diff --git a/go.mod b/go.mod
index 0adb923ee8c..88b29d14cfd 100644
--- a/go.mod
+++ b/go.mod
@@ -25,7 +25,7 @@ require (
 	go.opencensus.io v0.24.0
 	go.uber.org/zap v1.26.0
 	golang.org/x/exp v0.0.0-20230307190834-24139beb5833
-	golang.org/x/oauth2 v0.11.0 // indirect
+	golang.org/x/oauth2 v0.13.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0
 	gopkg.in/square/go-jose.v2 v2.6.0
 	k8s.io/api v0.27.1
@@ -50,10 +50,10 @@ require (
 	code.gitea.io/sdk/gitea v0.16.0
 	github.com/goccy/kpoward v0.1.0
 	github.com/google/go-containerregistry/pkg/authn/k8schain v0.0.0-20230625233257-b8504803389b
-	github.com/sigstore/sigstore/pkg/signature/kms/aws v1.7.3
-	github.com/sigstore/sigstore/pkg/signature/kms/azure v1.7.3
-	github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.7.3
-	github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.7.3
+	github.com/sigstore/sigstore/pkg/signature/kms/aws v1.7.4
+	github.com/sigstore/sigstore/pkg/signature/kms/azure v1.7.4
+	github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.7.4
+	github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.7.4
 	go.opentelemetry.io/otel v1.19.0
 	go.opentelemetry.io/otel/exporters/jaeger v1.17.0
 	go.opentelemetry.io/otel/sdk v1.19.0
@@ -76,18 +76,18 @@ require (
 
 require (
 	cloud.google.com/go/compute/metadata v0.2.3 // indirect
-	cloud.google.com/go/iam v1.1.1 // indirect
-	cloud.google.com/go/kms v1.15.1 // indirect
+	cloud.google.com/go/iam v1.1.2 // indirect
+	cloud.google.com/go/kms v1.15.2 // indirect
 	dario.cat/mergo v1.0.0 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.1 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.1 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.8.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.0.1 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0 // indirect
 	github.com/AzureAD/microsoft-authentication-library-for-go v1.1.1 // indirect
 	github.com/Microsoft/hcsshim v0.11.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/kms v1.24.5 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.5 // indirect
+	github.com/aws/aws-sdk-go-v2/service/kms v1.24.6 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.3 // indirect
 	github.com/cenkalti/backoff/v3 v3.2.2 // indirect
 	github.com/cloudflare/circl v1.3.3 // indirect
 	github.com/containerd/log v0.1.0 // indirect
@@ -101,8 +101,8 @@ require (
 	github.com/golang-jwt/jwt/v5 v5.0.0 // indirect
 	github.com/google/gnostic v0.6.9 // indirect
 	github.com/google/go-containerregistry/pkg/authn/kubernetes v0.0.0-20230516205744-dbecb1de8cfa // indirect
-	github.com/google/s2a-go v0.1.5 // indirect
-	github.com/googleapis/enterprise-certificate-proxy v0.2.5 // indirect
+	github.com/google/s2a-go v0.1.7 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.3.1 // indirect
 	github.com/googleapis/gax-go/v2 v2.12.0 // indirect
 	github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.3 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
@@ -112,7 +112,7 @@ require (
 	github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect
 	github.com/hashicorp/go-sockaddr v1.0.2 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
-	github.com/hashicorp/vault/api v1.9.2 // indirect
+	github.com/hashicorp/vault/api v1.10.0 // indirect
 	github.com/jellydator/ttlcache/v3 v3.1.0 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/letsencrypt/boulder v0.0.0-20221109233200-85aa52084eaf // indirect
@@ -128,8 +128,8 @@ require (
 	github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect
 	github.com/zeebo/errs v1.3.0 // indirect
 	go.opentelemetry.io/otel/metric v1.19.0 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20230803162519-f966b187b2e5 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20230807174057-1744710a1577 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20231002182017-d307bd883b97 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20231009173412-8bfb1ae86b6c // indirect
 )
 
 require (
@@ -145,19 +145,19 @@ require (
 	github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
 	github.com/Azure/go-autorest/logger v0.2.1 // indirect
 	github.com/Azure/go-autorest/tracing v0.6.0 // indirect
-	github.com/aws/aws-sdk-go-v2 v1.21.0 // indirect
-	github.com/aws/aws-sdk-go-v2/config v1.18.37 // indirect
-	github.com/aws/aws-sdk-go-v2/credentials v1.13.35 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.11 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.41 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.35 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.42 // indirect
+	github.com/aws/aws-sdk-go-v2 v1.21.2 // indirect
+	github.com/aws/aws-sdk-go-v2/config v1.18.45 // indirect
+	github.com/aws/aws-sdk-go-v2/credentials v1.13.43 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.13 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.43 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.45 // indirect
 	github.com/aws/aws-sdk-go-v2/service/ecr v1.18.11 // indirect
 	github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.16.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.35 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.13.5 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.21.5 // indirect
-	github.com/aws/smithy-go v1.14.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.37 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.15.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.23.2 // indirect
+	github.com/aws/smithy-go v1.15.0 // indirect
 	github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20230510185313-f5e39e5f34c7 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver/v4 v4.0.0 // indirect
@@ -228,9 +228,9 @@ require (
 	golang.org/x/text v0.13.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
 	golang.org/x/tools v0.13.0 // indirect
-	google.golang.org/api v0.138.0 // indirect
+	google.golang.org/api v0.147.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto v0.0.0-20230803162519-f966b187b2e5 // indirect
+	google.golang.org/genproto v0.0.0-20231002182017-d307bd883b97 // indirect
 	google.golang.org/grpc v1.58.3
 	google.golang.org/protobuf v1.31.0
 	gopkg.in/inf.v0 v0.9.1 // indirect
diff --git a/go.sum b/go.sum
index 79446a7e106..5a64ded8334 100644
--- a/go.sum
+++ b/go.sum
@@ -20,7 +20,7 @@ cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECH
 cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8=
 cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0=
 cloud.google.com/go v0.83.0/go.mod h1:Z7MJUsANfY0pYPdw0lbnivPx4/vhy/e2FEkSkF7vAVY=
-cloud.google.com/go v0.110.6 h1:8uYAkj3YHTP/1iwReuHPxLSbdcyc+dSBbzFMrVwDR6Q=
+cloud.google.com/go v0.110.8 h1:tyNdfIxjzaWctIiLYOTalaLKZ17SI44SKFW26QbOhME=
 cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
 cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
 cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
@@ -34,10 +34,10 @@ cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2Aawl
 cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
 cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
 cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk=
-cloud.google.com/go/iam v1.1.1 h1:lW7fzj15aVIXYHREOqjRBV9PsH0Z6u8Y46a1YGvQP4Y=
-cloud.google.com/go/iam v1.1.1/go.mod h1:A5avdyVL2tCppe4unb0951eI9jreack+RJ0/d+KUZOU=
-cloud.google.com/go/kms v1.15.1 h1:HUC3fAoepH3RpcQXiJhXWWYizjQ5r7YjI7SO9ZbHf9s=
-cloud.google.com/go/kms v1.15.1/go.mod h1:c9J991h5DTl+kg7gi3MYomh12YEENGrf48ee/N/2CDM=
+cloud.google.com/go/iam v1.1.2 h1:gacbrBdWcoVmGLozRuStX45YKvJtzIjJdAolzUs1sm4=
+cloud.google.com/go/iam v1.1.2/go.mod h1:A5avdyVL2tCppe4unb0951eI9jreack+RJ0/d+KUZOU=
+cloud.google.com/go/kms v1.15.2 h1:lh6qra6oC4AyWe5fUUUBe/S27k12OHAleOOOw6KakdE=
+cloud.google.com/go/kms v1.15.2/go.mod h1:3hopT4+7ooWRCjc2DxgnpESFxhIraaI2IpAVUEhbT/w=
 cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
 cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
 cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
@@ -59,10 +59,10 @@ dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7
 github.com/Azure/azure-sdk-for-go v16.2.1+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0hS+6+I79yEDJBqVNcqUzU=
 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.1 h1:/iHxaJhsFr0+xVFfbMr5vxz848jyiWuIEDhYq3y5odY=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.1/go.mod h1:bjGvMhVMb+EEm3VRNQawDMUyMMjo+S5ewNjflkep/0Q=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.1 h1:LNHhpdK7hzUcx/k1LIcuh5k7k1LGIWLQfCjaneSj7Fc=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.1/go.mod h1:uE9zaUfEQT/nbQjVi2IblCG9iaLtZsuYZ8ne+PuQ02M=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.8.0 h1:9kDVnTz3vbfweTqAUmk/a/pH5pWFCHtvRpHYC0G/dcA=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.8.0/go.mod h1:3Ug6Qzto9anB6mGlEdgYMDF5zHQ+wwhEaYR4s17PHMw=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0 h1:BMAjVKJM0U/CYF27gA0ZMmXGkOcvfFtD0oHVZ1TIPRI=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0/go.mod h1:1fXstnBMas5kzG+S3q8UoJcmyU6nUeunJcMDHcRYHhs=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 h1:sXr+ck84g/ZlZUOZiNELInmMgOsuGwdjjVkEIde0OtY=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0/go.mod h1:okt5dMMTOFjX/aovMlrjvvXoPMBVSPzk9185BT0+eZM=
 github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.0.1 h1:MyVTgWR8qd/Jw1Le0NZebGBUCLbtak3bJ3z1OlqZBpw=
@@ -151,49 +151,52 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
 github.com/aws/aws-sdk-go v1.15.11/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0=
-github.com/aws/aws-sdk-go v1.45.0 h1:qoVOQHuLacxJMO71T49KeE70zm+Tk3vtrl7XO4VUPZc=
+github.com/aws/aws-sdk-go v1.45.25 h1:c4fLlh5sLdK2DCRTY1z0hyuJZU4ygxX8m1FswL6/nF4=
 github.com/aws/aws-sdk-go-v2 v1.18.0/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
-github.com/aws/aws-sdk-go-v2 v1.21.0 h1:gMT0IW+03wtYJhRqTVYn0wLzwdnK9sRMcxmtfGzRdJc=
-github.com/aws/aws-sdk-go-v2 v1.21.0/go.mod h1:/RfNgGmRxI+iFOB1OeJUyxiU+9s88k3pfHvDagGEp0M=
+github.com/aws/aws-sdk-go-v2 v1.21.1/go.mod h1:ErQhvNuEMhJjweavOYhxVkn2RUx7kQXVATHrjKtxIpM=
+github.com/aws/aws-sdk-go-v2 v1.21.2 h1:+LXZ0sgo8quN9UOKXXzAWRT3FWd4NxeXWOZom9pE7GA=
+github.com/aws/aws-sdk-go-v2 v1.21.2/go.mod h1:ErQhvNuEMhJjweavOYhxVkn2RUx7kQXVATHrjKtxIpM=
 github.com/aws/aws-sdk-go-v2/config v1.18.25/go.mod h1:dZnYpD5wTW/dQF0rRNLVypB396zWCcPiBIvdvSWHEg4=
-github.com/aws/aws-sdk-go-v2/config v1.18.37 h1:RNAfbPqw1CstCooHaTPhScz7z1PyocQj0UL+l95CgzI=
-github.com/aws/aws-sdk-go-v2/config v1.18.37/go.mod h1:8AnEFxW9/XGKCbjYDCJy7iltVNyEI9Iu9qC21UzhhgQ=
+github.com/aws/aws-sdk-go-v2/config v1.18.45 h1:Aka9bI7n8ysuwPeFdm77nfbyHCAKQ3z9ghB3S/38zes=
+github.com/aws/aws-sdk-go-v2/config v1.18.45/go.mod h1:ZwDUgFnQgsazQTnWfeLWk5GjeqTQTL8lMkoE1UXzxdE=
 github.com/aws/aws-sdk-go-v2/credentials v1.13.24/go.mod h1:jYPYi99wUOPIFi0rhiOvXeSEReVOzBqFNOX5bXYoG2o=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.35 h1:QpsNitYJu0GgvMBLUIYu9H4yryA5kMksjeIVQfgXrt8=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.35/go.mod h1:o7rCaLtvK0hUggAGclf76mNGGkaG5a9KWlp+d9IpcV8=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.43 h1:LU8vo40zBlo3R7bAvBVy/ku4nxGEyZe9N8MqAeFTzF8=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.43/go.mod h1:zWJBz1Yf1ZtX5NGax9ZdNjhhI4rgjfgsyk6vTY1yfVg=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.3/go.mod h1:4Q0UFP0YJf0NrsEuEYHpM9fTSEVnD16Z3uyEF7J9JGM=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.11 h1:uDZJF1hu0EVT/4bogChk8DyjSF6fof6uL/0Y26Ma7Fg=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.11/go.mod h1:TEPP4tENqBGO99KwVpV9MlOX4NSrSLP8u3KRy2CDwA8=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.13 h1:PIktER+hwIG286DqXyvVENjgLTAwGgoeriLDD5C+YlQ=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.13/go.mod h1:f/Ib/qYjhV2/qdsf79H3QP/eRE4AkVyEf6sk7XfZ1tg=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.33/go.mod h1:7i0PF1ME/2eUPFcjkVIwq+DOygHEoK92t5cDqNgYbIw=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.41 h1:22dGT7PneFMx4+b3pz7lMTRyN8ZKH7M2cW4GP9yUS2g=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.41/go.mod h1:CrObHAuPneJBlfEJ5T3szXOUkLEThaGfvnhTf33buas=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.42/go.mod h1:oDfgXoBBmj+kXnqxDDnIDnC56QBosglKp8ftRCTxR+0=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.43 h1:nFBQlGtkbPzp/NjZLuFxRqmT91rLJkgvsEQs68h962Y=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.43/go.mod h1:auo+PiyLl0n1l8A0e8RIeR8tOzYPfZZH/JNlrJ8igTQ=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.27/go.mod h1:UrHnn3QV/d0pBZ6QBAEQcqFLf8FAzLmoUfPVIueOvoM=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.35 h1:SijA0mgjV8E+8G45ltVHs0fvKpTj8xmZJ3VwhGKtUSI=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.35/go.mod h1:SJC1nEVVva1g3pHAIdCp7QsRIkMmLAgoDquQ9Rr8kYw=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.36/go.mod h1:rwr4WnmFi3RJO0M4dxbJtgi9BPLMpVBMX1nUte5ha9U=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37 h1:JRVhO25+r3ar2mKGP7E0LDl8K9/G36gjlqca5iQbaqc=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37/go.mod h1:Qe+2KtKml+FEsQF/DHmDV+xjtche/hwoF75EG4UlHW8=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.3.34/go.mod h1:Etz2dj6UHYuw+Xw830KfzCfWGMzqvUTCjUj5b76GVDc=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.3.42 h1:GPUcE/Yq7Ur8YSUk6lVkoIMWnJNO0HT18GUzCWCgCI0=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.3.42/go.mod h1:rzfdUlfA+jdgLDmPKjd3Chq9V7LVLYo1Nz++Wb91aRo=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.45 h1:hze8YsjSh8Wl1rYa1CJpRmXP21BvOBuc76YhW0HsuQ4=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.45/go.mod h1:lD5M20o09/LCuQ2mE62Mb/iSdSlCNuj6H5ci7tW7OsE=
 github.com/aws/aws-sdk-go-v2/service/ecr v1.18.11 h1:wlTgmb/sCmVRJrN5De3CiHj4v/bTCgL5+qpdEd0CPtw=
 github.com/aws/aws-sdk-go-v2/service/ecr v1.18.11/go.mod h1:Ce1q2jlNm8BVpjLaOnwnm5v2RClAbK6txwPljFzyW6c=
 github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.16.2 h1:yflJrGmi1pXtP9lOpOeaNZyc0vXnJTuP2sor3nJcGGo=
 github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.16.2/go.mod h1:uHtRE7aqXNmpeYL+7Ec7LacH5zC9+w2T5MBOeEKDdu0=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.27/go.mod h1:EOwBD4J4S5qYszS5/3DpkejfuK+Z5/1uzICfPaZLtqw=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.35 h1:CdzPW9kKitgIiLV1+MHobfR5Xg25iYnyzWZhyQuSlDI=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.35/go.mod h1:QGF2Rs33W5MaN9gYdEQOBBFPLwTZkEhRwI33f7KIG0o=
-github.com/aws/aws-sdk-go-v2/service/kms v1.24.5 h1:VNEw+EdYDUdkICYAVQ6n9WoAq8ZuZr7dXKjyaOw94/Q=
-github.com/aws/aws-sdk-go-v2/service/kms v1.24.5/go.mod h1:NZEhPgq+vvmM6L9w+xl78Vf7YxqUcpVULqFdrUhHg8I=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.37 h1:WWZA/I2K4ptBS1kg0kV1JbBtG/umed0vwHRrmcr9z7k=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.37/go.mod h1:vBmDnwWXWxNPFRMmG2m/3MKOe+xEcMDo1tanpaWCcck=
+github.com/aws/aws-sdk-go-v2/service/kms v1.24.6 h1:rp9DrFG3na9nuqsBZWb5KwvZrODhjayqFVJe8jmeVY8=
+github.com/aws/aws-sdk-go-v2/service/kms v1.24.6/go.mod h1:I/absi3KLfE37J5QWMKyoYT8ZHA9t8JOC+Rb7Cyy+vc=
 github.com/aws/aws-sdk-go-v2/service/sso v1.12.10/go.mod h1:ouy2P4z6sJN70fR3ka3wD3Ro3KezSxU6eKGQI2+2fjI=
-github.com/aws/aws-sdk-go-v2/service/sso v1.13.5 h1:oCvTFSDi67AX0pOX3PuPdGFewvLRU2zzFSrTsgURNo0=
-github.com/aws/aws-sdk-go-v2/service/sso v1.13.5/go.mod h1:fIAwKQKBFu90pBxx07BFOMJLpRUGu8VOzLJakeY+0K4=
+github.com/aws/aws-sdk-go-v2/service/sso v1.15.2 h1:JuPGc7IkOP4AaqcZSIcyqLpFSqBWK32rM9+a1g6u73k=
+github.com/aws/aws-sdk-go-v2/service/sso v1.15.2/go.mod h1:gsL4keucRCgW+xA85ALBpRFfdSLH4kHOVSnLMSuBECo=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.10/go.mod h1:AFvkxc8xfBe8XA+5St5XIHHrQQtkxqrRincx4hmMHOk=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.5 h1:dnInJb4S0oy8aQuri1mV6ipLlnZPfnsDNB9BGO9PDNY=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.5/go.mod h1:yygr8ACQRY2PrEcy3xsUI357stq2AxnFM6DIsR9lij4=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.3 h1:HFiiRkf1SdaAmV3/BHOFZ9DjFynPHj8G/UIO1lQS+fk=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.3/go.mod h1:a7bHA82fyUXOm+ZSWKU6PIoBxrjSprdLoM8xPYvzYVg=
 github.com/aws/aws-sdk-go-v2/service/sts v1.19.0/go.mod h1:BgQOMsg8av8jset59jelyPW7NoZcZXLVpDsXunGDrk8=
-github.com/aws/aws-sdk-go-v2/service/sts v1.21.5 h1:CQBFElb0LS8RojMJlxRSo/HXipvTZW2S44Lt9Mk2aYQ=
-github.com/aws/aws-sdk-go-v2/service/sts v1.21.5/go.mod h1:VC7JDqsqiwXukYEDjoHh9U0fOJtNWh04FPQz4ct4GGU=
+github.com/aws/aws-sdk-go-v2/service/sts v1.23.2 h1:0BkLfgeDjfZnZ+MhB3ONb01u9pwFYTCZVhlsSSBvlbU=
+github.com/aws/aws-sdk-go-v2/service/sts v1.23.2/go.mod h1:Eows6e1uQEsc4ZaHANmsPRzAKcVDrcmjjWiih2+HUUQ=
 github.com/aws/smithy-go v1.13.5/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
-github.com/aws/smithy-go v1.14.2 h1:MJU9hqBGbvWZdApzpvoF2WAIJDbtjK2NDJSiJP7HblQ=
-github.com/aws/smithy-go v1.14.2/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
+github.com/aws/smithy-go v1.15.0 h1:PS/durmlzvAFpQHDs4wi4sNNP9ExsqZh6IlfdHXgKK8=
+github.com/aws/smithy-go v1.15.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
 github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20230510185313-f5e39e5f34c7 h1:G5IT+PEpFY0CDb3oITDP9tkmLrHkVD8Ny+elUmBqVYI=
 github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20230510185313-f5e39e5f34c7/go.mod h1:VVALgT1UESBh91dY0GprHnT1Z7mKd96VDk8qVy+bmu0=
 github.com/beorn7/perks v0.0.0-20160804104726-4c0e84591b9a/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
@@ -625,8 +628,8 @@ github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLe
 github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
-github.com/google/s2a-go v0.1.5 h1:8IYp3w9nysqv3JH+NJgXJzGbDHzLOTj43BmSkp+O7qg=
-github.com/google/s2a-go v0.1.5/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A=
+github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o=
+github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw=
 github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
@@ -634,8 +637,8 @@ github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+
 github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4=
 github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/googleapis/enterprise-certificate-proxy v0.2.5 h1:UR4rDjcgpgEnqpIEvkiqTYKBCKLNmlge2eVjoZfySzM=
-github.com/googleapis/enterprise-certificate-proxy v0.2.5/go.mod h1:RxW0N9901Cko1VOCW3SXCpWP+mlIEkk2tP7jnHy9a3w=
+github.com/googleapis/enterprise-certificate-proxy v0.3.1 h1:SBWmZhjUDRorQxrN0nwzf+AHBxnbFjViHQS4P0yVpmQ=
+github.com/googleapis/enterprise-certificate-proxy v0.3.1/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0=
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
 github.com/googleapis/gax-go/v2 v2.12.0 h1:A+gCJKdRfqXkr+BIRGtZLibNXf0m1f9E4HG56etFpas=
@@ -710,8 +713,8 @@ github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO
 github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ=
 github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I=
 github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc=
-github.com/hashicorp/vault/api v1.9.2 h1:YjkZLJ7K3inKgMZ0wzCU9OHqc+UqMQyXsPXnf3Cl2as=
-github.com/hashicorp/vault/api v1.9.2/go.mod h1:jo5Y/ET+hNyz+JnKDt8XLAdKs+AM0G5W0Vp1IrFI8N8=
+github.com/hashicorp/vault/api v1.10.0 h1:/US7sIjWN6Imp4o/Rj1Ce2Nr5bki/AXi9vAW3p2tOJQ=
+github.com/hashicorp/vault/api v1.10.0/go.mod h1:jo5Y/ET+hNyz+JnKDt8XLAdKs+AM0G5W0Vp1IrFI8N8=
 github.com/honeycombio/beeline-go v1.10.0 h1:cUDe555oqvw8oD76BQJ8alk7FP0JZ/M/zXpNvOEDLDc=
 github.com/honeycombio/libhoney-go v1.16.0 h1:kPpqoz6vbOzgp7jC6SR7SkNj7rua7rgxvznI6M3KdHc=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
@@ -1022,14 +1025,14 @@ github.com/shurcooL/graphql v0.0.0-20181231061246-d48a9a75455f/go.mod h1:AuYgA5K
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
 github.com/sigstore/sigstore v1.7.3 h1:HVVTfrMezJeLyl2xhJ8edzkrEGBa4KxjQZB4FlQ4JLU=
 github.com/sigstore/sigstore v1.7.3/go.mod h1:cl0c7Dtg3MM3c13L8pqqrfrmBa0eM3POcdtBepjylmw=
-github.com/sigstore/sigstore/pkg/signature/kms/aws v1.7.3 h1:HbtK8W1bl+BhUPPtpfh4bgkm5oXrtzqd6FTvFg+oor8=
-github.com/sigstore/sigstore/pkg/signature/kms/aws v1.7.3/go.mod h1:JPLKxAUNNsuUQZUy9G3TGhfZCrUaGWa18dxJUQb2E/s=
-github.com/sigstore/sigstore/pkg/signature/kms/azure v1.7.3 h1:dS0f3vtSfgJClJrIFKzfettFfSfygEWDd/yecLcH1uc=
-github.com/sigstore/sigstore/pkg/signature/kms/azure v1.7.3/go.mod h1:N2GlshxHUDP3V2irRTZNgXkExAXL9y32bEK2k7jDLKo=
-github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.7.3 h1:zO5OlN1DZ/f6N2Gtl72NleHv2kLudSxa9evaz1VgIKQ=
-github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.7.3/go.mod h1:JVLf01VmZPBqkISIc7EDCFeTk4aFC0+uL/SXC57QhHQ=
-github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.7.3 h1:IVPaj3NCCc037V2gtFISnSeebmBq1vnkKoPpNjHL3yM=
-github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.7.3/go.mod h1:prbSgDAfwNix71ZKDll1Pp1EucXP7r0UGnAqQ1hcrHo=
+github.com/sigstore/sigstore/pkg/signature/kms/aws v1.7.4 h1:zIqB/IB8qVJBjazd+fjI6XZlE9f8s5HxnOllHAeTTew=
+github.com/sigstore/sigstore/pkg/signature/kms/aws v1.7.4/go.mod h1:eorFqzSo/RDsBfl97Ui/mKXw0YQ9qLDT1RhMYiuvPf8=
+github.com/sigstore/sigstore/pkg/signature/kms/azure v1.7.4 h1:2xI6GX+tQMF0L+DlQq09U4fH8PlFhuz0wSYkiHY8fgo=
+github.com/sigstore/sigstore/pkg/signature/kms/azure v1.7.4/go.mod h1:+O0uMOHhBmaVtiuR6QjO+Firh3lNWDAdFC80EYZxvZs=
+github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.7.4 h1:1xpfNzVhTKOlyfcR618l7Ew1GmnUcMHMQ/fxW1IG/Yw=
+github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.7.4/go.mod h1:7oUJ9Uv9KdYsXHDNBWnIfT5vP7ClztoRAi3zMTLC6X8=
+github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.7.4 h1:g+iL3HbRnxKtc/w/J4AJTht/AEiexX/A8XxRyqYw81M=
+github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.7.4/go.mod h1:nBhqVRNE46SEFuv6ihan78RV60Z8crcZr2IJSFC74iA=
 github.com/sirupsen/logrus v1.0.4-0.20170822132746-89742aefa4b2/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc=
 github.com/sirupsen/logrus v1.0.6/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc=
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
@@ -1224,7 +1227,6 @@ golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5
 golang.org/x/crypto v0.0.0-20210920023735-84f357641f63/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
@@ -1232,8 +1234,6 @@ golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw
 golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
 golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
-golang.org/x/crypto v0.13.0 h1:mvySKfSWJ+UKUii46M40LOvyWfN0s2U+46/jDd0e6Ck=
-golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc=
 golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc=
 golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -1345,8 +1345,6 @@ golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
 golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
-golang.org/x/net v0.15.0 h1:ugBLEUaxABaB5AJqW9enI0ACdci2RUd4eP51NTBvuJ8=
-golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
 golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
 golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@@ -1363,8 +1361,8 @@ golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ
 golang.org/x/oauth2 v0.0.0-20210402161424-2e8d93401602/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
-golang.org/x/oauth2 v0.11.0 h1:vPL4xzxBM4niKCW6g9whtaWVXTJf1U5e4aZxxFx/gbU=
-golang.org/x/oauth2 v0.11.0/go.mod h1:LdF7O/8bLR/qWK9DrpXmbHLTouvRHK0SgJl0GmDBchk=
+golang.org/x/oauth2 v0.13.0 h1:jDDenyj+WgFtmV3zYVoi8aE2BwtXFLWOA67ZfNWftiY=
+golang.org/x/oauth2 v0.13.0/go.mod h1:/JMhi4ZRXAf4HG9LiNmxvk+45+96RUlVThiH8FzNBn0=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -1486,8 +1484,6 @@ golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.12.0 h1:CM0HF96J0hcLAwsHPJZjfdNzs0gftsLfgKt57wWHJ0o=
-golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
 golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
@@ -1496,8 +1492,6 @@ golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
-golang.org/x/term v0.12.0 h1:/ZfYdc3zq+q02Rv9vGqTeSItdzZTSNDmfTi0mBAuidU=
-golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=
 golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek=
 golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -1509,7 +1503,6 @@ golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
@@ -1619,8 +1612,8 @@ google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBz
 google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94=
 google.golang.org/api v0.44.0/go.mod h1:EBOGZqzyhtvMDoxwS97ctnh0zUmYY6CxqXsc1AvkYD8=
 google.golang.org/api v0.47.0/go.mod h1:Wbvgpq1HddcWVtzsVLyfLp8lDg6AA241LmgIL59tHXo=
-google.golang.org/api v0.138.0 h1:K/tVp05MxNVbHShRw9m7e9VJGdagNeTdMzqPH7AUqr0=
-google.golang.org/api v0.138.0/go.mod h1:4xyob8CxC+0GChNBvEUAk8VBKNvYOTWM9T3v3UfRxuY=
+google.golang.org/api v0.147.0 h1:Can3FaQo9LlVqxJCodNmeZW/ib3/qKAY3rFeXiHo5gc=
+google.golang.org/api v0.147.0/go.mod h1:pQ/9j83DcmPd/5C9e2nFOdjjNkDZ1G+zkbK2uvdkJMs=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
@@ -1678,12 +1671,12 @@ google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaE
 google.golang.org/genproto v0.0.0-20210513213006-bf773b8c8384/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A=
 google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
 google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20230803162519-f966b187b2e5 h1:L6iMMGrtzgHsWofoFcihmDEMYeDR9KN/ThbPWGrh++g=
-google.golang.org/genproto v0.0.0-20230803162519-f966b187b2e5/go.mod h1:oH/ZOT02u4kWEp7oYBGYFFkCdKS/uYR9Z7+0/xuuFp8=
-google.golang.org/genproto/googleapis/api v0.0.0-20230803162519-f966b187b2e5 h1:nIgk/EEq3/YlnmVVXVnm14rC2oxgs1o0ong4sD/rd44=
-google.golang.org/genproto/googleapis/api v0.0.0-20230803162519-f966b187b2e5/go.mod h1:5DZzOUPCLYL3mNkQ0ms0F3EuUNZ7py1Bqeq6sxzI7/Q=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20230807174057-1744710a1577 h1:wukfNtZmZUurLN/atp2hiIeTKn7QJWIQdHzqmsOnAOk=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20230807174057-1744710a1577/go.mod h1:+Bk1OCOj40wS2hwAMA+aCW9ypzm63QTBBHp6lQ3p+9M=
+google.golang.org/genproto v0.0.0-20231002182017-d307bd883b97 h1:SeZZZx0cP0fqUyA+oRzP9k7cSwJlvDFiROO72uwD6i0=
+google.golang.org/genproto v0.0.0-20231002182017-d307bd883b97/go.mod h1:t1VqOqqvce95G3hIDCT5FeO3YUc6Q4Oe24L/+rNMxRk=
+google.golang.org/genproto/googleapis/api v0.0.0-20231002182017-d307bd883b97 h1:W18sezcAYs+3tDZX4F80yctqa12jcP1PUS2gQu1zTPU=
+google.golang.org/genproto/googleapis/api v0.0.0-20231002182017-d307bd883b97/go.mod h1:iargEX0SFPm3xcfMI0d1domjg0ZF4Aa0p2awqyxhvF0=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20231009173412-8bfb1ae86b6c h1:jHkCUWkseRf+W+edG5hMzr/Uh1xkDREY4caybAq4dpY=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20231009173412-8bfb1ae86b6c/go.mod h1:4cYg8o5yUbm77w8ZX00LhMVNl/YVBFJRYWDc0uYWMs0=
 google.golang.org/grpc v0.0.0-20160317175043-d3ddb4469d5a/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
@@ -1712,7 +1705,6 @@ google.golang.org/grpc v1.37.1/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQ
 google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
 google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
 google.golang.org/grpc v1.41.0/go.mod h1:U3l9uK9J0sini8mHphKoXyaqDA/8VyGnDee1zzIUK6k=
-google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ=
 google.golang.org/grpc v1.48.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
 google.golang.org/grpc v1.58.3 h1:BjnpXut1btbtgN/6sp+brB2Kbm2LjNXnidYujAVbSoQ=
 google.golang.org/grpc v1.58.3/go.mod h1:tgX3ZQDlNJGU96V6yHh1T/JeoBQ2TXdr43YbYSsCJk0=
@@ -1835,8 +1827,6 @@ k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/
 k8s.io/utils v0.0.0-20221107191617-1a15be271d1d/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 k8s.io/utils v0.0.0-20230505201702-9f6742963106 h1:EObNQ3TW2D+WptiYXlApGNLVy0zm/JIBVY9i+M4wpAU=
 k8s.io/utils v0.0.0-20230505201702-9f6742963106/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
-knative.dev/pkg v0.0.0-20230718152110-aef227e72ead h1:2dDzorpKuVZW3Qp7TbirMMq16FbId8f6bacQFX8jXLw=
-knative.dev/pkg v0.0.0-20230718152110-aef227e72ead/go.mod h1:WmrwRV/P+hGHoMraAEfwg6ec+fBTf+Obu41v354Iabc=
 knative.dev/pkg v0.0.0-20231011193800-bd99f2f98be7 h1:y3qbfYX1SuSr/1ysXvKfpV8q/kCwWLWieCUgAhBUHmQ=
 knative.dev/pkg v0.0.0-20231011193800-bd99f2f98be7/go.mod h1:g+UCgSKQ2f15kHYu/V3CPtoKo5F1x/2Y1ot0NSK7gA0=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
diff --git a/vendor/cloud.google.com/go/iam/CHANGES.md b/vendor/cloud.google.com/go/iam/CHANGES.md
index 0cef5cebf13..b8a24417828 100644
--- a/vendor/cloud.google.com/go/iam/CHANGES.md
+++ b/vendor/cloud.google.com/go/iam/CHANGES.md
@@ -1,6 +1,13 @@
 # Changes
 
 
+## [1.1.2](https://github.com/googleapis/google-cloud-go/compare/iam/v1.1.1...iam/v1.1.2) (2023-08-08)
+
+
+### Documentation
+
+* **iam:** Minor formatting ([b4349cc](https://github.com/googleapis/google-cloud-go/commit/b4349cc507870ff8629bbc07de578b63bb889626))
+
 ## [1.1.1](https://github.com/googleapis/google-cloud-go/compare/iam/v1.1.0...iam/v1.1.1) (2023-06-20)
 
 
diff --git a/vendor/cloud.google.com/go/iam/apiv1/iampb/policy.pb.go b/vendor/cloud.google.com/go/iam/apiv1/iampb/policy.pb.go
index 69c720e7337..de7995434ad 100644
--- a/vendor/cloud.google.com/go/iam/apiv1/iampb/policy.pb.go
+++ b/vendor/cloud.google.com/go/iam/apiv1/iampb/policy.pb.go
@@ -1,4 +1,4 @@
-// Copyright 2022 Google LLC
+// Copyright 2023 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -219,6 +219,8 @@ func (AuditConfigDelta_Action) EnumDescriptor() ([]byte, []int) {
 //
 // **JSON example:**
 //
+// ```
+//
 //	{
 //	  "bindings": [
 //	    {
@@ -247,8 +249,12 @@ func (AuditConfigDelta_Action) EnumDescriptor() ([]byte, []int) {
 //	  "version": 3
 //	}
 //
+// ```
+//
 // **YAML example:**
 //
+// ```
+//
 //	bindings:
 //	- members:
 //	  - user:mike@example.com
@@ -266,6 +272,8 @@ func (AuditConfigDelta_Action) EnumDescriptor() ([]byte, []int) {
 //	etag: BwWWja0YfJA=
 //	version: 3
 //
+// ```
+//
 // For a description of IAM and its features, see the
 // [IAM documentation](https://cloud.google.com/iam/docs/).
 type Policy struct {
@@ -396,7 +404,7 @@ type Binding struct {
 	// Role that is assigned to the list of `members`, or principals.
 	// For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
 	Role string `protobuf:"bytes,1,opt,name=role,proto3" json:"role,omitempty"`
-	// Specifies the principals requesting access for a Cloud Platform resource.
+	// Specifies the principals requesting access for a Google Cloud resource.
 	// `members` can have the following values:
 	//
 	// * `allUsers`: A special identifier that represents anyone who is
@@ -558,8 +566,8 @@ func (x *Binding) GetCondition() *expr.Expr {
 //	}
 //
 // For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
-// logging. It also exempts jose@example.com from DATA_READ logging, and
-// aliya@example.com from DATA_WRITE logging.
+// logging. It also exempts `jose@example.com` from DATA_READ logging, and
+// `aliya@example.com` from DATA_WRITE logging.
 type AuditConfig struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
@@ -770,7 +778,7 @@ type BindingDelta struct {
 	// For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
 	// Required
 	Role string `protobuf:"bytes,2,opt,name=role,proto3" json:"role,omitempty"`
-	// A single identity requesting access for a Cloud Platform resource.
+	// A single identity requesting access for a Google Cloud resource.
 	// Follows the same format of Binding.members.
 	// Required
 	Member string `protobuf:"bytes,3,opt,name=member,proto3" json:"member,omitempty"`
diff --git a/vendor/cloud.google.com/go/kms/apiv1/doc.go b/vendor/cloud.google.com/go/kms/apiv1/doc.go
index e701dab3f09..f5fad9615c1 100644
--- a/vendor/cloud.google.com/go/kms/apiv1/doc.go
+++ b/vendor/cloud.google.com/go/kms/apiv1/doc.go
@@ -22,8 +22,15 @@
 //
 // # General documentation
 //
-// For information about setting deadlines, reusing contexts, and more
-// please visit https://pkg.go.dev/cloud.google.com/go.
+// For information that is relevant for all client libraries please reference
+// https://pkg.go.dev/cloud.google.com/go#pkg-overview. Some information on this
+// page includes:
+//
+//   - [Authentication and Authorization]
+//   - [Timeouts and Cancellation]
+//   - [Testing against Client Libraries]
+//   - [Debugging Client Libraries]
+//   - [Inspecting errors]
 //
 // # Example usage
 //
@@ -78,11 +85,6 @@
 //		_ = resp
 //	}
 //
-// # Inspecting errors
-//
-// To see examples of how to inspect errors returned by this package please reference
-// [Inspecting errors](https://pkg.go.dev/cloud.google.com/go#hdr-Inspecting_errors).
-//
 // # Use of Context
 //
 // The ctx passed to NewEkmClient is used for authentication requests and
@@ -90,14 +92,18 @@
 // Individual methods on the client use the ctx given to them.
 //
 // To close the open connection, use the Close() method.
+//
+// [Authentication and Authorization]: https://pkg.go.dev/cloud.google.com/go#hdr-Authentication_and_Authorization
+// [Timeouts and Cancellation]: https://pkg.go.dev/cloud.google.com/go#hdr-Timeouts_and_Cancellation
+// [Testing against Client Libraries]: https://pkg.go.dev/cloud.google.com/go#hdr-Testing
+// [Debugging Client Libraries]: https://pkg.go.dev/cloud.google.com/go#hdr-Debugging
+// [Inspecting errors]: https://pkg.go.dev/cloud.google.com/go#hdr-Inspecting_errors
 package kms // import "cloud.google.com/go/kms/apiv1"
 
 import (
 	"context"
-	"net/http"
 
 	"google.golang.org/api/option"
-	"google.golang.org/grpc/metadata"
 )
 
 // For more information on implementing a client constructor hook, see
@@ -114,17 +120,6 @@ func getVersionClient() string {
 	return versionClient
 }
 
-func insertMetadata(ctx context.Context, mds ...metadata.MD) context.Context {
-	out, _ := metadata.FromOutgoingContext(ctx)
-	out = out.Copy()
-	for _, md := range mds {
-		for k, v := range md {
-			out[k] = append(out[k], v...)
-		}
-	}
-	return metadata.NewOutgoingContext(ctx, out)
-}
-
 // DefaultAuthScopes reports the default set of authentication scopes to use with this package.
 func DefaultAuthScopes() []string {
 	return []string{
@@ -132,13 +127,3 @@ func DefaultAuthScopes() []string {
 		"https://www.googleapis.com/auth/cloudkms",
 	}
 }
-
-// buildHeaders extracts metadata from the outgoing context, joins it with any other
-// given metadata, and converts them into a http.Header.
-func buildHeaders(ctx context.Context, mds ...metadata.MD) http.Header {
-	if cmd, ok := metadata.FromOutgoingContext(ctx); ok {
-		mds = append(mds, cmd)
-	}
-	md := metadata.Join(mds...)
-	return http.Header(md)
-}
diff --git a/vendor/cloud.google.com/go/kms/apiv1/ekm_client.go b/vendor/cloud.google.com/go/kms/apiv1/ekm_client.go
index fb8de925412..2cf9f965289 100644
--- a/vendor/cloud.google.com/go/kms/apiv1/ekm_client.go
+++ b/vendor/cloud.google.com/go/kms/apiv1/ekm_client.go
@@ -38,7 +38,6 @@ import (
 	locationpb "google.golang.org/genproto/googleapis/cloud/location"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/metadata"
 	"google.golang.org/protobuf/encoding/protojson"
 	"google.golang.org/protobuf/proto"
 )
@@ -355,7 +354,7 @@ type ekmGRPCClient struct {
 	locationsClient locationpb.LocationsClient
 
 	// The x-goog-* metadata to be sent with each request.
-	xGoogMetadata metadata.MD
+	xGoogHeaders []string
 }
 
 // NewEkmClient creates a new ekm service client based on gRPC.
@@ -411,7 +410,7 @@ func (c *ekmGRPCClient) Connection() *grpc.ClientConn {
 func (c *ekmGRPCClient) setGoogleClientInfo(keyval ...string) {
 	kv := append([]string{"gl-go", gax.GoVersion}, keyval...)
 	kv = append(kv, "gapic", getVersionClient(), "gax", gax.Version, "grpc", grpc.Version)
-	c.xGoogMetadata = metadata.Pairs("x-goog-api-client", gax.XGoogHeader(kv...))
+	c.xGoogHeaders = []string{"x-goog-api-client", gax.XGoogHeader(kv...)}
 }
 
 // Close closes the connection to the API service. The user should invoke this when
@@ -428,8 +427,8 @@ type ekmRESTClient struct {
 	// The http client.
 	httpClient *http.Client
 
-	// The x-goog-* metadata to be sent with each request.
-	xGoogMetadata metadata.MD
+	// The x-goog-* headers to be sent with each request.
+	xGoogHeaders []string
 
 	// Points back to the CallOptions field of the containing EkmClient
 	CallOptions **EkmCallOptions
@@ -476,7 +475,7 @@ func defaultEkmRESTClientOptions() []option.ClientOption {
 func (c *ekmRESTClient) setGoogleClientInfo(keyval ...string) {
 	kv := append([]string{"gl-go", gax.GoVersion}, keyval...)
 	kv = append(kv, "gapic", getVersionClient(), "gax", gax.Version, "rest", "UNKNOWN")
-	c.xGoogMetadata = metadata.Pairs("x-goog-api-client", gax.XGoogHeader(kv...))
+	c.xGoogHeaders = []string{"x-goog-api-client", gax.XGoogHeader(kv...)}
 }
 
 // Close closes the connection to the API service. The user should invoke this when
@@ -494,9 +493,10 @@ func (c *ekmRESTClient) Connection() *grpc.ClientConn {
 	return nil
 }
 func (c *ekmGRPCClient) ListEkmConnections(ctx context.Context, req *kmspb.ListEkmConnectionsRequest, opts ...gax.CallOption) *EkmConnectionIterator {
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent()))}
 
-	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
+	hds = append(c.xGoogHeaders, hds...)
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
 	opts = append((*c.CallOptions).ListEkmConnections[0:len((*c.CallOptions).ListEkmConnections):len((*c.CallOptions).ListEkmConnections)], opts...)
 	it := &EkmConnectionIterator{}
 	req = proto.Clone(req).(*kmspb.ListEkmConnectionsRequest)
@@ -539,9 +539,10 @@ func (c *ekmGRPCClient) ListEkmConnections(ctx context.Context, req *kmspb.ListE
 }
 
 func (c *ekmGRPCClient) GetEkmConnection(ctx context.Context, req *kmspb.GetEkmConnectionRequest, opts ...gax.CallOption) (*kmspb.EkmConnection, error) {
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
 
-	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
+	hds = append(c.xGoogHeaders, hds...)
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
 	opts = append((*c.CallOptions).GetEkmConnection[0:len((*c.CallOptions).GetEkmConnection):len((*c.CallOptions).GetEkmConnection)], opts...)
 	var resp *kmspb.EkmConnection
 	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
@@ -556,9 +557,10 @@ func (c *ekmGRPCClient) GetEkmConnection(ctx context.Context, req *kmspb.GetEkmC
 }
 
 func (c *ekmGRPCClient) CreateEkmConnection(ctx context.Context, req *kmspb.CreateEkmConnectionRequest, opts ...gax.CallOption) (*kmspb.EkmConnection, error) {
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent()))}
 
-	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
+	hds = append(c.xGoogHeaders, hds...)
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
 	opts = append((*c.CallOptions).CreateEkmConnection[0:len((*c.CallOptions).CreateEkmConnection):len((*c.CallOptions).CreateEkmConnection)], opts...)
 	var resp *kmspb.EkmConnection
 	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
@@ -573,9 +575,10 @@ func (c *ekmGRPCClient) CreateEkmConnection(ctx context.Context, req *kmspb.Crea
 }
 
 func (c *ekmGRPCClient) UpdateEkmConnection(ctx context.Context, req *kmspb.UpdateEkmConnectionRequest, opts ...gax.CallOption) (*kmspb.EkmConnection, error) {
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "ekm_connection.name", url.QueryEscape(req.GetEkmConnection().GetName())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "ekm_connection.name", url.QueryEscape(req.GetEkmConnection().GetName()))}
 
-	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
+	hds = append(c.xGoogHeaders, hds...)
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
 	opts = append((*c.CallOptions).UpdateEkmConnection[0:len((*c.CallOptions).UpdateEkmConnection):len((*c.CallOptions).UpdateEkmConnection)], opts...)
 	var resp *kmspb.EkmConnection
 	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
@@ -590,9 +593,10 @@ func (c *ekmGRPCClient) UpdateEkmConnection(ctx context.Context, req *kmspb.Upda
 }
 
 func (c *ekmGRPCClient) GetEkmConfig(ctx context.Context, req *kmspb.GetEkmConfigRequest, opts ...gax.CallOption) (*kmspb.EkmConfig, error) {
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
 
-	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
+	hds = append(c.xGoogHeaders, hds...)
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
 	opts = append((*c.CallOptions).GetEkmConfig[0:len((*c.CallOptions).GetEkmConfig):len((*c.CallOptions).GetEkmConfig)], opts...)
 	var resp *kmspb.EkmConfig
 	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
@@ -607,9 +611,10 @@ func (c *ekmGRPCClient) GetEkmConfig(ctx context.Context, req *kmspb.GetEkmConfi
 }
 
 func (c *ekmGRPCClient) UpdateEkmConfig(ctx context.Context, req *kmspb.UpdateEkmConfigRequest, opts ...gax.CallOption) (*kmspb.EkmConfig, error) {
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "ekm_config.name", url.QueryEscape(req.GetEkmConfig().GetName())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "ekm_config.name", url.QueryEscape(req.GetEkmConfig().GetName()))}
 
-	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
+	hds = append(c.xGoogHeaders, hds...)
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
 	opts = append((*c.CallOptions).UpdateEkmConfig[0:len((*c.CallOptions).UpdateEkmConfig):len((*c.CallOptions).UpdateEkmConfig)], opts...)
 	var resp *kmspb.EkmConfig
 	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
@@ -624,9 +629,10 @@ func (c *ekmGRPCClient) UpdateEkmConfig(ctx context.Context, req *kmspb.UpdateEk
 }
 
 func (c *ekmGRPCClient) VerifyConnectivity(ctx context.Context, req *kmspb.VerifyConnectivityRequest, opts ...gax.CallOption) (*kmspb.VerifyConnectivityResponse, error) {
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
 
-	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
+	hds = append(c.xGoogHeaders, hds...)
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
 	opts = append((*c.CallOptions).VerifyConnectivity[0:len((*c.CallOptions).VerifyConnectivity):len((*c.CallOptions).VerifyConnectivity)], opts...)
 	var resp *kmspb.VerifyConnectivityResponse
 	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
@@ -641,9 +647,10 @@ func (c *ekmGRPCClient) VerifyConnectivity(ctx context.Context, req *kmspb.Verif
 }
 
 func (c *ekmGRPCClient) GetLocation(ctx context.Context, req *locationpb.GetLocationRequest, opts ...gax.CallOption) (*locationpb.Location, error) {
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
 
-	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
+	hds = append(c.xGoogHeaders, hds...)
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
 	opts = append((*c.CallOptions).GetLocation[0:len((*c.CallOptions).GetLocation):len((*c.CallOptions).GetLocation)], opts...)
 	var resp *locationpb.Location
 	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
@@ -658,9 +665,10 @@ func (c *ekmGRPCClient) GetLocation(ctx context.Context, req *locationpb.GetLoca
 }
 
 func (c *ekmGRPCClient) ListLocations(ctx context.Context, req *locationpb.ListLocationsRequest, opts ...gax.CallOption) *LocationIterator {
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
 
-	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
+	hds = append(c.xGoogHeaders, hds...)
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
 	opts = append((*c.CallOptions).ListLocations[0:len((*c.CallOptions).ListLocations):len((*c.CallOptions).ListLocations)], opts...)
 	it := &LocationIterator{}
 	req = proto.Clone(req).(*locationpb.ListLocationsRequest)
@@ -703,9 +711,10 @@ func (c *ekmGRPCClient) ListLocations(ctx context.Context, req *locationpb.ListL
 }
 
 func (c *ekmGRPCClient) GetIamPolicy(ctx context.Context, req *iampb.GetIamPolicyRequest, opts ...gax.CallOption) (*iampb.Policy, error) {
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "resource", url.QueryEscape(req.GetResource())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "resource", url.QueryEscape(req.GetResource()))}
 
-	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
+	hds = append(c.xGoogHeaders, hds...)
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
 	opts = append((*c.CallOptions).GetIamPolicy[0:len((*c.CallOptions).GetIamPolicy):len((*c.CallOptions).GetIamPolicy)], opts...)
 	var resp *iampb.Policy
 	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
@@ -720,9 +729,10 @@ func (c *ekmGRPCClient) GetIamPolicy(ctx context.Context, req *iampb.GetIamPolic
 }
 
 func (c *ekmGRPCClient) SetIamPolicy(ctx context.Context, req *iampb.SetIamPolicyRequest, opts ...gax.CallOption) (*iampb.Policy, error) {
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "resource", url.QueryEscape(req.GetResource())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "resource", url.QueryEscape(req.GetResource()))}
 
-	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
+	hds = append(c.xGoogHeaders, hds...)
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
 	opts = append((*c.CallOptions).SetIamPolicy[0:len((*c.CallOptions).SetIamPolicy):len((*c.CallOptions).SetIamPolicy)], opts...)
 	var resp *iampb.Policy
 	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
@@ -737,9 +747,10 @@ func (c *ekmGRPCClient) SetIamPolicy(ctx context.Context, req *iampb.SetIamPolic
 }
 
 func (c *ekmGRPCClient) TestIamPermissions(ctx context.Context, req *iampb.TestIamPermissionsRequest, opts ...gax.CallOption) (*iampb.TestIamPermissionsResponse, error) {
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "resource", url.QueryEscape(req.GetResource())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "resource", url.QueryEscape(req.GetResource()))}
 
-	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
+	hds = append(c.xGoogHeaders, hds...)
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
 	opts = append((*c.CallOptions).TestIamPermissions[0:len((*c.CallOptions).TestIamPermissions):len((*c.CallOptions).TestIamPermissions)], opts...)
 	var resp *iampb.TestIamPermissionsResponse
 	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
@@ -792,7 +803,8 @@ func (c *ekmRESTClient) ListEkmConnections(ctx context.Context, req *kmspb.ListE
 		baseUrl.RawQuery = params.Encode()
 
 		// Build HTTP headers from client and context metadata.
-		headers := buildHeaders(ctx, c.xGoogMetadata, metadata.Pairs("Content-Type", "application/json"))
+		hds := append(c.xGoogHeaders, "Content-Type", "application/json")
+		headers := gax.BuildHeaders(ctx, hds...)
 		e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
 			if settings.Path != "" {
 				baseUrl.Path = settings.Path
@@ -862,9 +874,11 @@ func (c *ekmRESTClient) GetEkmConnection(ctx context.Context, req *kmspb.GetEkmC
 	baseUrl.RawQuery = params.Encode()
 
 	// Build HTTP headers from client and context metadata.
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
 
-	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	hds = append(c.xGoogHeaders, hds...)
+	hds = append(hds, "Content-Type", "application/json")
+	headers := gax.BuildHeaders(ctx, hds...)
 	opts = append((*c.CallOptions).GetEkmConnection[0:len((*c.CallOptions).GetEkmConnection):len((*c.CallOptions).GetEkmConnection)], opts...)
 	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
 	resp := &kmspb.EkmConnection{}
@@ -929,9 +943,11 @@ func (c *ekmRESTClient) CreateEkmConnection(ctx context.Context, req *kmspb.Crea
 	baseUrl.RawQuery = params.Encode()
 
 	// Build HTTP headers from client and context metadata.
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent()))}
 
-	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	hds = append(c.xGoogHeaders, hds...)
+	hds = append(hds, "Content-Type", "application/json")
+	headers := gax.BuildHeaders(ctx, hds...)
 	opts = append((*c.CallOptions).CreateEkmConnection[0:len((*c.CallOptions).CreateEkmConnection):len((*c.CallOptions).CreateEkmConnection)], opts...)
 	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
 	resp := &kmspb.EkmConnection{}
@@ -1001,9 +1017,11 @@ func (c *ekmRESTClient) UpdateEkmConnection(ctx context.Context, req *kmspb.Upda
 	baseUrl.RawQuery = params.Encode()
 
 	// Build HTTP headers from client and context metadata.
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "ekm_connection.name", url.QueryEscape(req.GetEkmConnection().GetName())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "ekm_connection.name", url.QueryEscape(req.GetEkmConnection().GetName()))}
 
-	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	hds = append(c.xGoogHeaders, hds...)
+	hds = append(hds, "Content-Type", "application/json")
+	headers := gax.BuildHeaders(ctx, hds...)
 	opts = append((*c.CallOptions).UpdateEkmConnection[0:len((*c.CallOptions).UpdateEkmConnection):len((*c.CallOptions).UpdateEkmConnection)], opts...)
 	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
 	resp := &kmspb.EkmConnection{}
@@ -1060,9 +1078,11 @@ func (c *ekmRESTClient) GetEkmConfig(ctx context.Context, req *kmspb.GetEkmConfi
 	baseUrl.RawQuery = params.Encode()
 
 	// Build HTTP headers from client and context metadata.
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
 
-	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	hds = append(c.xGoogHeaders, hds...)
+	hds = append(hds, "Content-Type", "application/json")
+	headers := gax.BuildHeaders(ctx, hds...)
 	opts = append((*c.CallOptions).GetEkmConfig[0:len((*c.CallOptions).GetEkmConfig):len((*c.CallOptions).GetEkmConfig)], opts...)
 	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
 	resp := &kmspb.EkmConfig{}
@@ -1133,9 +1153,11 @@ func (c *ekmRESTClient) UpdateEkmConfig(ctx context.Context, req *kmspb.UpdateEk
 	baseUrl.RawQuery = params.Encode()
 
 	// Build HTTP headers from client and context metadata.
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "ekm_config.name", url.QueryEscape(req.GetEkmConfig().GetName())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "ekm_config.name", url.QueryEscape(req.GetEkmConfig().GetName()))}
 
-	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	hds = append(c.xGoogHeaders, hds...)
+	hds = append(hds, "Content-Type", "application/json")
+	headers := gax.BuildHeaders(ctx, hds...)
 	opts = append((*c.CallOptions).UpdateEkmConfig[0:len((*c.CallOptions).UpdateEkmConfig):len((*c.CallOptions).UpdateEkmConfig)], opts...)
 	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
 	resp := &kmspb.EkmConfig{}
@@ -1195,9 +1217,11 @@ func (c *ekmRESTClient) VerifyConnectivity(ctx context.Context, req *kmspb.Verif
 	baseUrl.RawQuery = params.Encode()
 
 	// Build HTTP headers from client and context metadata.
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
 
-	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	hds = append(c.xGoogHeaders, hds...)
+	hds = append(hds, "Content-Type", "application/json")
+	headers := gax.BuildHeaders(ctx, hds...)
 	opts = append((*c.CallOptions).VerifyConnectivity[0:len((*c.CallOptions).VerifyConnectivity):len((*c.CallOptions).VerifyConnectivity)], opts...)
 	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
 	resp := &kmspb.VerifyConnectivityResponse{}
@@ -1253,9 +1277,11 @@ func (c *ekmRESTClient) GetLocation(ctx context.Context, req *locationpb.GetLoca
 	baseUrl.RawQuery = params.Encode()
 
 	// Build HTTP headers from client and context metadata.
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
 
-	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	hds = append(c.xGoogHeaders, hds...)
+	hds = append(hds, "Content-Type", "application/json")
+	headers := gax.BuildHeaders(ctx, hds...)
 	opts = append((*c.CallOptions).GetLocation[0:len((*c.CallOptions).GetLocation):len((*c.CallOptions).GetLocation)], opts...)
 	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
 	resp := &locationpb.Location{}
@@ -1333,7 +1359,8 @@ func (c *ekmRESTClient) ListLocations(ctx context.Context, req *locationpb.ListL
 		baseUrl.RawQuery = params.Encode()
 
 		// Build HTTP headers from client and context metadata.
-		headers := buildHeaders(ctx, c.xGoogMetadata, metadata.Pairs("Content-Type", "application/json"))
+		hds := append(c.xGoogHeaders, "Content-Type", "application/json")
+		headers := gax.BuildHeaders(ctx, hds...)
 		e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
 			if settings.Path != "" {
 				baseUrl.Path = settings.Path
@@ -1406,9 +1433,11 @@ func (c *ekmRESTClient) GetIamPolicy(ctx context.Context, req *iampb.GetIamPolic
 	baseUrl.RawQuery = params.Encode()
 
 	// Build HTTP headers from client and context metadata.
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "resource", url.QueryEscape(req.GetResource())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "resource", url.QueryEscape(req.GetResource()))}
 
-	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	hds = append(c.xGoogHeaders, hds...)
+	hds = append(hds, "Content-Type", "application/json")
+	headers := gax.BuildHeaders(ctx, hds...)
 	opts = append((*c.CallOptions).GetIamPolicy[0:len((*c.CallOptions).GetIamPolicy):len((*c.CallOptions).GetIamPolicy)], opts...)
 	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
 	resp := &iampb.Policy{}
@@ -1474,9 +1503,11 @@ func (c *ekmRESTClient) SetIamPolicy(ctx context.Context, req *iampb.SetIamPolic
 	baseUrl.RawQuery = params.Encode()
 
 	// Build HTTP headers from client and context metadata.
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "resource", url.QueryEscape(req.GetResource())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "resource", url.QueryEscape(req.GetResource()))}
 
-	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	hds = append(c.xGoogHeaders, hds...)
+	hds = append(hds, "Content-Type", "application/json")
+	headers := gax.BuildHeaders(ctx, hds...)
 	opts = append((*c.CallOptions).SetIamPolicy[0:len((*c.CallOptions).SetIamPolicy):len((*c.CallOptions).SetIamPolicy)], opts...)
 	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
 	resp := &iampb.Policy{}
@@ -1544,9 +1575,11 @@ func (c *ekmRESTClient) TestIamPermissions(ctx context.Context, req *iampb.TestI
 	baseUrl.RawQuery = params.Encode()
 
 	// Build HTTP headers from client and context metadata.
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "resource", url.QueryEscape(req.GetResource())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "resource", url.QueryEscape(req.GetResource()))}
 
-	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	hds = append(c.xGoogHeaders, hds...)
+	hds = append(hds, "Content-Type", "application/json")
+	headers := gax.BuildHeaders(ctx, hds...)
 	opts = append((*c.CallOptions).TestIamPermissions[0:len((*c.CallOptions).TestIamPermissions):len((*c.CallOptions).TestIamPermissions)], opts...)
 	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
 	resp := &iampb.TestIamPermissionsResponse{}
diff --git a/vendor/cloud.google.com/go/kms/apiv1/key_management_client.go b/vendor/cloud.google.com/go/kms/apiv1/key_management_client.go
index 0c52d061702..92293dc2957 100644
--- a/vendor/cloud.google.com/go/kms/apiv1/key_management_client.go
+++ b/vendor/cloud.google.com/go/kms/apiv1/key_management_client.go
@@ -38,7 +38,6 @@ import (
 	locationpb "google.golang.org/genproto/googleapis/cloud/location"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/metadata"
 	"google.golang.org/protobuf/encoding/protojson"
 	"google.golang.org/protobuf/proto"
 )
@@ -1115,7 +1114,7 @@ type keyManagementGRPCClient struct {
 	locationsClient locationpb.LocationsClient
 
 	// The x-goog-* metadata to be sent with each request.
-	xGoogMetadata metadata.MD
+	xGoogHeaders []string
 }
 
 // NewKeyManagementClient creates a new key management service client based on gRPC.
@@ -1180,7 +1179,7 @@ func (c *keyManagementGRPCClient) Connection() *grpc.ClientConn {
 func (c *keyManagementGRPCClient) setGoogleClientInfo(keyval ...string) {
 	kv := append([]string{"gl-go", gax.GoVersion}, keyval...)
 	kv = append(kv, "gapic", getVersionClient(), "gax", gax.Version, "grpc", grpc.Version)
-	c.xGoogMetadata = metadata.Pairs("x-goog-api-client", gax.XGoogHeader(kv...))
+	c.xGoogHeaders = []string{"x-goog-api-client", gax.XGoogHeader(kv...)}
 }
 
 // Close closes the connection to the API service. The user should invoke this when
@@ -1197,8 +1196,8 @@ type keyManagementRESTClient struct {
 	// The http client.
 	httpClient *http.Client
 
-	// The x-goog-* metadata to be sent with each request.
-	xGoogMetadata metadata.MD
+	// The x-goog-* headers to be sent with each request.
+	xGoogHeaders []string
 
 	// Points back to the CallOptions field of the containing KeyManagementClient
 	CallOptions **KeyManagementCallOptions
@@ -1254,7 +1253,7 @@ func defaultKeyManagementRESTClientOptions() []option.ClientOption {
 func (c *keyManagementRESTClient) setGoogleClientInfo(keyval ...string) {
 	kv := append([]string{"gl-go", gax.GoVersion}, keyval...)
 	kv = append(kv, "gapic", getVersionClient(), "gax", gax.Version, "rest", "UNKNOWN")
-	c.xGoogMetadata = metadata.Pairs("x-goog-api-client", gax.XGoogHeader(kv...))
+	c.xGoogHeaders = []string{"x-goog-api-client", gax.XGoogHeader(kv...)}
 }
 
 // Close closes the connection to the API service. The user should invoke this when
@@ -1272,9 +1271,10 @@ func (c *keyManagementRESTClient) Connection() *grpc.ClientConn {
 	return nil
 }
 func (c *keyManagementGRPCClient) ListKeyRings(ctx context.Context, req *kmspb.ListKeyRingsRequest, opts ...gax.CallOption) *KeyRingIterator {
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent()))}
 
-	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
+	hds = append(c.xGoogHeaders, hds...)
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
 	opts = append((*c.CallOptions).ListKeyRings[0:len((*c.CallOptions).ListKeyRings):len((*c.CallOptions).ListKeyRings)], opts...)
 	it := &KeyRingIterator{}
 	req = proto.Clone(req).(*kmspb.ListKeyRingsRequest)
@@ -1317,9 +1317,10 @@ func (c *keyManagementGRPCClient) ListKeyRings(ctx context.Context, req *kmspb.L
 }
 
 func (c *keyManagementGRPCClient) ListCryptoKeys(ctx context.Context, req *kmspb.ListCryptoKeysRequest, opts ...gax.CallOption) *CryptoKeyIterator {
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent()))}
 
-	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
+	hds = append(c.xGoogHeaders, hds...)
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
 	opts = append((*c.CallOptions).ListCryptoKeys[0:len((*c.CallOptions).ListCryptoKeys):len((*c.CallOptions).ListCryptoKeys)], opts...)
 	it := &CryptoKeyIterator{}
 	req = proto.Clone(req).(*kmspb.ListCryptoKeysRequest)
@@ -1362,9 +1363,10 @@ func (c *keyManagementGRPCClient) ListCryptoKeys(ctx context.Context, req *kmspb
 }
 
 func (c *keyManagementGRPCClient) ListCryptoKeyVersions(ctx context.Context, req *kmspb.ListCryptoKeyVersionsRequest, opts ...gax.CallOption) *CryptoKeyVersionIterator {
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent()))}
 
-	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
+	hds = append(c.xGoogHeaders, hds...)
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
 	opts = append((*c.CallOptions).ListCryptoKeyVersions[0:len((*c.CallOptions).ListCryptoKeyVersions):len((*c.CallOptions).ListCryptoKeyVersions)], opts...)
 	it := &CryptoKeyVersionIterator{}
 	req = proto.Clone(req).(*kmspb.ListCryptoKeyVersionsRequest)
@@ -1407,9 +1409,10 @@ func (c *keyManagementGRPCClient) ListCryptoKeyVersions(ctx context.Context, req
 }
 
 func (c *keyManagementGRPCClient) ListImportJobs(ctx context.Context, req *kmspb.ListImportJobsRequest, opts ...gax.CallOption) *ImportJobIterator {
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent()))}
 
-	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
+	hds = append(c.xGoogHeaders, hds...)
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
 	opts = append((*c.CallOptions).ListImportJobs[0:len((*c.CallOptions).ListImportJobs):len((*c.CallOptions).ListImportJobs)], opts...)
 	it := &ImportJobIterator{}
 	req = proto.Clone(req).(*kmspb.ListImportJobsRequest)
@@ -1452,9 +1455,10 @@ func (c *keyManagementGRPCClient) ListImportJobs(ctx context.Context, req *kmspb
 }
 
 func (c *keyManagementGRPCClient) GetKeyRing(ctx context.Context, req *kmspb.GetKeyRingRequest, opts ...gax.CallOption) (*kmspb.KeyRing, error) {
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
 
-	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
+	hds = append(c.xGoogHeaders, hds...)
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
 	opts = append((*c.CallOptions).GetKeyRing[0:len((*c.CallOptions).GetKeyRing):len((*c.CallOptions).GetKeyRing)], opts...)
 	var resp *kmspb.KeyRing
 	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
@@ -1469,9 +1473,10 @@ func (c *keyManagementGRPCClient) GetKeyRing(ctx context.Context, req *kmspb.Get
 }
 
 func (c *keyManagementGRPCClient) GetCryptoKey(ctx context.Context, req *kmspb.GetCryptoKeyRequest, opts ...gax.CallOption) (*kmspb.CryptoKey, error) {
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
 
-	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
+	hds = append(c.xGoogHeaders, hds...)
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
 	opts = append((*c.CallOptions).GetCryptoKey[0:len((*c.CallOptions).GetCryptoKey):len((*c.CallOptions).GetCryptoKey)], opts...)
 	var resp *kmspb.CryptoKey
 	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
@@ -1486,9 +1491,10 @@ func (c *keyManagementGRPCClient) GetCryptoKey(ctx context.Context, req *kmspb.G
 }
 
 func (c *keyManagementGRPCClient) GetCryptoKeyVersion(ctx context.Context, req *kmspb.GetCryptoKeyVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKeyVersion, error) {
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
 
-	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
+	hds = append(c.xGoogHeaders, hds...)
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
 	opts = append((*c.CallOptions).GetCryptoKeyVersion[0:len((*c.CallOptions).GetCryptoKeyVersion):len((*c.CallOptions).GetCryptoKeyVersion)], opts...)
 	var resp *kmspb.CryptoKeyVersion
 	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
@@ -1503,9 +1509,10 @@ func (c *keyManagementGRPCClient) GetCryptoKeyVersion(ctx context.Context, req *
 }
 
 func (c *keyManagementGRPCClient) GetPublicKey(ctx context.Context, req *kmspb.GetPublicKeyRequest, opts ...gax.CallOption) (*kmspb.PublicKey, error) {
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
 
-	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
+	hds = append(c.xGoogHeaders, hds...)
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
 	opts = append((*c.CallOptions).GetPublicKey[0:len((*c.CallOptions).GetPublicKey):len((*c.CallOptions).GetPublicKey)], opts...)
 	var resp *kmspb.PublicKey
 	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
@@ -1520,9 +1527,10 @@ func (c *keyManagementGRPCClient) GetPublicKey(ctx context.Context, req *kmspb.G
 }
 
 func (c *keyManagementGRPCClient) GetImportJob(ctx context.Context, req *kmspb.GetImportJobRequest, opts ...gax.CallOption) (*kmspb.ImportJob, error) {
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
 
-	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
+	hds = append(c.xGoogHeaders, hds...)
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
 	opts = append((*c.CallOptions).GetImportJob[0:len((*c.CallOptions).GetImportJob):len((*c.CallOptions).GetImportJob)], opts...)
 	var resp *kmspb.ImportJob
 	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
@@ -1537,9 +1545,10 @@ func (c *keyManagementGRPCClient) GetImportJob(ctx context.Context, req *kmspb.G
 }
 
 func (c *keyManagementGRPCClient) CreateKeyRing(ctx context.Context, req *kmspb.CreateKeyRingRequest, opts ...gax.CallOption) (*kmspb.KeyRing, error) {
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent()))}
 
-	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
+	hds = append(c.xGoogHeaders, hds...)
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
 	opts = append((*c.CallOptions).CreateKeyRing[0:len((*c.CallOptions).CreateKeyRing):len((*c.CallOptions).CreateKeyRing)], opts...)
 	var resp *kmspb.KeyRing
 	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
@@ -1554,9 +1563,10 @@ func (c *keyManagementGRPCClient) CreateKeyRing(ctx context.Context, req *kmspb.
 }
 
 func (c *keyManagementGRPCClient) CreateCryptoKey(ctx context.Context, req *kmspb.CreateCryptoKeyRequest, opts ...gax.CallOption) (*kmspb.CryptoKey, error) {
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent()))}
 
-	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
+	hds = append(c.xGoogHeaders, hds...)
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
 	opts = append((*c.CallOptions).CreateCryptoKey[0:len((*c.CallOptions).CreateCryptoKey):len((*c.CallOptions).CreateCryptoKey)], opts...)
 	var resp *kmspb.CryptoKey
 	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
@@ -1571,9 +1581,10 @@ func (c *keyManagementGRPCClient) CreateCryptoKey(ctx context.Context, req *kmsp
 }
 
 func (c *keyManagementGRPCClient) CreateCryptoKeyVersion(ctx context.Context, req *kmspb.CreateCryptoKeyVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKeyVersion, error) {
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent()))}
 
-	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
+	hds = append(c.xGoogHeaders, hds...)
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
 	opts = append((*c.CallOptions).CreateCryptoKeyVersion[0:len((*c.CallOptions).CreateCryptoKeyVersion):len((*c.CallOptions).CreateCryptoKeyVersion)], opts...)
 	var resp *kmspb.CryptoKeyVersion
 	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
@@ -1588,9 +1599,10 @@ func (c *keyManagementGRPCClient) CreateCryptoKeyVersion(ctx context.Context, re
 }
 
 func (c *keyManagementGRPCClient) ImportCryptoKeyVersion(ctx context.Context, req *kmspb.ImportCryptoKeyVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKeyVersion, error) {
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent()))}
 
-	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
+	hds = append(c.xGoogHeaders, hds...)
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
 	opts = append((*c.CallOptions).ImportCryptoKeyVersion[0:len((*c.CallOptions).ImportCryptoKeyVersion):len((*c.CallOptions).ImportCryptoKeyVersion)], opts...)
 	var resp *kmspb.CryptoKeyVersion
 	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
@@ -1605,9 +1617,10 @@ func (c *keyManagementGRPCClient) ImportCryptoKeyVersion(ctx context.Context, re
 }
 
 func (c *keyManagementGRPCClient) CreateImportJob(ctx context.Context, req *kmspb.CreateImportJobRequest, opts ...gax.CallOption) (*kmspb.ImportJob, error) {
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent()))}
 
-	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
+	hds = append(c.xGoogHeaders, hds...)
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
 	opts = append((*c.CallOptions).CreateImportJob[0:len((*c.CallOptions).CreateImportJob):len((*c.CallOptions).CreateImportJob)], opts...)
 	var resp *kmspb.ImportJob
 	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
@@ -1622,9 +1635,10 @@ func (c *keyManagementGRPCClient) CreateImportJob(ctx context.Context, req *kmsp
 }
 
 func (c *keyManagementGRPCClient) UpdateCryptoKey(ctx context.Context, req *kmspb.UpdateCryptoKeyRequest, opts ...gax.CallOption) (*kmspb.CryptoKey, error) {
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "crypto_key.name", url.QueryEscape(req.GetCryptoKey().GetName())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "crypto_key.name", url.QueryEscape(req.GetCryptoKey().GetName()))}
 
-	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
+	hds = append(c.xGoogHeaders, hds...)
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
 	opts = append((*c.CallOptions).UpdateCryptoKey[0:len((*c.CallOptions).UpdateCryptoKey):len((*c.CallOptions).UpdateCryptoKey)], opts...)
 	var resp *kmspb.CryptoKey
 	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
@@ -1639,9 +1653,10 @@ func (c *keyManagementGRPCClient) UpdateCryptoKey(ctx context.Context, req *kmsp
 }
 
 func (c *keyManagementGRPCClient) UpdateCryptoKeyVersion(ctx context.Context, req *kmspb.UpdateCryptoKeyVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKeyVersion, error) {
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "crypto_key_version.name", url.QueryEscape(req.GetCryptoKeyVersion().GetName())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "crypto_key_version.name", url.QueryEscape(req.GetCryptoKeyVersion().GetName()))}
 
-	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
+	hds = append(c.xGoogHeaders, hds...)
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
 	opts = append((*c.CallOptions).UpdateCryptoKeyVersion[0:len((*c.CallOptions).UpdateCryptoKeyVersion):len((*c.CallOptions).UpdateCryptoKeyVersion)], opts...)
 	var resp *kmspb.CryptoKeyVersion
 	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
@@ -1656,9 +1671,10 @@ func (c *keyManagementGRPCClient) UpdateCryptoKeyVersion(ctx context.Context, re
 }
 
 func (c *keyManagementGRPCClient) UpdateCryptoKeyPrimaryVersion(ctx context.Context, req *kmspb.UpdateCryptoKeyPrimaryVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKey, error) {
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
 
-	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
+	hds = append(c.xGoogHeaders, hds...)
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
 	opts = append((*c.CallOptions).UpdateCryptoKeyPrimaryVersion[0:len((*c.CallOptions).UpdateCryptoKeyPrimaryVersion):len((*c.CallOptions).UpdateCryptoKeyPrimaryVersion)], opts...)
 	var resp *kmspb.CryptoKey
 	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
@@ -1673,9 +1689,10 @@ func (c *keyManagementGRPCClient) UpdateCryptoKeyPrimaryVersion(ctx context.Cont
 }
 
 func (c *keyManagementGRPCClient) DestroyCryptoKeyVersion(ctx context.Context, req *kmspb.DestroyCryptoKeyVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKeyVersion, error) {
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
 
-	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
+	hds = append(c.xGoogHeaders, hds...)
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
 	opts = append((*c.CallOptions).DestroyCryptoKeyVersion[0:len((*c.CallOptions).DestroyCryptoKeyVersion):len((*c.CallOptions).DestroyCryptoKeyVersion)], opts...)
 	var resp *kmspb.CryptoKeyVersion
 	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
@@ -1690,9 +1707,10 @@ func (c *keyManagementGRPCClient) DestroyCryptoKeyVersion(ctx context.Context, r
 }
 
 func (c *keyManagementGRPCClient) RestoreCryptoKeyVersion(ctx context.Context, req *kmspb.RestoreCryptoKeyVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKeyVersion, error) {
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
 
-	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
+	hds = append(c.xGoogHeaders, hds...)
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
 	opts = append((*c.CallOptions).RestoreCryptoKeyVersion[0:len((*c.CallOptions).RestoreCryptoKeyVersion):len((*c.CallOptions).RestoreCryptoKeyVersion)], opts...)
 	var resp *kmspb.CryptoKeyVersion
 	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
@@ -1707,9 +1725,10 @@ func (c *keyManagementGRPCClient) RestoreCryptoKeyVersion(ctx context.Context, r
 }
 
 func (c *keyManagementGRPCClient) Encrypt(ctx context.Context, req *kmspb.EncryptRequest, opts ...gax.CallOption) (*kmspb.EncryptResponse, error) {
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
 
-	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
+	hds = append(c.xGoogHeaders, hds...)
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
 	opts = append((*c.CallOptions).Encrypt[0:len((*c.CallOptions).Encrypt):len((*c.CallOptions).Encrypt)], opts...)
 	var resp *kmspb.EncryptResponse
 	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
@@ -1724,9 +1743,10 @@ func (c *keyManagementGRPCClient) Encrypt(ctx context.Context, req *kmspb.Encryp
 }
 
 func (c *keyManagementGRPCClient) Decrypt(ctx context.Context, req *kmspb.DecryptRequest, opts ...gax.CallOption) (*kmspb.DecryptResponse, error) {
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
 
-	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
+	hds = append(c.xGoogHeaders, hds...)
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
 	opts = append((*c.CallOptions).Decrypt[0:len((*c.CallOptions).Decrypt):len((*c.CallOptions).Decrypt)], opts...)
 	var resp *kmspb.DecryptResponse
 	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
@@ -1741,9 +1761,10 @@ func (c *keyManagementGRPCClient) Decrypt(ctx context.Context, req *kmspb.Decryp
 }
 
 func (c *keyManagementGRPCClient) RawEncrypt(ctx context.Context, req *kmspb.RawEncryptRequest, opts ...gax.CallOption) (*kmspb.RawEncryptResponse, error) {
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
 
-	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
+	hds = append(c.xGoogHeaders, hds...)
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
 	opts = append((*c.CallOptions).RawEncrypt[0:len((*c.CallOptions).RawEncrypt):len((*c.CallOptions).RawEncrypt)], opts...)
 	var resp *kmspb.RawEncryptResponse
 	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
@@ -1758,9 +1779,10 @@ func (c *keyManagementGRPCClient) RawEncrypt(ctx context.Context, req *kmspb.Raw
 }
 
 func (c *keyManagementGRPCClient) RawDecrypt(ctx context.Context, req *kmspb.RawDecryptRequest, opts ...gax.CallOption) (*kmspb.RawDecryptResponse, error) {
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
 
-	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
+	hds = append(c.xGoogHeaders, hds...)
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
 	opts = append((*c.CallOptions).RawDecrypt[0:len((*c.CallOptions).RawDecrypt):len((*c.CallOptions).RawDecrypt)], opts...)
 	var resp *kmspb.RawDecryptResponse
 	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
@@ -1775,9 +1797,10 @@ func (c *keyManagementGRPCClient) RawDecrypt(ctx context.Context, req *kmspb.Raw
 }
 
 func (c *keyManagementGRPCClient) AsymmetricSign(ctx context.Context, req *kmspb.AsymmetricSignRequest, opts ...gax.CallOption) (*kmspb.AsymmetricSignResponse, error) {
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
 
-	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
+	hds = append(c.xGoogHeaders, hds...)
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
 	opts = append((*c.CallOptions).AsymmetricSign[0:len((*c.CallOptions).AsymmetricSign):len((*c.CallOptions).AsymmetricSign)], opts...)
 	var resp *kmspb.AsymmetricSignResponse
 	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
@@ -1792,9 +1815,10 @@ func (c *keyManagementGRPCClient) AsymmetricSign(ctx context.Context, req *kmspb
 }
 
 func (c *keyManagementGRPCClient) AsymmetricDecrypt(ctx context.Context, req *kmspb.AsymmetricDecryptRequest, opts ...gax.CallOption) (*kmspb.AsymmetricDecryptResponse, error) {
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
 
-	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
+	hds = append(c.xGoogHeaders, hds...)
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
 	opts = append((*c.CallOptions).AsymmetricDecrypt[0:len((*c.CallOptions).AsymmetricDecrypt):len((*c.CallOptions).AsymmetricDecrypt)], opts...)
 	var resp *kmspb.AsymmetricDecryptResponse
 	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
@@ -1809,9 +1833,10 @@ func (c *keyManagementGRPCClient) AsymmetricDecrypt(ctx context.Context, req *km
 }
 
 func (c *keyManagementGRPCClient) MacSign(ctx context.Context, req *kmspb.MacSignRequest, opts ...gax.CallOption) (*kmspb.MacSignResponse, error) {
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
 
-	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
+	hds = append(c.xGoogHeaders, hds...)
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
 	opts = append((*c.CallOptions).MacSign[0:len((*c.CallOptions).MacSign):len((*c.CallOptions).MacSign)], opts...)
 	var resp *kmspb.MacSignResponse
 	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
@@ -1826,9 +1851,10 @@ func (c *keyManagementGRPCClient) MacSign(ctx context.Context, req *kmspb.MacSig
 }
 
 func (c *keyManagementGRPCClient) MacVerify(ctx context.Context, req *kmspb.MacVerifyRequest, opts ...gax.CallOption) (*kmspb.MacVerifyResponse, error) {
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
 
-	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
+	hds = append(c.xGoogHeaders, hds...)
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
 	opts = append((*c.CallOptions).MacVerify[0:len((*c.CallOptions).MacVerify):len((*c.CallOptions).MacVerify)], opts...)
 	var resp *kmspb.MacVerifyResponse
 	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
@@ -1843,9 +1869,10 @@ func (c *keyManagementGRPCClient) MacVerify(ctx context.Context, req *kmspb.MacV
 }
 
 func (c *keyManagementGRPCClient) GenerateRandomBytes(ctx context.Context, req *kmspb.GenerateRandomBytesRequest, opts ...gax.CallOption) (*kmspb.GenerateRandomBytesResponse, error) {
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "location", url.QueryEscape(req.GetLocation())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "location", url.QueryEscape(req.GetLocation()))}
 
-	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
+	hds = append(c.xGoogHeaders, hds...)
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
 	opts = append((*c.CallOptions).GenerateRandomBytes[0:len((*c.CallOptions).GenerateRandomBytes):len((*c.CallOptions).GenerateRandomBytes)], opts...)
 	var resp *kmspb.GenerateRandomBytesResponse
 	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
@@ -1860,9 +1887,10 @@ func (c *keyManagementGRPCClient) GenerateRandomBytes(ctx context.Context, req *
 }
 
 func (c *keyManagementGRPCClient) GetLocation(ctx context.Context, req *locationpb.GetLocationRequest, opts ...gax.CallOption) (*locationpb.Location, error) {
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
 
-	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
+	hds = append(c.xGoogHeaders, hds...)
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
 	opts = append((*c.CallOptions).GetLocation[0:len((*c.CallOptions).GetLocation):len((*c.CallOptions).GetLocation)], opts...)
 	var resp *locationpb.Location
 	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
@@ -1877,9 +1905,10 @@ func (c *keyManagementGRPCClient) GetLocation(ctx context.Context, req *location
 }
 
 func (c *keyManagementGRPCClient) ListLocations(ctx context.Context, req *locationpb.ListLocationsRequest, opts ...gax.CallOption) *LocationIterator {
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
 
