceStatuses stores status of resource being resized for the given PVC. Key names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used.\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n     - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n     - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n     - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n     - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.",
 }
 
 func (PersistentVolumeClaimStatus) SwaggerDoc() map[string]string {
@@ -1434,10 +1445,11 @@ func (PersistentVolumeSpec) SwaggerDoc() map[string]string {
 }
 
 var map_PersistentVolumeStatus = map[string]string{
-	"":        "PersistentVolumeStatus is the current status of a persistent volume.",
-	"phase":   "phase indicates if a volume is available, bound to a claim, or released by a claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#phase",
-	"message": "message is a human-readable message indicating details about why the volume is in this state.",
-	"reason":  "reason is a brief CamelCase string that describes any failure and is meant for machine parsing and tidy display in the CLI.",
+	"":                        "PersistentVolumeStatus is the current status of a persistent volume.",
+	"phase":                   "phase indicates if a volume is available, bound to a claim, or released by a claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#phase",
+	"message":                 "message is a human-readable message indicating details about why the volume is in this state.",
+	"reason":                  "reason is a brief CamelCase string that describes any failure and is meant for machine parsing and tidy display in the CLI.",
+	"lastPhaseTransitionTime": "lastPhaseTransitionTime is the time the phase transitioned from one to another and automatically resets to current time everytime a volume phase transitions. This is an alpha field and requires enabling PersistentVolumeLastPhaseTransitionTime feature.",
 }
 
 func (PersistentVolumeStatus) SwaggerDoc() map[string]string {
@@ -1559,8 +1571,8 @@ func (PodExecOptions) SwaggerDoc() map[string]string {
 }
 
 var map_PodIP = map[string]string{
-	"":   "IP address information for entries in the (plural) PodIPs field. Each entry includes:\n\n\tIP: An IP address allocated to the pod. Routable at least within the cluster.",
-	"ip": "ip is an IP address (IPv4 or IPv6) assigned to the pod",
+	"":   "PodIP represents a single IP address allocated to the pod.",
+	"ip": "IP is the IP address assigned to the pod",
 }
 
 func (PodIP) SwaggerDoc() map[string]string {
@@ -1640,6 +1652,16 @@ func (PodResourceClaim) SwaggerDoc() map[string]string {
 	return map_PodResourceClaim
 }
 
+var map_PodResourceClaimStatus = map[string]string{
+	"":                  "PodResourceClaimStatus is stored in the PodStatus for each PodResourceClaim which references a ResourceClaimTemplate. It stores the generated name for the corresponding ResourceClaim.",
+	"name":              "Name uniquely identifies this resource claim inside the pod. This must match the name of an entry in pod.spec.resourceClaims, which implies that the string must be a DNS_LABEL.",
+	"resourceClaimName": "ResourceClaimName is the name of the ResourceClaim that was generated for the Pod in the namespace of the Pod. It this is unset, then generating a ResourceClaim was not necessary. The pod.spec.resourceClaims entry can be ignored in this case.",
+}
+
+func (PodResourceClaimStatus) SwaggerDoc() map[string]string {
+	return map_PodResourceClaimStatus
+}
+
 var map_PodSchedulingGate = map[string]string{
 	"":     "PodSchedulingGate is associated to a Pod to guard its scheduling.",
 	"name": "Name of the scheduling gate. Each scheduling gate must have a unique name field.",
@@ -1730,8 +1752,9 @@ var map_PodStatus = map[string]string{
 	"message":                    "A human readable message indicating details about why the pod is in this condition.",
 	"reason":                     "A brief CamelCase message indicating details about why the pod is in this state. e.g. 'Evicted'",
 	"nominatedNodeName":          "nominatedNodeName is set only when this pod preempts other pods on the node, but it cannot be scheduled right away as preemption victims receive their graceful termination periods. This field does not guarantee that the pod will be scheduled on this node. Scheduler may decide to place the pod elsewhere if other nodes become available sooner. Scheduler may also decide to give the resources on this node to a higher priority pod that is created after preemption. As a result, this field may be different than PodSpec.nodeName when the pod is scheduled.",
-	"hostIP":                     "IP address of the host to which the pod is assigned. Empty if not yet scheduled.",
-	"podIP":                      "IP address allocated to the pod. Routable at least within the cluster. Empty if not yet allocated.",
+	"hostIP":                     "hostIP holds the IP address of the host to which the pod is assigned. Empty if the pod has not started yet. A pod can be assigned to a node that has a problem in kubelet which in turns mean that HostIP will not be updated even if there is a node is assigned to pod",
+	"hostIPs":                    "hostIPs holds the IP addresses allocated to the host. If this field is specified, the first entry must match the hostIP field. This list is empty if the pod has not started yet. A pod can be assigned to a node that has a problem in kubelet which in turns means that HostIPs will not be updated even if there is a node is assigned to this pod.",
+	"podIP":                      "podIP address allocated to the pod. Routable at least within the cluster. Empty if not yet allocated.",
 	"podIPs":                     "podIPs holds the IP addresses allocated to the pod. If this field is specified, the 0th entry must match the podIP field. Pods may be allocated at most 1 value for each of IPv4 and IPv6. This list is empty if no IPs have been allocated yet.",
 	"startTime":                  "RFC 3339 date and time at which the object was acknowledged by the Kubelet. This is before the Kubelet pulled the container image(s) for the pod.",
 	"initContainerStatuses":      "The list has one entry per init container in the manifest. The most recent successful init container will have ready = true, the most recently started container will have startTime set. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-status",
@@ -1739,6 +1762,7 @@ var map_PodStatus = map[string]string{
 	"qosClass":                   "The Quality of Service (QOS) classification assigned to the pod based on resource requirements See PodQOSClass type for available QOS classes More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-qos/#quality-of-service-classes",
 	"ephemeralContainerStatuses": "Status for any ephemeral containers that have run in this pod.",
 	"resize":                     "Status of resources resize desired for pod's containers. It is empty if no resources resize is pending. Any changes to container resources will automatically set this to \"Proposed\"",
+	"resourceClaimStatuses":      "Status of resource claims.",
 }
 
 func (PodStatus) SwaggerDoc() map[string]string {
@@ -2134,7 +2158,7 @@ func (ScopedResourceSelectorRequirement) SwaggerDoc() map[string]string {
 var map_SeccompProfile = map[string]string{
 	"":                 "SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.",
 	"type":             "type indicates which kind of seccomp profile will be applied. Valid options are:\n\nLocalhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.",
-	"localhostProfile": "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is \"Localhost\".",
+	"localhostProfile": "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is \"Localhost\". Must NOT be set for any other type.",
 }
 
 func (SeccompProfile) SwaggerDoc() map[string]string {
@@ -2301,7 +2325,7 @@ var map_ServicePort = map[string]string{
 	"":            "ServicePort contains information on service's port.",
 	"name":        "The name of this port within the service. This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. When considering the endpoints for a Service, this must match the 'name' field in the EndpointPort. Optional if only one ServicePort is defined on this service.",
 	"protocol":    "The IP protocol for this port. Supports \"TCP\", \"UDP\", and \"SCTP\". Default is TCP.",
-	"appProtocol": "The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol.",
+	"appProtocol": "The application protocol for this port. This is used as a hint for implementations to offer richer behavior for protocols that they understand. This field follows standard Kubernetes label syntax. Valid values are either:\n\n* Un-prefixed protocol names - reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names).\n\n* Kubernetes-defined prefixed names:\n  * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540\n  * 'kubernetes.io/ws'  - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455\n  * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455\n\n* Other protocols should use implementation-defined prefixed names such as mycompany.com/my-custom-protocol.",
 	"port":        "The port that will be exposed by this service.",
 	"targetPort":  "Number or name of the port to access on the pods targeted by the service. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. If this is a string, it will be looked up as a named port in the target Pod's container ports. If this is not specified, the value of the 'port' field is used (an identity map). This field is ignored for services with clusterIP=None, and should be omitted or set equal to the 'port' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service",
 	"nodePort":    "The port on each node on which this service is exposed when type is NodePort or LoadBalancer.  Usually assigned by the system. If a value is specified, in-range, and not in use it will be used, otherwise the operation will fail.  If not specified, a port will be allocated if this Service requires one.  If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport",
@@ -2329,7 +2353,7 @@ var map_ServiceSpec = map[string]string{
 	"type":                          "type determines how the Service is exposed. Defaults to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, and LoadBalancer. \"ClusterIP\" allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, by manual construction of an Endpoints object or EndpointSlice objects. If clusterIP is \"None\", no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a virtual IP. \"NodePort\" builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the clusterIP. \"LoadBalancer\" builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP. \"ExternalName\" aliases this service to the specified externalName. Several other fields do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types",
 	"externalIPs":                   "externalIPs is a list of IP addresses for which nodes in the cluster will also accept traffic for this service.  These IPs are not managed by Kubernetes.  The user is responsible for ensuring that traffic arrives at a node with this IP.  A common example is external load-balancers that are not part of the Kubernetes system.",
 	"sessionAffinity":               "Supports \"ClientIP\" and \"None\". Used to maintain session affinity. Enable client IP based session affinity. Must be ClientIP or None. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies",
-	"loadBalancerIP":                "Only applies to Service Type: LoadBalancer. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature. Deprecated: This field was under-specified and its meaning varies across implementations, and it cannot support dual-stack. As of Kubernetes v1.24, users are encouraged to use implementation-specific annotations when available. This field may be removed in a future API version.",
+	"loadBalancerIP":                "Only applies to Service Type: LoadBalancer. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature. Deprecated: This field was under-specified and its meaning varies across implementations. Using it is non-portable and it may not support dual-stack. Users are encouraged to use implementation-specific annotations when available.",
 	"loadBalancerSourceRanges":      "If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature.\" More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/",
 	"externalName":                  "externalName is the external reference that discovery mechanisms will return as an alias for this service (e.g. a DNS CNAME record). No proxying will be involved.  Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) and requires `type` to be \"ExternalName\".",
 	"externalTrafficPolicy":         "externalTrafficPolicy describes how nodes distribute service traffic they receive on one of the Service's \"externally-facing\" addresses (NodePorts, ExternalIPs, and LoadBalancer IPs). If set to \"Local\", the proxy will configure the service in a way that assumes that external load balancers will take care of balancing the service traffic between nodes, and so each node will deliver traffic only to the node-local endpoints of the service, without masquerading the client source IP. (Traffic mistakenly sent to a node with no endpoints will be dropped.) The default value, \"Cluster\", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). Note that traffic sent to an External IP or LoadBalancer IP from within the cluster will always get \"Cluster\" semantics, but clients sending to a NodePort from within the cluster may need to take traffic policy into account when picking a node.",
@@ -2612,7 +2636,7 @@ var map_WindowsSecurityContextOptions = map[string]string{
 	"gmsaCredentialSpecName": "GMSACredentialSpecName is the name of the GMSA credential spec to use.",
 	"gmsaCredentialSpec":     "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.",
 	"runAsUserName":          "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.",
-	"hostProcess":            "HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).  In addition, if HostProcess is true then HostNetwork must also be set to true.",
+	"hostProcess":            "HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.",
 }
 
 func (WindowsSecurityContextOptions) SwaggerDoc() map[string]string {
diff --git a/vendor/k8s.io/api/core/v1/well_known_labels.go b/vendor/k8s.io/api/core/v1/well_known_labels.go
index 5cf82a9817..8c3cb87b82 100644
--- a/vendor/k8s.io/api/core/v1/well_known_labels.go
+++ b/vendor/k8s.io/api/core/v1/well_known_labels.go
@@ -19,6 +19,10 @@ package v1
 const (
 	LabelHostname = "kubernetes.io/hostname"
 
+	// Label value is the network location of kube-apiserver stored as <ip:port>
+	// Stored in APIServer Identity lease objects to view what address is used for peer proxy
+	AnnotationPeerAdvertiseAddress = "kubernetes.io/peer-advertise-address"
+
 	LabelTopologyZone   = "topology.kubernetes.io/zone"
 	LabelTopologyRegion = "topology.kubernetes.io/region"
 
diff --git a/vendor/k8s.io/api/core/v1/zz_generated.deepcopy.go b/vendor/k8s.io/api/core/v1/zz_generated.deepcopy.go
index bfb7e0bff5..d76f0bbbcf 100644
--- a/vendor/k8s.io/api/core/v1/zz_generated.deepcopy.go
+++ b/vendor/k8s.io/api/core/v1/zz_generated.deepcopy.go
@@ -793,6 +793,11 @@ func (in *Container) DeepCopyInto(out *Container) {
 		*out = make([]ContainerResizePolicy, len(*in))
 		copy(*out, *in)
 	}
+	if in.RestartPolicy != nil {
+		in, out := &in.RestartPolicy, &out.RestartPolicy
+		*out = new(ContainerRestartPolicy)
+		**out = **in
+	}
 	if in.VolumeMounts != nil {
 		in, out := &in.VolumeMounts, &out.VolumeMounts
 		*out = make([]VolumeMount, len(*in))
@@ -1420,6 +1425,11 @@ func (in *EphemeralContainerCommon) DeepCopyInto(out *EphemeralContainerCommon)
 		*out = make([]ContainerResizePolicy, len(*in))
 		copy(*out, *in)
 	}
+	if in.RestartPolicy != nil {
+		in, out := &in.RestartPolicy, &out.RestartPolicy
+		*out = new(ContainerRestartPolicy)
+		**out = **in
+	}
 	if in.VolumeMounts != nil {
 		in, out := &in.VolumeMounts, &out.VolumeMounts
 		*out = make([]VolumeMount, len(*in))
@@ -1871,6 +1881,22 @@ func (in *HostAlias) DeepCopy() *HostAlias {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *HostIP) DeepCopyInto(out *HostIP) {
+	*out = *in
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HostIP.
+func (in *HostIP) DeepCopy() *HostIP {
+	if in == nil {
+		return nil
+	}
+	out := new(HostIP)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *HostPathVolumeSource) DeepCopyInto(out *HostPathVolumeSource) {
 	*out = *in
@@ -2895,7 +2921,7 @@ func (in *PersistentVolume) DeepCopyInto(out *PersistentVolume) {
 	out.TypeMeta = in.TypeMeta
 	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
 	in.Spec.DeepCopyInto(&out.Spec)
-	out.Status = in.Status
+	in.Status.DeepCopyInto(&out.Status)
 	return
 }
 
@@ -3072,10 +3098,12 @@ func (in *PersistentVolumeClaimStatus) DeepCopyInto(out *PersistentVolumeClaimSt
 			(*out)[key] = val.DeepCopy()
 		}
 	}
-	if in.ResizeStatus != nil {
-		in, out := &in.ResizeStatus, &out.ResizeStatus
-		*out = new(PersistentVolumeClaimResizeStatus)
-		**out = **in
+	if in.AllocatedResourceStatuses != nil {
+		in, out := &in.AllocatedResourceStatuses, &out.AllocatedResourceStatuses
+		*out = make(map[ResourceName]ClaimResourceStatus, len(*in))
+		for key, val := range *in {
+			(*out)[key] = val
+		}
 	}
 	return
 }
@@ -3335,6 +3363,10 @@ func (in *PersistentVolumeSpec) DeepCopy() *PersistentVolumeSpec {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *PersistentVolumeStatus) DeepCopyInto(out *PersistentVolumeStatus) {
 	*out = *in
+	if in.LastPhaseTransitionTime != nil {
+		in, out := &in.LastPhaseTransitionTime, &out.LastPhaseTransitionTime
+		*out = (*in).DeepCopy()
+	}
 	return
 }
 
@@ -3807,6 +3839,27 @@ func (in *PodResourceClaim) DeepCopy() *PodResourceClaim {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *PodResourceClaimStatus) DeepCopyInto(out *PodResourceClaimStatus) {
+	*out = *in
+	if in.ResourceClaimName != nil {
+		in, out := &in.ResourceClaimName, &out.ResourceClaimName
+		*out = new(string)
+		**out = **in
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodResourceClaimStatus.
+func (in *PodResourceClaimStatus) DeepCopy() *PodResourceClaimStatus {
+	if in == nil {
+		return nil
+	}
+	out := new(PodResourceClaimStatus)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *PodSchedulingGate) DeepCopyInto(out *PodSchedulingGate) {
 	*out = *in
@@ -4091,6 +4144,11 @@ func (in *PodStatus) DeepCopyInto(out *PodStatus) {
 			(*in)[i].DeepCopyInto(&(*out)[i])
 		}
 	}
+	if in.HostIPs != nil {
+		in, out := &in.HostIPs, &out.HostIPs
+		*out = make([]HostIP, len(*in))
+		copy(*out, *in)
+	}
 	if in.PodIPs != nil {
 		in, out := &in.PodIPs, &out.PodIPs
 		*out = make([]PodIP, len(*in))
@@ -4121,6 +4179,13 @@ func (in *PodStatus) DeepCopyInto(out *PodStatus) {
 			(*in)[i].DeepCopyInto(&(*out)[i])
 		}
 	}
+	if in.ResourceClaimStatuses != nil {
+		in, out := &in.ResourceClaimStatuses, &out.ResourceClaimStatuses
+		*out = make([]PodResourceClaimStatus, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
 	return
 }
 
diff --git a/vendor/k8s.io/api/discovery/v1/generated.proto b/vendor/k8s.io/api/discovery/v1/generated.proto
index b7150ef2cb..490ce89224 100644
--- a/vendor/k8s.io/api/discovery/v1/generated.proto
+++ b/vendor/k8s.io/api/discovery/v1/generated.proto
@@ -146,6 +146,8 @@ message EndpointPort {
   //
   // * Kubernetes-defined prefixed names:
   //   * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540
+  //   * 'kubernetes.io/ws'  - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455
+  //   * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455
   //
   // * Other protocols should use implementation-defined prefixed names such as
   // mycompany.com/my-custom-protocol.
diff --git a/vendor/k8s.io/api/discovery/v1/types.go b/vendor/k8s.io/api/discovery/v1/types.go
index 9b4daafca9..efbb09918c 100644
--- a/vendor/k8s.io/api/discovery/v1/types.go
+++ b/vendor/k8s.io/api/discovery/v1/types.go
@@ -196,6 +196,8 @@ type EndpointPort struct {
 	//
 	// * Kubernetes-defined prefixed names:
 	//   * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540
+	//   * 'kubernetes.io/ws'  - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455
+	//   * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455
 	//
 	// * Other protocols should use implementation-defined prefixed names such as
 	// mycompany.com/my-custom-protocol.
diff --git a/vendor/k8s.io/api/discovery/v1/types_swagger_doc_generated.go b/vendor/k8s.io/api/discovery/v1/types_swagger_doc_generated.go
index c780c9573d..bef7745398 100644
--- a/vendor/k8s.io/api/discovery/v1/types_swagger_doc_generated.go
+++ b/vendor/k8s.io/api/discovery/v1/types_swagger_doc_generated.go
@@ -68,7 +68,7 @@ var map_EndpointPort = map[string]string{
 	"name":        "name represents the name of this port. All ports in an EndpointSlice must have a unique name. If the EndpointSlice is dervied from a Kubernetes service, this corresponds to the Service.ports[].name. Name must either be an empty string or pass DNS_LABEL validation: * must be no more than 63 characters long. * must consist of lower case alphanumeric characters or '-'. * must start and end with an alphanumeric character. Default is empty string.",
 	"protocol":    "protocol represents the IP protocol for this port. Must be UDP, TCP, or SCTP. Default is TCP.",
 	"port":        "port represents the port number of the endpoint. If this is not specified, ports are not restricted and must be interpreted in the context of the specific consumer.",
-	"appProtocol": "The application protocol for this port. This is used as a hint for implementations to offer richer behavior for protocols that they understand. This field follows standard Kubernetes label syntax. Valid values are either:\n\n* Un-prefixed protocol names - reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names).\n\n* Kubernetes-defined prefixed names:\n  * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540\n\n* Other protocols should use implementation-defined prefixed names such as mycompany.com/my-custom-protocol.",
+	"appProtocol": "The application protocol for this port. This is used as a hint for implementations to offer richer behavior for protocols that they understand. This field follows standard Kubernetes label syntax. Valid values are either:\n\n* Un-prefixed protocol names - reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names).\n\n* Kubernetes-defined prefixed names:\n  * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540\n  * 'kubernetes.io/ws'  - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455\n  * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455\n\n* Other protocols should use implementation-defined prefixed names such as mycompany.com/my-custom-protocol.",
 }
 
 func (EndpointPort) SwaggerDoc() map[string]string {
diff --git a/vendor/k8s.io/api/extensions/v1beta1/generated.pb.go b/vendor/k8s.io/api/extensions/v1beta1/generated.pb.go
index 863ebbc4a7..d967e38106 100644
--- a/vendor/k8s.io/api/extensions/v1beta1/generated.pb.go
+++ b/vendor/k8s.io/api/extensions/v1beta1/generated.pb.go
@@ -1001,38 +1001,10 @@ func (m *NetworkPolicySpec) XXX_DiscardUnknown() {
 
 var xxx_messageInfo_NetworkPolicySpec proto.InternalMessageInfo
 
-func (m *NetworkPolicyStatus) Reset()      { *m = NetworkPolicyStatus{} }
-func (*NetworkPolicyStatus) ProtoMessage() {}
-func (*NetworkPolicyStatus) Descriptor() ([]byte, []int) {
-	return fileDescriptor_cdc93917efc28165, []int{34}
-}
-func (m *NetworkPolicyStatus) XXX_Unmarshal(b []byte) error {
-	return m.Unmarshal(b)
-}
-func (m *NetworkPolicyStatus) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	b = b[:cap(b)]
-	n, err := m.MarshalToSizedBuffer(b)
-	if err != nil {
-		return nil, err
-	}
-	return b[:n], nil
-}
-func (m *NetworkPolicyStatus) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_NetworkPolicyStatus.Merge(m, src)
-}
-func (m *NetworkPolicyStatus) XXX_Size() int {
-	return m.Size()
-}
-func (m *NetworkPolicyStatus) XXX_DiscardUnknown() {
-	xxx_messageInfo_NetworkPolicyStatus.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_NetworkPolicyStatus proto.InternalMessageInfo
-
 func (m *ReplicaSet) Reset()      { *m = ReplicaSet{} }
 func (*ReplicaSet) ProtoMessage() {}
 func (*ReplicaSet) Descriptor() ([]byte, []int) {
-	return fileDescriptor_cdc93917efc28165, []int{35}
+	return fileDescriptor_cdc93917efc28165, []int{34}
 }
 func (m *ReplicaSet) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -1060,7 +1032,7 @@ var xxx_messageInfo_ReplicaSet proto.InternalMessageInfo
 func (m *ReplicaSetCondition) Reset()      { *m = ReplicaSetCondition{} }
 func (*ReplicaSetCondition) ProtoMessage() {}
 func (*ReplicaSetCondition) Descriptor() ([]byte, []int) {
-	return fileDescriptor_cdc93917efc28165, []int{36}
+	return fileDescriptor_cdc93917efc28165, []int{35}
 }
 func (m *ReplicaSetCondition) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -1088,7 +1060,7 @@ var xxx_messageInfo_ReplicaSetCondition proto.InternalMessageInfo
 func (m *ReplicaSetList) Reset()      { *m = ReplicaSetList{} }
 func (*ReplicaSetList) ProtoMessage() {}
 func (*ReplicaSetList) Descriptor() ([]byte, []int) {
-	return fileDescriptor_cdc93917efc28165, []int{37}
+	return fileDescriptor_cdc93917efc28165, []int{36}
 }
 func (m *ReplicaSetList) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -1116,7 +1088,7 @@ var xxx_messageInfo_ReplicaSetList proto.InternalMessageInfo
 func (m *ReplicaSetSpec) Reset()      { *m = ReplicaSetSpec{} }
 func (*ReplicaSetSpec) ProtoMessage() {}
 func (*ReplicaSetSpec) Descriptor() ([]byte, []int) {
-	return fileDescriptor_cdc93917efc28165, []int{38}
+	return fileDescriptor_cdc93917efc28165, []int{37}
 }
 func (m *ReplicaSetSpec) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -1144,7 +1116,7 @@ var xxx_messageInfo_ReplicaSetSpec proto.InternalMessageInfo
 func (m *ReplicaSetStatus) Reset()      { *m = ReplicaSetStatus{} }
 func (*ReplicaSetStatus) ProtoMessage() {}
 func (*ReplicaSetStatus) Descriptor() ([]byte, []int) {
-	return fileDescriptor_cdc93917efc28165, []int{39}
+	return fileDescriptor_cdc93917efc28165, []int{38}
 }
 func (m *ReplicaSetStatus) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -1172,7 +1144,7 @@ var xxx_messageInfo_ReplicaSetStatus proto.InternalMessageInfo
 func (m *RollbackConfig) Reset()      { *m = RollbackConfig{} }
 func (*RollbackConfig) ProtoMessage() {}
 func (*RollbackConfig) Descriptor() ([]byte, []int) {
-	return fileDescriptor_cdc93917efc28165, []int{40}
+	return fileDescriptor_cdc93917efc28165, []int{39}
 }
 func (m *RollbackConfig) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -1200,7 +1172,7 @@ var xxx_messageInfo_RollbackConfig proto.InternalMessageInfo
 func (m *RollingUpdateDaemonSet) Reset()      { *m = RollingUpdateDaemonSet{} }
 func (*RollingUpdateDaemonSet) ProtoMessage() {}
 func (*RollingUpdateDaemonSet) Descriptor() ([]byte, []int) {
-	return fileDescriptor_cdc93917efc28165, []int{41}
+	return fileDescriptor_cdc93917efc28165, []int{40}
 }
 func (m *RollingUpdateDaemonSet) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -1228,7 +1200,7 @@ var xxx_messageInfo_RollingUpdateDaemonSet proto.InternalMessageInfo
 func (m *RollingUpdateDeployment) Reset()      { *m = RollingUpdateDeployment{} }
 func (*RollingUpdateDeployment) ProtoMessage() {}
 func (*RollingUpdateDeployment) Descriptor() ([]byte, []int) {
-	return fileDescriptor_cdc93917efc28165, []int{42}
+	return fileDescriptor_cdc93917efc28165, []int{41}
 }
 func (m *RollingUpdateDeployment) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -1256,7 +1228,7 @@ var xxx_messageInfo_RollingUpdateDeployment proto.InternalMessageInfo
 func (m *Scale) Reset()      { *m = Scale{} }
 func (*Scale) ProtoMessage() {}
 func (*Scale) Descriptor() ([]byte, []int) {
-	return fileDescriptor_cdc93917efc28165, []int{43}
+	return fileDescriptor_cdc93917efc28165, []int{42}
 }
 func (m *Scale) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -1284,7 +1256,7 @@ var xxx_messageInfo_Scale proto.InternalMessageInfo
 func (m *ScaleSpec) Reset()      { *m = ScaleSpec{} }
 func (*ScaleSpec) ProtoMessage() {}
 func (*ScaleSpec) Descriptor() ([]byte, []int) {
-	return fileDescriptor_cdc93917efc28165, []int{44}
+	return fileDescriptor_cdc93917efc28165, []int{43}
 }
 func (m *ScaleSpec) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -1312,7 +1284,7 @@ var xxx_messageInfo_ScaleSpec proto.InternalMessageInfo
 func (m *ScaleStatus) Reset()      { *m = ScaleStatus{} }
 func (*ScaleStatus) ProtoMessage() {}
 func (*ScaleStatus) Descriptor() ([]byte, []int) {
-	return fileDescriptor_cdc93917efc28165, []int{45}
+	return fileDescriptor_cdc93917efc28165, []int{44}
 }
 func (m *ScaleStatus) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -1373,7 +1345,6 @@ func init() {
 	proto.RegisterType((*NetworkPolicyPeer)(nil), "k8s.io.api.extensions.v1beta1.NetworkPolicyPeer")
 	proto.RegisterType((*NetworkPolicyPort)(nil), "k8s.io.api.extensions.v1beta1.NetworkPolicyPort")
 	proto.RegisterType((*NetworkPolicySpec)(nil), "k8s.io.api.extensions.v1beta1.NetworkPolicySpec")
-	proto.RegisterType((*NetworkPolicyStatus)(nil), "k8s.io.api.extensions.v1beta1.NetworkPolicyStatus")
 	proto.RegisterType((*ReplicaSet)(nil), "k8s.io.api.extensions.v1beta1.ReplicaSet")
 	proto.RegisterType((*ReplicaSetCondition)(nil), "k8s.io.api.extensions.v1beta1.ReplicaSetCondition")
 	proto.RegisterType((*ReplicaSetList)(nil), "k8s.io.api.extensions.v1beta1.ReplicaSetList")
@@ -1393,188 +1364,186 @@ func init() {
 }
 
 var fileDescriptor_cdc93917efc28165 = []byte{
-	// 2890 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x5b, 0xcf, 0x6f, 0x24, 0x47,
-	0xf5, 0xdf, 0x9e, 0xf1, 0xd8, 0xe3, 0xe7, 0xb5, 0xbd, 0x5b, 0xeb, 0xac, 0x1d, 0xef, 0x37, 0x76,
-	0xd4, 0x5f, 0x11, 0x36, 0x61, 0x33, 0xc3, 0x6e, 0x92, 0x25, 0x3f, 0xa4, 0x84, 0x1d, 0xef, 0x26,
-	0xeb, 0xc4, 0x1e, 0x4f, 0x6a, 0xc6, 0x09, 0x8a, 0x08, 0xd0, 0xee, 0x29, 0x8f, 0x3b, 0xee, 0xe9,
-	0x1e, 0x75, 0xd7, 0x98, 0x35, 0x27, 0x10, 0x5c, 0x72, 0x82, 0x4b, 0x20, 0x47, 0x10, 0x12, 0x57,
-	0xae, 0x1c, 0x42, 0x04, 0x22, 0x48, 0x2b, 0xc4, 0x21, 0x12, 0x07, 0x72, 0xb2, 0x88, 0x73, 0x42,
-	0xfc, 0x03, 0x68, 0x4f, 0xa8, 0x7e, 0x74, 0xf5, 0x6f, 0xbb, 0xc7, 0x38, 0x16, 0x41, 0x9c, 0x3c,
-	0x5d, 0xef, 0xbd, 0x4f, 0xbd, 0xaa, 0x7a, 0xf5, 0xde, 0xa7, 0xba, 0xda, 0xf0, 0xf2, 0xee, 0xb3,
-	0x7e, 0xcd, 0x72, 0xeb, 0xbb, 0xc3, 0x2d, 0xe2, 0x39, 0x84, 0x12, 0xbf, 0xbe, 0x47, 0x9c, 0xae,
-	0xeb, 0xd5, 0xa5, 0xc0, 0x18, 0x58, 0x75, 0x72, 0x8f, 0x12, 0xc7, 0xb7, 0x5c, 0xc7, 0xaf, 0xef,
-	0x5d, 0xdf, 0x22, 0xd4, 0xb8, 0x5e, 0xef, 0x11, 0x87, 0x78, 0x06, 0x25, 0xdd, 0xda, 0xc0, 0x73,
-	0xa9, 0x8b, 0x1e, 0x11, 0xea, 0x35, 0x63, 0x60, 0xd5, 0x42, 0xf5, 0x9a, 0x54, 0x5f, 0x7c, 0xb2,
-	0x67, 0xd1, 0x9d, 0xe1, 0x56, 0xcd, 0x74, 0xfb, 0xf5, 0x9e, 0xdb, 0x73, 0xeb, 0xdc, 0x6a, 0x6b,
-	0xb8, 0xcd, 0x9f, 0xf8, 0x03, 0xff, 0x25, 0xd0, 0x16, 0xf5, 0x48, 0xe7, 0xa6, 0xeb, 0x91, 0xfa,
-	0x5e, 0xaa, 0xc7, 0xc5, 0xa7, 0x43, 0x9d, 0xbe, 0x61, 0xee, 0x58, 0x0e, 0xf1, 0xf6, 0xeb, 0x83,
-	0xdd, 0x1e, 0x6b, 0xf0, 0xeb, 0x7d, 0x42, 0x8d, 0x2c, 0xab, 0x7a, 0x9e, 0x95, 0x37, 0x74, 0xa8,
-	0xd5, 0x27, 0x29, 0x83, 0x9b, 0xc7, 0x19, 0xf8, 0xe6, 0x0e, 0xe9, 0x1b, 0x29, 0xbb, 0xa7, 0xf2,
-	0xec, 0x86, 0xd4, 0xb2, 0xeb, 0x96, 0x43, 0x7d, 0xea, 0x25, 0x8d, 0xf4, 0xf7, 0x4a, 0x30, 0x79,
-	0xdb, 0x20, 0x7d, 0xd7, 0x69, 0x13, 0x8a, 0xbe, 0x03, 0x55, 0x36, 0x8c, 0xae, 0x41, 0x8d, 0x05,
-	0xed, 0x51, 0xed, 0xea, 0xd4, 0x8d, 0xaf, 0xd6, 0xc2, 0x69, 0x56, 0xa8, 0xb5, 0xc1, 0x6e, 0x8f,
-	0x35, 0xf8, 0x35, 0xa6, 0x5d, 0xdb, 0xbb, 0x5e, 0xdb, 0xd8, 0x7a, 0x87, 0x98, 0x74, 0x9d, 0x50,
-	0xa3, 0x81, 0xee, 0x1f, 0x2c, 0x9f, 0x3b, 0x3c, 0x58, 0x86, 0xb0, 0x0d, 0x2b, 0x54, 0xd4, 0x84,
-	0x31, 0x7f, 0x40, 0xcc, 0x85, 0x12, 0x47, 0xbf, 0x56, 0x3b, 0x72, 0x11, 0x6b, 0xca, 0xb3, 0xf6,
-	0x80, 0x98, 0x8d, 0xf3, 0x12, 0x79, 0x8c, 0x3d, 0x61, 0x8e, 0x83, 0xde, 0x80, 0x71, 0x9f, 0x1a,
-	0x74, 0xe8, 0x2f, 0x94, 0x39, 0x62, 0xad, 0x30, 0x22, 0xb7, 0x6a, 0xcc, 0x48, 0xcc, 0x71, 0xf1,
-	0x8c, 0x25, 0x9a, 0xfe, 0xf7, 0x12, 0x20, 0xa5, 0xbb, 0xe2, 0x3a, 0x5d, 0x8b, 0x5a, 0xae, 0x83,
-	0x9e, 0x87, 0x31, 0xba, 0x3f, 0x20, 0x7c, 0x72, 0x26, 0x1b, 0x8f, 0x05, 0x0e, 0x75, 0xf6, 0x07,
-	0xe4, 0xc1, 0xc1, 0xf2, 0xe5, 0xb4, 0x05, 0x93, 0x60, 0x6e, 0x83, 0xd6, 0x94, 0xab, 0x25, 0x6e,
-	0xfd, 0x74, 0xbc, 0xeb, 0x07, 0x07, 0xcb, 0x19, 0x41, 0x58, 0x53, 0x48, 0x71, 0x07, 0xd1, 0x1e,
-	0x20, 0xdb, 0xf0, 0x69, 0xc7, 0x33, 0x1c, 0x5f, 0xf4, 0x64, 0xf5, 0x89, 0x9c, 0x84, 0x27, 0x8a,
-	0x2d, 0x1a, 0xb3, 0x68, 0x2c, 0x4a, 0x2f, 0xd0, 0x5a, 0x0a, 0x0d, 0x67, 0xf4, 0x80, 0x1e, 0x83,
-	0x71, 0x8f, 0x18, 0xbe, 0xeb, 0x2c, 0x8c, 0xf1, 0x51, 0xa8, 0x09, 0xc4, 0xbc, 0x15, 0x4b, 0x29,
-	0x7a, 0x1c, 0x26, 0xfa, 0xc4, 0xf7, 0x8d, 0x1e, 0x59, 0xa8, 0x70, 0xc5, 0x59, 0xa9, 0x38, 0xb1,
-	0x2e, 0x9a, 0x71, 0x20, 0xd7, 0x3f, 0xd0, 0x60, 0x5a, 0xcd, 0xdc, 0x9a, 0xe5, 0x53, 0xf4, 0xcd,
-	0x54, 0x1c, 0xd6, 0x8a, 0x0d, 0x89, 0x59, 0xf3, 0x28, 0xbc, 0x20, 0x7b, 0xab, 0x06, 0x2d, 0x91,
-	0x18, 0x5c, 0x87, 0x8a, 0x45, 0x49, 0x9f, 0xad, 0x43, 0xf9, 0xea, 0xd4, 0x8d, 0xab, 0x45, 0x43,
-	0xa6, 0x31, 0x2d, 0x41, 0x2b, 0xab, 0xcc, 0x1c, 0x0b, 0x14, 0xfd, 0xa7, 0x63, 0x11, 0xf7, 0x59,
-	0x68, 0xa2, 0xb7, 0xa1, 0xea, 0x13, 0x9b, 0x98, 0xd4, 0xf5, 0xa4, 0xfb, 0x4f, 0x15, 0x74, 0xdf,
-	0xd8, 0x22, 0x76, 0x5b, 0x9a, 0x36, 0xce, 0x33, 0xff, 0x83, 0x27, 0xac, 0x20, 0xd1, 0xeb, 0x50,
-	0xa5, 0xa4, 0x3f, 0xb0, 0x0d, 0x4a, 0xe4, 0x3e, 0xfa, 0xff, 0xe8, 0x10, 0x58, 0xe4, 0x30, 0xb0,
-	0x96, 0xdb, 0xed, 0x48, 0x35, 0xbe, 0x7d, 0xd4, 0x94, 0x04, 0xad, 0x58, 0xc1, 0xa0, 0x3d, 0x98,
-	0x19, 0x0e, 0xba, 0x4c, 0x93, 0xb2, 0xec, 0xd0, 0xdb, 0x97, 0x91, 0x74, 0xb3, 0xe8, 0xdc, 0x6c,
-	0xc6, 0xac, 0x1b, 0x97, 0x65, 0x5f, 0x33, 0xf1, 0x76, 0x9c, 0xe8, 0x05, 0xdd, 0x82, 0xd9, 0xbe,
-	0xe5, 0x60, 0x62, 0x74, 0xf7, 0xdb, 0xc4, 0x74, 0x9d, 0xae, 0xcf, 0xc3, 0xaa, 0xd2, 0x98, 0x97,
-	0x00, 0xb3, 0xeb, 0x71, 0x31, 0x4e, 0xea, 0xa3, 0x57, 0x01, 0x05, 0xc3, 0x78, 0x45, 0x24, 0x37,
-	0xcb, 0x75, 0x78, 0xcc, 0x95, 0xc3, 0xe0, 0xee, 0xa4, 0x34, 0x70, 0x86, 0x15, 0x5a, 0x83, 0x39,
-	0x8f, 0xec, 0x59, 0x6c, 0x8c, 0x77, 0x2d, 0x9f, 0xba, 0xde, 0xfe, 0x9a, 0xd5, 0xb7, 0xe8, 0xc2,
-	0x38, 0xf7, 0x69, 0xe1, 0xf0, 0x60, 0x79, 0x0e, 0x67, 0xc8, 0x71, 0xa6, 0x95, 0xfe, 0xb3, 0x71,
-	0x98, 0x4d, 0xe4, 0x1b, 0xf4, 0x06, 0x5c, 0x36, 0x87, 0x9e, 0x47, 0x1c, 0xda, 0x1c, 0xf6, 0xb7,
-	0x88, 0xd7, 0x36, 0x77, 0x48, 0x77, 0x68, 0x93, 0x2e, 0x0f, 0x94, 0x4a, 0x63, 0x49, 0x7a, 0x7c,
-	0x79, 0x25, 0x53, 0x0b, 0xe7, 0x58, 0xb3, 0x59, 0x70, 0x78, 0xd3, 0xba, 0xe5, 0xfb, 0x0a, 0xb3,
-	0xc4, 0x31, 0xd5, 0x2c, 0x34, 0x53, 0x1a, 0x38, 0xc3, 0x8a, 0xf9, 0xd8, 0x25, 0xbe, 0xe5, 0x91,
-	0x6e, 0xd2, 0xc7, 0x72, 0xdc, 0xc7, 0xdb, 0x99, 0x5a, 0x38, 0xc7, 0x1a, 0x3d, 0x03, 0x53, 0xa2,
-	0x37, 0xbe, 0x7e, 0x72, 0xa1, 0x2f, 0x49, 0xb0, 0xa9, 0x66, 0x28, 0xc2, 0x51, 0x3d, 0x36, 0x34,
-	0x77, 0xcb, 0x27, 0xde, 0x1e, 0xe9, 0xe6, 0x2f, 0xf0, 0x46, 0x4a, 0x03, 0x67, 0x58, 0xb1, 0xa1,
-	0x89, 0x08, 0x4c, 0x0d, 0x6d, 0x3c, 0x3e, 0xb4, 0xcd, 0x4c, 0x2d, 0x9c, 0x63, 0xcd, 0xe2, 0x58,
-	0xb8, 0x7c, 0x6b, 0xcf, 0xb0, 0x6c, 0x63, 0xcb, 0x26, 0x0b, 0x13, 0xf1, 0x38, 0x6e, 0xc6, 0xc5,
-	0x38, 0xa9, 0x8f, 0x5e, 0x81, 0x8b, 0xa2, 0x69, 0xd3, 0x31, 0x14, 0x48, 0x95, 0x83, 0x3c, 0x2c,
-	0x41, 0x2e, 0x36, 0x93, 0x0a, 0x38, 0x6d, 0x83, 0x9e, 0x87, 0x19, 0xd3, 0xb5, 0x6d, 0x1e, 0x8f,
-	0x2b, 0xee, 0xd0, 0xa1, 0x0b, 0x93, 0x1c, 0x05, 0xb1, 0xfd, 0xb8, 0x12, 0x93, 0xe0, 0x84, 0x26,
-	0x22, 0x00, 0x66, 0x50, 0x70, 0xfc, 0x05, 0xe0, 0xf9, 0xf1, 0x7a, 0xd1, 0x1c, 0xa0, 0x4a, 0x55,
-	0xc8, 0x01, 0x54, 0x93, 0x8f, 0x23, 0xc0, 0xfa, 0x9f, 0x34, 0x98, 0xcf, 0x49, 0x1d, 0xe8, 0xa5,
-	0x58, 0x89, 0xfd, 0x4a, 0xa2, 0xc4, 0x5e, 0xc9, 0x31, 0x8b, 0xd4, 0x59, 0x07, 0xa6, 0x3d, 0x36,
-	0x2a, 0xa7, 0x27, 0x54, 0x64, 0x8e, 0x7c, 0xe6, 0x98, 0x61, 0xe0, 0xa8, 0x4d, 0x98, 0xf3, 0x2f,
-	0x1e, 0x1e, 0x2c, 0x4f, 0xc7, 0x64, 0x38, 0x0e, 0xaf, 0xbf, 0x5f, 0x02, 0xb8, 0x4d, 0x06, 0xb6,
-	0xbb, 0xdf, 0x27, 0xce, 0x59, 0x70, 0xa8, 0x8d, 0x18, 0x87, 0x7a, 0xf2, 0xb8, 0xe5, 0x51, 0xae,
-	0xe5, 0x92, 0xa8, 0x37, 0x13, 0x24, 0xaa, 0x5e, 0x1c, 0xf2, 0x68, 0x16, 0xf5, 0xd7, 0x32, 0x5c,
-	0x0a, 0x95, 0x43, 0x1a, 0xf5, 0x42, 0x6c, 0x8d, 0xbf, 0x9c, 0x58, 0xe3, 0xf9, 0x0c, 0x93, 0xcf,
-	0x8d, 0x47, 0xbd, 0x03, 0x33, 0x8c, 0xe5, 0x88, 0xb5, 0xe4, 0x1c, 0x6a, 0x7c, 0x64, 0x0e, 0xa5,
-	0xaa, 0xdd, 0x5a, 0x0c, 0x09, 0x27, 0x90, 0x73, 0x38, 0xdb, 0xc4, 0x17, 0x91, 0xb3, 0x7d, 0xa8,
-	0xc1, 0x4c, 0xb8, 0x4c, 0x67, 0x40, 0xda, 0x9a, 0x71, 0xd2, 0xf6, 0x78, 0xe1, 0x10, 0xcd, 0x61,
-	0x6d, 0xff, 0x64, 0x04, 0x5f, 0x29, 0xb1, 0x0d, 0xbe, 0x65, 0x98, 0xbb, 0xe8, 0x51, 0x18, 0x73,
-	0x8c, 0x7e, 0x10, 0x99, 0x6a, 0xb3, 0x34, 0x8d, 0x3e, 0xc1, 0x5c, 0x82, 0xde, 0xd3, 0x00, 0xc9,
-	0x2a, 0x70, 0xcb, 0x71, 0x5c, 0x6a, 0x88, 0x5c, 0x29, 0xdc, 0x5a, 0x2d, 0xec, 0x56, 0xd0, 0x63,
-	0x6d, 0x33, 0x85, 0x75, 0xc7, 0xa1, 0xde, 0x7e, 0xb8, 0xc8, 0x69, 0x05, 0x9c, 0xe1, 0x00, 0x32,
-	0x00, 0x3c, 0x89, 0xd9, 0x71, 0xe5, 0x46, 0x7e, 0xb2, 0x40, 0xce, 0x63, 0x06, 0x2b, 0xae, 0xb3,
-	0x6d, 0xf5, 0xc2, 0xb4, 0x83, 0x15, 0x10, 0x8e, 0x80, 0x2e, 0xde, 0x81, 0xf9, 0x1c, 0x6f, 0xd1,
-	0x05, 0x28, 0xef, 0x92, 0x7d, 0x31, 0x6d, 0x98, 0xfd, 0x44, 0x73, 0x50, 0xd9, 0x33, 0xec, 0xa1,
-	0x48, 0xbf, 0x93, 0x58, 0x3c, 0x3c, 0x5f, 0x7a, 0x56, 0xd3, 0x3f, 0xa8, 0x44, 0x63, 0x87, 0x33,
-	0xe6, 0xab, 0x50, 0xf5, 0xc8, 0xc0, 0xb6, 0x4c, 0xc3, 0x97, 0x44, 0x88, 0x93, 0x5f, 0x2c, 0xdb,
-	0xb0, 0x92, 0xc6, 0xb8, 0x75, 0xe9, 0xf3, 0xe5, 0xd6, 0xe5, 0xd3, 0xe1, 0xd6, 0xdf, 0x86, 0xaa,
-	0x1f, 0xb0, 0xea, 0x31, 0x0e, 0x79, 0x7d, 0x84, 0xfc, 0x2a, 0x09, 0xb5, 0xea, 0x40, 0x51, 0x69,
-	0x05, 0x9a, 0x45, 0xa2, 0x2b, 0x23, 0x92, 0xe8, 0x53, 0x25, 0xbe, 0x2c, 0xdf, 0x0c, 0x8c, 0xa1,
-	0x4f, 0xba, 0x3c, 0xb7, 0x55, 0xc3, 0x7c, 0xd3, 0xe2, 0xad, 0x58, 0x4a, 0xd1, 0xdb, 0xb1, 0x90,
-	0xad, 0x9e, 0x24, 0x64, 0x67, 0xf2, 0xc3, 0x15, 0x6d, 0xc2, 0xfc, 0xc0, 0x73, 0x7b, 0x1e, 0xf1,
-	0xfd, 0xdb, 0xc4, 0xe8, 0xda, 0x96, 0x43, 0x82, 0xf9, 0x11, 0x8c, 0xe8, 0xca, 0xe1, 0xc1, 0xf2,
-	0x7c, 0x2b, 0x5b, 0x05, 0xe7, 0xd9, 0xea, 0xf7, 0xc7, 0xe0, 0x42, 0xb2, 0x02, 0xe6, 0x90, 0x54,
-	0xed, 0x44, 0x24, 0xf5, 0x5a, 0x64, 0x33, 0x08, 0x06, 0xaf, 0x56, 0x3f, 0x63, 0x43, 0xdc, 0x82,
-	0x59, 0x99, 0x0d, 0x02, 0xa1, 0xa4, 0xe9, 0x6a, 0xf5, 0x37, 0xe3, 0x62, 0x9c, 0xd4, 0x47, 0x2f,
-	0xc0, 0xb4, 0xc7, 0x79, 0x77, 0x00, 0x20, 0xb8, 0xeb, 0x43, 0x12, 0x60, 0x1a, 0x47, 0x85, 0x38,
-	0xae, 0xcb, 0x78, 0x6b, 0x48, 0x47, 0x03, 0x80, 0xb1, 0x38, 0x6f, 0xbd, 0x95, 0x54, 0xc0, 0x69,
-	0x1b, 0xb4, 0x0e, 0x97, 0x86, 0x4e, 0x1a, 0x4a, 0x84, 0xf2, 0x15, 0x09, 0x75, 0x69, 0x33, 0xad,
-	0x82, 0xb3, 0xec, 0xd0, 0x76, 0x8c, 0xca, 0x8e, 0xf3, 0xf4, 0x7c, 0xa3, 0xf0, 0xc6, 0x2b, 0xcc,
-	0x65, 0x33, 0xe8, 0x76, 0xb5, 0x28, 0xdd, 0xd6, 0x7f, 0xaf, 0x45, 0x8b, 0x90, 0xa2, 0xc0, 0xc7,
-	0xbd, 0x65, 0x4a, 0x59, 0x44, 0xd8, 0x91, 0x9b, 0xcd, 0x7e, 0x6f, 0x8e, 0xc4, 0x7e, 0xc3, 0xe2,
-	0x79, 0x3c, 0xfd, 0xfd, 0x83, 0x06, 0xb3, 0x77, 0x3b, 0x9d, 0xd6, 0xaa, 0xc3, 0x77, 0x4b, 0xcb,
-	0xa0, 0x3b, 0xac, 0x8a, 0x0e, 0x0c, 0xba, 0x93, 0xac, 0xa2, 0x4c, 0x86, 0xb9, 0x04, 0x3d, 0x0d,
-	0x55, 0xf6, 0x97, 0x39, 0xce, 0xc3, 0x75, 0x92, 0x27, 0x99, 0x6a, 0x4b, 0xb6, 0x3d, 0x88, 0xfc,
-	0xc6, 0x4a, 0x13, 0x7d, 0x03, 0x26, 0xd8, 0xde, 0x26, 0x4e, 0xb7, 0x20, 0xf9, 0x95, 0x4e, 0x35,
-	0x84, 0x51, 0xc8, 0x67, 0x64, 0x03, 0x0e, 0xe0, 0xf4, 0x5d, 0x98, 0x8b, 0x0c, 0x02, 0x0f, 0x6d,
-	0xf2, 0x06, 0xab, 0x57, 0xa8, 0x0d, 0x15, 0xd6, 0x3b, 0xab, 0x4a, 0xe5, 0x02, 0xaf, 0x17, 0x13,
-	0x13, 0x11, 0x72, 0x0f, 0xf6, 0xe4, 0x63, 0x81, 0xa5, 0x6f, 0xc0, 0xc4, 0x6a, 0xab, 0x61, 0xbb,
-	0x82, 0x6f, 0x98, 0x56, 0xd7, 0x4b, 0xce, 0xd4, 0xca, 0xea, 0x6d, 0x8c, 0xb9, 0x04, 0xe9, 0x30,
-	0x4e, 0xee, 0x99, 0x64, 0x40, 0x39, 0xc5, 0x98, 0x6c, 0x00, 0x4b, 0xa4, 0x77, 0x78, 0x0b, 0x96,
-	0x12, 0xfd, 0xc7, 0x25, 0x98, 0x90, 0xdd, 0x9e, 0xc1, 0xf9, 0x63, 0x2d, 0x76, 0xfe, 0x78, 0xa2,
-	0xd8, 0x12, 0xe4, 0x1e, 0x3e, 0x3a, 0x89, 0xc3, 0xc7, 0xb5, 0x82, 0x78, 0x47, 0x9f, 0x3c, 0xde,
-	0x2d, 0xc1, 0x4c, 0x7c, 0xf1, 0xd1, 0x33, 0x30, 0xc5, 0x52, 0xad, 0x65, 0x92, 0x66, 0xc8, 0xf0,
-	0xd4, 0xeb, 0x87, 0x76, 0x28, 0xc2, 0x51, 0x3d, 0xd4, 0x53, 0x66, 0x2d, 0xd7, 0xa3, 0x72, 0xd0,
-	0xf9, 0x53, 0x3a, 0xa4, 0x96, 0x5d, 0x13, 0x2f, 0xdb, 0x6b, 0xab, 0x0e, 0xdd, 0xf0, 0xda, 0xd4,
-	0xb3, 0x9c, 0x5e, 0xaa, 0x23, 0x06, 0x86, 0xa3, 0xc8, 0xe8, 0x4d, 0x96, 0xf6, 0x7d, 0x77, 0xe8,
-	0x99, 0x24, 0x8b, 0xbe, 0x05, 0xd4, 0x83, 0x6d, 0x84, 0xee, 0x9a, 0x6b, 0x1a, 0xb6, 0x58, 0x1c,
-	0x4c, 0xb6, 0x89, 0x47, 0x1c, 0x93, 0x04, 0x94, 0x49, 0x40, 0x60, 0x05, 0xa6, 0xff, 0x46, 0x83,
-	0x29, 0x39, 0x17, 0x67, 0x40, 0xd4, 0x5f, 0x8b, 0x13, 0xf5, 0xc7, 0x0a, 0xee, 0xd0, 0x6c, 0x96,
-	0xfe, 0x5b, 0x0d, 0x16, 0x03, 0xd7, 0x5d, 0xa3, 0xdb, 0x30, 0x6c, 0xc3, 0x31, 0x89, 0x17, 0xc4,
-	0xfa, 0x22, 0x94, 0xac, 0x81, 0x5c, 0x49, 0x90, 0x00, 0xa5, 0xd5, 0x16, 0x2e, 0x59, 0x03, 0x56,
-	0x45, 0x77, 0x5c, 0x9f, 0x72, 0x36, 0x2f, 0x0e, 0x8a, 0xca, 0xeb, 0xbb, 0xb2, 0x1d, 0x2b, 0x0d,
-	0xb4, 0x09, 0x95, 0x81, 0xeb, 0x51, 0x56, 0xb9, 0xca, 0x89, 0xf5, 0x3d, 0xc2, 0x6b, 0xb6, 0x6e,
-	0x32, 0x10, 0xc3, 0x9d, 0xce, 0x60, 0xb0, 0x40, 0xd3, 0x7f, 0xa0, 0xc1, 0xc3, 0x19, 0xfe, 0x4b,
-	0xd2, 0xd0, 0x85, 0x09, 0x4b, 0x08, 0x65, 0x7a, 0x79, 0xae, 0x58, 0xb7, 0x19, 0x53, 0x11, 0xa6,
-	0xb6, 0x20, 0x85, 0x05, 0xd0, 0xfa, 0x2f, 0x35, 0xb8, 0x98, 0xf2, 0x97, 0xa7, 0x68, 0x16, 0xcf,
-	0x92, 0x6d, 0xab, 0x14, 0xcd, 0xc2, 0x92, 0x4b, 0xd0, 0x6b, 0x50, 0xe5, 0x77, 0x44, 0xa6, 0x6b,
-	0xcb, 0x09, 0xac, 0x07, 0x13, 0xd8, 0x92, 0xed, 0x0f, 0x0e, 0x96, 0xaf, 0x64, 0x9c, 0xb5, 0x03,
-	0x31, 0x56, 0x00, 0x68, 0x19, 0x2a, 0xc4, 0xf3, 0x5c, 0x4f, 0x26, 0xfb, 0x49, 0x36, 0x53, 0x77,
-	0x58, 0x03, 0x16, 0xed, 0xfa, 0xaf, 0xc2, 0x20, 0x65, 0xd9, 0x97, 0xf9, 0xc7, 0x16, 0x27, 0x99,
-	0x18, 0xd9, 0xd2, 0x61, 0x2e, 0x41, 0x43, 0xb8, 0x60, 0x25, 0xd2, 0xb5, 0xdc, 0x9d, 0xf5, 0x62,
-	0xd3, 0xa8, 0xcc, 0x1a, 0x0b, 0x12, 0xfe, 0x42, 0x52, 0x82, 0x53, 0x5d, 0xe8, 0x04, 0x52, 0x5a,
-	0xe8, 0x75, 0x18, 0xdb, 0xa1, 0x74, 0x90, 0xf1, 0xb2, 0xff, 0x98, 0x22, 0x11, 0xba, 0x50, 0xe5,
-	0xa3, 0xeb, 0x74, 0x5a, 0x98, 0x43, 0xe9, 0xbf, 0x2b, 0xa9, 0xf9, 0xe0, 0x27, 0xa4, 0xaf, 0xab,
-	0xd1, 0xae, 0xd8, 0x86, 0xef, 0xf3, 0x14, 0x26, 0x4e, 0xf3, 0x73, 0x11, 0xc7, 0x95, 0x0c, 0xa7,
-	0xb4, 0x51, 0x27, 0x2c, 0x9e, 0xda, 0x49, 0x8a, 0xe7, 0x54, 0x56, 0xe1, 0x44, 0x77, 0xa1, 0x4c,
-	0xed, 0xa2, 0xa7, 0x72, 0x89, 0xd8, 0x59, 0x6b, 0x37, 0xa6, 0xe4, 0x94, 0x97, 0x3b, 0x6b, 0x6d,
-	0xcc, 0x20, 0xd0, 0x06, 0x54, 0xbc, 0xa1, 0x4d, 0x58, 0x1d, 0x28, 0x17, 0xaf, 0x2b, 0x6c, 0x06,
-	0xc3, 0xcd, 0xc7, 0x9e, 0x7c, 0x2c, 0x70, 0xf4, 0x1f, 0x6a, 0x30, 0x1d, 0xab, 0x16, 0xc8, 0x83,
-	0xf3, 0x76, 0x64, 0xef, 0xc8, 0x79, 0x78, 0x76, 0xf4, 0x5d, 0x27, 0x37, 0xfd, 0x9c, 0xec, 0xf7,
-	0x7c, 0x54, 0x86, 0x63, 0x7d, 0xe8, 0x06, 0x40, 0x38, 0x6c, 0xb6, 0x0f, 0x58, 0xf0, 0x8a, 0x0d,
-	0x2f, 0xf7, 0x01, 0x8b, 0x69, 0x1f, 0x8b, 0x76, 0x74, 0x03, 0xc0, 0x27, 0xa6, 0x47, 0x68, 0x33,
-	0x4c, 0x5c, 0xaa, 0x1c, 0xb7, 0x95, 0x04, 0x47, 0xb4, 0xf4, 0x5f, 0x94, 0x60, 0xba, 0x49, 0xe8,
-	0x77, 0x5d, 0x6f, 0xb7, 0xe5, 0xda, 0x96, 0xb9, 0x7f, 0x06, 0x24, 0x00, 0xc7, 0x48, 0xc0, 0x71,
-	0xf9, 0x32, 0xe6, 0x5d, 0x2e, 0x15, 0x78, 0x2b, 0x41, 0x05, 0x6e, 0x8c, 0x84, 0x7a, 0x34, 0x21,
-	0xf8, 0x50, 0x83, 0xf9, 0x98, 0xfe, 0x9d, 0x30, 0xd7, 0xa8, 0xe4, 0xaf, 0x15, 0x4a, 0xfe, 0x31,
-	0x18, 0x96, 0x30, 0xb3, 0x93, 0x3f, 0x5a, 0x83, 0x12, 0x75, 0xe5, 0xce, 0x18, 0x0d, 0x93, 0x10,
-	0x2f, 0xac, 0x67, 0x1d, 0x17, 0x97, 0xa8, 0xab, 0xff, 0x51, 0x83, 0x85, 0x98, 0x56, 0x34, 0x5b,
-	0x7e, 0x4e, 0x23, 0xc0, 0x30, 0xb6, 0xed, 0xb9, 0xfd, 0x13, 0x8f, 0x41, 0x2d, 0xf2, 0xcb, 0x9e,
-	0xdb, 0xc7, 0x1c, 0x4b, 0xff, 0x48, 0x83, 0x8b, 0x31, 0xcd, 0x33, 0xe0, 0x24, 0xaf, 0xc7, 0x39,
-	0xc9, 0xb5, 0x51, 0x06, 0x92, 0xc3, 0x4c, 0x3e, 0x2a, 0x25, 0x86, 0xc1, 0x06, 0x8c, 0xb6, 0x61,
-	0x6a, 0xe0, 0x76, 0xdb, 0xa7, 0x70, 0xf9, 0x3b, 0xcb, 0xb8, 0x62, 0x2b, 0xc4, 0xc2, 0x51, 0x60,
-	0x74, 0x0f, 0x2e, 0x32, 0xda, 0xe2, 0x0f, 0x0c, 0x93, 0xb4, 0x4f, 0xe1, 0x75, 0xd8, 0x43, 0xfc,
-	0x76, 0x29, 0x89, 0x88, 0xd3, 0x9d, 0xa0, 0x75, 0x98, 0xb0, 0x06, 0xfc, 0xec, 0x22, 0x37, 0xe9,
-	0xb1, 0x04, 0x4f, 0x9c, 0x74, 0x44, 0xf9, 0x90, 0x0f, 0x38, 0xc0, 0xd0, 0xff, 0x92, 0x8c, 0x06,
-	0x4e, 0x85, 0x5f, 0x89, 0x50, 0x0f, 0x79, 0x0f, 0x74, 0x32, 0xda, 0xd1, 0x94, 0x2c, 0xe7, 0xa4,
-	0xac, 0xbd, 0x9a, 0xe0, 0x44, 0x5f, 0x82, 0x09, 0xe2, 0x74, 0xf9, 0x41, 0x40, 0xbc, 0x64, 0xe1,
-	0xa3, 0xba, 0x23, 0x9a, 0x70, 0x20, 0xd3, 0x7f, 0x54, 0x4e, 0x8c, 0x8a, 0x97, 0xf0, 0x77, 0x4e,
-	0x2d, 0x38, 0xd4, 0x61, 0x22, 0x37, 0x40, 0xb6, 0x42, 0x6a, 0x29, 0x62, 0xfe, 0x6b, 0xa3, 0xc4,
-	0x7c, 0xb4, 0xb6, 0xe6, 0x12, 0x4b, 0xf4, 0x2d, 0x18, 0x27, 0xa2, 0x0b, 0x51, 0xb1, 0x6f, 0x8e,
-	0xd2, 0x45, 0x98, 0x7e, 0xc3, 0x94, 0x2d, 0xdb, 0x24, 0x2a, 0x7a, 0x89, 0xcd, 0x17, 0xd3, 0x65,
-	0x47, 0x1e, 0xc1, 0xcc, 0x27, 0x1b, 0x8f, 0x88, 0x61, 0xab, 0xe6, 0x07, 0x07, 0xcb, 0x10, 0x3e,
-	0xe2, 0xa8, 0x85, 0xfe, 0x3d, 0xb8, 0x94, 0x51, 0x22, 0x90, 0x19, 0x7b, 0x33, 0x24, 0x32, 0x66,
-	0xbd, 0xd8, 0x32, 0x14, 0xbf, 0xe2, 0x7c, 0xbf, 0x04, 0x20, 0xdf, 0x45, 0x9d, 0xcd, 0x97, 0x55,
-	0xa3, 0xdd, 0x0a, 0x86, 0xae, 0x9d, 0xda, 0xad, 0x60, 0x04, 0xf2, 0xe8, 0x52, 0xfc, 0x8f, 0x12,
-	0x5c, 0x0a, 0x95, 0x0b, 0xdf, 0x0a, 0x66, 0x98, 0xfc, 0xef, 0xeb, 0xaa, 0x62, 0x37, 0x75, 0xe1,
-	0xd4, 0xfd, 0xe7, 0xdd, 0xd4, 0x85, 0xbe, 0xe5, 0x54, 0xda, 0x5f, 0x97, 0xa2, 0x03, 0x18, 0xf1,
-	0xba, 0xe8, 0x14, 0x3e, 0x30, 0xfa, 0xc2, 0xdd, 0x38, 0xe9, 0x7f, 0x2e, 0xc3, 0x85, 0xe4, 0x6e,
-	0x8c, 0xdd, 0x2a, 0x68, 0xc7, 0xde, 0x2a, 0xb4, 0x60, 0x6e, 0x7b, 0x68, 0xdb, 0xfb, 0x7c, 0x0c,
-	0x91, 0xab, 0x05, 0x71, 0x1f, 0xf1, 0x7f, 0xd2, 0x72, 0xee, 0xe5, 0x0c, 0x1d, 0x9c, 0x69, 0x99,
-	0xbe, 0x64, 0x18, 0xfb, 0x77, 0x2f, 0x19, 0x2a, 0x27, 0xb8, 0x64, 0xc8, 0xbe, 0xa7, 0x29, 0x9f,
-	0xe8, 0x9e, 0xe6, 0x24, 0x37, 0x0c, 0x19, 0x49, 0xec, 0xd8, 0x52, 0xf2, 0x22, 0xcc, 0xc4, 0x6f,
-	0xbd, 0xc4, 0x5a, 0x8a, 0x8b, 0x37, 0x79, 0xc7, 0x14, 0x59, 0x4b, 0xd1, 0x8e, 0x95, 0x86, 0x7e,
-	0xa8, 0xc1, 0xe5, 0xec, 0xaf, 0x5b, 0x90, 0x0d, 0x33, 0x7d, 0xe3, 0x5e, 0xf4, 0x8b, 0x23, 0xed,
-	0x84, 0x4c, 0x89, 0x5f, 0x77, 0xac, 0xc7, 0xb0, 0x70, 0x02, 0x1b, 0xbd, 0x05, 0xd5, 0xbe, 0x71,
-	0xaf, 0x3d, 0xf4, 0x7a, 0xe4, 0xc4, 0x8c, 0x8c, 0x6f, 0xa3, 0x75, 0x89, 0x82, 0x15, 0x9e, 0xfe,
-	0x99, 0x06, 0xf3, 0x39, 0x97, 0x18, 0xff, 0x45, 0xa3, 0x7c, 0xb7, 0x04, 0x95, 0xb6, 0x69, 0xd8,
-	0xe4, 0x0c, 0x08, 0xc5, 0xab, 0x31, 0x42, 0x71, 0xdc, 0x57, 0xb2, 0xdc, 0xab, 0x5c, 0x2e, 0x81,
-	0x13, 0x5c, 0xe2, 0x89, 0x42, 0x68, 0x47, 0xd3, 0x88, 0xe7, 0x60, 0x52, 0x75, 0x3a, 0x5a, 0x76,
-	0xd3, 0x7f, 0x5e, 0x82, 0xa9, 0x48, 0x17, 0x23, 0xe6, 0xc6, 0xed, 0x58, 0x41, 0x28, 0x17, 0x78,
-	0x83, 0x14, 0xe9, 0xab, 0x16, 0x94, 0x00, 0xf1, 0x95, 0x47, 0x78, 0xaf, 0x9f, 0xae, 0x0c, 0x2f,
-	0xc2, 0x0c, 0x35, 0xbc, 0x1e, 0xa1, 0xea, 0xc8, 0x20, 0x5e, 0x9e, 0xaa, 0xcf, 0x8d, 0x3a, 0x31,
-	0x29, 0x4e, 0x68, 0x2f, 0xbe, 0x00, 0xd3, 0xb1, 0xce, 0x46, 0xf9, 0x48, 0xa3, 0xb1, 0x72, 0xff,
-	0xd3, 0xa5, 0x73, 0x1f, 0x7f, 0xba, 0x74, 0xee, 0x93, 0x4f, 0x97, 0xce, 0x7d, 0xff, 0x70, 0x49,
-	0xbb, 0x7f, 0xb8, 0xa4, 0x7d, 0x7c, 0xb8, 0xa4, 0x7d, 0x72, 0xb8, 0xa4, 0xfd, 0xed, 0x70, 0x49,
-	0xfb, 0xc9, 0x67, 0x4b, 0xe7, 0xde, 0x7a, 0xe4, 0xc8, 0xff, 0xd9, 0xf8, 0x57, 0x00, 0x00, 0x00,
-	0xff, 0xff, 0x39, 0x36, 0x95, 0x55, 0xec, 0x31, 0x00, 0x00,
+	// 2858 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x5b, 0xcd, 0x6f, 0x24, 0x47,
+	0x15, 0xdf, 0x9e, 0xf1, 0xd8, 0xe3, 0xe7, 0xb5, 0xbd, 0x5b, 0xeb, 0xac, 0x1d, 0x2f, 0xb1, 0xa3,
+	0x46, 0x84, 0x4d, 0xd8, 0xcc, 0xb0, 0x9b, 0x64, 0xc9, 0x87, 0x94, 0xb0, 0xe3, 0xdd, 0x64, 0x9d,
+	0xd8, 0xe3, 0x49, 0xcd, 0x38, 0x41, 0x11, 0x01, 0xda, 0x3d, 0xe5, 0x71, 0xc7, 0x3d, 0xdd, 0xa3,
+	0xee, 0x1a, 0xb3, 0xbe, 0x81, 0xe0, 0x92, 0x13, 0x5c, 0x02, 0x1c, 0x91, 0x90, 0xb8, 0x72, 0xe5,
+	0x10, 0x22, 0x10, 0x41, 0x5a, 0x21, 0x0e, 0x91, 0x38, 0x90, 0x93, 0x45, 0x9c, 0x13, 0xe2, 0x1f,
+	0x40, 0x7b, 0x42, 0xf5, 0xd1, 0xd5, 0xdf, 0x76, 0x8f, 0xf1, 0x5a, 0x04, 0x71, 0x5a, 0x4f, 0xbd,
+	0xf7, 0x7e, 0xf5, 0xaa, 0xea, 0xd5, 0x7b, 0xbf, 0xaa, 0xea, 0x85, 0x57, 0x77, 0x9f, 0xf7, 0x6b,
+	0x96, 0x5b, 0xdf, 0x1d, 0x6e, 0x11, 0xcf, 0x21, 0x94, 0xf8, 0xf5, 0x3d, 0xe2, 0x74, 0x5d, 0xaf,
+	0x2e, 0x05, 0xc6, 0xc0, 0xaa, 0x93, 0x7b, 0x94, 0x38, 0xbe, 0xe5, 0x3a, 0x7e, 0x7d, 0xef, 0xfa,
+	0x16, 0xa1, 0xc6, 0xf5, 0x7a, 0x8f, 0x38, 0xc4, 0x33, 0x28, 0xe9, 0xd6, 0x06, 0x9e, 0x4b, 0x5d,
+	0xf4, 0x98, 0x50, 0xaf, 0x19, 0x03, 0xab, 0x16, 0xaa, 0xd7, 0xa4, 0xfa, 0xe2, 0xd3, 0x3d, 0x8b,
+	0xee, 0x0c, 0xb7, 0x6a, 0xa6, 0xdb, 0xaf, 0xf7, 0xdc, 0x9e, 0x5b, 0xe7, 0x56, 0x5b, 0xc3, 0x6d,
+	0xfe, 0x8b, 0xff, 0xe0, 0x7f, 0x09, 0xb4, 0x45, 0x3d, 0xd2, 0xb9, 0xe9, 0x7a, 0xa4, 0xbe, 0x97,
+	0xea, 0x71, 0xf1, 0xd9, 0x50, 0xa7, 0x6f, 0x98, 0x3b, 0x96, 0x43, 0xbc, 0xfd, 0xfa, 0x60, 0xb7,
+	0xc7, 0x1a, 0xfc, 0x7a, 0x9f, 0x50, 0x23, 0xcb, 0xaa, 0x9e, 0x67, 0xe5, 0x0d, 0x1d, 0x6a, 0xf5,
+	0x49, 0xca, 0xe0, 0xe6, 0x71, 0x06, 0xbe, 0xb9, 0x43, 0xfa, 0x46, 0xca, 0xee, 0x99, 0x3c, 0xbb,
+	0x21, 0xb5, 0xec, 0xba, 0xe5, 0x50, 0x9f, 0x7a, 0x49, 0x23, 0xfd, 0x83, 0x12, 0x4c, 0xde, 0x36,
+	0x48, 0xdf, 0x75, 0xda, 0x84, 0xa2, 0xef, 0x41, 0x95, 0x0d, 0xa3, 0x6b, 0x50, 0x63, 0x41, 0x7b,
+	0x5c, 0xbb, 0x3a, 0x75, 0xe3, 0xeb, 0xb5, 0x70, 0x9a, 0x15, 0x6a, 0x6d, 0xb0, 0xdb, 0x63, 0x0d,
+	0x7e, 0x8d, 0x69, 0xd7, 0xf6, 0xae, 0xd7, 0x36, 0xb6, 0xde, 0x23, 0x26, 0x5d, 0x27, 0xd4, 0x68,
+	0xa0, 0xfb, 0x07, 0xcb, 0xe7, 0x0e, 0x0f, 0x96, 0x21, 0x6c, 0xc3, 0x0a, 0x15, 0x35, 0x61, 0xcc,
+	0x1f, 0x10, 0x73, 0xa1, 0xc4, 0xd1, 0xaf, 0xd5, 0x8e, 0x5c, 0xc4, 0x9a, 0xf2, 0xac, 0x3d, 0x20,
+	0x66, 0xe3, 0xbc, 0x44, 0x1e, 0x63, 0xbf, 0x30, 0xc7, 0x41, 0x6f, 0xc1, 0xb8, 0x4f, 0x0d, 0x3a,
+	0xf4, 0x17, 0xca, 0x1c, 0xb1, 0x56, 0x18, 0x91, 0x5b, 0x35, 0x66, 0x24, 0xe6, 0xb8, 0xf8, 0x8d,
+	0x25, 0x9a, 0xfe, 0x8f, 0x12, 0x20, 0xa5, 0xbb, 0xe2, 0x3a, 0x5d, 0x8b, 0x5a, 0xae, 0x83, 0x5e,
+	0x84, 0x31, 0xba, 0x3f, 0x20, 0x7c, 0x72, 0x26, 0x1b, 0x4f, 0x04, 0x0e, 0x75, 0xf6, 0x07, 0xe4,
+	0xc1, 0xc1, 0xf2, 0xe5, 0xb4, 0x05, 0x93, 0x60, 0x6e, 0x83, 0xd6, 0x94, 0xab, 0x25, 0x6e, 0xfd,
+	0x6c, 0xbc, 0xeb, 0x07, 0x07, 0xcb, 0x19, 0x41, 0x58, 0x53, 0x48, 0x71, 0x07, 0xd1, 0x1e, 0x20,
+	0xdb, 0xf0, 0x69, 0xc7, 0x33, 0x1c, 0x5f, 0xf4, 0x64, 0xf5, 0x89, 0x9c, 0x84, 0xa7, 0x8a, 0x2d,
+	0x1a, 0xb3, 0x68, 0x2c, 0x4a, 0x2f, 0xd0, 0x5a, 0x0a, 0x0d, 0x67, 0xf4, 0x80, 0x9e, 0x80, 0x71,
+	0x8f, 0x18, 0xbe, 0xeb, 0x2c, 0x8c, 0xf1, 0x51, 0xa8, 0x09, 0xc4, 0xbc, 0x15, 0x4b, 0x29, 0x7a,
+	0x12, 0x26, 0xfa, 0xc4, 0xf7, 0x8d, 0x1e, 0x59, 0xa8, 0x70, 0xc5, 0x59, 0xa9, 0x38, 0xb1, 0x2e,
+	0x9a, 0x71, 0x20, 0xd7, 0x3f, 0xd4, 0x60, 0x5a, 0xcd, 0xdc, 0x9a, 0xe5, 0x53, 0xf4, 0xed, 0x54,
+	0x1c, 0xd6, 0x8a, 0x0d, 0x89, 0x59, 0xf3, 0x28, 0xbc, 0x20, 0x7b, 0xab, 0x06, 0x2d, 0x91, 0x18,
+	0x5c, 0x87, 0x8a, 0x45, 0x49, 0x9f, 0xad, 0x43, 0xf9, 0xea, 0xd4, 0x8d, 0xab, 0x45, 0x43, 0xa6,
+	0x31, 0x2d, 0x41, 0x2b, 0xab, 0xcc, 0x1c, 0x0b, 0x14, 0xfd, 0x67, 0x63, 0x11, 0xf7, 0x59, 0x68,
+	0xa2, 0x77, 0xa1, 0xea, 0x13, 0x9b, 0x98, 0xd4, 0xf5, 0xa4, 0xfb, 0xcf, 0x14, 0x74, 0xdf, 0xd8,
+	0x22, 0x76, 0x5b, 0x9a, 0x36, 0xce, 0x33, 0xff, 0x83, 0x5f, 0x58, 0x41, 0xa2, 0x37, 0xa1, 0x4a,
+	0x49, 0x7f, 0x60, 0x1b, 0x94, 0xc8, 0x7d, 0xf4, 0xe5, 0xe8, 0x10, 0x58, 0xe4, 0x30, 0xb0, 0x96,
+	0xdb, 0xed, 0x48, 0x35, 0xbe, 0x7d, 0xd4, 0x94, 0x04, 0xad, 0x58, 0xc1, 0xa0, 0x3d, 0x98, 0x19,
+	0x0e, 0xba, 0x4c, 0x93, 0xb2, 0xec, 0xd0, 0xdb, 0x97, 0x91, 0x74, 0xb3, 0xe8, 0xdc, 0x6c, 0xc6,
+	0xac, 0x1b, 0x97, 0x65, 0x5f, 0x33, 0xf1, 0x76, 0x9c, 0xe8, 0x05, 0xdd, 0x82, 0xd9, 0xbe, 0xe5,
+	0x60, 0x62, 0x74, 0xf7, 0xdb, 0xc4, 0x74, 0x9d, 0xae, 0xcf, 0xc3, 0xaa, 0xd2, 0x98, 0x97, 0x00,
+	0xb3, 0xeb, 0x71, 0x31, 0x4e, 0xea, 0xa3, 0xd7, 0x01, 0x05, 0xc3, 0x78, 0x4d, 0x24, 0x37, 0xcb,
+	0x75, 0x78, 0xcc, 0x95, 0xc3, 0xe0, 0xee, 0xa4, 0x34, 0x70, 0x86, 0x15, 0x5a, 0x83, 0x39, 0x8f,
+	0xec, 0x59, 0x6c, 0x8c, 0x77, 0x2d, 0x9f, 0xba, 0xde, 0xfe, 0x9a, 0xd5, 0xb7, 0xe8, 0xc2, 0x38,
+	0xf7, 0x69, 0xe1, 0xf0, 0x60, 0x79, 0x0e, 0x67, 0xc8, 0x71, 0xa6, 0x95, 0xfe, 0xf3, 0x71, 0x98,
+	0x4d, 0xe4, 0x1b, 0xf4, 0x16, 0x5c, 0x36, 0x87, 0x9e, 0x47, 0x1c, 0xda, 0x1c, 0xf6, 0xb7, 0x88,
+	0xd7, 0x36, 0x77, 0x48, 0x77, 0x68, 0x93, 0x2e, 0x0f, 0x94, 0x4a, 0x63, 0x49, 0x7a, 0x7c, 0x79,
+	0x25, 0x53, 0x0b, 0xe7, 0x58, 0xb3, 0x59, 0x70, 0x78, 0xd3, 0xba, 0xe5, 0xfb, 0x0a, 0xb3, 0xc4,
+	0x31, 0xd5, 0x2c, 0x34, 0x53, 0x1a, 0x38, 0xc3, 0x8a, 0xf9, 0xd8, 0x25, 0xbe, 0xe5, 0x91, 0x6e,
+	0xd2, 0xc7, 0x72, 0xdc, 0xc7, 0xdb, 0x99, 0x5a, 0x38, 0xc7, 0x1a, 0x3d, 0x07, 0x53, 0xa2, 0x37,
+	0xbe, 0x7e, 0x72, 0xa1, 0x2f, 0x49, 0xb0, 0xa9, 0x66, 0x28, 0xc2, 0x51, 0x3d, 0x36, 0x34, 0x77,
+	0xcb, 0x27, 0xde, 0x1e, 0xe9, 0xe6, 0x2f, 0xf0, 0x46, 0x4a, 0x03, 0x67, 0x58, 0xb1, 0xa1, 0x89,
+	0x08, 0x4c, 0x0d, 0x6d, 0x3c, 0x3e, 0xb4, 0xcd, 0x4c, 0x2d, 0x9c, 0x63, 0xcd, 0xe2, 0x58, 0xb8,
+	0x7c, 0x6b, 0xcf, 0xb0, 0x6c, 0x63, 0xcb, 0x26, 0x0b, 0x13, 0xf1, 0x38, 0x6e, 0xc6, 0xc5, 0x38,
+	0xa9, 0x8f, 0x5e, 0x83, 0x8b, 0xa2, 0x69, 0xd3, 0x31, 0x14, 0x48, 0x95, 0x83, 0x3c, 0x2a, 0x41,
+	0x2e, 0x36, 0x93, 0x0a, 0x38, 0x6d, 0x83, 0x5e, 0x84, 0x19, 0xd3, 0xb5, 0x6d, 0x1e, 0x8f, 0x2b,
+	0xee, 0xd0, 0xa1, 0x0b, 0x93, 0x1c, 0x05, 0xb1, 0xfd, 0xb8, 0x12, 0x93, 0xe0, 0x84, 0x26, 0x22,
+	0x00, 0x66, 0x50, 0x70, 0xfc, 0x05, 0xe0, 0xf9, 0xf1, 0x7a, 0xd1, 0x1c, 0xa0, 0x4a, 0x55, 0xc8,
+	0x01, 0x54, 0x93, 0x8f, 0x23, 0xc0, 0xfa, 0x9f, 0x35, 0x98, 0xcf, 0x49, 0x1d, 0xe8, 0x95, 0x58,
+	0x89, 0xfd, 0x5a, 0xa2, 0xc4, 0x5e, 0xc9, 0x31, 0x8b, 0xd4, 0x59, 0x07, 0xa6, 0x3d, 0x36, 0x2a,
+	0xa7, 0x27, 0x54, 0x64, 0x8e, 0x7c, 0xee, 0x98, 0x61, 0xe0, 0xa8, 0x4d, 0x98, 0xf3, 0x2f, 0x1e,
+	0x1e, 0x2c, 0x4f, 0xc7, 0x64, 0x38, 0x0e, 0xaf, 0xff, 0xa2, 0x04, 0x70, 0x9b, 0x0c, 0x6c, 0x77,
+	0xbf, 0x4f, 0x9c, 0xb3, 0xe0, 0x50, 0x1b, 0x31, 0x0e, 0xf5, 0xf4, 0x71, 0xcb, 0xa3, 0x5c, 0xcb,
+	0x25, 0x51, 0x6f, 0x27, 0x48, 0x54, 0xbd, 0x38, 0xe4, 0xd1, 0x2c, 0xea, 0x6f, 0x65, 0xb8, 0x14,
+	0x2a, 0x87, 0x34, 0xea, 0xa5, 0xd8, 0x1a, 0x7f, 0x35, 0xb1, 0xc6, 0xf3, 0x19, 0x26, 0x0f, 0x8d,
+	0x47, 0xbd, 0x07, 0x33, 0x8c, 0xe5, 0x88, 0xb5, 0xe4, 0x1c, 0x6a, 0x7c, 0x64, 0x0e, 0xa5, 0xaa,
+	0xdd, 0x5a, 0x0c, 0x09, 0x27, 0x90, 0x73, 0x38, 0xdb, 0xc4, 0x17, 0x91, 0xb3, 0x7d, 0xa4, 0xc1,
+	0x4c, 0xb8, 0x4c, 0x67, 0x40, 0xda, 0x9a, 0x71, 0xd2, 0xf6, 0x64, 0xe1, 0x10, 0xcd, 0x61, 0x6d,
+	0xff, 0x62, 0x04, 0x5f, 0x29, 0xb1, 0x0d, 0xbe, 0x65, 0x98, 0xbb, 0xe8, 0x71, 0x18, 0x73, 0x8c,
+	0x7e, 0x10, 0x99, 0x6a, 0xb3, 0x34, 0x8d, 0x3e, 0xc1, 0x5c, 0x82, 0x3e, 0xd0, 0x00, 0xc9, 0x2a,
+	0x70, 0xcb, 0x71, 0x5c, 0x6a, 0x88, 0x5c, 0x29, 0xdc, 0x5a, 0x2d, 0xec, 0x56, 0xd0, 0x63, 0x6d,
+	0x33, 0x85, 0x75, 0xc7, 0xa1, 0xde, 0x7e, 0xb8, 0xc8, 0x69, 0x05, 0x9c, 0xe1, 0x00, 0x32, 0x00,
+	0x3c, 0x89, 0xd9, 0x71, 0xe5, 0x46, 0x7e, 0xba, 0x40, 0xce, 0x63, 0x06, 0x2b, 0xae, 0xb3, 0x6d,
+	0xf5, 0xc2, 0xb4, 0x83, 0x15, 0x10, 0x8e, 0x80, 0x2e, 0xde, 0x81, 0xf9, 0x1c, 0x6f, 0xd1, 0x05,
+	0x28, 0xef, 0x92, 0x7d, 0x31, 0x6d, 0x98, 0xfd, 0x89, 0xe6, 0xa0, 0xb2, 0x67, 0xd8, 0x43, 0x91,
+	0x7e, 0x27, 0xb1, 0xf8, 0xf1, 0x62, 0xe9, 0x79, 0x4d, 0xff, 0xb0, 0x12, 0x8d, 0x1d, 0xce, 0x98,
+	0xaf, 0x42, 0xd5, 0x23, 0x03, 0xdb, 0x32, 0x0d, 0x5f, 0x12, 0x21, 0x4e, 0x7e, 0xb1, 0x6c, 0xc3,
+	0x4a, 0x1a, 0xe3, 0xd6, 0xa5, 0x87, 0xcb, 0xad, 0xcb, 0xa7, 0xc3, 0xad, 0xbf, 0x0b, 0x55, 0x3f,
+	0x60, 0xd5, 0x63, 0x1c, 0xf2, 0xfa, 0x08, 0xf9, 0x55, 0x12, 0x6a, 0xd5, 0x81, 0xa2, 0xd2, 0x0a,
+	0x34, 0x8b, 0x44, 0x57, 0x46, 0x24, 0xd1, 0xa7, 0x4a, 0x7c, 0x59, 0xbe, 0x19, 0x18, 0x43, 0x9f,
+	0x74, 0x79, 0x6e, 0xab, 0x86, 0xf9, 0xa6, 0xc5, 0x5b, 0xb1, 0x94, 0xa2, 0x77, 0x63, 0x21, 0x5b,
+	0x3d, 0x49, 0xc8, 0xce, 0xe4, 0x87, 0x2b, 0xda, 0x84, 0xf9, 0x81, 0xe7, 0xf6, 0x3c, 0xe2, 0xfb,
+	0xb7, 0x89, 0xd1, 0xb5, 0x2d, 0x87, 0x04, 0xf3, 0x23, 0x18, 0xd1, 0x95, 0xc3, 0x83, 0xe5, 0xf9,
+	0x56, 0xb6, 0x0a, 0xce, 0xb3, 0xd5, 0xef, 0x8f, 0xc1, 0x85, 0x64, 0x05, 0xcc, 0x21, 0xa9, 0xda,
+	0x89, 0x48, 0xea, 0xb5, 0xc8, 0x66, 0x10, 0x0c, 0x5e, 0xad, 0x7e, 0xc6, 0x86, 0xb8, 0x05, 0xb3,
+	0x32, 0x1b, 0x04, 0x42, 0x49, 0xd3, 0xd5, 0xea, 0x6f, 0xc6, 0xc5, 0x38, 0xa9, 0x8f, 0x5e, 0x82,
+	0x69, 0x8f, 0xf3, 0xee, 0x00, 0x40, 0x70, 0xd7, 0x47, 0x24, 0xc0, 0x34, 0x8e, 0x0a, 0x71, 0x5c,
+	0x97, 0xf1, 0xd6, 0x90, 0x8e, 0x06, 0x00, 0x63, 0x71, 0xde, 0x7a, 0x2b, 0xa9, 0x80, 0xd3, 0x36,
+	0x68, 0x1d, 0x2e, 0x0d, 0x9d, 0x34, 0x94, 0x08, 0xe5, 0x2b, 0x12, 0xea, 0xd2, 0x66, 0x5a, 0x05,
+	0x67, 0xd9, 0xa1, 0xed, 0x18, 0x95, 0x1d, 0xe7, 0xe9, 0xf9, 0x46, 0xe1, 0x8d, 0x57, 0x98, 0xcb,
+	0x66, 0xd0, 0xed, 0x6a, 0x51, 0xba, 0xad, 0xff, 0x41, 0x8b, 0x16, 0x21, 0x45, 0x81, 0x8f, 0xbb,
+	0x65, 0x4a, 0x59, 0x44, 0xd8, 0x91, 0x9b, 0xcd, 0x7e, 0x6f, 0x8e, 0xc4, 0x7e, 0xc3, 0xe2, 0x79,
+	0x3c, 0xfd, 0xfd, 0xa3, 0x06, 0xb3, 0x77, 0x3b, 0x9d, 0xd6, 0xaa, 0xc3, 0x77, 0x4b, 0xcb, 0xa0,
+	0x3b, 0xac, 0x8a, 0x0e, 0x0c, 0xba, 0x93, 0xac, 0xa2, 0x4c, 0x86, 0xb9, 0x04, 0x3d, 0x0b, 0x55,
+	0xf6, 0x2f, 0x73, 0x9c, 0x87, 0xeb, 0x24, 0x4f, 0x32, 0xd5, 0x96, 0x6c, 0x7b, 0x10, 0xf9, 0x1b,
+	0x2b, 0x4d, 0xf4, 0x2d, 0x98, 0x60, 0x7b, 0x9b, 0x38, 0xdd, 0x82, 0xe4, 0x57, 0x3a, 0xd5, 0x10,
+	0x46, 0x21, 0x9f, 0x91, 0x0d, 0x38, 0x80, 0xd3, 0x77, 0x61, 0x2e, 0x32, 0x08, 0x3c, 0xb4, 0xc9,
+	0x5b, 0xac, 0x5e, 0xa1, 0x36, 0x54, 0x58, 0xef, 0xac, 0x2a, 0x95, 0x0b, 0x5c, 0x2f, 0x26, 0x26,
+	0x22, 0xe4, 0x1e, 0xec, 0x97, 0x8f, 0x05, 0x96, 0xbe, 0x01, 0x13, 0xab, 0xad, 0x86, 0xed, 0x0a,
+	0xbe, 0x61, 0x5a, 0x5d, 0x2f, 0x39, 0x53, 0x2b, 0xab, 0xb7, 0x31, 0xe6, 0x12, 0xa4, 0xc3, 0x38,
+	0xb9, 0x67, 0x92, 0x01, 0xe5, 0x14, 0x63, 0xb2, 0x01, 0x2c, 0x91, 0xde, 0xe1, 0x2d, 0x58, 0x4a,
+	0xf4, 0x9f, 0x94, 0x60, 0x42, 0x76, 0x7b, 0x06, 0xe7, 0x8f, 0xb5, 0xd8, 0xf9, 0xe3, 0xa9, 0x62,
+	0x4b, 0x90, 0x7b, 0xf8, 0xe8, 0x24, 0x0e, 0x1f, 0xd7, 0x0a, 0xe2, 0x1d, 0x7d, 0xf2, 0x78, 0xbf,
+	0x04, 0x33, 0xf1, 0xc5, 0x47, 0xcf, 0xc1, 0x14, 0x4b, 0xb5, 0x96, 0x49, 0x9a, 0x21, 0xc3, 0x53,
+	0xd7, 0x0f, 0xed, 0x50, 0x84, 0xa3, 0x7a, 0xa8, 0xa7, 0xcc, 0x5a, 0xae, 0x47, 0xe5, 0xa0, 0xf3,
+	0xa7, 0x74, 0x48, 0x2d, 0xbb, 0x26, 0x2e, 0xdb, 0x6b, 0xab, 0x0e, 0xdd, 0xf0, 0xda, 0xd4, 0xb3,
+	0x9c, 0x5e, 0xaa, 0x23, 0x06, 0x86, 0xa3, 0xc8, 0xe8, 0x6d, 0x96, 0xf6, 0x7d, 0x77, 0xe8, 0x99,
+	0x24, 0x8b, 0xbe, 0x05, 0xd4, 0x83, 0x6d, 0x84, 0xee, 0x9a, 0x6b, 0x1a, 0xb6, 0x58, 0x1c, 0x4c,
+	0xb6, 0x89, 0x47, 0x1c, 0x93, 0x04, 0x94, 0x49, 0x40, 0x60, 0x05, 0xa6, 0xff, 0x56, 0x83, 0x29,
+	0x39, 0x17, 0x67, 0x40, 0xd4, 0xdf, 0x88, 0x13, 0xf5, 0x27, 0x0a, 0xee, 0xd0, 0x6c, 0x96, 0xfe,
+	0x3b, 0x0d, 0x16, 0x03, 0xd7, 0x5d, 0xa3, 0xdb, 0x30, 0x6c, 0xc3, 0x31, 0x89, 0x17, 0xc4, 0xfa,
+	0x22, 0x94, 0xac, 0x81, 0x5c, 0x49, 0x90, 0x00, 0xa5, 0xd5, 0x16, 0x2e, 0x59, 0x03, 0x56, 0x45,
+	0x77, 0x5c, 0x9f, 0x72, 0x36, 0x2f, 0x0e, 0x8a, 0xca, 0xeb, 0xbb, 0xb2, 0x1d, 0x2b, 0x0d, 0xb4,
+	0x09, 0x95, 0x81, 0xeb, 0x51, 0x56, 0xb9, 0xca, 0x89, 0xf5, 0x3d, 0xc2, 0x6b, 0xb6, 0x6e, 0x32,
+	0x10, 0xc3, 0x9d, 0xce, 0x60, 0xb0, 0x40, 0xd3, 0x7f, 0xa8, 0xc1, 0xa3, 0x19, 0xfe, 0x4b, 0xd2,
+	0xd0, 0x85, 0x09, 0x4b, 0x08, 0x65, 0x7a, 0x79, 0xa1, 0x58, 0xb7, 0x19, 0x53, 0x11, 0xa6, 0xb6,
+	0x20, 0x85, 0x05, 0xd0, 0xfa, 0xaf, 0x34, 0xb8, 0x98, 0xf2, 0x97, 0xa7, 0x68, 0x16, 0xcf, 0x92,
+	0x6d, 0xab, 0x14, 0xcd, 0xc2, 0x92, 0x4b, 0xd0, 0x1b, 0x50, 0xe5, 0x6f, 0x44, 0xa6, 0x6b, 0xcb,
+	0x09, 0xac, 0x07, 0x13, 0xd8, 0x92, 0xed, 0x0f, 0x0e, 0x96, 0xaf, 0x64, 0x9c, 0xb5, 0x03, 0x31,
+	0x56, 0x00, 0x68, 0x19, 0x2a, 0xc4, 0xf3, 0x5c, 0x4f, 0x26, 0xfb, 0x49, 0x36, 0x53, 0x77, 0x58,
+	0x03, 0x16, 0xed, 0xfa, 0xaf, 0xc3, 0x20, 0x65, 0xd9, 0x97, 0xf9, 0xc7, 0x16, 0x27, 0x99, 0x18,
+	0xd9, 0xd2, 0x61, 0x2e, 0x41, 0x43, 0xb8, 0x60, 0x25, 0xd2, 0xb5, 0xdc, 0x9d, 0xf5, 0x62, 0xd3,
+	0xa8, 0xcc, 0x1a, 0x0b, 0x12, 0xfe, 0x42, 0x52, 0x82, 0x53, 0x5d, 0xe8, 0x04, 0x52, 0x5a, 0xe8,
+	0x4d, 0x18, 0xdb, 0xa1, 0x74, 0x90, 0x71, 0xd9, 0x7f, 0x4c, 0x91, 0x08, 0x5d, 0xa8, 0xf2, 0xd1,
+	0x75, 0x3a, 0x2d, 0xcc, 0xa1, 0xf4, 0xdf, 0x97, 0xd4, 0x7c, 0xf0, 0x13, 0xd2, 0x37, 0xd5, 0x68,
+	0x57, 0x6c, 0xc3, 0xf7, 0x79, 0x0a, 0x13, 0xa7, 0xf9, 0xb9, 0x88, 0xe3, 0x4a, 0x86, 0x53, 0xda,
+	0xa8, 0x13, 0x16, 0x4f, 0xed, 0x24, 0xc5, 0x73, 0x2a, 0xab, 0x70, 0xa2, 0xbb, 0x50, 0xa6, 0x76,
+	0xd1, 0x53, 0xb9, 0x44, 0xec, 0xac, 0xb5, 0x1b, 0x53, 0x72, 0xca, 0xcb, 0x9d, 0xb5, 0x36, 0x66,
+	0x10, 0x68, 0x03, 0x2a, 0xde, 0xd0, 0x26, 0xac, 0x0e, 0x94, 0x8b, 0xd7, 0x15, 0x36, 0x83, 0xe1,
+	0xe6, 0x63, 0xbf, 0x7c, 0x2c, 0x70, 0xf4, 0x1f, 0x69, 0x30, 0x1d, 0xab, 0x16, 0xc8, 0x83, 0xf3,
+	0x76, 0x64, 0xef, 0xc8, 0x79, 0x78, 0x7e, 0xf4, 0x5d, 0x27, 0x37, 0xfd, 0x9c, 0xec, 0xf7, 0x7c,
+	0x54, 0x86, 0x63, 0x7d, 0xe8, 0x06, 0x40, 0x38, 0x6c, 0xb6, 0x0f, 0x58, 0xf0, 0x8a, 0x0d, 0x2f,
+	0xf7, 0x01, 0x8b, 0x69, 0x1f, 0x8b, 0x76, 0x74, 0x03, 0xc0, 0x27, 0xa6, 0x47, 0x68, 0x33, 0x4c,
+	0x5c, 0xaa, 0x1c, 0xb7, 0x95, 0x04, 0x47, 0xb4, 0xf4, 0x3f, 0x69, 0x30, 0xdd, 0x24, 0xf4, 0xfb,
+	0xae, 0xb7, 0xdb, 0x72, 0x6d, 0xcb, 0xdc, 0x3f, 0x03, 0x12, 0x80, 0x63, 0x24, 0xe0, 0xb8, 0x7c,
+	0x19, 0xf3, 0x2e, 0x8f, 0x0a, 0xe8, 0x1f, 0x69, 0x30, 0x1f, 0xd3, 0xbc, 0x13, 0xe6, 0x03, 0x95,
+	0xa0, 0xb5, 0x42, 0x09, 0x3a, 0x06, 0xc3, 0x92, 0x5a, 0x76, 0x82, 0x46, 0x6b, 0x50, 0xa2, 0xae,
+	0x8c, 0xde, 0xd1, 0x30, 0x09, 0xf1, 0xc2, 0x9a, 0xd3, 0x71, 0x71, 0x89, 0xba, 0x6c, 0x21, 0x16,
+	0x62, 0x5a, 0xd1, 0x8c, 0xf6, 0x90, 0x46, 0x80, 0x61, 0x6c, 0xdb, 0x73, 0xfb, 0x27, 0x1e, 0x83,
+	0x5a, 0x88, 0x57, 0x3d, 0xb7, 0x8f, 0x39, 0x96, 0xfe, 0xb1, 0x06, 0x17, 0x63, 0x9a, 0x67, 0xc0,
+	0x1b, 0xde, 0x8c, 0xf3, 0x86, 0x6b, 0xa3, 0x0c, 0x24, 0x87, 0x3d, 0x7c, 0x5c, 0x4a, 0x0c, 0x83,
+	0x0d, 0x18, 0x6d, 0xc3, 0xd4, 0xc0, 0xed, 0xb6, 0x4f, 0xe1, 0x81, 0x76, 0x96, 0xf1, 0xb9, 0x56,
+	0x88, 0x85, 0xa3, 0xc0, 0xe8, 0x1e, 0x5c, 0x64, 0xd4, 0xc2, 0x1f, 0x18, 0x26, 0x69, 0x9f, 0xc2,
+	0x95, 0xd5, 0x23, 0xfc, 0x05, 0x28, 0x89, 0x88, 0xd3, 0x9d, 0xa0, 0x75, 0x98, 0xb0, 0x06, 0xfc,
+	0x7c, 0x21, 0x89, 0xe4, 0xb1, 0x24, 0x4c, 0x9c, 0x46, 0x44, 0x8a, 0x97, 0x3f, 0x70, 0x80, 0xa1,
+	0xff, 0x35, 0x19, 0x0d, 0x9c, 0xae, 0xbe, 0x16, 0xa1, 0x07, 0xf2, 0xad, 0xe6, 0x64, 0xd4, 0xa0,
+	0x29, 0x99, 0xc8, 0x49, 0x99, 0x75, 0x35, 0xc1, 0x5b, 0xbe, 0x02, 0x13, 0xc4, 0xe9, 0x72, 0xb2,
+	0x2e, 0x2e, 0x42, 0xf8, 0xa8, 0xee, 0x88, 0x26, 0x1c, 0xc8, 0xf4, 0x1f, 0x97, 0x13, 0xa3, 0xe2,
+	0x65, 0xf6, 0xbd, 0x53, 0x0b, 0x0e, 0x45, 0xf8, 0x73, 0x03, 0x64, 0x2b, 0xa4, 0x7f, 0x22, 0xe6,
+	0xbf, 0x31, 0x4a, 0xcc, 0x47, 0xeb, 0x5f, 0x2e, 0xf9, 0x43, 0xdf, 0x81, 0x71, 0x22, 0xba, 0x10,
+	0x55, 0xf5, 0xe6, 0x28, 0x5d, 0x84, 0xe9, 0x37, 0x3c, 0x67, 0xc9, 0x36, 0x89, 0x8a, 0x5e, 0x61,
+	0xf3, 0xc5, 0x74, 0xd9, 0xb1, 0x44, 0xb0, 0xe7, 0xc9, 0xc6, 0x63, 0x62, 0xd8, 0xaa, 0xf9, 0xc1,
+	0xc1, 0x32, 0x84, 0x3f, 0x71, 0xd4, 0x82, 0xbf, 0x9e, 0xc9, 0x3b, 0x9b, 0xb3, 0xf9, 0x02, 0x69,
+	0xb4, 0xd7, 0xb3, 0xd0, 0xb5, 0x53, 0x7b, 0x3d, 0x8b, 0x40, 0x1e, 0x7d, 0x86, 0xfd, 0x67, 0x09,
+	0x2e, 0x85, 0xca, 0x85, 0x5f, 0xcf, 0x32, 0x4c, 0xfe, 0xff, 0x15, 0x52, 0xb1, 0x17, 0xad, 0x70,
+	0xea, 0xfe, 0xfb, 0x5e, 0xb4, 0x42, 0xdf, 0x72, 0xaa, 0xdd, 0x6f, 0x4a, 0xd1, 0x01, 0x8c, 0xf8,
+	0xac, 0x72, 0x0a, 0x1f, 0xe2, 0x7c, 0xe1, 0x5e, 0x66, 0xf4, 0xbf, 0x94, 0xe1, 0x42, 0x72, 0x37,
+	0xc6, 0x6e, 0xdf, 0xb5, 0x63, 0x6f, 0xdf, 0x5b, 0x30, 0xb7, 0x3d, 0xb4, 0xed, 0x7d, 0x3e, 0x86,
+	0xc8, 0x15, 0xbc, 0xb8, 0xb7, 0xff, 0x92, 0xb4, 0x9c, 0x7b, 0x35, 0x43, 0x07, 0x67, 0x5a, 0xa6,
+	0x2f, 0xe3, 0xc7, 0xfe, 0xd3, 0xcb, 0xf8, 0xca, 0x09, 0x2e, 0xe3, 0xb3, 0xdf, 0x33, 0xca, 0x27,
+	0x7a, 0xcf, 0x38, 0xc9, 0x4d, 0x7c, 0x46, 0x12, 0x3b, 0xf6, 0xab, 0x92, 0x97, 0x61, 0x26, 0xfe,
+	0x3a, 0x24, 0xd6, 0x52, 0x3c, 0x50, 0xc9, 0xb7, 0x98, 0xc8, 0x5a, 0x8a, 0x76, 0xac, 0x34, 0xf4,
+	0x43, 0x0d, 0x2e, 0x67, 0x7f, 0x05, 0x82, 0x6c, 0x98, 0xe9, 0x1b, 0xf7, 0xa2, 0x5f, 0xe6, 0x68,
+	0x27, 0x64, 0x2b, 0xfc, 0x59, 0x60, 0x3d, 0x86, 0x85, 0x13, 0xd8, 0xe8, 0x1d, 0xa8, 0xf6, 0x8d,
+	0x7b, 0xed, 0xa1, 0xd7, 0x23, 0x27, 0x66, 0x45, 0x7c, 0x1b, 0xad, 0x4b, 0x14, 0xac, 0xf0, 0xf4,
+	0xcf, 0x35, 0x98, 0xcf, 0xb9, 0xec, 0xff, 0x1f, 0x1a, 0xe5, 0xfb, 0x25, 0xa8, 0xb4, 0x4d, 0xc3,
+	0x26, 0x67, 0x40, 0x28, 0x5e, 0x8f, 0x11, 0x8a, 0xe3, 0xbe, 0x26, 0xe5, 0x5e, 0xe5, 0x72, 0x09,
+	0x9c, 0xe0, 0x12, 0x4f, 0x15, 0x42, 0x3b, 0x9a, 0x46, 0xbc, 0x00, 0x93, 0xaa, 0xd3, 0xd1, 0xb2,
+	0x9b, 0xfe, 0xcb, 0x12, 0x4c, 0x45, 0xba, 0x18, 0x31, 0x37, 0x6e, 0xc7, 0x0a, 0x42, 0xb9, 0xc0,
+	0x4d, 0x4b, 0xa4, 0xaf, 0x5a, 0x50, 0x02, 0xc4, 0xd7, 0x10, 0xe1, 0xfb, 0x77, 0xba, 0x32, 0xbc,
+	0x0c, 0x33, 0xd4, 0xf0, 0x7a, 0x84, 0x2a, 0xda, 0x2e, 0x2e, 0x19, 0xd5, 0x67, 0x39, 0x9d, 0x98,
+	0x14, 0x27, 0xb4, 0x17, 0x5f, 0x82, 0xe9, 0x58, 0x67, 0xa3, 0x7c, 0xcc, 0xd0, 0x58, 0xb9, 0xff,
+	0xd9, 0xd2, 0xb9, 0x4f, 0x3e, 0x5b, 0x3a, 0xf7, 0xe9, 0x67, 0x4b, 0xe7, 0x7e, 0x70, 0xb8, 0xa4,
+	0xdd, 0x3f, 0x5c, 0xd2, 0x3e, 0x39, 0x5c, 0xd2, 0x3e, 0x3d, 0x5c, 0xd2, 0xfe, 0x7e, 0xb8, 0xa4,
+	0xfd, 0xf4, 0xf3, 0xa5, 0x73, 0xef, 0x3c, 0x76, 0xe4, 0xff, 0x6d, 0xf8, 0x77, 0x00, 0x00, 0x00,
+	0xff, 0xff, 0xf3, 0x1c, 0xa0, 0x16, 0x14, 0x31, 0x00, 0x00,
 }
 
 func (m *DaemonSet) Marshal() (dAtA []byte, err error) {
@@ -2944,16 +2913,6 @@ func (m *NetworkPolicy) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	_ = i
 	var l int
 	_ = l
-	{
-		size, err := m.Status.MarshalToSizedBuffer(dAtA[:i])
-		if err != nil {
-			return 0, err
-		}
-		i -= size
-		i = encodeVarintGenerated(dAtA, i, uint64(size))
-	}
-	i--
-	dAtA[i] = 0x1a
 	{
 		size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
 		if err != nil {
@@ -3302,43 +3261,6 @@ func (m *NetworkPolicySpec) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	return len(dAtA) - i, nil
 }
 
-func (m *NetworkPolicyStatus) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalToSizedBuffer(dAtA[:size])
-	if err != nil {
-		return nil, err
-	}
-	return dAtA[:n], nil
-}
-
-func (m *NetworkPolicyStatus) MarshalTo(dAtA []byte) (int, error) {
-	size := m.Size()
-	return m.MarshalToSizedBuffer(dAtA[:size])
-}
-
-func (m *NetworkPolicyStatus) MarshalToSizedBuffer(dAtA []byte) (int, error) {
-	i := len(dAtA)
-	_ = i
-	var l int
-	_ = l
-	if len(m.Conditions) > 0 {
-		for iNdEx := len(m.Conditions) - 1; iNdEx >= 0; iNdEx-- {
-			{
-				size, err := m.Conditions[iNdEx].MarshalToSizedBuffer(dAtA[:i])
-				if err != nil {
-					return 0, err
-				}
-				i -= size
-				i = encodeVarintGenerated(dAtA, i, uint64(size))
-			}
-			i--
-			dAtA[i] = 0xa
-		}
-	}
-	return len(dAtA) - i, nil
-}
-
 func (m *ReplicaSet) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
@@ -4362,8 +4284,6 @@ func (m *NetworkPolicy) Size() (n int) {
 	n += 1 + l + sovGenerated(uint64(l))
 	l = m.Spec.Size()
 	n += 1 + l + sovGenerated(uint64(l))
-	l = m.Status.Size()
-	n += 1 + l + sovGenerated(uint64(l))
 	return n
 }
 
@@ -4496,21 +4416,6 @@ func (m *NetworkPolicySpec) Size() (n int) {
 	return n
 }
 
-func (m *NetworkPolicyStatus) Size() (n int) {
-	if m == nil {
-		return 0
-	}
-	var l int
-	_ = l
-	if len(m.Conditions) > 0 {
-		for _, e := range m.Conditions {
-			l = e.Size()
-			n += 1 + l + sovGenerated(uint64(l))
-		}
-	}
-	return n
-}
-
 func (m *ReplicaSet) Size() (n int) {
 	if m == nil {
 		return 0
@@ -5098,7 +5003,6 @@ func (this *NetworkPolicy) String() string {
 	s := strings.Join([]string{`&NetworkPolicy{`,
 		`ObjectMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ObjectMeta), "ObjectMeta", "v1.ObjectMeta", 1), `&`, ``, 1) + `,`,
 		`Spec:` + strings.Replace(strings.Replace(this.Spec.String(), "NetworkPolicySpec", "NetworkPolicySpec", 1), `&`, ``, 1) + `,`,
-		`Status:` + strings.Replace(strings.Replace(this.Status.String(), "NetworkPolicyStatus", "NetworkPolicyStatus", 1), `&`, ``, 1) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -5208,21 +5112,6 @@ func (this *NetworkPolicySpec) String() string {
 	}, "")
 	return s
 }
-func (this *NetworkPolicyStatus) String() string {
-	if this == nil {
-		return "nil"
-	}
-	repeatedStringForConditions := "[]Condition{"
-	for _, f := range this.Conditions {
-		repeatedStringForConditions += fmt.Sprintf("%v", f) + ","
-	}
-	repeatedStringForConditions += "}"
-	s := strings.Join([]string{`&NetworkPolicyStatus{`,
-		`Conditions:` + repeatedStringForConditions + `,`,
-		`}`,
-	}, "")
-	return s
-}
 func (this *ReplicaSet) String() string {
 	if this == nil {
 		return "nil"
@@ -9627,39 +9516,6 @@ func (m *NetworkPolicy) Unmarshal(dAtA []byte) error {
 				return err
 			}
 			iNdEx = postIndex
-		case 3:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Status", wireType)
-			}
-			var msglen int
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowGenerated
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				msglen |= int(b&0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			if msglen < 0 {
-				return ErrInvalidLengthGenerated
-			}
-			postIndex := iNdEx + msglen
-			if postIndex < 0 {
-				return ErrInvalidLengthGenerated
-			}
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			if err := m.Status.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
-			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipGenerated(dAtA[iNdEx:])
@@ -10514,90 +10370,6 @@ func (m *NetworkPolicySpec) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *NetworkPolicyStatus) Unmarshal(dAtA []byte) error {
-	l := len(dAtA)
-	iNdEx := 0
-	for iNdEx < l {
-		preIndex := iNdEx
-		var wire uint64
-		for shift := uint(0); ; shift += 7 {
-			if shift >= 64 {
-				return ErrIntOverflowGenerated
-			}
-			if iNdEx >= l {
-				return io.ErrUnexpectedEOF
-			}
-			b := dAtA[iNdEx]
-			iNdEx++
-			wire |= uint64(b&0x7F) << shift
-			if b < 0x80 {
-				break
-			}
-		}
-		fieldNum := int32(wire >> 3)
-		wireType := int(wire & 0x7)
-		if wireType == 4 {
-			return fmt.Errorf("proto: NetworkPolicyStatus: wiretype end group for non-group")
-		}
-		if fieldNum <= 0 {
-			return fmt.Errorf("proto: NetworkPolicyStatus: illegal tag %d (wire type %d)", fieldNum, wire)
-		}
-		switch fieldNum {
-		case 1:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Conditions", wireType)
-			}
-			var msglen int
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowGenerated
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				msglen |= int(b&0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			if msglen < 0 {
-				return ErrInvalidLengthGenerated
-			}
-			postIndex := iNdEx + msglen
-			if postIndex < 0 {
-				return ErrInvalidLengthGenerated
-			}
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.Conditions = append(m.Conditions, v1.Condition{})
-			if err := m.Conditions[len(m.Conditions)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
-			iNdEx = postIndex
-		default:
-			iNdEx = preIndex
-			skippy, err := skipGenerated(dAtA[iNdEx:])
-			if err != nil {
-				return err
-			}
-			if (skippy < 0) || (iNdEx+skippy) < 0 {
-				return ErrInvalidLengthGenerated
-			}
-			if (iNdEx + skippy) > l {
-				return io.ErrUnexpectedEOF
-			}
-			iNdEx += skippy
-		}
-	}
-
-	if iNdEx > l {
-		return io.ErrUnexpectedEOF
-	}
-	return nil
-}
 func (m *ReplicaSet) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
diff --git a/vendor/k8s.io/api/extensions/v1beta1/generated.proto b/vendor/k8s.io/api/extensions/v1beta1/generated.proto
index 3ab6a093b5..3f2549681e 100644
--- a/vendor/k8s.io/api/extensions/v1beta1/generated.proto
+++ b/vendor/k8s.io/api/extensions/v1beta1/generated.proto
@@ -646,11 +646,6 @@ message NetworkPolicy {
   // Specification of the desired behavior for this NetworkPolicy.
   // +optional
   optional NetworkPolicySpec spec = 2;
-
-  // Status is the current state of the NetworkPolicy.
-  // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
-  // +optional
-  optional NetworkPolicyStatus status = 3;
 }
 
 // DEPRECATED 1.9 - This group version of NetworkPolicyEgressRule is deprecated by networking/v1/NetworkPolicyEgressRule.
@@ -798,18 +793,6 @@ message NetworkPolicySpec {
   repeated string policyTypes = 4;
 }
 
-// NetworkPolicyStatus describe the current state of the NetworkPolicy.
-message NetworkPolicyStatus {
-  // Conditions holds an array of metav1.Condition that describe the state of the NetworkPolicy.
-  // Current service state
-  // +optional
-  // +patchMergeKey=type
-  // +patchStrategy=merge
-  // +listType=map
-  // +listMapKey=type
-  repeated k8s.io.apimachinery.pkg.apis.meta.v1.Condition conditions = 1;
-}
-
 // DEPRECATED - This group version of ReplicaSet is deprecated by apps/v1beta2/ReplicaSet. See the release notes for
 // more information.
 // ReplicaSet ensures that a specified number of pod replicas are running at any given time.
diff --git a/vendor/k8s.io/api/extensions/v1beta1/types.go b/vendor/k8s.io/api/extensions/v1beta1/types.go
index c0ac6fa25d..70b349f654 100644
--- a/vendor/k8s.io/api/extensions/v1beta1/types.go
+++ b/vendor/k8s.io/api/extensions/v1beta1/types.go
@@ -1041,10 +1041,10 @@ type NetworkPolicy struct {
 	// +optional
 	Spec NetworkPolicySpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"`
 
-	// Status is the current state of the NetworkPolicy.
-	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
-	// +optional
-	Status NetworkPolicyStatus `json:"status,omitempty" protobuf:"bytes,3,opt,name=status"`
+	// Status is tombstoned to show why 3 is a reserved protobuf tag.
+	// This commented field should remain, so in the future if we decide to reimplement
+	// NetworkPolicyStatus a different protobuf name and tag SHOULD be used!
+	// Status NetworkPolicyStatus `json:"status,omitempty" protobuf:"bytes,3,opt,name=status"`
 }
 
 // DEPRECATED 1.9 - This group version of PolicyType is deprecated by networking/v1/PolicyType.
@@ -1207,48 +1207,6 @@ type NetworkPolicyPeer struct {
 	IPBlock *IPBlock `json:"ipBlock,omitempty" protobuf:"bytes,3,rep,name=ipBlock"`
 }
 
-// NetworkPolicyConditionType is the type for status conditions on
-// a NetworkPolicy. This type should be used with the
-// NetworkPolicyStatus.Conditions field.
-type NetworkPolicyConditionType string
-
-const (
-	// NetworkPolicyConditionStatusAccepted represents status of a Network Policy that could be properly parsed by
-	// the Network Policy provider and will be implemented in the cluster
-	NetworkPolicyConditionStatusAccepted NetworkPolicyConditionType = "Accepted"
-
-	// NetworkPolicyConditionStatusPartialFailure represents status of a Network Policy that could be partially
-	// parsed by the Network Policy provider and may not be completely implemented due to a lack of a feature or some
-	// other condition
-	NetworkPolicyConditionStatusPartialFailure NetworkPolicyConditionType = "PartialFailure"
-
-	// NetworkPolicyConditionStatusFailure represents status of a Network Policy that could not be parsed by the
-	// Network Policy provider and will not be implemented in the cluster
-	NetworkPolicyConditionStatusFailure NetworkPolicyConditionType = "Failure"
-)
-
-// NetworkPolicyConditionReason defines the set of reasons that explain why a
-// particular NetworkPolicy condition type has been raised.
-type NetworkPolicyConditionReason string
-
-const (
-	// NetworkPolicyConditionReasonFeatureNotSupported represents a reason where the Network Policy may not have been
-	// implemented in the cluster due to a lack of some feature not supported by the Network Policy provider
-	NetworkPolicyConditionReasonFeatureNotSupported NetworkPolicyConditionReason = "FeatureNotSupported"
-)
-
-// NetworkPolicyStatus describe the current state of the NetworkPolicy.
-type NetworkPolicyStatus struct {
-	// Conditions holds an array of metav1.Condition that describe the state of the NetworkPolicy.
-	// Current service state
-	// +optional
-	// +patchMergeKey=type
-	// +patchStrategy=merge
-	// +listType=map
-	// +listMapKey=type
-	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"`
-}
-
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 // +k8s:prerelease-lifecycle-gen:introduced=1.3
 // +k8s:prerelease-lifecycle-gen:deprecated=1.9
diff --git a/vendor/k8s.io/api/extensions/v1beta1/types_swagger_doc_generated.go b/vendor/k8s.io/api/extensions/v1beta1/types_swagger_doc_generated.go
index 39aaf48537..408022c9d8 100644
--- a/vendor/k8s.io/api/extensions/v1beta1/types_swagger_doc_generated.go
+++ b/vendor/k8s.io/api/extensions/v1beta1/types_swagger_doc_generated.go
@@ -338,7 +338,6 @@ var map_NetworkPolicy = map[string]string{
 	"":         "DEPRECATED 1.9 - This group version of NetworkPolicy is deprecated by networking/v1/NetworkPolicy. NetworkPolicy describes what network traffic is allowed for a set of Pods",
 	"metadata": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata",
 	"spec":     "Specification of the desired behavior for this NetworkPolicy.",
-	"status":   "Status is the current state of the NetworkPolicy. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status",
 }
 
 func (NetworkPolicy) SwaggerDoc() map[string]string {
@@ -409,15 +408,6 @@ func (NetworkPolicySpec) SwaggerDoc() map[string]string {
 	return map_NetworkPolicySpec
 }
 
-var map_NetworkPolicyStatus = map[string]string{
-	"":           "NetworkPolicyStatus describe the current state of the NetworkPolicy.",
-	"conditions": "Conditions holds an array of metav1.Condition that describe the state of the NetworkPolicy. Current service state",
-}
-
-func (NetworkPolicyStatus) SwaggerDoc() map[string]string {
-	return map_NetworkPolicyStatus
-}
-
 var map_ReplicaSet = map[string]string{
 	"":         "DEPRECATED - This group version of ReplicaSet is deprecated by apps/v1beta2/ReplicaSet. See the release notes for more information. ReplicaSet ensures that a specified number of pod replicas are running at any given time.",
 	"metadata": "If the Labels of a ReplicaSet are empty, they are defaulted to be the same as the Pod(s) that the ReplicaSet manages. Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata",
diff --git a/vendor/k8s.io/api/extensions/v1beta1/zz_generated.deepcopy.go b/vendor/k8s.io/api/extensions/v1beta1/zz_generated.deepcopy.go
index b6e9272992..6b474ae483 100644
--- a/vendor/k8s.io/api/extensions/v1beta1/zz_generated.deepcopy.go
+++ b/vendor/k8s.io/api/extensions/v1beta1/zz_generated.deepcopy.go
@@ -725,7 +725,6 @@ func (in *NetworkPolicy) DeepCopyInto(out *NetworkPolicy) {
 	out.TypeMeta = in.TypeMeta
 	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
 	in.Spec.DeepCopyInto(&out.Spec)
-	in.Status.DeepCopyInto(&out.Status)
 	return
 }
 
@@ -938,29 +937,6 @@ func (in *NetworkPolicySpec) DeepCopy() *NetworkPolicySpec {
 	return out
 }
 
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *NetworkPolicyStatus) DeepCopyInto(out *NetworkPolicyStatus) {
-	*out = *in
-	if in.Conditions != nil {
-		in, out := &in.Conditions, &out.Conditions
-		*out = make([]v1.Condition, len(*in))
-		for i := range *in {
-			(*in)[i].DeepCopyInto(&(*out)[i])
-		}
-	}
-	return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicyStatus.
-func (in *NetworkPolicyStatus) DeepCopy() *NetworkPolicyStatus {
-	if in == nil {
-		return nil
-	}
-	out := new(NetworkPolicyStatus)
-	in.DeepCopyInto(out)
-	return out
-}
-
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ReplicaSet) DeepCopyInto(out *ReplicaSet) {
 	*out = *in
diff --git a/vendor/k8s.io/api/flowcontrol/v1alpha1/generated.pb.go b/vendor/k8s.io/api/flowcontrol/v1alpha1/generated.pb.go
index cf5fc5600b..b54e1ceefb 100644
--- a/vendor/k8s.io/api/flowcontrol/v1alpha1/generated.pb.go
+++ b/vendor/k8s.io/api/flowcontrol/v1alpha1/generated.pb.go
@@ -43,10 +43,38 @@ var _ = math.Inf
 // proto package needs to be updated.
 const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
 
+func (m *ExemptPriorityLevelConfiguration) Reset()      { *m = ExemptPriorityLevelConfiguration{} }
+func (*ExemptPriorityLevelConfiguration) ProtoMessage() {}
+func (*ExemptPriorityLevelConfiguration) Descriptor() ([]byte, []int) {
+	return fileDescriptor_45ba024d525b289b, []int{0}
+}
+func (m *ExemptPriorityLevelConfiguration) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ExemptPriorityLevelConfiguration) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *ExemptPriorityLevelConfiguration) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ExemptPriorityLevelConfiguration.Merge(m, src)
+}
+func (m *ExemptPriorityLevelConfiguration) XXX_Size() int {
+	return m.Size()
+}
+func (m *ExemptPriorityLevelConfiguration) XXX_DiscardUnknown() {
+	xxx_messageInfo_ExemptPriorityLevelConfiguration.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ExemptPriorityLevelConfiguration proto.InternalMessageInfo
+
 func (m *FlowDistinguisherMethod) Reset()      { *m = FlowDistinguisherMethod{} }
 func (*FlowDistinguisherMethod) ProtoMessage() {}
 func (*FlowDistinguisherMethod) Descriptor() ([]byte, []int) {
-	return fileDescriptor_45ba024d525b289b, []int{0}
+	return fileDescriptor_45ba024d525b289b, []int{1}
 }
 func (m *FlowDistinguisherMethod) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -74,7 +102,7 @@ var xxx_messageInfo_FlowDistinguisherMethod proto.InternalMessageInfo
 func (m *FlowSchema) Reset()      { *m = FlowSchema{} }
 func (*FlowSchema) ProtoMessage() {}
 func (*FlowSchema) Descriptor() ([]byte, []int) {
-	return fileDescriptor_45ba024d525b289b, []int{1}
+	return fileDescriptor_45ba024d525b289b, []int{2}
 }
 func (m *FlowSchema) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -102,7 +130,7 @@ var xxx_messageInfo_FlowSchema proto.InternalMessageInfo
 func (m *FlowSchemaCondition) Reset()      { *m = FlowSchemaCondition{} }
 func (*FlowSchemaCondition) ProtoMessage() {}
 func (*FlowSchemaCondition) Descriptor() ([]byte, []int) {
-	return fileDescriptor_45ba024d525b289b, []int{2}
+	return fileDescriptor_45ba024d525b289b, []int{3}
 }
 func (m *FlowSchemaCondition) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -130,7 +158,7 @@ var xxx_messageInfo_FlowSchemaCondition proto.InternalMessageInfo
 func (m *FlowSchemaList) Reset()      { *m = FlowSchemaList{} }
 func (*FlowSchemaList) ProtoMessage() {}
 func (*FlowSchemaList) Descriptor() ([]byte, []int) {
-	return fileDescriptor_45ba024d525b289b, []int{3}
+	return fileDescriptor_45ba024d525b289b, []int{4}
 }
 func (m *FlowSchemaList) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -158,7 +186,7 @@ var xxx_messageInfo_FlowSchemaList proto.InternalMessageInfo
 func (m *FlowSchemaSpec) Reset()      { *m = FlowSchemaSpec{} }
 func (*FlowSchemaSpec) ProtoMessage() {}
 func (*FlowSchemaSpec) Descriptor() ([]byte, []int) {
-	return fileDescriptor_45ba024d525b289b, []int{4}
+	return fileDescriptor_45ba024d525b289b, []int{5}
 }
 func (m *FlowSchemaSpec) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -186,7 +214,7 @@ var xxx_messageInfo_FlowSchemaSpec proto.InternalMessageInfo
 func (m *FlowSchemaStatus) Reset()      { *m = FlowSchemaStatus{} }
 func (*FlowSchemaStatus) ProtoMessage() {}
 func (*FlowSchemaStatus) Descriptor() ([]byte, []int) {
-	return fileDescriptor_45ba024d525b289b, []int{5}
+	return fileDescriptor_45ba024d525b289b, []int{6}
 }
 func (m *FlowSchemaStatus) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -214,7 +242,7 @@ var xxx_messageInfo_FlowSchemaStatus proto.InternalMessageInfo
 func (m *GroupSubject) Reset()      { *m = GroupSubject{} }
 func (*GroupSubject) ProtoMessage() {}
 func (*GroupSubject) Descriptor() ([]byte, []int) {
-	return fileDescriptor_45ba024d525b289b, []int{6}
+	return fileDescriptor_45ba024d525b289b, []int{7}
 }
 func (m *GroupSubject) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -242,7 +270,7 @@ var xxx_messageInfo_GroupSubject proto.InternalMessageInfo
 func (m *LimitResponse) Reset()      { *m = LimitResponse{} }
 func (*LimitResponse) ProtoMessage() {}
 func (*LimitResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptor_45ba024d525b289b, []int{7}
+	return fileDescriptor_45ba024d525b289b, []int{8}
 }
 func (m *LimitResponse) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -270,7 +298,7 @@ var xxx_messageInfo_LimitResponse proto.InternalMessageInfo
 func (m *LimitedPriorityLevelConfiguration) Reset()      { *m = LimitedPriorityLevelConfiguration{} }
 func (*LimitedPriorityLevelConfiguration) ProtoMessage() {}
 func (*LimitedPriorityLevelConfiguration) Descriptor() ([]byte, []int) {
-	return fileDescriptor_45ba024d525b289b, []int{8}
+	return fileDescriptor_45ba024d525b289b, []int{9}
 }
 func (m *LimitedPriorityLevelConfiguration) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -298,7 +326,7 @@ var xxx_messageInfo_LimitedPriorityLevelConfiguration proto.InternalMessageInfo
 func (m *NonResourcePolicyRule) Reset()      { *m = NonResourcePolicyRule{} }
 func (*NonResourcePolicyRule) ProtoMessage() {}
 func (*NonResourcePolicyRule) Descriptor() ([]byte, []int) {
-	return fileDescriptor_45ba024d525b289b, []int{9}
+	return fileDescriptor_45ba024d525b289b, []int{10}
 }
 func (m *NonResourcePolicyRule) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -326,7 +354,7 @@ var xxx_messageInfo_NonResourcePolicyRule proto.InternalMessageInfo
 func (m *PolicyRulesWithSubjects) Reset()      { *m = PolicyRulesWithSubjects{} }
 func (*PolicyRulesWithSubjects) ProtoMessage() {}
 func (*PolicyRulesWithSubjects) Descriptor() ([]byte, []int) {
-	return fileDescriptor_45ba024d525b289b, []int{10}
+	return fileDescriptor_45ba024d525b289b, []int{11}
 }
 func (m *PolicyRulesWithSubjects) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -354,7 +382,7 @@ var xxx_messageInfo_PolicyRulesWithSubjects proto.InternalMessageInfo
 func (m *PriorityLevelConfiguration) Reset()      { *m = PriorityLevelConfiguration{} }
 func (*PriorityLevelConfiguration) ProtoMessage() {}
 func (*PriorityLevelConfiguration) Descriptor() ([]byte, []int) {
-	return fileDescriptor_45ba024d525b289b, []int{11}
+	return fileDescriptor_45ba024d525b289b, []int{12}
 }
 func (m *PriorityLevelConfiguration) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -382,7 +410,7 @@ var xxx_messageInfo_PriorityLevelConfiguration proto.InternalMessageInfo
 func (m *PriorityLevelConfigurationCondition) Reset()      { *m = PriorityLevelConfigurationCondition{} }
 func (*PriorityLevelConfigurationCondition) ProtoMessage() {}
 func (*PriorityLevelConfigurationCondition) Descriptor() ([]byte, []int) {
-	return fileDescriptor_45ba024d525b289b, []int{12}
+	return fileDescriptor_45ba024d525b289b, []int{13}
 }
 func (m *PriorityLevelConfigurationCondition) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -410,7 +438,7 @@ var xxx_messageInfo_PriorityLevelConfigurationCondition proto.InternalMessageInf
 func (m *PriorityLevelConfigurationList) Reset()      { *m = PriorityLevelConfigurationList{} }
 func (*PriorityLevelConfigurationList) ProtoMessage() {}
 func (*PriorityLevelConfigurationList) Descriptor() ([]byte, []int) {
-	return fileDescriptor_45ba024d525b289b, []int{13}
+	return fileDescriptor_45ba024d525b289b, []int{14}
 }
 func (m *PriorityLevelConfigurationList) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -438,7 +466,7 @@ var xxx_messageInfo_PriorityLevelConfigurationList proto.InternalMessageInfo
 func (m *PriorityLevelConfigurationReference) Reset()      { *m = PriorityLevelConfigurationReference{} }
 func (*PriorityLevelConfigurationReference) ProtoMessage() {}
 func (*PriorityLevelConfigurationReference) Descriptor() ([]byte, []int) {
-	return fileDescriptor_45ba024d525b289b, []int{14}
+	return fileDescriptor_45ba024d525b289b, []int{15}
 }
 func (m *PriorityLevelConfigurationReference) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -466,7 +494,7 @@ var xxx_messageInfo_PriorityLevelConfigurationReference proto.InternalMessageInf
 func (m *PriorityLevelConfigurationSpec) Reset()      { *m = PriorityLevelConfigurationSpec{} }
 func (*PriorityLevelConfigurationSpec) ProtoMessage() {}
 func (*PriorityLevelConfigurationSpec) Descriptor() ([]byte, []int) {
-	return fileDescriptor_45ba024d525b289b, []int{15}
+	return fileDescriptor_45ba024d525b289b, []int{16}
 }
 func (m *PriorityLevelConfigurationSpec) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -494,7 +522,7 @@ var xxx_messageInfo_PriorityLevelConfigurationSpec proto.InternalMessageInfo
 func (m *PriorityLevelConfigurationStatus) Reset()      { *m = PriorityLevelConfigurationStatus{} }
 func (*PriorityLevelConfigurationStatus) ProtoMessage() {}
 func (*PriorityLevelConfigurationStatus) Descriptor() ([]byte, []int) {
-	return fileDescriptor_45ba024d525b289b, []int{16}
+	return fileDescriptor_45ba024d525b289b, []int{17}
 }
 func (m *PriorityLevelConfigurationStatus) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -522,7 +550,7 @@ var xxx_messageInfo_PriorityLevelConfigurationStatus proto.InternalMessageInfo
 func (m *QueuingConfiguration) Reset()      { *m = QueuingConfiguration{} }
 func (*QueuingConfiguration) ProtoMessage() {}
 func (*QueuingConfiguration) Descriptor() ([]byte, []int) {
-	return fileDescriptor_45ba024d525b289b, []int{17}
+	return fileDescriptor_45ba024d525b289b, []int{18}
 }
 func (m *QueuingConfiguration) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -550,7 +578,7 @@ var xxx_messageInfo_QueuingConfiguration proto.InternalMessageInfo
 func (m *ResourcePolicyRule) Reset()      { *m = ResourcePolicyRule{} }
 func (*ResourcePolicyRule) ProtoMessage() {}
 func (*ResourcePolicyRule) Descriptor() ([]byte, []int) {
-	return fileDescriptor_45ba024d525b289b, []int{18}
+	return fileDescriptor_45ba024d525b289b, []int{19}
 }
 func (m *ResourcePolicyRule) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -578,7 +606,7 @@ var xxx_messageInfo_ResourcePolicyRule proto.InternalMessageInfo
 func (m *ServiceAccountSubject) Reset()      { *m = ServiceAccountSubject{} }
 func (*ServiceAccountSubject) ProtoMessage() {}
 func (*ServiceAccountSubject) Descriptor() ([]byte, []int) {
-	return fileDescriptor_45ba024d525b289b, []int{19}
+	return fileDescriptor_45ba024d525b289b, []int{20}
 }
 func (m *ServiceAccountSubject) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -606,7 +634,7 @@ var xxx_messageInfo_ServiceAccountSubject proto.InternalMessageInfo
 func (m *Subject) Reset()      { *m = Subject{} }
 func (*Subject) ProtoMessage() {}
 func (*Subject) Descriptor() ([]byte, []int) {
-	return fileDescriptor_45ba024d525b289b, []int{20}
+	return fileDescriptor_45ba024d525b289b, []int{21}
 }
 func (m *Subject) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -634,7 +662,7 @@ var xxx_messageInfo_Subject proto.InternalMessageInfo
 func (m *UserSubject) Reset()      { *m = UserSubject{} }
 func (*UserSubject) ProtoMessage() {}
 func (*UserSubject) Descriptor() ([]byte, []int) {
-	return fileDescriptor_45ba024d525b289b, []int{21}
+	return fileDescriptor_45ba024d525b289b, []int{22}
 }
 func (m *UserSubject) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -660,6 +688,7 @@ func (m *UserSubject) XXX_DiscardUnknown() {
 var xxx_messageInfo_UserSubject proto.InternalMessageInfo
 
 func init() {
+	proto.RegisterType((*ExemptPriorityLevelConfiguration)(nil), "k8s.io.api.flowcontrol.v1alpha1.ExemptPriorityLevelConfiguration")
 	proto.RegisterType((*FlowDistinguisherMethod)(nil), "k8s.io.api.flowcontrol.v1alpha1.FlowDistinguisherMethod")
 	proto.RegisterType((*FlowSchema)(nil), "k8s.io.api.flowcontrol.v1alpha1.FlowSchema")
 	proto.RegisterType((*FlowSchemaCondition)(nil), "k8s.io.api.flowcontrol.v1alpha1.FlowSchemaCondition")
@@ -689,105 +718,142 @@ func init() {
 }
 
 var fileDescriptor_45ba024d525b289b = []byte{
-	// 1554 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x58, 0x4d, 0x6f, 0x13, 0xc7,
-	0x1b, 0xcf, 0x3a, 0x76, 0x12, 0x4f, 0x5e, 0x99, 0x10, 0xc5, 0xff, 0x20, 0xd9, 0x61, 0xff, 0x52,
-	0xa1, 0x05, 0x76, 0x09, 0x05, 0x4a, 0x85, 0x2a, 0x94, 0x0d, 0x94, 0xb7, 0x24, 0x24, 0x13, 0xa0,
-	0x2a, 0xa2, 0x12, 0x9b, 0xf5, 0xc4, 0x1e, 0x62, 0xef, 0x6e, 0x67, 0x76, 0x9d, 0xa6, 0xe2, 0x50,
-	0xa9, 0x5f, 0xa0, 0x1f, 0x80, 0x63, 0x0f, 0x3d, 0xf7, 0x13, 0xf4, 0x18, 0x55, 0x3d, 0x70, 0xe4,
-	0x64, 0x11, 0xf7, 0xda, 0x0f, 0xd0, 0x72, 0xa8, 0xaa, 0x99, 0x9d, 0xdd, 0xf5, 0xfa, 0x25, 0x6b,
-	0x1a, 0x89, 0x53, 0x6f, 0xd9, 0xe7, 0xe5, 0xf7, 0xbc, 0xcc, 0xf3, 0xe6, 0x80, 0x3b, 0xbb, 0xd7,
-	0x98, 0x46, 0x1c, 0x7d, 0xd7, 0xdf, 0xc6, 0xd4, 0xc6, 0x1e, 0x66, 0x7a, 0x03, 0xdb, 0x65, 0x87,
-	0xea, 0x92, 0x61, 0xba, 0x44, 0xdf, 0xa9, 0x39, 0x7b, 0x96, 0x63, 0x7b, 0xd4, 0xa9, 0xe9, 0x8d,
-	0x25, 0xb3, 0xe6, 0x56, 0xcd, 0x25, 0xbd, 0x82, 0x6d, 0x4c, 0x4d, 0x0f, 0x97, 0x35, 0x97, 0x3a,
-	0x9e, 0x03, 0x4b, 0x81, 0x82, 0x66, 0xba, 0x44, 0x6b, 0x53, 0xd0, 0x42, 0x85, 0x85, 0x0b, 0x15,
-	0xe2, 0x55, 0xfd, 0x6d, 0xcd, 0x72, 0xea, 0x7a, 0xc5, 0xa9, 0x38, 0xba, 0xd0, 0xdb, 0xf6, 0x77,
-	0xc4, 0x97, 0xf8, 0x10, 0x7f, 0x05, 0x78, 0x0b, 0x97, 0x63, 0x07, 0xea, 0xa6, 0x55, 0x25, 0x36,
-	0xa6, 0xfb, 0xba, 0xbb, 0x5b, 0xe1, 0x04, 0xa6, 0xd7, 0xb1, 0x67, 0xea, 0x8d, 0x2e, 0x2f, 0x16,
-	0xf4, 0x7e, 0x5a, 0xd4, 0xb7, 0x3d, 0x52, 0xc7, 0x5d, 0x0a, 0x57, 0xd3, 0x14, 0x98, 0x55, 0xc5,
-	0x75, 0xb3, 0x53, 0x4f, 0x7d, 0x02, 0xe6, 0x3f, 0xaf, 0x39, 0x7b, 0x37, 0x09, 0xf3, 0x88, 0x5d,
-	0xf1, 0x09, 0xab, 0x62, 0xba, 0x86, 0xbd, 0xaa, 0x53, 0x86, 0x37, 0x40, 0xd6, 0xdb, 0x77, 0x71,
-	0x41, 0x59, 0x54, 0xce, 0xe6, 0x8d, 0x73, 0x07, 0xcd, 0xd2, 0x50, 0xab, 0x59, 0xca, 0x3e, 0xdc,
-	0x77, 0xf1, 0xdb, 0x66, 0xe9, 0x54, 0x1f, 0x35, 0xce, 0x46, 0x42, 0x51, 0x7d, 0x99, 0x01, 0x80,
-	0x4b, 0x6d, 0x09, 0xd3, 0xf0, 0x19, 0x18, 0xe3, 0xe1, 0x96, 0x4d, 0xcf, 0x14, 0x98, 0xe3, 0x97,
-	0x2e, 0x6a, 0x71, 0xb2, 0x23, 0xaf, 0x35, 0x77, 0xb7, 0xc2, 0x09, 0x4c, 0xe3, 0xd2, 0x5a, 0x63,
-	0x49, 0x7b, 0xb0, 0xfd, 0x1c, 0x5b, 0xde, 0x1a, 0xf6, 0x4c, 0x03, 0x4a, 0x2f, 0x40, 0x4c, 0x43,
-	0x11, 0x2a, 0xdc, 0x04, 0x59, 0xe6, 0x62, 0xab, 0x90, 0x11, 0xe8, 0xba, 0x96, 0xf2, 0x94, 0x5a,
-	0xec, 0xdc, 0x96, 0x8b, 0x2d, 0x63, 0x22, 0x0c, 0x91, 0x7f, 0x21, 0x01, 0x05, 0xbf, 0x04, 0x23,
-	0xcc, 0x33, 0x3d, 0x9f, 0x15, 0x86, 0x05, 0xe8, 0xd2, 0xbb, 0x80, 0x0a, 0x45, 0x63, 0x4a, 0xc2,
-	0x8e, 0x04, 0xdf, 0x48, 0x02, 0xaa, 0xaf, 0x33, 0x60, 0x36, 0x16, 0x5e, 0x71, 0xec, 0x32, 0xf1,
-	0x88, 0x63, 0xc3, 0xeb, 0x89, 0xbc, 0x9f, 0xe9, 0xc8, 0xfb, 0x7c, 0x0f, 0x95, 0x38, 0xe7, 0xf0,
-	0xd3, 0xc8, 0xdf, 0x8c, 0x50, 0x3f, 0x9d, 0x34, 0xfe, 0xb6, 0x59, 0x9a, 0x8e, 0xd4, 0x92, 0xfe,
-	0xc0, 0x06, 0x80, 0x35, 0x93, 0x79, 0x0f, 0xa9, 0x69, 0xb3, 0x00, 0x96, 0xd4, 0xb1, 0x0c, 0xfb,
-	0xa3, 0xc1, 0x5e, 0x8a, 0x6b, 0x18, 0x0b, 0xd2, 0x24, 0x5c, 0xed, 0x42, 0x43, 0x3d, 0x2c, 0xc0,
-	0x0f, 0xc0, 0x08, 0xc5, 0x26, 0x73, 0xec, 0x42, 0x56, 0xb8, 0x1c, 0xe5, 0x0b, 0x09, 0x2a, 0x92,
-	0x5c, 0xf8, 0x21, 0x18, 0xad, 0x63, 0xc6, 0xcc, 0x0a, 0x2e, 0xe4, 0x84, 0xe0, 0xb4, 0x14, 0x1c,
-	0x5d, 0x0b, 0xc8, 0x28, 0xe4, 0xab, 0xbf, 0x28, 0x60, 0x2a, 0xce, 0xd3, 0x2a, 0x61, 0x1e, 0x7c,
-	0xda, 0x55, 0x7d, 0xda, 0x60, 0x31, 0x71, 0x6d, 0x51, 0x7b, 0x33, 0xd2, 0xdc, 0x58, 0x48, 0x69,
-	0xab, 0xbc, 0x0d, 0x90, 0x23, 0x1e, 0xae, 0xf3, 0xac, 0x0f, 0x9f, 0x1d, 0xbf, 0x74, 0xee, 0x1d,
-	0xaa, 0xc4, 0x98, 0x94, 0xb8, 0xb9, 0xbb, 0x1c, 0x01, 0x05, 0x40, 0xea, 0x1f, 0xc3, 0xed, 0x21,
-	0xf0, 0x8a, 0x84, 0x3f, 0x29, 0x60, 0xc1, 0xa5, 0xc4, 0xa1, 0xc4, 0xdb, 0x5f, 0xc5, 0x0d, 0x5c,
-	0x5b, 0x71, 0xec, 0x1d, 0x52, 0xf1, 0xa9, 0xc9, 0x73, 0x29, 0xa3, 0xba, 0x99, 0x6a, 0x7a, 0xa3,
-	0x2f, 0x04, 0xc2, 0x3b, 0x98, 0x62, 0xdb, 0xc2, 0x86, 0x2a, 0x7d, 0x5a, 0x38, 0x42, 0xf8, 0x08,
-	0x5f, 0xe0, 0x3d, 0x00, 0xeb, 0xa6, 0xc7, 0x73, 0x5a, 0xd9, 0xa0, 0xd8, 0xc2, 0x65, 0x8e, 0x2a,
-	0x4a, 0x32, 0x17, 0xd7, 0xc7, 0x5a, 0x97, 0x04, 0xea, 0xa1, 0x05, 0xbf, 0x57, 0xc0, 0x6c, 0xb9,
-	0x7b, 0xd0, 0xc8, 0xca, 0xbc, 0x36, 0x50, 0xaa, 0x7b, 0x0c, 0x2a, 0x63, 0xbe, 0xd5, 0x2c, 0xcd,
-	0xf6, 0x60, 0xa0, 0x5e, 0xd6, 0xe0, 0x57, 0x20, 0x47, 0xfd, 0x1a, 0x66, 0x85, 0xac, 0x78, 0xe1,
-	0x74, 0xb3, 0x1b, 0x4e, 0x8d, 0x58, 0xfb, 0x88, 0xeb, 0x7c, 0x41, 0xbc, 0xea, 0x96, 0x2f, 0x26,
-	0x16, 0x8b, 0x9f, 0x5b, 0xb0, 0x50, 0x80, 0xaa, 0xbe, 0x00, 0x33, 0x9d, 0x83, 0x03, 0x56, 0x01,
-	0xb0, 0xc2, 0x5e, 0x65, 0x05, 0x45, 0xd8, 0xbd, 0xfc, 0x0e, 0x95, 0x15, 0x35, 0x7a, 0x3c, 0x36,
-	0x23, 0x12, 0x43, 0x6d, 0xd8, 0xea, 0x45, 0x30, 0x71, 0x9b, 0x3a, 0xbe, 0x2b, 0x9d, 0x84, 0x8b,
-	0x20, 0x6b, 0x9b, 0xf5, 0x70, 0x04, 0x45, 0x73, 0x71, 0xdd, 0xac, 0x63, 0x24, 0x38, 0xea, 0x8f,
-	0x0a, 0x98, 0x5c, 0x25, 0x75, 0xe2, 0x21, 0xcc, 0x5c, 0xc7, 0x66, 0x18, 0x5e, 0x49, 0x8c, 0xad,
-	0xd3, 0x1d, 0x63, 0xeb, 0x44, 0x42, 0xb8, 0x6d, 0x60, 0x3d, 0x05, 0xa3, 0x5f, 0xfb, 0xd8, 0x27,
-	0x76, 0x45, 0x8e, 0xed, 0x2b, 0xa9, 0x11, 0x6e, 0x06, 0xf2, 0x89, 0x8a, 0x33, 0xc6, 0xf9, 0x20,
-	0x90, 0x1c, 0x14, 0x42, 0xaa, 0x7f, 0x67, 0xc0, 0x69, 0x61, 0x19, 0x97, 0xfb, 0x57, 0x32, 0x7c,
-	0x0a, 0x0a, 0x26, 0x63, 0x3e, 0xc5, 0xe5, 0x15, 0xc7, 0xb6, 0x7c, 0xca, 0x7b, 0x60, 0x7f, 0xab,
-	0x6a, 0x52, 0xcc, 0x44, 0x38, 0x39, 0x63, 0x51, 0x86, 0x53, 0x58, 0xee, 0x23, 0x87, 0xfa, 0x22,
-	0xc0, 0x5d, 0x30, 0x59, 0x6b, 0x0f, 0x5e, 0xc6, 0xa9, 0xa5, 0xc6, 0x99, 0x48, 0x99, 0x31, 0x27,
-	0x5d, 0x48, 0xa6, 0x1d, 0x25, 0xb1, 0xe1, 0x67, 0x60, 0xba, 0x86, 0xed, 0xb2, 0xb9, 0x5d, 0xc3,
-	0x1b, 0x98, 0x5a, 0xd8, 0xf6, 0x44, 0x9f, 0xe4, 0x8c, 0xd9, 0x56, 0xb3, 0x34, 0xbd, 0x9a, 0x64,
-	0xa1, 0x4e, 0x59, 0xf8, 0x00, 0xcc, 0x6d, 0x3b, 0x94, 0x3a, 0x7b, 0xc4, 0xae, 0x08, 0x3b, 0x21,
-	0x48, 0x56, 0x80, 0xfc, 0xaf, 0xd5, 0x2c, 0xcd, 0x19, 0xbd, 0x04, 0x50, 0x6f, 0x3d, 0x75, 0x0f,
-	0xcc, 0xad, 0xf3, 0xc1, 0xc2, 0x1c, 0x9f, 0x5a, 0x38, 0xee, 0x09, 0x58, 0x02, 0xb9, 0x06, 0xa6,
-	0xdb, 0x41, 0x5d, 0xe7, 0x8d, 0x3c, 0xef, 0x88, 0xc7, 0x9c, 0x80, 0x02, 0x3a, 0x8f, 0xc4, 0x8e,
-	0x35, 0x1f, 0xa1, 0x55, 0x56, 0x18, 0x11, 0xa2, 0x22, 0x92, 0xf5, 0x24, 0x0b, 0x75, 0xca, 0xaa,
-	0x87, 0x19, 0x30, 0xdf, 0xa7, 0x05, 0xe1, 0x63, 0x30, 0xc6, 0xe4, 0xdf, 0xb2, 0xad, 0xce, 0xa6,
-	0x3e, 0x86, 0x54, 0x8e, 0xb7, 0x40, 0x88, 0x86, 0x22, 0x2c, 0xe8, 0x82, 0x49, 0x2a, 0x7d, 0x10,
-	0x46, 0xe5, 0x36, 0xf8, 0x38, 0x15, 0xbc, 0x3b, 0x3f, 0xf1, 0x73, 0xa3, 0x76, 0x44, 0x94, 0x34,
-	0x00, 0x5f, 0x80, 0x99, 0xb6, 0xc0, 0x03, 0xa3, 0xc3, 0xc2, 0xe8, 0xd5, 0x54, 0xa3, 0x3d, 0xdf,
-	0xc5, 0x28, 0x48, 0xbb, 0x33, 0xeb, 0x1d, 0xb8, 0xa8, 0xcb, 0x92, 0xfa, 0x5b, 0x06, 0x1c, 0xb1,
-	0x20, 0xde, 0xc3, 0xc1, 0x67, 0x26, 0x0e, 0xbe, 0x1b, 0xc7, 0x58, 0x7d, 0x7d, 0x0f, 0x40, 0xd2,
-	0x71, 0x00, 0x2e, 0x1f, 0xc7, 0xc8, 0xd1, 0x07, 0xe1, 0x9f, 0x19, 0xf0, 0xff, 0xfe, 0xca, 0xf1,
-	0x81, 0x78, 0x3f, 0x31, 0x69, 0x3f, 0xe9, 0x98, 0xb4, 0x67, 0x06, 0x80, 0xf8, 0xef, 0x60, 0xec,
-	0x38, 0x18, 0xdf, 0x28, 0xa0, 0xd8, 0x3f, 0x6f, 0xef, 0xe1, 0x80, 0x7c, 0x96, 0x3c, 0x20, 0xaf,
-	0x1f, 0xa3, 0xca, 0xfa, 0x1c, 0x94, 0xb7, 0x8f, 0x2a, 0xae, 0xe8, 0xf2, 0x1b, 0x60, 0xf5, 0x1f,
-	0x1c, 0x99, 0x2b, 0x71, 0xa9, 0xa6, 0xfc, 0x84, 0x49, 0x68, 0xdf, 0xb2, 0xf9, 0x02, 0xaa, 0xf3,
-	0x1d, 0x12, 0x54, 0x24, 0x01, 0xa3, 0xb5, 0x60, 0x65, 0xcb, 0xbe, 0x36, 0x06, 0xdb, 0x94, 0x47,
-	0xad, 0xf8, 0xe0, 0x3c, 0x90, 0x62, 0x28, 0xc4, 0x57, 0x5f, 0x2a, 0x60, 0x31, 0xad, 0x5d, 0xe1,
-	0x37, 0x3d, 0xce, 0xb0, 0xe3, 0x5c, 0xd9, 0x83, 0x9f, 0x65, 0x3f, 0x2b, 0xe0, 0x64, 0xaf, 0x63,
-	0x87, 0x77, 0x00, 0xbf, 0x70, 0xa2, 0xf3, 0x24, 0xea, 0x80, 0x4d, 0x41, 0x45, 0x92, 0x0b, 0xcf,
-	0x83, 0xb1, 0xaa, 0x69, 0x97, 0xb7, 0xc8, 0xb7, 0xe1, 0xf1, 0x1d, 0xd5, 0xe0, 0x1d, 0x49, 0x47,
-	0x91, 0x04, 0xbc, 0x09, 0x66, 0x84, 0xde, 0x2a, 0xb6, 0x2b, 0x5e, 0x55, 0x24, 0x4b, 0x1e, 0x0f,
-	0xd1, 0x52, 0xd8, 0xec, 0xe0, 0xa3, 0x2e, 0x0d, 0xf5, 0x2f, 0x05, 0xc0, 0x7f, 0xb3, 0xef, 0xcf,
-	0x81, 0xbc, 0xe9, 0x12, 0x71, 0x86, 0x06, 0x5d, 0x90, 0x37, 0x26, 0x5b, 0xcd, 0x52, 0x7e, 0x79,
-	0xe3, 0x6e, 0x40, 0x44, 0x31, 0x9f, 0x0b, 0x87, 0x8b, 0x30, 0x58, 0x78, 0x52, 0x38, 0x34, 0xcc,
-	0x50, 0xcc, 0x87, 0xd7, 0xc0, 0x84, 0x55, 0xf3, 0x99, 0x87, 0xe9, 0x96, 0xe5, 0xb8, 0x58, 0x4c,
-	0x8d, 0x31, 0xe3, 0xa4, 0x8c, 0x69, 0x62, 0xa5, 0x8d, 0x87, 0x12, 0x92, 0x50, 0x03, 0x80, 0x97,
-	0x3c, 0x73, 0x4d, 0x6e, 0x27, 0x27, 0xec, 0x4c, 0xf1, 0x07, 0x5b, 0x8f, 0xa8, 0xa8, 0x4d, 0x42,
-	0x7d, 0x0e, 0xe6, 0xb6, 0x30, 0x6d, 0x10, 0x0b, 0x2f, 0x5b, 0x96, 0xe3, 0xdb, 0x5e, 0x78, 0x50,
-	0xeb, 0x20, 0x1f, 0x89, 0xc9, 0xae, 0x38, 0x21, 0xed, 0xe7, 0x23, 0x2c, 0x14, 0xcb, 0x44, 0x6d,
-	0x98, 0xe9, 0xdb, 0x86, 0xbf, 0x66, 0xc0, 0x68, 0x0c, 0x9f, 0xdd, 0x25, 0x76, 0x59, 0x22, 0x9f,
-	0x0a, 0xa5, 0xef, 0x13, 0xbb, 0xfc, 0xb6, 0x59, 0x1a, 0x97, 0x62, 0xfc, 0x13, 0x09, 0x41, 0x78,
-	0x0f, 0x64, 0x7d, 0x86, 0xa9, 0x6c, 0xb0, 0xf3, 0xa9, 0xd5, 0xfc, 0x88, 0x61, 0x1a, 0x5e, 0x40,
-	0x63, 0x1c, 0x9a, 0x13, 0x90, 0xc0, 0x80, 0xeb, 0x20, 0x57, 0xe1, 0xaf, 0x22, 0x27, 0xff, 0x85,
-	0x54, 0xb0, 0xf6, 0x9f, 0x1a, 0x41, 0x21, 0x08, 0x0a, 0x0a, 0x60, 0x20, 0x05, 0x53, 0x2c, 0x91,
-	0x44, 0xf1, 0x60, 0x83, 0x5c, 0x34, 0x3d, 0x73, 0x6f, 0xc0, 0x56, 0xb3, 0x34, 0x95, 0x64, 0xa1,
-	0x0e, 0x0b, 0xaa, 0x0e, 0xc6, 0xdb, 0x42, 0x4c, 0x1f, 0x82, 0xc6, 0xad, 0x83, 0xc3, 0xe2, 0xd0,
-	0xab, 0xc3, 0xe2, 0xd0, 0xeb, 0xc3, 0xe2, 0xd0, 0x77, 0xad, 0xa2, 0x72, 0xd0, 0x2a, 0x2a, 0xaf,
-	0x5a, 0x45, 0xe5, 0x75, 0xab, 0xa8, 0xbc, 0x69, 0x15, 0x95, 0x1f, 0x7e, 0x2f, 0x0e, 0x3d, 0x29,
-	0xa5, 0xfc, 0xf7, 0xf1, 0x9f, 0x00, 0x00, 0x00, 0xff, 0xff, 0x48, 0x2e, 0x29, 0x16, 0xb8, 0x14,
-	0x00, 0x00,
+	// 1621 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x58, 0x4d, 0x6f, 0xdb, 0x46,
+	0x1a, 0x36, 0x65, 0xc9, 0xb6, 0xc6, 0x9f, 0x19, 0xc7, 0xb0, 0xd6, 0x59, 0x48, 0x0e, 0x17, 0xd8,
+	0x64, 0x37, 0x09, 0x15, 0x67, 0x93, 0x6c, 0x16, 0xc1, 0x22, 0x30, 0x93, 0x6c, 0xbe, 0x6c, 0xc7,
+	0x1e, 0x27, 0xd9, 0x36, 0x48, 0x81, 0xd0, 0xd4, 0x58, 0x9a, 0x58, 0x22, 0xd9, 0x19, 0x52, 0x8e,
+	0x8b, 0x1c, 0x0a, 0xf4, 0x0f, 0xf4, 0x07, 0xe4, 0xd8, 0x43, 0x6f, 0x05, 0x7a, 0xed, 0xa5, 0xc7,
+	0xa0, 0xe8, 0x21, 0xc7, 0x9c, 0x84, 0x58, 0xbd, 0xf6, 0x07, 0xb4, 0x39, 0x14, 0xc5, 0x0c, 0x87,
+	0xa4, 0x28, 0x89, 0xa2, 0x52, 0x03, 0x39, 0xf5, 0x66, 0xbe, 0x1f, 0xcf, 0x3b, 0xf3, 0xce, 0xfb,
+	0xf1, 0xc8, 0xe0, 0xf6, 0xde, 0x15, 0xa6, 0x11, 0xbb, 0xbc, 0xe7, 0xed, 0x60, 0x6a, 0x61, 0x17,
+	0xb3, 0x72, 0x13, 0x5b, 0x15, 0x9b, 0x96, 0xa5, 0xc2, 0x70, 0x48, 0x79, 0xb7, 0x6e, 0xef, 0x9b,
+	0xb6, 0xe5, 0x52, 0xbb, 0x5e, 0x6e, 0xae, 0x18, 0x75, 0xa7, 0x66, 0xac, 0x94, 0xab, 0xd8, 0xc2,
+	0xd4, 0x70, 0x71, 0x45, 0x73, 0xa8, 0xed, 0xda, 0xb0, 0xe4, 0x3b, 0x68, 0x86, 0x43, 0xb4, 0x0e,
+	0x07, 0x2d, 0x70, 0x58, 0x3a, 0x57, 0x25, 0x6e, 0xcd, 0xdb, 0xd1, 0x4c, 0xbb, 0x51, 0xae, 0xda,
+	0x55, 0xbb, 0x2c, 0xfc, 0x76, 0xbc, 0x5d, 0xf1, 0x25, 0x3e, 0xc4, 0x5f, 0x3e, 0xde, 0xd2, 0xc5,
+	0xe8, 0x00, 0x0d, 0xc3, 0xac, 0x11, 0x0b, 0xd3, 0x83, 0xb2, 0xb3, 0x57, 0xe5, 0x02, 0x56, 0x6e,
+	0x60, 0xd7, 0x28, 0x37, 0x7b, 0x4e, 0xb1, 0x54, 0x4e, 0xf2, 0xa2, 0x9e, 0xe5, 0x92, 0x06, 0xee,
+	0x71, 0xb8, 0x9c, 0xe6, 0xc0, 0xcc, 0x1a, 0x6e, 0x18, 0xdd, 0x7e, 0xea, 0x77, 0x0a, 0x58, 0xbe,
+	0xf9, 0x1c, 0x37, 0x1c, 0x77, 0x93, 0x12, 0x9b, 0x12, 0xf7, 0x60, 0x0d, 0x37, 0x71, 0xfd, 0xba,
+	0x6d, 0xed, 0x92, 0xaa, 0x47, 0x0d, 0x97, 0xd8, 0x16, 0xfc, 0x08, 0x14, 0x2c, 0xbb, 0x41, 0x2c,
+	0x83, 0xcb, 0x4d, 0x8f, 0x52, 0x6c, 0x99, 0x07, 0xdb, 0x35, 0x83, 0x62, 0x56, 0x50, 0x96, 0x95,
+	0xd3, 0x39, 0xfd, 0xaf, 0xed, 0x56, 0xa9, 0xb0, 0x91, 0x60, 0x83, 0x12, 0xbd, 0xe1, 0x7f, 0xc1,
+	0x6c, 0x1d, 0x5b, 0x15, 0x63, 0xa7, 0x8e, 0x37, 0x31, 0x35, 0xb1, 0xe5, 0x16, 0x32, 0x02, 0x70,
+	0xbe, 0xdd, 0x2a, 0xcd, 0xae, 0xc5, 0x55, 0xa8, 0xdb, 0x56, 0x7d, 0x0c, 0x16, 0xff, 0x57, 0xb7,
+	0xf7, 0x6f, 0x10, 0xe6, 0x12, 0xab, 0xea, 0x11, 0x56, 0xc3, 0x74, 0x1d, 0xbb, 0x35, 0xbb, 0x02,
+	0xaf, 0x81, 0xac, 0x7b, 0xe0, 0x60, 0x71, 0xbe, 0xbc, 0x7e, 0xe6, 0x55, 0xab, 0x34, 0xd2, 0x6e,
+	0x95, 0xb2, 0x0f, 0x0e, 0x1c, 0xfc, 0xae, 0x55, 0x3a, 0x91, 0xe0, 0xc6, 0xd5, 0x48, 0x38, 0xaa,
+	0x2f, 0x33, 0x00, 0x70, 0xab, 0x6d, 0x91, 0x38, 0xf8, 0x14, 0x4c, 0xf0, 0xc7, 0xaa, 0x18, 0xae,
+	0x21, 0x30, 0x27, 0x2f, 0x9c, 0xd7, 0xa2, 0x52, 0x09, 0x73, 0xae, 0x39, 0x7b, 0x55, 0x2e, 0x60,
+	0x1a, 0xb7, 0xd6, 0x9a, 0x2b, 0xda, 0xfd, 0x9d, 0x67, 0xd8, 0x74, 0xd7, 0xb1, 0x6b, 0xe8, 0x50,
+	0x9e, 0x02, 0x44, 0x32, 0x14, 0xa2, 0xc2, 0x2d, 0x90, 0x65, 0x0e, 0x36, 0x45, 0x02, 0x26, 0x2f,
+	0x94, 0xb5, 0x94, 0x42, 0xd4, 0xa2, 0xc3, 0x6d, 0x3b, 0xd8, 0xd4, 0xa7, 0x82, 0x2b, 0xf2, 0x2f,
+	0x24, 0xa0, 0xe0, 0xc7, 0x60, 0x8c, 0xb9, 0x86, 0xeb, 0xb1, 0xc2, 0xa8, 0x00, 0x5d, 0x79, 0x1f,
+	0x50, 0xe1, 0xa8, 0xcf, 0x48, 0xd8, 0x31, 0xff, 0x1b, 0x49, 0x40, 0xf5, 0x4d, 0x06, 0xcc, 0x47,
+	0xc6, 0xd7, 0x6d, 0xab, 0x42, 0x44, 0xad, 0x5c, 0x8d, 0xe5, 0xfd, 0x54, 0x57, 0xde, 0x17, 0xfb,
+	0xb8, 0x44, 0x39, 0x87, 0xff, 0x09, 0xcf, 0x9b, 0x11, 0xee, 0x27, 0xe3, 0xc1, 0xdf, 0xb5, 0x4a,
+	0xb3, 0xa1, 0x5b, 0xfc, 0x3c, 0xb0, 0x09, 0x60, 0xdd, 0x60, 0xee, 0x03, 0x6a, 0x58, 0xcc, 0x87,
+	0x25, 0x0d, 0x2c, 0xaf, 0xfd, 0xcf, 0xe1, 0x5e, 0x8a, 0x7b, 0xe8, 0x4b, 0x32, 0x24, 0x5c, 0xeb,
+	0x41, 0x43, 0x7d, 0x22, 0xc0, 0xbf, 0x83, 0x31, 0x8a, 0x0d, 0x66, 0x5b, 0x85, 0xac, 0x38, 0x72,
+	0x98, 0x2f, 0x24, 0xa4, 0x48, 0x6a, 0xe1, 0x3f, 0xc0, 0x78, 0x03, 0x33, 0x66, 0x54, 0x71, 0x21,
+	0x27, 0x0c, 0x67, 0xa5, 0xe1, 0xf8, 0xba, 0x2f, 0x46, 0x81, 0x5e, 0xfd, 0x5e, 0x01, 0x33, 0x51,
+	0x9e, 0xd6, 0x08, 0x73, 0xe1, 0x93, 0x9e, 0xea, 0xd3, 0x86, 0xbb, 0x13, 0xf7, 0x16, 0xb5, 0x37,
+	0x27, 0xc3, 0x4d, 0x04, 0x92, 0x8e, 0xca, 0xdb, 0x04, 0x39, 0xe2, 0xe2, 0x06, 0xcf, 0xfa, 0xe8,
+	0xe9, 0xc9, 0x0b, 0x67, 0xde, 0xa3, 0x4a, 0xf4, 0x69, 0x89, 0x9b, 0xbb, 0xc3, 0x11, 0x90, 0x0f,
+	0xa4, 0xfe, 0x3c, 0xda, 0x79, 0x05, 0x5e, 0x91, 0xf0, 0x6b, 0x05, 0x2c, 0x39, 0x89, 0x33, 0x46,
+	0xde, 0xea, 0x46, 0x6a, 0xe8, 0xe4, 0x31, 0x85, 0xf0, 0x2e, 0xe6, 0xb3, 0x05, 0xeb, 0xaa, 0x3c,
+	0xd3, 0xd2, 0x00, 0xe3, 0x01, 0x67, 0x81, 0x77, 0x01, 0x6c, 0x18, 0x2e, 0xcf, 0x69, 0x75, 0x93,
+	0x62, 0x13, 0x57, 0x38, 0xaa, 0x1c, 0x4c, 0x61, 0x7d, 0xac, 0xf7, 0x58, 0xa0, 0x3e, 0x5e, 0xf0,
+	0x0b, 0x05, 0xcc, 0x57, 0x7a, 0x07, 0x8d, 0xac, 0xcc, 0x2b, 0x43, 0xa5, 0xba, 0xcf, 0xa0, 0xd2,
+	0x17, 0xdb, 0xad, 0xd2, 0x7c, 0x1f, 0x05, 0xea, 0x17, 0x0d, 0x7e, 0x02, 0x72, 0xd4, 0xab, 0x63,
+	0x56, 0xc8, 0x8a, 0x17, 0x4e, 0x0f, 0xbb, 0x69, 0xd7, 0x89, 0x79, 0x80, 0xb8, 0xcf, 0xff, 0x89,
+	0x5b, 0xdb, 0xf6, 0xc4, 0xc4, 0x62, 0xd1, 0x73, 0x0b, 0x15, 0xf2, 0x51, 0xd5, 0x17, 0x60, 0xae,
+	0x7b, 0x70, 0xc0, 0x1a, 0x00, 0x66, 0xd0, 0xab, 0x7c, 0x4d, 0xf0, 0xb8, 0x17, 0xdf, 0xa3, 0xb2,
+	0xc2, 0x46, 0x8f, 0xc6, 0x66, 0x28, 0x62, 0xa8, 0x03, 0x5b, 0x3d, 0x0f, 0xa6, 0x6e, 0x51, 0xdb,
+	0x73, 0xe4, 0x21, 0xe1, 0x32, 0xc8, 0x5a, 0x46, 0x23, 0x18, 0x41, 0xe1, 0x5c, 0xdc, 0x30, 0x1a,
+	0x18, 0x09, 0x8d, 0xfa, 0x95, 0x02, 0xa6, 0xd7, 0x48, 0x83, 0xb8, 0x08, 0x33, 0xc7, 0xb6, 0x18,
+	0x86, 0x97, 0x62, 0x63, 0xeb, 0x64, 0xd7, 0xd8, 0x3a, 0x16, 0x33, 0xee, 0x18, 0x58, 0x4f, 0xc0,
+	0xf8, 0xa7, 0x1e, 0xf6, 0x88, 0x55, 0x95, 0x63, 0xfb, 0x52, 0xea, 0x0d, 0xb7, 0x7c, 0xfb, 0x58,
+	0xc5, 0xe9, 0x93, 0x7c, 0x10, 0x48, 0x0d, 0x0a, 0x20, 0xd5, 0xdf, 0x32, 0xe0, 0xa4, 0x88, 0x8c,
+	0x2b, 0x03, 0xb6, 0xf3, 0x13, 0x50, 0x30, 0x18, 0xf3, 0x28, 0xae, 0x24, 0x6d, 0xe7, 0x65, 0x79,
+	0x9d, 0xc2, 0x6a, 0x82, 0x1d, 0x4a, 0x44, 0x80, 0x7b, 0x60, 0xba, 0xde, 0x79, 0x79, 0x79, 0x4f,
+	0x2d, 0xf5, 0x9e, 0xb1, 0x94, 0xe9, 0x0b, 0xf2, 0x08, 0xf1, 0xb4, 0xa3, 0x38, 0x76, 0x3f, 0x3a,
+	0x30, 0x3a, 0x3c, 0x1d, 0x80, 0xf7, 0xc1, 0xc2, 0x8e, 0x4d, 0xa9, 0xbd, 0x4f, 0xac, 0xaa, 0x88,
+	0x13, 0x80, 0x64, 0x05, 0xc8, 0x5f, 0xda, 0xad, 0xd2, 0x82, 0xde, 0xcf, 0x00, 0xf5, 0xf7, 0x53,
+	0xf7, 0xc1, 0xc2, 0x06, 0x1f, 0x2c, 0xcc, 0xf6, 0xa8, 0x89, 0xa3, 0x9e, 0x80, 0x25, 0x90, 0x6b,
+	0x62, 0xba, 0xe3, 0xd7, 0x75, 0x5e, 0xcf, 0xf3, 0x8e, 0x78, 0xc4, 0x05, 0xc8, 0x97, 0xf3, 0x9b,
+	0x58, 0x91, 0xe7, 0x43, 0xb4, 0xc6, 0x0a, 0x63, 0xc2, 0x54, 0xdc, 0x64, 0x23, 0xae, 0x42, 0xdd,
+	0xb6, 0xea, 0x61, 0x06, 0x2c, 0x26, 0xb4, 0x20, 0x7c, 0x04, 0x26, 0x98, 0xfc, 0x5b, 0xb6, 0xd5,
+	0xe9, 0xd4, 0xc7, 0x90, 0xce, 0xd1, 0x16, 0x08, 0xd0, 0x50, 0x88, 0x05, 0x1d, 0x30, 0x4d, 0xe5,
+	0x19, 0x44, 0x50, 0xb9, 0x0d, 0xfe, 0x95, 0x0a, 0xde, 0x9b, 0x9f, 0xe8, 0xb9, 0x51, 0x27, 0x22,
+	0x8a, 0x07, 0x80, 0x2f, 0xc0, 0x5c, 0xc7, 0xc5, 0xfd, 0xa0, 0xa3, 0x22, 0xe8, 0xe5, 0xd4, 0xa0,
+	0x7d, 0xdf, 0x45, 0x2f, 0xc8, 0xb8, 0x73, 0x1b, 0x5d, 0xb8, 0xa8, 0x27, 0x92, 0xfa, 0x63, 0x06,
+	0x0c, 0x58, 0x10, 0x1f, 0x80, 0xf0, 0x19, 0x31, 0xc2, 0x77, 0xed, 0x08, 0xab, 0x2f, 0x91, 0x00,
+	0x92, 0x2e, 0x02, 0xb8, 0x7a, 0x94, 0x20, 0x83, 0x09, 0xe1, 0x2f, 0x19, 0xf0, 0xb7, 0x64, 0xe7,
+	0x88, 0x20, 0xde, 0x8b, 0x4d, 0xda, 0x7f, 0x77, 0x4d, 0xda, 0x53, 0x43, 0x40, 0xfc, 0x49, 0x18,
+	0xbb, 0x08, 0xe3, 0x5b, 0x05, 0x14, 0x93, 0xf3, 0xf6, 0x01, 0x08, 0xe4, 0xd3, 0x38, 0x81, 0xbc,
+	0x7a, 0x84, 0x2a, 0x4b, 0x20, 0x94, 0xb7, 0x06, 0x15, 0x57, 0xc8, 0xfc, 0x86, 0x58, 0xfd, 0xdf,
+	0x64, 0x06, 0xe5, 0x4a, 0x30, 0xd5, 0x94, 0x9f, 0x30, 0x31, 0xef, 0x9b, 0x16, 0x5f, 0x40, 0x0d,
+	0xbe, 0x43, 0xfc, 0x8a, 0x24, 0x60, 0xbc, 0xee, 0xaf, 0x6c, 0xd9, 0xd7, 0xfa, 0x70, 0x9b, 0x72,
+	0xd0, 0x8a, 0xf7, 0xe9, 0x81, 0x34, 0x43, 0x01, 0x3e, 0xc4, 0x60, 0x0c, 0x8b, 0x9f, 0xee, 0x43,
+	0x37, 0x77, 0xda, 0x2f, 0x7d, 0x1d, 0xf0, 0x42, 0xf4, 0xad, 0x90, 0x04, 0x57, 0x5f, 0x2a, 0x60,
+	0x39, 0x6d, 0x2a, 0xc0, 0xe7, 0x7d, 0xd8, 0xde, 0x51, 0xc8, 0xfc, 0xf0, 0xec, 0xef, 0x5b, 0x05,
+	0x1c, 0xef, 0xc7, 0xa9, 0x78, 0xa3, 0x71, 0x22, 0x15, 0xb2, 0xa0, 0xb0, 0xd1, 0xb6, 0x84, 0x14,
+	0x49, 0x2d, 0x3c, 0x0b, 0x26, 0x6a, 0x86, 0x55, 0xd9, 0x26, 0x9f, 0x05, 0x1c, 0x3f, 0x2c, 0xf5,
+	0xdb, 0x52, 0x8e, 0x42, 0x0b, 0x78, 0x03, 0xcc, 0x09, 0xbf, 0x35, 0x6c, 0x55, 0xdd, 0x9a, 0x78,
+	0x13, 0xc9, 0x51, 0xc2, 0xdd, 0xb3, 0xd5, 0xa5, 0x47, 0x3d, 0x1e, 0xea, 0xaf, 0x0a, 0x80, 0x7f,
+	0x84, 0x56, 0x9c, 0x01, 0x79, 0xc3, 0x21, 0x82, 0xed, 0xfa, 0xcd, 0x96, 0xd7, 0xa7, 0xdb, 0xad,
+	0x52, 0x7e, 0x75, 0xf3, 0x8e, 0x2f, 0x44, 0x91, 0x9e, 0x1b, 0x07, 0xfb, 0xd6, 0xdf, 0xab, 0xd2,
+	0x38, 0x08, 0xcc, 0x50, 0xa4, 0x87, 0x57, 0xc0, 0x94, 0x59, 0xf7, 0x98, 0x8b, 0xe9, 0xb6, 0x69,
+	0x3b, 0x58, 0x0c, 0xa7, 0x09, 0xfd, 0xb8, 0xbc, 0xd3, 0xd4, 0xf5, 0x0e, 0x1d, 0x8a, 0x59, 0x42,
+	0x0d, 0x00, 0xde, 0x59, 0xcc, 0x31, 0x78, 0x9c, 0x9c, 0x88, 0x33, 0xc3, 0x1f, 0x6c, 0x23, 0x94,
+	0xa2, 0x0e, 0x0b, 0xf5, 0x19, 0x58, 0xd8, 0xc6, 0xb4, 0x49, 0x4c, 0xbc, 0x6a, 0x9a, 0xb6, 0x67,
+	0xb9, 0x01, 0x6f, 0x2f, 0x83, 0x7c, 0x68, 0x26, 0x9b, 0xef, 0x98, 0x8c, 0x9f, 0x0f, 0xb1, 0x50,
+	0x64, 0x13, 0x76, 0x7b, 0x26, 0xb1, 0xdb, 0x7f, 0xc8, 0x80, 0xf1, 0x08, 0x3e, 0xbb, 0x47, 0xac,
+	0x8a, 0x44, 0x3e, 0x11, 0x58, 0xdf, 0x23, 0x56, 0xe5, 0x5d, 0xab, 0x34, 0x29, 0xcd, 0xf8, 0x27,
+	0x12, 0x86, 0xf0, 0x2e, 0xc8, 0x7a, 0x0c, 0x53, 0xd9, 0xc7, 0x67, 0x53, 0xab, 0xf9, 0x21, 0xc3,
+	0x34, 0x20, 0x5a, 0x13, 0x1c, 0x9a, 0x0b, 0x90, 0xc0, 0x80, 0x1b, 0x20, 0x57, 0xe5, 0xaf, 0x22,
+	0x5b, 0xf5, 0x5c, 0x2a, 0x58, 0xe7, 0x2f, 0x1a, 0xbf, 0x10, 0x84, 0x04, 0xf9, 0x30, 0x90, 0x82,
+	0x19, 0x16, 0x4b, 0xa2, 0x78, 0xb0, 0x61, 0x88, 0x53, 0xdf, 0xdc, 0xeb, 0xb0, 0xdd, 0x2a, 0xcd,
+	0xc4, 0x55, 0xa8, 0x2b, 0x82, 0x5a, 0x06, 0x93, 0x1d, 0x57, 0x4c, 0x9f, 0xb5, 0xfa, 0xcd, 0x57,
+	0x87, 0xc5, 0x91, 0xd7, 0x87, 0xc5, 0x91, 0x37, 0x87, 0xc5, 0x91, 0xcf, 0xdb, 0x45, 0xe5, 0x55,
+	0xbb, 0xa8, 0xbc, 0x6e, 0x17, 0x95, 0x37, 0xed, 0xa2, 0xf2, 0xb6, 0x5d, 0x54, 0xbe, 0xfc, 0xa9,
+	0x38, 0xf2, 0xb8, 0x94, 0xf2, 0x2f, 0xda, 0xdf, 0x03, 0x00, 0x00, 0xff, 0xff, 0xc1, 0x6c, 0x4e,
+	0x4e, 0xdd, 0x15, 0x00, 0x00,
+}
+
+func (m *ExemptPriorityLevelConfiguration) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *ExemptPriorityLevelConfiguration) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ExemptPriorityLevelConfiguration) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.LendablePercent != nil {
+		i = encodeVarintGenerated(dAtA, i, uint64(*m.LendablePercent))
+		i--
+		dAtA[i] = 0x10
+	}
+	if m.NominalConcurrencyShares != nil {
+		i = encodeVarintGenerated(dAtA, i, uint64(*m.NominalConcurrencyShares))
+		i--
+		dAtA[i] = 0x8
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *FlowDistinguisherMethod) Marshal() (dAtA []byte, err error) {
@@ -1491,6 +1557,18 @@ func (m *PriorityLevelConfigurationSpec) MarshalToSizedBuffer(dAtA []byte) (int,
 	_ = i
 	var l int
 	_ = l
+	if m.Exempt != nil {
+		{
+			size, err := m.Exempt.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintGenerated(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x1a
+	}
 	if m.Limited != nil {
 		{
 			size, err := m.Limited.MarshalToSizedBuffer(dAtA[:i])
@@ -1783,6 +1861,21 @@ func encodeVarintGenerated(dAtA []byte, offset int, v uint64) int {
 	dAtA[offset] = uint8(v)
 	return base
 }
+func (m *ExemptPriorityLevelConfiguration) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.NominalConcurrencyShares != nil {
+		n += 1 + sovGenerated(uint64(*m.NominalConcurrencyShares))
+	}
+	if m.LendablePercent != nil {
+		n += 1 + sovGenerated(uint64(*m.LendablePercent))
+	}
+	return n
+}
+
 func (m *FlowDistinguisherMethod) Size() (n int) {
 	if m == nil {
 		return 0
@@ -2048,6 +2141,10 @@ func (m *PriorityLevelConfigurationSpec) Size() (n int) {
 		l = m.Limited.Size()
 		n += 1 + l + sovGenerated(uint64(l))
 	}
+	if m.Exempt != nil {
+		l = m.Exempt.Size()
+		n += 1 + l + sovGenerated(uint64(l))
+	}
 	return n
 }
 
@@ -2165,6 +2262,17 @@ func sovGenerated(x uint64) (n int) {
 func sozGenerated(x uint64) (n int) {
 	return sovGenerated(uint64((x << 1) ^ uint64((int64(x) >> 63))))
 }
+func (this *ExemptPriorityLevelConfiguration) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&ExemptPriorityLevelConfiguration{`,
+		`NominalConcurrencyShares:` + valueToStringGenerated(this.NominalConcurrencyShares) + `,`,
+		`LendablePercent:` + valueToStringGenerated(this.LendablePercent) + `,`,
+		`}`,
+	}, "")
+	return s
+}
 func (this *FlowDistinguisherMethod) String() string {
 	if this == nil {
 		return "nil"
@@ -2381,6 +2489,7 @@ func (this *PriorityLevelConfigurationSpec) String() string {
 	s := strings.Join([]string{`&PriorityLevelConfigurationSpec{`,
 		`Type:` + fmt.Sprintf("%v", this.Type) + `,`,
 		`Limited:` + strings.Replace(this.Limited.String(), "LimitedPriorityLevelConfiguration", "LimitedPriorityLevelConfiguration", 1) + `,`,
+		`Exempt:` + strings.Replace(this.Exempt.String(), "ExemptPriorityLevelConfiguration", "ExemptPriorityLevelConfiguration", 1) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -2468,6 +2577,96 @@ func valueToStringGenerated(v interface{}) string {
 	pv := reflect.Indirect(rv).Interface()
 	return fmt.Sprintf("*%v", pv)
 }
+func (m *ExemptPriorityLevelConfiguration) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGenerated
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: ExemptPriorityLevelConfiguration: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: ExemptPriorityLevelConfiguration: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field NominalConcurrencyShares", wireType)
+			}
+			var v int32
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int32(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			m.NominalConcurrencyShares = &v
+		case 2:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field LendablePercent", wireType)
+			}
+			var v int32
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int32(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			m.LendablePercent = &v
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGenerated(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
 func (m *FlowDistinguisherMethod) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
@@ -4547,6 +4746,42 @@ func (m *PriorityLevelConfigurationSpec) Unmarshal(dAtA []byte) error {
 				return err
 			}
 			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Exempt", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Exempt == nil {
+				m.Exempt = &ExemptPriorityLevelConfiguration{}
+			}
+			if err := m.Exempt.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipGenerated(dAtA[iNdEx:])
diff --git a/vendor/k8s.io/api/flowcontrol/v1alpha1/generated.proto b/vendor/k8s.io/api/flowcontrol/v1alpha1/generated.proto
index 69ca79ad2f..6509386f26 100644
--- a/vendor/k8s.io/api/flowcontrol/v1alpha1/generated.proto
+++ b/vendor/k8s.io/api/flowcontrol/v1alpha1/generated.proto
@@ -28,6 +28,40 @@ import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto";
 // Package-wide variables from generator "generated".
 option go_package = "k8s.io/api/flowcontrol/v1alpha1";
 
+// ExemptPriorityLevelConfiguration describes the configurable aspects
+// of the handling of exempt requests.
+// In the mandatory exempt configuration object the values in the fields
+// here can be modified by authorized users, unlike the rest of the `spec`.
+message ExemptPriorityLevelConfiguration {
+  // `nominalConcurrencyShares` (NCS) contributes to the computation of the
+  // NominalConcurrencyLimit (NominalCL) of this level.
+  // This is the number of execution seats nominally reserved for this priority level.
+  // This DOES NOT limit the dispatching from this priority level
+  // but affects the other priority levels through the borrowing mechanism.
+  // The server's concurrency limit (ServerCL) is divided among all the
+  // priority levels in proportion to their NCS values:
+  //
+  // NominalCL(i)  = ceil( ServerCL * NCS(i) / sum_ncs )
+  // sum_ncs = sum[priority level k] NCS(k)
+  //
+  // Bigger numbers mean a larger nominal concurrency limit,
+  // at the expense of every other priority level.
+  // This field has a default value of zero.
+  // +optional
+  optional int32 nominalConcurrencyShares = 1;
+
+  // `lendablePercent` prescribes the fraction of the level's NominalCL that
+  // can be borrowed by other priority levels.  This value of this
+  // field must be between 0 and 100, inclusive, and it defaults to 0.
+  // The number of seats that other levels can borrow from this level, known
+  // as this level's LendableConcurrencyLimit (LendableCL), is defined as follows.
+  //
+  // LendableCL(i) = round( NominalCL(i) * lendablePercent(i)/100.0 )
+  //
+  // +optional
+  optional int32 lendablePercent = 2;
+}
+
 // FlowDistinguisherMethod specifies the method of a flow distinguisher.
 message FlowDistinguisherMethod {
   // `type` is the type of flow distinguisher method
@@ -332,6 +366,14 @@ message PriorityLevelConfigurationSpec {
   // This field must be non-empty if and only if `type` is `"Limited"`.
   // +optional
   optional LimitedPriorityLevelConfiguration limited = 2;
+
+  // `exempt` specifies how requests are handled for an exempt priority level.
+  // This field MUST be empty if `type` is `"Limited"`.
+  // This field MAY be non-empty if `type` is `"Exempt"`.
+  // If empty and `type` is `"Exempt"` then the default values
+  // for `ExemptPriorityLevelConfiguration` apply.
+  // +optional
+  optional ExemptPriorityLevelConfiguration exempt = 3;
 }
 
 // PriorityLevelConfigurationStatus represents the current state of a "request-priority".
diff --git a/vendor/k8s.io/api/flowcontrol/v1alpha1/types.go b/vendor/k8s.io/api/flowcontrol/v1alpha1/types.go
index ebf665bcc3..161411ff33 100644
--- a/vendor/k8s.io/api/flowcontrol/v1alpha1/types.go
+++ b/vendor/k8s.io/api/flowcontrol/v1alpha1/types.go
@@ -399,6 +399,14 @@ type PriorityLevelConfigurationSpec struct {
 	// This field must be non-empty if and only if `type` is `"Limited"`.
 	// +optional
 	Limited *LimitedPriorityLevelConfiguration `json:"limited,omitempty" protobuf:"bytes,2,opt,name=limited"`
+
+	// `exempt` specifies how requests are handled for an exempt priority level.
+	// This field MUST be empty if `type` is `"Limited"`.
+	// This field MAY be non-empty if `type` is `"Exempt"`.
+	// If empty and `type` is `"Exempt"` then the default values
+	// for `ExemptPriorityLevelConfiguration` apply.
+	// +optional
+	Exempt *ExemptPriorityLevelConfiguration `json:"exempt,omitempty" protobuf:"bytes,3,opt,name=exempt"`
 }
 
 // PriorityLevelEnablement indicates whether limits on execution are enabled for the priority level
@@ -469,6 +477,43 @@ type LimitedPriorityLevelConfiguration struct {
 	BorrowingLimitPercent *int32 `json:"borrowingLimitPercent,omitempty" protobuf:"varint,4,opt,name=borrowingLimitPercent"`
 }
 
+// ExemptPriorityLevelConfiguration describes the configurable aspects
+// of the handling of exempt requests.
+// In the mandatory exempt configuration object the values in the fields
+// here can be modified by authorized users, unlike the rest of the `spec`.
+type ExemptPriorityLevelConfiguration struct {
+	// `nominalConcurrencyShares` (NCS) contributes to the computation of the
+	// NominalConcurrencyLimit (NominalCL) of this level.
+	// This is the number of execution seats nominally reserved for this priority level.
+	// This DOES NOT limit the dispatching from this priority level
+	// but affects the other priority levels through the borrowing mechanism.
+	// The server's concurrency limit (ServerCL) is divided among all the
+	// priority levels in proportion to their NCS values:
+	//
+	// NominalCL(i)  = ceil( ServerCL * NCS(i) / sum_ncs )
+	// sum_ncs = sum[priority level k] NCS(k)
+	//
+	// Bigger numbers mean a larger nominal concurrency limit,
+	// at the expense of every other priority level.
+	// This field has a default value of zero.
+	// +optional
+	NominalConcurrencyShares *int32 `json:"nominalConcurrencyShares,omitempty" protobuf:"varint,1,opt,name=nominalConcurrencyShares"`
+	// `lendablePercent` prescribes the fraction of the level's NominalCL that
+	// can be borrowed by other priority levels.  This value of this
+	// field must be between 0 and 100, inclusive, and it defaults to 0.
+	// The number of seats that other levels can borrow from this level, known
+	// as this level's LendableConcurrencyLimit (LendableCL), is defined as follows.
+	//
+	// LendableCL(i) = round( NominalCL(i) * lendablePercent(i)/100.0 )
+	//
+	// +optional
+	LendablePercent *int32 `json:"lendablePercent,omitempty" protobuf:"varint,2,opt,name=lendablePercent"`
+	// The `BorrowingCL` of an Exempt priority level is implicitly `ServerCL`.
+	// In other words, an exempt priority level
+	// has no meaningful limit on how much it borrows.
+	// There is no explicit representation of that here.
+}
+
 // LimitResponse defines how to handle requests that can not be executed right now.
 // +union
 type LimitResponse struct {
diff --git a/vendor/k8s.io/api/flowcontrol/v1alpha1/types_swagger_doc_generated.go b/vendor/k8s.io/api/flowcontrol/v1alpha1/types_swagger_doc_generated.go
index c95999fa5e..1d0680c108 100644
--- a/vendor/k8s.io/api/flowcontrol/v1alpha1/types_swagger_doc_generated.go
+++ b/vendor/k8s.io/api/flowcontrol/v1alpha1/types_swagger_doc_generated.go
@@ -27,6 +27,16 @@ package v1alpha1
 // Those methods can be generated by using hack/update-codegen.sh
 
 // AUTO-GENERATED FUNCTIONS START HERE. DO NOT EDIT.
+var map_ExemptPriorityLevelConfiguration = map[string]string{
+	"":                         "ExemptPriorityLevelConfiguration describes the configurable aspects of the handling of exempt requests. In the mandatory exempt configuration object the values in the fields here can be modified by authorized users, unlike the rest of the `spec`.",
+	"nominalConcurrencyShares": "`nominalConcurrencyShares` (NCS) contributes to the computation of the NominalConcurrencyLimit (NominalCL) of this level. This is the number of execution seats nominally reserved for this priority level. This DOES NOT limit the dispatching from this priority level but affects the other priority levels through the borrowing mechanism. The server's concurrency limit (ServerCL) is divided among all the priority levels in proportion to their NCS values:\n\nNominalCL(i)  = ceil( ServerCL * NCS(i) / sum_ncs ) sum_ncs = sum[priority level k] NCS(k)\n\nBigger numbers mean a larger nominal concurrency limit, at the expense of every other priority level. This field has a default value of zero.",
+	"lendablePercent":          "`lendablePercent` prescribes the fraction of the level's NominalCL that can be borrowed by other priority levels.  This value of this field must be between 0 and 100, inclusive, and it defaults to 0. The number of seats that other levels can borrow from this level, known as this level's LendableConcurrencyLimit (LendableCL), is defined as follows.\n\nLendableCL(i) = round( NominalCL(i) * lendablePercent(i)/100.0 )",
+}
+
+func (ExemptPriorityLevelConfiguration) SwaggerDoc() map[string]string {
+	return map_ExemptPriorityLevelConfiguration
+}
+
 var map_FlowDistinguisherMethod = map[string]string{
 	"":     "FlowDistinguisherMethod specifies the method of a flow distinguisher.",
 	"type": "`type` is the type of flow distinguisher method The supported types are \"ByUser\" and \"ByNamespace\". Required.",
@@ -190,6 +200,7 @@ var map_PriorityLevelConfigurationSpec = map[string]string{
 	"":        "PriorityLevelConfigurationSpec specifies the configuration of a priority level.",
 	"type":    "`type` indicates whether this priority level is subject to limitation on request execution.  A value of `\"Exempt\"` means that requests of this priority level are not subject to a limit (and thus are never queued) and do not detract from the capacity made available to other priority levels.  A value of `\"Limited\"` means that (a) requests of this priority level _are_ subject to limits and (b) some of the server's limited capacity is made available exclusively to this priority level. Required.",
 	"limited": "`limited` specifies how requests are handled for a Limited priority level. This field must be non-empty if and only if `type` is `\"Limited\"`.",
+	"exempt":  "`exempt` specifies how requests are handled for an exempt priority level. This field MUST be empty if `type` is `\"Limited\"`. This field MAY be non-empty if `type` is `\"Exempt\"`. If empty and `type` is `\"Exempt\"` then the default values for `ExemptPriorityLevelConfiguration` apply.",
 }
 
 func (PriorityLevelConfigurationSpec) SwaggerDoc() map[string]string {
diff --git a/vendor/k8s.io/api/flowcontrol/v1alpha1/zz_generated.deepcopy.go b/vendor/k8s.io/api/flowcontrol/v1alpha1/zz_generated.deepcopy.go
index e0272804f4..a5c9737aa5 100644
--- a/vendor/k8s.io/api/flowcontrol/v1alpha1/zz_generated.deepcopy.go
+++ b/vendor/k8s.io/api/flowcontrol/v1alpha1/zz_generated.deepcopy.go
@@ -25,6 +25,32 @@ import (
 	runtime "k8s.io/apimachinery/pkg/runtime"
 )
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ExemptPriorityLevelConfiguration) DeepCopyInto(out *ExemptPriorityLevelConfiguration) {
+	*out = *in
+	if in.NominalConcurrencyShares != nil {
+		in, out := &in.NominalConcurrencyShares, &out.NominalConcurrencyShares
+		*out = new(int32)
+		**out = **in
+	}
+	if in.LendablePercent != nil {
+		in, out := &in.LendablePercent, &out.LendablePercent
+		*out = new(int32)
+		**out = **in
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExemptPriorityLevelConfiguration.
+func (in *ExemptPriorityLevelConfiguration) DeepCopy() *ExemptPriorityLevelConfiguration {
+	if in == nil {
+		return nil
+	}
+	out := new(ExemptPriorityLevelConfiguration)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *FlowDistinguisherMethod) DeepCopyInto(out *FlowDistinguisherMethod) {
 	*out = *in
@@ -400,6 +426,11 @@ func (in *PriorityLevelConfigurationSpec) DeepCopyInto(out *PriorityLevelConfigu
 		*out = new(LimitedPriorityLevelConfiguration)
 		(*in).DeepCopyInto(*out)
 	}
+	if in.Exempt != nil {
+		in, out := &in.Exempt, &out.Exempt
+		*out = new(ExemptPriorityLevelConfiguration)
+		(*in).DeepCopyInto(*out)
+	}
 	return
 }
 
diff --git a/vendor/k8s.io/api/flowcontrol/v1beta1/generated.pb.go b/vendor/k8s.io/api/flowcontrol/v1beta1/generated.pb.go
index fbaea85dd6..33f4b97e39 100644
--- a/vendor/k8s.io/api/flowcontrol/v1beta1/generated.pb.go
+++ b/vendor/k8s.io/api/flowcontrol/v1beta1/generated.pb.go
@@ -43,10 +43,38 @@ var _ = math.Inf
 // proto package needs to be updated.
 const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
 
+func (m *ExemptPriorityLevelConfiguration) Reset()      { *m = ExemptPriorityLevelConfiguration{} }
+func (*ExemptPriorityLevelConfiguration) ProtoMessage() {}
+func (*ExemptPriorityLevelConfiguration) Descriptor() ([]byte, []int) {
+	return fileDescriptor_80171c2a4e3669de, []int{0}
+}
+func (m *ExemptPriorityLevelConfiguration) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ExemptPriorityLevelConfiguration) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *ExemptPriorityLevelConfiguration) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ExemptPriorityLevelConfiguration.Merge(m, src)
+}
+func (m *ExemptPriorityLevelConfiguration) XXX_Size() int {
+	return m.Size()
+}
+func (m *ExemptPriorityLevelConfiguration) XXX_DiscardUnknown() {
+	xxx_messageInfo_ExemptPriorityLevelConfiguration.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ExemptPriorityLevelConfiguration proto.InternalMessageInfo
+
 func (m *FlowDistinguisherMethod) Reset()      { *m = FlowDistinguisherMethod{} }
 func (*FlowDistinguisherMethod) ProtoMessage() {}
 func (*FlowDistinguisherMethod) Descriptor() ([]byte, []int) {
-	return fileDescriptor_80171c2a4e3669de, []int{0}
+	return fileDescriptor_80171c2a4e3669de, []int{1}
 }
 func (m *FlowDistinguisherMethod) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -74,7 +102,7 @@ var xxx_messageInfo_FlowDistinguisherMethod proto.InternalMessageInfo
 func (m *FlowSchema) Reset()      { *m = FlowSchema{} }
 func (*FlowSchema) ProtoMessage() {}
 func (*FlowSchema) Descriptor() ([]byte, []int) {
-	return fileDescriptor_80171c2a4e3669de, []int{1}
+	return fileDescriptor_80171c2a4e3669de, []int{2}
 }
 func (m *FlowSchema) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -102,7 +130,7 @@ var xxx_messageInfo_FlowSchema proto.InternalMessageInfo
 func (m *FlowSchemaCondition) Reset()      { *m = FlowSchemaCondition{} }
 func (*FlowSchemaCondition) ProtoMessage() {}
 func (*FlowSchemaCondition) Descriptor() ([]byte, []int) {
-	return fileDescriptor_80171c2a4e3669de, []int{2}
+	return fileDescriptor_80171c2a4e3669de, []int{3}
 }
 func (m *FlowSchemaCondition) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -130,7 +158,7 @@ var xxx_messageInfo_FlowSchemaCondition proto.InternalMessageInfo
 func (m *FlowSchemaList) Reset()      { *m = FlowSchemaList{} }
 func (*FlowSchemaList) ProtoMessage() {}
 func (*FlowSchemaList) Descriptor() ([]byte, []int) {
-	return fileDescriptor_80171c2a4e3669de, []int{3}
+	return fileDescriptor_80171c2a4e3669de, []int{4}
 }
 func (m *FlowSchemaList) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -158,7 +186,7 @@ var xxx_messageInfo_FlowSchemaList proto.InternalMessageInfo
 func (m *FlowSchemaSpec) Reset()      { *m = FlowSchemaSpec{} }
 func (*FlowSchemaSpec) ProtoMessage() {}
 func (*FlowSchemaSpec) Descriptor() ([]byte, []int) {
-	return fileDescriptor_80171c2a4e3669de, []int{4}
+	return fileDescriptor_80171c2a4e3669de, []int{5}
 }
 func (m *FlowSchemaSpec) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -186,7 +214,7 @@ var xxx_messageInfo_FlowSchemaSpec proto.InternalMessageInfo
 func (m *FlowSchemaStatus) Reset()      { *m = FlowSchemaStatus{} }
 func (*FlowSchemaStatus) ProtoMessage() {}
 func (*FlowSchemaStatus) Descriptor() ([]byte, []int) {
-	return fileDescriptor_80171c2a4e3669de, []int{5}
+	return fileDescriptor_80171c2a4e3669de, []int{6}
 }
 func (m *FlowSchemaStatus) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -214,7 +242,7 @@ var xxx_messageInfo_FlowSchemaStatus proto.InternalMessageInfo
 func (m *GroupSubject) Reset()      { *m = GroupSubject{} }
 func (*GroupSubject) ProtoMessage() {}
 func (*GroupSubject) Descriptor() ([]byte, []int) {
-	return fileDescriptor_80171c2a4e3669de, []int{6}
+	return fileDescriptor_80171c2a4e3669de, []int{7}
 }
 func (m *GroupSubject) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -242,7 +270,7 @@ var xxx_messageInfo_GroupSubject proto.InternalMessageInfo
 func (m *LimitResponse) Reset()      { *m = LimitResponse{} }
 func (*LimitResponse) ProtoMessage() {}
 func (*LimitResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptor_80171c2a4e3669de, []int{7}
+	return fileDescriptor_80171c2a4e3669de, []int{8}
 }
 func (m *LimitResponse) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -270,7 +298,7 @@ var xxx_messageInfo_LimitResponse proto.InternalMessageInfo
 func (m *LimitedPriorityLevelConfiguration) Reset()      { *m = LimitedPriorityLevelConfiguration{} }
 func (*LimitedPriorityLevelConfiguration) ProtoMessage() {}
 func (*LimitedPriorityLevelConfiguration) Descriptor() ([]byte, []int) {
-	return fileDescriptor_80171c2a4e3669de, []int{8}
+	return fileDescriptor_80171c2a4e3669de, []int{9}
 }
 func (m *LimitedPriorityLevelConfiguration) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -298,7 +326,7 @@ var xxx_messageInfo_LimitedPriorityLevelConfiguration proto.InternalMessageInfo
 func (m *NonResourcePolicyRule) Reset()      { *m = NonResourcePolicyRule{} }
 func (*NonResourcePolicyRule) ProtoMessage() {}
 func (*NonResourcePolicyRule) Descriptor() ([]byte, []int) {
-	return fileDescriptor_80171c2a4e3669de, []int{9}
+	return fileDescriptor_80171c2a4e3669de, []int{10}
 }
 func (m *NonResourcePolicyRule) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -326,7 +354,7 @@ var xxx_messageInfo_NonResourcePolicyRule proto.InternalMessageInfo
 func (m *PolicyRulesWithSubjects) Reset()      { *m = PolicyRulesWithSubjects{} }
 func (*PolicyRulesWithSubjects) ProtoMessage() {}
 func (*PolicyRulesWithSubjects) Descriptor() ([]byte, []int) {
-	return fileDescriptor_80171c2a4e3669de, []int{10}
+	return fileDescriptor_80171c2a4e3669de, []int{11}
 }
 func (m *PolicyRulesWithSubjects) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -354,7 +382,7 @@ var xxx_messageInfo_PolicyRulesWithSubjects proto.InternalMessageInfo
 func (m *PriorityLevelConfiguration) Reset()      { *m = PriorityLevelConfiguration{} }
 func (*PriorityLevelConfiguration) ProtoMessage() {}
 func (*PriorityLevelConfiguration) Descriptor() ([]byte, []int) {
-	return fileDescriptor_80171c2a4e3669de, []int{11}
+	return fileDescriptor_80171c2a4e3669de, []int{12}
 }
 func (m *PriorityLevelConfiguration) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -382,7 +410,7 @@ var xxx_messageInfo_PriorityLevelConfiguration proto.InternalMessageInfo
 func (m *PriorityLevelConfigurationCondition) Reset()      { *m = PriorityLevelConfigurationCondition{} }
 func (*PriorityLevelConfigurationCondition) ProtoMessage() {}
 func (*PriorityLevelConfigurationCondition) Descriptor() ([]byte, []int) {
-	return fileDescriptor_80171c2a4e3669de, []int{12}
+	return fileDescriptor_80171c2a4e3669de, []int{13}
 }
 func (m *PriorityLevelConfigurationCondition) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -410,7 +438,7 @@ var xxx_messageInfo_PriorityLevelConfigurationCondition proto.InternalMessageInf
 func (m *PriorityLevelConfigurationList) Reset()      { *m = PriorityLevelConfigurationList{} }
 func (*PriorityLevelConfigurationList) ProtoMessage() {}
 func (*PriorityLevelConfigurationList) Descriptor() ([]byte, []int) {
-	return fileDescriptor_80171c2a4e3669de, []int{13}
+	return fileDescriptor_80171c2a4e3669de, []int{14}
 }
 func (m *PriorityLevelConfigurationList) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -438,7 +466,7 @@ var xxx_messageInfo_PriorityLevelConfigurationList proto.InternalMessageInfo
 func (m *PriorityLevelConfigurationReference) Reset()      { *m = PriorityLevelConfigurationReference{} }
 func (*PriorityLevelConfigurationReference) ProtoMessage() {}
 func (*PriorityLevelConfigurationReference) Descriptor() ([]byte, []int) {
-	return fileDescriptor_80171c2a4e3669de, []int{14}
+	return fileDescriptor_80171c2a4e3669de, []int{15}
 }
 func (m *PriorityLevelConfigurationReference) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -466,7 +494,7 @@ var xxx_messageInfo_PriorityLevelConfigurationReference proto.InternalMessageInf
 func (m *PriorityLevelConfigurationSpec) Reset()      { *m = PriorityLevelConfigurationSpec{} }
 func (*PriorityLevelConfigurationSpec) ProtoMessage() {}
 func (*PriorityLevelConfigurationSpec) Descriptor() ([]byte, []int) {
-	return fileDescriptor_80171c2a4e3669de, []int{15}
+	return fileDescriptor_80171c2a4e3669de, []int{16}
 }
 func (m *PriorityLevelConfigurationSpec) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -494,7 +522,7 @@ var xxx_messageInfo_PriorityLevelConfigurationSpec proto.InternalMessageInfo
 func (m *PriorityLevelConfigurationStatus) Reset()      { *m = PriorityLevelConfigurationStatus{} }
 func (*PriorityLevelConfigurationStatus) ProtoMessage() {}
 func (*PriorityLevelConfigurationStatus) Descriptor() ([]byte, []int) {
-	return fileDescriptor_80171c2a4e3669de, []int{16}
+	return fileDescriptor_80171c2a4e3669de, []int{17}
 }
 func (m *PriorityLevelConfigurationStatus) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -522,7 +550,7 @@ var xxx_messageInfo_PriorityLevelConfigurationStatus proto.InternalMessageInfo
 func (m *QueuingConfiguration) Reset()      { *m = QueuingConfiguration{} }
 func (*QueuingConfiguration) ProtoMessage() {}
 func (*QueuingConfiguration) Descriptor() ([]byte, []int) {
-	return fileDescriptor_80171c2a4e3669de, []int{17}
+	return fileDescriptor_80171c2a4e3669de, []int{18}
 }
 func (m *QueuingConfiguration) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -550,7 +578,7 @@ var xxx_messageInfo_QueuingConfiguration proto.InternalMessageInfo
 func (m *ResourcePolicyRule) Reset()      { *m = ResourcePolicyRule{} }
 func (*ResourcePolicyRule) ProtoMessage() {}
 func (*ResourcePolicyRule) Descriptor() ([]byte, []int) {
-	return fileDescriptor_80171c2a4e3669de, []int{18}
+	return fileDescriptor_80171c2a4e3669de, []int{19}
 }
 func (m *ResourcePolicyRule) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -578,7 +606,7 @@ var xxx_messageInfo_ResourcePolicyRule proto.InternalMessageInfo
 func (m *ServiceAccountSubject) Reset()      { *m = ServiceAccountSubject{} }
 func (*ServiceAccountSubject) ProtoMessage() {}
 func (*ServiceAccountSubject) Descriptor() ([]byte, []int) {
-	return fileDescriptor_80171c2a4e3669de, []int{19}
+	return fileDescriptor_80171c2a4e3669de, []int{20}
 }
 func (m *ServiceAccountSubject) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -606,7 +634,7 @@ var xxx_messageInfo_ServiceAccountSubject proto.InternalMessageInfo
 func (m *Subject) Reset()      { *m = Subject{} }
 func (*Subject) ProtoMessage() {}
 func (*Subject) Descriptor() ([]byte, []int) {
-	return fileDescriptor_80171c2a4e3669de, []int{20}
+	return fileDescriptor_80171c2a4e3669de, []int{21}
 }
 func (m *Subject) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -634,7 +662,7 @@ var xxx_messageInfo_Subject proto.InternalMessageInfo
 func (m *UserSubject) Reset()      { *m = UserSubject{} }
 func (*UserSubject) ProtoMessage() {}
 func (*UserSubject) Descriptor() ([]byte, []int) {
-	return fileDescriptor_80171c2a4e3669de, []int{21}
+	return fileDescriptor_80171c2a4e3669de, []int{22}
 }
 func (m *UserSubject) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -660,6 +688,7 @@ func (m *UserSubject) XXX_DiscardUnknown() {
 var xxx_messageInfo_UserSubject proto.InternalMessageInfo
 
 func init() {
+	proto.RegisterType((*ExemptPriorityLevelConfiguration)(nil), "k8s.io.api.flowcontrol.v1beta1.ExemptPriorityLevelConfiguration")
 	proto.RegisterType((*FlowDistinguisherMethod)(nil), "k8s.io.api.flowcontrol.v1beta1.FlowDistinguisherMethod")
 	proto.RegisterType((*FlowSchema)(nil), "k8s.io.api.flowcontrol.v1beta1.FlowSchema")
 	proto.RegisterType((*FlowSchemaCondition)(nil), "k8s.io.api.flowcontrol.v1beta1.FlowSchemaCondition")
@@ -689,105 +718,141 @@ func init() {
 }
 
 var fileDescriptor_80171c2a4e3669de = []byte{
-	// 1553 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x58, 0x4f, 0x6f, 0xdb, 0xc6,
-	0x12, 0x37, 0x65, 0xc9, 0xb6, 0xc6, 0x7f, 0xb3, 0x8e, 0x61, 0x3d, 0x07, 0x90, 0x1c, 0x3e, 0xe0,
-	0xe5, 0xbd, 0x97, 0x84, 0x4a, 0xd2, 0xa4, 0x49, 0x5b, 0xf4, 0x8f, 0xe9, 0xb4, 0x69, 0x1a, 0xdb,
-	0x71, 0xd6, 0x49, 0x5b, 0xa4, 0x01, 0x1a, 0x8a, 0x5a, 0x4b, 0x8c, 0x25, 0x92, 0xd9, 0x25, 0x65,
-	0xb8, 0xb9, 0x14, 0xfd, 0x04, 0x3d, 0xb7, 0xc7, 0x1e, 0x7a, 0xef, 0x17, 0xe8, 0xb1, 0x41, 0x4f,
-	0x39, 0xe6, 0xa4, 0x36, 0xea, 0xa9, 0xdf, 0xa0, 0x0d, 0x50, 0xa0, 0xd8, 0xe5, 0x92, 0x14, 0xf5,
-	0x8f, 0x42, 0x02, 0xe4, 0xd4, 0x9b, 0x39, 0xf3, 0x9b, 0xdf, 0xec, 0xcc, 0xce, 0xcc, 0x8e, 0x0c,
-	0xd7, 0x0e, 0xae, 0x30, 0xcd, 0x72, 0xca, 0x07, 0x7e, 0x85, 0x50, 0x9b, 0x78, 0x84, 0x95, 0x5b,
-	0xc4, 0xae, 0x3a, 0xb4, 0x2c, 0x15, 0x86, 0x6b, 0x95, 0xf7, 0x1b, 0xce, 0xa1, 0xe9, 0xd8, 0x1e,
-	0x75, 0x1a, 0xe5, 0xd6, 0xf9, 0x0a, 0xf1, 0x8c, 0xf3, 0xe5, 0x1a, 0xb1, 0x09, 0x35, 0x3c, 0x52,
-	0xd5, 0x5c, 0xea, 0x78, 0x0e, 0x2a, 0x06, 0x78, 0xcd, 0x70, 0x2d, 0xad, 0x0b, 0xaf, 0x49, 0xfc,
-	0xda, 0xd9, 0x9a, 0xe5, 0xd5, 0xfd, 0x8a, 0x66, 0x3a, 0xcd, 0x72, 0xcd, 0xa9, 0x39, 0x65, 0x61,
-	0x56, 0xf1, 0xf7, 0xc5, 0x97, 0xf8, 0x10, 0x7f, 0x05, 0x74, 0x6b, 0x17, 0x63, 0xf7, 0x4d, 0xc3,
-	0xac, 0x5b, 0x36, 0xa1, 0x47, 0x65, 0xf7, 0xa0, 0xc6, 0x05, 0xac, 0xdc, 0x24, 0x9e, 0x51, 0x6e,
-	0xf5, 0x1d, 0x62, 0xad, 0x3c, 0xcc, 0x8a, 0xfa, 0xb6, 0x67, 0x35, 0x49, 0x9f, 0xc1, 0xeb, 0x69,
-	0x06, 0xcc, 0xac, 0x93, 0xa6, 0xd1, 0x6b, 0xa7, 0xde, 0x85, 0xd5, 0x0f, 0x1a, 0xce, 0xe1, 0x55,
-	0x8b, 0x79, 0x96, 0x5d, 0xf3, 0x2d, 0x56, 0x27, 0x74, 0x9b, 0x78, 0x75, 0xa7, 0x8a, 0xde, 0x85,
-	0xac, 0x77, 0xe4, 0x92, 0x82, 0xb2, 0xae, 0xfc, 0x37, 0xaf, 0x9f, 0x7e, 0xdc, 0x2e, 0x4d, 0x74,
-	0xda, 0xa5, 0xec, 0xed, 0x23, 0x97, 0x3c, 0x6f, 0x97, 0x4e, 0x0c, 0x31, 0xe3, 0x6a, 0x2c, 0x0c,
-	0xd5, 0x6f, 0x32, 0x00, 0x1c, 0xb5, 0x27, 0x5c, 0xa3, 0xfb, 0x30, 0xc3, 0xc3, 0xad, 0x1a, 0x9e,
-	0x21, 0x38, 0x67, 0x2f, 0x9c, 0xd3, 0xe2, 0x5c, 0x47, 0xa7, 0xd6, 0xdc, 0x83, 0x1a, 0x17, 0x30,
-	0x8d, 0xa3, 0xb5, 0xd6, 0x79, 0xed, 0x66, 0xe5, 0x01, 0x31, 0xbd, 0x6d, 0xe2, 0x19, 0x3a, 0x92,
-	0xa7, 0x80, 0x58, 0x86, 0x23, 0x56, 0xb4, 0x0b, 0x59, 0xe6, 0x12, 0xb3, 0x90, 0x11, 0xec, 0x9a,
-	0x36, 0xfa, 0x26, 0xb5, 0xf8, 0x6c, 0x7b, 0x2e, 0x31, 0xf5, 0xb9, 0x30, 0x42, 0xfe, 0x85, 0x05,
-	0x13, 0xfa, 0x14, 0xa6, 0x98, 0x67, 0x78, 0x3e, 0x2b, 0x4c, 0xf6, 0x9d, 0x38, 0x8d, 0x53, 0xd8,
-	0xe9, 0x0b, 0x92, 0x75, 0x2a, 0xf8, 0xc6, 0x92, 0x4f, 0x7d, 0x9a, 0x81, 0xe5, 0x18, 0xbc, 0xe9,
-	0xd8, 0x55, 0xcb, 0xb3, 0x1c, 0x1b, 0xbd, 0x95, 0xc8, 0xfa, 0xa9, 0x9e, 0xac, 0xaf, 0x0e, 0x30,
-	0x89, 0x33, 0x8e, 0xde, 0x88, 0x8e, 0x9b, 0x11, 0xe6, 0x27, 0x93, 0xce, 0x9f, 0xb7, 0x4b, 0x8b,
-	0x91, 0x59, 0xf2, 0x3c, 0xa8, 0x05, 0xa8, 0x61, 0x30, 0xef, 0x36, 0x35, 0x6c, 0x16, 0xd0, 0x5a,
-	0x4d, 0x22, 0xa3, 0xfe, 0xff, 0x78, 0xf7, 0xc4, 0x2d, 0xf4, 0x35, 0xe9, 0x12, 0x6d, 0xf5, 0xb1,
-	0xe1, 0x01, 0x1e, 0xd0, 0x7f, 0x60, 0x8a, 0x12, 0x83, 0x39, 0x76, 0x21, 0x2b, 0x8e, 0x1c, 0xe5,
-	0x0b, 0x0b, 0x29, 0x96, 0x5a, 0xf4, 0x3f, 0x98, 0x6e, 0x12, 0xc6, 0x8c, 0x1a, 0x29, 0xe4, 0x04,
-	0x70, 0x51, 0x02, 0xa7, 0xb7, 0x03, 0x31, 0x0e, 0xf5, 0xea, 0x8f, 0x0a, 0x2c, 0xc4, 0x79, 0xda,
-	0xb2, 0x98, 0x87, 0xee, 0xf5, 0xd5, 0x9e, 0x36, 0x5e, 0x4c, 0xdc, 0x5a, 0x54, 0xde, 0x92, 0x74,
-	0x37, 0x13, 0x4a, 0xba, 0xea, 0xee, 0x26, 0xe4, 0x2c, 0x8f, 0x34, 0x79, 0xd6, 0x27, 0x7b, 0xd2,
-	0x95, 0x52, 0x24, 0xfa, 0xbc, 0xa4, 0xcd, 0x5d, 0xe7, 0x04, 0x38, 0xe0, 0x51, 0x7f, 0x9f, 0xec,
-	0x8e, 0x80, 0xd7, 0x23, 0xfa, 0x5e, 0x81, 0x35, 0x97, 0x5a, 0x0e, 0xb5, 0xbc, 0xa3, 0x2d, 0xd2,
-	0x22, 0x8d, 0x4d, 0xc7, 0xde, 0xb7, 0x6a, 0x3e, 0x35, 0x78, 0x2a, 0x65, 0x50, 0x9b, 0x69, 0x9e,
-	0x77, 0x87, 0x32, 0x60, 0xb2, 0x4f, 0x28, 0xb1, 0x4d, 0xa2, 0xab, 0xf2, 0x48, 0x6b, 0x23, 0xc0,
-	0x23, 0x8e, 0x82, 0x3e, 0x02, 0xd4, 0x34, 0x3c, 0x9e, 0xd1, 0xda, 0x2e, 0x25, 0x26, 0xa9, 0x72,
-	0x56, 0x51, 0x90, 0xb9, 0xb8, 0x3a, 0xb6, 0xfb, 0x10, 0x78, 0x80, 0x15, 0xfa, 0x4a, 0x81, 0xe5,
-	0x6a, 0xff, 0x90, 0x91, 0x75, 0x79, 0x79, 0x9c, 0x44, 0x0f, 0x98, 0x51, 0xfa, 0x6a, 0xa7, 0x5d,
-	0x5a, 0x1e, 0xa0, 0xc0, 0x83, 0x9c, 0xa1, 0x7b, 0x90, 0xa3, 0x7e, 0x83, 0xb0, 0x42, 0x56, 0x5c,
-	0x6f, 0xaa, 0xd7, 0x5d, 0xa7, 0x61, 0x99, 0x47, 0x98, 0x9b, 0x7c, 0x62, 0x79, 0xf5, 0x3d, 0x5f,
-	0xcc, 0x2a, 0x16, 0xdf, 0xb5, 0x50, 0xe1, 0x80, 0x54, 0x7d, 0x04, 0x4b, 0xbd, 0x43, 0x03, 0xd5,
-	0x00, 0xcc, 0xb0, 0x4f, 0x59, 0x41, 0x11, 0x6e, 0x5f, 0x1b, 0xbf, 0xaa, 0xa2, 0x1e, 0x8f, 0xe7,
-	0x65, 0x24, 0x62, 0xb8, 0x8b, 0x5a, 0x3d, 0x07, 0x73, 0xd7, 0xa8, 0xe3, 0xbb, 0xf2, 0x8c, 0x68,
-	0x1d, 0xb2, 0xb6, 0xd1, 0x0c, 0xa7, 0x4f, 0x34, 0x11, 0x77, 0x8c, 0x26, 0xc1, 0x42, 0xa3, 0x7e,
-	0xa7, 0xc0, 0xfc, 0x96, 0xd5, 0xb4, 0x3c, 0x4c, 0x98, 0xeb, 0xd8, 0x8c, 0xa0, 0x4b, 0x89, 0x89,
-	0x75, 0xb2, 0x67, 0x62, 0x1d, 0x4b, 0x80, 0xbb, 0x66, 0xd5, 0x67, 0x30, 0xfd, 0xd0, 0x27, 0xbe,
-	0x65, 0xd7, 0xe4, 0xbc, 0xbe, 0x98, 0x16, 0xe0, 0xad, 0x00, 0x9e, 0xa8, 0x36, 0x7d, 0x96, 0x8f,
-	0x00, 0xa9, 0xc1, 0x21, 0xa3, 0xfa, 0x57, 0x06, 0x4e, 0x0a, 0xc7, 0xa4, 0x3a, 0xbc, 0x8a, 0xd1,
-	0x3d, 0x28, 0x18, 0x8c, 0xf9, 0x94, 0x54, 0x37, 0x1d, 0xdb, 0xf4, 0x29, 0xaf, 0xff, 0xa3, 0xbd,
-	0xba, 0x41, 0x09, 0x13, 0xd1, 0xe4, 0xf4, 0x75, 0x19, 0x4d, 0x61, 0x63, 0x08, 0x0e, 0x0f, 0x65,
-	0x40, 0x0f, 0x60, 0xbe, 0xd1, 0x1d, 0xbb, 0x0c, 0xf3, 0x6c, 0x5a, 0x98, 0x89, 0x84, 0xe9, 0x2b,
-	0xf2, 0x04, 0xc9, 0xa4, 0xe3, 0x24, 0x35, 0x7a, 0x1b, 0x16, 0x1b, 0xc4, 0xae, 0x1a, 0x95, 0x06,
-	0xd9, 0x25, 0xd4, 0x24, 0xb6, 0x27, 0x5a, 0x24, 0xa7, 0x2f, 0x77, 0xda, 0xa5, 0xc5, 0xad, 0xa4,
-	0x0a, 0xf7, 0x62, 0xd1, 0x4d, 0x58, 0xa9, 0x38, 0x94, 0x3a, 0x87, 0x96, 0x5d, 0x13, 0x7e, 0x42,
-	0x92, 0xac, 0x20, 0xf9, 0x57, 0xa7, 0x5d, 0x5a, 0xd1, 0x07, 0x01, 0xf0, 0x60, 0x3b, 0xf5, 0x10,
-	0x56, 0x76, 0xf8, 0x4c, 0x61, 0x8e, 0x4f, 0x4d, 0x12, 0x37, 0x04, 0x2a, 0x41, 0xae, 0x45, 0x68,
-	0x25, 0x28, 0xea, 0xbc, 0x9e, 0xe7, 0xed, 0xf0, 0x31, 0x17, 0xe0, 0x40, 0xce, 0x23, 0xb1, 0x63,
-	0xcb, 0x3b, 0x78, 0x8b, 0x15, 0xa6, 0x04, 0x54, 0x44, 0xb2, 0x93, 0x54, 0xe1, 0x5e, 0xac, 0xda,
-	0xce, 0xc0, 0xea, 0x90, 0xfe, 0x43, 0x77, 0x60, 0x86, 0xc9, 0xbf, 0x65, 0x4f, 0x9d, 0x4a, 0xbb,
-	0x0b, 0x69, 0x1b, 0x4f, 0xff, 0x90, 0x0c, 0x47, 0x54, 0xc8, 0x81, 0x79, 0x2a, 0x8f, 0x20, 0x7c,
-	0xca, 0x57, 0xe0, 0x42, 0x1a, 0x77, 0x7f, 0x76, 0xe2, 0xcb, 0xc6, 0xdd, 0x84, 0x38, 0xc9, 0x8f,
-	0x1e, 0xc1, 0x52, 0x57, 0xd8, 0x81, 0xcf, 0x49, 0xe1, 0xf3, 0x52, 0x9a, 0xcf, 0x81, 0x97, 0xa2,
-	0x17, 0xa4, 0xdb, 0xa5, 0x9d, 0x1e, 0x5a, 0xdc, 0xe7, 0x48, 0xfd, 0x39, 0x03, 0x23, 0x1e, 0x86,
-	0x57, 0xb0, 0xe4, 0xdd, 0x4f, 0x2c, 0x79, 0xef, 0xbc, 0xf8, 0x8b, 0x37, 0x74, 0xe9, 0xab, 0xf7,
-	0x2c, 0x7d, 0xef, 0xbd, 0x84, 0x8f, 0xd1, 0x4b, 0xe0, 0x1f, 0x19, 0xf8, 0xf7, 0x70, 0xe3, 0x78,
-	0x29, 0xbc, 0x91, 0x18, 0xb1, 0x97, 0x7b, 0x46, 0xec, 0xa9, 0x31, 0x28, 0xfe, 0x59, 0x12, 0x7b,
-	0x96, 0xc4, 0x5f, 0x14, 0x28, 0x0e, 0xcf, 0xdb, 0x2b, 0x58, 0x1a, 0x3f, 0x4f, 0x2e, 0x8d, 0x6f,
-	0xbe, 0x78, 0x91, 0x0d, 0x59, 0x22, 0xaf, 0x8d, 0xaa, 0xad, 0x68, 0xdd, 0x1b, 0xe3, 0xc9, 0xff,
-	0x69, 0x64, 0xaa, 0xc4, 0x76, 0x9a, 0xf2, 0xab, 0x25, 0x61, 0xfd, 0xbe, 0xcd, 0x9f, 0x9e, 0x26,
-	0x7f, 0x3d, 0x82, 0x82, 0xac, 0xc3, 0x74, 0x23, 0x78, 0xab, 0x65, 0x53, 0x6f, 0x8c, 0xf5, 0x44,
-	0x8e, 0x7a, 0xda, 0x83, 0xb5, 0x40, 0xc2, 0x70, 0x48, 0xaf, 0x7e, 0xab, 0xc0, 0x7a, 0x5a, 0xb3,
-	0xa2, 0xc3, 0x01, 0xcb, 0xd7, 0x4b, 0x2c, 0xd6, 0xe3, 0x2f, 0x63, 0x3f, 0x28, 0x70, 0x7c, 0xd0,
-	0x8e, 0xc3, 0xcb, 0x9f, 0x2f, 0x36, 0xd1, 0x56, 0x12, 0x95, 0xff, 0x2d, 0x21, 0xc5, 0x52, 0x8b,
-	0xce, 0xc0, 0x4c, 0xdd, 0xb0, 0xab, 0x7b, 0xd6, 0x17, 0xe1, 0xbe, 0x1d, 0x15, 0xe0, 0x87, 0x52,
-	0x8e, 0x23, 0x04, 0xba, 0x0a, 0x4b, 0xc2, 0x6e, 0x8b, 0xd8, 0x35, 0xaf, 0x2e, 0x72, 0x25, 0x97,
-	0x86, 0xe8, 0x3d, 0xb8, 0xd5, 0xa3, 0xc7, 0x7d, 0x16, 0xea, 0x9f, 0x0a, 0xa0, 0x17, 0x79, 0xe7,
-	0x4f, 0x43, 0xde, 0x70, 0x2d, 0xb1, 0x7c, 0x06, 0x2d, 0x90, 0xd7, 0xe7, 0x3b, 0xed, 0x52, 0x7e,
-	0x63, 0xf7, 0x7a, 0x20, 0xc4, 0xb1, 0x9e, 0x83, 0xc3, 0x27, 0x30, 0x78, 0xea, 0x24, 0x38, 0x74,
-	0xcc, 0x70, 0xac, 0x47, 0x57, 0x60, 0xce, 0x6c, 0xf8, 0xcc, 0x23, 0x74, 0xcf, 0x74, 0x5c, 0x22,
-	0x46, 0xc6, 0x8c, 0x7e, 0x5c, 0xc6, 0x34, 0xb7, 0xd9, 0xa5, 0xc3, 0x09, 0x24, 0xd2, 0x00, 0x78,
-	0xc1, 0x33, 0xd7, 0xe0, 0x7e, 0x72, 0xc2, 0xcf, 0x02, 0xbf, 0xb0, 0x9d, 0x48, 0x8a, 0xbb, 0x10,
-	0xea, 0x03, 0x58, 0xd9, 0x23, 0xb4, 0x65, 0x99, 0x64, 0xc3, 0x34, 0x1d, 0xdf, 0xf6, 0xc2, 0x35,
-	0xba, 0x0c, 0xf9, 0x08, 0x26, 0x7b, 0xe2, 0x98, 0xf4, 0x9f, 0x8f, 0xb8, 0x70, 0x8c, 0x89, 0x9a,
-	0x30, 0x33, 0xbc, 0x09, 0x33, 0x30, 0x1d, 0xd3, 0x67, 0x0f, 0x2c, 0xbb, 0x2a, 0x99, 0x4f, 0x84,
-	0xe8, 0x1b, 0x96, 0x5d, 0x7d, 0xde, 0x2e, 0xcd, 0x4a, 0x18, 0xff, 0xc4, 0x02, 0x88, 0xae, 0x43,
-	0xd6, 0x67, 0x84, 0xca, 0xf6, 0x3a, 0x9d, 0x56, 0xcc, 0x77, 0x18, 0xa1, 0xe1, 0xe6, 0x33, 0xc3,
-	0x99, 0xb9, 0x00, 0x0b, 0x0a, 0xb4, 0x0d, 0xb9, 0x1a, 0xbf, 0x14, 0x39, 0xf5, 0xcf, 0xa4, 0x71,
-	0x75, 0xff, 0xbc, 0x08, 0xca, 0x40, 0x48, 0x70, 0xc0, 0x82, 0x1e, 0xc2, 0x02, 0x4b, 0xa4, 0x50,
-	0x5c, 0xd7, 0x18, 0x9b, 0xcc, 0xc0, 0xc4, 0xeb, 0xa8, 0xd3, 0x2e, 0x2d, 0x24, 0x55, 0xb8, 0xc7,
-	0x81, 0x5a, 0x86, 0xd9, 0xae, 0x00, 0xd3, 0xe7, 0x9f, 0x7e, 0xf5, 0xf1, 0xb3, 0xe2, 0xc4, 0x93,
-	0x67, 0xc5, 0x89, 0xa7, 0xcf, 0x8a, 0x13, 0x5f, 0x76, 0x8a, 0xca, 0xe3, 0x4e, 0x51, 0x79, 0xd2,
-	0x29, 0x2a, 0x4f, 0x3b, 0x45, 0xe5, 0xd7, 0x4e, 0x51, 0xf9, 0xfa, 0xb7, 0xe2, 0xc4, 0xdd, 0xe2,
-	0xe8, 0xff, 0x33, 0xfe, 0x1d, 0x00, 0x00, 0xff, 0xff, 0x2c, 0x6d, 0x6e, 0x75, 0xa1, 0x14, 0x00,
-	0x00,
+	// 1614 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x58, 0xcf, 0x73, 0xdb, 0xc4,
+	0x17, 0x8f, 0x1c, 0x3b, 0x89, 0x5f, 0x7e, 0x76, 0xd3, 0x4c, 0xfc, 0x4d, 0xbf, 0x63, 0xa7, 0x62,
+	0x86, 0x02, 0x6d, 0xe5, 0xb6, 0xb4, 0xb4, 0xc0, 0xf0, 0x23, 0x4a, 0x4b, 0x29, 0x4d, 0xd2, 0x74,
+	0xd3, 0x42, 0xa7, 0x74, 0x86, 0xca, 0xf2, 0xc6, 0x56, 0x63, 0x4b, 0xea, 0xae, 0xe4, 0x10, 0x7a,
+	0x61, 0xf8, 0x0b, 0x38, 0xc3, 0x91, 0x03, 0x27, 0x2e, 0x5c, 0x39, 0x70, 0xa4, 0xc3, 0xa9, 0xc7,
+	0x9e, 0x0c, 0x35, 0x27, 0xfe, 0x03, 0xe8, 0x0c, 0x33, 0xcc, 0xae, 0xd6, 0x92, 0xe5, 0x5f, 0xf2,
+	0xb4, 0x33, 0x3d, 0x71, 0x8b, 0xde, 0xfb, 0xbc, 0xcf, 0xdb, 0x7d, 0xfb, 0x7e, 0x39, 0x70, 0x79,
+	0xef, 0x02, 0xd3, 0x2c, 0xa7, 0xb8, 0xe7, 0x97, 0x08, 0xb5, 0x89, 0x47, 0x58, 0xb1, 0x41, 0xec,
+	0xb2, 0x43, 0x8b, 0x52, 0x61, 0xb8, 0x56, 0x71, 0xb7, 0xe6, 0xec, 0x9b, 0x8e, 0xed, 0x51, 0xa7,
+	0x56, 0x6c, 0x9c, 0x2e, 0x11, 0xcf, 0x38, 0x5d, 0xac, 0x10, 0x9b, 0x50, 0xc3, 0x23, 0x65, 0xcd,
+	0xa5, 0x8e, 0xe7, 0xa0, 0x7c, 0x80, 0xd7, 0x0c, 0xd7, 0xd2, 0x3a, 0xf0, 0x9a, 0xc4, 0xaf, 0x9c,
+	0xac, 0x58, 0x5e, 0xd5, 0x2f, 0x69, 0xa6, 0x53, 0x2f, 0x56, 0x9c, 0x8a, 0x53, 0x14, 0x66, 0x25,
+	0x7f, 0x57, 0x7c, 0x89, 0x0f, 0xf1, 0x57, 0x40, 0xb7, 0x72, 0x36, 0x72, 0x5f, 0x37, 0xcc, 0xaa,
+	0x65, 0x13, 0x7a, 0x50, 0x74, 0xf7, 0x2a, 0x5c, 0xc0, 0x8a, 0x75, 0xe2, 0x19, 0xc5, 0x46, 0xcf,
+	0x21, 0x56, 0x8a, 0x83, 0xac, 0xa8, 0x6f, 0x7b, 0x56, 0x9d, 0xf4, 0x18, 0xbc, 0x91, 0x64, 0xc0,
+	0xcc, 0x2a, 0xa9, 0x1b, 0xdd, 0x76, 0xea, 0x4f, 0x0a, 0xac, 0x5e, 0xfa, 0x9c, 0xd4, 0x5d, 0x6f,
+	0x9b, 0x5a, 0x0e, 0xb5, 0xbc, 0x83, 0x0d, 0xd2, 0x20, 0xb5, 0x75, 0xc7, 0xde, 0xb5, 0x2a, 0x3e,
+	0x35, 0x3c, 0xcb, 0xb1, 0xd1, 0x2d, 0xc8, 0xd9, 0x4e, 0xdd, 0xb2, 0x0d, 0x2e, 0x37, 0x7d, 0x4a,
+	0x89, 0x6d, 0x1e, 0xec, 0x54, 0x0d, 0x4a, 0x58, 0x4e, 0x59, 0x55, 0x5e, 0xc9, 0xe8, 0xff, 0x6f,
+	0x35, 0x0b, 0xb9, 0xad, 0x01, 0x18, 0x3c, 0xd0, 0x1a, 0xbd, 0x03, 0xf3, 0x35, 0x62, 0x97, 0x8d,
+	0x52, 0x8d, 0x6c, 0x13, 0x6a, 0x12, 0xdb, 0xcb, 0xa5, 0x04, 0xe1, 0x62, 0xab, 0x59, 0x98, 0xdf,
+	0x88, 0xab, 0x70, 0x37, 0x56, 0xbd, 0x0d, 0xcb, 0x1f, 0xd4, 0x9c, 0xfd, 0x8b, 0x16, 0xf3, 0x2c,
+	0xbb, 0xe2, 0x5b, 0xac, 0x4a, 0xe8, 0x26, 0xf1, 0xaa, 0x4e, 0x19, 0xbd, 0x07, 0x69, 0xef, 0xc0,
+	0x25, 0xe2, 0x7c, 0x59, 0xfd, 0xf8, 0xc3, 0x66, 0x61, 0xac, 0xd5, 0x2c, 0xa4, 0x6f, 0x1c, 0xb8,
+	0xe4, 0x69, 0xb3, 0x70, 0x64, 0x80, 0x19, 0x57, 0x63, 0x61, 0xa8, 0x7e, 0x93, 0x02, 0xe0, 0xa8,
+	0x1d, 0x11, 0x38, 0x74, 0x17, 0xa6, 0xf8, 0x63, 0x95, 0x0d, 0xcf, 0x10, 0x9c, 0xd3, 0x67, 0x4e,
+	0x69, 0x51, 0xa6, 0x84, 0x31, 0xd7, 0xdc, 0xbd, 0x0a, 0x17, 0x30, 0x8d, 0xa3, 0xb5, 0xc6, 0x69,
+	0xed, 0x5a, 0xe9, 0x1e, 0x31, 0xbd, 0x4d, 0xe2, 0x19, 0x3a, 0x92, 0xa7, 0x80, 0x48, 0x86, 0x43,
+	0x56, 0xb4, 0x0d, 0x69, 0xe6, 0x12, 0x53, 0x04, 0x60, 0xfa, 0x8c, 0xa6, 0x0d, 0xcf, 0x43, 0x2d,
+	0x3a, 0xdb, 0x8e, 0x4b, 0x4c, 0x7d, 0xa6, 0x7d, 0x43, 0xfe, 0x85, 0x05, 0x13, 0xba, 0x05, 0x13,
+	0xcc, 0x33, 0x3c, 0x9f, 0xe5, 0xc6, 0x7b, 0x4e, 0x9c, 0xc4, 0x29, 0xec, 0xf4, 0x39, 0xc9, 0x3a,
+	0x11, 0x7c, 0x63, 0xc9, 0xa7, 0x3e, 0x4e, 0xc1, 0x62, 0x04, 0x5e, 0x77, 0xec, 0xb2, 0x25, 0x32,
+	0xe5, 0xed, 0x58, 0xd4, 0x8f, 0x75, 0x45, 0x7d, 0xb9, 0x8f, 0x49, 0x14, 0x71, 0xf4, 0x66, 0x78,
+	0xdc, 0x94, 0x30, 0x3f, 0x1a, 0x77, 0xfe, 0xb4, 0x59, 0x98, 0x0f, 0xcd, 0xe2, 0xe7, 0x41, 0x0d,
+	0x40, 0x35, 0x83, 0x79, 0x37, 0xa8, 0x61, 0xb3, 0x80, 0xd6, 0xaa, 0x13, 0x79, 0xeb, 0xd7, 0x46,
+	0x7b, 0x27, 0x6e, 0xa1, 0xaf, 0x48, 0x97, 0x68, 0xa3, 0x87, 0x0d, 0xf7, 0xf1, 0x80, 0x5e, 0x86,
+	0x09, 0x4a, 0x0c, 0xe6, 0xd8, 0xb9, 0xb4, 0x38, 0x72, 0x18, 0x2f, 0x2c, 0xa4, 0x58, 0x6a, 0xd1,
+	0xab, 0x30, 0x59, 0x27, 0x8c, 0x19, 0x15, 0x92, 0xcb, 0x08, 0xe0, 0xbc, 0x04, 0x4e, 0x6e, 0x06,
+	0x62, 0xdc, 0xd6, 0xab, 0x3f, 0x2b, 0x30, 0x17, 0xc5, 0x69, 0xc3, 0x62, 0x1e, 0xba, 0xd3, 0x93,
+	0x7b, 0xda, 0x68, 0x77, 0xe2, 0xd6, 0x22, 0xf3, 0x16, 0xa4, 0xbb, 0xa9, 0xb6, 0xa4, 0x23, 0xef,
+	0xae, 0x41, 0xc6, 0xf2, 0x48, 0x9d, 0x47, 0x7d, 0xbc, 0x2b, 0x5c, 0x09, 0x49, 0xa2, 0xcf, 0x4a,
+	0xda, 0xcc, 0x15, 0x4e, 0x80, 0x03, 0x1e, 0xf5, 0xcf, 0xf1, 0xce, 0x1b, 0xf0, 0x7c, 0x44, 0xdf,
+	0x2b, 0xb0, 0xe2, 0x0e, 0x6c, 0x30, 0xf2, 0x52, 0xeb, 0x49, 0x9e, 0x07, 0xb7, 0x28, 0x4c, 0x76,
+	0x09, 0xef, 0x2b, 0x44, 0x57, 0xe5, 0x91, 0x56, 0x86, 0x80, 0x87, 0x1c, 0x05, 0x7d, 0x04, 0xa8,
+	0x6e, 0x78, 0x3c, 0xa2, 0x95, 0x6d, 0x4a, 0x4c, 0x52, 0xe6, 0xac, 0xb2, 0x29, 0x85, 0xd9, 0xb1,
+	0xd9, 0x83, 0xc0, 0x7d, 0xac, 0xd0, 0x57, 0x0a, 0x2c, 0x96, 0x7b, 0x9b, 0x8c, 0xcc, 0xcb, 0xf3,
+	0xa3, 0x04, 0xba, 0x4f, 0x8f, 0xd2, 0x97, 0x5b, 0xcd, 0xc2, 0x62, 0x1f, 0x05, 0xee, 0xe7, 0x0c,
+	0xdd, 0x81, 0x0c, 0xf5, 0x6b, 0x84, 0xe5, 0xd2, 0xe2, 0x79, 0x13, 0xbd, 0x6e, 0x3b, 0x35, 0xcb,
+	0x3c, 0xc0, 0xdc, 0xe4, 0x13, 0xcb, 0xab, 0xee, 0xf8, 0xa2, 0x57, 0xb1, 0xe8, 0xad, 0x85, 0x0a,
+	0x07, 0xa4, 0xea, 0x03, 0x58, 0xe8, 0x6e, 0x1a, 0xa8, 0x02, 0x60, 0xb6, 0xeb, 0x94, 0x0f, 0x08,
+	0xee, 0xf6, 0xf5, 0xd1, 0xb3, 0x2a, 0xac, 0xf1, 0xa8, 0x5f, 0x86, 0x22, 0x86, 0x3b, 0xa8, 0xd5,
+	0x53, 0x30, 0x73, 0x99, 0x3a, 0xbe, 0x2b, 0xcf, 0x88, 0x56, 0x21, 0x6d, 0x1b, 0xf5, 0x76, 0xf7,
+	0x09, 0x3b, 0xe2, 0x96, 0x51, 0x27, 0x58, 0x68, 0xd4, 0xef, 0x14, 0x98, 0xdd, 0xb0, 0xea, 0x96,
+	0x87, 0x09, 0x73, 0x1d, 0x9b, 0x11, 0x74, 0x2e, 0xd6, 0xb1, 0x8e, 0x76, 0x75, 0xac, 0x43, 0x31,
+	0x70, 0x47, 0xaf, 0xfa, 0x14, 0x26, 0xef, 0xfb, 0xc4, 0xb7, 0xec, 0x8a, 0xec, 0xd7, 0x67, 0x93,
+	0x2e, 0x78, 0x3d, 0x80, 0xc7, 0xb2, 0x4d, 0x9f, 0xe6, 0x2d, 0x40, 0x6a, 0x70, 0x9b, 0x51, 0xfd,
+	0x27, 0x05, 0x47, 0x85, 0x63, 0x52, 0x1e, 0x32, 0x95, 0xef, 0x40, 0xce, 0x60, 0xcc, 0xa7, 0xa4,
+	0x3c, 0x68, 0x2a, 0xaf, 0xca, 0xdb, 0xe4, 0xd6, 0x06, 0xe0, 0xf0, 0x40, 0x06, 0x74, 0x0f, 0x66,
+	0x6b, 0x9d, 0x77, 0x97, 0xd7, 0x3c, 0x99, 0x74, 0xcd, 0x58, 0xc0, 0xf4, 0x25, 0x79, 0x82, 0x78,
+	0xd0, 0x71, 0x9c, 0xba, 0xdf, 0x16, 0x30, 0x3e, 0xfa, 0x16, 0x80, 0xae, 0xc1, 0x52, 0xc9, 0xa1,
+	0xd4, 0xd9, 0xb7, 0xec, 0x8a, 0xf0, 0xd3, 0x26, 0x49, 0x0b, 0x92, 0xff, 0xb5, 0x9a, 0x85, 0x25,
+	0xbd, 0x1f, 0x00, 0xf7, 0xb7, 0x53, 0xf7, 0x61, 0x69, 0x8b, 0xf7, 0x14, 0xe6, 0xf8, 0xd4, 0x24,
+	0x51, 0x41, 0xa0, 0x02, 0x64, 0x1a, 0x84, 0x96, 0x82, 0xa4, 0xce, 0xea, 0x59, 0x5e, 0x0e, 0x1f,
+	0x73, 0x01, 0x0e, 0xe4, 0xfc, 0x26, 0x76, 0x64, 0x79, 0x13, 0x6f, 0xb0, 0xdc, 0x84, 0x80, 0x8a,
+	0x9b, 0x6c, 0xc5, 0x55, 0xb8, 0x1b, 0xab, 0x36, 0x53, 0xb0, 0x3c, 0xa0, 0xfe, 0xd0, 0x4d, 0x98,
+	0x62, 0xf2, 0x6f, 0x59, 0x53, 0xc7, 0x92, 0xde, 0x42, 0xda, 0x46, 0xdd, 0xbf, 0x4d, 0x86, 0x43,
+	0x2a, 0xe4, 0xc0, 0x2c, 0x95, 0x47, 0x10, 0x3e, 0xe5, 0x14, 0x38, 0x93, 0xc4, 0xdd, 0x1b, 0x9d,
+	0xe8, 0xb1, 0x71, 0x27, 0x21, 0x8e, 0xf3, 0xa3, 0x07, 0xb0, 0xd0, 0x71, 0xed, 0xc0, 0xe7, 0xb8,
+	0xf0, 0x79, 0x2e, 0xc9, 0x67, 0xdf, 0x47, 0xd1, 0x73, 0xd2, 0xed, 0xc2, 0x56, 0x17, 0x2d, 0xee,
+	0x71, 0xa4, 0xfe, 0x9a, 0x82, 0x21, 0x83, 0xe1, 0x05, 0x2c, 0x79, 0x77, 0x63, 0x4b, 0xde, 0xbb,
+	0xcf, 0x3e, 0xf1, 0x06, 0x2e, 0x7d, 0xd5, 0xae, 0xa5, 0xef, 0xfd, 0xe7, 0xf0, 0x31, 0x7c, 0x09,
+	0xfc, 0x2b, 0x05, 0x2f, 0x0d, 0x36, 0x8e, 0x96, 0xc2, 0xab, 0xb1, 0x16, 0x7b, 0xbe, 0xab, 0xc5,
+	0x1e, 0x1b, 0x81, 0xe2, 0xbf, 0x25, 0xb1, 0x6b, 0x49, 0xfc, 0x4d, 0x81, 0xfc, 0xe0, 0xb8, 0xbd,
+	0x80, 0xa5, 0xf1, 0xb3, 0xf8, 0xd2, 0xf8, 0xd6, 0xb3, 0x27, 0xd9, 0x80, 0x25, 0xf2, 0xf2, 0xb0,
+	0xdc, 0x0a, 0xd7, 0xbd, 0x11, 0x46, 0xfe, 0x0f, 0xa9, 0x61, 0xa1, 0x12, 0xdb, 0x69, 0xc2, 0xaf,
+	0x96, 0x98, 0xf5, 0x25, 0x9b, 0x8f, 0x9e, 0x3a, 0x9f, 0x1e, 0x41, 0x42, 0x56, 0x61, 0xb2, 0x16,
+	0xcc, 0x6a, 0x59, 0xd4, 0x6b, 0x23, 0x8d, 0xc8, 0x61, 0xa3, 0x3d, 0x58, 0x0b, 0x24, 0x0c, 0xb7,
+	0xe9, 0x51, 0x19, 0x26, 0x88, 0xf8, 0xa9, 0x3e, 0x6a, 0x65, 0x27, 0xfd, 0xb0, 0xd7, 0x81, 0x67,
+	0x61, 0x80, 0xc2, 0x92, 0x5b, 0xfd, 0x56, 0x81, 0xd5, 0xa4, 0x96, 0x80, 0xf6, 0xfb, 0xac, 0x78,
+	0xcf, 0xb1, 0xbe, 0x8f, 0xbe, 0xf2, 0xfd, 0xa8, 0xc0, 0xe1, 0x7e, 0x9b, 0x14, 0x2f, 0x32, 0xbe,
+	0x3e, 0x85, 0xbb, 0x4f, 0x58, 0x64, 0xd7, 0x85, 0x14, 0x4b, 0x2d, 0x3a, 0x01, 0x53, 0x55, 0xc3,
+	0x2e, 0xef, 0x58, 0x5f, 0xb4, 0xb7, 0xfa, 0x30, 0xcd, 0x3f, 0x94, 0x72, 0x1c, 0x22, 0xd0, 0x45,
+	0x58, 0x10, 0x76, 0x1b, 0xc4, 0xae, 0x78, 0x55, 0xf1, 0x22, 0x72, 0x35, 0x09, 0xa7, 0xce, 0xf5,
+	0x2e, 0x3d, 0xee, 0xb1, 0x50, 0xff, 0x56, 0x00, 0x3d, 0xcb, 0x36, 0x71, 0x1c, 0xb2, 0x86, 0x6b,
+	0x89, 0x15, 0x37, 0x28, 0xb4, 0xac, 0x3e, 0xdb, 0x6a, 0x16, 0xb2, 0x6b, 0xdb, 0x57, 0x02, 0x21,
+	0x8e, 0xf4, 0x1c, 0xdc, 0x1e, 0xb4, 0xc1, 0x40, 0x95, 0xe0, 0xb6, 0x63, 0x86, 0x23, 0x3d, 0xba,
+	0x00, 0x33, 0x66, 0xcd, 0x67, 0x1e, 0xa1, 0x3b, 0xa6, 0xe3, 0x12, 0xd1, 0x98, 0xa6, 0xf4, 0xc3,
+	0xf2, 0x4e, 0x33, 0xeb, 0x1d, 0x3a, 0x1c, 0x43, 0x22, 0x0d, 0x80, 0x97, 0x15, 0x73, 0x0d, 0xee,
+	0x27, 0x23, 0xfc, 0xcc, 0xf1, 0x07, 0xdb, 0x0a, 0xa5, 0xb8, 0x03, 0xa1, 0xde, 0x83, 0xa5, 0x1d,
+	0x42, 0x1b, 0x96, 0x49, 0xd6, 0x4c, 0xd3, 0xf1, 0x6d, 0xaf, 0xbd, 0xac, 0x17, 0x21, 0x1b, 0xc2,
+	0x64, 0xe5, 0x1d, 0x92, 0xfe, 0xb3, 0x21, 0x17, 0x8e, 0x30, 0x61, 0xa9, 0xa7, 0x06, 0x96, 0xfa,
+	0x2f, 0x29, 0x98, 0x8c, 0xe8, 0xd3, 0x7b, 0x96, 0x5d, 0x96, 0xcc, 0x47, 0xda, 0xe8, 0xab, 0x96,
+	0x5d, 0x7e, 0xda, 0x2c, 0x4c, 0x4b, 0x18, 0xff, 0xc4, 0x02, 0x88, 0xae, 0x40, 0xda, 0x67, 0x84,
+	0xca, 0x22, 0x3e, 0x9e, 0x94, 0xcc, 0x37, 0x19, 0xa1, 0xed, 0xfd, 0x6a, 0x8a, 0x33, 0x73, 0x01,
+	0x16, 0x14, 0x68, 0x13, 0x32, 0x15, 0xfe, 0x28, 0xb2, 0x4e, 0x4f, 0x24, 0x71, 0x75, 0xfe, 0x88,
+	0x09, 0xd2, 0x40, 0x48, 0x70, 0xc0, 0x82, 0xee, 0xc3, 0x1c, 0x8b, 0x85, 0x50, 0x3c, 0xd7, 0x08,
+	0xfb, 0x52, 0xdf, 0xc0, 0xeb, 0xa8, 0xd5, 0x2c, 0xcc, 0xc5, 0x55, 0xb8, 0xcb, 0x81, 0x5a, 0x84,
+	0xe9, 0x8e, 0x0b, 0x26, 0x77, 0x59, 0xfd, 0xe2, 0xc3, 0x27, 0xf9, 0xb1, 0x47, 0x4f, 0xf2, 0x63,
+	0x8f, 0x9f, 0xe4, 0xc7, 0xbe, 0x6c, 0xe5, 0x95, 0x87, 0xad, 0xbc, 0xf2, 0xa8, 0x95, 0x57, 0x1e,
+	0xb7, 0xf2, 0xca, 0xef, 0xad, 0xbc, 0xf2, 0xf5, 0x1f, 0xf9, 0xb1, 0xdb, 0xf9, 0xe1, 0xff, 0x8b,
+	0xfd, 0x37, 0x00, 0x00, 0xff, 0xff, 0x3a, 0xda, 0x82, 0x48, 0xc5, 0x15, 0x00, 0x00,
+}
+
+func (m *ExemptPriorityLevelConfiguration) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *ExemptPriorityLevelConfiguration) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ExemptPriorityLevelConfiguration) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.LendablePercent != nil {
+		i = encodeVarintGenerated(dAtA, i, uint64(*m.LendablePercent))
+		i--
+		dAtA[i] = 0x10
+	}
+	if m.NominalConcurrencyShares != nil {
+		i = encodeVarintGenerated(dAtA, i, uint64(*m.NominalConcurrencyShares))
+		i--
+		dAtA[i] = 0x8
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *FlowDistinguisherMethod) Marshal() (dAtA []byte, err error) {
@@ -1491,6 +1556,18 @@ func (m *PriorityLevelConfigurationSpec) MarshalToSizedBuffer(dAtA []byte) (int,
 	_ = i
 	var l int
 	_ = l
+	if m.Exempt != nil {
+		{
+			size, err := m.Exempt.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintGenerated(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x1a
+	}
 	if m.Limited != nil {
 		{
 			size, err := m.Limited.MarshalToSizedBuffer(dAtA[:i])
@@ -1783,6 +1860,21 @@ func encodeVarintGenerated(dAtA []byte, offset int, v uint64) int {
 	dAtA[offset] = uint8(v)
 	return base
 }
+func (m *ExemptPriorityLevelConfiguration) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.NominalConcurrencyShares != nil {
+		n += 1 + sovGenerated(uint64(*m.NominalConcurrencyShares))
+	}
+	if m.LendablePercent != nil {
+		n += 1 + sovGenerated(uint64(*m.LendablePercent))
+	}
+	return n
+}
+
 func (m *FlowDistinguisherMethod) Size() (n int) {
 	if m == nil {
 		return 0
@@ -2048,6 +2140,10 @@ func (m *PriorityLevelConfigurationSpec) Size() (n int) {
 		l = m.Limited.Size()
 		n += 1 + l + sovGenerated(uint64(l))
 	}
+	if m.Exempt != nil {
+		l = m.Exempt.Size()
+		n += 1 + l + sovGenerated(uint64(l))
+	}
 	return n
 }
 