-	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
+	hds = append(c.xGoogHeaders, hds...)
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
 	opts = append((*c.CallOptions).ListLocations[0:len((*c.CallOptions).ListLocations):len((*c.CallOptions).ListLocations)], opts...)
 	it := &LocationIterator{}
 	req = proto.Clone(req).(*locationpb.ListLocationsRequest)
@@ -1922,9 +1951,10 @@ func (c *keyManagementGRPCClient) ListLocations(ctx context.Context, req *locati
 }
 
 func (c *keyManagementGRPCClient) GetIamPolicy(ctx context.Context, req *iampb.GetIamPolicyRequest, opts ...gax.CallOption) (*iampb.Policy, error) {
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "resource", url.QueryEscape(req.GetResource())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "resource", url.QueryEscape(req.GetResource()))}
 
-	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
+	hds = append(c.xGoogHeaders, hds...)
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
 	opts = append((*c.CallOptions).GetIamPolicy[0:len((*c.CallOptions).GetIamPolicy):len((*c.CallOptions).GetIamPolicy)], opts...)
 	var resp *iampb.Policy
 	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
@@ -1939,9 +1969,10 @@ func (c *keyManagementGRPCClient) GetIamPolicy(ctx context.Context, req *iampb.G
 }
 
 func (c *keyManagementGRPCClient) SetIamPolicy(ctx context.Context, req *iampb.SetIamPolicyRequest, opts ...gax.CallOption) (*iampb.Policy, error) {
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "resource", url.QueryEscape(req.GetResource())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "resource", url.QueryEscape(req.GetResource()))}
 
-	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
+	hds = append(c.xGoogHeaders, hds...)
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
 	opts = append((*c.CallOptions).SetIamPolicy[0:len((*c.CallOptions).SetIamPolicy):len((*c.CallOptions).SetIamPolicy)], opts...)
 	var resp *iampb.Policy
 	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
@@ -1956,9 +1987,10 @@ func (c *keyManagementGRPCClient) SetIamPolicy(ctx context.Context, req *iampb.S
 }
 
 func (c *keyManagementGRPCClient) TestIamPermissions(ctx context.Context, req *iampb.TestIamPermissionsRequest, opts ...gax.CallOption) (*iampb.TestIamPermissionsResponse, error) {
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "resource", url.QueryEscape(req.GetResource())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "resource", url.QueryEscape(req.GetResource()))}
 
-	ctx = insertMetadata(ctx, c.xGoogMetadata, md)
+	hds = append(c.xGoogHeaders, hds...)
+	ctx = gax.InsertMetadataIntoOutgoingContext(ctx, hds...)
 	opts = append((*c.CallOptions).TestIamPermissions[0:len((*c.CallOptions).TestIamPermissions):len((*c.CallOptions).TestIamPermissions)], opts...)
 	var resp *iampb.TestIamPermissionsResponse
 	err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
@@ -2011,7 +2043,8 @@ func (c *keyManagementRESTClient) ListKeyRings(ctx context.Context, req *kmspb.L
 		baseUrl.RawQuery = params.Encode()
 
 		// Build HTTP headers from client and context metadata.
-		headers := buildHeaders(ctx, c.xGoogMetadata, metadata.Pairs("Content-Type", "application/json"))
+		hds := append(c.xGoogHeaders, "Content-Type", "application/json")
+		headers := gax.BuildHeaders(ctx, hds...)
 		e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
 			if settings.Path != "" {
 				baseUrl.Path = settings.Path
@@ -2108,7 +2141,8 @@ func (c *keyManagementRESTClient) ListCryptoKeys(ctx context.Context, req *kmspb
 		baseUrl.RawQuery = params.Encode()
 
 		// Build HTTP headers from client and context metadata.
-		headers := buildHeaders(ctx, c.xGoogMetadata, metadata.Pairs("Content-Type", "application/json"))
+		hds := append(c.xGoogHeaders, "Content-Type", "application/json")
+		headers := gax.BuildHeaders(ctx, hds...)
 		e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
 			if settings.Path != "" {
 				baseUrl.Path = settings.Path
@@ -2205,7 +2239,8 @@ func (c *keyManagementRESTClient) ListCryptoKeyVersions(ctx context.Context, req
 		baseUrl.RawQuery = params.Encode()
 
 		// Build HTTP headers from client and context metadata.
-		headers := buildHeaders(ctx, c.xGoogMetadata, metadata.Pairs("Content-Type", "application/json"))
+		hds := append(c.xGoogHeaders, "Content-Type", "application/json")
+		headers := gax.BuildHeaders(ctx, hds...)
 		e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
 			if settings.Path != "" {
 				baseUrl.Path = settings.Path
@@ -2299,7 +2334,8 @@ func (c *keyManagementRESTClient) ListImportJobs(ctx context.Context, req *kmspb
 		baseUrl.RawQuery = params.Encode()
 
 		// Build HTTP headers from client and context metadata.
-		headers := buildHeaders(ctx, c.xGoogMetadata, metadata.Pairs("Content-Type", "application/json"))
+		hds := append(c.xGoogHeaders, "Content-Type", "application/json")
+		headers := gax.BuildHeaders(ctx, hds...)
 		e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
 			if settings.Path != "" {
 				baseUrl.Path = settings.Path
@@ -2368,9 +2404,11 @@ func (c *keyManagementRESTClient) GetKeyRing(ctx context.Context, req *kmspb.Get
 	baseUrl.RawQuery = params.Encode()
 
 	// Build HTTP headers from client and context metadata.
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
 
-	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	hds = append(c.xGoogHeaders, hds...)
+	hds = append(hds, "Content-Type", "application/json")
+	headers := gax.BuildHeaders(ctx, hds...)
 	opts = append((*c.CallOptions).GetKeyRing[0:len((*c.CallOptions).GetKeyRing):len((*c.CallOptions).GetKeyRing)], opts...)
 	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
 	resp := &kmspb.KeyRing{}
@@ -2428,9 +2466,11 @@ func (c *keyManagementRESTClient) GetCryptoKey(ctx context.Context, req *kmspb.G
 	baseUrl.RawQuery = params.Encode()
 
 	// Build HTTP headers from client and context metadata.
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
 
-	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	hds = append(c.xGoogHeaders, hds...)
+	hds = append(hds, "Content-Type", "application/json")
+	headers := gax.BuildHeaders(ctx, hds...)
 	opts = append((*c.CallOptions).GetCryptoKey[0:len((*c.CallOptions).GetCryptoKey):len((*c.CallOptions).GetCryptoKey)], opts...)
 	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
 	resp := &kmspb.CryptoKey{}
@@ -2487,9 +2527,11 @@ func (c *keyManagementRESTClient) GetCryptoKeyVersion(ctx context.Context, req *
 	baseUrl.RawQuery = params.Encode()
 
 	// Build HTTP headers from client and context metadata.
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
 
-	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	hds = append(c.xGoogHeaders, hds...)
+	hds = append(hds, "Content-Type", "application/json")
+	headers := gax.BuildHeaders(ctx, hds...)
 	opts = append((*c.CallOptions).GetCryptoKeyVersion[0:len((*c.CallOptions).GetCryptoKeyVersion):len((*c.CallOptions).GetCryptoKeyVersion)], opts...)
 	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
 	resp := &kmspb.CryptoKeyVersion{}
@@ -2550,9 +2592,11 @@ func (c *keyManagementRESTClient) GetPublicKey(ctx context.Context, req *kmspb.G
 	baseUrl.RawQuery = params.Encode()
 
 	// Build HTTP headers from client and context metadata.
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
 
-	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	hds = append(c.xGoogHeaders, hds...)
+	hds = append(hds, "Content-Type", "application/json")
+	headers := gax.BuildHeaders(ctx, hds...)
 	opts = append((*c.CallOptions).GetPublicKey[0:len((*c.CallOptions).GetPublicKey):len((*c.CallOptions).GetPublicKey)], opts...)
 	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
 	resp := &kmspb.PublicKey{}
@@ -2608,9 +2652,11 @@ func (c *keyManagementRESTClient) GetImportJob(ctx context.Context, req *kmspb.G
 	baseUrl.RawQuery = params.Encode()
 
 	// Build HTTP headers from client and context metadata.
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
 
-	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	hds = append(c.xGoogHeaders, hds...)
+	hds = append(hds, "Content-Type", "application/json")
+	headers := gax.BuildHeaders(ctx, hds...)
 	opts = append((*c.CallOptions).GetImportJob[0:len((*c.CallOptions).GetImportJob):len((*c.CallOptions).GetImportJob)], opts...)
 	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
 	resp := &kmspb.ImportJob{}
@@ -2675,9 +2721,11 @@ func (c *keyManagementRESTClient) CreateKeyRing(ctx context.Context, req *kmspb.
 	baseUrl.RawQuery = params.Encode()
 
 	// Build HTTP headers from client and context metadata.
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent()))}
 
-	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	hds = append(c.xGoogHeaders, hds...)
+	hds = append(hds, "Content-Type", "application/json")
+	headers := gax.BuildHeaders(ctx, hds...)
 	opts = append((*c.CallOptions).CreateKeyRing[0:len((*c.CallOptions).CreateKeyRing):len((*c.CallOptions).CreateKeyRing)], opts...)
 	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
 	resp := &kmspb.KeyRing{}
@@ -2749,9 +2797,11 @@ func (c *keyManagementRESTClient) CreateCryptoKey(ctx context.Context, req *kmsp
 	baseUrl.RawQuery = params.Encode()
 
 	// Build HTTP headers from client and context metadata.
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent()))}
 
-	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	hds = append(c.xGoogHeaders, hds...)
+	hds = append(hds, "Content-Type", "application/json")
+	headers := gax.BuildHeaders(ctx, hds...)
 	opts = append((*c.CallOptions).CreateCryptoKey[0:len((*c.CallOptions).CreateCryptoKey):len((*c.CallOptions).CreateCryptoKey)], opts...)
 	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
 	resp := &kmspb.CryptoKey{}
@@ -2819,9 +2869,11 @@ func (c *keyManagementRESTClient) CreateCryptoKeyVersion(ctx context.Context, re
 	baseUrl.RawQuery = params.Encode()
 
 	// Build HTTP headers from client and context metadata.
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent()))}
 
-	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	hds = append(c.xGoogHeaders, hds...)
+	hds = append(hds, "Content-Type", "application/json")
+	headers := gax.BuildHeaders(ctx, hds...)
 	opts = append((*c.CallOptions).CreateCryptoKeyVersion[0:len((*c.CallOptions).CreateCryptoKeyVersion):len((*c.CallOptions).CreateCryptoKeyVersion)], opts...)
 	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
 	resp := &kmspb.CryptoKeyVersion{}
@@ -2890,9 +2942,11 @@ func (c *keyManagementRESTClient) ImportCryptoKeyVersion(ctx context.Context, re
 	baseUrl.RawQuery = params.Encode()
 
 	// Build HTTP headers from client and context metadata.
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent()))}
 
-	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	hds = append(c.xGoogHeaders, hds...)
+	hds = append(hds, "Content-Type", "application/json")
+	headers := gax.BuildHeaders(ctx, hds...)
 	opts = append((*c.CallOptions).ImportCryptoKeyVersion[0:len((*c.CallOptions).ImportCryptoKeyVersion):len((*c.CallOptions).ImportCryptoKeyVersion)], opts...)
 	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
 	resp := &kmspb.CryptoKeyVersion{}
@@ -2960,9 +3014,11 @@ func (c *keyManagementRESTClient) CreateImportJob(ctx context.Context, req *kmsp
 	baseUrl.RawQuery = params.Encode()
 
 	// Build HTTP headers from client and context metadata.
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent()))}
 
-	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	hds = append(c.xGoogHeaders, hds...)
+	hds = append(hds, "Content-Type", "application/json")
+	headers := gax.BuildHeaders(ctx, hds...)
 	opts = append((*c.CallOptions).CreateImportJob[0:len((*c.CallOptions).CreateImportJob):len((*c.CallOptions).CreateImportJob)], opts...)
 	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
 	resp := &kmspb.ImportJob{}
@@ -3032,9 +3088,11 @@ func (c *keyManagementRESTClient) UpdateCryptoKey(ctx context.Context, req *kmsp
 	baseUrl.RawQuery = params.Encode()
 
 	// Build HTTP headers from client and context metadata.
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "crypto_key.name", url.QueryEscape(req.GetCryptoKey().GetName())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "crypto_key.name", url.QueryEscape(req.GetCryptoKey().GetName()))}
 
-	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	hds = append(c.xGoogHeaders, hds...)
+	hds = append(hds, "Content-Type", "application/json")
+	headers := gax.BuildHeaders(ctx, hds...)
 	opts = append((*c.CallOptions).UpdateCryptoKey[0:len((*c.CallOptions).UpdateCryptoKey):len((*c.CallOptions).UpdateCryptoKey)], opts...)
 	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
 	resp := &kmspb.CryptoKey{}
@@ -3115,9 +3173,11 @@ func (c *keyManagementRESTClient) UpdateCryptoKeyVersion(ctx context.Context, re
 	baseUrl.RawQuery = params.Encode()
 
 	// Build HTTP headers from client and context metadata.
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "crypto_key_version.name", url.QueryEscape(req.GetCryptoKeyVersion().GetName())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "crypto_key_version.name", url.QueryEscape(req.GetCryptoKeyVersion().GetName()))}
 
-	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	hds = append(c.xGoogHeaders, hds...)
+	hds = append(hds, "Content-Type", "application/json")
+	headers := gax.BuildHeaders(ctx, hds...)
 	opts = append((*c.CallOptions).UpdateCryptoKeyVersion[0:len((*c.CallOptions).UpdateCryptoKeyVersion):len((*c.CallOptions).UpdateCryptoKeyVersion)], opts...)
 	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
 	resp := &kmspb.CryptoKeyVersion{}
@@ -3184,9 +3244,11 @@ func (c *keyManagementRESTClient) UpdateCryptoKeyPrimaryVersion(ctx context.Cont
 	baseUrl.RawQuery = params.Encode()
 
 	// Build HTTP headers from client and context metadata.
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
 
-	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	hds = append(c.xGoogHeaders, hds...)
+	hds = append(hds, "Content-Type", "application/json")
+	headers := gax.BuildHeaders(ctx, hds...)
 	opts = append((*c.CallOptions).UpdateCryptoKeyPrimaryVersion[0:len((*c.CallOptions).UpdateCryptoKeyPrimaryVersion):len((*c.CallOptions).UpdateCryptoKeyPrimaryVersion)], opts...)
 	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
 	resp := &kmspb.CryptoKey{}
@@ -3268,9 +3330,11 @@ func (c *keyManagementRESTClient) DestroyCryptoKeyVersion(ctx context.Context, r
 	baseUrl.RawQuery = params.Encode()
 
 	// Build HTTP headers from client and context metadata.
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
 
-	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	hds = append(c.xGoogHeaders, hds...)
+	hds = append(hds, "Content-Type", "application/json")
+	headers := gax.BuildHeaders(ctx, hds...)
 	opts = append((*c.CallOptions).DestroyCryptoKeyVersion[0:len((*c.CallOptions).DestroyCryptoKeyVersion):len((*c.CallOptions).DestroyCryptoKeyVersion)], opts...)
 	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
 	resp := &kmspb.CryptoKeyVersion{}
@@ -3340,9 +3404,11 @@ func (c *keyManagementRESTClient) RestoreCryptoKeyVersion(ctx context.Context, r
 	baseUrl.RawQuery = params.Encode()
 
 	// Build HTTP headers from client and context metadata.
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
 
-	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	hds = append(c.xGoogHeaders, hds...)
+	hds = append(hds, "Content-Type", "application/json")
+	headers := gax.BuildHeaders(ctx, hds...)
 	opts = append((*c.CallOptions).RestoreCryptoKeyVersion[0:len((*c.CallOptions).RestoreCryptoKeyVersion):len((*c.CallOptions).RestoreCryptoKeyVersion)], opts...)
 	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
 	resp := &kmspb.CryptoKeyVersion{}
@@ -3407,9 +3473,11 @@ func (c *keyManagementRESTClient) Encrypt(ctx context.Context, req *kmspb.Encryp
 	baseUrl.RawQuery = params.Encode()
 
 	// Build HTTP headers from client and context metadata.
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
 
-	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	hds = append(c.xGoogHeaders, hds...)
+	hds = append(hds, "Content-Type", "application/json")
+	headers := gax.BuildHeaders(ctx, hds...)
 	opts = append((*c.CallOptions).Encrypt[0:len((*c.CallOptions).Encrypt):len((*c.CallOptions).Encrypt)], opts...)
 	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
 	resp := &kmspb.EncryptResponse{}
@@ -3474,9 +3542,11 @@ func (c *keyManagementRESTClient) Decrypt(ctx context.Context, req *kmspb.Decryp
 	baseUrl.RawQuery = params.Encode()
 
 	// Build HTTP headers from client and context metadata.
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
 
-	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	hds = append(c.xGoogHeaders, hds...)
+	hds = append(hds, "Content-Type", "application/json")
+	headers := gax.BuildHeaders(ctx, hds...)
 	opts = append((*c.CallOptions).Decrypt[0:len((*c.CallOptions).Decrypt):len((*c.CallOptions).Decrypt)], opts...)
 	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
 	resp := &kmspb.DecryptResponse{}
@@ -3543,9 +3613,11 @@ func (c *keyManagementRESTClient) RawEncrypt(ctx context.Context, req *kmspb.Raw
 	baseUrl.RawQuery = params.Encode()
 
 	// Build HTTP headers from client and context metadata.
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
 
-	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	hds = append(c.xGoogHeaders, hds...)
+	hds = append(hds, "Content-Type", "application/json")
+	headers := gax.BuildHeaders(ctx, hds...)
 	opts = append((*c.CallOptions).RawEncrypt[0:len((*c.CallOptions).RawEncrypt):len((*c.CallOptions).RawEncrypt)], opts...)
 	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
 	resp := &kmspb.RawEncryptResponse{}
@@ -3610,9 +3682,11 @@ func (c *keyManagementRESTClient) RawDecrypt(ctx context.Context, req *kmspb.Raw
 	baseUrl.RawQuery = params.Encode()
 
 	// Build HTTP headers from client and context metadata.
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
 
-	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	hds = append(c.xGoogHeaders, hds...)
+	hds = append(hds, "Content-Type", "application/json")
+	headers := gax.BuildHeaders(ctx, hds...)
 	opts = append((*c.CallOptions).RawDecrypt[0:len((*c.CallOptions).RawDecrypt):len((*c.CallOptions).RawDecrypt)], opts...)
 	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
 	resp := &kmspb.RawDecryptResponse{}
@@ -3678,9 +3752,11 @@ func (c *keyManagementRESTClient) AsymmetricSign(ctx context.Context, req *kmspb
 	baseUrl.RawQuery = params.Encode()
 
 	// Build HTTP headers from client and context metadata.
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
 
-	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	hds = append(c.xGoogHeaders, hds...)
+	hds = append(hds, "Content-Type", "application/json")
+	headers := gax.BuildHeaders(ctx, hds...)
 	opts = append((*c.CallOptions).AsymmetricSign[0:len((*c.CallOptions).AsymmetricSign):len((*c.CallOptions).AsymmetricSign)], opts...)
 	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
 	resp := &kmspb.AsymmetricSignResponse{}
@@ -3746,9 +3822,11 @@ func (c *keyManagementRESTClient) AsymmetricDecrypt(ctx context.Context, req *km
 	baseUrl.RawQuery = params.Encode()
 
 	// Build HTTP headers from client and context metadata.
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
 
-	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	hds = append(c.xGoogHeaders, hds...)
+	hds = append(hds, "Content-Type", "application/json")
+	headers := gax.BuildHeaders(ctx, hds...)
 	opts = append((*c.CallOptions).AsymmetricDecrypt[0:len((*c.CallOptions).AsymmetricDecrypt):len((*c.CallOptions).AsymmetricDecrypt)], opts...)
 	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
 	resp := &kmspb.AsymmetricDecryptResponse{}
@@ -3812,9 +3890,11 @@ func (c *keyManagementRESTClient) MacSign(ctx context.Context, req *kmspb.MacSig
 	baseUrl.RawQuery = params.Encode()
 
 	// Build HTTP headers from client and context metadata.
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
 
-	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	hds = append(c.xGoogHeaders, hds...)
+	hds = append(hds, "Content-Type", "application/json")
+	headers := gax.BuildHeaders(ctx, hds...)
 	opts = append((*c.CallOptions).MacSign[0:len((*c.CallOptions).MacSign):len((*c.CallOptions).MacSign)], opts...)
 	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
 	resp := &kmspb.MacSignResponse{}
@@ -3879,9 +3959,11 @@ func (c *keyManagementRESTClient) MacVerify(ctx context.Context, req *kmspb.MacV
 	baseUrl.RawQuery = params.Encode()
 
 	// Build HTTP headers from client and context metadata.
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
 
-	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	hds = append(c.xGoogHeaders, hds...)
+	hds = append(hds, "Content-Type", "application/json")
+	headers := gax.BuildHeaders(ctx, hds...)
 	opts = append((*c.CallOptions).MacVerify[0:len((*c.CallOptions).MacVerify):len((*c.CallOptions).MacVerify)], opts...)
 	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
 	resp := &kmspb.MacVerifyResponse{}
@@ -3944,9 +4026,11 @@ func (c *keyManagementRESTClient) GenerateRandomBytes(ctx context.Context, req *
 	baseUrl.RawQuery = params.Encode()
 
 	// Build HTTP headers from client and context metadata.
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "location", url.QueryEscape(req.GetLocation())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "location", url.QueryEscape(req.GetLocation()))}
 
-	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	hds = append(c.xGoogHeaders, hds...)
+	hds = append(hds, "Content-Type", "application/json")
+	headers := gax.BuildHeaders(ctx, hds...)
 	opts = append((*c.CallOptions).GenerateRandomBytes[0:len((*c.CallOptions).GenerateRandomBytes):len((*c.CallOptions).GenerateRandomBytes)], opts...)
 	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
 	resp := &kmspb.GenerateRandomBytesResponse{}
@@ -4002,9 +4086,11 @@ func (c *keyManagementRESTClient) GetLocation(ctx context.Context, req *location
 	baseUrl.RawQuery = params.Encode()
 
 	// Build HTTP headers from client and context metadata.
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))}
 
-	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	hds = append(c.xGoogHeaders, hds...)
+	hds = append(hds, "Content-Type", "application/json")
+	headers := gax.BuildHeaders(ctx, hds...)
 	opts = append((*c.CallOptions).GetLocation[0:len((*c.CallOptions).GetLocation):len((*c.CallOptions).GetLocation)], opts...)
 	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
 	resp := &locationpb.Location{}
@@ -4082,7 +4168,8 @@ func (c *keyManagementRESTClient) ListLocations(ctx context.Context, req *locati
 		baseUrl.RawQuery = params.Encode()
 
 		// Build HTTP headers from client and context metadata.
-		headers := buildHeaders(ctx, c.xGoogMetadata, metadata.Pairs("Content-Type", "application/json"))
+		hds := append(c.xGoogHeaders, "Content-Type", "application/json")
+		headers := gax.BuildHeaders(ctx, hds...)
 		e := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
 			if settings.Path != "" {
 				baseUrl.Path = settings.Path
@@ -4155,9 +4242,11 @@ func (c *keyManagementRESTClient) GetIamPolicy(ctx context.Context, req *iampb.G
 	baseUrl.RawQuery = params.Encode()
 
 	// Build HTTP headers from client and context metadata.
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "resource", url.QueryEscape(req.GetResource())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "resource", url.QueryEscape(req.GetResource()))}
 
-	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	hds = append(c.xGoogHeaders, hds...)
+	hds = append(hds, "Content-Type", "application/json")
+	headers := gax.BuildHeaders(ctx, hds...)
 	opts = append((*c.CallOptions).GetIamPolicy[0:len((*c.CallOptions).GetIamPolicy):len((*c.CallOptions).GetIamPolicy)], opts...)
 	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
 	resp := &iampb.Policy{}
@@ -4223,9 +4312,11 @@ func (c *keyManagementRESTClient) SetIamPolicy(ctx context.Context, req *iampb.S
 	baseUrl.RawQuery = params.Encode()
 
 	// Build HTTP headers from client and context metadata.
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "resource", url.QueryEscape(req.GetResource())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "resource", url.QueryEscape(req.GetResource()))}
 
-	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	hds = append(c.xGoogHeaders, hds...)
+	hds = append(hds, "Content-Type", "application/json")
+	headers := gax.BuildHeaders(ctx, hds...)
 	opts = append((*c.CallOptions).SetIamPolicy[0:len((*c.CallOptions).SetIamPolicy):len((*c.CallOptions).SetIamPolicy)], opts...)
 	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
 	resp := &iampb.Policy{}
@@ -4293,9 +4384,11 @@ func (c *keyManagementRESTClient) TestIamPermissions(ctx context.Context, req *i
 	baseUrl.RawQuery = params.Encode()
 
 	// Build HTTP headers from client and context metadata.
-	md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "resource", url.QueryEscape(req.GetResource())))
+	hds := []string{"x-goog-request-params", fmt.Sprintf("%s=%v", "resource", url.QueryEscape(req.GetResource()))}
 
-	headers := buildHeaders(ctx, c.xGoogMetadata, md, metadata.Pairs("Content-Type", "application/json"))
+	hds = append(c.xGoogHeaders, hds...)
+	hds = append(hds, "Content-Type", "application/json")
+	headers := gax.BuildHeaders(ctx, hds...)
 	opts = append((*c.CallOptions).TestIamPermissions[0:len((*c.CallOptions).TestIamPermissions):len((*c.CallOptions).TestIamPermissions)], opts...)
 	unm := protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
 	resp := &iampb.TestIamPermissionsResponse{}
diff --git a/vendor/cloud.google.com/go/kms/apiv1/kmspb/ekm_service.pb.go b/vendor/cloud.google.com/go/kms/apiv1/kmspb/ekm_service.pb.go
index c0fd16edf99..fdc98c0846e 100644
--- a/vendor/cloud.google.com/go/kms/apiv1/kmspb/ekm_service.pb.go
+++ b/vendor/cloud.google.com/go/kms/apiv1/kmspb/ekm_service.pb.go
@@ -14,7 +14,7 @@
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.30.0
+// 	protoc-gen-go v1.31.0
 // 	protoc        v4.23.2
 // source: google/cloud/kms/v1/ekm_service.proto
 
diff --git a/vendor/cloud.google.com/go/kms/apiv1/kmspb/resources.pb.go b/vendor/cloud.google.com/go/kms/apiv1/kmspb/resources.pb.go
index cac7139c47d..e4b300d9d62 100644
--- a/vendor/cloud.google.com/go/kms/apiv1/kmspb/resources.pb.go
+++ b/vendor/cloud.google.com/go/kms/apiv1/kmspb/resources.pb.go
@@ -14,7 +14,7 @@
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.30.0
+// 	protoc-gen-go v1.31.0
 // 	protoc        v4.23.2
 // source: google/cloud/kms/v1/resources.proto
 
diff --git a/vendor/cloud.google.com/go/kms/apiv1/kmspb/service.pb.go b/vendor/cloud.google.com/go/kms/apiv1/kmspb/service.pb.go
index e3cb26dc82e..6ed2a1f89de 100644
--- a/vendor/cloud.google.com/go/kms/apiv1/kmspb/service.pb.go
+++ b/vendor/cloud.google.com/go/kms/apiv1/kmspb/service.pb.go
@@ -14,7 +14,7 @@
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.30.0
+// 	protoc-gen-go v1.31.0
 // 	protoc        v4.23.2
 // source: google/cloud/kms/v1/service.proto
 
diff --git a/vendor/cloud.google.com/go/kms/internal/version.go b/vendor/cloud.google.com/go/kms/internal/version.go
index 7dd6a0aa86f..ce4b61a23e3 100644
--- a/vendor/cloud.google.com/go/kms/internal/version.go
+++ b/vendor/cloud.google.com/go/kms/internal/version.go
@@ -15,4 +15,4 @@
 package internal
 
 // Version is the current tagged release of the library.
-const Version = "1.15.1"
+const Version = "1.15.2"
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/CHANGELOG.md b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/CHANGELOG.md
index cd7c0da31d0..b618676c59b 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/CHANGELOG.md
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/CHANGELOG.md
@@ -1,5 +1,41 @@
 # Release History
 
+## 1.8.0 (2023-10-05)
+
+### Features Added
+
+* Added `Claims` and `EnableCAE` fields to `policy.TokenRequestOptions`.
+* ARM bearer token policy handles CAE challenges.
+* `messaging/CloudEvent` allows you to serialize/deserialize CloudEvents, as described in the CloudEvents 1.0 specification: [link](https://github.com/cloudevents/spec)
+* Added functions `FetcherForNextLink` and `EncodeQueryParams` along with `FetcherForNextLinkOptions` to the `runtime` package to centralize creation of `Pager[T].Fetcher` from a next link URL.
+* Added types `KeyCredential` and `SASCredential` to the `azcore` package.
+  * Includes their respective constructor functions.
+* Added types `KeyCredentialPolicy` and `SASCredentialPolicy` to the `azcore/runtime` package.
+  * Includes their respective constructor functions and options types.
+
+### Breaking Changes
+> These changes affect only code written against beta versions of `v1.8.0`
+* The beta features for tracing and fakes have been omitted for this release.
+
+### Bugs Fixed
+
+* Fixed an issue that could cause some ARM RPs to not be automatically registered.
+* Block bearer token authentication for non TLS protected endpoints.
+
+### Other Changes
+
+* The following functions in the `runtime` package are now exposed from the `policy` package, and the `runtime` versions have been deprecated.
+  * `WithCaptureResponse`
+  * `WithHTTPHeader`
+  * `WithRetryOptions`
+* Updated dependencies.
+
+## 1.7.2 (2023-09-06)
+
+### Bugs Fixed
+
+* Fix default HTTP transport to work in WASM modules.
+
 ## 1.7.1 (2023-08-14)
 
 ## Bugs Fixed
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/core.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/core.go
index 9fae2a9dc4b..9f051ba4ae9 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/core.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/core.go
@@ -22,6 +22,24 @@ type AccessToken = exported.AccessToken
 // TokenCredential represents a credential capable of providing an OAuth token.
 type TokenCredential = exported.TokenCredential
 
+// KeyCredential contains an authentication key used to authenticate to an Azure service.
+type KeyCredential = exported.KeyCredential
+
+// NewKeyCredential creates a new instance of [KeyCredential] with the specified values.
+//   - key is the authentication key
+func NewKeyCredential(key string) *KeyCredential {
+	return exported.NewKeyCredential(key)
+}
+
+// SASCredential contains a shared access signature used to authenticate to an Azure service.
+type SASCredential = exported.SASCredential
+
+// NewSASCredential creates a new instance of [SASCredential] with the specified values.
+//   - sas is the shared access signature
+func NewSASCredential(sas string) *SASCredential {
+	return exported.NewSASCredential(sas)
+}
+
 // holds sentinel values used to send nulls
 var nullables map[reflect.Type]interface{} = map[reflect.Type]interface{}{}
 
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/exported/exported.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/exported/exported.go
index a1236b36252..e793b31db2c 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/exported/exported.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/exported/exported.go
@@ -10,6 +10,7 @@ import (
 	"context"
 	"io"
 	"net/http"
+	"sync/atomic"
 	"time"
 )
 
@@ -51,6 +52,17 @@ type AccessToken struct {
 // TokenRequestOptions contain specific parameter that may be used by credentials types when attempting to get a token.
 // Exported as policy.TokenRequestOptions.
 type TokenRequestOptions struct {
+	// Claims are any additional claims required for the token to satisfy a conditional access policy, such as a
+	// service may return in a claims challenge following an authorization failure. If a service returned the
+	// claims value base64 encoded, it must be decoded before setting this field.
+	Claims string
+
+	// EnableCAE indicates whether to enable Continuous Access Evaluation (CAE) for the requested token. When true,
+	// azidentity credentials request CAE tokens for resource APIs supporting CAE. Clients are responsible for
+	// handling CAE challenges. If a client that doesn't handle CAE challenges receives a CAE token, it may end up
+	// in a loop retrying an API call with a token that has been revoked due to CAE.
+	EnableCAE bool
+
 	// Scopes contains the list of permission scopes required for the token.
 	Scopes []string
 
@@ -65,3 +77,65 @@ type TokenCredential interface {
 	// GetToken requests an access token for the specified set of scopes.
 	GetToken(ctx context.Context, options TokenRequestOptions) (AccessToken, error)
 }
+
+// KeyCredential contains an authentication key used to authenticate to an Azure service.
+// Exported as azcore.KeyCredential.
+type KeyCredential struct {
+	cred *keyCredential
+}
+
+// NewKeyCredential creates a new instance of [KeyCredential] with the specified values.
+//   - key is the authentication key
+func NewKeyCredential(key string) *KeyCredential {
+	return &KeyCredential{cred: newKeyCredential(key)}
+}
+
+// Update replaces the existing key with the specified value.
+func (k *KeyCredential) Update(key string) {
+	k.cred.Update(key)
+}
+
+// SASCredential contains a shared access signature used to authenticate to an Azure service.
+// Exported as azcore.SASCredential.
+type SASCredential struct {
+	cred *keyCredential
+}
+
+// NewSASCredential creates a new instance of [SASCredential] with the specified values.
+//   - sas is the shared access signature
+func NewSASCredential(sas string) *SASCredential {
+	return &SASCredential{cred: newKeyCredential(sas)}
+}
+
+// Update replaces the existing shared access signature with the specified value.
+func (k *SASCredential) Update(sas string) {
+	k.cred.Update(sas)
+}
+
+// KeyCredentialGet returns the key for cred.
+func KeyCredentialGet(cred *KeyCredential) string {
+	return cred.cred.Get()
+}
+
+// SASCredentialGet returns the shared access sig for cred.
+func SASCredentialGet(cred *SASCredential) string {
+	return cred.cred.Get()
+}
+
+type keyCredential struct {
+	key atomic.Value // string
+}
+
+func newKeyCredential(key string) *keyCredential {
+	keyCred := keyCredential{}
+	keyCred.key.Store(key)
+	return &keyCred
+}
+
+func (k *keyCredential) Get() string {
+	return k.key.Load().(string)
+}
+
+func (k *keyCredential) Update(key string) {
+	k.key.Store(key)
+}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/shared/constants.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/shared/constants.go
index 577435a49d9..05e53aa76e4 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/shared/constants.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/shared/constants.go
@@ -32,5 +32,5 @@ const (
 	Module = "azcore"
 
 	// Version is the semantic version (see http://semver.org) of this module.
-	Version = "v1.7.1"
+	Version = "v1.8.0"
 )
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/shared/shared.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/shared/shared.go
index db0aaa7cb95..1bf3aca9183 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/shared/shared.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/shared/shared.go
@@ -14,6 +14,8 @@ import (
 	"regexp"
 	"strconv"
 	"time"
+
+	"github.com/Azure/azure-sdk-for-go/sdk/internal/errorinfo"
 )
 
 // CtxWithHTTPHeaderKey is used as a context key for adding/retrieving http.Header.
@@ -22,8 +24,8 @@ type CtxWithHTTPHeaderKey struct{}
 // CtxWithRetryOptionsKey is used as a context key for adding/retrieving RetryOptions.
 type CtxWithRetryOptionsKey struct{}
 
-// CtxIncludeResponseKey is used as a context key for retrieving the raw response.
-type CtxIncludeResponseKey struct{}
+// CtxWithCaptureResponse is used as a context key for retrieving the raw response.
+type CtxWithCaptureResponse struct{}
 
 // Delay waits for the duration to elapse or the context to be cancelled.
 func Delay(ctx context.Context, delay time.Duration) error {
@@ -101,3 +103,26 @@ func ExtractModuleName(clientName string) (string, string, error) {
 	}
 	return matches[3], matches[2], nil
 }
+
+// NonRetriableError marks the specified error as non-retriable.
+func NonRetriableError(err error) error {
+	return &nonRetriableError{err}
+}
+
+type nonRetriableError struct {
+	error
+}
+
+func (p *nonRetriableError) Error() string {
+	return p.error.Error()
+}
+
+func (*nonRetriableError) NonRetriable() {
+	// marker method
+}
+
+func (p *nonRetriableError) Unwrap() error {
+	return p.error
+}
+
+var _ errorinfo.NonRetriable = (*nonRetriableError)(nil)
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/policy/policy.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/policy/policy.go
index b200047834c..f73704cf016 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/policy/policy.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/policy/policy.go
@@ -7,11 +7,13 @@
 package policy
 
 import (
+	"context"
 	"net/http"
 	"time"
 
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/exported"
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/shared"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/tracing"
 )
 
@@ -162,3 +164,22 @@ type AuthorizationHandler struct {
 	// the policy will return any 401 response to the client.
 	OnChallenge func(*Request, *http.Response, func(TokenRequestOptions) error) error
 }
+
+// WithCaptureResponse applies the HTTP response retrieval annotation to the parent context.
+// The resp parameter will contain the HTTP response after the request has completed.
+func WithCaptureResponse(parent context.Context, resp **http.Response) context.Context {
+	return context.WithValue(parent, shared.CtxWithCaptureResponse{}, resp)
+}
+
+// WithHTTPHeader adds the specified http.Header to the parent context.
+// Use this to specify custom HTTP headers at the API-call level.
+// Any overlapping headers will have their values replaced with the values specified here.
+func WithHTTPHeader(parent context.Context, header http.Header) context.Context {
+	return context.WithValue(parent, shared.CtxWithHTTPHeaderKey{}, header)
+}
+
+// WithRetryOptions adds the specified RetryOptions to the parent context.
+// Use this to specify custom RetryOptions at the API-call level.
+func WithRetryOptions(parent context.Context, options RetryOptions) context.Context {
+	return context.WithValue(parent, shared.CtxWithRetryOptionsKey{}, options)
+}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime/pager.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime/pager.go
index 5507665d651..8a2e6c61ed1 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime/pager.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime/pager.go
@@ -10,6 +10,9 @@ import (
 	"context"
 	"encoding/json"
 	"errors"
+	"net/http"
+
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
 )
 
 // PagingHandler contains the required data for constructing a Pager.
@@ -75,3 +78,41 @@ func (p *Pager[T]) NextPage(ctx context.Context) (T, error) {
 func (p *Pager[T]) UnmarshalJSON(data []byte) error {
 	return json.Unmarshal(data, &p.current)
 }
+
+// FetcherForNextLinkOptions contains the optional values for [FetcherForNextLink].
+type FetcherForNextLinkOptions struct {
+	// NextReq is the func to be called when requesting subsequent pages.
+	// Used for paged operations that have a custom next link operation.
+	NextReq func(context.Context, string) (*policy.Request, error)
+}
+
+// FetcherForNextLink is a helper containing boilerplate code to simplify creating a PagingHandler[T].Fetcher from a next link URL.
+//   - ctx is the [context.Context] controlling the lifetime of the HTTP operation
+//   - pl is the [Pipeline] used to dispatch the HTTP request
+//   - nextLink is the URL used to fetch the next page. the empty string indicates the first page is to be requested
+//   - firstReq is the func to be called when creating the request for the first page
+//   - options contains any optional parameters, pass nil to accept the default values
+func FetcherForNextLink(ctx context.Context, pl Pipeline, nextLink string, firstReq func(context.Context) (*policy.Request, error), options *FetcherForNextLinkOptions) (*http.Response, error) {
+	var req *policy.Request
+	var err error
+	if nextLink == "" {
+		req, err = firstReq(ctx)
+	} else if nextLink, err = EncodeQueryParams(nextLink); err == nil {
+		if options != nil && options.NextReq != nil {
+			req, err = options.NextReq(ctx, nextLink)
+		} else {
+			req, err = NewRequest(ctx, http.MethodGet, nextLink)
+		}
+	}
+	if err != nil {
+		return nil, err
+	}
+	resp, err := pl.Do(req)
+	if err != nil {
+		return nil, err
+	}
+	if !HasStatusCode(resp, http.StatusOK) {
+		return nil, NewResponseError(resp)
+	}
+	return resp, nil
+}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime/policy_bearer_token.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime/policy_bearer_token.go
index b61e4c121f6..ff4931cd247 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime/policy_bearer_token.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime/policy_bearer_token.go
@@ -6,6 +6,7 @@ package runtime
 import (
 	"errors"
 	"net/http"
+	"strings"
 	"time"
 
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/exported"
@@ -72,6 +73,9 @@ func (b *BearerTokenPolicy) authenticateAndAuthorize(req *policy.Request) func(p
 
 // Do authorizes a request with a bearer token
 func (b *BearerTokenPolicy) Do(req *policy.Request) (*http.Response, error) {
+	if strings.ToLower(req.Raw().URL.Scheme) != "https" {
+		return nil, shared.NonRetriableError(errors.New("bearer token authentication is not permitted for non TLS protected (https) endpoints"))
+	}
 	var err error
 	if b.authzHandler.OnRequest != nil {
 		err = b.authzHandler.OnRequest(req, b.authenticateAndAuthorize(req))
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime/policy_http_header.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime/policy_http_header.go
index 770e0a2b6a6..c230af0afa8 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime/policy_http_header.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime/policy_http_header.go
@@ -34,6 +34,7 @@ func httpHeaderPolicy(req *policy.Request) (*http.Response, error) {
 // WithHTTPHeader adds the specified http.Header to the parent context.
 // Use this to specify custom HTTP headers at the API-call level.
 // Any overlapping headers will have their values replaced with the values specified here.
+// Deprecated: use [policy.WithHTTPHeader] instead.
 func WithHTTPHeader(parent context.Context, header http.Header) context.Context {
-	return context.WithValue(parent, shared.CtxWithHTTPHeaderKey{}, header)
+	return policy.WithHTTPHeader(parent, header)
 }
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime/policy_include_response.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime/policy_include_response.go
index 4714baa30cd..bb00f6c2fdb 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime/policy_include_response.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime/policy_include_response.go
@@ -20,7 +20,7 @@ func includeResponsePolicy(req *policy.Request) (*http.Response, error) {
 	if resp == nil {
 		return resp, err
 	}
-	if httpOutRaw := req.Raw().Context().Value(shared.CtxIncludeResponseKey{}); httpOutRaw != nil {
+	if httpOutRaw := req.Raw().Context().Value(shared.CtxWithCaptureResponse{}); httpOutRaw != nil {
 		httpOut := httpOutRaw.(**http.Response)
 		*httpOut = resp
 	}
@@ -29,6 +29,7 @@ func includeResponsePolicy(req *policy.Request) (*http.Response, error) {
 
 // WithCaptureResponse applies the HTTP response retrieval annotation to the parent context.
 // The resp parameter will contain the HTTP response after the request has completed.
+// Deprecated: use [policy.WithCaptureResponse] instead.
 func WithCaptureResponse(parent context.Context, resp **http.Response) context.Context {
-	return context.WithValue(parent, shared.CtxIncludeResponseKey{}, resp)
+	return policy.WithCaptureResponse(parent, resp)
 }
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime/policy_key_credential.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime/policy_key_credential.go
new file mode 100644
index 00000000000..2e47a5bad06
--- /dev/null
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime/policy_key_credential.go
@@ -0,0 +1,49 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package runtime
+
+import (
+	"net/http"
+
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/exported"
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
+)
+
+// KeyCredentialPolicy authorizes requests with a [azcore.KeyCredential].
+type KeyCredentialPolicy struct {
+	cred   *exported.KeyCredential
+	header string
+	prefix string
+}
+
+// KeyCredentialPolicyOptions contains the optional values configuring [KeyCredentialPolicy].
+type KeyCredentialPolicyOptions struct {
+	// Prefix is used if the key requires a prefix before it's inserted into the HTTP request.
+	Prefix string
+}
+
+// NewKeyCredentialPolicy creates a new instance of [KeyCredentialPolicy].
+//   - cred is the [azcore.KeyCredential] used to authenticate with the service
+//   - header is the name of the HTTP request header in which the key is placed
+//   - options contains optional configuration, pass nil to accept the default values
+func NewKeyCredentialPolicy(cred *exported.KeyCredential, header string, options *KeyCredentialPolicyOptions) *KeyCredentialPolicy {
+	if options == nil {
+		options = &KeyCredentialPolicyOptions{}
+	}
+	return &KeyCredentialPolicy{
+		cred:   cred,
+		header: header,
+		prefix: options.Prefix,
+	}
+}
+
+// Do implementes the Do method on the [policy.Polilcy] interface.
+func (k *KeyCredentialPolicy) Do(req *policy.Request) (*http.Response, error) {
+	val := exported.KeyCredentialGet(k.cred)
+	if k.prefix != "" {
+		val = k.prefix + val
+	}
+	req.Raw().Header.Add(k.header, val)
+	return req.Next()
+}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime/policy_retry.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime/policy_retry.go
index e0c5929f3b7..21fcb39682d 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime/policy_retry.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime/policy_retry.go
@@ -209,8 +209,9 @@ func (p *retryPolicy) Do(req *policy.Request) (resp *http.Response, err error) {
 
 // WithRetryOptions adds the specified RetryOptions to the parent context.
 // Use this to specify custom RetryOptions at the API-call level.
+// Deprecated: use [policy.WithRetryOptions] instead.
 func WithRetryOptions(parent context.Context, options policy.RetryOptions) context.Context {
-	return context.WithValue(parent, shared.CtxWithRetryOptionsKey{}, options)
+	return policy.WithRetryOptions(parent, options)
 }
 
 // ********** The following type/methods implement the retryableRequestBody (a ReadSeekCloser)
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime/policy_sas_credential.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime/policy_sas_credential.go
new file mode 100644
index 00000000000..25266030ba2
--- /dev/null
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime/policy_sas_credential.go
@@ -0,0 +1,39 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package runtime
+
+import (
+	"net/http"
+
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/internal/exported"
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
+)
+
+// SASCredentialPolicy authorizes requests with a [azcore.SASCredential].
+type SASCredentialPolicy struct {
+	cred   *exported.SASCredential
+	header string
+}
+
+// SASCredentialPolicyOptions contains the optional values configuring [SASCredentialPolicy].
+type SASCredentialPolicyOptions struct {
+	// placeholder for future optional values
+}
+
+// NewSASCredentialPolicy creates a new instance of [SASCredentialPolicy].
+//   - cred is the [azcore.SASCredential] used to authenticate with the service
+//   - header is the name of the HTTP request header in which the shared access signature is placed
+//   - options contains optional configuration, pass nil to accept the default values
+func NewSASCredentialPolicy(cred *exported.SASCredential, header string, options *SASCredentialPolicyOptions) *SASCredentialPolicy {
+	return &SASCredentialPolicy{
+		cred:   cred,
+		header: header,
+	}
+}
+
+// Do implementes the Do method on the [policy.Polilcy] interface.
+func (k *SASCredentialPolicy) Do(req *policy.Request) (*http.Response, error) {
+	req.Raw().Header.Add(k.header, exported.SASCredentialGet(k.cred))
+	return req.Next()
+}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime/request.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime/request.go
index 98e00718488..b7e6fb26f9b 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime/request.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime/request.go
@@ -15,6 +15,7 @@ import (
 	"fmt"
 	"io"
 	"mime/multipart"
+	"net/url"
 	"os"
 	"path"
 	"reflect"
@@ -44,6 +45,19 @@ func NewRequest(ctx context.Context, httpMethod string, endpoint string) (*polic
 	return exported.NewRequest(ctx, httpMethod, endpoint)
 }
 
+// EncodeQueryParams will parse and encode any query parameters in the specified URL.
+func EncodeQueryParams(u string) (string, error) {
+	before, after, found := strings.Cut(u, "?")
+	if !found {
+		return u, nil
+	}
+	qp, err := url.ParseQuery(after)
+	if err != nil {
+		return "", err
+	}
+	return before + "?" + qp.Encode(), nil
+}
+
 // JoinPaths concatenates multiple URL path segments into one path,
 // inserting path separation characters as required. JoinPaths will preserve
 // query parameters in the root path
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime/transport_default_dialer_other.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime/transport_default_dialer_other.go
new file mode 100644
index 00000000000..1c75d771f2e
--- /dev/null
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime/transport_default_dialer_other.go
@@ -0,0 +1,15 @@
+//go:build !wasm
+
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package runtime
+
+import (
+	"context"
+	"net"
+)
+
+func defaultTransportDialContext(dialer *net.Dialer) func(context.Context, string, string) (net.Conn, error) {
+	return dialer.DialContext
+}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime/transport_default_dialer_wasm.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime/transport_default_dialer_wasm.go
new file mode 100644
index 00000000000..3dc9eeecddf
--- /dev/null
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime/transport_default_dialer_wasm.go
@@ -0,0 +1,15 @@
+//go:build (js && wasm) || wasip1
+
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package runtime
+
+import (
+	"context"
+	"net"
+)
+
+func defaultTransportDialContext(dialer *net.Dialer) func(context.Context, string, string) (net.Conn, error) {
+	return nil
+}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime/transport_default_http_client.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime/transport_default_http_client.go
index dbb9fa7f86c..589d09f2c0d 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime/transport_default_http_client.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime/transport_default_http_client.go
@@ -18,10 +18,10 @@ var defaultHTTPClient *http.Client
 func init() {
 	defaultTransport := &http.Transport{
 		Proxy: http.ProxyFromEnvironment,
-		DialContext: (&net.Dialer{
+		DialContext: defaultTransportDialContext(&net.Dialer{
 			Timeout:   30 * time.Second,
 			KeepAlive: 30 * time.Second,
-		}).DialContext,
+		}),
 		ForceAttemptHTTP2:     true,
 		MaxIdleConns:          100,
 		IdleConnTimeout:       90 * time.Second,
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/CHANGELOG.md b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/CHANGELOG.md
index ddb24d81023..7ea119ab30d 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/CHANGELOG.md
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/CHANGELOG.md
@@ -1,10 +1,53 @@
 # Release History
 
+## 1.4.0 (2023-10-10)
+
+### Bugs Fixed
+* `ManagedIdentityCredential` will now retry when IMDS responds 410 or 503
+
+## 1.4.0-beta.5 (2023-09-12)
+
+### Features Added
+* Service principal credentials can request CAE tokens
+
+### Breaking Changes
+> These changes affect only code written against a beta version such as v1.4.0-beta.4
+* Whether `GetToken` requests a CAE token is now determined by `TokenRequestOptions.EnableCAE`. Azure
+  SDK clients which support CAE will set this option automatically. Credentials no longer request CAE
+  tokens by default or observe the environment variable "AZURE_IDENTITY_DISABLE_CP1".
+
+### Bugs Fixed
+* Credential chains such as `DefaultAzureCredential` now try their next credential, if any, when
+  managed identity authentication fails in a Docker Desktop container
+  ([#21417](https://github.com/Azure/azure-sdk-for-go/issues/21417))
+
+## 1.4.0-beta.4 (2023-08-16)
+
+### Other Changes
+* Upgraded dependencies
+
 ## 1.3.1 (2023-08-16)
 
 ### Other Changes
 * Upgraded dependencies
 
+## 1.4.0-beta.3 (2023-08-08)
+
+### Bugs Fixed
+* One invocation of `AzureCLICredential.GetToken()` and `OnBehalfOfCredential.GetToken()`
+  can no longer make two authentication attempts
+
+## 1.4.0-beta.2 (2023-07-14)
+
+### Other Changes
+* `DefaultAzureCredentialOptions.TenantID` applies to workload identity authentication
+* Upgraded dependencies
+
+## 1.4.0-beta.1 (2023-06-06)
+
+### Other Changes
+* Re-enabled CAE support as in v1.3.0-beta.3
+
 ## 1.3.0 (2023-05-09)
 