@@ -2165,6 +2261,17 @@ func sovGenerated(x uint64) (n int) {
 func sozGenerated(x uint64) (n int) {
 	return sovGenerated(uint64((x << 1) ^ uint64((int64(x) >> 63))))
 }
+func (this *ExemptPriorityLevelConfiguration) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&ExemptPriorityLevelConfiguration{`,
+		`NominalConcurrencyShares:` + valueToStringGenerated(this.NominalConcurrencyShares) + `,`,
+		`LendablePercent:` + valueToStringGenerated(this.LendablePercent) + `,`,
+		`}`,
+	}, "")
+	return s
+}
 func (this *FlowDistinguisherMethod) String() string {
 	if this == nil {
 		return "nil"
@@ -2381,6 +2488,7 @@ func (this *PriorityLevelConfigurationSpec) String() string {
 	s := strings.Join([]string{`&PriorityLevelConfigurationSpec{`,
 		`Type:` + fmt.Sprintf("%v", this.Type) + `,`,
 		`Limited:` + strings.Replace(this.Limited.String(), "LimitedPriorityLevelConfiguration", "LimitedPriorityLevelConfiguration", 1) + `,`,
+		`Exempt:` + strings.Replace(this.Exempt.String(), "ExemptPriorityLevelConfiguration", "ExemptPriorityLevelConfiguration", 1) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -2468,6 +2576,96 @@ func valueToStringGenerated(v interface{}) string {
 	pv := reflect.Indirect(rv).Interface()
 	return fmt.Sprintf("*%v", pv)
 }
+func (m *ExemptPriorityLevelConfiguration) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGenerated
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: ExemptPriorityLevelConfiguration: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: ExemptPriorityLevelConfiguration: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field NominalConcurrencyShares", wireType)
+			}
+			var v int32
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int32(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			m.NominalConcurrencyShares = &v
+		case 2:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field LendablePercent", wireType)
+			}
+			var v int32
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int32(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			m.LendablePercent = &v
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGenerated(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
 func (m *FlowDistinguisherMethod) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
@@ -4547,6 +4745,42 @@ func (m *PriorityLevelConfigurationSpec) Unmarshal(dAtA []byte) error {
 				return err
 			}
 			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Exempt", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Exempt == nil {
+				m.Exempt = &ExemptPriorityLevelConfiguration{}
+			}
+			if err := m.Exempt.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipGenerated(dAtA[iNdEx:])
diff --git a/vendor/k8s.io/api/flowcontrol/v1beta1/generated.proto b/vendor/k8s.io/api/flowcontrol/v1beta1/generated.proto
index 98bfabe9c6..96df0ace79 100644
--- a/vendor/k8s.io/api/flowcontrol/v1beta1/generated.proto
+++ b/vendor/k8s.io/api/flowcontrol/v1beta1/generated.proto
@@ -28,6 +28,40 @@ import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto";
 // Package-wide variables from generator "generated".
 option go_package = "k8s.io/api/flowcontrol/v1beta1";
 
+// ExemptPriorityLevelConfiguration describes the configurable aspects
+// of the handling of exempt requests.
+// In the mandatory exempt configuration object the values in the fields
+// here can be modified by authorized users, unlike the rest of the `spec`.
+message ExemptPriorityLevelConfiguration {
+  // `nominalConcurrencyShares` (NCS) contributes to the computation of the
+  // NominalConcurrencyLimit (NominalCL) of this level.
+  // This is the number of execution seats nominally reserved for this priority level.
+  // This DOES NOT limit the dispatching from this priority level
+  // but affects the other priority levels through the borrowing mechanism.
+  // The server's concurrency limit (ServerCL) is divided among all the
+  // priority levels in proportion to their NCS values:
+  //
+  // NominalCL(i)  = ceil( ServerCL * NCS(i) / sum_ncs )
+  // sum_ncs = sum[priority level k] NCS(k)
+  //
+  // Bigger numbers mean a larger nominal concurrency limit,
+  // at the expense of every other priority level.
+  // This field has a default value of zero.
+  // +optional
+  optional int32 nominalConcurrencyShares = 1;
+
+  // `lendablePercent` prescribes the fraction of the level's NominalCL that
+  // can be borrowed by other priority levels.  This value of this
+  // field must be between 0 and 100, inclusive, and it defaults to 0.
+  // The number of seats that other levels can borrow from this level, known
+  // as this level's LendableConcurrencyLimit (LendableCL), is defined as follows.
+  //
+  // LendableCL(i) = round( NominalCL(i) * lendablePercent(i)/100.0 )
+  //
+  // +optional
+  optional int32 lendablePercent = 2;
+}
+
 // FlowDistinguisherMethod specifies the method of a flow distinguisher.
 message FlowDistinguisherMethod {
   // `type` is the type of flow distinguisher method
@@ -332,6 +366,14 @@ message PriorityLevelConfigurationSpec {
   // This field must be non-empty if and only if `type` is `"Limited"`.
   // +optional
   optional LimitedPriorityLevelConfiguration limited = 2;
+
+  // `exempt` specifies how requests are handled for an exempt priority level.
+  // This field MUST be empty if `type` is `"Limited"`.
+  // This field MAY be non-empty if `type` is `"Exempt"`.
+  // If empty and `type` is `"Exempt"` then the default values
+  // for `ExemptPriorityLevelConfiguration` apply.
+  // +optional
+  optional ExemptPriorityLevelConfiguration exempt = 3;
 }
 
 // PriorityLevelConfigurationStatus represents the current state of a "request-priority".
diff --git a/vendor/k8s.io/api/flowcontrol/v1beta1/types.go b/vendor/k8s.io/api/flowcontrol/v1beta1/types.go
index c3b7f607a7..9e05ff1a09 100644
--- a/vendor/k8s.io/api/flowcontrol/v1beta1/types.go
+++ b/vendor/k8s.io/api/flowcontrol/v1beta1/types.go
@@ -77,7 +77,9 @@ const (
 	//   is a boolean false or has an invalid boolean representation
 	//   (if the cluster operator sets it to 'false' it will be stomped)
 	// - any changes to the spec made by the cluster operator will be
-	//   stomped.
+	//   stomped, except for changes to the `nominalConcurrencyShares`
+	//   and `lendablePercent` fields of the PriorityLevelConfiguration
+	//   named "exempt".
 	//
 	// The kube-apiserver will apply updates on the suggested configuration if:
 	// - the cluster operator has enabled auto-update by setting the annotation
@@ -435,6 +437,14 @@ type PriorityLevelConfigurationSpec struct {
 	// This field must be non-empty if and only if `type` is `"Limited"`.
 	// +optional
 	Limited *LimitedPriorityLevelConfiguration `json:"limited,omitempty" protobuf:"bytes,2,opt,name=limited"`
+
+	// `exempt` specifies how requests are handled for an exempt priority level.
+	// This field MUST be empty if `type` is `"Limited"`.
+	// This field MAY be non-empty if `type` is `"Exempt"`.
+	// If empty and `type` is `"Exempt"` then the default values
+	// for `ExemptPriorityLevelConfiguration` apply.
+	// +optional
+	Exempt *ExemptPriorityLevelConfiguration `json:"exempt,omitempty" protobuf:"bytes,3,opt,name=exempt"`
 }
 
 // PriorityLevelEnablement indicates whether limits on execution are enabled for the priority level
@@ -505,6 +515,43 @@ type LimitedPriorityLevelConfiguration struct {
 	BorrowingLimitPercent *int32 `json:"borrowingLimitPercent,omitempty" protobuf:"varint,4,opt,name=borrowingLimitPercent"`
 }
 
+// ExemptPriorityLevelConfiguration describes the configurable aspects
+// of the handling of exempt requests.
+// In the mandatory exempt configuration object the values in the fields
+// here can be modified by authorized users, unlike the rest of the `spec`.
+type ExemptPriorityLevelConfiguration struct {
+	// `nominalConcurrencyShares` (NCS) contributes to the computation of the
+	// NominalConcurrencyLimit (NominalCL) of this level.
+	// This is the number of execution seats nominally reserved for this priority level.
+	// This DOES NOT limit the dispatching from this priority level
+	// but affects the other priority levels through the borrowing mechanism.
+	// The server's concurrency limit (ServerCL) is divided among all the
+	// priority levels in proportion to their NCS values:
+	//
+	// NominalCL(i)  = ceil( ServerCL * NCS(i) / sum_ncs )
+	// sum_ncs = sum[priority level k] NCS(k)
+	//
+	// Bigger numbers mean a larger nominal concurrency limit,
+	// at the expense of every other priority level.
+	// This field has a default value of zero.
+	// +optional
+	NominalConcurrencyShares *int32 `json:"nominalConcurrencyShares,omitempty" protobuf:"varint,1,opt,name=nominalConcurrencyShares"`
+	// `lendablePercent` prescribes the fraction of the level's NominalCL that
+	// can be borrowed by other priority levels.  This value of this
+	// field must be between 0 and 100, inclusive, and it defaults to 0.
+	// The number of seats that other levels can borrow from this level, known
+	// as this level's LendableConcurrencyLimit (LendableCL), is defined as follows.
+	//
+	// LendableCL(i) = round( NominalCL(i) * lendablePercent(i)/100.0 )
+	//
+	// +optional
+	LendablePercent *int32 `json:"lendablePercent,omitempty" protobuf:"varint,2,opt,name=lendablePercent"`
+	// The `BorrowingCL` of an Exempt priority level is implicitly `ServerCL`.
+	// In other words, an exempt priority level
+	// has no meaningful limit on how much it borrows.
+	// There is no explicit representation of that here.
+}
+
 // LimitResponse defines how to handle requests that can not be executed right now.
 // +union
 type LimitResponse struct {
diff --git a/vendor/k8s.io/api/flowcontrol/v1beta1/types_swagger_doc_generated.go b/vendor/k8s.io/api/flowcontrol/v1beta1/types_swagger_doc_generated.go
index fc08e128db..1405f3c3ca 100644
--- a/vendor/k8s.io/api/flowcontrol/v1beta1/types_swagger_doc_generated.go
+++ b/vendor/k8s.io/api/flowcontrol/v1beta1/types_swagger_doc_generated.go
@@ -27,6 +27,16 @@ package v1beta1
 // Those methods can be generated by using hack/update-codegen.sh
 
 // AUTO-GENERATED FUNCTIONS START HERE. DO NOT EDIT.
+var map_ExemptPriorityLevelConfiguration = map[string]string{
+	"":                         "ExemptPriorityLevelConfiguration describes the configurable aspects of the handling of exempt requests. In the mandatory exempt configuration object the values in the fields here can be modified by authorized users, unlike the rest of the `spec`.",
+	"nominalConcurrencyShares": "`nominalConcurrencyShares` (NCS) contributes to the computation of the NominalConcurrencyLimit (NominalCL) of this level. This is the number of execution seats nominally reserved for this priority level. This DOES NOT limit the dispatching from this priority level but affects the other priority levels through the borrowing mechanism. The server's concurrency limit (ServerCL) is divided among all the priority levels in proportion to their NCS values:\n\nNominalCL(i)  = ceil( ServerCL * NCS(i) / sum_ncs ) sum_ncs = sum[priority level k] NCS(k)\n\nBigger numbers mean a larger nominal concurrency limit, at the expense of every other priority level. This field has a default value of zero.",
+	"lendablePercent":          "`lendablePercent` prescribes the fraction of the level's NominalCL that can be borrowed by other priority levels.  This value of this field must be between 0 and 100, inclusive, and it defaults to 0. The number of seats that other levels can borrow from this level, known as this level's LendableConcurrencyLimit (LendableCL), is defined as follows.\n\nLendableCL(i) = round( NominalCL(i) * lendablePercent(i)/100.0 )",
+}
+
+func (ExemptPriorityLevelConfiguration) SwaggerDoc() map[string]string {
+	return map_ExemptPriorityLevelConfiguration
+}
+
 var map_FlowDistinguisherMethod = map[string]string{
 	"":     "FlowDistinguisherMethod specifies the method of a flow distinguisher.",
 	"type": "`type` is the type of flow distinguisher method The supported types are \"ByUser\" and \"ByNamespace\". Required.",
@@ -190,6 +200,7 @@ var map_PriorityLevelConfigurationSpec = map[string]string{
 	"":        "PriorityLevelConfigurationSpec specifies the configuration of a priority level.",
 	"type":    "`type` indicates whether this priority level is subject to limitation on request execution.  A value of `\"Exempt\"` means that requests of this priority level are not subject to a limit (and thus are never queued) and do not detract from the capacity made available to other priority levels.  A value of `\"Limited\"` means that (a) requests of this priority level _are_ subject to limits and (b) some of the server's limited capacity is made available exclusively to this priority level. Required.",
 	"limited": "`limited` specifies how requests are handled for a Limited priority level. This field must be non-empty if and only if `type` is `\"Limited\"`.",
+	"exempt":  "`exempt` specifies how requests are handled for an exempt priority level. This field MUST be empty if `type` is `\"Limited\"`. This field MAY be non-empty if `type` is `\"Exempt\"`. If empty and `type` is `\"Exempt\"` then the default values for `ExemptPriorityLevelConfiguration` apply.",
 }
 
 func (PriorityLevelConfigurationSpec) SwaggerDoc() map[string]string {
diff --git a/vendor/k8s.io/api/flowcontrol/v1beta1/zz_generated.deepcopy.go b/vendor/k8s.io/api/flowcontrol/v1beta1/zz_generated.deepcopy.go
index 027c3057f8..965d5e55a3 100644
--- a/vendor/k8s.io/api/flowcontrol/v1beta1/zz_generated.deepcopy.go
+++ b/vendor/k8s.io/api/flowcontrol/v1beta1/zz_generated.deepcopy.go
@@ -25,6 +25,32 @@ import (
 	runtime "k8s.io/apimachinery/pkg/runtime"
 )
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ExemptPriorityLevelConfiguration) DeepCopyInto(out *ExemptPriorityLevelConfiguration) {
+	*out = *in
+	if in.NominalConcurrencyShares != nil {
+		in, out := &in.NominalConcurrencyShares, &out.NominalConcurrencyShares
+		*out = new(int32)
+		**out = **in
+	}
+	if in.LendablePercent != nil {
+		in, out := &in.LendablePercent, &out.LendablePercent
+		*out = new(int32)
+		**out = **in
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExemptPriorityLevelConfiguration.
+func (in *ExemptPriorityLevelConfiguration) DeepCopy() *ExemptPriorityLevelConfiguration {
+	if in == nil {
+		return nil
+	}
+	out := new(ExemptPriorityLevelConfiguration)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *FlowDistinguisherMethod) DeepCopyInto(out *FlowDistinguisherMethod) {
 	*out = *in
@@ -400,6 +426,11 @@ func (in *PriorityLevelConfigurationSpec) DeepCopyInto(out *PriorityLevelConfigu
 		*out = new(LimitedPriorityLevelConfiguration)
 		(*in).DeepCopyInto(*out)
 	}
+	if in.Exempt != nil {
+		in, out := &in.Exempt, &out.Exempt
+		*out = new(ExemptPriorityLevelConfiguration)
+		(*in).DeepCopyInto(*out)
+	}
 	return
 }
 
diff --git a/vendor/k8s.io/api/flowcontrol/v1beta2/generated.pb.go b/vendor/k8s.io/api/flowcontrol/v1beta2/generated.pb.go
index b4c8f958f1..7f8ee08506 100644
--- a/vendor/k8s.io/api/flowcontrol/v1beta2/generated.pb.go
+++ b/vendor/k8s.io/api/flowcontrol/v1beta2/generated.pb.go
@@ -43,10 +43,38 @@ var _ = math.Inf
 // proto package needs to be updated.
 const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
 
+func (m *ExemptPriorityLevelConfiguration) Reset()      { *m = ExemptPriorityLevelConfiguration{} }
+func (*ExemptPriorityLevelConfiguration) ProtoMessage() {}
+func (*ExemptPriorityLevelConfiguration) Descriptor() ([]byte, []int) {
+	return fileDescriptor_ed300aa8e672704e, []int{0}
+}
+func (m *ExemptPriorityLevelConfiguration) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ExemptPriorityLevelConfiguration) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *ExemptPriorityLevelConfiguration) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ExemptPriorityLevelConfiguration.Merge(m, src)
+}
+func (m *ExemptPriorityLevelConfiguration) XXX_Size() int {
+	return m.Size()
+}
+func (m *ExemptPriorityLevelConfiguration) XXX_DiscardUnknown() {
+	xxx_messageInfo_ExemptPriorityLevelConfiguration.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ExemptPriorityLevelConfiguration proto.InternalMessageInfo
+
 func (m *FlowDistinguisherMethod) Reset()      { *m = FlowDistinguisherMethod{} }
 func (*FlowDistinguisherMethod) ProtoMessage() {}
 func (*FlowDistinguisherMethod) Descriptor() ([]byte, []int) {
-	return fileDescriptor_ed300aa8e672704e, []int{0}
+	return fileDescriptor_ed300aa8e672704e, []int{1}
 }
 func (m *FlowDistinguisherMethod) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -74,7 +102,7 @@ var xxx_messageInfo_FlowDistinguisherMethod proto.InternalMessageInfo
 func (m *FlowSchema) Reset()      { *m = FlowSchema{} }
 func (*FlowSchema) ProtoMessage() {}
 func (*FlowSchema) Descriptor() ([]byte, []int) {
-	return fileDescriptor_ed300aa8e672704e, []int{1}
+	return fileDescriptor_ed300aa8e672704e, []int{2}
 }
 func (m *FlowSchema) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -102,7 +130,7 @@ var xxx_messageInfo_FlowSchema proto.InternalMessageInfo
 func (m *FlowSchemaCondition) Reset()      { *m = FlowSchemaCondition{} }
 func (*FlowSchemaCondition) ProtoMessage() {}
 func (*FlowSchemaCondition) Descriptor() ([]byte, []int) {
-	return fileDescriptor_ed300aa8e672704e, []int{2}
+	return fileDescriptor_ed300aa8e672704e, []int{3}
 }
 func (m *FlowSchemaCondition) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -130,7 +158,7 @@ var xxx_messageInfo_FlowSchemaCondition proto.InternalMessageInfo
 func (m *FlowSchemaList) Reset()      { *m = FlowSchemaList{} }
 func (*FlowSchemaList) ProtoMessage() {}
 func (*FlowSchemaList) Descriptor() ([]byte, []int) {
-	return fileDescriptor_ed300aa8e672704e, []int{3}
+	return fileDescriptor_ed300aa8e672704e, []int{4}
 }
 func (m *FlowSchemaList) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -158,7 +186,7 @@ var xxx_messageInfo_FlowSchemaList proto.InternalMessageInfo
 func (m *FlowSchemaSpec) Reset()      { *m = FlowSchemaSpec{} }
 func (*FlowSchemaSpec) ProtoMessage() {}
 func (*FlowSchemaSpec) Descriptor() ([]byte, []int) {
-	return fileDescriptor_ed300aa8e672704e, []int{4}
+	return fileDescriptor_ed300aa8e672704e, []int{5}
 }
 func (m *FlowSchemaSpec) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -186,7 +214,7 @@ var xxx_messageInfo_FlowSchemaSpec proto.InternalMessageInfo
 func (m *FlowSchemaStatus) Reset()      { *m = FlowSchemaStatus{} }
 func (*FlowSchemaStatus) ProtoMessage() {}
 func (*FlowSchemaStatus) Descriptor() ([]byte, []int) {
-	return fileDescriptor_ed300aa8e672704e, []int{5}
+	return fileDescriptor_ed300aa8e672704e, []int{6}
 }
 func (m *FlowSchemaStatus) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -214,7 +242,7 @@ var xxx_messageInfo_FlowSchemaStatus proto.InternalMessageInfo
 func (m *GroupSubject) Reset()      { *m = GroupSubject{} }
 func (*GroupSubject) ProtoMessage() {}
 func (*GroupSubject) Descriptor() ([]byte, []int) {
-	return fileDescriptor_ed300aa8e672704e, []int{6}
+	return fileDescriptor_ed300aa8e672704e, []int{7}
 }
 func (m *GroupSubject) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -242,7 +270,7 @@ var xxx_messageInfo_GroupSubject proto.InternalMessageInfo
 func (m *LimitResponse) Reset()      { *m = LimitResponse{} }
 func (*LimitResponse) ProtoMessage() {}
 func (*LimitResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptor_ed300aa8e672704e, []int{7}
+	return fileDescriptor_ed300aa8e672704e, []int{8}
 }
 func (m *LimitResponse) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -270,7 +298,7 @@ var xxx_messageInfo_LimitResponse proto.InternalMessageInfo
 func (m *LimitedPriorityLevelConfiguration) Reset()      { *m = LimitedPriorityLevelConfiguration{} }
 func (*LimitedPriorityLevelConfiguration) ProtoMessage() {}
 func (*LimitedPriorityLevelConfiguration) Descriptor() ([]byte, []int) {
-	return fileDescriptor_ed300aa8e672704e, []int{8}
+	return fileDescriptor_ed300aa8e672704e, []int{9}
 }
 func (m *LimitedPriorityLevelConfiguration) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -298,7 +326,7 @@ var xxx_messageInfo_LimitedPriorityLevelConfiguration proto.InternalMessageInfo
 func (m *NonResourcePolicyRule) Reset()      { *m = NonResourcePolicyRule{} }
 func (*NonResourcePolicyRule) ProtoMessage() {}
 func (*NonResourcePolicyRule) Descriptor() ([]byte, []int) {
-	return fileDescriptor_ed300aa8e672704e, []int{9}
+	return fileDescriptor_ed300aa8e672704e, []int{10}
 }
 func (m *NonResourcePolicyRule) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -326,7 +354,7 @@ var xxx_messageInfo_NonResourcePolicyRule proto.InternalMessageInfo
 func (m *PolicyRulesWithSubjects) Reset()      { *m = PolicyRulesWithSubjects{} }
 func (*PolicyRulesWithSubjects) ProtoMessage() {}
 func (*PolicyRulesWithSubjects) Descriptor() ([]byte, []int) {
-	return fileDescriptor_ed300aa8e672704e, []int{10}
+	return fileDescriptor_ed300aa8e672704e, []int{11}
 }
 func (m *PolicyRulesWithSubjects) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -354,7 +382,7 @@ var xxx_messageInfo_PolicyRulesWithSubjects proto.InternalMessageInfo
 func (m *PriorityLevelConfiguration) Reset()      { *m = PriorityLevelConfiguration{} }
 func (*PriorityLevelConfiguration) ProtoMessage() {}
 func (*PriorityLevelConfiguration) Descriptor() ([]byte, []int) {
-	return fileDescriptor_ed300aa8e672704e, []int{11}
+	return fileDescriptor_ed300aa8e672704e, []int{12}
 }
 func (m *PriorityLevelConfiguration) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -382,7 +410,7 @@ var xxx_messageInfo_PriorityLevelConfiguration proto.InternalMessageInfo
 func (m *PriorityLevelConfigurationCondition) Reset()      { *m = PriorityLevelConfigurationCondition{} }
 func (*PriorityLevelConfigurationCondition) ProtoMessage() {}
 func (*PriorityLevelConfigurationCondition) Descriptor() ([]byte, []int) {
-	return fileDescriptor_ed300aa8e672704e, []int{12}
+	return fileDescriptor_ed300aa8e672704e, []int{13}
 }
 func (m *PriorityLevelConfigurationCondition) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -410,7 +438,7 @@ var xxx_messageInfo_PriorityLevelConfigurationCondition proto.InternalMessageInf
 func (m *PriorityLevelConfigurationList) Reset()      { *m = PriorityLevelConfigurationList{} }
 func (*PriorityLevelConfigurationList) ProtoMessage() {}
 func (*PriorityLevelConfigurationList) Descriptor() ([]byte, []int) {
-	return fileDescriptor_ed300aa8e672704e, []int{13}
+	return fileDescriptor_ed300aa8e672704e, []int{14}
 }
 func (m *PriorityLevelConfigurationList) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -438,7 +466,7 @@ var xxx_messageInfo_PriorityLevelConfigurationList proto.InternalMessageInfo
 func (m *PriorityLevelConfigurationReference) Reset()      { *m = PriorityLevelConfigurationReference{} }
 func (*PriorityLevelConfigurationReference) ProtoMessage() {}
 func (*PriorityLevelConfigurationReference) Descriptor() ([]byte, []int) {
-	return fileDescriptor_ed300aa8e672704e, []int{14}
+	return fileDescriptor_ed300aa8e672704e, []int{15}
 }
 func (m *PriorityLevelConfigurationReference) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -466,7 +494,7 @@ var xxx_messageInfo_PriorityLevelConfigurationReference proto.InternalMessageInf
 func (m *PriorityLevelConfigurationSpec) Reset()      { *m = PriorityLevelConfigurationSpec{} }
 func (*PriorityLevelConfigurationSpec) ProtoMessage() {}
 func (*PriorityLevelConfigurationSpec) Descriptor() ([]byte, []int) {
-	return fileDescriptor_ed300aa8e672704e, []int{15}
+	return fileDescriptor_ed300aa8e672704e, []int{16}
 }
 func (m *PriorityLevelConfigurationSpec) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -494,7 +522,7 @@ var xxx_messageInfo_PriorityLevelConfigurationSpec proto.InternalMessageInfo
 func (m *PriorityLevelConfigurationStatus) Reset()      { *m = PriorityLevelConfigurationStatus{} }
 func (*PriorityLevelConfigurationStatus) ProtoMessage() {}
 func (*PriorityLevelConfigurationStatus) Descriptor() ([]byte, []int) {
-	return fileDescriptor_ed300aa8e672704e, []int{16}
+	return fileDescriptor_ed300aa8e672704e, []int{17}
 }
 func (m *PriorityLevelConfigurationStatus) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -522,7 +550,7 @@ var xxx_messageInfo_PriorityLevelConfigurationStatus proto.InternalMessageInfo
 func (m *QueuingConfiguration) Reset()      { *m = QueuingConfiguration{} }
 func (*QueuingConfiguration) ProtoMessage() {}
 func (*QueuingConfiguration) Descriptor() ([]byte, []int) {
-	return fileDescriptor_ed300aa8e672704e, []int{17}
+	return fileDescriptor_ed300aa8e672704e, []int{18}
 }
 func (m *QueuingConfiguration) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -550,7 +578,7 @@ var xxx_messageInfo_QueuingConfiguration proto.InternalMessageInfo
 func (m *ResourcePolicyRule) Reset()      { *m = ResourcePolicyRule{} }
 func (*ResourcePolicyRule) ProtoMessage() {}
 func (*ResourcePolicyRule) Descriptor() ([]byte, []int) {
-	return fileDescriptor_ed300aa8e672704e, []int{18}
+	return fileDescriptor_ed300aa8e672704e, []int{19}
 }
 func (m *ResourcePolicyRule) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -578,7 +606,7 @@ var xxx_messageInfo_ResourcePolicyRule proto.InternalMessageInfo
 func (m *ServiceAccountSubject) Reset()      { *m = ServiceAccountSubject{} }
 func (*ServiceAccountSubject) ProtoMessage() {}
 func (*ServiceAccountSubject) Descriptor() ([]byte, []int) {
-	return fileDescriptor_ed300aa8e672704e, []int{19}
+	return fileDescriptor_ed300aa8e672704e, []int{20}
 }
 func (m *ServiceAccountSubject) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -606,7 +634,7 @@ var xxx_messageInfo_ServiceAccountSubject proto.InternalMessageInfo
 func (m *Subject) Reset()      { *m = Subject{} }
 func (*Subject) ProtoMessage() {}
 func (*Subject) Descriptor() ([]byte, []int) {
-	return fileDescriptor_ed300aa8e672704e, []int{20}
+	return fileDescriptor_ed300aa8e672704e, []int{21}
 }
 func (m *Subject) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -634,7 +662,7 @@ var xxx_messageInfo_Subject proto.InternalMessageInfo
 func (m *UserSubject) Reset()      { *m = UserSubject{} }
 func (*UserSubject) ProtoMessage() {}
 func (*UserSubject) Descriptor() ([]byte, []int) {
-	return fileDescriptor_ed300aa8e672704e, []int{21}
+	return fileDescriptor_ed300aa8e672704e, []int{22}
 }
 func (m *UserSubject) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -660,6 +688,7 @@ func (m *UserSubject) XXX_DiscardUnknown() {
 var xxx_messageInfo_UserSubject proto.InternalMessageInfo
 
 func init() {
+	proto.RegisterType((*ExemptPriorityLevelConfiguration)(nil), "k8s.io.api.flowcontrol.v1beta2.ExemptPriorityLevelConfiguration")
 	proto.RegisterType((*FlowDistinguisherMethod)(nil), "k8s.io.api.flowcontrol.v1beta2.FlowDistinguisherMethod")
 	proto.RegisterType((*FlowSchema)(nil), "k8s.io.api.flowcontrol.v1beta2.FlowSchema")
 	proto.RegisterType((*FlowSchemaCondition)(nil), "k8s.io.api.flowcontrol.v1beta2.FlowSchemaCondition")
@@ -689,105 +718,142 @@ func init() {
 }
 
 var fileDescriptor_ed300aa8e672704e = []byte{
-	// 1554 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x58, 0x4f, 0x6f, 0xdb, 0xc6,
-	0x12, 0x37, 0x65, 0xc9, 0xb6, 0xc6, 0x7f, 0xb3, 0x8e, 0x61, 0x3d, 0x07, 0x90, 0x1c, 0x3e, 0xe0,
-	0xe5, 0xbd, 0x97, 0x84, 0x4a, 0xd2, 0xa4, 0x49, 0x5b, 0xf4, 0x8f, 0xe9, 0xb4, 0x69, 0x1a, 0xdb,
-	0x71, 0xd6, 0x49, 0x5b, 0xa4, 0x01, 0x1a, 0x8a, 0x5a, 0x4b, 0x8c, 0x25, 0x92, 0xd9, 0x25, 0x65,
-	0xb8, 0xb9, 0x14, 0xfd, 0x04, 0x3d, 0xb7, 0xc7, 0x1e, 0x7a, 0xef, 0x17, 0xe8, 0xb1, 0x41, 0x4f,
-	0x39, 0xe6, 0xa4, 0x36, 0xea, 0xa9, 0xdf, 0xa0, 0x0d, 0x50, 0xa0, 0xd8, 0xe5, 0x92, 0x14, 0xf5,
-	0x8f, 0x42, 0x02, 0xe4, 0xd4, 0x9b, 0x39, 0xf3, 0x9b, 0xdf, 0xec, 0xcc, 0xce, 0xcc, 0x8e, 0x0c,
-	0xd7, 0x0e, 0xae, 0x30, 0xcd, 0x72, 0xca, 0x07, 0x7e, 0x85, 0x50, 0x9b, 0x78, 0x84, 0x95, 0x5b,
-	0xc4, 0xae, 0x3a, 0xb4, 0x2c, 0x15, 0x86, 0x6b, 0x95, 0xf7, 0x1b, 0xce, 0xa1, 0xe9, 0xd8, 0x1e,
-	0x75, 0x1a, 0xe5, 0xd6, 0xf9, 0x0a, 0xf1, 0x8c, 0x0b, 0xe5, 0x1a, 0xb1, 0x09, 0x35, 0x3c, 0x52,
-	0xd5, 0x5c, 0xea, 0x78, 0x0e, 0x2a, 0x06, 0x78, 0xcd, 0x70, 0x2d, 0xad, 0x0b, 0xaf, 0x49, 0xfc,
-	0xda, 0xd9, 0x9a, 0xe5, 0xd5, 0xfd, 0x8a, 0x66, 0x3a, 0xcd, 0x72, 0xcd, 0xa9, 0x39, 0x65, 0x61,
-	0x56, 0xf1, 0xf7, 0xc5, 0x97, 0xf8, 0x10, 0x7f, 0x05, 0x74, 0x6b, 0x17, 0x63, 0xf7, 0x4d, 0xc3,
-	0xac, 0x5b, 0x36, 0xa1, 0x47, 0x65, 0xf7, 0xa0, 0xc6, 0x05, 0xac, 0xdc, 0x24, 0x9e, 0x51, 0x6e,
-	0x9d, 0xef, 0x3d, 0xc4, 0x5a, 0x79, 0x98, 0x15, 0xf5, 0x6d, 0xcf, 0x6a, 0x92, 0x3e, 0x83, 0xd7,
-	0xd3, 0x0c, 0x98, 0x59, 0x27, 0x4d, 0xa3, 0xd7, 0x4e, 0xbd, 0x0b, 0xab, 0x1f, 0x34, 0x9c, 0xc3,
-	0xab, 0x16, 0xf3, 0x2c, 0xbb, 0xe6, 0x5b, 0xac, 0x4e, 0xe8, 0x36, 0xf1, 0xea, 0x4e, 0x15, 0xbd,
-	0x0b, 0x59, 0xef, 0xc8, 0x25, 0x05, 0x65, 0x5d, 0xf9, 0x6f, 0x5e, 0x3f, 0xfd, 0xb8, 0x5d, 0x9a,
-	0xe8, 0xb4, 0x4b, 0xd9, 0xdb, 0x47, 0x2e, 0x79, 0xde, 0x2e, 0x9d, 0x18, 0x62, 0xc6, 0xd5, 0x58,
-	0x18, 0xaa, 0xdf, 0x64, 0x00, 0x38, 0x6a, 0x4f, 0xb8, 0x46, 0xf7, 0x61, 0x86, 0x87, 0x5b, 0x35,
-	0x3c, 0x43, 0x70, 0xce, 0x5e, 0x38, 0xa7, 0xc5, 0xb9, 0x8e, 0x4e, 0xad, 0xb9, 0x07, 0x35, 0x2e,
-	0x60, 0x1a, 0x47, 0x6b, 0xad, 0xf3, 0xda, 0xcd, 0xca, 0x03, 0x62, 0x7a, 0xdb, 0xc4, 0x33, 0x74,
-	0x24, 0x4f, 0x01, 0xb1, 0x0c, 0x47, 0xac, 0x68, 0x17, 0xb2, 0xcc, 0x25, 0x66, 0x21, 0x23, 0xd8,
-	0x35, 0x6d, 0xf4, 0x4d, 0x6a, 0xf1, 0xd9, 0xf6, 0x5c, 0x62, 0xea, 0x73, 0x61, 0x84, 0xfc, 0x0b,
-	0x0b, 0x26, 0xf4, 0x29, 0x4c, 0x31, 0xcf, 0xf0, 0x7c, 0x56, 0x98, 0xec, 0x3b, 0x71, 0x1a, 0xa7,
-	0xb0, 0xd3, 0x17, 0x24, 0xeb, 0x54, 0xf0, 0x8d, 0x25, 0x9f, 0xfa, 0x34, 0x03, 0xcb, 0x31, 0x78,
-	0xd3, 0xb1, 0xab, 0x96, 0x67, 0x39, 0x36, 0x7a, 0x2b, 0x91, 0xf5, 0x53, 0x3d, 0x59, 0x5f, 0x1d,
-	0x60, 0x12, 0x67, 0x1c, 0xbd, 0x11, 0x1d, 0x37, 0x23, 0xcc, 0x4f, 0x26, 0x9d, 0x3f, 0x6f, 0x97,
-	0x16, 0x23, 0xb3, 0xe4, 0x79, 0x50, 0x0b, 0x50, 0xc3, 0x60, 0xde, 0x6d, 0x6a, 0xd8, 0x2c, 0xa0,
-	0xb5, 0x9a, 0x44, 0x46, 0xfd, 0xff, 0xf1, 0xee, 0x89, 0x5b, 0xe8, 0x6b, 0xd2, 0x25, 0xda, 0xea,
-	0x63, 0xc3, 0x03, 0x3c, 0xa0, 0xff, 0xc0, 0x14, 0x25, 0x06, 0x73, 0xec, 0x42, 0x56, 0x1c, 0x39,
-	0xca, 0x17, 0x16, 0x52, 0x2c, 0xb5, 0xe8, 0x7f, 0x30, 0xdd, 0x24, 0x8c, 0x19, 0x35, 0x52, 0xc8,
-	0x09, 0xe0, 0xa2, 0x04, 0x4e, 0x6f, 0x07, 0x62, 0x1c, 0xea, 0xd5, 0x1f, 0x15, 0x58, 0x88, 0xf3,
-	0xb4, 0x65, 0x31, 0x0f, 0xdd, 0xeb, 0xab, 0x3d, 0x6d, 0xbc, 0x98, 0xb8, 0xb5, 0xa8, 0xbc, 0x25,
-	0xe9, 0x6e, 0x26, 0x94, 0x74, 0xd5, 0xdd, 0x4d, 0xc8, 0x59, 0x1e, 0x69, 0xf2, 0xac, 0x4f, 0xf6,
-	0xa4, 0x2b, 0xa5, 0x48, 0xf4, 0x79, 0x49, 0x9b, 0xbb, 0xce, 0x09, 0x70, 0xc0, 0xa3, 0xfe, 0x3e,
-	0xd9, 0x1d, 0x01, 0xaf, 0x47, 0xf4, 0xbd, 0x02, 0x6b, 0x2e, 0xb5, 0x1c, 0x6a, 0x79, 0x47, 0x5b,
-	0xa4, 0x45, 0x1a, 0x9b, 0x8e, 0xbd, 0x6f, 0xd5, 0x7c, 0x6a, 0xf0, 0x54, 0xca, 0xa0, 0x36, 0xd3,
-	0x3c, 0xef, 0x0e, 0x65, 0xc0, 0x64, 0x9f, 0x50, 0x62, 0x9b, 0x44, 0x57, 0xe5, 0x91, 0xd6, 0x46,
-	0x80, 0x47, 0x1c, 0x05, 0x7d, 0x04, 0xa8, 0x69, 0x78, 0x3c, 0xa3, 0xb5, 0x5d, 0x4a, 0x4c, 0x52,
-	0xe5, 0xac, 0xa2, 0x20, 0x73, 0x71, 0x75, 0x6c, 0xf7, 0x21, 0xf0, 0x00, 0x2b, 0xf4, 0x95, 0x02,
-	0xcb, 0xd5, 0xfe, 0x21, 0x23, 0xeb, 0xf2, 0xf2, 0x38, 0x89, 0x1e, 0x30, 0xa3, 0xf4, 0xd5, 0x4e,
-	0xbb, 0xb4, 0x3c, 0x40, 0x81, 0x07, 0x39, 0x43, 0xf7, 0x20, 0x47, 0xfd, 0x06, 0x61, 0x85, 0xac,
-	0xb8, 0xde, 0x54, 0xaf, 0xbb, 0x4e, 0xc3, 0x32, 0x8f, 0x30, 0x37, 0xf9, 0xc4, 0xf2, 0xea, 0x7b,
-	0xbe, 0x98, 0x55, 0x2c, 0xbe, 0x6b, 0xa1, 0xc2, 0x01, 0xa9, 0xfa, 0x08, 0x96, 0x7a, 0x87, 0x06,
-	0xaa, 0x01, 0x98, 0x61, 0x9f, 0xb2, 0x82, 0x22, 0xdc, 0xbe, 0x36, 0x7e, 0x55, 0x45, 0x3d, 0x1e,
-	0xcf, 0xcb, 0x48, 0xc4, 0x70, 0x17, 0xb5, 0x7a, 0x0e, 0xe6, 0xae, 0x51, 0xc7, 0x77, 0xe5, 0x19,
-	0xd1, 0x3a, 0x64, 0x6d, 0xa3, 0x19, 0x4e, 0x9f, 0x68, 0x22, 0xee, 0x18, 0x4d, 0x82, 0x85, 0x46,
-	0xfd, 0x4e, 0x81, 0xf9, 0x2d, 0xab, 0x69, 0x79, 0x98, 0x30, 0xd7, 0xb1, 0x19, 0x41, 0x97, 0x12,
-	0x13, 0xeb, 0x64, 0xcf, 0xc4, 0x3a, 0x96, 0x00, 0x77, 0xcd, 0xaa, 0xcf, 0x60, 0xfa, 0xa1, 0x4f,
-	0x7c, 0xcb, 0xae, 0xc9, 0x79, 0x7d, 0x31, 0x2d, 0xc0, 0x5b, 0x01, 0x3c, 0x51, 0x6d, 0xfa, 0x2c,
-	0x1f, 0x01, 0x52, 0x83, 0x43, 0x46, 0xf5, 0xaf, 0x0c, 0x9c, 0x14, 0x8e, 0x49, 0x75, 0x78, 0x15,
-	0xa3, 0x7b, 0x50, 0x30, 0x18, 0xf3, 0x29, 0xa9, 0x6e, 0x3a, 0xb6, 0xe9, 0x53, 0x5e, 0xff, 0x47,
-	0x7b, 0x75, 0x83, 0x12, 0x26, 0xa2, 0xc9, 0xe9, 0xeb, 0x32, 0x9a, 0xc2, 0xc6, 0x10, 0x1c, 0x1e,
-	0xca, 0x80, 0x1e, 0xc0, 0x7c, 0xa3, 0x3b, 0x76, 0x19, 0xe6, 0xd9, 0xb4, 0x30, 0x13, 0x09, 0xd3,
-	0x57, 0xe4, 0x09, 0x92, 0x49, 0xc7, 0x49, 0x6a, 0xf4, 0x36, 0x2c, 0x36, 0x88, 0x5d, 0x35, 0x2a,
-	0x0d, 0xb2, 0x4b, 0xa8, 0x49, 0x6c, 0x4f, 0xb4, 0x48, 0x4e, 0x5f, 0xee, 0xb4, 0x4b, 0x8b, 0x5b,
-	0x49, 0x15, 0xee, 0xc5, 0xa2, 0x9b, 0xb0, 0x52, 0x71, 0x28, 0x75, 0x0e, 0x2d, 0xbb, 0x26, 0xfc,
-	0x84, 0x24, 0x59, 0x41, 0xf2, 0xaf, 0x4e, 0xbb, 0xb4, 0xa2, 0x0f, 0x02, 0xe0, 0xc1, 0x76, 0xea,
-	0x21, 0xac, 0xec, 0xf0, 0x99, 0xc2, 0x1c, 0x9f, 0x9a, 0x24, 0x6e, 0x08, 0x54, 0x82, 0x5c, 0x8b,
-	0xd0, 0x4a, 0x50, 0xd4, 0x79, 0x3d, 0xcf, 0xdb, 0xe1, 0x63, 0x2e, 0xc0, 0x81, 0x9c, 0x47, 0x62,
-	0xc7, 0x96, 0x77, 0xf0, 0x16, 0x2b, 0x4c, 0x09, 0xa8, 0x88, 0x64, 0x27, 0xa9, 0xc2, 0xbd, 0x58,
-	0xb5, 0x9d, 0x81, 0xd5, 0x21, 0xfd, 0x87, 0xee, 0xc0, 0x0c, 0x93, 0x7f, 0xcb, 0x9e, 0x3a, 0x95,
-	0x76, 0x17, 0xd2, 0x36, 0x9e, 0xfe, 0x21, 0x19, 0x8e, 0xa8, 0x90, 0x03, 0xf3, 0x54, 0x1e, 0x41,
-	0xf8, 0x94, 0xaf, 0xc0, 0x85, 0x34, 0xee, 0xfe, 0xec, 0xc4, 0x97, 0x8d, 0xbb, 0x09, 0x71, 0x92,
-	0x1f, 0x3d, 0x82, 0xa5, 0xae, 0xb0, 0x03, 0x9f, 0x93, 0xc2, 0xe7, 0xa5, 0x34, 0x9f, 0x03, 0x2f,
-	0x45, 0x2f, 0x48, 0xb7, 0x4b, 0x3b, 0x3d, 0xb4, 0xb8, 0xcf, 0x91, 0xfa, 0x73, 0x06, 0x46, 0x3c,
-	0x0c, 0xaf, 0x60, 0xc9, 0xbb, 0x9f, 0x58, 0xf2, 0xde, 0x79, 0xf1, 0x17, 0x6f, 0xe8, 0xd2, 0x57,
-	0xef, 0x59, 0xfa, 0xde, 0x7b, 0x09, 0x1f, 0xa3, 0x97, 0xc0, 0x3f, 0x32, 0xf0, 0xef, 0xe1, 0xc6,
-	0xf1, 0x52, 0x78, 0x23, 0x31, 0x62, 0x2f, 0xf7, 0x8c, 0xd8, 0x53, 0x63, 0x50, 0xfc, 0xb3, 0x24,
-	0xf6, 0x2c, 0x89, 0xbf, 0x28, 0x50, 0x1c, 0x9e, 0xb7, 0x57, 0xb0, 0x34, 0x7e, 0x9e, 0x5c, 0x1a,
-	0xdf, 0x7c, 0xf1, 0x22, 0x1b, 0xb2, 0x44, 0x5e, 0x1b, 0x55, 0x5b, 0xd1, 0xba, 0x37, 0xc6, 0x93,
-	0xff, 0xd3, 0xc8, 0x54, 0x89, 0xed, 0x34, 0xe5, 0x57, 0x4b, 0xc2, 0xfa, 0x7d, 0x9b, 0x3f, 0x3d,
-	0x4d, 0xfe, 0x7a, 0x04, 0x05, 0x59, 0x87, 0xe9, 0x46, 0xf0, 0x56, 0xcb, 0xa6, 0xde, 0x18, 0xeb,
-	0x89, 0x1c, 0xf5, 0xb4, 0x07, 0x6b, 0x81, 0x84, 0xe1, 0x90, 0x5e, 0xfd, 0x56, 0x81, 0xf5, 0xb4,
-	0x66, 0x45, 0x87, 0x03, 0x96, 0xaf, 0x97, 0x58, 0xac, 0xc7, 0x5f, 0xc6, 0x7e, 0x50, 0xe0, 0xf8,
-	0xa0, 0x1d, 0x87, 0x97, 0x3f, 0x5f, 0x6c, 0xa2, 0xad, 0x24, 0x2a, 0xff, 0x5b, 0x42, 0x8a, 0xa5,
-	0x16, 0x9d, 0x81, 0x99, 0xba, 0x61, 0x57, 0xf7, 0xac, 0x2f, 0xc2, 0x7d, 0x3b, 0x2a, 0xc0, 0x0f,
-	0xa5, 0x1c, 0x47, 0x08, 0x74, 0x15, 0x96, 0x84, 0xdd, 0x16, 0xb1, 0x6b, 0x5e, 0x5d, 0xe4, 0x4a,
-	0x2e, 0x0d, 0xd1, 0x7b, 0x70, 0xab, 0x47, 0x8f, 0xfb, 0x2c, 0xd4, 0x3f, 0x15, 0x40, 0x2f, 0xf2,
-	0xce, 0x9f, 0x86, 0xbc, 0xe1, 0x5a, 0x62, 0xf9, 0x0c, 0x5a, 0x20, 0xaf, 0xcf, 0x77, 0xda, 0xa5,
-	0xfc, 0xc6, 0xee, 0xf5, 0x40, 0x88, 0x63, 0x3d, 0x07, 0x87, 0x4f, 0x60, 0xf0, 0xd4, 0x49, 0x70,
-	0xe8, 0x98, 0xe1, 0x58, 0x8f, 0xae, 0xc0, 0x9c, 0xd9, 0xf0, 0x99, 0x47, 0xe8, 0x9e, 0xe9, 0xb8,
-	0x44, 0x8c, 0x8c, 0x19, 0xfd, 0xb8, 0x8c, 0x69, 0x6e, 0xb3, 0x4b, 0x87, 0x13, 0x48, 0xa4, 0x01,
-	0xf0, 0x82, 0x67, 0xae, 0xc1, 0xfd, 0xe4, 0x84, 0x9f, 0x05, 0x7e, 0x61, 0x3b, 0x91, 0x14, 0x77,
-	0x21, 0xd4, 0x07, 0xb0, 0xb2, 0x47, 0x68, 0xcb, 0x32, 0xc9, 0x86, 0x69, 0x3a, 0xbe, 0xed, 0x85,
-	0x6b, 0x74, 0x19, 0xf2, 0x11, 0x4c, 0xf6, 0xc4, 0x31, 0xe9, 0x3f, 0x1f, 0x71, 0xe1, 0x18, 0x13,
-	0x35, 0x61, 0x66, 0x78, 0x13, 0x66, 0x60, 0x3a, 0xa6, 0xcf, 0x1e, 0x58, 0x76, 0x55, 0x32, 0x9f,
-	0x08, 0xd1, 0x37, 0x2c, 0xbb, 0xfa, 0xbc, 0x5d, 0x9a, 0x95, 0x30, 0xfe, 0x89, 0x05, 0x10, 0x5d,
-	0x87, 0xac, 0xcf, 0x08, 0x95, 0xed, 0x75, 0x3a, 0xad, 0x98, 0xef, 0x30, 0x42, 0xc3, 0xcd, 0x67,
-	0x86, 0x33, 0x73, 0x01, 0x16, 0x14, 0x68, 0x1b, 0x72, 0x35, 0x7e, 0x29, 0x72, 0xea, 0x9f, 0x49,
-	0xe3, 0xea, 0xfe, 0x79, 0x11, 0x94, 0x81, 0x90, 0xe0, 0x80, 0x05, 0x3d, 0x84, 0x05, 0x96, 0x48,
-	0xa1, 0xb8, 0xae, 0x31, 0x36, 0x99, 0x81, 0x89, 0xd7, 0x51, 0xa7, 0x5d, 0x5a, 0x48, 0xaa, 0x70,
-	0x8f, 0x03, 0xb5, 0x0c, 0xb3, 0x5d, 0x01, 0xa6, 0xcf, 0x3f, 0xfd, 0xea, 0xe3, 0x67, 0xc5, 0x89,
-	0x27, 0xcf, 0x8a, 0x13, 0x4f, 0x9f, 0x15, 0x27, 0xbe, 0xec, 0x14, 0x95, 0xc7, 0x9d, 0xa2, 0xf2,
-	0xa4, 0x53, 0x54, 0x9e, 0x76, 0x8a, 0xca, 0xaf, 0x9d, 0xa2, 0xf2, 0xf5, 0x6f, 0xc5, 0x89, 0xbb,
-	0xc5, 0xd1, 0xff, 0x67, 0xfc, 0x3b, 0x00, 0x00, 0xff, 0xff, 0x87, 0x72, 0xbf, 0xe2, 0xa1, 0x14,
-	0x00, 0x00,
+	// 1617 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x58, 0x4b, 0x73, 0x1b, 0xc5,
+	0x16, 0xf6, 0xc8, 0x92, 0x6d, 0x1d, 0x3f, 0xd3, 0x8e, 0xcb, 0xba, 0xce, 0x2d, 0xc9, 0x99, 0x5b,
+	0x75, 0x73, 0x2f, 0x49, 0x46, 0x89, 0x49, 0x48, 0x80, 0xe2, 0xe1, 0x71, 0x42, 0x08, 0xb1, 0x1d,
+	0xa7, 0x9d, 0x40, 0x2a, 0xa4, 0x8a, 0x8c, 0x46, 0x6d, 0x69, 0x62, 0x69, 0x66, 0xd2, 0x3d, 0x23,
+	0x63, 0xb2, 0xa1, 0xf8, 0x05, 0xac, 0x61, 0xc9, 0x82, 0x15, 0x1b, 0xb6, 0x2c, 0x58, 0x92, 0x62,
+	0x95, 0x65, 0x56, 0x82, 0x88, 0x15, 0xff, 0x00, 0x52, 0x45, 0x15, 0xd5, 0x3d, 0xad, 0x19, 0x8d,
+	0x5e, 0xa3, 0x4a, 0xaa, 0xb2, 0x62, 0xe7, 0x39, 0xe7, 0x3b, 0xdf, 0xe9, 0x3e, 0x7d, 0x5e, 0x32,
+	0x5c, 0xd9, 0xbf, 0xc8, 0x34, 0xcb, 0x29, 0xee, 0xfb, 0x25, 0x42, 0x6d, 0xe2, 0x11, 0x56, 0x6c,
+	0x10, 0xbb, 0xec, 0xd0, 0xa2, 0x54, 0x18, 0xae, 0x55, 0xdc, 0xab, 0x39, 0x07, 0xa6, 0x63, 0x7b,
+	0xd4, 0xa9, 0x15, 0x1b, 0x67, 0x4b, 0xc4, 0x33, 0xd6, 0x8a, 0x15, 0x62, 0x13, 0x6a, 0x78, 0xa4,
+	0xac, 0xb9, 0xd4, 0xf1, 0x1c, 0x94, 0x0f, 0xf0, 0x9a, 0xe1, 0x5a, 0x5a, 0x07, 0x5e, 0x93, 0xf8,
+	0x95, 0xd3, 0x15, 0xcb, 0xab, 0xfa, 0x25, 0xcd, 0x74, 0xea, 0xc5, 0x8a, 0x53, 0x71, 0x8a, 0xc2,
+	0xac, 0xe4, 0xef, 0x89, 0x2f, 0xf1, 0x21, 0xfe, 0x0a, 0xe8, 0x56, 0xce, 0x45, 0xee, 0xeb, 0x86,
+	0x59, 0xb5, 0x6c, 0x42, 0x0f, 0x8b, 0xee, 0x7e, 0x85, 0x0b, 0x58, 0xb1, 0x4e, 0x3c, 0xa3, 0xd8,
+	0x38, 0xdb, 0x7d, 0x88, 0x95, 0xe2, 0x20, 0x2b, 0xea, 0xdb, 0x9e, 0x55, 0x27, 0x3d, 0x06, 0xaf,
+	0x25, 0x19, 0x30, 0xb3, 0x4a, 0xea, 0x46, 0xb7, 0x9d, 0xfa, 0x83, 0x02, 0xab, 0x97, 0x3f, 0x25,
+	0x75, 0xd7, 0xdb, 0xa1, 0x96, 0x43, 0x2d, 0xef, 0x70, 0x93, 0x34, 0x48, 0x6d, 0xc3, 0xb1, 0xf7,
+	0xac, 0x8a, 0x4f, 0x0d, 0xcf, 0x72, 0x6c, 0x74, 0x1b, 0x72, 0xb6, 0x53, 0xb7, 0x6c, 0x83, 0xcb,
+	0x4d, 0x9f, 0x52, 0x62, 0x9b, 0x87, 0xbb, 0x55, 0x83, 0x12, 0x96, 0x53, 0x56, 0x95, 0xff, 0x65,
+	0xf4, 0x7f, 0xb7, 0x9a, 0x85, 0xdc, 0xf6, 0x00, 0x0c, 0x1e, 0x68, 0x8d, 0xde, 0x82, 0xf9, 0x1a,
+	0xb1, 0xcb, 0x46, 0xa9, 0x46, 0x76, 0x08, 0x35, 0x89, 0xed, 0xe5, 0x52, 0x82, 0x70, 0xb1, 0xd5,
+	0x2c, 0xcc, 0x6f, 0xc6, 0x55, 0xb8, 0x1b, 0xab, 0xde, 0x81, 0xe5, 0xf7, 0x6a, 0xce, 0xc1, 0x25,
+	0x8b, 0x79, 0x96, 0x5d, 0xf1, 0x2d, 0x56, 0x25, 0x74, 0x8b, 0x78, 0x55, 0xa7, 0x8c, 0xde, 0x81,
+	0xb4, 0x77, 0xe8, 0x12, 0x71, 0xbe, 0xac, 0x7e, 0xf2, 0x51, 0xb3, 0x30, 0xd6, 0x6a, 0x16, 0xd2,
+	0x37, 0x0f, 0x5d, 0xf2, 0xac, 0x59, 0x38, 0x36, 0xc0, 0x8c, 0xab, 0xb1, 0x30, 0x54, 0xbf, 0x4a,
+	0x01, 0x70, 0xd4, 0xae, 0x08, 0x1c, 0xba, 0x07, 0x53, 0xfc, 0xb1, 0xca, 0x86, 0x67, 0x08, 0xce,
+	0xe9, 0xb5, 0x33, 0x5a, 0x94, 0x29, 0x61, 0xcc, 0x35, 0x77, 0xbf, 0xc2, 0x05, 0x4c, 0xe3, 0x68,
+	0xad, 0x71, 0x56, 0xbb, 0x5e, 0xba, 0x4f, 0x4c, 0x6f, 0x8b, 0x78, 0x86, 0x8e, 0xe4, 0x29, 0x20,
+	0x92, 0xe1, 0x90, 0x15, 0xed, 0x40, 0x9a, 0xb9, 0xc4, 0x14, 0x01, 0x98, 0x5e, 0xd3, 0xb4, 0xe1,
+	0x79, 0xa8, 0x45, 0x67, 0xdb, 0x75, 0x89, 0xa9, 0xcf, 0xb4, 0x6f, 0xc8, 0xbf, 0xb0, 0x60, 0x42,
+	0xb7, 0x61, 0x82, 0x79, 0x86, 0xe7, 0xb3, 0xdc, 0x78, 0xcf, 0x89, 0x93, 0x38, 0x85, 0x9d, 0x3e,
+	0x27, 0x59, 0x27, 0x82, 0x6f, 0x2c, 0xf9, 0xd4, 0x27, 0x29, 0x58, 0x8c, 0xc0, 0x1b, 0x8e, 0x5d,
+	0xb6, 0x44, 0xa6, 0xbc, 0x19, 0x8b, 0xfa, 0x89, 0xae, 0xa8, 0x2f, 0xf7, 0x31, 0x89, 0x22, 0x8e,
+	0x5e, 0x0f, 0x8f, 0x9b, 0x12, 0xe6, 0xc7, 0xe3, 0xce, 0x9f, 0x35, 0x0b, 0xf3, 0xa1, 0x59, 0xfc,
+	0x3c, 0xa8, 0x01, 0xa8, 0x66, 0x30, 0xef, 0x26, 0x35, 0x6c, 0x16, 0xd0, 0x5a, 0x75, 0x22, 0x6f,
+	0xfd, 0xca, 0x68, 0xef, 0xc4, 0x2d, 0xf4, 0x15, 0xe9, 0x12, 0x6d, 0xf6, 0xb0, 0xe1, 0x3e, 0x1e,
+	0xd0, 0x7f, 0x61, 0x82, 0x12, 0x83, 0x39, 0x76, 0x2e, 0x2d, 0x8e, 0x1c, 0xc6, 0x0b, 0x0b, 0x29,
+	0x96, 0x5a, 0xf4, 0x7f, 0x98, 0xac, 0x13, 0xc6, 0x8c, 0x0a, 0xc9, 0x65, 0x04, 0x70, 0x5e, 0x02,
+	0x27, 0xb7, 0x02, 0x31, 0x6e, 0xeb, 0xd5, 0x1f, 0x15, 0x98, 0x8b, 0xe2, 0xb4, 0x69, 0x31, 0x0f,
+	0xdd, 0xed, 0xc9, 0x3d, 0x6d, 0xb4, 0x3b, 0x71, 0x6b, 0x91, 0x79, 0x0b, 0xd2, 0xdd, 0x54, 0x5b,
+	0xd2, 0x91, 0x77, 0xd7, 0x21, 0x63, 0x79, 0xa4, 0xce, 0xa3, 0x3e, 0xde, 0x15, 0xae, 0x84, 0x24,
+	0xd1, 0x67, 0x25, 0x6d, 0xe6, 0x2a, 0x27, 0xc0, 0x01, 0x8f, 0xfa, 0xfb, 0x78, 0xe7, 0x0d, 0x78,
+	0x3e, 0xa2, 0x6f, 0x15, 0x58, 0x71, 0x07, 0x36, 0x18, 0x79, 0xa9, 0x8d, 0x24, 0xcf, 0x83, 0x5b,
+	0x14, 0x26, 0x7b, 0x84, 0xf7, 0x15, 0xa2, 0xab, 0xf2, 0x48, 0x2b, 0x43, 0xc0, 0x43, 0x8e, 0x82,
+	0x3e, 0x00, 0x54, 0x37, 0x3c, 0x1e, 0xd1, 0xca, 0x0e, 0x25, 0x26, 0x29, 0x73, 0x56, 0xd9, 0x94,
+	0xc2, 0xec, 0xd8, 0xea, 0x41, 0xe0, 0x3e, 0x56, 0xe8, 0x0b, 0x05, 0x16, 0xcb, 0xbd, 0x4d, 0x46,
+	0xe6, 0xe5, 0x85, 0x51, 0x02, 0xdd, 0xa7, 0x47, 0xe9, 0xcb, 0xad, 0x66, 0x61, 0xb1, 0x8f, 0x02,
+	0xf7, 0x73, 0x86, 0xee, 0x42, 0x86, 0xfa, 0x35, 0xc2, 0x72, 0x69, 0xf1, 0xbc, 0x89, 0x5e, 0x77,
+	0x9c, 0x9a, 0x65, 0x1e, 0x62, 0x6e, 0xf2, 0x91, 0xe5, 0x55, 0x77, 0x7d, 0xd1, 0xab, 0x58, 0xf4,
+	0xd6, 0x42, 0x85, 0x03, 0x52, 0xf5, 0x21, 0x2c, 0x74, 0x37, 0x0d, 0x54, 0x01, 0x30, 0xdb, 0x75,
+	0xca, 0x07, 0x04, 0x77, 0xfb, 0xea, 0xe8, 0x59, 0x15, 0xd6, 0x78, 0xd4, 0x2f, 0x43, 0x11, 0xc3,
+	0x1d, 0xd4, 0xea, 0x19, 0x98, 0xb9, 0x42, 0x1d, 0xdf, 0x95, 0x67, 0x44, 0xab, 0x90, 0xb6, 0x8d,
+	0x7a, 0xbb, 0xfb, 0x84, 0x1d, 0x71, 0xdb, 0xa8, 0x13, 0x2c, 0x34, 0xea, 0x37, 0x0a, 0xcc, 0x6e,
+	0x5a, 0x75, 0xcb, 0xc3, 0x84, 0xb9, 0x8e, 0xcd, 0x08, 0x3a, 0x1f, 0xeb, 0x58, 0xc7, 0xbb, 0x3a,
+	0xd6, 0x91, 0x18, 0xb8, 0xa3, 0x57, 0x7d, 0x0c, 0x93, 0x0f, 0x7c, 0xe2, 0x5b, 0x76, 0x45, 0xf6,
+	0xeb, 0x73, 0x49, 0x17, 0xbc, 0x11, 0xc0, 0x63, 0xd9, 0xa6, 0x4f, 0xf3, 0x16, 0x20, 0x35, 0xb8,
+	0xcd, 0xa8, 0xfe, 0x95, 0x82, 0xe3, 0xc2, 0x31, 0x29, 0x0f, 0x99, 0xca, 0x77, 0x21, 0x67, 0x30,
+	0xe6, 0x53, 0x52, 0x1e, 0x34, 0x95, 0x57, 0xe5, 0x6d, 0x72, 0xeb, 0x03, 0x70, 0x78, 0x20, 0x03,
+	0xba, 0x0f, 0xb3, 0xb5, 0xce, 0xbb, 0xcb, 0x6b, 0x9e, 0x4e, 0xba, 0x66, 0x2c, 0x60, 0xfa, 0x92,
+	0x3c, 0x41, 0x3c, 0xe8, 0x38, 0x4e, 0xdd, 0x6f, 0x0b, 0x18, 0x1f, 0x7d, 0x0b, 0x40, 0xd7, 0x61,
+	0xa9, 0xe4, 0x50, 0xea, 0x1c, 0x58, 0x76, 0x45, 0xf8, 0x69, 0x93, 0xa4, 0x05, 0xc9, 0xbf, 0x5a,
+	0xcd, 0xc2, 0x92, 0xde, 0x0f, 0x80, 0xfb, 0xdb, 0xa9, 0x07, 0xb0, 0xb4, 0xcd, 0x7b, 0x0a, 0x73,
+	0x7c, 0x6a, 0x92, 0xa8, 0x20, 0x50, 0x01, 0x32, 0x0d, 0x42, 0x4b, 0x41, 0x52, 0x67, 0xf5, 0x2c,
+	0x2f, 0x87, 0x0f, 0xb9, 0x00, 0x07, 0x72, 0x7e, 0x13, 0x3b, 0xb2, 0xbc, 0x85, 0x37, 0x59, 0x6e,
+	0x42, 0x40, 0xc5, 0x4d, 0xb6, 0xe3, 0x2a, 0xdc, 0x8d, 0x55, 0x9b, 0x29, 0x58, 0x1e, 0x50, 0x7f,
+	0xe8, 0x16, 0x4c, 0x31, 0xf9, 0xb7, 0xac, 0xa9, 0x13, 0x49, 0x6f, 0x21, 0x6d, 0xa3, 0xee, 0xdf,
+	0x26, 0xc3, 0x21, 0x15, 0x72, 0x60, 0x96, 0xca, 0x23, 0x08, 0x9f, 0x72, 0x0a, 0xac, 0x25, 0x71,
+	0xf7, 0x46, 0x27, 0x7a, 0x6c, 0xdc, 0x49, 0x88, 0xe3, 0xfc, 0xe8, 0x21, 0x2c, 0x74, 0x5c, 0x3b,
+	0xf0, 0x39, 0x2e, 0x7c, 0x9e, 0x4f, 0xf2, 0xd9, 0xf7, 0x51, 0xf4, 0x9c, 0x74, 0xbb, 0xb0, 0xdd,
+	0x45, 0x8b, 0x7b, 0x1c, 0xa9, 0x3f, 0xa7, 0x60, 0xc8, 0x60, 0x78, 0x09, 0x4b, 0xde, 0xbd, 0xd8,
+	0x92, 0xf7, 0xf6, 0xf3, 0x4f, 0xbc, 0x81, 0x4b, 0x5f, 0xb5, 0x6b, 0xe9, 0x7b, 0xf7, 0x05, 0x7c,
+	0x0c, 0x5f, 0x02, 0xff, 0x48, 0xc1, 0x7f, 0x06, 0x1b, 0x47, 0x4b, 0xe1, 0xb5, 0x58, 0x8b, 0xbd,
+	0xd0, 0xd5, 0x62, 0x4f, 0x8c, 0x40, 0xf1, 0xcf, 0x92, 0xd8, 0xb5, 0x24, 0xfe, 0xa2, 0x40, 0x7e,
+	0x70, 0xdc, 0x5e, 0xc2, 0xd2, 0xf8, 0x49, 0x7c, 0x69, 0x7c, 0xe3, 0xf9, 0x93, 0x6c, 0xc0, 0x12,
+	0x79, 0x65, 0x58, 0x6e, 0x85, 0xeb, 0xde, 0x08, 0x23, 0xff, 0xbb, 0xd4, 0xb0, 0x50, 0x89, 0xed,
+	0x34, 0xe1, 0x57, 0x4b, 0xcc, 0xfa, 0xb2, 0xcd, 0x47, 0x4f, 0x9d, 0x4f, 0x8f, 0x20, 0x21, 0xab,
+	0x30, 0x59, 0x0b, 0x66, 0xb5, 0x2c, 0xea, 0xf5, 0x91, 0x46, 0xe4, 0xb0, 0xd1, 0x1e, 0xac, 0x05,
+	0x12, 0x86, 0xdb, 0xf4, 0xa8, 0x0c, 0x13, 0x44, 0xfc, 0x54, 0x1f, 0xb5, 0xb2, 0x93, 0x7e, 0xd8,
+	0xeb, 0xc0, 0xb3, 0x30, 0x40, 0x61, 0xc9, 0xad, 0x7e, 0xad, 0xc0, 0x6a, 0x52, 0x4b, 0x40, 0x07,
+	0x7d, 0x56, 0xbc, 0x17, 0x58, 0xdf, 0x47, 0x5f, 0xf9, 0xbe, 0x57, 0xe0, 0x68, 0xbf, 0x4d, 0x8a,
+	0x17, 0x19, 0x5f, 0x9f, 0xc2, 0xdd, 0x27, 0x2c, 0xb2, 0x1b, 0x42, 0x8a, 0xa5, 0x16, 0x9d, 0x82,
+	0xa9, 0xaa, 0x61, 0x97, 0x77, 0xad, 0xcf, 0xda, 0x5b, 0x7d, 0x98, 0xe6, 0xef, 0x4b, 0x39, 0x0e,
+	0x11, 0xe8, 0x12, 0x2c, 0x08, 0xbb, 0x4d, 0x62, 0x57, 0xbc, 0xaa, 0x78, 0x11, 0xb9, 0x9a, 0x84,
+	0x53, 0xe7, 0x46, 0x97, 0x1e, 0xf7, 0x58, 0xa8, 0x7f, 0x2a, 0x80, 0x9e, 0x67, 0x9b, 0x38, 0x09,
+	0x59, 0xc3, 0xb5, 0xc4, 0x8a, 0x1b, 0x14, 0x5a, 0x56, 0x9f, 0x6d, 0x35, 0x0b, 0xd9, 0xf5, 0x9d,
+	0xab, 0x81, 0x10, 0x47, 0x7a, 0x0e, 0x6e, 0x0f, 0xda, 0x60, 0xa0, 0x4a, 0x70, 0xdb, 0x31, 0xc3,
+	0x91, 0x1e, 0x5d, 0x84, 0x19, 0xb3, 0xe6, 0x33, 0x8f, 0xd0, 0x5d, 0xd3, 0x71, 0x89, 0x68, 0x4c,
+	0x53, 0xfa, 0x51, 0x79, 0xa7, 0x99, 0x8d, 0x0e, 0x1d, 0x8e, 0x21, 0x91, 0x06, 0xc0, 0xcb, 0x8a,
+	0xb9, 0x06, 0xf7, 0x93, 0x11, 0x7e, 0xe6, 0xf8, 0x83, 0x6d, 0x87, 0x52, 0xdc, 0x81, 0x50, 0xef,
+	0xc3, 0xd2, 0x2e, 0xa1, 0x0d, 0xcb, 0x24, 0xeb, 0xa6, 0xe9, 0xf8, 0xb6, 0xd7, 0x5e, 0xd6, 0x8b,
+	0x90, 0x0d, 0x61, 0xb2, 0xf2, 0x8e, 0x48, 0xff, 0xd9, 0x90, 0x0b, 0x47, 0x98, 0xb0, 0xd4, 0x53,
+	0x03, 0x4b, 0xfd, 0xa7, 0x14, 0x4c, 0x46, 0xf4, 0xe9, 0x7d, 0xcb, 0x2e, 0x4b, 0xe6, 0x63, 0x6d,
+	0xf4, 0x35, 0xcb, 0x2e, 0x3f, 0x6b, 0x16, 0xa6, 0x25, 0x8c, 0x7f, 0x62, 0x01, 0x44, 0x57, 0x21,
+	0xed, 0x33, 0x42, 0x65, 0x11, 0x9f, 0x4c, 0x4a, 0xe6, 0x5b, 0x8c, 0xd0, 0xf6, 0x7e, 0x35, 0xc5,
+	0x99, 0xb9, 0x00, 0x0b, 0x0a, 0xb4, 0x05, 0x99, 0x0a, 0x7f, 0x14, 0x59, 0xa7, 0xa7, 0x92, 0xb8,
+	0x3a, 0x7f, 0xc4, 0x04, 0x69, 0x20, 0x24, 0x38, 0x60, 0x41, 0x0f, 0x60, 0x8e, 0xc5, 0x42, 0x28,
+	0x9e, 0x6b, 0x84, 0x7d, 0xa9, 0x6f, 0xe0, 0x75, 0xd4, 0x6a, 0x16, 0xe6, 0xe2, 0x2a, 0xdc, 0xe5,
+	0x40, 0x2d, 0xc2, 0x74, 0xc7, 0x05, 0x93, 0xbb, 0xac, 0x7e, 0xe9, 0xd1, 0xd3, 0xfc, 0xd8, 0xe3,
+	0xa7, 0xf9, 0xb1, 0x27, 0x4f, 0xf3, 0x63, 0x9f, 0xb7, 0xf2, 0xca, 0xa3, 0x56, 0x5e, 0x79, 0xdc,
+	0xca, 0x2b, 0x4f, 0x5a, 0x79, 0xe5, 0xd7, 0x56, 0x5e, 0xf9, 0xf2, 0xb7, 0xfc, 0xd8, 0x9d, 0xfc,
+	0xf0, 0xff, 0xc5, 0xfe, 0x1d, 0x00, 0x00, 0xff, 0xff, 0xfd, 0x4d, 0x1e, 0x25, 0xc5, 0x15, 0x00,
+	0x00,
+}
+
+func (m *ExemptPriorityLevelConfiguration) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *ExemptPriorityLevelConfiguration) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ExemptPriorityLevelConfiguration) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.LendablePercent != nil {
+		i = encodeVarintGenerated(dAtA, i, uint64(*m.LendablePercent))
+		i--
+		dAtA[i] = 0x10
+	}
+	if m.NominalConcurrencyShares != nil {
+		i = encodeVarintGenerated(dAtA, i, uint64(*m.NominalConcurrencyShares))
+		i--
+		dAtA[i] = 0x8
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *FlowDistinguisherMethod) Marshal() (dAtA []byte, err error) {
@@ -1491,6 +1557,18 @@ func (m *PriorityLevelConfigurationSpec) MarshalToSizedBuffer(dAtA []byte) (int,
 	_ = i
 	var l int
 	_ = l
+	if m.Exempt != nil {
+		{
+			size, err := m.Exempt.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintGenerated(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x1a
+	}
 	if m.Limited != nil {
 		{
 			size, err := m.Limited.MarshalToSizedBuffer(dAtA[:i])
@@ -1783,6 +1861,21 @@ func encodeVarintGenerated(dAtA []byte, offset int, v uint64) int {
 	dAtA[offset] = uint8(v)
 	return base
 }
+func (m *ExemptPriorityLevelConfiguration) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.NominalConcurrencyShares != nil {
+		n += 1 + sovGenerated(uint64(*m.NominalConcurrencyShares))
+	}
+	if m.LendablePercent != nil {
+		n += 1 + sovGenerated(uint64(*m.LendablePercent))
+	}
+	return n
+}
+
 func (m *FlowDistinguisherMethod) Size() (n int) {
 	if m == nil {
 		return 0
@@ -2048,6 +2141,10 @@ func (m *PriorityLevelConfigurationSpec) Size() (n int) {
 		l = m.Limited.Size()
 		n += 1 + l + sovGenerated(uint64(l))
 	}
+	if m.Exempt != nil {
+		l = m.Exempt.Size()
+		n += 1 + l + sovGenerated(uint64(l))
+	}
 	return n
 }
 
@@ -2165,6 +2262,17 @@ func sovGenerated(x uint64) (n int) {
 func sozGenerated(x uint64) (n int) {
 	return sovGenerated(uint64((x << 1) ^ uint64((int64(x) >> 63))))
 }
+func (this *ExemptPriorityLevelConfiguration) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&ExemptPriorityLevelConfiguration{`,
+		`NominalConcurrencyShares:` + valueToStringGenerated(this.NominalConcurrencyShares) + `,`,
+		`LendablePercent:` + valueToStringGenerated(this.LendablePercent) + `,`,
+		`}`,
+	}, "")
+	return s
+}
 func (this *FlowDistinguisherMethod) String() string {
 	if this == nil {
 		return "nil"
@@ -2381,6 +2489,7 @@ func (this *PriorityLevelConfigurationSpec) String() string {
 	s := strings.Join([]string{`&PriorityLevelConfigurationSpec{`,
 		`Type:` + fmt.Sprintf("%v", this.Type) + `,`,
 		`Limited:` + strings.Replace(this.Limited.String(), "LimitedPriorityLevelConfiguration", "LimitedPriorityLevelConfiguration", 1) + `,`,
+		`Exempt:` + strings.Replace(this.Exempt.String(), "ExemptPriorityLevelConfiguration", "ExemptPriorityLevelConfiguration", 1) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -2468,6 +2577,96 @@ func valueToStringGenerated(v interface{}) string {
 	pv := reflect.Indirect(rv).Interface()
 	return fmt.Sprintf("*%v", pv)
 }
+func (m *ExemptPriorityLevelConfiguration) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGenerated
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: ExemptPriorityLevelConfiguration: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: ExemptPriorityLevelConfiguration: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field NominalConcurrencyShares", wireType)
+			}
+			var v int32
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int32(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			m.NominalConcurrencyShares = &v
+		case 2:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field LendablePercent", wireType)
+			}
+			var v int32
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int32(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			m.LendablePercent = &v
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGenerated(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
 func (m *FlowDistinguisherMethod) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
@@ -4547,6 +4746,42 @@ func (m *PriorityLevelConfigurationSpec) Unmarshal(dAtA []byte) error {
 				return err
 			}
 			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Exempt", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Exempt == nil {
+				m.Exempt = &ExemptPriorityLevelConfiguration{}
+			}
+			if err := m.Exempt.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipGenerated(dAtA[iNdEx:])
diff --git a/vendor/k8s.io/api/flowcontrol/v1beta2/generated.proto b/vendor/k8s.io/api/flowcontrol/v1beta2/generated.proto
index 4c98f21bcf..a8c8a32737 100644
--- a/vendor/k8s.io/api/flowcontrol/v1beta2/generated.proto
+++ b/vendor/k8s.io/api/flowcontrol/v1beta2/generated.proto
@@ -28,6 +28,40 @@ import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto";
 // Package-wide variables from generator "generated".
 option go_package = "k8s.io/api/flowcontrol/v1beta2";
 
+// ExemptPriorityLevelConfiguration describes the configurable aspects
+// of the handling of exempt requests.
+// In the mandatory exempt configuration object the values in the fields
+// here can be modified by authorized users, unlike the rest of the `spec`.
+message ExemptPriorityLevelConfiguration {
+  // `nominalConcurrencyShares` (NCS) contributes to the computation of the
+  // NominalConcurrencyLimit (NominalCL) of this level.
+  // This is the number of execution seats nominally reserved for this priority level.
+  // This DOES NOT limit the dispatching from this priority level
+  // but affects the other priority levels through the borrowing mechanism.
+  // The server's concurrency limit (ServerCL) is divided among all the
+  // priority levels in proportion to their NCS values:
+  //
+  // NominalCL(i)  = ceil( ServerCL * NCS(i) / sum_ncs )
+  // sum_ncs = sum[priority level k] NCS(k)
+  //
+  // Bigger numbers mean a larger nominal concurrency limit,
+  // at the expense of every other priority level.
+  // This field has a default value of zero.
+  // +optional
+  optional int32 nominalConcurrencyShares = 1;
+
+  // `lendablePercent` prescribes the fraction of the level's NominalCL that
+  // can be borrowed by other priority levels.  This value of this
+  // field must be between 0 and 100, inclusive, and it defaults to 0.
+  // The number of seats that other levels can borrow from this level, known
+  // as this level's LendableConcurrencyLimit (LendableCL), is defined as follows.
+  //
+  // LendableCL(i) = round( NominalCL(i) * lendablePercent(i)/100.0 )
+  //
+  // +optional
+  optional int32 lendablePercent = 2;
+}
+
 // FlowDistinguisherMethod specifies the method of a flow distinguisher.
 message FlowDistinguisherMethod {
   // `type` is the type of flow distinguisher method
@@ -332,6 +366,14 @@ message PriorityLevelConfigurationSpec {
   // This field must be non-empty if and only if `type` is `"Limited"`.
   // +optional
   optional LimitedPriorityLevelConfiguration limited = 2;
+
+  // `exempt` specifies how requests are handled for an exempt priority level.
+  // This field MUST be empty if `type` is `"Limited"`.
+  // This field MAY be non-empty if `type` is `"Exempt"`.
+  // If empty and `type` is `"Exempt"` then the default values
+  // for `ExemptPriorityLevelConfiguration` apply.
+  // +optional
+  optional ExemptPriorityLevelConfiguration exempt = 3;
 }
 
 // PriorityLevelConfigurationStatus represents the current state of a "request-priority".
diff --git a/vendor/k8s.io/api/flowcontrol/v1beta2/types.go b/vendor/k8s.io/api/flowcontrol/v1beta2/types.go
index 75409cee3e..e8cf7abfff 100644
--- a/vendor/k8s.io/api/flowcontrol/v1beta2/types.go
+++ b/vendor/k8s.io/api/flowcontrol/v1beta2/types.go
@@ -77,7 +77,9 @@ const (
 	//   is a boolean false or has an invalid boolean representation
 	//   (if the cluster operator sets it to 'false' it will be stomped)
 	// - any changes to the spec made by the cluster operator will be
-	//   stomped.
+	//   stomped, except for changes to the `nominalConcurrencyShares`
+	//   and `lendablePercent` fields of the PriorityLevelConfiguration
+	//   named "exempt".
 	//
 	// The kube-apiserver will apply updates on the suggested configuration if:
 	// - the cluster operator has enabled auto-update by setting the annotation
@@ -435,6 +437,14 @@ type PriorityLevelConfigurationSpec struct {
 	// This field must be non-empty if and only if `type` is `"Limited"`.
 	// +optional
 	Limited *LimitedPriorityLevelConfiguration `json:"limited,omitempty" protobuf:"bytes,2,opt,name=limited"`
+
+	// `exempt` specifies how requests are handled for an exempt priority level.
+	// This field MUST be empty if `type` is `"Limited"`.
+	// This field MAY be non-empty if `type` is `"Exempt"`.
+	// If empty and `type` is `"Exempt"` then the default values
+	// for `ExemptPriorityLevelConfiguration` apply.
+	// +optional
+	Exempt *ExemptPriorityLevelConfiguration `json:"exempt,omitempty" protobuf:"bytes,3,opt,name=exempt"`
 }
 
 // PriorityLevelEnablement indicates whether limits on execution are enabled for the priority level
@@ -505,6 +515,43 @@ type LimitedPriorityLevelConfiguration struct {
 	BorrowingLimitPercent *int32 `json:"borrowingLimitPercent,omitempty" protobuf:"varint,4,opt,name=borrowingLimitPercent"`
 }
 
+// ExemptPriorityLevelConfiguration describes the configurable aspects
+// of the handling of exempt requests.
+// In the mandatory exempt configuration object the values in the fields
+// here can be modified by authorized users, unlike the rest of the `spec`.
+type ExemptPriorityLevelConfiguration struct {
+	// `nominalConcurrencyShares` (NCS) contributes to the computation of the
+	// NominalConcurrencyLimit (NominalCL) of this level.
+	// This is the number of execution seats nominally reserved for this priority level.
+	// This DOES NOT limit the dispatching from this priority level
+	// but affects the other priority levels through the borrowing mechanism.
+	// The server's concurrency limit (ServerCL) is divided among all the
+	// priority levels in proportion to their NCS values:
+	//
+	// NominalCL(i)  = ceil( ServerCL * NCS(i) / sum_ncs )
+	// sum_ncs = sum[priority level k] NCS(k)
+	//
+	// Bigger numbers mean a larger nominal concurrency limit,
+	// at the expense of every other priority level.
+	// This field has a default value of zero.
+	// +optional
+	NominalConcurrencyShares *int32 `json:"nominalConcurrencyShares,omitempty" protobuf:"varint,1,opt,name=nominalConcurrencyShares"`
+	// `lendablePercent` prescribes the fraction of the level's NominalCL that
+	// can be borrowed by other priority levels.  This value of this
+	// field must be between 0 and 100, inclusive, and it defaults to 0.
+	// The number of seats that other levels can borrow from this level, known
+	// as this level's LendableConcurrencyLimit (LendableCL), is defined as follows.
+	//
+	// LendableCL(i) = round( NominalCL(i) * lendablePercent(i)/100.0 )
+	//
+	// +optional
+	LendablePercent *int32 `json:"lendablePercent,omitempty" protobuf:"varint,2,opt,name=lendablePercent"`
+	// The `BorrowingCL` of an Exempt priority level is implicitly `ServerCL`.
+	// In other words, an exempt priority level
+	// has no meaningful limit on how much it borrows.
+	// There is no explicit representation of that here.
+}
+
 // LimitResponse defines how to handle requests that can not be executed right now.
 // +union
 type LimitResponse struct {
diff --git a/vendor/k8s.io/api/flowcontrol/v1beta2/types_swagger_doc_generated.go b/vendor/k8s.io/api/flowcontrol/v1beta2/types_swagger_doc_generated.go
index b2eff7f96e..49a4178096 100644
--- a/vendor/k8s.io/api/flowcontrol/v1beta2/types_swagger_doc_generated.go
+++ b/vendor/k8s.io/api/flowcontrol/v1beta2/types_swagger_doc_generated.go
@@ -27,6 +27,16 @@ package v1beta2
 // Those methods can be generated by using hack/update-codegen.sh
 
 // AUTO-GENERATED FUNCTIONS START HERE. DO NOT EDIT.
+var map_ExemptPriorityLevelConfiguration = map[string]string{
+	"":                         "ExemptPriorityLevelConfiguration describes the configurable aspects of the handling of exempt requests. In the mandatory exempt configuration object the values in the fields here can be modified by authorized users, unlike the rest of the `spec`.",
+	"nominalConcurrencyShares": "`nominalConcurrencyShares` (NCS) contributes to the computation of the NominalConcurrencyLimit (NominalCL) of this level. This is the number of execution seats nominally reserved for this priority level. This DOES NOT limit the dispatching from this priority level but affects the other priority levels through the borrowing mechanism. The server's concurrency limit (ServerCL) is divided among all the priority levels in proportion to their NCS values:\n\nNominalCL(i)  = ceil( ServerCL * NCS(i) / sum_ncs ) sum_ncs = sum[priority level k] NCS(k)\n\nBigger numbers mean a larger nominal concurrency limit, at the expense of every other priority level. This field has a default value of zero.",
+	"lendablePercent":          "`lendablePercent` prescribes the fraction of the level's NominalCL that can be borrowed by other priority levels.  This value of this field must be between 0 and 100, inclusive, and it defaults to 0. The number of seats that other levels can borrow from this level, known as this level's LendableConcurrencyLimit (LendableCL), is defined as follows.\n\nLendableCL(i) = round( NominalCL(i) * lendablePercent(i)/100.0 )",
+}
+
+func (ExemptPriorityLevelConfiguration) SwaggerDoc() map[string]string {
+	return map_ExemptPriorityLevelConfiguration
+}
+
 var map_FlowDistinguisherMethod = map[string]string{
 	"":     "FlowDistinguisherMethod specifies the method of a flow distinguisher.",
 	"type": "`type` is the type of flow distinguisher method The supported types are \"ByUser\" and \"ByNamespace\". Required.",
@@ -190,6 +200,7 @@ var map_PriorityLevelConfigurationSpec = map[string]string{
 	"":        "PriorityLevelConfigurationSpec specifies the configuration of a priority level.",
 	"type":    "`type` indicates whether this priority level is subject to limitation on request execution.  A value of `\"Exempt\"` means that requests of this priority level are not subject to a limit (and thus are never queued) and do not detract from the capacity made available to other priority levels.  A value of `\"Limited\"` means that (a) requests of this priority level _are_ subject to limits and (b) some of the server's limited capacity is made available exclusively to this priority level. Required.",
 	"limited": "`limited` specifies how requests are handled for a Limited priority level. This field must be non-empty if and only if `type` is `\"Limited\"`.",
+	"exempt":  "`exempt` specifies how requests are handled for an exempt priority level. This field MUST be empty if `type` is `\"Limited\"`. This field MAY be non-empty if `type` is `\"Exempt\"`. If empty and `type` is `\"Exempt\"` then the default values for `ExemptPriorityLevelConfiguration` apply.",
 }
 
 func (PriorityLevelConfigurationSpec) SwaggerDoc() map[string]string {
diff --git a/vendor/k8s.io/api/flowcontrol/v1beta2/zz_generated.deepcopy.go b/vendor/k8s.io/api/flowcontrol/v1beta2/zz_generated.deepcopy.go
index aa692484c1..e0605b95d7 100644
--- a/vendor/k8s.io/api/flowcontrol/v1beta2/zz_generated.deepcopy.go
+++ b/vendor/k8s.io/api/flowcontrol/v1beta2/zz_generated.deepcopy.go
@@ -25,6 +25,32 @@ import (
 	runtime "k8s.io/apimachinery/pkg/runtime"
 )
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ExemptPriorityLevelConfiguration) DeepCopyInto(out *ExemptPriorityLevelConfiguration) {
+	*out = *in
+	if in.NominalConcurrencyShares != nil {
+		in, out := &in.NominalConcurrencyShares, &out.NominalConcurrencyShares
+		*out = new(int32)
+		**out = **in
+	}
+	if in.LendablePercent != nil {
+		in, out := &in.LendablePercent, &out.LendablePercent
+		*out = new(int32)
+		**out = **in
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExemptPriorityLevelConfiguration.
+func (in *ExemptPriorityLevelConfiguration) DeepCopy() *ExemptPriorityLevelConfiguration {
+	if in == nil {
+		return nil
+	}
+	out := new(ExemptPriorityLevelConfiguration)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *FlowDistinguisherMethod) DeepCopyInto(out *FlowDistinguisherMethod) {
 	*out = *in
@@ -400,6 +426,11 @@ func (in *PriorityLevelConfigurationSpec) DeepCopyInto(out *PriorityLevelConfigu
 		*out = new(LimitedPriorityLevelConfiguration)
 		(*in).DeepCopyInto(*out)
 	}
+	if in.Exempt != nil {
+		in, out := &in.Exempt, &out.Exempt
+		*out = new(ExemptPriorityLevelConfiguration)
+		(*in).DeepCopyInto(*out)
+	}
 	return
 }
 
diff --git a/vendor/k8s.io/api/flowcontrol/v1beta3/generated.pb.go b/vendor/k8s.io/api/flowcontrol/v1beta3/generated.pb.go
index 166e8520b7..c6598306d9 100644
--- a/vendor/k8s.io/api/flowcontrol/v1beta3/generated.pb.go
+++ b/vendor/k8s.io/api/flowcontrol/v1beta3/generated.pb.go
@@ -43,10 +43,38 @@ var _ = math.Inf
 // proto package needs to be updated.
 const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
 
+func (m *ExemptPriorityLevelConfiguration) Reset()      { *m = ExemptPriorityLevelConfiguration{} }
+func (*ExemptPriorityLevelConfiguration) ProtoMessage() {}
+func (*ExemptPriorityLevelConfiguration) Descriptor() ([]byte, []int) {
+	return fileDescriptor_803504887082f044, []int{0}
+}
+func (m *ExemptPriorityLevelConfiguration) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ExemptPriorityLevelConfiguration) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *ExemptPriorityLevelConfiguration) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ExemptPriorityLevelConfiguration.Merge(m, src)
+}
+func (m *ExemptPriorityLevelConfiguration) XXX_Size() int {
+	return m.Size()
+}
+func (m *ExemptPriorityLevelConfiguration) XXX_DiscardUnknown() {
+	xxx_messageInfo_ExemptPriorityLevelConfiguration.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ExemptPriorityLevelConfiguration proto.InternalMessageInfo
+
 func (m *FlowDistinguisherMethod) Reset()      { *m = FlowDistinguisherMethod{} }
 func (*FlowDistinguisherMethod) ProtoMessage() {}
 func (*FlowDistinguisherMethod) Descriptor() ([]byte, []int) {
-	return fileDescriptor_803504887082f044, []int{0}
+	return fileDescriptor_803504887082f044, []int{1}
 }
 func (m *FlowDistinguisherMethod) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -74,7 +102,7 @@ var xxx_messageInfo_FlowDistinguisherMethod proto.InternalMessageInfo
 func (m *FlowSchema) Reset()      { *m = FlowSchema{} }
 func (*FlowSchema) ProtoMessage() {}
 func (*FlowSchema) Descriptor() ([]byte, []int) {
-	return fileDescriptor_803504887082f044, []int{1}
+	return fileDescriptor_803504887082f044, []int{2}
 }
 func (m *FlowSchema) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -102,7 +130,7 @@ var xxx_messageInfo_FlowSchema proto.InternalMessageInfo
 func (m *FlowSchemaCondition) Reset()      { *m = FlowSchemaCondition{} }
 func (*FlowSchemaCondition) ProtoMessage() {}
 func (*FlowSchemaCondition) Descriptor() ([]byte, []int) {
-	return fileDescriptor_803504887082f044, []int{2}
+	return fileDescriptor_803504887082f044, []int{3}
 }
 func (m *FlowSchemaCondition) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -130,7 +158,7 @@ var xxx_messageInfo_FlowSchemaCondition proto.InternalMessageInfo
 func (m *FlowSchemaList) Reset()      { *m = FlowSchemaList{} }
 func (*FlowSchemaList) ProtoMessage() {}
 func (*FlowSchemaList) Descriptor() ([]byte, []int) {
-	return fileDescriptor_803504887082f044, []int{3}
+	return fileDescriptor_803504887082f044, []int{4}
 }
 func (m *FlowSchemaList) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -158,7 +186,7 @@ var xxx_messageInfo_FlowSchemaList proto.InternalMessageInfo
 func (m *FlowSchemaSpec) Reset()      { *m = FlowSchemaSpec{} }
 func (*FlowSchemaSpec) ProtoMessage() {}
 func (*FlowSchemaSpec) Descriptor() ([]byte, []int) {
-	return fileDescriptor_803504887082f044, []int{4}
+	return fileDescriptor_803504887082f044, []int{5}
 }
 func (m *FlowSchemaSpec) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -186,7 +214,7 @@ var xxx_messageInfo_FlowSchemaSpec proto.InternalMessageInfo
 func (m *FlowSchemaStatus) Reset()      { *m = FlowSchemaStatus{} }
 func (*FlowSchemaStatus) ProtoMessage() {}
 func (*FlowSchemaStatus) Descriptor() ([]byte, []int) {
-	return fileDescriptor_803504887082f044, []int{5}
+	return fileDescriptor_803504887082f044, []int{6}
 }
 func (m *FlowSchemaStatus) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -214,7 +242,7 @@ var xxx_messageInfo_FlowSchemaStatus proto.InternalMessageInfo
 func (m *GroupSubject) Reset()      { *m = GroupSubject{} }
 func (*GroupSubject) ProtoMessage() {}
 func (*GroupSubject) Descriptor() ([]byte, []int) {
-	return fileDescriptor_803504887082f044, []int{6}
+	return fileDescriptor_803504887082f044, []int{7}
 }
 func (m *GroupSubject) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -242,7 +270,7 @@ var xxx_messageInfo_GroupSubject proto.InternalMessageInfo
 func (m *LimitResponse) Reset()      { *m = LimitResponse{} }
 func (*LimitResponse) ProtoMessage() {}
 func (*LimitResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptor_803504887082f044, []int{7}
+	return fileDescriptor_803504887082f044, []int{8}
 }
 func (m *LimitResponse) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -270,7 +298,7 @@ var xxx_messageInfo_LimitResponse proto.InternalMessageInfo
 func (m *LimitedPriorityLevelConfiguration) Reset()      { *m = LimitedPriorityLevelConfiguration{} }
 func (*LimitedPriorityLevelConfiguration) ProtoMessage() {}
 func (*LimitedPriorityLevelConfiguration) Descriptor() ([]byte, []int) {
-	return fileDescriptor_803504887082f044, []int{8}
+	return fileDescriptor_803504887082f044, []int{9}
 }
 func (m *LimitedPriorityLevelConfiguration) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -298,7 +326,7 @@ var xxx_messageInfo_LimitedPriorityLevelConfiguration proto.InternalMessageInfo
 func (m *NonResourcePolicyRule) Reset()      { *m = NonResourcePolicyRule{} }
 func (*NonResourcePolicyRule) ProtoMessage() {}
 func (*NonResourcePolicyRule) Descriptor() ([]byte, []int) {
-	return fileDescriptor_803504887082f044, []int{9}
+	return fileDescriptor_803504887082f044, []int{10}
 }
 func (m *NonResourcePolicyRule) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -326,7 +354,7 @@ var xxx_messageInfo_NonResourcePolicyRule proto.InternalMessageInfo
 func (m *PolicyRulesWithSubjects) Reset()      { *m = PolicyRulesWithSubjects{} }
 func (*PolicyRulesWithSubjects) ProtoMessage() {}
 func (*PolicyRulesWithSubjects) Descriptor() ([]byte, []int) {
-	return fileDescriptor_803504887082f044, []int{10}
+	return fileDescriptor_803504887082f044, []int{11}
 }
 func (m *PolicyRulesWithSubjects) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -354,7 +382,7 @@ var xxx_messageInfo_PolicyRulesWithSubjects proto.InternalMessageInfo
 func (m *PriorityLevelConfiguration) Reset()      { *m = PriorityLevelConfiguration{} }
 func (*PriorityLevelConfiguration) ProtoMessage() {}
 func (*PriorityLevelConfiguration) Descriptor() ([]byte, []int) {
-	return fileDescriptor_803504887082f044, []int{11}
+	return fileDescriptor_803504887082f044, []int{12}
 }
 func (m *PriorityLevelConfiguration) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -382,7 +410,7 @@ var xxx_messageInfo_PriorityLevelConfiguration proto.InternalMessageInfo
 func (m *PriorityLevelConfigurationCondition) Reset()      { *m = PriorityLevelConfigurationCondition{} }
 func (*PriorityLevelConfigurationCondition) ProtoMessage() {}
 func (*PriorityLevelConfigurationCondition) Descriptor() ([]byte, []int) {
-	return fileDescriptor_803504887082f044, []int{12}
+	return fileDescriptor_803504887082f044, []int{13}
 }
 func (m *PriorityLevelConfigurationCondition) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -410,7 +438,7 @@ var xxx_messageInfo_PriorityLevelConfigurationCondition proto.InternalMessageInf
 func (m *PriorityLevelConfigurationList) Reset()      { *m = PriorityLevelConfigurationList{} }
 func (*PriorityLevelConfigurationList) ProtoMessage() {}
 func (*PriorityLevelConfigurationList) Descriptor() ([]byte, []int) {
-	return fileDescriptor_803504887082f044, []int{13}
+	return fileDescriptor_803504887082f044, []int{14}
 }
 func (m *PriorityLevelConfigurationList) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -438,7 +466,7 @@ var xxx_messageInfo_PriorityLevelConfigurationList proto.InternalMessageInfo
 func (m *PriorityLevelConfigurationReference) Reset()      { *m = PriorityLevelConfigurationReference{} }
 func (*PriorityLevelConfigurationReference) ProtoMessage() {}
 func (*PriorityLevelConfigurationReference) Descriptor() ([]byte, []int) {
-	return fileDescriptor_803504887082f044, []int{14}
+	return fileDescriptor_803504887082f044, []int{15}
 }
 func (m *PriorityLevelConfigurationReference) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -466,7 +494,7 @@ var xxx_messageInfo_PriorityLevelConfigurationReference proto.InternalMessageInf
 func (m *PriorityLevelConfigurationSpec) Reset()      { *m = PriorityLevelConfigurationSpec{} }
 func (*PriorityLevelConfigurationSpec) ProtoMessage() {}
 func (*PriorityLevelConfigurationSpec) Descriptor() ([]byte, []int) {
-	return fileDescriptor_803504887082f044, []int{15}
+	return fileDescriptor_803504887082f044, []int{16}
 }
 func (m *PriorityLevelConfigurationSpec) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -494,7 +522,7 @@ var xxx_messageInfo_PriorityLevelConfigurationSpec proto.InternalMessageInfo
 func (m *PriorityLevelConfigurationStatus) Reset()      { *m = PriorityLevelConfigurationStatus{} }
 func (*PriorityLevelConfigurationStatus) ProtoMessage() {}
 func (*PriorityLevelConfigurationStatus) Descriptor() ([]byte, []int) {
-	return fileDescriptor_803504887082f044, []int{16}
+	return fileDescriptor_803504887082f044, []int{17}
 }
 func (m *PriorityLevelConfigurationStatus) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -522,7 +550,7 @@ var xxx_messageInfo_PriorityLevelConfigurationStatus proto.InternalMessageInfo
 func (m *QueuingConfiguration) Reset()      { *m = QueuingConfiguration{} }
 func (*QueuingConfiguration) ProtoMessage() {}
 func (*QueuingConfiguration) Descriptor() ([]byte, []int) {
-	return fileDescriptor_803504887082f044, []int{17}
+	return fileDescriptor_803504887082f044, []int{18}
 }
 func (m *QueuingConfiguration) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -550,7 +578,7 @@ var xxx_messageInfo_QueuingConfiguration proto.InternalMessageInfo
 func (m *ResourcePolicyRule) Reset()      { *m = ResourcePolicyRule{} }
 func (*ResourcePolicyRule) ProtoMessage() {}
 func (*ResourcePolicyRule) Descriptor() ([]byte, []int) {
-	return fileDescriptor_803504887082f044, []int{18}
+	return fileDescriptor_803504887082f044, []int{19}
 }
 func (m *ResourcePolicyRule) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -578,7 +606,7 @@ var xxx_messageInfo_ResourcePolicyRule proto.InternalMessageInfo
 func (m *ServiceAccountSubject) Reset()      { *m = ServiceAccountSubject{} }
 func (*ServiceAccountSubject) ProtoMessage() {}
 func (*ServiceAccountSubject) Descriptor() ([]byte, []int) {
-	return fileDescriptor_803504887082f044, []int{19}
+	return fileDescriptor_803504887082f044, []int{20}
 }
 func (m *ServiceAccountSubject) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -606,7 +634,7 @@ var xxx_messageInfo_ServiceAccountSubject proto.InternalMessageInfo
 func (m *Subject) Reset()      { *m = Subject{} }
 func (*Subject) ProtoMessage() {}
 func (*Subject) Descriptor() ([]byte, []int) {
-	return fileDescriptor_803504887082f044, []int{20}
+	return fileDescriptor_803504887082f044, []int{21}
 }
 func (m *Subject) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -634,7 +662,7 @@ var xxx_messageInfo_Subject proto.InternalMessageInfo
 func (m *UserSubject) Reset()      { *m = UserSubject{} }
 func (*UserSubject) ProtoMessage() {}
 func (*UserSubject) Descriptor() ([]byte, []int) {
-	return fileDescriptor_803504887082f044, []int{21}
+	return fileDescriptor_803504887082f044, []int{22}
 }
 func (m *UserSubject) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -660,6 +688,7 @@ func (m *UserSubject) XXX_DiscardUnknown() {
 var xxx_messageInfo_UserSubject proto.InternalMessageInfo
 
 func init() {
+	proto.RegisterType((*ExemptPriorityLevelConfiguration)(nil), "k8s.io.api.flowcontrol.v1beta3.ExemptPriorityLevelConfiguration")
 	proto.RegisterType((*FlowDistinguisherMethod)(nil), "k8s.io.api.flowcontrol.v1beta3.FlowDistinguisherMethod")
 	proto.RegisterType((*FlowSchema)(nil), "k8s.io.api.flowcontrol.v1beta3.FlowSchema")
 	proto.RegisterType((*FlowSchemaCondition)(nil), "k8s.io.api.flowcontrol.v1beta3.FlowSchemaCondition")
@@ -689,104 +718,141 @@ func init() {
 }
 
 var fileDescriptor_803504887082f044 = []byte{
-	// 1552 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x58, 0x4d, 0x6f, 0xdb, 0x46,
-	0x13, 0x36, 0x65, 0xc9, 0xb6, 0xd6, 0x9f, 0x59, 0xc7, 0xb0, 0x5e, 0x07, 0x90, 0x1c, 0xbe, 0xc0,
-	0x9b, 0xb7, 0x4d, 0x42, 0xe5, 0xb3, 0x49, 0x5b, 0xf4, 0x23, 0x74, 0xda, 0x34, 0x8d, 0xed, 0x38,
-	0xeb, 0xa4, 0x2d, 0xd2, 0x00, 0x0d, 0x45, 0xad, 0xa9, 0x8d, 0x25, 0x92, 0xd9, 0x25, 0x65, 0xb8,
-	0xb9, 0x14, 0xfd, 0x05, 0x3d, 0xb7, 0xc7, 0x1e, 0x7a, 0xef, 0x1f, 0xe8, 0xb1, 0x41, 0x4f, 0x39,
-	0xe6, 0xa4, 0x36, 0xea, 0xa9, 0xff, 0xa0, 0x0d, 0x50, 0xa0, 0xd8, 0xe5, 0x92, 0x14, 0xa9, 0x0f,
-	0x0a, 0x09, 0x90, 0x53, 0x6f, 0xe6, 0xcc, 0x33, 0xcf, 0xec, 0xcc, 0xce, 0xcc, 0x8e, 0x0c, 0xae,
-	0xed, 0x5f, 0x66, 0x1a, 0x71, 0xaa, 0xfb, 0x7e, 0x0d, 0x53, 0x1b, 0x7b, 0x98, 0x55, 0xdb, 0xd8,
-	0xae, 0x3b, 0xb4, 0x2a, 0x15, 0x86, 0x4b, 0xaa, 0x7b, 0x4d, 0xe7, 0xc0, 0x74, 0x6c, 0x8f, 0x3a,
-	0xcd, 0x6a, 0xfb, 0x6c, 0x0d, 0x7b, 0xc6, 0xf9, 0xaa, 0x85, 0x6d, 0x4c, 0x0d, 0x0f, 0xd7, 0x35,
-	0x97, 0x3a, 0x9e, 0x03, 0xcb, 0x01, 0x5e, 0x33, 0x5c, 0xa2, 0xf5, 0xe0, 0x35, 0x89, 0x5f, 0x3b,
-	0x6d, 0x11, 0xaf, 0xe1, 0xd7, 0x34, 0xd3, 0x69, 0x55, 0x2d, 0xc7, 0x72, 0xaa, 0xc2, 0xac, 0xe6,
-	0xef, 0x89, 0x2f, 0xf1, 0x21, 0xfe, 0x0a, 0xe8, 0xd6, 0x2e, 0xc4, 0xee, 0x5b, 0x86, 0xd9, 0x20,
-	0x36, 0xa6, 0x87, 0x55, 0x77, 0xdf, 0xe2, 0x02, 0x56, 0x6d, 0x61, 0xcf, 0xa8, 0xb6, 0xcf, 0xa6,
-	0x0f, 0xb1, 0x56, 0x1d, 0x66, 0x45, 0x7d, 0xdb, 0x23, 0x2d, 0xdc, 0x67, 0xf0, 0x46, 0x96, 0x01,
-	0x33, 0x1b, 0xb8, 0x65, 0xa4, 0xed, 0xd4, 0xbb, 0x60, 0xf5, 0xc3, 0xa6, 0x73, 0x70, 0x95, 0x30,
-	0x8f, 0xd8, 0x96, 0x4f, 0x58, 0x03, 0xd3, 0x2d, 0xec, 0x35, 0x9c, 0x3a, 0x7c, 0x0f, 0xe4, 0xbd,
-	0x43, 0x17, 0x97, 0x94, 0x75, 0xe5, 0xff, 0x45, 0xfd, 0xe4, 0xe3, 0x4e, 0x65, 0xa2, 0xdb, 0xa9,
-	0xe4, 0x6f, 0x1f, 0xba, 0xf8, 0x79, 0xa7, 0x72, 0x6c, 0x88, 0x19, 0x57, 0x23, 0x61, 0xa8, 0x7e,
-	0x9b, 0x03, 0x80, 0xa3, 0x76, 0x85, 0x6b, 0x78, 0x1f, 0xcc, 0xf0, 0x70, 0xeb, 0x86, 0x67, 0x08,
-	0xce, 0xd9, 0x73, 0x67, 0xb4, 0x38, 0xd7, 0xd1, 0xa9, 0x35, 0x77, 0xdf, 0xe2, 0x02, 0xa6, 0x71,
-	0xb4, 0xd6, 0x3e, 0xab, 0xdd, 0xac, 0x3d, 0xc0, 0xa6, 0xb7, 0x85, 0x3d, 0x43, 0x87, 0xf2, 0x14,
-	0x20, 0x96, 0xa1, 0x88, 0x15, 0xee, 0x80, 0x3c, 0x73, 0xb1, 0x59, 0xca, 0x09, 0x76, 0x4d, 0x1b,
-	0x7d, 0x93, 0x5a, 0x7c, 0xb6, 0x5d, 0x17, 0x9b, 0xfa, 0x5c, 0x18, 0x21, 0xff, 0x42, 0x82, 0x09,
-	0x7e, 0x06, 0xa6, 0x98, 0x67, 0x78, 0x3e, 0x2b, 0x4d, 0xf6, 0x9d, 0x38, 0x8b, 0x53, 0xd8, 0xe9,
-	0x0b, 0x92, 0x75, 0x2a, 0xf8, 0x46, 0x92, 0x4f, 0x7d, 0x9a, 0x03, 0xcb, 0x31, 0x78, 0xc3, 0xb1,
-	0xeb, 0xc4, 0x23, 0x8e, 0x0d, 0xdf, 0x4e, 0x64, 0xfd, 0x44, 0x2a, 0xeb, 0xab, 0x03, 0x4c, 0xe2,
-	0x8c, 0xc3, 0x37, 0xa3, 0xe3, 0xe6, 0x84, 0xf9, 0xf1, 0xa4, 0xf3, 0xe7, 0x9d, 0xca, 0x62, 0x64,
-	0x96, 0x3c, 0x0f, 0x6c, 0x03, 0xd8, 0x34, 0x98, 0x77, 0x9b, 0x1a, 0x36, 0x0b, 0x68, 0x49, 0x0b,
-	0xcb, 0xa8, 0x5f, 0x1f, 0xef, 0x9e, 0xb8, 0x85, 0xbe, 0x26, 0x5d, 0xc2, 0xcd, 0x3e, 0x36, 0x34,
-	0xc0, 0x03, 0xfc, 0x1f, 0x98, 0xa2, 0xd8, 0x60, 0x8e, 0x5d, 0xca, 0x8b, 0x23, 0x47, 0xf9, 0x42,
-	0x42, 0x8a, 0xa4, 0x16, 0xbe, 0x06, 0xa6, 0x5b, 0x98, 0x31, 0xc3, 0xc2, 0xa5, 0x82, 0x00, 0x2e,
-	0x4a, 0xe0, 0xf4, 0x56, 0x20, 0x46, 0xa1, 0x5e, 0xfd, 0x49, 0x01, 0x0b, 0x71, 0x9e, 0x36, 0x09,
-	0xf3, 0xe0, 0xbd, 0xbe, 0xda, 0xd3, 0xc6, 0x8b, 0x89, 0x5b, 0x8b, 0xca, 0x5b, 0x92, 0xee, 0x66,
-	0x42, 0x49, 0x4f, 0xdd, 0xdd, 0x04, 0x05, 0xe2, 0xe1, 0x16, 0xcf, 0xfa, 0x64, 0x2a, 0x5d, 0x19,
-	0x45, 0xa2, 0xcf, 0x4b, 0xda, 0xc2, 0x75, 0x4e, 0x80, 0x02, 0x1e, 0xf5, 0x8f, 0xc9, 0xde, 0x08,
-	0x78, 0x3d, 0xc2, 0x1f, 0x14, 0xb0, 0xe6, 0x52, 0xe2, 0x50, 0xe2, 0x1d, 0x6e, 0xe2, 0x36, 0x6e,
-	0x6e, 0x38, 0xf6, 0x1e, 0xb1, 0x7c, 0x6a, 0xf0, 0x54, 0xca, 0xa0, 0x36, 0xb2, 0x3c, 0xef, 0x0c,
-	0x65, 0x40, 0x78, 0x0f, 0x53, 0x6c, 0x9b, 0x58, 0x57, 0xe5, 0x91, 0xd6, 0x46, 0x80, 0x47, 0x1c,
-	0x05, 0x7e, 0x0c, 0x60, 0xcb, 0xf0, 0x78, 0x46, 0xad, 0x1d, 0x8a, 0x4d, 0x5c, 0xe7, 0xac, 0xa2,
-	0x20, 0x0b, 0x71, 0x75, 0x6c, 0xf5, 0x21, 0xd0, 0x00, 0x2b, 0xf8, 0xb5, 0x02, 0x96, 0xeb, 0xfd,
-	0x43, 0x46, 0xd6, 0xe5, 0xa5, 0x71, 0x12, 0x3d, 0x60, 0x46, 0xe9, 0xab, 0xdd, 0x4e, 0x65, 0x79,
-	0x80, 0x02, 0x0d, 0x72, 0x06, 0xef, 0x81, 0x02, 0xf5, 0x9b, 0x98, 0x95, 0xf2, 0xe2, 0x7a, 0x33,
-	0xbd, 0xee, 0x38, 0x4d, 0x62, 0x1e, 0x22, 0x6e, 0xf2, 0x29, 0xf1, 0x1a, 0xbb, 0xbe, 0x98, 0x55,
-	0x2c, 0xbe, 0x6b, 0xa1, 0x42, 0x01, 0xa9, 0xfa, 0x08, 0x2c, 0xa5, 0x87, 0x06, 0xb4, 0x00, 0x30,
-	0xc3, 0x3e, 0x65, 0x25, 0x45, 0xb8, 0x3d, 0x3f, 0x7e, 0x55, 0x45, 0x3d, 0x1e, 0xcf, 0xcb, 0x48,
-	0xc4, 0x50, 0x0f, 0xb5, 0x7a, 0x06, 0xcc, 0x5d, 0xa3, 0x8e, 0xef, 0xca, 0x33, 0xc2, 0x75, 0x90,
-	0xb7, 0x8d, 0x56, 0x38, 0x7d, 0xa2, 0x89, 0xb8, 0x6d, 0xb4, 0x30, 0x12, 0x1a, 0xf5, 0x7b, 0x05,
-	0xcc, 0x6f, 0x92, 0x16, 0xf1, 0x10, 0x66, 0xae, 0x63, 0x33, 0x0c, 0x2f, 0x26, 0x26, 0xd6, 0xf1,
-	0xd4, 0xc4, 0x3a, 0x92, 0x00, 0xf7, 0xcc, 0xaa, 0xcf, 0xc1, 0xf4, 0x43, 0x1f, 0xfb, 0xc4, 0xb6,
-	0xe4, 0xbc, 0xbe, 0x90, 0x15, 0xe0, 0xad, 0x00, 0x9e, 0xa8, 0x36, 0x7d, 0x96, 0x8f, 0x00, 0xa9,
-	0x41, 0x21, 0xa3, 0xfa, 0x77, 0x0e, 0x1c, 0x17, 0x8e, 0x71, 0x7d, 0x78, 0x15, 0xc3, 0x7b, 0xa0,
-	0x64, 0x3b, 0x2d, 0x62, 0x1b, 0x5c, 0x6e, 0xfa, 0x94, 0xd7, 0xff, 0xe1, 0x6e, 0xc3, 0xa0, 0x98,
-	0x89, 0x68, 0x0a, 0xfa, 0xba, 0x8c, 0xa6, 0xb4, 0x3d, 0x04, 0x87, 0x86, 0x32, 0xc0, 0x07, 0x60,
-	0xbe, 0xd9, 0x1b, 0xbb, 0x0c, 0xf3, 0x74, 0x56, 0x98, 0x89, 0x84, 0xe9, 0x2b, 0xf2, 0x04, 0xc9,
-	0xa4, 0xa3, 0x24, 0x35, 0x7c, 0x07, 0x2c, 0x36, 0xb1, 0x5d, 0x37, 0x6a, 0x4d, 0xbc, 0x83, 0xa9,
-	0x89, 0x6d, 0x4f, 0xb4, 0x48, 0x41, 0x5f, 0xee, 0x76, 0x2a, 0x8b, 0x9b, 0x49, 0x15, 0x4a, 0x63,
-	0xe1, 0x4d, 0xb0, 0x52, 0x73, 0x28, 0x75, 0x0e, 0x88, 0x6d, 0x09, 0x3f, 0x21, 0x49, 0x5e, 0x90,
-	0xfc, 0xa7, 0xdb, 0xa9, 0xac, 0xe8, 0x83, 0x00, 0x68, 0xb0, 0x9d, 0x7a, 0x00, 0x56, 0xb6, 0xf9,
-	0x4c, 0x61, 0x8e, 0x4f, 0x4d, 0x1c, 0x37, 0x04, 0xac, 0x80, 0x42, 0x1b, 0xd3, 0x5a, 0x50, 0xd4,
-	0x45, 0xbd, 0xc8, 0xdb, 0xe1, 0x13, 0x2e, 0x40, 0x81, 0x9c, 0x47, 0x62, 0xc7, 0x96, 0x77, 0xd0,
-	0x26, 0x2b, 0x4d, 0x09, 0xa8, 0x88, 0x64, 0x3b, 0xa9, 0x42, 0x69, 0xac, 0xda, 0xc9, 0x81, 0xd5,
-	0x21, 0xfd, 0x07, 0xef, 0x80, 0x19, 0x26, 0xff, 0x96, 0x3d, 0x75, 0x22, 0xeb, 0x2e, 0xa4, 0x6d,
-	0x3c, 0xfd, 0x43, 0x32, 0x14, 0x51, 0x41, 0x07, 0xcc, 0x53, 0x79, 0x04, 0xe1, 0x53, 0xbe, 0x02,
-	0xe7, 0xb2, 0xb8, 0xfb, 0xb3, 0x13, 0x5f, 0x36, 0xea, 0x25, 0x44, 0x49, 0x7e, 0xf8, 0x08, 0x2c,
-	0xf5, 0x84, 0x1d, 0xf8, 0x9c, 0x14, 0x3e, 0x2f, 0x66, 0xf9, 0x1c, 0x78, 0x29, 0x7a, 0x49, 0xba,
-	0x5d, 0xda, 0x4e, 0xd1, 0xa2, 0x3e, 0x47, 0xea, 0x2f, 0x39, 0x30, 0xe2, 0x61, 0x78, 0x05, 0x4b,
-	0xde, 0xfd, 0xc4, 0x92, 0xf7, 0xee, 0x8b, 0xbf, 0x78, 0x43, 0x97, 0xbe, 0x46, 0x6a, 0xe9, 0x7b,
-	0xff, 0x25, 0x7c, 0x8c, 0x5e, 0x02, 0xff, 0xcc, 0x81, 0xff, 0x0e, 0x37, 0x8e, 0x97, 0xc2, 0x1b,
-	0x89, 0x11, 0x7b, 0x29, 0x35, 0x62, 0x4f, 0x8c, 0x41, 0xf1, 0xef, 0x92, 0x98, 0x5a, 0x12, 0x7f,
-	0x55, 0x40, 0x79, 0x78, 0xde, 0x5e, 0xc1, 0xd2, 0xf8, 0x45, 0x72, 0x69, 0x7c, 0xeb, 0xc5, 0x8b,
-	0x6c, 0xc8, 0x12, 0x79, 0x6d, 0x54, 0x6d, 0x45, 0xeb, 0xde, 0x18, 0x4f, 0xfe, 0xcf, 0x23, 0x53,
-	0x25, 0xb6, 0xd3, 0x8c, 0x5f, 0x2d, 0x09, 0xeb, 0x0f, 0x6c, 0xfe, 0xf4, 0xb4, 0xf8, 0xeb, 0x11,
-	0x14, 0x64, 0x03, 0x4c, 0x37, 0x83, 0xb7, 0x5a, 0x36, 0xf5, 0x95, 0xb1, 0x9e, 0xc8, 0x51, 0x4f,
-	0x7b, 0xb0, 0x16, 0x48, 0x18, 0x0a, 0xe9, 0xd5, 0xef, 0x14, 0xb0, 0x9e, 0xd5, 0xac, 0xf0, 0x60,
-	0xc0, 0xf2, 0xf5, 0x12, 0x8b, 0xf5, 0xf8, 0xcb, 0xd8, 0x8f, 0x0a, 0x38, 0x3a, 0x68, 0xc7, 0xe1,
-	0xe5, 0xcf, 0x17, 0x9b, 0x68, 0x2b, 0x89, 0xca, 0xff, 0x96, 0x90, 0x22, 0xa9, 0x85, 0xa7, 0xc0,
-	0x4c, 0xc3, 0xb0, 0xeb, 0xbb, 0xe4, 0xcb, 0x70, 0xdf, 0x8e, 0x0a, 0xf0, 0x23, 0x29, 0x47, 0x11,
-	0x02, 0x5e, 0x05, 0x4b, 0xc2, 0x6e, 0x13, 0xdb, 0x96, 0xd7, 0x10, 0xb9, 0x92, 0x4b, 0x43, 0xf4,
-	0x1e, 0xdc, 0x4a, 0xe9, 0x51, 0x9f, 0x85, 0xfa, 0x97, 0x02, 0xe0, 0x8b, 0xbc, 0xf3, 0x27, 0x41,
-	0xd1, 0x70, 0x89, 0x58, 0x3e, 0x83, 0x16, 0x28, 0xea, 0xf3, 0xdd, 0x4e, 0xa5, 0x78, 0x65, 0xe7,
-	0x7a, 0x20, 0x44, 0xb1, 0x9e, 0x83, 0xc3, 0x27, 0x30, 0x78, 0xea, 0x24, 0x38, 0x74, 0xcc, 0x50,
-	0xac, 0x87, 0x97, 0xc1, 0x9c, 0xd9, 0xf4, 0x99, 0x87, 0xe9, 0xae, 0xe9, 0xb8, 0x58, 0x8c, 0x8c,
-	0x19, 0xfd, 0xa8, 0x8c, 0x69, 0x6e, 0xa3, 0x47, 0x87, 0x12, 0x48, 0xa8, 0x01, 0xc0, 0x0b, 0x9e,
-	0xb9, 0x06, 0xf7, 0x53, 0x10, 0x7e, 0x16, 0xf8, 0x85, 0x6d, 0x47, 0x52, 0xd4, 0x83, 0x50, 0x1f,
-	0x80, 0x95, 0x5d, 0x4c, 0xdb, 0xc4, 0xc4, 0x57, 0x4c, 0xd3, 0xf1, 0x6d, 0x2f, 0x5c, 0xa3, 0xab,
-	0xa0, 0x18, 0xc1, 0x64, 0x4f, 0x1c, 0x91, 0xfe, 0x8b, 0x11, 0x17, 0x8a, 0x31, 0x51, 0x13, 0xe6,
-	0x86, 0x37, 0x61, 0x0e, 0x4c, 0xc7, 0xf4, 0xf9, 0x7d, 0x62, 0xd7, 0x25, 0xf3, 0xb1, 0x10, 0x7d,
-	0x83, 0xd8, 0xf5, 0xe7, 0x9d, 0xca, 0xac, 0x84, 0xf1, 0x4f, 0x24, 0x80, 0xf0, 0x3a, 0xc8, 0xfb,
-	0x0c, 0x53, 0xd9, 0x5e, 0x27, 0xb3, 0x8a, 0xf9, 0x0e, 0xc3, 0x34, 0xdc, 0x7c, 0x66, 0x38, 0x33,
-	0x17, 0x20, 0x41, 0x01, 0xb7, 0x40, 0xc1, 0xe2, 0x97, 0x22, 0xa7, 0xfe, 0xa9, 0x2c, 0xae, 0xde,
-	0x9f, 0x17, 0x41, 0x19, 0x08, 0x09, 0x0a, 0x58, 0xe0, 0x43, 0xb0, 0xc0, 0x12, 0x29, 0x14, 0xd7,
-	0x35, 0xc6, 0x26, 0x33, 0x30, 0xf1, 0x3a, 0xec, 0x76, 0x2a, 0x0b, 0x49, 0x15, 0x4a, 0x39, 0x50,
-	0xab, 0x60, 0xb6, 0x27, 0xc0, 0xec, 0xf9, 0xa7, 0x5f, 0x7d, 0xfc, 0xac, 0x3c, 0xf1, 0xe4, 0x59,
-	0x79, 0xe2, 0xe9, 0xb3, 0xf2, 0xc4, 0x57, 0xdd, 0xb2, 0xf2, 0xb8, 0x5b, 0x56, 0x9e, 0x74, 0xcb,
-	0xca, 0xd3, 0x6e, 0x59, 0xf9, 0xad, 0x5b, 0x56, 0xbe, 0xf9, 0xbd, 0x3c, 0x71, 0xb7, 0x3c, 0xfa,
-	0xff, 0x8c, 0xff, 0x04, 0x00, 0x00, 0xff, 0xff, 0x98, 0x4a, 0x24, 0x86, 0xa1, 0x14, 0x00, 0x00,
+	// 1604 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x58, 0xcb, 0x73, 0xdb, 0x54,
+	0x17, 0x8f, 0x1c, 0x3b, 0x89, 0x4f, 0x9e, 0xbd, 0x69, 0x26, 0xfe, 0xd2, 0x6f, 0xec, 0x54, 0xdf,
+	0xcc, 0x57, 0xa0, 0xad, 0xdc, 0x27, 0x2d, 0x30, 0x3c, 0xaa, 0xb4, 0x94, 0xd2, 0x24, 0x4d, 0x6f,
+	0x5a, 0xe8, 0x94, 0xce, 0x50, 0x59, 0xbe, 0xb1, 0xd5, 0x58, 0x8f, 0xea, 0x4a, 0x0e, 0xa1, 0x1b,
+	0x86, 0xbf, 0x80, 0x35, 0x2c, 0x59, 0xb0, 0x62, 0xc3, 0x96, 0x05, 0x4b, 0x3a, 0xac, 0xba, 0xec,
+	0xca, 0x50, 0xb3, 0xe2, 0x3f, 0x80, 0xce, 0x30, 0xc3, 0xdc, 0xab, 0x2b, 0xc9, 0xf2, 0x4b, 0x9e,
+	0x74, 0xa6, 0x2b, 0x76, 0xd1, 0x79, 0xfc, 0xce, 0xbd, 0xe7, 0x9e, 0xc7, 0xcf, 0x81, 0xab, 0xbb,
+	0x17, 0xa9, 0x62, 0xd8, 0xe5, 0x5d, 0xbf, 0x42, 0x5c, 0x8b, 0x78, 0x84, 0x96, 0x9b, 0xc4, 0xaa,
+	0xda, 0x6e, 0x59, 0x28, 0x34, 0xc7, 0x28, 0xef, 0x34, 0xec, 0x3d, 0xdd, 0xb6, 0x3c, 0xd7, 0x6e,
+	0x94, 0x9b, 0xa7, 0x2b, 0xc4, 0xd3, 0xce, 0x96, 0x6b, 0xc4, 0x22, 0xae, 0xe6, 0x91, 0xaa, 0xe2,
+	0xb8, 0xb6, 0x67, 0xa3, 0x62, 0x60, 0xaf, 0x68, 0x8e, 0xa1, 0x74, 0xd8, 0x2b, 0xc2, 0x7e, 0xe5,
+	0x64, 0xcd, 0xf0, 0xea, 0x7e, 0x45, 0xd1, 0x6d, 0xb3, 0x5c, 0xb3, 0x6b, 0x76, 0x99, 0xbb, 0x55,
+	0xfc, 0x1d, 0xfe, 0xc5, 0x3f, 0xf8, 0x5f, 0x01, 0xdc, 0xca, 0xb9, 0x38, 0xbc, 0xa9, 0xe9, 0x75,
+	0xc3, 0x22, 0xee, 0x7e, 0xd9, 0xd9, 0xad, 0x31, 0x01, 0x2d, 0x9b, 0xc4, 0xd3, 0xca, 0xcd, 0xd3,
+	0xdd, 0x87, 0x58, 0x29, 0x0f, 0xf2, 0x72, 0x7d, 0xcb, 0x33, 0x4c, 0xd2, 0xe3, 0xf0, 0x7a, 0x9a,
+	0x03, 0xd5, 0xeb, 0xc4, 0xd4, 0xba, 0xfd, 0xe4, 0x1f, 0x25, 0x58, 0xbd, 0xf2, 0x19, 0x31, 0x1d,
+	0x6f, 0xcb, 0x35, 0x6c, 0xd7, 0xf0, 0xf6, 0xd7, 0x49, 0x93, 0x34, 0xd6, 0x6c, 0x6b, 0xc7, 0xa8,
+	0xf9, 0xae, 0xe6, 0x19, 0xb6, 0x85, 0xee, 0x40, 0xc1, 0xb2, 0x4d, 0xc3, 0xd2, 0x98, 0x5c, 0xf7,
+	0x5d, 0x97, 0x58, 0xfa, 0xfe, 0x76, 0x5d, 0x73, 0x09, 0x2d, 0x48, 0xab, 0xd2, 0x2b, 0x39, 0xf5,
+	0xbf, 0xed, 0x56, 0xa9, 0xb0, 0x39, 0xc0, 0x06, 0x0f, 0xf4, 0x46, 0x6f, 0xc3, 0x7c, 0x83, 0x58,
+	0x55, 0xad, 0xd2, 0x20, 0x5b, 0xc4, 0xd5, 0x89, 0xe5, 0x15, 0x32, 0x1c, 0x70, 0xb1, 0xdd, 0x2a,
+	0xcd, 0xaf, 0x27, 0x55, 0xb8, 0xdb, 0x56, 0xbe, 0x0b, 0xcb, 0xef, 0x37, 0xec, 0xbd, 0xcb, 0x06,
+	0xf5, 0x0c, 0xab, 0xe6, 0x1b, 0xb4, 0x4e, 0xdc, 0x0d, 0xe2, 0xd5, 0xed, 0x2a, 0x7a, 0x17, 0xb2,
+	0xde, 0xbe, 0x43, 0xf8, 0xf9, 0xf2, 0xea, 0xf1, 0xc7, 0xad, 0xd2, 0x58, 0xbb, 0x55, 0xca, 0xde,
+	0xda, 0x77, 0xc8, 0xf3, 0x56, 0xe9, 0xc8, 0x00, 0x37, 0xa6, 0xc6, 0xdc, 0x51, 0xfe, 0x3a, 0x03,
+	0xc0, 0xac, 0xb6, 0x79, 0xe2, 0xd0, 0x7d, 0x98, 0x62, 0x8f, 0x55, 0xd5, 0x3c, 0x8d, 0x63, 0x4e,
+	0x9f, 0x39, 0xa5, 0xc4, 0x95, 0x12, 0xe5, 0x5c, 0x71, 0x76, 0x6b, 0x4c, 0x40, 0x15, 0x66, 0xad,
+	0x34, 0x4f, 0x2b, 0x37, 0x2a, 0x0f, 0x88, 0xee, 0x6d, 0x10, 0x4f, 0x53, 0x91, 0x38, 0x05, 0xc4,
+	0x32, 0x1c, 0xa1, 0xa2, 0x2d, 0xc8, 0x52, 0x87, 0xe8, 0x3c, 0x01, 0xd3, 0x67, 0x14, 0x65, 0x78,
+	0x1d, 0x2a, 0xf1, 0xd9, 0xb6, 0x1d, 0xa2, 0xab, 0x33, 0xe1, 0x0d, 0xd9, 0x17, 0xe6, 0x48, 0xe8,
+	0x0e, 0x4c, 0x50, 0x4f, 0xf3, 0x7c, 0x5a, 0x18, 0xef, 0x39, 0x71, 0x1a, 0x26, 0xf7, 0x53, 0xe7,
+	0x04, 0xea, 0x44, 0xf0, 0x8d, 0x05, 0x9e, 0xfc, 0x34, 0x03, 0x8b, 0xb1, 0xf1, 0x9a, 0x6d, 0x55,
+	0x0d, 0x5e, 0x29, 0x6f, 0x25, 0xb2, 0x7e, 0xac, 0x2b, 0xeb, 0xcb, 0x7d, 0x5c, 0xe2, 0x8c, 0xa3,
+	0x37, 0xa2, 0xe3, 0x66, 0xb8, 0xfb, 0xd1, 0x64, 0xf0, 0xe7, 0xad, 0xd2, 0x7c, 0xe4, 0x96, 0x3c,
+	0x0f, 0x6a, 0x02, 0x6a, 0x68, 0xd4, 0xbb, 0xe5, 0x6a, 0x16, 0x0d, 0x60, 0x0d, 0x93, 0x88, 0x5b,
+	0xbf, 0x36, 0xda, 0x3b, 0x31, 0x0f, 0x75, 0x45, 0x84, 0x44, 0xeb, 0x3d, 0x68, 0xb8, 0x4f, 0x04,
+	0xf4, 0x7f, 0x98, 0x70, 0x89, 0x46, 0x6d, 0xab, 0x90, 0xe5, 0x47, 0x8e, 0xf2, 0x85, 0xb9, 0x14,
+	0x0b, 0x2d, 0x7a, 0x15, 0x26, 0x4d, 0x42, 0xa9, 0x56, 0x23, 0x85, 0x1c, 0x37, 0x9c, 0x17, 0x86,
+	0x93, 0x1b, 0x81, 0x18, 0x87, 0x7a, 0xf9, 0x27, 0x09, 0xe6, 0xe2, 0x3c, 0xad, 0x1b, 0xd4, 0x43,
+	0xf7, 0x7a, 0x6a, 0x4f, 0x19, 0xed, 0x4e, 0xcc, 0x9b, 0x57, 0xde, 0x82, 0x08, 0x37, 0x15, 0x4a,
+	0x3a, 0xea, 0xee, 0x06, 0xe4, 0x0c, 0x8f, 0x98, 0x2c, 0xeb, 0xe3, 0x5d, 0xe9, 0x4a, 0x29, 0x12,
+	0x75, 0x56, 0xc0, 0xe6, 0xae, 0x31, 0x00, 0x1c, 0xe0, 0xc8, 0x7f, 0x8c, 0x77, 0xde, 0x80, 0xd5,
+	0x23, 0xfa, 0x4e, 0x82, 0x15, 0x67, 0xe0, 0x80, 0x11, 0x97, 0x5a, 0x4b, 0x8b, 0x3c, 0x78, 0x44,
+	0x61, 0xb2, 0x43, 0xd8, 0x5c, 0x21, 0xaa, 0x2c, 0x8e, 0xb4, 0x32, 0xc4, 0x78, 0xc8, 0x51, 0xd0,
+	0x87, 0x80, 0x4c, 0xcd, 0x63, 0x19, 0xad, 0x6d, 0xb9, 0x44, 0x27, 0x55, 0x86, 0x2a, 0x86, 0x52,
+	0x54, 0x1d, 0x1b, 0x3d, 0x16, 0xb8, 0x8f, 0x17, 0xfa, 0x52, 0x82, 0xc5, 0x6a, 0xef, 0x90, 0x11,
+	0x75, 0x79, 0x61, 0x94, 0x44, 0xf7, 0x99, 0x51, 0xea, 0x72, 0xbb, 0x55, 0x5a, 0xec, 0xa3, 0xc0,
+	0xfd, 0x82, 0xa1, 0x7b, 0x90, 0x73, 0xfd, 0x06, 0xa1, 0x85, 0x2c, 0x7f, 0xde, 0xd4, 0xa8, 0x5b,
+	0x76, 0xc3, 0xd0, 0xf7, 0x31, 0x73, 0xf9, 0xd8, 0xf0, 0xea, 0xdb, 0x3e, 0x9f, 0x55, 0x34, 0x7e,
+	0x6b, 0xae, 0xc2, 0x01, 0xa8, 0xfc, 0x08, 0x16, 0xba, 0x87, 0x06, 0xaa, 0x01, 0xe8, 0x61, 0x9f,
+	0xb2, 0x05, 0xc1, 0xc2, 0x9e, 0x1d, 0xbd, 0xaa, 0xa2, 0x1e, 0x8f, 0xe7, 0x65, 0x24, 0xa2, 0xb8,
+	0x03, 0x5a, 0x3e, 0x05, 0x33, 0x57, 0x5d, 0xdb, 0x77, 0xc4, 0x19, 0xd1, 0x2a, 0x64, 0x2d, 0xcd,
+	0x0c, 0xa7, 0x4f, 0x34, 0x11, 0x37, 0x35, 0x93, 0x60, 0xae, 0x91, 0xbf, 0x95, 0x60, 0x76, 0xdd,
+	0x30, 0x0d, 0x0f, 0x13, 0xea, 0xd8, 0x16, 0x25, 0xe8, 0x7c, 0x62, 0x62, 0x1d, 0xed, 0x9a, 0x58,
+	0x87, 0x12, 0xc6, 0x1d, 0xb3, 0xea, 0x13, 0x98, 0x7c, 0xe8, 0x13, 0xdf, 0xb0, 0x6a, 0x62, 0x5e,
+	0x9f, 0x4b, 0xbb, 0xe0, 0xcd, 0xc0, 0x3c, 0x51, 0x6d, 0xea, 0x34, 0x1b, 0x01, 0x42, 0x83, 0x43,
+	0x44, 0xf9, 0xef, 0x0c, 0x1c, 0xe5, 0x81, 0x49, 0x75, 0xc8, 0x56, 0xbe, 0x97, 0xba, 0x95, 0x57,
+	0xc5, 0x6d, 0x0e, 0xb2, 0x99, 0x1f, 0xc0, 0x6c, 0xa3, 0xf3, 0xee, 0xe2, 0x9a, 0x27, 0xd3, 0xae,
+	0x99, 0x48, 0x98, 0xba, 0x24, 0x4e, 0x90, 0x4c, 0x3a, 0x4e, 0x42, 0xf7, 0x63, 0x01, 0xe3, 0xa3,
+	0xb3, 0x00, 0x74, 0x03, 0x96, 0x2a, 0xb6, 0xeb, 0xda, 0x7b, 0x86, 0x55, 0xe3, 0x71, 0x42, 0x90,
+	0x2c, 0x07, 0xf9, 0x4f, 0xbb, 0x55, 0x5a, 0x52, 0xfb, 0x19, 0xe0, 0xfe, 0x7e, 0xf2, 0x1e, 0x2c,
+	0x6d, 0xb2, 0x99, 0x42, 0x6d, 0xdf, 0xd5, 0x49, 0xdc, 0x10, 0xa8, 0x04, 0xb9, 0x26, 0x71, 0x2b,
+	0x41, 0x51, 0xe7, 0xd5, 0x3c, 0x6b, 0x87, 0x8f, 0x98, 0x00, 0x07, 0x72, 0x76, 0x13, 0x2b, 0xf6,
+	0xbc, 0x8d, 0xd7, 0x69, 0x61, 0x82, 0x9b, 0xf2, 0x9b, 0x6c, 0x26, 0x55, 0xb8, 0xdb, 0x56, 0x6e,
+	0x65, 0x60, 0x79, 0x40, 0xff, 0xa1, 0xdb, 0x30, 0x45, 0xc5, 0xdf, 0xa2, 0xa7, 0x8e, 0xa5, 0xbd,
+	0x85, 0xf0, 0x8d, 0xa7, 0x7f, 0x08, 0x86, 0x23, 0x28, 0x64, 0xc3, 0xac, 0x2b, 0x8e, 0xc0, 0x63,
+	0x8a, 0x2d, 0x70, 0x26, 0x0d, 0xbb, 0x37, 0x3b, 0xf1, 0x63, 0xe3, 0x4e, 0x40, 0x9c, 0xc4, 0x47,
+	0x8f, 0x60, 0xa1, 0xe3, 0xda, 0x41, 0xcc, 0x71, 0x1e, 0xf3, 0x7c, 0x5a, 0xcc, 0xbe, 0x8f, 0xa2,
+	0x16, 0x44, 0xd8, 0x85, 0xcd, 0x2e, 0x58, 0xdc, 0x13, 0x48, 0xfe, 0x25, 0x03, 0x43, 0x16, 0xc3,
+	0x4b, 0x20, 0x79, 0xf7, 0x13, 0x24, 0xef, 0x9d, 0x83, 0x6f, 0xbc, 0x81, 0xa4, 0xaf, 0xde, 0x45,
+	0xfa, 0xde, 0x7b, 0x81, 0x18, 0xc3, 0x49, 0xe0, 0x9f, 0x19, 0xf8, 0xdf, 0x60, 0xe7, 0x98, 0x14,
+	0x5e, 0x4f, 0x8c, 0xd8, 0x0b, 0x5d, 0x23, 0xf6, 0xd8, 0x08, 0x10, 0xff, 0x92, 0xc4, 0x2e, 0x92,
+	0xf8, 0xab, 0x04, 0xc5, 0xc1, 0x79, 0x7b, 0x09, 0xa4, 0xf1, 0xd3, 0x24, 0x69, 0x7c, 0xf3, 0xe0,
+	0x45, 0x36, 0x80, 0x44, 0x5e, 0x1d, 0x56, 0x5b, 0x11, 0xdd, 0x1b, 0x61, 0xe5, 0x7f, 0x9f, 0x19,
+	0x96, 0x2a, 0xce, 0x4e, 0x53, 0x7e, 0xb5, 0x24, 0xbc, 0xaf, 0x58, 0x6c, 0xf5, 0x98, 0x6c, 0x7b,
+	0x04, 0x05, 0x59, 0x87, 0xc9, 0x46, 0xb0, 0xab, 0x45, 0x53, 0x5f, 0x1a, 0x69, 0x45, 0x0e, 0x5b,
+	0xed, 0x01, 0x2d, 0x10, 0x66, 0x38, 0x84, 0x47, 0x55, 0x98, 0x20, 0xfc, 0xa7, 0xfa, 0xa8, 0x9d,
+	0x9d, 0xf6, 0xc3, 0x5e, 0x05, 0x56, 0x85, 0x81, 0x15, 0x16, 0xd8, 0xf2, 0x37, 0x12, 0xac, 0xa6,
+	0x8d, 0x04, 0xb4, 0xd7, 0x87, 0xe2, 0xbd, 0x00, 0x7d, 0x1f, 0x9d, 0xf2, 0xfd, 0x20, 0xc1, 0xe1,
+	0x7e, 0x4c, 0x8a, 0x35, 0x19, 0xa3, 0x4f, 0x11, 0xf7, 0x89, 0x9a, 0xec, 0x26, 0x97, 0x62, 0xa1,
+	0x45, 0x27, 0x60, 0xaa, 0xae, 0x59, 0xd5, 0x6d, 0xe3, 0xf3, 0x90, 0xd5, 0x47, 0x65, 0xfe, 0x81,
+	0x90, 0xe3, 0xc8, 0x02, 0x5d, 0x86, 0x05, 0xee, 0xb7, 0x4e, 0xac, 0x9a, 0x57, 0xe7, 0x2f, 0x22,
+	0xa8, 0x49, 0xb4, 0x75, 0x6e, 0x76, 0xe9, 0x71, 0x8f, 0x87, 0xfc, 0x97, 0x04, 0xe8, 0x20, 0x6c,
+	0xe2, 0x38, 0xe4, 0x35, 0xc7, 0xe0, 0x14, 0x37, 0x68, 0xb4, 0xbc, 0x3a, 0xdb, 0x6e, 0x95, 0xf2,
+	0x97, 0xb6, 0xae, 0x05, 0x42, 0x1c, 0xeb, 0x99, 0x71, 0xb8, 0x68, 0x83, 0x85, 0x2a, 0x8c, 0xc3,
+	0xc0, 0x14, 0xc7, 0x7a, 0x74, 0x11, 0x66, 0xf4, 0x86, 0x4f, 0x3d, 0xe2, 0x6e, 0xeb, 0xb6, 0x43,
+	0xf8, 0x60, 0x9a, 0x52, 0x0f, 0x8b, 0x3b, 0xcd, 0xac, 0x75, 0xe8, 0x70, 0xc2, 0x12, 0x29, 0x00,
+	0xac, 0xad, 0xa8, 0xa3, 0xb1, 0x38, 0x39, 0x1e, 0x67, 0x8e, 0x3d, 0xd8, 0x66, 0x24, 0xc5, 0x1d,
+	0x16, 0xf2, 0x03, 0x58, 0xda, 0x26, 0x6e, 0xd3, 0xd0, 0xc9, 0x25, 0x5d, 0xb7, 0x7d, 0xcb, 0x0b,
+	0xc9, 0x7a, 0x19, 0xf2, 0x91, 0x99, 0xe8, 0xbc, 0x43, 0x22, 0x7e, 0x3e, 0xc2, 0xc2, 0xb1, 0x4d,
+	0xd4, 0xea, 0x99, 0x81, 0xad, 0xfe, 0x73, 0x06, 0x26, 0x63, 0xf8, 0xec, 0xae, 0x61, 0x55, 0x05,
+	0xf2, 0x91, 0xd0, 0xfa, 0xba, 0x61, 0x55, 0x9f, 0xb7, 0x4a, 0xd3, 0xc2, 0x8c, 0x7d, 0x62, 0x6e,
+	0x88, 0xae, 0x41, 0xd6, 0xa7, 0xc4, 0x15, 0x4d, 0x7c, 0x3c, 0xad, 0x98, 0x6f, 0x53, 0xe2, 0x86,
+	0xfc, 0x6a, 0x8a, 0x21, 0x33, 0x01, 0xe6, 0x10, 0x68, 0x03, 0x72, 0x35, 0xf6, 0x28, 0xa2, 0x4f,
+	0x4f, 0xa4, 0x61, 0x75, 0xfe, 0x88, 0x09, 0xca, 0x80, 0x4b, 0x70, 0x80, 0x82, 0x1e, 0xc2, 0x1c,
+	0x4d, 0xa4, 0x90, 0x3f, 0xd7, 0x08, 0x7c, 0xa9, 0x6f, 0xe2, 0x55, 0xd4, 0x6e, 0x95, 0xe6, 0x92,
+	0x2a, 0xdc, 0x15, 0x40, 0x2e, 0xc3, 0x74, 0xc7, 0x05, 0xd3, 0xa7, 0xac, 0x7a, 0xf9, 0xf1, 0xb3,
+	0xe2, 0xd8, 0x93, 0x67, 0xc5, 0xb1, 0xa7, 0xcf, 0x8a, 0x63, 0x5f, 0xb4, 0x8b, 0xd2, 0xe3, 0x76,
+	0x51, 0x7a, 0xd2, 0x2e, 0x4a, 0x4f, 0xdb, 0x45, 0xe9, 0xb7, 0x76, 0x51, 0xfa, 0xea, 0xf7, 0xe2,
+	0xd8, 0xdd, 0xe2, 0xf0, 0xff, 0xc5, 0xfe, 0x13, 0x00, 0x00, 0xff, 0xff, 0x1d, 0xc5, 0x22, 0x46,
+	0xc5, 0x15, 0x00, 0x00,
+}
+
+func (m *ExemptPriorityLevelConfiguration) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *ExemptPriorityLevelConfiguration) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ExemptPriorityLevelConfiguration) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.LendablePercent != nil {
+		i = encodeVarintGenerated(dAtA, i, uint64(*m.LendablePercent))
+		i--
+		dAtA[i] = 0x10
+	}
+	if m.NominalConcurrencyShares != nil {
+		i = encodeVarintGenerated(dAtA, i, uint64(*m.NominalConcurrencyShares))
+		i--
+		dAtA[i] = 0x8
+	}
+	return len(dAtA) - i, nil
 }
 
 func (m *FlowDistinguisherMethod) Marshal() (dAtA []byte, err error) {
@@ -1490,6 +1556,18 @@ func (m *PriorityLevelConfigurationSpec) MarshalToSizedBuffer(dAtA []byte) (int,
 	_ = i
 	var l int
 	_ = l
+	if m.Exempt != nil {
+		{
+			size, err := m.Exempt.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintGenerated(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x1a
+	}
 	if m.Limited != nil {
 		{
 			size, err := m.Limited.MarshalToSizedBuffer(dAtA[:i])
@@ -1782,6 +1860,21 @@ func encodeVarintGenerated(dAtA []byte, offset int, v uint64) int {
 	dAtA[offset] = uint8(v)
 	return base
 }
+func (m *ExemptPriorityLevelConfiguration) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.NominalConcurrencyShares != nil {
+		n += 1 + sovGenerated(uint64(*m.NominalConcurrencyShares))
+	}
+	if m.LendablePercent != nil {
+		n += 1 + sovGenerated(uint64(*m.LendablePercent))
+	}
+	return n
+}
+
 func (m *FlowDistinguisherMethod) Size() (n int) {
 	if m == nil {
 		return 0
@@ -2047,6 +2140,10 @@ func (m *PriorityLevelConfigurationSpec) Size() (n int) {
 		l = m.Limited.Size()
 		n += 1 + l + sovGenerated(uint64(l))
 	}
+	if m.Exempt != nil {
+		l = m.Exempt.Size()
+		n += 1 + l + sovGenerated(uint64(l))
+	}
 	return n
 }
 
@@ -2164,6 +2261,17 @@ func sovGenerated(x uint64) (n int) {
 func sozGenerated(x uint64) (n int) {
 	return sovGenerated(uint64((x << 1) ^ uint64((int64(x) >> 63))))
 }
+func (this *ExemptPriorityLevelConfiguration) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&ExemptPriorityLevelConfiguration{`,
+		`NominalConcurrencyShares:` + valueToStringGenerated(this.NominalConcurrencyShares) + `,`,
+		`LendablePercent:` + valueToStringGenerated(this.LendablePercent) + `,`,
+		`}`,
+	}, "")
+	return s
+}
 func (this *FlowDistinguisherMethod) String() string {
 	if this == nil {
 		return "nil"
@@ -2380,6 +2488,7 @@ func (this *PriorityLevelConfigurationSpec) String() string {
 	s := strings.Join([]string{`&PriorityLevelConfigurationSpec{`,
 		`Type:` + fmt.Sprintf("%v", this.Type) + `,`,
 		`Limited:` + strings.Replace(this.Limited.String(), "LimitedPriorityLevelConfiguration", "LimitedPriorityLevelConfiguration", 1) + `,`,
+		`Exempt:` + strings.Replace(this.Exempt.String(), "ExemptPriorityLevelConfiguration", "ExemptPriorityLevelConfiguration", 1) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -2467,6 +2576,96 @@ func valueToStringGenerated(v interface{}) string {
 	pv := reflect.Indirect(rv).Interface()
 	return fmt.Sprintf("*%v", pv)
 }
+func (m *ExemptPriorityLevelConfiguration) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGenerated
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: ExemptPriorityLevelConfiguration: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: ExemptPriorityLevelConfiguration: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field NominalConcurrencyShares", wireType)
+			}
+			var v int32
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int32(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			m.NominalConcurrencyShares = &v
+		case 2:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field LendablePercent", wireType)
+			}
+			var v int32
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int32(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			m.LendablePercent = &v
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGenerated(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
 func (m *FlowDistinguisherMethod) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
@@ -4546,6 +4745,42 @@ func (m *PriorityLevelConfigurationSpec) Unmarshal(dAtA []byte) error {
 				return err
 			}
 			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Exempt", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Exempt == nil {
+				m.Exempt = &ExemptPriorityLevelConfiguration{}
+			}
+			if err := m.Exempt.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipGenerated(dAtA[iNdEx:])
diff --git a/vendor/k8s.io/api/flowcontrol/v1beta3/generated.proto b/vendor/k8s.io/api/flowcontrol/v1beta3/generated.proto
index adf9e8682c..eda0f7829e 100644
--- a/vendor/k8s.io/api/flowcontrol/v1beta3/generated.proto
+++ b/vendor/k8s.io/api/flowcontrol/v1beta3/generated.proto
@@ -28,6 +28,40 @@ import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto";
 // Package-wide variables from generator "generated".
 option go_package = "k8s.io/api/flowcontrol/v1beta3";
 
+// ExemptPriorityLevelConfiguration describes the configurable aspects
+// of the handling of exempt requests.
+// In the mandatory exempt configuration object the values in the fields
+// here can be modified by authorized users, unlike the rest of the `spec`.
+message ExemptPriorityLevelConfiguration {
+  // `nominalConcurrencyShares` (NCS) contributes to the computation of the
+  // NominalConcurrencyLimit (NominalCL) of this level.
+  // This is the number of execution seats nominally reserved for this priority level.
+  // This DOES NOT limit the dispatching from this priority level
+  // but affects the other priority levels through the borrowing mechanism.
+  // The server's concurrency limit (ServerCL) is divided among all the
+  // priority levels in proportion to their NCS values:
+  //
+  // NominalCL(i)  = ceil( ServerCL * NCS(i) / sum_ncs )
+  // sum_ncs = sum[priority level k] NCS(k)
+  //
+  // Bigger numbers mean a larger nominal concurrency limit,
+  // at the expense of every other priority level.
+  // This field has a default value of zero.
+  // +optional
+  optional int32 nominalConcurrencyShares = 1;
+
+  // `lendablePercent` prescribes the fraction of the level's NominalCL that
+  // can be borrowed by other priority levels.  This value of this
+  // field must be between 0 and 100, inclusive, and it defaults to 0.
+  // The number of seats that other levels can borrow from this level, known
+  // as this level's LendableConcurrencyLimit (LendableCL), is defined as follows.
+  //
+  // LendableCL(i) = round( NominalCL(i) * lendablePercent(i)/100.0 )
+  //
+  // +optional
+  optional int32 lendablePercent = 2;
+}
+
 // FlowDistinguisherMethod specifies the method of a flow distinguisher.
 message FlowDistinguisherMethod {
   // `type` is the type of flow distinguisher method
@@ -168,10 +202,10 @@ message LimitedPriorityLevelConfiguration {
   // Limited priority levels in proportion to their NCS values:
   //
   // NominalCL(i)  = ceil( ServerCL * NCS(i) / sum_ncs )
-  // sum_ncs = sum[limited priority level k] NCS(k)
+  // sum_ncs = sum[priority level k] NCS(k)
   //
   // Bigger numbers mean a larger nominal concurrency limit,
-  // at the expense of every other Limited priority level.
+  // at the expense of every other priority level.
   // This field has a default value of 30.
   // +optional
   optional int32 nominalConcurrencyShares = 1;
@@ -334,6 +368,14 @@ message PriorityLevelConfigurationSpec {
   // This field must be non-empty if and only if `type` is `"Limited"`.
   // +optional
   optional LimitedPriorityLevelConfiguration limited = 2;
+
+  // `exempt` specifies how requests are handled for an exempt priority level.
+  // This field MUST be empty if `type` is `"Limited"`.
+  // This field MAY be non-empty if `type` is `"Exempt"`.
+  // If empty and `type` is `"Exempt"` then the default values
+  // for `ExemptPriorityLevelConfiguration` apply.
+  // +optional
+  optional ExemptPriorityLevelConfiguration exempt = 3;
 }
 
 // PriorityLevelConfigurationStatus represents the current state of a "request-priority".
diff --git a/vendor/k8s.io/api/flowcontrol/v1beta3/types.go b/vendor/k8s.io/api/flowcontrol/v1beta3/types.go
index 2baf2dc39e..810941557b 100644
--- a/vendor/k8s.io/api/flowcontrol/v1beta3/types.go
+++ b/vendor/k8s.io/api/flowcontrol/v1beta3/types.go
@@ -77,7 +77,9 @@ const (
 	//   is a boolean false or has an invalid boolean representation
 	//   (if the cluster operator sets it to 'false' it will be stomped)
 	// - any changes to the spec made by the cluster operator will be
-	//   stomped.
+	//   stomped, except for changes to the `nominalConcurrencyShares`
+	//   and `lendablePercent` fields of the PriorityLevelConfiguration
+	//   named "exempt".
 	//
 	// The kube-apiserver will apply updates on the suggested configuration if:
 	// - the cluster operator has enabled auto-update by setting the annotation
@@ -433,6 +435,14 @@ type PriorityLevelConfigurationSpec struct {
 	// This field must be non-empty if and only if `type` is `"Limited"`.
 	// +optional
 	Limited *LimitedPriorityLevelConfiguration `json:"limited,omitempty" protobuf:"bytes,2,opt,name=limited"`
+
+	// `exempt` specifies how requests are handled for an exempt priority level.
+	// This field MUST be empty if `type` is `"Limited"`.
+	// This field MAY be non-empty if `type` is `"Exempt"`.
+	// If empty and `type` is `"Exempt"` then the default values
+	// for `ExemptPriorityLevelConfiguration` apply.
+	// +optional
+	Exempt *ExemptPriorityLevelConfiguration `json:"exempt,omitempty" protobuf:"bytes,3,opt,name=exempt"`
 }
 
 // PriorityLevelEnablement indicates whether limits on execution are enabled for the priority level
@@ -462,10 +472,10 @@ type LimitedPriorityLevelConfiguration struct {
 	// Limited priority levels in proportion to their NCS values:
 	//
 	// NominalCL(i)  = ceil( ServerCL * NCS(i) / sum_ncs )
-	// sum_ncs = sum[limited priority level k] NCS(k)
+	// sum_ncs = sum[priority level k] NCS(k)
 	//
 	// Bigger numbers mean a larger nominal concurrency limit,
-	// at the expense of every other Limited priority level.
+	// at the expense of every other priority level.
 	// This field has a default value of 30.
 	// +optional
 	NominalConcurrencyShares int32 `json:"nominalConcurrencyShares" protobuf:"varint,1,opt,name=nominalConcurrencyShares"`
@@ -503,6 +513,43 @@ type LimitedPriorityLevelConfiguration struct {
 	BorrowingLimitPercent *int32 `json:"borrowingLimitPercent,omitempty" protobuf:"varint,4,opt,name=borrowingLimitPercent"`
 }
 
+// ExemptPriorityLevelConfiguration describes the configurable aspects
+// of the handling of exempt requests.
+// In the mandatory exempt configuration object the values in the fields
+// here can be modified by authorized users, unlike the rest of the `spec`.
+type ExemptPriorityLevelConfiguration struct {
+	// `nominalConcurrencyShares` (NCS) contributes to the computation of the
+	// NominalConcurrencyLimit (NominalCL) of this level.
+	// This is the number of execution seats nominally reserved for this priority level.
+	// This DOES NOT limit the dispatching from this priority level
+	// but affects the other priority levels through the borrowing mechanism.
+	// The server's concurrency limit (ServerCL) is divided among all the
+	// priority levels in proportion to their NCS values:
+	//
+	// NominalCL(i)  = ceil( ServerCL * NCS(i) / sum_ncs )
+	// sum_ncs = sum[priority level k] NCS(k)
+	//
+	// Bigger numbers mean a larger nominal concurrency limit,
+	// at the expense of every other priority level.
+	// This field has a default value of zero.
+	// +optional
+	NominalConcurrencyShares *int32 `json:"nominalConcurrencyShares,omitempty" protobuf:"varint,1,opt,name=nominalConcurrencyShares"`
+	// `lendablePercent` prescribes the fraction of the level's NominalCL that
+	// can be borrowed by other priority levels.  This value of this
+	// field must be between 0 and 100, inclusive, and it defaults to 0.
+	// The number of seats that other levels can borrow from this level, known
+	// as this level's LendableConcurrencyLimit (LendableCL), is defined as follows.
+	//
+	// LendableCL(i) = round( NominalCL(i) * lendablePercent(i)/100.0 )
+	//
+	// +optional
+	LendablePercent *int32 `json:"lendablePercent,omitempty" protobuf:"varint,2,opt,name=lendablePercent"`
+	// The `BorrowingCL` of an Exempt priority level is implicitly `ServerCL`.
+	// In other words, an exempt priority level
+	// has no meaningful limit on how much it borrows.
+	// There is no explicit representation of that here.
+}
+
 // LimitResponse defines how to handle requests that can not be executed right now.
 // +union
 type LimitResponse struct {
diff --git a/vendor/k8s.io/api/flowcontrol/v1beta3/types_swagger_doc_generated.go b/vendor/k8s.io/api/flowcontrol/v1beta3/types_swagger_doc_generated.go
index 728252c0cf..fa76112a72 100644
--- a/vendor/k8s.io/api/flowcontrol/v1beta3/types_swagger_doc_generated.go
+++ b/vendor/k8s.io/api/flowcontrol/v1beta3/types_swagger_doc_generated.go
@@ -27,6 +27,16 @@ package v1beta3
 // Those methods can be generated by using hack/update-codegen.sh
 
 // AUTO-GENERATED FUNCTIONS START HERE. DO NOT EDIT.
+var map_ExemptPriorityLevelConfiguration = map[string]string{
+	"":                         "ExemptPriorityLevelConfiguration describes the configurable aspects of the handling of exempt requests. In the mandatory exempt configuration object the values in the fields here can be modified by authorized users, unlike the rest of the `spec`.",
+	"nominalConcurrencyShares": "`nominalConcurrencyShares` (NCS) contributes to the computation of the NominalConcurrencyLimit (NominalCL) of this level. This is the number of execution seats nominally reserved for this priority level. This DOES NOT limit the dispatching from this priority level but affects the other priority levels through the borrowing mechanism. The server's concurrency limit (ServerCL) is divided among all the priority levels in proportion to their NCS values:\n\nNominalCL(i)  = ceil( ServerCL * NCS(i) / sum_ncs ) sum_ncs = sum[priority level k] NCS(k)\n\nBigger numbers mean a larger nominal concurrency limit, at the expense of every other priority level. This field has a default value of zero.",
+	"lendablePercent":          "`lendablePercent` prescribes the fraction of the level's NominalCL that can be borrowed by other priority levels.  This value of this field must be between 0 and 100, inclusive, and it defaults to 0. The number of seats that other levels can borrow from this level, known as this level's LendableConcurrencyLimit (LendableCL), is defined as follows.\n\nLendableCL(i) = round( NominalCL(i) * lendablePercent(i)/100.0 )",
+}
+
+func (ExemptPriorityLevelConfiguration) SwaggerDoc() map[string]string {
+	return map_ExemptPriorityLevelConfiguration
+}
+
 var map_FlowDistinguisherMethod = map[string]string{
 	"":     "FlowDistinguisherMethod specifies the method of a flow distinguisher.",
 	"type": "`type` is the type of flow distinguisher method The supported types are \"ByUser\" and \"ByNamespace\". Required.",
@@ -112,7 +122,7 @@ func (LimitResponse) SwaggerDoc() map[string]string {
 
 var map_LimitedPriorityLevelConfiguration = map[string]string{
 	"":                         "LimitedPriorityLevelConfiguration specifies how to handle requests that are subject to limits. It addresses two issues:\n  - How are requests for this priority level limited?\n  - What should be done with requests that exceed the limit?",
-	"nominalConcurrencyShares": "`nominalConcurrencyShares` (NCS) contributes to the computation of the NominalConcurrencyLimit (NominalCL) of this level. This is the number of execution seats available at this priority level. This is used both for requests dispatched from this priority level as well as requests dispatched from other priority levels borrowing seats from this level. The server's concurrency limit (ServerCL) is divided among the Limited priority levels in proportion to their NCS values:\n\nNominalCL(i)  = ceil( ServerCL * NCS(i) / sum_ncs ) sum_ncs = sum[limited priority level k] NCS(k)\n\nBigger numbers mean a larger nominal concurrency limit, at the expense of every other Limited priority level. This field has a default value of 30.",
+	"nominalConcurrencyShares": "`nominalConcurrencyShares` (NCS) contributes to the computation of the NominalConcurrencyLimit (NominalCL) of this level. This is the number of execution seats available at this priority level. This is used both for requests dispatched from this priority level as well as requests dispatched from other priority levels borrowing seats from this level. The server's concurrency limit (ServerCL) is divided among the Limited priority levels in proportion to their NCS values:\n\nNominalCL(i)  = ceil( ServerCL * NCS(i) / sum_ncs ) sum_ncs = sum[priority level k] NCS(k)\n\nBigger numbers mean a larger nominal concurrency limit, at the expense of every other priority level. This field has a default value of 30.",
 	"limitResponse":            "`limitResponse` indicates what to do with requests that can not be executed right now",
 	"lendablePercent":          "`lendablePercent` prescribes the fraction of the level's NominalCL that can be borrowed by other priority levels. The value of this field must be between 0 and 100, inclusive, and it defaults to 0. The number of seats that other levels can borrow from this level, known as this level's LendableConcurrencyLimit (LendableCL), is defined as follows.\n\nLendableCL(i) = round( NominalCL(i) * lendablePercent(i)/100.0 )",
 	"borrowingLimitPercent":    "`borrowingLimitPercent`, if present, configures a limit on how many seats this priority level can borrow from other priority levels. The limit is known as this level's BorrowingConcurrencyLimit (BorrowingCL) and is a limit on the total number of seats that this level may borrow at any one time. This field holds the ratio of that limit to the level's nominal concurrency limit. When this field is non-nil, it must hold a non-negative integer and the limit is calculated as follows.\n\nBorrowingCL(i) = round( NominalCL(i) * borrowingLimitPercent(i)/100.0 )\n\nThe value of this field can be more than 100, implying that this priority level can borrow a number of seats that is greater than its own nominal concurrency limit (NominalCL). When this field is left `nil`, the limit is effectively infinite.",
@@ -190,6 +200,7 @@ var map_PriorityLevelConfigurationSpec = map[string]string{
 	"":        "PriorityLevelConfigurationSpec specifies the configuration of a priority level.",
 	"type":    "`type` indicates whether this priority level is subject to limitation on request execution.  A value of `\"Exempt\"` means that requests of this priority level are not subject to a limit (and thus are never queued) and do not detract from the capacity made available to other priority levels.  A value of `\"Limited\"` means that (a) requests of this priority level _are_ subject to limits and (b) some of the server's limited capacity is made available exclusively to this priority level. Required.",
 	"limited": "`limited` specifies how requests are handled for a Limited priority level. This field must be non-empty if and only if `type` is `\"Limited\"`.",
+	"exempt":  "`exempt` specifies how requests are handled for an exempt priority level. This field MUST be empty if `type` is `\"Limited\"`. This field MAY be non-empty if `type` is `\"Exempt\"`. If empty and `type` is `\"Exempt\"` then the default values for `ExemptPriorityLevelConfiguration` apply.",
 }
 
 func (PriorityLevelConfigurationSpec) SwaggerDoc() map[string]string {
diff --git a/vendor/k8s.io/api/flowcontrol/v1beta3/zz_generated.deepcopy.go b/vendor/k8s.io/api/flowcontrol/v1beta3/zz_generated.deepcopy.go
index ec02d2a9c4..09fefa20aa 100644
--- a/vendor/k8s.io/api/flowcontrol/v1beta3/zz_generated.deepcopy.go
+++ b/vendor/k8s.io/api/flowcontrol/v1beta3/zz_generated.deepcopy.go
@@ -25,6 +25,32 @@ import (
 	runtime "k8s.io/apimachinery/pkg/runtime"
 )
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ExemptPriorityLevelConfiguration) DeepCopyInto(out *ExemptPriorityLevelConfiguration) {
+	*out = *in
+	if in.NominalConcurrencyShares != nil {
+		in, out := &in.NominalConcurrencyShares, &out.NominalConcurrencyShares
+		*out = new(int32)
+		**out = **in
+	}
+	if in.LendablePercent != nil {
+		in, out := &in.LendablePercent, &out.LendablePercent
+		*out = new(int32)
+		**out = **in
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExemptPriorityLevelConfiguration.
+func (in *ExemptPriorityLevelConfiguration) DeepCopy() *ExemptPriorityLevelConfiguration {
+	if in == nil {
+		return nil
+	}
+	out := new(ExemptPriorityLevelConfiguration)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *FlowDistinguisherMethod) DeepCopyInto(out *FlowDistinguisherMethod) {
 	*out = *in
@@ -400,6 +426,11 @@ func (in *PriorityLevelConfigurationSpec) DeepCopyInto(out *PriorityLevelConfigu
 		*out = new(LimitedPriorityLevelConfiguration)
 		(*in).DeepCopyInto(*out)
 	}
+	if in.Exempt != nil {
+		in, out := &in.Exempt, &out.Exempt
+		*out = new(ExemptPriorityLevelConfiguration)
+		(*in).DeepCopyInto(*out)
+	}
 	return
 }
 
diff --git a/vendor/k8s.io/api/networking/v1/generated.pb.go b/vendor/k8s.io/api/networking/v1/generated.pb.go
index e9566d57e2..daeaea5dce 100644
--- a/vendor/k8s.io/api/networking/v1/generated.pb.go
+++ b/vendor/k8s.io/api/networking/v1/generated.pb.go
@@ -776,38 +776,10 @@ func (m *NetworkPolicySpec) XXX_DiscardUnknown() {
 
 var xxx_messageInfo_NetworkPolicySpec proto.InternalMessageInfo
 
-func (m *NetworkPolicyStatus) Reset()      { *m = NetworkPolicyStatus{} }
-func (*NetworkPolicyStatus) ProtoMessage() {}
-func (*NetworkPolicyStatus) Descriptor() ([]byte, []int) {
-	return fileDescriptor_1c72867a70a7cc90, []int{26}
-}
-func (m *NetworkPolicyStatus) XXX_Unmarshal(b []byte) error {
-	return m.Unmarshal(b)
-}
-func (m *NetworkPolicyStatus) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	b = b[:cap(b)]
-	n, err := m.MarshalToSizedBuffer(b)
-	if err != nil {
-		return nil, err
-	}
-	return b[:n], nil
-}
-func (m *NetworkPolicyStatus) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_NetworkPolicyStatus.Merge(m, src)
-}
-func (m *NetworkPolicyStatus) XXX_Size() int {
-	return m.Size()
-}
-func (m *NetworkPolicyStatus) XXX_DiscardUnknown() {
-	xxx_messageInfo_NetworkPolicyStatus.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_NetworkPolicyStatus proto.InternalMessageInfo
-
 func (m *ServiceBackendPort) Reset()      { *m = ServiceBackendPort{} }
 func (*ServiceBackendPort) ProtoMessage() {}
 func (*ServiceBackendPort) Descriptor() ([]byte, []int) {
-	return fileDescriptor_1c72867a70a7cc90, []int{27}
+	return fileDescriptor_1c72867a70a7cc90, []int{26}
 }
 func (m *ServiceBackendPort) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -859,7 +831,6 @@ func init() {
 	proto.RegisterType((*NetworkPolicyPeer)(nil), "k8s.io.api.networking.v1.NetworkPolicyPeer")
 	proto.RegisterType((*NetworkPolicyPort)(nil), "k8s.io.api.networking.v1.NetworkPolicyPort")
 	proto.RegisterType((*NetworkPolicySpec)(nil), "k8s.io.api.networking.v1.NetworkPolicySpec")
-	proto.RegisterType((*NetworkPolicyStatus)(nil), "k8s.io.api.networking.v1.NetworkPolicyStatus")
 	proto.RegisterType((*ServiceBackendPort)(nil), "k8s.io.api.networking.v1.ServiceBackendPort")
 }
 
@@ -868,115 +839,112 @@ func init() {
 }
 
 var fileDescriptor_1c72867a70a7cc90 = []byte{
-	// 1715 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x58, 0x4b, 0x6f, 0x1b, 0x47,
-	0x12, 0xd6, 0x50, 0xa2, 0x48, 0x35, 0x25, 0x59, 0x6a, 0xdb, 0x58, 0xae, 0x16, 0x4b, 0x6a, 0x07,
-	0x6b, 0x5b, 0xbb, 0xb6, 0xc9, 0xb5, 0x6c, 0x2c, 0x76, 0x2f, 0x49, 0x3c, 0xb2, 0x2c, 0x2b, 0x96,
-	0x29, 0xa2, 0xc9, 0x38, 0x48, 0x90, 0x87, 0x47, 0xc3, 0x16, 0x35, 0xe6, 0x70, 0x7a, 0xd0, 0xd3,
-	0x54, 0xac, 0x20, 0x08, 0x72, 0xc9, 0x21, 0xb7, 0xdc, 0x72, 0x0e, 0xf2, 0x0b, 0x82, 0xe4, 0x10,
-	0x20, 0x48, 0x8c, 0x5c, 0x02, 0x1f, 0x0d, 0xe4, 0xe2, 0x4b, 0x88, 0x98, 0xf9, 0x17, 0x3a, 0x05,
-	0xfd, 0x98, 0x17, 0x1f, 0x22, 0x63, 0x18, 0x3a, 0x49, 0x5d, 0x55, 0xfd, 0x75, 0xbd, 0xab, 0x86,
-	0xe0, 0x66, 0xeb, 0x7f, 0x7e, 0xc9, 0x26, 0xe5, 0x56, 0x67, 0x0f, 0x53, 0x17, 0x33, 0xec, 0x97,
-	0x0f, 0xb1, 0xdb, 0x20, 0xb4, 0xac, 0x18, 0xa6, 0x67, 0x97, 0x5d, 0xcc, 0x3e, 0x20, 0xb4, 0x65,
-	0xbb, 0xcd, 0xf2, 0xe1, 0xb5, 0x72, 0x13, 0xbb, 0x98, 0x9a, 0x0c, 0x37, 0x4a, 0x1e, 0x25, 0x8c,
-	0xc0, 0xbc, 0x94, 0x2c, 0x99, 0x9e, 0x5d, 0x8a, 0x24, 0x4b, 0x87, 0xd7, 0x56, 0xae, 0x36, 0x6d,
-	0x76, 0xd0, 0xd9, 0x2b, 0x59, 0xa4, 0x5d, 0x6e, 0x92, 0x26, 0x29, 0x8b, 0x0b, 0x7b, 0x9d, 0x7d,
-	0x71, 0x12, 0x07, 0xf1, 0x9f, 0x04, 0x5a, 0xd1, 0x63, 0x4f, 0x5a, 0x84, 0xe2, 0x21, 0x8f, 0xad,
-	0xdc, 0x88, 0x64, 0xda, 0xa6, 0x75, 0x60, 0xbb, 0x98, 0x1e, 0x95, 0xbd, 0x56, 0x93, 0x13, 0xfc,
-	0x72, 0x1b, 0x33, 0x73, 0xd8, 0xad, 0xf2, 0xa8, 0x5b, 0xb4, 0xe3, 0x32, 0xbb, 0x8d, 0x07, 0x2e,
-	0xfc, 0x77, 0xdc, 0x05, 0xdf, 0x3a, 0xc0, 0x6d, 0x73, 0xe0, 0xde, 0xf5, 0x51, 0xf7, 0x3a, 0xcc,
-	0x76, 0xca, 0xb6, 0xcb, 0x7c, 0x46, 0xfb, 0x2f, 0xe9, 0x3f, 0x6a, 0xe0, 0xcc, 0x9d, 0x7a, 0xbd,
-	0xba, 0xed, 0x36, 0x29, 0xf6, 0xfd, 0xaa, 0xc9, 0x0e, 0xe0, 0x2a, 0x98, 0xf1, 0x4c, 0x76, 0x90,
-	0xd7, 0x56, 0xb5, 0xb5, 0x39, 0x63, 0xfe, 0x49, 0xb7, 0x38, 0xd5, 0xeb, 0x16, 0x67, 0x38, 0x0f,
-	0x09, 0x0e, 0xbc, 0x01, 0xb2, 0xfc, 0x6f, 0xfd, 0xc8, 0xc3, 0xf9, 0x69, 0x21, 0x95, 0xef, 0x75,
-	0x8b, 0xd9, 0xaa, 0xa2, 0x1d, 0xc7, 0xfe, 0x47, 0xa1, 0x24, 0xac, 0x81, 0xcc, 0x9e, 0x69, 0xb5,
-	0xb0, 0xdb, 0xc8, 0xa7, 0x56, 0xb5, 0xb5, 0xdc, 0xfa, 0x5a, 0x69, 0x54, 0xf8, 0x4a, 0x4a, 0x1f,
-	0x43, 0xca, 0x1b, 0x67, 0x94, 0x12, 0x19, 0x45, 0x40, 0x01, 0x92, 0xbe, 0x0f, 0xce, 0xc5, 0xf4,
-	0x47, 0x1d, 0x07, 0xdf, 0x37, 0x9d, 0x0e, 0x86, 0x15, 0x90, 0xe6, 0x0f, 0xfb, 0x79, 0x6d, 0x75,
-	0x7a, 0x2d, 0xb7, 0xfe, 0xaf, 0xd1, 0x4f, 0xf5, 0x99, 0x6f, 0x2c, 0xa8, 0xb7, 0xd2, 0xfc, 0xe4,
-	0x23, 0x09, 0xa3, 0xef, 0x82, 0xcc, 0x76, 0xd5, 0x70, 0x88, 0xd5, 0xe2, 0xfe, 0xb1, 0xec, 0x06,
-	0xed, 0xf7, 0xcf, 0xc6, 0xf6, 0x2d, 0x84, 0x04, 0x07, 0xea, 0x60, 0x16, 0x3f, 0xb2, 0xb0, 0xc7,
-	0xf2, 0xa9, 0xd5, 0xe9, 0xb5, 0x39, 0x03, 0xf4, 0xba, 0xc5, 0xd9, 0x4d, 0x41, 0x41, 0x8a, 0xa3,
-	0x7f, 0x9a, 0x02, 0x19, 0xf5, 0x2c, 0x7c, 0x00, 0xb2, 0x3c, 0x7d, 0x1a, 0x26, 0x33, 0x05, 0x6a,
-	0x6e, 0xfd, 0x3f, 0x31, 0x7d, 0xc3, 0x68, 0x96, 0xbc, 0x56, 0x93, 0x13, 0xfc, 0x12, 0x97, 0xe6,
-	0xba, 0xef, 0xee, 0x3d, 0xc4, 0x16, 0xbb, 0x87, 0x99, 0x69, 0x40, 0xa5, 0x07, 0x88, 0x68, 0x28,
-	0x44, 0x85, 0x5b, 0x60, 0xc6, 0xf7, 0xb0, 0xa5, 0x1c, 0x7f, 0x61, 0xac, 0xe3, 0x6b, 0x1e, 0xb6,
-	0x22, 0xd3, 0xf8, 0x09, 0x09, 0x00, 0xb8, 0x0b, 0x66, 0x7d, 0x66, 0xb2, 0x8e, 0x2f, 0x02, 0x9f,
-	0x5b, 0xbf, 0x34, 0x1e, 0x4a, 0x88, 0x1b, 0x8b, 0x0a, 0x6c, 0x56, 0x9e, 0x91, 0x82, 0xd1, 0x7f,
-	0xd2, 0xc0, 0x62, 0x32, 0xda, 0xf0, 0x3e, 0xc8, 0xf8, 0x98, 0x1e, 0xda, 0x16, 0xce, 0xcf, 0x88,
-	0x47, 0xca, 0xe3, 0x1f, 0x91, 0xf2, 0x41, 0xbe, 0xe4, 0x78, 0xae, 0x28, 0x1a, 0x0a, 0xc0, 0xe0,
-	0x9b, 0x20, 0x4b, 0xb1, 0x4f, 0x3a, 0xd4, 0xc2, 0x4a, 0xfb, 0xab, 0x71, 0x60, 0x5e, 0xf7, 0x1c,
-	0x92, 0x27, 0x6b, 0x63, 0x87, 0x58, 0xa6, 0x23, 0x5d, 0x89, 0xf0, 0x3e, 0xa6, 0xd8, 0xb5, 0xb0,
-	0x31, 0xcf, 0xb3, 0x1c, 0x29, 0x08, 0x14, 0x82, 0xf1, 0x2a, 0x9a, 0x57, 0x8a, 0x6c, 0x38, 0xe6,
-	0xa9, 0x04, 0x74, 0x27, 0x11, 0xd0, 0x7f, 0x8f, 0x75, 0x90, 0xd0, 0x6b, 0x54, 0x54, 0xf5, 0x1f,
-	0x34, 0xb0, 0x14, 0x17, 0xdc, 0xb1, 0x7d, 0x06, 0xdf, 0x19, 0x30, 0xa2, 0x34, 0x99, 0x11, 0xfc,
-	0xb6, 0x30, 0x61, 0x49, 0x3d, 0x95, 0x0d, 0x28, 0x31, 0x03, 0xee, 0x82, 0xb4, 0xcd, 0x70, 0xdb,
-	0x17, 0x25, 0x92, 0x5b, 0xbf, 0x38, 0x99, 0x05, 0x51, 0x75, 0x6e, 0xf3, 0xcb, 0x48, 0x62, 0xe8,
-	0xbf, 0x6a, 0xa0, 0x18, 0x17, 0xab, 0x9a, 0xd4, 0x6c, 0x63, 0x86, 0xa9, 0x1f, 0x06, 0x0f, 0xae,
-	0x81, 0xac, 0x59, 0xdd, 0xde, 0xa2, 0xa4, 0xe3, 0x05, 0xa5, 0xcb, 0x55, 0xbb, 0xa9, 0x68, 0x28,
-	0xe4, 0xf2, 0x02, 0x6f, 0xd9, 0xaa, 0x4b, 0xc5, 0x0a, 0xfc, 0xae, 0xed, 0x36, 0x90, 0xe0, 0x70,
-	0x09, 0xd7, 0x6c, 0x07, 0xcd, 0x2f, 0x94, 0xa8, 0x98, 0x6d, 0x8c, 0x04, 0x07, 0x16, 0x41, 0xda,
-	0xb7, 0x88, 0x27, 0x33, 0x78, 0xce, 0x98, 0xe3, 0x2a, 0xd7, 0x38, 0x01, 0x49, 0x3a, 0xbc, 0x0c,
-	0xe6, 0xb8, 0xa0, 0xef, 0x99, 0x16, 0xce, 0xa7, 0x85, 0xd0, 0x42, 0xaf, 0x5b, 0x9c, 0xab, 0x04,
-	0x44, 0x14, 0xf1, 0xf5, 0xaf, 0xfb, 0xe2, 0xc3, 0x43, 0x07, 0xd7, 0x01, 0xb0, 0x88, 0xcb, 0x28,
-	0x71, 0x1c, 0x1c, 0x74, 0xa3, 0x30, 0x69, 0x36, 0x42, 0x0e, 0x8a, 0x49, 0x41, 0x1b, 0x00, 0x2f,
-	0xf4, 0x8d, 0x4a, 0x9e, 0xff, 0x4f, 0xe6, 0xfa, 0x21, 0x3e, 0x35, 0x16, 0xf9, 0x53, 0x31, 0x46,
-	0x0c, 0x5c, 0xff, 0x46, 0x03, 0x39, 0x75, 0xff, 0x14, 0xd2, 0xe9, 0x76, 0x32, 0x9d, 0xfe, 0x31,
-	0x7e, 0xb4, 0x0c, 0xcf, 0xa4, 0xef, 0x34, 0xb0, 0x12, 0x68, 0x4d, 0xcc, 0x86, 0x61, 0x3a, 0xa6,
-	0x6b, 0x61, 0x1a, 0x74, 0xea, 0x15, 0x90, 0xb2, 0x83, 0xf4, 0x01, 0x0a, 0x20, 0xb5, 0x5d, 0x45,
-	0x29, 0xdb, 0x83, 0x57, 0x40, 0xf6, 0x80, 0xf8, 0x4c, 0x24, 0x86, 0x4c, 0x9d, 0x50, 0xe1, 0x3b,
-	0x8a, 0x8e, 0x42, 0x09, 0x58, 0x05, 0x69, 0x8f, 0x50, 0xe6, 0xe7, 0x67, 0x84, 0xc2, 0x97, 0xc7,
-	0x2a, 0x5c, 0x25, 0x94, 0xa9, 0x5e, 0x1a, 0x8d, 0x28, 0x8e, 0x80, 0x24, 0x90, 0xfe, 0x11, 0xf8,
-	0xeb, 0x10, 0xcd, 0xe5, 0x15, 0xf8, 0x3e, 0xc8, 0xd8, 0x92, 0xa9, 0x26, 0xe2, 0x8d, 0xb1, 0x0f,
-	0x0e, 0xb1, 0x3f, 0x1a, 0xc4, 0xc1, 0xc0, 0x0d, 0x50, 0xf5, 0xaf, 0x34, 0xb0, 0x3c, 0xa0, 0xa9,
-	0xd8, 0x25, 0x08, 0x65, 0xc2, 0x63, 0xe9, 0xd8, 0x2e, 0x41, 0x28, 0x43, 0x82, 0x03, 0xef, 0x82,
-	0xac, 0x58, 0x45, 0x2c, 0xe2, 0x28, 0xaf, 0x95, 0x03, 0xaf, 0x55, 0x15, 0xfd, 0xb8, 0x5b, 0xfc,
-	0xdb, 0xe0, 0x7e, 0x56, 0x0a, 0xd8, 0x28, 0x04, 0xe0, 0x55, 0x87, 0x29, 0x25, 0x54, 0x15, 0xa6,
-	0xa8, 0xba, 0x4d, 0x4e, 0x40, 0x92, 0xae, 0x7f, 0x19, 0x25, 0x25, 0xdf, 0x15, 0xb8, 0x7e, 0x3c,
-	0x22, 0xfd, 0xb3, 0x9c, 0xc7, 0x0b, 0x09, 0x0e, 0xf4, 0xc0, 0x92, 0xdd, 0xb7, 0x5c, 0x4c, 0xdc,
-	0x74, 0xc3, 0x1b, 0x46, 0x5e, 0x21, 0x2f, 0xf5, 0x73, 0xd0, 0x00, 0xba, 0xfe, 0x00, 0x0c, 0x48,
-	0xf1, 0x76, 0x7f, 0xc0, 0x98, 0x37, 0xa4, 0x70, 0x46, 0x6f, 0x33, 0xd1, 0xeb, 0x59, 0x61, 0x53,
-	0xbd, 0x5e, 0x45, 0x02, 0x45, 0xff, 0x4c, 0x03, 0xe7, 0x87, 0x0e, 0xce, 0xb0, 0xb1, 0x69, 0x23,
-	0x1b, 0x5b, 0x45, 0x45, 0x54, 0xfa, 0xe0, 0xca, 0x68, 0x4d, 0x92, 0xc8, 0x3c, 0xe2, 0xc3, 0xe2,
-	0xaf, 0xff, 0x9c, 0x0a, 0x23, 0x22, 0xba, 0xda, 0x6b, 0xa1, 0xbf, 0x45, 0xd7, 0xe1, 0x2f, 0xab,
-	0x1e, 0x7a, 0x2e, 0xe6, 0xbf, 0x90, 0x87, 0x06, 0xa4, 0x61, 0x03, 0x2c, 0x36, 0xf0, 0xbe, 0xd9,
-	0x71, 0x98, 0x7a, 0x5b, 0x79, 0x6d, 0xf2, 0x75, 0x13, 0xf6, 0xba, 0xc5, 0xc5, 0x5b, 0x09, 0x0c,
-	0xd4, 0x87, 0x09, 0x37, 0xc0, 0x34, 0x73, 0x82, 0x76, 0xf3, 0xcf, 0xb1, 0xd0, 0xf5, 0x9d, 0x9a,
-	0x91, 0x53, 0xe6, 0x4f, 0xd7, 0x77, 0x6a, 0x88, 0xdf, 0x86, 0xaf, 0x83, 0x34, 0xed, 0x38, 0x98,
-	0x2f, 0x53, 0xd3, 0x13, 0xed, 0x65, 0x3c, 0xa6, 0x51, 0xf9, 0xf3, 0x93, 0x8f, 0x24, 0x84, 0xfe,
-	0x31, 0x58, 0x48, 0x6c, 0x5c, 0xb0, 0x0d, 0xe6, 0x9d, 0x58, 0x09, 0x2b, 0x2f, 0x5c, 0xff, 0x53,
-	0x75, 0xaf, 0x1a, 0xce, 0x39, 0xf5, 0xe2, 0x7c, 0x9c, 0x87, 0x12, 0xf0, 0xba, 0x09, 0x40, 0x64,
-	0x2b, 0xaf, 0x44, 0x5e, 0x3e, 0xb2, 0xdb, 0xa8, 0x4a, 0xe4, 0x55, 0xe5, 0x23, 0x49, 0xe7, 0xd3,
-	0xcb, 0xc7, 0x16, 0xc5, 0xac, 0x12, 0xf5, 0xcb, 0x70, 0x7a, 0xd5, 0x42, 0x0e, 0x8a, 0x49, 0xe9,
-	0x5f, 0xa4, 0xc0, 0x42, 0x45, 0xaa, 0x5c, 0x25, 0x8e, 0x6d, 0x1d, 0x9d, 0xc2, 0xa2, 0x75, 0x2f,
-	0xb1, 0x68, 0x9d, 0xd0, 0xa6, 0x13, 0x8a, 0x8d, 0xdc, 0x9f, 0xdf, 0xe8, 0xdb, 0x9f, 0xaf, 0x4e,
-	0x0a, 0x78, 0xf2, 0x16, 0xfd, 0xad, 0x06, 0xfe, 0x92, 0x90, 0xdf, 0x8c, 0x7a, 0x5c, 0x38, 0x69,
-	0xb4, 0x71, 0x93, 0x26, 0x81, 0x20, 0x2a, 0x76, 0xe8, 0xa4, 0x81, 0x5b, 0x20, 0xc5, 0x88, 0x4a,
-	0xfd, 0x89, 0xe1, 0x30, 0xa6, 0xd1, 0xc8, 0xac, 0x13, 0x94, 0x62, 0x44, 0xff, 0x5e, 0x03, 0xf9,
-	0x84, 0x54, 0xbc, 0x37, 0xbf, 0x7c, 0xbd, 0xef, 0x81, 0x99, 0x7d, 0x4a, 0xda, 0x2f, 0xa2, 0x79,
-	0x18, 0xcb, 0xdb, 0x94, 0xb4, 0x91, 0x80, 0xd1, 0x1f, 0x6b, 0x60, 0x39, 0x21, 0x79, 0x0a, 0x7b,
-	0xce, 0x4e, 0x72, 0xcf, 0xb9, 0x34, 0xa1, 0x0d, 0x23, 0xb6, 0x9d, 0xc7, 0xa9, 0x3e, 0x0b, 0xb8,
-	0xad, 0x70, 0x1f, 0xe4, 0x3c, 0xd2, 0xa8, 0x61, 0x07, 0x5b, 0x8c, 0x0c, 0xeb, 0x1b, 0x27, 0x19,
-	0x61, 0xee, 0x61, 0x27, 0xb8, 0x6a, 0x9c, 0xe9, 0x75, 0x8b, 0xb9, 0x6a, 0x84, 0x85, 0xe2, 0xc0,
-	0xf0, 0x11, 0x58, 0x0e, 0x57, 0xdc, 0xf0, 0xb5, 0xd4, 0x8b, 0xbf, 0x76, 0xbe, 0xd7, 0x2d, 0x2e,
-	0x57, 0xfa, 0x11, 0xd1, 0xe0, 0x23, 0xf0, 0x0e, 0xc8, 0xd8, 0x9e, 0xf8, 0x9a, 0x57, 0x65, 0x78,
-	0xd2, 0xbe, 0x28, 0x3f, 0xfb, 0xe5, 0x37, 0xa5, 0x3a, 0xa0, 0xe0, 0xba, 0xfe, 0x4b, 0x7f, 0x0e,
-	0xf0, 0x84, 0x83, 0x5b, 0xb1, 0xa5, 0x46, 0x8e, 0xd2, 0xcb, 0x2f, 0xb6, 0xd0, 0x24, 0xa7, 0xed,
-	0xe8, 0xde, 0xd6, 0x61, 0xb6, 0x53, 0x92, 0xbf, 0xf1, 0x94, 0xb6, 0x5d, 0xb6, 0x4b, 0x6b, 0x8c,
-	0xda, 0x6e, 0x53, 0x4e, 0xfe, 0xd8, 0xb6, 0x75, 0x01, 0x64, 0xd4, 0x30, 0x16, 0x86, 0xa7, 0xa5,
-	0x55, 0x9b, 0x92, 0x84, 0x02, 0x9e, 0x7e, 0xdc, 0x9f, 0x17, 0x62, 0x34, 0x3f, 0x7c, 0x69, 0x79,
-	0x71, 0x56, 0x65, 0xe3, 0xe8, 0xdc, 0x78, 0x37, 0xda, 0x57, 0x65, 0xa6, 0xaf, 0x4f, 0x98, 0xe9,
-	0xf1, 0x41, 0x39, 0x72, 0x5b, 0x85, 0x6f, 0x81, 0x59, 0x2c, 0xd1, 0xe5, 0xe4, 0xbd, 0x36, 0x21,
-	0x7a, 0xd4, 0x56, 0xa3, 0x56, 0xac, 0x68, 0x0a, 0x10, 0xbe, 0xca, 0xbd, 0xc4, 0x65, 0xeb, 0x47,
-	0x1e, 0x96, 0xeb, 0xfd, 0x9c, 0xf1, 0x77, 0x69, 0x6c, 0x48, 0x3e, 0xe6, 0xdf, 0x4d, 0xe1, 0x11,
-	0xc5, 0x6f, 0xe8, 0x1f, 0x82, 0xb3, 0x43, 0x5a, 0x3f, 0xb4, 0xc4, 0xe7, 0x5e, 0xc3, 0x66, 0x36,
-	0x71, 0x83, 0x9e, 0x58, 0x9e, 0xcc, 0xf9, 0x1b, 0xc1, 0xbd, 0xc4, 0xf7, 0xa1, 0x82, 0x42, 0x31,
-	0x58, 0xfd, 0x3d, 0x00, 0x07, 0xf7, 0xb6, 0x09, 0xb6, 0xc2, 0x8b, 0x60, 0xd6, 0xed, 0xb4, 0xf7,
-	0xb0, 0xac, 0xdf, 0x74, 0xe4, 0x9c, 0x8a, 0xa0, 0x22, 0xc5, 0x35, 0x5e, 0x79, 0xf2, 0xbc, 0x30,
-	0xf5, 0xf4, 0x79, 0x61, 0xea, 0xd9, 0xf3, 0xc2, 0xd4, 0x27, 0xbd, 0x82, 0xf6, 0xa4, 0x57, 0xd0,
-	0x9e, 0xf6, 0x0a, 0xda, 0xb3, 0x5e, 0x41, 0xfb, 0xad, 0x57, 0xd0, 0x3e, 0xff, 0xbd, 0x30, 0xf5,
-	0x76, 0x7e, 0xd4, 0x0f, 0xc0, 0x7f, 0x04, 0x00, 0x00, 0xff, 0xff, 0x61, 0x0f, 0x0a, 0xd7, 0x34,
-	0x16, 0x00, 0x00,
+	// 1671 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x58, 0xcb, 0x6f, 0x1b, 0xd5,
+	0x1a, 0xcf, 0x38, 0x71, 0xec, 0x1c, 0x27, 0x69, 0x72, 0x6e, 0xab, 0xeb, 0x9b, 0xab, 0x6b, 0xe7,
+	0x8e, 0x68, 0x1b, 0x68, 0x6b, 0xd3, 0xb4, 0x42, 0xb0, 0x01, 0x3a, 0x69, 0x9a, 0x86, 0xa6, 0x8e,
+	0x75, 0x6c, 0x15, 0x81, 0x78, 0x74, 0x32, 0x3e, 0xb1, 0xa7, 0x1e, 0xcf, 0x19, 0x9d, 0x39, 0x0e,
+	0xad, 0x84, 0x10, 0x1b, 0x16, 0xec, 0xf8, 0x17, 0x10, 0x7f, 0x01, 0x82, 0x05, 0x12, 0x82, 0xc2,
+	0x06, 0x75, 0x59, 0x89, 0x4d, 0x37, 0x58, 0xd4, 0xfc, 0x17, 0x59, 0xa1, 0xf3, 0x98, 0x97, 0x1f,
+	0xb5, 0xa9, 0xaa, 0xac, 0x92, 0xf3, 0x7d, 0xdf, 0xf9, 0x7d, 0x8f, 0xf3, 0xbd, 0xc6, 0xe0, 0x5a,
+	0xfb, 0x75, 0xbf, 0x64, 0x93, 0x72, 0xbb, 0x7b, 0x80, 0xa9, 0x8b, 0x19, 0xf6, 0xcb, 0x47, 0xd8,
+	0x6d, 0x10, 0x5a, 0x56, 0x0c, 0xd3, 0xb3, 0xcb, 0x2e, 0x66, 0x9f, 0x10, 0xda, 0xb6, 0xdd, 0x66,
+	0xf9, 0xe8, 0x72, 0xb9, 0x89, 0x5d, 0x4c, 0x4d, 0x86, 0x1b, 0x25, 0x8f, 0x12, 0x46, 0x60, 0x5e,
+	0x4a, 0x96, 0x4c, 0xcf, 0x2e, 0x45, 0x92, 0xa5, 0xa3, 0xcb, 0x6b, 0x97, 0x9a, 0x36, 0x6b, 0x75,
+	0x0f, 0x4a, 0x16, 0xe9, 0x94, 0x9b, 0xa4, 0x49, 0xca, 0xe2, 0xc2, 0x41, 0xf7, 0x50, 0x9c, 0xc4,
+	0x41, 0xfc, 0x27, 0x81, 0xd6, 0xf4, 0x98, 0x4a, 0x8b, 0x50, 0x3c, 0x42, 0xd9, 0xda, 0xd5, 0x48,
+	0xa6, 0x63, 0x5a, 0x2d, 0xdb, 0xc5, 0xf4, 0x41, 0xd9, 0x6b, 0x37, 0x39, 0xc1, 0x2f, 0x77, 0x30,
+	0x33, 0x47, 0xdd, 0x2a, 0x8f, 0xbb, 0x45, 0xbb, 0x2e, 0xb3, 0x3b, 0x78, 0xe8, 0xc2, 0x6b, 0x93,
+	0x2e, 0xf8, 0x56, 0x0b, 0x77, 0xcc, 0xa1, 0x7b, 0x57, 0xc6, 0xdd, 0xeb, 0x32, 0xdb, 0x29, 0xdb,
+	0x2e, 0xf3, 0x19, 0x1d, 0xbc, 0xa4, 0xff, 0xac, 0x81, 0x53, 0x37, 0xeb, 0xf5, 0xea, 0xae, 0xdb,
+	0xa4, 0xd8, 0xf7, 0xab, 0x26, 0x6b, 0xc1, 0x75, 0x30, 0xe7, 0x99, 0xac, 0x95, 0xd7, 0xd6, 0xb5,
+	0x8d, 0x05, 0x63, 0xf1, 0x51, 0xaf, 0x38, 0xd3, 0xef, 0x15, 0xe7, 0x38, 0x0f, 0x09, 0x0e, 0xbc,
+	0x0a, 0xb2, 0xfc, 0x6f, 0xfd, 0x81, 0x87, 0xf3, 0xb3, 0x42, 0x2a, 0xdf, 0xef, 0x15, 0xb3, 0x55,
+	0x45, 0x3b, 0x8e, 0xfd, 0x8f, 0x42, 0x49, 0x58, 0x03, 0x99, 0x03, 0xd3, 0x6a, 0x63, 0xb7, 0x91,
+	0x4f, 0xad, 0x6b, 0x1b, 0xb9, 0xcd, 0x8d, 0xd2, 0xb8, 0xe7, 0x2b, 0x29, 0x7b, 0x0c, 0x29, 0x6f,
+	0x9c, 0x52, 0x46, 0x64, 0x14, 0x01, 0x05, 0x48, 0xfa, 0x21, 0x38, 0x1d, 0xb3, 0x1f, 0x75, 0x1d,
+	0x7c, 0xc7, 0x74, 0xba, 0x18, 0x56, 0x40, 0x9a, 0x2b, 0xf6, 0xf3, 0xda, 0xfa, 0xec, 0x46, 0x6e,
+	0xf3, 0xe5, 0xf1, 0xaa, 0x06, 0xdc, 0x37, 0x96, 0x94, 0xae, 0x34, 0x3f, 0xf9, 0x48, 0xc2, 0xe8,
+	0xfb, 0x20, 0xb3, 0x5b, 0x35, 0x1c, 0x62, 0xb5, 0x79, 0x7c, 0x2c, 0xbb, 0x41, 0x07, 0xe3, 0xb3,
+	0xb5, 0x7b, 0x1d, 0x21, 0xc1, 0x81, 0x3a, 0x98, 0xc7, 0xf7, 0x2d, 0xec, 0xb1, 0x7c, 0x6a, 0x7d,
+	0x76, 0x63, 0xc1, 0x00, 0xfd, 0x5e, 0x71, 0x7e, 0x5b, 0x50, 0x90, 0xe2, 0xe8, 0x5f, 0xa4, 0x40,
+	0x46, 0xa9, 0x85, 0x77, 0x41, 0x96, 0xa7, 0x4f, 0xc3, 0x64, 0xa6, 0x40, 0xcd, 0x6d, 0xbe, 0x1a,
+	0xb3, 0x37, 0x7c, 0xcd, 0x92, 0xd7, 0x6e, 0x72, 0x82, 0x5f, 0xe2, 0xd2, 0xdc, 0xf6, 0xfd, 0x83,
+	0x7b, 0xd8, 0x62, 0xb7, 0x31, 0x33, 0x0d, 0xa8, 0xec, 0x00, 0x11, 0x0d, 0x85, 0xa8, 0x70, 0x07,
+	0xcc, 0xf9, 0x1e, 0xb6, 0x54, 0xe0, 0xcf, 0x4e, 0x0c, 0x7c, 0xcd, 0xc3, 0x56, 0xe4, 0x1a, 0x3f,
+	0x21, 0x01, 0x00, 0xf7, 0xc1, 0xbc, 0xcf, 0x4c, 0xd6, 0xf5, 0xc5, 0xc3, 0xe7, 0x36, 0xcf, 0x4f,
+	0x86, 0x12, 0xe2, 0xc6, 0xb2, 0x02, 0x9b, 0x97, 0x67, 0xa4, 0x60, 0xf4, 0x5f, 0x35, 0xb0, 0x9c,
+	0x7c, 0x6d, 0x78, 0x07, 0x64, 0x7c, 0x4c, 0x8f, 0x6c, 0x0b, 0xe7, 0xe7, 0x84, 0x92, 0xf2, 0x64,
+	0x25, 0x52, 0x3e, 0xc8, 0x97, 0x1c, 0xcf, 0x15, 0x45, 0x43, 0x01, 0x18, 0x7c, 0x17, 0x64, 0x29,
+	0xf6, 0x49, 0x97, 0x5a, 0x58, 0x59, 0x7f, 0x29, 0x0e, 0xcc, 0xeb, 0x9e, 0x43, 0xf2, 0x64, 0x6d,
+	0xec, 0x11, 0xcb, 0x74, 0x64, 0x28, 0x11, 0x3e, 0xc4, 0x14, 0xbb, 0x16, 0x36, 0x16, 0x79, 0x96,
+	0x23, 0x05, 0x81, 0x42, 0x30, 0x5e, 0x45, 0x8b, 0xca, 0x90, 0x2d, 0xc7, 0x3c, 0x91, 0x07, 0xdd,
+	0x4b, 0x3c, 0xe8, 0x2b, 0x13, 0x03, 0x24, 0xec, 0x1a, 0xf7, 0xaa, 0xfa, 0x4f, 0x1a, 0x58, 0x89,
+	0x0b, 0xee, 0xd9, 0x3e, 0x83, 0x1f, 0x0c, 0x39, 0x51, 0x9a, 0xce, 0x09, 0x7e, 0x5b, 0xb8, 0xb0,
+	0xa2, 0x54, 0x65, 0x03, 0x4a, 0xcc, 0x81, 0x5b, 0x20, 0x6d, 0x33, 0xdc, 0xf1, 0x45, 0x89, 0xe4,
+	0x36, 0xcf, 0x4d, 0xe7, 0x41, 0x54, 0x9d, 0xbb, 0xfc, 0x32, 0x92, 0x18, 0xfa, 0x1f, 0x1a, 0x28,
+	0xc6, 0xc5, 0xaa, 0x26, 0x35, 0x3b, 0x98, 0x61, 0xea, 0x87, 0x8f, 0x07, 0x37, 0x40, 0xd6, 0xac,
+	0xee, 0xee, 0x50, 0xd2, 0xf5, 0x82, 0xd2, 0xe5, 0xa6, 0x5d, 0x53, 0x34, 0x14, 0x72, 0x79, 0x81,
+	0xb7, 0x6d, 0xd5, 0xa5, 0x62, 0x05, 0x7e, 0xcb, 0x76, 0x1b, 0x48, 0x70, 0xb8, 0x84, 0x6b, 0x76,
+	0x82, 0xe6, 0x17, 0x4a, 0x54, 0xcc, 0x0e, 0x46, 0x82, 0x03, 0x8b, 0x20, 0xed, 0x5b, 0xc4, 0x93,
+	0x19, 0xbc, 0x60, 0x2c, 0x70, 0x93, 0x6b, 0x9c, 0x80, 0x24, 0x1d, 0x5e, 0x00, 0x0b, 0x5c, 0xd0,
+	0xf7, 0x4c, 0x0b, 0xe7, 0xd3, 0x42, 0x68, 0xa9, 0xdf, 0x2b, 0x2e, 0x54, 0x02, 0x22, 0x8a, 0xf8,
+	0xfa, 0xb7, 0x03, 0xef, 0xc3, 0x9f, 0x0e, 0x6e, 0x02, 0x60, 0x11, 0x97, 0x51, 0xe2, 0x38, 0x38,
+	0xe8, 0x46, 0x61, 0xd2, 0x6c, 0x85, 0x1c, 0x14, 0x93, 0x82, 0x36, 0x00, 0x5e, 0x18, 0x1b, 0x95,
+	0x3c, 0x6f, 0x4c, 0x17, 0xfa, 0x11, 0x31, 0x35, 0x96, 0xb9, 0xaa, 0x18, 0x23, 0x06, 0xae, 0x7f,
+	0xa7, 0x81, 0x9c, 0xba, 0x7f, 0x02, 0xe9, 0x74, 0x23, 0x99, 0x4e, 0xff, 0x9f, 0x3c, 0x5a, 0x46,
+	0x67, 0xd2, 0x0f, 0x1a, 0x58, 0x0b, 0xac, 0x26, 0x66, 0xc3, 0x30, 0x1d, 0xd3, 0xb5, 0x30, 0x0d,
+	0x3a, 0xf5, 0x1a, 0x48, 0xd9, 0x41, 0xfa, 0x00, 0x05, 0x90, 0xda, 0xad, 0xa2, 0x94, 0xed, 0xc1,
+	0x8b, 0x20, 0xdb, 0x22, 0x3e, 0x13, 0x89, 0x21, 0x53, 0x27, 0x34, 0xf8, 0xa6, 0xa2, 0xa3, 0x50,
+	0x02, 0x56, 0x41, 0xda, 0x23, 0x94, 0xf9, 0xf9, 0x39, 0x61, 0xf0, 0x85, 0x89, 0x06, 0x57, 0x09,
+	0x65, 0xaa, 0x97, 0x46, 0x23, 0x8a, 0x23, 0x20, 0x09, 0xa4, 0x7f, 0x0a, 0xfe, 0x33, 0xc2, 0x72,
+	0x79, 0x05, 0x7e, 0x0c, 0x32, 0xb6, 0x64, 0xaa, 0x89, 0x78, 0x75, 0xa2, 0xc2, 0x11, 0xfe, 0x47,
+	0x83, 0x38, 0x18, 0xb8, 0x01, 0xaa, 0xfe, 0x8d, 0x06, 0x56, 0x87, 0x2c, 0x15, 0xbb, 0x04, 0xa1,
+	0x4c, 0x44, 0x2c, 0x1d, 0xdb, 0x25, 0x08, 0x65, 0x48, 0x70, 0xe0, 0x2d, 0x90, 0x15, 0xab, 0x88,
+	0x45, 0x1c, 0x15, 0xb5, 0x72, 0x10, 0xb5, 0xaa, 0xa2, 0x1f, 0xf7, 0x8a, 0xff, 0x1d, 0xde, 0xcf,
+	0x4a, 0x01, 0x1b, 0x85, 0x00, 0xbc, 0xea, 0x30, 0xa5, 0x84, 0xaa, 0xc2, 0x14, 0x55, 0xb7, 0xcd,
+	0x09, 0x48, 0xd2, 0xf5, 0xaf, 0xa3, 0xa4, 0xe4, 0xbb, 0x02, 0xb7, 0x8f, 0xbf, 0xc8, 0xe0, 0x2c,
+	0xe7, 0xef, 0x85, 0x04, 0x07, 0x7a, 0x60, 0xc5, 0x1e, 0x58, 0x2e, 0xa6, 0x6e, 0xba, 0xe1, 0x0d,
+	0x23, 0xaf, 0x90, 0x57, 0x06, 0x39, 0x68, 0x08, 0x5d, 0xbf, 0x0b, 0x86, 0xa4, 0x78, 0xbb, 0x6f,
+	0x31, 0xe6, 0x8d, 0x28, 0x9c, 0xf1, 0xdb, 0x4c, 0xa4, 0x3d, 0x2b, 0x7c, 0xaa, 0xd7, 0xab, 0x48,
+	0xa0, 0xe8, 0x5f, 0x6a, 0xe0, 0xcc, 0xc8, 0xc1, 0x19, 0x36, 0x36, 0x6d, 0x6c, 0x63, 0xab, 0xa8,
+	0x17, 0x95, 0x31, 0xb8, 0x38, 0xde, 0x92, 0x24, 0x32, 0x7f, 0xf1, 0x51, 0xef, 0xaf, 0xff, 0x96,
+	0x0a, 0x5f, 0x44, 0x74, 0xb5, 0xb7, 0xc3, 0x78, 0x8b, 0xae, 0xc3, 0x35, 0xab, 0x1e, 0x7a, 0x3a,
+	0x16, 0xbf, 0x90, 0x87, 0x86, 0xa4, 0x61, 0x03, 0x2c, 0x37, 0xf0, 0xa1, 0xd9, 0x75, 0x98, 0xd2,
+	0xad, 0xa2, 0x36, 0xfd, 0xba, 0x09, 0xfb, 0xbd, 0xe2, 0xf2, 0xf5, 0x04, 0x06, 0x1a, 0xc0, 0x84,
+	0x5b, 0x60, 0x96, 0x39, 0x41, 0xbb, 0x79, 0x69, 0x22, 0x74, 0x7d, 0xaf, 0x66, 0xe4, 0x94, 0xfb,
+	0xb3, 0xf5, 0xbd, 0x1a, 0xe2, 0xb7, 0xe1, 0x3b, 0x20, 0x4d, 0xbb, 0x0e, 0xe6, 0xcb, 0xd4, 0xec,
+	0x54, 0x7b, 0x19, 0x7f, 0xd3, 0xa8, 0xfc, 0xf9, 0xc9, 0x47, 0x12, 0x42, 0xff, 0x0c, 0x2c, 0x25,
+	0x36, 0x2e, 0xd8, 0x01, 0x8b, 0x4e, 0xac, 0x84, 0x55, 0x14, 0xae, 0xfc, 0xa3, 0xba, 0x57, 0x0d,
+	0xe7, 0xb4, 0xd2, 0xb8, 0x18, 0xe7, 0xa1, 0x04, 0xbc, 0x6e, 0x02, 0x10, 0xf9, 0xca, 0x2b, 0x91,
+	0x97, 0x8f, 0xec, 0x36, 0xaa, 0x12, 0x79, 0x55, 0xf9, 0x48, 0xd2, 0xf9, 0xf4, 0xf2, 0xb1, 0x45,
+	0x31, 0xab, 0x44, 0xfd, 0x32, 0x9c, 0x5e, 0xb5, 0x90, 0x83, 0x62, 0x52, 0xfa, 0x2f, 0x1a, 0x58,
+	0xaa, 0x48, 0x93, 0xab, 0xc4, 0xb1, 0xad, 0x07, 0x27, 0xb0, 0x68, 0xdd, 0x4e, 0x2c, 0x5a, 0xcf,
+	0x68, 0xd3, 0x09, 0xc3, 0xc6, 0x6e, 0x5a, 0xdf, 0x6b, 0xe0, 0xdf, 0x09, 0xc9, 0xed, 0xa8, 0x19,
+	0x85, 0x23, 0x41, 0x9b, 0x34, 0x12, 0x12, 0x08, 0xa2, 0xb4, 0x46, 0x8e, 0x04, 0xb8, 0x03, 0x52,
+	0x8c, 0xa8, 0x1c, 0x9d, 0x1a, 0x0e, 0x63, 0x1a, 0xcd, 0xb6, 0x3a, 0x41, 0x29, 0x46, 0xf4, 0x1f,
+	0x35, 0x90, 0x4f, 0x48, 0xc5, 0x9b, 0xe8, 0x8b, 0xb7, 0xfb, 0x36, 0x98, 0x3b, 0xa4, 0xa4, 0xf3,
+	0x3c, 0x96, 0x87, 0x41, 0xbf, 0x41, 0x49, 0x07, 0x09, 0x18, 0xfd, 0xa1, 0x06, 0x56, 0x13, 0x92,
+	0x27, 0xb0, 0x90, 0xec, 0x25, 0x17, 0x92, 0xf3, 0x53, 0xfa, 0x30, 0x66, 0x2d, 0x79, 0x98, 0x1a,
+	0xf0, 0x80, 0xfb, 0x0a, 0x0f, 0x41, 0xce, 0x23, 0x8d, 0x1a, 0x76, 0xb0, 0xc5, 0xc8, 0xa8, 0x02,
+	0x7f, 0x96, 0x13, 0xe6, 0x01, 0x76, 0x82, 0xab, 0xc6, 0xa9, 0x7e, 0xaf, 0x98, 0xab, 0x46, 0x58,
+	0x28, 0x0e, 0x0c, 0xef, 0x83, 0xd5, 0x70, 0x17, 0x0d, 0xb5, 0xa5, 0x9e, 0x5f, 0xdb, 0x99, 0x7e,
+	0xaf, 0xb8, 0x5a, 0x19, 0x44, 0x44, 0xc3, 0x4a, 0xe0, 0x4d, 0x90, 0xb1, 0x3d, 0xf1, 0xd9, 0xad,
+	0xbe, 0xd8, 0x9e, 0xb5, 0xd8, 0xc9, 0xef, 0x73, 0xf9, 0xf1, 0xa7, 0x0e, 0x28, 0xb8, 0xae, 0xff,
+	0x3e, 0x98, 0x03, 0x3c, 0xe1, 0xe0, 0x4e, 0x6c, 0xfb, 0x90, 0x33, 0xef, 0xc2, 0xf3, 0x6d, 0x1e,
+	0xc9, 0xb1, 0x38, 0xbe, 0x09, 0x75, 0x99, 0xed, 0x94, 0xe4, 0x8f, 0x31, 0xa5, 0x5d, 0x97, 0xed,
+	0xd3, 0x1a, 0xa3, 0xb6, 0xdb, 0x94, 0x23, 0x3a, 0xb6, 0x16, 0x9d, 0x05, 0x19, 0x35, 0x35, 0x85,
+	0xe3, 0x69, 0xe9, 0xd5, 0xb6, 0x24, 0xa1, 0x80, 0xa7, 0x1f, 0x0f, 0xe6, 0x85, 0x98, 0xa1, 0xf7,
+	0x5e, 0x58, 0x5e, 0xfc, 0x4b, 0x65, 0xe3, 0xf8, 0xdc, 0xf8, 0x30, 0x5a, 0x2c, 0x65, 0xa6, 0x6f,
+	0x4e, 0x99, 0xe9, 0xf1, 0x89, 0x36, 0x76, 0xad, 0x84, 0xef, 0x81, 0x79, 0x2c, 0xd1, 0xe5, 0x88,
+	0xbc, 0x3c, 0x25, 0x7a, 0xd4, 0x56, 0xa3, 0x5f, 0x1e, 0x14, 0x4d, 0x01, 0xc2, 0xb7, 0x78, 0x94,
+	0xb8, 0x2c, 0xff, 0xe0, 0x97, 0x7b, 0xf8, 0x82, 0xf1, 0x3f, 0xe9, 0x6c, 0x48, 0x3e, 0xe6, 0x1f,
+	0x38, 0xe1, 0x11, 0xc5, 0x6f, 0xe8, 0x1f, 0x01, 0x38, 0xbc, 0xe4, 0x4c, 0xb1, 0x42, 0x9d, 0x03,
+	0xf3, 0x6e, 0xb7, 0x73, 0x80, 0x65, 0x0d, 0xa5, 0x23, 0x03, 0x2b, 0x82, 0x8a, 0x14, 0xd7, 0x78,
+	0xf3, 0xd1, 0xd3, 0xc2, 0xcc, 0xe3, 0xa7, 0x85, 0x99, 0x27, 0x4f, 0x0b, 0x33, 0x9f, 0xf7, 0x0b,
+	0xda, 0xa3, 0x7e, 0x41, 0x7b, 0xdc, 0x2f, 0x68, 0x4f, 0xfa, 0x05, 0xed, 0xcf, 0x7e, 0x41, 0xfb,
+	0xea, 0xaf, 0xc2, 0xcc, 0xfb, 0xf9, 0x71, 0xbf, 0x96, 0xfe, 0x1d, 0x00, 0x00, 0xff, 0xff, 0xd4,
+	0x46, 0x40, 0xf2, 0x61, 0x15, 0x00, 0x00,
 }
 
 func (m *HTTPIngressPath) Marshal() (dAtA []byte, err error) {
@@ -1822,16 +1790,6 @@ func (m *NetworkPolicy) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	_ = i
 	var l int
 	_ = l
-	{
-		size, err := m.Status.MarshalToSizedBuffer(dAtA[:i])
-		if err != nil {
-			return 0, err
-		}
-		i -= size
-		i = encodeVarintGenerated(dAtA, i, uint64(size))
-	}
-	i--
-	dAtA[i] = 0x1a
 	{
 		size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
 		if err != nil {
@@ -2180,43 +2138,6 @@ func (m *NetworkPolicySpec) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	return len(dAtA) - i, nil
 }
 
-func (m *NetworkPolicyStatus) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalToSizedBuffer(dAtA[:size])
-	if err != nil {
-		return nil, err
-	}
-	return dAtA[:n], nil
-}
-
-func (m *NetworkPolicyStatus) MarshalTo(dAtA []byte) (int, error) {
-	size := m.Size()
-	return m.MarshalToSizedBuffer(dAtA[:size])
-}
-
-func (m *NetworkPolicyStatus) MarshalToSizedBuffer(dAtA []byte) (int, error) {
-	i := len(dAtA)
-	_ = i
-	var l int
-	_ = l
-	if len(m.Conditions) > 0 {
-		for iNdEx := len(m.Conditions) - 1; iNdEx >= 0; iNdEx-- {
-			{
-				size, err := m.Conditions[iNdEx].MarshalToSizedBuffer(dAtA[:i])
-				if err != nil {
-					return 0, err
-				}
-				i -= size
-				i = encodeVarintGenerated(dAtA, i, uint64(size))
-			}
-			i--
-			dAtA[i] = 0xa
-		}
-	}
-	return len(dAtA) - i, nil
-}
-
 func (m *ServiceBackendPort) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
@@ -2583,8 +2504,6 @@ func (m *NetworkPolicy) Size() (n int) {
 	n += 1 + l + sovGenerated(uint64(l))
 	l = m.Spec.Size()
 	n += 1 + l + sovGenerated(uint64(l))
-	l = m.Status.Size()
-	n += 1 + l + sovGenerated(uint64(l))
 	return n
 }
 
@@ -2717,21 +2636,6 @@ func (m *NetworkPolicySpec) Size() (n int) {
 	return n
 }
 
-func (m *NetworkPolicyStatus) Size() (n int) {
-	if m == nil {
-		return 0
-	}
-	var l int
-	_ = l
-	if len(m.Conditions) > 0 {
-		for _, e := range m.Conditions {
-			l = e.Size()
-			n += 1 + l + sovGenerated(uint64(l))
-		}
-	}
-	return n
-}
-
 func (m *ServiceBackendPort) Size() (n int) {
 	if m == nil {
 		return 0
@@ -3006,7 +2910,6 @@ func (this *NetworkPolicy) String() string {
 	s := strings.Join([]string{`&NetworkPolicy{`,
 		`ObjectMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ObjectMeta), "ObjectMeta", "v1.ObjectMeta", 1), `&`, ``, 1) + `,`,
 		`Spec:` + strings.Replace(strings.Replace(this.Spec.String(), "NetworkPolicySpec", "NetworkPolicySpec", 1), `&`, ``, 1) + `,`,
-		`Status:` + strings.Replace(strings.Replace(this.Status.String(), "NetworkPolicyStatus", "NetworkPolicyStatus", 1), `&`, ``, 1) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -3116,21 +3019,6 @@ func (this *NetworkPolicySpec) String() string {
 	}, "")
 	return s
 }
-func (this *NetworkPolicyStatus) String() string {
-	if this == nil {
-		return "nil"
-	}
-	repeatedStringForConditions := "[]Condition{"
-	for _, f := range this.Conditions {
-		repeatedStringForConditions += fmt.Sprintf("%v", f) + ","
-	}
-	repeatedStringForConditions += "}"
-	s := strings.Join([]string{`&NetworkPolicyStatus{`,
-		`Conditions:` + repeatedStringForConditions + `,`,
-		`}`,
-	}, "")
-	return s
-}
 func (this *ServiceBackendPort) String() string {
 	if this == nil {
 		return "nil"
@@ -5609,39 +5497,6 @@ func (m *NetworkPolicy) Unmarshal(dAtA []byte) error {
 				return err
 			}
 			iNdEx = postIndex
-		case 3:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Status", wireType)
-			}
-			var msglen int
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowGenerated
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				msglen |= int(b&0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			if msglen < 0 {
-				return ErrInvalidLengthGenerated
-			}
-			postIndex := iNdEx + msglen
-			if postIndex < 0 {
-				return ErrInvalidLengthGenerated
-			}
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			if err := m.Status.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
-			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipGenerated(dAtA[iNdEx:])
@@ -6496,90 +6351,6 @@ func (m *NetworkPolicySpec) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *NetworkPolicyStatus) Unmarshal(dAtA []byte) error {
-	l := len(dAtA)
-	iNdEx := 0
-	for iNdEx < l {
-		preIndex := iNdEx
-		var wire uint64
-		for shift := uint(0); ; shift += 7 {
-			if shift >= 64 {
-				return ErrIntOverflowGenerated
-			}
-			if iNdEx >= l {
-				return io.ErrUnexpectedEOF
-			}
-			b := dAtA[iNdEx]
-			iNdEx++
-			wire |= uint64(b&0x7F) << shift
-			if b < 0x80 {
-				break
-			}
-		}
-		fieldNum := int32(wire >> 3)
-		wireType := int(wire & 0x7)
-		if wireType == 4 {
-			return fmt.Errorf("proto: NetworkPolicyStatus: wiretype end group for non-group")
-		}
-		if fieldNum <= 0 {
-			return fmt.Errorf("proto: NetworkPolicyStatus: illegal tag %d (wire type %d)", fieldNum, wire)
-		}
-		switch fieldNum {
-		case 1:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Conditions", wireType)
-			}
-			var msglen int
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowGenerated
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				msglen |= int(b&0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			if msglen < 0 {
-				return ErrInvalidLengthGenerated
-			}
-			postIndex := iNdEx + msglen
-			if postIndex < 0 {
-				return ErrInvalidLengthGenerated
-			}
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.Conditions = append(m.Conditions, v1.Condition{})
-			if err := m.Conditions[len(m.Conditions)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
-			iNdEx = postIndex
-		default:
-			iNdEx = preIndex
-			skippy, err := skipGenerated(dAtA[iNdEx:])
-			if err != nil {
-				return err
-			}
-			if (skippy < 0) || (iNdEx+skippy) < 0 {
-				return ErrInvalidLengthGenerated
-			}
-			if (iNdEx + skippy) > l {
-				return io.ErrUnexpectedEOF
-			}
-			iNdEx += skippy
-		}
-	}
-
-	if iNdEx > l {
-		return io.ErrUnexpectedEOF
-	}
-	return nil
-}
 func (m *ServiceBackendPort) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
diff --git a/vendor/k8s.io/api/networking/v1/generated.proto b/vendor/k8s.io/api/networking/v1/generated.proto
index ed194a89d5..b50dd491e0 100644
--- a/vendor/k8s.io/api/networking/v1/generated.proto
+++ b/vendor/k8s.io/api/networking/v1/generated.proto
@@ -384,11 +384,6 @@ message NetworkPolicy {
   // spec represents the specification of the desired behavior for this NetworkPolicy.
   // +optional
   optional NetworkPolicySpec spec = 2;
-
-  // status represents the current state of the NetworkPolicy.
-  // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
-  // +optional
-  optional NetworkPolicyStatus status = 3;
 }
 
 // NetworkPolicyEgressRule describes a particular set of traffic that is allowed out of pods
@@ -536,18 +531,6 @@ message NetworkPolicySpec {
   repeated string policyTypes = 4;
 }
 
-// NetworkPolicyStatus describes the current state of the NetworkPolicy.
-message NetworkPolicyStatus {
-  // conditions holds an array of metav1.Condition that describe the state of the NetworkPolicy.
-  // Current service state
-  // +optional
-  // +patchMergeKey=type
-  // +patchStrategy=merge
-  // +listType=map
-  // +listMapKey=type
-  repeated k8s.io.apimachinery.pkg.apis.meta.v1.Condition conditions = 1;
-}
-
 // ServiceBackendPort is the service port being referenced.
 message ServiceBackendPort {
   // name is the name of the port on the Service.
diff --git a/vendor/k8s.io/api/networking/v1/types.go b/vendor/k8s.io/api/networking/v1/types.go
index fa7cf1bd70..a17e2cb5b3 100644
--- a/vendor/k8s.io/api/networking/v1/types.go
+++ b/vendor/k8s.io/api/networking/v1/types.go
@@ -38,10 +38,10 @@ type NetworkPolicy struct {
 	// +optional
 	Spec NetworkPolicySpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"`
 
-	// status represents the current state of the NetworkPolicy.
-	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
-	// +optional
-	Status NetworkPolicyStatus `json:"status,omitempty" protobuf:"bytes,3,opt,name=status"`
+	// Status is tombstoned to show why 3 is a reserved protobuf tag.
+	// This commented field should remain, so in the future if we decide to reimplement
+	// NetworkPolicyStatus a different protobuf name and tag SHOULD be used!
+	// Status NetworkPolicyStatus `json:"status,omitempty" protobuf:"bytes,3,opt,name=status"`
 }
 
 // PolicyType string describes the NetworkPolicy type
@@ -205,48 +205,6 @@ type NetworkPolicyPeer struct {
 	IPBlock *IPBlock `json:"ipBlock,omitempty" protobuf:"bytes,3,rep,name=ipBlock"`
 }
 
-// NetworkPolicyConditionType is the type for status conditions on
-// a NetworkPolicy. This type should be used with the
-// NetworkPolicyStatus.Conditions field.
-type NetworkPolicyConditionType string
-
-const (
-	// NetworkPolicyConditionStatusAccepted represents status of a Network Policy that could be properly parsed by
-	// the Network Policy provider and will be implemented in the cluster
-	NetworkPolicyConditionStatusAccepted NetworkPolicyConditionType = "Accepted"
-
-	// NetworkPolicyConditionStatusPartialFailure represents status of a Network Policy that could be partially
-	// parsed by the Network Policy provider and may not be completely implemented due to a lack of a feature or some
-	// other condition
-	NetworkPolicyConditionStatusPartialFailure NetworkPolicyConditionType = "PartialFailure"
-
-	// NetworkPolicyConditionStatusFailure represents status of a Network Policy that could not be parsed by the
-	// Network Policy provider and will not be implemented in the cluster
-	NetworkPolicyConditionStatusFailure NetworkPolicyConditionType = "Failure"
-)
-
-// NetworkPolicyConditionReason defines the set of reasons that explain why a
-// particular NetworkPolicy condition type has been raised.
-type NetworkPolicyConditionReason string
-
-const (
-	// NetworkPolicyConditionReasonFeatureNotSupported represents a reason where the Network Policy may not have been
-	// implemented in the cluster due to a lack of some feature not supported by the Network Policy provider
-	NetworkPolicyConditionReasonFeatureNotSupported NetworkPolicyConditionReason = "FeatureNotSupported"
-)
-
-// NetworkPolicyStatus describes the current state of the NetworkPolicy.
-type NetworkPolicyStatus struct {
-	// conditions holds an array of metav1.Condition that describe the state of the NetworkPolicy.
-	// Current service state
-	// +optional
-	// +patchMergeKey=type
-	// +patchStrategy=merge
-	// +listType=map
-	// +listMapKey=type
-	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"`
-}
-
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 
 // NetworkPolicyList is a list of NetworkPolicy objects.
diff --git a/vendor/k8s.io/api/networking/v1/types_swagger_doc_generated.go b/vendor/k8s.io/api/networking/v1/types_swagger_doc_generated.go
index 91161d5ca4..ff080540d3 100644
--- a/vendor/k8s.io/api/networking/v1/types_swagger_doc_generated.go
+++ b/vendor/k8s.io/api/networking/v1/types_swagger_doc_generated.go
@@ -224,7 +224,6 @@ var map_NetworkPolicy = map[string]string{
 	"":         "NetworkPolicy describes what network traffic is allowed for a set of Pods",
 	"metadata": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata",
 	"spec":     "spec represents the specification of the desired behavior for this NetworkPolicy.",
-	"status":   "status represents the current state of the NetworkPolicy. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status",
 }
 
 func (NetworkPolicy) SwaggerDoc() map[string]string {
@@ -295,15 +294,6 @@ func (NetworkPolicySpec) SwaggerDoc() map[string]string {
 	return map_NetworkPolicySpec
 }
 
-var map_NetworkPolicyStatus = map[string]string{
-	"":           "NetworkPolicyStatus describes the current state of the NetworkPolicy.",
-	"conditions": "conditions holds an array of metav1.Condition that describe the state of the NetworkPolicy. Current service state",
-}
-
-func (NetworkPolicyStatus) SwaggerDoc() map[string]string {
-	return map_NetworkPolicyStatus
-}
-
 var map_ServiceBackendPort = map[string]string{
 	"":       "ServiceBackendPort is the service port being referenced.",
 	"name":   "name is the name of the port on the Service. This is a mutually exclusive setting with \"Number\".",
diff --git a/vendor/k8s.io/api/networking/v1/zz_generated.deepcopy.go b/vendor/k8s.io/api/networking/v1/zz_generated.deepcopy.go
index c95653c918..540873833f 100644
--- a/vendor/k8s.io/api/networking/v1/zz_generated.deepcopy.go
+++ b/vendor/k8s.io/api/networking/v1/zz_generated.deepcopy.go
@@ -499,7 +499,6 @@ func (in *NetworkPolicy) DeepCopyInto(out *NetworkPolicy) {
 	out.TypeMeta = in.TypeMeta
 	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
 	in.Spec.DeepCopyInto(&out.Spec)
-	in.Status.DeepCopyInto(&out.Status)
 	return
 }
 
@@ -712,29 +711,6 @@ func (in *NetworkPolicySpec) DeepCopy() *NetworkPolicySpec {
 	return out
 }
 
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *NetworkPolicyStatus) DeepCopyInto(out *NetworkPolicyStatus) {
-	*out = *in
-	if in.Conditions != nil {
-		in, out := &in.Conditions, &out.Conditions
-		*out = make([]metav1.Condition, len(*in))
-		for i := range *in {
-			(*in)[i].DeepCopyInto(&(*out)[i])
-		}
-	}
-	return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicyStatus.
-func (in *NetworkPolicyStatus) DeepCopy() *NetworkPolicyStatus {
-	if in == nil {
-		return nil
-	}
-	out := new(NetworkPolicyStatus)
-	in.DeepCopyInto(out)
-	return out
-}
-
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ServiceBackendPort) DeepCopyInto(out *ServiceBackendPort) {
 	*out = *in
diff --git a/vendor/k8s.io/api/rbac/v1/generated.proto b/vendor/k8s.io/api/rbac/v1/generated.proto
index 222f2b9052..13ff60ea71 100644
--- a/vendor/k8s.io/api/rbac/v1/generated.proto
+++ b/vendor/k8s.io/api/rbac/v1/generated.proto
@@ -66,6 +66,7 @@ message ClusterRoleBinding {
 
   // RoleRef can only reference a ClusterRole in the global namespace.
   // If the RoleRef cannot be resolved, the Authorizer must return an error.
+  // This field is immutable.
   optional RoleRef roleRef = 3;
 }
 
@@ -140,6 +141,7 @@ message RoleBinding {
 
   // RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace.
   // If the RoleRef cannot be resolved, the Authorizer must return an error.
+  // This field is immutable.
   optional RoleRef roleRef = 3;
 }
 
diff --git a/vendor/k8s.io/api/rbac/v1/types.go b/vendor/k8s.io/api/rbac/v1/types.go
index 5a8e4a85c8..ce845d69b4 100644
--- a/vendor/k8s.io/api/rbac/v1/types.go
+++ b/vendor/k8s.io/api/rbac/v1/types.go
@@ -132,6 +132,7 @@ type RoleBinding struct {
 
 	// RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace.
 	// If the RoleRef cannot be resolved, the Authorizer must return an error.
+	// This field is immutable.
 	RoleRef RoleRef `json:"roleRef" protobuf:"bytes,3,opt,name=roleRef"`
 }
 
@@ -209,6 +210,7 @@ type ClusterRoleBinding struct {
 
 	// RoleRef can only reference a ClusterRole in the global namespace.
 	// If the RoleRef cannot be resolved, the Authorizer must return an error.
+	// This field is immutable.
 	RoleRef RoleRef `json:"roleRef" protobuf:"bytes,3,opt,name=roleRef"`
 }
 
diff --git a/vendor/k8s.io/api/rbac/v1/types_swagger_doc_generated.go b/vendor/k8s.io/api/rbac/v1/types_swagger_doc_generated.go
index 370398198b..0471a55944 100644
--- a/vendor/k8s.io/api/rbac/v1/types_swagger_doc_generated.go
+++ b/vendor/k8s.io/api/rbac/v1/types_swagger_doc_generated.go
@@ -51,7 +51,7 @@ var map_ClusterRoleBinding = map[string]string{
 	"":         "ClusterRoleBinding references a ClusterRole, but not contain it.  It can reference a ClusterRole in the global namespace, and adds who information via Subject.",
 	"metadata": "Standard object's metadata.",
 	"subjects": "Subjects holds references to the objects the role applies to.",
-	"roleRef":  "RoleRef can only reference a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error.",
+	"roleRef":  "RoleRef can only reference a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error. This field is immutable.",
 }
 
 func (ClusterRoleBinding) SwaggerDoc() map[string]string {
@@ -105,7 +105,7 @@ var map_RoleBinding = map[string]string{
 	"":         "RoleBinding references a role, but does not contain it.  It can reference a Role in the same namespace or a ClusterRole in the global namespace. It adds who information via Subjects and namespace information by which namespace it exists in.  RoleBindings in a given namespace only have effect in that namespace.",
 	"metadata": "Standard object's metadata.",
 	"subjects": "Subjects holds references to the objects the role applies to.",
-	"roleRef":  "RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error.",
+	"roleRef":  "RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error. This field is immutable.",
 }
 
 func (RoleBinding) SwaggerDoc() map[string]string {
diff --git a/vendor/k8s.io/apimachinery/pkg/api/errors/OWNERS b/vendor/k8s.io/apimachinery/pkg/api/errors/OWNERS
index 155648acb6..1a9f5e7706 100644
--- a/vendor/k8s.io/apimachinery/pkg/api/errors/OWNERS
+++ b/vendor/k8s.io/apimachinery/pkg/api/errors/OWNERS
@@ -2,7 +2,6 @@
 
 reviewers:
   - thockin
-  - lavalamp
   - smarterclayton
   - wojtek-t
   - deads2k
diff --git a/vendor/k8s.io/apimachinery/pkg/api/meta/help.go b/vendor/k8s.io/apimachinery/pkg/api/meta/help.go
index 1bf6b06d47..1fdd32c4ba 100644
--- a/vendor/k8s.io/apimachinery/pkg/api/meta/help.go
+++ b/vendor/k8s.io/apimachinery/pkg/api/meta/help.go
@@ -112,8 +112,27 @@ func getItemsPtr(list runtime.Object) (interface{}, error) {
 