 ### Breaking Changes
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/TROUBLESHOOTING.md b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/TROUBLESHOOTING.md
index 7b7515ebac2..fef099813c8 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/TROUBLESHOOTING.md
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/TROUBLESHOOTING.md
@@ -76,12 +76,14 @@ azlog.SetListener(func(event azlog.Event, s string) {
 azlog.SetEvents(azidentity.EventAuthentication)
 ```
 
+<a id="dac"></a>
 ## Troubleshoot DefaultAzureCredential authentication issues
 
 | Error |Description| Mitigation |
 |---|---|---|
 |"DefaultAzureCredential failed to acquire a token"|No credential in the `DefaultAzureCredential` chain provided a token|<ul><li>[Enable logging](#enable-and-configure-logging) to get further diagnostic information.</li><li>Consult the troubleshooting guide for underlying credential types for more information.</li><ul><li>[EnvironmentCredential](#troubleshoot-environmentcredential-authentication-issues)</li><li>[ManagedIdentityCredential](#troubleshoot-managedidentitycredential-authentication-issues)</li><li>[AzureCLICredential](#troubleshoot-azureclicredential-authentication-issues)</li></ul>|
 |Error from the client with a status code of 401 or 403|Authentication succeeded but the authorizing Azure service responded with a 401 (Unauthorized), or 403 (Forbidden) status code|<ul><li>[Enable logging](#enable-and-configure-logging) to determine which credential in the chain returned the authenticating token.</li><li>If an unexpected credential is returning a token, check application configuration such as environment variables.</li><li>Ensure the correct role is assigned to the authenticated identity. For example, a service specific role rather than the subscription Owner role.</li></ul>|
+|"managed identity timed out"|`DefaultAzureCredential` sets a short timeout on its first managed identity authentication attempt to prevent very long timeouts during local development when no managed identity is available. That timeout causes this error in production when an application requests a token before the hosting environment is ready to provide one.|Use [ManagedIdentityCredential](https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity#ManagedIdentityCredential) directly, at least in production. It doesn't set a timeout on its authentication attempts.|
 
 ## Troubleshoot EnvironmentCredential authentication issues
 
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/azidentity.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/azidentity.go
index 739ff49c1ec..10b742ce1a1 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/azidentity.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/azidentity.go
@@ -10,12 +10,12 @@ import (
 	"bytes"
 	"context"
 	"errors"
+	"fmt"
 	"io"
 	"net/http"
 	"net/url"
 	"os"
 	"regexp"
-	"strings"
 
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud"
@@ -41,65 +41,18 @@ const (
 	organizationsTenantID   = "organizations"
 	developerSignOnClientID = "04b07795-8ddb-461a-bbee-02f9e1bf7b46"
 	defaultSuffix           = "/.default"
-	tenantIDValidationErr   = "invalid tenantID. You can locate your tenantID by following the instructions listed here: https://docs.microsoft.com/partner-center/find-ids-and-domain-names"
 )
 
 var (
 	// capability CP1 indicates the client application is capable of handling CAE claims challenges
-	cp1 = []string{"CP1"}
-	// CP1 is disabled until CAE support is added back
-	disableCP1 = true
+	cp1                = []string{"CP1"}
+	errInvalidTenantID = errors.New("invalid tenantID. You can locate your tenantID by following the instructions listed here: https://learn.microsoft.com/partner-center/find-ids-and-domain-names")
 )
 
-var getConfidentialClient = func(clientID, tenantID string, cred confidential.Credential, co *azcore.ClientOptions, additionalOpts ...confidential.Option) (confidentialClient, error) {
-	if !validTenantID(tenantID) {
-		return confidential.Client{}, errors.New(tenantIDValidationErr)
-	}
-	authorityHost, err := setAuthorityHost(co.Cloud)
-	if err != nil {
-		return confidential.Client{}, err
-	}
-	authority := runtime.JoinPaths(authorityHost, tenantID)
-	o := []confidential.Option{
-		confidential.WithAzureRegion(os.Getenv(azureRegionalAuthorityName)),
-		confidential.WithHTTPClient(newPipelineAdapter(co)),
-	}
-	if !disableCP1 {
-		o = append(o, confidential.WithClientCapabilities(cp1))
-	}
-	o = append(o, additionalOpts...)
-	if strings.ToLower(tenantID) == "adfs" {
-		o = append(o, confidential.WithInstanceDiscovery(false))
-	}
-	return confidential.New(authority, clientID, cred, o...)
-}
-
-var getPublicClient = func(clientID, tenantID string, co *azcore.ClientOptions, additionalOpts ...public.Option) (public.Client, error) {
-	if !validTenantID(tenantID) {
-		return public.Client{}, errors.New(tenantIDValidationErr)
-	}
-	authorityHost, err := setAuthorityHost(co.Cloud)
-	if err != nil {
-		return public.Client{}, err
-	}
-	o := []public.Option{
-		public.WithAuthority(runtime.JoinPaths(authorityHost, tenantID)),
-		public.WithHTTPClient(newPipelineAdapter(co)),
-	}
-	if !disableCP1 {
-		o = append(o, public.WithClientCapabilities(cp1))
-	}
-	o = append(o, additionalOpts...)
-	if strings.ToLower(tenantID) == "adfs" {
-		o = append(o, public.WithInstanceDiscovery(false))
-	}
-	return public.New(clientID, o...)
-}
-
 // setAuthorityHost initializes the authority host for credentials. Precedence is:
-// 1. cloud.Configuration.ActiveDirectoryAuthorityHost value set by user
-// 2. value of AZURE_AUTHORITY_HOST
-// 3. default: Azure Public Cloud
+//  1. cloud.Configuration.ActiveDirectoryAuthorityHost value set by user
+//  2. value of AZURE_AUTHORITY_HOST
+//  3. default: Azure Public Cloud
 func setAuthorityHost(cc cloud.Configuration) (string, error) {
 	host := cc.ActiveDirectoryAuthorityHost
 	if host == "" {
@@ -121,6 +74,41 @@ func setAuthorityHost(cc cloud.Configuration) (string, error) {
 	return host, nil
 }
 
+// resolveAdditionalTenants returns a copy of tenants, simplified when tenants contains a wildcard
+func resolveAdditionalTenants(tenants []string) []string {
+	if len(tenants) == 0 {
+		return nil
+	}
+	for _, t := range tenants {
+		// a wildcard makes all other values redundant
+		if t == "*" {
+			return []string{"*"}
+		}
+	}
+	cp := make([]string, len(tenants))
+	copy(cp, tenants)
+	return cp
+}
+
+// resolveTenant returns the correct tenant for a token request
+func resolveTenant(defaultTenant, specified, credName string, additionalTenants []string) (string, error) {
+	if specified == "" || specified == defaultTenant {
+		return defaultTenant, nil
+	}
+	if defaultTenant == "adfs" {
+		return "", errors.New("ADFS doesn't support tenants")
+	}
+	if !validTenantID(specified) {
+		return "", errInvalidTenantID
+	}
+	for _, t := range additionalTenants {
+		if t == "*" || t == specified {
+			return specified, nil
+		}
+	}
+	return "", fmt.Errorf(`%s isn't configured to acquire tokens for tenant %q. To enable acquiring tokens for this tenant add it to the AdditionallyAllowedTenants on the credential options, or add "*" to allow acquiring tokens for any tenant`, credName, specified)
+}
+
 // validTenantID return true is it receives a valid tenantID, returns false otherwise
 func validTenantID(tenantID string) bool {
 	match, err := regexp.MatchString("^[0-9a-zA-Z-.]+$", tenantID)
@@ -173,7 +161,7 @@ func (p pipelineAdapter) Do(r *http.Request) (*http.Response, error) {
 }
 
 // enables fakes for test scenarios
-type confidentialClient interface {
+type msalConfidentialClient interface {
 	AcquireTokenSilent(ctx context.Context, scopes []string, options ...confidential.AcquireSilentOption) (confidential.AuthResult, error)
 	AcquireTokenByAuthCode(ctx context.Context, code string, redirectURI string, scopes []string, options ...confidential.AcquireByAuthCodeOption) (confidential.AuthResult, error)
 	AcquireTokenByCredential(ctx context.Context, scopes []string, options ...confidential.AcquireByCredentialOption) (confidential.AuthResult, error)
@@ -181,7 +169,7 @@ type confidentialClient interface {
 }
 
 // enables fakes for test scenarios
-type publicClient interface {
+type msalPublicClient interface {
 	AcquireTokenSilent(ctx context.Context, scopes []string, options ...public.AcquireSilentOption) (public.AuthResult, error)
 	AcquireTokenByUsernamePassword(ctx context.Context, scopes []string, username string, password string, options ...public.AcquireByUsernamePasswordOption) (public.AuthResult, error)
 	AcquireTokenByDeviceCode(ctx context.Context, scopes []string, options ...public.AcquireByDeviceCodeOption) (public.DeviceCode, error)
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/azure_cli_credential.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/azure_cli_credential.go
index 33ff13c09db..55a0d654347 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/azure_cli_credential.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/azure_cli_credential.go
@@ -17,10 +17,12 @@ import (
 	"regexp"
 	"runtime"
 	"strings"
+	"sync"
 	"time"
 
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
+	"github.com/Azure/azure-sdk-for-go/sdk/internal/log"
 )
 
 const (
@@ -47,14 +49,14 @@ type AzureCLICredentialOptions struct {
 // init returns an instance of AzureCLICredentialOptions initialized with default values.
 func (o *AzureCLICredentialOptions) init() {
 	if o.tokenProvider == nil {
-		o.tokenProvider = defaultTokenProvider()
+		o.tokenProvider = defaultTokenProvider
 	}
 }
 
 // AzureCLICredential authenticates as the identity logged in to the Azure CLI.
 type AzureCLICredential struct {
-	s             *syncer
-	tokenProvider azureCLITokenProvider
+	mu   *sync.Mutex
+	opts AzureCLICredentialOptions
 }
 
 // NewAzureCLICredential constructs an AzureCLICredential. Pass nil to accept default options.
@@ -64,9 +66,8 @@ func NewAzureCLICredential(options *AzureCLICredentialOptions) (*AzureCLICredent
 		cp = *options
 	}
 	cp.init()
-	c := AzureCLICredential{tokenProvider: cp.tokenProvider}
-	c.s = newSyncer(credNameAzureCLI, cp.TenantID, cp.AdditionallyAllowedTenants, c.requestToken, c.requestToken)
-	return &c, nil
+	cp.AdditionallyAllowedTenants = resolveAdditionalTenants(cp.AdditionallyAllowedTenants)
+	return &AzureCLICredential{mu: &sync.Mutex{}, opts: cp}, nil
 }
 
 // GetToken requests a token from the Azure CLI. This credential doesn't cache tokens, so every call invokes the CLI.
@@ -75,13 +76,15 @@ func (c *AzureCLICredential) GetToken(ctx context.Context, opts policy.TokenRequ
 	if len(opts.Scopes) != 1 {
 		return azcore.AccessToken{}, errors.New(credNameAzureCLI + ": GetToken() requires exactly one scope")
 	}
-	// CLI expects an AAD v1 resource, not a v2 scope
+	tenant, err := resolveTenant(c.opts.TenantID, opts.TenantID, credNameAzureCLI, c.opts.AdditionallyAllowedTenants)
+	if err != nil {
+		return azcore.AccessToken{}, err
+	}
+	// pass the CLI an AAD v1 resource because we don't know which CLI version is installed and older ones don't support v2 scopes
 	opts.Scopes = []string{strings.TrimSuffix(opts.Scopes[0], defaultSuffix)}
-	return c.s.GetToken(ctx, opts)
-}
-
-func (c *AzureCLICredential) requestToken(ctx context.Context, opts policy.TokenRequestOptions) (azcore.AccessToken, error) {
-	b, err := c.tokenProvider(ctx, opts.Scopes[0], opts.TenantID)
+	c.mu.Lock()
+	defer c.mu.Unlock()
+	b, err := c.opts.tokenProvider(ctx, opts.Scopes[0], tenant)
 	if err != nil {
 		return azcore.AccessToken{}, err
 	}
@@ -89,61 +92,61 @@ func (c *AzureCLICredential) requestToken(ctx context.Context, opts policy.Token
 	if err != nil {
 		return azcore.AccessToken{}, err
 	}
+	msg := fmt.Sprintf("%s.GetToken() acquired a token for scope %q", credNameAzureCLI, strings.Join(opts.Scopes, ", "))
+	log.Write(EventAuthentication, msg)
 	return at, nil
 }
 
-func defaultTokenProvider() func(ctx context.Context, resource string, tenantID string) ([]byte, error) {
-	return func(ctx context.Context, resource string, tenantID string) ([]byte, error) {
-		match, err := regexp.MatchString("^[0-9a-zA-Z-.:/]+$", resource)
-		if err != nil {
-			return nil, err
-		}
-		if !match {
-			return nil, fmt.Errorf(`%s: unexpected scope "%s". Only alphanumeric characters and ".", ";", "-", and "/" are allowed`, credNameAzureCLI, resource)
-		}
+var defaultTokenProvider azureCLITokenProvider = func(ctx context.Context, resource string, tenantID string) ([]byte, error) {
+	match, err := regexp.MatchString("^[0-9a-zA-Z-.:/]+$", resource)
+	if err != nil {
+		return nil, err
+	}
+	if !match {
+		return nil, fmt.Errorf(`%s: unexpected scope "%s". Only alphanumeric characters and ".", ";", "-", and "/" are allowed`, credNameAzureCLI, resource)
+	}
 
-		// set a default timeout for this authentication iff the application hasn't done so already
-		var cancel context.CancelFunc
-		if _, hasDeadline := ctx.Deadline(); !hasDeadline {
-			ctx, cancel = context.WithTimeout(ctx, timeoutCLIRequest)
-			defer cancel()
-		}
+	// set a default timeout for this authentication iff the application hasn't done so already
+	var cancel context.CancelFunc
+	if _, hasDeadline := ctx.Deadline(); !hasDeadline {
+		ctx, cancel = context.WithTimeout(ctx, timeoutCLIRequest)
+		defer cancel()
+	}
 
-		commandLine := "az account get-access-token -o json --resource " + resource
-		if tenantID != "" {
-			commandLine += " --tenant " + tenantID
+	commandLine := "az account get-access-token -o json --resource " + resource
+	if tenantID != "" {
+		commandLine += " --tenant " + tenantID
+	}
+	var cliCmd *exec.Cmd
+	if runtime.GOOS == "windows" {
+		dir := os.Getenv("SYSTEMROOT")
+		if dir == "" {
+			return nil, newCredentialUnavailableError(credNameAzureCLI, "environment variable 'SYSTEMROOT' has no value")
 		}
-		var cliCmd *exec.Cmd
-		if runtime.GOOS == "windows" {
-			dir := os.Getenv("SYSTEMROOT")
-			if dir == "" {
-				return nil, newCredentialUnavailableError(credNameAzureCLI, "environment variable 'SYSTEMROOT' has no value")
-			}
-			cliCmd = exec.CommandContext(ctx, "cmd.exe", "/c", commandLine)
-			cliCmd.Dir = dir
-		} else {
-			cliCmd = exec.CommandContext(ctx, "/bin/sh", "-c", commandLine)
-			cliCmd.Dir = "/bin"
+		cliCmd = exec.CommandContext(ctx, "cmd.exe", "/c", commandLine)
+		cliCmd.Dir = dir
+	} else {
+		cliCmd = exec.CommandContext(ctx, "/bin/sh", "-c", commandLine)
+		cliCmd.Dir = "/bin"
+	}
+	cliCmd.Env = os.Environ()
+	var stderr bytes.Buffer
+	cliCmd.Stderr = &stderr
+
+	output, err := cliCmd.Output()
+	if err != nil {
+		msg := stderr.String()
+		var exErr *exec.ExitError
+		if errors.As(err, &exErr) && exErr.ExitCode() == 127 || strings.HasPrefix(msg, "'az' is not recognized") {
+			msg = "Azure CLI not found on path"
 		}
-		cliCmd.Env = os.Environ()
-		var stderr bytes.Buffer
-		cliCmd.Stderr = &stderr
-
-		output, err := cliCmd.Output()
-		if err != nil {
-			msg := stderr.String()
-			var exErr *exec.ExitError
-			if errors.As(err, &exErr) && exErr.ExitCode() == 127 || strings.HasPrefix(msg, "'az' is not recognized") {
-				msg = "Azure CLI not found on path"
-			}
-			if msg == "" {
-				msg = err.Error()
-			}
-			return nil, newCredentialUnavailableError(credNameAzureCLI, msg)
+		if msg == "" {
+			msg = err.Error()
 		}
-
-		return output, nil
+		return nil, newCredentialUnavailableError(credNameAzureCLI, msg)
 	}
+
+	return output, nil
 }
 
 func (c *AzureCLICredential) createAccessToken(tk []byte) (azcore.AccessToken, error) {
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/ci.yml b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/ci.yml
index 3b443e8eedb..9002ea0b050 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/ci.yml
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/ci.yml
@@ -26,22 +26,9 @@ stages:
   parameters:
     RunLiveTests: true
     ServiceDirectory: 'azidentity'
-    PreSteps:
-      - pwsh: |
-          [System.Convert]::FromBase64String($env:PFX_CONTENTS) | Set-Content -Path $(Agent.TempDirectory)/test.pfx -AsByteStream
-          Set-Content -Path $(Agent.TempDirectory)/test.pem -Value $env:PEM_CONTENTS
-          [System.Convert]::FromBase64String($env:SNI_CONTENTS) | Set-Content -Path $(Agent.TempDirectory)/testsni.pfx -AsByteStream
-        env:
-          PFX_CONTENTS: $(net-identity-spcert-pfx)
-          PEM_CONTENTS: $(net-identity-spcert-pem)
-          SNI_CONTENTS: $(net-identity-spcert-sni)
-    EnvVars:
-      AZURE_IDENTITY_TEST_TENANTID: $(net-identity-tenantid)
-      AZURE_IDENTITY_TEST_USERNAME: $(net-identity-username)
-      AZURE_IDENTITY_TEST_PASSWORD: $(net-identity-password)
-      IDENTITY_SP_TENANT_ID: $(net-identity-sp-tenantid)
-      IDENTITY_SP_CLIENT_ID: $(net-identity-sp-clientid)
-      IDENTITY_SP_CLIENT_SECRET: $(net-identity-sp-clientsecret)
-      IDENTITY_SP_CERT_PEM: $(Agent.TempDirectory)/test.pem
-      IDENTITY_SP_CERT_PFX: $(Agent.TempDirectory)/test.pfx
-      IDENTITY_SP_CERT_SNI: $(Agent.TempDirectory)/testsni.pfx
+    CloudConfig:
+      Public:
+        SubscriptionConfigurations:
+          - $(sub-config-azure-cloud-test-resources)
+          # Contains alternate tenant, AAD app and cert info for testing
+          - $(sub-config-identity-test-resources)
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/client_assertion_credential.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/client_assertion_credential.go
index d9d22996cd4..303d5fc0925 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/client_assertion_credential.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/client_assertion_credential.go
@@ -24,8 +24,7 @@ const credNameAssertion = "ClientAssertionCredential"
 //
 // [Azure AD documentation]: https://docs.microsoft.com/azure/active-directory/develop/active-directory-certificate-credentials#assertion-format
 type ClientAssertionCredential struct {
-	client confidentialClient
-	s      *syncer
+	client *confidentialClient
 }
 
 // ClientAssertionCredentialOptions contains optional parameters for ClientAssertionCredential.
@@ -56,28 +55,21 @@ func NewClientAssertionCredential(tenantID, clientID string, getAssertion func(c
 			return getAssertion(ctx)
 		},
 	)
-	c, err := getConfidentialClient(clientID, tenantID, cred, &options.ClientOptions, confidential.WithInstanceDiscovery(!options.DisableInstanceDiscovery))
+	msalOpts := confidentialClientOptions{
+		AdditionallyAllowedTenants: options.AdditionallyAllowedTenants,
+		ClientOptions:              options.ClientOptions,
+		DisableInstanceDiscovery:   options.DisableInstanceDiscovery,
+	}
+	c, err := newConfidentialClient(tenantID, clientID, credNameAssertion, cred, msalOpts)
 	if err != nil {
 		return nil, err
 	}
-	cac := ClientAssertionCredential{client: c}
-	cac.s = newSyncer(credNameAssertion, tenantID, options.AdditionallyAllowedTenants, cac.requestToken, cac.silentAuth)
-	return &cac, nil
+	return &ClientAssertionCredential{client: c}, nil
 }
 
 // GetToken requests an access token from Azure Active Directory. This method is called automatically by Azure SDK clients.
 func (c *ClientAssertionCredential) GetToken(ctx context.Context, opts policy.TokenRequestOptions) (azcore.AccessToken, error) {
-	return c.s.GetToken(ctx, opts)
-}
-
-func (c *ClientAssertionCredential) silentAuth(ctx context.Context, opts policy.TokenRequestOptions) (azcore.AccessToken, error) {
-	ar, err := c.client.AcquireTokenSilent(ctx, opts.Scopes, confidential.WithTenantID(opts.TenantID))
-	return azcore.AccessToken{Token: ar.AccessToken, ExpiresOn: ar.ExpiresOn.UTC()}, err
-}
-
-func (c *ClientAssertionCredential) requestToken(ctx context.Context, opts policy.TokenRequestOptions) (azcore.AccessToken, error) {
-	ar, err := c.client.AcquireTokenByCredential(ctx, opts.Scopes, confidential.WithTenantID(opts.TenantID))
-	return azcore.AccessToken{Token: ar.AccessToken, ExpiresOn: ar.ExpiresOn.UTC()}, err
+	return c.client.GetToken(ctx, opts)
 }
 
 var _ azcore.TokenCredential = (*ClientAssertionCredential)(nil)
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/client_certificate_credential.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/client_certificate_credential.go
index 804eba899ec..d3300e3053b 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/client_certificate_credential.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/client_certificate_credential.go
@@ -42,8 +42,7 @@ type ClientCertificateCredentialOptions struct {
 
 // ClientCertificateCredential authenticates a service principal with a certificate.
 type ClientCertificateCredential struct {
-	client confidentialClient
-	s      *syncer
+	client *confidentialClient
 }
 
 // NewClientCertificateCredential constructs a ClientCertificateCredential. Pass nil for options to accept defaults.
@@ -58,33 +57,22 @@ func NewClientCertificateCredential(tenantID string, clientID string, certs []*x
 	if err != nil {
 		return nil, err
 	}
-	var o []confidential.Option
-	if options.SendCertificateChain {
-		o = append(o, confidential.WithX5C())
+	msalOpts := confidentialClientOptions{
+		AdditionallyAllowedTenants: options.AdditionallyAllowedTenants,
+		ClientOptions:              options.ClientOptions,
+		DisableInstanceDiscovery:   options.DisableInstanceDiscovery,
+		SendX5C:                    options.SendCertificateChain,
 	}
-	o = append(o, confidential.WithInstanceDiscovery(!options.DisableInstanceDiscovery))
-	c, err := getConfidentialClient(clientID, tenantID, cred, &options.ClientOptions, o...)
+	c, err := newConfidentialClient(tenantID, clientID, credNameCert, cred, msalOpts)
 	if err != nil {
 		return nil, err
 	}
-	cc := ClientCertificateCredential{client: c}
-	cc.s = newSyncer(credNameCert, tenantID, options.AdditionallyAllowedTenants, cc.requestToken, cc.silentAuth)
-	return &cc, nil
+	return &ClientCertificateCredential{client: c}, nil
 }
 
 // GetToken requests an access token from Azure Active Directory. This method is called automatically by Azure SDK clients.
 func (c *ClientCertificateCredential) GetToken(ctx context.Context, opts policy.TokenRequestOptions) (azcore.AccessToken, error) {
-	return c.s.GetToken(ctx, opts)
-}
-
-func (c *ClientCertificateCredential) silentAuth(ctx context.Context, opts policy.TokenRequestOptions) (azcore.AccessToken, error) {
-	ar, err := c.client.AcquireTokenSilent(ctx, opts.Scopes, confidential.WithTenantID(opts.TenantID))
-	return azcore.AccessToken{Token: ar.AccessToken, ExpiresOn: ar.ExpiresOn.UTC()}, err
-}
-
-func (c *ClientCertificateCredential) requestToken(ctx context.Context, opts policy.TokenRequestOptions) (azcore.AccessToken, error) {
-	ar, err := c.client.AcquireTokenByCredential(ctx, opts.Scopes, confidential.WithTenantID(opts.TenantID))
-	return azcore.AccessToken{Token: ar.AccessToken, ExpiresOn: ar.ExpiresOn.UTC()}, err
+	return c.client.GetToken(ctx, opts)
 }
 
 // ParseCertificates loads certificates and a private key, in PEM or PKCS12 format, for use with NewClientCertificateCredential.
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/client_secret_credential.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/client_secret_credential.go
index dda21f6b88d..d2ff7582b99 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/client_secret_credential.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/client_secret_credential.go
@@ -33,8 +33,7 @@ type ClientSecretCredentialOptions struct {
 
 // ClientSecretCredential authenticates an application with a client secret.
 type ClientSecretCredential struct {
-	client confidentialClient
-	s      *syncer
+	client *confidentialClient
 }
 
 // NewClientSecretCredential constructs a ClientSecretCredential. Pass nil for options to accept defaults.
@@ -46,30 +45,21 @@ func NewClientSecretCredential(tenantID string, clientID string, clientSecret st
 	if err != nil {
 		return nil, err
 	}
-	c, err := getConfidentialClient(
-		clientID, tenantID, cred, &options.ClientOptions, confidential.WithInstanceDiscovery(!options.DisableInstanceDiscovery),
-	)
+	msalOpts := confidentialClientOptions{
+		AdditionallyAllowedTenants: options.AdditionallyAllowedTenants,
+		ClientOptions:              options.ClientOptions,
+		DisableInstanceDiscovery:   options.DisableInstanceDiscovery,
+	}
+	c, err := newConfidentialClient(tenantID, clientID, credNameSecret, cred, msalOpts)
 	if err != nil {
 		return nil, err
 	}
-	csc := ClientSecretCredential{client: c}
-	csc.s = newSyncer(credNameSecret, tenantID, options.AdditionallyAllowedTenants, csc.requestToken, csc.silentAuth)
-	return &csc, nil
+	return &ClientSecretCredential{c}, nil
 }
 
 // GetToken requests an access token from Azure Active Directory. This method is called automatically by Azure SDK clients.
 func (c *ClientSecretCredential) GetToken(ctx context.Context, opts policy.TokenRequestOptions) (azcore.AccessToken, error) {
-	return c.s.GetToken(ctx, opts)
-}
-
-func (c *ClientSecretCredential) silentAuth(ctx context.Context, opts policy.TokenRequestOptions) (azcore.AccessToken, error) {
-	ar, err := c.client.AcquireTokenSilent(ctx, opts.Scopes, confidential.WithTenantID(opts.TenantID))
-	return azcore.AccessToken{Token: ar.AccessToken, ExpiresOn: ar.ExpiresOn.UTC()}, err
-}
-
-func (c *ClientSecretCredential) requestToken(ctx context.Context, opts policy.TokenRequestOptions) (azcore.AccessToken, error) {
-	ar, err := c.client.AcquireTokenByCredential(ctx, opts.Scopes, confidential.WithTenantID(opts.TenantID))
-	return azcore.AccessToken{Token: ar.AccessToken, ExpiresOn: ar.ExpiresOn.UTC()}, err
+	return c.client.GetToken(ctx, opts)
 }
 
 var _ azcore.TokenCredential = (*ClientSecretCredential)(nil)
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/confidential_client.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/confidential_client.go
new file mode 100644
index 00000000000..4853a9a0095
--- /dev/null
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/confidential_client.go
@@ -0,0 +1,156 @@
+//go:build go1.18
+// +build go1.18
+
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package azidentity
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"os"
+	"strings"
+	"sync"
+
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime"
+	"github.com/Azure/azure-sdk-for-go/sdk/internal/log"
+	"github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential"
+)
+
+type confidentialClientOptions struct {
+	azcore.ClientOptions
+
+	AdditionallyAllowedTenants []string
+	// Assertion for on-behalf-of authentication
+	Assertion                         string
+	DisableInstanceDiscovery, SendX5C bool
+}
+
+// confidentialClient wraps the MSAL confidential client
+type confidentialClient struct {
+	cae, noCAE               msalConfidentialClient
+	caeMu, noCAEMu, clientMu *sync.Mutex
+	clientID, tenantID       string
+	cred                     confidential.Credential
+	host                     string
+	name                     string
+	opts                     confidentialClientOptions
+	region                   string
+}
+
+func newConfidentialClient(tenantID, clientID, name string, cred confidential.Credential, opts confidentialClientOptions) (*confidentialClient, error) {
+	if !validTenantID(tenantID) {
+		return nil, errInvalidTenantID
+	}
+	host, err := setAuthorityHost(opts.Cloud)
+	if err != nil {
+		return nil, err
+	}
+	opts.AdditionallyAllowedTenants = resolveAdditionalTenants(opts.AdditionallyAllowedTenants)
+	return &confidentialClient{
+		caeMu:    &sync.Mutex{},
+		clientID: clientID,
+		clientMu: &sync.Mutex{},
+		cred:     cred,
+		host:     host,
+		name:     name,
+		noCAEMu:  &sync.Mutex{},
+		opts:     opts,
+		region:   os.Getenv(azureRegionalAuthorityName),
+		tenantID: tenantID,
+	}, nil
+}
+
+// GetToken requests an access token from MSAL, checking the cache first.
+func (c *confidentialClient) GetToken(ctx context.Context, tro policy.TokenRequestOptions) (azcore.AccessToken, error) {
+	if len(tro.Scopes) < 1 {
+		return azcore.AccessToken{}, fmt.Errorf("%s.GetToken() requires at least one scope", c.name)
+	}
+	// we don't resolve the tenant for managed identities because they acquire tokens only from their home tenants
+	if c.name != credNameManagedIdentity {
+		tenant, err := c.resolveTenant(tro.TenantID)
+		if err != nil {
+			return azcore.AccessToken{}, err
+		}
+		tro.TenantID = tenant
+	}
+	client, mu, err := c.client(ctx, tro)
+	if err != nil {
+		return azcore.AccessToken{}, err
+	}
+	mu.Lock()
+	defer mu.Unlock()
+	var ar confidential.AuthResult
+	if c.opts.Assertion != "" {
+		ar, err = client.AcquireTokenOnBehalfOf(ctx, c.opts.Assertion, tro.Scopes, confidential.WithClaims(tro.Claims), confidential.WithTenantID(tro.TenantID))
+	} else {
+		ar, err = client.AcquireTokenSilent(ctx, tro.Scopes, confidential.WithClaims(tro.Claims), confidential.WithTenantID(tro.TenantID))
+		if err != nil {
+			ar, err = client.AcquireTokenByCredential(ctx, tro.Scopes, confidential.WithClaims(tro.Claims), confidential.WithTenantID(tro.TenantID))
+		}
+	}
+	if err != nil {
+		// We could get a credentialUnavailableError from managed identity authentication because in that case the error comes from our code.
+		// We return it directly because it affects the behavior of credential chains. Otherwise, we return AuthenticationFailedError.
+		var unavailableErr *credentialUnavailableError
+		if !errors.As(err, &unavailableErr) {
+			res := getResponseFromError(err)
+			err = newAuthenticationFailedError(c.name, err.Error(), res, err)
+		}
+	} else {
+		msg := fmt.Sprintf("%s.GetToken() acquired a token for scope %q", c.name, strings.Join(ar.GrantedScopes, ", "))
+		log.Write(EventAuthentication, msg)
+	}
+	return azcore.AccessToken{Token: ar.AccessToken, ExpiresOn: ar.ExpiresOn.UTC()}, err
+}
+
+func (c *confidentialClient) client(ctx context.Context, tro policy.TokenRequestOptions) (msalConfidentialClient, *sync.Mutex, error) {
+	c.clientMu.Lock()
+	defer c.clientMu.Unlock()
+	if tro.EnableCAE {
+		if c.cae == nil {
+			client, err := c.newMSALClient(true)
+			if err != nil {
+				return nil, nil, err
+			}
+			c.cae = client
+		}
+		return c.cae, c.caeMu, nil
+	}
+	if c.noCAE == nil {
+		client, err := c.newMSALClient(false)
+		if err != nil {
+			return nil, nil, err
+		}
+		c.noCAE = client
+	}
+	return c.noCAE, c.noCAEMu, nil
+}
+
+func (c *confidentialClient) newMSALClient(enableCAE bool) (msalConfidentialClient, error) {
+	authority := runtime.JoinPaths(c.host, c.tenantID)
+	o := []confidential.Option{
+		confidential.WithAzureRegion(c.region),
+		confidential.WithHTTPClient(newPipelineAdapter(&c.opts.ClientOptions)),
+	}
+	if enableCAE {
+		o = append(o, confidential.WithClientCapabilities(cp1))
+	}
+	if c.opts.SendX5C {
+		o = append(o, confidential.WithX5C())
+	}
+	if c.opts.DisableInstanceDiscovery || strings.ToLower(c.tenantID) == "adfs" {
+		o = append(o, confidential.WithInstanceDiscovery(false))
+	}
+	return confidential.New(authority, c.clientID, c.cred, o...)
+}
+
+// resolveTenant returns the correct tenant for a token request given the client's
+// configuration, or an error when that configuration doesn't allow the specified tenant
+func (c *confidentialClient) resolveTenant(specified string) (string, error) {
+	return resolveTenant(c.tenantID, specified, c.name, c.opts.AdditionallyAllowedTenants)
+}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/default_azure_credential.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/default_azure_credential.go
index 1e3efdc97a9..7647c60b1cb 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/default_azure_credential.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/default_azure_credential.go
@@ -21,6 +21,8 @@ import (
 // DefaultAzureCredentialOptions contains optional parameters for DefaultAzureCredential.
 // These options may not apply to all credentials in the chain.
 type DefaultAzureCredentialOptions struct {
+	// ClientOptions has additional options for credentials that use an Azure SDK HTTP pipeline. These options don't apply
+	// to credential types that authenticate via external tools such as the Azure CLI.
 	azcore.ClientOptions
 
 	// AdditionallyAllowedTenants specifies additional tenants for which the credential may acquire tokens. Add
@@ -32,8 +34,7 @@ type DefaultAzureCredentialOptions struct {
 	// from https://login.microsoft.com before authenticating. Setting this to true will skip this request, making
 	// the application responsible for ensuring the configured authority is valid and trustworthy.
 	DisableInstanceDiscovery bool
-	// TenantID identifies the tenant the Azure CLI should authenticate in.
-	// Defaults to the CLI's default tenant, which is typically the home tenant of the user logged in to the CLI.
+	// TenantID sets the default tenant for authentication via the Azure CLI and workload identity.
 	TenantID string
 }
 
@@ -83,11 +84,11 @@ func NewDefaultAzureCredential(options *DefaultAzureCredentialOptions) (*Default
 		creds = append(creds, &defaultCredentialErrorReporter{credType: "EnvironmentCredential", err: err})
 	}
 
-	// workload identity requires values for AZURE_AUTHORITY_HOST, AZURE_CLIENT_ID, AZURE_FEDERATED_TOKEN_FILE, AZURE_TENANT_ID
 	wic, err := NewWorkloadIdentityCredential(&WorkloadIdentityCredentialOptions{
 		AdditionallyAllowedTenants: additionalTenants,
 		ClientOptions:              options.ClientOptions,
 		DisableInstanceDiscovery:   options.DisableInstanceDiscovery,
+		TenantID:                   options.TenantID,
 	})
 	if err == nil {
 		creds = append(creds, wic)
@@ -95,6 +96,7 @@ func NewDefaultAzureCredential(options *DefaultAzureCredentialOptions) (*Default
 		errorMessages = append(errorMessages, credNameWorkloadIdentity+": "+err.Error())
 		creds = append(creds, &defaultCredentialErrorReporter{credType: credNameWorkloadIdentity, err: err})
 	}
+
 	o := &ManagedIdentityCredentialOptions{ClientOptions: options.ClientOptions}
 	if ID, ok := os.LookupEnv(azureClientID); ok {
 		o.ID = ClientID(ID)
@@ -115,9 +117,8 @@ func NewDefaultAzureCredential(options *DefaultAzureCredentialOptions) (*Default
 		creds = append(creds, &defaultCredentialErrorReporter{credType: credNameAzureCLI, err: err})
 	}
 
-	err = defaultAzureCredentialConstructorErrorHandler(len(creds), errorMessages)
-	if err != nil {
-		return nil, err
+	if len(errorMessages) > 0 {
+		log.Writef(EventAuthentication, "NewDefaultAzureCredential failed to initialize some credentials:\n\t%s", strings.Join(errorMessages, "\n\t"))
 	}
 
 	chain, err := NewChainedTokenCredential(creds, nil)
@@ -135,20 +136,6 @@ func (c *DefaultAzureCredential) GetToken(ctx context.Context, opts policy.Token
 
 var _ azcore.TokenCredential = (*DefaultAzureCredential)(nil)
 
-func defaultAzureCredentialConstructorErrorHandler(numberOfSuccessfulCredentials int, errorMessages []string) (err error) {
-	errorMessage := strings.Join(errorMessages, "\n\t")
-
-	if numberOfSuccessfulCredentials == 0 {
-		return errors.New(errorMessage)
-	}
-
-	if len(errorMessages) != 0 {
-		log.Writef(EventAuthentication, "NewDefaultAzureCredential failed to initialize some credentials:\n\t%s", errorMessage)
-	}
-
-	return nil
-}
-
 // defaultCredentialErrorReporter is a substitute for credentials that couldn't be constructed.
 // Its GetToken method always returns a credentialUnavailableError having the same message as
 // the error that prevented constructing the credential. This ensures the message is present
@@ -185,7 +172,7 @@ func (w *timeoutWrapper) GetToken(ctx context.Context, opts policy.TokenRequestO
 		defer cancel()
 		tk, err = w.mic.GetToken(c, opts)
 		if isAuthFailedDueToContext(err) {
-			err = newCredentialUnavailableError(credNameManagedIdentity, "managed identity timed out")
+			err = newCredentialUnavailableError(credNameManagedIdentity, "managed identity timed out. See https://aka.ms/azsdk/go/identity/troubleshoot#dac for more information")
 		} else {
 			// some managed identity implementation is available, so don't apply the timeout to future calls
 			w.timeout = 0
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/device_code_credential.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/device_code_credential.go
index 108e83c43ae..d245c269a76 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/device_code_credential.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/device_code_credential.go
@@ -12,7 +12,6 @@ import (
 
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
-	"github.com/AzureAD/microsoft-authentication-library-for-go/apps/public"
 )
 
 const credNameDeviceCode = "DeviceCodeCredential"
@@ -74,10 +73,7 @@ type DeviceCodeMessage struct {
 // If a web browser is available, InteractiveBrowserCredential is more convenient because it
 // automatically opens a browser to the login page.
 type DeviceCodeCredential struct {
-	account public.Account
-	client  publicClient
-	s       *syncer
-	prompt  func(context.Context, DeviceCodeMessage) error
+	client *publicClient
 }
 
 // NewDeviceCodeCredential creates a DeviceCodeCredential. Pass nil to accept default options.
@@ -87,50 +83,24 @@ func NewDeviceCodeCredential(options *DeviceCodeCredentialOptions) (*DeviceCodeC
 		cp = *options
 	}
 	cp.init()
-	c, err := getPublicClient(
-		cp.ClientID, cp.TenantID, &cp.ClientOptions, public.WithInstanceDiscovery(!cp.DisableInstanceDiscovery),
-	)
+	msalOpts := publicClientOptions{
+		AdditionallyAllowedTenants: cp.AdditionallyAllowedTenants,
+		ClientOptions:              cp.ClientOptions,
+		DeviceCodePrompt:           cp.UserPrompt,
+		DisableInstanceDiscovery:   cp.DisableInstanceDiscovery,
+	}
+	c, err := newPublicClient(cp.TenantID, cp.ClientID, credNameDeviceCode, msalOpts)
 	if err != nil {
 		return nil, err
 	}
-	cred := DeviceCodeCredential{client: c, prompt: cp.UserPrompt}
-	cred.s = newSyncer(credNameDeviceCode, cp.TenantID, cp.AdditionallyAllowedTenants, cred.requestToken, cred.silentAuth)
-	return &cred, nil
+	c.name = credNameDeviceCode
+	return &DeviceCodeCredential{client: c}, nil
 }
 
 // GetToken requests an access token from Azure Active Directory. It will begin the device code flow and poll until the user completes authentication.
 // This method is called automatically by Azure SDK clients.
 func (c *DeviceCodeCredential) GetToken(ctx context.Context, opts policy.TokenRequestOptions) (azcore.AccessToken, error) {
-	return c.s.GetToken(ctx, opts)
-}
-
-func (c *DeviceCodeCredential) requestToken(ctx context.Context, opts policy.TokenRequestOptions) (azcore.AccessToken, error) {
-	dc, err := c.client.AcquireTokenByDeviceCode(ctx, opts.Scopes, public.WithTenantID(opts.TenantID))
-	if err != nil {
-		return azcore.AccessToken{}, err
-	}
-	err = c.prompt(ctx, DeviceCodeMessage{
-		Message:         dc.Result.Message,
-		UserCode:        dc.Result.UserCode,
-		VerificationURL: dc.Result.VerificationURL,
-	})
-	if err != nil {
-		return azcore.AccessToken{}, err
-	}
-	ar, err := dc.AuthenticationResult(ctx)
-	if err != nil {
-		return azcore.AccessToken{}, err
-	}
-	c.account = ar.Account
-	return azcore.AccessToken{Token: ar.AccessToken, ExpiresOn: ar.ExpiresOn.UTC()}, err
-}
-
-func (c *DeviceCodeCredential) silentAuth(ctx context.Context, opts policy.TokenRequestOptions) (azcore.AccessToken, error) {
-	ar, err := c.client.AcquireTokenSilent(ctx, opts.Scopes,
-		public.WithSilentAccount(c.account),
-		public.WithTenantID(opts.TenantID),
-	)
-	return azcore.AccessToken{Token: ar.AccessToken, ExpiresOn: ar.ExpiresOn.UTC()}, err
+	return c.client.GetToken(ctx, opts)
 }
 
 var _ azcore.TokenCredential = (*DeviceCodeCredential)(nil)
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/errors.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/errors.go
index 86d8976a4b2..e1a21e0030a 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/errors.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/errors.go
@@ -11,9 +11,9 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"io"
 	"net/http"
 
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime"
 	"github.com/Azure/azure-sdk-for-go/sdk/internal/errorinfo"
 	msal "github.com/AzureAD/microsoft-authentication-library-for-go/apps/errors"
 )
@@ -57,17 +57,16 @@ func (e *AuthenticationFailedError) Error() string {
 	fmt.Fprintln(msg, "--------------------------------------------------------------------------------")
 	fmt.Fprintf(msg, "RESPONSE %s\n", e.RawResponse.Status)
 	fmt.Fprintln(msg, "--------------------------------------------------------------------------------")
-	body, err := io.ReadAll(e.RawResponse.Body)
-	e.RawResponse.Body.Close()
-	if err != nil {
+	body, err := runtime.Payload(e.RawResponse)
+	switch {
+	case err != nil:
 		fmt.Fprintf(msg, "Error reading response body: %v", err)
-	} else if len(body) > 0 {
-		e.RawResponse.Body = io.NopCloser(bytes.NewReader(body))
+	case len(body) > 0:
 		if err := json.Indent(msg, body, "", "  "); err != nil {
 			// failed to pretty-print so just dump it verbatim
 			fmt.Fprint(msg, string(body))
 		}
-	} else {
+	default:
 		fmt.Fprint(msg, "Response contained no body")
 	}
 	fmt.Fprintln(msg, "\n--------------------------------------------------------------------------------")
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/interactive_browser_credential.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/interactive_browser_credential.go
index 4868d22c3e1..08f3efbf3ec 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/interactive_browser_credential.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/interactive_browser_credential.go
@@ -11,7 +11,6 @@ import (
 
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
-	"github.com/AzureAD/microsoft-authentication-library-for-go/apps/public"
 )
 
 const credNameBrowser = "InteractiveBrowserCredential"
@@ -56,10 +55,7 @@ func (o *InteractiveBrowserCredentialOptions) init() {
 
 // InteractiveBrowserCredential opens a browser to interactively authenticate a user.
 type InteractiveBrowserCredential struct {
-	account public.Account
-	client  publicClient
-	options InteractiveBrowserCredentialOptions
-	s       *syncer
+	client *publicClient
 }
 
 // NewInteractiveBrowserCredential constructs a new InteractiveBrowserCredential. Pass nil to accept default options.
@@ -69,38 +65,22 @@ func NewInteractiveBrowserCredential(options *InteractiveBrowserCredentialOption
 		cp = *options
 	}
 	cp.init()
-	c, err := getPublicClient(cp.ClientID, cp.TenantID, &cp.ClientOptions, public.WithInstanceDiscovery(!cp.DisableInstanceDiscovery))
+	msalOpts := publicClientOptions{
+		ClientOptions:            cp.ClientOptions,
+		DisableInstanceDiscovery: cp.DisableInstanceDiscovery,
+		LoginHint:                cp.LoginHint,
+		RedirectURL:              cp.RedirectURL,
+	}
+	c, err := newPublicClient(cp.TenantID, cp.ClientID, credNameBrowser, msalOpts)
 	if err != nil {
 		return nil, err
 	}
-	ibc := InteractiveBrowserCredential{client: c, options: cp}
-	ibc.s = newSyncer(credNameBrowser, cp.TenantID, cp.AdditionallyAllowedTenants, ibc.requestToken, ibc.silentAuth)
-	return &ibc, nil
+	return &InteractiveBrowserCredential{client: c}, nil
 }
 
 // GetToken requests an access token from Azure Active Directory. This method is called automatically by Azure SDK clients.
 func (c *InteractiveBrowserCredential) GetToken(ctx context.Context, opts policy.TokenRequestOptions) (azcore.AccessToken, error) {
-	return c.s.GetToken(ctx, opts)
-}
-
-func (c *InteractiveBrowserCredential) requestToken(ctx context.Context, opts policy.TokenRequestOptions) (azcore.AccessToken, error) {
-	ar, err := c.client.AcquireTokenInteractive(ctx, opts.Scopes,
-		public.WithLoginHint(c.options.LoginHint),
-		public.WithRedirectURI(c.options.RedirectURL),
-		public.WithTenantID(opts.TenantID),
-	)
-	if err == nil {
-		c.account = ar.Account
-	}
-	return azcore.AccessToken{Token: ar.AccessToken, ExpiresOn: ar.ExpiresOn.UTC()}, err
-}
-
-func (c *InteractiveBrowserCredential) silentAuth(ctx context.Context, opts policy.TokenRequestOptions) (azcore.AccessToken, error) {
-	ar, err := c.client.AcquireTokenSilent(ctx, opts.Scopes,
-		public.WithSilentAccount(c.account),
-		public.WithTenantID(opts.TenantID),
-	)
-	return azcore.AccessToken{Token: ar.AccessToken, ExpiresOn: ar.ExpiresOn.UTC()}, err
+	return c.client.GetToken(ctx, opts)
 }
 
 var _ azcore.TokenCredential = (*InteractiveBrowserCredential)(nil)
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/managed_identity_client.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/managed_identity_client.go
index d7b4a32a544..fdc3c1f6776 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/managed_identity_client.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/managed_identity_client.go
@@ -84,13 +84,15 @@ func setIMDSRetryOptionDefaults(o *policy.RetryOptions) {
 	}
 	if o.StatusCodes == nil {
 		o.StatusCodes = []int{
-			// IMDS docs recommend retrying 404, 429 and all 5xx
-			// https://docs.microsoft.com/azure/active-directory/managed-identities-azure-resources/how-to-use-vm-token#error-handling
+			// IMDS docs recommend retrying 404, 410, 429 and 5xx
+			// https://learn.microsoft.com/azure/active-directory/managed-identities-azure-resources/how-to-use-vm-token#error-handling
 			http.StatusNotFound,                      // 404
+			http.StatusGone,                          // 410
 			http.StatusTooManyRequests,               // 429
 			http.StatusInternalServerError,           // 500
 			http.StatusNotImplemented,                // 501
 			http.StatusBadGateway,                    // 502
+			http.StatusServiceUnavailable,            // 503
 			http.StatusGatewayTimeout,                // 504
 			http.StatusHTTPVersionNotSupported,       // 505
 			http.StatusVariantAlsoNegotiates,         // 506
@@ -175,11 +177,25 @@ func (c *managedIdentityClient) authenticate(ctx context.Context, id ManagedIDKi
 		return c.createAccessToken(resp)
 	}
 
-	if c.msiType == msiTypeIMDS && resp.StatusCode == 400 {
-		if id != nil {
-			return azcore.AccessToken{}, newAuthenticationFailedError(credNameManagedIdentity, "the requested identity isn't assigned to this resource", resp, nil)
+	if c.msiType == msiTypeIMDS {
+		switch resp.StatusCode {
+		case http.StatusBadRequest:
+			if id != nil {
+				return azcore.AccessToken{}, newAuthenticationFailedError(credNameManagedIdentity, "the requested identity isn't assigned to this resource", resp, nil)
+			}
+			msg := "failed to authenticate a system assigned identity"
+			if body, err := runtime.Payload(resp); err == nil && len(body) > 0 {
+				msg += fmt.Sprintf(". The endpoint responded with %s", body)
+			}
+			return azcore.AccessToken{}, newCredentialUnavailableError(credNameManagedIdentity, msg)
+		case http.StatusForbidden:
+			// Docker Desktop runs a proxy that responds 403 to IMDS token requests. If we get that response,
+			// we return credentialUnavailableError so credential chains continue to their next credential
+			body, err := runtime.Payload(resp)
+			if err == nil && strings.Contains(string(body), "A socket operation was attempted to an unreachable network") {
+				return azcore.AccessToken{}, newCredentialUnavailableError(credNameManagedIdentity, fmt.Sprintf("unexpected response %q", string(body)))
+			}
 		}
-		return azcore.AccessToken{}, newCredentialUnavailableError(credNameManagedIdentity, "no default identity is assigned to this resource")
 	}
 
 	return azcore.AccessToken{}, newAuthenticationFailedError(credNameManagedIdentity, "authentication failed", resp, nil)
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/managed_identity_credential.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/managed_identity_credential.go
index c6710ae52ae..35c5e6725cd 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/managed_identity_credential.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/managed_identity_credential.go
@@ -8,7 +8,6 @@ package azidentity
 
 import (
 	"context"
-	"errors"
 	"fmt"
 	"strings"
 
@@ -71,9 +70,8 @@ type ManagedIdentityCredentialOptions struct {
 // user-assigned identity. See Azure Active Directory documentation for more information about managed identities:
 // https://docs.microsoft.com/azure/active-directory/managed-identities-azure-resources/overview
 type ManagedIdentityCredential struct {
-	client confidentialClient
+	client *confidentialClient
 	mic    *managedIdentityClient
-	s      *syncer
 }
 
 // NewManagedIdentityCredential creates a ManagedIdentityCredential. Pass nil to accept default options.
@@ -93,35 +91,23 @@ func NewManagedIdentityCredential(options *ManagedIdentityCredentialOptions) (*M
 	if options.ID != nil {
 		clientID = options.ID.String()
 	}
-	// similarly, it's okay to give MSAL an incorrect authority URL because that URL won't be used
-	c, err := confidential.New("https://login.microsoftonline.com/common", clientID, cred)
+	// similarly, it's okay to give MSAL an incorrect tenant because MSAL won't use the value
+	c, err := newConfidentialClient("common", clientID, credNameManagedIdentity, cred, confidentialClientOptions{})
 	if err != nil {
 		return nil, err
 	}
-	m := ManagedIdentityCredential{client: c, mic: mic}
-	m.s = newSyncer(credNameManagedIdentity, "", nil, m.requestToken, m.silentAuth)
-	return &m, nil
+	return &ManagedIdentityCredential{client: c, mic: mic}, nil
 }
 
 // GetToken requests an access token from the hosting environment. This method is called automatically by Azure SDK clients.
 func (c *ManagedIdentityCredential) GetToken(ctx context.Context, opts policy.TokenRequestOptions) (azcore.AccessToken, error) {
 	if len(opts.Scopes) != 1 {
-		err := errors.New(credNameManagedIdentity + ": GetToken() requires exactly one scope")
+		err := fmt.Errorf("%s.GetToken() requires exactly one scope", credNameManagedIdentity)
 		return azcore.AccessToken{}, err
 	}
 	// managed identity endpoints require an AADv1 resource (i.e. token audience), not a v2 scope, so we remove "/.default" here
 	opts.Scopes = []string{strings.TrimSuffix(opts.Scopes[0], defaultSuffix)}
-	return c.s.GetToken(ctx, opts)
-}
-
-func (c *ManagedIdentityCredential) requestToken(ctx context.Context, opts policy.TokenRequestOptions) (azcore.AccessToken, error) {
-	ar, err := c.client.AcquireTokenByCredential(ctx, opts.Scopes)
-	return azcore.AccessToken{Token: ar.AccessToken, ExpiresOn: ar.ExpiresOn.UTC()}, err
-}
-
-func (c *ManagedIdentityCredential) silentAuth(ctx context.Context, opts policy.TokenRequestOptions) (azcore.AccessToken, error) {
-	ar, err := c.client.AcquireTokenSilent(ctx, opts.Scopes)
-	return azcore.AccessToken{Token: ar.AccessToken, ExpiresOn: ar.ExpiresOn.UTC()}, err
+	return c.client.GetToken(ctx, opts)
 }
 
 var _ azcore.TokenCredential = (*ManagedIdentityCredential)(nil)
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/on_behalf_of_credential.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/on_behalf_of_credential.go
index 3e173f47d26..2b360b681df 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/on_behalf_of_credential.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/on_behalf_of_credential.go
@@ -25,9 +25,7 @@ const credNameOBO = "OnBehalfOfCredential"
 //
 // [Azure Active Directory documentation]: https://docs.microsoft.com/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow
 type OnBehalfOfCredential struct {
-	assertion string
-	client    confidentialClient
-	s         *syncer
+	client *confidentialClient
 }
 
 // OnBehalfOfCredentialOptions contains optional parameters for OnBehalfOfCredential
@@ -72,28 +70,23 @@ func newOnBehalfOfCredential(tenantID, clientID, userAssertion string, cred conf
 	if options == nil {
 		options = &OnBehalfOfCredentialOptions{}
 	}
-	opts := []confidential.Option{}
-	if options.SendCertificateChain {
-		opts = append(opts, confidential.WithX5C())
+	opts := confidentialClientOptions{
+		AdditionallyAllowedTenants: options.AdditionallyAllowedTenants,
+		Assertion:                  userAssertion,
+		ClientOptions:              options.ClientOptions,
+		DisableInstanceDiscovery:   options.DisableInstanceDiscovery,
+		SendX5C:                    options.SendCertificateChain,
 	}
-	opts = append(opts, confidential.WithInstanceDiscovery(!options.DisableInstanceDiscovery))
-	c, err := getConfidentialClient(clientID, tenantID, cred, &options.ClientOptions, opts...)
+	c, err := newConfidentialClient(tenantID, clientID, credNameOBO, cred, opts)
 	if err != nil {
 		return nil, err
 	}
-	obo := OnBehalfOfCredential{assertion: userAssertion, client: c}
-	obo.s = newSyncer(credNameOBO, tenantID, options.AdditionallyAllowedTenants, obo.requestToken, obo.requestToken)
-	return &obo, nil
+	return &OnBehalfOfCredential{c}, nil
 }
 
 // GetToken requests an access token from Azure Active Directory. This method is called automatically by Azure SDK clients.
 func (o *OnBehalfOfCredential) GetToken(ctx context.Context, opts policy.TokenRequestOptions) (azcore.AccessToken, error) {
-	return o.s.GetToken(ctx, opts)
-}
-
-func (o *OnBehalfOfCredential) requestToken(ctx context.Context, opts policy.TokenRequestOptions) (azcore.AccessToken, error) {
-	ar, err := o.client.AcquireTokenOnBehalfOf(ctx, o.assertion, opts.Scopes, confidential.WithTenantID(opts.TenantID))
-	return azcore.AccessToken{Token: ar.AccessToken, ExpiresOn: ar.ExpiresOn.UTC()}, err
+	return o.client.GetToken(ctx, opts)
 }
 
 var _ azcore.TokenCredential = (*OnBehalfOfCredential)(nil)
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/public_client.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/public_client.go
new file mode 100644
index 00000000000..6512d3e25fd
--- /dev/null
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/public_client.go
@@ -0,0 +1,178 @@
+//go:build go1.18
+// +build go1.18
+
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package azidentity
+
+import (
+	"context"
+	"fmt"
+	"strings"
+	"sync"
+
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime"
+	"github.com/Azure/azure-sdk-for-go/sdk/internal/log"
+	"github.com/AzureAD/microsoft-authentication-library-for-go/apps/public"
+)
+
+type publicClientOptions struct {
+	azcore.ClientOptions
+
+	AdditionallyAllowedTenants []string
+	DeviceCodePrompt           func(context.Context, DeviceCodeMessage) error
+	DisableInstanceDiscovery   bool
+	LoginHint, RedirectURL     string
+	Username, Password         string
+}
+
+// publicClient wraps the MSAL public client
+type publicClient struct {
+	account                  public.Account
+	cae, noCAE               msalPublicClient
+	caeMu, noCAEMu, clientMu *sync.Mutex
+	clientID, tenantID       string
+	host                     string
+	name                     string
+	opts                     publicClientOptions
+}
+
+func newPublicClient(tenantID, clientID, name string, o publicClientOptions) (*publicClient, error) {
+	if !validTenantID(tenantID) {
+		return nil, errInvalidTenantID
+	}
+	host, err := setAuthorityHost(o.Cloud)
+	if err != nil {
+		return nil, err
+	}
+	o.AdditionallyAllowedTenants = resolveAdditionalTenants(o.AdditionallyAllowedTenants)
+	return &publicClient{
+		caeMu:    &sync.Mutex{},
+		clientID: clientID,
+		clientMu: &sync.Mutex{},
+		host:     host,
+		name:     name,
+		noCAEMu:  &sync.Mutex{},
+		opts:     o,
+		tenantID: tenantID,
+	}, nil
+}
+
+// GetToken requests an access token from MSAL, checking the cache first.
+func (p *publicClient) GetToken(ctx context.Context, tro policy.TokenRequestOptions) (azcore.AccessToken, error) {
+	if len(tro.Scopes) < 1 {
+		return azcore.AccessToken{}, fmt.Errorf("%s.GetToken() requires at least one scope", p.name)
+	}
+	tenant, err := p.resolveTenant(tro.TenantID)
+	if err != nil {
+		return azcore.AccessToken{}, err
+	}
+	client, mu, err := p.client(tro)
+	if err != nil {
+		return azcore.AccessToken{}, err
+	}
+	mu.Lock()
+	defer mu.Unlock()
+	ar, err := client.AcquireTokenSilent(ctx, tro.Scopes, public.WithSilentAccount(p.account), public.WithClaims(tro.Claims), public.WithTenantID(tenant))
+	if err == nil {
+		return p.token(ar, err)
+	}
+	at, err := p.reqToken(ctx, client, tro)
+	if err == nil {
+		msg := fmt.Sprintf("%s.GetToken() acquired a token for scope %q", p.name, strings.Join(ar.GrantedScopes, ", "))
+		log.Write(EventAuthentication, msg)
+	}
+	return at, err
+}
+
+// reqToken requests a token from the MSAL public client. It's separate from GetToken() to enable Authenticate() to bypass the cache.
+func (p *publicClient) reqToken(ctx context.Context, c msalPublicClient, tro policy.TokenRequestOptions) (azcore.AccessToken, error) {
+	tenant, err := p.resolveTenant(tro.TenantID)
+	if err != nil {
+		return azcore.AccessToken{}, err
+	}
+	var ar public.AuthResult
+	switch p.name {
+	case credNameBrowser:
+		ar, err = c.AcquireTokenInteractive(ctx, tro.Scopes,
+			public.WithClaims(tro.Claims),
+			public.WithLoginHint(p.opts.LoginHint),
+			public.WithRedirectURI(p.opts.RedirectURL),
+			public.WithTenantID(tenant),
+		)
+	case credNameDeviceCode:
+		dc, e := c.AcquireTokenByDeviceCode(ctx, tro.Scopes, public.WithClaims(tro.Claims), public.WithTenantID(tenant))
+		if e != nil {
+			return azcore.AccessToken{}, e
+		}
+		err = p.opts.DeviceCodePrompt(ctx, DeviceCodeMessage{
+			Message:         dc.Result.Message,
+			UserCode:        dc.Result.UserCode,
+			VerificationURL: dc.Result.VerificationURL,
+		})
+		if err == nil {
+			ar, err = dc.AuthenticationResult(ctx)
+		}
+	case credNameUserPassword:
+		ar, err = c.AcquireTokenByUsernamePassword(ctx, tro.Scopes, p.opts.Username, p.opts.Password, public.WithClaims(tro.Claims), public.WithTenantID(tenant))
+	default:
+		return azcore.AccessToken{}, fmt.Errorf("unknown credential %q", p.name)
+	}
+	return p.token(ar, err)
+}
+
+func (p *publicClient) client(tro policy.TokenRequestOptions) (msalPublicClient, *sync.Mutex, error) {
+	p.clientMu.Lock()
+	defer p.clientMu.Unlock()
+	if tro.EnableCAE {
+		if p.cae == nil {
+			client, err := p.newMSALClient(true)
+			if err != nil {
+				return nil, nil, err
+			}
+			p.cae = client
+		}
+		return p.cae, p.caeMu, nil
+	}
+	if p.noCAE == nil {
+		client, err := p.newMSALClient(false)
+		if err != nil {
+			return nil, nil, err
+		}
+		p.noCAE = client
+	}
+	return p.noCAE, p.noCAEMu, nil
+}
+
+func (p *publicClient) newMSALClient(enableCAE bool) (msalPublicClient, error) {
+	o := []public.Option{
+		public.WithAuthority(runtime.JoinPaths(p.host, p.tenantID)),
+		public.WithHTTPClient(newPipelineAdapter(&p.opts.ClientOptions)),
+	}
+	if enableCAE {
+		o = append(o, public.WithClientCapabilities(cp1))
+	}
+	if p.opts.DisableInstanceDiscovery || strings.ToLower(p.tenantID) == "adfs" {
+		o = append(o, public.WithInstanceDiscovery(false))
+	}
+	return public.New(p.clientID, o...)
+}
+
+func (p *publicClient) token(ar public.AuthResult, err error) (azcore.AccessToken, error) {
+	if err == nil {
+		p.account = ar.Account
+	} else {
+		res := getResponseFromError(err)
+		err = newAuthenticationFailedError(p.name, err.Error(), res, err)
+	}
+	return azcore.AccessToken{Token: ar.AccessToken, ExpiresOn: ar.ExpiresOn.UTC()}, err
+}
+
+// resolveTenant returns the correct tenant for a token request given the client's
+// configuration, or an error when that configuration doesn't allow the specified tenant
+func (p *publicClient) resolveTenant(specified string) (string, error) {
+	return resolveTenant(p.tenantID, specified, p.name, p.opts.AdditionallyAllowedTenants)
+}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/syncer.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/syncer.go
deleted file mode 100644
index ae38555994b..00000000000
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/syncer.go
+++ /dev/null
@@ -1,130 +0,0 @@
-//go:build go1.18
-// +build go1.18
-
-// Copyright (c) Microsoft Corporation. All rights reserved.
-// Licensed under the MIT License.
-
-package azidentity
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"strings"
-	"sync"
-
-	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
-	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
-	"github.com/Azure/azure-sdk-for-go/sdk/internal/log"
-)
-
-type authFn func(context.Context, policy.TokenRequestOptions) (azcore.AccessToken, error)
-
-// syncer synchronizes authentication calls so that goroutines can share a credential instance
-type syncer struct {
-	addlTenants      []string
-	authing          bool
-	cond             *sync.Cond
-	reqToken, silent authFn
-	name, tenant     string
-}
-
-func newSyncer(name, tenant string, additionalTenants []string, reqToken, silentAuth authFn) *syncer {
-	return &syncer{
-		addlTenants: resolveAdditionalTenants(additionalTenants),
-		cond:        &sync.Cond{L: &sync.Mutex{}},
-		name:        name,
-		reqToken:    reqToken,
-		silent:      silentAuth,
-		tenant:      tenant,
-	}
-}
-
-// GetToken ensures that only one goroutine authenticates at a time
-func (s *syncer) GetToken(ctx context.Context, opts policy.TokenRequestOptions) (azcore.AccessToken, error) {
-	var at azcore.AccessToken
-	var err error
-	if len(opts.Scopes) == 0 {
-		return at, errors.New(s.name + ".GetToken() requires at least one scope")
-	}
-	// we don't resolve the tenant for managed identities because they can acquire tokens only from their home tenants
-	if s.name != credNameManagedIdentity {
-		tenant, err := s.resolveTenant(opts.TenantID)
-		if err != nil {
-			return at, err
-		}
-		opts.TenantID = tenant
-	}
-	auth := false
-	s.cond.L.Lock()
-	defer s.cond.L.Unlock()
-	for {
-		at, err = s.silent(ctx, opts)
-		if err == nil {
-			// got a token
-			break
-		}
-		if !s.authing {
-			// this goroutine will request a token
-			s.authing, auth = true, true
-			break
-		}
-		// another goroutine is acquiring a token; wait for it to finish, then try silent auth again
-		s.cond.Wait()
-	}
-	if auth {
-		s.authing = false
-		at, err = s.reqToken(ctx, opts)
-		s.cond.Broadcast()
-	}
-	if err != nil {
-		// Return credentialUnavailableError directly because that type affects the behavior of credential chains.
-		// Otherwise, return AuthenticationFailedError.
-		var unavailableErr *credentialUnavailableError
-		if !errors.As(err, &unavailableErr) {
-			res := getResponseFromError(err)
-			err = newAuthenticationFailedError(s.name, err.Error(), res, err)
-		}
-	} else if log.Should(EventAuthentication) {
-		scope := strings.Join(opts.Scopes, ", ")
-		msg := fmt.Sprintf(`%s.GetToken() acquired a token for scope "%s"\n`, s.name, scope)
-		log.Write(EventAuthentication, msg)
-	}
-	return at, err
-}
-
-// resolveTenant returns the correct tenant for a token request given the credential's
-// configuration, or an error when the specified tenant isn't allowed by that configuration
-func (s *syncer) resolveTenant(requested string) (string, error) {
-	if requested == "" || requested == s.tenant {
-		return s.tenant, nil
-	}
-	if s.tenant == "adfs" {
-		return "", errors.New("ADFS doesn't support tenants")
-	}
-	if !validTenantID(requested) {
-		return "", errors.New(tenantIDValidationErr)
-	}
-	for _, t := range s.addlTenants {
-		if t == "*" || t == requested {
-			return requested, nil
-		}
-	}
-	return "", fmt.Errorf(`%s isn't configured to acquire tokens for tenant %q. To enable acquiring tokens for this tenant add it to the AdditionallyAllowedTenants on the credential options, or add "*" to allow acquiring tokens for any tenant`, s.name, requested)
-}
-
-// resolveAdditionalTenants returns a copy of tenants, simplified when tenants contains a wildcard
-func resolveAdditionalTenants(tenants []string) []string {
-	if len(tenants) == 0 {
-		return nil
-	}
-	for _, t := range tenants {
-		// a wildcard makes all other values redundant
-		if t == "*" {
-			return []string{"*"}
-		}
-	}
-	cp := make([]string, len(tenants))
-	copy(cp, tenants)
-	return cp
-}
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/test-resources-pre.ps1 b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/test-resources-pre.ps1
new file mode 100644
index 00000000000..fe0183addeb
--- /dev/null
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/test-resources-pre.ps1
@@ -0,0 +1,36 @@
+[CmdletBinding(SupportsShouldProcess = $true, ConfirmImpact = 'Medium')]
+param (
+    # Captures any arguments from eng/New-TestResources.ps1 not declared here (no parameter errors).
+    [Parameter(ValueFromRemainingArguments = $true)]
+    $RemainingArguments
+)
+
+if (!$CI) {
+    # TODO: Remove this once auto-cloud config downloads are supported locally
+    Write-Host "Skipping cert setup in local testing mode"
+    return
+}
+
+if ($EnvironmentVariables -eq $null -or $EnvironmentVariables.Count -eq 0) {
+    throw "EnvironmentVariables must be set in the calling script New-TestResources.ps1"
+}
+
+$tmp = $env:TEMP ? $env:TEMP : [System.IO.Path]::GetTempPath()
+$pfxPath = Join-Path $tmp "test.pfx"
+$pemPath = Join-Path $tmp "test.pem"
+$sniPath = Join-Path $tmp "testsni.pfx"
+
+Write-Host "Creating identity test files: $pfxPath $pemPath $sniPath"
+
+[System.Convert]::FromBase64String($EnvironmentVariables['PFX_CONTENTS']) | Set-Content -Path $pfxPath -AsByteStream
+Set-Content -Path $pemPath -Value $EnvironmentVariables['PEM_CONTENTS']
+[System.Convert]::FromBase64String($EnvironmentVariables['SNI_CONTENTS']) | Set-Content -Path $sniPath -AsByteStream
+
+# Set for pipeline
+Write-Host "##vso[task.setvariable variable=IDENTITY_SP_CERT_PFX;]$pfxPath"
+Write-Host "##vso[task.setvariable variable=IDENTITY_SP_CERT_PEM;]$pemPath"
+Write-Host "##vso[task.setvariable variable=IDENTITY_SP_CERT_SNI;]$sniPath"
+# Set for local
+$env:IDENTITY_SP_CERT_PFX = $pfxPath
+$env:IDENTITY_SP_CERT_PEM = $pemPath
+$env:IDENTITY_SP_CERT_SNI = $sniPath
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/test-resources.bicep b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/test-resources.bicep
new file mode 100644
index 00000000000..b3490d3b50a
--- /dev/null
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/test-resources.bicep
@@ -0,0 +1 @@
+param baseName string
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/username_password_credential.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/username_password_credential.go
index 8e652e33ff6..f787ec0ce18 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/username_password_credential.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/username_password_credential.go
@@ -11,7 +11,6 @@ import (
 
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
-	"github.com/AzureAD/microsoft-authentication-library-for-go/apps/public"
 )
 
 const credNameUserPassword = "UsernamePasswordCredential"
@@ -36,10 +35,7 @@ type UsernamePasswordCredentialOptions struct {
 // with any form of multi-factor authentication, and the application must already have user or admin consent.
 // This credential can only authenticate work and school accounts; it can't authenticate Microsoft accounts.
 type UsernamePasswordCredential struct {
-	account            public.Account
-	client             publicClient
-	password, username string
-	s                  *syncer
+	client *publicClient
 }
 
 // NewUsernamePasswordCredential creates a UsernamePasswordCredential. clientID is the ID of the application the user
@@ -48,34 +44,23 @@ func NewUsernamePasswordCredential(tenantID string, clientID string, username st
 	if options == nil {
 		options = &UsernamePasswordCredentialOptions{}
 	}
-	c, err := getPublicClient(clientID, tenantID, &options.ClientOptions, public.WithInstanceDiscovery(!options.DisableInstanceDiscovery))
+	opts := publicClientOptions{
+		AdditionallyAllowedTenants: options.AdditionallyAllowedTenants,
+		ClientOptions:              options.ClientOptions,
+		DisableInstanceDiscovery:   options.DisableInstanceDiscovery,
+		Password:                   password,
+		Username:                   username,
+	}
+	c, err := newPublicClient(tenantID, clientID, credNameUserPassword, opts)
 	if err != nil {
 		return nil, err
 	}
-	upc := UsernamePasswordCredential{client: c, password: password, username: username}
-	upc.s = newSyncer(credNameUserPassword, tenantID, options.AdditionallyAllowedTenants, upc.requestToken, upc.silentAuth)
-	return &upc, nil
+	return &UsernamePasswordCredential{client: c}, err
 }
 
 // GetToken requests an access token from Azure Active Directory. This method is called automatically by Azure SDK clients.
 func (c *UsernamePasswordCredential) GetToken(ctx context.Context, opts policy.TokenRequestOptions) (azcore.AccessToken, error) {
-	return c.s.GetToken(ctx, opts)
-}
-
-func (c *UsernamePasswordCredential) requestToken(ctx context.Context, opts policy.TokenRequestOptions) (azcore.AccessToken, error) {
-	ar, err := c.client.AcquireTokenByUsernamePassword(ctx, opts.Scopes, c.username, c.password, public.WithTenantID(opts.TenantID))
-	if err == nil {
-		c.account = ar.Account
-	}
-	return azcore.AccessToken{Token: ar.AccessToken, ExpiresOn: ar.ExpiresOn.UTC()}, err
-}
-
-func (c *UsernamePasswordCredential) silentAuth(ctx context.Context, opts policy.TokenRequestOptions) (azcore.AccessToken, error) {
-	ar, err := c.client.AcquireTokenSilent(ctx, opts.Scopes,
-		public.WithSilentAccount(c.account),
-		public.WithTenantID(opts.TenantID),
-	)
-	return azcore.AccessToken{Token: ar.AccessToken, ExpiresOn: ar.ExpiresOn.UTC()}, err
+	return c.client.GetToken(ctx, opts)
 }
 
 var _ azcore.TokenCredential = (*UsernamePasswordCredential)(nil)
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/version.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/version.go
index 38a1f420b58..65e74e31e3b 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/version.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/version.go
@@ -11,5 +11,5 @@ const (
 	component = "azidentity"
 
 	// Version is the semantic version (see http://semver.org) of this module.
-	version = "v1.3.1"
+	version = "v1.4.0"
 )
diff --git a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/workload_identity.go b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/workload_identity.go
index 7bfb3436760..7e016324d22 100644
--- a/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/workload_identity.go
+++ b/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/workload_identity.go
@@ -47,7 +47,7 @@ type WorkloadIdentityCredentialOptions struct {
 	DisableInstanceDiscovery bool
 	// TenantID of the service principal. Defaults to the value of the environment variable AZURE_TENANT_ID.
 	TenantID string
-	// TokenFilePath is the path a file containing the workload identity token. Defaults to the value of the
+	// TokenFilePath is the path of a file containing a Kubernetes service account token. Defaults to the value of the
 	// environment variable AZURE_FEDERATED_TOKEN_FILE.
 	TokenFilePath string
 }
@@ -88,7 +88,7 @@ func NewWorkloadIdentityCredential(options *WorkloadIdentityCredentialOptions) (
 		return nil, err
 	}
 	// we want "WorkloadIdentityCredential" in log messages, not "ClientAssertionCredential"
-	cred.s.name = credNameWorkloadIdentity
+	cred.client.name = credNameWorkloadIdentity
 	w.cred = cred
 	return &w, nil
 }
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/CHANGELOG.md
index 47da5cbbf14..1f4384c9669 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/CHANGELOG.md
@@ -1,3 +1,880 @@
+# Release (2023-10-12)
+
+## General Highlights
+* **Dependency Update**: Updated to the latest SDK module versions
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2`: v1.21.2
+  * **Bug Fix**: Improve recognition of retryable DNS errors.
+* `github.com/aws/aws-sdk-go-v2/config`: [v1.18.45](config/CHANGELOG.md#v11845-2023-10-12)
+  * **Bug Fix**: Fail to load config if an explicitly provided profile doesn't exist.
+* `github.com/aws/aws-sdk-go-v2/service/auditmanager`: [v1.27.0](service/auditmanager/CHANGELOG.md#v1270-2023-10-12)
+  * **Feature**: This release introduces a new limit to the awsAccounts parameter. When you create or update an assessment, there is now a limit of 200 AWS accounts that can be specified in the assessment scope.
+* `github.com/aws/aws-sdk-go-v2/service/autoscaling`: [v1.31.0](service/autoscaling/CHANGELOG.md#v1310-2023-10-12)
+  * **Feature**: Update the NotificationMetadata field to only allow visible ascii characters. Add paginators to DescribeInstanceRefreshes, DescribeLoadBalancers, and DescribeLoadBalancerTargetGroups
+* `github.com/aws/aws-sdk-go-v2/service/configservice`: [v1.37.0](service/configservice/CHANGELOG.md#v1370-2023-10-12)
+  * **Feature**: Add enums for resource types supported by Config
+* `github.com/aws/aws-sdk-go-v2/service/controltower`: [v1.4.0](service/controltower/CHANGELOG.md#v140-2023-10-12)
+  * **Feature**: Added new EnabledControl resource details to ListEnabledControls API and added new GetEnabledControl API.
+* `github.com/aws/aws-sdk-go-v2/service/customerprofiles`: [v1.29.0](service/customerprofiles/CHANGELOG.md#v1290-2023-10-12)
+  * **Feature**: Adds sensitive trait to various shapes in Customer Profiles Calculated Attribute API model.
+* `github.com/aws/aws-sdk-go-v2/service/ec2`: [v1.125.0](service/ec2/CHANGELOG.md#v11250-2023-10-12)
+  * **Feature**: This release adds Ubuntu Pro as a supported platform for On-Demand Capacity Reservations and adds support for setting an Amazon Machine Image (AMI) to disabled state. Disabling the AMI makes it private if it was previously shared, and prevents new EC2 instance launches from it.
+* `github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2`: [v1.21.6](service/elasticloadbalancingv2/CHANGELOG.md#v1216-2023-10-12)
+  * **Documentation**: This release enables routing policies with Availability Zone affinity for Network Load Balancers.
+* `github.com/aws/aws-sdk-go-v2/service/glue`: [v1.63.0](service/glue/CHANGELOG.md#v1630-2023-10-12)
+  * **Feature**: Extending version control support to GitLab and Bitbucket from AWSGlue
+* `github.com/aws/aws-sdk-go-v2/service/inspector2`: [v1.17.0](service/inspector2/CHANGELOG.md#v1170-2023-10-12)
+  * **Feature**: Add MacOs ec2 platform support
+* `github.com/aws/aws-sdk-go-v2/service/ivsrealtime`: [v1.5.0](service/ivsrealtime/CHANGELOG.md#v150-2023-10-12)
+  * **Feature**: Update GetParticipant to return additional metadata.
+* `github.com/aws/aws-sdk-go-v2/service/lambda`: [v1.40.0](service/lambda/CHANGELOG.md#v1400-2023-10-12)
+  * **Feature**: Adds support for Lambda functions to access Dual-Stack subnets over IPv6, via an opt-in flag in CreateFunction and UpdateFunctionConfiguration APIs
+* `github.com/aws/aws-sdk-go-v2/service/location`: [v1.28.0](service/location/CHANGELOG.md#v1280-2023-10-12)
+  * **Feature**: This release adds endpoint updates for all AWS Location resource operations.
+* `github.com/aws/aws-sdk-go-v2/service/machinelearning`: [v1.18.0](service/machinelearning/CHANGELOG.md#v1180-2023-10-12)
+  * **Feature**: This release marks Password field as sensitive
+* `github.com/aws/aws-sdk-go-v2/service/pricing`: [v1.21.9](service/pricing/CHANGELOG.md#v1219-2023-10-12)
+  * **Documentation**: Documentation updates for Price List
+* `github.com/aws/aws-sdk-go-v2/service/rds`: [v1.56.0](service/rds/CHANGELOG.md#v1560-2023-10-12)
+  * **Feature**: This release adds support for adding a dedicated log volume to open-source RDS instances.
+* `github.com/aws/aws-sdk-go-v2/service/rekognition`: [v1.31.0](service/rekognition/CHANGELOG.md#v1310-2023-10-12)
+  * **Feature**: Amazon Rekognition introduces support for Custom Moderation. This allows the enhancement of accuracy for detect moderation labels operations by creating custom adapters tuned on customer data.
+* `github.com/aws/aws-sdk-go-v2/service/sagemaker`: [v1.111.0](service/sagemaker/CHANGELOG.md#v11110-2023-10-12)
+  * **Feature**: Amazon SageMaker Canvas adds KendraSettings and DirectDeploySettings support for CanvasAppSettings
+* `github.com/aws/aws-sdk-go-v2/service/textract`: [v1.25.0](service/textract/CHANGELOG.md#v1250-2023-10-12)
+  * **Feature**: This release adds 9 new APIs for adapter and adapter version management, 3 new APIs for tagging, and updates AnalyzeDocument and StartDocumentAnalysis API parameters for using adapters.
+* `github.com/aws/aws-sdk-go-v2/service/transcribe`: [v1.29.0](service/transcribe/CHANGELOG.md#v1290-2023-10-12)
+  * **Feature**: This release is to enable m4a format to customers
+* `github.com/aws/aws-sdk-go-v2/service/workspaces`: [v1.31.2](service/workspaces/CHANGELOG.md#v1312-2023-10-12)
+  * **Documentation**: Updated the CreateWorkspaces action documentation to clarify that the PCoIP protocol is only available for Windows bundles.
+
+# Release (2023-10-06)
+
+## General Highlights
+* **Dependency Update**: Updated to the latest SDK module versions
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/ec2`: [v1.124.0](service/ec2/CHANGELOG.md#v11240-2023-10-06)
+  * **Feature**: Documentation updates for Elastic Compute Cloud (EC2).
+* `github.com/aws/aws-sdk-go-v2/service/fsx`: [v1.33.0](service/fsx/CHANGELOG.md#v1330-2023-10-06)
+  * **Feature**: After performing steps to repair the Active Directory configuration of a file system, use this action to initiate the process of attempting to recover to the file system.
+* `github.com/aws/aws-sdk-go-v2/service/marketplacecatalog`: [v1.18.0](service/marketplacecatalog/CHANGELOG.md#v1180-2023-10-06)
+  * **Feature**: This release adds support for Document type as an alternative for stringified JSON for StartChangeSet, DescribeChangeSet and DescribeEntity APIs
+* `github.com/aws/aws-sdk-go-v2/service/quicksight`: [v1.45.0](service/quicksight/CHANGELOG.md#v1450-2023-10-06)
+  * **Feature**: NullOption in FilterListConfiguration; Dataset schema/table max length increased; Support total placement for pivot table visual; Lenient mode relaxes the validation to create resources with definition; Data sources can be added to folders; Redshift data sources support IAM Role-based authentication
+* `github.com/aws/aws-sdk-go-v2/service/transfer`: [v1.34.0](service/transfer/CHANGELOG.md#v1340-2023-10-06)
+  * **Feature**: This release updates the max character limit of PreAuthenticationLoginBanner and PostAuthenticationLoginBanner to 4096 characters
+
+# Release (2023-10-05)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/omics`: [v1.10.0](service/omics/CHANGELOG.md#v1100-2023-10-05)
+  * **Feature**: Add Etag Support for Omics Storage in ListReadSets and GetReadSetMetadata API
+* `github.com/aws/aws-sdk-go-v2/service/rds`: [v1.55.1](service/rds/CHANGELOG.md#v1551-2023-10-05)
+  * **Documentation**: Updates Amazon RDS documentation for corrections and minor improvements.
+* `github.com/aws/aws-sdk-go-v2/service/route53`: [v1.30.0](service/route53/CHANGELOG.md#v1300-2023-10-05)
+  * **Feature**: Add hostedzonetype filter to ListHostedZones API.
+* `github.com/aws/aws-sdk-go-v2/service/securityhub`: [v1.37.0](service/securityhub/CHANGELOG.md#v1370-2023-10-05)
+  * **Feature**: Added new resource detail objects to ASFF, including resources for AwsEventsEventbus, AwsEventsEndpoint, AwsDmsEndpoint, AwsDmsReplicationTask, AwsDmsReplicationInstance, AwsRoute53HostedZone, and AwsMskCluster
+* `github.com/aws/aws-sdk-go-v2/service/storagegateway`: [v1.21.0](service/storagegateway/CHANGELOG.md#v1210-2023-10-05)
+  * **Feature**: Add SoftwareVersion to response of DescribeGatewayInformation.
+* `github.com/aws/aws-sdk-go-v2/service/workspaces`: [v1.31.0](service/workspaces/CHANGELOG.md#v1310-2023-10-05)
+  * **Feature**: This release introduces Manage applications. This feature allows users to manage their WorkSpaces applications by associating or disassociating their WorkSpaces with applications. The DescribeWorkspaces API will now additionally return OperatingSystemName in its responses.
+
+# Release (2023-10-04)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/appconfig`: [v1.21.0](service/appconfig/CHANGELOG.md#v1210-2023-10-04)
+  * **Feature**: AWS AppConfig introduces KMS customer-managed key (CMK) encryption support for data saved to AppConfig's hosted configuration store.
+* `github.com/aws/aws-sdk-go-v2/service/datazone`: [v1.0.0](service/datazone/CHANGELOG.md#v100-2023-10-04)
+  * **Release**: New AWS service client module
+  * **Feature**: Initial release of Amazon DataZone
+* `github.com/aws/aws-sdk-go-v2/service/mediatailor`: [v1.28.0](service/mediatailor/CHANGELOG.md#v1280-2023-10-04)
+  * **Feature**: Updates DescribeVodSource to include a list of ad break opportunities in the response
+* `github.com/aws/aws-sdk-go-v2/service/mgn`: [v1.21.0](service/mgn/CHANGELOG.md#v1210-2023-10-04)
+  * **Feature**: This release includes the following new APIs: ListConnectors, CreateConnector,  UpdateConnector, DeleteConnector and UpdateSourceServer to support the source action framework feature.
+* `github.com/aws/aws-sdk-go-v2/service/sagemaker`: [v1.110.0](service/sagemaker/CHANGELOG.md#v11100-2023-10-04)
+  * **Feature**: Adding support for AdditionalS3DataSource, a data source used for training or inference that is in addition to the input dataset or model data.
+
+# Release (2023-10-03)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/connect`: [v1.69.0](service/connect/CHANGELOG.md#v1690-2023-10-03)
+  * **Feature**: GetMetricDataV2 API: Update to include new metrics CONTACTS_RESOLVED_IN_X , AVG_HOLD_TIME_ALL_CONTACTS , AVG_RESOLUTION_TIME , ABANDONMENT_RATE , AGENT_NON_RESPONSE_WITHOUT_CUSTOMER_ABANDONS with added features: Interval Period, TimeZone, Negate MetricFilters, Extended date time range.
+* `github.com/aws/aws-sdk-go-v2/service/location`: [v1.27.0](service/location/CHANGELOG.md#v1270-2023-10-03)
+  * **Feature**: Amazon Location Service adds support for bounding polygon queries. Additionally, the GeofenceCount field has been added to the DescribeGeofenceCollection API response.
+* `github.com/aws/aws-sdk-go-v2/service/mediaconvert`: [v1.43.0](service/mediaconvert/CHANGELOG.md#v1430-2023-10-03)
+  * **Feature**: This release adds the ability to replace video frames without modifying the audio essence.
+* `github.com/aws/aws-sdk-go-v2/service/oam`: [v1.4.0](service/oam/CHANGELOG.md#v140-2023-10-03)
+  * **Feature**: This release adds support for sharing AWS::ApplicationInsights::Application resources.
+* `github.com/aws/aws-sdk-go-v2/service/sagemaker`: [v1.109.0](service/sagemaker/CHANGELOG.md#v11090-2023-10-03)
+  * **Feature**: This release allows users to run Selective Execution in SageMaker Pipelines without SourcePipelineExecutionArn if selected steps do not have any dependent steps.
+* `github.com/aws/aws-sdk-go-v2/service/wellarchitected`: [v1.23.0](service/wellarchitected/CHANGELOG.md#v1230-2023-10-03)
+  * **Feature**: AWS Well-Architected now supports Review Templates that allows you to create templates with pre-filled answers for Well-Architected and Custom Lens best practices.
+
+# Release (2023-10-02)
+
+## General Highlights
+* **Dependency Update**: Updated to the latest SDK module versions
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/bedrock`: [v1.1.0](service/bedrock/CHANGELOG.md#v110-2023-10-02)
+  * **Feature**: Provisioned throughput feature with Amazon and third-party base models, and update validators for model identifier and taggable resource ARNs.
+* `github.com/aws/aws-sdk-go-v2/service/bedrockruntime`: [v1.1.0](service/bedrockruntime/CHANGELOG.md#v110-2023-10-02)
+  * **Feature**: Add model timeout exception for InvokeModelWithResponseStream API and update validator for invoke model identifier.
+* `github.com/aws/aws-sdk-go-v2/service/ec2`: [v1.123.0](service/ec2/CHANGELOG.md#v11230-2023-10-02)
+  * **Feature**: Introducing Amazon EC2 R7iz instances with 3.9 GHz sustained all-core turbo frequency and deliver up to 20% better performance than previous generation z1d instances.
+* `github.com/aws/aws-sdk-go-v2/service/managedblockchain`: [v1.16.6](service/managedblockchain/CHANGELOG.md#v1166-2023-10-02)
+  * **Documentation**: Remove Rinkeby as option from Ethereum APIs
+* `github.com/aws/aws-sdk-go-v2/service/rds`: [v1.55.0](service/rds/CHANGELOG.md#v1550-2023-10-02)
+  * **Feature**: Adds DefaultCertificateForNewLaunches field in the DescribeCertificates API response.
+* `github.com/aws/aws-sdk-go-v2/service/sso`: [v1.15.0](service/sso/CHANGELOG.md#v1150-2023-10-02)
+  * **Feature**: Fix FIPS Endpoints in aws-us-gov.
+* `github.com/aws/aws-sdk-go-v2/service/sts`: [v1.23.0](service/sts/CHANGELOG.md#v1230-2023-10-02)
+  * **Feature**: STS API updates for assumeRole
+* `github.com/aws/aws-sdk-go-v2/service/transfer`: [v1.33.9](service/transfer/CHANGELOG.md#v1339-2023-10-02)
+  * **Documentation**: Documentation updates for AWS Transfer Family
+
+# Release (2023-09-28)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/bedrock`: [v1.0.0](service/bedrock/CHANGELOG.md#v100-2023-09-28)
+  * **Release**: New AWS service client module
+  * **Feature**: Model Invocation logging added to enable or disable logs in customer account. Model listing and description support added. Provisioned Throughput feature added. Custom model support added for creating custom models. Also includes list, and delete functions for custom model.
+* `github.com/aws/aws-sdk-go-v2/service/bedrockruntime`: [v1.0.0](service/bedrockruntime/CHANGELOG.md#v100-2023-09-28)
+  * **Release**: New AWS service client module
+  * **Feature**: Run Inference: Added support to run the inference on models.  Includes set of APIs for running inference in streaming and non-streaming mode.
+* `github.com/aws/aws-sdk-go-v2/service/budgets`: [v1.17.0](service/budgets/CHANGELOG.md#v1170-2023-09-28)
+  * **Feature**: Update DescribeBudgets and DescribeBudgetNotificationsForAccount MaxResults limit to 1000.
+* `github.com/aws/aws-sdk-go-v2/service/ec2`: [v1.122.0](service/ec2/CHANGELOG.md#v11220-2023-09-28)
+  * **Feature**: Adds support for Customer Managed Key encryption for Amazon Verified Access resources
+* `github.com/aws/aws-sdk-go-v2/service/iotfleetwise`: [v1.6.0](service/iotfleetwise/CHANGELOG.md#v160-2023-09-28)
+  * **Feature**: AWS IoT FleetWise now supports encryption through a customer managed AWS KMS key. The PutEncryptionConfiguration and GetEncryptionConfiguration APIs were added.
+* `github.com/aws/aws-sdk-go-v2/service/sagemaker`: [v1.108.0](service/sagemaker/CHANGELOG.md#v11080-2023-09-28)
+  * **Feature**: Online store feature groups supports Standard and InMemory tier storage types for low latency storage for real-time data retrieval. The InMemory tier supports collection types List, Set, and Vector.
+* `github.com/aws/aws-sdk-go-v2/service/sagemakerfeaturestoreruntime`: [v1.18.0](service/sagemakerfeaturestoreruntime/CHANGELOG.md#v1180-2023-09-28)
+  * **Feature**: Feature Store supports read/write of records with collection type features.
+* `github.com/aws/aws-sdk-go-v2/service/wafv2`: [v1.39.1](service/wafv2/CHANGELOG.md#v1391-2023-09-28)
+  * **Documentation**: Correct and improve the documentation for the FieldToMatch option JA3 fingerprint.
+
+# Release (2023-09-27)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider`: [v1.27.0](service/cognitoidentityprovider/CHANGELOG.md#v1270-2023-09-27)
+  * **Feature**: The UserPoolType Status field is no longer used.
+* `github.com/aws/aws-sdk-go-v2/service/firehose`: [v1.19.0](service/firehose/CHANGELOG.md#v1190-2023-09-27)
+  * **Feature**: Features : Adding support for new data ingestion source to Kinesis Firehose - AWS Managed Services Kafka.
+* `github.com/aws/aws-sdk-go-v2/service/iot`: [v1.40.0](service/iot/CHANGELOG.md#v1400-2023-09-27)
+  * **Feature**: Added support for IoT Rules Engine Kafka Action Headers
+* `github.com/aws/aws-sdk-go-v2/service/textract`: [v1.24.0](service/textract/CHANGELOG.md#v1240-2023-09-27)
+  * **Feature**: This release adds new feature - Layout to Analyze Document API which can automatically extract layout elements such as titles, paragraphs, headers, section headers, lists, page numbers, footers, table areas, key-value areas and figure areas and order the elements as a human would read.
+
+# Release (2023-09-26)
+
+## General Highlights
+* **Dependency Update**: Updated to the latest SDK module versions
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/appintegrations`: [v1.18.0](service/appintegrations/CHANGELOG.md#v1180-2023-09-26)
+  * **Feature**: The Amazon AppIntegrations service adds a set of APIs (in preview) to manage third party applications to be used in Amazon Connect agent workspace.
+* `github.com/aws/aws-sdk-go-v2/service/apprunner`: [v1.21.0](service/apprunner/CHANGELOG.md#v1210-2023-09-26)
+  * **Feature**: This release allows an App Runner customer to specify a custom source directory to run the build & start command. This change allows App Runner to support monorepo based repositories
+* `github.com/aws/aws-sdk-go-v2/service/codedeploy`: [v1.18.1](service/codedeploy/CHANGELOG.md#v1181-2023-09-26)
+  * **Documentation**: CodeDeploy now supports In-place and Blue/Green EC2 deployments with multiple Classic Load Balancers and multiple Target Groups.
+* `github.com/aws/aws-sdk-go-v2/service/connect`: [v1.68.0](service/connect/CHANGELOG.md#v1680-2023-09-26)
+  * **Feature**: This release updates a set of Amazon Connect APIs that provides the ability to integrate third party applications in the Amazon Connect agent workspace.
+* `github.com/aws/aws-sdk-go-v2/service/dynamodb`: [v1.22.0](service/dynamodb/CHANGELOG.md#v1220-2023-09-26)
+  * **Feature**: Amazon DynamoDB now supports Incremental Export as an enhancement to the existing Export Table
+* `github.com/aws/aws-sdk-go-v2/service/ec2`: [v1.121.0](service/ec2/CHANGELOG.md#v11210-2023-09-26)
+  * **Feature**: The release includes AWS verified access to support FIPs compliance in North America regions
+* `github.com/aws/aws-sdk-go-v2/service/lakeformation`: [v1.24.0](service/lakeformation/CHANGELOG.md#v1240-2023-09-26)
+  * **Feature**: This release adds three new API support "CreateLakeFormationOptIn", "DeleteLakeFormationOptIn" and "ListLakeFormationOptIns", and also updates the corresponding documentation.
+* `github.com/aws/aws-sdk-go-v2/service/pinpoint`: [v1.22.6](service/pinpoint/CHANGELOG.md#v1226-2023-09-26)
+  * **Documentation**: Update documentation for RemoveAttributes to more accurately reflect its behavior when attributes are deleted.
+* `github.com/aws/aws-sdk-go-v2/service/s3`: [v1.40.0](service/s3/CHANGELOG.md#v1400-2023-09-26)
+  * **Feature**: This release adds a new field COMPLETED to the ReplicationStatus Enum. You can now use this field to validate the replication status of S3 objects using the AWS SDK.
+
+# Release (2023-09-25)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/amplifyuibuilder`: [v1.13.0](service/amplifyuibuilder/CHANGELOG.md#v1130-2023-09-25)
+  * **Feature**: Support for generating code that is compatible with future versions of amplify project dependencies.
+* `github.com/aws/aws-sdk-go-v2/service/chimesdkmediapipelines`: [v1.9.0](service/chimesdkmediapipelines/CHANGELOG.md#v190-2023-09-25)
+  * **Feature**: Adds support for sending WebRTC audio to Amazon Kineses Video Streams.
+* `github.com/aws/aws-sdk-go-v2/service/emrserverless`: [v1.11.0](service/emrserverless/CHANGELOG.md#v1110-2023-09-25)
+  * **Feature**: This release adds support for application-wide default job configurations.
+* `github.com/aws/aws-sdk-go-v2/service/finspacedata`: [v1.17.0](service/finspacedata/CHANGELOG.md#v1170-2023-09-25)
+  * **Feature**: Adding sensitive trait to attributes. Change max SessionDuration from 720 to 60. Correct "ApiAccess" attribute to "apiAccess" to maintain consistency between APIs.
+* `github.com/aws/aws-sdk-go-v2/service/quicksight`: [v1.44.0](service/quicksight/CHANGELOG.md#v1440-2023-09-25)
+  * **Feature**: Added ability to tag users upon creation.
+* `github.com/aws/aws-sdk-go-v2/service/ssm`: [v1.38.0](service/ssm/CHANGELOG.md#v1380-2023-09-25)
+  * **Feature**: This release updates the enum values for ResourceType in SSM DescribeInstanceInformation input and ConnectionStatus in GetConnectionStatus output.
+* `github.com/aws/aws-sdk-go-v2/service/wafv2`: [v1.39.0](service/wafv2/CHANGELOG.md#v1390-2023-09-25)
+  * **Feature**: You can now perform an exact match against the web request's JA3 fingerprint.
+
+# Release (2023-09-22)
+
+## General Highlights
+* **Dependency Update**: Updated to the latest SDK module versions
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/config`: [v1.18.42](config/CHANGELOG.md#v11842-2023-09-22)
+  * **Bug Fix**: Fixed a bug where merging `max_attempts` or `duration_seconds` fields across shared config files with invalid values would silently default them to 0.
+  * **Bug Fix**: Move type assertion of config values out of the parsing stage, which resolves an issue where the contents of a profile would silently be dropped with certain numeric formats.
+* `github.com/aws/aws-sdk-go-v2/internal/ini`: [v1.3.43](internal/ini/CHANGELOG.md#v1343-2023-09-22)
+  * **Bug Fix**: Fixed a bug where merging `max_attempts` or `duration_seconds` fields across shared config files with invalid values would silently default them to 0.
+  * **Bug Fix**: Move type assertion of config values out of the parsing stage, which resolves an issue where the contents of a profile would silently be dropped with certain numeric formats.
+* `github.com/aws/aws-sdk-go-v2/service/braket`: [v1.20.0](service/braket/CHANGELOG.md#v1200-2023-09-22)
+  * **Feature**: This release adds support to view the device queue depth (the number of queued quantum tasks and hybrid jobs on a device) and queue position for a quantum task and hybrid job.
+* `github.com/aws/aws-sdk-go-v2/service/cloudwatchevents`: [v1.18.0](service/cloudwatchevents/CHANGELOG.md#v1180-2023-09-22)
+  * **Feature**: Adds sensitive trait to various shapes in Jetstream Connections API model.
+* `github.com/aws/aws-sdk-go-v2/service/databasemigrationservice`: [v1.31.0](service/databasemigrationservice/CHANGELOG.md#v1310-2023-09-22)
+  * **Feature**: new vendors for DMS CSF: MongoDB, MariaDB, DocumentDb and Redshift
+* `github.com/aws/aws-sdk-go-v2/service/ec2`: [v1.120.0](service/ec2/CHANGELOG.md#v11200-2023-09-22)
+  * **Feature**: EC2 M2 Pro Mac instances are powered by Apple M2 Pro Mac Mini computers featuring 12 core CPU, 19 core GPU, 32 GiB of memory, and 16 core Apple Neural Engine and uniquely enabled by the AWS Nitro System through high-speed Thunderbolt connections.
+* `github.com/aws/aws-sdk-go-v2/service/efs`: [v1.21.7](service/efs/CHANGELOG.md#v1217-2023-09-22)
+  * **Documentation**: Documentation updates for Elastic File System
+* `github.com/aws/aws-sdk-go-v2/service/guardduty`: [v1.28.0](service/guardduty/CHANGELOG.md#v1280-2023-09-22)
+  * **Feature**: Add `EKS_CLUSTER_NAME` to filter and sort key.
+* `github.com/aws/aws-sdk-go-v2/service/mediaconvert`: [v1.42.0](service/mediaconvert/CHANGELOG.md#v1420-2023-09-22)
+  * **Feature**: This release supports the creation of of audio-only tracks in CMAF output groups.
+
+# Release (2023-09-20)
+
+## General Highlights
+* **Dependency Update**: Updated to the latest SDK module versions
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/appconfig`: [v1.20.0](service/appconfig/CHANGELOG.md#v1200-2023-09-20)
+  * **Feature**: Enabling boto3 paginators for list APIs and adding documentation around ServiceQuotaExceededException errors
+* `github.com/aws/aws-sdk-go-v2/service/apprunner`: [v1.20.0](service/apprunner/CHANGELOG.md#v1200-2023-09-20)
+  * **Feature**: This release adds improvements for managing App Runner auto scaling configuration resources. New APIs: UpdateDefaultAutoScalingConfiguration and ListServicesForAutoScalingConfiguration. Updated API: DeleteAutoScalingConfiguration.
+* `github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs`: [v1.24.0](service/cloudwatchlogs/CHANGELOG.md#v1240-2023-09-20)
+  * **Feature**: Add ClientToken to QueryDefinition CFN Handler in CWL
+* `github.com/aws/aws-sdk-go-v2/service/codeartifact`: [v1.20.0](service/codeartifact/CHANGELOG.md#v1200-2023-09-20)
+  * **Feature**: Add support for the Swift package format.
+* `github.com/aws/aws-sdk-go-v2/service/kinesisvideo`: [v1.18.4](service/kinesisvideo/CHANGELOG.md#v1184-2023-09-20)
+  * **Documentation**: Updated DescribeMediaStorageConfiguration, StartEdgeConfigurationUpdate, ImageGenerationConfiguration$SamplingInterval, and UpdateMediaStorageConfiguration to match AWS Docs.
+* `github.com/aws/aws-sdk-go-v2/service/s3`: [v1.39.0](service/s3/CHANGELOG.md#v1390-2023-09-20)
+  * **Feature**: Fix an issue where the SDK can fail to unmarshall response due to NumberFormatException
+* `github.com/aws/aws-sdk-go-v2/service/servicediscovery`: [v1.24.0](service/servicediscovery/CHANGELOG.md#v1240-2023-09-20)
+  * **Feature**: Adds a new DiscoverInstancesRevision API and also adds InstanceRevision field to the DiscoverInstances API response.
+* `github.com/aws/aws-sdk-go-v2/service/ssooidc`: [v1.17.0](service/ssooidc/CHANGELOG.md#v1170-2023-09-20)
+  * **Feature**: Update FIPS endpoints in aws-us-gov.
+
+# Release (2023-09-19)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/ec2`: [v1.119.0](service/ec2/CHANGELOG.md#v11190-2023-09-19)
+  * **Feature**: This release adds support for C7i, and R7a instance types.
+* `github.com/aws/aws-sdk-go-v2/service/outposts`: [v1.30.0](service/outposts/CHANGELOG.md#v1300-2023-09-19)
+  * **Feature**: This release adds the InstanceFamilies field to the ListAssets response.
+* `github.com/aws/aws-sdk-go-v2/service/sagemaker`: [v1.107.0](service/sagemaker/CHANGELOG.md#v11070-2023-09-19)
+  * **Feature**: This release adds support for one-time model monitoring schedules that are executed immediately without delay, explicit data analysis windows for model monitoring schedules and exclude features attributes to remove features from model monitor analysis.
+
+# Release (2023-09-18)
+
+## General Highlights
+* **Feature**: Adds several endpoint ruleset changes across all models: smaller rulesets, removed non-unique regional endpoints, fixes FIPS and DualStack endpoints, and make region not required in SDK::Endpoint. Additional breakfix to cognito-sync field.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/accessanalyzer`: [v1.21.0](service/accessanalyzer/CHANGELOG.md#v1210-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/acm`: [v1.19.0](service/acm/CHANGELOG.md#v1190-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/amplify`: [v1.15.0](service/amplify/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/apigatewaymanagementapi`: [v1.13.0](service/apigatewaymanagementapi/CHANGELOG.md#v1130-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/appconfig`: [v1.19.0](service/appconfig/CHANGELOG.md#v1190-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/appconfigdata`: [v1.8.0](service/appconfigdata/CHANGELOG.md#v180-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/appfabric`: [v1.2.0](service/appfabric/CHANGELOG.md#v120-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/appintegrations`: [v1.17.0](service/appintegrations/CHANGELOG.md#v1170-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/applicationcostprofiler`: [v1.12.0](service/applicationcostprofiler/CHANGELOG.md#v1120-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/appmesh`: [v1.19.0](service/appmesh/CHANGELOG.md#v1190-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/arczonalshift`: [v1.3.0](service/arczonalshift/CHANGELOG.md#v130-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/autoscalingplans`: [v1.15.0](service/autoscalingplans/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/backupgateway`: [v1.11.0](service/backupgateway/CHANGELOG.md#v1110-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/backupstorage`: [v1.3.0](service/backupstorage/CHANGELOG.md#v130-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/braket`: [v1.19.0](service/braket/CHANGELOG.md#v1190-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/chimesdkvoice`: [v1.9.0](service/chimesdkvoice/CHANGELOG.md#v190-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/clouddirectory`: [v1.15.0](service/clouddirectory/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/cloudhsmv2`: [v1.16.0](service/cloudhsmv2/CHANGELOG.md#v1160-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/cloudsearch`: [v1.16.0](service/cloudsearch/CHANGELOG.md#v1160-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/cloudsearchdomain`: [v1.14.0](service/cloudsearchdomain/CHANGELOG.md#v1140-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/cloudtraildata`: [v1.2.0](service/cloudtraildata/CHANGELOG.md#v120-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/codebuild`: [v1.22.0](service/codebuild/CHANGELOG.md#v1220-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/codedeploy`: [v1.18.0](service/codedeploy/CHANGELOG.md#v1180-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/codeguruprofiler`: [v1.15.0](service/codeguruprofiler/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/codegurureviewer`: [v1.19.0](service/codegurureviewer/CHANGELOG.md#v1190-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/codegurusecurity`: [v1.2.0](service/codegurusecurity/CHANGELOG.md#v120-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/codestar`: [v1.15.0](service/codestar/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/codestarnotifications`: [v1.16.0](service/codestarnotifications/CHANGELOG.md#v1160-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/cognitoidentity`: [v1.17.0](service/cognitoidentity/CHANGELOG.md#v1170-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/cognitosync`: [v1.14.0](service/cognitosync/CHANGELOG.md#v1140-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/connectcases`: [v1.7.0](service/connectcases/CHANGELOG.md#v170-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/connectcontactlens`: [v1.15.0](service/connectcontactlens/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/controltower`: [v1.3.0](service/controltower/CHANGELOG.md#v130-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/databrew`: [v1.23.0](service/databrew/CHANGELOG.md#v1230-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/dataexchange`: [v1.21.0](service/dataexchange/CHANGELOG.md#v1210-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/datapipeline`: [v1.16.0](service/datapipeline/CHANGELOG.md#v1160-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/dax`: [v1.14.0](service/dax/CHANGELOG.md#v1140-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/devicefarm`: [v1.17.0](service/devicefarm/CHANGELOG.md#v1170-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/docdbelastic`: [v1.3.0](service/docdbelastic/CHANGELOG.md#v130-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/ec2instanceconnect`: [v1.17.0](service/ec2instanceconnect/CHANGELOG.md#v1170-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/ecrpublic`: [v1.18.0](service/ecrpublic/CHANGELOG.md#v1180-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/elasticbeanstalk`: [v1.17.0](service/elasticbeanstalk/CHANGELOG.md#v1170-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/elasticloadbalancing`: [v1.17.0](service/elasticloadbalancing/CHANGELOG.md#v1170-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/elastictranscoder`: [v1.16.0](service/elastictranscoder/CHANGELOG.md#v1160-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/evidently`: [v1.13.0](service/evidently/CHANGELOG.md#v1130-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/finspacedata`: [v1.16.0](service/finspacedata/CHANGELOG.md#v1160-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/fis`: [v1.16.0](service/fis/CHANGELOG.md#v1160-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/forecast`: [v1.27.0](service/forecast/CHANGELOG.md#v1270-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/forecastquery`: [v1.15.0](service/forecastquery/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/gamesparks`: [v1.4.0](service/gamesparks/CHANGELOG.md#v140-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/glacier`: [v1.16.0](service/glacier/CHANGELOG.md#v1160-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/greengrass`: [v1.17.0](service/greengrass/CHANGELOG.md#v1170-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/greengrassv2`: [v1.24.0](service/greengrassv2/CHANGELOG.md#v1240-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/honeycode`: [v1.15.0](service/honeycode/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/inspector`: [v1.15.0](service/inspector/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/iot1clickdevicesservice`: [v1.13.0](service/iot1clickdevicesservice/CHANGELOG.md#v1130-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/iot1clickprojects`: [v1.14.0](service/iot1clickprojects/CHANGELOG.md#v1140-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/iotanalytics`: [v1.16.0](service/iotanalytics/CHANGELOG.md#v1160-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/iotevents`: [v1.17.0](service/iotevents/CHANGELOG.md#v1170-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/ioteventsdata`: [v1.15.0](service/ioteventsdata/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/iotfleethub`: [v1.15.0](service/iotfleethub/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/iotjobsdataplane`: [v1.14.0](service/iotjobsdataplane/CHANGELOG.md#v1140-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/iotroborunner`: [v1.3.0](service/iotroborunner/CHANGELOG.md#v130-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/iotsecuretunneling`: [v1.17.0](service/iotsecuretunneling/CHANGELOG.md#v1170-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/iotthingsgraph`: [v1.16.0](service/iotthingsgraph/CHANGELOG.md#v1160-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/ivschat`: [v1.6.0](service/ivschat/CHANGELOG.md#v160-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/kendraranking`: [v1.2.0](service/kendraranking/CHANGELOG.md#v120-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/kinesis`: [v1.19.0](service/kinesis/CHANGELOG.md#v1190-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/kinesisanalytics`: [v1.16.0](service/kinesisanalytics/CHANGELOG.md#v1160-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/kinesisvideoarchivedmedia`: [v1.17.0](service/kinesisvideoarchivedmedia/CHANGELOG.md#v1170-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/kinesisvideomedia`: [v1.13.0](service/kinesisvideomedia/CHANGELOG.md#v1130-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/kinesisvideosignaling`: [v1.13.0](service/kinesisvideosignaling/CHANGELOG.md#v1130-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/kinesisvideowebrtcstorage`: [v1.4.0](service/kinesisvideowebrtcstorage/CHANGELOG.md#v140-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/lexmodelbuildingservice`: [v1.19.0](service/lexmodelbuildingservice/CHANGELOG.md#v1190-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/lexruntimeservice`: [v1.15.0](service/lexruntimeservice/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/lexruntimev2`: [v1.19.0](service/lexruntimev2/CHANGELOG.md#v1190-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/licensemanager`: [v1.20.0](service/licensemanager/CHANGELOG.md#v1200-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/licensemanagerlinuxsubscriptions`: [v1.3.0](service/licensemanagerlinuxsubscriptions/CHANGELOG.md#v130-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/licensemanagerusersubscriptions`: [v1.4.0](service/licensemanagerusersubscriptions/CHANGELOG.md#v140-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/lookoutmetrics`: [v1.21.0](service/lookoutmetrics/CHANGELOG.md#v1210-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/lookoutvision`: [v1.17.0](service/lookoutvision/CHANGELOG.md#v1170-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/machinelearning`: [v1.17.0](service/machinelearning/CHANGELOG.md#v1170-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/macie`: [v1.17.0](service/macie/CHANGELOG.md#v1170-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/macie2`: [v1.29.7](service/macie2/CHANGELOG.md#v1297-2023-09-18)
+  * **Documentation**: This release changes the default managedDataIdentifierSelector setting for new classification jobs to RECOMMENDED. By default, new classification jobs now use the recommended set of managed data identifiers.
+* `github.com/aws/aws-sdk-go-v2/service/marketplacecommerceanalytics`: [v1.14.0](service/marketplacecommerceanalytics/CHANGELOG.md#v1140-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/marketplaceentitlementservice`: [v1.14.0](service/marketplaceentitlementservice/CHANGELOG.md#v1140-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/marketplacemetering`: [v1.16.0](service/marketplacemetering/CHANGELOG.md#v1160-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/mediapackagev2`: [v1.2.0](service/mediapackagev2/CHANGELOG.md#v120-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/mediapackagevod`: [v1.24.0](service/mediapackagevod/CHANGELOG.md#v1240-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/mediastore`: [v1.15.0](service/mediastore/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/mediastoredata`: [v1.15.0](service/mediastoredata/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/medicalimaging`: [v1.2.0](service/medicalimaging/CHANGELOG.md#v120-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/migrationhub`: [v1.15.0](service/migrationhub/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/migrationhubconfig`: [v1.15.0](service/migrationhubconfig/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/migrationhuborchestrator`: [v1.3.0](service/migrationhuborchestrator/CHANGELOG.md#v130-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/migrationhubstrategy`: [v1.11.0](service/migrationhubstrategy/CHANGELOG.md#v1110-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/mobile`: [v1.14.0](service/mobile/CHANGELOG.md#v1140-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/mturk`: [v1.16.0](service/mturk/CHANGELOG.md#v1160-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/neptune`: [v1.22.0](service/neptune/CHANGELOG.md#v1220-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/networkmanager`: [v1.19.0](service/networkmanager/CHANGELOG.md#v1190-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/nimble`: [v1.18.0](service/nimble/CHANGELOG.md#v1180-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/oam`: [v1.3.0](service/oam/CHANGELOG.md#v130-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/opensearchserverless`: [v1.5.0](service/opensearchserverless/CHANGELOG.md#v150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/opsworks`: [v1.16.0](service/opsworks/CHANGELOG.md#v1160-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/opsworkscm`: [v1.17.0](service/opsworkscm/CHANGELOG.md#v1170-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/osis`: [v1.2.0](service/osis/CHANGELOG.md#v120-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/panorama`: [v1.13.0](service/panorama/CHANGELOG.md#v1130-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/paymentcryptography`: [v1.2.0](service/paymentcryptography/CHANGELOG.md#v120-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/personalizeevents`: [v1.15.0](service/personalizeevents/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/personalizeruntime`: [v1.15.0](service/personalizeruntime/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/pinpointemail`: [v1.14.0](service/pinpointemail/CHANGELOG.md#v1140-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/pinpointsmsvoice`: [v1.13.0](service/pinpointsmsvoice/CHANGELOG.md#v1130-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/pinpointsmsvoicev2`: [v1.3.0](service/pinpointsmsvoicev2/CHANGELOG.md#v130-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/pipes`: [v1.4.0](service/pipes/CHANGELOG.md#v140-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/qldbsession`: [v1.16.0](service/qldbsession/CHANGELOG.md#v1160-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/rbin`: [v1.10.0](service/rbin/CHANGELOG.md#v1100-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/rdsdata`: [v1.15.0](service/rdsdata/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/redshiftserverless`: [v1.6.0](service/redshiftserverless/CHANGELOG.md#v160-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/resourceexplorer2`: [v1.4.0](service/resourceexplorer2/CHANGELOG.md#v140-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/resourcegroups`: [v1.16.0](service/resourcegroups/CHANGELOG.md#v1160-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/resourcegroupstaggingapi`: [v1.16.0](service/resourcegroupstaggingapi/CHANGELOG.md#v1160-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/robomaker`: [v1.20.0](service/robomaker/CHANGELOG.md#v1200-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/route53recoverycluster`: [v1.13.0](service/route53recoverycluster/CHANGELOG.md#v1130-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/route53recoverycontrolconfig`: [v1.13.0](service/route53recoverycontrolconfig/CHANGELOG.md#v1130-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/route53recoveryreadiness`: [v1.11.0](service/route53recoveryreadiness/CHANGELOG.md#v1110-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/route53resolver`: [v1.20.0](service/route53resolver/CHANGELOG.md#v1200-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/rum`: [v1.12.0](service/rum/CHANGELOG.md#v1120-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/s3outposts`: [v1.18.0](service/s3outposts/CHANGELOG.md#v1180-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/sagemakera2iruntime`: [v1.17.0](service/sagemakera2iruntime/CHANGELOG.md#v1170-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/sagemakeredge`: [v1.15.0](service/sagemakeredge/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/sagemakergeospatial`: [v1.5.0](service/sagemakergeospatial/CHANGELOG.md#v150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/sagemakermetrics`: [v1.2.0](service/sagemakermetrics/CHANGELOG.md#v120-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/scheduler`: [v1.3.0](service/scheduler/CHANGELOG.md#v130-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/schemas`: [v1.17.0](service/schemas/CHANGELOG.md#v1170-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/serverlessapplicationrepository`: [v1.14.0](service/serverlessapplicationrepository/CHANGELOG.md#v1140-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/servicecatalogappregistry`: [v1.19.0](service/servicecatalogappregistry/CHANGELOG.md#v1190-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/servicediscovery`: [v1.23.0](service/servicediscovery/CHANGELOG.md#v1230-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/shield`: [v1.20.0](service/shield/CHANGELOG.md#v1200-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/sms`: [v1.15.0](service/sms/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/snowdevicemanagement`: [v1.11.0](service/snowdevicemanagement/CHANGELOG.md#v1110-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/sns`: [v1.22.0](service/sns/CHANGELOG.md#v1220-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/ssmcontacts`: [v1.17.0](service/ssmcontacts/CHANGELOG.md#v1170-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/ssmincidents`: [v1.23.0](service/ssmincidents/CHANGELOG.md#v1230-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/ssmsap`: [v1.5.0](service/ssmsap/CHANGELOG.md#v150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/sso`: [v1.14.0](service/sso/CHANGELOG.md#v1140-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/ssooidc`: [v1.16.0](service/ssooidc/CHANGELOG.md#v1160-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/storagegateway`: [v1.20.0](service/storagegateway/CHANGELOG.md#v1200-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/sts`: [v1.22.0](service/sts/CHANGELOG.md#v1220-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/supportapp`: [v1.4.0](service/supportapp/CHANGELOG.md#v140-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/synthetics`: [v1.19.0](service/synthetics/CHANGELOG.md#v1190-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/textract`: [v1.23.0](service/textract/CHANGELOG.md#v1230-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/timestreamquery`: [v1.17.0](service/timestreamquery/CHANGELOG.md#v1170-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/timestreamwrite`: [v1.19.0](service/timestreamwrite/CHANGELOG.md#v1190-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/tnb`: [v1.3.0](service/tnb/CHANGELOG.md#v130-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/transcribestreaming`: [v1.11.0](service/transcribestreaming/CHANGELOG.md#v1110-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/voiceid`: [v1.15.0](service/voiceid/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/waf`: [v1.14.0](service/waf/CHANGELOG.md#v1140-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/wafregional`: [v1.15.0](service/wafregional/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/workdocs`: [v1.16.0](service/workdocs/CHANGELOG.md#v1160-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/worklink`: [v1.15.0](service/worklink/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/workmail`: [v1.20.0](service/workmail/CHANGELOG.md#v1200-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+  * **Feature**: This release includes four new APIs UpdateUser, UpdateGroup, ListGroupsForEntity and DescribeEntity, along with RemoteUsers and some enhancements to existing APIs.
+* `github.com/aws/aws-sdk-go-v2/service/workmailmessageflow`: [v1.14.0](service/workmailmessageflow/CHANGELOG.md#v1140-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+
+# Release (2023-09-15)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/appstream`: [v1.24.0](service/appstream/CHANGELOG.md#v1240-2023-09-15)
+  * **Feature**: This release introduces app block builder, allowing customers to provision a resource to package applications into an app block
+* `github.com/aws/aws-sdk-go-v2/service/connect`: [v1.67.0](service/connect/CHANGELOG.md#v1670-2023-09-15)
+  * **Feature**: New rule type (OnMetricDataUpdate) has been added
+* `github.com/aws/aws-sdk-go-v2/service/datasync`: [v1.29.1](service/datasync/CHANGELOG.md#v1291-2023-09-15)
+  * **Documentation**: Documentation-only updates for AWS DataSync.
+* `github.com/aws/aws-sdk-go-v2/service/sagemaker`: [v1.106.0](service/sagemaker/CHANGELOG.md#v11060-2023-09-15)
+  * **Feature**: This release introduces Skip Model Validation for Model Packages
+
+# Release (2023-09-14)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/appstream`: [v1.23.0](service/appstream/CHANGELOG.md#v1230-2023-09-14)
+  * **Feature**: This release introduces multi-session fleets, allowing customers to provision more than one user session on a single fleet instance.
+* `github.com/aws/aws-sdk-go-v2/service/cloudformation`: [v1.34.6](service/cloudformation/CHANGELOG.md#v1346-2023-09-14)
+  * **Documentation**: Documentation updates for AWS CloudFormation
+* `github.com/aws/aws-sdk-go-v2/service/entityresolution`: [v1.2.0](service/entityresolution/CHANGELOG.md#v120-2023-09-14)
+  * **Feature**: Changed "ResolutionTechniques" and "MappedInputFields" in workflow and schema mapping operations to be required fields.
+* `github.com/aws/aws-sdk-go-v2/service/lookoutequipment`: [v1.19.0](service/lookoutequipment/CHANGELOG.md#v1190-2023-09-14)
+  * **Feature**: This release adds APIs for the new scheduled retraining feature.
+
+# Release (2023-09-13)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/cloud9`: [v1.18.8](service/cloud9/CHANGELOG.md#v1188-2023-09-13)
+  * **Documentation**: Update to include information on Ubuntu 18 deprecation.
+* `github.com/aws/aws-sdk-go-v2/service/drs`: [v1.16.0](service/drs/CHANGELOG.md#v1160-2023-09-13)
+  * **Feature**: Updated existing APIs and added new ones to support using AWS Elastic Disaster Recovery post-launch actions. Added support for new regions.
+* `github.com/aws/aws-sdk-go-v2/service/firehose`: [v1.18.0](service/firehose/CHANGELOG.md#v1180-2023-09-13)
+  * **Feature**: DocumentIdOptions has been added for the Amazon OpenSearch destination.
+* `github.com/aws/aws-sdk-go-v2/service/guardduty`: [v1.27.0](service/guardduty/CHANGELOG.md#v1270-2023-09-13)
+  * **Feature**: Add `managementType` field to ListCoverage API response.
+* `github.com/aws/aws-sdk-go-v2/service/internetmonitor`: [v1.6.0](service/internetmonitor/CHANGELOG.md#v160-2023-09-13)
+  * **Feature**: This release updates the Amazon CloudWatch Internet Monitor API domain name.
+* `github.com/aws/aws-sdk-go-v2/service/ivsrealtime`: [v1.4.4](service/ivsrealtime/CHANGELOG.md#v144-2023-09-13)
+  * **Documentation**: Doc only update that changes description for ParticipantToken.
+* `github.com/aws/aws-sdk-go-v2/service/simspaceweaver`: [v1.5.1](service/simspaceweaver/CHANGELOG.md#v151-2023-09-13)
+  * **Documentation**: Edited the introductory text for the API reference.
+* `github.com/aws/aws-sdk-go-v2/service/xray`: [v1.18.0](service/xray/CHANGELOG.md#v1180-2023-09-13)
+  * **Feature**: Add StartTime field in GetTraceSummaries API response for each TraceSummary.
+
+# Release (2023-09-12)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/ec2`: [v1.118.0](service/ec2/CHANGELOG.md#v11180-2023-09-12)
+  * **Feature**: This release adds support for restricting public sharing of AMIs through AMI Block Public Access
+* `github.com/aws/aws-sdk-go-v2/service/eventbridge`: [v1.22.0](service/eventbridge/CHANGELOG.md#v1220-2023-09-12)
+  * **Feature**: Adds sensitive trait to various shapes in Jetstream Connections API model.
+* `github.com/aws/aws-sdk-go-v2/service/kendra`: [v1.43.0](service/kendra/CHANGELOG.md#v1430-2023-09-12)
+  * **Feature**: Amazon Kendra now supports confidence score buckets for retrieved passage results using the Retrieve API.
+
+# Release (2023-09-11)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/ecr`: [v1.20.0](service/ecr/CHANGELOG.md#v1200-2023-09-11)
+  * **Feature**: This release will have ValidationException be thrown from ECR LifecyclePolicy APIs in regions LifecyclePolicy is not supported, this includes existing Amazon Dedicated Cloud (ADC) regions. This release will also change Tag: TagValue and Tag: TagKey to required.
+* `github.com/aws/aws-sdk-go-v2/service/medialive`: [v1.37.0](service/medialive/CHANGELOG.md#v1370-2023-09-11)
+  * **Feature**: AWS Elemental Link now supports attaching a Link UHD device to a MediaConnect flow.
+* `github.com/aws/aws-sdk-go-v2/service/quicksight`: [v1.43.0](service/quicksight/CHANGELOG.md#v1430-2023-09-11)
+  * **Feature**: This release launches new updates to QuickSight KPI visuals - support for sparklines, new templated layout and new targets for conditional formatting rules.
+
+# Release (2023-09-08)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/fsx`: [v1.32.6](service/fsx/CHANGELOG.md#v1326-2023-09-08)
+  * **Documentation**: Amazon FSx documentation fixes
+* `github.com/aws/aws-sdk-go-v2/service/sagemaker`: [v1.105.0](service/sagemaker/CHANGELOG.md#v11050-2023-09-08)
+  * **Feature**: Autopilot APIs will now support holiday featurization for Timeseries models. The models will now hold holiday metadata and should be able to accommodate holiday effect during inference.
+* `github.com/aws/aws-sdk-go-v2/service/ssoadmin`: [v1.18.0](service/ssoadmin/CHANGELOG.md#v1180-2023-09-08)
+  * **Feature**: Content updates to IAM Identity Center API for China Regions.
+* `github.com/aws/aws-sdk-go-v2/service/workspaces`: [v1.30.0](service/workspaces/CHANGELOG.md#v1300-2023-09-08)
+  * **Feature**: A new field "ErrorDetails" will be added to the output of "DescribeWorkspaceImages" API call. This field provides in-depth details about the error occurred during image import process. These details include the possible causes of the errors and troubleshooting information.
+
+# Release (2023-09-07)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/securityhub`: [v1.36.2](service/securityhub/CHANGELOG.md#v1362-2023-09-07)
+  * **Documentation**: Documentation updates for AWS Security Hub
+* `github.com/aws/aws-sdk-go-v2/service/simspaceweaver`: [v1.5.0](service/simspaceweaver/CHANGELOG.md#v150-2023-09-07)
+  * **Feature**: BucketName and ObjectKey are now required for the S3Location data type. BucketName is now required for the S3Destination data type.
+
+# Release (2023-09-06)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/appflow`: [v1.35.0](service/appflow/CHANGELOG.md#v1350-2023-09-06)
+  * **Feature**: Adding OAuth2.0 support for servicenow connector.
+* `github.com/aws/aws-sdk-go-v2/service/ec2`: [v1.117.0](service/ec2/CHANGELOG.md#v11170-2023-09-06)
+  * **Feature**: This release adds 'outpost' location type to the DescribeInstanceTypeOfferings API, allowing customers that have been allowlisted for outpost to query their offerings in the API.
+* `github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2`: [v1.21.4](service/elasticloadbalancingv2/CHANGELOG.md#v1214-2023-09-06)
+  * **Documentation**: This release enables default UDP connection termination and disabling unhealthy target connection termination for Network Load Balancers.
+* `github.com/aws/aws-sdk-go-v2/service/medialive`: [v1.36.0](service/medialive/CHANGELOG.md#v1360-2023-09-06)
+  * **Feature**: Adds advanced Output Locking options for Epoch Locking: Custom Epoch and Jam Sync Time
+* `github.com/aws/aws-sdk-go-v2/service/wafv2`: [v1.38.0](service/wafv2/CHANGELOG.md#v1380-2023-09-06)
+  * **Feature**: The targeted protection level of the Bot Control managed rule group now provides optional, machine-learning analysis of traffic statistics to detect some bot-related activity. You can enable or disable the machine learning functionality through the API.
+
+# Release (2023-09-05)
+
+## General Highlights
+* **Dependency Update**: Updated to the latest SDK module versions
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/billingconductor`: [v1.9.0](service/billingconductor/CHANGELOG.md#v190-2023-09-05)
+  * **Feature**: This release adds support for line item filtering in for the custom line item resource.
+* `github.com/aws/aws-sdk-go-v2/service/cloud9`: [v1.18.7](service/cloud9/CHANGELOG.md#v1187-2023-09-05)
+  * **Documentation**: Added support for Ubuntu 22.04 that was not picked up in a previous Trebuchet request. Doc-only update.
+* `github.com/aws/aws-sdk-go-v2/service/computeoptimizer`: [v1.27.0](service/computeoptimizer/CHANGELOG.md#v1270-2023-09-05)
+  * **Feature**: This release adds support to provide recommendations for G4dn and P3 instances that use NVIDIA GPUs.
+* `github.com/aws/aws-sdk-go-v2/service/ec2`: [v1.116.0](service/ec2/CHANGELOG.md#v11160-2023-09-05)
+  * **Feature**: Introducing Amazon EC2 C7gd, M7gd, and R7gd Instances with up to 3.8 TB of local NVMe-based SSD block-level storage. These instances are powered by AWS Graviton3 processors, delivering up to 25% better performance over Graviton2-based instances.
+* `github.com/aws/aws-sdk-go-v2/service/ecs`: [v1.30.1](service/ecs/CHANGELOG.md#v1301-2023-09-05)
+  * **Documentation**: Documentation only update for Amazon ECS.
+* `github.com/aws/aws-sdk-go-v2/service/eventbridge`: [v1.21.0](service/eventbridge/CHANGELOG.md#v1210-2023-09-05)
+  * **Feature**: Improve Endpoint Ruleset test coverage.
+* `github.com/aws/aws-sdk-go-v2/service/rds`: [v1.54.0](service/rds/CHANGELOG.md#v1540-2023-09-05)
+  * **Feature**: Add support for feature integration with AWS Backup.
+* `github.com/aws/aws-sdk-go-v2/service/sagemaker`: [v1.104.0](service/sagemaker/CHANGELOG.md#v11040-2023-09-05)
+  * **Feature**: SageMaker Neo now supports data input shape derivation for Pytorch 2.0  and XGBoost compilation job for cloud instance targets. You can skip DataInputConfig field during compilation job creation. You can also access derived information from model in DescribeCompilationJob response.
+* `github.com/aws/aws-sdk-go-v2/service/vpclattice`: [v1.2.0](service/vpclattice/CHANGELOG.md#v120-2023-09-05)
+  * **Feature**: This release adds Lambda event structure version config support for LAMBDA target groups. It also adds newline support for auth policies.
+
+# Release (2023-09-01)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/chimesdkmediapipelines`: [v1.8.0](service/chimesdkmediapipelines/CHANGELOG.md#v180-2023-09-01)
+  * **Feature**: This release adds support for the Voice Analytics feature for customer-owned KVS streams as part of the Amazon Chime SDK call analytics.
+* `github.com/aws/aws-sdk-go-v2/service/connect`: [v1.66.0](service/connect/CHANGELOG.md#v1660-2023-09-01)
+  * **Feature**: Amazon Connect adds the ability to read, create, update, delete, and list view resources, and adds the ability to read, create, delete, and list view versions.
+* `github.com/aws/aws-sdk-go-v2/service/identitystore`: [v1.18.0](service/identitystore/CHANGELOG.md#v1180-2023-09-01)
+  * **Feature**: New Identity Store content for China Region launch
+* `github.com/aws/aws-sdk-go-v2/service/neptunedata`: [v1.0.1](service/neptunedata/CHANGELOG.md#v101-2023-09-01)
+  * **Documentation**: Removed the descriptive text in the introduction.
+
+# Release (2023-08-31)
+
+## General Highlights
+* **Dependency Update**: Updated to the latest SDK module versions
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/chimesdkmediapipelines`: [v1.7.0](service/chimesdkmediapipelines/CHANGELOG.md#v170-2023-08-31)
+  * **Feature**: This release adds support for feature Voice Enhancement for Call Recording as part of Amazon Chime SDK call analytics.
+* `github.com/aws/aws-sdk-go-v2/service/cloudhsm`: [v1.15.0](service/cloudhsm/CHANGELOG.md#v1150-2023-08-31)
+  * **Feature**: Deprecating CloudHSM Classic API Service.
+* `github.com/aws/aws-sdk-go-v2/service/cloudwatchevents`: [v1.17.0](service/cloudwatchevents/CHANGELOG.md#v1170-2023-08-31)
+  * **Feature**: Documentation updates for CloudWatch Events.
+* `github.com/aws/aws-sdk-go-v2/service/connectcampaigns`: [v1.4.0](service/connectcampaigns/CHANGELOG.md#v140-2023-08-31)
+  * **Feature**: Amazon Connect outbound campaigns has launched agentless dialing mode which enables customers to make automated outbound calls without agent engagement. This release updates three of the campaign management API's to support the new agentless dialing mode and the new dialing capacity field.
+* `github.com/aws/aws-sdk-go-v2/service/connectparticipant`: [v1.17.0](service/connectparticipant/CHANGELOG.md#v1170-2023-08-31)
+  * **Feature**: Amazon Connect Participant Service adds the ability to get a view resource using a view token, which is provided in a participant message, with the release of the DescribeView API.
+* `github.com/aws/aws-sdk-go-v2/service/customerprofiles`: [v1.28.0](service/customerprofiles/CHANGELOG.md#v1280-2023-08-31)
+  * **Feature**: Adds sensitive trait to various shapes in Customer Profiles API model.
+* `github.com/aws/aws-sdk-go-v2/service/ecs`: [v1.30.0](service/ecs/CHANGELOG.md#v1300-2023-08-31)
+  * **Feature**: This release adds support for an account-level setting that you can use to configure the number of days for AWS Fargate task retirement.
+* `github.com/aws/aws-sdk-go-v2/service/health`: [v1.19.0](service/health/CHANGELOG.md#v1190-2023-08-31)
+  * **Feature**: Adds new API DescribeEntityAggregatesForOrganization that retrieves entity aggregates across your organization. Also adds support for resource status filtering in DescribeAffectedEntitiesForOrganization, resource status aggregates in the DescribeEntityAggregates response, and new resource statuses.
+* `github.com/aws/aws-sdk-go-v2/service/ivs`: [v1.26.0](service/ivs/CHANGELOG.md#v1260-2023-08-31)
+  * **Feature**: Updated "type" description for CreateChannel, UpdateChannel, Channel, and ChannelSummary.
+* `github.com/aws/aws-sdk-go-v2/service/kafkaconnect`: [v1.11.0](service/kafkaconnect/CHANGELOG.md#v1110-2023-08-31)
+  * **Feature**: Minor model changes for Kafka Connect as well as endpoint updates.
+* `github.com/aws/aws-sdk-go-v2/service/paymentcryptographydata`: [v1.2.0](service/paymentcryptographydata/CHANGELOG.md#v120-2023-08-31)
+  * **Feature**: Make KeyCheckValue field optional when using asymmetric keys as Key Check Values typically only apply to symmetric keys
+* `github.com/aws/aws-sdk-go-v2/service/sagemakerruntime`: [v1.21.0](service/sagemakerruntime/CHANGELOG.md#v1210-2023-08-31)
+  * **Feature**: This release adds a new InvokeEndpointWithResponseStream API to support streaming of model responses.
+
+# Release (2023-08-30)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/appflow`: [v1.34.0](service/appflow/CHANGELOG.md#v1340-2023-08-30)
+  * **Feature**: Add SAP source connector parallel and pagination feature
+* `github.com/aws/aws-sdk-go-v2/service/apprunner`: [v1.19.0](service/apprunner/CHANGELOG.md#v1190-2023-08-30)
+  * **Feature**: App Runner adds support for Bitbucket. You can now create App Runner connection that connects to your Bitbucket repositories and deploy App Runner service with the source code stored in a Bitbucket repository.
+* `github.com/aws/aws-sdk-go-v2/service/cleanrooms`: [v1.4.0](service/cleanrooms/CHANGELOG.md#v140-2023-08-30)
+  * **Feature**: This release decouples member abilities in a collaboration. With this change, the member who can run queries no longer needs to be the same as the member who can receive results.
+* `github.com/aws/aws-sdk-go-v2/service/datasync`: [v1.29.0](service/datasync/CHANGELOG.md#v1290-2023-08-30)
+  * **Feature**: AWS DataSync introduces Task Reports, a new feature that provides detailed reports of data transfer operations for each task execution.
+* `github.com/aws/aws-sdk-go-v2/service/neptunedata`: [v1.0.0](service/neptunedata/CHANGELOG.md#v100-2023-08-30)
+  * **Release**: New AWS service client module
+  * **Feature**: Allows customers to execute data plane actions like bulk loading graphs, issuing graph queries using Gremlin and openCypher directly from the SDK.
+* `github.com/aws/aws-sdk-go-v2/service/networkfirewall`: [v1.30.0](service/networkfirewall/CHANGELOG.md#v1300-2023-08-30)
+  * **Feature**: Network Firewall increasing pagination token string length
+* `github.com/aws/aws-sdk-go-v2/service/pcaconnectorad`: [v1.0.0](service/pcaconnectorad/CHANGELOG.md#v100-2023-08-30)
+  * **Release**: New AWS service client module
+  * **Feature**: The Connector for AD allows you to use a fully-managed AWS Private CA as a drop-in replacement for your self-managed enterprise CAs without local agents or proxy servers. Enterprises that use AD to manage Windows environments can reduce their private certificate authority (CA) costs and complexity.
+* `github.com/aws/aws-sdk-go-v2/service/sagemaker`: [v1.103.0](service/sagemaker/CHANGELOG.md#v11030-2023-08-30)
+  * **Feature**: Amazon SageMaker Canvas adds IdentityProviderOAuthSettings support for CanvasAppSettings
+
+# Release (2023-08-29)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider`: [v1.26.0](service/cognitoidentityprovider/CHANGELOG.md#v1260-2023-08-29)
+  * **Feature**: Added API example requests and responses for several operations. Fixed the validation regex for user pools Identity Provider name.
+* `github.com/aws/aws-sdk-go-v2/service/fsx`: [v1.32.5](service/fsx/CHANGELOG.md#v1325-2023-08-29)
+  * **Documentation**: Documentation updates for project quotas.
+* `github.com/aws/aws-sdk-go-v2/service/omics`: [v1.9.0](service/omics/CHANGELOG.md#v190-2023-08-29)
+  * **Feature**: Add RetentionMode support for Runs.
+* `github.com/aws/aws-sdk-go-v2/service/sesv2`: [v1.20.0](service/sesv2/CHANGELOG.md#v1200-2023-08-29)
+  * **Feature**: Adds support for the new Export and Message Insights features: create, get, list and cancel export jobs; get message insights.
+
+# Release (2023-08-28)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/backup`: [v1.25.0](service/backup/CHANGELOG.md#v1250-2023-08-28)
+  * **Feature**: Add support for customizing time zone for backup window in backup plan rules.
+* `github.com/aws/aws-sdk-go-v2/service/computeoptimizer`: [v1.26.0](service/computeoptimizer/CHANGELOG.md#v1260-2023-08-28)
+  * **Feature**: This release enables AWS Compute Optimizer to analyze and generate licensing optimization recommendations for sql server running on EC2 instances.
+* `github.com/aws/aws-sdk-go-v2/service/organizations`: [v1.20.6](service/organizations/CHANGELOG.md#v1206-2023-08-28)
+  * **Documentation**: Documentation updates for permissions and links.
+* `github.com/aws/aws-sdk-go-v2/service/securitylake`: [v1.7.0](service/securitylake/CHANGELOG.md#v170-2023-08-28)
+  * **Feature**: Remove incorrect regex enforcement on pagination tokens.
+* `github.com/aws/aws-sdk-go-v2/service/servicequotas`: [v1.16.0](service/servicequotas/CHANGELOG.md#v1160-2023-08-28)
+  * **Feature**: Service Quotas now supports viewing the applied quota value and requesting a quota increase for a specific resource in an AWS account.
+* `github.com/aws/aws-sdk-go-v2/service/workspacesweb`: [v1.12.0](service/workspacesweb/CHANGELOG.md#v1120-2023-08-28)
+  * **Feature**: WorkSpaces Web now enables Admins to configure which cookies are synchronized from an end-user's local browser to the in-session browser. In conjunction with a browser extension, this feature enables enhanced Single-Sign On capability by reducing the number of times an end-user has to authenticate.
+
+# Release (2023-08-25)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/cloudtrail`: [v1.29.0](service/cloudtrail/CHANGELOG.md#v1290-2023-08-25)
+  * **Feature**: Add ThrottlingException with error code 429 to handle CloudTrail Delegated Admin request rate exceeded on organization resources.
+* `github.com/aws/aws-sdk-go-v2/service/cloudwatch`: [v1.27.7](service/cloudwatch/CHANGELOG.md#v1277-2023-08-25)
+  * **Documentation**: Doc-only update to get doc bug fixes into the SDK docs
+
+# Release (2023-08-24)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/ec2`: [v1.115.0](service/ec2/CHANGELOG.md#v11150-2023-08-24)
+  * **Feature**: Amazon EC2 M7a instances, powered by 4th generation AMD EPYC processors, deliver up to 50% higher performance compared to M6a instances. Amazon EC2 Hpc7a instances, powered by 4th Gen AMD EPYC processors, deliver up to 2.5x better performance compared to Amazon EC2 Hpc6a instances.
+* `github.com/aws/aws-sdk-go-v2/service/glue`: [v1.62.0](service/glue/CHANGELOG.md#v1620-2023-08-24)
+  * **Feature**: Added API attributes that help in the monitoring of sessions.
+* `github.com/aws/aws-sdk-go-v2/service/mediaconvert`: [v1.41.0](service/mediaconvert/CHANGELOG.md#v1410-2023-08-24)
+  * **Feature**: This release includes additional audio channel tags in Quicktime outputs, support for film grain synthesis for AV1 outputs, ability to create audio-only FLAC outputs, and ability to specify Amazon S3 destination storage class.
+* `github.com/aws/aws-sdk-go-v2/service/medialive`: [v1.35.0](service/medialive/CHANGELOG.md#v1350-2023-08-24)
+  * **Feature**: MediaLive now supports passthrough of KLV data to a HLS output group with a TS container. MediaLive now supports setting an attenuation mode for AC3 audio when the coding mode is 3/2 LFE. MediaLive now supports specifying whether to include filler NAL units in RTMP output group settings.
+* `github.com/aws/aws-sdk-go-v2/service/mediatailor`: [v1.27.0](service/mediatailor/CHANGELOG.md#v1270-2023-08-24)
+  * **Feature**: Adds new source location AUTODETECT_SIGV4 access type.
+* `github.com/aws/aws-sdk-go-v2/service/quicksight`: [v1.42.0](service/quicksight/CHANGELOG.md#v1420-2023-08-24)
+  * **Feature**: Excel support in Snapshot Export APIs. Removed Required trait for some insight Computations. Namespace-shared Folders support. Global Filters support. Table pin Column support.
+* `github.com/aws/aws-sdk-go-v2/service/rds`: [v1.53.0](service/rds/CHANGELOG.md#v1530-2023-08-24)
+  * **Feature**: This release updates the supported versions for Percona XtraBackup in Aurora MySQL.
+* `github.com/aws/aws-sdk-go-v2/service/s3control`: [v1.33.0](service/s3control/CHANGELOG.md#v1330-2023-08-24)
+  * **Feature**: Updates to endpoint ruleset tests to address Smithy validation issues and standardize the capitalization of DualStack.
+* `github.com/aws/aws-sdk-go-v2/service/verifiedpermissions`: [v1.2.1](service/verifiedpermissions/CHANGELOG.md#v121-2023-08-24)
+  * **Documentation**: Documentation updates for Amazon Verified Permissions.
+
+# Release (2023-08-23)
+
+## General Highlights
+* **Dependency Update**: Updated to the latest SDK module versions
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/apigateway`: [v1.18.0](service/apigateway/CHANGELOG.md#v1180-2023-08-23)
+  * **Feature**: This release adds RootResourceId to GetRestApi response.
+* `github.com/aws/aws-sdk-go-v2/service/polly`: [v1.31.0](service/polly/CHANGELOG.md#v1310-2023-08-23)
+  * **Feature**: Amazon Polly adds 1 new voice - Zayd (ar-AE)
+
+# Release (2023-08-22)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/costexplorer`: [v1.28.0](service/costexplorer/CHANGELOG.md#v1280-2023-08-22)
+  * **Feature**: This release adds the LastUpdatedDate and LastUsedDate timestamps to help you manage your cost allocation tags.
+* `github.com/aws/aws-sdk-go-v2/service/globalaccelerator`: [v1.17.7](service/globalaccelerator/CHANGELOG.md#v1177-2023-08-22)
+  * **Documentation**: Global Accelerator now supports Client Ip Preservation for Network Load Balancer endpoints.
+* `github.com/aws/aws-sdk-go-v2/service/rds`: [v1.52.0](service/rds/CHANGELOG.md#v1520-2023-08-22)
+  * **Feature**: Adding parameters to CreateCustomDbEngineVersion reserved for future use.
+* `github.com/aws/aws-sdk-go-v2/service/verifiedpermissions`: [v1.2.0](service/verifiedpermissions/CHANGELOG.md#v120-2023-08-22)
+  * **Feature**: Documentation updates for Amazon Verified Permissions. Increases max results per page for ListPolicyStores, ListPolicies, and ListPolicyTemplates APIs from 20 to 50.
+
 # Release (2023-08-21)
 
 ## General Highlights
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go
index 8cd672b6ff7..cd38b9280f1 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go
@@ -3,4 +3,4 @@
 package aws
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.21.0"
+const goModuleVersion = "1.21.2"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/retryable_error.go b/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/retryable_error.go
index 00d7d3eeeaf..987affdde6f 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/retryable_error.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/retryable_error.go
@@ -97,11 +97,21 @@ func (r RetryableConnectionError) IsErrorRetryable(err error) aws.Ternary {
 	var netOpErr *net.OpError
 	var dnsError *net.DNSError
 
-	switch {
-	case errors.As(err, &dnsError):
+	if errors.As(err, &dnsError) {
 		// NXDOMAIN errors should not be retried
-		retryable = !dnsError.IsNotFound && dnsError.IsTemporary
+		if dnsError.IsNotFound {
+			return aws.BoolTernary(false)
+		}
+
+		// if !dnsError.Temporary(), error may or may not be temporary,
+		// (i.e. !Temporary() =/=> !retryable) so we should fall through to
+		// remaining checks
+		if dnsError.Temporary() {
+			return aws.BoolTernary(true)
+		}
+	}
 
+	switch {
 	case errors.As(err, &conErr) && conErr.ConnectionError():
 		retryable = true
 
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/ci-find-smithy-go.sh b/vendor/github.com/aws/aws-sdk-go-v2/ci-find-smithy-go.sh
index 9b8f3a3d219..4da5d09cbf6 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/ci-find-smithy-go.sh
+++ b/vendor/github.com/aws/aws-sdk-go-v2/ci-find-smithy-go.sh
@@ -18,7 +18,7 @@ if [ -z "$RUNNER_TMPDIR" ]; then
     exit 1
 fi
 
-branch=`git branch --show-current`
+branch=$(git branch --show-current)
 if [ "$branch" == main ]; then
     echo aws-sdk-go-v2 is on branch main, stop
     exit 0
@@ -38,10 +38,10 @@ fi
 
 echo on branch \"$branch\"
 while [ -n "$branch" ] && [[ "$branch" == *-* ]]; do
-    echo looking for $branch...
-    git ls-remote --exit-code --heads $repository refs/heads/$branch
+    echo looking for "$branch"...
+    git ls-remote --exit-code --heads "$repository" refs/heads/"$branch"
     if [ "$?" == 0 ]; then
-        echo found $branch
+        echo found "$branch"
         matched_branch=$branch
         break
     fi
@@ -54,5 +54,5 @@ if [ -z "$matched_branch" ]; then
     exit 0
 fi
 
-git clone -b $matched_branch $repository $RUNNER_TMPDIR/smithy-go
+git clone -b "$matched_branch" "$repository" "$RUNNER_TMPDIR"/smithy-go
 SMITHY_GO_SRC=$RUNNER_TMPDIR/smithy-go make gen-mod-replace-smithy-.
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/config/CHANGELOG.md
index 7740402167b..e1ddd4cd17c 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/config/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/config/CHANGELOG.md
@@ -1,3 +1,38 @@
+# v1.18.45 (2023-10-12)
+
+* **Bug Fix**: Fail to load config if an explicitly provided profile doesn't exist.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.18.44 (2023-10-06)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.18.43 (2023-10-02)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.18.42 (2023-09-22)
+
+* **Bug Fix**: Fixed a bug where merging `max_attempts` or `duration_seconds` fields across shared config files with invalid values would silently default them to 0.
+* **Bug Fix**: Move type assertion of config values out of the parsing stage, which resolves an issue where the contents of a profile would silently be dropped with certain numeric formats.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.18.41 (2023-09-20)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.18.40 (2023-09-18)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.18.39 (2023-09-05)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.18.38 (2023-08-31)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.18.37 (2023-08-23)
 
 * No change notes available for this release.
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/config.go b/vendor/github.com/aws/aws-sdk-go-v2/config/config.go
index 138f8e76da7..bf26eab9a9a 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/config/config.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/config/config.go
@@ -2,18 +2,11 @@ package config
 
 import (
 	"context"
+	"os"
 
 	"github.com/aws/aws-sdk-go-v2/aws"
 )
 
-// defaultLoaders are a slice of functions that will read external configuration
-// sources for configuration values. These values are read by the AWSConfigResolvers
-// using interfaces to extract specific information from the external configuration.
-var defaultLoaders = []loader{
-	loadEnvConfig,
-	loadSharedConfigIgnoreNotExist,
-}
-
 // defaultAWSConfigResolvers are a slice of functions that will resolve external
 // configuration values into AWS configuration values.
 //
@@ -190,7 +183,7 @@ func LoadDefaultConfig(ctx context.Context, optFns ...func(*LoadOptions) error)
 	// assign Load Options to configs
 	var cfgCpy = configs{options}
 
-	cfgCpy, err = cfgCpy.AppendFromLoaders(ctx, defaultLoaders)
+	cfgCpy, err = cfgCpy.AppendFromLoaders(ctx, resolveConfigLoaders(&options))
 	if err != nil {
 		return aws.Config{}, err
 	}
@@ -202,3 +195,17 @@ func LoadDefaultConfig(ctx context.Context, optFns ...func(*LoadOptions) error)
 
 	return cfg, nil
 }
+
+func resolveConfigLoaders(options *LoadOptions) []loader {
+	loaders := make([]loader, 2)
+	loaders[0] = loadEnvConfig
+
+	// specification of a profile should cause a load failure if it doesn't exist
+	if os.Getenv(awsProfileEnvVar) != "" || options.SharedConfigProfile != "" {
+		loaders[1] = loadSharedConfig
+	} else {
+		loaders[1] = loadSharedConfigIgnoreNotExist
+	}
+
+	return loaders
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/config/go_module_metadata.go
index c973bb552ee..22c98ac0146 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/config/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/config/go_module_metadata.go
@@ -3,4 +3,4 @@
 package config
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.18.37"
+const goModuleVersion = "1.18.45"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/shared_config.go b/vendor/github.com/aws/aws-sdk-go-v2/config/shared_config.go
index e699194d376..ae5ba76584e 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/config/shared_config.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/config/shared_config.go
@@ -740,6 +740,8 @@ func mergeSections(dst *ini.Sections, src ini.Sections) error {
 			defaultsModeKey,
 			retryModeKey,
 			caBundleKey,
+			roleDurationSecondsKey,
+			retryMaxAttemptsKey,
 
 			ssoSessionNameKey,
 			ssoAccountIDKey,
@@ -753,16 +755,6 @@ func mergeSections(dst *ini.Sections, src ini.Sections) error {
 			}
 		}
 
-		intKeys := []string{
-			roleDurationSecondsKey,
-			retryMaxAttemptsKey,
-		}
-		for i := range intKeys {
-			if err := mergeIntKey(&srcSection, &dstSection, sectionName, intKeys[i]); err != nil {
-				return err
-			}
-		}
-
 		// set srcSection on dst srcSection
 		*dst = dst.SetSection(sectionName, dstSection)
 	}
@@ -789,26 +781,6 @@ func mergeStringKey(srcSection *ini.Section, dstSection *ini.Section, sectionNam
 	return nil
 }
 
-func mergeIntKey(srcSection *ini.Section, dstSection *ini.Section, sectionName, key string) error {
-	if srcSection.Has(key) {
-		srcValue := srcSection.Int(key)
-		v, err := ini.NewIntValue(srcValue)
-		if err != nil {
-			return fmt.Errorf("error merging %s, %w", key, err)
-		}
-
-		if dstSection.Has(key) {
-			dstSection.Logs = append(dstSection.Logs, newMergeKeyLogMessage(sectionName, key,
-				dstSection.SourceFile[key], srcSection.SourceFile[key]))
-
-		}
-
-		dstSection.UpdateValue(key, v)
-		dstSection.UpdateSourceFile(key, srcSection.SourceFile[key])
-	}
-	return nil
-}
-
 func newMergeKeyLogMessage(sectionName, key, dstSourceFile, srcSourceFile string) string {
 	return fmt.Sprintf("For profile: %v, overriding %v value, defined in %v "+
 		"with a %v value found in a duplicate profile defined at file %v. \n",
@@ -962,9 +934,16 @@ func (c *SharedConfig) setFromIniSection(profile string, section ini.Section) er
 	updateString(&c.SSOAccountID, section, ssoAccountIDKey)
 	updateString(&c.SSORoleName, section, ssoRoleNameKey)
 
+	// we're retaining a behavioral quirk with this field that existed before
+	// the removal of literal parsing for #2276:
+	//   - if the key is missing, the config field will not be set
+	//   - if the key is set to a non-numeric, the config field will be set to 0
 	if section.Has(roleDurationSecondsKey) {
-		d := time.Duration(section.Int(roleDurationSecondsKey)) * time.Second
-		c.RoleDurationSeconds = &d
+		if v, ok := section.Int(roleDurationSecondsKey); ok {
+			c.RoleDurationSeconds = aws.Duration(time.Duration(v) * time.Second)
+		} else {
+			c.RoleDurationSeconds = aws.Duration(time.Duration(0))
+		}
 	}
 
 	updateString(&c.CredentialProcess, section, credentialProcessKey)
@@ -1314,12 +1293,13 @@ func updateInt(dst *int, section ini.Section, key string) error {
 	if !section.Has(key) {
 		return nil
 	}
-	if vt, _ := section.ValueType(key); vt != ini.IntegerType {
-		return fmt.Errorf("invalid value %s=%s, expect integer",
-			key, section.String(key))
 
+	v, ok := section.Int(key)
+	if !ok {
+		return fmt.Errorf("invalid value %s=%s, expect integer", key, section.String(key))
 	}
-	*dst = int(section.Int(key))
+
+	*dst = int(v)
 	return nil
 }
 
@@ -1329,7 +1309,10 @@ func updateBool(dst *bool, section ini.Section, key string) {
 	if !section.Has(key) {
 		return
 	}
-	*dst = section.Bool(key)
+
+	// retains pre-#2276 behavior where non-bool value would resolve to false
+	v, _ := section.Bool(key)
+	*dst = v
 }
 
 // updateBoolPtr will only update the dst with the value in the section key,
@@ -1338,8 +1321,11 @@ func updateBoolPtr(dst **bool, section ini.Section, key string) {
 	if !section.Has(key) {
 		return
 	}
+
+	// retains pre-#2276 behavior where non-bool value would resolve to false
+	v, _ := section.Bool(key)
 	*dst = new(bool)
-	**dst = section.Bool(key)
+	**dst = v
 }
 
 // updateEndpointDiscoveryType will only update the dst with the value in the section, if
@@ -1371,7 +1357,8 @@ func updateUseDualStackEndpoint(dst *aws.DualStackEndpointState, section ini.Sec
 		return
 	}
 
-	if section.Bool(key) {
+	// retains pre-#2276 behavior where non-bool value would resolve to false
+	if v, _ := section.Bool(key); v {
 		*dst = aws.DualStackEndpointStateEnabled
 	} else {
 		*dst = aws.DualStackEndpointStateDisabled
@@ -1387,7 +1374,8 @@ func updateUseFIPSEndpoint(dst *aws.FIPSEndpointState, section ini.Section, key
 		return
 	}
 
-	if section.Bool(key) {
+	// retains pre-#2276 behavior where non-bool value would resolve to false
+	if v, _ := section.Bool(key); v {
 		*dst = aws.FIPSEndpointStateEnabled
 	} else {
 		*dst = aws.FIPSEndpointStateDisabled
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/credentials/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/credentials/CHANGELOG.md
index ef2dd4b2d9c..ed558d3b913 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/credentials/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/credentials/CHANGELOG.md
@@ -1,3 +1,35 @@