 // EachListItem invokes fn on each runtime.Object in the list. Any error immediately terminates
 // the loop.
+//
+// If items passed to fn are retained for different durations, and you want to avoid
+// retaining all items in obj as long as any item is referenced, use EachListItemWithAlloc instead.
 func EachListItem(obj runtime.Object, fn func(runtime.Object) error) error {
+	return eachListItem(obj, fn, false)
+}
+
+// EachListItemWithAlloc works like EachListItem, but avoids retaining references to the items slice in obj.
+// It does this by making a shallow copy of non-pointer items in obj.
+//
+// If the items passed to fn are not retained, or are retained for the same duration, use EachListItem instead for memory efficiency.
+func EachListItemWithAlloc(obj runtime.Object, fn func(runtime.Object) error) error {
+	return eachListItem(obj, fn, true)
+}
+
+// allocNew: Whether shallow copy is required when the elements in Object.Items are struct
+func eachListItem(obj runtime.Object, fn func(runtime.Object) error, allocNew bool) error {
 	if unstructured, ok := obj.(runtime.Unstructured); ok {
+		if allocNew {
+			return unstructured.EachListItemWithAlloc(fn)
+		}
 		return unstructured.EachListItem(fn)
 	}
 	// TODO: Change to an interface call?
@@ -140,8 +159,19 @@ func EachListItem(obj runtime.Object, fn func(runtime.Object) error) error {
 	for i := 0; i < len; i++ {
 		raw := items.Index(i)
 		if takeAddr {
-			raw = raw.Addr()
+			if allocNew {
+				// shallow copy to avoid retaining a reference to the original list item
+				itemCopy := reflect.New(raw.Type())
+				// assign to itemCopy and type-assert
+				itemCopy.Elem().Set(raw)
+				// reflect.New will guarantee that itemCopy must be a pointer.
+				raw = itemCopy
+			} else {
+				raw = raw.Addr()
+			}
 		}
+		// raw must be a pointer or an interface
+		// allocate a pointer is cheap
 		switch item := raw.Interface().(type) {
 		case *runtime.RawExtension:
 			if err := fn(item.Object); err != nil {
@@ -166,7 +196,23 @@ func EachListItem(obj runtime.Object, fn func(runtime.Object) error) error {
 
 // ExtractList returns obj's Items element as an array of runtime.Objects.
 // Returns an error if obj is not a List type (does not have an Items member).
+//
+// If items in the returned list are retained for different durations, and you want to avoid
+// retaining all items in obj as long as any item is referenced, use ExtractListWithAlloc instead.
 func ExtractList(obj runtime.Object) ([]runtime.Object, error) {
+	return extractList(obj, false)
+}
+
+// ExtractListWithAlloc works like ExtractList, but avoids retaining references to the items slice in obj.
+// It does this by making a shallow copy of non-pointer items in obj.
+//
+// If the items in the returned list are not retained, or are retained for the same duration, use ExtractList instead for memory efficiency.
+func ExtractListWithAlloc(obj runtime.Object) ([]runtime.Object, error) {
+	return extractList(obj, true)
+}
+
+// allocNew: Whether shallow copy is required when the elements in Object.Items are struct
+func extractList(obj runtime.Object, allocNew bool) ([]runtime.Object, error) {
 	itemsPtr, err := GetItemsPtr(obj)
 	if err != nil {
 		return nil, err
@@ -176,10 +222,17 @@ func ExtractList(obj runtime.Object) ([]runtime.Object, error) {
 		return nil, err
 	}
 	list := make([]runtime.Object, items.Len())
+	if len(list) == 0 {
+		return list, nil
+	}
+	elemType := items.Type().Elem()
+	isRawExtension := elemType == rawExtensionObjectType
+	implementsObject := elemType.Implements(objectType)
 	for i := range list {
 		raw := items.Index(i)
-		switch item := raw.Interface().(type) {
-		case runtime.RawExtension:
+		switch {
+		case isRawExtension:
+			item := raw.Interface().(runtime.RawExtension)
 			switch {
 			case item.Object != nil:
 				list[i] = item.Object
@@ -189,8 +242,18 @@ func ExtractList(obj runtime.Object) ([]runtime.Object, error) {
 			default:
 				list[i] = nil
 			}
-		case runtime.Object:
-			list[i] = item
+		case implementsObject:
+			list[i] = raw.Interface().(runtime.Object)
+		case allocNew:
+			// shallow copy to avoid retaining a reference to the original list item
+			itemCopy := reflect.New(raw.Type())
+			// assign to itemCopy and type-assert
+			itemCopy.Elem().Set(raw)
+			var ok bool
+			// reflect.New will guarantee that itemCopy must be a pointer.
+			if list[i], ok = itemCopy.Interface().(runtime.Object); !ok {
+				return nil, fmt.Errorf("%v: item[%v]: Expected object, got %#v(%s)", obj, i, raw.Interface(), raw.Kind())
+			}
 		default:
 			var found bool
 			if list[i], found = raw.Addr().Interface().(runtime.Object); !found {
@@ -201,8 +264,12 @@ func ExtractList(obj runtime.Object) ([]runtime.Object, error) {
 	return list, nil
 }
 
-// objectSliceType is the type of a slice of Objects
-var objectSliceType = reflect.TypeOf([]runtime.Object{})
+var (
+	// objectSliceType is the type of a slice of Objects
+	objectSliceType        = reflect.TypeOf([]runtime.Object{})
+	objectType             = reflect.TypeOf((*runtime.Object)(nil)).Elem()
+	rawExtensionObjectType = reflect.TypeOf(runtime.RawExtension{})
+)
 
 // LenList returns the length of this list or 0 if it is not a list.
 func LenList(list runtime.Object) int {
@@ -237,7 +304,7 @@ func SetList(list runtime.Object, objects []runtime.Object) error {
 	slice := reflect.MakeSlice(items.Type(), len(objects), len(objects))
 	for i := range objects {
 		dest := slice.Index(i)
-		if dest.Type() == reflect.TypeOf(runtime.RawExtension{}) {
+		if dest.Type() == rawExtensionObjectType {
 			dest = dest.FieldByName("Object")
 		}
 
diff --git a/vendor/k8s.io/apimachinery/pkg/api/resource/OWNERS b/vendor/k8s.io/apimachinery/pkg/api/resource/OWNERS
index d1c9f53074..063fd285da 100644
--- a/vendor/k8s.io/apimachinery/pkg/api/resource/OWNERS
+++ b/vendor/k8s.io/apimachinery/pkg/api/resource/OWNERS
@@ -2,7 +2,6 @@
 
 reviewers:
   - thockin
-  - lavalamp
   - smarterclayton
   - wojtek-t
   - derekwaynecarr
diff --git a/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto b/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto
index 48955dca85..a2cd8015fb 100644
--- a/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto
+++ b/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto
@@ -425,8 +425,6 @@ message LabelSelector {
 // relates the key and values.
 message LabelSelectorRequirement {
   // key is the label key that the selector applies to.
-  // +patchMergeKey=key
-  // +patchStrategy=merge
   optional string key = 1;
 
   // operator represents a key's relationship to a set of values.
diff --git a/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/types.go b/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/types.go
index 352d58ebc2..8a8ff70189 100644
--- a/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/types.go
+++ b/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/types.go
@@ -995,6 +995,24 @@ const (
 	// CauseTypeFieldValueNotSupported is used to report valid (as per formatting rules)
 	// values that can not be handled (e.g. an enumerated string).
 	CauseTypeFieldValueNotSupported CauseType = "FieldValueNotSupported"
+	// CauseTypeForbidden is used to report valid (as per formatting rules)
+	// values which would be accepted under some conditions, but which are not
+	// permitted by the current conditions (such as security policy).  See
+	// Forbidden().
+	CauseTypeForbidden CauseType = "FieldValueForbidden"
+	// CauseTypeTooLong is used to report that the given value is too long.
+	// This is similar to ErrorTypeInvalid, but the error will not include the
+	// too-long value.  See TooLong().
+	CauseTypeTooLong CauseType = "FieldValueTooLong"
+	// CauseTypeTooMany is used to report "too many". This is used to
+	// report that a given list has too many items. This is similar to FieldValueTooLong,
+	// but the error indicates quantity instead of length.
+	CauseTypeTooMany CauseType = "FieldValueTooMany"
+	// CauseTypeInternal is used to report other errors that are not related
+	// to user input.  See InternalError().
+	CauseTypeInternal CauseType = "InternalError"
+	// CauseTypeTypeInvalid is for the value did not match the schema type for that field
+	CauseTypeTypeInvalid CauseType = "FieldValueTypeInvalid"
 	// CauseTypeUnexpectedServerResponse is used to report when the server responded to the client
 	// without the expected return type. The presence of this cause indicates the error may be
 	// due to an intervening proxy or the server software malfunctioning.
@@ -1207,9 +1225,7 @@ type LabelSelector struct {
 // relates the key and values.
 type LabelSelectorRequirement struct {
 	// key is the label key that the selector applies to.
-	// +patchMergeKey=key
-	// +patchStrategy=merge
-	Key string `json:"key" patchStrategy:"merge" patchMergeKey:"key" protobuf:"bytes,1,opt,name=key"`
+	Key string `json:"key" protobuf:"bytes,1,opt,name=key"`
 	// operator represents a key's relationship to a set of values.
 	// Valid operators are In, NotIn, Exists and DoesNotExist.
 	Operator LabelSelectorOperator `json:"operator" protobuf:"bytes,2,opt,name=operator,casttype=LabelSelectorOperator"`
diff --git a/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/unstructured/unstructured.go b/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/unstructured/unstructured.go
index a499eee8eb..40d289f375 100644
--- a/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/unstructured/unstructured.go
+++ b/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/unstructured/unstructured.go
@@ -101,6 +101,11 @@ func (obj *Unstructured) EachListItem(fn func(runtime.Object) error) error {
 	return nil
 }
 
+func (obj *Unstructured) EachListItemWithAlloc(fn func(runtime.Object) error) error {
+	// EachListItem has allocated a new Object for the user, we can use it directly.
+	return obj.EachListItem(fn)
+}
+
 func (obj *Unstructured) UnstructuredContent() map[string]interface{} {
 	if obj.Object == nil {
 		return make(map[string]interface{})
diff --git a/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/unstructured/unstructured_list.go b/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/unstructured/unstructured_list.go
index 5028f5fb57..82beda2a29 100644
--- a/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/unstructured/unstructured_list.go
+++ b/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/unstructured/unstructured_list.go
@@ -52,6 +52,15 @@ func (u *UnstructuredList) EachListItem(fn func(runtime.Object) error) error {
 	return nil
 }
 
+func (u *UnstructuredList) EachListItemWithAlloc(fn func(runtime.Object) error) error {
+	for i := range u.Items {
+		if err := fn(&Unstructured{Object: u.Items[i].Object}); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
 // NewEmptyInstance returns a new instance of the concrete type containing only kind/apiVersion and no other data.
 // This should be called instead of reflect.New() for unstructured types because the go type alone does not preserve kind/apiVersion info.
 func (u *UnstructuredList) NewEmptyInstance() runtime.Unstructured {
diff --git a/vendor/k8s.io/apimachinery/pkg/runtime/codec.go b/vendor/k8s.io/apimachinery/pkg/runtime/codec.go
index 7fc513dd0e..73f85286c2 100644
--- a/vendor/k8s.io/apimachinery/pkg/runtime/codec.go
+++ b/vendor/k8s.io/apimachinery/pkg/runtime/codec.go
@@ -45,7 +45,6 @@ func NewCodec(e Encoder, d Decoder) Codec {
 
 // Encode is a convenience wrapper for encoding to a []byte from an Encoder
 func Encode(e Encoder, obj Object) ([]byte, error) {
-	// TODO: reuse buffer
 	buf := &bytes.Buffer{}
 	if err := e.Encode(obj, buf); err != nil {
 		return nil, err
diff --git a/vendor/k8s.io/apimachinery/pkg/runtime/converter.go b/vendor/k8s.io/apimachinery/pkg/runtime/converter.go
index 90bf487e35..62eb27afc1 100644
--- a/vendor/k8s.io/apimachinery/pkg/runtime/converter.go
+++ b/vendor/k8s.io/apimachinery/pkg/runtime/converter.go
@@ -231,7 +231,7 @@ func (c *fromUnstructuredContext) pushKey(key string) {
 
 }
 
-// FromUnstructuredWIthValidation converts an object from map[string]interface{} representation into a concrete type.
+// FromUnstructuredWithValidation converts an object from map[string]interface{} representation into a concrete type.
 // It uses encoding/json/Unmarshaler if object implements it or reflection if not.
 // It takes a validationDirective that indicates how to behave when it encounters unknown fields.
 func (c *unstructuredConverter) FromUnstructuredWithValidation(u map[string]interface{}, obj interface{}, returnUnknownFields bool) error {
@@ -465,7 +465,7 @@ func sliceFromUnstructured(sv, dv reflect.Value, ctx *fromUnstructuredContext) e
 			}
 			dv.SetBytes(data)
 		} else {
-			dv.Set(reflect.Zero(dt))
+			dv.Set(reflect.MakeSlice(dt, 0, 0))
 		}
 		return nil
 	}
diff --git a/vendor/k8s.io/apimachinery/pkg/runtime/interfaces.go b/vendor/k8s.io/apimachinery/pkg/runtime/interfaces.go
index 710a977952..e89ea89391 100644
--- a/vendor/k8s.io/apimachinery/pkg/runtime/interfaces.go
+++ b/vendor/k8s.io/apimachinery/pkg/runtime/interfaces.go
@@ -365,4 +365,9 @@ type Unstructured interface {
 	// error should terminate the iteration. If IsList() returns false, this method should return an error
 	// instead of calling the provided function.
 	EachListItem(func(Object) error) error
+	// EachListItemWithAlloc works like EachListItem, but avoids retaining references to a slice of items.
+	// It does this by making a shallow copy of non-pointer items before passing them to fn.
+	//
+	// If the items passed to fn are not retained, or are retained for the same duration, use EachListItem instead for memory efficiency.
+	EachListItemWithAlloc(func(Object) error) error
 }
diff --git a/vendor/k8s.io/apimachinery/pkg/runtime/schema/group_version.go b/vendor/k8s.io/apimachinery/pkg/runtime/schema/group_version.go
index 54ccb7a74c..d1c37c9429 100644
--- a/vendor/k8s.io/apimachinery/pkg/runtime/schema/group_version.go
+++ b/vendor/k8s.io/apimachinery/pkg/runtime/schema/group_version.go
@@ -39,7 +39,7 @@ func ParseResourceArg(arg string) (*GroupVersionResource, GroupResource) {
 // ParseKindArg takes the common style of string which may be either `Kind.group.com` or `Kind.version.group.com`
 // and parses it out into both possibilities. This code takes no responsibility for knowing which representation was intended
 // but with a knowledge of all GroupKinds, calling code can take a very good guess. If there are only two segments, then
-// `*GroupVersionResource` is nil.
+// `*GroupVersionKind` is nil.
 // `Kind.group.com` -> `group=com, version=group, kind=Kind` and `group=group.com, kind=Kind`
 func ParseKindArg(arg string) (*GroupVersionKind, GroupKind) {
 	var gvk *GroupVersionKind
diff --git a/vendor/k8s.io/apimachinery/pkg/runtime/splice.go b/vendor/k8s.io/apimachinery/pkg/runtime/splice.go
new file mode 100644
index 0000000000..2badb7b97f
--- /dev/null
+++ b/vendor/k8s.io/apimachinery/pkg/runtime/splice.go
@@ -0,0 +1,76 @@
+/*
+Copyright 2023 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package runtime
+
+import (
+	"bytes"
+	"io"
+)
+
+// Splice is the interface that wraps the Splice method.
+//
+// Splice moves data from given slice without copying the underlying data for
+// efficiency purpose. Therefore, the caller should make sure the underlying
+// data is not changed later.
+type Splice interface {
+	Splice([]byte)
+	io.Writer
+	Reset()
+	Bytes() []byte
+}
+
+// A spliceBuffer implements Splice and io.Writer interfaces.
+type spliceBuffer struct {
+	raw []byte
+	buf *bytes.Buffer
+}
+
+func NewSpliceBuffer() Splice {
+	return &spliceBuffer{}
+}
+
+// Splice implements the Splice interface.
+func (sb *spliceBuffer) Splice(raw []byte) {
+	sb.raw = raw
+}
+
+// Write implements the io.Writer interface.
+func (sb *spliceBuffer) Write(p []byte) (n int, err error) {
+	if sb.buf == nil {
+		sb.buf = &bytes.Buffer{}
+	}
+	return sb.buf.Write(p)
+}
+
+// Reset resets the buffer to be empty.
+func (sb *spliceBuffer) Reset() {
+	if sb.buf != nil {
+		sb.buf.Reset()
+	}
+	sb.raw = nil
+}
+
+// Bytes returns the data held by the buffer.
+func (sb *spliceBuffer) Bytes() []byte {
+	if sb.buf != nil && len(sb.buf.Bytes()) > 0 {
+		return sb.buf.Bytes()
+	}
+	if sb.raw != nil {
+		return sb.raw
+	}
+	return []byte{}
+}
diff --git a/vendor/k8s.io/apimachinery/pkg/util/cache/expiring.go b/vendor/k8s.io/apimachinery/pkg/util/cache/expiring.go
index 0d2f153bf9..1396274c7b 100644
--- a/vendor/k8s.io/apimachinery/pkg/util/cache/expiring.go
+++ b/vendor/k8s.io/apimachinery/pkg/util/cache/expiring.go
@@ -40,6 +40,13 @@ func NewExpiringWithClock(clock clock.Clock) *Expiring {
 
 // Expiring is a map whose entries expire after a per-entry timeout.
 type Expiring struct {
+	// AllowExpiredGet causes the expiration check to be skipped on Get.
+	// It should only be used when a key always corresponds to the exact same value.
+	// Thus when this field is true, expired keys are considered valid
+	// until the next call to Set (which causes the GC to run).
+	// It may not be changed concurrently with calls to Get.
+	AllowExpiredGet bool
+
 	clock clock.Clock
 
 	// mu protects the below fields
@@ -70,7 +77,10 @@ func (c *Expiring) Get(key interface{}) (val interface{}, ok bool) {
 	c.mu.RLock()
 	defer c.mu.RUnlock()
 	e, ok := c.cache[key]
-	if !ok || !c.clock.Now().Before(e.expiry) {
+	if !ok {
+		return nil, false
+	}
+	if !c.AllowExpiredGet && !c.clock.Now().Before(e.expiry) {
 		return nil, false
 	}
 	return e.val, true
diff --git a/vendor/k8s.io/apimachinery/pkg/util/diff/diff.go b/vendor/k8s.io/apimachinery/pkg/util/diff/diff.go
index ec4002e38a..fc03018449 100644
--- a/vendor/k8s.io/apimachinery/pkg/util/diff/diff.go
+++ b/vendor/k8s.io/apimachinery/pkg/util/diff/diff.go
@@ -23,34 +23,20 @@ import (
 	"strings"
 	"text/tabwriter"
 
-	"github.com/davecgh/go-spew/spew"
 	"github.com/google/go-cmp/cmp"
+	"k8s.io/apimachinery/pkg/util/dump"
 )
 
-// StringDiff diffs a and b and returns a human readable diff.
-func StringDiff(a, b string) string {
-	ba := []byte(a)
-	bb := []byte(b)
-	out := []byte{}
-	i := 0
-	for ; i < len(ba) && i < len(bb); i++ {
-		if ba[i] != bb[i] {
-			break
-		}
-		out = append(out, ba[i])
-	}
-	out = append(out, []byte("\n\nA: ")...)
-	out = append(out, ba[i:]...)
-	out = append(out, []byte("\n\nB: ")...)
-	out = append(out, bb[i:]...)
-	out = append(out, []byte("\n\n")...)
-	return string(out)
-}
-
 func legacyDiff(a, b interface{}) string {
 	return cmp.Diff(a, b)
 }
 
+// StringDiff diffs a and b and returns a human readable diff.
+// DEPRECATED: use github.com/google/go-cmp/cmp.Diff
+func StringDiff(a, b string) string {
+	return legacyDiff(a, b)
+}
+
 // ObjectDiff prints the diff of two go objects and fails if the objects
 // contain unhandled unexported fields.
 // DEPRECATED: use github.com/google/go-cmp/cmp.Diff
@@ -75,13 +61,8 @@ func ObjectReflectDiff(a, b interface{}) string {
 // ObjectGoPrintSideBySide prints a and b as textual dumps side by side,
 // enabling easy visual scanning for mismatches.
 func ObjectGoPrintSideBySide(a, b interface{}) string {
-	s := spew.ConfigState{
-		Indent: " ",
-		// Extra deep spew.
-		DisableMethods: true,
-	}
-	sA := s.Sdump(a)
-	sB := s.Sdump(b)
+	sA := dump.Pretty(a)
+	sB := dump.Pretty(b)
 
 	linesA := strings.Split(sA, "\n")
 	linesB := strings.Split(sB, "\n")
diff --git a/vendor/k8s.io/apimachinery/pkg/util/dump/dump.go b/vendor/k8s.io/apimachinery/pkg/util/dump/dump.go
new file mode 100644
index 0000000000..cf61ef76ae
--- /dev/null
+++ b/vendor/k8s.io/apimachinery/pkg/util/dump/dump.go
@@ -0,0 +1,54 @@
+/*
+Copyright 2021 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package dump
+
+import (
+	"github.com/davecgh/go-spew/spew"
+)
+
+var prettyPrintConfig = &spew.ConfigState{
+	Indent:                  "  ",
+	DisableMethods:          true,
+	DisablePointerAddresses: true,
+	DisableCapacities:       true,
+}
+
+// The config MUST NOT be changed because that could change the result of a hash operation
+var prettyPrintConfigForHash = &spew.ConfigState{
+	Indent:                  " ",
+	SortKeys:                true,
+	DisableMethods:          true,
+	SpewKeys:                true,
+	DisablePointerAddresses: true,
+	DisableCapacities:       true,
+}
+
+// Pretty wrap the spew.Sdump with Indent, and disabled methods like error() and String()
+// The output may change over time, so for guaranteed output please take more direct control
+func Pretty(a interface{}) string {
+	return prettyPrintConfig.Sdump(a)
+}
+
+// ForHash keeps the original Spew.Sprintf format to ensure the same checksum
+func ForHash(a interface{}) string {
+	return prettyPrintConfigForHash.Sprintf("%#v", a)
+}
+
+// OneLine outputs the object in one line
+func OneLine(a interface{}) string {
+	return prettyPrintConfig.Sprintf("%#v", a)
+}
diff --git a/vendor/k8s.io/apimachinery/pkg/util/intstr/intstr.go b/vendor/k8s.io/apimachinery/pkg/util/intstr/intstr.go
index 5e80097045..0ea88156be 100644
--- a/vendor/k8s.io/apimachinery/pkg/util/intstr/intstr.go
+++ b/vendor/k8s.io/apimachinery/pkg/util/intstr/intstr.go
@@ -54,7 +54,7 @@ const (
 // FromInt creates an IntOrString object with an int32 value. It is
 // your responsibility not to call this method with a value greater
 // than int32.
-// TODO: convert to (val int32)
+// Deprecated: use FromInt32 instead.
 func FromInt(val int) IntOrString {
 	if val > math.MaxInt32 || val < math.MinInt32 {
 		klog.Errorf("value: %d overflows int32\n%s\n", val, debug.Stack())
@@ -62,6 +62,11 @@ func FromInt(val int) IntOrString {
 	return IntOrString{Type: Int, IntVal: int32(val)}
 }
 
+// FromInt32 creates an IntOrString object with an int32 value.
+func FromInt32(val int32) IntOrString {
+	return IntOrString{Type: Int, IntVal: val}
+}
+
 // FromString creates an IntOrString object with a string value.
 func FromString(val string) IntOrString {
 	return IntOrString{Type: String, StrVal: val}
diff --git a/vendor/k8s.io/apimachinery/pkg/util/managedfields/internal/fieldmanager.go b/vendor/k8s.io/apimachinery/pkg/util/managedfields/internal/fieldmanager.go
index f3111d4bc7..eca04a7116 100644
--- a/vendor/k8s.io/apimachinery/pkg/util/managedfields/internal/fieldmanager.go
+++ b/vendor/k8s.io/apimachinery/pkg/util/managedfields/internal/fieldmanager.go
@@ -56,17 +56,20 @@ func NewFieldManager(f Manager, subresource string) *FieldManager {
 // newDefaultFieldManager is a helper function which wraps a Manager with certain default logic.
 func NewDefaultFieldManager(f Manager, typeConverter TypeConverter, objectConverter runtime.ObjectConvertor, objectCreater runtime.ObjectCreater, kind schema.GroupVersionKind, subresource string) *FieldManager {
 	return NewFieldManager(
-		NewLastAppliedUpdater(
-			NewLastAppliedManager(
-				NewProbabilisticSkipNonAppliedManager(
-					NewCapManagersManager(
-						NewBuildManagerInfoManager(
-							NewManagedFieldsUpdater(
-								NewStripMetaManager(f),
-							), kind.GroupVersion(), subresource,
-						), DefaultMaxUpdateManagers,
-					), objectCreater, kind, DefaultTrackOnCreateProbability,
-				), typeConverter, objectConverter, kind.GroupVersion()),
+		NewVersionCheckManager(
+			NewLastAppliedUpdater(
+				NewLastAppliedManager(
+					NewProbabilisticSkipNonAppliedManager(
+						NewCapManagersManager(
+							NewBuildManagerInfoManager(
+								NewManagedFieldsUpdater(
+									NewStripMetaManager(f),
+								), kind.GroupVersion(), subresource,
+							), DefaultMaxUpdateManagers,
+						), objectCreater, DefaultTrackOnCreateProbability,
+					), typeConverter, objectConverter, kind.GroupVersion(),
+				),
+			), kind,
 		), subresource,
 	)
 }
diff --git a/vendor/k8s.io/apimachinery/pkg/util/managedfields/internal/skipnonapplied.go b/vendor/k8s.io/apimachinery/pkg/util/managedfields/internal/skipnonapplied.go
index 6b281ec1e5..f24c040edd 100644
--- a/vendor/k8s.io/apimachinery/pkg/util/managedfields/internal/skipnonapplied.go
+++ b/vendor/k8s.io/apimachinery/pkg/util/managedfields/internal/skipnonapplied.go
@@ -22,13 +22,11 @@ import (
 
 	"k8s.io/apimachinery/pkg/api/meta"
 	"k8s.io/apimachinery/pkg/runtime"
-	"k8s.io/apimachinery/pkg/runtime/schema"
 )
 
 type skipNonAppliedManager struct {
 	fieldManager           Manager
 	objectCreater          runtime.ObjectCreater
-	gvk                    schema.GroupVersionKind
 	beforeApplyManagerName string
 	probability            float32
 }
@@ -36,17 +34,16 @@ type skipNonAppliedManager struct {
 var _ Manager = &skipNonAppliedManager{}
 
 // NewSkipNonAppliedManager creates a new wrapped FieldManager that only starts tracking managers after the first apply.
-func NewSkipNonAppliedManager(fieldManager Manager, objectCreater runtime.ObjectCreater, gvk schema.GroupVersionKind) Manager {
-	return NewProbabilisticSkipNonAppliedManager(fieldManager, objectCreater, gvk, 0.0)
+func NewSkipNonAppliedManager(fieldManager Manager, objectCreater runtime.ObjectCreater) Manager {
+	return NewProbabilisticSkipNonAppliedManager(fieldManager, objectCreater, 0.0)
 }
 
 // NewProbabilisticSkipNonAppliedManager creates a new wrapped FieldManager that starts tracking managers after the first apply,
 // or starts tracking on create with p probability.
-func NewProbabilisticSkipNonAppliedManager(fieldManager Manager, objectCreater runtime.ObjectCreater, gvk schema.GroupVersionKind, p float32) Manager {
+func NewProbabilisticSkipNonAppliedManager(fieldManager Manager, objectCreater runtime.ObjectCreater, p float32) Manager {
 	return &skipNonAppliedManager{
 		fieldManager:           fieldManager,
 		objectCreater:          objectCreater,
-		gvk:                    gvk,
 		beforeApplyManagerName: "before-first-apply",
 		probability:            p,
 	}
@@ -78,9 +75,10 @@ func (f *skipNonAppliedManager) Update(liveObj, newObj runtime.Object, managed M
 // Apply implements Manager.
 func (f *skipNonAppliedManager) Apply(liveObj, appliedObj runtime.Object, managed Managed, fieldManager string, force bool) (runtime.Object, Managed, error) {
 	if len(managed.Fields()) == 0 {
-		emptyObj, err := f.objectCreater.New(f.gvk)
+		gvk := appliedObj.GetObjectKind().GroupVersionKind()
+		emptyObj, err := f.objectCreater.New(gvk)
 		if err != nil {
-			return nil, nil, fmt.Errorf("failed to create empty object of type %v: %v", f.gvk, err)
+			return nil, nil, fmt.Errorf("failed to create empty object of type %v: %v", gvk, err)
 		}
 		liveObj, managed, err = f.fieldManager.Update(emptyObj, liveObj, managed, f.beforeApplyManagerName)
 		if err != nil {
diff --git a/vendor/k8s.io/apimachinery/pkg/util/managedfields/internal/structuredmerge.go b/vendor/k8s.io/apimachinery/pkg/util/managedfields/internal/structuredmerge.go
index eb5598ac3b..2112c9ab7e 100644
--- a/vendor/k8s.io/apimachinery/pkg/util/managedfields/internal/structuredmerge.go
+++ b/vendor/k8s.io/apimachinery/pkg/util/managedfields/internal/structuredmerge.go
@@ -41,6 +41,9 @@ var _ Manager = &structuredMergeManager{}
 // NewStructuredMergeManager creates a new Manager that merges apply requests
 // and update managed fields for other types of requests.
 func NewStructuredMergeManager(typeConverter TypeConverter, objectConverter runtime.ObjectConvertor, objectDefaulter runtime.ObjectDefaulter, gv schema.GroupVersion, hub schema.GroupVersion, resetFields map[fieldpath.APIVersion]*fieldpath.Set) (Manager, error) {
+	if typeConverter == nil {
+		return nil, fmt.Errorf("typeconverter must not be nil")
+	}
 	return &structuredMergeManager{
 		typeConverter:   typeConverter,
 		objectConverter: objectConverter,
diff --git a/vendor/k8s.io/apimachinery/pkg/util/managedfields/internal/versioncheck.go b/vendor/k8s.io/apimachinery/pkg/util/managedfields/internal/versioncheck.go
new file mode 100644
index 0000000000..ee1e2bca70
--- /dev/null
+++ b/vendor/k8s.io/apimachinery/pkg/util/managedfields/internal/versioncheck.go
@@ -0,0 +1,52 @@
+/*
+Copyright 2023 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package internal
+
+import (
+	"fmt"
+
+	"k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+)
+
+type versionCheckManager struct {
+	fieldManager Manager
+	gvk          schema.GroupVersionKind
+}
+
+var _ Manager = &versionCheckManager{}
+
+// NewVersionCheckManager creates a manager that makes sure that the
+// applied object is in the proper version.
+func NewVersionCheckManager(fieldManager Manager, gvk schema.GroupVersionKind) Manager {
+	return &versionCheckManager{fieldManager: fieldManager, gvk: gvk}
+}
+
+// Update implements Manager.
+func (f *versionCheckManager) Update(liveObj, newObj runtime.Object, managed Managed, manager string) (runtime.Object, Managed, error) {
+	// Nothing to do for updates, this is checked in many other places.
+	return f.fieldManager.Update(liveObj, newObj, managed, manager)
+}
+
+// Apply implements Manager.
+func (f *versionCheckManager) Apply(liveObj, appliedObj runtime.Object, managed Managed, fieldManager string, force bool) (runtime.Object, Managed, error) {
+	if gvk := appliedObj.GetObjectKind().GroupVersionKind(); gvk != f.gvk {
+		return nil, nil, errors.NewBadRequest(fmt.Sprintf("invalid object type: %v", gvk))
+	}
+	return f.fieldManager.Apply(liveObj, appliedObj, managed, fieldManager, force)
+}
diff --git a/vendor/k8s.io/apimachinery/pkg/util/mergepatch/util.go b/vendor/k8s.io/apimachinery/pkg/util/mergepatch/util.go
index a20efd1871..25626cf3af 100644
--- a/vendor/k8s.io/apimachinery/pkg/util/mergepatch/util.go
+++ b/vendor/k8s.io/apimachinery/pkg/util/mergepatch/util.go
@@ -20,7 +20,7 @@ import (
 	"fmt"
 	"reflect"
 
-	"github.com/davecgh/go-spew/spew"
+	"k8s.io/apimachinery/pkg/util/dump"
 	"sigs.k8s.io/yaml"
 )
 
@@ -76,7 +76,7 @@ func ToYAMLOrError(v interface{}) string {
 func toYAML(v interface{}) (string, error) {
 	y, err := yaml.Marshal(v)
 	if err != nil {
-		return "", fmt.Errorf("yaml marshal failed:%v\n%v\n", err, spew.Sdump(v))
+		return "", fmt.Errorf("yaml marshal failed:%v\n%v\n", err, dump.Pretty(v))
 	}
 
 	return string(y), nil
diff --git a/vendor/k8s.io/apimachinery/pkg/util/net/util.go b/vendor/k8s.io/apimachinery/pkg/util/net/util.go
index 1c2aba55f7..1635e69a5c 100644
--- a/vendor/k8s.io/apimachinery/pkg/util/net/util.go
+++ b/vendor/k8s.io/apimachinery/pkg/util/net/util.go
@@ -20,6 +20,7 @@ import (
 	"errors"
 	"net"
 	"reflect"
+	"strings"
 	"syscall"
 )
 
@@ -47,6 +48,11 @@ func IsConnectionReset(err error) bool {
 	return false
 }
 
+// Returns if the given err is "http2: client connection lost" error.
+func IsHTTP2ConnectionLost(err error) bool {
+	return err != nil && strings.Contains(err.Error(), "http2: client connection lost")
+}
+
 // Returns if the given err is "connection refused" error
 func IsConnectionRefused(err error) bool {
 	var errno syscall.Errno
diff --git a/vendor/k8s.io/apimachinery/pkg/util/runtime/runtime.go b/vendor/k8s.io/apimachinery/pkg/util/runtime/runtime.go
index d738725caf..3674914f70 100644
--- a/vendor/k8s.io/apimachinery/pkg/util/runtime/runtime.go
+++ b/vendor/k8s.io/apimachinery/pkg/util/runtime/runtime.go
@@ -126,14 +126,17 @@ type rudimentaryErrorBackoff struct {
 // OnError will block if it is called more often than the embedded period time.
 // This will prevent overly tight hot error loops.
 func (r *rudimentaryErrorBackoff) OnError(error) {
+	now := time.Now() // start the timer before acquiring the lock
 	r.lastErrorTimeLock.Lock()
-	defer r.lastErrorTimeLock.Unlock()
-	d := time.Since(r.lastErrorTime)
-	if d < r.minPeriod {
-		// If the time moves backwards for any reason, do nothing
-		time.Sleep(r.minPeriod - d)
-	}
+	d := now.Sub(r.lastErrorTime)
 	r.lastErrorTime = time.Now()
+	r.lastErrorTimeLock.Unlock()
+
+	// Do not sleep with the lock held because that causes all callers of HandleError to block.
+	// We only want the current goroutine to block.
+	// A negative or zero duration causes time.Sleep to return immediately.
+	// If the time moves backwards for any reason, do nothing.
+	time.Sleep(r.minPeriod - d)
 }
 
 // GetCaller returns the caller of the function that calls it.
diff --git a/vendor/k8s.io/apimachinery/pkg/util/strategicpatch/patch.go b/vendor/k8s.io/apimachinery/pkg/util/strategicpatch/patch.go
index 3ee683b997..920c113bbd 100644
--- a/vendor/k8s.io/apimachinery/pkg/util/strategicpatch/patch.go
+++ b/vendor/k8s.io/apimachinery/pkg/util/strategicpatch/patch.go
@@ -1182,7 +1182,13 @@ func mergePatchIntoOriginal(original, patch map[string]interface{}, schema Looku
 			merged = originalFieldValue
 		case !foundOriginal && foundPatch:
 			// list was added
-			merged = patchFieldValue
+			v, keep := removeDirectives(patchFieldValue)
+			if !keep {
+				// Shouldn't be possible since patchFieldValue is a slice
+				continue
+			}
+
+			merged = v.([]interface{})
 		case foundOriginal && foundPatch:
 			merged, err = mergeSliceHandler(originalList, patchList, subschema,
 				patchStrategy, patchMeta.GetPatchMergeKey(), false, mergeOptions)
@@ -1270,6 +1276,42 @@ func partitionMapsByPresentInList(original, partitionBy []interface{}, mergeKey
 	return patch, serverOnly, nil
 }
 
+// Removes directives from an object and returns value to use instead and whether
+// or not the field/index should even be kept
+// May modify input
+func removeDirectives(obj interface{}) (interface{}, bool) {
+	if obj == nil {
+		return obj, true
+	} else if typedV, ok := obj.(map[string]interface{}); ok {
+		if _, hasDirective := typedV[directiveMarker]; hasDirective {
+			return nil, false
+		}
+
+		for k, v := range typedV {
+			var keep bool
+			typedV[k], keep = removeDirectives(v)
+			if !keep {
+				delete(typedV, k)
+			}
+		}
+		return typedV, true
+	} else if typedV, ok := obj.([]interface{}); ok {
+		var res []interface{}
+		if typedV != nil {
+			// Make sure res is non-nil if patch is non-nil
+			res = []interface{}{}
+		}
+		for _, v := range typedV {
+			if newV, keep := removeDirectives(v); keep {
+				res = append(res, newV)
+			}
+		}
+		return res, true
+	} else {
+		return obj, true
+	}
+}
+
 // Merge fields from a patch map into the original map. Note: This may modify
 // both the original map and the patch because getting a deep copy of a map in
 // golang is highly non-trivial.
@@ -1333,7 +1375,10 @@ func mergeMap(original, patch map[string]interface{}, schema LookupPatchMeta, me
 				if mergeOptions.IgnoreUnmatchedNulls {
 					discardNullValuesFromPatch(patchV)
 				}
-				original[k] = patchV
+				original[k], ok = removeDirectives(patchV)
+				if !ok {
+					delete(original, k)
+				}
 			}
 			continue
 		}
@@ -1345,7 +1390,10 @@ func mergeMap(original, patch map[string]interface{}, schema LookupPatchMeta, me
 				if mergeOptions.IgnoreUnmatchedNulls {
 					discardNullValuesFromPatch(patchV)
 				}
-				original[k] = patchV
+				original[k], ok = removeDirectives(patchV)
+				if !ok {
+					delete(original, k)
+				}
 			}
 			continue
 		}
@@ -1372,7 +1420,11 @@ func mergeMap(original, patch map[string]interface{}, schema LookupPatchMeta, me
 			}
 			original[k], err = mergeSliceHandler(original[k], patchV, subschema, patchStrategy, patchMeta.GetPatchMergeKey(), isDeleteList, mergeOptions)
 		default:
-			original[k] = patchV
+			original[k], ok = removeDirectives(patchV)
+			if !ok {
+				// if patchV itself is a directive, then don't keep it
+				delete(original, k)
+			}
 		}
 		if err != nil {
 			return nil, err
@@ -1425,7 +1477,8 @@ func mergeSliceHandler(original, patch interface{}, schema LookupPatchMeta,
 		return nil, err
 	}
 
-	if fieldPatchStrategy == mergeDirective {
+	// Delete lists are handled the same way regardless of what the field's patch strategy is
+	if fieldPatchStrategy == mergeDirective || isDeleteList {
 		return mergeSlice(typedOriginal, typedPatch, schema, fieldPatchMergeKey, mergeOptions, isDeleteList)
 	} else {
 		return typedPatch, nil
diff --git a/vendor/k8s.io/apimachinery/pkg/util/version/version.go b/vendor/k8s.io/apimachinery/pkg/util/version/version.go
index 8c997ec450..4c61956953 100644
--- a/vendor/k8s.io/apimachinery/pkg/util/version/version.go
+++ b/vendor/k8s.io/apimachinery/pkg/util/version/version.go
@@ -121,6 +121,11 @@ func MustParseSemantic(str string) *Version {
 	return v
 }
 
+// MajorMinor returns a version with the provided major and minor version.
+func MajorMinor(major, minor uint) *Version {
+	return &Version{components: []uint{major, minor}}
+}
+
 // Major returns the major release number
 func (v *Version) Major() uint {
 	return v.components[0]
diff --git a/vendor/k8s.io/apimachinery/pkg/util/wait/loop.go b/vendor/k8s.io/apimachinery/pkg/util/wait/loop.go
index 51864d70f9..0dd13c626c 100644
--- a/vendor/k8s.io/apimachinery/pkg/util/wait/loop.go
+++ b/vendor/k8s.io/apimachinery/pkg/util/wait/loop.go
@@ -27,9 +27,11 @@ import (
 // the provided timer until the provided context is cancelled, the condition returns
 // true, or the condition returns an error. If sliding is true, the period is computed
 // after condition runs. If it is false then period includes the runtime for condition.
-// If immediate is false the first delay happens before any call to condition. The
-// returned error is the error returned by the last condition or the context error if
-// the context was terminated.
+// If immediate is false the first delay happens before any call to condition, if
+// immediate is true the condition will be invoked before waiting and guarantees that
+// the condition is invoked at least once, regardless of whether the context has been
+// cancelled. The returned error is the error returned by the last condition or the
+// context error if the context was terminated.
 //
 // This is the common loop construct for all polling in the wait package.
 func loopConditionUntilContext(ctx context.Context, t Timer, immediate, sliding bool, condition ConditionWithContextFunc) error {
@@ -38,8 +40,17 @@ func loopConditionUntilContext(ctx context.Context, t Timer, immediate, sliding
 	var timeCh <-chan time.Time
 	doneCh := ctx.Done()
 
+	// if immediate is true the condition is
+	// guaranteed to be executed at least once,
 	// if we haven't requested immediate execution, delay once
-	if !immediate {
+	if immediate {
+		if ok, err := func() (bool, error) {
+			defer runtime.HandleCrash()
+			return condition(ctx)
+		}(); err != nil || ok {
+			return err
+		}
+	} else {
 		timeCh = t.C()
 		select {
 		case <-doneCh:
diff --git a/vendor/k8s.io/apimachinery/pkg/util/wait/poll.go b/vendor/k8s.io/apimachinery/pkg/util/wait/poll.go
index 32e8688ca0..231d4c3842 100644
--- a/vendor/k8s.io/apimachinery/pkg/util/wait/poll.go
+++ b/vendor/k8s.io/apimachinery/pkg/util/wait/poll.go
@@ -38,10 +38,10 @@ func PollUntilContextCancel(ctx context.Context, interval time.Duration, immedia
 // a deadline and is equivalent to:
 //
 //	deadlineCtx, deadlineCancel := context.WithTimeout(ctx, timeout)
-//	err := PollUntilContextCancel(ctx, interval, immediate, condition)
+//	err := PollUntilContextCancel(deadlineCtx, interval, immediate, condition)
 //
 // The deadline context will be cancelled if the Poll succeeds before the timeout, simplifying
-// inline usage. All other behavior is identical to PollWithContextTimeout.
+// inline usage. All other behavior is identical to PollUntilContextCancel.
 func PollUntilContextTimeout(ctx context.Context, interval, timeout time.Duration, immediate bool, condition ConditionWithContextFunc) error {
 	deadlineCtx, deadlineCancel := context.WithTimeout(ctx, timeout)
 	defer deadlineCancel()
@@ -59,7 +59,7 @@ func PollUntilContextTimeout(ctx context.Context, interval, timeout time.Duratio
 //
 // If you want to Poll something forever, see PollInfinite.
 //
-// Deprecated: This method does not return errors from context, use PollWithContextTimeout.
+// Deprecated: This method does not return errors from context, use PollUntilContextTimeout.
 // Note that the new method will no longer return ErrWaitTimeout and instead return errors
 // defined by the context package. Will be removed in a future release.
 func Poll(interval, timeout time.Duration, condition ConditionFunc) error {
@@ -78,7 +78,7 @@ func Poll(interval, timeout time.Duration, condition ConditionFunc) error {
 //
 // If you want to Poll something forever, see PollInfinite.
 //
-// Deprecated: This method does not return errors from context, use PollWithContextTimeout.
+// Deprecated: This method does not return errors from context, use PollUntilContextTimeout.
 // Note that the new method will no longer return ErrWaitTimeout and instead return errors
 // defined by the context package. Will be removed in a future release.
 func PollWithContext(ctx context.Context, interval, timeout time.Duration, condition ConditionWithContextFunc) error {
@@ -91,7 +91,7 @@ func PollWithContext(ctx context.Context, interval, timeout time.Duration, condi
 // PollUntil always waits interval before the first run of 'condition'.
 // 'condition' will always be invoked at least once.
 //
-// Deprecated: This method does not return errors from context, use PollWithContextCancel.
+// Deprecated: This method does not return errors from context, use PollUntilContextCancel.
 // Note that the new method will no longer return ErrWaitTimeout and instead return errors
 // defined by the context package. Will be removed in a future release.
 func PollUntil(interval time.Duration, condition ConditionFunc, stopCh <-chan struct{}) error {
@@ -104,7 +104,7 @@ func PollUntil(interval time.Duration, condition ConditionFunc, stopCh <-chan st
 // PollUntilWithContext always waits interval before the first run of 'condition'.
 // 'condition' will always be invoked at least once.
 //
-// Deprecated: This method does not return errors from context, use PollWithContextCancel.
+// Deprecated: This method does not return errors from context, use PollUntilContextCancel.
 // Note that the new method will no longer return ErrWaitTimeout and instead return errors
 // defined by the context package. Will be removed in a future release.
 func PollUntilWithContext(ctx context.Context, interval time.Duration, condition ConditionWithContextFunc) error {
@@ -118,7 +118,7 @@ func PollUntilWithContext(ctx context.Context, interval time.Duration, condition
 // Some intervals may be missed if the condition takes too long or the time
 // window is too short.
 //
-// Deprecated: This method does not return errors from context, use PollWithContextCancel.
+// Deprecated: This method does not return errors from context, use PollUntilContextCancel.
 // Note that the new method will no longer return ErrWaitTimeout and instead return errors
 // defined by the context package. Will be removed in a future release.
 func PollInfinite(interval time.Duration, condition ConditionFunc) error {
@@ -132,7 +132,7 @@ func PollInfinite(interval time.Duration, condition ConditionFunc) error {
 // Some intervals may be missed if the condition takes too long or the time
 // window is too short.
 //
-// Deprecated: This method does not return errors from context, use PollWithContextCancel.
+// Deprecated: This method does not return errors from context, use PollUntilContextCancel.
 // Note that the new method will no longer return ErrWaitTimeout and instead return errors
 // defined by the context package. Will be removed in a future release.
 func PollInfiniteWithContext(ctx context.Context, interval time.Duration, condition ConditionWithContextFunc) error {
@@ -150,7 +150,7 @@ func PollInfiniteWithContext(ctx context.Context, interval time.Duration, condit
 //
 // If you want to immediately Poll something forever, see PollImmediateInfinite.
 //
-// Deprecated: This method does not return errors from context, use PollWithContextTimeout.
+// Deprecated: This method does not return errors from context, use PollUntilContextTimeout.
 // Note that the new method will no longer return ErrWaitTimeout and instead return errors
 // defined by the context package. Will be removed in a future release.
 func PollImmediate(interval, timeout time.Duration, condition ConditionFunc) error {
@@ -168,7 +168,7 @@ func PollImmediate(interval, timeout time.Duration, condition ConditionFunc) err
 //
 // If you want to immediately Poll something forever, see PollImmediateInfinite.
 //
-// Deprecated: This method does not return errors from context, use PollWithContextTimeout.
+// Deprecated: This method does not return errors from context, use PollUntilContextTimeout.
 // Note that the new method will no longer return ErrWaitTimeout and instead return errors
 // defined by the context package. Will be removed in a future release.
 func PollImmediateWithContext(ctx context.Context, interval, timeout time.Duration, condition ConditionWithContextFunc) error {
@@ -180,7 +180,7 @@ func PollImmediateWithContext(ctx context.Context, interval, timeout time.Durati
 // PollImmediateUntil runs the 'condition' before waiting for the interval.
 // 'condition' will always be invoked at least once.
 //
-// Deprecated: This method does not return errors from context, use PollWithContextCancel.
+// Deprecated: This method does not return errors from context, use PollUntilContextCancel.
 // Note that the new method will no longer return ErrWaitTimeout and instead return errors
 // defined by the context package. Will be removed in a future release.
 func PollImmediateUntil(interval time.Duration, condition ConditionFunc, stopCh <-chan struct{}) error {
@@ -193,7 +193,7 @@ func PollImmediateUntil(interval time.Duration, condition ConditionFunc, stopCh
 // PollImmediateUntilWithContext runs the 'condition' before waiting for the interval.
 // 'condition' will always be invoked at least once.
 //
-// Deprecated: This method does not return errors from context, use PollWithContextCancel.
+// Deprecated: This method does not return errors from context, use PollUntilContextCancel.
 // Note that the new method will no longer return ErrWaitTimeout and instead return errors
 // defined by the context package. Will be removed in a future release.
 func PollImmediateUntilWithContext(ctx context.Context, interval time.Duration, condition ConditionWithContextFunc) error {
@@ -207,7 +207,7 @@ func PollImmediateUntilWithContext(ctx context.Context, interval time.Duration,
 // Some intervals may be missed if the condition takes too long or the time
 // window is too short.
 //
-// Deprecated: This method does not return errors from context, use PollWithContextCancel.
+// Deprecated: This method does not return errors from context, use PollUntilContextCancel.
 // Note that the new method will no longer return ErrWaitTimeout and instead return errors
 // defined by the context package. Will be removed in a future release.
 func PollImmediateInfinite(interval time.Duration, condition ConditionFunc) error {
@@ -222,7 +222,7 @@ func PollImmediateInfinite(interval time.Duration, condition ConditionFunc) erro
 // Some intervals may be missed if the condition takes too long or the time
 // window is too short.
 //
-// Deprecated: This method does not return errors from context, use PollWithContextCancel.
+// Deprecated: This method does not return errors from context, use PollUntilContextCancel.
 // Note that the new method will no longer return ErrWaitTimeout and instead return errors
 // defined by the context package. Will be removed in a future release.
 func PollImmediateInfiniteWithContext(ctx context.Context, interval time.Duration, condition ConditionWithContextFunc) error {
diff --git a/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1/paramref.go b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1/paramref.go
index 1102f65f31..0951cae8a9 100644
--- a/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1/paramref.go
+++ b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1/paramref.go
@@ -18,11 +18,18 @@ limitations under the License.
 
 package v1alpha1
 
+import (
+	v1alpha1 "k8s.io/api/admissionregistration/v1alpha1"
+	v1 "k8s.io/client-go/applyconfigurations/meta/v1"
+)
+
 // ParamRefApplyConfiguration represents an declarative configuration of the ParamRef type for use
 // with apply.
 type ParamRefApplyConfiguration struct {
-	Name      *string `json:"name,omitempty"`
-	Namespace *string `json:"namespace,omitempty"`
+	Name                    *string                               `json:"name,omitempty"`
+	Namespace               *string                               `json:"namespace,omitempty"`
+	Selector                *v1.LabelSelectorApplyConfiguration   `json:"selector,omitempty"`
+	ParameterNotFoundAction *v1alpha1.ParameterNotFoundActionType `json:"parameterNotFoundAction,omitempty"`
 }
 
 // ParamRefApplyConfiguration constructs an declarative configuration of the ParamRef type for use with
@@ -46,3 +53,19 @@ func (b *ParamRefApplyConfiguration) WithNamespace(value string) *ParamRefApplyC
 	b.Namespace = &value
 	return b
 }
+
+// WithSelector sets the Selector field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Selector field is set to the value of the last call.
+func (b *ParamRefApplyConfiguration) WithSelector(value *v1.LabelSelectorApplyConfiguration) *ParamRefApplyConfiguration {
+	b.Selector = value
+	return b
+}
+
+// WithParameterNotFoundAction sets the ParameterNotFoundAction field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the ParameterNotFoundAction field is set to the value of the last call.
+func (b *ParamRefApplyConfiguration) WithParameterNotFoundAction(value v1alpha1.ParameterNotFoundActionType) *ParamRefApplyConfiguration {
+	b.ParameterNotFoundAction = &value
+	return b
+}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1/validatingadmissionpolicyspec.go b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1/validatingadmissionpolicyspec.go
index f674b5b1ec..7ee320e428 100644
--- a/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1/validatingadmissionpolicyspec.go
+++ b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1/validatingadmissionpolicyspec.go
@@ -31,6 +31,7 @@ type ValidatingAdmissionPolicySpecApplyConfiguration struct {
 	FailurePolicy    *admissionregistrationv1alpha1.FailurePolicyType `json:"failurePolicy,omitempty"`
 	AuditAnnotations []AuditAnnotationApplyConfiguration              `json:"auditAnnotations,omitempty"`
 	MatchConditions  []MatchConditionApplyConfiguration               `json:"matchConditions,omitempty"`
+	Variables        []VariableApplyConfiguration                     `json:"variables,omitempty"`
 }
 
 // ValidatingAdmissionPolicySpecApplyConfiguration constructs an declarative configuration of the ValidatingAdmissionPolicySpec type for use with
@@ -101,3 +102,16 @@ func (b *ValidatingAdmissionPolicySpecApplyConfiguration) WithMatchConditions(va
 	}
 	return b
 }
+
+// WithVariables adds the given value to the Variables field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the Variables field.
+func (b *ValidatingAdmissionPolicySpecApplyConfiguration) WithVariables(values ...*VariableApplyConfiguration) *ValidatingAdmissionPolicySpecApplyConfiguration {
+	for i := range values {
+		if values[i] == nil {
+			panic("nil value passed to WithVariables")
+		}
+		b.Variables = append(b.Variables, *values[i])
+	}
+	return b
+}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1/variable.go b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1/variable.go
new file mode 100644
index 0000000000..2c70a8cfb5
--- /dev/null
+++ b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1/variable.go
@@ -0,0 +1,48 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1alpha1
+
+// VariableApplyConfiguration represents an declarative configuration of the Variable type for use
+// with apply.
+type VariableApplyConfiguration struct {
+	Name       *string `json:"name,omitempty"`
+	Expression *string `json:"expression,omitempty"`
+}
+
+// VariableApplyConfiguration constructs an declarative configuration of the Variable type for use with
+// apply.
+func Variable() *VariableApplyConfiguration {
+	return &VariableApplyConfiguration{}
+}
+
+// WithName sets the Name field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Name field is set to the value of the last call.
+func (b *VariableApplyConfiguration) WithName(value string) *VariableApplyConfiguration {
+	b.Name = &value
+	return b
+}
+
+// WithExpression sets the Expression field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Expression field is set to the value of the last call.
+func (b *VariableApplyConfiguration) WithExpression(value string) *VariableApplyConfiguration {
+	b.Expression = &value
+	return b
+}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/auditannotation.go b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/auditannotation.go
new file mode 100644
index 0000000000..e92fba0ddb
--- /dev/null
+++ b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/auditannotation.go
@@ -0,0 +1,48 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1beta1
+
+// AuditAnnotationApplyConfiguration represents an declarative configuration of the AuditAnnotation type for use
+// with apply.
+type AuditAnnotationApplyConfiguration struct {
+	Key             *string `json:"key,omitempty"`
+	ValueExpression *string `json:"valueExpression,omitempty"`
+}
+
+// AuditAnnotationApplyConfiguration constructs an declarative configuration of the AuditAnnotation type for use with
+// apply.
+func AuditAnnotation() *AuditAnnotationApplyConfiguration {
+	return &AuditAnnotationApplyConfiguration{}
+}
+
+// WithKey sets the Key field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Key field is set to the value of the last call.
+func (b *AuditAnnotationApplyConfiguration) WithKey(value string) *AuditAnnotationApplyConfiguration {
+	b.Key = &value
+	return b
+}
+
+// WithValueExpression sets the ValueExpression field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the ValueExpression field is set to the value of the last call.
+func (b *AuditAnnotationApplyConfiguration) WithValueExpression(value string) *AuditAnnotationApplyConfiguration {
+	b.ValueExpression = &value
+	return b
+}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/expressionwarning.go b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/expressionwarning.go
new file mode 100644
index 0000000000..059c1b94ba
--- /dev/null
+++ b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/expressionwarning.go
@@ -0,0 +1,48 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1beta1
+
+// ExpressionWarningApplyConfiguration represents an declarative configuration of the ExpressionWarning type for use
+// with apply.
+type ExpressionWarningApplyConfiguration struct {
+	FieldRef *string `json:"fieldRef,omitempty"`
+	Warning  *string `json:"warning,omitempty"`
+}
+
+// ExpressionWarningApplyConfiguration constructs an declarative configuration of the ExpressionWarning type for use with
+// apply.
+func ExpressionWarning() *ExpressionWarningApplyConfiguration {
+	return &ExpressionWarningApplyConfiguration{}
+}
+
+// WithFieldRef sets the FieldRef field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the FieldRef field is set to the value of the last call.
+func (b *ExpressionWarningApplyConfiguration) WithFieldRef(value string) *ExpressionWarningApplyConfiguration {
+	b.FieldRef = &value
+	return b
+}
+
+// WithWarning sets the Warning field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Warning field is set to the value of the last call.
+func (b *ExpressionWarningApplyConfiguration) WithWarning(value string) *ExpressionWarningApplyConfiguration {
+	b.Warning = &value
+	return b
+}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/matchresources.go b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/matchresources.go
new file mode 100644
index 0000000000..25d4139db6
--- /dev/null
+++ b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/matchresources.go
@@ -0,0 +1,90 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1beta1
+
+import (
+	admissionregistrationv1beta1 "k8s.io/api/admissionregistration/v1beta1"
+	v1 "k8s.io/client-go/applyconfigurations/meta/v1"
+)
+
+// MatchResourcesApplyConfiguration represents an declarative configuration of the MatchResources type for use
+// with apply.
+type MatchResourcesApplyConfiguration struct {
+	NamespaceSelector    *v1.LabelSelectorApplyConfiguration           `json:"namespaceSelector,omitempty"`
+	ObjectSelector       *v1.LabelSelectorApplyConfiguration           `json:"objectSelector,omitempty"`
+	ResourceRules        []NamedRuleWithOperationsApplyConfiguration   `json:"resourceRules,omitempty"`
+	ExcludeResourceRules []NamedRuleWithOperationsApplyConfiguration   `json:"excludeResourceRules,omitempty"`
+	MatchPolicy          *admissionregistrationv1beta1.MatchPolicyType `json:"matchPolicy,omitempty"`
+}
+
+// MatchResourcesApplyConfiguration constructs an declarative configuration of the MatchResources type for use with
+// apply.
+func MatchResources() *MatchResourcesApplyConfiguration {
+	return &MatchResourcesApplyConfiguration{}
+}
+
+// WithNamespaceSelector sets the NamespaceSelector field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the NamespaceSelector field is set to the value of the last call.
+func (b *MatchResourcesApplyConfiguration) WithNamespaceSelector(value *v1.LabelSelectorApplyConfiguration) *MatchResourcesApplyConfiguration {
+	b.NamespaceSelector = value
+	return b
+}
+
+// WithObjectSelector sets the ObjectSelector field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the ObjectSelector field is set to the value of the last call.
+func (b *MatchResourcesApplyConfiguration) WithObjectSelector(value *v1.LabelSelectorApplyConfiguration) *MatchResourcesApplyConfiguration {
+	b.ObjectSelector = value
+	return b
+}
+
+// WithResourceRules adds the given value to the ResourceRules field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the ResourceRules field.
+func (b *MatchResourcesApplyConfiguration) WithResourceRules(values ...*NamedRuleWithOperationsApplyConfiguration) *MatchResourcesApplyConfiguration {
+	for i := range values {
+		if values[i] == nil {
+			panic("nil value passed to WithResourceRules")
+		}
+		b.ResourceRules = append(b.ResourceRules, *values[i])
+	}
+	return b
+}
+
+// WithExcludeResourceRules adds the given value to the ExcludeResourceRules field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the ExcludeResourceRules field.
+func (b *MatchResourcesApplyConfiguration) WithExcludeResourceRules(values ...*NamedRuleWithOperationsApplyConfiguration) *MatchResourcesApplyConfiguration {
+	for i := range values {
+		if values[i] == nil {
+			panic("nil value passed to WithExcludeResourceRules")
+		}
+		b.ExcludeResourceRules = append(b.ExcludeResourceRules, *values[i])
+	}
+	return b
+}
+
+// WithMatchPolicy sets the MatchPolicy field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the MatchPolicy field is set to the value of the last call.
+func (b *MatchResourcesApplyConfiguration) WithMatchPolicy(value admissionregistrationv1beta1.MatchPolicyType) *MatchResourcesApplyConfiguration {
+	b.MatchPolicy = &value
+	return b
+}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/namedrulewithoperations.go b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/namedrulewithoperations.go
new file mode 100644
index 0000000000..fa346c4a57
--- /dev/null
+++ b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/namedrulewithoperations.go
@@ -0,0 +1,95 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1beta1
+
+import (
+	admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
+	v1 "k8s.io/client-go/applyconfigurations/admissionregistration/v1"
+)
+
+// NamedRuleWithOperationsApplyConfiguration represents an declarative configuration of the NamedRuleWithOperations type for use
+// with apply.
+type NamedRuleWithOperationsApplyConfiguration struct {
+	ResourceNames                           []string `json:"resourceNames,omitempty"`
+	v1.RuleWithOperationsApplyConfiguration `json:",inline"`
+}
+
+// NamedRuleWithOperationsApplyConfiguration constructs an declarative configuration of the NamedRuleWithOperations type for use with
+// apply.
+func NamedRuleWithOperations() *NamedRuleWithOperationsApplyConfiguration {
+	return &NamedRuleWithOperationsApplyConfiguration{}
+}
+
+// WithResourceNames adds the given value to the ResourceNames field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the ResourceNames field.
+func (b *NamedRuleWithOperationsApplyConfiguration) WithResourceNames(values ...string) *NamedRuleWithOperationsApplyConfiguration {
+	for i := range values {
+		b.ResourceNames = append(b.ResourceNames, values[i])
+	}
+	return b
+}
+
+// WithOperations adds the given value to the Operations field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the Operations field.
+func (b *NamedRuleWithOperationsApplyConfiguration) WithOperations(values ...admissionregistrationv1.OperationType) *NamedRuleWithOperationsApplyConfiguration {
+	for i := range values {
+		b.Operations = append(b.Operations, values[i])
+	}
+	return b
+}
+
+// WithAPIGroups adds the given value to the APIGroups field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the APIGroups field.
+func (b *NamedRuleWithOperationsApplyConfiguration) WithAPIGroups(values ...string) *NamedRuleWithOperationsApplyConfiguration {
+	for i := range values {
+		b.APIGroups = append(b.APIGroups, values[i])
+	}
+	return b
+}
+
+// WithAPIVersions adds the given value to the APIVersions field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the APIVersions field.
+func (b *NamedRuleWithOperationsApplyConfiguration) WithAPIVersions(values ...string) *NamedRuleWithOperationsApplyConfiguration {
+	for i := range values {
+		b.APIVersions = append(b.APIVersions, values[i])
+	}
+	return b
+}
+
+// WithResources adds the given value to the Resources field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the Resources field.
+func (b *NamedRuleWithOperationsApplyConfiguration) WithResources(values ...string) *NamedRuleWithOperationsApplyConfiguration {
+	for i := range values {
+		b.Resources = append(b.Resources, values[i])
+	}
+	return b
+}
+
+// WithScope sets the Scope field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Scope field is set to the value of the last call.
+func (b *NamedRuleWithOperationsApplyConfiguration) WithScope(value admissionregistrationv1.ScopeType) *NamedRuleWithOperationsApplyConfiguration {
+	b.Scope = &value
+	return b
+}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/paramkind.go b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/paramkind.go
new file mode 100644
index 0000000000..6050e60251
--- /dev/null
+++ b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/paramkind.go
@@ -0,0 +1,48 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1beta1
+
+// ParamKindApplyConfiguration represents an declarative configuration of the ParamKind type for use
+// with apply.
+type ParamKindApplyConfiguration struct {
+	APIVersion *string `json:"apiVersion,omitempty"`
+	Kind       *string `json:"kind,omitempty"`
+}
+
+// ParamKindApplyConfiguration constructs an declarative configuration of the ParamKind type for use with
+// apply.
+func ParamKind() *ParamKindApplyConfiguration {
+	return &ParamKindApplyConfiguration{}
+}
+
+// WithAPIVersion sets the APIVersion field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the APIVersion field is set to the value of the last call.
+func (b *ParamKindApplyConfiguration) WithAPIVersion(value string) *ParamKindApplyConfiguration {
+	b.APIVersion = &value
+	return b
+}
+
+// WithKind sets the Kind field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Kind field is set to the value of the last call.
+func (b *ParamKindApplyConfiguration) WithKind(value string) *ParamKindApplyConfiguration {
+	b.Kind = &value
+	return b
+}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/paramref.go b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/paramref.go
new file mode 100644
index 0000000000..2be98dbc52
--- /dev/null
+++ b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/paramref.go
@@ -0,0 +1,71 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1beta1
+
+import (
+	v1beta1 "k8s.io/api/admissionregistration/v1beta1"
+	v1 "k8s.io/client-go/applyconfigurations/meta/v1"
+)
+
+// ParamRefApplyConfiguration represents an declarative configuration of the ParamRef type for use
+// with apply.
+type ParamRefApplyConfiguration struct {
+	Name                    *string                              `json:"name,omitempty"`
+	Namespace               *string                              `json:"namespace,omitempty"`
+	Selector                *v1.LabelSelectorApplyConfiguration  `json:"selector,omitempty"`
+	ParameterNotFoundAction *v1beta1.ParameterNotFoundActionType `json:"parameterNotFoundAction,omitempty"`
+}
+
+// ParamRefApplyConfiguration constructs an declarative configuration of the ParamRef type for use with
+// apply.
+func ParamRef() *ParamRefApplyConfiguration {
+	return &ParamRefApplyConfiguration{}
+}
+
+// WithName sets the Name field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Name field is set to the value of the last call.
+func (b *ParamRefApplyConfiguration) WithName(value string) *ParamRefApplyConfiguration {
+	b.Name = &value
+	return b
+}
+
+// WithNamespace sets the Namespace field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Namespace field is set to the value of the last call.
+func (b *ParamRefApplyConfiguration) WithNamespace(value string) *ParamRefApplyConfiguration {
+	b.Namespace = &value
+	return b
+}
+
+// WithSelector sets the Selector field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Selector field is set to the value of the last call.
+func (b *ParamRefApplyConfiguration) WithSelector(value *v1.LabelSelectorApplyConfiguration) *ParamRefApplyConfiguration {
+	b.Selector = value
+	return b
+}
+
+// WithParameterNotFoundAction sets the ParameterNotFoundAction field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the ParameterNotFoundAction field is set to the value of the last call.
+func (b *ParamRefApplyConfiguration) WithParameterNotFoundAction(value v1beta1.ParameterNotFoundActionType) *ParamRefApplyConfiguration {
+	b.ParameterNotFoundAction = &value
+	return b
+}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/typechecking.go b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/typechecking.go
new file mode 100644
index 0000000000..07baf334cd
--- /dev/null
+++ b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/typechecking.go
@@ -0,0 +1,44 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1beta1
+
+// TypeCheckingApplyConfiguration represents an declarative configuration of the TypeChecking type for use
+// with apply.
+type TypeCheckingApplyConfiguration struct {
+	ExpressionWarnings []ExpressionWarningApplyConfiguration `json:"expressionWarnings,omitempty"`
+}
+
+// TypeCheckingApplyConfiguration constructs an declarative configuration of the TypeChecking type for use with
+// apply.
+func TypeChecking() *TypeCheckingApplyConfiguration {
+	return &TypeCheckingApplyConfiguration{}
+}
+
+// WithExpressionWarnings adds the given value to the ExpressionWarnings field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the ExpressionWarnings field.
+func (b *TypeCheckingApplyConfiguration) WithExpressionWarnings(values ...*ExpressionWarningApplyConfiguration) *TypeCheckingApplyConfiguration {
+	for i := range values {
+		if values[i] == nil {
+			panic("nil value passed to WithExpressionWarnings")
+		}
+		b.ExpressionWarnings = append(b.ExpressionWarnings, *values[i])
+	}
+	return b
+}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/validatingadmissionpolicy.go b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/validatingadmissionpolicy.go
new file mode 100644
index 0000000000..e144bc9f70
--- /dev/null
+++ b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/validatingadmissionpolicy.go
@@ -0,0 +1,256 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1beta1
+
+import (
+	admissionregistrationv1beta1 "k8s.io/api/admissionregistration/v1beta1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	types "k8s.io/apimachinery/pkg/types"
+	managedfields "k8s.io/apimachinery/pkg/util/managedfields"
+	internal "k8s.io/client-go/applyconfigurations/internal"
+	v1 "k8s.io/client-go/applyconfigurations/meta/v1"
+)
+
+// ValidatingAdmissionPolicyApplyConfiguration represents an declarative configuration of the ValidatingAdmissionPolicy type for use
+// with apply.
+type ValidatingAdmissionPolicyApplyConfiguration struct {
+	v1.TypeMetaApplyConfiguration    `json:",inline"`
+	*v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"`
+	Spec                             *ValidatingAdmissionPolicySpecApplyConfiguration   `json:"spec,omitempty"`
+	Status                           *ValidatingAdmissionPolicyStatusApplyConfiguration `json:"status,omitempty"`
+}
+
+// ValidatingAdmissionPolicy constructs an declarative configuration of the ValidatingAdmissionPolicy type for use with
+// apply.
+func ValidatingAdmissionPolicy(name string) *ValidatingAdmissionPolicyApplyConfiguration {
+	b := &ValidatingAdmissionPolicyApplyConfiguration{}
+	b.WithName(name)
+	b.WithKind("ValidatingAdmissionPolicy")
+	b.WithAPIVersion("admissionregistration.k8s.io/v1beta1")
+	return b
+}
+
+// ExtractValidatingAdmissionPolicy extracts the applied configuration owned by fieldManager from
+// validatingAdmissionPolicy. If no managedFields are found in validatingAdmissionPolicy for fieldManager, a
+// ValidatingAdmissionPolicyApplyConfiguration is returned with only the Name, Namespace (if applicable),
+// APIVersion and Kind populated. It is possible that no managed fields were found for because other
+// field managers have taken ownership of all the fields previously owned by fieldManager, or because
+// the fieldManager never owned fields any fields.
+// validatingAdmissionPolicy must be a unmodified ValidatingAdmissionPolicy API object that was retrieved from the Kubernetes API.
+// ExtractValidatingAdmissionPolicy provides a way to perform a extract/modify-in-place/apply workflow.
+// Note that an extracted apply configuration will contain fewer fields than what the fieldManager previously
+// applied if another fieldManager has updated or force applied any of the previously applied fields.
+// Experimental!
+func ExtractValidatingAdmissionPolicy(validatingAdmissionPolicy *admissionregistrationv1beta1.ValidatingAdmissionPolicy, fieldManager string) (*ValidatingAdmissionPolicyApplyConfiguration, error) {
+	return extractValidatingAdmissionPolicy(validatingAdmissionPolicy, fieldManager, "")
+}
+
+// ExtractValidatingAdmissionPolicyStatus is the same as ExtractValidatingAdmissionPolicy except
+// that it extracts the status subresource applied configuration.
+// Experimental!
+func ExtractValidatingAdmissionPolicyStatus(validatingAdmissionPolicy *admissionregistrationv1beta1.ValidatingAdmissionPolicy, fieldManager string) (*ValidatingAdmissionPolicyApplyConfiguration, error) {
+	return extractValidatingAdmissionPolicy(validatingAdmissionPolicy, fieldManager, "status")
+}
+
+func extractValidatingAdmissionPolicy(validatingAdmissionPolicy *admissionregistrationv1beta1.ValidatingAdmissionPolicy, fieldManager string, subresource string) (*ValidatingAdmissionPolicyApplyConfiguration, error) {
+	b := &ValidatingAdmissionPolicyApplyConfiguration{}
+	err := managedfields.ExtractInto(validatingAdmissionPolicy, internal.Parser().Type("io.k8s.api.admissionregistration.v1beta1.ValidatingAdmissionPolicy"), fieldManager, b, subresource)
+	if err != nil {
+		return nil, err
+	}
+	b.WithName(validatingAdmissionPolicy.Name)
+
+	b.WithKind("ValidatingAdmissionPolicy")
+	b.WithAPIVersion("admissionregistration.k8s.io/v1beta1")
+	return b, nil
+}
+
+// WithKind sets the Kind field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Kind field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicyApplyConfiguration) WithKind(value string) *ValidatingAdmissionPolicyApplyConfiguration {
+	b.Kind = &value
+	return b
+}
+
+// WithAPIVersion sets the APIVersion field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the APIVersion field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicyApplyConfiguration) WithAPIVersion(value string) *ValidatingAdmissionPolicyApplyConfiguration {
+	b.APIVersion = &value
+	return b
+}
+
+// WithName sets the Name field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Name field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicyApplyConfiguration) WithName(value string) *ValidatingAdmissionPolicyApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.Name = &value
+	return b
+}
+
+// WithGenerateName sets the GenerateName field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the GenerateName field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicyApplyConfiguration) WithGenerateName(value string) *ValidatingAdmissionPolicyApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.GenerateName = &value
+	return b
+}
+
+// WithNamespace sets the Namespace field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Namespace field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicyApplyConfiguration) WithNamespace(value string) *ValidatingAdmissionPolicyApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.Namespace = &value
+	return b
+}
+
+// WithUID sets the UID field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the UID field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicyApplyConfiguration) WithUID(value types.UID) *ValidatingAdmissionPolicyApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.UID = &value
+	return b
+}
+
+// WithResourceVersion sets the ResourceVersion field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the ResourceVersion field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicyApplyConfiguration) WithResourceVersion(value string) *ValidatingAdmissionPolicyApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.ResourceVersion = &value
+	return b
+}
+
+// WithGeneration sets the Generation field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Generation field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicyApplyConfiguration) WithGeneration(value int64) *ValidatingAdmissionPolicyApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.Generation = &value
+	return b
+}
+
+// WithCreationTimestamp sets the CreationTimestamp field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the CreationTimestamp field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicyApplyConfiguration) WithCreationTimestamp(value metav1.Time) *ValidatingAdmissionPolicyApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.CreationTimestamp = &value
+	return b
+}
+
+// WithDeletionTimestamp sets the DeletionTimestamp field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the DeletionTimestamp field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicyApplyConfiguration) WithDeletionTimestamp(value metav1.Time) *ValidatingAdmissionPolicyApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.DeletionTimestamp = &value
+	return b
+}
+
+// WithDeletionGracePeriodSeconds sets the DeletionGracePeriodSeconds field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the DeletionGracePeriodSeconds field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicyApplyConfiguration) WithDeletionGracePeriodSeconds(value int64) *ValidatingAdmissionPolicyApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.DeletionGracePeriodSeconds = &value
+	return b
+}
+
+// WithLabels puts the entries into the Labels field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, the entries provided by each call will be put on the Labels field,
+// overwriting an existing map entries in Labels field with the same key.
+func (b *ValidatingAdmissionPolicyApplyConfiguration) WithLabels(entries map[string]string) *ValidatingAdmissionPolicyApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	if b.Labels == nil && len(entries) > 0 {
+		b.Labels = make(map[string]string, len(entries))
+	}
+	for k, v := range entries {
+		b.Labels[k] = v
+	}
+	return b
+}
+
+// WithAnnotations puts the entries into the Annotations field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, the entries provided by each call will be put on the Annotations field,
+// overwriting an existing map entries in Annotations field with the same key.
+func (b *ValidatingAdmissionPolicyApplyConfiguration) WithAnnotations(entries map[string]string) *ValidatingAdmissionPolicyApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	if b.Annotations == nil && len(entries) > 0 {
+		b.Annotations = make(map[string]string, len(entries))
+	}
+	for k, v := range entries {
+		b.Annotations[k] = v
+	}
+	return b
+}
+
+// WithOwnerReferences adds the given value to the OwnerReferences field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the OwnerReferences field.
+func (b *ValidatingAdmissionPolicyApplyConfiguration) WithOwnerReferences(values ...*v1.OwnerReferenceApplyConfiguration) *ValidatingAdmissionPolicyApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	for i := range values {
+		if values[i] == nil {
+			panic("nil value passed to WithOwnerReferences")
+		}
+		b.OwnerReferences = append(b.OwnerReferences, *values[i])
+	}
+	return b
+}
+
+// WithFinalizers adds the given value to the Finalizers field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the Finalizers field.
+func (b *ValidatingAdmissionPolicyApplyConfiguration) WithFinalizers(values ...string) *ValidatingAdmissionPolicyApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	for i := range values {
+		b.Finalizers = append(b.Finalizers, values[i])
+	}
+	return b
+}
+
+func (b *ValidatingAdmissionPolicyApplyConfiguration) ensureObjectMetaApplyConfigurationExists() {
+	if b.ObjectMetaApplyConfiguration == nil {
+		b.ObjectMetaApplyConfiguration = &v1.ObjectMetaApplyConfiguration{}
+	}
+}
+
+// WithSpec sets the Spec field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Spec field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicyApplyConfiguration) WithSpec(value *ValidatingAdmissionPolicySpecApplyConfiguration) *ValidatingAdmissionPolicyApplyConfiguration {
+	b.Spec = value
+	return b
+}
+
+// WithStatus sets the Status field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Status field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicyApplyConfiguration) WithStatus(value *ValidatingAdmissionPolicyStatusApplyConfiguration) *ValidatingAdmissionPolicyApplyConfiguration {
+	b.Status = value
+	return b
+}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/validatingadmissionpolicybinding.go b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/validatingadmissionpolicybinding.go
new file mode 100644
index 0000000000..0dc06aedec
--- /dev/null
+++ b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/validatingadmissionpolicybinding.go
@@ -0,0 +1,247 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1beta1
+
+import (
+	admissionregistrationv1beta1 "k8s.io/api/admissionregistration/v1beta1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	types "k8s.io/apimachinery/pkg/types"
+	managedfields "k8s.io/apimachinery/pkg/util/managedfields"
+	internal "k8s.io/client-go/applyconfigurations/internal"
+	v1 "k8s.io/client-go/applyconfigurations/meta/v1"
+)
+
+// ValidatingAdmissionPolicyBindingApplyConfiguration represents an declarative configuration of the ValidatingAdmissionPolicyBinding type for use
+// with apply.
+type ValidatingAdmissionPolicyBindingApplyConfiguration struct {
+	v1.TypeMetaApplyConfiguration    `json:",inline"`
+	*v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"`
+	Spec                             *ValidatingAdmissionPolicyBindingSpecApplyConfiguration `json:"spec,omitempty"`
+}
+
+// ValidatingAdmissionPolicyBinding constructs an declarative configuration of the ValidatingAdmissionPolicyBinding type for use with
+// apply.
+func ValidatingAdmissionPolicyBinding(name string) *ValidatingAdmissionPolicyBindingApplyConfiguration {
+	b := &ValidatingAdmissionPolicyBindingApplyConfiguration{}
+	b.WithName(name)
+	b.WithKind("ValidatingAdmissionPolicyBinding")
+	b.WithAPIVersion("admissionregistration.k8s.io/v1beta1")
+	return b
+}
+
+// ExtractValidatingAdmissionPolicyBinding extracts the applied configuration owned by fieldManager from
+// validatingAdmissionPolicyBinding. If no managedFields are found in validatingAdmissionPolicyBinding for fieldManager, a
+// ValidatingAdmissionPolicyBindingApplyConfiguration is returned with only the Name, Namespace (if applicable),
+// APIVersion and Kind populated. It is possible that no managed fields were found for because other
+// field managers have taken ownership of all the fields previously owned by fieldManager, or because
+// the fieldManager never owned fields any fields.
+// validatingAdmissionPolicyBinding must be a unmodified ValidatingAdmissionPolicyBinding API object that was retrieved from the Kubernetes API.
+// ExtractValidatingAdmissionPolicyBinding provides a way to perform a extract/modify-in-place/apply workflow.
+// Note that an extracted apply configuration will contain fewer fields than what the fieldManager previously
+// applied if another fieldManager has updated or force applied any of the previously applied fields.
+// Experimental!
+func ExtractValidatingAdmissionPolicyBinding(validatingAdmissionPolicyBinding *admissionregistrationv1beta1.ValidatingAdmissionPolicyBinding, fieldManager string) (*ValidatingAdmissionPolicyBindingApplyConfiguration, error) {
+	return extractValidatingAdmissionPolicyBinding(validatingAdmissionPolicyBinding, fieldManager, "")
+}
+
+// ExtractValidatingAdmissionPolicyBindingStatus is the same as ExtractValidatingAdmissionPolicyBinding except
+// that it extracts the status subresource applied configuration.
+// Experimental!
+func ExtractValidatingAdmissionPolicyBindingStatus(validatingAdmissionPolicyBinding *admissionregistrationv1beta1.ValidatingAdmissionPolicyBinding, fieldManager string) (*ValidatingAdmissionPolicyBindingApplyConfiguration, error) {
+	return extractValidatingAdmissionPolicyBinding(validatingAdmissionPolicyBinding, fieldManager, "status")
+}
+
+func extractValidatingAdmissionPolicyBinding(validatingAdmissionPolicyBinding *admissionregistrationv1beta1.ValidatingAdmissionPolicyBinding, fieldManager string, subresource string) (*ValidatingAdmissionPolicyBindingApplyConfiguration, error) {
+	b := &ValidatingAdmissionPolicyBindingApplyConfiguration{}
+	err := managedfields.ExtractInto(validatingAdmissionPolicyBinding, internal.Parser().Type("io.k8s.api.admissionregistration.v1beta1.ValidatingAdmissionPolicyBinding"), fieldManager, b, subresource)
+	if err != nil {
+		return nil, err
+	}
+	b.WithName(validatingAdmissionPolicyBinding.Name)
+
+	b.WithKind("ValidatingAdmissionPolicyBinding")
+	b.WithAPIVersion("admissionregistration.k8s.io/v1beta1")
+	return b, nil
+}
+
+// WithKind sets the Kind field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Kind field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicyBindingApplyConfiguration) WithKind(value string) *ValidatingAdmissionPolicyBindingApplyConfiguration {
+	b.Kind = &value
+	return b
+}
+
+// WithAPIVersion sets the APIVersion field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the APIVersion field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicyBindingApplyConfiguration) WithAPIVersion(value string) *ValidatingAdmissionPolicyBindingApplyConfiguration {
+	b.APIVersion = &value
+	return b
+}
+
+// WithName sets the Name field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Name field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicyBindingApplyConfiguration) WithName(value string) *ValidatingAdmissionPolicyBindingApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.Name = &value
+	return b
+}
+
+// WithGenerateName sets the GenerateName field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the GenerateName field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicyBindingApplyConfiguration) WithGenerateName(value string) *ValidatingAdmissionPolicyBindingApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.GenerateName = &value
+	return b
+}
+
+// WithNamespace sets the Namespace field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Namespace field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicyBindingApplyConfiguration) WithNamespace(value string) *ValidatingAdmissionPolicyBindingApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.Namespace = &value
+	return b
+}
+
+// WithUID sets the UID field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the UID field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicyBindingApplyConfiguration) WithUID(value types.UID) *ValidatingAdmissionPolicyBindingApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.UID = &value
+	return b
+}
+
+// WithResourceVersion sets the ResourceVersion field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the ResourceVersion field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicyBindingApplyConfiguration) WithResourceVersion(value string) *ValidatingAdmissionPolicyBindingApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.ResourceVersion = &value
+	return b
+}
+
+// WithGeneration sets the Generation field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Generation field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicyBindingApplyConfiguration) WithGeneration(value int64) *ValidatingAdmissionPolicyBindingApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.Generation = &value
+	return b
+}
+
+// WithCreationTimestamp sets the CreationTimestamp field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the CreationTimestamp field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicyBindingApplyConfiguration) WithCreationTimestamp(value metav1.Time) *ValidatingAdmissionPolicyBindingApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.CreationTimestamp = &value
+	return b
+}
+
+// WithDeletionTimestamp sets the DeletionTimestamp field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the DeletionTimestamp field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicyBindingApplyConfiguration) WithDeletionTimestamp(value metav1.Time) *ValidatingAdmissionPolicyBindingApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.DeletionTimestamp = &value
+	return b
+}
+
+// WithDeletionGracePeriodSeconds sets the DeletionGracePeriodSeconds field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the DeletionGracePeriodSeconds field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicyBindingApplyConfiguration) WithDeletionGracePeriodSeconds(value int64) *ValidatingAdmissionPolicyBindingApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.DeletionGracePeriodSeconds = &value
+	return b
+}
+
+// WithLabels puts the entries into the Labels field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, the entries provided by each call will be put on the Labels field,
+// overwriting an existing map entries in Labels field with the same key.
+func (b *ValidatingAdmissionPolicyBindingApplyConfiguration) WithLabels(entries map[string]string) *ValidatingAdmissionPolicyBindingApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	if b.Labels == nil && len(entries) > 0 {
+		b.Labels = make(map[string]string, len(entries))
+	}
+	for k, v := range entries {
+		b.Labels[k] = v
+	}
+	return b
+}
+
+// WithAnnotations puts the entries into the Annotations field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, the entries provided by each call will be put on the Annotations field,
+// overwriting an existing map entries in Annotations field with the same key.
+func (b *ValidatingAdmissionPolicyBindingApplyConfiguration) WithAnnotations(entries map[string]string) *ValidatingAdmissionPolicyBindingApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	if b.Annotations == nil && len(entries) > 0 {
+		b.Annotations = make(map[string]string, len(entries))
+	}
+	for k, v := range entries {
+		b.Annotations[k] = v
+	}
+	return b
+}
+
+// WithOwnerReferences adds the given value to the OwnerReferences field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the OwnerReferences field.
+func (b *ValidatingAdmissionPolicyBindingApplyConfiguration) WithOwnerReferences(values ...*v1.OwnerReferenceApplyConfiguration) *ValidatingAdmissionPolicyBindingApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	for i := range values {
+		if values[i] == nil {
+			panic("nil value passed to WithOwnerReferences")
+		}
+		b.OwnerReferences = append(b.OwnerReferences, *values[i])
+	}
+	return b
+}
+
+// WithFinalizers adds the given value to the Finalizers field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the Finalizers field.
+func (b *ValidatingAdmissionPolicyBindingApplyConfiguration) WithFinalizers(values ...string) *ValidatingAdmissionPolicyBindingApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	for i := range values {
+		b.Finalizers = append(b.Finalizers, values[i])
+	}
+	return b
+}
+
+func (b *ValidatingAdmissionPolicyBindingApplyConfiguration) ensureObjectMetaApplyConfigurationExists() {
+	if b.ObjectMetaApplyConfiguration == nil {
+		b.ObjectMetaApplyConfiguration = &v1.ObjectMetaApplyConfiguration{}
+	}
+}
+
+// WithSpec sets the Spec field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Spec field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicyBindingApplyConfiguration) WithSpec(value *ValidatingAdmissionPolicyBindingSpecApplyConfiguration) *ValidatingAdmissionPolicyBindingApplyConfiguration {
+	b.Spec = value
+	return b
+}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/validatingadmissionpolicybindingspec.go b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/validatingadmissionpolicybindingspec.go
new file mode 100644
index 0000000000..d20a78efff
--- /dev/null
+++ b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/validatingadmissionpolicybindingspec.go
@@ -0,0 +1,72 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1beta1
+
+import (
+	admissionregistrationv1beta1 "k8s.io/api/admissionregistration/v1beta1"
+)
+
+// ValidatingAdmissionPolicyBindingSpecApplyConfiguration represents an declarative configuration of the ValidatingAdmissionPolicyBindingSpec type for use
+// with apply.
+type ValidatingAdmissionPolicyBindingSpecApplyConfiguration struct {
+	PolicyName        *string                                         `json:"policyName,omitempty"`
+	ParamRef          *ParamRefApplyConfiguration                     `json:"paramRef,omitempty"`
+	MatchResources    *MatchResourcesApplyConfiguration               `json:"matchResources,omitempty"`
+	ValidationActions []admissionregistrationv1beta1.ValidationAction `json:"validationActions,omitempty"`
+}
+
+// ValidatingAdmissionPolicyBindingSpecApplyConfiguration constructs an declarative configuration of the ValidatingAdmissionPolicyBindingSpec type for use with
+// apply.
+func ValidatingAdmissionPolicyBindingSpec() *ValidatingAdmissionPolicyBindingSpecApplyConfiguration {
+	return &ValidatingAdmissionPolicyBindingSpecApplyConfiguration{}
+}
+
+// WithPolicyName sets the PolicyName field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the PolicyName field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicyBindingSpecApplyConfiguration) WithPolicyName(value string) *ValidatingAdmissionPolicyBindingSpecApplyConfiguration {
+	b.PolicyName = &value
+	return b
+}
+
+// WithParamRef sets the ParamRef field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the ParamRef field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicyBindingSpecApplyConfiguration) WithParamRef(value *ParamRefApplyConfiguration) *ValidatingAdmissionPolicyBindingSpecApplyConfiguration {
+	b.ParamRef = value
+	return b
+}
+
+// WithMatchResources sets the MatchResources field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the MatchResources field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicyBindingSpecApplyConfiguration) WithMatchResources(value *MatchResourcesApplyConfiguration) *ValidatingAdmissionPolicyBindingSpecApplyConfiguration {
+	b.MatchResources = value
+	return b
+}
+
+// WithValidationActions adds the given value to the ValidationActions field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the ValidationActions field.
+func (b *ValidatingAdmissionPolicyBindingSpecApplyConfiguration) WithValidationActions(values ...admissionregistrationv1beta1.ValidationAction) *ValidatingAdmissionPolicyBindingSpecApplyConfiguration {
+	for i := range values {
+		b.ValidationActions = append(b.ValidationActions, values[i])
+	}
+	return b
+}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/validatingadmissionpolicyspec.go b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/validatingadmissionpolicyspec.go
new file mode 100644
index 0000000000..c6e9389103
--- /dev/null
+++ b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/validatingadmissionpolicyspec.go
@@ -0,0 +1,117 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1beta1
+
+import (
+	admissionregistrationv1beta1 "k8s.io/api/admissionregistration/v1beta1"
+)
+
+// ValidatingAdmissionPolicySpecApplyConfiguration represents an declarative configuration of the ValidatingAdmissionPolicySpec type for use
+// with apply.
+type ValidatingAdmissionPolicySpecApplyConfiguration struct {
+	ParamKind        *ParamKindApplyConfiguration                    `json:"paramKind,omitempty"`
+	MatchConstraints *MatchResourcesApplyConfiguration               `json:"matchConstraints,omitempty"`
+	Validations      []ValidationApplyConfiguration                  `json:"validations,omitempty"`
+	FailurePolicy    *admissionregistrationv1beta1.FailurePolicyType `json:"failurePolicy,omitempty"`
+	AuditAnnotations []AuditAnnotationApplyConfiguration             `json:"auditAnnotations,omitempty"`
+	MatchConditions  []MatchConditionApplyConfiguration              `json:"matchConditions,omitempty"`
+	Variables        []VariableApplyConfiguration                    `json:"variables,omitempty"`
+}
+
+// ValidatingAdmissionPolicySpecApplyConfiguration constructs an declarative configuration of the ValidatingAdmissionPolicySpec type for use with
+// apply.
+func ValidatingAdmissionPolicySpec() *ValidatingAdmissionPolicySpecApplyConfiguration {
+	return &ValidatingAdmissionPolicySpecApplyConfiguration{}
+}
+
+// WithParamKind sets the ParamKind field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the ParamKind field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicySpecApplyConfiguration) WithParamKind(value *ParamKindApplyConfiguration) *ValidatingAdmissionPolicySpecApplyConfiguration {
+	b.ParamKind = value
+	return b
+}
+
+// WithMatchConstraints sets the MatchConstraints field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the MatchConstraints field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicySpecApplyConfiguration) WithMatchConstraints(value *MatchResourcesApplyConfiguration) *ValidatingAdmissionPolicySpecApplyConfiguration {
+	b.MatchConstraints = value
+	return b
+}
+
+// WithValidations adds the given value to the Validations field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the Validations field.
+func (b *ValidatingAdmissionPolicySpecApplyConfiguration) WithValidations(values ...*ValidationApplyConfiguration) *ValidatingAdmissionPolicySpecApplyConfiguration {
+	for i := range values {
+		if values[i] == nil {
+			panic("nil value passed to WithValidations")
+		}
+		b.Validations = append(b.Validations, *values[i])
+	}
+	return b
+}
+
+// WithFailurePolicy sets the FailurePolicy field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the FailurePolicy field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicySpecApplyConfiguration) WithFailurePolicy(value admissionregistrationv1beta1.FailurePolicyType) *ValidatingAdmissionPolicySpecApplyConfiguration {
+	b.FailurePolicy = &value
+	return b
+}
+
+// WithAuditAnnotations adds the given value to the AuditAnnotations field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the AuditAnnotations field.
+func (b *ValidatingAdmissionPolicySpecApplyConfiguration) WithAuditAnnotations(values ...*AuditAnnotationApplyConfiguration) *ValidatingAdmissionPolicySpecApplyConfiguration {
+	for i := range values {
+		if values[i] == nil {
+			panic("nil value passed to WithAuditAnnotations")
+		}
+		b.AuditAnnotations = append(b.AuditAnnotations, *values[i])
+	}
+	return b
+}
+
+// WithMatchConditions adds the given value to the MatchConditions field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the MatchConditions field.
+func (b *ValidatingAdmissionPolicySpecApplyConfiguration) WithMatchConditions(values ...*MatchConditionApplyConfiguration) *ValidatingAdmissionPolicySpecApplyConfiguration {
+	for i := range values {
+		if values[i] == nil {
+			panic("nil value passed to WithMatchConditions")
+		}
+		b.MatchConditions = append(b.MatchConditions, *values[i])
+	}
+	return b
+}
+
+// WithVariables adds the given value to the Variables field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the Variables field.
+func (b *ValidatingAdmissionPolicySpecApplyConfiguration) WithVariables(values ...*VariableApplyConfiguration) *ValidatingAdmissionPolicySpecApplyConfiguration {
+	for i := range values {
+		if values[i] == nil {
+			panic("nil value passed to WithVariables")
+		}
+		b.Variables = append(b.Variables, *values[i])
+	}
+	return b
+}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/validatingadmissionpolicystatus.go b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/validatingadmissionpolicystatus.go
new file mode 100644
index 0000000000..e3e6d417ed
--- /dev/null
+++ b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/validatingadmissionpolicystatus.go
@@ -0,0 +1,66 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1beta1
+
+import (
+	v1 "k8s.io/client-go/applyconfigurations/meta/v1"
+)
+
+// ValidatingAdmissionPolicyStatusApplyConfiguration represents an declarative configuration of the ValidatingAdmissionPolicyStatus type for use
+// with apply.
+type ValidatingAdmissionPolicyStatusApplyConfiguration struct {
+	ObservedGeneration *int64                           `json:"observedGeneration,omitempty"`
+	TypeChecking       *TypeCheckingApplyConfiguration  `json:"typeChecking,omitempty"`
+	Conditions         []v1.ConditionApplyConfiguration `json:"conditions,omitempty"`
+}
+
+// ValidatingAdmissionPolicyStatusApplyConfiguration constructs an declarative configuration of the ValidatingAdmissionPolicyStatus type for use with
+// apply.
+func ValidatingAdmissionPolicyStatus() *ValidatingAdmissionPolicyStatusApplyConfiguration {
+	return &ValidatingAdmissionPolicyStatusApplyConfiguration{}
+}
+
+// WithObservedGeneration sets the ObservedGeneration field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the ObservedGeneration field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicyStatusApplyConfiguration) WithObservedGeneration(value int64) *ValidatingAdmissionPolicyStatusApplyConfiguration {
+	b.ObservedGeneration = &value
+	return b
+}
+
+// WithTypeChecking sets the TypeChecking field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the TypeChecking field is set to the value of the last call.
+func (b *ValidatingAdmissionPolicyStatusApplyConfiguration) WithTypeChecking(value *TypeCheckingApplyConfiguration) *ValidatingAdmissionPolicyStatusApplyConfiguration {
+	b.TypeChecking = value
+	return b
+}
+
+// WithConditions adds the given value to the Conditions field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the Conditions field.
+func (b *ValidatingAdmissionPolicyStatusApplyConfiguration) WithConditions(values ...*v1.ConditionApplyConfiguration) *ValidatingAdmissionPolicyStatusApplyConfiguration {
+	for i := range values {
+		if values[i] == nil {
+			panic("nil value passed to WithConditions")
+		}
+		b.Conditions = append(b.Conditions, *values[i])
+	}
+	return b
+}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/validation.go b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/validation.go
new file mode 100644
index 0000000000..ed9ff1ac0c
--- /dev/null
+++ b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/validation.go
@@ -0,0 +1,70 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1beta1
+
+import (
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// ValidationApplyConfiguration represents an declarative configuration of the Validation type for use
+// with apply.
+type ValidationApplyConfiguration struct {
+	Expression        *string          `json:"expression,omitempty"`
+	Message           *string          `json:"message,omitempty"`
+	Reason            *v1.StatusReason `json:"reason,omitempty"`
+	MessageExpression *string          `json:"messageExpression,omitempty"`
+}
+
+// ValidationApplyConfiguration constructs an declarative configuration of the Validation type for use with
+// apply.
+func Validation() *ValidationApplyConfiguration {
+	return &ValidationApplyConfiguration{}
+}
+
+// WithExpression sets the Expression field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Expression field is set to the value of the last call.
+func (b *ValidationApplyConfiguration) WithExpression(value string) *ValidationApplyConfiguration {
+	b.Expression = &value
+	return b
+}
+
+// WithMessage sets the Message field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Message field is set to the value of the last call.
+func (b *ValidationApplyConfiguration) WithMessage(value string) *ValidationApplyConfiguration {
+	b.Message = &value
+	return b
+}
+
+// WithReason sets the Reason field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Reason field is set to the value of the last call.
+func (b *ValidationApplyConfiguration) WithReason(value v1.StatusReason) *ValidationApplyConfiguration {
+	b.Reason = &value
+	return b
+}
+
+// WithMessageExpression sets the MessageExpression field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the MessageExpression field is set to the value of the last call.
+func (b *ValidationApplyConfiguration) WithMessageExpression(value string) *ValidationApplyConfiguration {
+	b.MessageExpression = &value
+	return b
+}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/variable.go b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/variable.go
new file mode 100644
index 0000000000..0fc294c65d
--- /dev/null
+++ b/vendor/k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1/variable.go
@@ -0,0 +1,48 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1beta1
+
+// VariableApplyConfiguration represents an declarative configuration of the Variable type for use
+// with apply.
+type VariableApplyConfiguration struct {
+	Name       *string `json:"name,omitempty"`
+	Expression *string `json:"expression,omitempty"`
+}
+
+// VariableApplyConfiguration constructs an declarative configuration of the Variable type for use with
+// apply.
+func Variable() *VariableApplyConfiguration {
+	return &VariableApplyConfiguration{}
+}
+
+// WithName sets the Name field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Name field is set to the value of the last call.
+func (b *VariableApplyConfiguration) WithName(value string) *VariableApplyConfiguration {
+	b.Name = &value
+	return b
+}
+
+// WithExpression sets the Expression field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Expression field is set to the value of the last call.
+func (b *VariableApplyConfiguration) WithExpression(value string) *VariableApplyConfiguration {
+	b.Expression = &value
+	return b
+}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/apiserverinternal/v1alpha1/serverstorageversion.go b/vendor/k8s.io/client-go/applyconfigurations/apiserverinternal/v1alpha1/serverstorageversion.go
index d36f7603c7..81c56330bb 100644
--- a/vendor/k8s.io/client-go/applyconfigurations/apiserverinternal/v1alpha1/serverstorageversion.go
+++ b/vendor/k8s.io/client-go/applyconfigurations/apiserverinternal/v1alpha1/serverstorageversion.go
@@ -24,6 +24,7 @@ type ServerStorageVersionApplyConfiguration struct {
 	APIServerID       *string  `json:"apiServerID,omitempty"`
 	EncodingVersion   *string  `json:"encodingVersion,omitempty"`
 	DecodableVersions []string `json:"decodableVersions,omitempty"`
+	ServedVersions    []string `json:"servedVersions,omitempty"`
 }
 
 // ServerStorageVersionApplyConfiguration constructs an declarative configuration of the ServerStorageVersion type for use with
@@ -57,3 +58,13 @@ func (b *ServerStorageVersionApplyConfiguration) WithDecodableVersions(values ..
 	}
 	return b
 }
+
+// WithServedVersions adds the given value to the ServedVersions field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the ServedVersions field.
+func (b *ServerStorageVersionApplyConfiguration) WithServedVersions(values ...string) *ServerStorageVersionApplyConfiguration {
+	for i := range values {
+		b.ServedVersions = append(b.ServedVersions, values[i])
+	}
+	return b
+}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/batch/v1/jobspec.go b/vendor/k8s.io/client-go/applyconfigurations/batch/v1/jobspec.go
index 839d88b64e..3d46a3ecf9 100644
--- a/vendor/k8s.io/client-go/applyconfigurations/batch/v1/jobspec.go
+++ b/vendor/k8s.io/client-go/applyconfigurations/batch/v1/jobspec.go
@@ -32,12 +32,15 @@ type JobSpecApplyConfiguration struct {
 	ActiveDeadlineSeconds   *int64                                    `json:"activeDeadlineSeconds,omitempty"`
 	PodFailurePolicy        *PodFailurePolicyApplyConfiguration       `json:"podFailurePolicy,omitempty"`
 	BackoffLimit            *int32                                    `json:"backoffLimit,omitempty"`
+	BackoffLimitPerIndex    *int32                                    `json:"backoffLimitPerIndex,omitempty"`
+	MaxFailedIndexes        *int32                                    `json:"maxFailedIndexes,omitempty"`
 	Selector                *metav1.LabelSelectorApplyConfiguration   `json:"selector,omitempty"`
 	ManualSelector          *bool                                     `json:"manualSelector,omitempty"`
 	Template                *corev1.PodTemplateSpecApplyConfiguration `json:"template,omitempty"`
 	TTLSecondsAfterFinished *int32                                    `json:"ttlSecondsAfterFinished,omitempty"`
 	CompletionMode          *batchv1.CompletionMode                   `json:"completionMode,omitempty"`
 	Suspend                 *bool                                     `json:"suspend,omitempty"`
+	PodReplacementPolicy    *batchv1.PodReplacementPolicy             `json:"podReplacementPolicy,omitempty"`
 }
 
 // JobSpecApplyConfiguration constructs an declarative configuration of the JobSpec type for use with
@@ -86,6 +89,22 @@ func (b *JobSpecApplyConfiguration) WithBackoffLimit(value int32) *JobSpecApplyC
 	return b
 }
 
+// WithBackoffLimitPerIndex sets the BackoffLimitPerIndex field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the BackoffLimitPerIndex field is set to the value of the last call.
+func (b *JobSpecApplyConfiguration) WithBackoffLimitPerIndex(value int32) *JobSpecApplyConfiguration {
+	b.BackoffLimitPerIndex = &value
+	return b
+}
+
+// WithMaxFailedIndexes sets the MaxFailedIndexes field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the MaxFailedIndexes field is set to the value of the last call.
+func (b *JobSpecApplyConfiguration) WithMaxFailedIndexes(value int32) *JobSpecApplyConfiguration {
+	b.MaxFailedIndexes = &value
+	return b
+}
+
 // WithSelector sets the Selector field in the declarative configuration to the given value
 // and returns the receiver, so that objects can be built by chaining "With" function invocations.
 // If called multiple times, the Selector field is set to the value of the last call.
@@ -133,3 +152,11 @@ func (b *JobSpecApplyConfiguration) WithSuspend(value bool) *JobSpecApplyConfigu
 	b.Suspend = &value
 	return b
 }
+
+// WithPodReplacementPolicy sets the PodReplacementPolicy field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the PodReplacementPolicy field is set to the value of the last call.
+func (b *JobSpecApplyConfiguration) WithPodReplacementPolicy(value batchv1.PodReplacementPolicy) *JobSpecApplyConfiguration {
+	b.PodReplacementPolicy = &value
+	return b
+}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/batch/v1/jobstatus.go b/vendor/k8s.io/client-go/applyconfigurations/batch/v1/jobstatus.go
index a36d5d0ae1..e8e472f8f7 100644
--- a/vendor/k8s.io/client-go/applyconfigurations/batch/v1/jobstatus.go
+++ b/vendor/k8s.io/client-go/applyconfigurations/batch/v1/jobstatus.go
@@ -31,7 +31,9 @@ type JobStatusApplyConfiguration struct {
 	Active                  *int32                                     `json:"active,omitempty"`
 	Succeeded               *int32                                     `json:"succeeded,omitempty"`
 	Failed                  *int32                                     `json:"failed,omitempty"`
+	Terminating             *int32                                     `json:"terminating,omitempty"`
 	CompletedIndexes        *string                                    `json:"completedIndexes,omitempty"`
+	FailedIndexes           *string                                    `json:"failedIndexes,omitempty"`
 	UncountedTerminatedPods *UncountedTerminatedPodsApplyConfiguration `json:"uncountedTerminatedPods,omitempty"`
 	Ready                   *int32                                     `json:"ready,omitempty"`
 }
@@ -95,6 +97,14 @@ func (b *JobStatusApplyConfiguration) WithFailed(value int32) *JobStatusApplyCon
 	return b
 }
 
+// WithTerminating sets the Terminating field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Terminating field is set to the value of the last call.
+func (b *JobStatusApplyConfiguration) WithTerminating(value int32) *JobStatusApplyConfiguration {
+	b.Terminating = &value
+	return b
+}
+
 // WithCompletedIndexes sets the CompletedIndexes field in the declarative configuration to the given value
 // and returns the receiver, so that objects can be built by chaining "With" function invocations.
 // If called multiple times, the CompletedIndexes field is set to the value of the last call.
@@ -103,6 +113,14 @@ func (b *JobStatusApplyConfiguration) WithCompletedIndexes(value string) *JobSta
 	return b
 }
 
+// WithFailedIndexes sets the FailedIndexes field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the FailedIndexes field is set to the value of the last call.
+func (b *JobStatusApplyConfiguration) WithFailedIndexes(value string) *JobStatusApplyConfiguration {
+	b.FailedIndexes = &value
+	return b
+}
+
 // WithUncountedTerminatedPods sets the UncountedTerminatedPods field in the declarative configuration to the given value
 // and returns the receiver, so that objects can be built by chaining "With" function invocations.
 // If called multiple times, the UncountedTerminatedPods field is set to the value of the last call.
diff --git a/vendor/k8s.io/client-go/applyconfigurations/core/v1/container.go b/vendor/k8s.io/client-go/applyconfigurations/core/v1/container.go
index 9ada59ee20..32d7156063 100644
--- a/vendor/k8s.io/client-go/applyconfigurations/core/v1/container.go
+++ b/vendor/k8s.io/client-go/applyconfigurations/core/v1/container.go
@@ -35,6 +35,7 @@ type ContainerApplyConfiguration struct {
 	Env                      []EnvVarApplyConfiguration                `json:"env,omitempty"`
 	Resources                *ResourceRequirementsApplyConfiguration   `json:"resources,omitempty"`
 	ResizePolicy             []ContainerResizePolicyApplyConfiguration `json:"resizePolicy,omitempty"`
+	RestartPolicy            *corev1.ContainerRestartPolicy            `json:"restartPolicy,omitempty"`
 	VolumeMounts             []VolumeMountApplyConfiguration           `json:"volumeMounts,omitempty"`
 	VolumeDevices            []VolumeDeviceApplyConfiguration          `json:"volumeDevices,omitempty"`
 	LivenessProbe            *ProbeApplyConfiguration                  `json:"livenessProbe,omitempty"`
@@ -160,6 +161,14 @@ func (b *ContainerApplyConfiguration) WithResizePolicy(values ...*ContainerResiz
 	return b
 }
 
+// WithRestartPolicy sets the RestartPolicy field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the RestartPolicy field is set to the value of the last call.
+func (b *ContainerApplyConfiguration) WithRestartPolicy(value corev1.ContainerRestartPolicy) *ContainerApplyConfiguration {
+	b.RestartPolicy = &value
+	return b
+}
+
 // WithVolumeMounts adds the given value to the VolumeMounts field in the declarative configuration
 // and returns the receiver, so that objects can be build by chaining "With" function invocations.
 // If called multiple times, values provided by each call will be appended to the VolumeMounts field.
diff --git a/vendor/k8s.io/client-go/applyconfigurations/core/v1/ephemeralcontainer.go b/vendor/k8s.io/client-go/applyconfigurations/core/v1/ephemeralcontainer.go
index c51049ba1f..5fa79a246e 100644
--- a/vendor/k8s.io/client-go/applyconfigurations/core/v1/ephemeralcontainer.go
+++ b/vendor/k8s.io/client-go/applyconfigurations/core/v1/ephemeralcontainer.go
@@ -139,6 +139,14 @@ func (b *EphemeralContainerApplyConfiguration) WithResizePolicy(values ...*Conta
 	return b
 }
 
+// WithRestartPolicy sets the RestartPolicy field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the RestartPolicy field is set to the value of the last call.
+func (b *EphemeralContainerApplyConfiguration) WithRestartPolicy(value corev1.ContainerRestartPolicy) *EphemeralContainerApplyConfiguration {
+	b.RestartPolicy = &value
+	return b
+}
+
 // WithVolumeMounts adds the given value to the VolumeMounts field in the declarative configuration
 // and returns the receiver, so that objects can be build by chaining "With" function invocations.
 // If called multiple times, values provided by each call will be appended to the VolumeMounts field.
diff --git a/vendor/k8s.io/client-go/applyconfigurations/core/v1/ephemeralcontainercommon.go b/vendor/k8s.io/client-go/applyconfigurations/core/v1/ephemeralcontainercommon.go
index 764b830e04..8cded29a9e 100644
--- a/vendor/k8s.io/client-go/applyconfigurations/core/v1/ephemeralcontainercommon.go
+++ b/vendor/k8s.io/client-go/applyconfigurations/core/v1/ephemeralcontainercommon.go
@@ -35,6 +35,7 @@ type EphemeralContainerCommonApplyConfiguration struct {
 	Env                      []EnvVarApplyConfiguration                `json:"env,omitempty"`
 	Resources                *ResourceRequirementsApplyConfiguration   `json:"resources,omitempty"`
 	ResizePolicy             []ContainerResizePolicyApplyConfiguration `json:"resizePolicy,omitempty"`
+	RestartPolicy            *corev1.ContainerRestartPolicy            `json:"restartPolicy,omitempty"`
 	VolumeMounts             []VolumeMountApplyConfiguration           `json:"volumeMounts,omitempty"`
 	VolumeDevices            []VolumeDeviceApplyConfiguration          `json:"volumeDevices,omitempty"`
 	LivenessProbe            *ProbeApplyConfiguration                  `json:"livenessProbe,omitempty"`
@@ -160,6 +161,14 @@ func (b *EphemeralContainerCommonApplyConfiguration) WithResizePolicy(values ...
 	return b
 }
 
+// WithRestartPolicy sets the RestartPolicy field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the RestartPolicy field is set to the value of the last call.
+func (b *EphemeralContainerCommonApplyConfiguration) WithRestartPolicy(value corev1.ContainerRestartPolicy) *EphemeralContainerCommonApplyConfiguration {
+	b.RestartPolicy = &value
+	return b
+}
+
 // WithVolumeMounts adds the given value to the VolumeMounts field in the declarative configuration
 // and returns the receiver, so that objects can be build by chaining "With" function invocations.
 // If called multiple times, values provided by each call will be appended to the VolumeMounts field.
diff --git a/vendor/k8s.io/client-go/applyconfigurations/core/v1/hostip.go b/vendor/k8s.io/client-go/applyconfigurations/core/v1/hostip.go
new file mode 100644
index 0000000000..c2a42cf747
--- /dev/null
+++ b/vendor/k8s.io/client-go/applyconfigurations/core/v1/hostip.go
@@ -0,0 +1,39 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1
+
+// HostIPApplyConfiguration represents an declarative configuration of the HostIP type for use
+// with apply.
+type HostIPApplyConfiguration struct {
+	IP *string `json:"ip,omitempty"`
+}
+
+// HostIPApplyConfiguration constructs an declarative configuration of the HostIP type for use with
+// apply.
+func HostIP() *HostIPApplyConfiguration {
+	return &HostIPApplyConfiguration{}
+}
+
+// WithIP sets the IP field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the IP field is set to the value of the last call.
+func (b *HostIPApplyConfiguration) WithIP(value string) *HostIPApplyConfiguration {
+	b.IP = &value
+	return b
+}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/core/v1/persistentvolumeclaimstatus.go b/vendor/k8s.io/client-go/applyconfigurations/core/v1/persistentvolumeclaimstatus.go
index 4c38d89f57..c29b2a9a15 100644
--- a/vendor/k8s.io/client-go/applyconfigurations/core/v1/persistentvolumeclaimstatus.go
+++ b/vendor/k8s.io/client-go/applyconfigurations/core/v1/persistentvolumeclaimstatus.go
@@ -25,12 +25,12 @@ import (
 // PersistentVolumeClaimStatusApplyConfiguration represents an declarative configuration of the PersistentVolumeClaimStatus type for use
 // with apply.
 type PersistentVolumeClaimStatusApplyConfiguration struct {
-	Phase              *v1.PersistentVolumeClaimPhase                     `json:"phase,omitempty"`
-	AccessModes        []v1.PersistentVolumeAccessMode                    `json:"accessModes,omitempty"`
-	Capacity           *v1.ResourceList                                   `json:"capacity,omitempty"`
-	Conditions         []PersistentVolumeClaimConditionApplyConfiguration `json:"conditions,omitempty"`
-	AllocatedResources *v1.ResourceList                                   `json:"allocatedResources,omitempty"`
-	ResizeStatus       *v1.PersistentVolumeClaimResizeStatus              `json:"resizeStatus,omitempty"`
+	Phase                     *v1.PersistentVolumeClaimPhase                     `json:"phase,omitempty"`
+	AccessModes               []v1.PersistentVolumeAccessMode                    `json:"accessModes,omitempty"`
+	Capacity                  *v1.ResourceList                                   `json:"capacity,omitempty"`
+	Conditions                []PersistentVolumeClaimConditionApplyConfiguration `json:"conditions,omitempty"`
+	AllocatedResources        *v1.ResourceList                                   `json:"allocatedResources,omitempty"`
+	AllocatedResourceStatuses map[v1.ResourceName]v1.ClaimResourceStatus         `json:"allocatedResourceStatuses,omitempty"`
 }
 
 // PersistentVolumeClaimStatusApplyConfiguration constructs an declarative configuration of the PersistentVolumeClaimStatus type for use with
@@ -86,10 +86,16 @@ func (b *PersistentVolumeClaimStatusApplyConfiguration) WithAllocatedResources(v
 	return b
 }
 
-// WithResizeStatus sets the ResizeStatus field in the declarative configuration to the given value
-// and returns the receiver, so that objects can be built by chaining "With" function invocations.
-// If called multiple times, the ResizeStatus field is set to the value of the last call.
-func (b *PersistentVolumeClaimStatusApplyConfiguration) WithResizeStatus(value v1.PersistentVolumeClaimResizeStatus) *PersistentVolumeClaimStatusApplyConfiguration {
-	b.ResizeStatus = &value
+// WithAllocatedResourceStatuses puts the entries into the AllocatedResourceStatuses field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, the entries provided by each call will be put on the AllocatedResourceStatuses field,
+// overwriting an existing map entries in AllocatedResourceStatuses field with the same key.
+func (b *PersistentVolumeClaimStatusApplyConfiguration) WithAllocatedResourceStatuses(entries map[v1.ResourceName]v1.ClaimResourceStatus) *PersistentVolumeClaimStatusApplyConfiguration {
+	if b.AllocatedResourceStatuses == nil && len(entries) > 0 {
+		b.AllocatedResourceStatuses = make(map[v1.ResourceName]v1.ClaimResourceStatus, len(entries))
+	}
+	for k, v := range entries {
+		b.AllocatedResourceStatuses[k] = v
+	}
 	return b
 }
diff --git a/vendor/k8s.io/client-go/applyconfigurations/core/v1/persistentvolumestatus.go b/vendor/k8s.io/client-go/applyconfigurations/core/v1/persistentvolumestatus.go
index f7048dec4e..a473c0e927 100644
--- a/vendor/k8s.io/client-go/applyconfigurations/core/v1/persistentvolumestatus.go
+++ b/vendor/k8s.io/client-go/applyconfigurations/core/v1/persistentvolumestatus.go
@@ -20,14 +20,16 @@ package v1
 
 import (
 	v1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
 // PersistentVolumeStatusApplyConfiguration represents an declarative configuration of the PersistentVolumeStatus type for use
 // with apply.
 type PersistentVolumeStatusApplyConfiguration struct {
-	Phase   *v1.PersistentVolumePhase `json:"phase,omitempty"`
-	Message *string                   `json:"message,omitempty"`
-	Reason  *string                   `json:"reason,omitempty"`
+	Phase                   *v1.PersistentVolumePhase `json:"phase,omitempty"`
+	Message                 *string                   `json:"message,omitempty"`
+	Reason                  *string                   `json:"reason,omitempty"`
+	LastPhaseTransitionTime *metav1.Time              `json:"lastPhaseTransitionTime,omitempty"`
 }
 
 // PersistentVolumeStatusApplyConfiguration constructs an declarative configuration of the PersistentVolumeStatus type for use with
@@ -59,3 +61,11 @@ func (b *PersistentVolumeStatusApplyConfiguration) WithReason(value string) *Per
 	b.Reason = &value
 	return b
 }
+
+// WithLastPhaseTransitionTime sets the LastPhaseTransitionTime field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the LastPhaseTransitionTime field is set to the value of the last call.
+func (b *PersistentVolumeStatusApplyConfiguration) WithLastPhaseTransitionTime(value metav1.Time) *PersistentVolumeStatusApplyConfiguration {
+	b.LastPhaseTransitionTime = &value
+	return b
+}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/core/v1/podresourceclaimstatus.go b/vendor/k8s.io/client-go/applyconfigurations/core/v1/podresourceclaimstatus.go
new file mode 100644
index 0000000000..ae79ca01b7
--- /dev/null
+++ b/vendor/k8s.io/client-go/applyconfigurations/core/v1/podresourceclaimstatus.go
@@ -0,0 +1,48 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1
+
+// PodResourceClaimStatusApplyConfiguration represents an declarative configuration of the PodResourceClaimStatus type for use
+// with apply.
+type PodResourceClaimStatusApplyConfiguration struct {
+	Name              *string `json:"name,omitempty"`
+	ResourceClaimName *string `json:"resourceClaimName,omitempty"`
+}
+
+// PodResourceClaimStatusApplyConfiguration constructs an declarative configuration of the PodResourceClaimStatus type for use with
+// apply.
+func PodResourceClaimStatus() *PodResourceClaimStatusApplyConfiguration {
+	return &PodResourceClaimStatusApplyConfiguration{}
+}
+
+// WithName sets the Name field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Name field is set to the value of the last call.
+func (b *PodResourceClaimStatusApplyConfiguration) WithName(value string) *PodResourceClaimStatusApplyConfiguration {
+	b.Name = &value
+	return b
+}
+
+// WithResourceClaimName sets the ResourceClaimName field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the ResourceClaimName field is set to the value of the last call.
+func (b *PodResourceClaimStatusApplyConfiguration) WithResourceClaimName(value string) *PodResourceClaimStatusApplyConfiguration {
+	b.ResourceClaimName = &value
+	return b
+}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/core/v1/podstatus.go b/vendor/k8s.io/client-go/applyconfigurations/core/v1/podstatus.go
index e9d8e5b28f..1a58ab6be2 100644
--- a/vendor/k8s.io/client-go/applyconfigurations/core/v1/podstatus.go
+++ b/vendor/k8s.io/client-go/applyconfigurations/core/v1/podstatus.go
@@ -26,20 +26,22 @@ import (
 // PodStatusApplyConfiguration represents an declarative configuration of the PodStatus type for use
 // with apply.
 type PodStatusApplyConfiguration struct {
-	Phase                      *v1.PodPhase                        `json:"phase,omitempty"`
-	Conditions                 []PodConditionApplyConfiguration    `json:"conditions,omitempty"`
-	Message                    *string                             `json:"message,omitempty"`
-	Reason                     *string                             `json:"reason,omitempty"`
-	NominatedNodeName          *string                             `json:"nominatedNodeName,omitempty"`
-	HostIP                     *string                             `json:"hostIP,omitempty"`
-	PodIP                      *string                             `json:"podIP,omitempty"`
-	PodIPs                     []PodIPApplyConfiguration           `json:"podIPs,omitempty"`
-	StartTime                  *metav1.Time                        `json:"startTime,omitempty"`
-	InitContainerStatuses      []ContainerStatusApplyConfiguration `json:"initContainerStatuses,omitempty"`
-	ContainerStatuses          []ContainerStatusApplyConfiguration `json:"containerStatuses,omitempty"`
-	QOSClass                   *v1.PodQOSClass                     `json:"qosClass,omitempty"`
-	EphemeralContainerStatuses []ContainerStatusApplyConfiguration `json:"ephemeralContainerStatuses,omitempty"`
-	Resize                     *v1.PodResizeStatus                 `json:"resize,omitempty"`
+	Phase                      *v1.PodPhase                               `json:"phase,omitempty"`
+	Conditions                 []PodConditionApplyConfiguration           `json:"conditions,omitempty"`
+	Message                    *string                                    `json:"message,omitempty"`
+	Reason                     *string                                    `json:"reason,omitempty"`
+	NominatedNodeName          *string                                    `json:"nominatedNodeName,omitempty"`
+	HostIP                     *string                                    `json:"hostIP,omitempty"`
+	HostIPs                    []HostIPApplyConfiguration                 `json:"hostIPs,omitempty"`
+	PodIP                      *string                                    `json:"podIP,omitempty"`
+	PodIPs                     []PodIPApplyConfiguration                  `json:"podIPs,omitempty"`
+	StartTime                  *metav1.Time                               `json:"startTime,omitempty"`
+	InitContainerStatuses      []ContainerStatusApplyConfiguration        `json:"initContainerStatuses,omitempty"`
+	ContainerStatuses          []ContainerStatusApplyConfiguration        `json:"containerStatuses,omitempty"`
+	QOSClass                   *v1.PodQOSClass                            `json:"qosClass,omitempty"`
+	EphemeralContainerStatuses []ContainerStatusApplyConfiguration        `json:"ephemeralContainerStatuses,omitempty"`
+	Resize                     *v1.PodResizeStatus                        `json:"resize,omitempty"`
+	ResourceClaimStatuses      []PodResourceClaimStatusApplyConfiguration `json:"resourceClaimStatuses,omitempty"`
 }
 