+# v1.13.43 (2023-10-12)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.42 (2023-10-06)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.41 (2023-10-02)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.40 (2023-09-22)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.39 (2023-09-20)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.38 (2023-09-18)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.37 (2023-09-05)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.36 (2023-08-31)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.13.35 (2023-08-21)
 
 * **Dependency Update**: Updated to the latest SDK module versions
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/credentials/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/credentials/go_module_metadata.go
index eb75bb481fa..5cf1064a6b8 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/credentials/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/credentials/go_module_metadata.go
@@ -3,4 +3,4 @@
 package credentials
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.13.35"
+const goModuleVersion = "1.13.43"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/CHANGELOG.md
index 66b3e83c307..5605f42d6f0 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/CHANGELOG.md
@@ -1,3 +1,11 @@
+# v1.13.13 (2023-10-12)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.12 (2023-10-06)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.13.11 (2023-08-21)
 
 * **Dependency Update**: Updated to the latest SDK module versions
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/go_module_metadata.go
index deb28a237db..ab96ef61489 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/go_module_metadata.go
@@ -3,4 +3,4 @@
 package imds
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.13.11"
+const goModuleVersion = "1.13.13"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/CHANGELOG.md
index 9826a85e670..efcbed2e781 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/CHANGELOG.md
@@ -1,3 +1,11 @@
+# v1.1.43 (2023-10-12)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.1.42 (2023-10-06)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.1.41 (2023-08-21)
 
 * **Dependency Update**: Updated to the latest SDK module versions
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/go_module_metadata.go
index c7eec1c13c1..2eab5803b47 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/go_module_metadata.go
@@ -3,4 +3,4 @@
 package configsources
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.1.41"
+const goModuleVersion = "1.1.43"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partitions.json b/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partitions.json
index 4e0c6f1232f..ab107ca5511 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partitions.json
+++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partitions.json
@@ -4,6 +4,7 @@
     "outputs" : {
       "dnsSuffix" : "amazonaws.com",
       "dualStackDnsSuffix" : "api.aws",
+      "implicitGlobalRegion" : "us-east-1",
       "name" : "aws",
       "supportsDualStack" : true,
       "supportsFIPS" : true
@@ -103,6 +104,7 @@
     "outputs" : {
       "dnsSuffix" : "amazonaws.com.cn",
       "dualStackDnsSuffix" : "api.amazonwebservices.com.cn",
+      "implicitGlobalRegion" : "cn-northwest-1",
       "name" : "aws-cn",
       "supportsDualStack" : true,
       "supportsFIPS" : true
@@ -124,6 +126,7 @@
     "outputs" : {
       "dnsSuffix" : "amazonaws.com",
       "dualStackDnsSuffix" : "api.aws",
+      "implicitGlobalRegion" : "us-gov-west-1",
       "name" : "aws-us-gov",
       "supportsDualStack" : true,
       "supportsFIPS" : true
@@ -145,6 +148,7 @@
     "outputs" : {
       "dnsSuffix" : "c2s.ic.gov",
       "dualStackDnsSuffix" : "c2s.ic.gov",
+      "implicitGlobalRegion" : "us-iso-east-1",
       "name" : "aws-iso",
       "supportsDualStack" : false,
       "supportsFIPS" : true
@@ -166,6 +170,7 @@
     "outputs" : {
       "dnsSuffix" : "sc2s.sgov.gov",
       "dualStackDnsSuffix" : "sc2s.sgov.gov",
+      "implicitGlobalRegion" : "us-isob-east-1",
       "name" : "aws-iso-b",
       "supportsDualStack" : false,
       "supportsFIPS" : true
@@ -184,6 +189,7 @@
     "outputs" : {
       "dnsSuffix" : "cloud.adc-e.uk",
       "dualStackDnsSuffix" : "cloud.adc-e.uk",
+      "implicitGlobalRegion" : "eu-isoe-west-1",
       "name" : "aws-iso-e",
       "supportsDualStack" : false,
       "supportsFIPS" : true
@@ -195,6 +201,7 @@
     "outputs" : {
       "dnsSuffix" : "csp.hci.ic.gov",
       "dualStackDnsSuffix" : "csp.hci.ic.gov",
+      "implicitGlobalRegion" : "us-isof-south-1",
       "name" : "aws-iso-f",
       "supportsDualStack" : false,
       "supportsFIPS" : true
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/CHANGELOG.md
index a470e22deb5..bd830abeaef 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/CHANGELOG.md
@@ -1,3 +1,11 @@
+# v2.4.37 (2023-10-12)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v2.4.36 (2023-10-06)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v2.4.35 (2023-08-21)
 
 * **Dependency Update**: Updated to the latest SDK module versions
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/go_module_metadata.go
index ac28b313be1..08581907682 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/go_module_metadata.go
@@ -3,4 +3,4 @@
 package endpoints
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "2.4.35"
+const goModuleVersion = "2.4.37"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/CHANGELOG.md
index 74eff6a5220..8aab66186c4 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/CHANGELOG.md
@@ -1,3 +1,16 @@
+# v1.3.45 (2023-10-12)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.3.44 (2023-10-06)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.3.43 (2023-09-22)
+
+* **Bug Fix**: Fixed a bug where merging `max_attempts` or `duration_seconds` fields across shared config files with invalid values would silently default them to 0.
+* **Bug Fix**: Move type assertion of config values out of the parsing stage, which resolves an issue where the contents of a profile would silently be dropped with certain numeric formats.
+
 # v1.3.42 (2023-08-21)
 
 * **Dependency Update**: Updated to the latest SDK module versions
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/go_module_metadata.go
index 709294b9eb4..f92dc23cc7a 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/go_module_metadata.go
@@ -3,4 +3,4 @@
 package ini
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.3.42"
+const goModuleVersion = "1.3.45"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/literal_tokens.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/literal_tokens.go
index eca42d1b293..efcd2e6c7da 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/literal_tokens.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/literal_tokens.go
@@ -12,34 +12,6 @@ var (
 	runesFalse = []rune("false")
 )
 
-var literalValues = [][]rune{
-	runesTrue,
-	runesFalse,
-}
-
-func isBoolValue(b []rune) bool {
-	for _, lv := range literalValues {
-		if isCaselessLitValue(lv, b) {
-			return true
-		}
-	}
-	return false
-}
-
-func isLitValue(want, have []rune) bool {
-	if len(have) < len(want) {
-		return false
-	}
-
-	for i := 0; i < len(want); i++ {
-		if want[i] != have[i] {
-			return false
-		}
-	}
-
-	return true
-}
-
 // isCaselessLitValue is a caseless value comparison, assumes want is already lower-cased for efficiency.
 func isCaselessLitValue(want, have []rune) bool {
 	if len(have) < len(want) {
@@ -55,68 +27,6 @@ func isCaselessLitValue(want, have []rune) bool {
 	return true
 }
 
-// isNumberValue will return whether not the leading characters in
-// a byte slice is a number. A number is delimited by whitespace or
-// the newline token.
-//
-// A number is defined to be in a binary, octal, decimal (int | float), hex format,
-// or in scientific notation.
-func isNumberValue(b []rune) bool {
-	negativeIndex := 0
-	helper := numberHelper{}
-	needDigit := false
-
-	for i := 0; i < len(b); i++ {
-		negativeIndex++
-
-		switch b[i] {
-		case '-':
-			if helper.IsNegative() || negativeIndex != 1 {
-				return false
-			}
-			helper.Determine(b[i])
-			needDigit = true
-			continue
-		case 'e', 'E':
-			if err := helper.Determine(b[i]); err != nil {
-				return false
-			}
-			negativeIndex = 0
-			needDigit = true
-			continue
-		case 'b':
-			if helper.numberFormat == hex {
-				break
-			}
-			fallthrough
-		case 'o', 'x':
-			needDigit = true
-			if i == 0 {
-				return false
-			}
-
-			fallthrough
-		case '.':
-			if err := helper.Determine(b[i]); err != nil {
-				return false
-			}
-			needDigit = true
-			continue
-		}
-
-		if i > 0 && (isNewline(b[i:]) || isWhitespace(b[i])) {
-			return !needDigit
-		}
-
-		if !helper.CorrectByte(b[i]) {
-			return false
-		}
-		needDigit = false
-	}
-
-	return !needDigit
-}
-
 func isValid(b []rune) (bool, int, error) {
 	if len(b) == 0 {
 		// TODO: should probably return an error
@@ -138,14 +48,8 @@ func (v ValueType) String() string {
 	switch v {
 	case NoneType:
 		return "NONE"
-	case DecimalType:
-		return "FLOAT"
-	case IntegerType:
-		return "INT"
 	case StringType:
 		return "STRING"
-	case BoolType:
-		return "BOOL"
 	}
 
 	return ""
@@ -154,11 +58,9 @@ func (v ValueType) String() string {
 // ValueType enums
 const (
 	NoneType = ValueType(iota)
-	DecimalType
-	IntegerType
 	StringType
 	QuotedStringType
-	BoolType
+	// FUTURE(2226) MapType
 )
 
 // Value is a union container
@@ -166,10 +68,8 @@ type Value struct {
 	Type ValueType
 	raw  []rune
 
-	integer int64
-	decimal float64
-	boolean bool
-	str     string
+	str string
+	// FUTURE(2226) mp map[string]string
 }
 
 func newValue(t ValueType, base int, raw []rune) (Value, error) {
@@ -177,36 +77,15 @@ func newValue(t ValueType, base int, raw []rune) (Value, error) {
 		Type: t,
 		raw:  raw,
 	}
-	var err error
 
 	switch t {
-	case DecimalType:
-		v.decimal, err = strconv.ParseFloat(string(raw), 64)
-	case IntegerType:
-		if base != 10 {
-			raw = raw[2:]
-		}
-
-		v.integer, err = strconv.ParseInt(string(raw), base, 64)
 	case StringType:
 		v.str = string(raw)
 	case QuotedStringType:
 		v.str = string(raw[1 : len(raw)-1])
-	case BoolType:
-		v.boolean = isCaselessLitValue(runesTrue, v.raw)
-	}
-
-	// issue 2253
-	//
-	// if the value trying to be parsed is too large, then we will use
-	// the 'StringType' and raw value instead.
-	if nerr, ok := err.(*strconv.NumError); ok && nerr.Err == strconv.ErrRange {
-		v.Type = StringType
-		v.str = string(raw)
-		err = nil
 	}
 
-	return v, err
+	return v, nil
 }
 
 // NewStringValue returns a Value type generated using a string input.
@@ -214,24 +93,12 @@ func NewStringValue(str string) (Value, error) {
 	return newValue(StringType, 10, []rune(str))
 }
 
-// NewIntValue returns a Value type generated using an int64 input.
-func NewIntValue(i int64) (Value, error) {
-	v := strconv.FormatInt(i, 10)
-	return newValue(IntegerType, 10, []rune(v))
-}
-
 func (v Value) String() string {
 	switch v.Type {
-	case DecimalType:
-		return fmt.Sprintf("decimal: %f", v.decimal)
-	case IntegerType:
-		return fmt.Sprintf("integer: %d", v.integer)
 	case StringType:
 		return fmt.Sprintf("string: %s", string(v.raw))
 	case QuotedStringType:
 		return fmt.Sprintf("quoted string: %s", string(v.raw))
-	case BoolType:
-		return fmt.Sprintf("bool: %t", v.boolean)
 	default:
 		return "union not set"
 	}
@@ -249,24 +116,6 @@ func newLitToken(b []rune) (Token, int, error) {
 		}
 
 		token = newToken(TokenLit, b[:n], QuotedStringType)
-	} else if isNumberValue(b) {
-		var base int
-		base, n, err = getNumericalValue(b)
-		if err != nil {
-			return token, 0, err
-		}
-
-		value := b[:n]
-		vType := IntegerType
-		if contains(value, '.') || hasExponent(value) {
-			vType = DecimalType
-		}
-		token = newToken(TokenLit, value, vType)
-		token.base = base
-	} else if isBoolValue(b) {
-		n, err = getBoolValue(b)
-
-		token = newToken(TokenLit, b[:n], BoolType)
 	} else {
 		n, err = getValue(b)
 		token = newToken(TokenLit, b[:n], StringType)
@@ -276,18 +125,33 @@ func newLitToken(b []rune) (Token, int, error) {
 }
 
 // IntValue returns an integer value
-func (v Value) IntValue() int64 {
-	return v.integer
+func (v Value) IntValue() (int64, bool) {
+	i, err := strconv.ParseInt(string(v.raw), 0, 64)
+	if err != nil {
+		return 0, false
+	}
+	return i, true
 }
 
 // FloatValue returns a float value
-func (v Value) FloatValue() float64 {
-	return v.decimal
+func (v Value) FloatValue() (float64, bool) {
+	f, err := strconv.ParseFloat(string(v.raw), 64)
+	if err != nil {
+		return 0, false
+	}
+	return f, true
 }
 
 // BoolValue returns a bool value
-func (v Value) BoolValue() bool {
-	return v.boolean
+func (v Value) BoolValue() (bool, bool) {
+	// we don't use ParseBool as it recognizes more than what we've
+	// historically supported
+	if isCaselessLitValue(runesTrue, v.raw) {
+		return true, true
+	} else if isCaselessLitValue(runesFalse, v.raw) {
+		return false, true
+	}
+	return false, false
 }
 
 func isTrimmable(r rune) bool {
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/number_helper.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/number_helper.go
deleted file mode 100644
index a45c0bc5662..00000000000
--- a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/number_helper.go
+++ /dev/null
@@ -1,152 +0,0 @@
-package ini
-
-import (
-	"bytes"
-	"fmt"
-	"strconv"
-)
-
-const (
-	none = numberFormat(iota)
-	binary
-	octal
-	decimal
-	hex
-	exponent
-)
-
-type numberFormat int
-
-// numberHelper is used to dictate what format a number is in
-// and what to do for negative values. Since -1e-4 is a valid
-// number, we cannot just simply check for duplicate negatives.
-type numberHelper struct {
-	numberFormat numberFormat
-
-	negative         bool
-	negativeExponent bool
-}
-
-func (b numberHelper) Exists() bool {
-	return b.numberFormat != none
-}
-
-func (b numberHelper) IsNegative() bool {
-	return b.negative || b.negativeExponent
-}
-
-func (b *numberHelper) Determine(c rune) error {
-	if b.Exists() {
-		return NewParseError(fmt.Sprintf("multiple number formats: 0%v", string(c)))
-	}
-
-	switch c {
-	case 'b':
-		b.numberFormat = binary
-	case 'o':
-		b.numberFormat = octal
-	case 'x':
-		b.numberFormat = hex
-	case 'e', 'E':
-		b.numberFormat = exponent
-	case '-':
-		if b.numberFormat != exponent {
-			b.negative = true
-		} else {
-			b.negativeExponent = true
-		}
-	case '.':
-		b.numberFormat = decimal
-	default:
-		return NewParseError(fmt.Sprintf("invalid number character: %v", string(c)))
-	}
-
-	return nil
-}
-
-func (b numberHelper) CorrectByte(c rune) bool {
-	switch {
-	case b.numberFormat == binary:
-		if !isBinaryByte(c) {
-			return false
-		}
-	case b.numberFormat == octal:
-		if !isOctalByte(c) {
-			return false
-		}
-	case b.numberFormat == hex:
-		if !isHexByte(c) {
-			return false
-		}
-	case b.numberFormat == decimal:
-		if !isDigit(c) {
-			return false
-		}
-	case b.numberFormat == exponent:
-		if !isDigit(c) {
-			return false
-		}
-	case b.negativeExponent:
-		if !isDigit(c) {
-			return false
-		}
-	case b.negative:
-		if !isDigit(c) {
-			return false
-		}
-	default:
-		if !isDigit(c) {
-			return false
-		}
-	}
-
-	return true
-}
-
-func (b numberHelper) Base() int {
-	switch b.numberFormat {
-	case binary:
-		return 2
-	case octal:
-		return 8
-	case hex:
-		return 16
-	default:
-		return 10
-	}
-}
-
-func (b numberHelper) String() string {
-	buf := bytes.Buffer{}
-	i := 0
-
-	switch b.numberFormat {
-	case binary:
-		i++
-		buf.WriteString(strconv.Itoa(i) + ": binary format\n")
-	case octal:
-		i++
-		buf.WriteString(strconv.Itoa(i) + ": octal format\n")
-	case hex:
-		i++
-		buf.WriteString(strconv.Itoa(i) + ": hex format\n")
-	case exponent:
-		i++
-		buf.WriteString(strconv.Itoa(i) + ": exponent format\n")
-	default:
-		i++
-		buf.WriteString(strconv.Itoa(i) + ": integer format\n")
-	}
-
-	if b.negative {
-		i++
-		buf.WriteString(strconv.Itoa(i) + ": negative format\n")
-	}
-
-	if b.negativeExponent {
-		i++
-		buf.WriteString(strconv.Itoa(i) + ": negative exponent format\n")
-	}
-
-	return buf.String()
-}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/value_util.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/value_util.go
index b5480fdeb35..d38a9cd4857 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/value_util.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/value_util.go
@@ -41,149 +41,6 @@ func getStringValue(b []rune) (int, error) {
 	return i + 1, nil
 }
 
-// getBoolValue will return a boolean and the amount
-// of bytes read
-//
-// an error will be returned if the boolean is not of a correct
-// value
-func getBoolValue(b []rune) (int, error) {
-	if len(b) < 4 {
-		return 0, NewParseError("invalid boolean value")
-	}
-
-	n := 0
-	for _, lv := range literalValues {
-		if len(lv) > len(b) {
-			continue
-		}
-
-		if isCaselessLitValue(lv, b) {
-			n = len(lv)
-		}
-	}
-
-	if n == 0 {
-		return 0, NewParseError("invalid boolean value")
-	}
-
-	return n, nil
-}
-
-// getNumericalValue will return a numerical string, the amount
-// of bytes read, and the base of the number
-//
-// an error will be returned if the number is not of a correct
-// value
-func getNumericalValue(b []rune) (int, int, error) {
-	if !isDigit(b[0]) {
-		return 0, 0, NewParseError("invalid digit value")
-	}
-
-	i := 0
-	helper := numberHelper{}
-
-loop:
-	for negativeIndex := 0; i < len(b); i++ {
-		negativeIndex++
-
-		if !isDigit(b[i]) {
-			switch b[i] {
-			case '-':
-				if helper.IsNegative() || negativeIndex != 1 {
-					return 0, 0, NewParseError("parse error '-'")
-				}
-
-				n := getNegativeNumber(b[i:])
-				i += (n - 1)
-				helper.Determine(b[i])
-				continue
-			case '.':
-				if err := helper.Determine(b[i]); err != nil {
-					return 0, 0, err
-				}
-			case 'e', 'E':
-				if err := helper.Determine(b[i]); err != nil {
-					return 0, 0, err
-				}
-
-				negativeIndex = 0
-			case 'b':
-				if helper.numberFormat == hex {
-					break
-				}
-				fallthrough
-			case 'o', 'x':
-				if i == 0 && b[i] != '0' {
-					return 0, 0, NewParseError("incorrect base format, expected leading '0'")
-				}
-
-				if i != 1 {
-					return 0, 0, NewParseError(fmt.Sprintf("incorrect base format found %s at %d index", string(b[i]), i))
-				}
-
-				if err := helper.Determine(b[i]); err != nil {
-					return 0, 0, err
-				}
-			default:
-				if isWhitespace(b[i]) {
-					break loop
-				}
-
-				if isNewline(b[i:]) {
-					break loop
-				}
-
-				if !(helper.numberFormat == hex && isHexByte(b[i])) {
-					if i+2 < len(b) && !isNewline(b[i:i+2]) {
-						return 0, 0, NewParseError("invalid numerical character")
-					} else if !isNewline([]rune{b[i]}) {
-						return 0, 0, NewParseError("invalid numerical character")
-					}
-
-					break loop
-				}
-			}
-		}
-	}
-
-	return helper.Base(), i, nil
-}
-
-// isDigit will return whether or not something is an integer
-func isDigit(b rune) bool {
-	return b >= '0' && b <= '9'
-}
-
-func hasExponent(v []rune) bool {
-	return contains(v, 'e') || contains(v, 'E')
-}
-
-func isBinaryByte(b rune) bool {
-	switch b {
-	case '0', '1':
-		return true
-	default:
-		return false
-	}
-}
-
-func isOctalByte(b rune) bool {
-	switch b {
-	case '0', '1', '2', '3', '4', '5', '6', '7':
-		return true
-	default:
-		return false
-	}
-}
-
-func isHexByte(b rune) bool {
-	if isDigit(b) {
-		return true
-	}
-	return (b >= 'A' && b <= 'F') ||
-		(b >= 'a' && b <= 'f')
-}
-
 func getValue(b []rune) (int, error) {
 	i := 0
 
@@ -211,24 +68,6 @@ func getValue(b []rune) (int, error) {
 	return i, nil
 }
 
-// getNegativeNumber will return a negative number from a
-// byte slice. This will iterate through all characters until
-// a non-digit has been found.
-func getNegativeNumber(b []rune) int {
-	if b[0] != '-' {
-		return 0
-	}
-
-	i := 1
-	for ; i < len(b); i++ {
-		if !isDigit(b[i]) {
-			return i
-		}
-	}
-
-	return i
-}
-
 // isEscaped will return whether or not the character is an escaped
 // character.
 func isEscaped(value []rune, b rune) bool {
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/visitor.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/visitor.go
index a07a6373897..97fb3d7f3a2 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/visitor.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/visitor.go
@@ -245,17 +245,17 @@ func (t Section) ValueType(k string) (ValueType, bool) {
 }
 
 // Bool returns a bool value at k
-func (t Section) Bool(k string) bool {
+func (t Section) Bool(k string) (bool, bool) {
 	return t.values[k].BoolValue()
 }
 
 // Int returns an integer value at k
-func (t Section) Int(k string) int64 {
+func (t Section) Int(k string) (int64, bool) {
 	return t.values[k].IntValue()
 }
 
 // Float64 returns a float value at k
-func (t Section) Float64(k string) float64 {
+func (t Section) Float64(k string) (float64, bool) {
 	return t.values[k].FloatValue()
 }
 
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/modman.toml b/vendor/github.com/aws/aws-sdk-go-v2/modman.toml
index dad0dfc63bd..e505f53146a 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/modman.toml
+++ b/vendor/github.com/aws/aws-sdk-go-v2/modman.toml
@@ -1,7 +1,7 @@
 
 [dependencies]
   "github.com/aws/aws-sdk-go" = "v1.44.28"
-  "github.com/aws/smithy-go" = "v1.14.2"
+  "github.com/aws/smithy-go" = "v1.15.0"
   "github.com/google/go-cmp" = "v0.5.8"
   "github.com/jmespath/go-jmespath" = "v0.4.0"
   "golang.org/x/net" = "v0.1.0"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/CHANGELOG.md
index e410f3e4898..318955895da 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/CHANGELOG.md
@@ -1,3 +1,11 @@
+# v1.9.37 (2023-10-12)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.9.36 (2023-10-06)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.9.35 (2023-08-21)
 
 * **Dependency Update**: Updated to the latest SDK module versions
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/go_module_metadata.go
index 9c076b11f09..1d73a0cdec0 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/go_module_metadata.go
@@ -3,4 +3,4 @@
 package presignedurl
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.9.35"
+const goModuleVersion = "1.9.37"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/kms/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/kms/CHANGELOG.md
index e57b4626213..8a8c8c93d7c 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/kms/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/kms/CHANGELOG.md
@@ -1,3 +1,7 @@
+# v1.24.6 (2023-10-06)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.24.5 (2023-08-21)
 
 * **Dependency Update**: Updated to the latest SDK module versions
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/kms/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/kms/go_module_metadata.go
index 2b312944aaa..baad253fbb8 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/kms/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/kms/go_module_metadata.go
@@ -3,4 +3,4 @@
 package kms
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.24.5"
+const goModuleVersion = "1.24.6"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/CHANGELOG.md
index c7ba9b2688b..0b2700161f1 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/CHANGELOG.md
@@ -1,3 +1,28 @@
+# v1.15.2 (2023-10-12)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.15.1 (2023-10-06)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.15.0 (2023-10-02)
+
+* **Feature**: Fix FIPS Endpoints in aws-us-gov.
+
+# v1.14.1 (2023-09-22)
+
+* No change notes available for this release.
+
+# v1.14.0 (2023-09-18)
+
+* **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* **Feature**: Adds several endpoint ruleset changes across all models: smaller rulesets, removed non-unique regional endpoints, fixes FIPS and DualStack endpoints, and make region not required in SDK::Endpoint. Additional breakfix to cognito-sync field.
+
+# v1.13.6 (2023-08-31)
+
+* No change notes available for this release.
+
 # v1.13.5 (2023-08-21)
 
 * **Dependency Update**: Updated to the latest SDK module versions
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/endpoints.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/endpoints.go
index 9395e91e24b..6a2c7eb3e10 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/endpoints.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/endpoints.go
@@ -411,6 +411,25 @@ func (r *resolver) ResolveEndpoint(
 			}
 			if _UseFIPS == true {
 				if true == _PartitionResult.SupportsFIPS {
+					if "aws-us-gov" == _PartitionResult.Name {
+						uriString := func() string {
+							var out strings.Builder
+							out.WriteString("https://portal.sso.")
+							out.WriteString(_Region)
+							out.WriteString(".amazonaws.com")
+							return out.String()
+						}()
+
+						uri, err := url.Parse(uriString)
+						if err != nil {
+							return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+						}
+
+						return smithyendpoints.Endpoint{
+							URI:     *uri,
+							Headers: http.Header{},
+						}, nil
+					}
 					uriString := func() string {
 						var out strings.Builder
 						out.WriteString("https://portal.sso-fips.")
@@ -455,279 +474,6 @@ func (r *resolver) ResolveEndpoint(
 				}
 				return endpoint, fmt.Errorf("endpoint rule error, %s", "DualStack is enabled but this partition does not support DualStack")
 			}
-			if _Region == "ap-east-1" {
-				uriString := "https://portal.sso.ap-east-1.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "ap-northeast-1" {
-				uriString := "https://portal.sso.ap-northeast-1.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "ap-northeast-2" {
-				uriString := "https://portal.sso.ap-northeast-2.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "ap-northeast-3" {
-				uriString := "https://portal.sso.ap-northeast-3.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "ap-south-1" {
-				uriString := "https://portal.sso.ap-south-1.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "ap-southeast-1" {
-				uriString := "https://portal.sso.ap-southeast-1.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "ap-southeast-2" {
-				uriString := "https://portal.sso.ap-southeast-2.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "ca-central-1" {
-				uriString := "https://portal.sso.ca-central-1.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "eu-central-1" {
-				uriString := "https://portal.sso.eu-central-1.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "eu-north-1" {
-				uriString := "https://portal.sso.eu-north-1.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "eu-south-1" {
-				uriString := "https://portal.sso.eu-south-1.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "eu-west-1" {
-				uriString := "https://portal.sso.eu-west-1.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "eu-west-2" {
-				uriString := "https://portal.sso.eu-west-2.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "eu-west-3" {
-				uriString := "https://portal.sso.eu-west-3.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "me-south-1" {
-				uriString := "https://portal.sso.me-south-1.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "sa-east-1" {
-				uriString := "https://portal.sso.sa-east-1.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "us-east-1" {
-				uriString := "https://portal.sso.us-east-1.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "us-east-2" {
-				uriString := "https://portal.sso.us-east-2.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "us-west-2" {
-				uriString := "https://portal.sso.us-west-2.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "us-gov-east-1" {
-				uriString := "https://portal.sso.us-gov-east-1.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "us-gov-west-1" {
-				uriString := "https://portal.sso.us-gov-west-1.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
 			uriString := func() string {
 				var out strings.Builder
 				out.WriteString("https://portal.sso.")
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/go_module_metadata.go
index 98050334ef8..0f216f4ef0a 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/go_module_metadata.go
@@ -3,4 +3,4 @@
 package sso
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.13.5"
+const goModuleVersion = "1.15.2"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/internal/endpoints/endpoints.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/internal/endpoints/endpoints.go
index 1da26791c35..f044afde47c 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/internal/endpoints/endpoints.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/internal/endpoints/endpoints.go
@@ -227,6 +227,14 @@ var defaultPartitions = endpoints.Partitions{
 					Region: "eu-central-1",
 				},
 			},
+			endpoints.EndpointKey{
+				Region: "eu-central-2",
+			}: endpoints.Endpoint{
+				Hostname: "portal.sso.eu-central-2.amazonaws.com",
+				CredentialScope: endpoints.CredentialScope{
+					Region: "eu-central-2",
+				},
+			},
 			endpoints.EndpointKey{
 				Region: "eu-north-1",
 			}: endpoints.Endpoint{
@@ -267,6 +275,14 @@ var defaultPartitions = endpoints.Partitions{
 					Region: "eu-west-3",
 				},
 			},
+			endpoints.EndpointKey{
+				Region: "il-central-1",
+			}: endpoints.Endpoint{
+				Hostname: "portal.sso.il-central-1.amazonaws.com",
+				CredentialScope: endpoints.CredentialScope{
+					Region: "il-central-1",
+				},
+			},
 			endpoints.EndpointKey{
 				Region: "me-south-1",
 			}: endpoints.Endpoint{
@@ -351,6 +367,24 @@ var defaultPartitions = endpoints.Partitions{
 		},
 		RegionRegex:    partitionRegexp.AwsCn,
 		IsRegionalized: true,
+		Endpoints: endpoints.Endpoints{
+			endpoints.EndpointKey{
+				Region: "cn-north-1",
+			}: endpoints.Endpoint{
+				Hostname: "portal.sso.cn-north-1.amazonaws.com.cn",
+				CredentialScope: endpoints.CredentialScope{
+					Region: "cn-north-1",
+				},
+			},
+			endpoints.EndpointKey{
+				Region: "cn-northwest-1",
+			}: endpoints.Endpoint{
+				Hostname: "portal.sso.cn-northwest-1.amazonaws.com.cn",
+				CredentialScope: endpoints.CredentialScope{
+					Region: "cn-northwest-1",
+				},
+			},
+		},
 	},
 	{
 		ID: "aws-iso",
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/CHANGELOG.md
index 608ac60ce1d..536619724e9 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/CHANGELOG.md
@@ -1,3 +1,28 @@
+# v1.17.3 (2023-10-12)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.2 (2023-10-06)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.1 (2023-09-22)
+
+* No change notes available for this release.
+
+# v1.17.0 (2023-09-20)
+
+* **Feature**: Update FIPS endpoints in aws-us-gov.
+
+# v1.16.0 (2023-09-18)
+
+* **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* **Feature**: Adds several endpoint ruleset changes across all models: smaller rulesets, removed non-unique regional endpoints, fixes FIPS and DualStack endpoints, and make region not required in SDK::Endpoint. Additional breakfix to cognito-sync field.
+
+# v1.15.6 (2023-09-05)
+
+* No change notes available for this release.
+
 # v1.15.5 (2023-08-21)
 
 * **Dependency Update**: Updated to the latest SDK module versions
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/endpoints.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/endpoints.go
index 282d078b5cb..e8d190e48a4 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/endpoints.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/endpoints.go
@@ -411,6 +411,25 @@ func (r *resolver) ResolveEndpoint(
 			}
 			if _UseFIPS == true {
 				if true == _PartitionResult.SupportsFIPS {
+					if "aws-us-gov" == _PartitionResult.Name {
+						uriString := func() string {
+							var out strings.Builder
+							out.WriteString("https://oidc.")
+							out.WriteString(_Region)
+							out.WriteString(".amazonaws.com")
+							return out.String()
+						}()
+
+						uri, err := url.Parse(uriString)
+						if err != nil {
+							return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+						}
+
+						return smithyendpoints.Endpoint{
+							URI:     *uri,
+							Headers: http.Header{},
+						}, nil
+					}
 					uriString := func() string {
 						var out strings.Builder
 						out.WriteString("https://oidc-fips.")
@@ -455,279 +474,6 @@ func (r *resolver) ResolveEndpoint(
 				}
 				return endpoint, fmt.Errorf("endpoint rule error, %s", "DualStack is enabled but this partition does not support DualStack")
 			}
-			if _Region == "ap-east-1" {
-				uriString := "https://oidc.ap-east-1.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "ap-northeast-1" {
-				uriString := "https://oidc.ap-northeast-1.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "ap-northeast-2" {
-				uriString := "https://oidc.ap-northeast-2.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "ap-northeast-3" {
-				uriString := "https://oidc.ap-northeast-3.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "ap-south-1" {
-				uriString := "https://oidc.ap-south-1.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "ap-southeast-1" {
-				uriString := "https://oidc.ap-southeast-1.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "ap-southeast-2" {
-				uriString := "https://oidc.ap-southeast-2.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "ca-central-1" {
-				uriString := "https://oidc.ca-central-1.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "eu-central-1" {
-				uriString := "https://oidc.eu-central-1.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "eu-north-1" {
-				uriString := "https://oidc.eu-north-1.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "eu-south-1" {
-				uriString := "https://oidc.eu-south-1.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "eu-west-1" {
-				uriString := "https://oidc.eu-west-1.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "eu-west-2" {
-				uriString := "https://oidc.eu-west-2.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "eu-west-3" {
-				uriString := "https://oidc.eu-west-3.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "me-south-1" {
-				uriString := "https://oidc.me-south-1.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "sa-east-1" {
-				uriString := "https://oidc.sa-east-1.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "us-east-1" {
-				uriString := "https://oidc.us-east-1.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "us-east-2" {
-				uriString := "https://oidc.us-east-2.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "us-west-2" {
-				uriString := "https://oidc.us-west-2.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "us-gov-east-1" {
-				uriString := "https://oidc.us-gov-east-1.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "us-gov-west-1" {
-				uriString := "https://oidc.us-gov-west-1.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
 			uriString := func() string {
 				var out strings.Builder
 				out.WriteString("https://oidc.")
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/go_module_metadata.go
index 435045414b2..fab953b91f5 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/go_module_metadata.go
@@ -3,4 +3,4 @@
 package ssooidc
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.15.5"
+const goModuleVersion = "1.17.3"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/internal/endpoints/endpoints.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/internal/endpoints/endpoints.go
index 8df344e93e5..c48da8b88a6 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/internal/endpoints/endpoints.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/internal/endpoints/endpoints.go
@@ -227,6 +227,14 @@ var defaultPartitions = endpoints.Partitions{
 					Region: "eu-central-1",
 				},
 			},
+			endpoints.EndpointKey{
+				Region: "eu-central-2",
+			}: endpoints.Endpoint{
+				Hostname: "oidc.eu-central-2.amazonaws.com",
+				CredentialScope: endpoints.CredentialScope{
+					Region: "eu-central-2",
+				},
+			},
 			endpoints.EndpointKey{
 				Region: "eu-north-1",
 			}: endpoints.Endpoint{
@@ -267,6 +275,14 @@ var defaultPartitions = endpoints.Partitions{
 					Region: "eu-west-3",
 				},
 			},
+			endpoints.EndpointKey{
+				Region: "il-central-1",
+			}: endpoints.Endpoint{
+				Hostname: "oidc.il-central-1.amazonaws.com",
+				CredentialScope: endpoints.CredentialScope{
+					Region: "il-central-1",
+				},
+			},
 			endpoints.EndpointKey{
 				Region: "me-south-1",
 			}: endpoints.Endpoint{
@@ -351,6 +367,24 @@ var defaultPartitions = endpoints.Partitions{
 		},
 		RegionRegex:    partitionRegexp.AwsCn,
 		IsRegionalized: true,
+		Endpoints: endpoints.Endpoints{
+			endpoints.EndpointKey{
+				Region: "cn-north-1",
+			}: endpoints.Endpoint{
+				Hostname: "oidc.cn-north-1.amazonaws.com.cn",
+				CredentialScope: endpoints.CredentialScope{
+					Region: "cn-north-1",
+				},
+			},
+			endpoints.EndpointKey{
+				Region: "cn-northwest-1",
+			}: endpoints.Endpoint{
+				Hostname: "oidc.cn-northwest-1.amazonaws.com.cn",
+				CredentialScope: endpoints.CredentialScope{
+					Region: "cn-northwest-1",
+				},
+			},
+		},
 	},
 	{
 		ID: "aws-iso",
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/CHANGELOG.md
index a3f535af873..d94dc1ab3da 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/CHANGELOG.md
@@ -1,3 +1,20 @@
+# v1.23.2 (2023-10-12)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.23.1 (2023-10-06)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.23.0 (2023-10-02)
+
+* **Feature**: STS API updates for assumeRole
+
+# v1.22.0 (2023-09-18)
+
+* **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* **Feature**: Adds several endpoint ruleset changes across all models: smaller rulesets, removed non-unique regional endpoints, fixes FIPS and DualStack endpoints, and make region not required in SDK::Endpoint. Additional breakfix to cognito-sync field.
+
 # v1.21.5 (2023-08-21)
 
 * **Dependency Update**: Updated to the latest SDK module versions
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/go_module_metadata.go
index f0a57a67568..90dc95f1e08 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/go_module_metadata.go
@@ -3,4 +3,4 @@
 package sts
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.21.5"
+const goModuleVersion = "1.23.2"
diff --git a/vendor/github.com/aws/smithy-go/CHANGELOG.md b/vendor/github.com/aws/smithy-go/CHANGELOG.md
index b9171b88b90..8a3540e0407 100644
--- a/vendor/github.com/aws/smithy-go/CHANGELOG.md
+++ b/vendor/github.com/aws/smithy-go/CHANGELOG.md
@@ -1,3 +1,9 @@
+# Release (2023-10-06)
+
+## Module Highlights
+* `github.com/aws/smithy-go`: v1.15.0
+  * **Feature**: Add `http.WithHeaderComment` middleware.
+
 # Release (2023-08-18)
 
 * No change notes available for this release.
diff --git a/vendor/github.com/aws/smithy-go/README.md b/vendor/github.com/aws/smithy-go/README.md
index a4bb43fbe9b..c374f69283b 100644
--- a/vendor/github.com/aws/smithy-go/README.md
+++ b/vendor/github.com/aws/smithy-go/README.md
@@ -6,6 +6,21 @@
 
 **WARNING: All interfaces are subject to change.**
 
+## Can I use this?
+
+In order to generate a usable smithy client you must provide a [protocol definition](https://github.com/aws/smithy-go/blob/main/codegen/smithy-go-codegen/src/main/java/software/amazon/smithy/go/codegen/integration/ProtocolGenerator.java),
+such as [AWS restJson1](https://smithy.io/2.0/aws/protocols/aws-restjson1-protocol.html),
+in order to generate transport mechanisms and serialization/deserialization
+code ("serde") accordingly.
+
+The code generator does not currently support any protocols out of the box,
+therefore the useability of this project on its own is currently limited.
+Support for all [AWS protocols](https://smithy.io/2.0/aws/protocols/index.html)
+exists in [aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2). We are
+tracking the movement of those out of the SDK into smithy-go in
+[#458](https://github.com/aws/smithy-go/issues/458), but there's currently no
+timeline for doing so.
+
 ## License
 
 This project is licensed under the Apache-2.0 License.
diff --git a/vendor/github.com/aws/smithy-go/go_module_metadata.go b/vendor/github.com/aws/smithy-go/go_module_metadata.go
index 997c3092464..6b795a2c85f 100644
--- a/vendor/github.com/aws/smithy-go/go_module_metadata.go
+++ b/vendor/github.com/aws/smithy-go/go_module_metadata.go
@@ -3,4 +3,4 @@
 package smithy
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.14.2"
+const goModuleVersion = "1.15.0"
diff --git a/vendor/github.com/aws/smithy-go/transport/http/middleware_header_comment.go b/vendor/github.com/aws/smithy-go/transport/http/middleware_header_comment.go
new file mode 100644
index 00000000000..855c2272031
--- /dev/null
+++ b/vendor/github.com/aws/smithy-go/transport/http/middleware_header_comment.go
@@ -0,0 +1,81 @@
+package http
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+
+	"github.com/aws/smithy-go/middleware"
+)
+
+// WithHeaderComment instruments a middleware stack to append an HTTP field
+// comment to the given header as specified in RFC 9110
+// (https://www.rfc-editor.org/rfc/rfc9110#name-comments).
+//
+// The header is case-insensitive. If the provided header exists when the
+// middleware runs, the content will be inserted as-is enclosed in parentheses.
+//
+// Note that per the HTTP specification, comments are only allowed in fields
+// containing "comment" as part of their field value definition, but this API
+// will NOT verify whether the provided header is one of them.
+//
+// WithHeaderComment MAY be applied more than once to a middleware stack and/or
+// more than once per header.
+func WithHeaderComment(header, content string) func(*middleware.Stack) error {
+	return func(s *middleware.Stack) error {
+		m, err := getOrAddHeaderComment(s)
+		if err != nil {
+			return fmt.Errorf("get or add header comment: %v", err)
+		}
+
+		m.values.Add(header, content)
+		return nil
+	}
+}
+
+type headerCommentMiddleware struct {
+	values http.Header // hijack case-insensitive access APIs
+}
+
+func (*headerCommentMiddleware) ID() string {
+	return "headerComment"
+}
+
+func (m *headerCommentMiddleware) HandleBuild(ctx context.Context, in middleware.BuildInput, next middleware.BuildHandler) (
+	out middleware.BuildOutput, metadata middleware.Metadata, err error,
+) {
+	r, ok := in.Request.(*Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	for h, contents := range m.values {
+		for _, c := range contents {
+			if existing := r.Header.Get(h); existing != "" {
+				r.Header.Set(h, fmt.Sprintf("%s (%s)", existing, c))
+			}
+		}
+	}
+
+	return next.HandleBuild(ctx, in)
+}
+
+func getOrAddHeaderComment(s *middleware.Stack) (*headerCommentMiddleware, error) {
+	id := (*headerCommentMiddleware)(nil).ID()
+	m, ok := s.Build.Get(id)
+	if !ok {
+		m := &headerCommentMiddleware{values: http.Header{}}
+		if err := s.Build.Add(m, middleware.After); err != nil {
+			return nil, fmt.Errorf("add build: %v", err)
+		}
+
+		return m, nil
+	}
+
+	hc, ok := m.(*headerCommentMiddleware)
+	if !ok {
+		return nil, fmt.Errorf("existing middleware w/ id %s is not *headerCommentMiddleware", id)
+	}
+
+	return hc, nil
+}
diff --git a/vendor/github.com/google/s2a-go/README.md b/vendor/github.com/google/s2a-go/README.md
index d566950f385..fe0f5c1da81 100644
--- a/vendor/github.com/google/s2a-go/README.md
+++ b/vendor/github.com/google/s2a-go/README.md
@@ -10,8 +10,5 @@ Session Agent during the TLS handshake, and to encrypt traffic to the peer
 after the TLS handshake is complete.
 
 This repository contains the source code for the Secure Session Agent's Go
-client libraries, which allow gRPC-Go applications to use the Secure Session
-Agent. This repository supports the Bazel and Golang build systems.
-
-All code in this repository is experimental and subject to change. We do not
-guarantee API stability at this time.
+client libraries, which allow gRPC and HTTP Go applications to use the Secure Session
+Agent.
diff --git a/vendor/github.com/google/s2a-go/internal/handshaker/service/service.go b/vendor/github.com/google/s2a-go/internal/handshaker/service/service.go
index 49573af887c..ed449653702 100644
--- a/vendor/github.com/google/s2a-go/internal/handshaker/service/service.go
+++ b/vendor/github.com/google/s2a-go/internal/handshaker/service/service.go
@@ -21,50 +21,27 @@ package service
 
 import (
 	"context"
-	"net"
-	"os"
-	"strings"
 	"sync"
-	"time"
 
-	"google.golang.org/appengine"
-	"google.golang.org/appengine/socket"
 	grpc "google.golang.org/grpc"
-	"google.golang.org/grpc/grpclog"
+	"google.golang.org/grpc/credentials"
+	"google.golang.org/grpc/credentials/insecure"
 )
 
-// An environment variable, if true, opportunistically use AppEngine-specific dialer to call S2A.
-const enableAppEngineDialerEnv = "S2A_ENABLE_APP_ENGINE_DIALER"
-
 var (
-	// appEngineDialerHook is an AppEngine-specific dial option that is set
-	// during init time. If nil, then the application is not running on Google
-	// AppEngine.
-	appEngineDialerHook func(context.Context) grpc.DialOption
 	// mu guards hsConnMap and hsDialer.
 	mu sync.Mutex
 	// hsConnMap represents a mapping from an S2A handshaker service address
 	// to a corresponding connection to an S2A handshaker service instance.
 	hsConnMap = make(map[string]*grpc.ClientConn)
 	// hsDialer will be reassigned in tests.
-	hsDialer = grpc.Dial
+	hsDialer = grpc.DialContext
 )
 
-func init() {
-	if !appengine.IsAppEngine() && !appengine.IsDevAppServer() {
-		return
-	}
-	appEngineDialerHook = func(ctx context.Context) grpc.DialOption {
-		return grpc.WithDialer(func(addr string, timeout time.Duration) (net.Conn, error) {
-			return socket.DialTimeout(ctx, "tcp", addr, timeout)
-		})
-	}
-}
-
 // Dial dials the S2A handshaker service. If a connection has already been
 // established, this function returns it. Otherwise, a new connection is
 // created.
-func Dial(handshakerServiceAddress string) (*grpc.ClientConn, error) {
+func Dial(ctx context.Context, handshakerServiceAddress string, transportCreds credentials.TransportCredentials) (*grpc.ClientConn, error) {
 	mu.Lock()
 	defer mu.Unlock()
 
@@ -72,17 +49,14 @@ func Dial(handshakerServiceAddress string) (*grpc.ClientConn, error) {
 	if !ok {
 		// Create a new connection to the S2A handshaker service. Note that
 		// this connection stays open until the application is closed.
-		grpcOpts := []grpc.DialOption{
-			grpc.WithInsecure(),
-		}
-		if enableAppEngineDialer() && appEngineDialerHook != nil {
-			if grpclog.V(1) {
-				grpclog.Info("Using AppEngine-specific dialer to talk to S2A.")
-			}
-			grpcOpts = append(grpcOpts, appEngineDialerHook(context.Background()))
+		var grpcOpts []grpc.DialOption
+		if transportCreds != nil {
+			grpcOpts = append(grpcOpts, grpc.WithTransportCredentials(transportCreds))
+		} else {
+			grpcOpts = append(grpcOpts, grpc.WithTransportCredentials(insecure.NewCredentials()))
 		}
 		var err error
-		hsConn, err = hsDialer(handshakerServiceAddress, grpcOpts...)
+		hsConn, err = hsDialer(ctx, handshakerServiceAddress, grpcOpts...)
 		if err != nil {
 			return nil, err
 		}
@@ -90,10 +64,3 @@ func Dial(handshakerServiceAddress string) (*grpc.ClientConn, error) {
 	}
 	return hsConn, nil
 }
-
-func enableAppEngineDialer() bool {
-	if strings.ToLower(os.Getenv(enableAppEngineDialerEnv)) == "true" {
-		return true
-	}
-	return false
-}
diff --git a/vendor/github.com/google/s2a-go/internal/record/ticketsender.go b/vendor/github.com/google/s2a-go/internal/record/ticketsender.go
index 33fa3c55d47..e51199ab3ac 100644
--- a/vendor/github.com/google/s2a-go/internal/record/ticketsender.go
+++ b/vendor/github.com/google/s2a-go/internal/record/ticketsender.go
@@ -83,13 +83,15 @@ func (t *ticketSender) sendTicketsToS2A(sessionTickets [][]byte, callComplete ch
 					t.ensureProcessSessionTickets.Done()
 				}
 			}()
-			hsConn, err := service.Dial(t.hsAddr)
+			ctx, cancel := context.WithTimeout(context.Background(), sessionTimeout)
+			defer cancel()
+			// The transportCreds only needs to be set when talking to S2AV2 and also
+			// if mTLS is required.
+			hsConn, err := service.Dial(ctx, t.hsAddr, nil)
 			if err != nil {
 				return err
 			}
 			client := s2apb.NewS2AServiceClient(hsConn)
-			ctx, cancel := context.WithTimeout(context.Background(), sessionTimeout)
-			defer cancel()
 			session, err := client.SetUpSession(ctx)
 			if err != nil {
 				return err
diff --git a/vendor/github.com/google/s2a-go/internal/v2/s2av2.go b/vendor/github.com/google/s2a-go/internal/v2/s2av2.go
index 26fac02dcc8..85a8379d833 100644
--- a/vendor/github.com/google/s2a-go/internal/v2/s2av2.go
+++ b/vendor/github.com/google/s2a-go/internal/v2/s2av2.go
@@ -52,11 +52,12 @@ const (
 const s2aTimeoutEnv = "S2A_TIMEOUT"
 
 type s2av2TransportCreds struct {
-	info         *credentials.ProtocolInfo
-	isClient     bool
-	serverName   string
-	s2av2Address string
-	tokenManager *tokenmanager.AccessTokenManager
+	info           *credentials.ProtocolInfo
+	isClient       bool
+	serverName     string
+	s2av2Address   string
+	transportCreds credentials.TransportCredentials
+	tokenManager   *tokenmanager.AccessTokenManager
 	// localIdentity should only be used by the client.
 	localIdentity *commonpbv1.Identity
 	// localIdentities should only be used by the server.
@@ -69,7 +70,7 @@ type s2av2TransportCreds struct {
 
 // NewClientCreds returns a client-side transport credentials object that uses
 // the S2Av2 to establish a secure connection with a server.
-func NewClientCreds(s2av2Address string, localIdentity *commonpbv1.Identity, verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode, fallbackClientHandshakeFunc fallback.ClientHandshake, getS2AStream func(ctx context.Context, s2av2Address string) (stream.S2AStream, error), serverAuthorizationPolicy []byte) (credentials.TransportCredentials, error) {
+func NewClientCreds(s2av2Address string, transportCreds credentials.TransportCredentials, localIdentity *commonpbv1.Identity, verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode, fallbackClientHandshakeFunc fallback.ClientHandshake, getS2AStream func(ctx context.Context, s2av2Address string) (stream.S2AStream, error), serverAuthorizationPolicy []byte) (credentials.TransportCredentials, error) {
 	// Create an AccessTokenManager instance to use to authenticate to S2Av2.
 	accessTokenManager, err := tokenmanager.NewSingleTokenAccessTokenManager()
 
@@ -80,6 +81,7 @@ func NewClientCreds(s2av2Address string, localIdentity *commonpbv1.Identity, ver
 		isClient:                  true,
 		serverName:                "",
 		s2av2Address:              s2av2Address,
+		transportCreds:            transportCreds,
 		localIdentity:             localIdentity,
 		verificationMode:          verificationMode,
 		fallbackClientHandshake:   fallbackClientHandshakeFunc,
@@ -99,7 +101,7 @@ func NewClientCreds(s2av2Address string, localIdentity *commonpbv1.Identity, ver
 
 // NewServerCreds returns a server-side transport credentials object that uses
 // the S2Av2 to establish a secure connection with a client.
-func NewServerCreds(s2av2Address string, localIdentities []*commonpbv1.Identity, verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode, getS2AStream func(ctx context.Context, s2av2Address string) (stream.S2AStream, error)) (credentials.TransportCredentials, error) {
+func NewServerCreds(s2av2Address string, transportCreds credentials.TransportCredentials, localIdentities []*commonpbv1.Identity, verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode, getS2AStream func(ctx context.Context, s2av2Address string) (stream.S2AStream, error)) (credentials.TransportCredentials, error) {
 	// Create an AccessTokenManager instance to use to authenticate to S2Av2.
 	accessTokenManager, err := tokenmanager.NewSingleTokenAccessTokenManager()
 	creds := &s2av2TransportCreds{
@@ -108,6 +110,7 @@ func NewServerCreds(s2av2Address string, localIdentities []*commonpbv1.Identity,
 		},
 		isClient:         false,
 		s2av2Address:     s2av2Address,
+		transportCreds:   transportCreds,
 		localIdentities:  localIdentities,
 		verificationMode: verificationMode,
 		getS2AStream:     getS2AStream,
@@ -136,7 +139,7 @@ func (c *s2av2TransportCreds) ClientHandshake(ctx context.Context, serverAuthori
 	var err error
 	retry.Run(timeoutCtx,
 		func() error {
-			s2AStream, err = createStream(timeoutCtx, c.s2av2Address, c.getS2AStream)
+			s2AStream, err = createStream(timeoutCtx, c.s2av2Address, c.transportCreds, c.getS2AStream)
 			return err
 		})
 	if err != nil {
@@ -210,7 +213,7 @@ func (c *s2av2TransportCreds) ServerHandshake(rawConn net.Conn) (net.Conn, crede
 	var err error
 	retry.Run(ctx,
 		func() error {
-			s2AStream, err = createStream(ctx, c.s2av2Address, c.getS2AStream)
+			s2AStream, err = createStream(ctx, c.s2av2Address, c.transportCreds, c.getS2AStream)
 			return err
 		})
 	if err != nil {
@@ -311,11 +314,12 @@ func (c *s2av2TransportCreds) Clone() credentials.TransportCredentials {
 func NewClientTLSConfig(
 	ctx context.Context,
 	s2av2Address string,
+	transportCreds credentials.TransportCredentials,
 	tokenManager tokenmanager.AccessTokenManager,
 	verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode,
 	serverName string,
 	serverAuthorizationPolicy []byte) (*tls.Config, error) {
-	s2AStream, err := createStream(ctx, s2av2Address, nil)
+	s2AStream, err := createStream(ctx, s2av2Address, transportCreds, nil)
 	if err != nil {
 		grpclog.Infof("Failed to connect to S2Av2: %v", err)
 		return nil, err
@@ -358,12 +362,12 @@ func (x s2AGrpcStream) CloseSend() error {
 	return x.stream.CloseSend()
 }
 
-func createStream(ctx context.Context, s2av2Address string, getS2AStream func(ctx context.Context, s2av2Address string) (stream.S2AStream, error)) (stream.S2AStream, error) {
+func createStream(ctx context.Context, s2av2Address string, transportCreds credentials.TransportCredentials, getS2AStream func(ctx context.Context, s2av2Address string) (stream.S2AStream, error)) (stream.S2AStream, error) {
 	if getS2AStream != nil {
 		return getS2AStream(ctx, s2av2Address)
 	}
 	// TODO(rmehta19): Consider whether to close the connection to S2Av2.
-	conn, err := service.Dial(s2av2Address)
+	conn, err := service.Dial(ctx, s2av2Address, transportCreds)
 	if err != nil {
 		return nil, err
 	}
diff --git a/vendor/github.com/google/s2a-go/retry/retry.go b/vendor/github.com/google/s2a-go/retry/retry.go
index 224915f4ddc..f7e0a23779f 100644
--- a/vendor/github.com/google/s2a-go/retry/retry.go
+++ b/vendor/github.com/google/s2a-go/retry/retry.go
@@ -120,9 +120,9 @@ func Run(ctx context.Context, f func() error) {
 				}
 				break
 			}
-			if sleepErr := Sleep(ctx, bo); sleepErr != nil {
+			if errSleep := Sleep(ctx, bo); errSleep != nil {
 				if grpclog.V(1) {
-					grpclog.Infof("exit retry loop due to sleep error: %v", sleepErr)
+					grpclog.Infof("exit retry loop due to sleep error: %v", errSleep)
 				}
 				break
 			}
diff --git a/vendor/github.com/google/s2a-go/s2a.go b/vendor/github.com/google/s2a-go/s2a.go
index d684c2c7383..5ecb06f930e 100644
--- a/vendor/github.com/google/s2a-go/s2a.go
+++ b/vendor/github.com/google/s2a-go/s2a.go
@@ -112,7 +112,7 @@ func NewClientCreds(opts *ClientOptions) (credentials.TransportCredentials, erro
 	if opts.FallbackOpts != nil && opts.FallbackOpts.FallbackClientHandshakeFunc != nil {
 		fallbackFunc = opts.FallbackOpts.FallbackClientHandshakeFunc
 	}
-	return v2.NewClientCreds(opts.S2AAddress, localIdentity, verificationMode, fallbackFunc, opts.getS2AStream, opts.serverAuthorizationPolicy)
+	return v2.NewClientCreds(opts.S2AAddress, opts.TransportCreds, localIdentity, verificationMode, fallbackFunc, opts.getS2AStream, opts.serverAuthorizationPolicy)
 }
 
 // NewServerCreds returns a server-side transport credentials object that uses
@@ -147,7 +147,7 @@ func NewServerCreds(opts *ServerOptions) (credentials.TransportCredentials, erro
 		}, nil
 	}
 	verificationMode := getVerificationMode(opts.VerificationMode)
-	return v2.NewServerCreds(opts.S2AAddress, localIdentities, verificationMode, opts.getS2AStream)
+	return v2.NewServerCreds(opts.S2AAddress, opts.TransportCreds, localIdentities, verificationMode, opts.getS2AStream)
 }
 
 // ClientHandshake initiates a client-side TLS handshake using the S2A.
@@ -156,17 +156,17 @@ func (c *s2aTransportCreds) ClientHandshake(ctx context.Context, serverAuthority
 		return nil, nil, errors.New("client handshake called using server transport credentials")
 	}
 
+	var cancel context.CancelFunc
+	ctx, cancel = context.WithCancel(ctx)
+	defer cancel()
+
 	// Connect to the S2A.
-	hsConn, err := service.Dial(c.s2aAddr)
+	hsConn, err := service.Dial(ctx, c.s2aAddr, nil)
 	if err != nil {
 		grpclog.Infof("Failed to connect to S2A: %v", err)
 		return nil, nil, err
 	}
 
-	var cancel context.CancelFunc
-	ctx, cancel = context.WithCancel(ctx)
-	defer cancel()
-
 	opts := &handshaker.ClientHandshakerOptions{
 		MinTLSVersion:               c.minTLSVersion,
 		MaxTLSVersion:               c.maxTLSVersion,
@@ -204,16 +204,16 @@ func (c *s2aTransportCreds) ServerHandshake(rawConn net.Conn) (net.Conn, credent
 		return nil, nil, errors.New("server handshake called using client transport credentials")
 	}
 
+	ctx, cancel := context.WithTimeout(context.Background(), defaultTimeout)
+	defer cancel()
+
 	// Connect to the S2A.
-	hsConn, err := service.Dial(c.s2aAddr)
+	hsConn, err := service.Dial(ctx, c.s2aAddr, nil)
 	if err != nil {
 		grpclog.Infof("Failed to connect to S2A: %v", err)
 		return nil, nil, err
 	}
 
-	ctx, cancel := context.WithTimeout(context.Background(), defaultTimeout)
-	defer cancel()
-
 	opts := &handshaker.ServerHandshakerOptions{
 		MinTLSVersion:   c.minTLSVersion,
 		MaxTLSVersion:   c.maxTLSVersion,
@@ -313,6 +313,7 @@ func NewTLSClientConfigFactory(opts *ClientOptions) (TLSClientConfigFactory, err
 		grpclog.Infof("Access token manager not initialized: %v", err)
 		return &s2aTLSClientConfigFactory{
 			s2av2Address:              opts.S2AAddress,
+			transportCreds:            opts.TransportCreds,
 			tokenManager:              nil,
 			verificationMode:          getVerificationMode(opts.VerificationMode),
 			serverAuthorizationPolicy: opts.serverAuthorizationPolicy,
@@ -320,6 +321,7 @@ func NewTLSClientConfigFactory(opts *ClientOptions) (TLSClientConfigFactory, err
 	}
 	return &s2aTLSClientConfigFactory{
 		s2av2Address:              opts.S2AAddress,
+		transportCreds:            opts.TransportCreds,
 		tokenManager:              tokenManager,
 		verificationMode:          getVerificationMode(opts.VerificationMode),
 		serverAuthorizationPolicy: opts.serverAuthorizationPolicy,
@@ -328,6 +330,7 @@ func NewTLSClientConfigFactory(opts *ClientOptions) (TLSClientConfigFactory, err
 
 type s2aTLSClientConfigFactory struct {
 	s2av2Address              string
+	transportCreds            credentials.TransportCredentials
 	tokenManager              tokenmanager.AccessTokenManager
 	verificationMode          s2av2pb.ValidatePeerCertificateChainReq_VerificationMode
 	serverAuthorizationPolicy []byte
@@ -339,7 +342,7 @@ func (f *s2aTLSClientConfigFactory) Build(
 	if opts != nil && opts.ServerName != "" {
 		serverName = opts.ServerName
 	}
-	return v2.NewClientTLSConfig(ctx, f.s2av2Address, f.tokenManager, f.verificationMode, serverName, f.serverAuthorizationPolicy)
+	return v2.NewClientTLSConfig(ctx, f.s2av2Address, f.transportCreds, f.tokenManager, f.verificationMode, serverName, f.serverAuthorizationPolicy)
 }
 
 func getVerificationMode(verificationMode VerificationModeType) s2av2pb.ValidatePeerCertificateChainReq_VerificationMode {
diff --git a/vendor/github.com/google/s2a-go/s2a_options.go b/vendor/github.com/google/s2a-go/s2a_options.go
index 94feafb9cf8..fcdbc1621bd 100644
--- a/vendor/github.com/google/s2a-go/s2a_options.go
+++ b/vendor/github.com/google/s2a-go/s2a_options.go
@@ -26,6 +26,7 @@ import (
 
 	"github.com/google/s2a-go/fallback"
 	"github.com/google/s2a-go/stream"
+	"google.golang.org/grpc/credentials"
 
 	s2apb "github.com/google/s2a-go/internal/proto/common_go_proto"
 )
@@ -92,6 +93,9 @@ type ClientOptions struct {
 	LocalIdentity Identity
 	// S2AAddress is the address of the S2A.
 	S2AAddress string
+	// Optional transport credentials.
+	// If set, this will be used for the gRPC connection to the S2A server.
+	TransportCreds credentials.TransportCredentials
 	// EnsureProcessSessionTickets waits for all session tickets to be sent to
 	// S2A before a process completes.
 	//
@@ -173,6 +177,9 @@ type ServerOptions struct {
 	LocalIdentities []Identity
 	// S2AAddress is the address of the S2A.
 	S2AAddress string
+	// Optional transport credentials.
+	// If set, this will be used for the gRPC connection to the S2A server.
+	TransportCreds credentials.TransportCredentials
 	// If true, enables the use of legacy S2Av1.
 	EnableLegacyMode bool
 	// VerificationMode specifies the mode that S2A must use to verify the
diff --git a/vendor/github.com/google/s2a-go/testdata/mds_client_cert.pem b/vendor/github.com/google/s2a-go/testdata/mds_client_cert.pem
new file mode 100644
index 00000000000..60c4cf06915
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/testdata/mds_client_cert.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDCDCCAfACFFlYsYCFit01ZpYmfjxpo7/6wMEbMA0GCSqGSIb3DQEBCwUAMEgx
+CzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEPMA0GA1UECgwGR29vZ2xlMRswGQYD
+VQQDDBJ0ZXN0LXMyYS1tdGxzLXJvb3QwHhcNMjMwODIyMTY0NTE4WhcNNDMwODIy
+MTY0NTE4WjA5MQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExHTAbBgNVBAMMFHRl
+c3QtczJhLW10bHMtY2xpZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAqrQQMyxNtmdCB+uY3szgRsfPrKC+TV9Fusnd8PfaCVuGTGcSBKM018nV2TDn
+3IYFQ1HgLpGwGwOFDBb3y0o9i2/l2VJySriX1GSNX6nDmVasQlO1wuOLCP7/LRmO
+7b6Kise5W0IFhYaptKyWnekn2pS0tAjimqpfn2w0U6FDGtQUqg/trQQmGtTSJHjb
+A+OFd0EFC18KGP8Q+jOMaMkJRmpeEiAPyHPDoMhqQNT26RApv9j2Uzo4SuXzHH6T
+cAdm1+zG+EXY/UZKX9oDkSbwIJvN+gCmNyORLalJ12gsGYOCjMd8K0mlXBqrmmbO
+VHVbUm9062lhE7x59AA8DK4DoQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCPOvtL
+dq2hxFHlIy0YUK8jp/DtwJZPwzx1id5FtWwd0CxBS1StIgmkHMxtkJGz1iyQLplI
+je+Msd4sTsb5zZi/8kGKehi8Wj4lghp4oP30cpob41OvM68M9RC/wSOVk9igSww+
+l3zof6wKRIswsi5VHrL16ruIVVoDlyFbKr8yk+cp9OPOV8hNNN7ewY9xC8OgnTt8
+YtdaLe6uTplKBLW+j3GtshigRhyfkGJyPFYL4LAeDJCHlC1qmBnkyP0ijMp6vneM
+E8TLavnMTMcpihWTWpyKeRkO6HDRsP4AofQAp7VAiAdSOplga+w2qgrVICV+m8MK
+BTq2PBvc59T6OFLq
+-----END CERTIFICATE-----
diff --git a/vendor/github.com/google/s2a-go/testdata/mds_client_key.pem b/vendor/github.com/google/s2a-go/testdata/mds_client_key.pem
new file mode 100644
index 00000000000..9d112d1e9ff
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/testdata/mds_client_key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCqtBAzLE22Z0IH
+65jezOBGx8+soL5NX0W6yd3w99oJW4ZMZxIEozTXydXZMOfchgVDUeAukbAbA4UM
+FvfLSj2Lb+XZUnJKuJfUZI1fqcOZVqxCU7XC44sI/v8tGY7tvoqKx7lbQgWFhqm0
+rJad6SfalLS0COKaql+fbDRToUMa1BSqD+2tBCYa1NIkeNsD44V3QQULXwoY/xD6
+M4xoyQlGal4SIA/Ic8OgyGpA1PbpECm/2PZTOjhK5fMcfpNwB2bX7Mb4Rdj9Rkpf
+2gORJvAgm836AKY3I5EtqUnXaCwZg4KMx3wrSaVcGquaZs5UdVtSb3TraWETvHn0
+ADwMrgOhAgMBAAECggEAUccupZ1ZY4OHTi0PkNk8rpwFwTFGyeFVEf2ofkr24RnA
+NnUAXEllxOUUNlcoFOz9s3kTeavg3qgqgpa0QmdAIb9LMXg+ec6CKkW7trMpGho8
+LxBUWNfSoU4sKEqAvyPT0lWJVo9D/up6/avbAi6TIbOw+Djzel4ZrlHTpabxc3WT
+EilXzn4q54b3MzxCQeQjcnzTieW4Q5semG2kLiXFToHIY2di01P/O8awUjgrD+uW
+/Cb6H49MnHm9VPkqea1iwZeMQd6Gh5FrC7RezsBjdB1JBcfsv6PFt2ySInjB8SF+
+XR5Gr3Cc5sh9s0LfprZ9Dq0rlSWmwasPMI1COK6SswKBgQDczgeWd3erQ1JX9LEI
+wollawqC9y7uJhEsw1hrPqA3uqZYiLUc7Nmi4laZ12mcGoXNDS3R3XmD58qGmGaU
+lxEVTb8KDVWBgw450VoBKzSMQnCP6zn4nZxTYxeqMKjDGf6TRB6TZc843qsG3eRC
+k91yxrCQ/0HV6PT48C+lieDzLwKBgQDF6aNKiyrswr457undBnM1H8q/Y6xC5ZlK
+UtiQdhuyBnicvz0U8WPxBY/8gha0OXWuSnBqq/z77iFVNv/zT6p9K7kM7nBGd8cB
+8KO6FNbyaHWFrhCI5zNzRTH4oha0hfvUOoti09vqavCtWD4L+D/63ba1wNLKPO9o
+4gWbCnUCLwKBgQC/vus372csgrnvR761LLrEJ8BpGt7WUJh5luoht7DKtHvgRleB
+Vu1oVcV+s2Iy/ZVUDC3OIdZ0hcWKPK5YOxfKuEk+IXYvke+4peTTPwHTC59UW6Fs
+FPK8N0FFuhvT0a8RlAY5WiAp8rPysp6WcnHMSl7qi8BQUozp4Sp/RsziYQKBgBXv
+r4mzoy5a53rEYGd/L4XT4EUWZyGDEVqLlDVu4eL5lKTLDZokp08vrqXuRVX0iHap
+CYzJQ2EpI8iuL/BoBB2bmwcz5n3pCMXORld5t9lmeqA2it6hwbIlGUTVsm6P6zm6
+w3hQwy9YaxTLkxUAjxbfPEEo/jQsTNzzMGve3NlBAoGAbgJExpDyMDnaD2Vi5eyr
+63b54BsqeLHqxJmADifyRCj7G1SJMm3zMKkNNOS0vsXgoiId973STFf1XQiojiv8
+Slbxyv5rczcY0n3LOuQYcM5OzsjzpNFZsT2dDnMfNRUF3rx3Geu/FuJ9scF1b00r
+fVMrcL3jSf/W1Xh4TgtyoU8=
+-----END PRIVATE KEY-----
diff --git a/vendor/github.com/google/s2a-go/testdata/mds_root_cert.pem b/vendor/github.com/google/s2a-go/testdata/mds_root_cert.pem
new file mode 100644
index 00000000000..44e436f6ec7
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/testdata/mds_root_cert.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDcTCCAlmgAwIBAgIUDUkgI+2FZtuUHyUUi0ZBH7JvN00wDQYJKoZIhvcNAQEL
+BQAwSDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQ8wDQYDVQQKDAZHb29nbGUx
+GzAZBgNVBAMMEnRlc3QtczJhLW10bHMtcm9vdDAeFw0yMzA4MjEyMTI5MTVaFw00
+MzA4MjEyMTI5MTVaMEgxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEPMA0GA1UE
+CgwGR29vZ2xlMRswGQYDVQQDDBJ0ZXN0LXMyYS1tdGxzLXJvb3QwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbFEQfpvla27bATedrN4BAWsI9GSwSnJLW
+QWzXcnAk6cKxQBAhnaKHRxHY8ttLhNTtxQeub894CLzJvHE/0xDhuMzjtCCCZ7i2
+r08tKZ1KcEzPJCPNlxlzAXPA45XU3LRlbGvju/PBPhm6n1hCEKTNI/KETJ5DEaYg
+Cf2LcXVsl/zW20MwDZ+e2w/9a2a6n6DdpW1ekOR550hXAUOIxvmXRBeYeGLFvp1n
+rQgZBhRaxP03UB+PQD2oMi/4mfsS96uGCXdzzX8qV46O8m132HUbnA/wagIwboEe
+d7Bx237dERDyHw5GFnll7orgA0FOtoEufXdeQxWVvTjO0+PVPgsvAgMBAAGjUzBR
+MB0GA1UdDgQWBBRyMtg/yutV8hw8vOq0i8x0eBQi7DAfBgNVHSMEGDAWgBRyMtg/
+yutV8hw8vOq0i8x0eBQi7DAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUA
+A4IBAQArN/gdqWMxd5Rvq2eJMTp6I4RepJOT7Go4sMsRsy1caJqqcoS2EvREDZMN
+XNEBcyQBB5kYd6TCcZGoLnEtWYXQ4jjEiXG1g7/+rWxyqw0ZYuP7FWzuHg3Uor/x
+fApbEKwptP5ywVc+33h4qreGcqXkVCCn+sAcstGgrqubdGZW2T5gazUMyammOOuN
+9IWL1PbvXmgEKD+80NUIrk09zanYyrElGdU/zw/kUbZ3Jf6WUBtJGhTzRQ1qZeKa
+VnpCbLoG3vObEB8mxDUAlIzwAtfvw4U32BVIZA8xrocz6OOoAnSW1bTlo3EOIo/G
+MTV7jmY9TBPtfhRuO/cG650+F+cw
+-----END CERTIFICATE-----
diff --git a/vendor/github.com/google/s2a-go/testdata/mds_server_cert.pem b/vendor/github.com/google/s2a-go/testdata/mds_server_cert.pem
new file mode 100644
index 00000000000..68c60613458
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/testdata/mds_server_cert.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDbjCCAlagAwIBAgIUbexZ5sZl86Al9dsI2PkOgtqKnkgwDQYJKoZIhvcNAQEL
+BQAwSDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQ8wDQYDVQQKDAZHb29nbGUx
+GzAZBgNVBAMMEnRlc3QtczJhLW10bHMtcm9vdDAeFw0yMzA4MjIwMDMyMDRaFw00
+MzA4MjIwMDMyMDRaMDkxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEdMBsGA1UE
+AwwUdGVzdC1zMmEtbXRscy1zZXJ2ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQCMEzybsGPqfh92GLwy43mt8kQDF3ztr8y06RwU1hVnY7QqYK4obpvh
+HkJVnTz9gwNBF3n5nUalqRzactlf2PCydN9oSYNCO8svVmo7vw1CleKAKFAiV5Qn
+H76QlqD15oJreh7nSM8R4qj5KukIHvt0cN0gD6CJQzIURDtsKJwkW3yQjYyT/FAK
+GYtFrB6buDn3Eg3Hsw6z7uj7CzLBsSl7BIGrQILbpbI9nFNT3rUTUhXZKY/3UtJA
+Ob66AjTmMbD16RGYZR4JsPx6CstheifJ6YSI79r5KgD37zX0jMXFWimvb2SmZmFe
+LoohtC8K7uTyjm/dROx6nHXdDt5TQYXHAgMBAAGjXzBdMBsGA1UdEQQUMBKHEAAA
+AAAAAAAAAAAAAAAAAAAwHQYDVR0OBBYEFI3i2+tIk6YYn0MIxC0q93jk1VsUMB8G
+A1UdIwQYMBaAFHIy2D/K61XyHDy86rSLzHR4FCLsMA0GCSqGSIb3DQEBCwUAA4IB
+AQAUhk+s/lrIAULBbU7E22C8f93AzTxE1mhyHGNlfPPJP3t1Dl+h4X4WkFpkz5gT
+EcNXB//Vvoq99HbEK5/92sxsIPexKdJBdcggeHXIgLDkOrEZEb0Nnh9eaAuU2QDn
+JW44hMB+aF6mEaJvOHE6DRkQw3hwFYFisFKKHtlQ3TyOhw5CHGzSExPZusdSFNIe
+2E7V/0QzGPJEFnEFUNe9N8nTH2P385Paoi+5+Iizlp/nztVXfzv0Cj/i+qGgtDUs
+HB+gBU2wxMw8eYyuNzACH70wqGR1Parj8/JoyYhx0S4+Gjzy3JH3CcAMaxyfH/dI
+4Wcvfz/isxgmH1UqIt3oc6ad
+-----END CERTIFICATE-----
diff --git a/vendor/github.com/google/s2a-go/testdata/mds_server_key.pem b/vendor/github.com/google/s2a-go/testdata/mds_server_key.pem
new file mode 100644
index 00000000000..b14ad0f724e
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/testdata/mds_server_key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCMEzybsGPqfh92
+GLwy43mt8kQDF3ztr8y06RwU1hVnY7QqYK4obpvhHkJVnTz9gwNBF3n5nUalqRza
+ctlf2PCydN9oSYNCO8svVmo7vw1CleKAKFAiV5QnH76QlqD15oJreh7nSM8R4qj5
+KukIHvt0cN0gD6CJQzIURDtsKJwkW3yQjYyT/FAKGYtFrB6buDn3Eg3Hsw6z7uj7
+CzLBsSl7BIGrQILbpbI9nFNT3rUTUhXZKY/3UtJAOb66AjTmMbD16RGYZR4JsPx6
+CstheifJ6YSI79r5KgD37zX0jMXFWimvb2SmZmFeLoohtC8K7uTyjm/dROx6nHXd
+Dt5TQYXHAgMBAAECggEAIB5zGdIG/yh/Z1GBqfuOFaxFGx5iJ5BVlLAVH9P9IXFz
+yPnVRXEjbinFlSMSbqEBeIX9EpcVMXxHIPIP1RIGEy2IYr3kiqXyT771ahDDZh6/
+Spqz0UQatSPqyvW3H9uE0Uc12dvQm23JSCUmPRX5m7gbhDQBIChXzdzdcU4Yi59V
+4xmJUvbsAcLw5CBM6kwV+1NGVH9+3mUdhrr9M6B6+sVB/xnaqMGEDfQGiwL8U7EY
+QOuc46KXu3Pd/qCdVLn60IrdjSzDJKeC5UZZ+ejNAo+DfbtOovBj3qu3OCUg4XVy
+0CDBJ1sTdLvUfF4Gb+crjPsd+qBbXcjVfqdadwhsoQKBgQDBF1Pys/NitW8okJwp
+2fiDIASP3TiI+MthWHGyuoZGPvmXQ3H6iuLSm8c/iYI2WPTf53Xff1VcFm1GmQms
+GCsYM8Ax94zCeO6Ei1sYYxwcBloEZfOeV37MPA4pjJF4Lt+n5nveNxP+lrsjksJz
+wToSEgWPDT1b/xcdt4/5j9J85wKBgQC5tiLx+33mwH4DoaFRmSl0+VuSNYFw6DTQ
+SQ+kWqWGH4NENc9wf4Dj2VUZQhpXNhXVSxj+aP2d/ck1NrTJAWqYEXCDtFQOGSa2
+cGPRr+Fhy5NIEaEvR7IXcMBZzx3koYmWVBHricyrXs5FvHrT3N14mGDUG8n24U3f
+R799bau0IQKBgQC97UM+lHCPJCWNggiJRgSifcje9VtZp1btjoBvq/bNe74nYkjn
+htsrC91Fiu1Qpdlfr50K1IXSyaB886VG6JLjAGxI+dUzqJ38M9LLvxj0G+9JKjsi
+AbAQFfZcOg8QZxLJZPVsE0MQhZTXndC06VhEVAOxvPUg214Sde8hK61/+wKBgCRw
+O10VhnePT2pw/VEgZ0T/ZFtEylgYB7zSiRIrgwzVBBGPKVueePC8BPmGwdpYz2Hh
+cU8B1Ll6QU+Co2hJMdwSl+wPpup5PuJPHRbYlrV0lzpt0x2OyL/WrLcyb2Ab3f40
+EqwPhqwdVwXR3JvTW1U9OMqFhVQ+kuP7lPQMX8NhAoGBAJOgZ7Tokipc4Mi68Olw
+SCaOPvjjy4sW2rTRuKyjc1wTAzy7SJ3vXHfGkkN99nTLJFwAyJhWUpnRdwAXGi+x
+gyOa95ImsEfRSwEjbluWfF8/P0IU8GR+ZTqT4NnNCOsi8T/xst4Szd1ECJNnnZDe
+1ChfPP1AH+/75MJCvu6wQBQv
+-----END PRIVATE KEY-----
diff --git a/vendor/github.com/google/s2a-go/testdata/self_signed_cert.pem b/vendor/github.com/google/s2a-go/testdata/self_signed_cert.pem
new file mode 100644
index 00000000000..ad1bad59845
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/testdata/self_signed_cert.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDITCCAgkCFBS8mLoytMpMWBwpAtnRaq3eIKnsMA0GCSqGSIb3DQEBCwUAME0x
+CzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTENMAsGA1UECgwEVGVzdDEiMCAGA1UE
+AwwZdGVzdC1zMmEtbXRscy1zZWxmLXNpZ25lZDAeFw0yMzA4MjIyMTE2MDFaFw00
+MzA4MjIyMTE2MDFaME0xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTENMAsGA1UE
+CgwEVGVzdDEiMCAGA1UEAwwZdGVzdC1zMmEtbXRscy1zZWxmLXNpZ25lZDCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKFFPsYasKZeCFLEXl3RpE/ZOXFe
+2lhutIalSpZvCmso+mQGoZ4cHK7At+kDjBi5CrnXkYcw7quQAhHgU0frhWdj7tsW
+HUUtq7T8eaGWKBnVD9fl+MjtAl1BmhXwV9qRBbj4EesSKGDSGpKf66dOtzw83JbB
+cU7XlPAH1c1zo2GXC1himcZ+SVGHVrOjn4NmeFs8g94/Dke8dWkHwv5YTMVugFK4
+5KxKgSOKkr4ka7PCBzgxCnW4wYSZNRHcxrqkiArO2HAQq0ACr7u+fVDYH//9mP2Z
+ADo/zch7O5yhkiNbjXJIRrptDWEuVYMRloYDhT773h7bV/Q0Wo0NQGtasJ8CAwEA
+ATANBgkqhkiG9w0BAQsFAAOCAQEAPjbH0TMyegF/MDvglkc0sXr6DqlmTxDCZZmG
+lYPZ5Xy062+rxIHghMARbvO4BxepiG37KsP2agvOldm4TtU8nQ8LyswmSIFm4BQ+
+XQWwdsWyYyd8l0d5sXAdaN6AXwy50fvqCepmEqyreMY6dtLzlwo9gVCBFB7QuAPt
+Nc14phpEUZt/KPNuY6cUlB7bz3tmnFbwxUrWj1p0KBEYsr7+KEVZxR+z0wtlU7S9
+ZBrmUvx0fq5Ef7JWtHW0w4ofg1op742sdYl+53C26GZ76ts4MmqVz2/94DScgRaU
+gT0GLVuuCZXRDVeTXqTb4mditRCfzFPe9cCegYhGhSqBs8yh5A==
+-----END CERTIFICATE-----
diff --git a/vendor/github.com/google/s2a-go/testdata/self_signed_key.pem b/vendor/github.com/google/s2a-go/testdata/self_signed_key.pem
new file mode 100644
index 00000000000..bcf08e4f12f
--- /dev/null
+++ b/vendor/github.com/google/s2a-go/testdata/self_signed_key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQChRT7GGrCmXghS
+xF5d0aRP2TlxXtpYbrSGpUqWbwprKPpkBqGeHByuwLfpA4wYuQq515GHMO6rkAIR
+4FNH64VnY+7bFh1FLau0/HmhligZ1Q/X5fjI7QJdQZoV8FfakQW4+BHrEihg0hqS
+n+unTrc8PNyWwXFO15TwB9XNc6NhlwtYYpnGfklRh1azo5+DZnhbPIPePw5HvHVp
+B8L+WEzFboBSuOSsSoEjipK+JGuzwgc4MQp1uMGEmTUR3Ma6pIgKzthwEKtAAq+7
+vn1Q2B///Zj9mQA6P83IezucoZIjW41ySEa6bQ1hLlWDEZaGA4U++94e21f0NFqN
+DUBrWrCfAgMBAAECggEAR8e8YwyqJ8KezcgdgIC5M9kp2i4v3UCZFX0or8CI0J2S
+pUbWVLuKgLXCpfIwPyjNf15Vpei/spkMcsx4BQDthdFTFSzIpmvni0z9DlD5VFYj
+ESOJElV7wepbHPy2/c+izmuL/ic81aturGiFyRgeMq+cN3WuaztFTXkPTrzzsZGF
+p/Mx3gqm7Hoc3d2xlv+8L5GjCtEJPlQgZJV+s3ennBjOAd8CC7d9qJetE3Er46pn
+r5jedV3bQRZYBzmooYNHjbAs26++wYac/jTE0/U6nKS17eWq4BQZUtlMXUw5N81B
+7LKn7C03rj2KCn+Nf5uin9ALmoy888LXCDdvL/NZkQKBgQDduv1Heu+tOZuNYUdQ
+Hswmd8sVNAAWGZxdxixHMv58zrgbLFXSX6K89X2l5Sj9XON8TH46MuSFdjSwwWw5
+fBrhVEhA5srcqpvVWIBE05yqPpt0s1NQktMWJKELWlG8jOhVKwM5OYDpdxtwehpz
+1g70XJz+nF/LTV8RdTK+OWDDpQKBgQC6MhdbGHUz/56dY3gZpE5TXnN2hkNbZCgk
+emr6z85VHhQflZbedhCzB9PUnZnCKWOGQHQdxRTtRfd46LVboZqCdYO1ZNQv6toP
+ysS7dTpZZFy7CpQaW0Y6/jS65jW6xIDKR1W40vgltZ3sfpG37JaowpzWdw2WuOnw
+Bg0rcJAf8wKBgQCqE+p/z97UwuF8eufWnyj9QNo382E1koOMspv4KTdnyLETtthF
+vDH6O1wbykG8xmmASLRyM+NyNA+KnXNETNvZh2q8zctBpGRQK8iIAsGjHM7ln0AD
+B/x+ea5GJQuZU4RK/+lDFca6TjBwAFkWDVX/PqL18kDQkxKfM4SuwRhmOQKBgDGh
+eoJIsa0LnP787Z2AI3Srf4F/ZmLs/ppCm1OBotEjdF+64v0nYWonUvqgi8SqfaHi
+elEZIGvis4ViGj1zhRjzNAlc+AZRxpBhDzGcnNIJI4Kj3jhsTfsZmXqcNIQ1LtM8
+Uogyi/yZPaA1WKg7Aym2vlGYaGHdplXZdxc2KOSrAoGABRkD9l2OVcwK7RyNgFxo
+mjxx0tfUdDBhHIi2igih1FiHpeP9E+4/kE/K7PnU9DoDrL1jW1MTpXaYV4seOylk
+k9z/9QfcRa9ePD2N4FqbHWSYp5n3aLoIcGq/9jyjTwayZbbIhWO+vNuHE9wIvecZ
+8x3gNkxJRb4NaLIoNzAhCoo=
+-----END PRIVATE KEY-----
diff --git a/vendor/github.com/googleapis/enterprise-certificate-proxy/client/client.go b/vendor/github.com/googleapis/enterprise-certificate-proxy/client/client.go
index b3283b81588..ea5beb5aa76 100644
--- a/vendor/github.com/googleapis/enterprise-certificate-proxy/client/client.go
+++ b/vendor/github.com/googleapis/enterprise-certificate-proxy/client/client.go
@@ -35,6 +35,8 @@ import (
 const signAPI = "EnterpriseCertSigner.Sign"
 const certificateChainAPI = "EnterpriseCertSigner.CertificateChain"
 const publicKeyAPI = "EnterpriseCertSigner.Public"
+const encryptAPI = "EnterpriseCertSigner.Encrypt"
+const decryptAPI = "EnterpriseCertSigner.Decrypt"
 
 // A Connection wraps a pair of unidirectional streams as an io.ReadWriteCloser.
 type Connection struct {
@@ -54,13 +56,28 @@ func (c *Connection) Close() error {
 
 func init() {
 	gob.Register(crypto.SHA256)
+	gob.Register(crypto.SHA384)
+	gob.Register(crypto.SHA512)
 	gob.Register(&rsa.PSSOptions{})
+	gob.Register(&rsa.OAEPOptions{})
 }
 
-// SignArgs contains arguments to a crypto Signer.Sign method.
+// SignArgs contains arguments for a Sign API call.
 type SignArgs struct {
 	Digest []byte            // The content to sign.
-	Opts   crypto.SignerOpts // Options for signing, such as Hash identifier.
+	Opts   crypto.SignerOpts // Options for signing. Must implement HashFunc().
+}
+
+// EncryptArgs contains arguments for an Encrypt API call.
+type EncryptArgs struct {
+	Plaintext []byte // The plaintext to encrypt.
+	Opts      any    // Options for encryption. Ex: an instance of crypto.Hash.
+}
+
+// DecryptArgs contains arguments to for a Decrypt API call.
+type DecryptArgs struct {
+	Ciphertext []byte               // The ciphertext to decrypt.
+	Opts       crypto.DecrypterOpts // Options for decryption. Ex: an instance of *rsa.OAEPOptions.
 }
 
 // Key implements credential.Credential by holding the executed signer subprocess.
@@ -98,7 +115,7 @@ func (k *Key) Public() crypto.PublicKey {
 	return k.publicKey
 }
 
-// Sign signs a message digest, using the specified signer options.
+// Sign signs a message digest, using the specified signer opts. Implements crypto.Signer interface.
 func (k *Key) Sign(_ io.Reader, digest []byte, opts crypto.SignerOpts) (signed []byte, err error) {
 	if opts != nil && opts.HashFunc() != 0 && len(digest) != opts.HashFunc().Size() {
 		return nil, fmt.Errorf("Digest length of %v bytes does not match Hash function size of %v bytes", len(digest), opts.HashFunc().Size())
@@ -107,6 +124,18 @@ func (k *Key) Sign(_ io.Reader, digest []byte, opts crypto.SignerOpts) (signed [
 	return
 }
 
+// Encrypt encrypts a plaintext msg into ciphertext, using the specified encrypt opts.
+func (k *Key) Encrypt(_ io.Reader, msg []byte, opts any) (ciphertext []byte, err error) {
+	err = k.client.Call(encryptAPI, EncryptArgs{Plaintext: msg, Opts: opts}, &ciphertext)
+	return
+}
+
+// Decrypt decrypts a ciphertext msg into plaintext, using the specified decrypter opts. Implements crypto.Decrypter interface.
+func (k *Key) Decrypt(_ io.Reader, msg []byte, opts crypto.DecrypterOpts) (plaintext []byte, err error) {
+	err = k.client.Call(decryptAPI, DecryptArgs{Ciphertext: msg, Opts: opts}, &plaintext)
+	return
+}
+
 // ErrCredUnavailable is a sentinel error that indicates ECP Cred is unavailable,
 // possibly due to missing config or missing binary path.
 var ErrCredUnavailable = errors.New("Cred is unavailable")
@@ -120,7 +149,12 @@ var ErrCredUnavailable = errors.New("Cred is unavailable")
 // The config file also specifies which certificate the signer should use.