 // PodStatusApplyConfiguration constructs an declarative configuration of the PodStatus type for use with
@@ -101,6 +103,19 @@ func (b *PodStatusApplyConfiguration) WithHostIP(value string) *PodStatusApplyCo
 	return b
 }
 
+// WithHostIPs adds the given value to the HostIPs field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the HostIPs field.
+func (b *PodStatusApplyConfiguration) WithHostIPs(values ...*HostIPApplyConfiguration) *PodStatusApplyConfiguration {
+	for i := range values {
+		if values[i] == nil {
+			panic("nil value passed to WithHostIPs")
+		}
+		b.HostIPs = append(b.HostIPs, *values[i])
+	}
+	return b
+}
+
 // WithPodIP sets the PodIP field in the declarative configuration to the given value
 // and returns the receiver, so that objects can be built by chaining "With" function invocations.
 // If called multiple times, the PodIP field is set to the value of the last call.
@@ -184,3 +199,16 @@ func (b *PodStatusApplyConfiguration) WithResize(value v1.PodResizeStatus) *PodS
 	b.Resize = &value
 	return b
 }
+
+// WithResourceClaimStatuses adds the given value to the ResourceClaimStatuses field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the ResourceClaimStatuses field.
+func (b *PodStatusApplyConfiguration) WithResourceClaimStatuses(values ...*PodResourceClaimStatusApplyConfiguration) *PodStatusApplyConfiguration {
+	for i := range values {
+		if values[i] == nil {
+			panic("nil value passed to WithResourceClaimStatuses")
+		}
+		b.ResourceClaimStatuses = append(b.ResourceClaimStatuses, *values[i])
+	}
+	return b
+}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/extensions/v1beta1/networkpolicy.go b/vendor/k8s.io/client-go/applyconfigurations/extensions/v1beta1/networkpolicy.go
index 81c84d2d46..27ea5d9dde 100644
--- a/vendor/k8s.io/client-go/applyconfigurations/extensions/v1beta1/networkpolicy.go
+++ b/vendor/k8s.io/client-go/applyconfigurations/extensions/v1beta1/networkpolicy.go
@@ -32,8 +32,7 @@ import (
 type NetworkPolicyApplyConfiguration struct {
 	v1.TypeMetaApplyConfiguration    `json:",inline"`
 	*v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"`
-	Spec                             *NetworkPolicySpecApplyConfiguration   `json:"spec,omitempty"`
-	Status                           *NetworkPolicyStatusApplyConfiguration `json:"status,omitempty"`
+	Spec                             *NetworkPolicySpecApplyConfiguration `json:"spec,omitempty"`
 }
 
 // NetworkPolicy constructs an declarative configuration of the NetworkPolicy type for use with
@@ -248,11 +247,3 @@ func (b *NetworkPolicyApplyConfiguration) WithSpec(value *NetworkPolicySpecApply
 	b.Spec = value
 	return b
 }
-
-// WithStatus sets the Status field in the declarative configuration to the given value
-// and returns the receiver, so that objects can be built by chaining "With" function invocations.
-// If called multiple times, the Status field is set to the value of the last call.
-func (b *NetworkPolicyApplyConfiguration) WithStatus(value *NetworkPolicyStatusApplyConfiguration) *NetworkPolicyApplyConfiguration {
-	b.Status = value
-	return b
-}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/extensions/v1beta1/networkpolicystatus.go b/vendor/k8s.io/client-go/applyconfigurations/extensions/v1beta1/networkpolicystatus.go
deleted file mode 100644
index 99c89b09b0..0000000000
--- a/vendor/k8s.io/client-go/applyconfigurations/extensions/v1beta1/networkpolicystatus.go
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
-Copyright The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// Code generated by applyconfiguration-gen. DO NOT EDIT.
-
-package v1beta1
-
-import (
-	v1 "k8s.io/client-go/applyconfigurations/meta/v1"
-)
-
-// NetworkPolicyStatusApplyConfiguration represents an declarative configuration of the NetworkPolicyStatus type for use
-// with apply.
-type NetworkPolicyStatusApplyConfiguration struct {
-	Conditions []v1.ConditionApplyConfiguration `json:"conditions,omitempty"`
-}
-
-// NetworkPolicyStatusApplyConfiguration constructs an declarative configuration of the NetworkPolicyStatus type for use with
-// apply.
-func NetworkPolicyStatus() *NetworkPolicyStatusApplyConfiguration {
-	return &NetworkPolicyStatusApplyConfiguration{}
-}
-
-// WithConditions adds the given value to the Conditions field in the declarative configuration
-// and returns the receiver, so that objects can be build by chaining "With" function invocations.
-// If called multiple times, values provided by each call will be appended to the Conditions field.
-func (b *NetworkPolicyStatusApplyConfiguration) WithConditions(values ...*v1.ConditionApplyConfiguration) *NetworkPolicyStatusApplyConfiguration {
-	for i := range values {
-		if values[i] == nil {
-			panic("nil value passed to WithConditions")
-		}
-		b.Conditions = append(b.Conditions, *values[i])
-	}
-	return b
-}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/flowcontrol/v1alpha1/exemptprioritylevelconfiguration.go b/vendor/k8s.io/client-go/applyconfigurations/flowcontrol/v1alpha1/exemptprioritylevelconfiguration.go
new file mode 100644
index 0000000000..3535d74787
--- /dev/null
+++ b/vendor/k8s.io/client-go/applyconfigurations/flowcontrol/v1alpha1/exemptprioritylevelconfiguration.go
@@ -0,0 +1,48 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1alpha1
+
+// ExemptPriorityLevelConfigurationApplyConfiguration represents an declarative configuration of the ExemptPriorityLevelConfiguration type for use
+// with apply.
+type ExemptPriorityLevelConfigurationApplyConfiguration struct {
+	NominalConcurrencyShares *int32 `json:"nominalConcurrencyShares,omitempty"`
+	LendablePercent          *int32 `json:"lendablePercent,omitempty"`
+}
+
+// ExemptPriorityLevelConfigurationApplyConfiguration constructs an declarative configuration of the ExemptPriorityLevelConfiguration type for use with
+// apply.
+func ExemptPriorityLevelConfiguration() *ExemptPriorityLevelConfigurationApplyConfiguration {
+	return &ExemptPriorityLevelConfigurationApplyConfiguration{}
+}
+
+// WithNominalConcurrencyShares sets the NominalConcurrencyShares field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the NominalConcurrencyShares field is set to the value of the last call.
+func (b *ExemptPriorityLevelConfigurationApplyConfiguration) WithNominalConcurrencyShares(value int32) *ExemptPriorityLevelConfigurationApplyConfiguration {
+	b.NominalConcurrencyShares = &value
+	return b
+}
+
+// WithLendablePercent sets the LendablePercent field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the LendablePercent field is set to the value of the last call.
+func (b *ExemptPriorityLevelConfigurationApplyConfiguration) WithLendablePercent(value int32) *ExemptPriorityLevelConfigurationApplyConfiguration {
+	b.LendablePercent = &value
+	return b
+}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/flowcontrol/v1alpha1/prioritylevelconfigurationspec.go b/vendor/k8s.io/client-go/applyconfigurations/flowcontrol/v1alpha1/prioritylevelconfigurationspec.go
index 3949dee46d..ade920a755 100644
--- a/vendor/k8s.io/client-go/applyconfigurations/flowcontrol/v1alpha1/prioritylevelconfigurationspec.go
+++ b/vendor/k8s.io/client-go/applyconfigurations/flowcontrol/v1alpha1/prioritylevelconfigurationspec.go
@@ -27,6 +27,7 @@ import (
 type PriorityLevelConfigurationSpecApplyConfiguration struct {
 	Type    *v1alpha1.PriorityLevelEnablement                    `json:"type,omitempty"`
 	Limited *LimitedPriorityLevelConfigurationApplyConfiguration `json:"limited,omitempty"`
+	Exempt  *ExemptPriorityLevelConfigurationApplyConfiguration  `json:"exempt,omitempty"`
 }
 
 // PriorityLevelConfigurationSpecApplyConfiguration constructs an declarative configuration of the PriorityLevelConfigurationSpec type for use with
@@ -50,3 +51,11 @@ func (b *PriorityLevelConfigurationSpecApplyConfiguration) WithLimited(value *Li
 	b.Limited = value
 	return b
 }
+
+// WithExempt sets the Exempt field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Exempt field is set to the value of the last call.
+func (b *PriorityLevelConfigurationSpecApplyConfiguration) WithExempt(value *ExemptPriorityLevelConfigurationApplyConfiguration) *PriorityLevelConfigurationSpecApplyConfiguration {
+	b.Exempt = value
+	return b
+}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/flowcontrol/v1beta1/exemptprioritylevelconfiguration.go b/vendor/k8s.io/client-go/applyconfigurations/flowcontrol/v1beta1/exemptprioritylevelconfiguration.go
new file mode 100644
index 0000000000..0710480900
--- /dev/null
+++ b/vendor/k8s.io/client-go/applyconfigurations/flowcontrol/v1beta1/exemptprioritylevelconfiguration.go
@@ -0,0 +1,48 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1beta1
+
+// ExemptPriorityLevelConfigurationApplyConfiguration represents an declarative configuration of the ExemptPriorityLevelConfiguration type for use
+// with apply.
+type ExemptPriorityLevelConfigurationApplyConfiguration struct {
+	NominalConcurrencyShares *int32 `json:"nominalConcurrencyShares,omitempty"`
+	LendablePercent          *int32 `json:"lendablePercent,omitempty"`
+}
+
+// ExemptPriorityLevelConfigurationApplyConfiguration constructs an declarative configuration of the ExemptPriorityLevelConfiguration type for use with
+// apply.
+func ExemptPriorityLevelConfiguration() *ExemptPriorityLevelConfigurationApplyConfiguration {
+	return &ExemptPriorityLevelConfigurationApplyConfiguration{}
+}
+
+// WithNominalConcurrencyShares sets the NominalConcurrencyShares field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the NominalConcurrencyShares field is set to the value of the last call.
+func (b *ExemptPriorityLevelConfigurationApplyConfiguration) WithNominalConcurrencyShares(value int32) *ExemptPriorityLevelConfigurationApplyConfiguration {
+	b.NominalConcurrencyShares = &value
+	return b
+}
+
+// WithLendablePercent sets the LendablePercent field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the LendablePercent field is set to the value of the last call.
+func (b *ExemptPriorityLevelConfigurationApplyConfiguration) WithLendablePercent(value int32) *ExemptPriorityLevelConfigurationApplyConfiguration {
+	b.LendablePercent = &value
+	return b
+}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/flowcontrol/v1beta1/prioritylevelconfigurationspec.go b/vendor/k8s.io/client-go/applyconfigurations/flowcontrol/v1beta1/prioritylevelconfigurationspec.go
index 8ed4e399f8..19146d9f66 100644
--- a/vendor/k8s.io/client-go/applyconfigurations/flowcontrol/v1beta1/prioritylevelconfigurationspec.go
+++ b/vendor/k8s.io/client-go/applyconfigurations/flowcontrol/v1beta1/prioritylevelconfigurationspec.go
@@ -27,6 +27,7 @@ import (
 type PriorityLevelConfigurationSpecApplyConfiguration struct {
 	Type    *v1beta1.PriorityLevelEnablement                     `json:"type,omitempty"`
 	Limited *LimitedPriorityLevelConfigurationApplyConfiguration `json:"limited,omitempty"`
+	Exempt  *ExemptPriorityLevelConfigurationApplyConfiguration  `json:"exempt,omitempty"`
 }
 
 // PriorityLevelConfigurationSpecApplyConfiguration constructs an declarative configuration of the PriorityLevelConfigurationSpec type for use with
@@ -50,3 +51,11 @@ func (b *PriorityLevelConfigurationSpecApplyConfiguration) WithLimited(value *Li
 	b.Limited = value
 	return b
 }
+
+// WithExempt sets the Exempt field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Exempt field is set to the value of the last call.
+func (b *PriorityLevelConfigurationSpecApplyConfiguration) WithExempt(value *ExemptPriorityLevelConfigurationApplyConfiguration) *PriorityLevelConfigurationSpecApplyConfiguration {
+	b.Exempt = value
+	return b
+}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/flowcontrol/v1beta2/exemptprioritylevelconfiguration.go b/vendor/k8s.io/client-go/applyconfigurations/flowcontrol/v1beta2/exemptprioritylevelconfiguration.go
new file mode 100644
index 0000000000..d6bc330fe7
--- /dev/null
+++ b/vendor/k8s.io/client-go/applyconfigurations/flowcontrol/v1beta2/exemptprioritylevelconfiguration.go
@@ -0,0 +1,48 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1beta2
+
+// ExemptPriorityLevelConfigurationApplyConfiguration represents an declarative configuration of the ExemptPriorityLevelConfiguration type for use
+// with apply.
+type ExemptPriorityLevelConfigurationApplyConfiguration struct {
+	NominalConcurrencyShares *int32 `json:"nominalConcurrencyShares,omitempty"`
+	LendablePercent          *int32 `json:"lendablePercent,omitempty"`
+}
+
+// ExemptPriorityLevelConfigurationApplyConfiguration constructs an declarative configuration of the ExemptPriorityLevelConfiguration type for use with
+// apply.
+func ExemptPriorityLevelConfiguration() *ExemptPriorityLevelConfigurationApplyConfiguration {
+	return &ExemptPriorityLevelConfigurationApplyConfiguration{}
+}
+
+// WithNominalConcurrencyShares sets the NominalConcurrencyShares field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the NominalConcurrencyShares field is set to the value of the last call.
+func (b *ExemptPriorityLevelConfigurationApplyConfiguration) WithNominalConcurrencyShares(value int32) *ExemptPriorityLevelConfigurationApplyConfiguration {
+	b.NominalConcurrencyShares = &value
+	return b
+}
+
+// WithLendablePercent sets the LendablePercent field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the LendablePercent field is set to the value of the last call.
+func (b *ExemptPriorityLevelConfigurationApplyConfiguration) WithLendablePercent(value int32) *ExemptPriorityLevelConfigurationApplyConfiguration {
+	b.LendablePercent = &value
+	return b
+}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/flowcontrol/v1beta2/prioritylevelconfigurationspec.go b/vendor/k8s.io/client-go/applyconfigurations/flowcontrol/v1beta2/prioritylevelconfigurationspec.go
index 5560ed9e56..994a8a16a2 100644
--- a/vendor/k8s.io/client-go/applyconfigurations/flowcontrol/v1beta2/prioritylevelconfigurationspec.go
+++ b/vendor/k8s.io/client-go/applyconfigurations/flowcontrol/v1beta2/prioritylevelconfigurationspec.go
@@ -27,6 +27,7 @@ import (
 type PriorityLevelConfigurationSpecApplyConfiguration struct {
 	Type    *v1beta2.PriorityLevelEnablement                     `json:"type,omitempty"`
 	Limited *LimitedPriorityLevelConfigurationApplyConfiguration `json:"limited,omitempty"`
+	Exempt  *ExemptPriorityLevelConfigurationApplyConfiguration  `json:"exempt,omitempty"`
 }
 
 // PriorityLevelConfigurationSpecApplyConfiguration constructs an declarative configuration of the PriorityLevelConfigurationSpec type for use with
@@ -50,3 +51,11 @@ func (b *PriorityLevelConfigurationSpecApplyConfiguration) WithLimited(value *Li
 	b.Limited = value
 	return b
 }
+
+// WithExempt sets the Exempt field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Exempt field is set to the value of the last call.
+func (b *PriorityLevelConfigurationSpecApplyConfiguration) WithExempt(value *ExemptPriorityLevelConfigurationApplyConfiguration) *PriorityLevelConfigurationSpecApplyConfiguration {
+	b.Exempt = value
+	return b
+}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/flowcontrol/v1beta3/exemptprioritylevelconfiguration.go b/vendor/k8s.io/client-go/applyconfigurations/flowcontrol/v1beta3/exemptprioritylevelconfiguration.go
new file mode 100644
index 0000000000..b03c11d0d9
--- /dev/null
+++ b/vendor/k8s.io/client-go/applyconfigurations/flowcontrol/v1beta3/exemptprioritylevelconfiguration.go
@@ -0,0 +1,48 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1beta3
+
+// ExemptPriorityLevelConfigurationApplyConfiguration represents an declarative configuration of the ExemptPriorityLevelConfiguration type for use
+// with apply.
+type ExemptPriorityLevelConfigurationApplyConfiguration struct {
+	NominalConcurrencyShares *int32 `json:"nominalConcurrencyShares,omitempty"`
+	LendablePercent          *int32 `json:"lendablePercent,omitempty"`
+}
+
+// ExemptPriorityLevelConfigurationApplyConfiguration constructs an declarative configuration of the ExemptPriorityLevelConfiguration type for use with
+// apply.
+func ExemptPriorityLevelConfiguration() *ExemptPriorityLevelConfigurationApplyConfiguration {
+	return &ExemptPriorityLevelConfigurationApplyConfiguration{}
+}
+
+// WithNominalConcurrencyShares sets the NominalConcurrencyShares field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the NominalConcurrencyShares field is set to the value of the last call.
+func (b *ExemptPriorityLevelConfigurationApplyConfiguration) WithNominalConcurrencyShares(value int32) *ExemptPriorityLevelConfigurationApplyConfiguration {
+	b.NominalConcurrencyShares = &value
+	return b
+}
+
+// WithLendablePercent sets the LendablePercent field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the LendablePercent field is set to the value of the last call.
+func (b *ExemptPriorityLevelConfigurationApplyConfiguration) WithLendablePercent(value int32) *ExemptPriorityLevelConfigurationApplyConfiguration {
+	b.LendablePercent = &value
+	return b
+}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/flowcontrol/v1beta3/prioritylevelconfigurationspec.go b/vendor/k8s.io/client-go/applyconfigurations/flowcontrol/v1beta3/prioritylevelconfigurationspec.go
index f67f394455..5b0680d912 100644
--- a/vendor/k8s.io/client-go/applyconfigurations/flowcontrol/v1beta3/prioritylevelconfigurationspec.go
+++ b/vendor/k8s.io/client-go/applyconfigurations/flowcontrol/v1beta3/prioritylevelconfigurationspec.go
@@ -27,6 +27,7 @@ import (
 type PriorityLevelConfigurationSpecApplyConfiguration struct {
 	Type    *v1beta3.PriorityLevelEnablement                     `json:"type,omitempty"`
 	Limited *LimitedPriorityLevelConfigurationApplyConfiguration `json:"limited,omitempty"`
+	Exempt  *ExemptPriorityLevelConfigurationApplyConfiguration  `json:"exempt,omitempty"`
 }
 
 // PriorityLevelConfigurationSpecApplyConfiguration constructs an declarative configuration of the PriorityLevelConfigurationSpec type for use with
@@ -50,3 +51,11 @@ func (b *PriorityLevelConfigurationSpecApplyConfiguration) WithLimited(value *Li
 	b.Limited = value
 	return b
 }
+
+// WithExempt sets the Exempt field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Exempt field is set to the value of the last call.
+func (b *PriorityLevelConfigurationSpecApplyConfiguration) WithExempt(value *ExemptPriorityLevelConfigurationApplyConfiguration) *PriorityLevelConfigurationSpecApplyConfiguration {
+	b.Exempt = value
+	return b
+}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/internal/internal.go b/vendor/k8s.io/client-go/applyconfigurations/internal/internal.go
index 361b2f4e85..3ed553662f 100644
--- a/vendor/k8s.io/client-go/applyconfigurations/internal/internal.go
+++ b/vendor/k8s.io/client-go/applyconfigurations/internal/internal.go
@@ -366,6 +366,12 @@ var schemaYAML = typed.YAMLObject(`types:
     - name: namespace
       type:
         scalar: string
+    - name: parameterNotFoundAction
+      type:
+        scalar: string
+    - name: selector
+      type:
+        namedType: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector
     elementRelationship: atomic
 - name: io.k8s.api.admissionregistration.v1alpha1.TypeChecking
   map:
@@ -464,6 +470,14 @@ var schemaYAML = typed.YAMLObject(`types:
           elementType:
             namedType: io.k8s.api.admissionregistration.v1alpha1.Validation
           elementRelationship: atomic
+    - name: variables
+      type:
+        list:
+          elementType:
+            namedType: io.k8s.api.admissionregistration.v1alpha1.Variable
+          elementRelationship: associative
+          keys:
+          - name
 - name: io.k8s.api.admissionregistration.v1alpha1.ValidatingAdmissionPolicyStatus
   map:
     fields:
@@ -497,6 +511,39 @@ var schemaYAML = typed.YAMLObject(`types:
     - name: reason
       type:
         scalar: string
+- name: io.k8s.api.admissionregistration.v1alpha1.Variable
+  map:
+    fields:
+    - name: expression
+      type:
+        scalar: string
+      default: ""
+    - name: name
+      type:
+        scalar: string
+      default: ""
+- name: io.k8s.api.admissionregistration.v1beta1.AuditAnnotation
+  map:
+    fields:
+    - name: key
+      type:
+        scalar: string
+      default: ""
+    - name: valueExpression
+      type:
+        scalar: string
+      default: ""
+- name: io.k8s.api.admissionregistration.v1beta1.ExpressionWarning
+  map:
+    fields:
+    - name: fieldRef
+      type:
+        scalar: string
+      default: ""
+    - name: warning
+      type:
+        scalar: string
+      default: ""
 - name: io.k8s.api.admissionregistration.v1beta1.MatchCondition
   map:
     fields:
@@ -508,6 +555,31 @@ var schemaYAML = typed.YAMLObject(`types:
       type:
         scalar: string
       default: ""
+- name: io.k8s.api.admissionregistration.v1beta1.MatchResources
+  map:
+    fields:
+    - name: excludeResourceRules
+      type:
+        list:
+          elementType:
+            namedType: io.k8s.api.admissionregistration.v1beta1.NamedRuleWithOperations
+          elementRelationship: atomic
+    - name: matchPolicy
+      type:
+        scalar: string
+    - name: namespaceSelector
+      type:
+        namedType: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector
+    - name: objectSelector
+      type:
+        namedType: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector
+    - name: resourceRules
+      type:
+        list:
+          elementType:
+            namedType: io.k8s.api.admissionregistration.v1beta1.NamedRuleWithOperations
+          elementRelationship: atomic
+    elementRelationship: atomic
 - name: io.k8s.api.admissionregistration.v1beta1.MutatingWebhook
   map:
     fields:
@@ -581,6 +653,69 @@ var schemaYAML = typed.YAMLObject(`types:
           elementRelationship: associative
           keys:
           - name
+- name: io.k8s.api.admissionregistration.v1beta1.NamedRuleWithOperations
+  map:
+    fields:
+    - name: apiGroups
+      type:
+        list:
+          elementType:
+            scalar: string
+          elementRelationship: atomic
+    - name: apiVersions
+      type:
+        list:
+          elementType:
+            scalar: string
+          elementRelationship: atomic
+    - name: operations
+      type:
+        list:
+          elementType:
+            scalar: string
+          elementRelationship: atomic
+    - name: resourceNames
+      type:
+        list:
+          elementType:
+            scalar: string
+          elementRelationship: atomic
+    - name: resources
+      type:
+        list:
+          elementType:
+            scalar: string
+          elementRelationship: atomic
+    - name: scope
+      type:
+        scalar: string
+    elementRelationship: atomic
+- name: io.k8s.api.admissionregistration.v1beta1.ParamKind
+  map:
+    fields:
+    - name: apiVersion
+      type:
+        scalar: string
+    - name: kind
+      type:
+        scalar: string
+    elementRelationship: atomic
+- name: io.k8s.api.admissionregistration.v1beta1.ParamRef
+  map:
+    fields:
+    - name: name
+      type:
+        scalar: string
+    - name: namespace
+      type:
+        scalar: string
+    - name: parameterNotFoundAction
+      type:
+        scalar: string
+    - name: selector
+      type:
+        namedType: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector
+    elementRelationship: atomic
 - name: io.k8s.api.admissionregistration.v1beta1.ServiceReference
   map:
     fields:
@@ -598,6 +733,128 @@ var schemaYAML = typed.YAMLObject(`types:
     - name: port
       type:
         scalar: numeric
+- name: io.k8s.api.admissionregistration.v1beta1.TypeChecking
+  map:
+    fields:
+    - name: expressionWarnings
+      type:
+        list:
+          elementType:
+            namedType: io.k8s.api.admissionregistration.v1beta1.ExpressionWarning
+          elementRelationship: atomic
+- name: io.k8s.api.admissionregistration.v1beta1.ValidatingAdmissionPolicy
+  map:
+    fields:
+    - name: apiVersion
+      type:
+        scalar: string
+    - name: kind
+      type:
+        scalar: string
+    - name: metadata
+      type:
+        namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
+      default: {}
+    - name: spec
+      type:
+        namedType: io.k8s.api.admissionregistration.v1beta1.ValidatingAdmissionPolicySpec
+      default: {}
+    - name: status
+      type:
+        namedType: io.k8s.api.admissionregistration.v1beta1.ValidatingAdmissionPolicyStatus
+      default: {}
+- name: io.k8s.api.admissionregistration.v1beta1.ValidatingAdmissionPolicyBinding
+  map:
+    fields:
+    - name: apiVersion
+      type:
+        scalar: string
+    - name: kind
+      type:
+        scalar: string
+    - name: metadata
+      type:
+        namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta
+      default: {}
+    - name: spec
+      type:
+        namedType: io.k8s.api.admissionregistration.v1beta1.ValidatingAdmissionPolicyBindingSpec
+      default: {}
+- name: io.k8s.api.admissionregistration.v1beta1.ValidatingAdmissionPolicyBindingSpec
+  map:
+    fields:
+    - name: matchResources
+      type:
+        namedType: io.k8s.api.admissionregistration.v1beta1.MatchResources
+    - name: paramRef
+      type:
+        namedType: io.k8s.api.admissionregistration.v1beta1.ParamRef
+    - name: policyName
+      type:
+        scalar: string
+    - name: validationActions
+      type:
+        list:
+          elementType:
+            scalar: string
+          elementRelationship: associative
+- name: io.k8s.api.admissionregistration.v1beta1.ValidatingAdmissionPolicySpec
+  map:
+    fields:
+    - name: auditAnnotations
+      type:
+        list:
+          elementType:
+            namedType: io.k8s.api.admissionregistration.v1beta1.AuditAnnotation
+          elementRelationship: atomic
+    - name: failurePolicy
+      type:
+        scalar: string
+    - name: matchConditions
+      type:
+        list:
+          elementType:
+            namedType: io.k8s.api.admissionregistration.v1beta1.MatchCondition
+          elementRelationship: associative
+          keys:
+          - name
+    - name: matchConstraints
+      type:
+        namedType: io.k8s.api.admissionregistration.v1beta1.MatchResources
+    - name: paramKind
+      type:
+        namedType: io.k8s.api.admissionregistration.v1beta1.ParamKind
+    - name: validations
+      type:
+        list:
+          elementType:
+            namedType: io.k8s.api.admissionregistration.v1beta1.Validation
+          elementRelationship: atomic
+    - name: variables
+      type:
+        list:
+          elementType:
+            namedType: io.k8s.api.admissionregistration.v1beta1.Variable
+          elementRelationship: associative
+          keys:
+          - name
+- name: io.k8s.api.admissionregistration.v1beta1.ValidatingAdmissionPolicyStatus
+  map:
+    fields:
+    - name: conditions
+      type:
+        list:
+          elementType:
+            namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Condition
+          elementRelationship: associative
+          keys:
+          - type
+    - name: observedGeneration
+      type:
+        scalar: numeric
+    - name: typeChecking
+      type:
+        namedType: io.k8s.api.admissionregistration.v1beta1.TypeChecking
 - name: io.k8s.api.admissionregistration.v1beta1.ValidatingWebhook
   map:
     fields:
@@ -668,6 +925,34 @@ var schemaYAML = typed.YAMLObject(`types:
           elementRelationship: associative
           keys:
           - name
+- name: io.k8s.api.admissionregistration.v1beta1.Validation
+  map:
+    fields:
+    - name: expression
+      type:
+        scalar: string
+      default: ""
+    - name: message
+      type:
+        scalar: string
+    - name: messageExpression
+      type:
+        scalar: string
+    - name: reason
+      type:
+        scalar: string
+- name: io.k8s.api.admissionregistration.v1beta1.Variable
+  map:
+    fields:
+    - name: expression
+      type:
+        scalar: string
+      default: ""
+    - name: name
+      type:
+        scalar: string
+      default: ""
+    elementRelationship: atomic
 - name: io.k8s.api.admissionregistration.v1beta1.WebhookClientConfig
   map:
     fields:
@@ -695,6 +980,12 @@ var schemaYAML = typed.YAMLObject(`types:
     - name: encodingVersion
       type:
         scalar: string
+    - name: servedVersions
+      type:
+        list:
+          elementType:
+            scalar: string
+          elementRelationship: associative
 - name: io.k8s.api.apiserverinternal.v1alpha1.StorageVersion
   map:
     fields:
@@ -3328,6 +3619,9 @@ var schemaYAML = typed.YAMLObject(`types:
     - name: backoffLimit
       type:
         scalar: numeric
+    - name: backoffLimitPerIndex
+      type:
+        scalar: numeric
     - name: completionMode
       type:
         scalar: string
@@ -3337,12 +3631,18 @@ var schemaYAML = typed.YAMLObject(`types:
     - name: manualSelector
       type:
         scalar: boolean
+    - name: maxFailedIndexes
+      type:
+        scalar: numeric
     - name: parallelism
       type:
         scalar: numeric
     - name: podFailurePolicy
       type:
         namedType: io.k8s.api.batch.v1.PodFailurePolicy
+    - name: podReplacementPolicy
+      type:
+        scalar: string
     - name: selector
       type:
         namedType: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector
@@ -3377,6 +3677,9 @@ var schemaYAML = typed.YAMLObject(`types:
     - name: failed
       type:
         scalar: numeric
+    - name: failedIndexes
+      type:
+        scalar: string
     - name: ready
       type:
         scalar: numeric
@@ -3386,6 +3689,9 @@ var schemaYAML = typed.YAMLObject(`types:
     - name: succeeded
       type:
         scalar: numeric
+    - name: terminating
+      type:
+        scalar: numeric
     - name: uncountedTerminatedPods
       type:
         namedType: io.k8s.api.batch.v1.UncountedTerminatedPods
@@ -4306,6 +4612,9 @@ var schemaYAML = typed.YAMLObject(`types:
       type:
         namedType: io.k8s.api.core.v1.ResourceRequirements
       default: {}
+    - name: restartPolicy
+      type:
+        scalar: string
     - name: securityContext
       type:
         namedType: io.k8s.api.core.v1.SecurityContext
@@ -4723,6 +5032,9 @@ var schemaYAML = typed.YAMLObject(`types:
       type:
         namedType: io.k8s.api.core.v1.ResourceRequirements
       default: {}
+    - name: restartPolicy
+      type:
+        scalar: string
     - name: securityContext
       type:
         namedType: io.k8s.api.core.v1.SecurityContext
@@ -5053,6 +5365,12 @@ var schemaYAML = typed.YAMLObject(`types:
     - name: ip
       type:
         scalar: string
+- name: io.k8s.api.core.v1.HostIP
+  map:
+    fields:
+    - name: ip
+      type:
+        scalar: string
 - name: io.k8s.api.core.v1.HostPathVolumeSource
   map:
     fields:
@@ -5777,6 +6095,12 @@ var schemaYAML = typed.YAMLObject(`types:
           elementType:
             scalar: string
           elementRelationship: atomic
+    - name: allocatedResourceStatuses
+      type:
+        map:
+          elementType:
+            scalar: string
+          elementRelationship: separable
     - name: allocatedResources
       type:
         map:
@@ -5798,9 +6122,6 @@ var schemaYAML = typed.YAMLObject(`types:
     - name: phase
       type:
         scalar: string
-    - name: resizeStatus
-      type:
-        scalar: string
 - name: io.k8s.api.core.v1.PersistentVolumeClaimTemplate
   map:
     fields:
@@ -5927,6 +6248,9 @@ var schemaYAML = typed.YAMLObject(`types:
 - name: io.k8s.api.core.v1.PersistentVolumeStatus
   map:
     fields:
+    - name: lastPhaseTransitionTime
+      type:
+        namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time
     - name: message
       type:
         scalar: string
@@ -6102,6 +6426,16 @@ var schemaYAML = typed.YAMLObject(`types:
       type:
         namedType: io.k8s.api.core.v1.ClaimSource
       default: {}
+- name: io.k8s.api.core.v1.PodResourceClaimStatus
+  map:
+    fields:
+    - name: name
+      type:
+        scalar: string
+      default: ""
+    - name: resourceClaimName
+      type:
+        scalar: string
 - name: io.k8s.api.core.v1.PodSchedulingGate
   map:
     fields:
@@ -6351,6 +6685,12 @@ var schemaYAML = typed.YAMLObject(`types:
     - name: hostIP
       type:
         scalar: string
+    - name: hostIPs
+      type:
+        list:
+          elementType:
+            namedType: io.k8s.api.core.v1.HostIP
+          elementRelationship: atomic
     - name: initContainerStatuses
       type:
         list:
@@ -6386,6 +6726,14 @@ var schemaYAML = typed.YAMLObject(`types:
     - name: resize
       type:
         scalar: string
+    - name: resourceClaimStatuses
+      type:
+        list:
+          elementType:
+            namedType: io.k8s.api.core.v1.PodResourceClaimStatus
+          elementRelationship: associative
+          keys:
+          - name
     - name: startTime
       type:
         namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time
@@ -8343,10 +8691,6 @@ var schemaYAML = typed.YAMLObject(`types:
       type:
         namedType: io.k8s.api.extensions.v1beta1.NetworkPolicySpec
       default: {}
-    - name: status
-      type:
-        namedType: io.k8s.api.extensions.v1beta1.NetworkPolicyStatus
-      default: {}
 - name: io.k8s.api.extensions.v1beta1.NetworkPolicyEgressRule
   map:
     fields:
@@ -8426,17 +8770,6 @@ var schemaYAML = typed.YAMLObject(`types:
           elementType:
             scalar: string
           elementRelationship: atomic
-- name: io.k8s.api.extensions.v1beta1.NetworkPolicyStatus
-  map:
-    fields:
-    - name: conditions
-      type:
-        list:
-          elementType:
-            namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Condition
-          elementRelationship: associative
-          keys:
-          - type
 - name: io.k8s.api.extensions.v1beta1.ReplicaSet
   map:
     fields:
@@ -8546,6 +8879,15 @@ var schemaYAML = typed.YAMLObject(`types:
     - name: maxUnavailable
       type:
         namedType: io.k8s.apimachinery.pkg.util.intstr.IntOrString
+- name: io.k8s.api.flowcontrol.v1alpha1.ExemptPriorityLevelConfiguration
+  map:
+    fields:
+    - name: lendablePercent
+      type:
+        scalar: numeric
+    - name: nominalConcurrencyShares
+      type:
+        scalar: numeric
 - name: io.k8s.api.flowcontrol.v1alpha1.FlowDistinguisherMethod
   map:
     fields:
@@ -8749,6 +9091,9 @@ var schemaYAML = typed.YAMLObject(`types:
 - name: io.k8s.api.flowcontrol.v1alpha1.PriorityLevelConfigurationSpec
   map:
     fields:
+    - name: exempt
+      type:
+        namedType: io.k8s.api.flowcontrol.v1alpha1.ExemptPriorityLevelConfiguration
     - name: limited
       type:
         namedType: io.k8s.api.flowcontrol.v1alpha1.LimitedPriorityLevelConfiguration
@@ -8759,6 +9104,8 @@ var schemaYAML = typed.YAMLObject(`types:
     unions:
     - discriminator: type
       fields:
+      - fieldName: exempt
+        discriminatorValue: Exempt
       - fieldName: limited
         discriminatorValue: Limited
 - name: io.k8s.api.flowcontrol.v1alpha1.PriorityLevelConfigurationStatus
@@ -8860,6 +9207,15 @@ var schemaYAML = typed.YAMLObject(`types:
       type:
         scalar: string
       default: ""
+- name: io.k8s.api.flowcontrol.v1beta1.ExemptPriorityLevelConfiguration
+  map:
+    fields:
+    - name: lendablePercent
+      type:
+        scalar: numeric
+    - name: nominalConcurrencyShares
+      type:
+        scalar: numeric
 - name: io.k8s.api.flowcontrol.v1beta1.FlowDistinguisherMethod
   map:
     fields:
@@ -9063,6 +9419,9 @@ var schemaYAML = typed.YAMLObject(`types:
 - name: io.k8s.api.flowcontrol.v1beta1.PriorityLevelConfigurationSpec
   map:
     fields:
+    - name: exempt
+      type:
+        namedType: io.k8s.api.flowcontrol.v1beta1.ExemptPriorityLevelConfiguration
     - name: limited
       type:
         namedType: io.k8s.api.flowcontrol.v1beta1.LimitedPriorityLevelConfiguration
@@ -9073,6 +9432,8 @@ var schemaYAML = typed.YAMLObject(`types:
     unions:
     - discriminator: type
       fields:
+      - fieldName: exempt
+        discriminatorValue: Exempt
       - fieldName: limited
         discriminatorValue: Limited
 - name: io.k8s.api.flowcontrol.v1beta1.PriorityLevelConfigurationStatus
@@ -9174,6 +9535,15 @@ var schemaYAML = typed.YAMLObject(`types:
       type:
         scalar: string
       default: ""
+- name: io.k8s.api.flowcontrol.v1beta2.ExemptPriorityLevelConfiguration
+  map:
+    fields:
+    - name: lendablePercent
+      type:
+        scalar: numeric
+    - name: nominalConcurrencyShares
+      type:
+        scalar: numeric
 - name: io.k8s.api.flowcontrol.v1beta2.FlowDistinguisherMethod
   map:
     fields:
@@ -9377,6 +9747,9 @@ var schemaYAML = typed.YAMLObject(`types:
 - name: io.k8s.api.flowcontrol.v1beta2.PriorityLevelConfigurationSpec
   map:
     fields:
+    - name: exempt
+      type:
+        namedType: io.k8s.api.flowcontrol.v1beta2.ExemptPriorityLevelConfiguration
     - name: limited
       type:
         namedType: io.k8s.api.flowcontrol.v1beta2.LimitedPriorityLevelConfiguration
@@ -9387,6 +9760,8 @@ var schemaYAML = typed.YAMLObject(`types:
     unions:
     - discriminator: type
       fields:
+      - fieldName: exempt
+        discriminatorValue: Exempt
       - fieldName: limited
         discriminatorValue: Limited
 - name: io.k8s.api.flowcontrol.v1beta2.PriorityLevelConfigurationStatus
@@ -9488,6 +9863,15 @@ var schemaYAML = typed.YAMLObject(`types:
       type:
         scalar: string
       default: ""
+- name: io.k8s.api.flowcontrol.v1beta3.ExemptPriorityLevelConfiguration
+  map:
+    fields:
+    - name: lendablePercent
+      type:
+        scalar: numeric
+    - name: nominalConcurrencyShares
+      type:
+        scalar: numeric
 - name: io.k8s.api.flowcontrol.v1beta3.FlowDistinguisherMethod
   map:
     fields:
@@ -9691,6 +10075,9 @@ var schemaYAML = typed.YAMLObject(`types:
 - name: io.k8s.api.flowcontrol.v1beta3.PriorityLevelConfigurationSpec
   map:
     fields:
+    - name: exempt
+      type:
+        namedType: io.k8s.api.flowcontrol.v1beta3.ExemptPriorityLevelConfiguration
     - name: limited
       type:
         namedType: io.k8s.api.flowcontrol.v1beta3.LimitedPriorityLevelConfiguration
@@ -9701,6 +10088,8 @@ var schemaYAML = typed.YAMLObject(`types:
     unions:
     - discriminator: type
       fields:
+      - fieldName: exempt
+        discriminatorValue: Exempt
       - fieldName: limited
         discriminatorValue: Limited
 - name: io.k8s.api.flowcontrol.v1beta3.PriorityLevelConfigurationStatus
@@ -10087,10 +10476,6 @@ var schemaYAML = typed.YAMLObject(`types:
       type:
         namedType: io.k8s.api.networking.v1.NetworkPolicySpec
       default: {}
-    - name: status
-      type:
-        namedType: io.k8s.api.networking.v1.NetworkPolicyStatus
-      default: {}
 - name: io.k8s.api.networking.v1.NetworkPolicyEgressRule
   map:
     fields:
@@ -10170,17 +10555,6 @@ var schemaYAML = typed.YAMLObject(`types:
           elementType:
             scalar: string
           elementRelationship: atomic
-- name: io.k8s.api.networking.v1.NetworkPolicyStatus
-  map:
-    fields:
-    - name: conditions
-      type:
-        list:
-          elementType:
-            namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Condition
-          elementRelationship: associative
-          keys:
-          - type
 - name: io.k8s.api.networking.v1.ServiceBackendPort
   map:
     fields:
diff --git a/vendor/k8s.io/client-go/applyconfigurations/networking/v1/networkpolicy.go b/vendor/k8s.io/client-go/applyconfigurations/networking/v1/networkpolicy.go
index 101510e45f..409507310b 100644
--- a/vendor/k8s.io/client-go/applyconfigurations/networking/v1/networkpolicy.go
+++ b/vendor/k8s.io/client-go/applyconfigurations/networking/v1/networkpolicy.go
@@ -32,8 +32,7 @@ import (
 type NetworkPolicyApplyConfiguration struct {
 	v1.TypeMetaApplyConfiguration    `json:",inline"`
 	*v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"`
-	Spec                             *NetworkPolicySpecApplyConfiguration   `json:"spec,omitempty"`
-	Status                           *NetworkPolicyStatusApplyConfiguration `json:"status,omitempty"`
+	Spec                             *NetworkPolicySpecApplyConfiguration `json:"spec,omitempty"`
 }
 
 // NetworkPolicy constructs an declarative configuration of the NetworkPolicy type for use with
@@ -248,11 +247,3 @@ func (b *NetworkPolicyApplyConfiguration) WithSpec(value *NetworkPolicySpecApply
 	b.Spec = value
 	return b
 }
-
-// WithStatus sets the Status field in the declarative configuration to the given value
-// and returns the receiver, so that objects can be built by chaining "With" function invocations.
-// If called multiple times, the Status field is set to the value of the last call.
-func (b *NetworkPolicyApplyConfiguration) WithStatus(value *NetworkPolicyStatusApplyConfiguration) *NetworkPolicyApplyConfiguration {
-	b.Status = value
-	return b
-}
diff --git a/vendor/k8s.io/client-go/applyconfigurations/networking/v1/networkpolicystatus.go b/vendor/k8s.io/client-go/applyconfigurations/networking/v1/networkpolicystatus.go
deleted file mode 100644
index 032de18eda..0000000000
--- a/vendor/k8s.io/client-go/applyconfigurations/networking/v1/networkpolicystatus.go
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
-Copyright The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// Code generated by applyconfiguration-gen. DO NOT EDIT.
-
-package v1
-
-import (
-	v1 "k8s.io/client-go/applyconfigurations/meta/v1"
-)
-
-// NetworkPolicyStatusApplyConfiguration represents an declarative configuration of the NetworkPolicyStatus type for use
-// with apply.
-type NetworkPolicyStatusApplyConfiguration struct {
-	Conditions []v1.ConditionApplyConfiguration `json:"conditions,omitempty"`
-}
-
-// NetworkPolicyStatusApplyConfiguration constructs an declarative configuration of the NetworkPolicyStatus type for use with
-// apply.
-func NetworkPolicyStatus() *NetworkPolicyStatusApplyConfiguration {
-	return &NetworkPolicyStatusApplyConfiguration{}
-}
-
-// WithConditions adds the given value to the Conditions field in the declarative configuration
-// and returns the receiver, so that objects can be build by chaining "With" function invocations.
-// If called multiple times, values provided by each call will be appended to the Conditions field.
-func (b *NetworkPolicyStatusApplyConfiguration) WithConditions(values ...*v1.ConditionApplyConfiguration) *NetworkPolicyStatusApplyConfiguration {
-	for i := range values {
-		if values[i] == nil {
-			panic("nil value passed to WithConditions")
-		}
-		b.Conditions = append(b.Conditions, *values[i])
-	}
-	return b
-}
diff --git a/vendor/k8s.io/client-go/discovery/aggregated_discovery.go b/vendor/k8s.io/client-go/discovery/aggregated_discovery.go
index 7470259dc8..f72c42051b 100644
--- a/vendor/k8s.io/client-go/discovery/aggregated_discovery.go
+++ b/vendor/k8s.io/client-go/discovery/aggregated_discovery.go
@@ -111,6 +111,8 @@ func convertAPIGroup(g apidiscovery.APIGroupDiscovery) (
 	return group, gvResources, failedGVs
 }
 
+var emptyKind = metav1.GroupVersionKind{}
+
 // convertAPIResource tranforms a APIResourceDiscovery to an APIResource. We are
 // resilient to missing GVK, since this resource might be the parent resource
 // for a subresource. If the parent is missing a GVK, it is not returned in
@@ -125,7 +127,7 @@ func convertAPIResource(in apidiscovery.APIResourceDiscovery) (metav1.APIResourc
 		Categories:   in.Categories,
 	}
 	var err error
-	if in.ResponseKind != nil {
+	if in.ResponseKind != nil && (*in.ResponseKind) != emptyKind {
 		result.Group = in.ResponseKind.Group
 		result.Version = in.ResponseKind.Version
 		result.Kind = in.ResponseKind.Kind
@@ -140,7 +142,7 @@ func convertAPIResource(in apidiscovery.APIResourceDiscovery) (metav1.APIResourc
 // convertAPISubresource tranforms a APISubresourceDiscovery to an APIResource.
 func convertAPISubresource(parent metav1.APIResource, in apidiscovery.APISubresourceDiscovery) (metav1.APIResource, error) {
 	result := metav1.APIResource{}
-	if in.ResponseKind == nil {
+	if in.ResponseKind == nil || (*in.ResponseKind) == emptyKind {
 		return result, fmt.Errorf("subresource %s/%s missing GVK", parent.Name, in.Subresource)
 	}
 	result.Name = fmt.Sprintf("%s/%s", parent.Name, in.Subresource)
diff --git a/vendor/k8s.io/client-go/discovery/discovery_client.go b/vendor/k8s.io/client-go/discovery/discovery_client.go
index 1253fa1f44..102ce49bf5 100644
--- a/vendor/k8s.io/client-go/discovery/discovery_client.go
+++ b/vendor/k8s.io/client-go/discovery/discovery_client.go
@@ -30,7 +30,7 @@ import (
 
 	//nolint:staticcheck // SA1019 Keep using module since it's still being maintained and the api of google.golang.org/protobuf/proto differs
 	"github.com/golang/protobuf/proto"
-	openapi_v2 "github.com/google/gnostic/openapiv2"
+	openapi_v2 "github.com/google/gnostic-models/openapiv2"
 
 	apidiscovery "k8s.io/api/apidiscovery/v2beta1"
 	"k8s.io/apimachinery/pkg/api/errors"
@@ -67,6 +67,9 @@ const (
 	acceptDiscoveryFormats = AcceptV2Beta1 + "," + AcceptV1
 )
 
+// Aggregated discovery content-type GVK.
+var v2Beta1GVK = schema.GroupVersionKind{Group: "apidiscovery.k8s.io", Version: "v2beta1", Kind: "APIGroupDiscoveryList"}
+
 // DiscoveryInterface holds the methods that discover server-supported API groups,
 // versions and resources.
 type DiscoveryInterface interface {
@@ -260,16 +263,15 @@ func (d *DiscoveryClient) downloadLegacy() (
 	}
 
 	var resourcesByGV map[schema.GroupVersion]*metav1.APIResourceList
-	// Switch on content-type server responded with: aggregated or unaggregated.
-	switch {
-	case isV2Beta1ContentType(responseContentType):
+	// Based on the content-type server responded with: aggregated or unaggregated.
+	if isGVK, _ := ContentTypeIsGVK(responseContentType, v2Beta1GVK); isGVK {
 		var aggregatedDiscovery apidiscovery.APIGroupDiscoveryList
 		err = json.Unmarshal(body, &aggregatedDiscovery)
 		if err != nil {
 			return nil, nil, nil, err
 		}
 		apiGroupList, resourcesByGV, failedGVs = SplitGroupsAndResources(aggregatedDiscovery)
-	default:
+	} else {
 		// Default is unaggregated discovery v1.
 		var v metav1.APIVersions
 		err = json.Unmarshal(body, &v)
@@ -313,16 +315,15 @@ func (d *DiscoveryClient) downloadAPIs() (
 	apiGroupList := &metav1.APIGroupList{}
 	failedGVs := map[schema.GroupVersion]error{}
 	var resourcesByGV map[schema.GroupVersion]*metav1.APIResourceList
-	// Switch on content-type server responded with: aggregated or unaggregated.
-	switch {
-	case isV2Beta1ContentType(responseContentType):
+	// Based on the content-type server responded with: aggregated or unaggregated.
+	if isGVK, _ := ContentTypeIsGVK(responseContentType, v2Beta1GVK); isGVK {
 		var aggregatedDiscovery apidiscovery.APIGroupDiscoveryList
 		err = json.Unmarshal(body, &aggregatedDiscovery)
 		if err != nil {
 			return nil, nil, nil, err
 		}
 		apiGroupList, resourcesByGV, failedGVs = SplitGroupsAndResources(aggregatedDiscovery)
-	default:
+	} else {
 		// Default is unaggregated discovery v1.
 		err = json.Unmarshal(body, apiGroupList)
 		if err != nil {
@@ -333,26 +334,29 @@ func (d *DiscoveryClient) downloadAPIs() (
 	return apiGroupList, resourcesByGV, failedGVs, nil
 }
 
-// isV2Beta1ContentType checks of the content-type string is both
-// "application/json" and contains the v2beta1 content-type params.
+// ContentTypeIsGVK checks of the content-type string is both
+// "application/json" and matches the provided GVK. An error
+// is returned if the content type string is malformed.
 // NOTE: This function is resilient to the ordering of the
 // content-type parameters, as well as parameters added by
 // intermediaries such as proxies or gateways. Examples:
 //
-//	"application/json; g=apidiscovery.k8s.io;v=v2beta1;as=APIGroupDiscoveryList" = true
-//	"application/json; as=APIGroupDiscoveryList;v=v2beta1;g=apidiscovery.k8s.io" = true
-//	"application/json; as=APIGroupDiscoveryList;v=v2beta1;g=apidiscovery.k8s.io;charset=utf-8" = true
-//	"application/json" = false
-//	"application/json; charset=UTF-8" = false
-func isV2Beta1ContentType(contentType string) bool {
+//	("application/json; g=apidiscovery.k8s.io;v=v2beta1;as=APIGroupDiscoveryList", {apidiscovery.k8s.io, v2beta1, APIGroupDiscoveryList}) = (true, nil)
+//	("application/json; as=APIGroupDiscoveryList;v=v2beta1;g=apidiscovery.k8s.io", {apidiscovery.k8s.io, v2beta1, APIGroupDiscoveryList}) = (true, nil)
+//	("application/json; as=APIGroupDiscoveryList;v=v2beta1;g=apidiscovery.k8s.io;charset=utf-8", {apidiscovery.k8s.io, v2beta1, APIGroupDiscoveryList}) = (true, nil)
+//	("application/json", any GVK) = (false, nil)
+//	("application/json; charset=UTF-8", any GVK) = (false, nil)
+//	("malformed content type string", any GVK) = (false, error)
+func ContentTypeIsGVK(contentType string, gvk schema.GroupVersionKind) (bool, error) {
 	base, params, err := mime.ParseMediaType(contentType)
 	if err != nil {
-		return false
+		return false, err
 	}
-	return runtime.ContentTypeJSON == base &&
-		params["g"] == "apidiscovery.k8s.io" &&
-		params["v"] == "v2beta1" &&
-		params["as"] == "APIGroupDiscoveryList"
+	gvkMatch := runtime.ContentTypeJSON == base &&
+		params["g"] == gvk.Group &&
+		params["v"] == gvk.Version &&
+		params["as"] == gvk.Kind
+	return gvkMatch, nil
 }
 
 // ServerGroups returns the supported groups, with information like supported versions and the
diff --git a/vendor/k8s.io/client-go/discovery/fake/discovery.go b/vendor/k8s.io/client-go/discovery/fake/discovery.go
index d234db893d..f8a78e1ef4 100644
--- a/vendor/k8s.io/client-go/discovery/fake/discovery.go
+++ b/vendor/k8s.io/client-go/discovery/fake/discovery.go
@@ -20,7 +20,7 @@ import (
 	"fmt"
 	"net/http"
 
-	openapi_v2 "github.com/google/gnostic/openapiv2"
+	openapi_v2 "github.com/google/gnostic-models/openapiv2"
 
 	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
diff --git a/vendor/k8s.io/client-go/informers/admissionregistration/v1beta1/interface.go b/vendor/k8s.io/client-go/informers/admissionregistration/v1beta1/interface.go
index d1e2b61be2..815960df59 100644
--- a/vendor/k8s.io/client-go/informers/admissionregistration/v1beta1/interface.go
+++ b/vendor/k8s.io/client-go/informers/admissionregistration/v1beta1/interface.go
@@ -26,6 +26,10 @@ import (
 type Interface interface {
 	// MutatingWebhookConfigurations returns a MutatingWebhookConfigurationInformer.
 	MutatingWebhookConfigurations() MutatingWebhookConfigurationInformer
+	// ValidatingAdmissionPolicies returns a ValidatingAdmissionPolicyInformer.
+	ValidatingAdmissionPolicies() ValidatingAdmissionPolicyInformer
+	// ValidatingAdmissionPolicyBindings returns a ValidatingAdmissionPolicyBindingInformer.
+	ValidatingAdmissionPolicyBindings() ValidatingAdmissionPolicyBindingInformer
 	// ValidatingWebhookConfigurations returns a ValidatingWebhookConfigurationInformer.
 	ValidatingWebhookConfigurations() ValidatingWebhookConfigurationInformer
 }
@@ -46,6 +50,16 @@ func (v *version) MutatingWebhookConfigurations() MutatingWebhookConfigurationIn
 	return &mutatingWebhookConfigurationInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
 }
 
+// ValidatingAdmissionPolicies returns a ValidatingAdmissionPolicyInformer.
+func (v *version) ValidatingAdmissionPolicies() ValidatingAdmissionPolicyInformer {
+	return &validatingAdmissionPolicyInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
+}
+
+// ValidatingAdmissionPolicyBindings returns a ValidatingAdmissionPolicyBindingInformer.
+func (v *version) ValidatingAdmissionPolicyBindings() ValidatingAdmissionPolicyBindingInformer {
+	return &validatingAdmissionPolicyBindingInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
+}
+
 // ValidatingWebhookConfigurations returns a ValidatingWebhookConfigurationInformer.
 func (v *version) ValidatingWebhookConfigurations() ValidatingWebhookConfigurationInformer {
 	return &validatingWebhookConfigurationInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
diff --git a/vendor/k8s.io/client-go/informers/admissionregistration/v1beta1/validatingadmissionpolicy.go b/vendor/k8s.io/client-go/informers/admissionregistration/v1beta1/validatingadmissionpolicy.go
new file mode 100644
index 0000000000..d0e9cd64c8
--- /dev/null
+++ b/vendor/k8s.io/client-go/informers/admissionregistration/v1beta1/validatingadmissionpolicy.go
@@ -0,0 +1,89 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by informer-gen. DO NOT EDIT.
+
+package v1beta1
+
+import (
+	"context"
+	time "time"
+
+	admissionregistrationv1beta1 "k8s.io/api/admissionregistration/v1beta1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	runtime "k8s.io/apimachinery/pkg/runtime"
+	watch "k8s.io/apimachinery/pkg/watch"
+	internalinterfaces "k8s.io/client-go/informers/internalinterfaces"
+	kubernetes "k8s.io/client-go/kubernetes"
+	v1beta1 "k8s.io/client-go/listers/admissionregistration/v1beta1"
+	cache "k8s.io/client-go/tools/cache"
+)
+
+// ValidatingAdmissionPolicyInformer provides access to a shared informer and lister for
+// ValidatingAdmissionPolicies.
+type ValidatingAdmissionPolicyInformer interface {
+	Informer() cache.SharedIndexInformer
+	Lister() v1beta1.ValidatingAdmissionPolicyLister
+}
+
+type validatingAdmissionPolicyInformer struct {
+	factory          internalinterfaces.SharedInformerFactory
+	tweakListOptions internalinterfaces.TweakListOptionsFunc
+}
+
+// NewValidatingAdmissionPolicyInformer constructs a new informer for ValidatingAdmissionPolicy type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewValidatingAdmissionPolicyInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
+	return NewFilteredValidatingAdmissionPolicyInformer(client, resyncPeriod, indexers, nil)
+}
+
+// NewFilteredValidatingAdmissionPolicyInformer constructs a new informer for ValidatingAdmissionPolicy type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewFilteredValidatingAdmissionPolicyInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
+	return cache.NewSharedIndexInformer(
+		&cache.ListWatch{
+			ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
+				if tweakListOptions != nil {
+					tweakListOptions(&options)
+				}
+				return client.AdmissionregistrationV1beta1().ValidatingAdmissionPolicies().List(context.TODO(), options)
+			},
+			WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
+				if tweakListOptions != nil {
+					tweakListOptions(&options)
+				}
+				return client.AdmissionregistrationV1beta1().ValidatingAdmissionPolicies().Watch(context.TODO(), options)
+			},
+		},
+		&admissionregistrationv1beta1.ValidatingAdmissionPolicy{},
+		resyncPeriod,
+		indexers,
+	)
+}
+
+func (f *validatingAdmissionPolicyInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
+	return NewFilteredValidatingAdmissionPolicyInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
+}
+
+func (f *validatingAdmissionPolicyInformer) Informer() cache.SharedIndexInformer {
+	return f.factory.InformerFor(&admissionregistrationv1beta1.ValidatingAdmissionPolicy{}, f.defaultInformer)
+}
+
+func (f *validatingAdmissionPolicyInformer) Lister() v1beta1.ValidatingAdmissionPolicyLister {
+	return v1beta1.NewValidatingAdmissionPolicyLister(f.Informer().GetIndexer())
+}
diff --git a/vendor/k8s.io/client-go/informers/admissionregistration/v1beta1/validatingadmissionpolicybinding.go b/vendor/k8s.io/client-go/informers/admissionregistration/v1beta1/validatingadmissionpolicybinding.go
new file mode 100644
index 0000000000..7641e99406
--- /dev/null
+++ b/vendor/k8s.io/client-go/informers/admissionregistration/v1beta1/validatingadmissionpolicybinding.go
@@ -0,0 +1,89 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by informer-gen. DO NOT EDIT.
+
+package v1beta1
+
+import (
+	"context"
+	time "time"
+
+	admissionregistrationv1beta1 "k8s.io/api/admissionregistration/v1beta1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	runtime "k8s.io/apimachinery/pkg/runtime"
+	watch "k8s.io/apimachinery/pkg/watch"
+	internalinterfaces "k8s.io/client-go/informers/internalinterfaces"
+	kubernetes "k8s.io/client-go/kubernetes"
+	v1beta1 "k8s.io/client-go/listers/admissionregistration/v1beta1"
+	cache "k8s.io/client-go/tools/cache"
+)
+
+// ValidatingAdmissionPolicyBindingInformer provides access to a shared informer and lister for
+// ValidatingAdmissionPolicyBindings.
+type ValidatingAdmissionPolicyBindingInformer interface {
+	Informer() cache.SharedIndexInformer
+	Lister() v1beta1.ValidatingAdmissionPolicyBindingLister
+}
+
+type validatingAdmissionPolicyBindingInformer struct {
+	factory          internalinterfaces.SharedInformerFactory
+	tweakListOptions internalinterfaces.TweakListOptionsFunc
+}
+
+// NewValidatingAdmissionPolicyBindingInformer constructs a new informer for ValidatingAdmissionPolicyBinding type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewValidatingAdmissionPolicyBindingInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
+	return NewFilteredValidatingAdmissionPolicyBindingInformer(client, resyncPeriod, indexers, nil)
+}
+
+// NewFilteredValidatingAdmissionPolicyBindingInformer constructs a new informer for ValidatingAdmissionPolicyBinding type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewFilteredValidatingAdmissionPolicyBindingInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
+	return cache.NewSharedIndexInformer(
+		&cache.ListWatch{
+			ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
+				if tweakListOptions != nil {
+					tweakListOptions(&options)
+				}
+				return client.AdmissionregistrationV1beta1().ValidatingAdmissionPolicyBindings().List(context.TODO(), options)
+			},
+			WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
+				if tweakListOptions != nil {
+					tweakListOptions(&options)
+				}
+				return client.AdmissionregistrationV1beta1().ValidatingAdmissionPolicyBindings().Watch(context.TODO(), options)
+			},
+		},
+		&admissionregistrationv1beta1.ValidatingAdmissionPolicyBinding{},
+		resyncPeriod,
+		indexers,
+	)
+}
+
+func (f *validatingAdmissionPolicyBindingInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
+	return NewFilteredValidatingAdmissionPolicyBindingInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
+}
+
+func (f *validatingAdmissionPolicyBindingInformer) Informer() cache.SharedIndexInformer {
+	return f.factory.InformerFor(&admissionregistrationv1beta1.ValidatingAdmissionPolicyBinding{}, f.defaultInformer)
+}
+
+func (f *validatingAdmissionPolicyBindingInformer) Lister() v1beta1.ValidatingAdmissionPolicyBindingLister {
+	return v1beta1.NewValidatingAdmissionPolicyBindingLister(f.Informer().GetIndexer())
+}
diff --git a/vendor/k8s.io/client-go/informers/factory.go b/vendor/k8s.io/client-go/informers/factory.go
index 8e7a7e36de..7dd0ae6353 100644
--- a/vendor/k8s.io/client-go/informers/factory.go
+++ b/vendor/k8s.io/client-go/informers/factory.go
@@ -184,7 +184,7 @@ func (f *sharedInformerFactory) WaitForCacheSync(stopCh <-chan struct{}) map[ref
 	return res
 }
 
-// InternalInformerFor returns the SharedIndexInformer for obj using an internal
+// InformerFor returns the SharedIndexInformer for obj using an internal
 // client.
 func (f *sharedInformerFactory) InformerFor(obj runtime.Object, newFunc internalinterfaces.NewInformerFunc) cache.SharedIndexInformer {
 	f.lock.Lock()
@@ -257,7 +257,7 @@ type SharedInformerFactory interface {
 	// ForResource gives generic access to a shared informer of the matching type.
 	ForResource(resource schema.GroupVersionResource) (GenericInformer, error)
 
-	// InternalInformerFor returns the SharedIndexInformer for obj using an internal
+	// InformerFor returns the SharedIndexInformer for obj using an internal
 	// client.
 	InformerFor(obj runtime.Object, newFunc internalinterfaces.NewInformerFunc) cache.SharedIndexInformer
 
diff --git a/vendor/k8s.io/client-go/informers/generic.go b/vendor/k8s.io/client-go/informers/generic.go
index 2b63a8028c..5495239b29 100644
--- a/vendor/k8s.io/client-go/informers/generic.go
+++ b/vendor/k8s.io/client-go/informers/generic.go
@@ -112,6 +112,10 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource
 		// Group=admissionregistration.k8s.io, Version=v1beta1
 	case v1beta1.SchemeGroupVersion.WithResource("mutatingwebhookconfigurations"):
 		return &genericInformer{resource: resource.GroupResource(), informer: f.Admissionregistration().V1beta1().MutatingWebhookConfigurations().Informer()}, nil
+	case v1beta1.SchemeGroupVersion.WithResource("validatingadmissionpolicies"):
+		return &genericInformer{resource: resource.GroupResource(), informer: f.Admissionregistration().V1beta1().ValidatingAdmissionPolicies().Informer()}, nil
+	case v1beta1.SchemeGroupVersion.WithResource("validatingadmissionpolicybindings"):
+		return &genericInformer{resource: resource.GroupResource(), informer: f.Admissionregistration().V1beta1().ValidatingAdmissionPolicyBindings().Informer()}, nil
 	case v1beta1.SchemeGroupVersion.WithResource("validatingwebhookconfigurations"):
 		return &genericInformer{resource: resource.GroupResource(), informer: f.Admissionregistration().V1beta1().ValidatingWebhookConfigurations().Informer()}, nil
 
diff --git a/vendor/k8s.io/client-go/kubernetes/typed/admissionregistration/v1beta1/admissionregistration_client.go b/vendor/k8s.io/client-go/kubernetes/typed/admissionregistration/v1beta1/admissionregistration_client.go
index 8fda84b1d2..5a0a17d9be 100644
--- a/vendor/k8s.io/client-go/kubernetes/typed/admissionregistration/v1beta1/admissionregistration_client.go
+++ b/vendor/k8s.io/client-go/kubernetes/typed/admissionregistration/v1beta1/admissionregistration_client.go
@@ -29,6 +29,8 @@ import (
 type AdmissionregistrationV1beta1Interface interface {
 	RESTClient() rest.Interface
 	MutatingWebhookConfigurationsGetter
+	ValidatingAdmissionPoliciesGetter
+	ValidatingAdmissionPolicyBindingsGetter
 	ValidatingWebhookConfigurationsGetter
 }
 
@@ -41,6 +43,14 @@ func (c *AdmissionregistrationV1beta1Client) MutatingWebhookConfigurations() Mut
 	return newMutatingWebhookConfigurations(c)
 }
 
+func (c *AdmissionregistrationV1beta1Client) ValidatingAdmissionPolicies() ValidatingAdmissionPolicyInterface {
+	return newValidatingAdmissionPolicies(c)
+}
+
+func (c *AdmissionregistrationV1beta1Client) ValidatingAdmissionPolicyBindings() ValidatingAdmissionPolicyBindingInterface {
+	return newValidatingAdmissionPolicyBindings(c)
+}
+
 func (c *AdmissionregistrationV1beta1Client) ValidatingWebhookConfigurations() ValidatingWebhookConfigurationInterface {
 	return newValidatingWebhookConfigurations(c)
 }
diff --git a/vendor/k8s.io/client-go/kubernetes/typed/admissionregistration/v1beta1/fake/fake_admissionregistration_client.go b/vendor/k8s.io/client-go/kubernetes/typed/admissionregistration/v1beta1/fake/fake_admissionregistration_client.go
index 1a988ddba1..badfbf0346 100644
--- a/vendor/k8s.io/client-go/kubernetes/typed/admissionregistration/v1beta1/fake/fake_admissionregistration_client.go
+++ b/vendor/k8s.io/client-go/kubernetes/typed/admissionregistration/v1beta1/fake/fake_admissionregistration_client.go
@@ -32,6 +32,14 @@ func (c *FakeAdmissionregistrationV1beta1) MutatingWebhookConfigurations() v1bet
 	return &FakeMutatingWebhookConfigurations{c}
 }
 
+func (c *FakeAdmissionregistrationV1beta1) ValidatingAdmissionPolicies() v1beta1.ValidatingAdmissionPolicyInterface {
+	return &FakeValidatingAdmissionPolicies{c}
+}
+
+func (c *FakeAdmissionregistrationV1beta1) ValidatingAdmissionPolicyBindings() v1beta1.ValidatingAdmissionPolicyBindingInterface {
+	return &FakeValidatingAdmissionPolicyBindings{c}
+}
+
 func (c *FakeAdmissionregistrationV1beta1) ValidatingWebhookConfigurations() v1beta1.ValidatingWebhookConfigurationInterface {
 	return &FakeValidatingWebhookConfigurations{c}
 }
diff --git a/vendor/k8s.io/client-go/kubernetes/typed/admissionregistration/v1beta1/fake/fake_validatingadmissionpolicy.go b/vendor/k8s.io/client-go/kubernetes/typed/admissionregistration/v1beta1/fake/fake_validatingadmissionpolicy.go
new file mode 100644
index 0000000000..90cb4ff6ca
--- /dev/null
+++ b/vendor/k8s.io/client-go/kubernetes/typed/admissionregistration/v1beta1/fake/fake_validatingadmissionpolicy.go
@@ -0,0 +1,178 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package fake
+
+import (
+	"context"
+	json "encoding/json"
+	"fmt"
+
+	v1beta1 "k8s.io/api/admissionregistration/v1beta1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	labels "k8s.io/apimachinery/pkg/labels"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	admissionregistrationv1beta1 "k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1"
+	testing "k8s.io/client-go/testing"
+)
+
+// FakeValidatingAdmissionPolicies implements ValidatingAdmissionPolicyInterface
+type FakeValidatingAdmissionPolicies struct {
+	Fake *FakeAdmissionregistrationV1beta1
+}
+
+var validatingadmissionpoliciesResource = v1beta1.SchemeGroupVersion.WithResource("validatingadmissionpolicies")
+
+var validatingadmissionpoliciesKind = v1beta1.SchemeGroupVersion.WithKind("ValidatingAdmissionPolicy")
+
+// Get takes name of the validatingAdmissionPolicy, and returns the corresponding validatingAdmissionPolicy object, and an error if there is any.
+func (c *FakeValidatingAdmissionPolicies) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta1.ValidatingAdmissionPolicy, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootGetAction(validatingadmissionpoliciesResource, name), &v1beta1.ValidatingAdmissionPolicy{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1beta1.ValidatingAdmissionPolicy), err
+}
+
+// List takes label and field selectors, and returns the list of ValidatingAdmissionPolicies that match those selectors.
+func (c *FakeValidatingAdmissionPolicies) List(ctx context.Context, opts v1.ListOptions) (result *v1beta1.ValidatingAdmissionPolicyList, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootListAction(validatingadmissionpoliciesResource, validatingadmissionpoliciesKind, opts), &v1beta1.ValidatingAdmissionPolicyList{})
+	if obj == nil {
+		return nil, err
+	}
+
+	label, _, _ := testing.ExtractFromListOptions(opts)
+	if label == nil {
+		label = labels.Everything()
+	}
+	list := &v1beta1.ValidatingAdmissionPolicyList{ListMeta: obj.(*v1beta1.ValidatingAdmissionPolicyList).ListMeta}
+	for _, item := range obj.(*v1beta1.ValidatingAdmissionPolicyList).Items {
+		if label.Matches(labels.Set(item.Labels)) {
+			list.Items = append(list.Items, item)
+		}
+	}
+	return list, err
+}
+
+// Watch returns a watch.Interface that watches the requested validatingAdmissionPolicies.
+func (c *FakeValidatingAdmissionPolicies) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
+	return c.Fake.
+		InvokesWatch(testing.NewRootWatchAction(validatingadmissionpoliciesResource, opts))
+}
+
+// Create takes the representation of a validatingAdmissionPolicy and creates it.  Returns the server's representation of the validatingAdmissionPolicy, and an error, if there is any.
+func (c *FakeValidatingAdmissionPolicies) Create(ctx context.Context, validatingAdmissionPolicy *v1beta1.ValidatingAdmissionPolicy, opts v1.CreateOptions) (result *v1beta1.ValidatingAdmissionPolicy, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootCreateAction(validatingadmissionpoliciesResource, validatingAdmissionPolicy), &v1beta1.ValidatingAdmissionPolicy{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1beta1.ValidatingAdmissionPolicy), err
+}
+
+// Update takes the representation of a validatingAdmissionPolicy and updates it. Returns the server's representation of the validatingAdmissionPolicy, and an error, if there is any.
+func (c *FakeValidatingAdmissionPolicies) Update(ctx context.Context, validatingAdmissionPolicy *v1beta1.ValidatingAdmissionPolicy, opts v1.UpdateOptions) (result *v1beta1.ValidatingAdmissionPolicy, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootUpdateAction(validatingadmissionpoliciesResource, validatingAdmissionPolicy), &v1beta1.ValidatingAdmissionPolicy{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1beta1.ValidatingAdmissionPolicy), err
+}
+
+// UpdateStatus was generated because the type contains a Status member.
+// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
+func (c *FakeValidatingAdmissionPolicies) UpdateStatus(ctx context.Context, validatingAdmissionPolicy *v1beta1.ValidatingAdmissionPolicy, opts v1.UpdateOptions) (*v1beta1.ValidatingAdmissionPolicy, error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootUpdateSubresourceAction(validatingadmissionpoliciesResource, "status", validatingAdmissionPolicy), &v1beta1.ValidatingAdmissionPolicy{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1beta1.ValidatingAdmissionPolicy), err
+}
+
+// Delete takes name of the validatingAdmissionPolicy and deletes it. Returns an error if one occurs.
+func (c *FakeValidatingAdmissionPolicies) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
+	_, err := c.Fake.
+		Invokes(testing.NewRootDeleteActionWithOptions(validatingadmissionpoliciesResource, name, opts), &v1beta1.ValidatingAdmissionPolicy{})
+	return err
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *FakeValidatingAdmissionPolicies) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
+	action := testing.NewRootDeleteCollectionAction(validatingadmissionpoliciesResource, listOpts)
+
+	_, err := c.Fake.Invokes(action, &v1beta1.ValidatingAdmissionPolicyList{})
+	return err
+}
+
+// Patch applies the patch and returns the patched validatingAdmissionPolicy.
+func (c *FakeValidatingAdmissionPolicies) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.ValidatingAdmissionPolicy, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootPatchSubresourceAction(validatingadmissionpoliciesResource, name, pt, data, subresources...), &v1beta1.ValidatingAdmissionPolicy{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1beta1.ValidatingAdmissionPolicy), err
+}
+
+// Apply takes the given apply declarative configuration, applies it and returns the applied validatingAdmissionPolicy.
+func (c *FakeValidatingAdmissionPolicies) Apply(ctx context.Context, validatingAdmissionPolicy *admissionregistrationv1beta1.ValidatingAdmissionPolicyApplyConfiguration, opts v1.ApplyOptions) (result *v1beta1.ValidatingAdmissionPolicy, err error) {
+	if validatingAdmissionPolicy == nil {
+		return nil, fmt.Errorf("validatingAdmissionPolicy provided to Apply must not be nil")
+	}
+	data, err := json.Marshal(validatingAdmissionPolicy)
+	if err != nil {
+		return nil, err
+	}
+	name := validatingAdmissionPolicy.Name
+	if name == nil {
+		return nil, fmt.Errorf("validatingAdmissionPolicy.Name must be provided to Apply")
+	}
+	obj, err := c.Fake.
+		Invokes(testing.NewRootPatchSubresourceAction(validatingadmissionpoliciesResource, *name, types.ApplyPatchType, data), &v1beta1.ValidatingAdmissionPolicy{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1beta1.ValidatingAdmissionPolicy), err
+}
+
+// ApplyStatus was generated because the type contains a Status member.
+// Add a +genclient:noStatus comment above the type to avoid generating ApplyStatus().
+func (c *FakeValidatingAdmissionPolicies) ApplyStatus(ctx context.Context, validatingAdmissionPolicy *admissionregistrationv1beta1.ValidatingAdmissionPolicyApplyConfiguration, opts v1.ApplyOptions) (result *v1beta1.ValidatingAdmissionPolicy, err error) {
+	if validatingAdmissionPolicy == nil {
+		return nil, fmt.Errorf("validatingAdmissionPolicy provided to Apply must not be nil")
+	}
+	data, err := json.Marshal(validatingAdmissionPolicy)
+	if err != nil {
+		return nil, err
+	}
+	name := validatingAdmissionPolicy.Name
+	if name == nil {
+		return nil, fmt.Errorf("validatingAdmissionPolicy.Name must be provided to Apply")
+	}
+	obj, err := c.Fake.
+		Invokes(testing.NewRootPatchSubresourceAction(validatingadmissionpoliciesResource, *name, types.ApplyPatchType, data, "status"), &v1beta1.ValidatingAdmissionPolicy{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1beta1.ValidatingAdmissionPolicy), err
+}
diff --git a/vendor/k8s.io/client-go/kubernetes/typed/admissionregistration/v1beta1/fake/fake_validatingadmissionpolicybinding.go b/vendor/k8s.io/client-go/kubernetes/typed/admissionregistration/v1beta1/fake/fake_validatingadmissionpolicybinding.go
new file mode 100644
index 0000000000..f771f81f30
--- /dev/null
+++ b/vendor/k8s.io/client-go/kubernetes/typed/admissionregistration/v1beta1/fake/fake_validatingadmissionpolicybinding.go
@@ -0,0 +1,145 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package fake
+
+import (
+	"context"
+	json "encoding/json"
+	"fmt"
+
+	v1beta1 "k8s.io/api/admissionregistration/v1beta1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	labels "k8s.io/apimachinery/pkg/labels"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	admissionregistrationv1beta1 "k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1"
+	testing "k8s.io/client-go/testing"
+)
+
+// FakeValidatingAdmissionPolicyBindings implements ValidatingAdmissionPolicyBindingInterface
+type FakeValidatingAdmissionPolicyBindings struct {
+	Fake *FakeAdmissionregistrationV1beta1
+}
+
+var validatingadmissionpolicybindingsResource = v1beta1.SchemeGroupVersion.WithResource("validatingadmissionpolicybindings")
+
+var validatingadmissionpolicybindingsKind = v1beta1.SchemeGroupVersion.WithKind("ValidatingAdmissionPolicyBinding")
+
+// Get takes name of the validatingAdmissionPolicyBinding, and returns the corresponding validatingAdmissionPolicyBinding object, and an error if there is any.
+func (c *FakeValidatingAdmissionPolicyBindings) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta1.ValidatingAdmissionPolicyBinding, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootGetAction(validatingadmissionpolicybindingsResource, name), &v1beta1.ValidatingAdmissionPolicyBinding{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1beta1.ValidatingAdmissionPolicyBinding), err
+}
+
+// List takes label and field selectors, and returns the list of ValidatingAdmissionPolicyBindings that match those selectors.
+func (c *FakeValidatingAdmissionPolicyBindings) List(ctx context.Context, opts v1.ListOptions) (result *v1beta1.ValidatingAdmissionPolicyBindingList, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootListAction(validatingadmissionpolicybindingsResource, validatingadmissionpolicybindingsKind, opts), &v1beta1.ValidatingAdmissionPolicyBindingList{})
+	if obj == nil {
+		return nil, err
+	}
+
+	label, _, _ := testing.ExtractFromListOptions(opts)
+	if label == nil {
+		label = labels.Everything()
+	}
+	list := &v1beta1.ValidatingAdmissionPolicyBindingList{ListMeta: obj.(*v1beta1.ValidatingAdmissionPolicyBindingList).ListMeta}
+	for _, item := range obj.(*v1beta1.ValidatingAdmissionPolicyBindingList).Items {
+		if label.Matches(labels.Set(item.Labels)) {
+			list.Items = append(list.Items, item)
+		}
+	}
+	return list, err
+}
+
+// Watch returns a watch.Interface that watches the requested validatingAdmissionPolicyBindings.
+func (c *FakeValidatingAdmissionPolicyBindings) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
+	return c.Fake.
+		InvokesWatch(testing.NewRootWatchAction(validatingadmissionpolicybindingsResource, opts))
+}
+
+// Create takes the representation of a validatingAdmissionPolicyBinding and creates it.  Returns the server's representation of the validatingAdmissionPolicyBinding, and an error, if there is any.
+func (c *FakeValidatingAdmissionPolicyBindings) Create(ctx context.Context, validatingAdmissionPolicyBinding *v1beta1.ValidatingAdmissionPolicyBinding, opts v1.CreateOptions) (result *v1beta1.ValidatingAdmissionPolicyBinding, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootCreateAction(validatingadmissionpolicybindingsResource, validatingAdmissionPolicyBinding), &v1beta1.ValidatingAdmissionPolicyBinding{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1beta1.ValidatingAdmissionPolicyBinding), err
+}
+
+// Update takes the representation of a validatingAdmissionPolicyBinding and updates it. Returns the server's representation of the validatingAdmissionPolicyBinding, and an error, if there is any.
+func (c *FakeValidatingAdmissionPolicyBindings) Update(ctx context.Context, validatingAdmissionPolicyBinding *v1beta1.ValidatingAdmissionPolicyBinding, opts v1.UpdateOptions) (result *v1beta1.ValidatingAdmissionPolicyBinding, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootUpdateAction(validatingadmissionpolicybindingsResource, validatingAdmissionPolicyBinding), &v1beta1.ValidatingAdmissionPolicyBinding{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1beta1.ValidatingAdmissionPolicyBinding), err
+}
+
+// Delete takes name of the validatingAdmissionPolicyBinding and deletes it. Returns an error if one occurs.
+func (c *FakeValidatingAdmissionPolicyBindings) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
+	_, err := c.Fake.
+		Invokes(testing.NewRootDeleteActionWithOptions(validatingadmissionpolicybindingsResource, name, opts), &v1beta1.ValidatingAdmissionPolicyBinding{})
+	return err
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *FakeValidatingAdmissionPolicyBindings) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
+	action := testing.NewRootDeleteCollectionAction(validatingadmissionpolicybindingsResource, listOpts)
+
+	_, err := c.Fake.Invokes(action, &v1beta1.ValidatingAdmissionPolicyBindingList{})
+	return err
+}
+
+// Patch applies the patch and returns the patched validatingAdmissionPolicyBinding.
+func (c *FakeValidatingAdmissionPolicyBindings) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.ValidatingAdmissionPolicyBinding, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootPatchSubresourceAction(validatingadmissionpolicybindingsResource, name, pt, data, subresources...), &v1beta1.ValidatingAdmissionPolicyBinding{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1beta1.ValidatingAdmissionPolicyBinding), err
+}
+
+// Apply takes the given apply declarative configuration, applies it and returns the applied validatingAdmissionPolicyBinding.
+func (c *FakeValidatingAdmissionPolicyBindings) Apply(ctx context.Context, validatingAdmissionPolicyBinding *admissionregistrationv1beta1.ValidatingAdmissionPolicyBindingApplyConfiguration, opts v1.ApplyOptions) (result *v1beta1.ValidatingAdmissionPolicyBinding, err error) {
+	if validatingAdmissionPolicyBinding == nil {
+		return nil, fmt.Errorf("validatingAdmissionPolicyBinding provided to Apply must not be nil")
+	}
+	data, err := json.Marshal(validatingAdmissionPolicyBinding)
+	if err != nil {
+		return nil, err
+	}
+	name := validatingAdmissionPolicyBinding.Name
+	if name == nil {
+		return nil, fmt.Errorf("validatingAdmissionPolicyBinding.Name must be provided to Apply")
+	}
+	obj, err := c.Fake.
+		Invokes(testing.NewRootPatchSubresourceAction(validatingadmissionpolicybindingsResource, *name, types.ApplyPatchType, data), &v1beta1.ValidatingAdmissionPolicyBinding{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1beta1.ValidatingAdmissionPolicyBinding), err
+}
diff --git a/vendor/k8s.io/client-go/kubernetes/typed/admissionregistration/v1beta1/generated_expansion.go b/vendor/k8s.io/client-go/kubernetes/typed/admissionregistration/v1beta1/generated_expansion.go
index 2aeb9c98ae..56ad611f45 100644
--- a/vendor/k8s.io/client-go/kubernetes/typed/admissionregistration/v1beta1/generated_expansion.go
+++ b/vendor/k8s.io/client-go/kubernetes/typed/admissionregistration/v1beta1/generated_expansion.go
@@ -20,4 +20,8 @@ package v1beta1
 
 type MutatingWebhookConfigurationExpansion interface{}
 
+type ValidatingAdmissionPolicyExpansion interface{}
+
+type ValidatingAdmissionPolicyBindingExpansion interface{}
+
 type ValidatingWebhookConfigurationExpansion interface{}
diff --git a/vendor/k8s.io/client-go/kubernetes/typed/admissionregistration/v1beta1/validatingadmissionpolicy.go b/vendor/k8s.io/client-go/kubernetes/typed/admissionregistration/v1beta1/validatingadmissionpolicy.go
new file mode 100644
index 0000000000..bea51b587f
--- /dev/null
+++ b/vendor/k8s.io/client-go/kubernetes/typed/admissionregistration/v1beta1/validatingadmissionpolicy.go
@@ -0,0 +1,243 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package v1beta1
+
+import (
+	"context"
+	json "encoding/json"
+	"fmt"
+	"time"
+
+	v1beta1 "k8s.io/api/admissionregistration/v1beta1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	admissionregistrationv1beta1 "k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1"
+	scheme "k8s.io/client-go/kubernetes/scheme"
+	rest "k8s.io/client-go/rest"
+)
+
+// ValidatingAdmissionPoliciesGetter has a method to return a ValidatingAdmissionPolicyInterface.
+// A group's client should implement this interface.
+type ValidatingAdmissionPoliciesGetter interface {
+	ValidatingAdmissionPolicies() ValidatingAdmissionPolicyInterface
+}
+
+// ValidatingAdmissionPolicyInterface has methods to work with ValidatingAdmissionPolicy resources.
+type ValidatingAdmissionPolicyInterface interface {
+	Create(ctx context.Context, validatingAdmissionPolicy *v1beta1.ValidatingAdmissionPolicy, opts v1.CreateOptions) (*v1beta1.ValidatingAdmissionPolicy, error)
+	Update(ctx context.Context, validatingAdmissionPolicy *v1beta1.ValidatingAdmissionPolicy, opts v1.UpdateOptions) (*v1beta1.ValidatingAdmissionPolicy, error)
+	UpdateStatus(ctx context.Context, validatingAdmissionPolicy *v1beta1.ValidatingAdmissionPolicy, opts v1.UpdateOptions) (*v1beta1.ValidatingAdmissionPolicy, error)
+	Delete(ctx context.Context, name string, opts v1.DeleteOptions) error
+	DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error
+	Get(ctx context.Context, name string, opts v1.GetOptions) (*v1beta1.ValidatingAdmissionPolicy, error)
+	List(ctx context.Context, opts v1.ListOptions) (*v1beta1.ValidatingAdmissionPolicyList, error)
+	Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error)
+	Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.ValidatingAdmissionPolicy, err error)
+	Apply(ctx context.Context, validatingAdmissionPolicy *admissionregistrationv1beta1.ValidatingAdmissionPolicyApplyConfiguration, opts v1.ApplyOptions) (result *v1beta1.ValidatingAdmissionPolicy, err error)
+	ApplyStatus(ctx context.Context, validatingAdmissionPolicy *admissionregistrationv1beta1.ValidatingAdmissionPolicyApplyConfiguration, opts v1.ApplyOptions) (result *v1beta1.ValidatingAdmissionPolicy, err error)
+	ValidatingAdmissionPolicyExpansion
+}
+
+// validatingAdmissionPolicies implements ValidatingAdmissionPolicyInterface
+type validatingAdmissionPolicies struct {
+	client rest.Interface
+}
+
+// newValidatingAdmissionPolicies returns a ValidatingAdmissionPolicies
+func newValidatingAdmissionPolicies(c *AdmissionregistrationV1beta1Client) *validatingAdmissionPolicies {
+	return &validatingAdmissionPolicies{
+		client: c.RESTClient(),
+	}
+}
+
+// Get takes name of the validatingAdmissionPolicy, and returns the corresponding validatingAdmissionPolicy object, and an error if there is any.
+func (c *validatingAdmissionPolicies) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta1.ValidatingAdmissionPolicy, err error) {
+	result = &v1beta1.ValidatingAdmissionPolicy{}
+	err = c.client.Get().
+		Resource("validatingadmissionpolicies").
+		Name(name).
+		VersionedParams(&options, scheme.ParameterCodec).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// List takes label and field selectors, and returns the list of ValidatingAdmissionPolicies that match those selectors.
+func (c *validatingAdmissionPolicies) List(ctx context.Context, opts v1.ListOptions) (result *v1beta1.ValidatingAdmissionPolicyList, err error) {
+	var timeout time.Duration
+	if opts.TimeoutSeconds != nil {
+		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+	}
+	result = &v1beta1.ValidatingAdmissionPolicyList{}
+	err = c.client.Get().
+		Resource("validatingadmissionpolicies").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Watch returns a watch.Interface that watches the requested validatingAdmissionPolicies.
+func (c *validatingAdmissionPolicies) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
+	var timeout time.Duration
+	if opts.TimeoutSeconds != nil {
+		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+	}
+	opts.Watch = true
+	return c.client.Get().
+		Resource("validatingadmissionpolicies").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Watch(ctx)
+}
+
+// Create takes the representation of a validatingAdmissionPolicy and creates it.  Returns the server's representation of the validatingAdmissionPolicy, and an error, if there is any.
+func (c *validatingAdmissionPolicies) Create(ctx context.Context, validatingAdmissionPolicy *v1beta1.ValidatingAdmissionPolicy, opts v1.CreateOptions) (result *v1beta1.ValidatingAdmissionPolicy, err error) {
+	result = &v1beta1.ValidatingAdmissionPolicy{}
+	err = c.client.Post().
+		Resource("validatingadmissionpolicies").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(validatingAdmissionPolicy).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Update takes the representation of a validatingAdmissionPolicy and updates it. Returns the server's representation of the validatingAdmissionPolicy, and an error, if there is any.
+func (c *validatingAdmissionPolicies) Update(ctx context.Context, validatingAdmissionPolicy *v1beta1.ValidatingAdmissionPolicy, opts v1.UpdateOptions) (result *v1beta1.ValidatingAdmissionPolicy, err error) {
+	result = &v1beta1.ValidatingAdmissionPolicy{}
+	err = c.client.Put().
+		Resource("validatingadmissionpolicies").
+		Name(validatingAdmissionPolicy.Name).
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(validatingAdmissionPolicy).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// UpdateStatus was generated because the type contains a Status member.
+// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
+func (c *validatingAdmissionPolicies) UpdateStatus(ctx context.Context, validatingAdmissionPolicy *v1beta1.ValidatingAdmissionPolicy, opts v1.UpdateOptions) (result *v1beta1.ValidatingAdmissionPolicy, err error) {
+	result = &v1beta1.ValidatingAdmissionPolicy{}
+	err = c.client.Put().
+		Resource("validatingadmissionpolicies").
+		Name(validatingAdmissionPolicy.Name).
+		SubResource("status").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(validatingAdmissionPolicy).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Delete takes name of the validatingAdmissionPolicy and deletes it. Returns an error if one occurs.
+func (c *validatingAdmissionPolicies) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
+	return c.client.Delete().
+		Resource("validatingadmissionpolicies").
+		Name(name).
+		Body(&opts).
+		Do(ctx).
+		Error()
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *validatingAdmissionPolicies) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
+	var timeout time.Duration
+	if listOpts.TimeoutSeconds != nil {
+		timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
+	}
+	return c.client.Delete().
+		Resource("validatingadmissionpolicies").
+		VersionedParams(&listOpts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Body(&opts).
+		Do(ctx).
+		Error()
+}
+
+// Patch applies the patch and returns the patched validatingAdmissionPolicy.
+func (c *validatingAdmissionPolicies) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.ValidatingAdmissionPolicy, err error) {
+	result = &v1beta1.ValidatingAdmissionPolicy{}
+	err = c.client.Patch(pt).
+		Resource("validatingadmissionpolicies").
+		Name(name).
+		SubResource(subresources...).
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(data).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Apply takes the given apply declarative configuration, applies it and returns the applied validatingAdmissionPolicy.
+func (c *validatingAdmissionPolicies) Apply(ctx context.Context, validatingAdmissionPolicy *admissionregistrationv1beta1.ValidatingAdmissionPolicyApplyConfiguration, opts v1.ApplyOptions) (result *v1beta1.ValidatingAdmissionPolicy, err error) {
+	if validatingAdmissionPolicy == nil {
+		return nil, fmt.Errorf("validatingAdmissionPolicy provided to Apply must not be nil")
+	}
+	patchOpts := opts.ToPatchOptions()
+	data, err := json.Marshal(validatingAdmissionPolicy)
+	if err != nil {
+		return nil, err
+	}
+	name := validatingAdmissionPolicy.Name
+	if name == nil {
+		return nil, fmt.Errorf("validatingAdmissionPolicy.Name must be provided to Apply")
+	}
+	result = &v1beta1.ValidatingAdmissionPolicy{}
+	err = c.client.Patch(types.ApplyPatchType).
+		Resource("validatingadmissionpolicies").
+		Name(*name).
+		VersionedParams(&patchOpts, scheme.ParameterCodec).
+		Body(data).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// ApplyStatus was generated because the type contains a Status member.
+// Add a +genclient:noStatus comment above the type to avoid generating ApplyStatus().
+func (c *validatingAdmissionPolicies) ApplyStatus(ctx context.Context, validatingAdmissionPolicy *admissionregistrationv1beta1.ValidatingAdmissionPolicyApplyConfiguration, opts v1.ApplyOptions) (result *v1beta1.ValidatingAdmissionPolicy, err error) {
+	if validatingAdmissionPolicy == nil {
+		return nil, fmt.Errorf("validatingAdmissionPolicy provided to Apply must not be nil")
+	}
+	patchOpts := opts.ToPatchOptions()
+	data, err := json.Marshal(validatingAdmissionPolicy)
+	if err != nil {
+		return nil, err
+	}
+
+	name := validatingAdmissionPolicy.Name
+	if name == nil {
+		return nil, fmt.Errorf("validatingAdmissionPolicy.Name must be provided to Apply")
+	}
+
+	result = &v1beta1.ValidatingAdmissionPolicy{}
+	err = c.client.Patch(types.ApplyPatchType).
+		Resource("validatingadmissionpolicies").
+		Name(*name).
+		SubResource("status").
+		VersionedParams(&patchOpts, scheme.ParameterCodec).
+		Body(data).
+		Do(ctx).
+		Into(result)
+	return
+}
diff --git a/vendor/k8s.io/client-go/kubernetes/typed/admissionregistration/v1beta1/validatingadmissionpolicybinding.go b/vendor/k8s.io/client-go/kubernetes/typed/admissionregistration/v1beta1/validatingadmissionpolicybinding.go
new file mode 100644
index 0000000000..bba37bb047
--- /dev/null
+++ b/vendor/k8s.io/client-go/kubernetes/typed/admissionregistration/v1beta1/validatingadmissionpolicybinding.go
@@ -0,0 +1,197 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package v1beta1
+
+import (
+	"context"
+	json "encoding/json"
+	"fmt"
+	"time"
+
+	v1beta1 "k8s.io/api/admissionregistration/v1beta1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	admissionregistrationv1beta1 "k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1"
+	scheme "k8s.io/client-go/kubernetes/scheme"
+	rest "k8s.io/client-go/rest"
+)
+
+// ValidatingAdmissionPolicyBindingsGetter has a method to return a ValidatingAdmissionPolicyBindingInterface.
+// A group's client should implement this interface.
+type ValidatingAdmissionPolicyBindingsGetter interface {
+	ValidatingAdmissionPolicyBindings() ValidatingAdmissionPolicyBindingInterface
+}
+
+// ValidatingAdmissionPolicyBindingInterface has methods to work with ValidatingAdmissionPolicyBinding resources.
+type ValidatingAdmissionPolicyBindingInterface interface {
+	Create(ctx context.Context, validatingAdmissionPolicyBinding *v1beta1.ValidatingAdmissionPolicyBinding, opts v1.CreateOptions) (*v1beta1.ValidatingAdmissionPolicyBinding, error)
+	Update(ctx context.Context, validatingAdmissionPolicyBinding *v1beta1.ValidatingAdmissionPolicyBinding, opts v1.UpdateOptions) (*v1beta1.ValidatingAdmissionPolicyBinding, error)
+	Delete(ctx context.Context, name string, opts v1.DeleteOptions) error
+	DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error
+	Get(ctx context.Context, name string, opts v1.GetOptions) (*v1beta1.ValidatingAdmissionPolicyBinding, error)
+	List(ctx context.Context, opts v1.ListOptions) (*v1beta1.ValidatingAdmissionPolicyBindingList, error)
+	Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error)
+	Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.ValidatingAdmissionPolicyBinding, err error)
+	Apply(ctx context.Context, validatingAdmissionPolicyBinding *admissionregistrationv1beta1.ValidatingAdmissionPolicyBindingApplyConfiguration, opts v1.ApplyOptions) (result *v1beta1.ValidatingAdmissionPolicyBinding, err error)
+	ValidatingAdmissionPolicyBindingExpansion
+}
+
+// validatingAdmissionPolicyBindings implements ValidatingAdmissionPolicyBindingInterface
+type validatingAdmissionPolicyBindings struct {
+	client rest.Interface
+}
+
+// newValidatingAdmissionPolicyBindings returns a ValidatingAdmissionPolicyBindings
+func newValidatingAdmissionPolicyBindings(c *AdmissionregistrationV1beta1Client) *validatingAdmissionPolicyBindings {
+	return &validatingAdmissionPolicyBindings{
+		client: c.RESTClient(),
+	}
+}
+
+// Get takes name of the validatingAdmissionPolicyBinding, and returns the corresponding validatingAdmissionPolicyBinding object, and an error if there is any.
+func (c *validatingAdmissionPolicyBindings) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta1.ValidatingAdmissionPolicyBinding, err error) {
+	result = &v1beta1.ValidatingAdmissionPolicyBinding{}
+	err = c.client.Get().
+		Resource("validatingadmissionpolicybindings").
+		Name(name).
+		VersionedParams(&options, scheme.ParameterCodec).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// List takes label and field selectors, and returns the list of ValidatingAdmissionPolicyBindings that match those selectors.
+func (c *validatingAdmissionPolicyBindings) List(ctx context.Context, opts v1.ListOptions) (result *v1beta1.ValidatingAdmissionPolicyBindingList, err error) {
+	var timeout time.Duration
+	if opts.TimeoutSeconds != nil {
+		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+	}
+	result = &v1beta1.ValidatingAdmissionPolicyBindingList{}
+	err = c.client.Get().
+		Resource("validatingadmissionpolicybindings").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Watch returns a watch.Interface that watches the requested validatingAdmissionPolicyBindings.
+func (c *validatingAdmissionPolicyBindings) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
+	var timeout time.Duration
+	if opts.TimeoutSeconds != nil {
+		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+	}
+	opts.Watch = true
+	return c.client.Get().
+		Resource("validatingadmissionpolicybindings").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Watch(ctx)
+}
+
+// Create takes the representation of a validatingAdmissionPolicyBinding and creates it.  Returns the server's representation of the validatingAdmissionPolicyBinding, and an error, if there is any.
+func (c *validatingAdmissionPolicyBindings) Create(ctx context.Context, validatingAdmissionPolicyBinding *v1beta1.ValidatingAdmissionPolicyBinding, opts v1.CreateOptions) (result *v1beta1.ValidatingAdmissionPolicyBinding, err error) {
+	result = &v1beta1.ValidatingAdmissionPolicyBinding{}
+	err = c.client.Post().
+		Resource("validatingadmissionpolicybindings").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(validatingAdmissionPolicyBinding).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Update takes the representation of a validatingAdmissionPolicyBinding and updates it. Returns the server's representation of the validatingAdmissionPolicyBinding, and an error, if there is any.
+func (c *validatingAdmissionPolicyBindings) Update(ctx context.Context, validatingAdmissionPolicyBinding *v1beta1.ValidatingAdmissionPolicyBinding, opts v1.UpdateOptions) (result *v1beta1.ValidatingAdmissionPolicyBinding, err error) {
+	result = &v1beta1.ValidatingAdmissionPolicyBinding{}
+	err = c.client.Put().
+		Resource("validatingadmissionpolicybindings").
+		Name(validatingAdmissionPolicyBinding.Name).
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(validatingAdmissionPolicyBinding).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Delete takes name of the validatingAdmissionPolicyBinding and deletes it. Returns an error if one occurs.
+func (c *validatingAdmissionPolicyBindings) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
+	return c.client.Delete().
+		Resource("validatingadmissionpolicybindings").
+		Name(name).
+		Body(&opts).
+		Do(ctx).
+		Error()
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *validatingAdmissionPolicyBindings) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
+	var timeout time.Duration
+	if listOpts.TimeoutSeconds != nil {
+		timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
+	}
+	return c.client.Delete().
+		Resource("validatingadmissionpolicybindings").
+		VersionedParams(&listOpts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Body(&opts).
+		Do(ctx).
+		Error()
+}
+
+// Patch applies the patch and returns the patched validatingAdmissionPolicyBinding.
+func (c *validatingAdmissionPolicyBindings) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.ValidatingAdmissionPolicyBinding, err error) {
+	result = &v1beta1.ValidatingAdmissionPolicyBinding{}
+	err = c.client.Patch(pt).
+		Resource("validatingadmissionpolicybindings").
+		Name(name).
+		SubResource(subresources...).
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(data).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Apply takes the given apply declarative configuration, applies it and returns the applied validatingAdmissionPolicyBinding.
+func (c *validatingAdmissionPolicyBindings) Apply(ctx context.Context, validatingAdmissionPolicyBinding *admissionregistrationv1beta1.ValidatingAdmissionPolicyBindingApplyConfiguration, opts v1.ApplyOptions) (result *v1beta1.ValidatingAdmissionPolicyBinding, err error) {
+	if validatingAdmissionPolicyBinding == nil {
+		return nil, fmt.Errorf("validatingAdmissionPolicyBinding provided to Apply must not be nil")
+	}
+	patchOpts := opts.ToPatchOptions()
+	data, err := json.Marshal(validatingAdmissionPolicyBinding)
+	if err != nil {
+		return nil, err
+	}
+	name := validatingAdmissionPolicyBinding.Name
+	if name == nil {
+		return nil, fmt.Errorf("validatingAdmissionPolicyBinding.Name must be provided to Apply")
+	}
+	result = &v1beta1.ValidatingAdmissionPolicyBinding{}
+	err = c.client.Patch(types.ApplyPatchType).
+		Resource("validatingadmissionpolicybindings").
+		Name(*name).
+		VersionedParams(&patchOpts, scheme.ParameterCodec).
+		Body(data).
+		Do(ctx).
+		Into(result)
+	return
+}
diff --git a/vendor/k8s.io/client-go/kubernetes/typed/authentication/v1/authentication_client.go b/vendor/k8s.io/client-go/kubernetes/typed/authentication/v1/authentication_client.go
index aea9d0e133..81be8b2e04 100644
--- a/vendor/k8s.io/client-go/kubernetes/typed/authentication/v1/authentication_client.go
+++ b/vendor/k8s.io/client-go/kubernetes/typed/authentication/v1/authentication_client.go
@@ -28,6 +28,7 @@ import (
 
 type AuthenticationV1Interface interface {
 	RESTClient() rest.Interface
+	SelfSubjectReviewsGetter
 	TokenReviewsGetter
 }
 
@@ -36,6 +37,10 @@ type AuthenticationV1Client struct {
 	restClient rest.Interface
 }
 
+func (c *AuthenticationV1Client) SelfSubjectReviews() SelfSubjectReviewInterface {
+	return newSelfSubjectReviews(c)
+}
+
 func (c *AuthenticationV1Client) TokenReviews() TokenReviewInterface {
 	return newTokenReviews(c)
 }
diff --git a/vendor/k8s.io/client-go/kubernetes/typed/authentication/v1/fake/fake_authentication_client.go b/vendor/k8s.io/client-go/kubernetes/typed/authentication/v1/fake/fake_authentication_client.go
index ee06a6cdd6..865239ff64 100644
--- a/vendor/k8s.io/client-go/kubernetes/typed/authentication/v1/fake/fake_authentication_client.go
+++ b/vendor/k8s.io/client-go/kubernetes/typed/authentication/v1/fake/fake_authentication_client.go
@@ -28,6 +28,10 @@ type FakeAuthenticationV1 struct {
 	*testing.Fake
 }
 
+func (c *FakeAuthenticationV1) SelfSubjectReviews() v1.SelfSubjectReviewInterface {
+	return &FakeSelfSubjectReviews{c}
+}
+
 func (c *FakeAuthenticationV1) TokenReviews() v1.TokenReviewInterface {
 	return &FakeTokenReviews{c}
 }
diff --git a/vendor/k8s.io/client-go/kubernetes/typed/authentication/v1/fake/fake_selfsubjectreview.go b/vendor/k8s.io/client-go/kubernetes/typed/authentication/v1/fake/fake_selfsubjectreview.go
new file mode 100644
index 0000000000..e683b3eaaa
--- /dev/null
+++ b/vendor/k8s.io/client-go/kubernetes/typed/authentication/v1/fake/fake_selfsubjectreview.go
@@ -0,0 +1,46 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package fake
+
+import (
+	"context"
+
+	v1 "k8s.io/api/authentication/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	testing "k8s.io/client-go/testing"
+)
+
+// FakeSelfSubjectReviews implements SelfSubjectReviewInterface
+type FakeSelfSubjectReviews struct {
+	Fake *FakeAuthenticationV1
+}
+
+var selfsubjectreviewsResource = v1.SchemeGroupVersion.WithResource("selfsubjectreviews")
+
+var selfsubjectreviewsKind = v1.SchemeGroupVersion.WithKind("SelfSubjectReview")
+
+// Create takes the representation of a selfSubjectReview and creates it.  Returns the server's representation of the selfSubjectReview, and an error, if there is any.
+func (c *FakeSelfSubjectReviews) Create(ctx context.Context, selfSubjectReview *v1.SelfSubjectReview, opts metav1.CreateOptions) (result *v1.SelfSubjectReview, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootCreateAction(selfsubjectreviewsResource, selfSubjectReview), &v1.SelfSubjectReview{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1.SelfSubjectReview), err
+}
diff --git a/vendor/k8s.io/client-go/kubernetes/typed/authentication/v1/generated_expansion.go b/vendor/k8s.io/client-go/kubernetes/typed/authentication/v1/generated_expansion.go
index 0413fb2b66..35f2c22b4f 100644
--- a/vendor/k8s.io/client-go/kubernetes/typed/authentication/v1/generated_expansion.go
+++ b/vendor/k8s.io/client-go/kubernetes/typed/authentication/v1/generated_expansion.go
@@ -18,4 +18,6 @@ limitations under the License.
 
 package v1
 
+type SelfSubjectReviewExpansion interface{}
+
 type TokenReviewExpansion interface{}
diff --git a/vendor/k8s.io/client-go/kubernetes/typed/authentication/v1/selfsubjectreview.go b/vendor/k8s.io/client-go/kubernetes/typed/authentication/v1/selfsubjectreview.go
new file mode 100644
index 0000000000..bfb9603d67
--- /dev/null
+++ b/vendor/k8s.io/client-go/kubernetes/typed/authentication/v1/selfsubjectreview.go
@@ -0,0 +1,64 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package v1
+
+import (
+	"context"
+
+	v1 "k8s.io/api/authentication/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	scheme "k8s.io/client-go/kubernetes/scheme"
+	rest "k8s.io/client-go/rest"
+)
+
+// SelfSubjectReviewsGetter has a method to return a SelfSubjectReviewInterface.
+// A group's client should implement this interface.
+type SelfSubjectReviewsGetter interface {
+	SelfSubjectReviews() SelfSubjectReviewInterface
+}
+
+// SelfSubjectReviewInterface has methods to work with SelfSubjectReview resources.
+type SelfSubjectReviewInterface interface {
+	Create(ctx context.Context, selfSubjectReview *v1.SelfSubjectReview, opts metav1.CreateOptions) (*v1.SelfSubjectReview, error)
+	SelfSubjectReviewExpansion
+}
+
+// selfSubjectReviews implements SelfSubjectReviewInterface
+type selfSubjectReviews struct {
+	client rest.Interface
+}
+
+// newSelfSubjectReviews returns a SelfSubjectReviews
+func newSelfSubjectReviews(c *AuthenticationV1Client) *selfSubjectReviews {
+	return &selfSubjectReviews{
+		client: c.RESTClient(),
+	}
+}
+
+// Create takes the representation of a selfSubjectReview and creates it.  Returns the server's representation of the selfSubjectReview, and an error, if there is any.
+func (c *selfSubjectReviews) Create(ctx context.Context, selfSubjectReview *v1.SelfSubjectReview, opts metav1.CreateOptions) (result *v1.SelfSubjectReview, err error) {
+	result = &v1.SelfSubjectReview{}
+	err = c.client.Post().
+		Resource("selfsubjectreviews").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(selfSubjectReview).
+		Do(ctx).
+		Into(result)
+	return
+}
diff --git a/vendor/k8s.io/client-go/kubernetes/typed/extensions/v1beta1/fake/fake_networkpolicy.go b/vendor/k8s.io/client-go/kubernetes/typed/extensions/v1beta1/fake/fake_networkpolicy.go
index 7bf8c6972a..a32022140a 100644
--- a/vendor/k8s.io/client-go/kubernetes/typed/extensions/v1beta1/fake/fake_networkpolicy.go
+++ b/vendor/k8s.io/client-go/kubernetes/typed/extensions/v1beta1/fake/fake_networkpolicy.go
@@ -104,18 +104,6 @@ func (c *FakeNetworkPolicies) Update(ctx context.Context, networkPolicy *v1beta1
 	return obj.(*v1beta1.NetworkPolicy), err
 }
 
-// UpdateStatus was generated because the type contains a Status member.
-// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
-func (c *FakeNetworkPolicies) UpdateStatus(ctx context.Context, networkPolicy *v1beta1.NetworkPolicy, opts v1.UpdateOptions) (*v1beta1.NetworkPolicy, error) {
-	obj, err := c.Fake.
-		Invokes(testing.NewUpdateSubresourceAction(networkpoliciesResource, "status", c.ns, networkPolicy), &v1beta1.NetworkPolicy{})
-
-	if obj == nil {
-		return nil, err
-	}
-	return obj.(*v1beta1.NetworkPolicy), err
-}
-
 // Delete takes name of the networkPolicy and deletes it. Returns an error if one occurs.
 func (c *FakeNetworkPolicies) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
 	_, err := c.Fake.
@@ -164,26 +152,3 @@ func (c *FakeNetworkPolicies) Apply(ctx context.Context, networkPolicy *extensio
 	}
 	return obj.(*v1beta1.NetworkPolicy), err
 }
-
-// ApplyStatus was generated because the type contains a Status member.
-// Add a +genclient:noStatus comment above the type to avoid generating ApplyStatus().
-func (c *FakeNetworkPolicies) ApplyStatus(ctx context.Context, networkPolicy *extensionsv1beta1.NetworkPolicyApplyConfiguration, opts v1.ApplyOptions) (result *v1beta1.NetworkPolicy, err error) {
-	if networkPolicy == nil {
-		return nil, fmt.Errorf("networkPolicy provided to Apply must not be nil")
-	}
-	data, err := json.Marshal(networkPolicy)
-	if err != nil {
-		return nil, err
-	}
-	name := networkPolicy.Name
-	if name == nil {
-		return nil, fmt.Errorf("networkPolicy.Name must be provided to Apply")
-	}
-	obj, err := c.Fake.
-		Invokes(testing.NewPatchSubresourceAction(networkpoliciesResource, c.ns, *name, types.ApplyPatchType, data, "status"), &v1beta1.NetworkPolicy{})
-
-	if obj == nil {
-		return nil, err
-	}
-	return obj.(*v1beta1.NetworkPolicy), err
-}
diff --git a/vendor/k8s.io/client-go/kubernetes/typed/extensions/v1beta1/networkpolicy.go b/vendor/k8s.io/client-go/kubernetes/typed/extensions/v1beta1/networkpolicy.go
index f24099b90d..978b26db03 100644
--- a/vendor/k8s.io/client-go/kubernetes/typed/extensions/v1beta1/networkpolicy.go
+++ b/vendor/k8s.io/client-go/kubernetes/typed/extensions/v1beta1/networkpolicy.go
@@ -43,7 +43,6 @@ type NetworkPoliciesGetter interface {
 type NetworkPolicyInterface interface {
 	Create(ctx context.Context, networkPolicy *v1beta1.NetworkPolicy, opts v1.CreateOptions) (*v1beta1.NetworkPolicy, error)
 	Update(ctx context.Context, networkPolicy *v1beta1.NetworkPolicy, opts v1.UpdateOptions) (*v1beta1.NetworkPolicy, error)
-	UpdateStatus(ctx context.Context, networkPolicy *v1beta1.NetworkPolicy, opts v1.UpdateOptions) (*v1beta1.NetworkPolicy, error)
 	Delete(ctx context.Context, name string, opts v1.DeleteOptions) error
 	DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error
 	Get(ctx context.Context, name string, opts v1.GetOptions) (*v1beta1.NetworkPolicy, error)
@@ -51,7 +50,6 @@ type NetworkPolicyInterface interface {
 	Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error)
 	Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.NetworkPolicy, err error)
 	Apply(ctx context.Context, networkPolicy *extensionsv1beta1.NetworkPolicyApplyConfiguration, opts v1.ApplyOptions) (result *v1beta1.NetworkPolicy, err error)
-	ApplyStatus(ctx context.Context, networkPolicy *extensionsv1beta1.NetworkPolicyApplyConfiguration, opts v1.ApplyOptions) (result *v1beta1.NetworkPolicy, err error)
 	NetworkPolicyExpansion
 }
 
@@ -141,22 +139,6 @@ func (c *networkPolicies) Update(ctx context.Context, networkPolicy *v1beta1.Net
 	return
 }
 
-// UpdateStatus was generated because the type contains a Status member.
-// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
-func (c *networkPolicies) UpdateStatus(ctx context.Context, networkPolicy *v1beta1.NetworkPolicy, opts v1.UpdateOptions) (result *v1beta1.NetworkPolicy, err error) {
-	result = &v1beta1.NetworkPolicy{}
-	err = c.client.Put().
-		Namespace(c.ns).
-		Resource("networkpolicies").
-		Name(networkPolicy.Name).
-		SubResource("status").
-		VersionedParams(&opts, scheme.ParameterCodec).
-		Body(networkPolicy).
-		Do(ctx).
-		Into(result)
-	return
-}
-
 // Delete takes name of the networkPolicy and deletes it. Returns an error if one occurs.
 func (c *networkPolicies) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
 	return c.client.Delete().
@@ -224,33 +206,3 @@ func (c *networkPolicies) Apply(ctx context.Context, networkPolicy *extensionsv1
 		Into(result)
 	return
 }
-
-// ApplyStatus was generated because the type contains a Status member.
-// Add a +genclient:noStatus comment above the type to avoid generating ApplyStatus().
-func (c *networkPolicies) ApplyStatus(ctx context.Context, networkPolicy *extensionsv1beta1.NetworkPolicyApplyConfiguration, opts v1.ApplyOptions) (result *v1beta1.NetworkPolicy, err error) {
-	if networkPolicy == nil {
-		return nil, fmt.Errorf("networkPolicy provided to Apply must not be nil")
-	}
-	patchOpts := opts.ToPatchOptions()
-	data, err := json.Marshal(networkPolicy)
-	if err != nil {
-		return nil, err
-	}
-
-	name := networkPolicy.Name
-	if name == nil {
-		return nil, fmt.Errorf("networkPolicy.Name must be provided to Apply")
-	}
-
-	result = &v1beta1.NetworkPolicy{}
-	err = c.client.Patch(types.ApplyPatchType).
-		Namespace(c.ns).
-		Resource("networkpolicies").
-		Name(*name).
-		SubResource("status").
-		VersionedParams(&patchOpts, scheme.ParameterCodec).
-		Body(data).
-		Do(ctx).
-		Into(result)
-	return
-}
diff --git a/vendor/k8s.io/client-go/kubernetes/typed/networking/v1/fake/fake_networkpolicy.go b/vendor/k8s.io/client-go/kubernetes/typed/networking/v1/fake/fake_networkpolicy.go
index be7413cb8f..dde09774c4 100644
--- a/vendor/k8s.io/client-go/kubernetes/typed/networking/v1/fake/fake_networkpolicy.go
+++ b/vendor/k8s.io/client-go/kubernetes/typed/networking/v1/fake/fake_networkpolicy.go
@@ -104,18 +104,6 @@ func (c *FakeNetworkPolicies) Update(ctx context.Context, networkPolicy *v1.Netw
 	return obj.(*v1.NetworkPolicy), err
 }
 
-// UpdateStatus was generated because the type contains a Status member.
-// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
-func (c *FakeNetworkPolicies) UpdateStatus(ctx context.Context, networkPolicy *v1.NetworkPolicy, opts metav1.UpdateOptions) (*v1.NetworkPolicy, error) {
-	obj, err := c.Fake.
-		Invokes(testing.NewUpdateSubresourceAction(networkpoliciesResource, "status", c.ns, networkPolicy), &v1.NetworkPolicy{})
-
-	if obj == nil {
-		return nil, err
-	}
-	return obj.(*v1.NetworkPolicy), err
-}
-
 // Delete takes name of the networkPolicy and deletes it. Returns an error if one occurs.
 func (c *FakeNetworkPolicies) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error {
 	_, err := c.Fake.
@@ -164,26 +152,3 @@ func (c *FakeNetworkPolicies) Apply(ctx context.Context, networkPolicy *networki
 	}
 	return obj.(*v1.NetworkPolicy), err
 }
-
-// ApplyStatus was generated because the type contains a Status member.
-// Add a +genclient:noStatus comment above the type to avoid generating ApplyStatus().
-func (c *FakeNetworkPolicies) ApplyStatus(ctx context.Context, networkPolicy *networkingv1.NetworkPolicyApplyConfiguration, opts metav1.ApplyOptions) (result *v1.NetworkPolicy, err error) {
-	if networkPolicy == nil {
-		return nil, fmt.Errorf("networkPolicy provided to Apply must not be nil")
-	}
-	data, err := json.Marshal(networkPolicy)
-	if err != nil {
-		return nil, err
-	}
-	name := networkPolicy.Name
-	if name == nil {
-		return nil, fmt.Errorf("networkPolicy.Name must be provided to Apply")
-	}
-	obj, err := c.Fake.
-		Invokes(testing.NewPatchSubresourceAction(networkpoliciesResource, c.ns, *name, types.ApplyPatchType, data, "status"), &v1.NetworkPolicy{})
-
-	if obj == nil {
-		return nil, err
-	}
-	return obj.(*v1.NetworkPolicy), err
-}
diff --git a/vendor/k8s.io/client-go/kubernetes/typed/networking/v1/networkpolicy.go b/vendor/k8s.io/client-go/kubernetes/typed/networking/v1/networkpolicy.go
index 97afd62786..d7454ce145 100644
--- a/vendor/k8s.io/client-go/kubernetes/typed/networking/v1/networkpolicy.go
+++ b/vendor/k8s.io/client-go/kubernetes/typed/networking/v1/networkpolicy.go
@@ -43,7 +43,6 @@ type NetworkPoliciesGetter interface {
 type NetworkPolicyInterface interface {
 	Create(ctx context.Context, networkPolicy *v1.NetworkPolicy, opts metav1.CreateOptions) (*v1.NetworkPolicy, error)
 	Update(ctx context.Context, networkPolicy *v1.NetworkPolicy, opts metav1.UpdateOptions) (*v1.NetworkPolicy, error)
-	UpdateStatus(ctx context.Context, networkPolicy *v1.NetworkPolicy, opts metav1.UpdateOptions) (*v1.NetworkPolicy, error)
 	Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error
 	DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error
 	Get(ctx context.Context, name string, opts metav1.GetOptions) (*v1.NetworkPolicy, error)
@@ -51,7 +50,6 @@ type NetworkPolicyInterface interface {
 	Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error)
 	Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.NetworkPolicy, err error)
 	Apply(ctx context.Context, networkPolicy *networkingv1.NetworkPolicyApplyConfiguration, opts metav1.ApplyOptions) (result *v1.NetworkPolicy, err error)
-	ApplyStatus(ctx context.Context, networkPolicy *networkingv1.NetworkPolicyApplyConfiguration, opts metav1.ApplyOptions) (result *v1.NetworkPolicy, err error)
 	NetworkPolicyExpansion
 }
 
@@ -141,22 +139,6 @@ func (c *networkPolicies) Update(ctx context.Context, networkPolicy *v1.NetworkP
 	return
 }
 
-// UpdateStatus was generated because the type contains a Status member.
-// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
-func (c *networkPolicies) UpdateStatus(ctx context.Context, networkPolicy *v1.NetworkPolicy, opts metav1.UpdateOptions) (result *v1.NetworkPolicy, err error) {
-	result = &v1.NetworkPolicy{}
-	err = c.client.Put().
-		Namespace(c.ns).
-		Resource("networkpolicies").
-		Name(networkPolicy.Name).
-		SubResource("status").
-		VersionedParams(&opts, scheme.ParameterCodec).
-		Body(networkPolicy).
-		Do(ctx).
-		Into(result)
-	return
-}
-
 // Delete takes name of the networkPolicy and deletes it. Returns an error if one occurs.
 func (c *networkPolicies) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error {
 	return c.client.Delete().
@@ -224,33 +206,3 @@ func (c *networkPolicies) Apply(ctx context.Context, networkPolicy *networkingv1
 		Into(result)
 	return
 }
-
-// ApplyStatus was generated because the type contains a Status member.
-// Add a +genclient:noStatus comment above the type to avoid generating ApplyStatus().
-func (c *networkPolicies) ApplyStatus(ctx context.Context, networkPolicy *networkingv1.NetworkPolicyApplyConfiguration, opts metav1.ApplyOptions) (result *v1.NetworkPolicy, err error) {
-	if networkPolicy == nil {
-		return nil, fmt.Errorf("networkPolicy provided to Apply must not be nil")
-	}
-	patchOpts := opts.ToPatchOptions()
-	data, err := json.Marshal(networkPolicy)
-	if err != nil {
-		return nil, err
-	}
-
-	name := networkPolicy.Name
-	if name == nil {
-		return nil, fmt.Errorf("networkPolicy.Name must be provided to Apply")
-	}
-
-	result = &v1.NetworkPolicy{}
-	err = c.client.Patch(types.ApplyPatchType).
-		Namespace(c.ns).
-		Resource("networkpolicies").
-		Name(*name).
-		SubResource("status").
-		VersionedParams(&patchOpts, scheme.ParameterCodec).
-		Body(data).
-		Do(ctx).
-		Into(result)
-	return
-}
diff --git a/vendor/k8s.io/client-go/listers/admissionregistration/v1beta1/expansion_generated.go b/vendor/k8s.io/client-go/listers/admissionregistration/v1beta1/expansion_generated.go
index 8960abc4f4..7148781f42 100644
--- a/vendor/k8s.io/client-go/listers/admissionregistration/v1beta1/expansion_generated.go
+++ b/vendor/k8s.io/client-go/listers/admissionregistration/v1beta1/expansion_generated.go
@@ -22,6 +22,14 @@ package v1beta1
 // MutatingWebhookConfigurationLister.
 type MutatingWebhookConfigurationListerExpansion interface{}
 