 func Cred(configFilePath string) (*Key, error) {
 	if configFilePath == "" {
-		configFilePath = util.GetDefaultConfigFilePath()
+		envFilePath := util.GetConfigFilePathFromEnv()
+		if envFilePath != "" {
+			configFilePath = envFilePath
+		} else {
+			configFilePath = util.GetDefaultConfigFilePath()
+		}
 	}
 	enterpriseCertSignerPath, err := util.LoadSignerBinaryPath(configFilePath)
 	if err != nil {
diff --git a/vendor/github.com/googleapis/enterprise-certificate-proxy/client/util/util.go b/vendor/github.com/googleapis/enterprise-certificate-proxy/client/util/util.go
index 1640ec1c9e3..f374a7f55f4 100644
--- a/vendor/github.com/googleapis/enterprise-certificate-proxy/client/util/util.go
+++ b/vendor/github.com/googleapis/enterprise-certificate-proxy/client/util/util.go
@@ -22,6 +22,7 @@ import (
 	"os/user"
 	"path/filepath"
 	"runtime"
+	"strings"
 )
 
 const configFileName = "certificate_config.json"
@@ -63,6 +64,9 @@ func LoadSignerBinaryPath(configFilePath string) (path string, err error) {
 	if signerBinaryPath == "" {
 		return "", ErrConfigUnavailable
 	}
+
+	signerBinaryPath = strings.ReplaceAll(signerBinaryPath, "~", guessHomeDir())
+	signerBinaryPath = strings.ReplaceAll(signerBinaryPath, "$HOME", guessHomeDir())
 	return signerBinaryPath, nil
 }
 
@@ -89,3 +93,8 @@ func getDefaultConfigFileDirectory() (directory string) {
 func GetDefaultConfigFilePath() (path string) {
 	return filepath.Join(getDefaultConfigFileDirectory(), configFileName)
 }
+
+// GetConfigFilePathFromEnv returns the path associated with environment variable GOOGLE_API_CERTIFICATE_CONFIG
+func GetConfigFilePathFromEnv() (path string) {
+	return os.Getenv("GOOGLE_API_CERTIFICATE_CONFIG")
+}
diff --git a/vendor/github.com/hashicorp/vault/api/README.md b/vendor/github.com/hashicorp/vault/api/README.md
index 7230ce779fe..d21458c1144 100644
--- a/vendor/github.com/hashicorp/vault/api/README.md
+++ b/vendor/github.com/hashicorp/vault/api/README.md
@@ -4,6 +4,6 @@ Vault API
 This provides the `github.com/hashicorp/vault/api` package which contains code useful for interacting with a Vault server.
 
 For examples of how to use this module, see the [vault-examples](https://github.com/hashicorp/vault-examples) repo.
-For a step-by-step walkthrough on using these client libraries, see the [developer quickstart](https://www.vaultproject.io/docs/get-started/developer-qs).
+For a step-by-step walkthrough on using these client libraries, see the [developer quickstart](https://developer.hashicorp.com/vault/docs/get-started/developer-qs).
 
 [![GoDoc](https://godoc.org/github.com/hashicorp/vault/api?status.png)](https://godoc.org/github.com/hashicorp/vault/api)
\ No newline at end of file
diff --git a/vendor/github.com/hashicorp/vault/api/client.go b/vendor/github.com/hashicorp/vault/api/client.go
index d20477e1d9d..1ba9da48eae 100644
--- a/vendor/github.com/hashicorp/vault/api/client.go
+++ b/vendor/github.com/hashicorp/vault/api/client.go
@@ -185,6 +185,9 @@ type Config struct {
 	// CloneToken from parent.
 	CloneToken bool
 
+	// CloneTLSConfig from parent (tls.Config).
+	CloneTLSConfig bool
+
 	// ReadYourWrites ensures isolated read-after-write semantics by
 	// providing discovered cluster replication states in each request.
 	// The shared state is automatically propagated to all Client clones.
@@ -290,7 +293,14 @@ func (c *Config) configureTLS(t *TLSConfig) error {
 	if c.HttpClient == nil {
 		c.HttpClient = DefaultConfig().HttpClient
 	}
-	clientTLSConfig := c.HttpClient.Transport.(*http.Transport).TLSClientConfig
+
+	transport, ok := c.HttpClient.Transport.(*http.Transport)
+	if !ok {
+		return fmt.Errorf(
+			"unsupported HTTPClient transport type %T", c.HttpClient.Transport)
+	}
+
+	clientTLSConfig := transport.TLSClientConfig
 
 	var clientCert tls.Certificate
 	foundClientCert := false
@@ -535,7 +545,7 @@ func (c *Config) ParseAddress(address string) (*url.URL, error) {
 			// be pointing to the protocol used in the application layer and not to
 			// the transport layer. Hence, setting the fields accordingly.
 			u.Scheme = "http"
-			u.Host = socket
+			u.Host = "localhost"
 			u.Path = ""
 		} else {
 			return nil, fmt.Errorf("attempting to specify unix:// address with non-transport transport")
@@ -988,7 +998,9 @@ func (c *Client) Namespace() string {
 func (c *Client) WithNamespace(namespace string) *Client {
 	c2 := *c
 	c2.modifyLock = sync.RWMutex{}
-	c2.headers = c.Headers()
+	c.modifyLock.RLock()
+	c2.headers = c.headersInternal()
+	c.modifyLock.RUnlock()
 	if namespace == "" {
 		c2.ClearNamespace()
 	} else {
@@ -1025,7 +1037,12 @@ func (c *Client) ClearToken() {
 func (c *Client) Headers() http.Header {
 	c.modifyLock.RLock()
 	defer c.modifyLock.RUnlock()
+	return c.headersInternal()
+}
 
+// headersInternal gets the current set of headers used for requests. Must be called
+// with the read modifyLock held.
+func (c *Client) headersInternal() http.Header {
 	if c.headers == nil {
 		return nil
 	}
@@ -1143,6 +1160,26 @@ func (c *Client) ReadYourWrites() bool {
 	return c.config.ReadYourWrites
 }
 
+// SetCloneTLSConfig from parent.
+func (c *Client) SetCloneTLSConfig(clone bool) {
+	c.modifyLock.Lock()
+	defer c.modifyLock.Unlock()
+	c.config.modifyLock.Lock()
+	defer c.config.modifyLock.Unlock()
+
+	c.config.CloneTLSConfig = clone
+}
+
+// CloneTLSConfig gets the configured CloneTLSConfig value.
+func (c *Client) CloneTLSConfig() bool {
+	c.modifyLock.RLock()
+	defer c.modifyLock.RUnlock()
+	c.config.modifyLock.RLock()
+	defer c.config.modifyLock.RUnlock()
+
+	return c.config.CloneTLSConfig
+}
+
 // Clone creates a new client with the same configuration. Note that the same
 // underlying http.Client is used; modifying the client from more than one
 // goroutine at once may not be safe, so modify the client as needed and then
@@ -1153,24 +1190,28 @@ func (c *Client) ReadYourWrites() bool {
 // the api.Config struct, such as policy override and wrapping function
 // behavior, must currently then be set as desired on the new client.
 func (c *Client) Clone() (*Client, error) {
+	c.modifyLock.RLock()
+	defer c.modifyLock.RUnlock()
+	c.config.modifyLock.RLock()
+	defer c.config.modifyLock.RUnlock()
 	return c.clone(c.config.CloneHeaders)
 }
 
 // CloneWithHeaders creates a new client similar to Clone, with the difference
-// being that the  headers are always cloned
+// being that the headers are always cloned
 func (c *Client) CloneWithHeaders() (*Client, error) {
+	c.modifyLock.RLock()
+	defer c.modifyLock.RUnlock()
+	c.config.modifyLock.RLock()
+	defer c.config.modifyLock.RUnlock()
 	return c.clone(true)
 }
 
 // clone creates a new client, with the headers being cloned based on the
-// passed in cloneheaders boolean
+// passed in cloneheaders boolean.
+// Must be called with the read lock and config read lock held.
 func (c *Client) clone(cloneHeaders bool) (*Client, error) {
-	c.modifyLock.RLock()
-	defer c.modifyLock.RUnlock()
-
 	config := c.config
-	config.modifyLock.RLock()
-	defer config.modifyLock.RUnlock()
 
 	newConfig := &Config{
 		Address:        config.Address,
@@ -1189,13 +1230,18 @@ func (c *Client) clone(cloneHeaders bool) (*Client, error) {
 		CloneToken:     config.CloneToken,
 		ReadYourWrites: config.ReadYourWrites,
 	}
+
+	if config.CloneTLSConfig {
+		newConfig.clientTLSConfig = config.clientTLSConfig
+	}
+
 	client, err := NewClient(newConfig)
 	if err != nil {
 		return nil, err
 	}
 
 	if cloneHeaders {
-		client.SetHeaders(c.Headers().Clone())
+		client.SetHeaders(c.headersInternal().Clone())
 	}
 
 	if config.CloneToken {
@@ -1226,6 +1272,7 @@ func (c *Client) NewRequest(method, requestPath string) *Request {
 	mfaCreds := c.mfaCreds
 	wrappingLookupFunc := c.wrappingLookupFunc
 	policyOverride := c.policyOverride
+	headers := c.headersInternal()
 	c.modifyLock.RUnlock()
 
 	host := addr.Host
@@ -1270,7 +1317,7 @@ func (c *Client) NewRequest(method, requestPath string) *Request {
 		req.WrapTTL = DefaultWrappingLookupFunc(method, lookupPath)
 	}
 
-	req.Headers = c.Headers()
+	req.Headers = headers
 	req.PolicyOverride = policyOverride
 
 	return req
diff --git a/vendor/github.com/hashicorp/vault/api/kv.go b/vendor/github.com/hashicorp/vault/api/kv.go
index 20862fbfdf1..72039325469 100644
--- a/vendor/github.com/hashicorp/vault/api/kv.go
+++ b/vendor/github.com/hashicorp/vault/api/kv.go
@@ -38,7 +38,7 @@ type KVSecret struct {
 // by default when a server is started in -dev mode. See the kvv2 struct.
 //
 // Learn more about the KV secrets engine here:
-// https://www.vaultproject.io/docs/secrets/kv
+// https://developer.hashicorp.com/vault/docs/secrets/kv
 func (c *Client) KVv1(mountPath string) *KVv1 {
 	return &KVv1{c: c, mountPath: mountPath}
 }
@@ -53,7 +53,7 @@ func (c *Client) KVv1(mountPath string) *KVv1 {
 // as these are the default settings when a server is started in -dev mode.
 //
 // Learn more about the KV secrets engine here:
-// https://www.vaultproject.io/docs/secrets/kv
+// https://developer.hashicorp.com/vault/docs/secrets/kv
 func (c *Client) KVv2(mountPath string) *KVv2 {
 	return &KVv2{c: c, mountPath: mountPath}
 }
diff --git a/vendor/github.com/hashicorp/vault/api/plugin_helpers.go b/vendor/github.com/hashicorp/vault/api/plugin_helpers.go
index 507b72c4c20..a8d23252977 100644
--- a/vendor/github.com/hashicorp/vault/api/plugin_helpers.go
+++ b/vendor/github.com/hashicorp/vault/api/plugin_helpers.go
@@ -12,13 +12,23 @@ import (
 	"flag"
 	"net/url"
 	"os"
-	"regexp"
 
 	"github.com/go-jose/go-jose/v3/jwt"
 
 	"github.com/hashicorp/errwrap"
 )
 
+// This file contains helper code used when writing Vault auth method or secrets engine plugins.
+//
+// As such, it would be better located in the sdk module with the rest of the code which is only to support plugins,
+// rather than api, but is here for historical reasons. (The api module used to depend on the sdk module, this code
+// calls NewClient within the api package, so placing it in the sdk would have created a dependency cycle. This reason
+// is now historical, as the dependency between sdk and api has since been reversed in direction.)
+// Moving this code to the sdk would be appropriate if an api v2.0.0 release is ever planned.
+//
+// This helper code is used when a plugin is hosted by Vault 1.11 and earlier. Vault 1.12 and sdk v0.6.0 introduced
+// version 5 of the backend plugin interface, which uses go-plugin's AutoMTLS feature instead of this code.
+
 const (
 	// PluginAutoMTLSEnv is used to ensure AutoMTLS is used. This will override
 	// setting a TLSProviderFunc for a plugin.
@@ -33,50 +43,6 @@ const (
 	PluginUnwrapTokenEnv = "VAULT_UNWRAP_TOKEN"
 )
 
-// sudoPaths is a map containing the paths that require a token's policy
-// to have the "sudo" capability. The keys are the paths as strings, in
-// the same format as they are returned by the OpenAPI spec. The values
-// are the regular expressions that can be used to test whether a given
-// path matches that path or not (useful specifically for the paths that
-// contain templated fields.)
-var sudoPaths = map[string]*regexp.Regexp{
-	"/auth/token/accessors/":                        regexp.MustCompile(`^/auth/token/accessors/?$`),
-	"/pki/root":                                     regexp.MustCompile(`^/pki/root$`),
-	"/pki/root/sign-self-issued":                    regexp.MustCompile(`^/pki/root/sign-self-issued$`),
-	"/sys/audit":                                    regexp.MustCompile(`^/sys/audit$`),
-	"/sys/audit/{path}":                             regexp.MustCompile(`^/sys/audit/.+$`),
-	"/sys/auth/{path}":                              regexp.MustCompile(`^/sys/auth/.+$`),
-	"/sys/auth/{path}/tune":                         regexp.MustCompile(`^/sys/auth/.+/tune$`),
-	"/sys/config/auditing/request-headers":          regexp.MustCompile(`^/sys/config/auditing/request-headers$`),
-	"/sys/config/auditing/request-headers/{header}": regexp.MustCompile(`^/sys/config/auditing/request-headers/.+$`),
-	"/sys/config/cors":                              regexp.MustCompile(`^/sys/config/cors$`),
-	"/sys/config/ui/headers/":                       regexp.MustCompile(`^/sys/config/ui/headers/?$`),
-	"/sys/config/ui/headers/{header}":               regexp.MustCompile(`^/sys/config/ui/headers/.+$`),
-	"/sys/leases":                                   regexp.MustCompile(`^/sys/leases$`),
-	"/sys/leases/lookup/":                           regexp.MustCompile(`^/sys/leases/lookup/?$`),
-	"/sys/leases/lookup/{prefix}":                   regexp.MustCompile(`^/sys/leases/lookup/.+$`),
-	"/sys/leases/revoke-force/{prefix}":             regexp.MustCompile(`^/sys/leases/revoke-force/.+$`),
-	"/sys/leases/revoke-prefix/{prefix}":            regexp.MustCompile(`^/sys/leases/revoke-prefix/.+$`),
-	"/sys/plugins/catalog/{name}":                   regexp.MustCompile(`^/sys/plugins/catalog/[^/]+$`),
-	"/sys/plugins/catalog/{type}":                   regexp.MustCompile(`^/sys/plugins/catalog/[\w-]+$`),
-	"/sys/plugins/catalog/{type}/{name}":            regexp.MustCompile(`^/sys/plugins/catalog/[\w-]+/[^/]+$`),
-	"/sys/raw":                                      regexp.MustCompile(`^/sys/raw$`),
-	"/sys/raw/{path}":                               regexp.MustCompile(`^/sys/raw/.+$`),
-	"/sys/remount":                                  regexp.MustCompile(`^/sys/remount$`),
-	"/sys/revoke-force/{prefix}":                    regexp.MustCompile(`^/sys/revoke-force/.+$`),
-	"/sys/revoke-prefix/{prefix}":                   regexp.MustCompile(`^/sys/revoke-prefix/.+$`),
-	"/sys/rotate":                                   regexp.MustCompile(`^/sys/rotate$`),
-	"/sys/internal/inspect/router/{tag}":            regexp.MustCompile(`^/sys/internal/inspect/router/.+$`),
-
-	// enterprise-only paths
-	"/sys/replication/dr/primary/secondary-token":          regexp.MustCompile(`^/sys/replication/dr/primary/secondary-token$`),
-	"/sys/replication/performance/primary/secondary-token": regexp.MustCompile(`^/sys/replication/performance/primary/secondary-token$`),
-	"/sys/replication/primary/secondary-token":             regexp.MustCompile(`^/sys/replication/primary/secondary-token$`),
-	"/sys/replication/reindex":                             regexp.MustCompile(`^/sys/replication/reindex$`),
-	"/sys/storage/raft/snapshot-auto/config/":              regexp.MustCompile(`^/sys/storage/raft/snapshot-auto/config/?$`),
-	"/sys/storage/raft/snapshot-auto/config/{name}":        regexp.MustCompile(`^/sys/storage/raft/snapshot-auto/config/[^/]+$`),
-}
-
 // PluginAPIClientMeta is a helper that plugins can use to configure TLS connections
 // back to Vault.
 type PluginAPIClientMeta struct {
@@ -244,28 +210,3 @@ func VaultPluginTLSProviderContext(ctx context.Context, apiTLSConfig *TLSConfig)
 		return tlsConfig, nil
 	}
 }
-
-func SudoPaths() map[string]*regexp.Regexp {
-	return sudoPaths
-}
-
-// Determine whether the given path requires the sudo capability
-func IsSudoPath(path string) bool {
-	// Return early if the path is any of the non-templated sudo paths.
-	if _, ok := sudoPaths[path]; ok {
-		return true
-	}
-
-	// Some sudo paths have templated fields in them.
-	// (e.g. /sys/revoke-prefix/{prefix})
-	// The values in the sudoPaths map are actually regular expressions,
-	// so we can check if our path matches against them.
-	for _, sudoPathRegexp := range sudoPaths {
-		match := sudoPathRegexp.MatchString(path)
-		if match {
-			return true
-		}
-	}
-
-	return false
-}
diff --git a/vendor/github.com/hashicorp/vault/api/plugin_runtime_types.go b/vendor/github.com/hashicorp/vault/api/plugin_runtime_types.go
new file mode 100644
index 00000000000..d3acd0d002c
--- /dev/null
+++ b/vendor/github.com/hashicorp/vault/api/plugin_runtime_types.go
@@ -0,0 +1,41 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package api
+
+// NOTE: this file was copied from
+// https://github.com/hashicorp/vault/blob/main/sdk/helper/consts/plugin_runtime_types.go
+// Any changes made should be made to both files at the same time.
+
+import "fmt"
+
+var PluginRuntimeTypes = []PluginRuntimeType{
+	PluginRuntimeTypeUnsupported,
+	PluginRuntimeTypeContainer,
+}
+
+type PluginRuntimeType uint32
+
+// This is a list of PluginRuntimeTypes used by Vault.
+const (
+	PluginRuntimeTypeUnsupported PluginRuntimeType = iota
+	PluginRuntimeTypeContainer
+)
+
+func (r PluginRuntimeType) String() string {
+	switch r {
+	case PluginRuntimeTypeContainer:
+		return "container"
+	default:
+		return "unsupported"
+	}
+}
+
+func ParsePluginRuntimeType(PluginRuntimeType string) (PluginRuntimeType, error) {
+	switch PluginRuntimeType {
+	case "container":
+		return PluginRuntimeTypeContainer, nil
+	default:
+		return PluginRuntimeTypeUnsupported, fmt.Errorf("%q is not a supported plugin runtime type", PluginRuntimeType)
+	}
+}
diff --git a/vendor/github.com/hashicorp/vault/api/replication_status.go b/vendor/github.com/hashicorp/vault/api/replication_status.go
new file mode 100644
index 00000000000..1668daf19c1
--- /dev/null
+++ b/vendor/github.com/hashicorp/vault/api/replication_status.go
@@ -0,0 +1,130 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package api
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"net/http"
+
+	"github.com/mitchellh/mapstructure"
+)
+
+const (
+	apiRepPerformanceStatusPath = "/v1/sys/replication/performance/status"
+	apiRepDRStatusPath          = "/v1/sys/replication/dr/status"
+	apiRepStatusPath            = "/v1/sys/replication/status"
+)
+
+type ClusterInfo struct {
+	APIAddr          string `json:"api_address,omitempty" mapstructure:"api_address"`
+	ClusterAddress   string `json:"cluster_address,omitempty" mapstructure:"cluster_address"`
+	ConnectionStatus string `json:"connection_status,omitempty" mapstructure:"connection_status"`
+	LastHeartBeat    string `json:"last_heartbeat,omitempty" mapstructure:"last_heartbeat"`
+	NodeID           string `json:"node_id,omitempty" mapstructure:"node_id"`
+}
+
+type ReplicationStatusGenericResponse struct {
+	LastDRWAL             uint64 `json:"last_dr_wal,omitempty" mapstructure:"last_dr_wal"`
+	LastReindexEpoch      string `json:"last_reindex_epoch,omitempty" mapstructure:"last_reindex_epoch"`
+	ClusterID             string `json:"cluster_id,omitempty" mapstructure:"cluster_id"`
+	LastWAL               uint64 `json:"last_wal,omitempty" mapstructure:"last_wal"`
+	MerkleRoot            string `json:"merkle_root,omitempty" mapstructure:"merkle_root"`
+	Mode                  string `json:"mode,omitempty" mapstructure:"mode"`
+	PrimaryClusterAddr    string `json:"primary_cluster_addr,omitempty" mapstructure:"primary_cluster_addr"`
+	LastPerformanceWAL    uint64 `json:"last_performance_wal,omitempty" mapstructure:"last_performance_wal"`
+	State                 string `json:"state,omitempty" mapstructure:"state"`
+	LastRemoteWAL         uint64 `json:"last_remote_wal,omitempty" mapstructure:"last_remote_wal"`
+	SecondaryID           string `json:"secondary_id,omitempty" mapstructure:"secondary_id"`
+	SSCTGenerationCounter uint64 `json:"ssct_generation_counter,omitempty" mapstructure:"ssct_generation_counter"`
+
+	KnownSecondaries         []string      `json:"known_secondaries,omitempty" mapstructure:"known_secondaries"`
+	KnownPrimaryClusterAddrs []string      `json:"known_primary_cluster_addrs,omitempty" mapstructure:"known_primary_cluster_addrs"`
+	Primaries                []ClusterInfo `json:"primaries,omitempty" mapstructure:"primaries"`
+	Secondaries              []ClusterInfo `json:"secondaries,omitempty" mapstructure:"secondaries"`
+}
+
+type ReplicationStatusResponse struct {
+	DR          ReplicationStatusGenericResponse `json:"dr,omitempty" mapstructure:"dr"`
+	Performance ReplicationStatusGenericResponse `json:"performance,omitempty" mapstructure:"performance"`
+}
+
+func (c *Sys) ReplicationStatus() (*ReplicationStatusResponse, error) {
+	return c.ReplicationStatusWithContext(context.Background(), apiRepStatusPath)
+}
+
+func (c *Sys) ReplicationPerformanceStatusWithContext(ctx context.Context) (*ReplicationStatusGenericResponse, error) {
+	s, err := c.ReplicationStatusWithContext(ctx, apiRepPerformanceStatusPath)
+	if err != nil {
+		return nil, err
+	}
+
+	return &s.Performance, nil
+}
+
+func (c *Sys) ReplicationDRStatusWithContext(ctx context.Context) (*ReplicationStatusGenericResponse, error) {
+	s, err := c.ReplicationStatusWithContext(ctx, apiRepDRStatusPath)
+	if err != nil {
+		return nil, err
+	}
+
+	return &s.DR, nil
+}
+
+func (c *Sys) ReplicationStatusWithContext(ctx context.Context, path string) (*ReplicationStatusResponse, error) {
+	// default to replication/status
+	if path == "" {
+		path = apiRepStatusPath
+	}
+
+	ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
+	defer cancelFunc()
+
+	r := c.c.NewRequest(http.MethodGet, path)
+
+	resp, err := c.c.rawRequestWithContext(ctx, r)
+	if err != nil {
+		return nil, err
+	}
+	defer func() { _ = resp.Body.Close() }()
+
+	// First decode response into a map[string]interface{}
+	data := make(map[string]interface{})
+	dec := json.NewDecoder(resp.Body)
+	dec.UseNumber()
+	if err := dec.Decode(&data); err != nil {
+		return nil, err
+	}
+
+	rawData, ok := data["data"]
+	if !ok {
+		return nil, fmt.Errorf("empty data in replication status response")
+	}
+
+	s := &ReplicationStatusResponse{}
+	g := &ReplicationStatusGenericResponse{}
+	switch {
+	case path == apiRepPerformanceStatusPath:
+		err = mapstructure.Decode(rawData, g)
+		if err != nil {
+			return nil, err
+		}
+		s.Performance = *g
+	case path == apiRepDRStatusPath:
+		err = mapstructure.Decode(rawData, g)
+		if err != nil {
+			return nil, err
+		}
+		s.DR = *g
+	default:
+		err = mapstructure.Decode(rawData, s)
+		if err != nil {
+			return nil, err
+		}
+		return s, err
+	}
+
+	return s, err
+}
diff --git a/vendor/github.com/hashicorp/vault/api/sudo_paths.go b/vendor/github.com/hashicorp/vault/api/sudo_paths.go
new file mode 100644
index 00000000000..24beb4bb1f2
--- /dev/null
+++ b/vendor/github.com/hashicorp/vault/api/sudo_paths.go
@@ -0,0 +1,87 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package api
+
+import (
+	"regexp"
+)
+
+// sudoPaths is a map containing the paths that require a token's policy
+// to have the "sudo" capability. The keys are the paths as strings, in
+// the same format as they are returned by the OpenAPI spec. The values
+// are the regular expressions that can be used to test whether a given
+// path matches that path or not (useful specifically for the paths that
+// contain templated fields.)
+var sudoPaths = map[string]*regexp.Regexp{
+	"/auth/token/accessors":                         regexp.MustCompile(`^/auth/token/accessors/?$`),
+	"/auth/token/revoke-orphan":                     regexp.MustCompile(`^/auth/token/revoke-orphan$`),
+	"/pki/root":                                     regexp.MustCompile(`^/pki/root$`),
+	"/pki/root/sign-self-issued":                    regexp.MustCompile(`^/pki/root/sign-self-issued$`),
+	"/sys/audit":                                    regexp.MustCompile(`^/sys/audit$`),
+	"/sys/audit/{path}":                             regexp.MustCompile(`^/sys/audit/.+$`),
+	"/sys/auth/{path}":                              regexp.MustCompile(`^/sys/auth/.+$`),
+	"/sys/auth/{path}/tune":                         regexp.MustCompile(`^/sys/auth/.+/tune$`),
+	"/sys/config/auditing/request-headers":          regexp.MustCompile(`^/sys/config/auditing/request-headers$`),
+	"/sys/config/auditing/request-headers/{header}": regexp.MustCompile(`^/sys/config/auditing/request-headers/.+$`),
+	"/sys/config/cors":                              regexp.MustCompile(`^/sys/config/cors$`),
+	"/sys/config/ui/headers":                        regexp.MustCompile(`^/sys/config/ui/headers/?$`),
+	"/sys/config/ui/headers/{header}":               regexp.MustCompile(`^/sys/config/ui/headers/.+$`),
+	"/sys/internal/inspect/router/{tag}":            regexp.MustCompile(`^/sys/internal/inspect/router/.+$`),
+	"/sys/leases":                                   regexp.MustCompile(`^/sys/leases$`),
+	// This entry is a bit wrong... sys/leases/lookup does NOT require sudo. But sys/leases/lookup/ with a trailing
+	// slash DOES require sudo. But the part of the Vault CLI that uses this logic doesn't pass operation-appropriate
+	// trailing slashes, it always strips them off, so we end up giving the wrong answer for one of these.
+	"/sys/leases/lookup/{prefix}":                 regexp.MustCompile(`^/sys/leases/lookup(?:/.+)?$`),
+	"/sys/leases/revoke-force/{prefix}":           regexp.MustCompile(`^/sys/leases/revoke-force/.+$`),
+	"/sys/leases/revoke-prefix/{prefix}":          regexp.MustCompile(`^/sys/leases/revoke-prefix/.+$`),
+	"/sys/plugins/catalog/{name}":                 regexp.MustCompile(`^/sys/plugins/catalog/[^/]+$`),
+	"/sys/plugins/catalog/{type}":                 regexp.MustCompile(`^/sys/plugins/catalog/[\w-]+$`),
+	"/sys/plugins/catalog/{type}/{name}":          regexp.MustCompile(`^/sys/plugins/catalog/[\w-]+/[^/]+$`),
+	"/sys/plugins/runtimes/catalog":               regexp.MustCompile(`^/sys/plugins/runtimes/catalog/?$`),
+	"/sys/plugins/runtimes/catalog/{type}/{name}": regexp.MustCompile(`^/sys/plugins/runtimes/catalog/[\w-]+/[^/]+$`),
+	"/sys/raw/{path}":                             regexp.MustCompile(`^/sys/raw(?:/.+)?$`),
+	"/sys/remount":                                regexp.MustCompile(`^/sys/remount$`),
+	"/sys/revoke-force/{prefix}":                  regexp.MustCompile(`^/sys/revoke-force/.+$`),
+	"/sys/revoke-prefix/{prefix}":                 regexp.MustCompile(`^/sys/revoke-prefix/.+$`),
+	"/sys/rotate":                                 regexp.MustCompile(`^/sys/rotate$`),
+	"/sys/seal":                                   regexp.MustCompile(`^/sys/seal$`),
+	"/sys/step-down":                              regexp.MustCompile(`^/sys/step-down$`),
+
+	// enterprise-only paths
+	"/sys/replication/dr/primary/secondary-token":          regexp.MustCompile(`^/sys/replication/dr/primary/secondary-token$`),
+	"/sys/replication/performance/primary/secondary-token": regexp.MustCompile(`^/sys/replication/performance/primary/secondary-token$`),
+	"/sys/replication/primary/secondary-token":             regexp.MustCompile(`^/sys/replication/primary/secondary-token$`),
+	"/sys/replication/reindex":                             regexp.MustCompile(`^/sys/replication/reindex$`),
+	"/sys/storage/raft/snapshot-auto/config":               regexp.MustCompile(`^/sys/storage/raft/snapshot-auto/config/?$`),
+	"/sys/storage/raft/snapshot-auto/config/{name}":        regexp.MustCompile(`^/sys/storage/raft/snapshot-auto/config/[^/]+$`),
+}
+
+func SudoPaths() map[string]*regexp.Regexp {
+	return sudoPaths
+}
+
+// Determine whether the given path requires the sudo capability.
+// Note that this uses hardcoded static path information, so will return incorrect results for paths in namespaces,
+// or for secret engines mounted at non-default paths.
+// Expects to receive a path with an initial slash, but no trailing slashes, as the Vault CLI (the only known and
+// expected user of this function) sanitizes its paths that way.
+func IsSudoPath(path string) bool {
+	// Return early if the path is any of the non-templated sudo paths.
+	if _, ok := sudoPaths[path]; ok {
+		return true
+	}
+
+	// Some sudo paths have templated fields in them.
+	// (e.g. /sys/revoke-prefix/{prefix})
+	// The values in the sudoPaths map are actually regular expressions,
+	// so we can check if our path matches against them.
+	for _, sudoPathRegexp := range sudoPaths {
+		match := sudoPathRegexp.MatchString(path)
+		if match {
+			return true
+		}
+	}
+
+	return false
+}
diff --git a/vendor/github.com/hashicorp/vault/api/sys_plugins.go b/vendor/github.com/hashicorp/vault/api/sys_plugins.go
index 2ee024d9def..68320d2d8a2 100644
--- a/vendor/github.com/hashicorp/vault/api/sys_plugins.go
+++ b/vendor/github.com/hashicorp/vault/api/sys_plugins.go
@@ -144,6 +144,7 @@ type GetPluginResponse struct {
 	Args              []string `json:"args"`
 	Builtin           bool     `json:"builtin"`
 	Command           string   `json:"command"`
+	OCIImage          string   `json:"oci_image"`
 	Name              string   `json:"name"`
 	SHA256            string   `json:"sha256"`
 	DeprecationStatus string   `json:"deprecation_status,omitempty"`
@@ -201,6 +202,13 @@ type RegisterPluginInput struct {
 
 	// Version is the optional version of the plugin being registered
 	Version string `json:"version,omitempty"`
+
+	// OCIImage specifies the container image to run as a plugin.
+	OCIImage string `json:"oci_image,omitempty"`
+
+	// Env specifies a list of key=value pairs to add to the plugin's environment
+	// variables.
+	Env []string `json:"env,omitempty"`
 }
 
 // RegisterPlugin wraps RegisterPluginWithContext using context.Background.
diff --git a/vendor/github.com/hashicorp/vault/api/sys_plugins_runtimes.go b/vendor/github.com/hashicorp/vault/api/sys_plugins_runtimes.go
new file mode 100644
index 00000000000..c3380a85d1b
--- /dev/null
+++ b/vendor/github.com/hashicorp/vault/api/sys_plugins_runtimes.go
@@ -0,0 +1,189 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package api
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+
+	"github.com/mitchellh/mapstructure"
+)
+
+// GetPluginRuntimeInput is used as input to the GetPluginRuntime function.
+type GetPluginRuntimeInput struct {
+	Name string `json:"-"`
+
+	// Type of the plugin runtime. Required.
+	Type PluginRuntimeType `json:"type"`
+}
+
+// GetPluginRuntimeResponse is the response from the GetPluginRuntime call.
+type GetPluginRuntimeResponse struct {
+	Type         string `json:"type"`
+	Name         string `json:"name"`
+	OCIRuntime   string `json:"oci_runtime"`
+	CgroupParent string `json:"cgroup_parent"`
+	CPU          int64  `json:"cpu_nanos"`
+	Memory       int64  `json:"memory_bytes"`
+}
+
+// GetPluginRuntime retrieves information about the plugin.
+func (c *Sys) GetPluginRuntime(ctx context.Context, i *GetPluginRuntimeInput) (*GetPluginRuntimeResponse, error) {
+	ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
+	defer cancelFunc()
+
+	path := pluginRuntimeCatalogPathByType(i.Type, i.Name)
+	req := c.c.NewRequest(http.MethodGet, path)
+
+	resp, err := c.c.rawRequestWithContext(ctx, req)
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	var result struct {
+		Data *GetPluginRuntimeResponse
+	}
+	err = resp.DecodeJSON(&result)
+	if err != nil {
+		return nil, err
+	}
+	return result.Data, err
+}
+
+// RegisterPluginRuntimeInput is used as input to the RegisterPluginRuntime function.
+type RegisterPluginRuntimeInput struct {
+	// Name is the name of the plugin. Required.
+	Name string `json:"-"`
+
+	// Type of the plugin. Required.
+	Type PluginRuntimeType `json:"type"`
+
+	OCIRuntime   string `json:"oci_runtime,omitempty"`
+	CgroupParent string `json:"cgroup_parent,omitempty"`
+	CPU          int64  `json:"cpu,omitempty"`
+	Memory       int64  `json:"memory,omitempty"`
+}
+
+// RegisterPluginRuntime registers the plugin with the given information.
+func (c *Sys) RegisterPluginRuntime(ctx context.Context, i *RegisterPluginRuntimeInput) error {
+	ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
+	defer cancelFunc()
+
+	path := pluginRuntimeCatalogPathByType(i.Type, i.Name)
+	req := c.c.NewRequest(http.MethodPut, path)
+
+	if err := req.SetJSONBody(i); err != nil {
+		return err
+	}
+
+	resp, err := c.c.rawRequestWithContext(ctx, req)
+	if err == nil {
+		defer resp.Body.Close()
+	}
+	return err
+}
+
+// DeregisterPluginRuntimeInput is used as input to the DeregisterPluginRuntime function.
+type DeregisterPluginRuntimeInput struct {
+	// Name is the name of the plugin runtime. Required.
+	Name string `json:"-"`
+
+	// Type of the plugin. Required.
+	Type PluginRuntimeType `json:"type"`
+}
+
+// DeregisterPluginRuntime removes the plugin with the given name from the plugin
+// catalog.
+func (c *Sys) DeregisterPluginRuntime(ctx context.Context, i *DeregisterPluginRuntimeInput) error {
+	ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
+	defer cancelFunc()
+
+	path := pluginRuntimeCatalogPathByType(i.Type, i.Name)
+	req := c.c.NewRequest(http.MethodDelete, path)
+	resp, err := c.c.rawRequestWithContext(ctx, req)
+	if err == nil {
+		defer resp.Body.Close()
+	}
+	return err
+}
+
+type PluginRuntimeDetails struct {
+	Type         string `json:"type" mapstructure:"type"`
+	Name         string `json:"name" mapstructure:"name"`
+	OCIRuntime   string `json:"oci_runtime" mapstructure:"oci_runtime"`
+	CgroupParent string `json:"cgroup_parent" mapstructure:"cgroup_parent"`
+	CPU          int64  `json:"cpu_nanos" mapstructure:"cpu_nanos"`
+	Memory       int64  `json:"memory_bytes" mapstructure:"memory_bytes"`
+}
+
+// ListPluginRuntimesInput is used as input to the ListPluginRuntimes function.
+type ListPluginRuntimesInput struct {
+	// Type of the plugin. Required.
+	Type PluginRuntimeType `json:"type"`
+}
+
+// ListPluginRuntimesResponse is the response from the ListPluginRuntimes call.
+type ListPluginRuntimesResponse struct {
+	// RuntimesByType is the list of plugin runtimes by type.
+	Runtimes []PluginRuntimeDetails `json:"runtimes"`
+}
+
+// ListPluginRuntimes lists all plugin runtimes in the catalog and returns their names as a
+// list of strings.
+func (c *Sys) ListPluginRuntimes(ctx context.Context, input *ListPluginRuntimesInput) (*ListPluginRuntimesResponse, error) {
+	ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
+	defer cancelFunc()
+
+	if input != nil && input.Type == PluginRuntimeTypeUnsupported {
+		return nil, fmt.Errorf("%q is not a supported runtime type", input.Type.String())
+	}
+
+	resp, err := c.c.rawRequestWithContext(ctx, c.c.NewRequest(http.MethodGet, "/v1/sys/plugins/runtimes/catalog"))
+	if err != nil && resp == nil {
+		return nil, err
+	}
+	if resp == nil {
+		return nil, nil
+	}
+	defer resp.Body.Close()
+
+	secret, err := ParseSecret(resp.Body)
+	if err != nil {
+		return nil, err
+	}
+	if secret == nil || secret.Data == nil {
+		return nil, errors.New("data from server response is empty")
+	}
+	if _, ok := secret.Data["runtimes"]; !ok {
+		return nil, fmt.Errorf("data from server response does not contain runtimes")
+	}
+
+	var runtimes []PluginRuntimeDetails
+	if err = mapstructure.Decode(secret.Data["runtimes"], &runtimes); err != nil {
+		return nil, err
+	}
+
+	// return all runtimes in the catalog
+	if input == nil {
+		return &ListPluginRuntimesResponse{Runtimes: runtimes}, nil
+	}
+
+	result := &ListPluginRuntimesResponse{
+		Runtimes: []PluginRuntimeDetails{},
+	}
+	for _, runtime := range runtimes {
+		if runtime.Type == input.Type.String() {
+			result.Runtimes = append(result.Runtimes, runtime)
+		}
+	}
+	return result, nil
+}
+
+// pluginRuntimeCatalogPathByType is a helper to construct the proper API path by plugin type
+func pluginRuntimeCatalogPathByType(runtimeType PluginRuntimeType, name string) string {
+	return fmt.Sprintf("/v1/sys/plugins/runtimes/catalog/%s/%s", runtimeType, name)
+}
diff --git a/vendor/github.com/hashicorp/vault/api/sys_raft.go b/vendor/github.com/hashicorp/vault/api/sys_raft.go
index 29bfed0f561..4b9487c61d5 100644
--- a/vendor/github.com/hashicorp/vault/api/sys_raft.go
+++ b/vendor/github.com/hashicorp/vault/api/sys_raft.go
@@ -276,11 +276,19 @@ func (c *Sys) RaftAutopilotState() (*AutopilotState, error) {
 	return c.RaftAutopilotStateWithContext(context.Background())
 }
 
+// RaftAutopilotStateWithToken wraps RaftAutopilotStateWithContext using the given token.
+func (c *Sys) RaftAutopilotStateWithDRToken(drToken string) (*AutopilotState, error) {
+	return c.RaftAutopilotStateWithContext(context.WithValue(context.Background(), "dr-token", drToken))
+}
+
 // RaftAutopilotStateWithContext returns the state of the raft cluster as seen by autopilot.
 func (c *Sys) RaftAutopilotStateWithContext(ctx context.Context) (*AutopilotState, error) {
 	ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
 	defer cancelFunc()
 
+	if ctx.Value("dr-token") != nil {
+		c.c.SetToken(ctx.Value("dr-token").(string))
+	}
 	r := c.c.NewRequest(http.MethodGet, "/v1/sys/storage/raft/autopilot/state")
 
 	resp, err := c.c.rawRequestWithContext(ctx, r)
@@ -316,11 +324,20 @@ func (c *Sys) RaftAutopilotConfiguration() (*AutopilotConfig, error) {
 	return c.RaftAutopilotConfigurationWithContext(context.Background())
 }
 
+// RaftAutopilotConfigurationWithDRToken wraps RaftAutopilotConfigurationWithContext using the given token.
+func (c *Sys) RaftAutopilotConfigurationWithDRToken(drToken string) (*AutopilotConfig, error) {
+	return c.RaftAutopilotConfigurationWithContext(context.WithValue(context.Background(), "dr-token", drToken))
+}
+
 // RaftAutopilotConfigurationWithContext fetches the autopilot config.
 func (c *Sys) RaftAutopilotConfigurationWithContext(ctx context.Context) (*AutopilotConfig, error) {
 	ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
 	defer cancelFunc()
 
+	if ctx.Value("dr-token") != nil {
+		c.c.SetToken(ctx.Value("dr-token").(string))
+	}
+
 	r := c.c.NewRequest(http.MethodGet, "/v1/sys/storage/raft/autopilot/configuration")
 
 	resp, err := c.c.rawRequestWithContext(ctx, r)
diff --git a/vendor/github.com/sigstore/sigstore/pkg/signature/kms/hashivault/client.go b/vendor/github.com/sigstore/sigstore/pkg/signature/kms/hashivault/client.go
index 8024147cff7..b085f7d3087 100644
--- a/vendor/github.com/sigstore/sigstore/pkg/signature/kms/hashivault/client.go
+++ b/vendor/github.com/sigstore/sigstore/pkg/signature/kms/hashivault/client.go
@@ -246,6 +246,9 @@ func (h *hashivaultClient) public() (crypto.PublicKey, error) {
 			return nil
 		},
 	)
+	if lerr != nil {
+		return nil, lerr
+	}
 
 	item := h.keyCache.Get(cacheKey, ttlcache.WithLoader[string, crypto.PublicKey](loader))
 	return item.Value(), lerr
diff --git a/vendor/golang.org/x/oauth2/clientcredentials/clientcredentials.go b/vendor/golang.org/x/oauth2/clientcredentials/clientcredentials.go
index 7a0b9ed1029..2459d069f73 100644
--- a/vendor/golang.org/x/oauth2/clientcredentials/clientcredentials.go
+++ b/vendor/golang.org/x/oauth2/clientcredentials/clientcredentials.go
@@ -47,6 +47,10 @@ type Config struct {
 	// client ID & client secret sent. The zero value means to
 	// auto-detect.
 	AuthStyle oauth2.AuthStyle
+
+	// authStyleCache caches which auth style to use when Endpoint.AuthStyle is
+	// the zero value (AuthStyleAutoDetect).
+	authStyleCache internal.LazyAuthStyleCache
 }
 
 // Token uses client credentials to retrieve a token.
@@ -103,7 +107,7 @@ func (c *tokenSource) Token() (*oauth2.Token, error) {
 		v[k] = p
 	}
 
-	tk, err := internal.RetrieveToken(c.ctx, c.conf.ClientID, c.conf.ClientSecret, c.conf.TokenURL, v, internal.AuthStyle(c.conf.AuthStyle))
+	tk, err := internal.RetrieveToken(c.ctx, c.conf.ClientID, c.conf.ClientSecret, c.conf.TokenURL, v, internal.AuthStyle(c.conf.AuthStyle), c.conf.authStyleCache.Get())
 	if err != nil {
 		if rErr, ok := err.(*internal.RetrieveError); ok {
 			return nil, (*oauth2.RetrieveError)(rErr)
diff --git a/vendor/golang.org/x/oauth2/deviceauth.go b/vendor/golang.org/x/oauth2/deviceauth.go
new file mode 100644
index 00000000000..e99c92f39c7
--- /dev/null
+++ b/vendor/golang.org/x/oauth2/deviceauth.go
@@ -0,0 +1,198 @@
+package oauth2
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+
+	"golang.org/x/oauth2/internal"
+)
+
+// https://datatracker.ietf.org/doc/html/rfc8628#section-3.5
+const (
+	errAuthorizationPending = "authorization_pending"
+	errSlowDown             = "slow_down"
+	errAccessDenied         = "access_denied"
+	errExpiredToken         = "expired_token"
+)
+
+// DeviceAuthResponse describes a successful RFC 8628 Device Authorization Response
+// https://datatracker.ietf.org/doc/html/rfc8628#section-3.2
+type DeviceAuthResponse struct {
+	// DeviceCode
+	DeviceCode string `json:"device_code"`
+	// UserCode is the code the user should enter at the verification uri
+	UserCode string `json:"user_code"`
+	// VerificationURI is where user should enter the user code
+	VerificationURI string `json:"verification_uri"`
+	// VerificationURIComplete (if populated) includes the user code in the verification URI. This is typically shown to the user in non-textual form, such as a QR code.
+	VerificationURIComplete string `json:"verification_uri_complete,omitempty"`
+	// Expiry is when the device code and user code expire
+	Expiry time.Time `json:"expires_in,omitempty"`
+	// Interval is the duration in seconds that Poll should wait between requests
+	Interval int64 `json:"interval,omitempty"`
+}
+
+func (d DeviceAuthResponse) MarshalJSON() ([]byte, error) {
+	type Alias DeviceAuthResponse
+	var expiresIn int64
+	if !d.Expiry.IsZero() {
+		expiresIn = int64(time.Until(d.Expiry).Seconds())
+	}
+	return json.Marshal(&struct {
+		ExpiresIn int64 `json:"expires_in,omitempty"`
+		*Alias
+	}{
+		ExpiresIn: expiresIn,
+		Alias:     (*Alias)(&d),
+	})
+
+}
+
+func (c *DeviceAuthResponse) UnmarshalJSON(data []byte) error {
+	type Alias DeviceAuthResponse
+	aux := &struct {
+		ExpiresIn int64 `json:"expires_in"`
+		// workaround misspelling of verification_uri
+		VerificationURL string `json:"verification_url"`
+		*Alias
+	}{
+		Alias: (*Alias)(c),
+	}
+	if err := json.Unmarshal(data, &aux); err != nil {
+		return err
+	}
+	if aux.ExpiresIn != 0 {
+		c.Expiry = time.Now().UTC().Add(time.Second * time.Duration(aux.ExpiresIn))
+	}
+	if c.VerificationURI == "" {
+		c.VerificationURI = aux.VerificationURL
+	}
+	return nil
+}
+
+// DeviceAuth returns a device auth struct which contains a device code
+// and authorization information provided for users to enter on another device.
+func (c *Config) DeviceAuth(ctx context.Context, opts ...AuthCodeOption) (*DeviceAuthResponse, error) {
+	// https://datatracker.ietf.org/doc/html/rfc8628#section-3.1
+	v := url.Values{
+		"client_id": {c.ClientID},
+	}
+	if len(c.Scopes) > 0 {
+		v.Set("scope", strings.Join(c.Scopes, " "))
+	}
+	for _, opt := range opts {
+		opt.setValue(v)
+	}
+	return retrieveDeviceAuth(ctx, c, v)
+}
+
+func retrieveDeviceAuth(ctx context.Context, c *Config, v url.Values) (*DeviceAuthResponse, error) {
+	if c.Endpoint.DeviceAuthURL == "" {
+		return nil, errors.New("endpoint missing DeviceAuthURL")
+	}
+
+	req, err := http.NewRequest("POST", c.Endpoint.DeviceAuthURL, strings.NewReader(v.Encode()))
+	if err != nil {
+		return nil, err
+	}
+	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+	req.Header.Set("Accept", "application/json")
+
+	t := time.Now()
+	r, err := internal.ContextClient(ctx).Do(req)
+	if err != nil {
+		return nil, err
+	}
+
+	body, err := io.ReadAll(io.LimitReader(r.Body, 1<<20))
+	if err != nil {
+		return nil, fmt.Errorf("oauth2: cannot auth device: %v", err)
+	}
+	if code := r.StatusCode; code < 200 || code > 299 {
+		return nil, &RetrieveError{
+			Response: r,
+			Body:     body,
+		}
+	}
+
+	da := &DeviceAuthResponse{}
+	err = json.Unmarshal(body, &da)
+	if err != nil {
+		return nil, fmt.Errorf("unmarshal %s", err)
+	}
+
+	if !da.Expiry.IsZero() {
+		// Make a small adjustment to account for time taken by the request
+		da.Expiry = da.Expiry.Add(-time.Since(t))
+	}
+
+	return da, nil
+}
+
+// DeviceAccessToken polls the server to exchange a device code for a token.
+func (c *Config) DeviceAccessToken(ctx context.Context, da *DeviceAuthResponse, opts ...AuthCodeOption) (*Token, error) {
+	if !da.Expiry.IsZero() {
+		var cancel context.CancelFunc
+		ctx, cancel = context.WithDeadline(ctx, da.Expiry)
+		defer cancel()
+	}
+
+	// https://datatracker.ietf.org/doc/html/rfc8628#section-3.4
+	v := url.Values{
+		"client_id":   {c.ClientID},
+		"grant_type":  {"urn:ietf:params:oauth:grant-type:device_code"},
+		"device_code": {da.DeviceCode},
+	}
+	if len(c.Scopes) > 0 {
+		v.Set("scope", strings.Join(c.Scopes, " "))
+	}
+	for _, opt := range opts {
+		opt.setValue(v)
+	}
+
+	// "If no value is provided, clients MUST use 5 as the default."
+	// https://datatracker.ietf.org/doc/html/rfc8628#section-3.2
+	interval := da.Interval
+	if interval == 0 {
+		interval = 5
+	}
+
+	ticker := time.NewTicker(time.Duration(interval) * time.Second)
+	defer ticker.Stop()
+	for {
+		select {
+		case <-ctx.Done():
+			return nil, ctx.Err()
+		case <-ticker.C:
+			tok, err := retrieveToken(ctx, c, v)
+			if err == nil {
+				return tok, nil
+			}
+
+			e, ok := err.(*RetrieveError)
+			if !ok {
+				return nil, err
+			}
+			switch e.ErrorCode {
+			case errSlowDown:
+				// https://datatracker.ietf.org/doc/html/rfc8628#section-3.5
+				// "the interval MUST be increased by 5 seconds for this and all subsequent requests"
+				interval += 5
+				ticker.Reset(time.Duration(interval) * time.Second)
+			case errAuthorizationPending:
+				// Do nothing.
+			case errAccessDenied, errExpiredToken:
+				fallthrough
+			default:
+				return tok, err
+			}
+		}
+	}
+}
diff --git a/vendor/golang.org/x/oauth2/google/default.go b/vendor/golang.org/x/oauth2/google/default.go
index 2cf71f0f93f..12b12a30c55 100644
--- a/vendor/golang.org/x/oauth2/google/default.go
+++ b/vendor/golang.org/x/oauth2/google/default.go
@@ -19,7 +19,10 @@ import (
 	"golang.org/x/oauth2/authhandler"
 )
 
-const adcSetupURL = "https://cloud.google.com/docs/authentication/external/set-up-adc"
+const (
+	adcSetupURL           = "https://cloud.google.com/docs/authentication/external/set-up-adc"
+	universeDomainDefault = "googleapis.com"
+)
 
 // Credentials holds Google credentials, including "Application Default Credentials".
 // For more details, see:
@@ -37,6 +40,18 @@ type Credentials struct {
 	// environment and not with a credentials file, e.g. when code is
 	// running on Google Cloud Platform.
 	JSON []byte
+
+	// universeDomain is the default service domain for a given Cloud universe.
+	universeDomain string
+}
+
+// UniverseDomain returns the default service domain for a given Cloud universe.
+// The default value is "googleapis.com".
+func (c *Credentials) UniverseDomain() string {
+	if c.universeDomain == "" {
+		return universeDomainDefault
+	}
+	return c.universeDomain
 }
 
 // DefaultCredentials is the old name of Credentials.
@@ -200,15 +215,23 @@ func CredentialsFromJSONWithParams(ctx context.Context, jsonData []byte, params
 	if err := json.Unmarshal(jsonData, &f); err != nil {
 		return nil, err
 	}
+
+	universeDomain := f.UniverseDomain
+	// Authorized user credentials are only supported in the googleapis.com universe.
+	if f.Type == userCredentialsKey {
+		universeDomain = universeDomainDefault
+	}
+
 	ts, err := f.tokenSource(ctx, params)
 	if err != nil {
 		return nil, err
 	}
 	ts = newErrWrappingTokenSource(ts)
 	return &Credentials{
-		ProjectID:   f.ProjectID,
-		TokenSource: ts,
-		JSON:        jsonData,
+		ProjectID:      f.ProjectID,
+		TokenSource:    ts,
+		JSON:           jsonData,
+		universeDomain: universeDomain,
 	}, nil
 }
 
diff --git a/vendor/golang.org/x/oauth2/google/google.go b/vendor/golang.org/x/oauth2/google/google.go
index cc1223889e2..c66c53527db 100644
--- a/vendor/golang.org/x/oauth2/google/google.go
+++ b/vendor/golang.org/x/oauth2/google/google.go
@@ -16,14 +16,16 @@ import (
 	"cloud.google.com/go/compute/metadata"
 	"golang.org/x/oauth2"
 	"golang.org/x/oauth2/google/internal/externalaccount"
+	"golang.org/x/oauth2/google/internal/externalaccountauthorizeduser"
 	"golang.org/x/oauth2/jwt"
 )
 
 // Endpoint is Google's OAuth 2.0 default endpoint.
 var Endpoint = oauth2.Endpoint{
-	AuthURL:   "https://accounts.google.com/o/oauth2/auth",
-	TokenURL:  "https://oauth2.googleapis.com/token",
-	AuthStyle: oauth2.AuthStyleInParams,
+	AuthURL:       "https://accounts.google.com/o/oauth2/auth",
+	TokenURL:      "https://oauth2.googleapis.com/token",
+	DeviceAuthURL: "https://oauth2.googleapis.com/device/code",
+	AuthStyle:     oauth2.AuthStyleInParams,
 }
 
 // MTLSTokenURL is Google's OAuth 2.0 default mTLS endpoint.
@@ -95,10 +97,11 @@ func JWTConfigFromJSON(jsonKey []byte, scope ...string) (*jwt.Config, error) {
 
 // JSON key file types.
 const (
-	serviceAccountKey          = "service_account"
-	userCredentialsKey         = "authorized_user"
-	externalAccountKey         = "external_account"
-	impersonatedServiceAccount = "impersonated_service_account"
+	serviceAccountKey                = "service_account"
+	userCredentialsKey               = "authorized_user"
+	externalAccountKey               = "external_account"
+	externalAccountAuthorizedUserKey = "external_account_authorized_user"
+	impersonatedServiceAccount       = "impersonated_service_account"
 )
 
 // credentialsFile is the unmarshalled representation of a credentials file.
@@ -106,12 +109,13 @@ type credentialsFile struct {
 	Type string `json:"type"`
 
 	// Service Account fields
-	ClientEmail  string `json:"client_email"`
-	PrivateKeyID string `json:"private_key_id"`
-	PrivateKey   string `json:"private_key"`
-	AuthURL      string `json:"auth_uri"`
-	TokenURL     string `json:"token_uri"`
-	ProjectID    string `json:"project_id"`
+	ClientEmail    string `json:"client_email"`
+	PrivateKeyID   string `json:"private_key_id"`
+	PrivateKey     string `json:"private_key"`
+	AuthURL        string `json:"auth_uri"`
+	TokenURL       string `json:"token_uri"`
+	ProjectID      string `json:"project_id"`
+	UniverseDomain string `json:"universe_domain"`
 
 	// User Credential fields
 	// (These typically come from gcloud auth.)
@@ -131,6 +135,9 @@ type credentialsFile struct {
 	QuotaProjectID                 string                           `json:"quota_project_id"`
 	WorkforcePoolUserProject       string                           `json:"workforce_pool_user_project"`
 
+	// External Account Authorized User fields
+	RevokeURL string `json:"revoke_url"`
+
 	// Service account impersonation
 	SourceCredentials *credentialsFile `json:"source_credentials"`
 }
@@ -199,6 +206,19 @@ func (f *credentialsFile) tokenSource(ctx context.Context, params CredentialsPar
 			WorkforcePoolUserProject: f.WorkforcePoolUserProject,
 		}
 		return cfg.TokenSource(ctx)
+	case externalAccountAuthorizedUserKey:
+		cfg := &externalaccountauthorizeduser.Config{
+			Audience:       f.Audience,
+			RefreshToken:   f.RefreshToken,
+			TokenURL:       f.TokenURLExternal,
+			TokenInfoURL:   f.TokenInfoURL,
+			ClientID:       f.ClientID,
+			ClientSecret:   f.ClientSecret,
+			RevokeURL:      f.RevokeURL,
+			QuotaProjectID: f.QuotaProjectID,
+			Scopes:         params.Scopes,
+		}
+		return cfg.TokenSource(ctx)
 	case impersonatedServiceAccount:
 		if f.ServiceAccountImpersonationURL == "" || f.SourceCredentials == nil {
 			return nil, errors.New("missing 'source_credentials' field or 'service_account_impersonation_url' in credentials")
diff --git a/vendor/golang.org/x/oauth2/google/internal/externalaccount/aws.go b/vendor/golang.org/x/oauth2/google/internal/externalaccount/aws.go
index 2bf3202b290..bd4efd19baa 100644
--- a/vendor/golang.org/x/oauth2/google/internal/externalaccount/aws.go
+++ b/vendor/golang.org/x/oauth2/google/internal/externalaccount/aws.go
@@ -274,49 +274,6 @@ type awsRequest struct {
 	Headers []awsRequestHeader `json:"headers"`
 }
 
-func (cs awsCredentialSource) validateMetadataServers() error {
-	if err := cs.validateMetadataServer(cs.RegionURL, "region_url"); err != nil {
-		return err
-	}
-	if err := cs.validateMetadataServer(cs.CredVerificationURL, "url"); err != nil {
-		return err
-	}
-	return cs.validateMetadataServer(cs.IMDSv2SessionTokenURL, "imdsv2_session_token_url")
-}
-
-var validHostnames []string = []string{"169.254.169.254", "fd00:ec2::254"}
-
-func (cs awsCredentialSource) isValidMetadataServer(metadataUrl string) bool {
-	if metadataUrl == "" {
-		// Zero value means use default, which is valid.
-		return true
-	}
-
-	u, err := url.Parse(metadataUrl)
-	if err != nil {
-		// Unparseable URL means invalid
-		return false
-	}
-
-	for _, validHostname := range validHostnames {
-		if u.Hostname() == validHostname {
-			// If it's one of the valid hostnames, everything is good
-			return true
-		}
-	}
-
-	// hostname not found in our allowlist, so not valid
-	return false
-}
-
-func (cs awsCredentialSource) validateMetadataServer(metadataUrl, urlName string) error {
-	if !cs.isValidMetadataServer(metadataUrl) {
-		return fmt.Errorf("oauth2/google: invalid hostname %s for %s", metadataUrl, urlName)
-	}
-
-	return nil
-}
-
 func (cs awsCredentialSource) doRequest(req *http.Request) (*http.Response, error) {
 	if cs.client == nil {
 		cs.client = oauth2.NewClient(cs.ctx, nil)
@@ -339,6 +296,10 @@ func shouldUseMetadataServer() bool {
 	return !canRetrieveRegionFromEnvironment() || !canRetrieveSecurityCredentialFromEnvironment()
 }
 
+func (cs awsCredentialSource) credentialSourceType() string {
+	return "aws"
+}
+
 func (cs awsCredentialSource) subjectToken() (string, error) {
 	if cs.requestSigner == nil {
 		headers := make(map[string]string)
diff --git a/vendor/golang.org/x/oauth2/google/internal/externalaccount/basecredentials.go b/vendor/golang.org/x/oauth2/google/internal/externalaccount/basecredentials.go
index dcd252a61cc..33288d36773 100644
--- a/vendor/golang.org/x/oauth2/google/internal/externalaccount/basecredentials.go
+++ b/vendor/golang.org/x/oauth2/google/internal/externalaccount/basecredentials.go
@@ -8,13 +8,12 @@ import (
 	"context"
 	"fmt"
 	"net/http"
-	"net/url"
 	"regexp"
 	"strconv"
-	"strings"
 	"time"
 
 	"golang.org/x/oauth2"
+	"golang.org/x/oauth2/google/internal/stsexchange"
 )
 
 // now aliases time.Now for testing
@@ -63,31 +62,10 @@ type Config struct {
 	WorkforcePoolUserProject string
 }
 
-// Each element consists of a list of patterns.  validateURLs checks for matches
-// that include all elements in a given list, in that order.
-
 var (
 	validWorkforceAudiencePattern *regexp.Regexp = regexp.MustCompile(`//iam\.googleapis\.com/locations/[^/]+/workforcePools/`)
 )
 
-func validateURL(input string, patterns []*regexp.Regexp, scheme string) bool {
-	parsed, err := url.Parse(input)
-	if err != nil {
-		return false
-	}
-	if !strings.EqualFold(parsed.Scheme, scheme) {
-		return false
-	}
-	toTest := parsed.Host
-
-	for _, pattern := range patterns {
-		if pattern.MatchString(toTest) {
-			return true
-		}
-	}
-	return false
-}
-
 func validateWorkforceAudience(input string) bool {
 	return validWorkforceAudiencePattern.MatchString(input)
 }
@@ -185,10 +163,6 @@ func (c *Config) parse(ctx context.Context) (baseCredentialSource, error) {
 				awsCredSource.IMDSv2SessionTokenURL = c.CredentialSource.IMDSv2SessionTokenURL
 			}
 
-			if err := awsCredSource.validateMetadataServers(); err != nil {
-				return nil, err
-			}
-
 			return awsCredSource, nil
 		}
 	} else if c.CredentialSource.File != "" {
@@ -202,6 +176,7 @@ func (c *Config) parse(ctx context.Context) (baseCredentialSource, error) {
 }
 
 type baseCredentialSource interface {
+	credentialSourceType() string
 	subjectToken() (string, error)
 }
 
@@ -211,6 +186,15 @@ type tokenSource struct {
 	conf *Config
 }
 
+func getMetricsHeaderValue(conf *Config, credSource baseCredentialSource) string {
+	return fmt.Sprintf("gl-go/%s auth/%s google-byoid-sdk source/%s sa-impersonation/%t config-lifetime/%t",
+		goVersion(),
+		"unknown",
+		credSource.credentialSourceType(),
+		conf.ServiceAccountImpersonationURL != "",
+		conf.ServiceAccountImpersonationLifetimeSeconds != 0)
+}
+
 // Token allows tokenSource to conform to the oauth2.TokenSource interface.
 func (ts tokenSource) Token() (*oauth2.Token, error) {
 	conf := ts.conf
@@ -224,7 +208,7 @@ func (ts tokenSource) Token() (*oauth2.Token, error) {
 	if err != nil {
 		return nil, err
 	}
-	stsRequest := stsTokenExchangeRequest{
+	stsRequest := stsexchange.TokenExchangeRequest{
 		GrantType:          "urn:ietf:params:oauth:grant-type:token-exchange",
 		Audience:           conf.Audience,
 		Scope:              conf.Scopes,
@@ -234,7 +218,8 @@ func (ts tokenSource) Token() (*oauth2.Token, error) {
 	}
 	header := make(http.Header)
 	header.Add("Content-Type", "application/x-www-form-urlencoded")
-	clientAuth := clientAuthentication{
+	header.Add("x-goog-api-client", getMetricsHeaderValue(conf, credSource))
+	clientAuth := stsexchange.ClientAuthentication{
 		AuthStyle:    oauth2.AuthStyleInHeader,
 		ClientID:     conf.ClientID,
 		ClientSecret: conf.ClientSecret,
@@ -247,7 +232,7 @@ func (ts tokenSource) Token() (*oauth2.Token, error) {
 			"userProject": conf.WorkforcePoolUserProject,
 		}
 	}
-	stsResp, err := exchangeToken(ts.ctx, conf.TokenURL, &stsRequest, clientAuth, header, options)
+	stsResp, err := stsexchange.ExchangeToken(ts.ctx, conf.TokenURL, &stsRequest, clientAuth, header, options)
 	if err != nil {
 		return nil, err
 	}
diff --git a/vendor/golang.org/x/oauth2/google/internal/externalaccount/executablecredsource.go b/vendor/golang.org/x/oauth2/google/internal/externalaccount/executablecredsource.go
index 579bcce5f28..6497dc022ef 100644
--- a/vendor/golang.org/x/oauth2/google/internal/externalaccount/executablecredsource.go
+++ b/vendor/golang.org/x/oauth2/google/internal/externalaccount/executablecredsource.go
@@ -233,6 +233,10 @@ func (cs executableCredentialSource) parseSubjectTokenFromSource(response []byte
 	return "", tokenTypeError(source)
 }
 
+func (cs executableCredentialSource) credentialSourceType() string {
+	return "executable"
+}
+
 func (cs executableCredentialSource) subjectToken() (string, error) {
 	if token, err := cs.getTokenFromOutputFile(); token != "" || err != nil {
 		return token, err
diff --git a/vendor/golang.org/x/oauth2/google/internal/externalaccount/filecredsource.go b/vendor/golang.org/x/oauth2/google/internal/externalaccount/filecredsource.go
index e953ddb473a..f35f73c5cb2 100644
--- a/vendor/golang.org/x/oauth2/google/internal/externalaccount/filecredsource.go
+++ b/vendor/golang.org/x/oauth2/google/internal/externalaccount/filecredsource.go
@@ -19,6 +19,10 @@ type fileCredentialSource struct {
 	Format format
 }
 
+func (cs fileCredentialSource) credentialSourceType() string {
+	return "file"
+}
+
 func (cs fileCredentialSource) subjectToken() (string, error) {
 	tokenFile, err := os.Open(cs.File)
 	if err != nil {
diff --git a/vendor/golang.org/x/oauth2/google/internal/externalaccount/header.go b/vendor/golang.org/x/oauth2/google/internal/externalaccount/header.go
new file mode 100644
index 00000000000..1d5aad2e2d9
--- /dev/null
+++ b/vendor/golang.org/x/oauth2/google/internal/externalaccount/header.go
@@ -0,0 +1,64 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package externalaccount
+
+import (
+	"runtime"
+	"strings"
+	"unicode"
+)
+
+var (
+	// version is a package internal global variable for testing purposes.
+	version = runtime.Version
+)
+
+// versionUnknown is only used when the runtime version cannot be determined.
+const versionUnknown = "UNKNOWN"
+
+// goVersion returns a Go runtime version derived from the runtime environment
+// that is modified to be suitable for reporting in a header, meaning it has no
+// whitespace. If it is unable to determine the Go runtime version, it returns
+// versionUnknown.
+func goVersion() string {
+	const develPrefix = "devel +"
+
+	s := version()
+	if strings.HasPrefix(s, develPrefix) {
+		s = s[len(develPrefix):]
+		if p := strings.IndexFunc(s, unicode.IsSpace); p >= 0 {
+			s = s[:p]
+		}
+		return s
+	} else if p := strings.IndexFunc(s, unicode.IsSpace); p >= 0 {
+		s = s[:p]
+	}
+
+	notSemverRune := func(r rune) bool {
+		return !strings.ContainsRune("0123456789.", r)
+	}
+
+	if strings.HasPrefix(s, "go1") {
+		s = s[2:]
+		var prerelease string
+		if p := strings.IndexFunc(s, notSemverRune); p >= 0 {
+			s, prerelease = s[:p], s[p:]
+		}
+		if strings.HasSuffix(s, ".") {
+			s += "0"
+		} else if strings.Count(s, ".") < 2 {
+			s += ".0"
+		}
+		if prerelease != "" {
+			// Some release candidates already have a dash in them.
+			if !strings.HasPrefix(prerelease, "-") {
+				prerelease = "-" + prerelease
+			}
+			s += prerelease
+		}
+		return s
+	}
+	return "UNKNOWN"
+}
diff --git a/vendor/golang.org/x/oauth2/google/internal/externalaccount/urlcredsource.go b/vendor/golang.org/x/oauth2/google/internal/externalaccount/urlcredsource.go
index 16dca6541d9..606bb4e8001 100644
--- a/vendor/golang.org/x/oauth2/google/internal/externalaccount/urlcredsource.go
+++ b/vendor/golang.org/x/oauth2/google/internal/externalaccount/urlcredsource.go
@@ -23,6 +23,10 @@ type urlCredentialSource struct {
 	ctx     context.Context
 }
 
+func (cs urlCredentialSource) credentialSourceType() string {
+	return "url"
+}
+
 func (cs urlCredentialSource) subjectToken() (string, error) {
 	client := oauth2.NewClient(cs.ctx, nil)
 	req, err := http.NewRequest("GET", cs.URL, nil)
diff --git a/vendor/golang.org/x/oauth2/google/internal/externalaccountauthorizeduser/externalaccountauthorizeduser.go b/vendor/golang.org/x/oauth2/google/internal/externalaccountauthorizeduser/externalaccountauthorizeduser.go
new file mode 100644
index 00000000000..cb582070746
--- /dev/null
+++ b/vendor/golang.org/x/oauth2/google/internal/externalaccountauthorizeduser/externalaccountauthorizeduser.go
@@ -0,0 +1,114 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package externalaccountauthorizeduser
+
+import (
+	"context"
+	"errors"
+	"time"
+
+	"golang.org/x/oauth2"
+	"golang.org/x/oauth2/google/internal/stsexchange"
+)
+
+// now aliases time.Now for testing.
+var now = func() time.Time {
+	return time.Now().UTC()
+}
+
+var tokenValid = func(token oauth2.Token) bool {
+	return token.Valid()
+}
+
+type Config struct {
+	// Audience is the Secure Token Service (STS) audience which contains the resource name for the workforce pool and
+	// the provider identifier in that pool.
+	Audience string
+	// RefreshToken is the optional OAuth 2.0 refresh token. If specified, credentials can be refreshed.
+	RefreshToken string
+	// TokenURL is the optional STS token exchange endpoint for refresh. Must be specified for refresh, can be left as
+	// None if the token can not be refreshed.
+	TokenURL string
+	// TokenInfoURL is the optional STS endpoint URL for token introspection.
+	TokenInfoURL string
+	// ClientID is only required in conjunction with ClientSecret, as described above.
+	ClientID string
+	// ClientSecret is currently only required if token_info endpoint also needs to be called with the generated GCP
+	// access token. When provided, STS will be called with additional basic authentication using client_id as username
+	// and client_secret as password.
+	ClientSecret string
+	// Token is the OAuth2.0 access token. Can be nil if refresh information is provided.
+	Token string
+	// Expiry is the optional expiration datetime of the OAuth 2.0 access token.
+	Expiry time.Time
+	// RevokeURL is the optional STS endpoint URL for revoking tokens.
+	RevokeURL string
+	// QuotaProjectID is the optional project ID used for quota and billing. This project may be different from the
+	// project used to create the credentials.
+	QuotaProjectID string
+	Scopes         []string
+}
+
+func (c *Config) canRefresh() bool {
+	return c.ClientID != "" && c.ClientSecret != "" && c.RefreshToken != "" && c.TokenURL != ""
+}
+
+func (c *Config) TokenSource(ctx context.Context) (oauth2.TokenSource, error) {
+	var token oauth2.Token
+	if c.Token != "" && !c.Expiry.IsZero() {
+		token = oauth2.Token{
+			AccessToken: c.Token,
+			Expiry:      c.Expiry,
+			TokenType:   "Bearer",
+		}
+	}
+	if !tokenValid(token) && !c.canRefresh() {
+		return nil, errors.New("oauth2/google: Token should be created with fields to make it valid (`token` and `expiry`), or fields to allow it to refresh (`refresh_token`, `token_url`, `client_id`, `client_secret`).")
+	}
+
+	ts := tokenSource{
+		ctx:  ctx,
+		conf: c,
+	}
+
+	return oauth2.ReuseTokenSource(&token, ts), nil
+}
+
+type tokenSource struct {
+	ctx  context.Context
+	conf *Config
+}
+
+func (ts tokenSource) Token() (*oauth2.Token, error) {
+	conf := ts.conf
+	if !conf.canRefresh() {
+		return nil, errors.New("oauth2/google: The credentials do not contain the necessary fields need to refresh the access token. You must specify refresh_token, token_url, client_id, and client_secret.")
+	}
+
+	clientAuth := stsexchange.ClientAuthentication{
+		AuthStyle:    oauth2.AuthStyleInHeader,
+		ClientID:     conf.ClientID,
+		ClientSecret: conf.ClientSecret,
+	}
+
+	stsResponse, err := stsexchange.RefreshAccessToken(ts.ctx, conf.TokenURL, conf.RefreshToken, clientAuth, nil)
+	if err != nil {
+		return nil, err
+	}
+	if stsResponse.ExpiresIn < 0 {
+		return nil, errors.New("oauth2/google: got invalid expiry from security token service")
+	}
+
+	if stsResponse.RefreshToken != "" {
+		conf.RefreshToken = stsResponse.RefreshToken
+	}
+
+	token := &oauth2.Token{
+		AccessToken: stsResponse.AccessToken,
+		Expiry:      now().Add(time.Duration(stsResponse.ExpiresIn) * time.Second),
+		TokenType:   "Bearer",
+	}
+	return token, nil
+}
diff --git a/vendor/golang.org/x/oauth2/google/internal/externalaccount/clientauth.go b/vendor/golang.org/x/oauth2/google/internal/stsexchange/clientauth.go
similarity index 88%
rename from vendor/golang.org/x/oauth2/google/internal/externalaccount/clientauth.go
rename to vendor/golang.org/x/oauth2/google/internal/stsexchange/clientauth.go
index 99987ce2945..ebd520eace5 100644
--- a/vendor/golang.org/x/oauth2/google/internal/externalaccount/clientauth.go
+++ b/vendor/golang.org/x/oauth2/google/internal/stsexchange/clientauth.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-package externalaccount
+package stsexchange
 
 import (
 	"encoding/base64"
@@ -12,8 +12,8 @@ import (
 	"golang.org/x/oauth2"
 )
 
-// clientAuthentication represents an OAuth client ID and secret and the mechanism for passing these credentials as stated in rfc6749#2.3.1.
-type clientAuthentication struct {
+// ClientAuthentication represents an OAuth client ID and secret and the mechanism for passing these credentials as stated in rfc6749#2.3.1.
+type ClientAuthentication struct {
 	// AuthStyle can be either basic or request-body
 	AuthStyle    oauth2.AuthStyle
 	ClientID     string
@@ -23,7 +23,7 @@ type clientAuthentication struct {
 // InjectAuthentication is used to add authentication to a Secure Token Service exchange
 // request.  It modifies either the passed url.Values or http.Header depending on the desired
 // authentication format.
-func (c *clientAuthentication) InjectAuthentication(values url.Values, headers http.Header) {
+func (c *ClientAuthentication) InjectAuthentication(values url.Values, headers http.Header) {
 	if c.ClientID == "" || c.ClientSecret == "" || values == nil || headers == nil {
 		return
 	}
diff --git a/vendor/golang.org/x/oauth2/google/internal/externalaccount/sts_exchange.go b/vendor/golang.org/x/oauth2/google/internal/stsexchange/sts_exchange.go
similarity index 68%
rename from vendor/golang.org/x/oauth2/google/internal/externalaccount/sts_exchange.go
rename to vendor/golang.org/x/oauth2/google/internal/stsexchange/sts_exchange.go
index e6fcae5fcbf..1a0bebd1595 100644
--- a/vendor/golang.org/x/oauth2/google/internal/externalaccount/sts_exchange.go
+++ b/vendor/golang.org/x/oauth2/google/internal/stsexchange/sts_exchange.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-package externalaccount
+package stsexchange
 
 import (
 	"context"
@@ -18,14 +18,17 @@ import (
 	"golang.org/x/oauth2"
 )
 
-// exchangeToken performs an oauth2 token exchange with the provided endpoint.
+func defaultHeader() http.Header {
+	header := make(http.Header)
+	header.Add("Content-Type", "application/x-www-form-urlencoded")
+	return header
+}
+
+// ExchangeToken performs an oauth2 token exchange with the provided endpoint.
 // The first 4 fields are all mandatory.  headers can be used to pass additional
 // headers beyond the bare minimum required by the token exchange.  options can
 // be used to pass additional JSON-structured options to the remote server.
-func exchangeToken(ctx context.Context, endpoint string, request *stsTokenExchangeRequest, authentication clientAuthentication, headers http.Header, options map[string]interface{}) (*stsTokenExchangeResponse, error) {
-
-	client := oauth2.NewClient(ctx, nil)
-
+func ExchangeToken(ctx context.Context, endpoint string, request *TokenExchangeRequest, authentication ClientAuthentication, headers http.Header, options map[string]interface{}) (*Response, error) {
 	data := url.Values{}
 	data.Set("audience", request.Audience)
 	data.Set("grant_type", "urn:ietf:params:oauth:grant-type:token-exchange")
@@ -41,13 +44,28 @@ func exchangeToken(ctx context.Context, endpoint string, request *stsTokenExchan
 		data.Set("options", string(opts))
 	}
 
+	return makeRequest(ctx, endpoint, data, authentication, headers)
+}
+
+func RefreshAccessToken(ctx context.Context, endpoint string, refreshToken string, authentication ClientAuthentication, headers http.Header) (*Response, error) {
+	data := url.Values{}
+	data.Set("grant_type", "refresh_token")
+	data.Set("refresh_token", refreshToken)
+
+	return makeRequest(ctx, endpoint, data, authentication, headers)
+}
+
+func makeRequest(ctx context.Context, endpoint string, data url.Values, authentication ClientAuthentication, headers http.Header) (*Response, error) {
+	if headers == nil {
+		headers = defaultHeader()
+	}
+	client := oauth2.NewClient(ctx, nil)
 	authentication.InjectAuthentication(data, headers)
 	encodedData := data.Encode()
 
 	req, err := http.NewRequest("POST", endpoint, strings.NewReader(encodedData))
 	if err != nil {
 		return nil, fmt.Errorf("oauth2/google: failed to properly build http request: %v", err)
-
 	}
 	req = req.WithContext(ctx)
 	for key, list := range headers {
@@ -71,7 +89,7 @@ func exchangeToken(ctx context.Context, endpoint string, request *stsTokenExchan
 	if c := resp.StatusCode; c < 200 || c > 299 {
 		return nil, fmt.Errorf("oauth2/google: status code %d: %s", c, body)
 	}
-	var stsResp stsTokenExchangeResponse
+	var stsResp Response
 	err = json.Unmarshal(body, &stsResp)
 	if err != nil {
 		return nil, fmt.Errorf("oauth2/google: failed to unmarshal response body from Secure Token Server: %v", err)
@@ -81,8 +99,8 @@ func exchangeToken(ctx context.Context, endpoint string, request *stsTokenExchan
 	return &stsResp, nil
 }
 
-// stsTokenExchangeRequest contains fields necessary to make an oauth2 token exchange.
-type stsTokenExchangeRequest struct {
+// TokenExchangeRequest contains fields necessary to make an oauth2 token exchange.
+type TokenExchangeRequest struct {
 	ActingParty struct {
 		ActorToken     string
 		ActorTokenType string
@@ -96,8 +114,8 @@ type stsTokenExchangeRequest struct {
 	SubjectTokenType   string
 }
 
-// stsTokenExchangeResponse is used to decode the remote server response during an oauth2 token exchange.
-type stsTokenExchangeResponse struct {
+// Response is used to decode the remote server response during an oauth2 token exchange.
+type Response struct {
 	AccessToken     string `json:"access_token"`
 	IssuedTokenType string `json:"issued_token_type"`
 	TokenType       string `json:"token_type"`
diff --git a/vendor/golang.org/x/oauth2/internal/token.go b/vendor/golang.org/x/oauth2/internal/token.go
index 58901bda53e..e83ddeef0fc 100644
--- a/vendor/golang.org/x/oauth2/internal/token.go
+++ b/vendor/golang.org/x/oauth2/internal/token.go
@@ -18,6 +18,7 @@ import (
 	"strconv"
 	"strings"
 	"sync"
+	"sync/atomic"
 	"time"
 )
 
@@ -115,41 +116,60 @@ const (
 	AuthStyleInHeader AuthStyle = 2
 )
 
-// authStyleCache is the set of tokenURLs we've successfully used via
+// LazyAuthStyleCache is a backwards compatibility compromise to let Configs
+// have a lazily-initialized AuthStyleCache.
+//
+// The two users of this, oauth2.Config and oauth2/clientcredentials.Config,
+// both would ideally just embed an unexported AuthStyleCache but because both
+// were historically allowed to be copied by value we can't retroactively add an
+// uncopyable Mutex to them.
+//
+// We could use an atomic.Pointer, but that was added recently enough (in Go
+// 1.18) that we'd break Go 1.17 users where the tests as of 2023-08-03
+// still pass. By using an atomic.Value, it supports both Go 1.17 and
+// copying by value, even if that's not ideal.
+type LazyAuthStyleCache struct {
+	v atomic.Value // of *AuthStyleCache
+}
+
+func (lc *LazyAuthStyleCache) Get() *AuthStyleCache {
+	if c, ok := lc.v.Load().(*AuthStyleCache); ok {
+		return c
+	}
+	c := new(AuthStyleCache)
+	if !lc.v.CompareAndSwap(nil, c) {
+		c = lc.v.Load().(*AuthStyleCache)
+	}
+	return c
+}
+
+// AuthStyleCache is the set of tokenURLs we've successfully used via
 // RetrieveToken and which style auth we ended up using.
 // It's called a cache, but it doesn't (yet?) shrink. It's expected that
 // the set of OAuth2 servers a program contacts over time is fixed and
 // small.
-var authStyleCache struct {
-	sync.Mutex
-	m map[string]AuthStyle // keyed by tokenURL
-}
-
-// ResetAuthCache resets the global authentication style cache used
-// for AuthStyleUnknown token requests.
-func ResetAuthCache() {
-	authStyleCache.Lock()
-	defer authStyleCache.Unlock()
-	authStyleCache.m = nil
+type AuthStyleCache struct {
+	mu sync.Mutex
+	m  map[string]AuthStyle // keyed by tokenURL
 }
 
 // lookupAuthStyle reports which auth style we last used with tokenURL
 // when calling RetrieveToken and whether we have ever done so.
-func lookupAuthStyle(tokenURL string) (style AuthStyle, ok bool) {
-	authStyleCache.Lock()
-	defer authStyleCache.Unlock()
-	style, ok = authStyleCache.m[tokenURL]
+func (c *AuthStyleCache) lookupAuthStyle(tokenURL string) (style AuthStyle, ok bool) {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+	style, ok = c.m[tokenURL]
 	return
 }
 
 // setAuthStyle adds an entry to authStyleCache, documented above.
-func setAuthStyle(tokenURL string, v AuthStyle) {
-	authStyleCache.Lock()
-	defer authStyleCache.Unlock()
-	if authStyleCache.m == nil {
-		authStyleCache.m = make(map[string]AuthStyle)
+func (c *AuthStyleCache) setAuthStyle(tokenURL string, v AuthStyle) {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+	if c.m == nil {
+		c.m = make(map[string]AuthStyle)
 	}
-	authStyleCache.m[tokenURL] = v
+	c.m[tokenURL] = v
 }
 
 // newTokenRequest returns a new *http.Request to retrieve a new token
@@ -189,10 +209,10 @@ func cloneURLValues(v url.Values) url.Values {
 	return v2
 }
 
-func RetrieveToken(ctx context.Context, clientID, clientSecret, tokenURL string, v url.Values, authStyle AuthStyle) (*Token, error) {
+func RetrieveToken(ctx context.Context, clientID, clientSecret, tokenURL string, v url.Values, authStyle AuthStyle, styleCache *AuthStyleCache) (*Token, error) {
 	needsAuthStyleProbe := authStyle == 0
 	if needsAuthStyleProbe {
-		if style, ok := lookupAuthStyle(tokenURL); ok {
+		if style, ok := styleCache.lookupAuthStyle(tokenURL); ok {
 			authStyle = style
 			needsAuthStyleProbe = false
 		} else {
@@ -222,7 +242,7 @@ func RetrieveToken(ctx context.Context, clientID, clientSecret, tokenURL string,
 		token, err = doTokenRoundTrip(ctx, req)
 	}
 	if needsAuthStyleProbe && err == nil {
-		setAuthStyle(tokenURL, authStyle)
+		styleCache.setAuthStyle(tokenURL, authStyle)
 	}
 	// Don't overwrite `RefreshToken` with an empty value
 	// if this was a token refreshing request.
diff --git a/vendor/golang.org/x/oauth2/oauth2.go b/vendor/golang.org/x/oauth2/oauth2.go
index 9085fabe34e..90a2c3d6dcb 100644
--- a/vendor/golang.org/x/oauth2/oauth2.go
+++ b/vendor/golang.org/x/oauth2/oauth2.go
@@ -58,6 +58,10 @@ type Config struct {
 
 	// Scope specifies optional requested permissions.
 	Scopes []string
+
+	// authStyleCache caches which auth style to use when Endpoint.AuthStyle is
+	// the zero value (AuthStyleAutoDetect).
+	authStyleCache internal.LazyAuthStyleCache
 }
 
 // A TokenSource is anything that can return a token.
@@ -71,8 +75,9 @@ type TokenSource interface {
 // Endpoint represents an OAuth 2.0 provider's authorization and token
 // endpoint URLs.
 type Endpoint struct {
-	AuthURL  string
-	TokenURL string
+	AuthURL       string
+	DeviceAuthURL string
+	TokenURL      string
 
 	// AuthStyle optionally specifies how the endpoint wants the
 	// client ID & client secret sent. The zero value means to
@@ -139,15 +144,19 @@ func SetAuthURLParam(key, value string) AuthCodeOption {
 // AuthCodeURL returns a URL to OAuth 2.0 provider's consent page
 // that asks for permissions for the required scopes explicitly.
 //
-// State is a token to protect the user from CSRF attacks. You must
-// always provide a non-empty string and validate that it matches the
-// state query parameter on your redirect callback.
-// See http://tools.ietf.org/html/rfc6749#section-10.12 for more info.
+// State is an opaque value used by the client to maintain state between the
+// request and callback. The authorization server includes this value when
+// redirecting the user agent back to the client.
 //
 // Opts may include AccessTypeOnline or AccessTypeOffline, as well
 // as ApprovalForce.
-// It can also be used to pass the PKCE challenge.
-// See https://www.oauth.com/oauth2-servers/pkce/ for more info.
+//
+// To protect against CSRF attacks, opts should include a PKCE challenge
+// (S256ChallengeOption). Not all servers support PKCE. An alternative is to
+// generate a random state parameter and verify it after exchange.
+// See https://datatracker.ietf.org/doc/html/rfc6749#section-10.12 (predating
+// PKCE), https://www.oauth.com/oauth2-servers/pkce/ and
+// https://www.ietf.org/archive/id/draft-ietf-oauth-v2-1-09.html#name-cross-site-request-forgery (describing both approaches)
 func (c *Config) AuthCodeURL(state string, opts ...AuthCodeOption) string {
 	var buf bytes.Buffer
 	buf.WriteString(c.Endpoint.AuthURL)
@@ -162,7 +171,6 @@ func (c *Config) AuthCodeURL(state string, opts ...AuthCodeOption) string {
 		v.Set("scope", strings.Join(c.Scopes, " "))
 	}
 	if state != "" {
-		// TODO(light): Docs say never to omit state; don't allow empty.
 		v.Set("state", state)
 	}
 	for _, opt := range opts {
@@ -207,10 +215,11 @@ func (c *Config) PasswordCredentialsToken(ctx context.Context, username, passwor
 // The provided context optionally controls which HTTP client is used. See the HTTPClient variable.
 //
 // The code will be in the *http.Request.FormValue("code"). Before
-// calling Exchange, be sure to validate FormValue("state").
+// calling Exchange, be sure to validate FormValue("state") if you are
+// using it to protect against CSRF attacks.
 //
-// Opts may include the PKCE verifier code if previously used in AuthCodeURL.
-// See https://www.oauth.com/oauth2-servers/pkce/ for more info.
+// If using PKCE to protect against CSRF attacks, opts should include a
+// VerifierOption.
 func (c *Config) Exchange(ctx context.Context, code string, opts ...AuthCodeOption) (*Token, error) {
 	v := url.Values{
 		"grant_type": {"authorization_code"},
diff --git a/vendor/golang.org/x/oauth2/pkce.go b/vendor/golang.org/x/oauth2/pkce.go
new file mode 100644
index 00000000000..50593b6dfec
--- /dev/null
+++ b/vendor/golang.org/x/oauth2/pkce.go
@@ -0,0 +1,68 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+package oauth2
+
+import (
+	"crypto/rand"
+	"crypto/sha256"
+	"encoding/base64"
+	"net/url"
+)
+
+const (
+	codeChallengeKey       = "code_challenge"
+	codeChallengeMethodKey = "code_challenge_method"
+	codeVerifierKey        = "code_verifier"
+)
+
+// GenerateVerifier generates a PKCE code verifier with 32 octets of randomness.
+// This follows recommendations in RFC 7636.
+//
+// A fresh verifier should be generated for each authorization.
+// S256ChallengeOption(verifier) should then be passed to Config.AuthCodeURL
+// (or Config.DeviceAccess) and VerifierOption(verifier) to Config.Exchange
+// (or Config.DeviceAccessToken).
+func GenerateVerifier() string {
+	// "RECOMMENDED that the output of a suitable random number generator be
+	// used to create a 32-octet sequence.  The octet sequence is then
+	// base64url-encoded to produce a 43-octet URL-safe string to use as the
+	// code verifier."
+	// https://datatracker.ietf.org/doc/html/rfc7636#section-4.1
+	data := make([]byte, 32)
+	if _, err := rand.Read(data); err != nil {
+		panic(err)
+	}
+	return base64.RawURLEncoding.EncodeToString(data)
+}
+
+// VerifierOption returns a PKCE code verifier AuthCodeOption. It should be
+// passed to Config.Exchange or Config.DeviceAccessToken only.
+func VerifierOption(verifier string) AuthCodeOption {
+	return setParam{k: codeVerifierKey, v: verifier}
+}
+
+// S256ChallengeFromVerifier returns a PKCE code challenge derived from verifier with method S256.
+//
+// Prefer to use S256ChallengeOption where possible.
+func S256ChallengeFromVerifier(verifier string) string {
+	sha := sha256.Sum256([]byte(verifier))
+	return base64.RawURLEncoding.EncodeToString(sha[:])
+}
+
+// S256ChallengeOption derives a PKCE code challenge derived from verifier with
+// method S256. It should be passed to Config.AuthCodeURL or Config.DeviceAccess
+// only.
+func S256ChallengeOption(verifier string) AuthCodeOption {
+	return challengeOption{
+		challenge_method: "S256",
+		challenge:        S256ChallengeFromVerifier(verifier),
+	}
+}
+
+type challengeOption struct{ challenge_method, challenge string }
+
+func (p challengeOption) setValue(m url.Values) {
+	m.Set(codeChallengeMethodKey, p.challenge_method)
+	m.Set(codeChallengeKey, p.challenge)
+}
diff --git a/vendor/golang.org/x/oauth2/token.go b/vendor/golang.org/x/oauth2/token.go
index 5ffce9764be..5bbb3321748 100644
--- a/vendor/golang.org/x/oauth2/token.go
+++ b/vendor/golang.org/x/oauth2/token.go
@@ -164,7 +164,7 @@ func tokenFromInternal(t *internal.Token) *Token {
 // This token is then mapped from *internal.Token into an *oauth2.Token which is returned along
 // with an error..
 func retrieveToken(ctx context.Context, c *Config, v url.Values) (*Token, error) {
-	tk, err := internal.RetrieveToken(ctx, c.ClientID, c.ClientSecret, c.Endpoint.TokenURL, v, internal.AuthStyle(c.Endpoint.AuthStyle))
+	tk, err := internal.RetrieveToken(ctx, c.ClientID, c.ClientSecret, c.Endpoint.TokenURL, v, internal.AuthStyle(c.Endpoint.AuthStyle), c.authStyleCache.Get())
 	if err != nil {
 		if rErr, ok := err.(*internal.RetrieveError); ok {
 			return nil, (*RetrieveError)(rErr)
diff --git a/vendor/google.golang.org/api/internal/creds.go b/vendor/google.golang.org/api/internal/creds.go
index 92b3acf6edf..05165f333b0 100644
--- a/vendor/google.golang.org/api/internal/creds.go
+++ b/vendor/google.golang.org/api/internal/creds.go
@@ -78,9 +78,8 @@ const (
 // met:
 //
 //	(1) At least one of the following is true:
-//	    (a) No scope is provided
-//	    (b) Scope for self-signed JWT flow is enabled
-//	    (c) Audiences are explicitly provided by users
+//	    (a) Scope for self-signed JWT flow is enabled
+//	    (b) Audiences are explicitly provided by users
 //	(2) No service account impersontation
 //
 // - Otherwise, executes standard OAuth 2.0 flow
diff --git a/vendor/google.golang.org/api/internal/s2a.go b/vendor/google.golang.org/api/internal/s2a.go
index c5b421f5544..c70f2419b49 100644
--- a/vendor/google.golang.org/api/internal/s2a.go
+++ b/vendor/google.golang.org/api/internal/s2a.go
@@ -13,7 +13,7 @@ import (
 	"cloud.google.com/go/compute/metadata"
 )
 
-const configEndpointSuffix = "googleAutoMtlsConfiguration"
+const configEndpointSuffix = "instance/platform-security/auto-mtls-configuration"
 
 // The period an MTLS config can be reused before needing refresh.
 var configExpiry = time.Hour
diff --git a/vendor/google.golang.org/api/internal/settings.go b/vendor/google.golang.org/api/internal/settings.go
index 3a3874df112..84f9302dcfa 100644
--- a/vendor/google.golang.org/api/internal/settings.go
+++ b/vendor/google.golang.org/api/internal/settings.go
@@ -9,6 +9,8 @@ import (
 	"crypto/tls"
 	"errors"
 	"net/http"
+	"os"
+	"strconv"
 
 	"golang.org/x/oauth2"
 	"golang.org/x/oauth2/google"
@@ -16,6 +18,10 @@ import (
 	"google.golang.org/grpc"
 )
 
+const (
+	newAuthLibEnVar = "GOOGLE_API_GO_EXPERIMENTAL_USE_NEW_AUTH_LIB"
+)
+
 // DialSettings holds information needed to establish a connection with a
 // Google API service.
 type DialSettings struct {
@@ -47,6 +53,7 @@ type DialSettings struct {
 	ImpersonationConfig           *impersonate.Config
 	EnableDirectPath              bool
 	EnableDirectPathXds           bool
+	EnableNewAuthLibrary          bool
 	AllowNonDefaultServiceAccount bool
 
 	// Google API system parameters. For more information please read:
@@ -77,6 +84,16 @@ func (ds *DialSettings) HasCustomAudience() bool {
 	return len(ds.Audiences) > 0
 }
 
+func (ds *DialSettings) IsNewAuthLibraryEnabled() bool {
+	if ds.EnableNewAuthLibrary {
+		return true
+	}
+	if b, err := strconv.ParseBool(os.Getenv(newAuthLibEnVar)); err == nil {
+		return b
+	}
+	return false
+}
+
 // Validate reports an error if ds is invalid.
 func (ds *DialSettings) Validate() error {
 	if ds.SkipValidation {
diff --git a/vendor/google.golang.org/api/internal/version.go b/vendor/google.golang.org/api/internal/version.go
index 06fd4170336..b0a50e8416c 100644
--- a/vendor/google.golang.org/api/internal/version.go
+++ b/vendor/google.golang.org/api/internal/version.go
@@ -5,4 +5,4 @@
 package internal
 
 // Version is the current tagged release of the library.
-const Version = "0.138.0"
+const Version = "0.147.0"
diff --git a/vendor/google.golang.org/api/option/internaloption/internaloption.go b/vendor/google.golang.org/api/option/internaloption/internaloption.go
index 3b8461d1da9..b2b249eec68 100644
--- a/vendor/google.golang.org/api/option/internaloption/internaloption.go
+++ b/vendor/google.golang.org/api/option/internaloption/internaloption.go
@@ -150,6 +150,19 @@ func (w *withCreds) Apply(o *internal.DialSettings) {
 	o.InternalCredentials = (*google.Credentials)(w)
 }
 
+// EnableNewAuthLibrary returns a ClientOption that specifies if libraries in this
+// module to delegate auth to our new library. This option will be removed in
+// the future once all clients have been moved to the new auth layer.
+func EnableNewAuthLibrary() option.ClientOption {
+	return enableNewAuthLibrary(true)
+}
+
+type enableNewAuthLibrary bool
+
+func (w enableNewAuthLibrary) Apply(o *internal.DialSettings) {
+	o.EnableNewAuthLibrary = bool(w)
+}
+
 // EmbeddableAdapter is a no-op option.ClientOption that allow libraries to
 // create their own client options by embedding this type into their own
 // client-specific option wrapper. See example for usage.
diff --git a/vendor/google.golang.org/api/transport/grpc/dial.go b/vendor/google.golang.org/api/transport/grpc/dial.go
index e1403e08ee6..e36d7589ee2 100644
--- a/vendor/google.golang.org/api/transport/grpc/dial.go
+++ b/vendor/google.golang.org/api/transport/grpc/dial.go
@@ -35,9 +35,6 @@ const disableDirectPath = "GOOGLE_CLOUD_DISABLE_DIRECT_PATH"
 // Check env to decide if using google-c2p resolver for DirectPath traffic.
 const enableDirectPathXds = "GOOGLE_CLOUD_ENABLE_DIRECT_PATH_XDS"
 
-// Set at init time by dial_appengine.go. If nil, we're not on App Engine.
-var appengineDialerHook func(context.Context) grpc.DialOption
-
 // Set at init time by dial_socketopt.go. If nil, socketopt is not supported.
 var timeoutDialerOption grpc.DialOption
 
@@ -186,12 +183,6 @@ func dial(ctx context.Context, insecure bool, o *internal.DialSettings) (*grpc.C
 		}
 	}
 
-	if appengineDialerHook != nil {
-		// Use the Socket API on App Engine.
-		// appengine dialer will override socketopt dialer
-		grpcOpts = append(grpcOpts, appengineDialerHook(ctx))
-	}
-
 	// Add tracing, but before the other options, so that clients can override the
 	// gRPC stats handler.
 	// This assumes that gRPC options are processed in order, left to right.
diff --git a/vendor/google.golang.org/api/transport/grpc/dial_appengine.go b/vendor/google.golang.org/api/transport/grpc/dial_appengine.go
deleted file mode 100644
index fd3dc0565d0..00000000000
--- a/vendor/google.golang.org/api/transport/grpc/dial_appengine.go
+++ /dev/null
@@ -1,32 +0,0 @@
-// Copyright 2016 Google LLC.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build appengine
-// +build appengine
-
-package grpc
-
-import (
-	"context"
-	"net"
-	"time"
-
-	"google.golang.org/appengine"
-	"google.golang.org/appengine/socket"
-	"google.golang.org/grpc"
-)
-
-func init() {
-	// NOTE: dev_appserver doesn't currently support SSL.
-	// When it does, this code can be removed.
-	if appengine.IsDevAppServer() {
-		return
-	}
-
-	appengineDialerHook = func(ctx context.Context) grpc.DialOption {
-		return grpc.WithDialer(func(addr string, timeout time.Duration) (net.Conn, error) {
-			return socket.DialTimeout(ctx, "tcp", addr, timeout)
-		})
-	}
-}
diff --git a/vendor/google.golang.org/api/transport/http/dial.go b/vendor/google.golang.org/api/transport/http/dial.go
index eca0c3ba795..a07362ffdbd 100644
--- a/vendor/google.golang.org/api/transport/http/dial.go
+++ b/vendor/google.golang.org/api/transport/http/dial.go
@@ -145,22 +145,13 @@ func (t *parameterTransport) RoundTrip(req *http.Request) (*http.Response, error
 	return rt.RoundTrip(&newReq)
 }
 
-// Set at init time by dial_appengine.go. If nil, we're not on App Engine.
-var appengineUrlfetchHook func(context.Context) http.RoundTripper
-
-// defaultBaseTransport returns the base HTTP transport.
-// On App Engine, this is urlfetch.Transport.
-// Otherwise, use a default transport, taking most defaults from
-// http.DefaultTransport.
+// defaultBaseTransport returns the base HTTP transport. It uses a default
+// transport, taking most defaults from http.DefaultTransport.
 // If TLSCertificate is available, set TLSClientConfig as well.
 func defaultBaseTransport(ctx context.Context, clientCertSource cert.Source, dialTLSContext func(context.Context, string, string) (net.Conn, error)) http.RoundTripper {
-	if appengineUrlfetchHook != nil {
-		return appengineUrlfetchHook(ctx)
-	}
-
 	// Copy http.DefaultTransport except for MaxIdleConnsPerHost setting,
-	// which is increased due to reported performance issues under load in the GCS
-	// client. Transport.Clone is only available in Go 1.13 and up.
+	// which is increased due to reported performance issues under load in the
+	// GCS client. Transport.Clone is only available in Go 1.13 and up.
 	trans := clonedTransport(http.DefaultTransport)
 	if trans == nil {
 		trans = fallbackBaseTransport()
diff --git a/vendor/google.golang.org/api/transport/http/dial_appengine.go b/vendor/google.golang.org/api/transport/http/dial_appengine.go
deleted file mode 100644
index f064e133f71..00000000000
--- a/vendor/google.golang.org/api/transport/http/dial_appengine.go
+++ /dev/null
@@ -1,21 +0,0 @@
-// Copyright 2016 Google LLC.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build appengine
-// +build appengine
-
-package http
-
-import (
-	"context"
-	"net/http"
-
-	"google.golang.org/appengine/urlfetch"
-)
-
-func init() {
-	appengineUrlfetchHook = func(ctx context.Context) http.RoundTripper {
-		return &urlfetch.Transport{Context: ctx}
-	}
-}
diff --git a/vendor/google.golang.org/appengine/internal/socket/socket_service.pb.go b/vendor/google.golang.org/appengine/internal/socket/socket_service.pb.go
deleted file mode 100644
index 4ec872e4606..00000000000
--- a/vendor/google.golang.org/appengine/internal/socket/socket_service.pb.go
+++ /dev/null
@@ -1,2822 +0,0 @@
-// Code generated by protoc-gen-go. DO NOT EDIT.
-// source: google.golang.org/appengine/internal/socket/socket_service.proto
-
-package socket
-
-import proto "github.com/golang/protobuf/proto"
-import fmt "fmt"
-import math "math"
-
-// Reference imports to suppress errors if they are not otherwise used.
-var _ = proto.Marshal
-var _ = fmt.Errorf
-var _ = math.Inf
-
-// This is a compile-time assertion to ensure that this generated file
-// is compatible with the proto package it is being compiled against.
-// A compilation error at this line likely means your copy of the
-// proto package needs to be updated.
-const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package
-
-type RemoteSocketServiceError_ErrorCode int32
-
-const (
-	RemoteSocketServiceError_SYSTEM_ERROR      RemoteSocketServiceError_ErrorCode = 1
-	RemoteSocketServiceError_GAI_ERROR         RemoteSocketServiceError_ErrorCode = 2
-	RemoteSocketServiceError_FAILURE           RemoteSocketServiceError_ErrorCode = 4
-	RemoteSocketServiceError_PERMISSION_DENIED RemoteSocketServiceError_ErrorCode = 5
-	RemoteSocketServiceError_INVALID_REQUEST   RemoteSocketServiceError_ErrorCode = 6
-	RemoteSocketServiceError_SOCKET_CLOSED     RemoteSocketServiceError_ErrorCode = 7
-)
-
-var RemoteSocketServiceError_ErrorCode_name = map[int32]string{
-	1: "SYSTEM_ERROR",
-	2: "GAI_ERROR",
-	4: "FAILURE",
-	5: "PERMISSION_DENIED",
-	6: "INVALID_REQUEST",
-	7: "SOCKET_CLOSED",
-}
-var RemoteSocketServiceError_ErrorCode_value = map[string]int32{
-	"SYSTEM_ERROR":      1,
-	"GAI_ERROR":         2,
-	"FAILURE":           4,
-	"PERMISSION_DENIED": 5,
-	"INVALID_REQUEST":   6,
-	"SOCKET_CLOSED":     7,
-}
-
-func (x RemoteSocketServiceError_ErrorCode) Enum() *RemoteSocketServiceError_ErrorCode {
-	p := new(RemoteSocketServiceError_ErrorCode)
-	*p = x
-	return p
-}
-func (x RemoteSocketServiceError_ErrorCode) String() string {
-	return proto.EnumName(RemoteSocketServiceError_ErrorCode_name, int32(x))
-}
-func (x *RemoteSocketServiceError_ErrorCode) UnmarshalJSON(data []byte) error {
-	value, err := proto.UnmarshalJSONEnum(RemoteSocketServiceError_ErrorCode_value, data, "RemoteSocketServiceError_ErrorCode")
-	if err != nil {
-		return err
-	}
-	*x = RemoteSocketServiceError_ErrorCode(value)
-	return nil
-}
-func (RemoteSocketServiceError_ErrorCode) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{0, 0}
-}
-
-type RemoteSocketServiceError_SystemError int32
-
-const (
-	RemoteSocketServiceError_SYS_SUCCESS         RemoteSocketServiceError_SystemError = 0
-	RemoteSocketServiceError_SYS_EPERM           RemoteSocketServiceError_SystemError = 1
-	RemoteSocketServiceError_SYS_ENOENT          RemoteSocketServiceError_SystemError = 2
-	RemoteSocketServiceError_SYS_ESRCH           RemoteSocketServiceError_SystemError = 3
-	RemoteSocketServiceError_SYS_EINTR           RemoteSocketServiceError_SystemError = 4
-	RemoteSocketServiceError_SYS_EIO             RemoteSocketServiceError_SystemError = 5
-	RemoteSocketServiceError_SYS_ENXIO           RemoteSocketServiceError_SystemError = 6
-	RemoteSocketServiceError_SYS_E2BIG           RemoteSocketServiceError_SystemError = 7
-	RemoteSocketServiceError_SYS_ENOEXEC         RemoteSocketServiceError_SystemError = 8
-	RemoteSocketServiceError_SYS_EBADF           RemoteSocketServiceError_SystemError = 9
-	RemoteSocketServiceError_SYS_ECHILD          RemoteSocketServiceError_SystemError = 10
-	RemoteSocketServiceError_SYS_EAGAIN          RemoteSocketServiceError_SystemError = 11
-	RemoteSocketServiceError_SYS_EWOULDBLOCK     RemoteSocketServiceError_SystemError = 11
-	RemoteSocketServiceError_SYS_ENOMEM          RemoteSocketServiceError_SystemError = 12
-	RemoteSocketServiceError_SYS_EACCES          RemoteSocketServiceError_SystemError = 13
-	RemoteSocketServiceError_SYS_EFAULT          RemoteSocketServiceError_SystemError = 14
-	RemoteSocketServiceError_SYS_ENOTBLK         RemoteSocketServiceError_SystemError = 15
-	RemoteSocketServiceError_SYS_EBUSY           RemoteSocketServiceError_SystemError = 16
-	RemoteSocketServiceError_SYS_EEXIST          RemoteSocketServiceError_SystemError = 17
-	RemoteSocketServiceError_SYS_EXDEV           RemoteSocketServiceError_SystemError = 18
-	RemoteSocketServiceError_SYS_ENODEV          RemoteSocketServiceError_SystemError = 19
-	RemoteSocketServiceError_SYS_ENOTDIR         RemoteSocketServiceError_SystemError = 20
-	RemoteSocketServiceError_SYS_EISDIR          RemoteSocketServiceError_SystemError = 21
-	RemoteSocketServiceError_SYS_EINVAL          RemoteSocketServiceError_SystemError = 22
-	RemoteSocketServiceError_SYS_ENFILE          RemoteSocketServiceError_SystemError = 23
-	RemoteSocketServiceError_SYS_EMFILE          RemoteSocketServiceError_SystemError = 24
-	RemoteSocketServiceError_SYS_ENOTTY          RemoteSocketServiceError_SystemError = 25
-	RemoteSocketServiceError_SYS_ETXTBSY         RemoteSocketServiceError_SystemError = 26
-	RemoteSocketServiceError_SYS_EFBIG           RemoteSocketServiceError_SystemError = 27
-	RemoteSocketServiceError_SYS_ENOSPC          RemoteSocketServiceError_SystemError = 28
-	RemoteSocketServiceError_SYS_ESPIPE          RemoteSocketServiceError_SystemError = 29
-	RemoteSocketServiceError_SYS_EROFS           RemoteSocketServiceError_SystemError = 30
-	RemoteSocketServiceError_SYS_EMLINK          RemoteSocketServiceError_SystemError = 31
-	RemoteSocketServiceError_SYS_EPIPE           RemoteSocketServiceError_SystemError = 32
-	RemoteSocketServiceError_SYS_EDOM            RemoteSocketServiceError_SystemError = 33
-	RemoteSocketServiceError_SYS_ERANGE          RemoteSocketServiceError_SystemError = 34
-	RemoteSocketServiceError_SYS_EDEADLK         RemoteSocketServiceError_SystemError = 35
-	RemoteSocketServiceError_SYS_EDEADLOCK       RemoteSocketServiceError_SystemError = 35
-	RemoteSocketServiceError_SYS_ENAMETOOLONG    RemoteSocketServiceError_SystemError = 36
-	RemoteSocketServiceError_SYS_ENOLCK          RemoteSocketServiceError_SystemError = 37
-	RemoteSocketServiceError_SYS_ENOSYS          RemoteSocketServiceError_SystemError = 38
-	RemoteSocketServiceError_SYS_ENOTEMPTY       RemoteSocketServiceError_SystemError = 39
-	RemoteSocketServiceError_SYS_ELOOP           RemoteSocketServiceError_SystemError = 40
-	RemoteSocketServiceError_SYS_ENOMSG          RemoteSocketServiceError_SystemError = 42
-	RemoteSocketServiceError_SYS_EIDRM           RemoteSocketServiceError_SystemError = 43
-	RemoteSocketServiceError_SYS_ECHRNG          RemoteSocketServiceError_SystemError = 44
-	RemoteSocketServiceError_SYS_EL2NSYNC        RemoteSocketServiceError_SystemError = 45
-	RemoteSocketServiceError_SYS_EL3HLT          RemoteSocketServiceError_SystemError = 46
-	RemoteSocketServiceError_SYS_EL3RST          RemoteSocketServiceError_SystemError = 47
-	RemoteSocketServiceError_SYS_ELNRNG          RemoteSocketServiceError_SystemError = 48
-	RemoteSocketServiceError_SYS_EUNATCH         RemoteSocketServiceError_SystemError = 49
-	RemoteSocketServiceError_SYS_ENOCSI          RemoteSocketServiceError_SystemError = 50
-	RemoteSocketServiceError_SYS_EL2HLT          RemoteSocketServiceError_SystemError = 51
-	RemoteSocketServiceError_SYS_EBADE           RemoteSocketServiceError_SystemError = 52
-	RemoteSocketServiceError_SYS_EBADR           RemoteSocketServiceError_SystemError = 53
-	RemoteSocketServiceError_SYS_EXFULL          RemoteSocketServiceError_SystemError = 54
-	RemoteSocketServiceError_SYS_ENOANO          RemoteSocketServiceError_SystemError = 55
-	RemoteSocketServiceError_SYS_EBADRQC         RemoteSocketServiceError_SystemError = 56
-	RemoteSocketServiceError_SYS_EBADSLT         RemoteSocketServiceError_SystemError = 57
-	RemoteSocketServiceError_SYS_EBFONT          RemoteSocketServiceError_SystemError = 59
-	RemoteSocketServiceError_SYS_ENOSTR          RemoteSocketServiceError_SystemError = 60
-	RemoteSocketServiceError_SYS_ENODATA         RemoteSocketServiceError_SystemError = 61
-	RemoteSocketServiceError_SYS_ETIME           RemoteSocketServiceError_SystemError = 62
-	RemoteSocketServiceError_SYS_ENOSR           RemoteSocketServiceError_SystemError = 63
-	RemoteSocketServiceError_SYS_ENONET          RemoteSocketServiceError_SystemError = 64
-	RemoteSocketServiceError_SYS_ENOPKG          RemoteSocketServiceError_SystemError = 65
-	RemoteSocketServiceError_SYS_EREMOTE         RemoteSocketServiceError_SystemError = 66
-	RemoteSocketServiceError_SYS_ENOLINK         RemoteSocketServiceError_SystemError = 67
-	RemoteSocketServiceError_SYS_EADV            RemoteSocketServiceError_SystemError = 68
-	RemoteSocketServiceError_SYS_ESRMNT          RemoteSocketServiceError_SystemError = 69
-	RemoteSocketServiceError_SYS_ECOMM           RemoteSocketServiceError_SystemError = 70
-	RemoteSocketServiceError_SYS_EPROTO          RemoteSocketServiceError_SystemError = 71
-	RemoteSocketServiceError_SYS_EMULTIHOP       RemoteSocketServiceError_SystemError = 72
-	RemoteSocketServiceError_SYS_EDOTDOT         RemoteSocketServiceError_SystemError = 73
-	RemoteSocketServiceError_SYS_EBADMSG         RemoteSocketServiceError_SystemError = 74
-	RemoteSocketServiceError_SYS_EOVERFLOW       RemoteSocketServiceError_SystemError = 75
-	RemoteSocketServiceError_SYS_ENOTUNIQ        RemoteSocketServiceError_SystemError = 76
-	RemoteSocketServiceError_SYS_EBADFD          RemoteSocketServiceError_SystemError = 77
-	RemoteSocketServiceError_SYS_EREMCHG         RemoteSocketServiceError_SystemError = 78
-	RemoteSocketServiceError_SYS_ELIBACC         RemoteSocketServiceError_SystemError = 79
-	RemoteSocketServiceError_SYS_ELIBBAD         RemoteSocketServiceError_SystemError = 80
-	RemoteSocketServiceError_SYS_ELIBSCN         RemoteSocketServiceError_SystemError = 81
-	RemoteSocketServiceError_SYS_ELIBMAX         RemoteSocketServiceError_SystemError = 82
-	RemoteSocketServiceError_SYS_ELIBEXEC        RemoteSocketServiceError_SystemError = 83
-	RemoteSocketServiceError_SYS_EILSEQ          RemoteSocketServiceError_SystemError = 84
-	RemoteSocketServiceError_SYS_ERESTART        RemoteSocketServiceError_SystemError = 85
-	RemoteSocketServiceError_SYS_ESTRPIPE        RemoteSocketServiceError_SystemError = 86
-	RemoteSocketServiceError_SYS_EUSERS          RemoteSocketServiceError_SystemError = 87
-	RemoteSocketServiceError_SYS_ENOTSOCK        RemoteSocketServiceError_SystemError = 88
-	RemoteSocketServiceError_SYS_EDESTADDRREQ    RemoteSocketServiceError_SystemError = 89
-	RemoteSocketServiceError_SYS_EMSGSIZE        RemoteSocketServiceError_SystemError = 90
-	RemoteSocketServiceError_SYS_EPROTOTYPE      RemoteSocketServiceError_SystemError = 91
-	RemoteSocketServiceError_SYS_ENOPROTOOPT     RemoteSocketServiceError_SystemError = 92
-	RemoteSocketServiceError_SYS_EPROTONOSUPPORT RemoteSocketServiceError_SystemError = 93
-	RemoteSocketServiceError_SYS_ESOCKTNOSUPPORT RemoteSocketServiceError_SystemError = 94
-	RemoteSocketServiceError_SYS_EOPNOTSUPP      RemoteSocketServiceError_SystemError = 95
-	RemoteSocketServiceError_SYS_ENOTSUP         RemoteSocketServiceError_SystemError = 95
-	RemoteSocketServiceError_SYS_EPFNOSUPPORT    RemoteSocketServiceError_SystemError = 96
-	RemoteSocketServiceError_SYS_EAFNOSUPPORT    RemoteSocketServiceError_SystemError = 97
-	RemoteSocketServiceError_SYS_EADDRINUSE      RemoteSocketServiceError_SystemError = 98
-	RemoteSocketServiceError_SYS_EADDRNOTAVAIL   RemoteSocketServiceError_SystemError = 99
-	RemoteSocketServiceError_SYS_ENETDOWN        RemoteSocketServiceError_SystemError = 100
-	RemoteSocketServiceError_SYS_ENETUNREACH     RemoteSocketServiceError_SystemError = 101
-	RemoteSocketServiceError_SYS_ENETRESET       RemoteSocketServiceError_SystemError = 102
-	RemoteSocketServiceError_SYS_ECONNABORTED    RemoteSocketServiceError_SystemError = 103
-	RemoteSocketServiceError_SYS_ECONNRESET      RemoteSocketServiceError_SystemError = 104
-	RemoteSocketServiceError_SYS_ENOBUFS         RemoteSocketServiceError_SystemError = 105
-	RemoteSocketServiceError_SYS_EISCONN         RemoteSocketServiceError_SystemError = 106
-	RemoteSocketServiceError_SYS_ENOTCONN        RemoteSocketServiceError_SystemError = 107
-	RemoteSocketServiceError_SYS_ESHUTDOWN       RemoteSocketServiceError_SystemError = 108
-	RemoteSocketServiceError_SYS_ETOOMANYREFS    RemoteSocketServiceError_SystemError = 109
-	RemoteSocketServiceError_SYS_ETIMEDOUT       RemoteSocketServiceError_SystemError = 110
-	RemoteSocketServiceError_SYS_ECONNREFUSED    RemoteSocketServiceError_SystemError = 111
-	RemoteSocketServiceError_SYS_EHOSTDOWN       RemoteSocketServiceError_SystemError = 112
-	RemoteSocketServiceError_SYS_EHOSTUNREACH    RemoteSocketServiceError_SystemError = 113
-	RemoteSocketServiceError_SYS_EALREADY        RemoteSocketServiceError_SystemError = 114
-	RemoteSocketServiceError_SYS_EINPROGRESS     RemoteSocketServiceError_SystemError = 115
-	RemoteSocketServiceError_SYS_ESTALE          RemoteSocketServiceError_SystemError = 116
-	RemoteSocketServiceError_SYS_EUCLEAN         RemoteSocketServiceError_SystemError = 117
-	RemoteSocketServiceError_SYS_ENOTNAM         RemoteSocketServiceError_SystemError = 118
-	RemoteSocketServiceError_SYS_ENAVAIL         RemoteSocketServiceError_SystemError = 119
-	RemoteSocketServiceError_SYS_EISNAM          RemoteSocketServiceError_SystemError = 120
-	RemoteSocketServiceError_SYS_EREMOTEIO       RemoteSocketServiceError_SystemError = 121
-	RemoteSocketServiceError_SYS_EDQUOT          RemoteSocketServiceError_SystemError = 122
-	RemoteSocketServiceError_SYS_ENOMEDIUM       RemoteSocketServiceError_SystemError = 123
-	RemoteSocketServiceError_SYS_EMEDIUMTYPE     RemoteSocketServiceError_SystemError = 124
-	RemoteSocketServiceError_SYS_ECANCELED       RemoteSocketServiceError_SystemError = 125
-	RemoteSocketServiceError_SYS_ENOKEY          RemoteSocketServiceError_SystemError = 126
-	RemoteSocketServiceError_SYS_EKEYEXPIRED     RemoteSocketServiceError_SystemError = 127
-	RemoteSocketServiceError_SYS_EKEYREVOKED     RemoteSocketServiceError_SystemError = 128
-	RemoteSocketServiceError_SYS_EKEYREJECTED    RemoteSocketServiceError_SystemError = 129
-	RemoteSocketServiceError_SYS_EOWNERDEAD      RemoteSocketServiceError_SystemError = 130
-	RemoteSocketServiceError_SYS_ENOTRECOVERABLE RemoteSocketServiceError_SystemError = 131
-	RemoteSocketServiceError_SYS_ERFKILL         RemoteSocketServiceError_SystemError = 132
-)
-
-var RemoteSocketServiceError_SystemError_name = map[int32]string{
-	0:  "SYS_SUCCESS",
-	1:  "SYS_EPERM",
-	2:  "SYS_ENOENT",
-	3:  "SYS_ESRCH",
-	4:  "SYS_EINTR",
-	5:  "SYS_EIO",
-	6:  "SYS_ENXIO",
-	7:  "SYS_E2BIG",
-	8:  "SYS_ENOEXEC",
-	9:  "SYS_EBADF",
-	10: "SYS_ECHILD",
-	11: "SYS_EAGAIN",
-	// Duplicate value: 11: "SYS_EWOULDBLOCK",
-	12: "SYS_ENOMEM",
-	13: "SYS_EACCES",
-	14: "SYS_EFAULT",
-	15: "SYS_ENOTBLK",
-	16: "SYS_EBUSY",
-	17: "SYS_EEXIST",
-	18: "SYS_EXDEV",
-	19: "SYS_ENODEV",
-	20: "SYS_ENOTDIR",
-	21: "SYS_EISDIR",
-	22: "SYS_EINVAL",
-	23: "SYS_ENFILE",
-	24: "SYS_EMFILE",
-	25: "SYS_ENOTTY",
-	26: "SYS_ETXTBSY",
-	27: "SYS_EFBIG",
-	28: "SYS_ENOSPC",
-	29: "SYS_ESPIPE",
-	30: "SYS_EROFS",
-	31: "SYS_EMLINK",
-	32: "SYS_EPIPE",
-	33: "SYS_EDOM",
-	34: "SYS_ERANGE",
-	35: "SYS_EDEADLK",
-	// Duplicate value: 35: "SYS_EDEADLOCK",
-	36: "SYS_ENAMETOOLONG",
-	37: "SYS_ENOLCK",
-	38: "SYS_ENOSYS",
-	39: "SYS_ENOTEMPTY",
-	40: "SYS_ELOOP",
-	42: "SYS_ENOMSG",
-	43: "SYS_EIDRM",
-	44: "SYS_ECHRNG",
-	45: "SYS_EL2NSYNC",
-	46: "SYS_EL3HLT",
-	47: "SYS_EL3RST",
-	48: "SYS_ELNRNG",
-	49: "SYS_EUNATCH",
-	50: "SYS_ENOCSI",
-	51: "SYS_EL2HLT",
-	52: "SYS_EBADE",
-	53: "SYS_EBADR",
-	54: "SYS_EXFULL",
-	55: "SYS_ENOANO",
-	56: "SYS_EBADRQC",
-	57: "SYS_EBADSLT",
-	59: "SYS_EBFONT",
-	60: "SYS_ENOSTR",
-	61: "SYS_ENODATA",
-	62: "SYS_ETIME",
-	63: "SYS_ENOSR",
-	64: "SYS_ENONET",
-	65: "SYS_ENOPKG",
-	66: "SYS_EREMOTE",
-	67: "SYS_ENOLINK",
-	68: "SYS_EADV",
-	69: "SYS_ESRMNT",
-	70: "SYS_ECOMM",
-	71: "SYS_EPROTO",
-	72: "SYS_EMULTIHOP",
-	73: "SYS_EDOTDOT",
-	74: "SYS_EBADMSG",
-	75: "SYS_EOVERFLOW",
-	76: "SYS_ENOTUNIQ",
-	77: "SYS_EBADFD",
-	78: "SYS_EREMCHG",
-	79: "SYS_ELIBACC",
-	80: "SYS_ELIBBAD",
-	81: "SYS_ELIBSCN",
-	82: "SYS_ELIBMAX",
-	83: "SYS_ELIBEXEC",
-	84: "SYS_EILSEQ",
-	85: "SYS_ERESTART",
-	86: "SYS_ESTRPIPE",
-	87: "SYS_EUSERS",
-	88: "SYS_ENOTSOCK",
-	89: "SYS_EDESTADDRREQ",
-	90: "SYS_EMSGSIZE",
-	91: "SYS_EPROTOTYPE",
-	92: "SYS_ENOPROTOOPT",
-	93: "SYS_EPROTONOSUPPORT",
-	94: "SYS_ESOCKTNOSUPPORT",
-	95: "SYS_EOPNOTSUPP",
-	// Duplicate value: 95: "SYS_ENOTSUP",
-	96:  "SYS_EPFNOSUPPORT",
-	97:  "SYS_EAFNOSUPPORT",
-	98:  "SYS_EADDRINUSE",
-	99:  "SYS_EADDRNOTAVAIL",
-	100: "SYS_ENETDOWN",
-	101: "SYS_ENETUNREACH",
-	102: "SYS_ENETRESET",
-	103: "SYS_ECONNABORTED",
-	104: "SYS_ECONNRESET",
-	105: "SYS_ENOBUFS",
-	106: "SYS_EISCONN",
-	107: "SYS_ENOTCONN",
-	108: "SYS_ESHUTDOWN",
-	109: "SYS_ETOOMANYREFS",
-	110: "SYS_ETIMEDOUT",
-	111: "SYS_ECONNREFUSED",
-	112: "SYS_EHOSTDOWN",
-	113: "SYS_EHOSTUNREACH",
-	114: "SYS_EALREADY",
-	115: "SYS_EINPROGRESS",
-	116: "SYS_ESTALE",
-	117: "SYS_EUCLEAN",
-	118: "SYS_ENOTNAM",
-	119: "SYS_ENAVAIL",
-	120: "SYS_EISNAM",
-	121: "SYS_EREMOTEIO",
-	122: "SYS_EDQUOT",
-	123: "SYS_ENOMEDIUM",
-	124: "SYS_EMEDIUMTYPE",
-	125: "SYS_ECANCELED",
-	126: "SYS_ENOKEY",
-	127: "SYS_EKEYEXPIRED",
-	128: "SYS_EKEYREVOKED",
-	129: "SYS_EKEYREJECTED",
-	130: "SYS_EOWNERDEAD",
-	131: "SYS_ENOTRECOVERABLE",
-	132: "SYS_ERFKILL",
-}
-var RemoteSocketServiceError_SystemError_value = map[string]int32{
-	"SYS_SUCCESS":         0,
-	"SYS_EPERM":           1,
-	"SYS_ENOENT":          2,
-	"SYS_ESRCH":           3,
-	"SYS_EINTR":           4,
-	"SYS_EIO":             5,
-	"SYS_ENXIO":           6,
-	"SYS_E2BIG":           7,
-	"SYS_ENOEXEC":         8,
-	"SYS_EBADF":           9,
-	"SYS_ECHILD":          10,
-	"SYS_EAGAIN":          11,
-	"SYS_EWOULDBLOCK":     11,
-	"SYS_ENOMEM":          12,
-	"SYS_EACCES":          13,
-	"SYS_EFAULT":          14,
-	"SYS_ENOTBLK":         15,
-	"SYS_EBUSY":           16,
-	"SYS_EEXIST":          17,
-	"SYS_EXDEV":           18,
-	"SYS_ENODEV":          19,
-	"SYS_ENOTDIR":         20,
-	"SYS_EISDIR":          21,
-	"SYS_EINVAL":          22,
-	"SYS_ENFILE":          23,
-	"SYS_EMFILE":          24,
-	"SYS_ENOTTY":          25,
-	"SYS_ETXTBSY":         26,
-	"SYS_EFBIG":           27,
-	"SYS_ENOSPC":          28,
-	"SYS_ESPIPE":          29,
-	"SYS_EROFS":           30,
-	"SYS_EMLINK":          31,
-	"SYS_EPIPE":           32,
-	"SYS_EDOM":            33,
-	"SYS_ERANGE":          34,
-	"SYS_EDEADLK":         35,
-	"SYS_EDEADLOCK":       35,
-	"SYS_ENAMETOOLONG":    36,
-	"SYS_ENOLCK":          37,
-	"SYS_ENOSYS":          38,
-	"SYS_ENOTEMPTY":       39,
-	"SYS_ELOOP":           40,
-	"SYS_ENOMSG":          42,
-	"SYS_EIDRM":           43,
-	"SYS_ECHRNG":          44,
-	"SYS_EL2NSYNC":        45,
-	"SYS_EL3HLT":          46,
-	"SYS_EL3RST":          47,
-	"SYS_ELNRNG":          48,
-	"SYS_EUNATCH":         49,
-	"SYS_ENOCSI":          50,
-	"SYS_EL2HLT":          51,
-	"SYS_EBADE":           52,
-	"SYS_EBADR":           53,
-	"SYS_EXFULL":          54,
-	"SYS_ENOANO":          55,
-	"SYS_EBADRQC":         56,
-	"SYS_EBADSLT":         57,
-	"SYS_EBFONT":          59,
-	"SYS_ENOSTR":          60,
-	"SYS_ENODATA":         61,
-	"SYS_ETIME":           62,
-	"SYS_ENOSR":           63,
-	"SYS_ENONET":          64,
-	"SYS_ENOPKG":          65,
-	"SYS_EREMOTE":         66,
-	"SYS_ENOLINK":         67,
-	"SYS_EADV":            68,
-	"SYS_ESRMNT":          69,
-	"SYS_ECOMM":           70,
-	"SYS_EPROTO":          71,
-	"SYS_EMULTIHOP":       72,
-	"SYS_EDOTDOT":         73,
-	"SYS_EBADMSG":         74,
-	"SYS_EOVERFLOW":       75,
-	"SYS_ENOTUNIQ":        76,
-	"SYS_EBADFD":          77,
-	"SYS_EREMCHG":         78,
-	"SYS_ELIBACC":         79,
-	"SYS_ELIBBAD":         80,
-	"SYS_ELIBSCN":         81,
-	"SYS_ELIBMAX":         82,
-	"SYS_ELIBEXEC":        83,
-	"SYS_EILSEQ":          84,
-	"SYS_ERESTART":        85,
-	"SYS_ESTRPIPE":        86,
-	"SYS_EUSERS":          87,
-	"SYS_ENOTSOCK":        88,
-	"SYS_EDESTADDRREQ":    89,
-	"SYS_EMSGSIZE":        90,
-	"SYS_EPROTOTYPE":      91,
-	"SYS_ENOPROTOOPT":     92,
-	"SYS_EPROTONOSUPPORT": 93,
-	"SYS_ESOCKTNOSUPPORT": 94,
-	"SYS_EOPNOTSUPP":      95,
-	"SYS_ENOTSUP":         95,
-	"SYS_EPFNOSUPPORT":    96,
-	"SYS_EAFNOSUPPORT":    97,
-	"SYS_EADDRINUSE":      98,
-	"SYS_EADDRNOTAVAIL":   99,
-	"SYS_ENETDOWN":        100,
-	"SYS_ENETUNREACH":     101,
-	"SYS_ENETRESET":       102,
-	"SYS_ECONNABORTED":    103,
-	"SYS_ECONNRESET":      104,
-	"SYS_ENOBUFS":         105,
-	"SYS_EISCONN":         106,
-	"SYS_ENOTCONN":        107,
-	"SYS_ESHUTDOWN":       108,
-	"SYS_ETOOMANYREFS":    109,
-	"SYS_ETIMEDOUT":       110,
-	"SYS_ECONNREFUSED":    111,
-	"SYS_EHOSTDOWN":       112,
-	"SYS_EHOSTUNREACH":    113,
-	"SYS_EALREADY":        114,
-	"SYS_EINPROGRESS":     115,
-	"SYS_ESTALE":          116,
-	"SYS_EUCLEAN":         117,
-	"SYS_ENOTNAM":         118,
-	"SYS_ENAVAIL":         119,
-	"SYS_EISNAM":          120,
-	"SYS_EREMOTEIO":       121,
-	"SYS_EDQUOT":          122,
-	"SYS_ENOMEDIUM":       123,
-	"SYS_EMEDIUMTYPE":     124,
-	"SYS_ECANCELED":       125,
-	"SYS_ENOKEY":          126,
-	"SYS_EKEYEXPIRED":     127,
-	"SYS_EKEYREVOKED":     128,
-	"SYS_EKEYREJECTED":    129,
-	"SYS_EOWNERDEAD":      130,
-	"SYS_ENOTRECOVERABLE": 131,
-	"SYS_ERFKILL":         132,
-}
-
-func (x RemoteSocketServiceError_SystemError) Enum() *RemoteSocketServiceError_SystemError {
-	p := new(RemoteSocketServiceError_SystemError)
-	*p = x
-	return p
-}
-func (x RemoteSocketServiceError_SystemError) String() string {
-	return proto.EnumName(RemoteSocketServiceError_SystemError_name, int32(x))
-}
-func (x *RemoteSocketServiceError_SystemError) UnmarshalJSON(data []byte) error {
-	value, err := proto.UnmarshalJSONEnum(RemoteSocketServiceError_SystemError_value, data, "RemoteSocketServiceError_SystemError")
-	if err != nil {
-		return err
-	}
-	*x = RemoteSocketServiceError_SystemError(value)
-	return nil
-}
-func (RemoteSocketServiceError_SystemError) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{0, 1}
-}
-
-type CreateSocketRequest_SocketFamily int32
-
-const (
-	CreateSocketRequest_IPv4 CreateSocketRequest_SocketFamily = 1
-	CreateSocketRequest_IPv6 CreateSocketRequest_SocketFamily = 2
-)
-
-var CreateSocketRequest_SocketFamily_name = map[int32]string{
-	1: "IPv4",
-	2: "IPv6",
-}
-var CreateSocketRequest_SocketFamily_value = map[string]int32{
-	"IPv4": 1,
-	"IPv6": 2,
-}
-
-func (x CreateSocketRequest_SocketFamily) Enum() *CreateSocketRequest_SocketFamily {
-	p := new(CreateSocketRequest_SocketFamily)
-	*p = x
-	return p
-}
-func (x CreateSocketRequest_SocketFamily) String() string {
-	return proto.EnumName(CreateSocketRequest_SocketFamily_name, int32(x))
-}
-func (x *CreateSocketRequest_SocketFamily) UnmarshalJSON(data []byte) error {
-	value, err := proto.UnmarshalJSONEnum(CreateSocketRequest_SocketFamily_value, data, "CreateSocketRequest_SocketFamily")
-	if err != nil {
-		return err
-	}
-	*x = CreateSocketRequest_SocketFamily(value)
-	return nil
-}
-func (CreateSocketRequest_SocketFamily) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{2, 0}
-}
-
-type CreateSocketRequest_SocketProtocol int32
-
-const (
-	CreateSocketRequest_TCP CreateSocketRequest_SocketProtocol = 1
-	CreateSocketRequest_UDP CreateSocketRequest_SocketProtocol = 2
-)
-
-var CreateSocketRequest_SocketProtocol_name = map[int32]string{
-	1: "TCP",
-	2: "UDP",
-}
-var CreateSocketRequest_SocketProtocol_value = map[string]int32{
-	"TCP": 1,
-	"UDP": 2,
-}
-
-func (x CreateSocketRequest_SocketProtocol) Enum() *CreateSocketRequest_SocketProtocol {
-	p := new(CreateSocketRequest_SocketProtocol)
-	*p = x
-	return p
-}
-func (x CreateSocketRequest_SocketProtocol) String() string {
-	return proto.EnumName(CreateSocketRequest_SocketProtocol_name, int32(x))
-}
-func (x *CreateSocketRequest_SocketProtocol) UnmarshalJSON(data []byte) error {
-	value, err := proto.UnmarshalJSONEnum(CreateSocketRequest_SocketProtocol_value, data, "CreateSocketRequest_SocketProtocol")
-	if err != nil {
-		return err
-	}
-	*x = CreateSocketRequest_SocketProtocol(value)
-	return nil
-}
-func (CreateSocketRequest_SocketProtocol) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{2, 1}
-}
-
-type SocketOption_SocketOptionLevel int32
-
-const (
-	SocketOption_SOCKET_SOL_IP     SocketOption_SocketOptionLevel = 0
-	SocketOption_SOCKET_SOL_SOCKET SocketOption_SocketOptionLevel = 1
-	SocketOption_SOCKET_SOL_TCP    SocketOption_SocketOptionLevel = 6
-	SocketOption_SOCKET_SOL_UDP    SocketOption_SocketOptionLevel = 17
-)
-
-var SocketOption_SocketOptionLevel_name = map[int32]string{
-	0:  "SOCKET_SOL_IP",
-	1:  "SOCKET_SOL_SOCKET",
-	6:  "SOCKET_SOL_TCP",
-	17: "SOCKET_SOL_UDP",
-}
-var SocketOption_SocketOptionLevel_value = map[string]int32{
-	"SOCKET_SOL_IP":     0,
-	"SOCKET_SOL_SOCKET": 1,
-	"SOCKET_SOL_TCP":    6,
-	"SOCKET_SOL_UDP":    17,
-}
-
-func (x SocketOption_SocketOptionLevel) Enum() *SocketOption_SocketOptionLevel {
-	p := new(SocketOption_SocketOptionLevel)
-	*p = x
-	return p
-}
-func (x SocketOption_SocketOptionLevel) String() string {
-	return proto.EnumName(SocketOption_SocketOptionLevel_name, int32(x))
-}
-func (x *SocketOption_SocketOptionLevel) UnmarshalJSON(data []byte) error {
-	value, err := proto.UnmarshalJSONEnum(SocketOption_SocketOptionLevel_value, data, "SocketOption_SocketOptionLevel")
-	if err != nil {
-		return err
-	}
-	*x = SocketOption_SocketOptionLevel(value)
-	return nil
-}
-func (SocketOption_SocketOptionLevel) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{10, 0}
-}
-
-type SocketOption_SocketOptionName int32
-
-const (
-	SocketOption_SOCKET_SO_DEBUG         SocketOption_SocketOptionName = 1
-	SocketOption_SOCKET_SO_REUSEADDR     SocketOption_SocketOptionName = 2
-	SocketOption_SOCKET_SO_TYPE          SocketOption_SocketOptionName = 3
-	SocketOption_SOCKET_SO_ERROR         SocketOption_SocketOptionName = 4
-	SocketOption_SOCKET_SO_DONTROUTE     SocketOption_SocketOptionName = 5
-	SocketOption_SOCKET_SO_BROADCAST     SocketOption_SocketOptionName = 6
-	SocketOption_SOCKET_SO_SNDBUF        SocketOption_SocketOptionName = 7
-	SocketOption_SOCKET_SO_RCVBUF        SocketOption_SocketOptionName = 8
-	SocketOption_SOCKET_SO_KEEPALIVE     SocketOption_SocketOptionName = 9
-	SocketOption_SOCKET_SO_OOBINLINE     SocketOption_SocketOptionName = 10
-	SocketOption_SOCKET_SO_LINGER        SocketOption_SocketOptionName = 13
-	SocketOption_SOCKET_SO_RCVTIMEO      SocketOption_SocketOptionName = 20
-	SocketOption_SOCKET_SO_SNDTIMEO      SocketOption_SocketOptionName = 21
-	SocketOption_SOCKET_IP_TOS           SocketOption_SocketOptionName = 1
-	SocketOption_SOCKET_IP_TTL           SocketOption_SocketOptionName = 2
-	SocketOption_SOCKET_IP_HDRINCL       SocketOption_SocketOptionName = 3
-	SocketOption_SOCKET_IP_OPTIONS       SocketOption_SocketOptionName = 4
-	SocketOption_SOCKET_TCP_NODELAY      SocketOption_SocketOptionName = 1
-	SocketOption_SOCKET_TCP_MAXSEG       SocketOption_SocketOptionName = 2
-	SocketOption_SOCKET_TCP_CORK         SocketOption_SocketOptionName = 3
-	SocketOption_SOCKET_TCP_KEEPIDLE     SocketOption_SocketOptionName = 4
-	SocketOption_SOCKET_TCP_KEEPINTVL    SocketOption_SocketOptionName = 5
-	SocketOption_SOCKET_TCP_KEEPCNT      SocketOption_SocketOptionName = 6
-	SocketOption_SOCKET_TCP_SYNCNT       SocketOption_SocketOptionName = 7
-	SocketOption_SOCKET_TCP_LINGER2      SocketOption_SocketOptionName = 8
-	SocketOption_SOCKET_TCP_DEFER_ACCEPT SocketOption_SocketOptionName = 9
-	SocketOption_SOCKET_TCP_WINDOW_CLAMP SocketOption_SocketOptionName = 10
-	SocketOption_SOCKET_TCP_INFO         SocketOption_SocketOptionName = 11
-	SocketOption_SOCKET_TCP_QUICKACK     SocketOption_SocketOptionName = 12
-)
-
-var SocketOption_SocketOptionName_name = map[int32]string{
-	1:  "SOCKET_SO_DEBUG",
-	2:  "SOCKET_SO_REUSEADDR",
-	3:  "SOCKET_SO_TYPE",
-	4:  "SOCKET_SO_ERROR",
-	5:  "SOCKET_SO_DONTROUTE",
-	6:  "SOCKET_SO_BROADCAST",
-	7:  "SOCKET_SO_SNDBUF",
-	8:  "SOCKET_SO_RCVBUF",
-	9:  "SOCKET_SO_KEEPALIVE",
-	10: "SOCKET_SO_OOBINLINE",
-	13: "SOCKET_SO_LINGER",
-	20: "SOCKET_SO_RCVTIMEO",
-	21: "SOCKET_SO_SNDTIMEO",
-	// Duplicate value: 1: "SOCKET_IP_TOS",
-	// Duplicate value: 2: "SOCKET_IP_TTL",
-	// Duplicate value: 3: "SOCKET_IP_HDRINCL",
-	// Duplicate value: 4: "SOCKET_IP_OPTIONS",
-	// Duplicate value: 1: "SOCKET_TCP_NODELAY",
-	// Duplicate value: 2: "SOCKET_TCP_MAXSEG",
-	// Duplicate value: 3: "SOCKET_TCP_CORK",
-	// Duplicate value: 4: "SOCKET_TCP_KEEPIDLE",
-	// Duplicate value: 5: "SOCKET_TCP_KEEPINTVL",
-	// Duplicate value: 6: "SOCKET_TCP_KEEPCNT",
-	// Duplicate value: 7: "SOCKET_TCP_SYNCNT",
-	// Duplicate value: 8: "SOCKET_TCP_LINGER2",
-	// Duplicate value: 9: "SOCKET_TCP_DEFER_ACCEPT",
-	// Duplicate value: 10: "SOCKET_TCP_WINDOW_CLAMP",
-	11: "SOCKET_TCP_INFO",
-	12: "SOCKET_TCP_QUICKACK",
-}
-var SocketOption_SocketOptionName_value = map[string]int32{
-	"SOCKET_SO_DEBUG":         1,
-	"SOCKET_SO_REUSEADDR":     2,
-	"SOCKET_SO_TYPE":          3,
-	"SOCKET_SO_ERROR":         4,
-	"SOCKET_SO_DONTROUTE":     5,
-	"SOCKET_SO_BROADCAST":     6,
-	"SOCKET_SO_SNDBUF":        7,
-	"SOCKET_SO_RCVBUF":        8,
-	"SOCKET_SO_KEEPALIVE":     9,
-	"SOCKET_SO_OOBINLINE":     10,
-	"SOCKET_SO_LINGER":        13,
-	"SOCKET_SO_RCVTIMEO":      20,
-	"SOCKET_SO_SNDTIMEO":      21,
-	"SOCKET_IP_TOS":           1,
-	"SOCKET_IP_TTL":           2,
-	"SOCKET_IP_HDRINCL":       3,
-	"SOCKET_IP_OPTIONS":       4,
-	"SOCKET_TCP_NODELAY":      1,
-	"SOCKET_TCP_MAXSEG":       2,
-	"SOCKET_TCP_CORK":         3,
-	"SOCKET_TCP_KEEPIDLE":     4,
-	"SOCKET_TCP_KEEPINTVL":    5,
-	"SOCKET_TCP_KEEPCNT":      6,
-	"SOCKET_TCP_SYNCNT":       7,
-	"SOCKET_TCP_LINGER2":      8,
-	"SOCKET_TCP_DEFER_ACCEPT": 9,
-	"SOCKET_TCP_WINDOW_CLAMP": 10,
-	"SOCKET_TCP_INFO":         11,
-	"SOCKET_TCP_QUICKACK":     12,
-}
-
-func (x SocketOption_SocketOptionName) Enum() *SocketOption_SocketOptionName {
-	p := new(SocketOption_SocketOptionName)
-	*p = x
-	return p
-}
-func (x SocketOption_SocketOptionName) String() string {
-	return proto.EnumName(SocketOption_SocketOptionName_name, int32(x))
-}
-func (x *SocketOption_SocketOptionName) UnmarshalJSON(data []byte) error {
-	value, err := proto.UnmarshalJSONEnum(SocketOption_SocketOptionName_value, data, "SocketOption_SocketOptionName")
-	if err != nil {
-		return err
-	}
-	*x = SocketOption_SocketOptionName(value)
-	return nil
-}
-func (SocketOption_SocketOptionName) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{10, 1}
-}
-
-type ShutDownRequest_How int32
-
-const (
-	ShutDownRequest_SOCKET_SHUT_RD   ShutDownRequest_How = 1
-	ShutDownRequest_SOCKET_SHUT_WR   ShutDownRequest_How = 2
-	ShutDownRequest_SOCKET_SHUT_RDWR ShutDownRequest_How = 3
-)
-
-var ShutDownRequest_How_name = map[int32]string{
-	1: "SOCKET_SHUT_RD",
-	2: "SOCKET_SHUT_WR",
-	3: "SOCKET_SHUT_RDWR",
-}
-var ShutDownRequest_How_value = map[string]int32{
-	"SOCKET_SHUT_RD":   1,
-	"SOCKET_SHUT_WR":   2,
-	"SOCKET_SHUT_RDWR": 3,
-}
-
-func (x ShutDownRequest_How) Enum() *ShutDownRequest_How {
-	p := new(ShutDownRequest_How)
-	*p = x
-	return p
-}
-func (x ShutDownRequest_How) String() string {
-	return proto.EnumName(ShutDownRequest_How_name, int32(x))
-}
-func (x *ShutDownRequest_How) UnmarshalJSON(data []byte) error {
-	value, err := proto.UnmarshalJSONEnum(ShutDownRequest_How_value, data, "ShutDownRequest_How")
-	if err != nil {
-		return err
-	}
-	*x = ShutDownRequest_How(value)
-	return nil
-}
-func (ShutDownRequest_How) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{21, 0}
-}
-
-type ReceiveRequest_Flags int32
-
-const (
-	ReceiveRequest_MSG_OOB  ReceiveRequest_Flags = 1
-	ReceiveRequest_MSG_PEEK ReceiveRequest_Flags = 2
-)
-
-var ReceiveRequest_Flags_name = map[int32]string{
-	1: "MSG_OOB",
-	2: "MSG_PEEK",
-}
-var ReceiveRequest_Flags_value = map[string]int32{
-	"MSG_OOB":  1,
-	"MSG_PEEK": 2,
-}
-
-func (x ReceiveRequest_Flags) Enum() *ReceiveRequest_Flags {
-	p := new(ReceiveRequest_Flags)
-	*p = x
-	return p
-}
-func (x ReceiveRequest_Flags) String() string {
-	return proto.EnumName(ReceiveRequest_Flags_name, int32(x))
-}
-func (x *ReceiveRequest_Flags) UnmarshalJSON(data []byte) error {
-	value, err := proto.UnmarshalJSONEnum(ReceiveRequest_Flags_value, data, "ReceiveRequest_Flags")
-	if err != nil {
-		return err
-	}
-	*x = ReceiveRequest_Flags(value)
-	return nil
-}
-func (ReceiveRequest_Flags) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{27, 0}
-}
-
-type PollEvent_PollEventFlag int32
-
-const (
-	PollEvent_SOCKET_POLLNONE   PollEvent_PollEventFlag = 0
-	PollEvent_SOCKET_POLLIN     PollEvent_PollEventFlag = 1
-	PollEvent_SOCKET_POLLPRI    PollEvent_PollEventFlag = 2
-	PollEvent_SOCKET_POLLOUT    PollEvent_PollEventFlag = 4
-	PollEvent_SOCKET_POLLERR    PollEvent_PollEventFlag = 8
-	PollEvent_SOCKET_POLLHUP    PollEvent_PollEventFlag = 16
-	PollEvent_SOCKET_POLLNVAL   PollEvent_PollEventFlag = 32
-	PollEvent_SOCKET_POLLRDNORM PollEvent_PollEventFlag = 64
-	PollEvent_SOCKET_POLLRDBAND PollEvent_PollEventFlag = 128
-	PollEvent_SOCKET_POLLWRNORM PollEvent_PollEventFlag = 256
-	PollEvent_SOCKET_POLLWRBAND PollEvent_PollEventFlag = 512
-	PollEvent_SOCKET_POLLMSG    PollEvent_PollEventFlag = 1024
-	PollEvent_SOCKET_POLLREMOVE PollEvent_PollEventFlag = 4096
-	PollEvent_SOCKET_POLLRDHUP  PollEvent_PollEventFlag = 8192
-)
-
-var PollEvent_PollEventFlag_name = map[int32]string{
-	0:    "SOCKET_POLLNONE",
-	1:    "SOCKET_POLLIN",
-	2:    "SOCKET_POLLPRI",
-	4:    "SOCKET_POLLOUT",
-	8:    "SOCKET_POLLERR",
-	16:   "SOCKET_POLLHUP",
-	32:   "SOCKET_POLLNVAL",
-	64:   "SOCKET_POLLRDNORM",
-	128:  "SOCKET_POLLRDBAND",
-	256:  "SOCKET_POLLWRNORM",
-	512:  "SOCKET_POLLWRBAND",
-	1024: "SOCKET_POLLMSG",
-	4096: "SOCKET_POLLREMOVE",
-	8192: "SOCKET_POLLRDHUP",
-}
-var PollEvent_PollEventFlag_value = map[string]int32{
-	"SOCKET_POLLNONE":   0,
-	"SOCKET_POLLIN":     1,
-	"SOCKET_POLLPRI":    2,
-	"SOCKET_POLLOUT":    4,
-	"SOCKET_POLLERR":    8,
-	"SOCKET_POLLHUP":    16,
-	"SOCKET_POLLNVAL":   32,
-	"SOCKET_POLLRDNORM": 64,
-	"SOCKET_POLLRDBAND": 128,
-	"SOCKET_POLLWRNORM": 256,
-	"SOCKET_POLLWRBAND": 512,
-	"SOCKET_POLLMSG":    1024,
-	"SOCKET_POLLREMOVE": 4096,
-	"SOCKET_POLLRDHUP":  8192,
-}
-
-func (x PollEvent_PollEventFlag) Enum() *PollEvent_PollEventFlag {
-	p := new(PollEvent_PollEventFlag)
-	*p = x
-	return p
-}
-func (x PollEvent_PollEventFlag) String() string {
-	return proto.EnumName(PollEvent_PollEventFlag_name, int32(x))
-}
-func (x *PollEvent_PollEventFlag) UnmarshalJSON(data []byte) error {
-	value, err := proto.UnmarshalJSONEnum(PollEvent_PollEventFlag_value, data, "PollEvent_PollEventFlag")
-	if err != nil {
-		return err
-	}
-	*x = PollEvent_PollEventFlag(value)
-	return nil
-}
-func (PollEvent_PollEventFlag) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{29, 0}
-}
-
-type ResolveReply_ErrorCode int32
-
-const (
-	ResolveReply_SOCKET_EAI_ADDRFAMILY ResolveReply_ErrorCode = 1
-	ResolveReply_SOCKET_EAI_AGAIN      ResolveReply_ErrorCode = 2
-	ResolveReply_SOCKET_EAI_BADFLAGS   ResolveReply_ErrorCode = 3
-	ResolveReply_SOCKET_EAI_FAIL       ResolveReply_ErrorCode = 4
-	ResolveReply_SOCKET_EAI_FAMILY     ResolveReply_ErrorCode = 5
-	ResolveReply_SOCKET_EAI_MEMORY     ResolveReply_ErrorCode = 6
-	ResolveReply_SOCKET_EAI_NODATA     ResolveReply_ErrorCode = 7
-	ResolveReply_SOCKET_EAI_NONAME     ResolveReply_ErrorCode = 8
-	ResolveReply_SOCKET_EAI_SERVICE    ResolveReply_ErrorCode = 9
-	ResolveReply_SOCKET_EAI_SOCKTYPE   ResolveReply_ErrorCode = 10
-	ResolveReply_SOCKET_EAI_SYSTEM     ResolveReply_ErrorCode = 11
-	ResolveReply_SOCKET_EAI_BADHINTS   ResolveReply_ErrorCode = 12
-	ResolveReply_SOCKET_EAI_PROTOCOL   ResolveReply_ErrorCode = 13
-	ResolveReply_SOCKET_EAI_OVERFLOW   ResolveReply_ErrorCode = 14
-	ResolveReply_SOCKET_EAI_MAX        ResolveReply_ErrorCode = 15
-)
-
-var ResolveReply_ErrorCode_name = map[int32]string{
-	1:  "SOCKET_EAI_ADDRFAMILY",
-	2:  "SOCKET_EAI_AGAIN",
-	3:  "SOCKET_EAI_BADFLAGS",
-	4:  "SOCKET_EAI_FAIL",
-	5:  "SOCKET_EAI_FAMILY",
-	6:  "SOCKET_EAI_MEMORY",
-	7:  "SOCKET_EAI_NODATA",
-	8:  "SOCKET_EAI_NONAME",
-	9:  "SOCKET_EAI_SERVICE",
-	10: "SOCKET_EAI_SOCKTYPE",
-	11: "SOCKET_EAI_SYSTEM",
-	12: "SOCKET_EAI_BADHINTS",
-	13: "SOCKET_EAI_PROTOCOL",
-	14: "SOCKET_EAI_OVERFLOW",
-	15: "SOCKET_EAI_MAX",
-}
-var ResolveReply_ErrorCode_value = map[string]int32{
-	"SOCKET_EAI_ADDRFAMILY": 1,
-	"SOCKET_EAI_AGAIN":      2,
-	"SOCKET_EAI_BADFLAGS":   3,
-	"SOCKET_EAI_FAIL":       4,
-	"SOCKET_EAI_FAMILY":     5,
-	"SOCKET_EAI_MEMORY":     6,
-	"SOCKET_EAI_NODATA":     7,
-	"SOCKET_EAI_NONAME":     8,
-	"SOCKET_EAI_SERVICE":    9,
-	"SOCKET_EAI_SOCKTYPE":   10,
-	"SOCKET_EAI_SYSTEM":     11,
-	"SOCKET_EAI_BADHINTS":   12,
-	"SOCKET_EAI_PROTOCOL":   13,
-	"SOCKET_EAI_OVERFLOW":   14,
-	"SOCKET_EAI_MAX":        15,
-}
-
-func (x ResolveReply_ErrorCode) Enum() *ResolveReply_ErrorCode {
-	p := new(ResolveReply_ErrorCode)
-	*p = x
-	return p
-}
-func (x ResolveReply_ErrorCode) String() string {
-	return proto.EnumName(ResolveReply_ErrorCode_name, int32(x))
-}
-func (x *ResolveReply_ErrorCode) UnmarshalJSON(data []byte) error {
-	value, err := proto.UnmarshalJSONEnum(ResolveReply_ErrorCode_value, data, "ResolveReply_ErrorCode")
-	if err != nil {
-		return err
-	}
-	*x = ResolveReply_ErrorCode(value)
-	return nil
-}
-func (ResolveReply_ErrorCode) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{33, 0}
-}
-
-type RemoteSocketServiceError struct {
-	SystemError          *int32   `protobuf:"varint,1,opt,name=system_error,json=systemError,def=0" json:"system_error,omitempty"`
-	ErrorDetail          *string  `protobuf:"bytes,2,opt,name=error_detail,json=errorDetail" json:"error_detail,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *RemoteSocketServiceError) Reset()         { *m = RemoteSocketServiceError{} }
-func (m *RemoteSocketServiceError) String() string { return proto.CompactTextString(m) }
-func (*RemoteSocketServiceError) ProtoMessage()    {}
-func (*RemoteSocketServiceError) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{0}
-}
-func (m *RemoteSocketServiceError) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_RemoteSocketServiceError.Unmarshal(m, b)
-}
-func (m *RemoteSocketServiceError) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_RemoteSocketServiceError.Marshal(b, m, deterministic)
-}
-func (dst *RemoteSocketServiceError) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_RemoteSocketServiceError.Merge(dst, src)
-}
-func (m *RemoteSocketServiceError) XXX_Size() int {
-	return xxx_messageInfo_RemoteSocketServiceError.Size(m)
-}
-func (m *RemoteSocketServiceError) XXX_DiscardUnknown() {
-	xxx_messageInfo_RemoteSocketServiceError.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_RemoteSocketServiceError proto.InternalMessageInfo
-
-const Default_RemoteSocketServiceError_SystemError int32 = 0
-
-func (m *RemoteSocketServiceError) GetSystemError() int32 {
-	if m != nil && m.SystemError != nil {
-		return *m.SystemError
-	}
-	return Default_RemoteSocketServiceError_SystemError
-}
-
-func (m *RemoteSocketServiceError) GetErrorDetail() string {
-	if m != nil && m.ErrorDetail != nil {
-		return *m.ErrorDetail
-	}
-	return ""
-}
-
-type AddressPort struct {
-	Port                 *int32   `protobuf:"varint,1,req,name=port" json:"port,omitempty"`
-	PackedAddress        []byte   `protobuf:"bytes,2,opt,name=packed_address,json=packedAddress" json:"packed_address,omitempty"`
-	HostnameHint         *string  `protobuf:"bytes,3,opt,name=hostname_hint,json=hostnameHint" json:"hostname_hint,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *AddressPort) Reset()         { *m = AddressPort{} }
-func (m *AddressPort) String() string { return proto.CompactTextString(m) }
-func (*AddressPort) ProtoMessage()    {}
-func (*AddressPort) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{1}
-}
-func (m *AddressPort) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_AddressPort.Unmarshal(m, b)
-}
-func (m *AddressPort) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_AddressPort.Marshal(b, m, deterministic)
-}
-func (dst *AddressPort) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_AddressPort.Merge(dst, src)
-}
-func (m *AddressPort) XXX_Size() int {
-	return xxx_messageInfo_AddressPort.Size(m)
-}
-func (m *AddressPort) XXX_DiscardUnknown() {
-	xxx_messageInfo_AddressPort.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_AddressPort proto.InternalMessageInfo
-
-func (m *AddressPort) GetPort() int32 {
-	if m != nil && m.Port != nil {
-		return *m.Port
-	}
-	return 0
-}
-
-func (m *AddressPort) GetPackedAddress() []byte {
-	if m != nil {
-		return m.PackedAddress
-	}
-	return nil
-}
-
-func (m *AddressPort) GetHostnameHint() string {
-	if m != nil && m.HostnameHint != nil {
-		return *m.HostnameHint
-	}
-	return ""
-}
-
-type CreateSocketRequest struct {
-	Family               *CreateSocketRequest_SocketFamily   `protobuf:"varint,1,req,name=family,enum=appengine.CreateSocketRequest_SocketFamily" json:"family,omitempty"`
-	Protocol             *CreateSocketRequest_SocketProtocol `protobuf:"varint,2,req,name=protocol,enum=appengine.CreateSocketRequest_SocketProtocol" json:"protocol,omitempty"`
-	SocketOptions        []*SocketOption                     `protobuf:"bytes,3,rep,name=socket_options,json=socketOptions" json:"socket_options,omitempty"`
-	ProxyExternalIp      *AddressPort                        `protobuf:"bytes,4,opt,name=proxy_external_ip,json=proxyExternalIp" json:"proxy_external_ip,omitempty"`
-	ListenBacklog        *int32                              `protobuf:"varint,5,opt,name=listen_backlog,json=listenBacklog,def=0" json:"listen_backlog,omitempty"`
-	RemoteIp             *AddressPort                        `protobuf:"bytes,6,opt,name=remote_ip,json=remoteIp" json:"remote_ip,omitempty"`
-	AppId                *string                             `protobuf:"bytes,9,opt,name=app_id,json=appId" json:"app_id,omitempty"`
-	ProjectId            *int64                              `protobuf:"varint,10,opt,name=project_id,json=projectId" json:"project_id,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}                            `json:"-"`
-	XXX_unrecognized     []byte                              `json:"-"`
-	XXX_sizecache        int32                               `json:"-"`
-}
-
-func (m *CreateSocketRequest) Reset()         { *m = CreateSocketRequest{} }
-func (m *CreateSocketRequest) String() string { return proto.CompactTextString(m) }
-func (*CreateSocketRequest) ProtoMessage()    {}
-func (*CreateSocketRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{2}
-}
-func (m *CreateSocketRequest) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_CreateSocketRequest.Unmarshal(m, b)
-}
-func (m *CreateSocketRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_CreateSocketRequest.Marshal(b, m, deterministic)
-}
-func (dst *CreateSocketRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_CreateSocketRequest.Merge(dst, src)
-}
-func (m *CreateSocketRequest) XXX_Size() int {
-	return xxx_messageInfo_CreateSocketRequest.Size(m)
-}
-func (m *CreateSocketRequest) XXX_DiscardUnknown() {
-	xxx_messageInfo_CreateSocketRequest.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_CreateSocketRequest proto.InternalMessageInfo
-
-const Default_CreateSocketRequest_ListenBacklog int32 = 0
-
-func (m *CreateSocketRequest) GetFamily() CreateSocketRequest_SocketFamily {
-	if m != nil && m.Family != nil {
-		return *m.Family
-	}
-	return CreateSocketRequest_IPv4
-}
-
-func (m *CreateSocketRequest) GetProtocol() CreateSocketRequest_SocketProtocol {
-	if m != nil && m.Protocol != nil {
-		return *m.Protocol
-	}
-	return CreateSocketRequest_TCP
-}
-
-func (m *CreateSocketRequest) GetSocketOptions() []*SocketOption {
-	if m != nil {
-		return m.SocketOptions
-	}
-	return nil
-}
-
-func (m *CreateSocketRequest) GetProxyExternalIp() *AddressPort {
-	if m != nil {
-		return m.ProxyExternalIp
-	}
-	return nil
-}
-
-func (m *CreateSocketRequest) GetListenBacklog() int32 {
-	if m != nil && m.ListenBacklog != nil {
-		return *m.ListenBacklog
-	}
-	return Default_CreateSocketRequest_ListenBacklog
-}
-
-func (m *CreateSocketRequest) GetRemoteIp() *AddressPort {
-	if m != nil {
-		return m.RemoteIp
-	}
-	return nil
-}
-
-func (m *CreateSocketRequest) GetAppId() string {
-	if m != nil && m.AppId != nil {
-		return *m.AppId
-	}
-	return ""
-}
-
-func (m *CreateSocketRequest) GetProjectId() int64 {
-	if m != nil && m.ProjectId != nil {
-		return *m.ProjectId
-	}
-	return 0
-}
-
-type CreateSocketReply struct {
-	SocketDescriptor             *string      `protobuf:"bytes,1,opt,name=socket_descriptor,json=socketDescriptor" json:"socket_descriptor,omitempty"`
-	ServerAddress                *AddressPort `protobuf:"bytes,3,opt,name=server_address,json=serverAddress" json:"server_address,omitempty"`
-	ProxyExternalIp              *AddressPort `protobuf:"bytes,4,opt,name=proxy_external_ip,json=proxyExternalIp" json:"proxy_external_ip,omitempty"`
-	XXX_NoUnkeyedLiteral         struct{}     `json:"-"`
-	proto.XXX_InternalExtensions `json:"-"`
-	XXX_unrecognized             []byte `json:"-"`
-	XXX_sizecache                int32  `json:"-"`
-}
-
-func (m *CreateSocketReply) Reset()         { *m = CreateSocketReply{} }
-func (m *CreateSocketReply) String() string { return proto.CompactTextString(m) }
-func (*CreateSocketReply) ProtoMessage()    {}
-func (*CreateSocketReply) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{3}
-}
-
-var extRange_CreateSocketReply = []proto.ExtensionRange{
-	{Start: 1000, End: 536870911},
-}
-
-func (*CreateSocketReply) ExtensionRangeArray() []proto.ExtensionRange {
-	return extRange_CreateSocketReply
-}
-func (m *CreateSocketReply) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_CreateSocketReply.Unmarshal(m, b)
-}
-func (m *CreateSocketReply) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_CreateSocketReply.Marshal(b, m, deterministic)
-}
-func (dst *CreateSocketReply) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_CreateSocketReply.Merge(dst, src)
-}
-func (m *CreateSocketReply) XXX_Size() int {
-	return xxx_messageInfo_CreateSocketReply.Size(m)
-}
-func (m *CreateSocketReply) XXX_DiscardUnknown() {
-	xxx_messageInfo_CreateSocketReply.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_CreateSocketReply proto.InternalMessageInfo
-
-func (m *CreateSocketReply) GetSocketDescriptor() string {
-	if m != nil && m.SocketDescriptor != nil {
-		return *m.SocketDescriptor
-	}
-	return ""
-}
-
-func (m *CreateSocketReply) GetServerAddress() *AddressPort {
-	if m != nil {
-		return m.ServerAddress
-	}
-	return nil
-}
-
-func (m *CreateSocketReply) GetProxyExternalIp() *AddressPort {
-	if m != nil {
-		return m.ProxyExternalIp
-	}
-	return nil
-}
-
-type BindRequest struct {
-	SocketDescriptor     *string      `protobuf:"bytes,1,req,name=socket_descriptor,json=socketDescriptor" json:"socket_descriptor,omitempty"`
-	ProxyExternalIp      *AddressPort `protobuf:"bytes,2,req,name=proxy_external_ip,json=proxyExternalIp" json:"proxy_external_ip,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}     `json:"-"`
-	XXX_unrecognized     []byte       `json:"-"`
-	XXX_sizecache        int32        `json:"-"`
-}
-
-func (m *BindRequest) Reset()         { *m = BindRequest{} }
-func (m *BindRequest) String() string { return proto.CompactTextString(m) }
-func (*BindRequest) ProtoMessage()    {}
-func (*BindRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{4}
-}
-func (m *BindRequest) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_BindRequest.Unmarshal(m, b)
-}
-func (m *BindRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_BindRequest.Marshal(b, m, deterministic)
-}
-func (dst *BindRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_BindRequest.Merge(dst, src)
-}
-func (m *BindRequest) XXX_Size() int {
-	return xxx_messageInfo_BindRequest.Size(m)
-}
-func (m *BindRequest) XXX_DiscardUnknown() {
-	xxx_messageInfo_BindRequest.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_BindRequest proto.InternalMessageInfo
-
-func (m *BindRequest) GetSocketDescriptor() string {
-	if m != nil && m.SocketDescriptor != nil {
-		return *m.SocketDescriptor
-	}
-	return ""
-}
-
-func (m *BindRequest) GetProxyExternalIp() *AddressPort {
-	if m != nil {
-		return m.ProxyExternalIp
-	}
-	return nil
-}
-
-type BindReply struct {
-	ProxyExternalIp      *AddressPort `protobuf:"bytes,1,opt,name=proxy_external_ip,json=proxyExternalIp" json:"proxy_external_ip,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}     `json:"-"`
-	XXX_unrecognized     []byte       `json:"-"`
-	XXX_sizecache        int32        `json:"-"`
-}
-
-func (m *BindReply) Reset()         { *m = BindReply{} }
-func (m *BindReply) String() string { return proto.CompactTextString(m) }
-func (*BindReply) ProtoMessage()    {}
-func (*BindReply) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{5}
-}
-func (m *BindReply) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_BindReply.Unmarshal(m, b)
-}
-func (m *BindReply) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_BindReply.Marshal(b, m, deterministic)
-}
-func (dst *BindReply) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_BindReply.Merge(dst, src)
-}
-func (m *BindReply) XXX_Size() int {
-	return xxx_messageInfo_BindReply.Size(m)
-}
-func (m *BindReply) XXX_DiscardUnknown() {
-	xxx_messageInfo_BindReply.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_BindReply proto.InternalMessageInfo
-
-func (m *BindReply) GetProxyExternalIp() *AddressPort {
-	if m != nil {
-		return m.ProxyExternalIp
-	}
-	return nil
-}
-
-type GetSocketNameRequest struct {
-	SocketDescriptor     *string  `protobuf:"bytes,1,req,name=socket_descriptor,json=socketDescriptor" json:"socket_descriptor,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *GetSocketNameRequest) Reset()         { *m = GetSocketNameRequest{} }
-func (m *GetSocketNameRequest) String() string { return proto.CompactTextString(m) }
-func (*GetSocketNameRequest) ProtoMessage()    {}
-func (*GetSocketNameRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{6}
-}
-func (m *GetSocketNameRequest) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_GetSocketNameRequest.Unmarshal(m, b)
-}
-func (m *GetSocketNameRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_GetSocketNameRequest.Marshal(b, m, deterministic)
-}
-func (dst *GetSocketNameRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_GetSocketNameRequest.Merge(dst, src)
-}
-func (m *GetSocketNameRequest) XXX_Size() int {
-	return xxx_messageInfo_GetSocketNameRequest.Size(m)
-}
-func (m *GetSocketNameRequest) XXX_DiscardUnknown() {
-	xxx_messageInfo_GetSocketNameRequest.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_GetSocketNameRequest proto.InternalMessageInfo
-
-func (m *GetSocketNameRequest) GetSocketDescriptor() string {
-	if m != nil && m.SocketDescriptor != nil {
-		return *m.SocketDescriptor
-	}
-	return ""
-}
-
-type GetSocketNameReply struct {
-	ProxyExternalIp      *AddressPort `protobuf:"bytes,2,opt,name=proxy_external_ip,json=proxyExternalIp" json:"proxy_external_ip,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}     `json:"-"`
-	XXX_unrecognized     []byte       `json:"-"`
-	XXX_sizecache        int32        `json:"-"`
-}
-
-func (m *GetSocketNameReply) Reset()         { *m = GetSocketNameReply{} }
-func (m *GetSocketNameReply) String() string { return proto.CompactTextString(m) }
-func (*GetSocketNameReply) ProtoMessage()    {}
-func (*GetSocketNameReply) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{7}
-}
-func (m *GetSocketNameReply) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_GetSocketNameReply.Unmarshal(m, b)
-}
-func (m *GetSocketNameReply) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_GetSocketNameReply.Marshal(b, m, deterministic)
-}
-func (dst *GetSocketNameReply) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_GetSocketNameReply.Merge(dst, src)
-}
-func (m *GetSocketNameReply) XXX_Size() int {
-	return xxx_messageInfo_GetSocketNameReply.Size(m)
-}
-func (m *GetSocketNameReply) XXX_DiscardUnknown() {
-	xxx_messageInfo_GetSocketNameReply.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_GetSocketNameReply proto.InternalMessageInfo
-
-func (m *GetSocketNameReply) GetProxyExternalIp() *AddressPort {
-	if m != nil {
-		return m.ProxyExternalIp
-	}
-	return nil
-}
-
-type GetPeerNameRequest struct {
-	SocketDescriptor     *string  `protobuf:"bytes,1,req,name=socket_descriptor,json=socketDescriptor" json:"socket_descriptor,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *GetPeerNameRequest) Reset()         { *m = GetPeerNameRequest{} }
-func (m *GetPeerNameRequest) String() string { return proto.CompactTextString(m) }
-func (*GetPeerNameRequest) ProtoMessage()    {}
-func (*GetPeerNameRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{8}
-}
-func (m *GetPeerNameRequest) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_GetPeerNameRequest.Unmarshal(m, b)
-}
-func (m *GetPeerNameRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_GetPeerNameRequest.Marshal(b, m, deterministic)
-}
-func (dst *GetPeerNameRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_GetPeerNameRequest.Merge(dst, src)
-}
-func (m *GetPeerNameRequest) XXX_Size() int {
-	return xxx_messageInfo_GetPeerNameRequest.Size(m)
-}
-func (m *GetPeerNameRequest) XXX_DiscardUnknown() {
-	xxx_messageInfo_GetPeerNameRequest.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_GetPeerNameRequest proto.InternalMessageInfo
-
-func (m *GetPeerNameRequest) GetSocketDescriptor() string {
-	if m != nil && m.SocketDescriptor != nil {
-		return *m.SocketDescriptor
-	}
-	return ""
-}
-
-type GetPeerNameReply struct {
-	PeerIp               *AddressPort `protobuf:"bytes,2,opt,name=peer_ip,json=peerIp" json:"peer_ip,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}     `json:"-"`
-	XXX_unrecognized     []byte       `json:"-"`
-	XXX_sizecache        int32        `json:"-"`
-}
-
-func (m *GetPeerNameReply) Reset()         { *m = GetPeerNameReply{} }
-func (m *GetPeerNameReply) String() string { return proto.CompactTextString(m) }
-func (*GetPeerNameReply) ProtoMessage()    {}
-func (*GetPeerNameReply) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{9}
-}
-func (m *GetPeerNameReply) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_GetPeerNameReply.Unmarshal(m, b)
-}
-func (m *GetPeerNameReply) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_GetPeerNameReply.Marshal(b, m, deterministic)
-}
-func (dst *GetPeerNameReply) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_GetPeerNameReply.Merge(dst, src)
-}
-func (m *GetPeerNameReply) XXX_Size() int {
-	return xxx_messageInfo_GetPeerNameReply.Size(m)
-}
-func (m *GetPeerNameReply) XXX_DiscardUnknown() {
-	xxx_messageInfo_GetPeerNameReply.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_GetPeerNameReply proto.InternalMessageInfo
-
-func (m *GetPeerNameReply) GetPeerIp() *AddressPort {
-	if m != nil {
-		return m.PeerIp
-	}
-	return nil
-}
-
-type SocketOption struct {
-	Level                *SocketOption_SocketOptionLevel `protobuf:"varint,1,req,name=level,enum=appengine.SocketOption_SocketOptionLevel" json:"level,omitempty"`
-	Option               *SocketOption_SocketOptionName  `protobuf:"varint,2,req,name=option,enum=appengine.SocketOption_SocketOptionName" json:"option,omitempty"`
-	Value                []byte                          `protobuf:"bytes,3,req,name=value" json:"value,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}                        `json:"-"`
-	XXX_unrecognized     []byte                          `json:"-"`
-	XXX_sizecache        int32                           `json:"-"`
-}
-
-func (m *SocketOption) Reset()         { *m = SocketOption{} }
-func (m *SocketOption) String() string { return proto.CompactTextString(m) }
-func (*SocketOption) ProtoMessage()    {}
-func (*SocketOption) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{10}
-}
-func (m *SocketOption) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_SocketOption.Unmarshal(m, b)
-}
-func (m *SocketOption) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_SocketOption.Marshal(b, m, deterministic)
-}
-func (dst *SocketOption) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_SocketOption.Merge(dst, src)
-}
-func (m *SocketOption) XXX_Size() int {
-	return xxx_messageInfo_SocketOption.Size(m)
-}
-func (m *SocketOption) XXX_DiscardUnknown() {
-	xxx_messageInfo_SocketOption.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_SocketOption proto.InternalMessageInfo
-
-func (m *SocketOption) GetLevel() SocketOption_SocketOptionLevel {
-	if m != nil && m.Level != nil {
-		return *m.Level
-	}
-	return SocketOption_SOCKET_SOL_IP
-}
-
-func (m *SocketOption) GetOption() SocketOption_SocketOptionName {
-	if m != nil && m.Option != nil {
-		return *m.Option
-	}
-	return SocketOption_SOCKET_SO_DEBUG
-}
-
-func (m *SocketOption) GetValue() []byte {
-	if m != nil {
-		return m.Value
-	}
-	return nil
-}
-
-type SetSocketOptionsRequest struct {
-	SocketDescriptor     *string         `protobuf:"bytes,1,req,name=socket_descriptor,json=socketDescriptor" json:"socket_descriptor,omitempty"`
-	Options              []*SocketOption `protobuf:"bytes,2,rep,name=options" json:"options,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}        `json:"-"`
-	XXX_unrecognized     []byte          `json:"-"`
-	XXX_sizecache        int32           `json:"-"`
-}
-
-func (m *SetSocketOptionsRequest) Reset()         { *m = SetSocketOptionsRequest{} }
-func (m *SetSocketOptionsRequest) String() string { return proto.CompactTextString(m) }
-func (*SetSocketOptionsRequest) ProtoMessage()    {}
-func (*SetSocketOptionsRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{11}
-}
-func (m *SetSocketOptionsRequest) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_SetSocketOptionsRequest.Unmarshal(m, b)
-}
-func (m *SetSocketOptionsRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_SetSocketOptionsRequest.Marshal(b, m, deterministic)
-}
-func (dst *SetSocketOptionsRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_SetSocketOptionsRequest.Merge(dst, src)
-}
-func (m *SetSocketOptionsRequest) XXX_Size() int {
-	return xxx_messageInfo_SetSocketOptionsRequest.Size(m)
-}
-func (m *SetSocketOptionsRequest) XXX_DiscardUnknown() {
-	xxx_messageInfo_SetSocketOptionsRequest.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_SetSocketOptionsRequest proto.InternalMessageInfo
-
-func (m *SetSocketOptionsRequest) GetSocketDescriptor() string {
-	if m != nil && m.SocketDescriptor != nil {
-		return *m.SocketDescriptor
-	}
-	return ""
-}
-
-func (m *SetSocketOptionsRequest) GetOptions() []*SocketOption {
-	if m != nil {
-		return m.Options
-	}
-	return nil
-}
-
-type SetSocketOptionsReply struct {
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *SetSocketOptionsReply) Reset()         { *m = SetSocketOptionsReply{} }
-func (m *SetSocketOptionsReply) String() string { return proto.CompactTextString(m) }
-func (*SetSocketOptionsReply) ProtoMessage()    {}
-func (*SetSocketOptionsReply) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{12}
-}
-func (m *SetSocketOptionsReply) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_SetSocketOptionsReply.Unmarshal(m, b)
-}
-func (m *SetSocketOptionsReply) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_SetSocketOptionsReply.Marshal(b, m, deterministic)
-}
-func (dst *SetSocketOptionsReply) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_SetSocketOptionsReply.Merge(dst, src)
-}
-func (m *SetSocketOptionsReply) XXX_Size() int {
-	return xxx_messageInfo_SetSocketOptionsReply.Size(m)
-}
-func (m *SetSocketOptionsReply) XXX_DiscardUnknown() {
-	xxx_messageInfo_SetSocketOptionsReply.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_SetSocketOptionsReply proto.InternalMessageInfo
-
-type GetSocketOptionsRequest struct {
-	SocketDescriptor     *string         `protobuf:"bytes,1,req,name=socket_descriptor,json=socketDescriptor" json:"socket_descriptor,omitempty"`
-	Options              []*SocketOption `protobuf:"bytes,2,rep,name=options" json:"options,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}        `json:"-"`
-	XXX_unrecognized     []byte          `json:"-"`
-	XXX_sizecache        int32           `json:"-"`
-}
-
-func (m *GetSocketOptionsRequest) Reset()         { *m = GetSocketOptionsRequest{} }
-func (m *GetSocketOptionsRequest) String() string { return proto.CompactTextString(m) }
-func (*GetSocketOptionsRequest) ProtoMessage()    {}
-func (*GetSocketOptionsRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{13}
-}
-func (m *GetSocketOptionsRequest) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_GetSocketOptionsRequest.Unmarshal(m, b)
-}
-func (m *GetSocketOptionsRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_GetSocketOptionsRequest.Marshal(b, m, deterministic)
-}
-func (dst *GetSocketOptionsRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_GetSocketOptionsRequest.Merge(dst, src)
-}
-func (m *GetSocketOptionsRequest) XXX_Size() int {
-	return xxx_messageInfo_GetSocketOptionsRequest.Size(m)
-}
-func (m *GetSocketOptionsRequest) XXX_DiscardUnknown() {
-	xxx_messageInfo_GetSocketOptionsRequest.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_GetSocketOptionsRequest proto.InternalMessageInfo
-
-func (m *GetSocketOptionsRequest) GetSocketDescriptor() string {
-	if m != nil && m.SocketDescriptor != nil {
-		return *m.SocketDescriptor
-	}
-	return ""
-}
-
-func (m *GetSocketOptionsRequest) GetOptions() []*SocketOption {
-	if m != nil {
-		return m.Options
-	}
-	return nil
-}
-
-type GetSocketOptionsReply struct {
-	Options              []*SocketOption `protobuf:"bytes,2,rep,name=options" json:"options,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}        `json:"-"`