+// ValidatingAdmissionPolicyListerExpansion allows custom methods to be added to
+// ValidatingAdmissionPolicyLister.
+type ValidatingAdmissionPolicyListerExpansion interface{}
+
+// ValidatingAdmissionPolicyBindingListerExpansion allows custom methods to be added to
+// ValidatingAdmissionPolicyBindingLister.
+type ValidatingAdmissionPolicyBindingListerExpansion interface{}
+
 // ValidatingWebhookConfigurationListerExpansion allows custom methods to be added to
 // ValidatingWebhookConfigurationLister.
 type ValidatingWebhookConfigurationListerExpansion interface{}
diff --git a/vendor/k8s.io/client-go/listers/admissionregistration/v1beta1/validatingadmissionpolicy.go b/vendor/k8s.io/client-go/listers/admissionregistration/v1beta1/validatingadmissionpolicy.go
new file mode 100644
index 0000000000..7018b3ceec
--- /dev/null
+++ b/vendor/k8s.io/client-go/listers/admissionregistration/v1beta1/validatingadmissionpolicy.go
@@ -0,0 +1,68 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by lister-gen. DO NOT EDIT.
+
+package v1beta1
+
+import (
+	v1beta1 "k8s.io/api/admissionregistration/v1beta1"
+	"k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/labels"
+	"k8s.io/client-go/tools/cache"
+)
+
+// ValidatingAdmissionPolicyLister helps list ValidatingAdmissionPolicies.
+// All objects returned here must be treated as read-only.
+type ValidatingAdmissionPolicyLister interface {
+	// List lists all ValidatingAdmissionPolicies in the indexer.
+	// Objects returned here must be treated as read-only.
+	List(selector labels.Selector) (ret []*v1beta1.ValidatingAdmissionPolicy, err error)
+	// Get retrieves the ValidatingAdmissionPolicy from the index for a given name.
+	// Objects returned here must be treated as read-only.
+	Get(name string) (*v1beta1.ValidatingAdmissionPolicy, error)
+	ValidatingAdmissionPolicyListerExpansion
+}
+
+// validatingAdmissionPolicyLister implements the ValidatingAdmissionPolicyLister interface.
+type validatingAdmissionPolicyLister struct {
+	indexer cache.Indexer
+}
+
+// NewValidatingAdmissionPolicyLister returns a new ValidatingAdmissionPolicyLister.
+func NewValidatingAdmissionPolicyLister(indexer cache.Indexer) ValidatingAdmissionPolicyLister {
+	return &validatingAdmissionPolicyLister{indexer: indexer}
+}
+
+// List lists all ValidatingAdmissionPolicies in the indexer.
+func (s *validatingAdmissionPolicyLister) List(selector labels.Selector) (ret []*v1beta1.ValidatingAdmissionPolicy, err error) {
+	err = cache.ListAll(s.indexer, selector, func(m interface{}) {
+		ret = append(ret, m.(*v1beta1.ValidatingAdmissionPolicy))
+	})
+	return ret, err
+}
+
+// Get retrieves the ValidatingAdmissionPolicy from the index for a given name.
+func (s *validatingAdmissionPolicyLister) Get(name string) (*v1beta1.ValidatingAdmissionPolicy, error) {
+	obj, exists, err := s.indexer.GetByKey(name)
+	if err != nil {
+		return nil, err
+	}
+	if !exists {
+		return nil, errors.NewNotFound(v1beta1.Resource("validatingadmissionpolicy"), name)
+	}
+	return obj.(*v1beta1.ValidatingAdmissionPolicy), nil
+}
diff --git a/vendor/k8s.io/client-go/listers/admissionregistration/v1beta1/validatingadmissionpolicybinding.go b/vendor/k8s.io/client-go/listers/admissionregistration/v1beta1/validatingadmissionpolicybinding.go
new file mode 100644
index 0000000000..5fcebfd22f
--- /dev/null
+++ b/vendor/k8s.io/client-go/listers/admissionregistration/v1beta1/validatingadmissionpolicybinding.go
@@ -0,0 +1,68 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by lister-gen. DO NOT EDIT.
+
+package v1beta1
+
+import (
+	v1beta1 "k8s.io/api/admissionregistration/v1beta1"
+	"k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/labels"
+	"k8s.io/client-go/tools/cache"
+)
+
+// ValidatingAdmissionPolicyBindingLister helps list ValidatingAdmissionPolicyBindings.
+// All objects returned here must be treated as read-only.
+type ValidatingAdmissionPolicyBindingLister interface {
+	// List lists all ValidatingAdmissionPolicyBindings in the indexer.
+	// Objects returned here must be treated as read-only.
+	List(selector labels.Selector) (ret []*v1beta1.ValidatingAdmissionPolicyBinding, err error)
+	// Get retrieves the ValidatingAdmissionPolicyBinding from the index for a given name.
+	// Objects returned here must be treated as read-only.
+	Get(name string) (*v1beta1.ValidatingAdmissionPolicyBinding, error)
+	ValidatingAdmissionPolicyBindingListerExpansion
+}
+
+// validatingAdmissionPolicyBindingLister implements the ValidatingAdmissionPolicyBindingLister interface.
+type validatingAdmissionPolicyBindingLister struct {
+	indexer cache.Indexer
+}
+
+// NewValidatingAdmissionPolicyBindingLister returns a new ValidatingAdmissionPolicyBindingLister.
+func NewValidatingAdmissionPolicyBindingLister(indexer cache.Indexer) ValidatingAdmissionPolicyBindingLister {
+	return &validatingAdmissionPolicyBindingLister{indexer: indexer}
+}
+
+// List lists all ValidatingAdmissionPolicyBindings in the indexer.
+func (s *validatingAdmissionPolicyBindingLister) List(selector labels.Selector) (ret []*v1beta1.ValidatingAdmissionPolicyBinding, err error) {
+	err = cache.ListAll(s.indexer, selector, func(m interface{}) {
+		ret = append(ret, m.(*v1beta1.ValidatingAdmissionPolicyBinding))
+	})
+	return ret, err
+}
+
+// Get retrieves the ValidatingAdmissionPolicyBinding from the index for a given name.
+func (s *validatingAdmissionPolicyBindingLister) Get(name string) (*v1beta1.ValidatingAdmissionPolicyBinding, error) {
+	obj, exists, err := s.indexer.GetByKey(name)
+	if err != nil {
+		return nil, err
+	}
+	if !exists {
+		return nil, errors.NewNotFound(v1beta1.Resource("validatingadmissionpolicybinding"), name)
+	}
+	return obj.(*v1beta1.ValidatingAdmissionPolicyBinding), nil
+}
diff --git a/vendor/k8s.io/client-go/openapi/typeconverter.go b/vendor/k8s.io/client-go/openapi/typeconverter.go
new file mode 100644
index 0000000000..4b91e66d45
--- /dev/null
+++ b/vendor/k8s.io/client-go/openapi/typeconverter.go
@@ -0,0 +1,48 @@
+/*
+Copyright 2023 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package openapi
+
+import (
+	"encoding/json"
+	"fmt"
+
+	"k8s.io/apimachinery/pkg/util/managedfields"
+	"k8s.io/kube-openapi/pkg/spec3"
+	"k8s.io/kube-openapi/pkg/validation/spec"
+)
+
+func NewTypeConverter(client Client, preserveUnknownFields bool) (managedfields.TypeConverter, error) {
+	spec := map[string]*spec.Schema{}
+	paths, err := client.Paths()
+	if err != nil {
+		return nil, fmt.Errorf("failed to list paths: %w", err)
+	}
+	for _, gv := range paths {
+		s, err := gv.Schema("application/json")
+		if err != nil {
+			return nil, fmt.Errorf("failed to download schema: %w", err)
+		}
+		var openapi spec3.OpenAPI
+		if err := json.Unmarshal(s, &openapi); err != nil {
+			return nil, fmt.Errorf("failed to parse schema: %w", err)
+		}
+		for k, v := range openapi.Components.Schemas {
+			spec[k] = v
+		}
+	}
+	return managedfields.NewTypeConverter(spec, preserveUnknownFields)
+}
diff --git a/vendor/k8s.io/client-go/plugin/pkg/client/auth/exec/exec.go b/vendor/k8s.io/client-go/plugin/pkg/client/auth/exec/exec.go
index 5331b237a7..b471f5cc64 100644
--- a/vendor/k8s.io/client-go/plugin/pkg/client/auth/exec/exec.go
+++ b/vendor/k8s.io/client-go/plugin/pkg/client/auth/exec/exec.go
@@ -32,12 +32,12 @@ import (
 	"sync"
 	"time"
 
-	"github.com/davecgh/go-spew/spew"
 	"golang.org/x/term"
 
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apimachinery/pkg/runtime/serializer"
+	"k8s.io/apimachinery/pkg/util/dump"
 	utilnet "k8s.io/apimachinery/pkg/util/net"
 	"k8s.io/client-go/pkg/apis/clientauthentication"
 	"k8s.io/client-go/pkg/apis/clientauthentication/install"
@@ -81,8 +81,6 @@ func newCache() *cache {
 	return &cache{m: make(map[string]*Authenticator)}
 }
 
-var spewConfig = &spew.ConfigState{DisableMethods: true, Indent: " "}
-
 func cacheKey(conf *api.ExecConfig, cluster *clientauthentication.Cluster) string {
 	key := struct {
 		conf    *api.ExecConfig
@@ -91,7 +89,7 @@ func cacheKey(conf *api.ExecConfig, cluster *clientauthentication.Cluster) strin
 		conf:    conf,
 		cluster: cluster,
 	}
-	return spewConfig.Sprint(key)
+	return dump.Pretty(key)
 }
 
 type cache struct {
diff --git a/vendor/k8s.io/client-go/rest/config.go b/vendor/k8s.io/client-go/rest/config.go
index 81e3cbd689..f8ff7e928c 100644
--- a/vendor/k8s.io/client-go/rest/config.go
+++ b/vendor/k8s.io/client-go/rest/config.go
@@ -316,7 +316,7 @@ func RESTClientFor(config *Config) (*RESTClient, error) {
 
 	// Validate config.Host before constructing the transport/client so we can fail fast.
 	// ServerURL will be obtained later in RESTClientForConfigAndClient()
-	_, _, err := defaultServerUrlFor(config)
+	_, _, err := DefaultServerUrlFor(config)
 	if err != nil {
 		return nil, err
 	}
@@ -343,7 +343,7 @@ func RESTClientForConfigAndClient(config *Config, httpClient *http.Client) (*RES
 		return nil, fmt.Errorf("NegotiatedSerializer is required when initializing a RESTClient")
 	}
 
-	baseURL, versionedAPIPath, err := defaultServerUrlFor(config)
+	baseURL, versionedAPIPath, err := DefaultServerUrlFor(config)
 	if err != nil {
 		return nil, err
 	}
@@ -390,7 +390,7 @@ func UnversionedRESTClientFor(config *Config) (*RESTClient, error) {
 
 	// Validate config.Host before constructing the transport/client so we can fail fast.
 	// ServerURL will be obtained later in UnversionedRESTClientForConfigAndClient()
-	_, _, err := defaultServerUrlFor(config)
+	_, _, err := DefaultServerUrlFor(config)
 	if err != nil {
 		return nil, err
 	}
@@ -410,7 +410,7 @@ func UnversionedRESTClientForConfigAndClient(config *Config, httpClient *http.Cl
 		return nil, fmt.Errorf("NegotiatedSerializer is required when initializing a RESTClient")
 	}
 
-	baseURL, versionedAPIPath, err := defaultServerUrlFor(config)
+	baseURL, versionedAPIPath, err := DefaultServerUrlFor(config)
 	if err != nil {
 		return nil, err
 	}
@@ -548,7 +548,7 @@ func InClusterConfig() (*Config, error) {
 // Note: the Insecure flag is ignored when testing for this value, so MITM attacks are
 // still possible.
 func IsConfigTransportTLS(config Config) bool {
-	baseURL, _, err := defaultServerUrlFor(&config)
+	baseURL, _, err := DefaultServerUrlFor(&config)
 	if err != nil {
 		return false
 	}
diff --git a/vendor/k8s.io/client-go/rest/request.go b/vendor/k8s.io/client-go/rest/request.go
index bb6fb4decb..850e57daeb 100644
--- a/vendor/k8s.io/client-go/rest/request.go
+++ b/vendor/k8s.io/client-go/rest/request.go
@@ -24,6 +24,7 @@ import (
 	"io"
 	"mime"
 	"net/http"
+	"net/http/httptrace"
 	"net/url"
 	"os"
 	"path"
@@ -925,15 +926,38 @@ func (r *Request) newHTTPRequest(ctx context.Context) (*http.Request, error) {
 	}
 
 	url := r.URL().String()
-	req, err := http.NewRequest(r.verb, url, body)
+	req, err := http.NewRequestWithContext(httptrace.WithClientTrace(ctx, newDNSMetricsTrace(ctx)), r.verb, url, body)
 	if err != nil {
 		return nil, err
 	}
-	req = req.WithContext(ctx)
 	req.Header = r.headers
 	return req, nil
 }
 
+// newDNSMetricsTrace returns an HTTP trace that tracks time spent on DNS lookups per host.
+// This metric is available in client as "rest_client_dns_resolution_duration_seconds".
+func newDNSMetricsTrace(ctx context.Context) *httptrace.ClientTrace {
+	type dnsMetric struct {
+		start time.Time
+		host  string
+		sync.Mutex
+	}
+	dns := &dnsMetric{}
+	return &httptrace.ClientTrace{
+		DNSStart: func(info httptrace.DNSStartInfo) {
+			dns.Lock()
+			defer dns.Unlock()
+			dns.start = time.Now()
+			dns.host = info.Host
+		},
+		DNSDone: func(info httptrace.DNSDoneInfo) {
+			dns.Lock()
+			defer dns.Unlock()
+			metrics.ResolverLatency.Observe(ctx, dns.host, time.Since(dns.start))
+		},
+	}
+}
+
 // request connects to the server and invokes the provided function when a server response is
 // received. It handles retry behavior and up front validation of requests. It will invoke
 // fn at most once. It will return an error if a problem occurred prior to connecting to the
diff --git a/vendor/k8s.io/client-go/rest/url_utils.go b/vendor/k8s.io/client-go/rest/url_utils.go
index a56d1838d8..c4ce6e3b8f 100644
--- a/vendor/k8s.io/client-go/rest/url_utils.go
+++ b/vendor/k8s.io/client-go/rest/url_utils.go
@@ -77,9 +77,9 @@ func DefaultVersionedAPIPath(apiPath string, groupVersion schema.GroupVersion) s
 	return versionedAPIPath
 }
 
-// defaultServerUrlFor is shared between IsConfigTransportTLS and RESTClientFor. It
+// DefaultServerUrlFor is shared between IsConfigTransportTLS and RESTClientFor. It
 // requires Host and Version to be set prior to being called.
-func defaultServerUrlFor(config *Config) (*url.URL, string, error) {
+func DefaultServerUrlFor(config *Config) (*url.URL, string, error) {
 	// TODO: move the default to secure when the apiserver supports TLS by default
 	// config.Insecure is taken to mean "I want HTTPS but don't bother checking the certs against a CA."
 	hasCA := len(config.CAFile) != 0 || len(config.CAData) != 0
diff --git a/vendor/k8s.io/client-go/tools/cache/OWNERS b/vendor/k8s.io/client-go/tools/cache/OWNERS
index 726205b3df..921ac2fa02 100644
--- a/vendor/k8s.io/client-go/tools/cache/OWNERS
+++ b/vendor/k8s.io/client-go/tools/cache/OWNERS
@@ -2,7 +2,6 @@
 
 approvers:
   - thockin
-  - lavalamp
   - smarterclayton
   - wojtek-t
   - deads2k
@@ -11,7 +10,6 @@ approvers:
   - ncdc
 reviewers:
   - thockin
-  - lavalamp
   - smarterclayton
   - wojtek-t
   - deads2k
@@ -26,3 +24,5 @@ reviewers:
   - dims
   - ingvagabund
   - ncdc
+emeritus_approvers:
+  - lavalamp
diff --git a/vendor/k8s.io/client-go/tools/cache/controller.go b/vendor/k8s.io/client-go/tools/cache/controller.go
index f437f28616..8a1104bde8 100644
--- a/vendor/k8s.io/client-go/tools/cache/controller.go
+++ b/vendor/k8s.io/client-go/tools/cache/controller.go
@@ -18,7 +18,6 @@ package cache
 
 import (
 	"errors"
-	"os"
 	"sync"
 	"time"
 
@@ -148,9 +147,6 @@ func (c *controller) Run(stopCh <-chan struct{}) {
 	if c.config.WatchErrorHandler != nil {
 		r.watchErrorHandler = c.config.WatchErrorHandler
 	}
-	if s := os.Getenv("ENABLE_CLIENT_GO_WATCH_LIST_ALPHA"); len(s) > 0 {
-		r.UseWatchList = true
-	}
 
 	c.reflectorMutex.Lock()
 	c.reflector = r
diff --git a/vendor/k8s.io/client-go/tools/cache/object-names.go b/vendor/k8s.io/client-go/tools/cache/object-names.go
new file mode 100644
index 0000000000..aa8dbb1993
--- /dev/null
+++ b/vendor/k8s.io/client-go/tools/cache/object-names.go
@@ -0,0 +1,65 @@
+/*
+Copyright 2023 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package cache
+
+import (
+	"k8s.io/apimachinery/pkg/types"
+)
+
+// ObjectName is a reference to an object of some implicit kind
+type ObjectName struct {
+	Namespace string
+	Name      string
+}
+
+// NewObjectName constructs a new one
+func NewObjectName(namespace, name string) ObjectName {
+	return ObjectName{Namespace: namespace, Name: name}
+}
+
+// Parts is the inverse of the constructor
+func (objName ObjectName) Parts() (namespace, name string) {
+	return objName.Namespace, objName.Name
+}
+
+// String returns the standard string encoding,
+// which is designed to match the historical behavior of MetaNamespaceKeyFunc.
+// Note this behavior is different from the String method of types.NamespacedName.
+func (objName ObjectName) String() string {
+	if len(objName.Namespace) > 0 {
+		return objName.Namespace + "/" + objName.Name
+	}
+	return objName.Name
+}
+
+// ParseObjectName tries to parse the standard encoding
+func ParseObjectName(str string) (ObjectName, error) {
+	var objName ObjectName
+	var err error
+	objName.Namespace, objName.Name, err = SplitMetaNamespaceKey(str)
+	return objName, err
+}
+
+// NamespacedNameAsObjectName rebrands the given NamespacedName as an ObjectName
+func NamespacedNameAsObjectName(nn types.NamespacedName) ObjectName {
+	return NewObjectName(nn.Namespace, nn.Name)
+}
+
+// AsNamespacedName rebrands as a NamespacedName
+func (objName ObjectName) AsNamespacedName() types.NamespacedName {
+	return types.NamespacedName{Namespace: objName.Namespace, Name: objName.Name}
+}
diff --git a/vendor/k8s.io/client-go/tools/cache/reflector.go b/vendor/k8s.io/client-go/tools/cache/reflector.go
index 2b335c104c..45eaff5285 100644
--- a/vendor/k8s.io/client-go/tools/cache/reflector.go
+++ b/vendor/k8s.io/client-go/tools/cache/reflector.go
@@ -22,6 +22,7 @@ import (
 	"fmt"
 	"io"
 	"math/rand"
+	"os"
 	"reflect"
 	"strings"
 	"sync"
@@ -69,9 +70,7 @@ type Reflector struct {
 	listerWatcher ListerWatcher
 	// backoff manages backoff of ListWatch
 	backoffManager wait.BackoffManager
-	// initConnBackoffManager manages backoff the initial connection with the Watch call of ListAndWatch.
-	initConnBackoffManager wait.BackoffManager
-	resyncPeriod           time.Duration
+	resyncPeriod   time.Duration
 	// clock allows tests to manipulate time
 	clock clock.Clock
 	// paginatedResult defines whether pagination should be forced for list calls.
@@ -220,11 +219,10 @@ func NewReflectorWithOptions(lw ListerWatcher, expectedType interface{}, store S
 		// We used to make the call every 1sec (1 QPS), the goal here is to achieve ~98% traffic reduction when
 		// API server is not healthy. With these parameters, backoff will stop at [30,60) sec interval which is
 		// 0.22 QPS. If we don't backoff for 2min, assume API server is healthy and we reset the backoff.
-		backoffManager:         wait.NewExponentialBackoffManager(800*time.Millisecond, 30*time.Second, 2*time.Minute, 2.0, 1.0, reflectorClock),
-		initConnBackoffManager: wait.NewExponentialBackoffManager(800*time.Millisecond, 30*time.Second, 2*time.Minute, 2.0, 1.0, reflectorClock),
-		clock:                  reflectorClock,
-		watchErrorHandler:      WatchErrorHandler(DefaultWatchErrorHandler),
-		expectedType:           reflect.TypeOf(expectedType),
+		backoffManager:    wait.NewExponentialBackoffManager(800*time.Millisecond, 30*time.Second, 2*time.Minute, 2.0, 1.0, reflectorClock),
+		clock:             reflectorClock,
+		watchErrorHandler: WatchErrorHandler(DefaultWatchErrorHandler),
+		expectedType:      reflect.TypeOf(expectedType),
 	}
 
 	if r.name == "" {
@@ -239,6 +237,10 @@ func NewReflectorWithOptions(lw ListerWatcher, expectedType interface{}, store S
 		r.expectedGVK = getExpectedGVKFromObject(expectedType)
 	}
 
+	if s := os.Getenv("ENABLE_CLIENT_GO_WATCH_LIST_ALPHA"); len(s) > 0 {
+		r.UseWatchList = true
+	}
+
 	return r
 }
 
@@ -420,7 +422,7 @@ func (r *Reflector) watch(w watch.Interface, stopCh <-chan struct{}, resyncerrc
 					select {
 					case <-stopCh:
 						return nil
-					case <-r.initConnBackoffManager.Backoff().C():
+					case <-r.backoffManager.Backoff().C():
 						continue
 					}
 				}
@@ -446,7 +448,7 @@ func (r *Reflector) watch(w watch.Interface, stopCh <-chan struct{}, resyncerrc
 					select {
 					case <-stopCh:
 						return nil
-					case <-r.initConnBackoffManager.Backoff().C():
+					case <-r.backoffManager.Backoff().C():
 						continue
 					}
 				case apierrors.IsInternalError(err) && retry.ShouldRetry():
@@ -508,7 +510,7 @@ func (r *Reflector) list(stopCh <-chan struct{}) error {
 			pager.PageSize = 0
 		}
 
-		list, paginatedResult, err = pager.List(context.Background(), options)
+		list, paginatedResult, err = pager.ListWithAlloc(context.Background(), options)
 		if isExpiredError(err) || isTooLargeResourceVersionError(err) {
 			r.setIsLastSyncResourceVersionUnavailable(true)
 			// Retry immediately if the resource version used to list is unavailable.
@@ -517,7 +519,7 @@ func (r *Reflector) list(stopCh <-chan struct{}) error {
 			// resource version it is listing at is expired or the cache may not yet be synced to the provided
 			// resource version. So we need to fallback to resourceVersion="" in all to recover and ensure
 			// the reflector makes forward progress.
-			list, paginatedResult, err = pager.List(context.Background(), metav1.ListOptions{ResourceVersion: r.relistResourceVersion()})
+			list, paginatedResult, err = pager.ListWithAlloc(context.Background(), metav1.ListOptions{ResourceVersion: r.relistResourceVersion()})
 		}
 		close(listCh)
 	}()
@@ -555,7 +557,7 @@ func (r *Reflector) list(stopCh <-chan struct{}) error {
 	}
 	resourceVersion = listMetaInterface.GetResourceVersion()
 	initTrace.Step("Resource version extracted")
-	items, err := meta.ExtractList(list)
+	items, err := meta.ExtractListWithAlloc(list)
 	if err != nil {
 		return fmt.Errorf("unable to understand list result %#v (%v)", list, err)
 	}
@@ -599,7 +601,7 @@ func (r *Reflector) watchList(stopCh <-chan struct{}) (watch.Interface, error) {
 	isErrorRetriableWithSideEffectsFn := func(err error) bool {
 		if canRetry := isWatchErrorRetriable(err); canRetry {
 			klog.V(2).Infof("%s: watch-list of %v returned %v - backing off", r.name, r.typeDescription, err)
-			<-r.initConnBackoffManager.Backoff().C()
+			<-r.backoffManager.Backoff().C()
 			return true
 		}
 		if isExpiredError(err) || isTooLargeResourceVersionError(err) {
diff --git a/vendor/k8s.io/client-go/tools/cache/shared_informer.go b/vendor/k8s.io/client-go/tools/cache/shared_informer.go
index a889fdbc36..be8694ddb6 100644
--- a/vendor/k8s.io/client-go/tools/cache/shared_informer.go
+++ b/vendor/k8s.io/client-go/tools/cache/shared_informer.go
@@ -459,29 +459,30 @@ func (s *sharedIndexInformer) Run(stopCh <-chan struct{}) {
 		klog.Warningf("The sharedIndexInformer has started, run more than once is not allowed")
 		return
 	}
-	fifo := NewDeltaFIFOWithOptions(DeltaFIFOOptions{
-		KnownObjects:          s.indexer,
-		EmitDeltaTypeReplaced: true,
-		Transformer:           s.transform,
-	})
-
-	cfg := &Config{
-		Queue:             fifo,
-		ListerWatcher:     s.listerWatcher,
-		ObjectType:        s.objectType,
-		ObjectDescription: s.objectDescription,
-		FullResyncPeriod:  s.resyncCheckPeriod,
-		RetryOnError:      false,
-		ShouldResync:      s.processor.shouldResync,
-
-		Process:           s.HandleDeltas,
-		WatchErrorHandler: s.watchErrorHandler,
-	}
 
 	func() {
 		s.startedLock.Lock()
 		defer s.startedLock.Unlock()
 
+		fifo := NewDeltaFIFOWithOptions(DeltaFIFOOptions{
+			KnownObjects:          s.indexer,
+			EmitDeltaTypeReplaced: true,
+			Transformer:           s.transform,
+		})
+
+		cfg := &Config{
+			Queue:             fifo,
+			ListerWatcher:     s.listerWatcher,
+			ObjectType:        s.objectType,
+			ObjectDescription: s.objectDescription,
+			FullResyncPeriod:  s.resyncCheckPeriod,
+			RetryOnError:      false,
+			ShouldResync:      s.processor.shouldResync,
+
+			Process:           s.HandleDeltas,
+			WatchErrorHandler: s.watchErrorHandler,
+		}
+
 		s.controller = New(cfg)
 		s.controller.(*controller).clock = s.clock
 		s.started = true
diff --git a/vendor/k8s.io/client-go/tools/cache/store.go b/vendor/k8s.io/client-go/tools/cache/store.go
index 5308ea7480..5cc3f42ec1 100644
--- a/vendor/k8s.io/client-go/tools/cache/store.go
+++ b/vendor/k8s.io/client-go/tools/cache/store.go
@@ -21,6 +21,7 @@ import (
 	"strings"
 
 	"k8s.io/apimachinery/pkg/api/meta"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
 // Store is a generic object storage and processing interface.  A
@@ -99,20 +100,38 @@ type ExplicitKey string
 // The key uses the format <namespace>/<name> unless <namespace> is empty, then
 // it's just <name>.
 //
-// TODO: replace key-as-string with a key-as-struct so that this
-// packing/unpacking won't be necessary.
+// Clients that want a structured alternative can use ObjectToName or MetaObjectToName.
+// Note: this would not be a client that wants a key for a Store because those are
+// necessarily strings.
+//
+// TODO maybe some day?: change Store to be keyed differently
 func MetaNamespaceKeyFunc(obj interface{}) (string, error) {
 	if key, ok := obj.(ExplicitKey); ok {
 		return string(key), nil
 	}
+	objName, err := ObjectToName(obj)
+	if err != nil {
+		return "", err
+	}
+	return objName.String(), nil
+}
+
+// ObjectToName returns the structured name for the given object,
+// if indeed it can be viewed as a metav1.Object.
+func ObjectToName(obj interface{}) (ObjectName, error) {
 	meta, err := meta.Accessor(obj)
 	if err != nil {
-		return "", fmt.Errorf("object has no meta: %v", err)
+		return ObjectName{}, fmt.Errorf("object has no meta: %v", err)
 	}
-	if len(meta.GetNamespace()) > 0 {
-		return meta.GetNamespace() + "/" + meta.GetName(), nil
+	return MetaObjectToName(meta), nil
+}
+
+// MetaObjectToName returns the structured name for the given object
+func MetaObjectToName(obj metav1.Object) ObjectName {
+	if len(obj.GetNamespace()) > 0 {
+		return ObjectName{Namespace: obj.GetNamespace(), Name: obj.GetName()}
 	}
-	return meta.GetName(), nil
+	return ObjectName{Namespace: "", Name: obj.GetName()}
 }
 
 // SplitMetaNamespaceKey returns the namespace and name that
diff --git a/vendor/k8s.io/client-go/tools/clientcmd/api/types.go b/vendor/k8s.io/client-go/tools/clientcmd/api/types.go
index 71fb821b1e..ae8b8c7038 100644
--- a/vendor/k8s.io/client-go/tools/clientcmd/api/types.go
+++ b/vendor/k8s.io/client-go/tools/clientcmd/api/types.go
@@ -67,7 +67,7 @@ type Preferences struct {
 type Cluster struct {
 	// LocationOfOrigin indicates where this object came from.  It is used for round tripping config post-merge, but never serialized.
 	// +k8s:conversion-gen=false
-	LocationOfOrigin string
+	LocationOfOrigin string `json:"-"`
 	// Server is the address of the kubernetes cluster (https://hostname:port).
 	Server string `json:"server"`
 	// TLSServerName is used to check server certificate. If TLSServerName is empty, the hostname used to contact the server is used.
@@ -107,7 +107,7 @@ type Cluster struct {
 type AuthInfo struct {
 	// LocationOfOrigin indicates where this object came from.  It is used for round tripping config post-merge, but never serialized.
 	// +k8s:conversion-gen=false
-	LocationOfOrigin string
+	LocationOfOrigin string `json:"-"`
 	// ClientCertificate is the path to a client cert file for TLS.
 	// +optional
 	ClientCertificate string `json:"client-certificate,omitempty"`
@@ -159,7 +159,7 @@ type AuthInfo struct {
 type Context struct {
 	// LocationOfOrigin indicates where this object came from.  It is used for round tripping config post-merge, but never serialized.
 	// +k8s:conversion-gen=false
-	LocationOfOrigin string
+	LocationOfOrigin string `json:"-"`
 	// Cluster is the name of the cluster for this context
 	Cluster string `json:"cluster"`
 	// AuthInfo is the name of the authInfo for this context
@@ -252,7 +252,7 @@ type ExecConfig struct {
 	// recommended as one of the prime benefits of exec plugins is that no secrets need
 	// to be stored directly in the kubeconfig.
 	// +k8s:conversion-gen=false
-	Config runtime.Object
+	Config runtime.Object `json:"-"`
 
 	// InteractiveMode determines this plugin's relationship with standard input. Valid
 	// values are "Never" (this exec plugin never uses standard input), "IfAvailable" (this
@@ -264,7 +264,7 @@ type ExecConfig struct {
 	// client.authentication.k8s.io/v1beta1, then this field is optional and defaults
 	// to "IfAvailable" when unset. Otherwise, this field is required.
 	// +optional
-	InteractiveMode ExecInteractiveMode
+	InteractiveMode ExecInteractiveMode `json:"interactiveMode,omitempty"`
 
 	// StdinUnavailable indicates whether the exec authenticator can pass standard
 	// input through to this exec plugin. For example, a higher level entity might be using
@@ -272,14 +272,14 @@ type ExecConfig struct {
 	// plugin to use standard input. This is kept here in order to keep all of the exec configuration
 	// together, but it is never serialized.
 	// +k8s:conversion-gen=false
-	StdinUnavailable bool
+	StdinUnavailable bool `json:"-"`
 
 	// StdinUnavailableMessage is an optional message to be displayed when the exec authenticator
 	// cannot successfully run this exec plugin because it needs to use standard input and
 	// StdinUnavailable is true. For example, a process that is already using standard input to
 	// read user instructions might set this to "used by my-program to read user instructions".
 	// +k8s:conversion-gen=false
-	StdinUnavailableMessage string
+	StdinUnavailableMessage string `json:"-"`
 }
 
 var _ fmt.Stringer = new(ExecConfig)
diff --git a/vendor/k8s.io/client-go/tools/clientcmd/loader.go b/vendor/k8s.io/client-go/tools/clientcmd/loader.go
index 44de1d41d8..b75737f1c9 100644
--- a/vendor/k8s.io/client-go/tools/clientcmd/loader.go
+++ b/vendor/k8s.io/client-go/tools/clientcmd/loader.go
@@ -128,6 +128,28 @@ type ClientConfigLoadingRules struct {
 	// WarnIfAllMissing indicates whether the configuration files pointed by KUBECONFIG environment variable are present or not.
 	// In case of missing files, it warns the user about the missing files.
 	WarnIfAllMissing bool
+
+	// Warner is the warning log callback to use in case of missing files.
+	Warner WarningHandler
+}
+
+// WarningHandler allows to set the logging function to use
+type WarningHandler func(error)
+
+func (handler WarningHandler) Warn(err error) {
+	if handler == nil {
+		klog.V(1).Info(err)
+	} else {
+		handler(err)
+	}
+}
+
+type MissingConfigError struct {
+	Missing []string
+}
+
+func (c MissingConfigError) Error() string {
+	return fmt.Sprintf("Config not found: %s", strings.Join(c.Missing, ", "))
 }
 
 // ClientConfigLoadingRules implements the ClientConfigLoader interface.
@@ -219,7 +241,7 @@ func (rules *ClientConfigLoadingRules) Load() (*clientcmdapi.Config, error) {
 	}
 
 	if rules.WarnIfAllMissing && len(missingList) > 0 && len(kubeconfigs) == 0 {
-		klog.Warningf("Config not found: %s", strings.Join(missingList, ", "))
+		rules.Warner.Warn(MissingConfigError{Missing: missingList})
 	}
 
 	// first merge all of our maps
diff --git a/vendor/k8s.io/client-go/tools/leaderelection/leaderelection.go b/vendor/k8s.io/client-go/tools/leaderelection/leaderelection.go
index 940e716175..c1151baf20 100644
--- a/vendor/k8s.io/client-go/tools/leaderelection/leaderelection.go
+++ b/vendor/k8s.io/client-go/tools/leaderelection/leaderelection.go
@@ -99,6 +99,11 @@ func NewLeaderElector(lec LeaderElectionConfig) (*LeaderElector, error) {
 	if lec.Lock == nil {
 		return nil, fmt.Errorf("Lock must not be nil.")
 	}
+	id := lec.Lock.Identity()
+	if id == "" {
+		return nil, fmt.Errorf("Lock identity is empty")
+	}
+
 	le := LeaderElector{
 		config:  lec,
 		clock:   clock.RealClock{},
diff --git a/vendor/k8s.io/client-go/tools/leaderelection/resourcelock/configmaplock.go b/vendor/k8s.io/client-go/tools/leaderelection/resourcelock/configmaplock.go
deleted file mode 100644
index e811fff03c..0000000000
--- a/vendor/k8s.io/client-go/tools/leaderelection/resourcelock/configmaplock.go
+++ /dev/null
@@ -1,126 +0,0 @@
-/*
-Copyright 2017 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package resourcelock
-
-import (
-	"context"
-	"encoding/json"
-	"errors"
-	"fmt"
-
-	"k8s.io/api/core/v1"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	corev1client "k8s.io/client-go/kubernetes/typed/core/v1"
-)
-
-// TODO: This is almost a exact replica of Endpoints lock.
-// going forwards as we self host more and more components
-// and use ConfigMaps as the means to pass that configuration
-// data we will likely move to deprecate the Endpoints lock.
-
-type configMapLock struct {
-	// ConfigMapMeta should contain a Name and a Namespace of a
-	// ConfigMapMeta object that the LeaderElector will attempt to lead.
-	ConfigMapMeta metav1.ObjectMeta
-	Client        corev1client.ConfigMapsGetter
-	LockConfig    ResourceLockConfig
-	cm            *v1.ConfigMap
-}
-
-// Get returns the election record from a ConfigMap Annotation
-func (cml *configMapLock) Get(ctx context.Context) (*LeaderElectionRecord, []byte, error) {
-	var record LeaderElectionRecord
-	cm, err := cml.Client.ConfigMaps(cml.ConfigMapMeta.Namespace).Get(ctx, cml.ConfigMapMeta.Name, metav1.GetOptions{})
-	if err != nil {
-		return nil, nil, err
-	}
-	cml.cm = cm
-	if cml.cm.Annotations == nil {
-		cml.cm.Annotations = make(map[string]string)
-	}
-	recordStr, found := cml.cm.Annotations[LeaderElectionRecordAnnotationKey]
-	recordBytes := []byte(recordStr)
-	if found {
-		if err := json.Unmarshal(recordBytes, &record); err != nil {
-			return nil, nil, err
-		}
-	}
-	return &record, recordBytes, nil
-}
-
-// Create attempts to create a LeaderElectionRecord annotation
-func (cml *configMapLock) Create(ctx context.Context, ler LeaderElectionRecord) error {
-	recordBytes, err := json.Marshal(ler)
-	if err != nil {
-		return err
-	}
-	cml.cm, err = cml.Client.ConfigMaps(cml.ConfigMapMeta.Namespace).Create(ctx, &v1.ConfigMap{
-		ObjectMeta: metav1.ObjectMeta{
-			Name:      cml.ConfigMapMeta.Name,
-			Namespace: cml.ConfigMapMeta.Namespace,
-			Annotations: map[string]string{
-				LeaderElectionRecordAnnotationKey: string(recordBytes),
-			},
-		},
-	}, metav1.CreateOptions{})
-	return err
-}
-
-// Update will update an existing annotation on a given resource.
-func (cml *configMapLock) Update(ctx context.Context, ler LeaderElectionRecord) error {
-	if cml.cm == nil {
-		return errors.New("configmap not initialized, call get or create first")
-	}
-	recordBytes, err := json.Marshal(ler)
-	if err != nil {
-		return err
-	}
-	if cml.cm.Annotations == nil {
-		cml.cm.Annotations = make(map[string]string)
-	}
-	cml.cm.Annotations[LeaderElectionRecordAnnotationKey] = string(recordBytes)
-	cm, err := cml.Client.ConfigMaps(cml.ConfigMapMeta.Namespace).Update(ctx, cml.cm, metav1.UpdateOptions{})
-	if err != nil {
-		return err
-	}
-	cml.cm = cm
-	return nil
-}
-
-// RecordEvent in leader election while adding meta-data
-func (cml *configMapLock) RecordEvent(s string) {
-	if cml.LockConfig.EventRecorder == nil {
-		return
-	}
-	events := fmt.Sprintf("%v %v", cml.LockConfig.Identity, s)
-	subject := &v1.ConfigMap{ObjectMeta: cml.cm.ObjectMeta}
-	// Populate the type meta, so we don't have to get it from the schema
-	subject.Kind = "ConfigMap"
-	subject.APIVersion = v1.SchemeGroupVersion.String()
-	cml.LockConfig.EventRecorder.Eventf(subject, v1.EventTypeNormal, "LeaderElection", events)
-}
-
-// Describe is used to convert details on current resource lock
-// into a string
-func (cml *configMapLock) Describe() string {
-	return fmt.Sprintf("%v/%v", cml.ConfigMapMeta.Namespace, cml.ConfigMapMeta.Name)
-}
-
-// Identity returns the Identity of the lock
-func (cml *configMapLock) Identity() string {
-	return cml.LockConfig.Identity
-}
diff --git a/vendor/k8s.io/client-go/tools/leaderelection/resourcelock/endpointslock.go b/vendor/k8s.io/client-go/tools/leaderelection/resourcelock/endpointslock.go
deleted file mode 100644
index eb36d2210a..0000000000
--- a/vendor/k8s.io/client-go/tools/leaderelection/resourcelock/endpointslock.go
+++ /dev/null
@@ -1,121 +0,0 @@
-/*
-Copyright 2016 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package resourcelock
-
-import (
-	"context"
-	"encoding/json"
-	"errors"
-	"fmt"
-
-	"k8s.io/api/core/v1"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	corev1client "k8s.io/client-go/kubernetes/typed/core/v1"
-)
-
-type endpointsLock struct {
-	// EndpointsMeta should contain a Name and a Namespace of an
-	// Endpoints object that the LeaderElector will attempt to lead.
-	EndpointsMeta metav1.ObjectMeta
-	Client        corev1client.EndpointsGetter
-	LockConfig    ResourceLockConfig
-	e             *v1.Endpoints
-}
-
-// Get returns the election record from a Endpoints Annotation
-func (el *endpointsLock) Get(ctx context.Context) (*LeaderElectionRecord, []byte, error) {
-	var record LeaderElectionRecord
-	ep, err := el.Client.Endpoints(el.EndpointsMeta.Namespace).Get(ctx, el.EndpointsMeta.Name, metav1.GetOptions{})
-	if err != nil {
-		return nil, nil, err
-	}
-	el.e = ep
-	if el.e.Annotations == nil {
-		el.e.Annotations = make(map[string]string)
-	}
-	recordStr, found := el.e.Annotations[LeaderElectionRecordAnnotationKey]
-	recordBytes := []byte(recordStr)
-	if found {
-		if err := json.Unmarshal(recordBytes, &record); err != nil {
-			return nil, nil, err
-		}
-	}
-	return &record, recordBytes, nil
-}
-
-// Create attempts to create a LeaderElectionRecord annotation
-func (el *endpointsLock) Create(ctx context.Context, ler LeaderElectionRecord) error {
-	recordBytes, err := json.Marshal(ler)
-	if err != nil {
-		return err
-	}
-	el.e, err = el.Client.Endpoints(el.EndpointsMeta.Namespace).Create(ctx, &v1.Endpoints{
-		ObjectMeta: metav1.ObjectMeta{
-			Name:      el.EndpointsMeta.Name,
-			Namespace: el.EndpointsMeta.Namespace,
-			Annotations: map[string]string{
-				LeaderElectionRecordAnnotationKey: string(recordBytes),
-			},
-		},
-	}, metav1.CreateOptions{})
-	return err
-}
-
-// Update will update and existing annotation on a given resource.
-func (el *endpointsLock) Update(ctx context.Context, ler LeaderElectionRecord) error {
-	if el.e == nil {
-		return errors.New("endpoint not initialized, call get or create first")
-	}
-	recordBytes, err := json.Marshal(ler)
-	if err != nil {
-		return err
-	}
-	if el.e.Annotations == nil {
-		el.e.Annotations = make(map[string]string)
-	}
-	el.e.Annotations[LeaderElectionRecordAnnotationKey] = string(recordBytes)
-	e, err := el.Client.Endpoints(el.EndpointsMeta.Namespace).Update(ctx, el.e, metav1.UpdateOptions{})
-	if err != nil {
-		return err
-	}
-	el.e = e
-	return nil
-}
-
-// RecordEvent in leader election while adding meta-data
-func (el *endpointsLock) RecordEvent(s string) {
-	if el.LockConfig.EventRecorder == nil {
-		return
-	}
-	events := fmt.Sprintf("%v %v", el.LockConfig.Identity, s)
-	subject := &v1.Endpoints{ObjectMeta: el.e.ObjectMeta}
-	// Populate the type meta, so we don't have to get it from the schema
-	subject.Kind = "Endpoints"
-	subject.APIVersion = v1.SchemeGroupVersion.String()
-	el.LockConfig.EventRecorder.Eventf(subject, v1.EventTypeNormal, "LeaderElection", events)
-}
-
-// Describe is used to convert details on current resource lock
-// into a string
-func (el *endpointsLock) Describe() string {
-	return fmt.Sprintf("%v/%v", el.EndpointsMeta.Namespace, el.EndpointsMeta.Name)
-}
-
-// Identity returns the Identity of the lock
-func (el *endpointsLock) Identity() string {
-	return el.LockConfig.Identity
-}
diff --git a/vendor/k8s.io/client-go/tools/leaderelection/resourcelock/interface.go b/vendor/k8s.io/client-go/tools/leaderelection/resourcelock/interface.go
index 05b5b20237..483753d632 100644
--- a/vendor/k8s.io/client-go/tools/leaderelection/resourcelock/interface.go
+++ b/vendor/k8s.io/client-go/tools/leaderelection/resourcelock/interface.go
@@ -34,7 +34,7 @@ const (
 	endpointsResourceLock             = "endpoints"
 	configMapsResourceLock            = "configmaps"
 	LeasesResourceLock                = "leases"
-	// When using EndpointsLeasesResourceLock, you need to ensure that
+	// When using endpointsLeasesResourceLock, you need to ensure that
 	// API Priority & Fairness is configured with non-default flow-schema
 	// that will catch the necessary operations on leader-election related
 	// endpoint objects.
@@ -67,8 +67,8 @@ const (
 	//         serviceAccount:
 	//           name: '*'
 	//           namespace: kube-system
-	EndpointsLeasesResourceLock = "endpointsleases"
-	// When using ConfigMapsLeasesResourceLock, you need to ensure that
+	endpointsLeasesResourceLock = "endpointsleases"
+	// When using configMapsLeasesResourceLock, you need to ensure that
 	// API Priority & Fairness is configured with non-default flow-schema
 	// that will catch the necessary operations on leader-election related
 	// configmap objects.
@@ -101,7 +101,7 @@ const (
 	//         serviceAccount:
 	//           name: '*'
 	//           namespace: kube-system
-	ConfigMapsLeasesResourceLock = "configmapsleases"
+	configMapsLeasesResourceLock = "configmapsleases"
 )
 
 // LeaderElectionRecord is the record that is stored in the leader election annotation.
@@ -164,22 +164,6 @@ type Interface interface {
 
 // Manufacture will create a lock of a given type according to the input parameters
 func New(lockType string, ns string, name string, coreClient corev1.CoreV1Interface, coordinationClient coordinationv1.CoordinationV1Interface, rlc ResourceLockConfig) (Interface, error) {
-	endpointsLock := &endpointsLock{
-		EndpointsMeta: metav1.ObjectMeta{
-			Namespace: ns,
-			Name:      name,
-		},
-		Client:     coreClient,
-		LockConfig: rlc,
-	}
-	configmapLock := &configMapLock{
-		ConfigMapMeta: metav1.ObjectMeta{
-			Namespace: ns,
-			Name:      name,
-		},
-		Client:     coreClient,
-		LockConfig: rlc,
-	}
 	leaseLock := &LeaseLock{
 		LeaseMeta: metav1.ObjectMeta{
 			Namespace: ns,
@@ -190,21 +174,15 @@ func New(lockType string, ns string, name string, coreClient corev1.CoreV1Interf
 	}
 	switch lockType {
 	case endpointsResourceLock:
-		return nil, fmt.Errorf("endpoints lock is removed, migrate to %s", EndpointsLeasesResourceLock)
+		return nil, fmt.Errorf("endpoints lock is removed, migrate to %s (using version v0.27.x)", endpointsLeasesResourceLock)
 	case configMapsResourceLock:
-		return nil, fmt.Errorf("configmaps lock is removed, migrate to %s", ConfigMapsLeasesResourceLock)
+		return nil, fmt.Errorf("configmaps lock is removed, migrate to %s (using version v0.27.x)", configMapsLeasesResourceLock)
 	case LeasesResourceLock:
 		return leaseLock, nil
-	case EndpointsLeasesResourceLock:
-		return &MultiLock{
-			Primary:   endpointsLock,
-			Secondary: leaseLock,
-		}, nil
-	case ConfigMapsLeasesResourceLock:
-		return &MultiLock{
-			Primary:   configmapLock,
-			Secondary: leaseLock,
-		}, nil
+	case endpointsLeasesResourceLock:
+		return nil, fmt.Errorf("endpointsleases lock is removed, migrate to %s", LeasesResourceLock)
+	case configMapsLeasesResourceLock:
+		return nil, fmt.Errorf("configmapsleases lock is removed, migrated to %s", LeasesResourceLock)
 	default:
 		return nil, fmt.Errorf("Invalid lock-type %s", lockType)
 	}
diff --git a/vendor/k8s.io/client-go/tools/metrics/metrics.go b/vendor/k8s.io/client-go/tools/metrics/metrics.go
index f36430dc3e..99d3d8e239 100644
--- a/vendor/k8s.io/client-go/tools/metrics/metrics.go
+++ b/vendor/k8s.io/client-go/tools/metrics/metrics.go
@@ -42,6 +42,10 @@ type LatencyMetric interface {
 	Observe(ctx context.Context, verb string, u url.URL, latency time.Duration)
 }
 
+type ResolverLatencyMetric interface {
+	Observe(ctx context.Context, host string, latency time.Duration)
+}
+
 // SizeMetric observes client response size partitioned by verb and host.
 type SizeMetric interface {
 	Observe(ctx context.Context, verb string, host string, size float64)
@@ -64,6 +68,17 @@ type RetryMetric interface {
 	IncrementRetry(ctx context.Context, code string, method string, host string)
 }
 
+// TransportCacheMetric shows the number of entries in the internal transport cache
+type TransportCacheMetric interface {
+	Observe(value int)
+}
+
+// TransportCreateCallsMetric counts the number of times a transport is created
+// partitioned by the result of the cache: hit, miss, uncacheable
+type TransportCreateCallsMetric interface {
+	Increment(result string)
+}
+
 var (
 	// ClientCertExpiry is the expiry time of a client certificate
 	ClientCertExpiry ExpiryMetric = noopExpiry{}
@@ -71,6 +86,8 @@ var (
 	ClientCertRotationAge DurationMetric = noopDuration{}
 	// RequestLatency is the latency metric that rest clients will update.
 	RequestLatency LatencyMetric = noopLatency{}
+	// ResolverLatency is the latency metric that DNS resolver will update
+	ResolverLatency ResolverLatencyMetric = noopResolverLatency{}
 	// RequestSize is the request size metric that rest clients will update.
 	RequestSize SizeMetric = noopSize{}
 	// ResponseSize is the response size metric that rest clients will update.
@@ -85,6 +102,12 @@ var (
 	// RequestRetry is the retry metric that tracks the number of
 	// retries sent to the server.
 	RequestRetry RetryMetric = noopRetry{}
+	// TransportCacheEntries is the metric that tracks the number of entries in the
+	// internal transport cache.
+	TransportCacheEntries TransportCacheMetric = noopTransportCache{}
+	// TransportCreateCalls is the metric that counts the number of times a new transport
+	// is created
+	TransportCreateCalls TransportCreateCallsMetric = noopTransportCreateCalls{}
 )
 
 // RegisterOpts contains all the metrics to register. Metrics may be nil.
@@ -92,12 +115,15 @@ type RegisterOpts struct {
 	ClientCertExpiry      ExpiryMetric
 	ClientCertRotationAge DurationMetric
 	RequestLatency        LatencyMetric
+	ResolverLatency       ResolverLatencyMetric
 	RequestSize           SizeMetric
 	ResponseSize          SizeMetric
 	RateLimiterLatency    LatencyMetric
 	RequestResult         ResultMetric
 	ExecPluginCalls       CallsMetric
 	RequestRetry          RetryMetric
+	TransportCacheEntries TransportCacheMetric
+	TransportCreateCalls  TransportCreateCallsMetric
 }
 
 // Register registers metrics for the rest client to use. This can
@@ -113,6 +139,9 @@ func Register(opts RegisterOpts) {
 		if opts.RequestLatency != nil {
 			RequestLatency = opts.RequestLatency
 		}
+		if opts.ResolverLatency != nil {
+			ResolverLatency = opts.ResolverLatency
+		}
 		if opts.RequestSize != nil {
 			RequestSize = opts.RequestSize
 		}
@@ -131,6 +160,12 @@ func Register(opts RegisterOpts) {
 		if opts.RequestRetry != nil {
 			RequestRetry = opts.RequestRetry
 		}
+		if opts.TransportCacheEntries != nil {
+			TransportCacheEntries = opts.TransportCacheEntries
+		}
+		if opts.TransportCreateCalls != nil {
+			TransportCreateCalls = opts.TransportCreateCalls
+		}
 	})
 }
 
@@ -146,6 +181,11 @@ type noopLatency struct{}
 
 func (noopLatency) Observe(context.Context, string, url.URL, time.Duration) {}
 
+type noopResolverLatency struct{}
+
+func (n noopResolverLatency) Observe(ctx context.Context, host string, latency time.Duration) {
+}
+
 type noopSize struct{}
 
 func (noopSize) Observe(context.Context, string, string, float64) {}
@@ -161,3 +201,11 @@ func (noopCalls) Increment(int, string) {}
 type noopRetry struct{}
 
 func (noopRetry) IncrementRetry(context.Context, string, string, string) {}
+
+type noopTransportCache struct{}
+
+func (noopTransportCache) Observe(int) {}
+
+type noopTransportCreateCalls struct{}
+
+func (noopTransportCreateCalls) Increment(string) {}
diff --git a/vendor/k8s.io/client-go/tools/pager/pager.go b/vendor/k8s.io/client-go/tools/pager/pager.go
index 9ba988f685..3c77cc37fa 100644
--- a/vendor/k8s.io/client-go/tools/pager/pager.go
+++ b/vendor/k8s.io/client-go/tools/pager/pager.go
@@ -73,7 +73,23 @@ func New(fn ListPageFunc) *ListPager {
 // List returns a single list object, but attempts to retrieve smaller chunks from the
 // server to reduce the impact on the server. If the chunk attempt fails, it will load
 // the full list instead. The Limit field on options, if unset, will default to the page size.
+//
+// If items in the returned list are retained for different durations, and you want to avoid
+// retaining the whole slice returned by p.PageFn as long as any item is referenced,
+// use ListWithAlloc instead.
 func (p *ListPager) List(ctx context.Context, options metav1.ListOptions) (runtime.Object, bool, error) {
+	return p.list(ctx, options, false)
+}
+
+// ListWithAlloc works like List, but avoids retaining references to the items slice returned by p.PageFn.
+// It does this by making a shallow copy of non-pointer items in the slice returned by p.PageFn.
+//
+// If the items in the returned list are not retained, or are retained for the same duration, use List instead for memory efficiency.
+func (p *ListPager) ListWithAlloc(ctx context.Context, options metav1.ListOptions) (runtime.Object, bool, error) {
+	return p.list(ctx, options, true)
+}
+
+func (p *ListPager) list(ctx context.Context, options metav1.ListOptions, allocNew bool) (runtime.Object, bool, error) {
 	if options.Limit == 0 {
 		options.Limit = p.PageSize
 	}
@@ -123,7 +139,11 @@ func (p *ListPager) List(ctx context.Context, options metav1.ListOptions) (runti
 			list.ResourceVersion = m.GetResourceVersion()
 			list.SelfLink = m.GetSelfLink()
 		}
-		if err := meta.EachListItem(obj, func(obj runtime.Object) error {
+		eachListItemFunc := meta.EachListItem
+		if allocNew {
+			eachListItemFunc = meta.EachListItemWithAlloc
+		}
+		if err := eachListItemFunc(obj, func(obj runtime.Object) error {
 			list.Items = append(list.Items, obj)
 			return nil
 		}); err != nil {
@@ -156,12 +176,26 @@ func (p *ListPager) List(ctx context.Context, options metav1.ListOptions) (runti
 //
 // Items are retrieved in chunks from the server to reduce the impact on the server with up to
 // ListPager.PageBufferSize chunks buffered concurrently in the background.
+//
+// If items passed to fn are retained for different durations, and you want to avoid
+// retaining the whole slice returned by p.PageFn as long as any item is referenced,
+// use EachListItemWithAlloc instead.
 func (p *ListPager) EachListItem(ctx context.Context, options metav1.ListOptions, fn func(obj runtime.Object) error) error {
 	return p.eachListChunkBuffered(ctx, options, func(obj runtime.Object) error {
 		return meta.EachListItem(obj, fn)
 	})
 }
 
+// EachListItemWithAlloc works like EachListItem, but avoids retaining references to the items slice returned by p.PageFn.
+// It does this by making a shallow copy of non-pointer items in the slice returned by p.PageFn.
+//
+// If the items passed to fn are not retained, or are retained for the same duration, use EachListItem instead for memory efficiency.
+func (p *ListPager) EachListItemWithAlloc(ctx context.Context, options metav1.ListOptions, fn func(obj runtime.Object) error) error {
+	return p.eachListChunkBuffered(ctx, options, func(obj runtime.Object) error {
+		return meta.EachListItemWithAlloc(obj, fn)
+	})
+}
+
 // eachListChunkBuffered fetches runtimeObject list chunks using this ListPager and invokes fn on
 // each list chunk.  If fn returns an error, processing stops and that error is returned. If fn does
 // not return an error, any error encountered while retrieving the list from the server is
diff --git a/vendor/k8s.io/client-go/tools/record/event.go b/vendor/k8s.io/client-go/tools/record/event.go
index 4899b362df..f176167dc8 100644
--- a/vendor/k8s.io/client-go/tools/record/event.go
+++ b/vendor/k8s.io/client-go/tools/record/event.go
@@ -274,7 +274,7 @@ func recordEvent(sink EventSink, event *v1.Event, patch []byte, updateExistingEv
 		klog.Errorf("Unable to construct event '%#v': '%v' (will not retry!)", event, err)
 		return true
 	case *errors.StatusError:
-		if errors.IsAlreadyExists(err) {
+		if errors.IsAlreadyExists(err) || errors.HasStatusCause(err, v1.NamespaceTerminatingCause) {
 			klog.V(5).Infof("Server rejected event '%#v': '%v' (will not retry!)", event, err)
 		} else {
 			klog.Errorf("Server rejected event '%#v': '%v' (will not retry!)", event, err)
@@ -357,6 +357,9 @@ func (recorder *recorderImpl) generateEvent(object runtime.Object, annotations m
 	event := recorder.makeEvent(ref, annotations, eventtype, reason, message)
 	event.Source = recorder.source
 
+	event.ReportingInstance = recorder.source.Host
+	event.ReportingController = recorder.source.Component
+
 	// NOTE: events should be a non-blocking operation, but we also need to not
 	// put this in a goroutine, otherwise we'll race to write to a closed channel
 	// when we go to shut down this broadcaster.  Just drop events if we get overloaded,
diff --git a/vendor/k8s.io/client-go/transport/cache.go b/vendor/k8s.io/client-go/transport/cache.go
index edcc6d1d48..7c7f1b330f 100644
--- a/vendor/k8s.io/client-go/transport/cache.go
+++ b/vendor/k8s.io/client-go/transport/cache.go
@@ -27,6 +27,7 @@ import (
 
 	utilnet "k8s.io/apimachinery/pkg/util/net"
 	"k8s.io/apimachinery/pkg/util/wait"
+	"k8s.io/client-go/tools/metrics"
 )
 
 // TlsTransportCache caches TLS http.RoundTrippers different configurations. The
@@ -80,11 +81,16 @@ func (c *tlsTransportCache) get(config *Config) (http.RoundTripper, error) {
 		// Ensure we only create a single transport for the given TLS options
 		c.mu.Lock()
 		defer c.mu.Unlock()
+		defer metrics.TransportCacheEntries.Observe(len(c.transports))
 
 		// See if we already have a custom transport for this config
 		if t, ok := c.transports[key]; ok {
+			metrics.TransportCreateCalls.Increment("hit")
 			return t, nil
 		}
+		metrics.TransportCreateCalls.Increment("miss")
+	} else {
+		metrics.TransportCreateCalls.Increment("uncacheable")
 	}
 
 	// Get the TLS options for this client config
diff --git a/vendor/k8s.io/client-go/util/cert/cert.go b/vendor/k8s.io/client-go/util/cert/cert.go
index 4be1dfe493..91e171271a 100644
--- a/vendor/k8s.io/client-go/util/cert/cert.go
+++ b/vendor/k8s.io/client-go/util/cert/cert.go
@@ -25,6 +25,7 @@ import (
 	"crypto/x509/pkix"
 	"encoding/pem"
 	"fmt"
+	"math"
 	"math/big"
 	"net"
 	"os"
@@ -44,6 +45,7 @@ type Config struct {
 	Organization []string
 	AltNames     AltNames
 	Usages       []x509.ExtKeyUsage
+	NotBefore    time.Time
 }
 
 // AltNames contains the domain names and IP addresses that will be added
@@ -57,14 +59,24 @@ type AltNames struct {
 // NewSelfSignedCACert creates a CA certificate
 func NewSelfSignedCACert(cfg Config, key crypto.Signer) (*x509.Certificate, error) {
 	now := time.Now()
+	// returns a uniform random value in [0, max-1), then add 1 to serial to make it a uniform random value in [1, max).
+	serial, err := cryptorand.Int(cryptorand.Reader, new(big.Int).SetInt64(math.MaxInt64-1))
+	if err != nil {
+		return nil, err
+	}
+	serial = new(big.Int).Add(serial, big.NewInt(1))
+	notBefore := now.UTC()
+	if !cfg.NotBefore.IsZero() {
+		notBefore = cfg.NotBefore.UTC()
+	}
 	tmpl := x509.Certificate{
-		SerialNumber: new(big.Int).SetInt64(0),
+		SerialNumber: serial,
 		Subject: pkix.Name{
 			CommonName:   cfg.CommonName,
 			Organization: cfg.Organization,
 		},
 		DNSNames:              []string{cfg.CommonName},
-		NotBefore:             now.UTC(),
+		NotBefore:             notBefore,
 		NotAfter:              now.Add(duration365d * 10).UTC(),
 		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
 		BasicConstraintsValid: true,
@@ -116,9 +128,14 @@ func GenerateSelfSignedCertKeyWithFixtures(host string, alternateIPs []net.IP, a
 	if err != nil {
 		return nil, nil, err
 	}
-
+	// returns a uniform random value in [0, max-1), then add 1 to serial to make it a uniform random value in [1, max).
+	serial, err := cryptorand.Int(cryptorand.Reader, new(big.Int).SetInt64(math.MaxInt64-1))
+	if err != nil {
+		return nil, nil, err
+	}
+	serial = new(big.Int).Add(serial, big.NewInt(1))
 	caTemplate := x509.Certificate{
-		SerialNumber: big.NewInt(1),
+		SerialNumber: serial,
 		Subject: pkix.Name{
 			CommonName: fmt.Sprintf("%s-ca@%d", host, time.Now().Unix()),
 		},
@@ -144,9 +161,14 @@ func GenerateSelfSignedCertKeyWithFixtures(host string, alternateIPs []net.IP, a
 	if err != nil {
 		return nil, nil, err
 	}
-
+	// returns a uniform random value in [0, max-1), then add 1 to serial to make it a uniform random value in [1, max).
+	serial, err = cryptorand.Int(cryptorand.Reader, new(big.Int).SetInt64(math.MaxInt64-1))
+	if err != nil {
+		return nil, nil, err
+	}
+	serial = new(big.Int).Add(serial, big.NewInt(1))
 	template := x509.Certificate{
-		SerialNumber: big.NewInt(2),
+		SerialNumber: serial,
 		Subject: pkix.Name{
 			CommonName: fmt.Sprintf("%s@%d", host, time.Now().Unix()),
 		},
diff --git a/vendor/k8s.io/gengo/args/args.go b/vendor/k8s.io/gengo/args/args.go
index 93d863f0e2..b81ceb93af 100644
--- a/vendor/k8s.io/gengo/args/args.go
+++ b/vendor/k8s.io/gengo/args/args.go
@@ -32,7 +32,6 @@ import (
 	"k8s.io/gengo/generator"
 	"k8s.io/gengo/namer"
 	"k8s.io/gengo/parser"
-	"k8s.io/gengo/types"
 
 	"github.com/spf13/pflag"
 )
@@ -155,24 +154,6 @@ func (g *GeneratorArgs) NewBuilder() (*parser.Builder, error) {
 	return b, nil
 }
 
-// InputIncludes returns true if the given package is a (sub) package of one of
-// the InputDirs.
-func (g *GeneratorArgs) InputIncludes(p *types.Package) bool {
-	for _, dir := range g.InputDirs {
-		d := dir
-		if strings.HasSuffix(d, "...") {
-			d = strings.TrimSuffix(d, "...")
-		}
-		if strings.HasPrefix(d, "./vendor/") {
-			d = strings.TrimPrefix(d, "./vendor/")
-		}
-		if strings.HasPrefix(p.Path, d) {
-			return true
-		}
-	}
-	return false
-}
-
 // DefaultSourceTree returns the /src directory of the first entry in $GOPATH.
 // If $GOPATH is empty, it returns "./". Useful as a default output location.
 func DefaultSourceTree() string {
diff --git a/vendor/k8s.io/gengo/generator/import_tracker.go b/vendor/k8s.io/gengo/generator/import_tracker.go
index f7c25a01f2..99525c40ba 100644
--- a/vendor/k8s.io/gengo/generator/import_tracker.go
+++ b/vendor/k8s.io/gengo/generator/import_tracker.go
@@ -26,15 +26,34 @@ import (
 	"k8s.io/gengo/types"
 )
 
-func NewImportTracker(typesToAdd ...*types.Type) *namer.DefaultImportTracker {
-	tracker := namer.NewDefaultImportTracker(types.Name{})
+// NewImportTrackerForPackage creates a new import tracker which is aware
+// of a generator's output package. The tracker will not add import lines
+// when symbols or types are added from the same package, and LocalNameOf
+// will return empty string for the output package.
+//
+// e.g.:
+//
+//	tracker := NewImportTrackerForPackage("bar.com/pkg/foo")
+//	tracker.AddSymbol(types.Name{"bar.com/pkg/foo.MyType"})
+//	tracker.AddSymbol(types.Name{"bar.com/pkg/baz.MyType"})
+//	tracker.AddSymbol(types.Name{"bar.com/pkg/baz/baz.MyType"})
+//
+//	tracker.LocalNameOf("bar.com/pkg/foo") -> ""
+//	tracker.LocalNameOf("bar.com/pkg/baz") -> "baz"
+//	tracker.LocalNameOf("bar.com/pkg/baz/baz") -> "bazbaz"
+//	tracker.ImportLines() -> {`baz "bar.com/pkg/baz"`, `bazbaz "bar.com/pkg/baz/baz"`}
+func NewImportTrackerForPackage(local string, typesToAdd ...*types.Type) *namer.DefaultImportTracker {
+	tracker := namer.NewDefaultImportTracker(types.Name{Package: local})
 	tracker.IsInvalidType = func(*types.Type) bool { return false }
 	tracker.LocalName = func(name types.Name) string { return golangTrackerLocalName(&tracker, name) }
 	tracker.PrintImport = func(path, name string) string { return name + " \"" + path + "\"" }
 
 	tracker.AddTypes(typesToAdd...)
 	return &tracker
+}
 
+func NewImportTracker(typesToAdd ...*types.Type) *namer.DefaultImportTracker {
+	return NewImportTrackerForPackage("", typesToAdd...)
 }
 
 func golangTrackerLocalName(tracker namer.ImportTracker, t types.Name) string {
diff --git a/vendor/k8s.io/gengo/namer/namer.go b/vendor/k8s.io/gengo/namer/namer.go
index 6feb2d0c46..a0f1a24abe 100644
--- a/vendor/k8s.io/gengo/namer/namer.go
+++ b/vendor/k8s.io/gengo/namer/namer.go
@@ -300,6 +300,7 @@ func (ns *NameStrategy) Name(t *types.Type) string {
 // import. You can implement yourself or use the one in the generation package.
 type ImportTracker interface {
 	AddType(*types.Type)
+	AddSymbol(types.Name)
 	LocalNameOf(packagePath string) string
 	PathOf(localName string) (string, bool)
 	ImportLines() []string
diff --git a/vendor/k8s.io/kube-openapi/pkg/builder3/util/util.go b/vendor/k8s.io/kube-openapi/pkg/builder3/util/util.go
deleted file mode 100644
index e015669256..0000000000
--- a/vendor/k8s.io/kube-openapi/pkg/builder3/util/util.go
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
-Copyright 2022 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package util
-
-import (
-	"reflect"
-
-	"k8s.io/kube-openapi/pkg/schemamutation"
-	"k8s.io/kube-openapi/pkg/validation/spec"
-)
-
-// wrapRefs wraps OpenAPI V3 Schema refs that contain sibling elements.
-// AllOf is used to wrap the Ref to prevent references from having sibling elements
-// Please see https://github.com/kubernetes/kubernetes/issues/106387#issuecomment-967640388
-func WrapRefs(schema *spec.Schema) *spec.Schema {
-	walker := schemamutation.Walker{
-		SchemaCallback: func(schema *spec.Schema) *spec.Schema {
-			orig := schema
-			clone := func() {
-				if orig == schema {
-					schema = new(spec.Schema)
-					*schema = *orig
-				}
-			}
-			if schema.Ref.String() != "" && !reflect.DeepEqual(*schema, spec.Schema{SchemaProps: spec.SchemaProps{Ref: schema.Ref}}) {
-				clone()
-				refSchema := new(spec.Schema)
-				refSchema.Ref = schema.Ref
-				schema.Ref = spec.Ref{}
-				schema.AllOf = []spec.Schema{*refSchema}
-			}
-			return schema
-		},
-		RefCallback: schemamutation.RefCallbackNoop,
-	}
-	return walker.WalkSchema(schema)
-}
diff --git a/vendor/k8s.io/kube-openapi/pkg/cached/cache.go b/vendor/k8s.io/kube-openapi/pkg/cached/cache.go
index 3972cd5f4c..a66fe8a095 100644
--- a/vendor/k8s.io/kube-openapi/pkg/cached/cache.go
+++ b/vendor/k8s.io/kube-openapi/pkg/cached/cache.go
@@ -14,34 +14,29 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-// Package cache provides a cache mechanism based on etags to lazily
+// Package cached provides a cache mechanism based on etags to lazily
 // build, and/or cache results from expensive operation such that those
 // operations are not repeated unnecessarily. The operations can be
 // created as a tree, and replaced dynamically as needed.
 //
+// All the operations in this module are thread-safe.
+//
 // # Dependencies and types of caches
 //
 // This package uses a source/transform/sink model of caches to build
 // the dependency tree, and can be used as follows:
-//   - [NewSource]: A source cache that recomputes the content every time.
-//   - [NewStaticSource]: A source cache that always produces the
+//   - [Func]: A source cache that recomputes the content every time.
+//   - [Once]: A source cache that always produces the
 //     same content, it is only called once.
-//   - [NewTransformer]: A cache that transforms data from one format to
+//   - [Transform]: A cache that transforms data from one format to
 //     another. It's only refreshed when the source changes.
-//   - [NewMerger]: A cache that aggregates multiple caches into one.
+//   - [Merge]: A cache that aggregates multiple caches in a map into one.
 //     It's only refreshed when the source changes.
-//   - [Replaceable]: A cache adapter that can be atomically
-//     replaced with a new one, and saves the previous results in case an
-//     error pops-up.
-//
-// # Atomicity
-//
-// Most of the operations are not atomic/thread-safe, except for
-// [Replaceable.Replace] which can be performed while the objects are
-// being read. Specifically, `Get` methods are NOT thread-safe. Never
-// call `Get()` without a lock on a multi-threaded environment, since
-// it's usually performing updates to caches that will require write
-// operations.
+//   - [MergeList]: A cache that aggregates multiple caches in a list into one.
+//     It's only refreshed when the source changes.
+//   - [Atomic]: A cache adapter that atomically replaces the source with a new one.
+//   - [LastSuccess]: A cache adapter that caches the last successful and returns
+//     it if the next call fails. It extends [Atomic].
 //
 // # Etags
 //
@@ -57,120 +52,146 @@ package cached
 
 import (
 	"fmt"
+	"sync"
 	"sync/atomic"
 )
 
-// Result is the content returned from a call to a cache. It can either
-// be created with [NewResultOK] if the call was a success, or
-// [NewResultErr] if the call resulted in an error.
+// Value is wrapping a value behind a getter for lazy evaluation.
+type Value[T any] interface {
+	Get() (value T, etag string, err error)
+}
+
+// Result is wrapping T and error into a struct for cases where a tuple is more
+// convenient or necessary in Golang.
 type Result[T any] struct {
-	Data T
-	Etag string
-	Err  error
+	Value T
+	Etag  string
+	Err   error
 }
 
-// NewResultOK creates a new [Result] for a successful operation.
-func NewResultOK[T any](data T, etag string) Result[T] {
-	return Result[T]{
-		Data: data,
-		Etag: etag,
-	}
+func (r Result[T]) Get() (T, string, error) {
+	return r.Value, r.Etag, r.Err
 }
 
-// NewResultErr creates a new [Result] when an error has happened.
-func NewResultErr[T any](err error) Result[T] {
-	return Result[T]{
-		Err: err,
-	}
+// Func wraps a (thread-safe) function as a Value[T].
+func Func[T any](fn func() (T, string, error)) Value[T] {
+	return valueFunc[T](fn)
+}
+
+type valueFunc[T any] func() (T, string, error)
+
+func (c valueFunc[T]) Get() (T, string, error) {
+	return c()
 }
 
-// Result can be treated as a [Data] if necessary.
-func (r Result[T]) Get() Result[T] {
-	return r
+// Static returns constant values.
+func Static[T any](value T, etag string) Value[T] {
+	return Result[T]{Value: value, Etag: etag}
 }
 
-// Data is a cache that performs an action whose result data will be
-// cached. It also returns an "etag" identifier to version the cache, so
-// that the caller can know if they have the most recent version of the
-// cache (and can decide to cache some operation based on that).
+// Merge merges a of cached values. The merge function only gets called if any of
+// the dependency has changed.
 //
-// The [NewMerger] and [NewTransformer] automatically handle
-// that for you by checking if the etag is updated before calling the
-// merging or transforming function.
-type Data[T any] interface {
-	// Returns the cached data, as well as an "etag" to identify the
-	// version of the cache, or an error if something happened.
-	//
-	// # Important note
-	//
-	// This method is NEVER thread-safe, never assume it is OK to
-	// call `Get()` without holding a proper mutex in a
-	// multi-threaded environment, especially since `Get()` will
-	// usually update the cache and perform write operations.
-	Get() Result[T]
-}
+// If any of the dependency returned an error before, or any of the
+// dependency returned an error this time, or if the mergeFn failed
+// before, then the function is run again.
+//
+// Note that this assumes there is no "partial" merge, the merge
+// function will remerge all the dependencies together everytime. Since
+// the list of dependencies is constant, there is no way to save some
+// partial merge information either.
+//
+// Also note that Golang map iteration is not stable. If the mergeFn
+// depends on the order iteration to be stable, it will need to
+// implement its own sorting or iteration order.
+func Merge[K comparable, T, V any](mergeFn func(results map[K]Result[T]) (V, string, error), caches map[K]Value[T]) Value[V] {
+	list := make([]Value[T], 0, len(caches))
+
+	// map from index to key
+	indexes := make(map[int]K, len(caches))
+	i := 0
+	for k := range caches {
+		list = append(list, caches[k])
+		indexes[i] = k
+		i++
+	}
 
-// T is the source type, V is the destination type.
-type merger[K comparable, T, V any] struct {
-	mergeFn      func(map[K]Result[T]) Result[V]
-	caches       map[K]Data[T]
-	cacheResults map[K]Result[T]
-	result       Result[V]
+	return MergeList(func(results []Result[T]) (V, string, error) {
+		if len(results) != len(indexes) {
+			panic(fmt.Errorf("invalid result length %d, expected %d", len(results), len(indexes)))
+		}
+		m := make(map[K]Result[T], len(results))
+		for i := range results {
+			m[indexes[i]] = results[i]
+		}
+		return mergeFn(m)
+	}, list)
 }
 
-// NewMerger creates a new merge cache, a cache that merges the result
-// of other caches. The function only gets called if any of the
-// dependency has changed.
+// MergeList merges a list of cached values. The function only gets called if
+// any of the dependency has changed.
+//
+// The benefit of ListMerger over the basic Merger is that caches are
+// stored in an ordered list so the order of the cache will be
+// preserved in the order of the results passed to the mergeFn.
 //
 // If any of the dependency returned an error before, or any of the
 // dependency returned an error this time, or if the mergeFn failed
 // before, then the function is reran.
 //
-// The caches and results are mapped by K so that associated data can be
-// retrieved. The map of dependencies can not be modified after
-// creation, and a new merger should be created (and probably replaced
-// using a [Replaceable]).
-//
 // Note that this assumes there is no "partial" merge, the merge
 // function will remerge all the dependencies together everytime. Since
 // the list of dependencies is constant, there is no way to save some
 // partial merge information either.
-func NewMerger[K comparable, T, V any](mergeFn func(results map[K]Result[T]) Result[V], caches map[K]Data[T]) Data[V] {
-	return &merger[K, T, V]{
-		mergeFn: mergeFn,
-		caches:  caches,
+func MergeList[T, V any](mergeFn func(results []Result[T]) (V, string, error), delegates []Value[T]) Value[V] {
+	return &listMerger[T, V]{
+		mergeFn:   mergeFn,
+		delegates: delegates,
 	}
 }
 
-func (c *merger[K, T, V]) prepareResults() map[K]Result[T] {
-	cacheResults := make(map[K]Result[T], len(c.caches))
-	for key, cache := range c.caches {
-		cacheResults[key] = cache.Get()
+type listMerger[T, V any] struct {
+	lock      sync.Mutex
+	mergeFn   func([]Result[T]) (V, string, error)
+	delegates []Value[T]
+	cache     []Result[T]
+	result    Result[V]
+}
+
+func (c *listMerger[T, V]) prepareResultsLocked() []Result[T] {
+	cacheResults := make([]Result[T], len(c.delegates))
+	ch := make(chan struct {
+		int
+		Result[T]
+	}, len(c.delegates))
+	for i := range c.delegates {
+		go func(index int) {
+			value, etag, err := c.delegates[index].Get()
+			ch <- struct {
+				int
+				Result[T]
+			}{index, Result[T]{Value: value, Etag: etag, Err: err}}
+		}(i)
+	}
+	for i := 0; i < len(c.delegates); i++ {
+		res := <-ch
+		cacheResults[res.int] = res.Result
 	}
 	return cacheResults
 }
 
-// Rerun if:
-//   - The last run resulted in an error
-//   - Any of the dependency previously returned an error
-//   - Any of the dependency just returned an error
-//   - Any of the dependency's etag changed
-func (c *merger[K, T, V]) needsRunning(results map[K]Result[T]) bool {
-	if c.cacheResults == nil {
+func (c *listMerger[T, V]) needsRunningLocked(results []Result[T]) bool {
+	if c.cache == nil {
 		return true
 	}
 	if c.result.Err != nil {
 		return true
 	}
-	if len(results) != len(c.cacheResults) {
-		panic(fmt.Errorf("invalid number of results: %v (expected %v)", len(results), len(c.cacheResults)))
+	if len(results) != len(c.cache) {
+		panic(fmt.Errorf("invalid number of results: %v (expected %v)", len(results), len(c.cache)))
 	}
-	for key, oldResult := range c.cacheResults {
-		newResult, ok := results[key]
-		if !ok {
-			panic(fmt.Errorf("unknown cache entry: %v", key))
-		}
-
+	for i, oldResult := range c.cache {
+		newResult := results[i]
 		if newResult.Etag != oldResult.Etag || newResult.Err != nil || oldResult.Err != nil {
 			return true
 		}
@@ -178,104 +199,92 @@ func (c *merger[K, T, V]) needsRunning(results map[K]Result[T]) bool {
 	return false
 }
 
-func (c *merger[K, T, V]) Get() Result[V] {
-	cacheResults := c.prepareResults()
-	if c.needsRunning(cacheResults) {
-		c.cacheResults = cacheResults
-		c.result = c.mergeFn(c.cacheResults)
+func (c *listMerger[T, V]) Get() (V, string, error) {
+	c.lock.Lock()
+	defer c.lock.Unlock()
+	cacheResults := c.prepareResultsLocked()
+	if c.needsRunningLocked(cacheResults) {
+		c.cache = cacheResults
+		c.result.Value, c.result.Etag, c.result.Err = c.mergeFn(c.cache)
 	}
-	return c.result
+	return c.result.Value, c.result.Etag, c.result.Err
 }
 
-type transformerCacheKeyType struct{}
-
-// NewTransformer creates a new cache that transforms the result of
-// another cache. The transformFn will only be called if the source
-// cache has updated the output, otherwise, the cached result will be
-// returned.
+// Transform the result of another cached value. The transformFn will only be called
+// if the source has updated, otherwise, the result will be returned.
 //
 // If the dependency returned an error before, or it returns an error
 // this time, or if the transformerFn failed before, the function is
 // reran.
-func NewTransformer[T, V any](transformerFn func(Result[T]) Result[V], source Data[T]) Data[V] {
-	return NewMerger(func(caches map[transformerCacheKeyType]Result[T]) Result[V] {
-		cache, ok := caches[transformerCacheKeyType{}]
-		if len(caches) != 1 || !ok {
-			panic(fmt.Errorf("invalid cache for transformer cache: %v", caches))
+func Transform[T, V any](transformerFn func(T, string, error) (V, string, error), source Value[T]) Value[V] {
+	return MergeList(func(delegates []Result[T]) (V, string, error) {
+		if len(delegates) != 1 {
+			panic(fmt.Errorf("invalid cache for transformer cache: %v", delegates))
 		}
-		return transformerFn(cache)
-	}, map[transformerCacheKeyType]Data[T]{
-		{}: source,
-	})
+		return transformerFn(delegates[0].Value, delegates[0].Etag, delegates[0].Err)
+	}, []Value[T]{source})
 }
 
-// NewSource creates a new cache that generates some data. This
-// will always be called since we don't know the origin of the data and
-// if it needs to be updated or not.
-func NewSource[T any](sourceFn func() Result[T]) Data[T] {
-	c := source[T](sourceFn)
-	return &c
+// Once calls Value[T].Get() lazily and only once, even in case of an error result.
+func Once[T any](d Value[T]) Value[T] {
+	return &once[T]{
+		data: d,
+	}
 }
 
-type source[T any] func() Result[T]
-
-func (c *source[T]) Get() Result[T] {
-	return (*c)()
+type once[T any] struct {
+	once   sync.Once
+	data   Value[T]
+	result Result[T]
 }
 
-// NewStaticSource creates a new cache that always generates the
-// same data. This will only be called once (lazily).
-func NewStaticSource[T any](staticFn func() Result[T]) Data[T] {
-	return &static[T]{
-		fn: staticFn,
-	}
+func (c *once[T]) Get() (T, string, error) {
+	c.once.Do(func() {
+		c.result.Value, c.result.Etag, c.result.Err = c.data.Get()
+	})
+	return c.result.Value, c.result.Etag, c.result.Err
 }
 
-type static[T any] struct {
-	fn     func() Result[T]
-	result *Result[T]
+// Replaceable extends the Value[T] interface with the ability to change the
+// underlying Value[T] after construction.
+type Replaceable[T any] interface {
+	Value[T]
+	Store(Value[T])
 }
 
-func (c *static[T]) Get() Result[T] {
-	if c.result == nil {
-		result := c.fn()
-		c.result = &result
-	}
-	return *c.result
+// Atomic wraps a Value[T] as an atomic value that can be replaced. It implements
+// Replaceable[T].
+type Atomic[T any] struct {
+	value atomic.Pointer[Value[T]]
 }
 
-// Replaceable is a cache that carries the result even when the
-// cache is replaced. The cache can be replaced atomically (without any
-// lock held). This is the type that should typically be stored in
-// structs.
-type Replaceable[T any] struct {
-	cache  atomic.Pointer[Data[T]]
-	result *Result[T]
+var _ Replaceable[[]byte] = &Atomic[[]byte]{}
+
+func (x *Atomic[T]) Store(val Value[T])      { x.value.Store(&val) }
+func (x *Atomic[T]) Get() (T, string, error) { return (*x.value.Load()).Get() }
+
+// LastSuccess calls Value[T].Get(), but hides errors by returning the last
+// success if there has been any.
+type LastSuccess[T any] struct {
+	Atomic[T]
+	success atomic.Pointer[Result[T]]
 }
 
-// Get retrieves the data from the underlying source. [Replaceable]
-// implements the [Data] interface itself. This is a pass-through
-// that calls the most recent underlying cache. If the cache fails but
-// previously had returned a success, that success will be returned
-// instead. If the cache fails but we never returned a success, that
-// failure is returned.
-//
-// # Important note
-//
-// As all implementations of Get, this implementation is NOT
-// thread-safe. Please properly lock a mutex before calling this method
-// if you are in a multi-threaded environment, since this method will
-// update the cache and perform write operations.
-func (c *Replaceable[T]) Get() Result[T] {
-	result := (*c.cache.Load()).Get()
-	if result.Err != nil && c.result != nil && c.result.Err == nil {
-		return *c.result
+var _ Replaceable[[]byte] = &LastSuccess[[]byte]{}
+
+func (c *LastSuccess[T]) Get() (T, string, error) {
+	success := c.success.Load()
+	value, etag, err := c.Atomic.Get()
+	if err == nil {
+		if success == nil {
+			c.success.CompareAndSwap(nil, &Result[T]{Value: value, Etag: etag, Err: err})
+		}
+		return value, etag, err
+	}
+
+	if success != nil {
+		return success.Value, success.Etag, success.Err
 	}
-	c.result = &result
-	return *c.result
-}
 
-// Replace changes the cache in a thread-safe way.
-func (c *Replaceable[T]) Replace(cache Data[T]) {
-	c.cache.Swap(&cache)
+	return value, etag, err
 }
diff --git a/vendor/k8s.io/kube-openapi/pkg/common/common.go b/vendor/k8s.io/kube-openapi/pkg/common/common.go
index 1a6c12e17a..2e15e163c5 100644
--- a/vendor/k8s.io/kube-openapi/pkg/common/common.go
+++ b/vendor/k8s.io/kube-openapi/pkg/common/common.go
@@ -22,7 +22,6 @@ import (
 
 	"github.com/emicklei/go-restful/v3"
 
-	"k8s.io/kube-openapi/pkg/openapiconv"
 	"k8s.io/kube-openapi/pkg/spec3"
 	"k8s.io/kube-openapi/pkg/validation/spec"
 )
@@ -172,43 +171,6 @@ type OpenAPIV3Config struct {
 	DefaultSecurity []map[string][]string
 }
 
-// ConvertConfigToV3 converts a Config object to an OpenAPIV3Config object
-func ConvertConfigToV3(config *Config) *OpenAPIV3Config {
-	if config == nil {
-		return nil
-	}
-
-	v3Config := &OpenAPIV3Config{
-		Info:                           config.Info,
-		IgnorePrefixes:                 config.IgnorePrefixes,
-		GetDefinitions:                 config.GetDefinitions,
-		GetOperationIDAndTags:          config.GetOperationIDAndTags,
-		GetOperationIDAndTagsFromRoute: config.GetOperationIDAndTagsFromRoute,
-		GetDefinitionName:              config.GetDefinitionName,
-		Definitions:                    config.Definitions,
-		SecuritySchemes:                make(spec3.SecuritySchemes),
-		DefaultSecurity:                config.DefaultSecurity,
-		DefaultResponse:                openapiconv.ConvertResponse(config.DefaultResponse, []string{"application/json"}),
-
-		CommonResponses:     make(map[int]*spec3.Response),
-		ResponseDefinitions: make(map[string]*spec3.Response),
-	}
-
-	if config.SecurityDefinitions != nil {
-		for s, securityScheme := range *config.SecurityDefinitions {
-			v3Config.SecuritySchemes[s] = openapiconv.ConvertSecurityScheme(securityScheme)
-		}
-	}
-	for k, commonResponse := range config.CommonResponses {
-		v3Config.CommonResponses[k] = openapiconv.ConvertResponse(&commonResponse, []string{"application/json"})
-	}
-
-	for k, responseDefinition := range config.ResponseDefinitions {
-		v3Config.ResponseDefinitions[k] = openapiconv.ConvertResponse(&responseDefinition, []string{"application/json"})
-	}
-	return v3Config
-}
-
 type typeInfo struct {
 	name   string
 	format string
diff --git a/vendor/k8s.io/kube-openapi/pkg/handler3/handler.go b/vendor/k8s.io/kube-openapi/pkg/handler3/handler.go
index 66b7a68da6..fc45634887 100644
--- a/vendor/k8s.io/kube-openapi/pkg/handler3/handler.go
+++ b/vendor/k8s.io/kube-openapi/pkg/handler3/handler.go
@@ -30,9 +30,10 @@ import (
 	"time"
 
 	"github.com/golang/protobuf/proto"
-	openapi_v3 "github.com/google/gnostic/openapiv3"
+	openapi_v3 "github.com/google/gnostic-models/openapiv3"
 	"github.com/google/uuid"
 	"github.com/munnerz/goautoneg"
+
 	"k8s.io/klog/v2"
 	"k8s.io/kube-openapi/pkg/cached"
 	"k8s.io/kube-openapi/pkg/common"
@@ -73,38 +74,38 @@ type timedSpec struct {
 
 // This type is protected by the lock on OpenAPIService.
 type openAPIV3Group struct {
-	specCache cached.Replaceable[*spec3.OpenAPI]
-	pbCache   cached.Data[timedSpec]
-	jsonCache cached.Data[timedSpec]
+	specCache cached.LastSuccess[*spec3.OpenAPI]
+	pbCache   cached.Value[timedSpec]
+	jsonCache cached.Value[timedSpec]
 }
 
 func newOpenAPIV3Group() *openAPIV3Group {
 	o := &openAPIV3Group{}
-	o.jsonCache = cached.NewTransformer[*spec3.OpenAPI](func(result cached.Result[*spec3.OpenAPI]) cached.Result[timedSpec] {
-		if result.Err != nil {
-			return cached.NewResultErr[timedSpec](result.Err)
+	o.jsonCache = cached.Transform[*spec3.OpenAPI](func(spec *spec3.OpenAPI, etag string, err error) (timedSpec, string, error) {
+		if err != nil {
+			return timedSpec{}, "", err
 		}
-		json, err := json.Marshal(result.Data)
+		json, err := json.Marshal(spec)
 		if err != nil {
-			return cached.NewResultErr[timedSpec](err)
+			return timedSpec{}, "", err
 		}
-		return cached.NewResultOK(timedSpec{spec: json, lastModified: time.Now()}, computeETag(json))
+		return timedSpec{spec: json, lastModified: time.Now()}, computeETag(json), nil
 	}, &o.specCache)
-	o.pbCache = cached.NewTransformer(func(result cached.Result[timedSpec]) cached.Result[timedSpec] {
-		if result.Err != nil {
-			return cached.NewResultErr[timedSpec](result.Err)
+	o.pbCache = cached.Transform(func(ts timedSpec, etag string, err error) (timedSpec, string, error) {
+		if err != nil {
+			return timedSpec{}, "", err
 		}
-		proto, err := ToV3ProtoBinary(result.Data.spec)
+		proto, err := ToV3ProtoBinary(ts.spec)
 		if err != nil {
-			return cached.NewResultErr[timedSpec](err)
+			return timedSpec{}, "", err
 		}
-		return cached.NewResultOK(timedSpec{spec: proto, lastModified: result.Data.lastModified}, result.Etag)
+		return timedSpec{spec: proto, lastModified: ts.lastModified}, etag, nil
 	}, o.jsonCache)
 	return o
 }
 
-func (o *openAPIV3Group) UpdateSpec(openapi cached.Data[*spec3.OpenAPI]) {
-	o.specCache.Replace(openapi)
+func (o *openAPIV3Group) UpdateSpec(openapi cached.Value[*spec3.OpenAPI]) {
+	o.specCache.Store(openapi)
 }
 
 // OpenAPIService is the service responsible for serving OpenAPI spec. It has
@@ -114,7 +115,7 @@ type OpenAPIService struct {
 	mutex    sync.Mutex
 	v3Schema map[string]*openAPIV3Group
 
-	discoveryCache cached.Replaceable[timedSpec]
+	discoveryCache cached.LastSuccess[timedSpec]
 }
 
 func computeETag(data []byte) string {
@@ -137,20 +138,20 @@ func NewOpenAPIService() *OpenAPIService {
 	o := &OpenAPIService{}
 	o.v3Schema = make(map[string]*openAPIV3Group)
 	// We're not locked because we haven't shared the structure yet.
-	o.discoveryCache.Replace(o.buildDiscoveryCacheLocked())
+	o.discoveryCache.Store(o.buildDiscoveryCacheLocked())
 	return o
 }
 
-func (o *OpenAPIService) buildDiscoveryCacheLocked() cached.Data[timedSpec] {
-	caches := make(map[string]cached.Data[timedSpec], len(o.v3Schema))
+func (o *OpenAPIService) buildDiscoveryCacheLocked() cached.Value[timedSpec] {
+	caches := make(map[string]cached.Value[timedSpec], len(o.v3Schema))
 	for gvName, group := range o.v3Schema {
 		caches[gvName] = group.jsonCache
 	}
-	return cached.NewMerger(func(results map[string]cached.Result[timedSpec]) cached.Result[timedSpec] {
+	return cached.Merge(func(results map[string]cached.Result[timedSpec]) (timedSpec, string, error) {
 		discovery := &OpenAPIV3Discovery{Paths: make(map[string]OpenAPIV3DiscoveryGroupVersion)}
 		for gvName, result := range results {
 			if result.Err != nil {
-				return cached.NewResultErr[timedSpec](result.Err)
+				return timedSpec{}, "", result.Err
 			}
 			discovery.Paths[gvName] = OpenAPIV3DiscoveryGroupVersion{
 				ServerRelativeURL: constructServerRelativeURL(gvName, result.Etag),
@@ -158,9 +159,9 @@ func (o *OpenAPIService) buildDiscoveryCacheLocked() cached.Data[timedSpec] {
 		}
 		j, err := json.Marshal(discovery)
 		if err != nil {
-			return cached.NewResultErr[timedSpec](err)
+			return timedSpec{}, "", err
 		}
-		return cached.NewResultOK(timedSpec{spec: j, lastModified: time.Now()}, computeETag(j))
+		return timedSpec{spec: j, lastModified: time.Now()}, computeETag(j), nil
 	}, caches)
 }
 
@@ -171,32 +172,32 @@ func (o *OpenAPIService) getSingleGroupBytes(getType string, group string) ([]by
 	if !ok {
 		return nil, "", time.Now(), fmt.Errorf("Cannot find CRD group %s", group)
 	}
-	result := cached.Result[timedSpec]{}
 	switch getType {
 	case subTypeJSON:
-		result = v.jsonCache.Get()
+		ts, etag, err := v.jsonCache.Get()
+		return ts.spec, etag, ts.lastModified, err
 	case subTypeProtobuf, subTypeProtobufDeprecated:
-		result = v.pbCache.Get()
+		ts, etag, err := v.pbCache.Get()
+		return ts.spec, etag, ts.lastModified, err
 	default:
 		return nil, "", time.Now(), fmt.Errorf("Invalid accept clause %s", getType)
 	}
-	return result.Data.spec, result.Etag, result.Data.lastModified, result.Err
 }
 
 // UpdateGroupVersionLazy adds or updates an existing group with the new cached.
-func (o *OpenAPIService) UpdateGroupVersionLazy(group string, openapi cached.Data[*spec3.OpenAPI]) {
+func (o *OpenAPIService) UpdateGroupVersionLazy(group string, openapi cached.Value[*spec3.OpenAPI]) {
 	o.mutex.Lock()
 	defer o.mutex.Unlock()
 	if _, ok := o.v3Schema[group]; !ok {
 		o.v3Schema[group] = newOpenAPIV3Group()
 		// Since there is a new item, we need to re-build the cache map.
-		o.discoveryCache.Replace(o.buildDiscoveryCacheLocked())
+		o.discoveryCache.Store(o.buildDiscoveryCacheLocked())
 	}
 	o.v3Schema[group].UpdateSpec(openapi)
 }
 
 func (o *OpenAPIService) UpdateGroupVersion(group string, openapi *spec3.OpenAPI) {
-	o.UpdateGroupVersionLazy(group, cached.NewResultOK(openapi, uuid.New().String()))
+	o.UpdateGroupVersionLazy(group, cached.Static(openapi, uuid.New().String()))
 }
 
 func (o *OpenAPIService) DeleteGroupVersion(group string) {
@@ -204,19 +205,19 @@ func (o *OpenAPIService) DeleteGroupVersion(group string) {
 	defer o.mutex.Unlock()
 	delete(o.v3Schema, group)
 	// Rebuild the merge cache map since the items have changed.
-	o.discoveryCache.Replace(o.buildDiscoveryCacheLocked())
+	o.discoveryCache.Store(o.buildDiscoveryCacheLocked())
 }
 
 func (o *OpenAPIService) HandleDiscovery(w http.ResponseWriter, r *http.Request) {
-	result := o.discoveryCache.Get()
-	if result.Err != nil {
-		klog.Errorf("Error serving discovery: %s", result.Err)
+	ts, etag, err := o.discoveryCache.Get()
+	if err != nil {
+		klog.Errorf("Error serving discovery: %s", err)
 		w.WriteHeader(http.StatusInternalServerError)
 		return
 	}
-	w.Header().Set("Etag", strconv.Quote(result.Etag))
+	w.Header().Set("Etag", strconv.Quote(etag))
 	w.Header().Set("Content-Type", "application/json")
-	http.ServeContent(w, r, "/openapi/v3", result.Data.lastModified, bytes.NewReader(result.Data.spec))
+	http.ServeContent(w, r, "/openapi/v3", ts.lastModified, bytes.NewReader(ts.spec))
 }
 
 func (o *OpenAPIService) HandleGroupVersion(w http.ResponseWriter, r *http.Request) {
diff --git a/vendor/k8s.io/kube-openapi/pkg/internal/flags.go b/vendor/k8s.io/kube-openapi/pkg/internal/flags.go
index bef6037823..da5485f6a6 100644
--- a/vendor/k8s.io/kube-openapi/pkg/internal/flags.go
+++ b/vendor/k8s.io/kube-openapi/pkg/internal/flags.go
@@ -22,3 +22,4 @@ var UseOptimizedJSONUnmarshalingV3 bool = true
 
 // Used by tests to selectively disable experimental JSON marshaler
 var UseOptimizedJSONMarshaling bool = true
+var UseOptimizedJSONMarshalingV3 bool = true
diff --git a/vendor/k8s.io/kube-openapi/pkg/openapiconv/convert.go b/vendor/k8s.io/kube-openapi/pkg/openapiconv/convert.go
deleted file mode 100644
index e993fe23d5..0000000000
--- a/vendor/k8s.io/kube-openapi/pkg/openapiconv/convert.go
+++ /dev/null
@@ -1,322 +0,0 @@
-/*
-Copyright 2022 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package openapiconv
-
-import (
-	"strings"
-
-	klog "k8s.io/klog/v2"
-	builderutil "k8s.io/kube-openapi/pkg/builder3/util"
-	"k8s.io/kube-openapi/pkg/spec3"
-	"k8s.io/kube-openapi/pkg/validation/spec"
-)
-
-var OpenAPIV2DefPrefix = "#/definitions/"
-var OpenAPIV3DefPrefix = "#/components/schemas/"
-
-// ConvertV2ToV3 converts an OpenAPI V2 object into V3.
-// Certain references may be shared between the V2 and V3 objects in the conversion.
-func ConvertV2ToV3(v2Spec *spec.Swagger) *spec3.OpenAPI {
-	v3Spec := &spec3.OpenAPI{
-		Version:      "3.0.0",
-		Info:         v2Spec.Info,
-		ExternalDocs: ConvertExternalDocumentation(v2Spec.ExternalDocs),
-		Paths:        ConvertPaths(v2Spec.Paths),
-		Components:   ConvertComponents(v2Spec.SecurityDefinitions, v2Spec.Definitions, v2Spec.Responses, v2Spec.Produces),
-	}
-
-	return v3Spec
-}
-
-func ConvertExternalDocumentation(v2ED *spec.ExternalDocumentation) *spec3.ExternalDocumentation {
-	if v2ED == nil {
-		return nil
-	}
-	return &spec3.ExternalDocumentation{
-		ExternalDocumentationProps: spec3.ExternalDocumentationProps{
-			Description: v2ED.Description,
-			URL:         v2ED.URL,
-		},
-	}
-}
-
-func ConvertComponents(v2SecurityDefinitions spec.SecurityDefinitions, v2Definitions spec.Definitions, v2Responses map[string]spec.Response, produces []string) *spec3.Components {
-	components := &spec3.Components{}
-
-	if v2Definitions != nil {
-		components.Schemas = make(map[string]*spec.Schema)
-	}
-	for s, schema := range v2Definitions {
-		components.Schemas[s] = ConvertSchema(&schema)
-	}
-	if v2SecurityDefinitions != nil {
-		components.SecuritySchemes = make(spec3.SecuritySchemes)
-	}
-	for s, securityScheme := range v2SecurityDefinitions {
-		components.SecuritySchemes[s] = ConvertSecurityScheme(securityScheme)
-	}
-	if v2Responses != nil {
-		components.Responses = make(map[string]*spec3.Response)
-	}
-	for r, response := range v2Responses {
-		components.Responses[r] = ConvertResponse(&response, produces)
-	}
-
-	return components
-}
-
-func ConvertSchema(v2Schema *spec.Schema) *spec.Schema {
-	if v2Schema == nil {
-		return nil
-	}
-	v3Schema := spec.Schema{
-		VendorExtensible:   v2Schema.VendorExtensible,
-		SchemaProps:        v2Schema.SchemaProps,
-		SwaggerSchemaProps: v2Schema.SwaggerSchemaProps,
-		ExtraProps:         v2Schema.ExtraProps,
-	}
-
-	if refString := v2Schema.Ref.String(); refString != "" {
-		if idx := strings.Index(refString, OpenAPIV2DefPrefix); idx != -1 {
-			v3Schema.Ref = spec.MustCreateRef(OpenAPIV3DefPrefix + refString[idx+len(OpenAPIV2DefPrefix):])
-		} else {
-			klog.Errorf("Error: Swagger V2 Ref %s does not contain #/definitions\n", refString)
-		}
-	}
-
-	if v2Schema.Properties != nil {
-		v3Schema.Properties = make(map[string]spec.Schema)
-		for key, property := range v2Schema.Properties {
-			v3Schema.Properties[key] = *ConvertSchema(&property)
-		}
-	}
-	if v2Schema.Items != nil {
-		v3Schema.Items = &spec.SchemaOrArray{
-			Schema:  ConvertSchema(v2Schema.Items.Schema),
-			Schemas: ConvertSchemaList(v2Schema.Items.Schemas),
-		}
-	}
-
-	if v2Schema.AdditionalProperties != nil {
-		v3Schema.AdditionalProperties = &spec.SchemaOrBool{
-			Schema: ConvertSchema(v2Schema.AdditionalProperties.Schema),
-			Allows: v2Schema.AdditionalProperties.Allows,
-		}
-	}
-	if v2Schema.AdditionalItems != nil {
-		v3Schema.AdditionalItems = &spec.SchemaOrBool{
-			Schema: ConvertSchema(v2Schema.AdditionalItems.Schema),
-			Allows: v2Schema.AdditionalItems.Allows,
-		}
-	}
-
-	return builderutil.WrapRefs(&v3Schema)
-}
-
-func ConvertSchemaList(v2SchemaList []spec.Schema) []spec.Schema {
-	if v2SchemaList == nil {
-		return nil
-	}
-	v3SchemaList := []spec.Schema{}
-	for _, s := range v2SchemaList {
-		v3SchemaList = append(v3SchemaList, *ConvertSchema(&s))
-	}
-	return v3SchemaList
-}
-
-func ConvertSecurityScheme(v2securityScheme *spec.SecurityScheme) *spec3.SecurityScheme {
-	if v2securityScheme == nil {
-		return nil
-	}
-	securityScheme := &spec3.SecurityScheme{
-		VendorExtensible: v2securityScheme.VendorExtensible,
-		SecuritySchemeProps: spec3.SecuritySchemeProps{
-			Description: v2securityScheme.Description,
-			Type:        v2securityScheme.Type,
-			Name:        v2securityScheme.Name,
-			In:          v2securityScheme.In,
-		},
-	}
-
-	if v2securityScheme.Flow != "" {
-		securityScheme.Flows = make(map[string]*spec3.OAuthFlow)
-		securityScheme.Flows[v2securityScheme.Flow] = &spec3.OAuthFlow{
-			OAuthFlowProps: spec3.OAuthFlowProps{
-				AuthorizationUrl: v2securityScheme.AuthorizationURL,
-				TokenUrl:         v2securityScheme.TokenURL,
-				Scopes:           v2securityScheme.Scopes,
-			},
-		}
-	}
-	return securityScheme
-}
-
-func ConvertPaths(v2Paths *spec.Paths) *spec3.Paths {
-	if v2Paths == nil {
-		return nil
-	}
-	paths := &spec3.Paths{
-		VendorExtensible: v2Paths.VendorExtensible,
-	}
-
-	if v2Paths.Paths != nil {
-		paths.Paths = make(map[string]*spec3.Path)
-	}
-	for k, v := range v2Paths.Paths {
-		paths.Paths[k] = ConvertPathItem(v)
-	}
-	return paths
-}
-
-func ConvertPathItem(v2pathItem spec.PathItem) *spec3.Path {
-	path := &spec3.Path{
-		Refable: v2pathItem.Refable,
-		PathProps: spec3.PathProps{
-			Get:     ConvertOperation(v2pathItem.Get),
-			Put:     ConvertOperation(v2pathItem.Put),
-			Post:    ConvertOperation(v2pathItem.Post),
-			Delete:  ConvertOperation(v2pathItem.Delete),
-			Options: ConvertOperation(v2pathItem.Options),
-			Head:    ConvertOperation(v2pathItem.Head),
-			Patch:   ConvertOperation(v2pathItem.Patch),
-		},
-		VendorExtensible: v2pathItem.VendorExtensible,
-	}
-	for _, param := range v2pathItem.Parameters {
-		path.Parameters = append(path.Parameters, ConvertParameter(param))
-	}
-	return path
-}
-
-func ConvertOperation(v2Operation *spec.Operation) *spec3.Operation {
-	if v2Operation == nil {
-		return nil
-	}
-	operation := &spec3.Operation{
-		VendorExtensible: v2Operation.VendorExtensible,
-		OperationProps: spec3.OperationProps{
-			Description:  v2Operation.Description,
-			ExternalDocs: ConvertExternalDocumentation(v2Operation.OperationProps.ExternalDocs),
-			Tags:         v2Operation.Tags,
-			Summary:      v2Operation.Summary,
-			Deprecated:   v2Operation.Deprecated,
-			OperationId:  v2Operation.ID,
-		},
-	}
-
-	for _, param := range v2Operation.Parameters {
-		if param.ParamProps.Name == "body" && param.ParamProps.Schema != nil {
-			operation.OperationProps.RequestBody = &spec3.RequestBody{
-				RequestBodyProps: spec3.RequestBodyProps{},
-			}
-			if v2Operation.Consumes != nil {
-				operation.RequestBody.Content = make(map[string]*spec3.MediaType)
-			}
-			for _, consumer := range v2Operation.Consumes {
-				operation.RequestBody.Content[consumer] = &spec3.MediaType{
-					MediaTypeProps: spec3.MediaTypeProps{
-						Schema: ConvertSchema(param.ParamProps.Schema),
-					},
-				}
-			}
-		} else {
-			operation.Parameters = append(operation.Parameters, ConvertParameter(param))
-		}
-	}
-
-	operation.Responses = &spec3.Responses{ResponsesProps: spec3.ResponsesProps{
-		Default: ConvertResponse(v2Operation.Responses.Default, v2Operation.Produces),
-	},
-		VendorExtensible: v2Operation.Responses.VendorExtensible,
-	}
-
-	if v2Operation.Responses.StatusCodeResponses != nil {
-		operation.Responses.StatusCodeResponses = make(map[int]*spec3.Response)
-	}
-	for k, v := range v2Operation.Responses.StatusCodeResponses {
-		operation.Responses.StatusCodeResponses[k] = ConvertResponse(&v, v2Operation.Produces)
-	}
-	return operation
-}
-
-func ConvertResponse(v2Response *spec.Response, produces []string) *spec3.Response {
-	if v2Response == nil {
-		return nil
-	}
-	response := &spec3.Response{
-		Refable:          ConvertRefableResponse(v2Response.Refable),
-		VendorExtensible: v2Response.VendorExtensible,
-		ResponseProps: spec3.ResponseProps{
-			Description: v2Response.Description,
-		},
-	}
-
-	if v2Response.Schema != nil {
-		if produces != nil {
-			response.Content = make(map[string]*spec3.MediaType)
-		}
-		for _, producer := range produces {
-			response.ResponseProps.Content[producer] = &spec3.MediaType{
-				MediaTypeProps: spec3.MediaTypeProps{
-					Schema: ConvertSchema(v2Response.Schema),
-				},
-			}
-		}
-	}
-	return response
-}
-
-func ConvertParameter(v2Param spec.Parameter) *spec3.Parameter {
-	param := &spec3.Parameter{
-		Refable:          ConvertRefableParameter(v2Param.Refable),
-		VendorExtensible: v2Param.VendorExtensible,
-		ParameterProps: spec3.ParameterProps{
-			Name:            v2Param.Name,
-			Description:     v2Param.Description,
-			In:              v2Param.In,
-			Required:        v2Param.Required,
-			Schema:          ConvertSchema(v2Param.Schema),
-			AllowEmptyValue: v2Param.AllowEmptyValue,
-		},
-	}
-	// Convert SimpleSchema into Schema
-	if param.Schema == nil {
-		param.Schema = &spec.Schema{
-			SchemaProps: spec.SchemaProps{
-				Type:        []string{v2Param.Type},
-				Format:      v2Param.Format,
-				UniqueItems: v2Param.UniqueItems,
-			},
-		}
-	}
-
-	return param
-}
-
-func ConvertRefableParameter(refable spec.Refable) spec.Refable {
-	if refable.Ref.String() != "" {
-		return spec.Refable{Ref: spec.MustCreateRef(strings.Replace(refable.Ref.String(), "#/parameters/", "#/components/parameters/", 1))}
-	}
-	return refable
-}
-
-func ConvertRefableResponse(refable spec.Refable) spec.Refable {
-	if refable.Ref.String() != "" {
-		return spec.Refable{Ref: spec.MustCreateRef(strings.Replace(refable.Ref.String(), "#/responses/", "#/components/responses/", 1))}
-	}
-	return refable
-}
diff --git a/vendor/k8s.io/kube-openapi/pkg/schemamutation/walker.go b/vendor/k8s.io/kube-openapi/pkg/schemamutation/walker.go
deleted file mode 100644
index 3fac658e3c..0000000000
--- a/vendor/k8s.io/kube-openapi/pkg/schemamutation/walker.go
+++ /dev/null
@@ -1,519 +0,0 @@
-/*
-Copyright 2017 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package schemamutation
-
-import (
-	"k8s.io/kube-openapi/pkg/validation/spec"
-)
-
-// Walker runs callback functions on all references of an OpenAPI spec,
-// replacing the values when visiting corresponding types.
-type Walker struct {
-	// SchemaCallback will be called on each schema, taking the original schema,
-	// and before any other callbacks of the Walker.
-	// If the schema needs to be mutated, DO NOT mutate it in-place,
-	// always create a copy, mutate, and return it.
-	SchemaCallback func(schema *spec.Schema) *spec.Schema
-
-	// RefCallback will be called on each ref.
-	// If the ref needs to be mutated, DO NOT mutate it in-place,
-	// always create a copy, mutate, and return it.
-	RefCallback func(ref *spec.Ref) *spec.Ref
-}
-
-type SchemaCallbackFunc func(schema *spec.Schema) *spec.Schema
-type RefCallbackFunc func(ref *spec.Ref) *spec.Ref
-
-var SchemaCallBackNoop SchemaCallbackFunc = func(schema *spec.Schema) *spec.Schema {
-	return schema
-}
-var RefCallbackNoop RefCallbackFunc = func(ref *spec.Ref) *spec.Ref {
-	return ref
-}
-
-// ReplaceReferences rewrites the references without mutating the input.
-// The output might share data with the input.
-func ReplaceReferences(walkRef func(ref *spec.Ref) *spec.Ref, sp *spec.Swagger) *spec.Swagger {
-	walker := &Walker{RefCallback: walkRef, SchemaCallback: SchemaCallBackNoop}
-	return walker.WalkRoot(sp)
-}
-
-func (w *Walker) WalkSchema(schema *spec.Schema) *spec.Schema {
-	if schema == nil {
-		return nil
-	}
-
-	orig := schema
-	clone := func() {
-		if orig == schema {
-			schema = &spec.Schema{}
-			*schema = *orig
-		}
-	}
-
-	// Always run callback on the whole schema first
-	// so that SchemaCallback can take the original schema as input.
-	schema = w.SchemaCallback(schema)
-
-	if r := w.RefCallback(&schema.Ref); r != &schema.Ref {
-		clone()
-		schema.Ref = *r
-	}
-
-	definitionsCloned := false
-	for k, v := range schema.Definitions {
-		if s := w.WalkSchema(&v); s != &v {
-			if !definitionsCloned {
-				definitionsCloned = true
-				clone()
-				schema.Definitions = make(spec.Definitions, len(orig.Definitions))
-				for k2, v2 := range orig.Definitions {
-					schema.Definitions[k2] = v2
-				}
-			}
-			schema.Definitions[k] = *s
-		}
-	}
-
-	propertiesCloned := false
-	for k, v := range schema.Properties {
-		if s := w.WalkSchema(&v); s != &v {
-			if !propertiesCloned {
-				propertiesCloned = true
-				clone()
-				schema.Properties = make(map[string]spec.Schema, len(orig.Properties))
-				for k2, v2 := range orig.Properties {
-					schema.Properties[k2] = v2
-				}
-			}
-			schema.Properties[k] = *s
-		}
-	}
-
-	patternPropertiesCloned := false
-	for k, v := range schema.PatternProperties {
-		if s := w.WalkSchema(&v); s != &v {
-			if !patternPropertiesCloned {
-				patternPropertiesCloned = true
-				clone()
-				schema.PatternProperties = make(map[string]spec.Schema, len(orig.PatternProperties))
-				for k2, v2 := range orig.PatternProperties {
-					schema.PatternProperties[k2] = v2
-				}
-			}
-			schema.PatternProperties[k] = *s
-		}
-	}
-
-	allOfCloned := false
-	for i := range schema.AllOf {
-		if s := w.WalkSchema(&schema.AllOf[i]); s != &schema.AllOf[i] {
-			if !allOfCloned {
-				allOfCloned = true
-				clone()
-				schema.AllOf = make([]spec.Schema, len(orig.AllOf))
-				copy(schema.AllOf, orig.AllOf)
-			}
-			schema.AllOf[i] = *s
-		}
-	}
-
-	anyOfCloned := false
-	for i := range schema.AnyOf {
-		if s := w.WalkSchema(&schema.AnyOf[i]); s != &schema.AnyOf[i] {
-			if !anyOfCloned {
-				anyOfCloned = true
-				clone()
-				schema.AnyOf = make([]spec.Schema, len(orig.AnyOf))
-				copy(schema.AnyOf, orig.AnyOf)
-			}
-			schema.AnyOf[i] = *s
-		}
-	}
-
-	oneOfCloned := false
-	for i := range schema.OneOf {
-		if s := w.WalkSchema(&schema.OneOf[i]); s != &schema.OneOf[i] {
-			if !oneOfCloned {
-				oneOfCloned = true
-				clone()
-				schema.OneOf = make([]spec.Schema, len(orig.OneOf))
-				copy(schema.OneOf, orig.OneOf)
-			}
-			schema.OneOf[i] = *s
-		}
-	}
-
-	if schema.Not != nil {
-		if s := w.WalkSchema(schema.Not); s != schema.Not {
-			clone()
-			schema.Not = s
-		}
-	}
-
-	if schema.AdditionalProperties != nil && schema.AdditionalProperties.Schema != nil {
-		if s := w.WalkSchema(schema.AdditionalProperties.Schema); s != schema.AdditionalProperties.Schema {
-			clone()
-			schema.AdditionalProperties = &spec.SchemaOrBool{Schema: s, Allows: schema.AdditionalProperties.Allows}
-		}
-	}
-
-	if schema.AdditionalItems != nil && schema.AdditionalItems.Schema != nil {
-		if s := w.WalkSchema(schema.AdditionalItems.Schema); s != schema.AdditionalItems.Schema {
-			clone()
-			schema.AdditionalItems = &spec.SchemaOrBool{Schema: s, Allows: schema.AdditionalItems.Allows}
-		}
-	}
-
-	if schema.Items != nil {
-		if schema.Items.Schema != nil {
-			if s := w.WalkSchema(schema.Items.Schema); s != schema.Items.Schema {
-				clone()
-				schema.Items = &spec.SchemaOrArray{Schema: s}
-			}
-		} else {
-			itemsCloned := false
-			for i := range schema.Items.Schemas {
-				if s := w.WalkSchema(&schema.Items.Schemas[i]); s != &schema.Items.Schemas[i] {
-					if !itemsCloned {
-						clone()
-						schema.Items = &spec.SchemaOrArray{
-							Schemas: make([]spec.Schema, len(orig.Items.Schemas)),
-						}
-						itemsCloned = true
-						copy(schema.Items.Schemas, orig.Items.Schemas)
-					}
-					schema.Items.Schemas[i] = *s
-				}
-			}
-		}
-	}
-
-	return schema
-}
-
-func (w *Walker) walkParameter(param *spec.Parameter) *spec.Parameter {
-	if param == nil {
-		return nil
-	}
-
-	orig := param
-	cloned := false
-	clone := func() {
-		if !cloned {
-			cloned = true
-			param = &spec.Parameter{}
-			*param = *orig
-		}
-	}
-
-	if r := w.RefCallback(&param.Ref); r != &param.Ref {
-		clone()
-		param.Ref = *r
-	}
-	if s := w.WalkSchema(param.Schema); s != param.Schema {
-		clone()
-		param.Schema = s
-	}
-	if param.Items != nil {
-		if r := w.RefCallback(&param.Items.Ref); r != &param.Items.Ref {
-			param.Items.Ref = *r
-		}
-	}
-
-	return param
-}
-
-func (w *Walker) walkParameters(params []spec.Parameter) ([]spec.Parameter, bool) {
-	if params == nil {
-		return nil, false
-	}
-
-	orig := params
-	cloned := false
-	clone := func() {
-		if !cloned {
-			cloned = true
-			params = make([]spec.Parameter, len(params))
-			copy(params, orig)
-		}
-	}
-
-	for i := range params {
-		if s := w.walkParameter(&params[i]); s != &params[i] {
-			clone()
-			params[i] = *s
-		}
-	}
-
-	return params, cloned
-}
-
-func (w *Walker) walkResponse(resp *spec.Response) *spec.Response {
-	if resp == nil {
-		return nil
-	}
-
-	orig := resp
-	cloned := false
-	clone := func() {
-		if !cloned {
-			cloned = true
-			resp = &spec.Response{}
-			*resp = *orig
-		}
-	}
-
-	if r := w.RefCallback(&resp.Ref); r != &resp.Ref {
-		clone()
-		resp.Ref = *r
-	}
-	if s := w.WalkSchema(resp.Schema); s != resp.Schema {
-		clone()
-		resp.Schema = s
-	}
-
-	return resp
-}
-
-func (w *Walker) walkResponses(resps *spec.Responses) *spec.Responses {
-	if resps == nil {
-		return nil
-	}
-
-	orig := resps
-	cloned := false
-	clone := func() {
-		if !cloned {
-			cloned = true
-			resps = &spec.Responses{}
-			*resps = *orig
-		}
-	}
-
-	if r := w.walkResponse(resps.ResponsesProps.Default); r != resps.ResponsesProps.Default {
-		clone()
-		resps.Default = r
-	}
-
-	responsesCloned := false
-	for k, v := range resps.ResponsesProps.StatusCodeResponses {
-		if r := w.walkResponse(&v); r != &v {
-			if !responsesCloned {
-				responsesCloned = true
-				clone()
-				resps.ResponsesProps.StatusCodeResponses = make(map[int]spec.Response, len(orig.StatusCodeResponses))
-				for k2, v2 := range orig.StatusCodeResponses {
-					resps.ResponsesProps.StatusCodeResponses[k2] = v2
-				}
-			}
-			resps.ResponsesProps.StatusCodeResponses[k] = *r
-		}
-	}
-
-	return resps
-}
-
-func (w *Walker) walkOperation(op *spec.Operation) *spec.Operation {
-	if op == nil {
-		return nil
-	}
-
-	orig := op
-	cloned := false
-	clone := func() {
-		if !cloned {
-			cloned = true
-			op = &spec.Operation{}
-			*op = *orig
-		}
-	}
-
-	parametersCloned := false
-	for i := range op.Parameters {
-		if s := w.walkParameter(&op.Parameters[i]); s != &op.Parameters[i] {
-			if !parametersCloned {
-				parametersCloned = true
-				clone()
-				op.Parameters = make([]spec.Parameter, len(orig.Parameters))
-				copy(op.Parameters, orig.Parameters)
-			}
-			op.Parameters[i] = *s
-		}
-	}
-
-	if r := w.walkResponses(op.Responses); r != op.Responses {
-		clone()
-		op.Responses = r
-	}
-
-	return op
-}
-
-func (w *Walker) walkPathItem(pathItem *spec.PathItem) *spec.PathItem {
-	if pathItem == nil {
-		return nil
-	}
-
-	orig := pathItem
-	cloned := false
-	clone := func() {
-		if !cloned {
-			cloned = true
-			pathItem = &spec.PathItem{}
-			*pathItem = *orig
-		}
-	}
-
-	if p, changed := w.walkParameters(pathItem.Parameters); changed {
-		clone()
-		pathItem.Parameters = p
-	}
-	if op := w.walkOperation(pathItem.Get); op != pathItem.Get {
-		clone()
-		pathItem.Get = op
-	}
-	if op := w.walkOperation(pathItem.Head); op != pathItem.Head {
-		clone()
-		pathItem.Head = op
-	}
-	if op := w.walkOperation(pathItem.Delete); op != pathItem.Delete {
-		clone()
-		pathItem.Delete = op
-	}
-	if op := w.walkOperation(pathItem.Options); op != pathItem.Options {
-		clone()
-		pathItem.Options = op
-	}
-	if op := w.walkOperation(pathItem.Patch); op != pathItem.Patch {
-		clone()
-		pathItem.Patch = op
-	}
-	if op := w.walkOperation(pathItem.Post); op != pathItem.Post {
-		clone()
-		pathItem.Post = op
-	}
-	if op := w.walkOperation(pathItem.Put); op != pathItem.Put {
-		clone()
-		pathItem.Put = op
-	}
-
-	return pathItem
-}
-
-func (w *Walker) walkPaths(paths *spec.Paths) *spec.Paths {
-	if paths == nil {
-		return nil
-	}
-
-	orig := paths
-	cloned := false
-	clone := func() {
-		if !cloned {
-			cloned = true
-			paths = &spec.Paths{}
-			*paths = *orig
-		}
-	}
-
-	pathsCloned := false
-	for k, v := range paths.Paths {
-		if p := w.walkPathItem(&v); p != &v {
-			if !pathsCloned {
-				pathsCloned = true
-				clone()
-				paths.Paths = make(map[string]spec.PathItem, len(orig.Paths))
-				for k2, v2 := range orig.Paths {
-					paths.Paths[k2] = v2
-				}
-			}
-			paths.Paths[k] = *p
-		}
-	}
-
-	return paths
-}
-
-func (w *Walker) WalkRoot(swagger *spec.Swagger) *spec.Swagger {
-	if swagger == nil {
-		return nil
-	}
-
-	orig := swagger
-	cloned := false
-	clone := func() {
-		if !cloned {
-			cloned = true
-			swagger = &spec.Swagger{}
-			*swagger = *orig
-		}
-	}
-
-	parametersCloned := false
-	for k, v := range swagger.Parameters {
-		if p := w.walkParameter(&v); p != &v {
-			if !parametersCloned {
-				parametersCloned = true
-				clone()
-				swagger.Parameters = make(map[string]spec.Parameter, len(orig.Parameters))
-				for k2, v2 := range orig.Parameters {
-					swagger.Parameters[k2] = v2
-				}
-			}
-			swagger.Parameters[k] = *p
-		}
-	}
-
-	responsesCloned := false
-	for k, v := range swagger.Responses {
-		if r := w.walkResponse(&v); r != &v {
-			if !responsesCloned {
-				responsesCloned = true
-				clone()
-				swagger.Responses = make(map[string]spec.Response, len(orig.Responses))
-				for k2, v2 := range orig.Responses {
-					swagger.Responses[k2] = v2
-				}
-			}
-			swagger.Responses[k] = *r
-		}
-	}
-
-	definitionsCloned := false
-	for k, v := range swagger.Definitions {
-		if s := w.WalkSchema(&v); s != &v {
-			if !definitionsCloned {
-				definitionsCloned = true
-				clone()
-				swagger.Definitions = make(spec.Definitions, len(orig.Definitions))
-				for k2, v2 := range orig.Definitions {
-					swagger.Definitions[k2] = v2
-				}
-			}
-			swagger.Definitions[k] = *s
-		}
-	}
-
-	if swagger.Paths != nil {
-		if p := w.walkPaths(swagger.Paths); p != swagger.Paths {
-			clone()
-			swagger.Paths = p
-		}
-	}
-
-	return swagger
-}
diff --git a/vendor/k8s.io/kube-openapi/pkg/spec3/encoding.go b/vendor/k8s.io/kube-openapi/pkg/spec3/encoding.go
index 699291f1d8..1f62c6e772 100644
--- a/vendor/k8s.io/kube-openapi/pkg/spec3/encoding.go
+++ b/vendor/k8s.io/kube-openapi/pkg/spec3/encoding.go
@@ -32,6 +32,9 @@ type Encoding struct {
 
 // MarshalJSON is a custom marshal function that knows how to encode Encoding as JSON
 func (e *Encoding) MarshalJSON() ([]byte, error) {
+	if internal.UseOptimizedJSONMarshalingV3 {
+		return internal.DeterministicMarshal(e)
+	}
 	b1, err := json.Marshal(e.EncodingProps)
 	if err != nil {
 		return nil, err
@@ -43,6 +46,16 @@ func (e *Encoding) MarshalJSON() ([]byte, error) {
 	return swag.ConcatJSON(b1, b2), nil
 }
 
+func (e *Encoding) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+	var x struct {
+		EncodingProps encodingPropsOmitZero `json:",inline"`
+		spec.Extensions
+	}
+	x.Extensions = internal.SanitizeExtensions(e.Extensions)
+	x.EncodingProps = encodingPropsOmitZero(e.EncodingProps)
+	return opts.MarshalNext(enc, x)
+}
+
 func (e *Encoding) UnmarshalJSON(data []byte) error {
 	if internal.UseOptimizedJSONUnmarshalingV3 {
 		return jsonv2.Unmarshal(data, e)
@@ -82,3 +95,11 @@ type EncodingProps struct {
 	// AllowReserved determines whether the parameter value SHOULD allow reserved characters, as defined by RFC3986
 	AllowReserved bool `json:"allowReserved,omitempty"`
 }
+
+type encodingPropsOmitZero struct {
+	ContentType   string             `json:"contentType,omitempty"`
+	Headers       map[string]*Header `json:"headers,omitempty"`
+	Style         string             `json:"style,omitempty"`
+	Explode       bool               `json:"explode,omitzero"`
+	AllowReserved bool               `json:"allowReserved,omitzero"`
+}
diff --git a/vendor/k8s.io/kube-openapi/pkg/spec3/example.go b/vendor/k8s.io/kube-openapi/pkg/spec3/example.go
index 03b8727170..8834a92e6d 100644
--- a/vendor/k8s.io/kube-openapi/pkg/spec3/example.go
+++ b/vendor/k8s.io/kube-openapi/pkg/spec3/example.go
@@ -36,6 +36,9 @@ type Example struct {
 
 // MarshalJSON is a custom marshal function that knows how to encode RequestBody as JSON
 func (e *Example) MarshalJSON() ([]byte, error) {
+	if internal.UseOptimizedJSONMarshalingV3 {
+		return internal.DeterministicMarshal(e)
+	}
 	b1, err := json.Marshal(e.Refable)
 	if err != nil {
 		return nil, err
@@ -50,6 +53,17 @@ func (e *Example) MarshalJSON() ([]byte, error) {
 	}
 	return swag.ConcatJSON(b1, b2, b3), nil
 }
+func (e *Example) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+	var x struct {
+		Ref          string `json:"$ref,omitempty"`
+		ExampleProps `json:",inline"`
+		spec.Extensions
+	}
+	x.Ref = e.Refable.Ref.String()
+	x.Extensions = internal.SanitizeExtensions(e.Extensions)
+	x.ExampleProps = e.ExampleProps
+	return opts.MarshalNext(enc, x)
+}
 
 func (e *Example) UnmarshalJSON(data []byte) error {
 	if internal.UseOptimizedJSONUnmarshalingV3 {
diff --git a/vendor/k8s.io/kube-openapi/pkg/spec3/external_documentation.go b/vendor/k8s.io/kube-openapi/pkg/spec3/external_documentation.go
index e79956721a..f0515496e4 100644
--- a/vendor/k8s.io/kube-openapi/pkg/spec3/external_documentation.go
+++ b/vendor/k8s.io/kube-openapi/pkg/spec3/external_documentation.go
@@ -39,6 +39,9 @@ type ExternalDocumentationProps struct {
 
 // MarshalJSON is a custom marshal function that knows how to encode Responses as JSON
 func (e *ExternalDocumentation) MarshalJSON() ([]byte, error) {
+	if internal.UseOptimizedJSONMarshalingV3 {
+		return internal.DeterministicMarshal(e)
+	}
 	b1, err := json.Marshal(e.ExternalDocumentationProps)
 	if err != nil {
 		return nil, err
@@ -50,6 +53,16 @@ func (e *ExternalDocumentation) MarshalJSON() ([]byte, error) {
 	return swag.ConcatJSON(b1, b2), nil
 }
 
+func (e *ExternalDocumentation) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+	var x struct {
+		ExternalDocumentationProps `json:",inline"`
+		spec.Extensions
+	}
+	x.Extensions = internal.SanitizeExtensions(e.Extensions)
+	x.ExternalDocumentationProps = e.ExternalDocumentationProps
+	return opts.MarshalNext(enc, x)
+}
+
 func (e *ExternalDocumentation) UnmarshalJSON(data []byte) error {
 	if internal.UseOptimizedJSONUnmarshalingV3 {
 		return jsonv2.Unmarshal(data, e)
diff --git a/vendor/k8s.io/kube-openapi/pkg/spec3/fuzz.go b/vendor/k8s.io/kube-openapi/pkg/spec3/fuzz.go
index bc19dd48ed..08b6246ceb 100644
--- a/vendor/k8s.io/kube-openapi/pkg/spec3/fuzz.go
+++ b/vendor/k8s.io/kube-openapi/pkg/spec3/fuzz.go
@@ -35,6 +35,18 @@ var OpenAPIV3FuzzFuncs []interface{} = []interface{}{
 	func(o *OpenAPI, c fuzz.Continue) {
 		c.FuzzNoCustom(o)
 		o.Version = "3.0.0"
+		for i, val := range o.SecurityRequirement {
+			if val == nil {
+				o.SecurityRequirement[i] = make(map[string][]string)
+			}
+
+			for k, v := range val {
+				if v == nil {
+					val[k] = make([]string, 0)
+				}
+			}
+		}
+
 	},
 	func(r *interface{}, c fuzz.Continue) {
 		switch c.Intn(3) {
@@ -169,6 +181,21 @@ var OpenAPIV3FuzzFuncs []interface{} = []interface{}{
 		c.Fuzz(&v.ResponseProps)
 		c.Fuzz(&v.VendorExtensible)
 	},
+	func(v *Operation, c fuzz.Continue) {
+		c.FuzzNoCustom(v)
+		// Do not fuzz null values into the array.
+		for i, val := range v.SecurityRequirement {
+			if val == nil {
+				v.SecurityRequirement[i] = make(map[string][]string)
+			}
+
+			for k, v := range val {
+				if v == nil {
+					val[k] = make([]string, 0)
+				}
+			}
+		}
+	},
 	func(v *spec.Extensions, c fuzz.Continue) {
 		numChildren := c.Intn(5)
 		for i := 0; i < numChildren; i++ {
diff --git a/vendor/k8s.io/kube-openapi/pkg/spec3/header.go b/vendor/k8s.io/kube-openapi/pkg/spec3/header.go
index ee5a30f797..9ea30628ce 100644
--- a/vendor/k8s.io/kube-openapi/pkg/spec3/header.go
+++ b/vendor/k8s.io/kube-openapi/pkg/spec3/header.go
@@ -36,6 +36,9 @@ type Header struct {
 
 // MarshalJSON is a custom marshal function that knows how to encode Header as JSON
 func (h *Header) MarshalJSON() ([]byte, error) {
+	if internal.UseOptimizedJSONMarshalingV3 {
+		return internal.DeterministicMarshal(h)
+	}
 	b1, err := json.Marshal(h.Refable)
 	if err != nil {
 		return nil, err
@@ -51,6 +54,18 @@ func (h *Header) MarshalJSON() ([]byte, error) {
 	return swag.ConcatJSON(b1, b2, b3), nil
 }
 
+func (h *Header) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+	var x struct {
+		Ref         string              `json:"$ref,omitempty"`
+		HeaderProps headerPropsOmitZero `json:",inline"`
+		spec.Extensions
+	}
+	x.Ref = h.Refable.Ref.String()
+	x.Extensions = internal.SanitizeExtensions(h.Extensions)
+	x.HeaderProps = headerPropsOmitZero(h.HeaderProps)
+	return opts.MarshalNext(enc, x)
+}
+
 func (h *Header) UnmarshalJSON(data []byte) error {
 	if internal.UseOptimizedJSONUnmarshalingV3 {
 		return jsonv2.Unmarshal(data, h)
@@ -109,3 +124,19 @@ type HeaderProps struct {
 	// Examples of the header
 	Examples map[string]*Example `json:"examples,omitempty"`
 }
+
+// Marshaling structure only, always edit along with corresponding
+// struct (or compilation will fail).
+type headerPropsOmitZero struct {
+	Description     string                `json:"description,omitempty"`
+	Required        bool                  `json:"required,omitzero"`
+	Deprecated      bool                  `json:"deprecated,omitzero"`
+	AllowEmptyValue bool                  `json:"allowEmptyValue,omitzero"`
+	Style           string                `json:"style,omitempty"`
+	Explode         bool                  `json:"explode,omitzero"`
+	AllowReserved   bool                  `json:"allowReserved,omitzero"`
+	Schema          *spec.Schema          `json:"schema,omitzero"`
+	Content         map[string]*MediaType `json:"content,omitempty"`
+	Example         interface{}           `json:"example,omitempty"`
+	Examples        map[string]*Example   `json:"examples,omitempty"`
+}
diff --git a/vendor/k8s.io/kube-openapi/pkg/spec3/media_type.go b/vendor/k8s.io/kube-openapi/pkg/spec3/media_type.go
index d390e69bcf..47eef1edb0 100644
--- a/vendor/k8s.io/kube-openapi/pkg/spec3/media_type.go
+++ b/vendor/k8s.io/kube-openapi/pkg/spec3/media_type.go
@@ -35,6 +35,9 @@ type MediaType struct {
 
 // MarshalJSON is a custom marshal function that knows how to encode MediaType as JSON
 func (m *MediaType) MarshalJSON() ([]byte, error) {
+	if internal.UseOptimizedJSONMarshalingV3 {
+		return internal.DeterministicMarshal(m)
+	}
 	b1, err := json.Marshal(m.MediaTypeProps)
 	if err != nil {
 		return nil, err
@@ -46,6 +49,16 @@ func (m *MediaType) MarshalJSON() ([]byte, error) {
 	return swag.ConcatJSON(b1, b2), nil
 }
 
+func (e *MediaType) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+	var x struct {
+		MediaTypeProps mediaTypePropsOmitZero `json:",inline"`
+		spec.Extensions
+	}
+	x.Extensions = internal.SanitizeExtensions(e.Extensions)
+	x.MediaTypeProps = mediaTypePropsOmitZero(e.MediaTypeProps)
+	return opts.MarshalNext(enc, x)
+}
+
 func (m *MediaType) UnmarshalJSON(data []byte) error {
 	if internal.UseOptimizedJSONUnmarshalingV3 {
 		return jsonv2.Unmarshal(data, m)
@@ -84,3 +97,10 @@ type MediaTypeProps struct {
 	// A map between a property name and its encoding information. The key, being the property name, MUST exist in the schema as a property. The encoding object SHALL only apply to requestBody objects when the media type is multipart or application/x-www-form-urlencoded
 	Encoding map[string]*Encoding `json:"encoding,omitempty"`
 }
+
+type mediaTypePropsOmitZero struct {
+	Schema   *spec.Schema         `json:"schema,omitzero"`
+	Example  interface{}          `json:"example,omitempty"`
+	Examples map[string]*Example  `json:"examples,omitempty"`
+	Encoding map[string]*Encoding `json:"encoding,omitempty"`
+}
diff --git a/vendor/k8s.io/kube-openapi/pkg/spec3/operation.go b/vendor/k8s.io/kube-openapi/pkg/spec3/operation.go
index 28230610bd..f1e1025479 100644
--- a/vendor/k8s.io/kube-openapi/pkg/spec3/operation.go
+++ b/vendor/k8s.io/kube-openapi/pkg/spec3/operation.go
@@ -35,6 +35,9 @@ type Operation struct {
 
 // MarshalJSON is a custom marshal function that knows how to encode Operation as JSON
 func (o *Operation) MarshalJSON() ([]byte, error) {
+	if internal.UseOptimizedJSONMarshalingV3 {
+		return internal.DeterministicMarshal(o)
+	}
 	b1, err := json.Marshal(o.OperationProps)
 	if err != nil {
 		return nil, err
@@ -46,6 +49,16 @@ func (o *Operation) MarshalJSON() ([]byte, error) {
 	return swag.ConcatJSON(b1, b2), nil
 }
 
+func (o *Operation) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+	var x struct {
+		spec.Extensions
+		OperationProps operationPropsOmitZero `json:",inline"`
+	}
+	x.Extensions = internal.SanitizeExtensions(o.Extensions)
+	x.OperationProps = operationPropsOmitZero(o.OperationProps)
+	return opts.MarshalNext(enc, x)
+}
+
 // UnmarshalJSON hydrates this items instance with the data from JSON
 func (o *Operation) UnmarshalJSON(data []byte) error {
 	if internal.UseOptimizedJSONUnmarshalingV3 {
@@ -95,3 +108,17 @@ type OperationProps struct {
 	// Servers contains an alternative server array to service this operation
 	Servers []*Server `json:"servers,omitempty"`
 }
+
+type operationPropsOmitZero struct {
+	Tags                []string               `json:"tags,omitempty"`
+	Summary             string                 `json:"summary,omitempty"`
+	Description         string                 `json:"description,omitempty"`
+	ExternalDocs        *ExternalDocumentation `json:"externalDocs,omitzero"`
+	OperationId         string                 `json:"operationId,omitempty"`
+	Parameters          []*Parameter           `json:"parameters,omitempty"`
+	RequestBody         *RequestBody           `json:"requestBody,omitzero"`
+	Responses           *Responses             `json:"responses,omitzero"`
+	Deprecated          bool                   `json:"deprecated,omitzero"`
+	SecurityRequirement []map[string][]string  `json:"security,omitempty"`
+	Servers             []*Server              `json:"servers,omitempty"`
+}
diff --git a/vendor/k8s.io/kube-openapi/pkg/spec3/parameter.go b/vendor/k8s.io/kube-openapi/pkg/spec3/parameter.go
index 613da71a6d..ada7edb637 100644
--- a/vendor/k8s.io/kube-openapi/pkg/spec3/parameter.go
+++ b/vendor/k8s.io/kube-openapi/pkg/spec3/parameter.go
@@ -36,6 +36,9 @@ type Parameter struct {
 
 // MarshalJSON is a custom marshal function that knows how to encode Parameter as JSON
 func (p *Parameter) MarshalJSON() ([]byte, error) {
+	if internal.UseOptimizedJSONMarshalingV3 {
+		return internal.DeterministicMarshal(p)
+	}
 	b1, err := json.Marshal(p.Refable)
 	if err != nil {
 		return nil, err
@@ -51,6 +54,18 @@ func (p *Parameter) MarshalJSON() ([]byte, error) {
 	return swag.ConcatJSON(b1, b2, b3), nil
 }
 
+func (p *Parameter) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+	var x struct {
+		Ref            string                 `json:"$ref,omitempty"`
+		ParameterProps parameterPropsOmitZero `json:",inline"`
+		spec.Extensions
+	}
+	x.Ref = p.Refable.Ref.String()
+	x.Extensions = internal.SanitizeExtensions(p.Extensions)
+	x.ParameterProps = parameterPropsOmitZero(p.ParameterProps)
+	return opts.MarshalNext(enc, x)
+}
+
 func (p *Parameter) UnmarshalJSON(data []byte) error {
 	if internal.UseOptimizedJSONUnmarshalingV3 {
 		return jsonv2.Unmarshal(data, p)
@@ -114,3 +129,19 @@ type ParameterProps struct {
 	// Examples of the parameter's potential value. Each example SHOULD contain a value in the correct format as specified in the parameter encoding
 	Examples map[string]*Example `json:"examples,omitempty"`
 }
+
+type parameterPropsOmitZero struct {
+	Name            string                `json:"name,omitempty"`
+	In              string                `json:"in,omitempty"`
+	Description     string                `json:"description,omitempty"`
+	Required        bool                  `json:"required,omitzero"`
+	Deprecated      bool                  `json:"deprecated,omitzero"`
+	AllowEmptyValue bool                  `json:"allowEmptyValue,omitzero"`
+	Style           string                `json:"style,omitempty"`
+	Explode         bool                  `json:"explode,omitzero"`
+	AllowReserved   bool                  `json:"allowReserved,omitzero"`
+	Schema          *spec.Schema          `json:"schema,omitzero"`
+	Content         map[string]*MediaType `json:"content,omitempty"`
+	Example         interface{}           `json:"example,omitempty"`
+	Examples        map[string]*Example   `json:"examples,omitempty"`
+}
diff --git a/vendor/k8s.io/kube-openapi/pkg/spec3/path.go b/vendor/k8s.io/kube-openapi/pkg/spec3/path.go
index 40d9061ace..16fbbb4dd9 100644
--- a/vendor/k8s.io/kube-openapi/pkg/spec3/path.go
+++ b/vendor/k8s.io/kube-openapi/pkg/spec3/path.go
@@ -35,15 +35,41 @@ type Paths struct {
 
 // MarshalJSON is a custom marshal function that knows how to encode Paths as JSON
 func (p *Paths) MarshalJSON() ([]byte, error) {
-	b1, err := json.Marshal(p.Paths)
+	if internal.UseOptimizedJSONMarshalingV3 {
+		return internal.DeterministicMarshal(p)
+	}
+	b1, err := json.Marshal(p.VendorExtensible)
 	if err != nil {
 		return nil, err
 	}
-	b2, err := json.Marshal(p.VendorExtensible)
+
+	pths := make(map[string]*Path)
+	for k, v := range p.Paths {
+		if strings.HasPrefix(k, "/") {
+			pths[k] = v
+		}
+	}
+	b2, err := json.Marshal(pths)
 	if err != nil {
 		return nil, err
 	}
-	return swag.ConcatJSON(b1, b2), nil
+	concated := swag.ConcatJSON(b1, b2)
+	return concated, nil
+}
+
+func (p *Paths) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+	m := make(map[string]any, len(p.Extensions)+len(p.Paths))
+	for k, v := range p.Extensions {
+		if internal.IsExtensionKey(k) {
+			m[k] = v
+		}
+	}
+	for k, v := range p.Paths {
+		if strings.HasPrefix(k, "/") {
+			m[k] = v
+		}
+	}
+	return opts.MarshalNext(enc, m)
 }
 
 // UnmarshalJSON hydrates this items instance with the data from JSON
@@ -144,6 +170,9 @@ type Path struct {
 
 // MarshalJSON is a custom marshal function that knows how to encode Path as JSON
 func (p *Path) MarshalJSON() ([]byte, error) {
+	if internal.UseOptimizedJSONMarshalingV3 {
+		return internal.DeterministicMarshal(p)
+	}
 	b1, err := json.Marshal(p.Refable)
 	if err != nil {
 		return nil, err
@@ -159,6 +188,18 @@ func (p *Path) MarshalJSON() ([]byte, error) {
 	return swag.ConcatJSON(b1, b2, b3), nil
 }
 
+func (p *Path) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+	var x struct {
+		Ref string `json:"$ref,omitempty"`
+		spec.Extensions
+		PathProps
+	}
+	x.Ref = p.Refable.Ref.String()
+	x.Extensions = internal.SanitizeExtensions(p.Extensions)
+	x.PathProps = p.PathProps
+	return opts.MarshalNext(enc, x)
+}
+
 func (p *Path) UnmarshalJSON(data []byte) error {
 	if internal.UseOptimizedJSONUnmarshalingV3 {
 		return jsonv2.Unmarshal(data, p)
diff --git a/vendor/k8s.io/kube-openapi/pkg/spec3/request_body.go b/vendor/k8s.io/kube-openapi/pkg/spec3/request_body.go
index 33267ce675..6f8607e400 100644
--- a/vendor/k8s.io/kube-openapi/pkg/spec3/request_body.go
+++ b/vendor/k8s.io/kube-openapi/pkg/spec3/request_body.go
@@ -36,6 +36,9 @@ type RequestBody struct {
 
 // MarshalJSON is a custom marshal function that knows how to encode RequestBody as JSON
 func (r *RequestBody) MarshalJSON() ([]byte, error) {
+	if internal.UseOptimizedJSONMarshalingV3 {
+		return internal.DeterministicMarshal(r)
+	}
 	b1, err := json.Marshal(r.Refable)
 	if err != nil {
 		return nil, err
@@ -51,6 +54,18 @@ func (r *RequestBody) MarshalJSON() ([]byte, error) {
 	return swag.ConcatJSON(b1, b2, b3), nil
 }
 
+func (r *RequestBody) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+	var x struct {
+		Ref              string                   `json:"$ref,omitempty"`
+		RequestBodyProps requestBodyPropsOmitZero `json:",inline"`
+		spec.Extensions
+	}
+	x.Ref = r.Refable.Ref.String()
+	x.Extensions = internal.SanitizeExtensions(r.Extensions)
+	x.RequestBodyProps = requestBodyPropsOmitZero(r.RequestBodyProps)
+	return opts.MarshalNext(enc, x)
+}
+
 func (r *RequestBody) UnmarshalJSON(data []byte) error {
 	if internal.UseOptimizedJSONUnmarshalingV3 {
 		return jsonv2.Unmarshal(data, r)
@@ -77,6 +92,12 @@ type RequestBodyProps struct {
 	Required bool `json:"required,omitempty"`
 }
 
+type requestBodyPropsOmitZero struct {
+	Description string                `json:"description,omitempty"`
+	Content     map[string]*MediaType `json:"content,omitempty"`
+	Required    bool                  `json:"required,omitzero"`
+}
+
 func (r *RequestBody) UnmarshalNextJSON(opts jsonv2.UnmarshalOptions, dec *jsonv2.Decoder) error {
 	var x struct {
 		spec.Extensions
diff --git a/vendor/k8s.io/kube-openapi/pkg/spec3/response.go b/vendor/k8s.io/kube-openapi/pkg/spec3/response.go
index 95b388e6c6..73e241fdc9 100644
--- a/vendor/k8s.io/kube-openapi/pkg/spec3/response.go
+++ b/vendor/k8s.io/kube-openapi/pkg/spec3/response.go
@@ -37,6 +37,9 @@ type Responses struct {
 
 // MarshalJSON is a custom marshal function that knows how to encode Responses as JSON
 func (r *Responses) MarshalJSON() ([]byte, error) {
+	if internal.UseOptimizedJSONMarshalingV3 {
+		return internal.DeterministicMarshal(r)
+	}
 	b1, err := json.Marshal(r.ResponsesProps)
 	if err != nil {
 		return nil, err
@@ -48,6 +51,25 @@ func (r *Responses) MarshalJSON() ([]byte, error) {
 	return swag.ConcatJSON(b1, b2), nil
 }
 
+func (r Responses) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+	type ArbitraryKeys map[string]interface{}
+	var x struct {
+		ArbitraryKeys
+		Default *Response `json:"default,omitzero"`
+	}
+	x.ArbitraryKeys = make(map[string]any, len(r.Extensions)+len(r.StatusCodeResponses))
+	for k, v := range r.Extensions {
+		if internal.IsExtensionKey(k) {
+			x.ArbitraryKeys[k] = v
+		}
+	}
+	for k, v := range r.StatusCodeResponses {
+		x.ArbitraryKeys[strconv.Itoa(k)] = v
+	}
+	x.Default = r.Default
+	return opts.MarshalNext(enc, x)
+}
+
 func (r *Responses) UnmarshalJSON(data []byte) error {
 	if internal.UseOptimizedJSONUnmarshalingV3 {
 		return jsonv2.Unmarshal(data, r)
@@ -179,6 +201,9 @@ type Response struct {
 
 // MarshalJSON is a custom marshal function that knows how to encode Response as JSON
 func (r *Response) MarshalJSON() ([]byte, error) {
+	if internal.UseOptimizedJSONMarshalingV3 {
+		return internal.DeterministicMarshal(r)
+	}
 	b1, err := json.Marshal(r.Refable)
 	if err != nil {
 		return nil, err
@@ -194,6 +219,18 @@ func (r *Response) MarshalJSON() ([]byte, error) {
 	return swag.ConcatJSON(b1, b2, b3), nil
 }
 
+func (r Response) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+	var x struct {
+		Ref string `json:"$ref,omitempty"`
+		spec.Extensions
+		ResponseProps `json:",inline"`
+	}
+	x.Ref = r.Refable.Ref.String()
+	x.Extensions = internal.SanitizeExtensions(r.Extensions)
+	x.ResponseProps = r.ResponseProps
+	return opts.MarshalNext(enc, x)
+}
+
 func (r *Response) UnmarshalJSON(data []byte) error {
 	if internal.UseOptimizedJSONUnmarshalingV3 {
 		return jsonv2.Unmarshal(data, r)
@@ -247,6 +284,9 @@ type Link struct {
 
 // MarshalJSON is a custom marshal function that knows how to encode Link as JSON
 func (r *Link) MarshalJSON() ([]byte, error) {
+	if internal.UseOptimizedJSONMarshalingV3 {
+		return internal.DeterministicMarshal(r)
+	}
 	b1, err := json.Marshal(r.Refable)
 	if err != nil {
 		return nil, err
@@ -262,6 +302,18 @@ func (r *Link) MarshalJSON() ([]byte, error) {
 	return swag.ConcatJSON(b1, b2, b3), nil
 }
 
+func (r *Link) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+	var x struct {
+		Ref string `json:"$ref,omitempty"`
+		spec.Extensions
+		LinkProps `json:",inline"`
+	}
+	x.Ref = r.Refable.Ref.String()
+	x.Extensions = internal.SanitizeExtensions(r.Extensions)
+	x.LinkProps = r.LinkProps
+	return opts.MarshalNext(enc, x)
+}
+
 func (r *Link) UnmarshalJSON(data []byte) error {
 	if internal.UseOptimizedJSONUnmarshalingV3 {
 		return jsonv2.Unmarshal(data, r)
diff --git a/vendor/k8s.io/kube-openapi/pkg/spec3/security_scheme.go b/vendor/k8s.io/kube-openapi/pkg/spec3/security_scheme.go
index edf7e6de3f..dd1e98ed88 100644
--- a/vendor/k8s.io/kube-openapi/pkg/spec3/security_scheme.go
+++ b/vendor/k8s.io/kube-openapi/pkg/spec3/security_scheme.go
@@ -20,6 +20,8 @@ import (
 	"encoding/json"
 
 	"github.com/go-openapi/swag"
+	"k8s.io/kube-openapi/pkg/internal"
+	jsonv2 "k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json"
 	"k8s.io/kube-openapi/pkg/validation/spec"
 )
 
@@ -32,6 +34,9 @@ type SecurityScheme struct {
 
 // MarshalJSON is a custom marshal function that knows how to encode SecurityScheme as JSON
 func (s *SecurityScheme) MarshalJSON() ([]byte, error) {
+	if internal.UseOptimizedJSONMarshalingV3 {
+		return internal.DeterministicMarshal(s)
+	}
 	b1, err := json.Marshal(s.SecuritySchemeProps)
 	if err != nil {
 		return nil, err
@@ -47,6 +52,18 @@ func (s *SecurityScheme) MarshalJSON() ([]byte, error) {
 	return swag.ConcatJSON(b1, b2, b3), nil
 }
 
+func (s *SecurityScheme) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+	var x struct {
+		Ref                 string `json:"$ref,omitempty"`
+		SecuritySchemeProps `json:",inline"`
+		spec.Extensions
+	}
+	x.Ref = s.Refable.Ref.String()
+	x.Extensions = internal.SanitizeExtensions(s.Extensions)
+	x.SecuritySchemeProps = s.SecuritySchemeProps
+	return opts.MarshalNext(enc, x)
+}
+
 // UnmarshalJSON hydrates this items instance with the data from JSON
 func (s *SecurityScheme) UnmarshalJSON(data []byte) error {
 	if err := json.Unmarshal(data, &s.SecuritySchemeProps); err != nil {
diff --git a/vendor/k8s.io/kube-openapi/pkg/spec3/server.go b/vendor/k8s.io/kube-openapi/pkg/spec3/server.go
index d5df0a7811..654a42c06e 100644
--- a/vendor/k8s.io/kube-openapi/pkg/spec3/server.go
+++ b/vendor/k8s.io/kube-openapi/pkg/spec3/server.go
@@ -41,6 +41,9 @@ type ServerProps struct {
 
 // MarshalJSON is a custom marshal function that knows how to encode Responses as JSON
 func (s *Server) MarshalJSON() ([]byte, error) {
+	if internal.UseOptimizedJSONMarshalingV3 {
+		return internal.DeterministicMarshal(s)
+	}
 	b1, err := json.Marshal(s.ServerProps)
 	if err != nil {
 		return nil, err
@@ -52,6 +55,16 @@ func (s *Server) MarshalJSON() ([]byte, error) {
 	return swag.ConcatJSON(b1, b2), nil
 }
 
+func (s *Server) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+	var x struct {
+		ServerProps `json:",inline"`
+		spec.Extensions
+	}
+	x.Extensions = internal.SanitizeExtensions(s.Extensions)
+	x.ServerProps = s.ServerProps
+	return opts.MarshalNext(enc, x)
+}
+
 func (s *Server) UnmarshalJSON(data []byte) error {
 	if internal.UseOptimizedJSONUnmarshalingV3 {
 		return jsonv2.Unmarshal(data, s)
@@ -96,6 +109,9 @@ type ServerVariableProps struct {
 
 // MarshalJSON is a custom marshal function that knows how to encode Responses as JSON
 func (s *ServerVariable) MarshalJSON() ([]byte, error) {
+	if internal.UseOptimizedJSONMarshalingV3 {
+		return internal.DeterministicMarshal(s)
+	}
 	b1, err := json.Marshal(s.ServerVariableProps)
 	if err != nil {
 		return nil, err
@@ -107,6 +123,16 @@ func (s *ServerVariable) MarshalJSON() ([]byte, error) {
 	return swag.ConcatJSON(b1, b2), nil
 }
 
+func (s *ServerVariable) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+	var x struct {
+		ServerVariableProps `json:",inline"`
+		spec.Extensions
+	}
+	x.Extensions = internal.SanitizeExtensions(s.Extensions)
+	x.ServerVariableProps = s.ServerVariableProps
+	return opts.MarshalNext(enc, x)
+}
+
 func (s *ServerVariable) UnmarshalJSON(data []byte) error {
 	if internal.UseOptimizedJSONUnmarshalingV3 {
 		return jsonv2.Unmarshal(data, s)
diff --git a/vendor/k8s.io/kube-openapi/pkg/spec3/spec.go b/vendor/k8s.io/kube-openapi/pkg/spec3/spec.go
index bed096fb76..5db819c7f0 100644
--- a/vendor/k8s.io/kube-openapi/pkg/spec3/spec.go
+++ b/vendor/k8s.io/kube-openapi/pkg/spec3/spec.go
@@ -36,6 +36,8 @@ type OpenAPI struct {
 	Servers []*Server `json:"servers,omitempty"`
 	// Components hold various schemas for the specification
 	Components *Components `json:"components,omitempty"`
+	// SecurityRequirement holds a declaration of which security mechanisms can be used across the API
+	SecurityRequirement []map[string][]string `json:"security,omitempty"`
 	// ExternalDocs holds additional external documentation
 	ExternalDocs *ExternalDocumentation `json:"externalDocs,omitempty"`
 }
@@ -48,3 +50,26 @@ func (o *OpenAPI) UnmarshalJSON(data []byte) error {
 	}
 	return json.Unmarshal(data, &p)
 }
+
+func (o *OpenAPI) MarshalJSON() ([]byte, error) {
+	if internal.UseOptimizedJSONMarshalingV3 {
+		return internal.DeterministicMarshal(o)
+	}
+	type OpenAPIWithNoFunctions OpenAPI
+	p := (*OpenAPIWithNoFunctions)(o)
+	return json.Marshal(&p)
+}
+
+func (o *OpenAPI) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
+	type OpenAPIOmitZero struct {
+		Version             string                 `json:"openapi"`
+		Info                *spec.Info             `json:"info"`
+		Paths               *Paths                 `json:"paths,omitzero"`
+		Servers             []*Server              `json:"servers,omitempty"`
+		Components          *Components            `json:"components,omitzero"`
+		SecurityRequirement []map[string][]string  `json:"security,omitempty"`
+		ExternalDocs        *ExternalDocumentation `json:"externalDocs,omitzero"`
+	}
+	x := (*OpenAPIOmitZero)(o)
+	return opts.MarshalNext(enc, x)
+}
diff --git a/vendor/k8s.io/kube-openapi/pkg/util/proto/document.go b/vendor/k8s.io/kube-openapi/pkg/util/proto/document.go
index 763923dfff..5789e67ab7 100644
--- a/vendor/k8s.io/kube-openapi/pkg/util/proto/document.go
+++ b/vendor/k8s.io/kube-openapi/pkg/util/proto/document.go
@@ -21,7 +21,7 @@ import (
 	"sort"
 	"strings"
 
-	openapi_v2 "github.com/google/gnostic/openapiv2"
+	openapi_v2 "github.com/google/gnostic-models/openapiv2"
 	"gopkg.in/yaml.v2"
 )
 
diff --git a/vendor/k8s.io/kube-openapi/pkg/util/proto/document_v3.go b/vendor/k8s.io/kube-openapi/pkg/util/proto/document_v3.go
index 519dcf2eba..d9f2896e35 100644
--- a/vendor/k8s.io/kube-openapi/pkg/util/proto/document_v3.go
+++ b/vendor/k8s.io/kube-openapi/pkg/util/proto/document_v3.go
@@ -21,7 +21,7 @@ import (
 	"reflect"
 	"strings"
 
-	openapi_v3 "github.com/google/gnostic/openapiv3"
+	openapi_v3 "github.com/google/gnostic-models/openapiv3"
 	"gopkg.in/yaml.v3"
 )
 
diff --git a/vendor/k8s.io/kube-openapi/pkg/validation/spec/fuzz.go b/vendor/k8s.io/kube-openapi/pkg/validation/spec/fuzz.go
deleted file mode 100644
index c66f998f51..0000000000
--- a/vendor/k8s.io/kube-openapi/pkg/validation/spec/fuzz.go
+++ /dev/null
@@ -1,502 +0,0 @@
-/*
-Copyright 2022 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-	http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package spec
-
-import (
-	"github.com/go-openapi/jsonreference"
-	"github.com/google/go-cmp/cmp"
-	fuzz "github.com/google/gofuzz"
-)
-
-var SwaggerFuzzFuncs []interface{} = []interface{}{
-	func(v *Responses, c fuzz.Continue) {
-		c.FuzzNoCustom(v)
-		if v.Default != nil {
-			// Check if we hit maxDepth and left an incomplete value
-			if v.Default.Description == "" {
-				v.Default = nil
-				v.StatusCodeResponses = nil
-			}
-		}
-
-		// conversion has no way to discern empty statusCodeResponses from
-		// nil, since "default" is always included in the map.
-		// So avoid empty responses list
-		if len(v.StatusCodeResponses) == 0 {
-			v.StatusCodeResponses = nil
-		}
-	},
-	func(v *Operation, c fuzz.Continue) {
-		c.FuzzNoCustom(v)
-
-		if v != nil {
-			// force non-nil
-			v.Responses = &Responses{}
-			c.Fuzz(v.Responses)
-
-			v.Schemes = nil
-			if c.RandBool() {
-				v.Schemes = append(v.Schemes, "http")
-			}
-
-			if c.RandBool() {
-				v.Schemes = append(v.Schemes, "https")
-			}
-
-			if c.RandBool() {
-				v.Schemes = append(v.Schemes, "ws")
-			}
-
-			if c.RandBool() {
-				v.Schemes = append(v.Schemes, "wss")
-			}
-
-			// Gnostic unconditionally makes security values non-null
-			// So do not fuzz null values into the array.
-			for i, val := range v.Security {
-				if val == nil {
-					v.Security[i] = make(map[string][]string)
-				}
-
-				for k, v := range val {
-					if v == nil {
-						val[k] = make([]string, 0)
-					}
-				}
-			}
-		}
-	},
-	func(v map[int]Response, c fuzz.Continue) {
-		n := 0
-		c.Fuzz(&n)
-		if n == 0 {
-			// Test that fuzzer is not at maxDepth so we do not
-			// end up with empty elements
-			return
-		}
-
-		// Prevent negative numbers
-		num := c.Intn(4)
-		for i := 0; i < num+2; i++ {
-			val := Response{}
-			c.Fuzz(&val)
-
-			val.Description = c.RandString() + "x"
-			v[100*(i+1)+c.Intn(100)] = val
-		}
-	},
-	func(v map[string]PathItem, c fuzz.Continue) {
-		n := 0
-		c.Fuzz(&n)
-		if n == 0 {
-			// Test that fuzzer is not at maxDepth so we do not
-			// end up with empty elements
-			return
-		}
-
-		num := c.Intn(5)
-		for i := 0; i < num+2; i++ {
-			val := PathItem{}
-			c.Fuzz(&val)
-
-			// Ref params are only allowed in certain locations, so
-			// possibly add a few to PathItems
-			numRefsToAdd := c.Intn(5)
-			for i := 0; i < numRefsToAdd; i++ {
-				theRef := Parameter{}
-				c.Fuzz(&theRef.Refable)
-
-				val.Parameters = append(val.Parameters, theRef)
-			}
-
-			v["/"+c.RandString()] = val
-		}
-	},
-	func(v *SchemaOrArray, c fuzz.Continue) {
-		*v = SchemaOrArray{}
-		// gnostic parser just doesn't support more
-		// than one Schema here
-		v.Schema = &Schema{}
-		c.Fuzz(&v.Schema)
-
-	},
-	func(v *SchemaOrBool, c fuzz.Continue) {
-		*v = SchemaOrBool{}
-
-		if c.RandBool() {
-			v.Allows = c.RandBool()
-		} else {
-			v.Schema = &Schema{}
-			v.Allows = true
-			c.Fuzz(&v.Schema)
-		}
-	},
-	func(v map[string]Response, c fuzz.Continue) {
-		n := 0
-		c.Fuzz(&n)
-		if n == 0 {
-			// Test that fuzzer is not at maxDepth so we do not
-			// end up with empty elements
-			return
-		}
-
-		// Response definitions are not allowed to
-		// be refs
-		for i := 0; i < c.Intn(5)+1; i++ {
-			resp := &Response{}
-
-			c.Fuzz(resp)
-			resp.Ref = Ref{}
-			resp.Description = c.RandString() + "x"
-
-			// Response refs are not vendor extensible by gnostic
-			resp.VendorExtensible.Extensions = nil
-			v[c.RandString()+"x"] = *resp
-		}
-	},
-	func(v *Header, c fuzz.Continue) {
-		if v != nil {
-			c.FuzzNoCustom(v)
-
-			// descendant Items of Header may not be refs
-			cur := v.Items
-			for cur != nil {
-				cur.Ref = Ref{}
-				cur = cur.Items
-			}
-		}
-	},
-	func(v *Ref, c fuzz.Continue) {
-		*v = Ref{}
-		v.Ref, _ = jsonreference.New("http://asd.com/" + c.RandString())
-	},
-	func(v *Response, c fuzz.Continue) {
-		*v = Response{}
-		if c.RandBool() {
-			v.Ref = Ref{}
-			v.Ref.Ref, _ = jsonreference.New("http://asd.com/" + c.RandString())
-		} else {
-			c.Fuzz(&v.VendorExtensible)
-			c.Fuzz(&v.Schema)
-			c.Fuzz(&v.ResponseProps)
-
-			v.Headers = nil
-			v.Ref = Ref{}
-
-			n := 0
-			c.Fuzz(&n)
-			if n != 0 {
-				// Test that fuzzer is not at maxDepth so we do not
-				// end up with empty elements
-				num := c.Intn(4)
-				for i := 0; i < num; i++ {
-					if v.Headers == nil {
-						v.Headers = make(map[string]Header)
-					}
-					hdr := Header{}
-					c.Fuzz(&hdr)
-					if hdr.Type == "" {
-						// hit maxDepth, just abort trying to make haders
-						v.Headers = nil
-						break
-					}
-					v.Headers[c.RandString()+"x"] = hdr
-				}
-			} else {
-				v.Headers = nil
-			}
-		}
-
-		v.Description = c.RandString() + "x"
-
-		// Gnostic parses empty as nil, so to keep avoid putting empty
-		if len(v.Headers) == 0 {
-			v.Headers = nil
-		}
-	},
-	func(v **Info, c fuzz.Continue) {
-		// Info is never nil
-		*v = &Info{}
-		c.FuzzNoCustom(*v)
-
-		(*v).Title = c.RandString() + "x"
-	},
-	func(v *Extensions, c fuzz.Continue) {
-		// gnostic parser only picks up x- vendor extensions
-		numChildren := c.Intn(5)
-		for i := 0; i < numChildren; i++ {
-			if *v == nil {
-				*v = Extensions{}
-			}
-			(*v)["x-"+c.RandString()] = c.RandString()
-		}
-	},
-	func(v *Swagger, c fuzz.Continue) {
-		c.FuzzNoCustom(v)
-
-		if v.Paths == nil {
-			// Force paths non-nil since it does not have omitempty in json tag.
-			// This means a perfect roundtrip (via json) is impossible,
-			// since we can't tell the difference between empty/unspecified paths
-			v.Paths = &Paths{}
-			c.Fuzz(v.Paths)
-		}
-
-		v.Swagger = "2.0"
-
-		// Gnostic support serializing ID at all
-		// unavoidable data loss
-		v.ID = ""
-
-		v.Schemes = nil
-		if c.RandUint64()%2 == 1 {
-			v.Schemes = append(v.Schemes, "http")
-		}
-
-		if c.RandUint64()%2 == 1 {
-			v.Schemes = append(v.Schemes, "https")
-		}
-
-		if c.RandUint64()%2 == 1 {
-			v.Schemes = append(v.Schemes, "ws")
-		}
-
-		if c.RandUint64()%2 == 1 {
-			v.Schemes = append(v.Schemes, "wss")
-		}
-
-		// Gnostic unconditionally makes security values non-null
-		// So do not fuzz null values into the array.
-		for i, val := range v.Security {
-			if val == nil {
-				v.Security[i] = make(map[string][]string)
-			}
-
-			for k, v := range val {
-				if v == nil {
-					val[k] = make([]string, 0)
-				}
-			}
-		}
-	},
-	func(v *SecurityScheme, c fuzz.Continue) {
-		v.Description = c.RandString() + "x"
-		c.Fuzz(&v.VendorExtensible)
-
-		switch c.Intn(3) {
-		case 0:
-			v.Type = "basic"
-		case 1:
-			v.Type = "apiKey"
-			switch c.Intn(2) {
-			case 0:
-				v.In = "header"
-			case 1:
-				v.In = "query"
-			default:
-				panic("unreachable")
-			}
-			v.Name = "x" + c.RandString()
-		case 2:
-			v.Type = "oauth2"
-
-			switch c.Intn(4) {
-			case 0:
-				v.Flow = "accessCode"
-				v.TokenURL = "https://" + c.RandString()
-				v.AuthorizationURL = "https://" + c.RandString()
-			case 1:
-				v.Flow = "application"
-				v.TokenURL = "https://" + c.RandString()
-			case 2:
-				v.Flow = "implicit"
-				v.AuthorizationURL = "https://" + c.RandString()
-			case 3:
-				v.Flow = "password"
-				v.TokenURL = "https://" + c.RandString()
-			default:
-				panic("unreachable")
-			}
-			c.Fuzz(&v.Scopes)
-		default:
-			panic("unreachable")
-		}
-	},
-	func(v *interface{}, c fuzz.Continue) {
-		*v = c.RandString() + "x"
-	},
-	func(v *string, c fuzz.Continue) {
-		*v = c.RandString() + "x"
-	},
-	func(v *ExternalDocumentation, c fuzz.Continue) {
-		v.Description = c.RandString() + "x"
-		v.URL = c.RandString() + "x"
-	},
-	func(v *SimpleSchema, c fuzz.Continue) {
-		c.FuzzNoCustom(v)
-
-		switch c.Intn(5) {
-		case 0:
-			v.Type = "string"
-		case 1:
-			v.Type = "number"
-		case 2:
-			v.Type = "boolean"
-		case 3:
-			v.Type = "integer"
-		case 4:
-			v.Type = "array"
-		default:
-			panic("unreachable")
-		}
-
-		switch c.Intn(5) {
-		case 0:
-			v.CollectionFormat = "csv"
-		case 1:
-			v.CollectionFormat = "ssv"
-		case 2:
-			v.CollectionFormat = "tsv"
-		case 3:
-			v.CollectionFormat = "pipes"
-		case 4:
-			v.CollectionFormat = ""
-		default:
-			panic("unreachable")
-		}
-
-		// None of the types which include SimpleSchema in our definitions
-		// actually support "example" in the official spec
-		v.Example = nil
-
-		// unsupported by openapi
-		v.Nullable = false
-	},
-	func(v *int64, c fuzz.Continue) {
-		c.Fuzz(v)
-
-		// Gnostic does not differentiate between 0 and non-specified
-		// so avoid using 0 for fuzzer
-		if *v == 0 {
-			*v = 1
-		}
-	},
-	func(v *float64, c fuzz.Continue) {
-		c.Fuzz(v)
-
-		// Gnostic does not differentiate between 0 and non-specified
-		// so avoid using 0 for fuzzer
-		if *v == 0.0 {
-			*v = 1.0
-		}
-	},
-	func(v *Parameter, c fuzz.Continue) {
-		if v == nil {
-			return
-		}
-		c.Fuzz(&v.VendorExtensible)
-		if c.RandBool() {
-			// body param
-			v.Description = c.RandString() + "x"
-			v.Name = c.RandString() + "x"
-			v.In = "body"
-			c.Fuzz(&v.Description)
-			c.Fuzz(&v.Required)
-
-			v.Schema = &Schema{}
-			c.Fuzz(&v.Schema)
-
-		} else {
-			c.Fuzz(&v.SimpleSchema)
-			c.Fuzz(&v.CommonValidations)
-			v.AllowEmptyValue = false
-			v.Description = c.RandString() + "x"
-			v.Name = c.RandString() + "x"
-
-			switch c.Intn(4) {
-			case 0:
-				// Header param
-				v.In = "header"
-			case 1:
-				// Form data param
-				v.In = "formData"
-				v.AllowEmptyValue = c.RandBool()
-			case 2:
-				// Query param
-				v.In = "query"
-				v.AllowEmptyValue = c.RandBool()
-			case 3:
-				// Path param
-				v.In = "path"
-				v.Required = true
-			default:
-				panic("unreachable")
-			}
-
-			// descendant Items of Parameter may not be refs
-			cur := v.Items
-			for cur != nil {
-				cur.Ref = Ref{}
-				cur = cur.Items
-			}
-		}
-	},
-	func(v *Schema, c fuzz.Continue) {
-		if c.RandBool() {
-			// file schema
-			c.Fuzz(&v.Default)
-			c.Fuzz(&v.Description)
-			c.Fuzz(&v.Example)
-			c.Fuzz(&v.ExternalDocs)
-
-			c.Fuzz(&v.Format)
-			c.Fuzz(&v.ReadOnly)
-			c.Fuzz(&v.Required)
-			c.Fuzz(&v.Title)
-			v.Type = StringOrArray{"file"}
-
-		} else {
-			// normal schema
-			c.Fuzz(&v.SchemaProps)
-			c.Fuzz(&v.SwaggerSchemaProps)
-			c.Fuzz(&v.VendorExtensible)
-			// c.Fuzz(&v.ExtraProps)
-			// ExtraProps will not roundtrip - gnostic throws out
-			// unrecognized keys
-		}
-
-		// Not supported by official openapi v2 spec
-		// and stripped by k8s apiserver
-		v.ID = ""
-		v.AnyOf = nil
-		v.OneOf = nil
-		v.Not = nil
-		v.Nullable = false
-		v.AdditionalItems = nil
-		v.Schema = ""
-		v.PatternProperties = nil
-		v.Definitions = nil
-		v.Dependencies = nil
-	},
-}
-
-var SwaggerDiffOptions = []cmp.Option{
-	// cmp.Diff panics on Ref since jsonreference.Ref uses unexported fields
-	cmp.Comparer(func(a Ref, b Ref) bool {
-		return a.String() == b.String()
-	}),
-}
diff --git a/vendor/k8s.io/kube-openapi/pkg/validation/spec/gnostic.go b/vendor/k8s.io/kube-openapi/pkg/validation/spec/gnostic.go
index 406a09d9d1..6a77f2ac82 100644
--- a/vendor/k8s.io/kube-openapi/pkg/validation/spec/gnostic.go
+++ b/vendor/k8s.io/kube-openapi/pkg/validation/spec/gnostic.go
@@ -21,7 +21,7 @@ import (
 	"strconv"
 
 	"github.com/go-openapi/jsonreference"
-	openapi_v2 "github.com/google/gnostic/openapiv2"
+	openapi_v2 "github.com/google/gnostic-models/openapiv2"
 )
 
 // Interfaces
diff --git a/vendor/k8s.io/utils/pointer/pointer.go b/vendor/k8s.io/utils/pointer/pointer.go
index b8103223ad..b673a64257 100644
--- a/vendor/k8s.io/utils/pointer/pointer.go
+++ b/vendor/k8s.io/utils/pointer/pointer.go
@@ -14,12 +14,15 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
+// Deprecated: Use functions in k8s.io/utils/ptr instead: ptr.To to obtain
+// a pointer, ptr.Deref to dereference a pointer, ptr.Equal to compare
+// dereferenced pointers.
 package pointer
 
 import (
-	"fmt"
-	"reflect"
 	"time"
+
+	"k8s.io/utils/ptr"
 )
 
 // AllPtrFieldsNil tests whether all pointer fields in a struct are nil.  This is useful when,
@@ -28,383 +31,219 @@ import (
 //
 // This function is only valid for structs and pointers to structs.  Any other
 // type will cause a panic.  Passing a typed nil pointer will return true.
-func AllPtrFieldsNil(obj interface{}) bool {
-	v := reflect.ValueOf(obj)
-	if !v.IsValid() {
-		panic(fmt.Sprintf("reflect.ValueOf() produced a non-valid Value for %#v", obj))
-	}
-	if v.Kind() == reflect.Ptr {
-		if v.IsNil() {
-			return true
-		}
-		v = v.Elem()
-	}
-	for i := 0; i < v.NumField(); i++ {
-		if v.Field(i).Kind() == reflect.Ptr && !v.Field(i).IsNil() {
-			return false
-		}
-	}
-	return true
-}
-
-// Int returns a pointer to an int
-func Int(i int) *int {
-	return &i
-}
+//
+// Deprecated: Use ptr.AllPtrFieldsNil instead.
+var AllPtrFieldsNil = ptr.AllPtrFieldsNil
+
+// Int returns a pointer to an int.
+var Int = ptr.To[int]
 
 // IntPtr is a function variable referring to Int.
 //
-// Deprecated: Use Int instead.
+// Deprecated: Use ptr.To instead.
 var IntPtr = Int // for back-compat
 
 // IntDeref dereferences the int ptr and returns it if not nil, or else
 // returns def.
-func IntDeref(ptr *int, def int) int {
-	if ptr != nil {
-		return *ptr
-	}
-	return def
-}
+var IntDeref = ptr.Deref[int]
 
 // IntPtrDerefOr is a function variable referring to IntDeref.
 //
-// Deprecated: Use IntDeref instead.
+// Deprecated: Use ptr.Deref instead.
 var IntPtrDerefOr = IntDeref // for back-compat
 
 // Int32 returns a pointer to an int32.
-func Int32(i int32) *int32 {
-	return &i
-}
+var Int32 = ptr.To[int32]
 
 // Int32Ptr is a function variable referring to Int32.
 //
-// Deprecated: Use Int32 instead.
+// Deprecated: Use ptr.To instead.
 var Int32Ptr = Int32 // for back-compat
 
 // Int32Deref dereferences the int32 ptr and returns it if not nil, or else
 // returns def.
-func Int32Deref(ptr *int32, def int32) int32 {
-	if ptr != nil {
-		return *ptr
-	}
-	return def
-}
+var Int32Deref = ptr.Deref[int32]
 
 // Int32PtrDerefOr is a function variable referring to Int32Deref.
 //
-// Deprecated: Use Int32Deref instead.
+// Deprecated: Use ptr.Deref instead.
 var Int32PtrDerefOr = Int32Deref // for back-compat
 
 // Int32Equal returns true if both arguments are nil or both arguments
 // dereference to the same value.
-func Int32Equal(a, b *int32) bool {
-	if (a == nil) != (b == nil) {
-		return false
-	}
-	if a == nil {
-		return true
-	}
-	return *a == *b
-}
+var Int32Equal = ptr.Equal[int32]
 
 // Uint returns a pointer to an uint
-func Uint(i uint) *uint {
-	return &i
-}
+var Uint = ptr.To[uint]
 
 // UintPtr is a function variable referring to Uint.
 //
-// Deprecated: Use Uint instead.
+// Deprecated: Use ptr.To instead.
 var UintPtr = Uint // for back-compat
 
 // UintDeref dereferences the uint ptr and returns it if not nil, or else
 // returns def.
-func UintDeref(ptr *uint, def uint) uint {
-	if ptr != nil {
-		return *ptr
-	}
-	return def
-}
+var UintDeref = ptr.Deref[uint]
 
 // UintPtrDerefOr is a function variable referring to UintDeref.
 //
-// Deprecated: Use UintDeref instead.
+// Deprecated: Use ptr.Deref instead.
 var UintPtrDerefOr = UintDeref // for back-compat
 
 // Uint32 returns a pointer to an uint32.
-func Uint32(i uint32) *uint32 {
-	return &i
-}
+var Uint32 = ptr.To[uint32]
 
 // Uint32Ptr is a function variable referring to Uint32.
 //
-// Deprecated: Use Uint32 instead.
+// Deprecated: Use ptr.To instead.
 var Uint32Ptr = Uint32 // for back-compat
 
 // Uint32Deref dereferences the uint32 ptr and returns it if not nil, or else
 // returns def.
-func Uint32Deref(ptr *uint32, def uint32) uint32 {
-	if ptr != nil {
-		return *ptr
-	}
-	return def
-}
+var Uint32Deref = ptr.Deref[uint32]
 
 // Uint32PtrDerefOr is a function variable referring to Uint32Deref.
 //
-// Deprecated: Use Uint32Deref instead.
+// Deprecated: Use ptr.Deref instead.
 var Uint32PtrDerefOr = Uint32Deref // for back-compat
 
 // Uint32Equal returns true if both arguments are nil or both arguments
 // dereference to the same value.
-func Uint32Equal(a, b *uint32) bool {
-	if (a == nil) != (b == nil) {
-		return false
-	}
-	if a == nil {
-		return true
-	}
-	return *a == *b
-}
+var Uint32Equal = ptr.Equal[uint32]
 
 // Int64 returns a pointer to an int64.
-func Int64(i int64) *int64 {
-	return &i
-}
+var Int64 = ptr.To[int64]
 
 // Int64Ptr is a function variable referring to Int64.
 //
-// Deprecated: Use Int64 instead.
+// Deprecated: Use ptr.To instead.
 var Int64Ptr = Int64 // for back-compat
 
 // Int64Deref dereferences the int64 ptr and returns it if not nil, or else
 // returns def.
-func Int64Deref(ptr *int64, def int64) int64 {
-	if ptr != nil {
-		return *ptr
-	}
-	return def
-}
+var Int64Deref = ptr.Deref[int64]
 
 // Int64PtrDerefOr is a function variable referring to Int64Deref.
 //
-// Deprecated: Use Int64Deref instead.
+// Deprecated: Use ptr.Deref instead.
 var Int64PtrDerefOr = Int64Deref // for back-compat
 
 // Int64Equal returns true if both arguments are nil or both arguments
 // dereference to the same value.
-func Int64Equal(a, b *int64) bool {
-	if (a == nil) != (b == nil) {
-		return false
-	}
-	if a == nil {
-		return true
-	}
-	return *a == *b
-}
+var Int64Equal = ptr.Equal[int64]
 
 // Uint64 returns a pointer to an uint64.
-func Uint64(i uint64) *uint64 {
-	return &i
-}
+var Uint64 = ptr.To[uint64]
 
 // Uint64Ptr is a function variable referring to Uint64.
 //
-// Deprecated: Use Uint64 instead.
+// Deprecated: Use ptr.To instead.
 var Uint64Ptr = Uint64 // for back-compat
 
 // Uint64Deref dereferences the uint64 ptr and returns it if not nil, or else
 // returns def.
-func Uint64Deref(ptr *uint64, def uint64) uint64 {
-	if ptr != nil {
-		return *ptr
-	}
-	return def
-}
+var Uint64Deref = ptr.Deref[uint64]
 
 // Uint64PtrDerefOr is a function variable referring to Uint64Deref.
 //
-// Deprecated: Use Uint64Deref instead.
+// Deprecated: Use ptr.Deref instead.
 var Uint64PtrDerefOr = Uint64Deref // for back-compat
 
 // Uint64Equal returns true if both arguments are nil or both arguments
 // dereference to the same value.
-func Uint64Equal(a, b *uint64) bool {
-	if (a == nil) != (b == nil) {
-		return false
-	}
-	if a == nil {
-		return true
-	}
-	return *a == *b
-}
+var Uint64Equal = ptr.Equal[uint64]
 
 // Bool returns a pointer to a bool.
-func Bool(b bool) *bool {
-	return &b
-}
+var Bool = ptr.To[bool]
 
 // BoolPtr is a function variable referring to Bool.
 //
-// Deprecated: Use Bool instead.
+// Deprecated: Use ptr.To instead.
 var BoolPtr = Bool // for back-compat
 
 // BoolDeref dereferences the bool ptr and returns it if not nil, or else
 // returns def.
-func BoolDeref(ptr *bool, def bool) bool {
-	if ptr != nil {
-		return *ptr
-	}
-	return def
-}
+var BoolDeref = ptr.Deref[bool]
 
 // BoolPtrDerefOr is a function variable referring to BoolDeref.
 //
-// Deprecated: Use BoolDeref instead.
+// Deprecated: Use ptr.Deref instead.
 var BoolPtrDerefOr = BoolDeref // for back-compat
 
 // BoolEqual returns true if both arguments are nil or both arguments
 // dereference to the same value.
-func BoolEqual(a, b *bool) bool {
-	if (a == nil) != (b == nil) {
-		return false
-	}
-	if a == nil {
-		return true
-	}
-	return *a == *b
-}
+var BoolEqual = ptr.Equal[bool]
 
 // String returns a pointer to a string.
-func String(s string) *string {
-	return &s
-}
+var String = ptr.To[string]
 
 // StringPtr is a function variable referring to String.
 //
-// Deprecated: Use String instead.
+// Deprecated: Use ptr.To instead.
 var StringPtr = String // for back-compat
 
 // StringDeref dereferences the string ptr and returns it if not nil, or else
 // returns def.
-func StringDeref(ptr *string, def string) string {
-	if ptr != nil {
-		return *ptr
-	}
-	return def
-}
+var StringDeref = ptr.Deref[string]
 
 // StringPtrDerefOr is a function variable referring to StringDeref.
 //
-// Deprecated: Use StringDeref instead.
+// Deprecated: Use ptr.Deref instead.
 var StringPtrDerefOr = StringDeref // for back-compat
 
 // StringEqual returns true if both arguments are nil or both arguments
 // dereference to the same value.
-func StringEqual(a, b *string) bool {
-	if (a == nil) != (b == nil) {
-		return false
-	}
-	if a == nil {
-		return true
-	}
-	return *a == *b
-}
+var StringEqual = ptr.Equal[string]
 
 // Float32 returns a pointer to a float32.
-func Float32(i float32) *float32 {
-	return &i
-}
+var Float32 = ptr.To[float32]
 
 // Float32Ptr is a function variable referring to Float32.
 //
-// Deprecated: Use Float32 instead.
+// Deprecated: Use ptr.To instead.
 var Float32Ptr = Float32
 
 // Float32Deref dereferences the float32 ptr and returns it if not nil, or else
 // returns def.
-func Float32Deref(ptr *float32, def float32) float32 {
-	if ptr != nil {
-		return *ptr
-	}
-	return def
-}
+var Float32Deref = ptr.Deref[float32]
 
 // Float32PtrDerefOr is a function variable referring to Float32Deref.
 //
-// Deprecated: Use Float32Deref instead.
+// Deprecated: Use ptr.Deref instead.
 var Float32PtrDerefOr = Float32Deref // for back-compat
 
 // Float32Equal returns true if both arguments are nil or both arguments
 // dereference to the same value.
-func Float32Equal(a, b *float32) bool {
-	if (a == nil) != (b == nil) {
-		return false
-	}
-	if a == nil {
-		return true
-	}
-	return *a == *b
-}
+var Float32Equal = ptr.Equal[float32]
 
 // Float64 returns a pointer to a float64.
-func Float64(i float64) *float64 {
-	return &i
-}
+var Float64 = ptr.To[float64]
 
 // Float64Ptr is a function variable referring to Float64.
 //
-// Deprecated: Use Float64 instead.
+// Deprecated: Use ptr.To instead.
 var Float64Ptr = Float64
 
 // Float64Deref dereferences the float64 ptr and returns it if not nil, or else
 // returns def.
-func Float64Deref(ptr *float64, def float64) float64 {
-	if ptr != nil {
-		return *ptr
-	}
-	return def
-}
+var Float64Deref = ptr.Deref[float64]
 
 // Float64PtrDerefOr is a function variable referring to Float64Deref.
 //
-// Deprecated: Use Float64Deref instead.
+// Deprecated: Use ptr.Deref instead.
 var Float64PtrDerefOr = Float64Deref // for back-compat
 
 // Float64Equal returns true if both arguments are nil or both arguments
 // dereference to the same value.
-func Float64Equal(a, b *float64) bool {
-	if (a == nil) != (b == nil) {
-		return false
-	}
-	if a == nil {
-		return true
-	}
-	return *a == *b
-}
+var Float64Equal = ptr.Equal[float64]
 
 // Duration returns a pointer to a time.Duration.
-func Duration(d time.Duration) *time.Duration {
-	return &d
-}
+var Duration = ptr.To[time.Duration]
 
 // DurationDeref dereferences the time.Duration ptr and returns it if not nil, or else
 // returns def.
-func DurationDeref(ptr *time.Duration, def time.Duration) time.Duration {
-	if ptr != nil {
-		return *ptr
-	}
-	return def
-}
+var DurationDeref = ptr.Deref[time.Duration]
 
 // DurationEqual returns true if both arguments are nil or both arguments
 // dereference to the same value.
-func DurationEqual(a, b *time.Duration) bool {
-	if (a == nil) != (b == nil) {
-		return false
-	}
-	if a == nil {
-		return true
-	}
-	return *a == *b
-}
+var DurationEqual = ptr.Equal[time.Duration]
diff --git a/vendor/k8s.io/utils/ptr/OWNERS b/vendor/k8s.io/utils/ptr/OWNERS
new file mode 100644
index 0000000000..0d6392752a
--- /dev/null
+++ b/vendor/k8s.io/utils/ptr/OWNERS
@@ -0,0 +1,10 @@
+# See the OWNERS docs at https://go.k8s.io/owners
+
+approvers:
+- apelisse
+- stewart-yu
+- thockin
+reviewers:
+- apelisse
+- stewart-yu
+- thockin
diff --git a/vendor/k8s.io/utils/ptr/README.md b/vendor/k8s.io/utils/ptr/README.md
new file mode 100644
index 0000000000..2ca8073dc7
--- /dev/null
+++ b/vendor/k8s.io/utils/ptr/README.md
@@ -0,0 +1,3 @@
+# Pointer
+
+This package provides some functions for pointer-based operations.
diff --git a/vendor/k8s.io/utils/ptr/ptr.go b/vendor/k8s.io/utils/ptr/ptr.go
new file mode 100644
index 0000000000..659ed3b9e2
--- /dev/null
+++ b/vendor/k8s.io/utils/ptr/ptr.go
@@ -0,0 +1,73 @@
+/*
+Copyright 2023 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package ptr
+
+import (
+	"fmt"
+	"reflect"
+)
+
+// AllPtrFieldsNil tests whether all pointer fields in a struct are nil.  This is useful when,
+// for example, an API struct is handled by plugins which need to distinguish
+// "no plugin accepted this spec" from "this spec is empty".
+//
+// This function is only valid for structs and pointers to structs.  Any other
+// type will cause a panic.  Passing a typed nil pointer will return true.
+func AllPtrFieldsNil(obj interface{}) bool {
+	v := reflect.ValueOf(obj)
+	if !v.IsValid() {
+		panic(fmt.Sprintf("reflect.ValueOf() produced a non-valid Value for %#v", obj))
+	}
+	if v.Kind() == reflect.Ptr {
+		if v.IsNil() {
+			return true
+		}
+		v = v.Elem()
+	}
+	for i := 0; i < v.NumField(); i++ {
+		if v.Field(i).Kind() == reflect.Ptr && !v.Field(i).IsNil() {
+			return false
+		}
+	}
+	return true
+}
+
+// To returns a pointer to the given value.
+func To[T any](v T) *T {
+	return &v
+}
+
+// Deref dereferences ptr and returns the value it points to if no nil, or else
+// returns def.
+func Deref[T any](ptr *T, def T) T {
+	if ptr != nil {
+		return *ptr
+	}
+	return def
+}
+
+// Equal returns true if both arguments are nil or both arguments
+// dereference to the same value.
+func Equal[T comparable](a, b *T) bool {
+	if (a == nil) != (b == nil) {
+		return false
+	}
+	if a == nil {
+		return true
+	}
+	return *a == *b
+}
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 824c02a725..b70576f85b 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -10,7 +10,7 @@ cloud.google.com/go/internal
 cloud.google.com/go/internal/optional
 cloud.google.com/go/internal/trace
 cloud.google.com/go/internal/version
-# cloud.google.com/go/compute v1.23.1
+# cloud.google.com/go/compute v1.23.2
 ## explicit; go 1.19
 cloud.google.com/go/compute/internal
 # cloud.google.com/go/compute/metadata v0.2.3
@@ -21,11 +21,11 @@ cloud.google.com/go/compute/metadata
 cloud.google.com/go/firestore/apiv1
 cloud.google.com/go/firestore/apiv1/firestorepb
 cloud.google.com/go/firestore/internal
-# cloud.google.com/go/iam v1.1.3
+# cloud.google.com/go/iam v1.1.4
 ## explicit; go 1.19
 cloud.google.com/go/iam
 cloud.google.com/go/iam/apiv1/iampb
-# cloud.google.com/go/kms v1.15.3
+# cloud.google.com/go/kms v1.15.4
 ## explicit; go 1.19
 cloud.google.com/go/kms/apiv1
 cloud.google.com/go/kms/apiv1/kmspb
@@ -96,7 +96,7 @@ github.com/Azure/azure-sdk-for-go/sdk/azcore/tracing
 # github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0
 ## explicit; go 1.18
 github.com/Azure/azure-sdk-for-go/sdk/azidentity
-# github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0
+# github.com/Azure/azure-sdk-for-go/sdk/internal v1.4.0
 ## explicit; go 1.18
 github.com/Azure/azure-sdk-for-go/sdk/internal/diag
 github.com/Azure/azure-sdk-for-go/sdk/internal/errorinfo
@@ -136,7 +136,7 @@ github.com/Azure/go-autorest/logger
 # github.com/Azure/go-autorest/tracing v0.6.0
 ## explicit; go 1.12
 github.com/Azure/go-autorest/tracing
-# github.com/AzureAD/microsoft-authentication-library-for-go v1.1.1
+# github.com/AzureAD/microsoft-authentication-library-for-go v1.2.0
 ## explicit; go 1.18
 github.com/AzureAD/microsoft-authentication-library-for-go/apps/cache
 github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential
@@ -167,21 +167,21 @@ github.com/BurntSushi/toml/internal
 ## explicit; go 1.18
 github.com/DataDog/appsec-internal-go/httpsec
 github.com/DataDog/appsec-internal-go/netip
-# github.com/DataDog/datadog-agent/pkg/obfuscate v0.45.0-rc.1
-## explicit; go 1.12
+# github.com/DataDog/datadog-agent/pkg/obfuscate v0.48.1
+## explicit; go 1.20
 github.com/DataDog/datadog-agent/pkg/obfuscate
-# github.com/DataDog/datadog-agent/pkg/remoteconfig/state v0.46.0-rc.4
-## explicit; go 1.18
+# github.com/DataDog/datadog-agent/pkg/remoteconfig/state v0.48.1
+## explicit; go 1.20
 github.com/DataDog/datadog-agent/pkg/remoteconfig/state
 # github.com/DataDog/datadog-go/v5 v5.3.0
 ## explicit; go 1.13
 github.com/DataDog/datadog-go/v5/statsd
-# github.com/DataDog/go-libddwaf v1.4.1
+# github.com/DataDog/go-libddwaf v1.5.0
 ## explicit; go 1.18
 github.com/DataDog/go-libddwaf
 github.com/DataDog/go-libddwaf/internal/noopfree
-# github.com/DataDog/go-tuf v0.3.0--fix-localmeta-fork
-## explicit; go 1.16
+# github.com/DataDog/go-tuf v1.0.2-0.5.2
+## explicit; go 1.18
 github.com/DataDog/go-tuf/client
 github.com/DataDog/go-tuf/data
 github.com/DataDog/go-tuf/internal/roles
@@ -190,7 +190,7 @@ github.com/DataDog/go-tuf/pkg/keys
 github.com/DataDog/go-tuf/pkg/targets
 github.com/DataDog/go-tuf/util
 github.com/DataDog/go-tuf/verify
-# github.com/DataDog/sketches-go v1.2.1
+# github.com/DataDog/sketches-go v1.4.3
 ## explicit; go 1.15
 github.com/DataDog/sketches-go/ddsketch
 github.com/DataDog/sketches-go/ddsketch/encoding
@@ -220,7 +220,7 @@ github.com/Microsoft/go-winio/pkg/guid
 ## explicit; go 1.20
 github.com/OpenPeeDeeP/depguard/v2
 github.com/OpenPeeDeeP/depguard/v2/internal/utils
-# github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371
+# github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c
 ## explicit; go 1.13
 github.com/ProtonMail/go-crypto/bitcurves
 github.com/ProtonMail/go-crypto/brainpool
@@ -264,32 +264,32 @@ github.com/alibabacloud-go/cr-20160607/client
 # github.com/alibabacloud-go/cr-20181201 v1.0.10
 ## explicit; go 1.15
 github.com/alibabacloud-go/cr-20181201/client
-# github.com/alibabacloud-go/darabonba-openapi v0.1.18
+# github.com/alibabacloud-go/darabonba-openapi v0.2.1
 ## explicit; go 1.14
 github.com/alibabacloud-go/darabonba-openapi/client
-# github.com/alibabacloud-go/debug v0.0.0-20190504072949-9472017b5c68
-## explicit
+# github.com/alibabacloud-go/debug v1.0.0
+## explicit; go 1.18
 github.com/alibabacloud-go/debug/debug
 # github.com/alibabacloud-go/endpoint-util v1.1.1
 ## explicit
 github.com/alibabacloud-go/endpoint-util/service
-# github.com/alibabacloud-go/openapi-util v0.0.11
+# github.com/alibabacloud-go/openapi-util v0.1.0
 ## explicit; go 1.14
 github.com/alibabacloud-go/openapi-util/service
-# github.com/alibabacloud-go/tea v1.1.18
+# github.com/alibabacloud-go/tea v1.2.1
 ## explicit; go 1.14
 github.com/alibabacloud-go/tea/tea
 github.com/alibabacloud-go/tea/utils
-# github.com/alibabacloud-go/tea-utils v1.4.4
+# github.com/alibabacloud-go/tea-utils v1.4.5
 ## explicit; go 1.14
 github.com/alibabacloud-go/tea-utils/service
-# github.com/alibabacloud-go/tea-xml v1.1.2
+# github.com/alibabacloud-go/tea-xml v1.1.3
 ## explicit; go 1.14
 github.com/alibabacloud-go/tea-xml/service
 # github.com/alingse/asasalint v0.0.11
 ## explicit; go 1.18
 github.com/alingse/asasalint
-# github.com/aliyun/credentials-go v1.2.3
+# github.com/aliyun/credentials-go v1.3.1
 ## explicit; go 1.14
 github.com/aliyun/credentials-go/credentials
 github.com/aliyun/credentials-go/credentials/request
@@ -307,8 +307,8 @@ github.com/ashanbrown/forbidigo/forbidigo
 # github.com/ashanbrown/makezero v1.1.1
 ## explicit; go 1.12
 github.com/ashanbrown/makezero/makezero
-# github.com/aws/aws-sdk-go v1.46.3
-## explicit; go 1.11
+# github.com/aws/aws-sdk-go v1.47.0
+## explicit; go 1.19
 github.com/aws/aws-sdk-go/aws
 github.com/aws/aws-sdk-go/aws/auth/bearer
 github.com/aws/aws-sdk-go/aws/awserr
@@ -403,12 +403,12 @@ github.com/aws/aws-sdk-go-v2/internal/endpoints/v2
 # github.com/aws/aws-sdk-go-v2/internal/ini v1.3.45
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/internal/ini
-# github.com/aws/aws-sdk-go-v2/service/ecr v1.18.11
+# github.com/aws/aws-sdk-go-v2/service/ecr v1.20.2
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/service/ecr
 github.com/aws/aws-sdk-go-v2/service/ecr/internal/endpoints
 github.com/aws/aws-sdk-go-v2/service/ecr/types
-# github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.16.2
+# github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.18.2
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/service/ecrpublic
 github.com/aws/aws-sdk-go-v2/service/ecrpublic/internal/endpoints
@@ -457,8 +457,8 @@ github.com/aws/smithy-go/time
 github.com/aws/smithy-go/transport/http
 github.com/aws/smithy-go/transport/http/internal/io
 github.com/aws/smithy-go/waiter
-# github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20230510185313-f5e39e5f34c7
-## explicit; go 1.13
+# github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20231024185945-8841054dbdb8
+## explicit; go 1.19
 github.com/awslabs/amazon-ecr-credential-helper/ecr-login
 github.com/awslabs/amazon-ecr-credential-helper/ecr-login/api
 github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cache
@@ -494,8 +494,8 @@ github.com/breml/bidichk/pkg/bidichk
 # github.com/breml/errchkjson v0.3.6
 ## explicit; go 1.20
 github.com/breml/errchkjson
-# github.com/buildkite/agent/v3 v3.52.1
-## explicit; go 1.18
+# github.com/buildkite/agent/v3 v3.58.0
+## explicit; go 1.20
 github.com/buildkite/agent/v3/api
 github.com/buildkite/agent/v3/env
 github.com/buildkite/agent/v3/internal/ordered
@@ -554,7 +554,7 @@ github.com/chavacava/garif
 github.com/chrismellard/docker-credential-acr-env/pkg/credhelper
 github.com/chrismellard/docker-credential-acr-env/pkg/registry
 github.com/chrismellard/docker-credential-acr-env/pkg/token
-# github.com/clbanning/mxj/v2 v2.5.6
+# github.com/clbanning/mxj/v2 v2.7.0
 ## explicit; go 1.15
 github.com/clbanning/mxj/v2
 # github.com/cloudevents/sdk-go/v2 v2.14.0
@@ -573,7 +573,7 @@ github.com/cloudevents/sdk-go/v2/event/datacodec/xml
 github.com/cloudevents/sdk-go/v2/protocol
 github.com/cloudevents/sdk-go/v2/protocol/http
 github.com/cloudevents/sdk-go/v2/types
-# github.com/cloudflare/circl v1.3.3
+# github.com/cloudflare/circl v1.3.5
 ## explicit; go 1.19
 github.com/cloudflare/circl/dh/x25519
 github.com/cloudflare/circl/dh/x448
@@ -601,7 +601,7 @@ github.com/coreos/go-oidc/v3/oidc
 ## explicit; go 1.18
 github.com/curioswitch/go-reassign
 github.com/curioswitch/go-reassign/internal/analyzer
-# github.com/cyberphone/json-canonicalization v0.0.0-20220623050100-57a0ce2678a7
+# github.com/cyberphone/json-canonicalization v0.0.0-20231011164504-785e29786b46
 ## explicit
 github.com/cyberphone/json-canonicalization/go/src/webpki.org/jsoncanonicalizer
 # github.com/daixiang0/gci v0.11.2
@@ -627,32 +627,32 @@ github.com/denis-tingaikin/go-header
 # github.com/digitorus/pkcs7 v0.0.0-20230818184609-3a137a874352
 ## explicit; go 1.13
 github.com/digitorus/pkcs7
-# github.com/digitorus/timestamp v0.0.0-20230821155606-d1ad5ca9624c
+# github.com/digitorus/timestamp v0.0.0-20230902153158-687734543647
 ## explicit; go 1.16
 github.com/digitorus/timestamp
 # github.com/dimchansky/utfbom v1.1.1
 ## explicit
 github.com/dimchansky/utfbom
-# github.com/docker/cli v24.0.0+incompatible
+# github.com/docker/cli v24.0.7+incompatible
 ## explicit
 github.com/docker/cli/cli/config
 github.com/docker/cli/cli/config/configfile
 github.com/docker/cli/cli/config/credentials
 github.com/docker/cli/cli/config/types
-# github.com/docker/distribution v2.8.2+incompatible
+# github.com/docker/distribution v2.8.3+incompatible
 ## explicit
 github.com/docker/distribution/registry/client/auth/challenge
 # github.com/docker/docker v24.0.7+incompatible
 ## explicit
 github.com/docker/docker/pkg/homedir
-# github.com/docker/docker-credential-helpers v0.7.0
-## explicit; go 1.18
+# github.com/docker/docker-credential-helpers v0.8.0
+## explicit; go 1.19
 github.com/docker/docker-credential-helpers/client
 github.com/docker/docker-credential-helpers/credentials
 # github.com/dustin/go-humanize v1.0.1
 ## explicit; go 1.16
 github.com/dustin/go-humanize
-# github.com/eapache/go-resiliency v1.3.0
+# github.com/eapache/go-resiliency v1.4.0
 ## explicit; go 1.13
 github.com/eapache/go-resiliency/breaker
 # github.com/eapache/go-xerial-snappy v0.0.0-20230731223053-c322873962e3
@@ -661,14 +661,13 @@ github.com/eapache/go-xerial-snappy
 # github.com/eapache/queue v1.1.0
 ## explicit
 github.com/eapache/queue
-# github.com/ebitengine/purego v0.4.0-alpha.4.0.20230519103000-ee8dcecc618f
+# github.com/ebitengine/purego v0.5.0
 ## explicit; go 1.18
 github.com/ebitengine/purego
-github.com/ebitengine/purego/internal/abi
 github.com/ebitengine/purego/internal/cgo
 github.com/ebitengine/purego/internal/fakecgo
 github.com/ebitengine/purego/internal/strings
-# github.com/emicklei/go-restful/v3 v3.10.2
+# github.com/emicklei/go-restful/v3 v3.11.0
 ## explicit; go 1.13
 github.com/emicklei/go-restful/v3
 github.com/emicklei/go-restful/v3/log
@@ -701,13 +700,13 @@ github.com/fatih/structtag
 # github.com/firefart/nonamedreturns v1.0.4
 ## explicit; go 1.18
 github.com/firefart/nonamedreturns/analyzer
-# github.com/fsnotify/fsnotify v1.6.0
-## explicit; go 1.16
+# github.com/fsnotify/fsnotify v1.7.0
+## explicit; go 1.17
 github.com/fsnotify/fsnotify
 # github.com/fzipp/gocyclo v0.6.0
 ## explicit; go 1.18
 github.com/fzipp/gocyclo
-# github.com/gabriel-vasile/mimetype v1.4.2
+# github.com/gabriel-vasile/mimetype v1.4.3
 ## explicit; go 1.20
 github.com/gabriel-vasile/mimetype
 github.com/gabriel-vasile/mimetype/internal/charset
@@ -740,8 +739,8 @@ github.com/go-kit/log/level
 # github.com/go-logfmt/logfmt v0.6.0
 ## explicit; go 1.17
 github.com/go-logfmt/logfmt
-# github.com/go-logr/logr v1.2.4
-## explicit; go 1.16
+# github.com/go-logr/logr v1.3.0
+## explicit; go 1.18
 github.com/go-logr/logr
 github.com/go-logr/logr/funcr
 # github.com/go-logr/stdr v1.2.2
@@ -759,8 +758,8 @@ github.com/go-openapi/analysis/internal/flatten/sortref
 # github.com/go-openapi/errors v0.20.4
 ## explicit; go 1.14
 github.com/go-openapi/errors
-# github.com/go-openapi/jsonpointer v0.19.6
-## explicit; go 1.13
+# github.com/go-openapi/jsonpointer v0.20.0
+## explicit; go 1.18
 github.com/go-openapi/jsonpointer
 # github.com/go-openapi/jsonreference v0.20.2
 ## explicit; go 1.13
@@ -960,8 +959,8 @@ github.com/google/cel-go/interpreter
 github.com/google/cel-go/interpreter/functions
 github.com/google/cel-go/parser
 github.com/google/cel-go/parser/gen
-# github.com/google/certificate-transparency-go v1.1.6
-## explicit; go 1.19
+# github.com/google/certificate-transparency-go v1.1.7
+## explicit; go 1.20
 github.com/google/certificate-transparency-go
 github.com/google/certificate-transparency-go/asn1
 github.com/google/certificate-transparency-go/gossip/minimal/x509ext
@@ -969,13 +968,13 @@ github.com/google/certificate-transparency-go/tls
 github.com/google/certificate-transparency-go/x509
 github.com/google/certificate-transparency-go/x509/pkix
 github.com/google/certificate-transparency-go/x509util
-# github.com/google/gnostic v0.6.9
-## explicit; go 1.12
-github.com/google/gnostic/compiler
-github.com/google/gnostic/extensions
-github.com/google/gnostic/jsonschema
-github.com/google/gnostic/openapiv2
-github.com/google/gnostic/openapiv3
+# github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49
+## explicit; go 1.18
+github.com/google/gnostic-models/compiler
+github.com/google/gnostic-models/extensions
+github.com/google/gnostic-models/jsonschema
+github.com/google/gnostic-models/openapiv2
+github.com/google/gnostic-models/openapiv3
 # github.com/google/go-cmp v0.6.0
 ## explicit; go 1.13
 github.com/google/go-cmp/cmp
@@ -1021,9 +1020,9 @@ github.com/google/go-containerregistry/pkg/authn/k8schain
 # github.com/google/go-containerregistry/pkg/authn/kubernetes v0.0.0-20230516205744-dbecb1de8cfa
 ## explicit; go 1.18
 github.com/google/go-containerregistry/pkg/authn/kubernetes
-# github.com/google/go-github/v53 v53.2.0
+# github.com/google/go-github/v55 v55.0.0
 ## explicit; go 1.17
-github.com/google/go-github/v53/github
+github.com/google/go-github/v55/github
 # github.com/google/go-licenses v1.6.0
 ## explicit; go 1.16
 github.com/google/go-licenses/internal/third_party/pkgsite/derrors
@@ -1103,11 +1102,14 @@ github.com/gostaticanalysis/forcetypeassert
 # github.com/gostaticanalysis/nilerr v0.1.1
 ## explicit; go 1.15
 github.com/gostaticanalysis/nilerr
+# github.com/gowebpki/jcs v1.0.1
+## explicit; go 1.15
+github.com/gowebpki/jcs
 # github.com/grafeas/grafeas v0.2.3
 ## explicit; go 1.20
 github.com/grafeas/grafeas/go/utils/intoto
 github.com/grafeas/grafeas/proto/v1/grafeas_go_proto
-# github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0
+# github.com/grpc-ecosystem/grpc-gateway/v2 v2.18.0
 ## explicit; go 1.17
 github.com/grpc-ecosystem/grpc-gateway/v2/internal/httprule
 github.com/grpc-ecosystem/grpc-gateway/v2/runtime
@@ -1133,8 +1135,8 @@ github.com/hashicorp/go-secure-stdlib/parseutil
 # github.com/hashicorp/go-secure-stdlib/strutil v0.1.2
 ## explicit; go 1.16
 github.com/hashicorp/go-secure-stdlib/strutil
-# github.com/hashicorp/go-sockaddr v1.0.2
-## explicit
+# github.com/hashicorp/go-sockaddr v1.0.5
+## explicit; go 1.19
 github.com/hashicorp/go-sockaddr
 # github.com/hashicorp/go-uuid v1.0.3
 ## explicit
@@ -1146,8 +1148,8 @@ github.com/hashicorp/go-version
 ## explicit; go 1.12
 github.com/hashicorp/golang-lru
 github.com/hashicorp/golang-lru/simplelru
-# github.com/hashicorp/hcl v1.0.0
-## explicit
+# github.com/hashicorp/hcl v1.0.1-vault-5
+## explicit; go 1.15
 github.com/hashicorp/hcl
 github.com/hashicorp/hcl/hcl/ast
 github.com/hashicorp/hcl/hcl/parser
@@ -1166,7 +1168,7 @@ github.com/hashicorp/vault/api
 github.com/hexops/gotextdiff
 github.com/hexops/gotextdiff/myers
 github.com/hexops/gotextdiff/span
-# github.com/imdario/mergo v0.3.15
+# github.com/imdario/mergo v0.3.16
 ## explicit; go 1.13
 github.com/imdario/mergo
 # github.com/in-toto/in-toto-golang v0.9.0
@@ -1228,8 +1230,8 @@ github.com/jcmturner/gokrb5/v8/types
 ## explicit; go 1.13
 github.com/jcmturner/rpc/v2/mstypes
 github.com/jcmturner/rpc/v2/ndr
-# github.com/jedisct1/go-minisign v0.0.0-20211028175153-1c139d1cc84b
-## explicit; go 1.17
+# github.com/jedisct1/go-minisign v0.0.0-20230811132847-661be99b8267
+## explicit; go 1.20
 github.com/jedisct1/go-minisign
 # github.com/jellydator/ttlcache/v3 v3.1.0
 ## explicit; go 1.18
@@ -1271,7 +1273,7 @@ github.com/kisielk/gotool/internal/load
 # github.com/kkHAIKE/contextcheck v1.1.4
 ## explicit; go 1.20
 github.com/kkHAIKE/contextcheck
-# github.com/klauspost/compress v1.17.0
+# github.com/klauspost/compress v1.17.2
 ## explicit; go 1.18
 github.com/klauspost/compress
 github.com/klauspost/compress/fse
@@ -1310,7 +1312,7 @@ github.com/leonklingele/grouper/pkg/analyzer/globals
 github.com/leonklingele/grouper/pkg/analyzer/imports
 github.com/leonklingele/grouper/pkg/analyzer/types
 github.com/leonklingele/grouper/pkg/analyzer/vars
-# github.com/lestrrat-go/blackmagic v1.0.1
+# github.com/lestrrat-go/blackmagic v1.0.2
 ## explicit; go 1.16
 github.com/lestrrat-go/blackmagic
 # github.com/lestrrat-go/httpcc v1.0.1
@@ -1323,7 +1325,7 @@ github.com/lestrrat-go/httprc
 ## explicit; go 1.13
 github.com/lestrrat-go/iter/arrayiter
 github.com/lestrrat-go/iter/mapiter
-# github.com/lestrrat-go/jwx/v2 v2.0.11
+# github.com/lestrrat-go/jwx/v2 v2.0.16
 ## explicit; go 1.16
 github.com/lestrrat-go/jwx/v2/cert
 github.com/lestrrat-go/jwx/v2/internal/base64
@@ -1339,17 +1341,14 @@ github.com/lestrrat-go/jwx/v2/x25519
 # github.com/lestrrat-go/option v1.0.1
 ## explicit; go 1.16
 github.com/lestrrat-go/option
-# github.com/letsencrypt/boulder v0.0.0-20221109233200-85aa52084eaf
-## explicit; go 1.18
+# github.com/letsencrypt/boulder v0.0.0-20231026200631-000cd05d5491
+## explicit; go 1.21
 github.com/letsencrypt/boulder/core
-github.com/letsencrypt/boulder/core/proto
-github.com/letsencrypt/boulder/errors
-github.com/letsencrypt/boulder/features
 github.com/letsencrypt/boulder/goodkey
 github.com/letsencrypt/boulder/identifier
 github.com/letsencrypt/boulder/probs
 github.com/letsencrypt/boulder/revocation
-github.com/letsencrypt/boulder/sa/proto
+github.com/letsencrypt/boulder/strictyaml
 # github.com/lufeee/execinquery v1.2.1
 ## explicit; go 1.17
 github.com/lufeee/execinquery
@@ -1376,10 +1375,10 @@ github.com/matoous/godox
 # github.com/mattn/go-colorable v0.1.13
 ## explicit; go 1.15
 github.com/mattn/go-colorable
-# github.com/mattn/go-isatty v0.0.19
+# github.com/mattn/go-isatty v0.0.20
 ## explicit; go 1.15
 github.com/mattn/go-isatty
-# github.com/mattn/go-runewidth v0.0.14
+# github.com/mattn/go-runewidth v0.0.15
 ## explicit; go 1.9
 github.com/mattn/go-runewidth
 # github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0
@@ -1471,7 +1470,7 @@ github.com/opentracing/opentracing-go/log
 # github.com/openzipkin/zipkin-go v0.3.0
 ## explicit; go 1.14
 github.com/openzipkin/zipkin-go/model
-# github.com/outcaste-io/ristretto v0.2.1
+# github.com/outcaste-io/ristretto v0.2.3
 ## explicit; go 1.12
 github.com/outcaste-io/ristretto
 github.com/outcaste-io/ristretto/z
@@ -1531,7 +1530,7 @@ github.com/prometheus/procfs/internal/util
 ## explicit; go 1.13
 github.com/prometheus/statsd_exporter/pkg/mapper
 github.com/prometheus/statsd_exporter/pkg/mapper/fsm
-# github.com/puzpuzpuz/xsync/v2 v2.4.1
+# github.com/puzpuzpuz/xsync/v2 v2.5.1
 ## explicit; go 1.18
 github.com/puzpuzpuz/xsync/v2
 # github.com/quasilyte/go-ruleguard v0.4.0
@@ -1565,8 +1564,8 @@ github.com/quasilyte/stdinfo
 # github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475
 ## explicit
 github.com/rcrowley/go-metrics
-# github.com/rivo/uniseg v0.2.0
-## explicit; go 1.12
+# github.com/rivo/uniseg v0.4.4
+## explicit; go 1.18
 github.com/rivo/uniseg
 # github.com/ryancurrah/gomodguard v1.3.0
 ## explicit; go 1.19
@@ -1631,8 +1630,8 @@ github.com/shazow/go-diff/difflib
 # github.com/shibumi/go-pathspec v1.3.0
 ## explicit; go 1.17
 github.com/shibumi/go-pathspec
-# github.com/sigstore/cosign/v2 v2.2.0
-## explicit; go 1.20
+# github.com/sigstore/cosign/v2 v2.2.1
+## explicit; go 1.21
 github.com/sigstore/cosign/v2/cmd/cosign/cli/fulcio
 github.com/sigstore/cosign/v2/cmd/cosign/cli/options
 github.com/sigstore/cosign/v2/cmd/cosign/cli/sign/privacy
@@ -1670,7 +1669,7 @@ github.com/sigstore/cosign/v2/pkg/providers/google
 github.com/sigstore/cosign/v2/pkg/providers/spiffe
 github.com/sigstore/cosign/v2/pkg/signature
 github.com/sigstore/cosign/v2/pkg/types
-# github.com/sigstore/fulcio v1.4.0
+# github.com/sigstore/fulcio v1.4.3
 ## explicit; go 1.20
 github.com/sigstore/fulcio/pkg/api
 # github.com/sigstore/rekor v1.3.3
@@ -1726,8 +1725,8 @@ github.com/sigstore/sigstore/pkg/signature/kms/gcp
 # github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.7.5
 ## explicit; go 1.20
 github.com/sigstore/sigstore/pkg/signature/kms/hashivault
-# github.com/sigstore/timestamp-authority v1.1.2
-## explicit; go 1.20
+# github.com/sigstore/timestamp-authority v1.2.0
+## explicit; go 1.21
 github.com/sigstore/timestamp-authority/pkg/verification
 # github.com/sirupsen/logrus v1.9.3
 ## explicit; go 1.13
@@ -1766,7 +1765,7 @@ github.com/spf13/afero/mem
 # github.com/spf13/cast v1.5.1
 ## explicit; go 1.18
 github.com/spf13/cast
-# github.com/spf13/cobra v1.7.0
+# github.com/spf13/cobra v1.8.0
 ## explicit; go 1.15
 github.com/spf13/cobra
 # github.com/spf13/pflag v1.0.5
@@ -1813,8 +1812,8 @@ github.com/stbenjam/no-sprintf-host-port/pkg/analyzer
 # github.com/stoewer/go-strcase v1.2.0
 ## explicit; go 1.11
 github.com/stoewer/go-strcase
-# github.com/stretchr/objx v0.5.0
-## explicit; go 1.12
+# github.com/stretchr/objx v0.5.1
+## explicit; go 1.13
 github.com/stretchr/objx
 # github.com/stretchr/testify v1.8.4
 ## explicit; go 1.20
@@ -1979,8 +1978,8 @@ github.com/tinylib/msgp/msgp
 # github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399
 ## explicit
 github.com/titanous/rocacheck
-# github.com/tjfoc/gmsm v1.3.2
-## explicit; go 1.12
+# github.com/tjfoc/gmsm v1.4.1
+## explicit; go 1.14
 github.com/tjfoc/gmsm/sm3
 # github.com/tomarrell/wrapcheck/v2 v2.8.1
 ## explicit; go 1.18
@@ -2005,10 +2004,10 @@ github.com/ultraware/whitespace
 # github.com/uudashr/gocognit v1.1.2
 ## explicit; go 1.16
 github.com/uudashr/gocognit
-# github.com/vbatts/tar-split v0.11.3
-## explicit; go 1.15
+# github.com/vbatts/tar-split v0.11.5
+## explicit; go 1.17
 github.com/vbatts/tar-split/archive/tar
-# github.com/xanzy/go-gitlab v0.90.0
+# github.com/xanzy/go-gitlab v0.93.2
 ## explicit; go 1.18
 github.com/xanzy/go-gitlab
 # github.com/xanzy/ssh-agent v0.3.3
@@ -2049,7 +2048,7 @@ gitlab.com/bosi/decorder
 # go-simpler.org/sloglint v0.1.2
 ## explicit; go 1.20
 go-simpler.org/sloglint
-# go.mongodb.org/mongo-driver v1.12.0
+# go.mongodb.org/mongo-driver v1.12.1
 ## explicit; go 1.13
 go.mongodb.org/mongo-driver/bson
 go.mongodb.org/mongo-driver/bson/bsoncodec
@@ -2170,10 +2169,10 @@ go.uber.org/zap/internal/stacktrace
 go.uber.org/zap/internal/ztest
 go.uber.org/zap/zapcore
 go.uber.org/zap/zaptest
-# go4.org/intern v0.0.0-20211027215823-ae77deb06f29
+# go4.org/intern v0.0.0-20230525184215-6c62f75575cb
 ## explicit; go 1.13
 go4.org/intern
-# go4.org/unsafe/assume-no-moving-gc v0.0.0-20220617031537-928513b29760
+# go4.org/unsafe/assume-no-moving-gc v0.0.0-20230525183740-e7c30c78aeb2
 ## explicit; go 1.11
 go4.org/unsafe/assume-no-moving-gc
 # gocloud.dev v0.34.0
@@ -2202,8 +2201,8 @@ gocloud.dev/docstore/mongodocstore
 # gocloud.dev/pubsub/kafkapubsub v0.34.0
 ## explicit; go 1.20
 gocloud.dev/pubsub/kafkapubsub
-# golang.org/x/crypto v0.14.0
-## explicit; go 1.17
+# golang.org/x/crypto v0.15.0
+## explicit; go 1.18
 golang.org/x/crypto/argon2
 golang.org/x/crypto/blake2b
 golang.org/x/crypto/blowfish
@@ -2283,24 +2282,24 @@ golang.org/x/oauth2/google/internal/stsexchange
 golang.org/x/oauth2/internal
 golang.org/x/oauth2/jws
 golang.org/x/oauth2/jwt
-# golang.org/x/sync v0.4.0
-## explicit; go 1.17
+# golang.org/x/sync v0.5.0
+## explicit; go 1.18
 golang.org/x/sync/errgroup
 golang.org/x/sync/semaphore
 golang.org/x/sync/singleflight
-# golang.org/x/sys v0.13.0
-## explicit; go 1.17
+# golang.org/x/sys v0.14.0
+## explicit; go 1.18
 golang.org/x/sys/cpu
 golang.org/x/sys/execabs
 golang.org/x/sys/plan9
 golang.org/x/sys/unix
 golang.org/x/sys/windows
 golang.org/x/sys/windows/registry
-# golang.org/x/term v0.13.0
-## explicit; go 1.17
+# golang.org/x/term v0.14.0
+## explicit; go 1.18
 golang.org/x/term
-# golang.org/x/text v0.13.0
-## explicit; go 1.17
+# golang.org/x/text v0.14.0
+## explicit; go 1.18
 golang.org/x/text/encoding
 golang.org/x/text/encoding/internal
 golang.org/x/text/encoding/internal/identifier
@@ -2563,8 +2562,9 @@ google.golang.org/protobuf/types/known/fieldmaskpb
 google.golang.org/protobuf/types/known/structpb
 google.golang.org/protobuf/types/known/timestamppb
 google.golang.org/protobuf/types/known/wrapperspb
-# gopkg.in/DataDog/dd-trace-go.v1 v1.53.0
-## explicit; go 1.18
+# gopkg.in/DataDog/dd-trace-go.v1 v1.56.1
+## explicit; go 1.19
+gopkg.in/DataDog/dd-trace-go.v1/datastreams/options
 gopkg.in/DataDog/dd-trace-go.v1/ddtrace
 gopkg.in/DataDog/dd-trace-go.v1/ddtrace/ext
 gopkg.in/DataDog/dd-trace-go.v1/ddtrace/internal
@@ -2576,6 +2576,7 @@ gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation
 gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/grpcsec
 gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/httpsec
 gopkg.in/DataDog/dd-trace-go.v1/internal/appsec/dyngo/instrumentation/sharedsec
+gopkg.in/DataDog/dd-trace-go.v1/internal/datastreams
 gopkg.in/DataDog/dd-trace-go.v1/internal/globalconfig
 gopkg.in/DataDog/dd-trace-go.v1/internal/hostname
 gopkg.in/DataDog/dd-trace-go.v1/internal/hostname/azure
@@ -2594,6 +2595,11 @@ gopkg.in/DataDog/dd-trace-go.v1/internal/samplernames
 gopkg.in/DataDog/dd-trace-go.v1/internal/telemetry
 gopkg.in/DataDog/dd-trace-go.v1/internal/traceprof
 gopkg.in/DataDog/dd-trace-go.v1/internal/version
+# gopkg.in/go-jose/go-jose.v2 v2.6.1
+## explicit
+gopkg.in/go-jose/go-jose.v2
+gopkg.in/go-jose/go-jose.v2/cipher
+gopkg.in/go-jose/go-jose.v2/json
 # gopkg.in/inf.v0 v0.9.1
 ## explicit
 gopkg.in/inf.v0
@@ -2696,10 +2702,10 @@ honnef.co/go/tools/staticcheck/fakereflect
 honnef.co/go/tools/staticcheck/fakexml
 honnef.co/go/tools/stylecheck
 honnef.co/go/tools/unused
-# inet.af/netaddr v0.0.0-20220811202034-502d2d690317
+# inet.af/netaddr v0.0.0-20230525184311-b8eac61e914a
 ## explicit; go 1.12
 inet.af/netaddr
-# k8s.io/api v0.27.3
+# k8s.io/api v0.28.3
 ## explicit; go 1.20
 k8s.io/api/admission/v1
 k8s.io/api/admissionregistration/v1
@@ -2758,7 +2764,7 @@ k8s.io/api/storage/v1beta1
 ## explicit; go 1.19
 k8s.io/apiextensions-apiserver/pkg/apis/apiextensions
 k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1
-# k8s.io/apimachinery v0.27.3
+# k8s.io/apimachinery v0.28.3
 ## explicit; go 1.20
 k8s.io/apimachinery/pkg/api/equality
 k8s.io/apimachinery/pkg/api/errors
@@ -2786,6 +2792,7 @@ k8s.io/apimachinery/pkg/selection
 k8s.io/apimachinery/pkg/types
 k8s.io/apimachinery/pkg/util/cache
 k8s.io/apimachinery/pkg/util/diff
+k8s.io/apimachinery/pkg/util/dump
 k8s.io/apimachinery/pkg/util/errors
 k8s.io/apimachinery/pkg/util/framer
 k8s.io/apimachinery/pkg/util/intstr
@@ -2809,7 +2816,7 @@ k8s.io/apimachinery/pkg/version
 k8s.io/apimachinery/pkg/watch
 k8s.io/apimachinery/third_party/forked/golang/json
 k8s.io/apimachinery/third_party/forked/golang/reflect
-# k8s.io/client-go v0.27.3
+# k8s.io/client-go v0.28.3
 ## explicit; go 1.20
 k8s.io/client-go/applyconfigurations/admissionregistration/v1
 k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1
@@ -3121,7 +3128,7 @@ k8s.io/client-go/util/workqueue
 ## explicit; go 1.19
 k8s.io/code-generator/cmd/deepcopy-gen
 k8s.io/code-generator/cmd/deepcopy-gen/args
-# k8s.io/gengo v0.0.0-20221011193443-fad74ee6edd9
+# k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01
 ## explicit; go 1.13
 k8s.io/gengo/args
 k8s.io/gengo/examples/deepcopy-gen/generators
@@ -3138,21 +3145,18 @@ k8s.io/klog/v2/internal/clock
 k8s.io/klog/v2/internal/dbg
 k8s.io/klog/v2/internal/serialize
 k8s.io/klog/v2/internal/severity
-# k8s.io/kube-openapi v0.0.0-20230515203736-54b630e78af5
+# k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00
 ## explicit; go 1.19
-k8s.io/kube-openapi/pkg/builder3/util
 k8s.io/kube-openapi/pkg/cached
 k8s.io/kube-openapi/pkg/common
 k8s.io/kube-openapi/pkg/handler3
 k8s.io/kube-openapi/pkg/internal
 k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json
-k8s.io/kube-openapi/pkg/openapiconv
 k8s.io/kube-openapi/pkg/schemaconv
-k8s.io/kube-openapi/pkg/schemamutation
 k8s.io/kube-openapi/pkg/spec3
 k8s.io/kube-openapi/pkg/util/proto
 k8s.io/kube-openapi/pkg/validation/spec
-# k8s.io/utils v0.0.0-20230505201702-9f6742963106
+# k8s.io/utils v0.0.0-20230726121419-3b25d923346b
 ## explicit; go 1.18
 k8s.io/utils/buffer
 k8s.io/utils/clock
@@ -3161,6 +3165,7 @@ k8s.io/utils/integer
 k8s.io/utils/internal/third_party/forked/golang/net
 k8s.io/utils/net
 k8s.io/utils/pointer
+k8s.io/utils/ptr
 k8s.io/utils/strings/slices
 k8s.io/utils/trace
 # knative.dev/pkg v0.0.0-20231011193800-bd99f2f98be7
@@ -3247,7 +3252,7 @@ sigs.k8s.io/json/internal/golang/encoding/json
 # sigs.k8s.io/release-utils v0.7.6
 ## explicit; go 1.20
 sigs.k8s.io/release-utils/version
-# sigs.k8s.io/structured-merge-diff/v4 v4.2.3
+# sigs.k8s.io/structured-merge-diff/v4 v4.3.0
 ## explicit; go 1.13
 sigs.k8s.io/structured-merge-diff/v4/fieldpath
 sigs.k8s.io/structured-merge-diff/v4/merge
diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v4/merge/conflict.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/merge/conflict.go
index 75a492d8ea..f1aa258609 100644
--- a/vendor/sigs.k8s.io/structured-merge-diff/v4/merge/conflict.go
+++ b/vendor/sigs.k8s.io/structured-merge-diff/v4/merge/conflict.go
@@ -112,7 +112,7 @@ func ConflictsFromManagers(sets fieldpath.ManagedFields) Conflicts {
 		set.Set().Iterate(func(p fieldpath.Path) {
 			conflicts = append(conflicts, Conflict{
 				Manager: manager,
-				Path:    p,
+				Path:    p.Copy(),
 			})
 		})
 	}
diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v4/merge/update.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/merge/update.go
index 1b23dcbd5e..e1540841d8 100644
--- a/vendor/sigs.k8s.io/structured-merge-diff/v4/merge/update.go
+++ b/vendor/sigs.k8s.io/structured-merge-diff/v4/merge/update.go
@@ -18,6 +18,7 @@ import (
 
 	"sigs.k8s.io/structured-merge-diff/v4/fieldpath"
 	"sigs.k8s.io/structured-merge-diff/v4/typed"
+	"sigs.k8s.io/structured-merge-diff/v4/value"
 )
 
 // Converter is an interface to the conversion logic. The converter
@@ -27,17 +28,50 @@ type Converter interface {
 	IsMissingVersionError(error) bool
 }
 
+// UpdateBuilder allows you to create a new Updater by exposing all of
+// the options and setting them once.
+type UpdaterBuilder struct {
+	Converter     Converter
+	IgnoredFields map[fieldpath.APIVersion]*fieldpath.Set
+
+	EnableUnions bool
+
+	// Stop comparing the new object with old object after applying.
+	// This was initially used to avoid spurious etcd update, but
+	// since that's vastly inefficient, we've come-up with a better
+	// way of doing that. Create this flag to stop it.
+	// Comparing has become more expensive too now that we're not using
+	// `Compare` but `value.Equals` so this gives an option to avoid it.
+	ReturnInputOnNoop bool
+}
+
+func (u *UpdaterBuilder) BuildUpdater() *Updater {
+	return &Updater{
+		Converter:         u.Converter,
+		IgnoredFields:     u.IgnoredFields,
+		enableUnions:      u.EnableUnions,
+		returnInputOnNoop: u.ReturnInputOnNoop,
+	}
+}
+
 // Updater is the object used to compute updated FieldSets and also
 // merge the object on Apply.
 type Updater struct {
-	Converter     Converter
+	// Deprecated: This will eventually become private.
+	Converter Converter
+
+	// Deprecated: This will eventually become private.
 	IgnoredFields map[fieldpath.APIVersion]*fieldpath.Set
 
 	enableUnions bool
+
+	returnInputOnNoop bool
 }
 
 // EnableUnionFeature turns on union handling. It is disabled by default until the
 // feature is complete.
+//
+// Deprecated: Use the builder instead.
 func (s *Updater) EnableUnionFeature() {
 	s.enableUnions = true
 }
@@ -157,8 +191,7 @@ func (s *Updater) Update(liveObject, newObject *typed.TypedValue, version fieldp
 
 // Apply should be called when Apply is run, given the current object as
 // well as the configuration that is applied. This will merge the object
-// and return it. If the object hasn't changed, nil is returned (the
-// managers can still have changed though).
+// and return it.
 func (s *Updater) Apply(liveObject, configObject *typed.TypedValue, version fieldpath.APIVersion, managers fieldpath.ManagedFields, manager string, force bool) (*typed.TypedValue, fieldpath.ManagedFields, error) {
 	var err error
 	managers, err = s.reconcileManagedFieldsWithSchemaChanges(liveObject, managers)
@@ -200,11 +233,11 @@ func (s *Updater) Apply(liveObject, configObject *typed.TypedValue, version fiel
 	if err != nil {
 		return nil, fieldpath.ManagedFields{}, fmt.Errorf("failed to prune fields: %v", err)
 	}
-	managers, compare, err := s.update(liveObject, newObject, version, managers, manager, force)
+	managers, _, err = s.update(liveObject, newObject, version, managers, manager, force)
 	if err != nil {
 		return nil, fieldpath.ManagedFields{}, err
 	}
-	if compare.IsSame() {
+	if !s.returnInputOnNoop && value.EqualsUsing(value.NewFreelistAllocator(), liveObject.AsValue(), newObject.AsValue()) {
 		newObject = nil
 	}
 	return newObject, managers, nil
@@ -218,7 +251,8 @@ func (s *Updater) prune(merged *typed.TypedValue, managers fieldpath.ManagedFiel
 	if lastSet == nil || lastSet.Set().Empty() {
 		return merged, nil
 	}
-	convertedMerged, err := s.Converter.Convert(merged, lastSet.APIVersion())
+	version := lastSet.APIVersion()
+	convertedMerged, err := s.Converter.Convert(merged, version)
 	if err != nil {
 		if s.Converter.IsMissingVersionError(err) {
 			return merged, nil
@@ -228,7 +262,7 @@ func (s *Updater) prune(merged *typed.TypedValue, managers fieldpath.ManagedFiel
 
 	sc, tr := convertedMerged.Schema(), convertedMerged.TypeRef()
 	pruned := convertedMerged.RemoveItems(lastSet.Set().EnsureNamedFieldsAreMembers(sc, tr))
-	pruned, err = s.addBackOwnedItems(convertedMerged, pruned, managers, applyingManager)
+	pruned, err = s.addBackOwnedItems(convertedMerged, pruned, version, managers, applyingManager)
 	if err != nil {
 		return nil, fmt.Errorf("failed add back owned items: %v", err)
 	}
@@ -241,7 +275,7 @@ func (s *Updater) prune(merged *typed.TypedValue, managers fieldpath.ManagedFiel
 
 // addBackOwnedItems adds back any fields, list and map items that were removed by prune,
 // but other appliers or updaters (or the current applier's new config) claim to own.
-func (s *Updater) addBackOwnedItems(merged, pruned *typed.TypedValue, managedFields fieldpath.ManagedFields, applyingManager string) (*typed.TypedValue, error) {
+func (s *Updater) addBackOwnedItems(merged, pruned *typed.TypedValue, prunedVersion fieldpath.APIVersion, managedFields fieldpath.ManagedFields, applyingManager string) (*typed.TypedValue, error) {
 	var err error
 	managedAtVersion := map[fieldpath.APIVersion]*fieldpath.Set{}
 	for _, managerSet := range managedFields {
@@ -252,7 +286,6 @@ func (s *Updater) addBackOwnedItems(merged, pruned *typed.TypedValue, managedFie
 	}
 	// Add back owned items at pruned version first to avoid conversion failure
 	// caused by pruned fields which are required for conversion.
-	prunedVersion := fieldpath.APIVersion(*pruned.TypeRef().NamedType)
 	if managed, ok := managedAtVersion[prunedVersion]; ok {
 		merged, pruned, err = s.addBackOwnedItemsForVersion(merged, pruned, prunedVersion, managed)
 		if err != nil {
diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v4/schema/elements.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/schema/elements.go
index 7e5dc75827..5d3707a5b5 100644
--- a/vendor/sigs.k8s.io/structured-merge-diff/v4/schema/elements.go
+++ b/vendor/sigs.k8s.io/structured-merge-diff/v4/schema/elements.go
@@ -73,7 +73,7 @@ type Atom struct {
 }
 
 // Scalar (AKA "primitive") represents a type which has a single value which is
-// either numeric, string, or boolean.
+// either numeric, string, or boolean, or untyped for any of them.
 //
 // TODO: split numeric into float/int? Something even more fine-grained?
 type Scalar string
@@ -82,6 +82,7 @@ const (
 	Numeric = Scalar("numeric")
 	String  = Scalar("string")
 	Boolean = Scalar("boolean")
+	Untyped = Scalar("untyped")
 )
 
 // ElementRelationship is an enum of the different possible relationships
diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v4/schema/schemaschema.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/schema/schemaschema.go
index 7d64d1308c..e4c5caa2aa 100644
--- a/vendor/sigs.k8s.io/structured-merge-diff/v4/schema/schemaschema.go
+++ b/vendor/sigs.k8s.io/structured-merge-diff/v4/schema/schemaschema.go
@@ -110,7 +110,7 @@ var SchemaSchemaYAML = `types:
         scalar: string
     - name: deduceInvalidDiscriminator
       type:
-        scalar: bool
+        scalar: boolean
     - name: fields
       type:
         list:
diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v4/typed/merge.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/typed/merge.go
index 9136440830..09209ec82a 100644
--- a/vendor/sigs.k8s.io/structured-merge-diff/v4/typed/merge.go
+++ b/vendor/sigs.k8s.io/structured-merge-diff/v4/typed/merge.go
@@ -113,11 +113,12 @@ func (w *mergingWalker) doLeaf() {
 	w.rule(w)
 }
 
-func (w *mergingWalker) doScalar(t *schema.Scalar) (errs ValidationErrors) {
-	errs = append(errs, validateScalar(t, w.lhs, "lhs: ")...)
-	errs = append(errs, validateScalar(t, w.rhs, "rhs: ")...)
-	if len(errs) > 0 {
-		return errs
+func (w *mergingWalker) doScalar(t *schema.Scalar) ValidationErrors {
+	// Make sure at least one side is a valid scalar.
+	lerrs := validateScalar(t, w.lhs, "lhs: ")
+	rerrs := validateScalar(t, w.rhs, "rhs: ")
+	if len(lerrs) > 0 && len(rerrs) > 0 {
+		return append(lerrs, rerrs...)
 	}
 
 	// All scalars are leaf fields.
diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v4/typed/typed.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/typed/typed.go
index d63a97fe20..6411bd51a9 100644
--- a/vendor/sigs.k8s.io/structured-merge-diff/v4/typed/typed.go
+++ b/vendor/sigs.k8s.io/structured-merge-diff/v4/typed/typed.go
@@ -45,6 +45,10 @@ func AsTyped(v value.Value, s *schema.Schema, typeRef schema.TypeRef) (*TypedVal
 // conforms to the schema, for cases where that has already been checked or
 // where you're going to call a method that validates as a side-effect (like
 // ToFieldSet).
+//
+// Deprecated: This function was initially created because validation
+// was expensive. Now that this has been solved, objects should always
+// be created as validated, using `AsTyped`.
 func AsTypedUnvalidated(v value.Value, s *schema.Schema, typeRef schema.TypeRef) *TypedValue {
 	tv := &TypedValue{
 		value:   v,
@@ -125,12 +129,13 @@ func (tv TypedValue) Compare(rhs *TypedValue) (c *Comparison, err error) {
 		Modified: fieldpath.NewSet(),
 		Added:    fieldpath.NewSet(),
 	}
+	a := value.NewFreelistAllocator()
 	_, err = merge(&tv, rhs, func(w *mergingWalker) {
 		if w.lhs == nil {
 			c.Added.Insert(w.path)
 		} else if w.rhs == nil {
 			c.Removed.Insert(w.path)
-		} else if !value.Equals(w.rhs, w.lhs) {
+		} else if !value.EqualsUsing(a, w.rhs, w.lhs) {
 			// TODO: Equality is not sufficient for this.
 			// Need to implement equality check on the value type.
 			c.Modified.Insert(w.path)
diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v4/typed/validate.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/typed/validate.go
index 378d30219c..edddbafa42 100644
--- a/vendor/sigs.k8s.io/structured-merge-diff/v4/typed/validate.go
+++ b/vendor/sigs.k8s.io/structured-merge-diff/v4/typed/validate.go
@@ -102,6 +102,12 @@ func validateScalar(t *schema.Scalar, v value.Value, prefix string) (errs Valida
 		if !v.IsBool() {
 			return errorf("%vexpected boolean, got %v", prefix, v)
 		}
+	case schema.Untyped:
+		if !v.IsFloat() && !v.IsInt() && !v.IsString() && !v.IsBool() {
+			return errorf("%vexpected any scalar, got %v", prefix, v)
+		}
+	default:
+		return errorf("%vunexpected scalar type in schema: %v", prefix, *t)
 	}
 	return nil
 }
diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v4/value/mapreflect.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/value/mapreflect.go
index dc8b8c7200..c38402b99a 100644
--- a/vendor/sigs.k8s.io/structured-merge-diff/v4/value/mapreflect.go
+++ b/vendor/sigs.k8s.io/structured-merge-diff/v4/value/mapreflect.go
@@ -136,7 +136,7 @@ func (r mapReflect) EqualsUsing(a Allocator, m Map) bool {
 		if !ok {
 			return false
 		}
-		return Equals(vr.mustReuse(lhsVal, entry, nil, nil), value)
+		return EqualsUsing(a, vr.mustReuse(lhsVal, entry, nil, nil), value)
 	})
 }
 
diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v4/value/mapunstructured.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/value/mapunstructured.go
index d8e208628d..c3ae00b180 100644
--- a/vendor/sigs.k8s.io/structured-merge-diff/v4/value/mapunstructured.go
+++ b/vendor/sigs.k8s.io/structured-merge-diff/v4/value/mapunstructured.go
@@ -88,12 +88,12 @@ func (m mapUnstructuredInterface) EqualsUsing(a Allocator, other Map) bool {
 	}
 	vv := a.allocValueUnstructured()
 	defer a.Free(vv)
-	return other.Iterate(func(key string, value Value) bool {
+	return other.IterateUsing(a, func(key string, value Value) bool {
 		lhsVal, ok := m[key]
 		if !ok {
 			return false
 		}
-		return Equals(vv.reuse(lhsVal), value)
+		return EqualsUsing(a, vv.reuse(lhsVal), value)
 	})
 }
 
@@ -168,12 +168,12 @@ func (m mapUnstructuredString) EqualsUsing(a Allocator, other Map) bool {
 	}
 	vv := a.allocValueUnstructured()
 	defer a.Free(vv)
-	return other.Iterate(func(key string, value Value) bool {
+	return other.IterateUsing(a, func(key string, value Value) bool {
 		lhsVal, ok := m[key]
 		if !ok {
 			return false
 		}
-		return Equals(vv.reuse(lhsVal), value)
+		return EqualsUsing(a, vv.reuse(lhsVal), value)
 	})
 }
 
diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v4/value/reflectcache.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/value/reflectcache.go
index a5a467c0f0..f0d58d42cb 100644
--- a/vendor/sigs.k8s.io/structured-merge-diff/v4/value/reflectcache.go
+++ b/vendor/sigs.k8s.io/structured-merge-diff/v4/value/reflectcache.go
@@ -154,7 +154,9 @@ func buildStructCacheEntry(t reflect.Type, infos map[string]*FieldCacheEntry, fi
 			if field.Type.Kind() == reflect.Ptr {
 				e = field.Type.Elem()
 			}
-			buildStructCacheEntry(e, infos, append(fieldPath, field.Index))
+			if e.Kind() == reflect.Struct {
+				buildStructCacheEntry(e, infos, append(fieldPath, field.Index))
+			}
 			continue
 		}
 		info := &FieldCacheEntry{JsonName: jsonName, isOmitEmpty: isOmitempty, fieldPath: append(fieldPath, field.Index), fieldType: field.Type}