-	XXX_unrecognized     []byte          `json:"-"`
-	XXX_sizecache        int32           `json:"-"`
-}
-
-func (m *GetSocketOptionsReply) Reset()         { *m = GetSocketOptionsReply{} }
-func (m *GetSocketOptionsReply) String() string { return proto.CompactTextString(m) }
-func (*GetSocketOptionsReply) ProtoMessage()    {}
-func (*GetSocketOptionsReply) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{14}
-}
-func (m *GetSocketOptionsReply) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_GetSocketOptionsReply.Unmarshal(m, b)
-}
-func (m *GetSocketOptionsReply) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_GetSocketOptionsReply.Marshal(b, m, deterministic)
-}
-func (dst *GetSocketOptionsReply) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_GetSocketOptionsReply.Merge(dst, src)
-}
-func (m *GetSocketOptionsReply) XXX_Size() int {
-	return xxx_messageInfo_GetSocketOptionsReply.Size(m)
-}
-func (m *GetSocketOptionsReply) XXX_DiscardUnknown() {
-	xxx_messageInfo_GetSocketOptionsReply.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_GetSocketOptionsReply proto.InternalMessageInfo
-
-func (m *GetSocketOptionsReply) GetOptions() []*SocketOption {
-	if m != nil {
-		return m.Options
-	}
-	return nil
-}
-
-type ConnectRequest struct {
-	SocketDescriptor     *string      `protobuf:"bytes,1,req,name=socket_descriptor,json=socketDescriptor" json:"socket_descriptor,omitempty"`
-	RemoteIp             *AddressPort `protobuf:"bytes,2,req,name=remote_ip,json=remoteIp" json:"remote_ip,omitempty"`
-	TimeoutSeconds       *float64     `protobuf:"fixed64,3,opt,name=timeout_seconds,json=timeoutSeconds,def=-1" json:"timeout_seconds,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}     `json:"-"`
-	XXX_unrecognized     []byte       `json:"-"`
-	XXX_sizecache        int32        `json:"-"`
-}
-
-func (m *ConnectRequest) Reset()         { *m = ConnectRequest{} }
-func (m *ConnectRequest) String() string { return proto.CompactTextString(m) }
-func (*ConnectRequest) ProtoMessage()    {}
-func (*ConnectRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{15}
-}
-func (m *ConnectRequest) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_ConnectRequest.Unmarshal(m, b)
-}
-func (m *ConnectRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_ConnectRequest.Marshal(b, m, deterministic)
-}
-func (dst *ConnectRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_ConnectRequest.Merge(dst, src)
-}
-func (m *ConnectRequest) XXX_Size() int {
-	return xxx_messageInfo_ConnectRequest.Size(m)
-}
-func (m *ConnectRequest) XXX_DiscardUnknown() {
-	xxx_messageInfo_ConnectRequest.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_ConnectRequest proto.InternalMessageInfo
-
-const Default_ConnectRequest_TimeoutSeconds float64 = -1
-
-func (m *ConnectRequest) GetSocketDescriptor() string {
-	if m != nil && m.SocketDescriptor != nil {
-		return *m.SocketDescriptor
-	}
-	return ""
-}
-
-func (m *ConnectRequest) GetRemoteIp() *AddressPort {
-	if m != nil {
-		return m.RemoteIp
-	}
-	return nil
-}
-
-func (m *ConnectRequest) GetTimeoutSeconds() float64 {
-	if m != nil && m.TimeoutSeconds != nil {
-		return *m.TimeoutSeconds
-	}
-	return Default_ConnectRequest_TimeoutSeconds
-}
-
-type ConnectReply struct {
-	ProxyExternalIp              *AddressPort `protobuf:"bytes,1,opt,name=proxy_external_ip,json=proxyExternalIp" json:"proxy_external_ip,omitempty"`
-	XXX_NoUnkeyedLiteral         struct{}     `json:"-"`
-	proto.XXX_InternalExtensions `json:"-"`
-	XXX_unrecognized             []byte `json:"-"`
-	XXX_sizecache                int32  `json:"-"`
-}
-
-func (m *ConnectReply) Reset()         { *m = ConnectReply{} }
-func (m *ConnectReply) String() string { return proto.CompactTextString(m) }
-func (*ConnectReply) ProtoMessage()    {}
-func (*ConnectReply) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{16}
-}
-
-var extRange_ConnectReply = []proto.ExtensionRange{
-	{Start: 1000, End: 536870911},
-}
-
-func (*ConnectReply) ExtensionRangeArray() []proto.ExtensionRange {
-	return extRange_ConnectReply
-}
-func (m *ConnectReply) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_ConnectReply.Unmarshal(m, b)
-}
-func (m *ConnectReply) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_ConnectReply.Marshal(b, m, deterministic)
-}
-func (dst *ConnectReply) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_ConnectReply.Merge(dst, src)
-}
-func (m *ConnectReply) XXX_Size() int {
-	return xxx_messageInfo_ConnectReply.Size(m)
-}
-func (m *ConnectReply) XXX_DiscardUnknown() {
-	xxx_messageInfo_ConnectReply.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_ConnectReply proto.InternalMessageInfo
-
-func (m *ConnectReply) GetProxyExternalIp() *AddressPort {
-	if m != nil {
-		return m.ProxyExternalIp
-	}
-	return nil
-}
-
-type ListenRequest struct {
-	SocketDescriptor     *string  `protobuf:"bytes,1,req,name=socket_descriptor,json=socketDescriptor" json:"socket_descriptor,omitempty"`
-	Backlog              *int32   `protobuf:"varint,2,req,name=backlog" json:"backlog,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *ListenRequest) Reset()         { *m = ListenRequest{} }
-func (m *ListenRequest) String() string { return proto.CompactTextString(m) }
-func (*ListenRequest) ProtoMessage()    {}
-func (*ListenRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{17}
-}
-func (m *ListenRequest) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_ListenRequest.Unmarshal(m, b)
-}
-func (m *ListenRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_ListenRequest.Marshal(b, m, deterministic)
-}
-func (dst *ListenRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_ListenRequest.Merge(dst, src)
-}
-func (m *ListenRequest) XXX_Size() int {
-	return xxx_messageInfo_ListenRequest.Size(m)
-}
-func (m *ListenRequest) XXX_DiscardUnknown() {
-	xxx_messageInfo_ListenRequest.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_ListenRequest proto.InternalMessageInfo
-
-func (m *ListenRequest) GetSocketDescriptor() string {
-	if m != nil && m.SocketDescriptor != nil {
-		return *m.SocketDescriptor
-	}
-	return ""
-}
-
-func (m *ListenRequest) GetBacklog() int32 {
-	if m != nil && m.Backlog != nil {
-		return *m.Backlog
-	}
-	return 0
-}
-
-type ListenReply struct {
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *ListenReply) Reset()         { *m = ListenReply{} }
-func (m *ListenReply) String() string { return proto.CompactTextString(m) }
-func (*ListenReply) ProtoMessage()    {}
-func (*ListenReply) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{18}
-}
-func (m *ListenReply) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_ListenReply.Unmarshal(m, b)
-}
-func (m *ListenReply) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_ListenReply.Marshal(b, m, deterministic)
-}
-func (dst *ListenReply) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_ListenReply.Merge(dst, src)
-}
-func (m *ListenReply) XXX_Size() int {
-	return xxx_messageInfo_ListenReply.Size(m)
-}
-func (m *ListenReply) XXX_DiscardUnknown() {
-	xxx_messageInfo_ListenReply.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_ListenReply proto.InternalMessageInfo
-
-type AcceptRequest struct {
-	SocketDescriptor     *string  `protobuf:"bytes,1,req,name=socket_descriptor,json=socketDescriptor" json:"socket_descriptor,omitempty"`
-	TimeoutSeconds       *float64 `protobuf:"fixed64,2,opt,name=timeout_seconds,json=timeoutSeconds,def=-1" json:"timeout_seconds,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *AcceptRequest) Reset()         { *m = AcceptRequest{} }
-func (m *AcceptRequest) String() string { return proto.CompactTextString(m) }
-func (*AcceptRequest) ProtoMessage()    {}
-func (*AcceptRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{19}
-}
-func (m *AcceptRequest) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_AcceptRequest.Unmarshal(m, b)
-}
-func (m *AcceptRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_AcceptRequest.Marshal(b, m, deterministic)
-}
-func (dst *AcceptRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_AcceptRequest.Merge(dst, src)
-}
-func (m *AcceptRequest) XXX_Size() int {
-	return xxx_messageInfo_AcceptRequest.Size(m)
-}
-func (m *AcceptRequest) XXX_DiscardUnknown() {
-	xxx_messageInfo_AcceptRequest.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_AcceptRequest proto.InternalMessageInfo
-
-const Default_AcceptRequest_TimeoutSeconds float64 = -1
-
-func (m *AcceptRequest) GetSocketDescriptor() string {
-	if m != nil && m.SocketDescriptor != nil {
-		return *m.SocketDescriptor
-	}
-	return ""
-}
-
-func (m *AcceptRequest) GetTimeoutSeconds() float64 {
-	if m != nil && m.TimeoutSeconds != nil {
-		return *m.TimeoutSeconds
-	}
-	return Default_AcceptRequest_TimeoutSeconds
-}
-
-type AcceptReply struct {
-	NewSocketDescriptor  []byte       `protobuf:"bytes,2,opt,name=new_socket_descriptor,json=newSocketDescriptor" json:"new_socket_descriptor,omitempty"`
-	RemoteAddress        *AddressPort `protobuf:"bytes,3,opt,name=remote_address,json=remoteAddress" json:"remote_address,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}     `json:"-"`
-	XXX_unrecognized     []byte       `json:"-"`
-	XXX_sizecache        int32        `json:"-"`
-}
-
-func (m *AcceptReply) Reset()         { *m = AcceptReply{} }
-func (m *AcceptReply) String() string { return proto.CompactTextString(m) }
-func (*AcceptReply) ProtoMessage()    {}
-func (*AcceptReply) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{20}
-}
-func (m *AcceptReply) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_AcceptReply.Unmarshal(m, b)
-}
-func (m *AcceptReply) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_AcceptReply.Marshal(b, m, deterministic)
-}
-func (dst *AcceptReply) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_AcceptReply.Merge(dst, src)
-}
-func (m *AcceptReply) XXX_Size() int {
-	return xxx_messageInfo_AcceptReply.Size(m)
-}
-func (m *AcceptReply) XXX_DiscardUnknown() {
-	xxx_messageInfo_AcceptReply.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_AcceptReply proto.InternalMessageInfo
-
-func (m *AcceptReply) GetNewSocketDescriptor() []byte {
-	if m != nil {
-		return m.NewSocketDescriptor
-	}
-	return nil
-}
-
-func (m *AcceptReply) GetRemoteAddress() *AddressPort {
-	if m != nil {
-		return m.RemoteAddress
-	}
-	return nil
-}
-
-type ShutDownRequest struct {
-	SocketDescriptor     *string              `protobuf:"bytes,1,req,name=socket_descriptor,json=socketDescriptor" json:"socket_descriptor,omitempty"`
-	How                  *ShutDownRequest_How `protobuf:"varint,2,req,name=how,enum=appengine.ShutDownRequest_How" json:"how,omitempty"`
-	SendOffset           *int64               `protobuf:"varint,3,req,name=send_offset,json=sendOffset" json:"send_offset,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}             `json:"-"`
-	XXX_unrecognized     []byte               `json:"-"`
-	XXX_sizecache        int32                `json:"-"`
-}
-
-func (m *ShutDownRequest) Reset()         { *m = ShutDownRequest{} }
-func (m *ShutDownRequest) String() string { return proto.CompactTextString(m) }
-func (*ShutDownRequest) ProtoMessage()    {}
-func (*ShutDownRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{21}
-}
-func (m *ShutDownRequest) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_ShutDownRequest.Unmarshal(m, b)
-}
-func (m *ShutDownRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_ShutDownRequest.Marshal(b, m, deterministic)
-}
-func (dst *ShutDownRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_ShutDownRequest.Merge(dst, src)
-}
-func (m *ShutDownRequest) XXX_Size() int {
-	return xxx_messageInfo_ShutDownRequest.Size(m)
-}
-func (m *ShutDownRequest) XXX_DiscardUnknown() {
-	xxx_messageInfo_ShutDownRequest.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_ShutDownRequest proto.InternalMessageInfo
-
-func (m *ShutDownRequest) GetSocketDescriptor() string {
-	if m != nil && m.SocketDescriptor != nil {
-		return *m.SocketDescriptor
-	}
-	return ""
-}
-
-func (m *ShutDownRequest) GetHow() ShutDownRequest_How {
-	if m != nil && m.How != nil {
-		return *m.How
-	}
-	return ShutDownRequest_SOCKET_SHUT_RD
-}
-
-func (m *ShutDownRequest) GetSendOffset() int64 {
-	if m != nil && m.SendOffset != nil {
-		return *m.SendOffset
-	}
-	return 0
-}
-
-type ShutDownReply struct {
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *ShutDownReply) Reset()         { *m = ShutDownReply{} }
-func (m *ShutDownReply) String() string { return proto.CompactTextString(m) }
-func (*ShutDownReply) ProtoMessage()    {}
-func (*ShutDownReply) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{22}
-}
-func (m *ShutDownReply) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_ShutDownReply.Unmarshal(m, b)
-}
-func (m *ShutDownReply) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_ShutDownReply.Marshal(b, m, deterministic)
-}
-func (dst *ShutDownReply) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_ShutDownReply.Merge(dst, src)
-}
-func (m *ShutDownReply) XXX_Size() int {
-	return xxx_messageInfo_ShutDownReply.Size(m)
-}
-func (m *ShutDownReply) XXX_DiscardUnknown() {
-	xxx_messageInfo_ShutDownReply.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_ShutDownReply proto.InternalMessageInfo
-
-type CloseRequest struct {
-	SocketDescriptor     *string  `protobuf:"bytes,1,req,name=socket_descriptor,json=socketDescriptor" json:"socket_descriptor,omitempty"`
-	SendOffset           *int64   `protobuf:"varint,2,opt,name=send_offset,json=sendOffset,def=-1" json:"send_offset,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *CloseRequest) Reset()         { *m = CloseRequest{} }
-func (m *CloseRequest) String() string { return proto.CompactTextString(m) }
-func (*CloseRequest) ProtoMessage()    {}
-func (*CloseRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{23}
-}
-func (m *CloseRequest) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_CloseRequest.Unmarshal(m, b)
-}
-func (m *CloseRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_CloseRequest.Marshal(b, m, deterministic)
-}
-func (dst *CloseRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_CloseRequest.Merge(dst, src)
-}
-func (m *CloseRequest) XXX_Size() int {
-	return xxx_messageInfo_CloseRequest.Size(m)
-}
-func (m *CloseRequest) XXX_DiscardUnknown() {
-	xxx_messageInfo_CloseRequest.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_CloseRequest proto.InternalMessageInfo
-
-const Default_CloseRequest_SendOffset int64 = -1
-
-func (m *CloseRequest) GetSocketDescriptor() string {
-	if m != nil && m.SocketDescriptor != nil {
-		return *m.SocketDescriptor
-	}
-	return ""
-}
-
-func (m *CloseRequest) GetSendOffset() int64 {
-	if m != nil && m.SendOffset != nil {
-		return *m.SendOffset
-	}
-	return Default_CloseRequest_SendOffset
-}
-
-type CloseReply struct {
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *CloseReply) Reset()         { *m = CloseReply{} }
-func (m *CloseReply) String() string { return proto.CompactTextString(m) }
-func (*CloseReply) ProtoMessage()    {}
-func (*CloseReply) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{24}
-}
-func (m *CloseReply) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_CloseReply.Unmarshal(m, b)
-}
-func (m *CloseReply) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_CloseReply.Marshal(b, m, deterministic)
-}
-func (dst *CloseReply) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_CloseReply.Merge(dst, src)
-}
-func (m *CloseReply) XXX_Size() int {
-	return xxx_messageInfo_CloseReply.Size(m)
-}
-func (m *CloseReply) XXX_DiscardUnknown() {
-	xxx_messageInfo_CloseReply.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_CloseReply proto.InternalMessageInfo
-
-type SendRequest struct {
-	SocketDescriptor     *string      `protobuf:"bytes,1,req,name=socket_descriptor,json=socketDescriptor" json:"socket_descriptor,omitempty"`
-	Data                 []byte       `protobuf:"bytes,2,req,name=data" json:"data,omitempty"`
-	StreamOffset         *int64       `protobuf:"varint,3,req,name=stream_offset,json=streamOffset" json:"stream_offset,omitempty"`
-	Flags                *int32       `protobuf:"varint,4,opt,name=flags,def=0" json:"flags,omitempty"`
-	SendTo               *AddressPort `protobuf:"bytes,5,opt,name=send_to,json=sendTo" json:"send_to,omitempty"`
-	TimeoutSeconds       *float64     `protobuf:"fixed64,6,opt,name=timeout_seconds,json=timeoutSeconds,def=-1" json:"timeout_seconds,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}     `json:"-"`
-	XXX_unrecognized     []byte       `json:"-"`
-	XXX_sizecache        int32        `json:"-"`
-}
-
-func (m *SendRequest) Reset()         { *m = SendRequest{} }
-func (m *SendRequest) String() string { return proto.CompactTextString(m) }
-func (*SendRequest) ProtoMessage()    {}
-func (*SendRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{25}
-}
-func (m *SendRequest) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_SendRequest.Unmarshal(m, b)
-}
-func (m *SendRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_SendRequest.Marshal(b, m, deterministic)
-}
-func (dst *SendRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_SendRequest.Merge(dst, src)
-}
-func (m *SendRequest) XXX_Size() int {
-	return xxx_messageInfo_SendRequest.Size(m)
-}
-func (m *SendRequest) XXX_DiscardUnknown() {
-	xxx_messageInfo_SendRequest.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_SendRequest proto.InternalMessageInfo
-
-const Default_SendRequest_Flags int32 = 0
-const Default_SendRequest_TimeoutSeconds float64 = -1
-
-func (m *SendRequest) GetSocketDescriptor() string {
-	if m != nil && m.SocketDescriptor != nil {
-		return *m.SocketDescriptor
-	}
-	return ""
-}
-
-func (m *SendRequest) GetData() []byte {
-	if m != nil {
-		return m.Data
-	}
-	return nil
-}
-
-func (m *SendRequest) GetStreamOffset() int64 {
-	if m != nil && m.StreamOffset != nil {
-		return *m.StreamOffset
-	}
-	return 0
-}
-
-func (m *SendRequest) GetFlags() int32 {
-	if m != nil && m.Flags != nil {
-		return *m.Flags
-	}
-	return Default_SendRequest_Flags
-}
-
-func (m *SendRequest) GetSendTo() *AddressPort {
-	if m != nil {
-		return m.SendTo
-	}
-	return nil
-}
-
-func (m *SendRequest) GetTimeoutSeconds() float64 {
-	if m != nil && m.TimeoutSeconds != nil {
-		return *m.TimeoutSeconds
-	}
-	return Default_SendRequest_TimeoutSeconds
-}
-
-type SendReply struct {
-	DataSent             *int32   `protobuf:"varint,1,opt,name=data_sent,json=dataSent" json:"data_sent,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *SendReply) Reset()         { *m = SendReply{} }
-func (m *SendReply) String() string { return proto.CompactTextString(m) }
-func (*SendReply) ProtoMessage()    {}
-func (*SendReply) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{26}
-}
-func (m *SendReply) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_SendReply.Unmarshal(m, b)
-}
-func (m *SendReply) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_SendReply.Marshal(b, m, deterministic)
-}
-func (dst *SendReply) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_SendReply.Merge(dst, src)
-}
-func (m *SendReply) XXX_Size() int {
-	return xxx_messageInfo_SendReply.Size(m)
-}
-func (m *SendReply) XXX_DiscardUnknown() {
-	xxx_messageInfo_SendReply.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_SendReply proto.InternalMessageInfo
-
-func (m *SendReply) GetDataSent() int32 {
-	if m != nil && m.DataSent != nil {
-		return *m.DataSent
-	}
-	return 0
-}
-
-type ReceiveRequest struct {
-	SocketDescriptor     *string  `protobuf:"bytes,1,req,name=socket_descriptor,json=socketDescriptor" json:"socket_descriptor,omitempty"`
-	DataSize             *int32   `protobuf:"varint,2,req,name=data_size,json=dataSize" json:"data_size,omitempty"`
-	Flags                *int32   `protobuf:"varint,3,opt,name=flags,def=0" json:"flags,omitempty"`
-	TimeoutSeconds       *float64 `protobuf:"fixed64,5,opt,name=timeout_seconds,json=timeoutSeconds,def=-1" json:"timeout_seconds,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *ReceiveRequest) Reset()         { *m = ReceiveRequest{} }
-func (m *ReceiveRequest) String() string { return proto.CompactTextString(m) }
-func (*ReceiveRequest) ProtoMessage()    {}
-func (*ReceiveRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{27}
-}
-func (m *ReceiveRequest) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_ReceiveRequest.Unmarshal(m, b)
-}
-func (m *ReceiveRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_ReceiveRequest.Marshal(b, m, deterministic)
-}
-func (dst *ReceiveRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_ReceiveRequest.Merge(dst, src)
-}
-func (m *ReceiveRequest) XXX_Size() int {
-	return xxx_messageInfo_ReceiveRequest.Size(m)
-}
-func (m *ReceiveRequest) XXX_DiscardUnknown() {
-	xxx_messageInfo_ReceiveRequest.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_ReceiveRequest proto.InternalMessageInfo
-
-const Default_ReceiveRequest_Flags int32 = 0
-const Default_ReceiveRequest_TimeoutSeconds float64 = -1
-
-func (m *ReceiveRequest) GetSocketDescriptor() string {
-	if m != nil && m.SocketDescriptor != nil {
-		return *m.SocketDescriptor
-	}
-	return ""
-}
-
-func (m *ReceiveRequest) GetDataSize() int32 {
-	if m != nil && m.DataSize != nil {
-		return *m.DataSize
-	}
-	return 0
-}
-
-func (m *ReceiveRequest) GetFlags() int32 {
-	if m != nil && m.Flags != nil {
-		return *m.Flags
-	}
-	return Default_ReceiveRequest_Flags
-}
-
-func (m *ReceiveRequest) GetTimeoutSeconds() float64 {
-	if m != nil && m.TimeoutSeconds != nil {
-		return *m.TimeoutSeconds
-	}
-	return Default_ReceiveRequest_TimeoutSeconds
-}
-
-type ReceiveReply struct {
-	StreamOffset         *int64       `protobuf:"varint,2,opt,name=stream_offset,json=streamOffset" json:"stream_offset,omitempty"`
-	Data                 []byte       `protobuf:"bytes,3,opt,name=data" json:"data,omitempty"`
-	ReceivedFrom         *AddressPort `protobuf:"bytes,4,opt,name=received_from,json=receivedFrom" json:"received_from,omitempty"`
-	BufferSize           *int32       `protobuf:"varint,5,opt,name=buffer_size,json=bufferSize" json:"buffer_size,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}     `json:"-"`
-	XXX_unrecognized     []byte       `json:"-"`
-	XXX_sizecache        int32        `json:"-"`
-}
-
-func (m *ReceiveReply) Reset()         { *m = ReceiveReply{} }
-func (m *ReceiveReply) String() string { return proto.CompactTextString(m) }
-func (*ReceiveReply) ProtoMessage()    {}
-func (*ReceiveReply) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{28}
-}
-func (m *ReceiveReply) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_ReceiveReply.Unmarshal(m, b)
-}
-func (m *ReceiveReply) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_ReceiveReply.Marshal(b, m, deterministic)
-}
-func (dst *ReceiveReply) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_ReceiveReply.Merge(dst, src)
-}
-func (m *ReceiveReply) XXX_Size() int {
-	return xxx_messageInfo_ReceiveReply.Size(m)
-}
-func (m *ReceiveReply) XXX_DiscardUnknown() {
-	xxx_messageInfo_ReceiveReply.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_ReceiveReply proto.InternalMessageInfo
-
-func (m *ReceiveReply) GetStreamOffset() int64 {
-	if m != nil && m.StreamOffset != nil {
-		return *m.StreamOffset
-	}
-	return 0
-}
-
-func (m *ReceiveReply) GetData() []byte {
-	if m != nil {
-		return m.Data
-	}
-	return nil
-}
-
-func (m *ReceiveReply) GetReceivedFrom() *AddressPort {
-	if m != nil {
-		return m.ReceivedFrom
-	}
-	return nil
-}
-
-func (m *ReceiveReply) GetBufferSize() int32 {
-	if m != nil && m.BufferSize != nil {
-		return *m.BufferSize
-	}
-	return 0
-}
-
-type PollEvent struct {
-	SocketDescriptor     *string  `protobuf:"bytes,1,req,name=socket_descriptor,json=socketDescriptor" json:"socket_descriptor,omitempty"`
-	RequestedEvents      *int32   `protobuf:"varint,2,req,name=requested_events,json=requestedEvents" json:"requested_events,omitempty"`
-	ObservedEvents       *int32   `protobuf:"varint,3,req,name=observed_events,json=observedEvents" json:"observed_events,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *PollEvent) Reset()         { *m = PollEvent{} }
-func (m *PollEvent) String() string { return proto.CompactTextString(m) }
-func (*PollEvent) ProtoMessage()    {}
-func (*PollEvent) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{29}
-}
-func (m *PollEvent) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_PollEvent.Unmarshal(m, b)
-}
-func (m *PollEvent) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_PollEvent.Marshal(b, m, deterministic)
-}
-func (dst *PollEvent) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_PollEvent.Merge(dst, src)
-}
-func (m *PollEvent) XXX_Size() int {
-	return xxx_messageInfo_PollEvent.Size(m)
-}
-func (m *PollEvent) XXX_DiscardUnknown() {
-	xxx_messageInfo_PollEvent.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_PollEvent proto.InternalMessageInfo
-
-func (m *PollEvent) GetSocketDescriptor() string {
-	if m != nil && m.SocketDescriptor != nil {
-		return *m.SocketDescriptor
-	}
-	return ""
-}
-
-func (m *PollEvent) GetRequestedEvents() int32 {
-	if m != nil && m.RequestedEvents != nil {
-		return *m.RequestedEvents
-	}
-	return 0
-}
-
-func (m *PollEvent) GetObservedEvents() int32 {
-	if m != nil && m.ObservedEvents != nil {
-		return *m.ObservedEvents
-	}
-	return 0
-}
-
-type PollRequest struct {
-	Events               []*PollEvent `protobuf:"bytes,1,rep,name=events" json:"events,omitempty"`
-	TimeoutSeconds       *float64     `protobuf:"fixed64,2,opt,name=timeout_seconds,json=timeoutSeconds,def=-1" json:"timeout_seconds,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}     `json:"-"`
-	XXX_unrecognized     []byte       `json:"-"`
-	XXX_sizecache        int32        `json:"-"`
-}
-
-func (m *PollRequest) Reset()         { *m = PollRequest{} }
-func (m *PollRequest) String() string { return proto.CompactTextString(m) }
-func (*PollRequest) ProtoMessage()    {}
-func (*PollRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{30}
-}
-func (m *PollRequest) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_PollRequest.Unmarshal(m, b)
-}
-func (m *PollRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_PollRequest.Marshal(b, m, deterministic)
-}
-func (dst *PollRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_PollRequest.Merge(dst, src)
-}
-func (m *PollRequest) XXX_Size() int {
-	return xxx_messageInfo_PollRequest.Size(m)
-}
-func (m *PollRequest) XXX_DiscardUnknown() {
-	xxx_messageInfo_PollRequest.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_PollRequest proto.InternalMessageInfo
-
-const Default_PollRequest_TimeoutSeconds float64 = -1
-
-func (m *PollRequest) GetEvents() []*PollEvent {
-	if m != nil {
-		return m.Events
-	}
-	return nil
-}
-
-func (m *PollRequest) GetTimeoutSeconds() float64 {
-	if m != nil && m.TimeoutSeconds != nil {
-		return *m.TimeoutSeconds
-	}
-	return Default_PollRequest_TimeoutSeconds
-}
-
-type PollReply struct {
-	Events               []*PollEvent `protobuf:"bytes,2,rep,name=events" json:"events,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}     `json:"-"`
-	XXX_unrecognized     []byte       `json:"-"`
-	XXX_sizecache        int32        `json:"-"`
-}
-
-func (m *PollReply) Reset()         { *m = PollReply{} }
-func (m *PollReply) String() string { return proto.CompactTextString(m) }
-func (*PollReply) ProtoMessage()    {}
-func (*PollReply) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{31}
-}
-func (m *PollReply) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_PollReply.Unmarshal(m, b)
-}
-func (m *PollReply) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_PollReply.Marshal(b, m, deterministic)
-}
-func (dst *PollReply) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_PollReply.Merge(dst, src)
-}
-func (m *PollReply) XXX_Size() int {
-	return xxx_messageInfo_PollReply.Size(m)
-}
-func (m *PollReply) XXX_DiscardUnknown() {
-	xxx_messageInfo_PollReply.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_PollReply proto.InternalMessageInfo
-
-func (m *PollReply) GetEvents() []*PollEvent {
-	if m != nil {
-		return m.Events
-	}
-	return nil
-}
-
-type ResolveRequest struct {
-	Name                 *string                            `protobuf:"bytes,1,req,name=name" json:"name,omitempty"`
-	AddressFamilies      []CreateSocketRequest_SocketFamily `protobuf:"varint,2,rep,name=address_families,json=addressFamilies,enum=appengine.CreateSocketRequest_SocketFamily" json:"address_families,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}                           `json:"-"`
-	XXX_unrecognized     []byte                             `json:"-"`
-	XXX_sizecache        int32                              `json:"-"`
-}
-
-func (m *ResolveRequest) Reset()         { *m = ResolveRequest{} }
-func (m *ResolveRequest) String() string { return proto.CompactTextString(m) }
-func (*ResolveRequest) ProtoMessage()    {}
-func (*ResolveRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{32}
-}
-func (m *ResolveRequest) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_ResolveRequest.Unmarshal(m, b)
-}
-func (m *ResolveRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_ResolveRequest.Marshal(b, m, deterministic)
-}
-func (dst *ResolveRequest) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_ResolveRequest.Merge(dst, src)
-}
-func (m *ResolveRequest) XXX_Size() int {
-	return xxx_messageInfo_ResolveRequest.Size(m)
-}
-func (m *ResolveRequest) XXX_DiscardUnknown() {
-	xxx_messageInfo_ResolveRequest.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_ResolveRequest proto.InternalMessageInfo
-
-func (m *ResolveRequest) GetName() string {
-	if m != nil && m.Name != nil {
-		return *m.Name
-	}
-	return ""
-}
-
-func (m *ResolveRequest) GetAddressFamilies() []CreateSocketRequest_SocketFamily {
-	if m != nil {
-		return m.AddressFamilies
-	}
-	return nil
-}
-
-type ResolveReply struct {
-	PackedAddress        [][]byte `protobuf:"bytes,2,rep,name=packed_address,json=packedAddress" json:"packed_address,omitempty"`
-	CanonicalName        *string  `protobuf:"bytes,3,opt,name=canonical_name,json=canonicalName" json:"canonical_name,omitempty"`
-	Aliases              []string `protobuf:"bytes,4,rep,name=aliases" json:"aliases,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *ResolveReply) Reset()         { *m = ResolveReply{} }
-func (m *ResolveReply) String() string { return proto.CompactTextString(m) }
-func (*ResolveReply) ProtoMessage()    {}
-func (*ResolveReply) Descriptor() ([]byte, []int) {
-	return fileDescriptor_socket_service_b5f8f233dc327808, []int{33}
-}
-func (m *ResolveReply) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_ResolveReply.Unmarshal(m, b)
-}
-func (m *ResolveReply) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_ResolveReply.Marshal(b, m, deterministic)
-}
-func (dst *ResolveReply) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_ResolveReply.Merge(dst, src)
-}
-func (m *ResolveReply) XXX_Size() int {
-	return xxx_messageInfo_ResolveReply.Size(m)
-}
-func (m *ResolveReply) XXX_DiscardUnknown() {
-	xxx_messageInfo_ResolveReply.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_ResolveReply proto.InternalMessageInfo
-
-func (m *ResolveReply) GetPackedAddress() [][]byte {
-	if m != nil {
-		return m.PackedAddress
-	}
-	return nil
-}
-
-func (m *ResolveReply) GetCanonicalName() string {
-	if m != nil && m.CanonicalName != nil {
-		return *m.CanonicalName
-	}
-	return ""
-}
-
-func (m *ResolveReply) GetAliases() []string {
-	if m != nil {
-		return m.Aliases
-	}
-	return nil
-}
-
-func init() {
-	proto.RegisterType((*RemoteSocketServiceError)(nil), "appengine.RemoteSocketServiceError")
-	proto.RegisterType((*AddressPort)(nil), "appengine.AddressPort")
-	proto.RegisterType((*CreateSocketRequest)(nil), "appengine.CreateSocketRequest")
-	proto.RegisterType((*CreateSocketReply)(nil), "appengine.CreateSocketReply")
-	proto.RegisterType((*BindRequest)(nil), "appengine.BindRequest")
-	proto.RegisterType((*BindReply)(nil), "appengine.BindReply")
-	proto.RegisterType((*GetSocketNameRequest)(nil), "appengine.GetSocketNameRequest")
-	proto.RegisterType((*GetSocketNameReply)(nil), "appengine.GetSocketNameReply")
-	proto.RegisterType((*GetPeerNameRequest)(nil), "appengine.GetPeerNameRequest")
-	proto.RegisterType((*GetPeerNameReply)(nil), "appengine.GetPeerNameReply")
-	proto.RegisterType((*SocketOption)(nil), "appengine.SocketOption")
-	proto.RegisterType((*SetSocketOptionsRequest)(nil), "appengine.SetSocketOptionsRequest")
-	proto.RegisterType((*SetSocketOptionsReply)(nil), "appengine.SetSocketOptionsReply")
-	proto.RegisterType((*GetSocketOptionsRequest)(nil), "appengine.GetSocketOptionsRequest")
-	proto.RegisterType((*GetSocketOptionsReply)(nil), "appengine.GetSocketOptionsReply")
-	proto.RegisterType((*ConnectRequest)(nil), "appengine.ConnectRequest")
-	proto.RegisterType((*ConnectReply)(nil), "appengine.ConnectReply")
-	proto.RegisterType((*ListenRequest)(nil), "appengine.ListenRequest")
-	proto.RegisterType((*ListenReply)(nil), "appengine.ListenReply")
-	proto.RegisterType((*AcceptRequest)(nil), "appengine.AcceptRequest")
-	proto.RegisterType((*AcceptReply)(nil), "appengine.AcceptReply")
-	proto.RegisterType((*ShutDownRequest)(nil), "appengine.ShutDownRequest")
-	proto.RegisterType((*ShutDownReply)(nil), "appengine.ShutDownReply")
-	proto.RegisterType((*CloseRequest)(nil), "appengine.CloseRequest")
-	proto.RegisterType((*CloseReply)(nil), "appengine.CloseReply")
-	proto.RegisterType((*SendRequest)(nil), "appengine.SendRequest")
-	proto.RegisterType((*SendReply)(nil), "appengine.SendReply")
-	proto.RegisterType((*ReceiveRequest)(nil), "appengine.ReceiveRequest")
-	proto.RegisterType((*ReceiveReply)(nil), "appengine.ReceiveReply")
-	proto.RegisterType((*PollEvent)(nil), "appengine.PollEvent")
-	proto.RegisterType((*PollRequest)(nil), "appengine.PollRequest")
-	proto.RegisterType((*PollReply)(nil), "appengine.PollReply")
-	proto.RegisterType((*ResolveRequest)(nil), "appengine.ResolveRequest")
-	proto.RegisterType((*ResolveReply)(nil), "appengine.ResolveReply")
-}
-
-func init() {
-	proto.RegisterFile("google.golang.org/appengine/internal/socket/socket_service.proto", fileDescriptor_socket_service_b5f8f233dc327808)
-}
-
-var fileDescriptor_socket_service_b5f8f233dc327808 = []byte{
-	// 3088 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xc4, 0x59, 0x5f, 0x77, 0xe3, 0xc6,
-	0x75, 0x37, 0x48, 0xfd, 0xe3, 0x90, 0x94, 0xee, 0x62, 0xa5, 0x5d, 0x25, 0x6e, 0x12, 0x05, 0x8e,
-	0x1b, 0x25, 0x8e, 0x77, 0x6d, 0x39, 0x4d, 0x9b, 0xa4, 0x49, 0x16, 0x04, 0x86, 0x24, 0x4c, 0x00,
-	0x03, 0xcd, 0x0c, 0x25, 0xd1, 0x6d, 0x8a, 0xd0, 0x22, 0xa4, 0x65, 0x4c, 0x11, 0x0c, 0xc9, 0xdd,
-	0xf5, 0xba, 0x69, 0xaa, 0xfe, 0x39, 0xfd, 0x12, 0x7d, 0xe8, 0x73, 0x3f, 0x43, 0x4f, 0x4f, 0x5f,
-	0xfa, 0xec, 0xc7, 0x7e, 0x84, 0x9e, 0xbe, 0xb4, 0x9f, 0xa1, 0x67, 0x06, 0xe0, 0x60, 0xc8, 0xd5,
-	0xae, 0x77, 0x75, 0x72, 0x4e, 0x9e, 0xa4, 0xfb, 0xbb, 0x77, 0xee, 0xff, 0x99, 0xb9, 0x03, 0xa2,
-	0x47, 0x97, 0x69, 0x7a, 0x39, 0x4a, 0x1e, 0x5c, 0xa6, 0xa3, 0xfe, 0xf8, 0xf2, 0x41, 0x3a, 0xbd,
-	0x7c, 0xd8, 0x9f, 0x4c, 0x92, 0xf1, 0xe5, 0x70, 0x9c, 0x3c, 0x1c, 0x8e, 0xe7, 0xc9, 0x74, 0xdc,
-	0x1f, 0x3d, 0x9c, 0xa5, 0xe7, 0x9f, 0x25, 0xf3, 0xfc, 0x4f, 0x3c, 0x4b, 0xa6, 0x4f, 0x87, 0xe7,
-	0xc9, 0x83, 0xc9, 0x34, 0x9d, 0xa7, 0x66, 0x45, 0xc9, 0x5b, 0xff, 0xbc, 0x8b, 0xf6, 0x69, 0x72,
-	0x95, 0xce, 0x13, 0x26, 0x25, 0x59, 0x26, 0x88, 0xa7, 0xd3, 0x74, 0x6a, 0x7e, 0x07, 0xd5, 0x66,
-	0xcf, 0x67, 0xf3, 0xe4, 0x2a, 0x4e, 0x04, 0xbd, 0x6f, 0x1c, 0x18, 0x87, 0xeb, 0x3f, 0x31, 0x3e,
-	0xa0, 0xd5, 0x0c, 0xce, 0xa4, 0xbe, 0x8d, 0x6a, 0x92, 0x1d, 0x0f, 0x92, 0x79, 0x7f, 0x38, 0xda,
-	0x2f, 0x1d, 0x18, 0x87, 0x15, 0x5a, 0x95, 0x98, 0x2b, 0x21, 0xeb, 0x73, 0x54, 0x91, 0xb2, 0x4e,
-	0x3a, 0x48, 0x4c, 0x40, 0x35, 0xd6, 0x63, 0x1c, 0x07, 0x31, 0xa6, 0x94, 0x50, 0x30, 0xcc, 0x3a,
-	0xaa, 0xb4, 0x6c, 0x2f, 0x27, 0x4b, 0x66, 0x15, 0x6d, 0x36, 0x6d, 0xcf, 0xef, 0x52, 0x0c, 0x6b,
-	0xe6, 0x1e, 0xba, 0x13, 0x61, 0x1a, 0x78, 0x8c, 0x79, 0x24, 0x8c, 0x5d, 0x1c, 0x7a, 0xd8, 0x85,
-	0x75, 0xf3, 0x2e, 0xda, 0xf1, 0xc2, 0x13, 0xdb, 0xf7, 0xdc, 0x98, 0xe2, 0xe3, 0x2e, 0x66, 0x1c,
-	0x36, 0xcc, 0x3b, 0xa8, 0xce, 0x88, 0xd3, 0xc1, 0x3c, 0x76, 0x7c, 0xc2, 0xb0, 0x0b, 0x9b, 0xd6,
-	0xbf, 0x99, 0xa8, 0xca, 0x34, 0x67, 0x77, 0x50, 0x95, 0xf5, 0x58, 0xcc, 0xba, 0x8e, 0x83, 0x19,
-	0x83, 0xb7, 0x84, 0x6d, 0x01, 0x60, 0x61, 0x04, 0x0c, 0x73, 0x1b, 0x21, 0x49, 0x86, 0x04, 0x87,
-	0x1c, 0x4a, 0x8a, 0xcd, 0xa8, 0xd3, 0x86, 0xb2, 0x22, 0xbd, 0x90, 0x53, 0x58, 0x13, 0x9e, 0x66,
-	0x24, 0x81, 0x75, 0xc5, 0x0b, 0xcf, 0x3c, 0x02, 0x1b, 0x8a, 0x3c, 0x6a, 0x78, 0x2d, 0xd8, 0x5c,
-	0x18, 0x16, 0x8a, 0xcf, 0xb0, 0x03, 0x5b, 0x8a, 0xdf, 0xb0, 0xdd, 0x26, 0x54, 0x94, 0x61, 0xa7,
-	0xed, 0xf9, 0x2e, 0x20, 0x45, 0xdb, 0x2d, 0xdb, 0x0b, 0xa1, 0x2a, 0x02, 0x96, 0xf4, 0x29, 0xe9,
-	0xfa, 0x6e, 0xc3, 0x27, 0x4e, 0x07, 0xaa, 0x9a, 0xb7, 0x01, 0x0e, 0xa0, 0x56, 0x2c, 0x12, 0xd1,
-	0x41, 0x5d, 0xd1, 0x4d, 0xbb, 0xeb, 0x73, 0xd8, 0xd6, 0x9c, 0xe0, 0x0d, 0xbf, 0x03, 0x3b, 0x85,
-	0x13, 0x5d, 0xd6, 0x03, 0x50, 0xf2, 0xf8, 0xcc, 0x63, 0x1c, 0xee, 0x28, 0xf6, 0x99, 0x8b, 0x4f,
-	0xc0, 0xd4, 0xcc, 0x09, 0xfa, 0xae, 0xae, 0xce, 0xf5, 0x28, 0xec, 0x2a, 0x01, 0x8f, 0x09, 0x7a,
-	0xaf, 0xa0, 0x45, 0xa9, 0xe0, 0x5e, 0xa1, 0xa0, 0xe9, 0xf9, 0x18, 0xee, 0x2b, 0x3a, 0x90, 0xf4,
-	0xbe, 0x66, 0x80, 0xf3, 0x1e, 0x7c, 0x4d, 0x19, 0xe0, 0x67, 0xbc, 0xc1, 0x7a, 0xf0, 0x75, 0xe5,
-	0x50, 0x53, 0x24, 0xf5, 0x6d, 0x4d, 0x9e, 0x45, 0x0e, 0xfc, 0x91, 0xa2, 0x59, 0xe4, 0x45, 0x18,
-	0xbe, 0xa1, 0xc4, 0x29, 0x69, 0x32, 0xf8, 0x66, 0x61, 0xce, 0xf7, 0xc2, 0x0e, 0x7c, 0xab, 0xa8,
-	0xbd, 0x90, 0x3e, 0x30, 0x6b, 0x68, 0x4b, 0x92, 0x2e, 0x09, 0xe0, 0xdb, 0x4a, 0x98, 0xda, 0x61,
-	0x0b, 0x83, 0xa5, 0x7c, 0x71, 0xb1, 0xed, 0xfa, 0x1d, 0x78, 0x47, 0x76, 0x9b, 0x02, 0x44, 0x3d,
-	0xde, 0x31, 0x77, 0x11, 0x64, 0xfe, 0xd8, 0x01, 0xe6, 0x84, 0xf8, 0x24, 0x6c, 0xc1, 0x77, 0x34,
-	0x2f, 0x7d, 0xa7, 0x03, 0xef, 0xea, 0x5e, 0xf7, 0x18, 0xfc, 0xb1, 0x52, 0x14, 0x12, 0x8e, 0x83,
-	0x88, 0xf7, 0xe0, 0xbb, 0xca, 0x33, 0x9f, 0x90, 0x08, 0x0e, 0xf5, 0x3a, 0xb3, 0x16, 0x7c, 0xbf,
-	0x68, 0x43, 0x97, 0x06, 0xf0, 0x9e, 0xd6, 0x3b, 0x34, 0x6c, 0xc1, 0x0f, 0xf2, 0x1d, 0x16, 0x63,
-	0xff, 0x28, 0x64, 0xbd, 0xd0, 0x81, 0xf7, 0x95, 0x84, 0xff, 0x51, 0xdb, 0xe7, 0xf0, 0x40, 0xa3,
-	0x29, 0xe3, 0xf0, 0xb0, 0xa0, 0x43, 0xa1, 0xe1, 0x03, 0x15, 0x6c, 0x37, 0xb4, 0xb9, 0xd3, 0x86,
-	0x0f, 0x35, 0x0f, 0x1c, 0xe6, 0xc1, 0x51, 0xb1, 0xe0, 0x48, 0x28, 0xfc, 0x48, 0xef, 0x66, 0x0c,
-	0x3f, 0xd4, 0x49, 0x0a, 0x7f, 0xa2, 0xa4, 0xcf, 0x9a, 0x5d, 0xdf, 0x87, 0x1f, 0x69, 0xda, 0xec,
-	0x90, 0xc0, 0x9f, 0x2a, 0x73, 0x42, 0xfc, 0xd8, 0x81, 0x3f, 0xd3, 0x01, 0xe6, 0x73, 0xf8, 0xb1,
-	0x5a, 0xd1, 0x68, 0x92, 0x90, 0xc3, 0x4f, 0xf5, 0x1c, 0x72, 0x0a, 0x7f, 0xae, 0xb5, 0xa2, 0x6b,
-	0x73, 0x1b, 0x7e, 0xa6, 0x3c, 0xe0, 0x5e, 0x80, 0xe1, 0xe7, 0xc5, 0xe6, 0x24, 0x8c, 0xc2, 0x2f,
-	0xb4, 0xe5, 0x21, 0xe6, 0xf0, 0x48, 0xa3, 0xa3, 0x4e, 0x0b, 0x6c, 0xa5, 0x8e, 0xe2, 0x80, 0x70,
-	0x0c, 0x0d, 0x4d, 0xbf, 0xec, 0x1d, 0x47, 0x35, 0x8b, 0xed, 0x9e, 0x80, 0x5b, 0x34, 0x1e, 0x0d,
-	0x42, 0x0e, 0x58, 0x99, 0x73, 0x48, 0x10, 0x40, 0x53, 0xb1, 0x23, 0x4a, 0x38, 0x81, 0x96, 0xaa,
-	0x78, 0xd0, 0xf5, 0xb9, 0xd7, 0x26, 0x11, 0xb4, 0x8b, 0xf6, 0x22, 0xdc, 0x25, 0x1c, 0x3c, 0x3d,
-	0x05, 0xa2, 0xe8, 0x1f, 0xab, 0x45, 0xe4, 0x04, 0xd3, 0xa6, 0x4f, 0x4e, 0xa1, 0xa3, 0x0a, 0x1d,
-	0x12, 0xde, 0x0d, 0xbd, 0x63, 0xf0, 0x8b, 0x3c, 0xd9, 0x6e, 0xd3, 0x85, 0x40, 0x0f, 0xc4, 0x69,
-	0xb7, 0x20, 0x54, 0x80, 0xef, 0x35, 0x6c, 0xc7, 0x01, 0xa2, 0x03, 0x0d, 0xdb, 0x85, 0x48, 0x07,
-	0x98, 0x13, 0xc2, 0xb1, 0x0e, 0x04, 0xf6, 0x19, 0xd0, 0xa2, 0xbf, 0xbc, 0x86, 0x3c, 0xcc, 0x58,
-	0xb1, 0xd1, 0x7d, 0x86, 0x8f, 0x81, 0x2b, 0x09, 0x8a, 0x19, 0xb7, 0x29, 0x87, 0xae, 0x42, 0x18,
-	0xa7, 0x72, 0xbb, 0x9d, 0xa8, 0x35, 0x5d, 0x86, 0x29, 0x83, 0x53, 0x3d, 0x18, 0x71, 0x8a, 0xc3,
-	0x99, 0xda, 0x4e, 0xae, 0xd0, 0xe2, 0xba, 0x94, 0xe2, 0x63, 0xe8, 0x29, 0xb9, 0x80, 0xb5, 0x98,
-	0xf7, 0x09, 0x86, 0x4f, 0x4c, 0x13, 0x6d, 0x17, 0xe9, 0xe5, 0xbd, 0x08, 0xc3, 0x5f, 0xa8, 0xf3,
-	0x32, 0x24, 0x12, 0x25, 0x11, 0x87, 0xbf, 0x34, 0xef, 0xa3, 0xbb, 0x85, 0x60, 0x48, 0x58, 0x37,
-	0x8a, 0x08, 0xe5, 0xf0, 0x4b, 0xc5, 0x10, 0x86, 0x79, 0xc1, 0xf8, 0x2b, 0xa5, 0x9a, 0x44, 0xc2,
-	0xad, 0x6e, 0x14, 0x41, 0xac, 0x1f, 0x7b, 0xac, 0x2b, 0x80, 0x85, 0x9f, 0x51, 0xb3, 0x58, 0xfa,
-	0x2b, 0x85, 0xda, 0x1a, 0xda, 0x57, 0x0a, 0x45, 0x3c, 0x5e, 0xd8, 0x65, 0x18, 0x3e, 0x15, 0x77,
-	0x9c, 0xc2, 0x42, 0xc2, 0xed, 0x13, 0xdb, 0xf3, 0xe1, 0xbc, 0x48, 0x08, 0xe6, 0x2e, 0x39, 0x0d,
-	0x61, 0x50, 0x04, 0x85, 0x79, 0x37, 0xa4, 0xd8, 0x76, 0xda, 0x90, 0x14, 0xc7, 0x07, 0xe6, 0x14,
-	0x33, 0xcc, 0xe1, 0x42, 0x99, 0x76, 0x48, 0x18, 0xda, 0x0d, 0x42, 0x39, 0x76, 0xe1, 0x52, 0x99,
-	0x16, 0x68, 0x26, 0xf9, 0x58, 0x8b, 0xa5, 0xd1, 0x6d, 0x32, 0x18, 0x2a, 0xc0, 0x63, 0x42, 0x0c,
-	0x7e, 0xad, 0x97, 0x45, 0x22, 0x9f, 0x29, 0x83, 0xac, 0xdd, 0xcd, 0x1c, 0x1b, 0x29, 0x83, 0x9c,
-	0x90, 0xc0, 0x0e, 0x7b, 0x14, 0x37, 0x19, 0x5c, 0x29, 0x41, 0xb1, 0x07, 0x5d, 0xd2, 0xe5, 0x30,
-	0x5e, 0xf2, 0x8c, 0xe2, 0x66, 0x57, 0xdc, 0xd2, 0xa9, 0x12, 0x6c, 0x13, 0x96, 0x69, 0x9c, 0x28,
-	0x41, 0x01, 0x2d, 0x62, 0xfd, 0x8d, 0x72, 0xc6, 0xf6, 0x29, 0xb6, 0xdd, 0x1e, 0x4c, 0x55, 0x4a,
-	0xbc, 0x30, 0xa2, 0xa4, 0x45, 0xc5, 0xa5, 0x3e, 0x2b, 0xb6, 0x23, 0xb7, 0x7d, 0x0c, 0xf3, 0xe2,
-	0x38, 0x73, 0x7c, 0x6c, 0x87, 0xf0, 0x44, 0x2f, 0x61, 0x68, 0x07, 0xf0, 0xb4, 0x00, 0xb2, 0xe4,
-	0x3f, 0xd3, 0xae, 0x32, 0x21, 0xf0, 0xb9, 0x72, 0x31, 0x3b, 0x11, 0x3c, 0x02, 0xcf, 0x95, 0x88,
-	0x7b, 0xdc, 0x25, 0x1c, 0xbe, 0xd0, 0xce, 0xf1, 0x00, 0xbb, 0x5e, 0x37, 0x80, 0xbf, 0x56, 0xde,
-	0x65, 0x80, 0x6c, 0xcd, 0xdf, 0x2a, 0x39, 0xc7, 0x0e, 0x1d, 0xec, 0x63, 0x17, 0xfe, 0x46, 0x3b,
-	0x7f, 0x3a, 0xb8, 0x07, 0xbf, 0x53, 0xeb, 0x3a, 0xb8, 0x87, 0xcf, 0x22, 0x8f, 0x62, 0x17, 0xfe,
-	0xd6, 0xdc, 0x2d, 0x40, 0x8a, 0x4f, 0x48, 0x07, 0xbb, 0x70, 0x6d, 0x98, 0x7b, 0x79, 0xa2, 0x24,
-	0xfa, 0x31, 0x76, 0x44, 0xad, 0xff, 0xce, 0x30, 0xef, 0x2e, 0x1a, 0xf7, 0x34, 0xc4, 0x54, 0x5c,
-	0x51, 0xf0, 0xf7, 0x86, 0xb9, 0x9f, 0xb7, 0x79, 0x48, 0x38, 0xc5, 0x8e, 0x38, 0x48, 0xec, 0x86,
-	0x8f, 0xe1, 0x1f, 0x0c, 0x13, 0x16, 0xe7, 0x44, 0xb3, 0xe3, 0xf9, 0x3e, 0xfc, 0xa3, 0xf1, 0xf5,
-	0x12, 0x18, 0xd6, 0x15, 0xaa, 0xda, 0x83, 0xc1, 0x34, 0x99, 0xcd, 0xa2, 0x74, 0x3a, 0x37, 0x4d,
-	0xb4, 0x36, 0x49, 0xa7, 0xf3, 0x7d, 0xe3, 0xa0, 0x74, 0xb8, 0x4e, 0xe5, 0xff, 0xe6, 0xbb, 0x68,
-	0x7b, 0xd2, 0x3f, 0xff, 0x2c, 0x19, 0xc4, 0xfd, 0x4c, 0x52, 0xce, 0x7f, 0x35, 0x5a, 0xcf, 0xd0,
-	0x7c, 0xb9, 0xf9, 0x0e, 0xaa, 0x3f, 0x4e, 0x67, 0xf3, 0x71, 0xff, 0x2a, 0x89, 0x1f, 0x0f, 0xc7,
-	0xf3, 0xfd, 0xb2, 0x9c, 0x12, 0x6b, 0x0b, 0xb0, 0x3d, 0x1c, 0xcf, 0xad, 0x7f, 0x5a, 0x43, 0x77,
-	0x9d, 0x69, 0xd2, 0x5f, 0x0c, 0xa3, 0x34, 0xf9, 0xcd, 0x93, 0x64, 0x36, 0x37, 0x1d, 0xb4, 0x71,
-	0xd1, 0xbf, 0x1a, 0x8e, 0x9e, 0x4b, 0xcb, 0xdb, 0x47, 0xef, 0x3d, 0x50, 0x03, 0xec, 0x83, 0x1b,
-	0xe4, 0x1f, 0x64, 0x54, 0x53, 0x2e, 0xa1, 0xf9, 0x52, 0xd3, 0x43, 0x5b, 0x72, 0xfa, 0x3d, 0x4f,
-	0xc5, 0x88, 0x2a, 0xd4, 0xbc, 0xff, 0x5a, 0x6a, 0xa2, 0x7c, 0x11, 0x55, 0xcb, 0xcd, 0x9f, 0xa3,
-	0xed, 0x7c, 0xae, 0x4e, 0x27, 0xf3, 0x61, 0x3a, 0x9e, 0xed, 0x97, 0x0f, 0xca, 0x87, 0xd5, 0xa3,
-	0xfb, 0x9a, 0xc2, 0x6c, 0x31, 0x91, 0x7c, 0x5a, 0x9f, 0x69, 0xd4, 0xcc, 0x6c, 0xa0, 0x3b, 0x93,
-	0x69, 0xfa, 0xf9, 0xf3, 0x38, 0xf9, 0x3c, 0x9b, 0xd6, 0xe3, 0xe1, 0x64, 0x7f, 0xed, 0xc0, 0x38,
-	0xac, 0x1e, 0xdd, 0xd3, 0x54, 0x68, 0xa9, 0xa7, 0x3b, 0x72, 0x01, 0xce, 0xe5, 0xbd, 0x89, 0x79,
-	0x88, 0xb6, 0x47, 0xc3, 0xd9, 0x3c, 0x19, 0xc7, 0x9f, 0xf6, 0xcf, 0x3f, 0x1b, 0xa5, 0x97, 0xfb,
-	0xeb, 0x8b, 0xe9, 0xbc, 0x9e, 0x31, 0x1a, 0x19, 0x6e, 0x7e, 0x84, 0x2a, 0x53, 0x39, 0xe1, 0x0b,
-	0x2b, 0x1b, 0xaf, 0xb4, 0xb2, 0x95, 0x09, 0x7a, 0x13, 0x73, 0x0f, 0x6d, 0xf4, 0x27, 0x93, 0x78,
-	0x38, 0xd8, 0xaf, 0xc8, 0x42, 0xad, 0xf7, 0x27, 0x13, 0x6f, 0x60, 0x7e, 0x03, 0xa1, 0xc9, 0x34,
-	0xfd, 0x75, 0x72, 0x3e, 0x17, 0x2c, 0x74, 0x60, 0x1c, 0x96, 0x69, 0x25, 0x47, 0xbc, 0x81, 0x65,
-	0xa1, 0x9a, 0x9e, 0x7b, 0x73, 0x0b, 0xad, 0x79, 0xd1, 0xd3, 0x1f, 0x82, 0x91, 0xff, 0xf7, 0x23,
-	0x28, 0x59, 0x16, 0xda, 0x5e, 0x4e, 0xac, 0xb9, 0x89, 0xca, 0xdc, 0x89, 0xc0, 0x10, 0xff, 0x74,
-	0xdd, 0x08, 0x4a, 0xd6, 0x97, 0x06, 0xba, 0xb3, 0x5c, 0x91, 0xc9, 0xe8, 0xb9, 0xf9, 0x1e, 0xba,
-	0x93, 0xa7, 0x7d, 0x90, 0xcc, 0xce, 0xa7, 0xc3, 0xc9, 0x3c, 0x7f, 0x93, 0x54, 0x28, 0x64, 0x0c,
-	0x57, 0xe1, 0xe6, 0xcf, 0xd0, 0xb6, 0x78, 0xf4, 0x24, 0x53, 0xd5, 0x97, 0xe5, 0x57, 0x86, 0x5e,
-	0xcf, 0xa4, 0x17, 0xfd, 0xfa, 0x7b, 0x28, 0xd1, 0xf7, 0x2b, 0x5b, 0xff, 0xb3, 0x09, 0xd7, 0xd7,
-	0xd7, 0xd7, 0x25, 0xeb, 0x77, 0xa8, 0xda, 0x18, 0x8e, 0x07, 0x8b, 0x86, 0x7e, 0x49, 0x24, 0xa5,
-	0x1b, 0x23, 0xb9, 0xd1, 0x15, 0xd1, 0xc1, 0xaf, 0xef, 0x8a, 0x45, 0x50, 0x25, 0xb3, 0x2f, 0xf2,
-	0x78, 0xa3, 0x42, 0xe3, 0x8d, 0x62, 0xb3, 0x1c, 0xb4, 0xdb, 0x4a, 0xe6, 0x59, 0x75, 0xc2, 0xfe,
-	0x55, 0x72, 0x9b, 0xc8, 0xac, 0x33, 0x64, 0xae, 0x28, 0x79, 0xa9, 0x7b, 0xa5, 0x37, 0x73, 0xcf,
-	0x96, 0x9a, 0xa3, 0x24, 0x99, 0xde, 0xda, 0x39, 0x07, 0xc1, 0x92, 0x0a, 0xe1, 0xda, 0x43, 0xb4,
-	0x39, 0x49, 0x92, 0xe9, 0x57, 0x3b, 0xb4, 0x21, 0xc4, 0xbc, 0x89, 0xf5, 0xe5, 0xe6, 0x62, 0x47,
-	0x64, 0x7b, 0xdf, 0xfc, 0x05, 0x5a, 0x1f, 0x25, 0x4f, 0x93, 0x51, 0x7e, 0x92, 0x7d, 0xef, 0x25,
-	0x27, 0xc6, 0x12, 0xe1, 0x8b, 0x05, 0x34, 0x5b, 0x67, 0x3e, 0x42, 0x1b, 0xd9, 0xa1, 0x93, 0x1f,
-	0x62, 0x87, 0xaf, 0xa3, 0x41, 0x46, 0x90, 0xaf, 0x33, 0x77, 0xd1, 0xfa, 0xd3, 0xfe, 0xe8, 0x49,
-	0xb2, 0x5f, 0x3e, 0x28, 0x1d, 0xd6, 0x68, 0x46, 0x58, 0x09, 0xba, 0xf3, 0x82, 0x4d, 0xed, 0x41,
-	0xcd, 0x88, 0x1f, 0x7b, 0x11, 0xbc, 0x25, 0x67, 0x95, 0x02, 0xca, 0xfe, 0x05, 0x43, 0xce, 0x16,
-	0x05, 0x2c, 0xb6, 0xf3, 0xc6, 0x0a, 0x26, 0x76, 0xf6, 0x1d, 0xeb, 0xdf, 0xd7, 0x11, 0xac, 0x7a,
-	0x26, 0x6f, 0xbb, 0x85, 0x60, 0xec, 0xe2, 0x46, 0xb7, 0x05, 0x86, 0x1c, 0xc9, 0x14, 0x48, 0xc5,
-	0x94, 0x28, 0xc6, 0x23, 0x28, 0x2d, 0xa9, 0x8d, 0xe5, 0x95, 0x5a, 0x5e, 0xd6, 0x90, 0x7d, 0x47,
-	0x58, 0x5b, 0xd6, 0xe0, 0x92, 0x90, 0x53, 0xd2, 0xe5, 0x18, 0xd6, 0x97, 0x19, 0x0d, 0x4a, 0x6c,
-	0xd7, 0xb1, 0xe5, 0x07, 0x04, 0x31, 0x74, 0x28, 0x06, 0x0b, 0xdd, 0x46, 0xb7, 0x09, 0x9b, 0xcb,
-	0x28, 0x75, 0x4e, 0x04, 0xba, 0xb5, 0xac, 0xa4, 0x83, 0x71, 0x64, 0xfb, 0xde, 0x09, 0x86, 0xca,
-	0x32, 0x83, 0x90, 0x86, 0x17, 0xfa, 0x5e, 0x88, 0x01, 0x2d, 0xeb, 0xf1, 0xbd, 0xb0, 0x85, 0x29,
-	0xd4, 0xcd, 0x7b, 0xc8, 0x5c, 0xd2, 0x2e, 0x86, 0x25, 0x02, 0xbb, 0xcb, 0x38, 0x0b, 0xdd, 0x0c,
-	0xdf, 0xd3, 0x6a, 0xe2, 0x45, 0x31, 0x27, 0x0c, 0x8c, 0x15, 0x88, 0xfb, 0x50, 0xd2, 0xca, 0xe4,
-	0x45, 0x71, 0x5b, 0x8c, 0x9a, 0x8e, 0x0f, 0xe5, 0x65, 0x98, 0x44, 0xdc, 0x23, 0x21, 0x83, 0x35,
-	0xcd, 0x16, 0x77, 0xa2, 0x58, 0x3c, 0xef, 0x7d, 0xbb, 0x07, 0x86, 0x26, 0x2e, 0xf0, 0xc0, 0x3e,
-	0x63, 0xb8, 0x05, 0x25, 0x2d, 0xdb, 0x02, 0x76, 0x08, 0xed, 0x40, 0x59, 0x0b, 0x5b, 0x80, 0x22,
-	0x21, 0x9e, 0xeb, 0x63, 0x58, 0x33, 0xf7, 0xd1, 0xee, 0x2a, 0x23, 0xe4, 0x27, 0x3e, 0xac, 0xaf,
-	0x98, 0x15, 0x1c, 0x27, 0x14, 0x65, 0x58, 0x36, 0x2b, 0x9e, 0xb0, 0x21, 0x87, 0xcd, 0x15, 0xf1,
-	0x2c, 0x81, 0x47, 0xb0, 0x65, 0xbe, 0x8d, 0xee, 0x6b, 0xb8, 0x8b, 0x9b, 0x98, 0xc6, 0xb6, 0xe3,
-	0xe0, 0x88, 0x43, 0x65, 0x85, 0x79, 0xea, 0x85, 0x2e, 0x39, 0x8d, 0x1d, 0xdf, 0x0e, 0x22, 0x40,
-	0x2b, 0x81, 0x78, 0x61, 0x93, 0x40, 0x75, 0x25, 0x90, 0xe3, 0xae, 0xe7, 0x74, 0x6c, 0xa7, 0x03,
-	0x35, 0x39, 0x11, 0x3d, 0x47, 0xf7, 0xd9, 0xe2, 0xc8, 0xca, 0xaf, 0xf3, 0x5b, 0x1d, 0xea, 0x1f,
-	0xa2, 0xcd, 0xc5, 0xec, 0x50, 0x7a, 0xf5, 0xec, 0xb0, 0x90, 0xb3, 0xee, 0xa3, 0xbd, 0x17, 0x4d,
-	0x4f, 0x46, 0xcf, 0x85, 0x4f, 0xad, 0x3f, 0x90, 0x4f, 0x1f, 0xa3, 0xbd, 0xd6, 0x4d, 0x3e, 0xdd,
-	0x46, 0xd7, 0xbf, 0x18, 0x68, 0xdb, 0x49, 0xc7, 0xe3, 0xe4, 0x7c, 0x7e, 0x2b, 0xf7, 0x97, 0xe6,
-	0x9c, 0x57, 0xdf, 0x8f, 0xc5, 0x9c, 0xf3, 0x1e, 0xda, 0x99, 0x0f, 0xaf, 0x92, 0xf4, 0xc9, 0x3c,
-	0x9e, 0x25, 0xe7, 0xe9, 0x78, 0x90, 0xcd, 0x09, 0xc6, 0x4f, 0x4a, 0xef, 0x7f, 0x48, 0xb7, 0x73,
-	0x16, 0xcb, 0x38, 0xd6, 0x2f, 0x51, 0x4d, 0x39, 0xf8, 0x7b, 0xba, 0x48, 0xf5, 0x21, 0xe1, 0x04,
-	0xd5, 0x7d, 0x39, 0xb9, 0xdd, 0x2a, 0xfc, 0x7d, 0xb4, 0xb9, 0x98, 0x04, 0x4b, 0x72, 0x3e, 0x5f,
-	0x90, 0x56, 0x1d, 0x55, 0x17, 0x7a, 0x45, 0xbb, 0x0c, 0x51, 0xdd, 0x3e, 0x3f, 0x4f, 0x26, 0xb7,
-	0xcb, 0xf2, 0x0d, 0x09, 0x2b, 0xbd, 0x34, 0x61, 0xd7, 0x06, 0xaa, 0x2e, 0x6c, 0x89, 0x84, 0x1d,
-	0xa1, 0xbd, 0x71, 0xf2, 0x2c, 0x7e, 0xd1, 0x5a, 0xf6, 0x66, 0xb8, 0x3b, 0x4e, 0x9e, 0xb1, 0x1b,
-	0x06, 0xb9, 0xbc, 0xac, 0xaf, 0x39, 0xc8, 0x65, 0xd2, 0x39, 0x64, 0xfd, 0x97, 0x81, 0x76, 0xd8,
-	0xe3, 0x27, 0x73, 0x37, 0x7d, 0x76, 0xbb, 0xbc, 0x7e, 0x80, 0xca, 0x8f, 0xd3, 0x67, 0xf9, 0x6d,
-	0xfb, 0x4d, 0xbd, 0x8b, 0x97, 0xb5, 0x3e, 0x68, 0xa7, 0xcf, 0xa8, 0x10, 0x35, 0xbf, 0x85, 0xaa,
-	0xb3, 0x64, 0x3c, 0x88, 0xd3, 0x8b, 0x8b, 0x59, 0x32, 0x97, 0xd7, 0x6c, 0x99, 0x22, 0x01, 0x11,
-	0x89, 0x58, 0x0e, 0x2a, 0xb7, 0xd3, 0x67, 0xfa, 0x45, 0xd6, 0xee, 0xf2, 0x98, 0xba, 0xcb, 0xf7,
-	0xa8, 0xc0, 0x4e, 0xc5, 0x85, 0xa7, 0xdd, 0x1b, 0x99, 0xdc, 0x29, 0x85, 0xb2, 0xb5, 0x83, 0xea,
-	0x85, 0x07, 0xa2, 0xae, 0xbf, 0x42, 0x35, 0x67, 0x94, 0xce, 0x6e, 0x35, 0xed, 0x98, 0xef, 0x2c,
-	0xfb, 0x2c, 0xea, 0x51, 0x96, 0x25, 0xd5, 0xfd, 0xae, 0x21, 0x94, 0x5b, 0x10, 0xf6, 0xfe, 0xcf,
-	0x40, 0x55, 0x96, 0xdc, 0x72, 0xa8, 0xbd, 0x87, 0xd6, 0x06, 0xfd, 0x79, 0x5f, 0xa6, 0xb5, 0xd6,
-	0x28, 0x6d, 0x19, 0x54, 0xd2, 0xe2, 0x9d, 0x38, 0x9b, 0x4f, 0x93, 0xfe, 0xd5, 0x72, 0xf6, 0x6a,
-	0x19, 0x98, 0xf9, 0x61, 0xde, 0x47, 0xeb, 0x17, 0xa3, 0xfe, 0xe5, 0x4c, 0x0e, 0xe4, 0xf2, 0xc9,
-	0x93, 0xd1, 0x62, 0x3e, 0x93, 0x51, 0xcc, 0x53, 0xf9, 0x1a, 0x7a, 0xc5, 0x7c, 0x26, 0xc4, 0x78,
-	0x7a, 0x53, 0x37, 0x6f, 0xbc, 0xb4, 0x9b, 0x0f, 0x51, 0x25, 0x8b, 0x57, 0xb4, 0xf2, 0xdb, 0xa8,
-	0x22, 0x1c, 0x8e, 0x67, 0xc9, 0x78, 0x9e, 0xfd, 0x30, 0x42, 0xb7, 0x04, 0xc0, 0x92, 0xf1, 0xdc,
-	0xfa, 0x4f, 0x03, 0x6d, 0xd3, 0xe4, 0x3c, 0x19, 0x3e, 0xbd, 0x5d, 0x35, 0x94, 0xf2, 0xe1, 0x17,
-	0x49, 0xbe, 0x9b, 0x33, 0xe5, 0xc3, 0x2f, 0x92, 0x22, 0xfa, 0xf2, 0x4a, 0xf4, 0x37, 0x04, 0xb3,
-	0xfe, 0xd2, 0x60, 0x2c, 0xb4, 0xde, 0x94, 0xab, 0xaa, 0x68, 0x33, 0x60, 0x2d, 0x31, 0xa8, 0x80,
-	0x61, 0xd6, 0xd0, 0x96, 0x20, 0x22, 0x8c, 0x3b, 0x50, 0xb2, 0xfe, 0xd5, 0x40, 0x35, 0x15, 0x86,
-	0x08, 0xfa, 0x85, 0xea, 0xc8, 0x3e, 0x59, 0xa9, 0xce, 0xa2, 0xb4, 0xc2, 0x3d, 0xbd, 0xb4, 0x3f,
-	0x45, 0xf5, 0x69, 0xa6, 0x6c, 0x10, 0x5f, 0x4c, 0xd3, 0xab, 0xaf, 0x78, 0x4e, 0xd5, 0x16, 0xc2,
-	0xcd, 0x69, 0x7a, 0x25, 0xf6, 0xd4, 0xa7, 0x4f, 0x2e, 0x2e, 0x92, 0x69, 0x96, 0x13, 0xf9, 0xd6,
-	0xa5, 0x28, 0x83, 0x44, 0x56, 0xac, 0x2f, 0xcb, 0xa8, 0x12, 0xa5, 0xa3, 0x11, 0x7e, 0x9a, 0x8c,
-	0xdf, 0x30, 0xdb, 0xdf, 0x43, 0x30, 0xcd, 0xaa, 0x94, 0x0c, 0xe2, 0x44, 0xac, 0x9f, 0xe5, 0x49,
-	0xdf, 0x51, 0xb8, 0x54, 0x3b, 0x33, 0xbf, 0x8b, 0x76, 0xd2, 0x4f, 0xe5, 0x4b, 0x51, 0x49, 0x96,
-	0xa5, 0xe4, 0xf6, 0x02, 0xce, 0x04, 0xad, 0xff, 0x28, 0xa1, 0xba, 0x72, 0x47, 0x24, 0x5a, 0x9b,
-	0x35, 0x22, 0xe2, 0xfb, 0x21, 0x09, 0x31, 0xbc, 0xa5, 0x4d, 0x6e, 0x02, 0xf4, 0xc2, 0xa5, 0x13,
-	0x40, 0x40, 0x11, 0xf5, 0x96, 0x46, 0x5e, 0x81, 0x91, 0x2e, 0x87, 0xb5, 0x15, 0x0c, 0x53, 0x0a,
-	0x5b, 0x2b, 0x58, 0xbb, 0x1b, 0x01, 0xac, 0xda, 0x3d, 0xb1, 0x7d, 0x38, 0xd0, 0x26, 0x2c, 0x01,
-	0x52, 0x37, 0x24, 0x34, 0x80, 0x47, 0xe6, 0xbd, 0x15, 0xb8, 0x61, 0x87, 0xf2, 0x1b, 0xd3, 0x32,
-	0x7e, 0x4a, 0xa5, 0xf8, 0x75, 0xe9, 0x05, 0x3c, 0x93, 0x5f, 0x93, 0x1f, 0x9f, 0x0a, 0x3c, 0x60,
-	0x2d, 0xb8, 0xde, 0x5a, 0x55, 0x8e, 0x03, 0x72, 0x82, 0xe1, 0xfa, 0x40, 0x7e, 0xc0, 0xd2, 0x8d,
-	0x0a, 0xb7, 0xaf, 0x1f, 0x59, 0x8f, 0x51, 0x55, 0x24, 0x70, 0xb1, 0x7f, 0x7e, 0x80, 0x36, 0xf2,
-	0x84, 0x1b, 0x72, 0x9e, 0xd8, 0xd5, 0xda, 0x46, 0x25, 0x9a, 0xe6, 0x32, 0x6f, 0x76, 0x4b, 0xfd,
-	0x38, 0xeb, 0x9c, 0xac, 0xc5, 0x0b, 0x3b, 0xa5, 0xaf, 0xb6, 0x63, 0xfd, 0x56, 0xec, 0xf3, 0x59,
-	0x3a, 0x2a, 0xf6, 0xb9, 0x89, 0xd6, 0xc6, 0xfd, 0xab, 0x24, 0x6f, 0x36, 0xf9, 0xbf, 0x79, 0x82,
-	0x20, 0xbf, 0xbb, 0x62, 0xf9, 0x31, 0x6a, 0x98, 0x64, 0xda, 0xdf, 0xf0, 0x4b, 0xd6, 0x4e, 0xae,
-	0xa4, 0x99, 0xeb, 0xb0, 0xfe, 0xbb, 0x2c, 0xf6, 0x67, 0x6e, 0x5e, 0x38, 0x7f, 0xd3, 0xc7, 0xb8,
-	0xf2, 0x8b, 0x1f, 0xe3, 0xde, 0x45, 0xdb, 0xe7, 0xfd, 0x71, 0x3a, 0x1e, 0x9e, 0xf7, 0x47, 0xb1,
-	0xf4, 0x36, 0xfb, 0x1a, 0x57, 0x57, 0xa8, 0x7c, 0x96, 0xed, 0xa3, 0xcd, 0xfe, 0x68, 0xd8, 0x9f,
-	0x25, 0xe2, 0xa0, 0x2d, 0x1f, 0x56, 0xe8, 0x82, 0xb4, 0xfe, 0xb7, 0xa4, 0xff, 0xa0, 0xfb, 0x35,
-	0xb4, 0x97, 0x17, 0x10, 0xdb, 0x5e, 0x2c, 0x5e, 0x69, 0x4d, 0x3b, 0xf0, 0x7c, 0xf1, 0x80, 0x28,
-	0xae, 0x2e, 0xc9, 0x92, 0xbf, 0x65, 0x96, 0xb4, 0x09, 0x5b, 0xa0, 0x0d, 0xdb, 0x6d, 0xfa, 0x76,
-	0x8b, 0x2d, 0x3d, 0xe3, 0x04, 0xa3, 0x69, 0x7b, 0x7e, 0xf6, 0x0b, 0xf0, 0x12, 0x28, 0x55, 0xaf,
-	0xaf, 0xc0, 0x01, 0x0e, 0x08, 0xed, 0x2d, 0xbd, 0x1d, 0x04, 0x9c, 0xff, 0x1c, 0xb4, 0xf9, 0x02,
-	0x1c, 0xda, 0x01, 0x86, 0x2d, 0xed, 0x49, 0x21, 0x60, 0x86, 0xe9, 0x89, 0xe7, 0x2c, 0xbf, 0xe1,
-	0x24, 0x4e, 0x9c, 0x8e, 0x7c, 0x68, 0xa2, 0x15, 0x3d, 0xd9, 0xef, 0xd8, 0x4b, 0x6f, 0x86, 0x3c,
-	0xa2, 0xb6, 0x17, 0x72, 0x06, 0xb5, 0x15, 0x86, 0xfc, 0xdd, 0xc1, 0x21, 0x3e, 0xd4, 0x57, 0x18,
-	0xea, 0x37, 0x9d, 0x6d, 0x6d, 0x0f, 0xcb, 0xb8, 0xec, 0x33, 0xd8, 0x69, 0x6c, 0x7d, 0xb2, 0x91,
-	0x9d, 0x5a, 0xff, 0x1f, 0x00, 0x00, 0xff, 0xff, 0x31, 0x03, 0x4e, 0xbd, 0xfd, 0x1f, 0x00, 0x00,
-}
diff --git a/vendor/google.golang.org/appengine/internal/socket/socket_service.proto b/vendor/google.golang.org/appengine/internal/socket/socket_service.proto
deleted file mode 100644
index 2fcc7953dc0..00000000000
--- a/vendor/google.golang.org/appengine/internal/socket/socket_service.proto
+++ /dev/null
@@ -1,460 +0,0 @@
-syntax = "proto2";
-option go_package = "socket";
-
-package appengine;
-
-message RemoteSocketServiceError {
-  enum ErrorCode {
-    SYSTEM_ERROR = 1;
-    GAI_ERROR = 2;
-    FAILURE = 4;
-    PERMISSION_DENIED = 5;
-    INVALID_REQUEST = 6;
-    SOCKET_CLOSED = 7;
-  }
-
-  enum SystemError {
-    option allow_alias = true;
-
-    SYS_SUCCESS = 0;
-    SYS_EPERM = 1;
-    SYS_ENOENT = 2;
-    SYS_ESRCH = 3;
-    SYS_EINTR = 4;
-    SYS_EIO = 5;
-    SYS_ENXIO = 6;
-    SYS_E2BIG = 7;
-    SYS_ENOEXEC = 8;
-    SYS_EBADF = 9;
-    SYS_ECHILD = 10;
-    SYS_EAGAIN = 11;
-    SYS_EWOULDBLOCK = 11;
-    SYS_ENOMEM = 12;
-    SYS_EACCES = 13;
-    SYS_EFAULT = 14;
-    SYS_ENOTBLK = 15;
-    SYS_EBUSY = 16;
-    SYS_EEXIST = 17;
-    SYS_EXDEV = 18;
-    SYS_ENODEV = 19;
-    SYS_ENOTDIR = 20;
-    SYS_EISDIR = 21;
-    SYS_EINVAL = 22;
-    SYS_ENFILE = 23;
-    SYS_EMFILE = 24;
-    SYS_ENOTTY = 25;
-    SYS_ETXTBSY = 26;
-    SYS_EFBIG = 27;
-    SYS_ENOSPC = 28;
-    SYS_ESPIPE = 29;
-    SYS_EROFS = 30;
-    SYS_EMLINK = 31;
-    SYS_EPIPE = 32;
-    SYS_EDOM = 33;
-    SYS_ERANGE = 34;
-    SYS_EDEADLK = 35;
-    SYS_EDEADLOCK = 35;
-    SYS_ENAMETOOLONG = 36;
-    SYS_ENOLCK = 37;
-    SYS_ENOSYS = 38;
-    SYS_ENOTEMPTY = 39;
-    SYS_ELOOP = 40;
-    SYS_ENOMSG = 42;
-    SYS_EIDRM = 43;
-    SYS_ECHRNG = 44;
-    SYS_EL2NSYNC = 45;
-    SYS_EL3HLT = 46;
-    SYS_EL3RST = 47;
-    SYS_ELNRNG = 48;
-    SYS_EUNATCH = 49;
-    SYS_ENOCSI = 50;
-    SYS_EL2HLT = 51;
-    SYS_EBADE = 52;
-    SYS_EBADR = 53;
-    SYS_EXFULL = 54;
-    SYS_ENOANO = 55;
-    SYS_EBADRQC = 56;
-    SYS_EBADSLT = 57;
-    SYS_EBFONT = 59;
-    SYS_ENOSTR = 60;
-    SYS_ENODATA = 61;
-    SYS_ETIME = 62;
-    SYS_ENOSR = 63;
-    SYS_ENONET = 64;
-    SYS_ENOPKG = 65;
-    SYS_EREMOTE = 66;
-    SYS_ENOLINK = 67;
-    SYS_EADV = 68;
-    SYS_ESRMNT = 69;
-    SYS_ECOMM = 70;
-    SYS_EPROTO = 71;
-    SYS_EMULTIHOP = 72;
-    SYS_EDOTDOT = 73;
-    SYS_EBADMSG = 74;
-    SYS_EOVERFLOW = 75;
-    SYS_ENOTUNIQ = 76;
-    SYS_EBADFD = 77;
-    SYS_EREMCHG = 78;
-    SYS_ELIBACC = 79;
-    SYS_ELIBBAD = 80;
-    SYS_ELIBSCN = 81;
-    SYS_ELIBMAX = 82;
-    SYS_ELIBEXEC = 83;
-    SYS_EILSEQ = 84;
-    SYS_ERESTART = 85;
-    SYS_ESTRPIPE = 86;
-    SYS_EUSERS = 87;
-    SYS_ENOTSOCK = 88;
-    SYS_EDESTADDRREQ = 89;
-    SYS_EMSGSIZE = 90;
-    SYS_EPROTOTYPE = 91;
-    SYS_ENOPROTOOPT = 92;
-    SYS_EPROTONOSUPPORT = 93;
-    SYS_ESOCKTNOSUPPORT = 94;
-    SYS_EOPNOTSUPP = 95;
-    SYS_ENOTSUP = 95;
-    SYS_EPFNOSUPPORT = 96;
-    SYS_EAFNOSUPPORT = 97;
-    SYS_EADDRINUSE = 98;
-    SYS_EADDRNOTAVAIL = 99;
-    SYS_ENETDOWN = 100;
-    SYS_ENETUNREACH = 101;
-    SYS_ENETRESET = 102;
-    SYS_ECONNABORTED = 103;
-    SYS_ECONNRESET = 104;
-    SYS_ENOBUFS = 105;
-    SYS_EISCONN = 106;
-    SYS_ENOTCONN = 107;
-    SYS_ESHUTDOWN = 108;
-    SYS_ETOOMANYREFS = 109;
-    SYS_ETIMEDOUT = 110;
-    SYS_ECONNREFUSED = 111;
-    SYS_EHOSTDOWN = 112;
-    SYS_EHOSTUNREACH = 113;
-    SYS_EALREADY = 114;
-    SYS_EINPROGRESS = 115;
-    SYS_ESTALE = 116;
-    SYS_EUCLEAN = 117;
-    SYS_ENOTNAM = 118;
-    SYS_ENAVAIL = 119;
-    SYS_EISNAM = 120;
-    SYS_EREMOTEIO = 121;
-    SYS_EDQUOT = 122;
-    SYS_ENOMEDIUM = 123;
-    SYS_EMEDIUMTYPE = 124;
-    SYS_ECANCELED = 125;
-    SYS_ENOKEY = 126;
-    SYS_EKEYEXPIRED = 127;
-    SYS_EKEYREVOKED = 128;
-    SYS_EKEYREJECTED = 129;
-    SYS_EOWNERDEAD = 130;
-    SYS_ENOTRECOVERABLE = 131;
-    SYS_ERFKILL = 132;
-  }
-
-  optional int32 system_error = 1 [default=0];
-  optional string error_detail = 2;
-}
-
-message AddressPort {
-  required int32 port = 1;
-  optional bytes packed_address = 2;
-
-  optional string hostname_hint = 3;
-}
-
-
-
-message CreateSocketRequest {
-  enum SocketFamily {
-    IPv4 = 1;
-    IPv6 = 2;
-  }
-
-  enum SocketProtocol {
-    TCP = 1;
-    UDP = 2;
-  }
-
-  required SocketFamily family = 1;
-  required SocketProtocol protocol = 2;
-
-  repeated SocketOption socket_options = 3;
-
-  optional AddressPort proxy_external_ip = 4;
-
-  optional int32 listen_backlog = 5 [default=0];
-
-  optional AddressPort remote_ip = 6;
-
-  optional string app_id = 9;
-
-  optional int64 project_id = 10;
-}
-
-message CreateSocketReply {
-  optional string socket_descriptor = 1;
-
-  optional AddressPort server_address = 3;
-
-  optional AddressPort proxy_external_ip = 4;
-
-  extensions 1000 to max;
-}
-
-
-
-message BindRequest {
-  required string socket_descriptor = 1;
-  required AddressPort proxy_external_ip = 2;
-}
-
-message BindReply {
-  optional AddressPort proxy_external_ip = 1;
-}
-
-
-
-message GetSocketNameRequest {
-  required string socket_descriptor = 1;
-}
-
-message GetSocketNameReply {
-  optional AddressPort proxy_external_ip = 2;
-}
-
-
-
-message GetPeerNameRequest {
-  required string socket_descriptor = 1;
-}
-
-message GetPeerNameReply {
-  optional AddressPort peer_ip = 2;
-}
-
-
-message SocketOption {
-
-  enum SocketOptionLevel {
-    SOCKET_SOL_IP = 0;
-    SOCKET_SOL_SOCKET = 1;
-    SOCKET_SOL_TCP = 6;
-    SOCKET_SOL_UDP = 17;
-  }
-
-  enum SocketOptionName {
-    option allow_alias = true;
-
-    SOCKET_SO_DEBUG = 1;
-    SOCKET_SO_REUSEADDR = 2;
-    SOCKET_SO_TYPE = 3;
-    SOCKET_SO_ERROR = 4;
-    SOCKET_SO_DONTROUTE = 5;
-    SOCKET_SO_BROADCAST = 6;
-    SOCKET_SO_SNDBUF = 7;
-    SOCKET_SO_RCVBUF = 8;
-    SOCKET_SO_KEEPALIVE = 9;
-    SOCKET_SO_OOBINLINE = 10;
-    SOCKET_SO_LINGER = 13;
-    SOCKET_SO_RCVTIMEO = 20;
-    SOCKET_SO_SNDTIMEO = 21;
-
-    SOCKET_IP_TOS = 1;
-    SOCKET_IP_TTL = 2;
-    SOCKET_IP_HDRINCL = 3;
-    SOCKET_IP_OPTIONS = 4;
-
-    SOCKET_TCP_NODELAY = 1;
-    SOCKET_TCP_MAXSEG = 2;
-    SOCKET_TCP_CORK = 3;
-    SOCKET_TCP_KEEPIDLE = 4;
-    SOCKET_TCP_KEEPINTVL = 5;
-    SOCKET_TCP_KEEPCNT = 6;
-    SOCKET_TCP_SYNCNT = 7;
-    SOCKET_TCP_LINGER2 = 8;
-    SOCKET_TCP_DEFER_ACCEPT = 9;
-    SOCKET_TCP_WINDOW_CLAMP = 10;
-    SOCKET_TCP_INFO = 11;
-    SOCKET_TCP_QUICKACK = 12;
-  }
-
-  required SocketOptionLevel level = 1;
-  required SocketOptionName option = 2;
-  required bytes value = 3;
-}
-
-
-message SetSocketOptionsRequest {
-  required string socket_descriptor = 1;
-  repeated SocketOption options = 2;
-}
-
-message SetSocketOptionsReply {
-}
-
-message GetSocketOptionsRequest {
-  required string socket_descriptor = 1;
-  repeated SocketOption options = 2;
-}
-
-message GetSocketOptionsReply {
-  repeated SocketOption options = 2;
-}
-
-
-message ConnectRequest {
-  required string socket_descriptor = 1;
-  required AddressPort remote_ip = 2;
-  optional double timeout_seconds = 3 [default=-1];
-}
-
-message ConnectReply {
-  optional AddressPort proxy_external_ip = 1;
-
-  extensions 1000 to max;
-}
-
-
-message ListenRequest {
-  required string socket_descriptor = 1;
-  required int32 backlog = 2;
-}
-
-message ListenReply {
-}
-
-
-message AcceptRequest {
-  required string socket_descriptor = 1;
-  optional double timeout_seconds = 2 [default=-1];
-}
-
-message AcceptReply {
-  optional bytes new_socket_descriptor = 2;
-  optional AddressPort remote_address = 3;
-}
-
-
-
-message ShutDownRequest {
-  enum How {
-    SOCKET_SHUT_RD = 1;
-    SOCKET_SHUT_WR = 2;
-    SOCKET_SHUT_RDWR = 3;
-  }
-  required string socket_descriptor = 1;
-  required How how = 2;
-  required int64 send_offset = 3;
-}
-
-message ShutDownReply {
-}
-
-
-
-message CloseRequest {
-  required string socket_descriptor = 1;
-  optional int64 send_offset = 2 [default=-1];
-}
-
-message CloseReply {
-}
-
-
-
-message SendRequest {
-  required string socket_descriptor = 1;
-  required bytes data = 2 [ctype=CORD];
-  required int64 stream_offset = 3;
-  optional int32 flags = 4 [default=0];
-  optional AddressPort send_to = 5;
-  optional double timeout_seconds = 6 [default=-1];
-}
-
-message SendReply {
-  optional int32 data_sent = 1;
-}
-
-
-message ReceiveRequest {
-  enum Flags {
-    MSG_OOB = 1;
-    MSG_PEEK = 2;
-  }
-  required string socket_descriptor = 1;
-  required int32 data_size = 2;
-  optional int32 flags = 3 [default=0];
-  optional double timeout_seconds = 5 [default=-1];
-}
-
-message ReceiveReply {
-  optional int64 stream_offset = 2;
-  optional bytes data = 3 [ctype=CORD];
-  optional AddressPort received_from = 4;
-  optional int32 buffer_size = 5;
-}
-
-
-
-message PollEvent {
-
-  enum PollEventFlag {
-    SOCKET_POLLNONE = 0;
-    SOCKET_POLLIN = 1;
-    SOCKET_POLLPRI = 2;
-    SOCKET_POLLOUT = 4;
-    SOCKET_POLLERR = 8;
-    SOCKET_POLLHUP = 16;
-    SOCKET_POLLNVAL = 32;
-    SOCKET_POLLRDNORM = 64;
-    SOCKET_POLLRDBAND = 128;
-    SOCKET_POLLWRNORM = 256;
-    SOCKET_POLLWRBAND = 512;
-    SOCKET_POLLMSG = 1024;
-    SOCKET_POLLREMOVE = 4096;
-    SOCKET_POLLRDHUP = 8192;
-  };
-
-  required string socket_descriptor = 1;
-  required int32 requested_events = 2;
-  required int32 observed_events = 3;
-}
-
-message PollRequest {
-  repeated PollEvent events = 1;
-  optional double timeout_seconds = 2 [default=-1];
-}
-
-message PollReply {
-  repeated PollEvent events = 2;
-}
-
-message ResolveRequest {
-  required string name = 1;
-  repeated CreateSocketRequest.SocketFamily address_families = 2;
-}
-
-message ResolveReply {
-  enum ErrorCode {
-    SOCKET_EAI_ADDRFAMILY = 1;
-    SOCKET_EAI_AGAIN = 2;
-    SOCKET_EAI_BADFLAGS = 3;
-    SOCKET_EAI_FAIL = 4;
-    SOCKET_EAI_FAMILY = 5;
-    SOCKET_EAI_MEMORY = 6;
-    SOCKET_EAI_NODATA = 7;
-    SOCKET_EAI_NONAME = 8;
-    SOCKET_EAI_SERVICE = 9;
-    SOCKET_EAI_SOCKTYPE = 10;
-    SOCKET_EAI_SYSTEM = 11;
-    SOCKET_EAI_BADHINTS = 12;
-    SOCKET_EAI_PROTOCOL = 13;
-    SOCKET_EAI_OVERFLOW = 14;
-    SOCKET_EAI_MAX = 15;
-  };
-
-  repeated bytes packed_address = 2;
-  optional string canonical_name = 3;
-  repeated string aliases = 4;
-}
diff --git a/vendor/google.golang.org/appengine/socket/doc.go b/vendor/google.golang.org/appengine/socket/doc.go
deleted file mode 100644
index 3de46df826b..00000000000
--- a/vendor/google.golang.org/appengine/socket/doc.go
+++ /dev/null
@@ -1,10 +0,0 @@
-// Copyright 2012 Google Inc. All rights reserved.
-// Use of this source code is governed by the Apache 2.0
-// license that can be found in the LICENSE file.
-
-// Package socket provides outbound network sockets.
-//
-// This package is only required in the classic App Engine environment.
-// Applications running only in App Engine "flexible environment" should
-// use the standard library's net package.
-package socket
diff --git a/vendor/google.golang.org/appengine/socket/socket_classic.go b/vendor/google.golang.org/appengine/socket/socket_classic.go
deleted file mode 100644
index 0ad50e2d36d..00000000000
--- a/vendor/google.golang.org/appengine/socket/socket_classic.go
+++ /dev/null
@@ -1,290 +0,0 @@
-// Copyright 2012 Google Inc. All rights reserved.
-// Use of this source code is governed by the Apache 2.0
-// license that can be found in the LICENSE file.
-
-// +build appengine
-
-package socket
-
-import (
-	"fmt"
-	"io"
-	"net"
-	"strconv"
-	"time"
-
-	"github.com/golang/protobuf/proto"
-	"golang.org/x/net/context"
-	"google.golang.org/appengine/internal"
-
-	pb "google.golang.org/appengine/internal/socket"
-)
-
-// Dial connects to the address addr on the network protocol.
-// The address format is host:port, where host may be a hostname or an IP address.
-// Known protocols are "tcp" and "udp".
-// The returned connection satisfies net.Conn, and is valid while ctx is valid;
-// if the connection is to be used after ctx becomes invalid, invoke SetContext
-// with the new context.
-func Dial(ctx context.Context, protocol, addr string) (*Conn, error) {
-	return DialTimeout(ctx, protocol, addr, 0)
-}
-
-var ipFamilies = []pb.CreateSocketRequest_SocketFamily{
-	pb.CreateSocketRequest_IPv4,
-	pb.CreateSocketRequest_IPv6,
-}
-
-// DialTimeout is like Dial but takes a timeout.
-// The timeout includes name resolution, if required.
-func DialTimeout(ctx context.Context, protocol, addr string, timeout time.Duration) (*Conn, error) {
-	dialCtx := ctx // Used for dialing and name resolution, but not stored in the *Conn.
-	if timeout > 0 {
-		var cancel context.CancelFunc
-		dialCtx, cancel = context.WithTimeout(ctx, timeout)
-		defer cancel()
-	}
-
-	host, portStr, err := net.SplitHostPort(addr)
-	if err != nil {
-		return nil, err
-	}
-	port, err := strconv.Atoi(portStr)
-	if err != nil {
-		return nil, fmt.Errorf("socket: bad port %q: %v", portStr, err)
-	}
-
-	var prot pb.CreateSocketRequest_SocketProtocol
-	switch protocol {
-	case "tcp":
-		prot = pb.CreateSocketRequest_TCP
-	case "udp":
-		prot = pb.CreateSocketRequest_UDP
-	default:
-		return nil, fmt.Errorf("socket: unknown protocol %q", protocol)
-	}
-
-	packedAddrs, resolved, err := resolve(dialCtx, ipFamilies, host)
-	if err != nil {
-		return nil, fmt.Errorf("socket: failed resolving %q: %v", host, err)
-	}
-	if len(packedAddrs) == 0 {
-		return nil, fmt.Errorf("no addresses for %q", host)
-	}
-
-	packedAddr := packedAddrs[0] // use first address
-	fam := pb.CreateSocketRequest_IPv4
-	if len(packedAddr) == net.IPv6len {
-		fam = pb.CreateSocketRequest_IPv6
-	}
-
-	req := &pb.CreateSocketRequest{
-		Family:   fam.Enum(),
-		Protocol: prot.Enum(),
-		RemoteIp: &pb.AddressPort{
-			Port:          proto.Int32(int32(port)),
-			PackedAddress: packedAddr,
-		},
-	}
-	if resolved {
-		req.RemoteIp.HostnameHint = &host
-	}
-	res := &pb.CreateSocketReply{}
-	if err := internal.Call(dialCtx, "remote_socket", "CreateSocket", req, res); err != nil {
-		return nil, err
-	}
-
-	return &Conn{
-		ctx:    ctx,
-		desc:   res.GetSocketDescriptor(),
-		prot:   prot,
-		local:  res.ProxyExternalIp,
-		remote: req.RemoteIp,
-	}, nil
-}
-
-// LookupIP returns the given host's IP addresses.
-func LookupIP(ctx context.Context, host string) (addrs []net.IP, err error) {
-	packedAddrs, _, err := resolve(ctx, ipFamilies, host)
-	if err != nil {
-		return nil, fmt.Errorf("socket: failed resolving %q: %v", host, err)
-	}
-	addrs = make([]net.IP, len(packedAddrs))
-	for i, pa := range packedAddrs {
-		addrs[i] = net.IP(pa)
-	}
-	return addrs, nil
-}
-
-func resolve(ctx context.Context, fams []pb.CreateSocketRequest_SocketFamily, host string) ([][]byte, bool, error) {
-	// Check if it's an IP address.
-	if ip := net.ParseIP(host); ip != nil {
-		if ip := ip.To4(); ip != nil {
-			return [][]byte{ip}, false, nil
-		}
-		return [][]byte{ip}, false, nil
-	}
-
-	req := &pb.ResolveRequest{
-		Name:            &host,
-		AddressFamilies: fams,
-	}
-	res := &pb.ResolveReply{}
-	if err := internal.Call(ctx, "remote_socket", "Resolve", req, res); err != nil {
-		// XXX: need to map to pb.ResolveReply_ErrorCode?
-		return nil, false, err
-	}
-	return res.PackedAddress, true, nil
-}
-
-// withDeadline is like context.WithDeadline, except it ignores the zero deadline.
-func withDeadline(parent context.Context, deadline time.Time) (context.Context, context.CancelFunc) {
-	if deadline.IsZero() {
-		return parent, func() {}
-	}
-	return context.WithDeadline(parent, deadline)
-}
-
-// Conn represents a socket connection.
-// It implements net.Conn.
-type Conn struct {
-	ctx    context.Context
-	desc   string
-	offset int64
-
-	prot          pb.CreateSocketRequest_SocketProtocol
-	local, remote *pb.AddressPort
-
-	readDeadline, writeDeadline time.Time // optional
-}
-
-// SetContext sets the context that is used by this Conn.
-// It is usually used only when using a Conn that was created in a different context,
-// such as when a connection is created during a warmup request but used while
-// servicing a user request.
-func (cn *Conn) SetContext(ctx context.Context) {
-	cn.ctx = ctx
-}
-
-func (cn *Conn) Read(b []byte) (n int, err error) {
-	const maxRead = 1 << 20
-	if len(b) > maxRead {
-		b = b[:maxRead]
-	}
-
-	req := &pb.ReceiveRequest{
-		SocketDescriptor: &cn.desc,
-		DataSize:         proto.Int32(int32(len(b))),
-	}
-	res := &pb.ReceiveReply{}
-	if !cn.readDeadline.IsZero() {
-		req.TimeoutSeconds = proto.Float64(cn.readDeadline.Sub(time.Now()).Seconds())
-	}
-	ctx, cancel := withDeadline(cn.ctx, cn.readDeadline)
-	defer cancel()
-	if err := internal.Call(ctx, "remote_socket", "Receive", req, res); err != nil {
-		return 0, err
-	}
-	if len(res.Data) == 0 {
-		return 0, io.EOF
-	}
-	if len(res.Data) > len(b) {
-		return 0, fmt.Errorf("socket: internal error: read too much data: %d > %d", len(res.Data), len(b))
-	}
-	return copy(b, res.Data), nil
-}
-
-func (cn *Conn) Write(b []byte) (n int, err error) {
-	const lim = 1 << 20 // max per chunk
-
-	for n < len(b) {
-		chunk := b[n:]
-		if len(chunk) > lim {
-			chunk = chunk[:lim]
-		}
-
-		req := &pb.SendRequest{
-			SocketDescriptor: &cn.desc,
-			Data:             chunk,
-			StreamOffset:     &cn.offset,
-		}
-		res := &pb.SendReply{}
-		if !cn.writeDeadline.IsZero() {
-			req.TimeoutSeconds = proto.Float64(cn.writeDeadline.Sub(time.Now()).Seconds())
-		}
-		ctx, cancel := withDeadline(cn.ctx, cn.writeDeadline)
-		defer cancel()
-		if err = internal.Call(ctx, "remote_socket", "Send", req, res); err != nil {
-			// assume zero bytes were sent in this RPC
-			break
-		}
-		n += int(res.GetDataSent())
-		cn.offset += int64(res.GetDataSent())
-	}
-
-	return
-}
-
-func (cn *Conn) Close() error {
-	req := &pb.CloseRequest{
-		SocketDescriptor: &cn.desc,
-	}
-	res := &pb.CloseReply{}
-	if err := internal.Call(cn.ctx, "remote_socket", "Close", req, res); err != nil {
-		return err
-	}
-	cn.desc = "CLOSED"
-	return nil
-}
-
-func addr(prot pb.CreateSocketRequest_SocketProtocol, ap *pb.AddressPort) net.Addr {
-	if ap == nil {
-		return nil
-	}
-	switch prot {
-	case pb.CreateSocketRequest_TCP:
-		return &net.TCPAddr{
-			IP:   net.IP(ap.PackedAddress),
-			Port: int(*ap.Port),
-		}
-	case pb.CreateSocketRequest_UDP:
-		return &net.UDPAddr{
-			IP:   net.IP(ap.PackedAddress),
-			Port: int(*ap.Port),
-		}
-	}
-	panic("unknown protocol " + prot.String())
-}
-
-func (cn *Conn) LocalAddr() net.Addr  { return addr(cn.prot, cn.local) }
-func (cn *Conn) RemoteAddr() net.Addr { return addr(cn.prot, cn.remote) }
-
-func (cn *Conn) SetDeadline(t time.Time) error {
-	cn.readDeadline = t
-	cn.writeDeadline = t
-	return nil
-}
-
-func (cn *Conn) SetReadDeadline(t time.Time) error {
-	cn.readDeadline = t
-	return nil
-}
-
-func (cn *Conn) SetWriteDeadline(t time.Time) error {
-	cn.writeDeadline = t
-	return nil
-}
-
-// KeepAlive signals that the connection is still in use.
-// It may be called to prevent the socket being closed due to inactivity.
-func (cn *Conn) KeepAlive() error {
-	req := &pb.GetSocketNameRequest{
-		SocketDescriptor: &cn.desc,
-	}
-	res := &pb.GetSocketNameReply{}
-	return internal.Call(cn.ctx, "remote_socket", "GetSocketName", req, res)
-}
-
-func init() {
-	internal.RegisterErrorCodeMap("remote_socket", pb.RemoteSocketServiceError_ErrorCode_name)
-}
diff --git a/vendor/google.golang.org/appengine/socket/socket_vm.go b/vendor/google.golang.org/appengine/socket/socket_vm.go
deleted file mode 100644
index c804169a1c0..00000000000
--- a/vendor/google.golang.org/appengine/socket/socket_vm.go
+++ /dev/null
@@ -1,64 +0,0 @@
-// Copyright 2015 Google Inc. All rights reserved.
-// Use of this source code is governed by the Apache 2.0
-// license that can be found in the LICENSE file.
-
-// +build !appengine
-
-package socket
-
-import (
-	"net"
-	"time"
-
-	"golang.org/x/net/context"
-)
-
-// Dial connects to the address addr on the network protocol.
-// The address format is host:port, where host may be a hostname or an IP address.
-// Known protocols are "tcp" and "udp".
-// The returned connection satisfies net.Conn, and is valid while ctx is valid;
-// if the connection is to be used after ctx becomes invalid, invoke SetContext
-// with the new context.
-func Dial(ctx context.Context, protocol, addr string) (*Conn, error) {
-	conn, err := net.Dial(protocol, addr)
-	if err != nil {
-		return nil, err
-	}
-	return &Conn{conn}, nil
-}
-
-// DialTimeout is like Dial but takes a timeout.
-// The timeout includes name resolution, if required.
-func DialTimeout(ctx context.Context, protocol, addr string, timeout time.Duration) (*Conn, error) {
-	conn, err := net.DialTimeout(protocol, addr, timeout)
-	if err != nil {
-		return nil, err
-	}
-	return &Conn{conn}, nil
-}
-
-// LookupIP returns the given host's IP addresses.
-func LookupIP(ctx context.Context, host string) (addrs []net.IP, err error) {
-	return net.LookupIP(host)
-}
-
-// Conn represents a socket connection.
-// It implements net.Conn.
-type Conn struct {
-	net.Conn
-}
-
-// SetContext sets the context that is used by this Conn.
-// It is usually used only when using a Conn that was created in a different context,
-// such as when a connection is created during a warmup request but used while
-// servicing a user request.
-func (cn *Conn) SetContext(ctx context.Context) {
-	// This function is not required in App Engine "flexible environment".
-}
-
-// KeepAlive signals that the connection is still in use.
-// It may be called to prevent the socket being closed due to inactivity.
-func (cn *Conn) KeepAlive() error {
-	// This function is not required in App Engine "flexible environment".
-	return nil
-}
diff --git a/vendor/google.golang.org/genproto/googleapis/api/annotations/field_behavior.pb.go b/vendor/google.golang.org/genproto/googleapis/api/annotations/field_behavior.pb.go
index dbe2e2d0c65..6ce01ac9a69 100644
--- a/vendor/google.golang.org/genproto/googleapis/api/annotations/field_behavior.pb.go
+++ b/vendor/google.golang.org/genproto/googleapis/api/annotations/field_behavior.pb.go
@@ -15,7 +15,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.26.0
-// 	protoc        v3.21.9
+// 	protoc        v3.21.12
 // source: google/api/field_behavior.proto
 
 package annotations
@@ -78,6 +78,19 @@ const (
 	// a non-empty value will be returned. The user will not be aware of what
 	// non-empty value to expect.
 	FieldBehavior_NON_EMPTY_DEFAULT FieldBehavior = 7
+	// Denotes that the field in a resource (a message annotated with
+	// google.api.resource) is used in the resource name to uniquely identify the
+	// resource. For AIP-compliant APIs, this should only be applied to the
+	// `name` field on the resource.
+	//
+	// This behavior should not be applied to references to other resources within
+	// the message.
+	//
+	// The identifier field of resources often have different field behavior
+	// depending on the request it is embedded in (e.g. for Create methods name
+	// is optional and unused, while for Update methods it is required). Instead
+	// of method-specific annotations, only `IDENTIFIER` is required.
+	FieldBehavior_IDENTIFIER FieldBehavior = 8
 )
 
 // Enum value maps for FieldBehavior.
@@ -91,6 +104,7 @@ var (
 		5: "IMMUTABLE",
 		6: "UNORDERED_LIST",
 		7: "NON_EMPTY_DEFAULT",
+		8: "IDENTIFIER",
 	}
 	FieldBehavior_value = map[string]int32{
 		"FIELD_BEHAVIOR_UNSPECIFIED": 0,
@@ -101,6 +115,7 @@ var (
 		"IMMUTABLE":                  5,
 		"UNORDERED_LIST":             6,
 		"NON_EMPTY_DEFAULT":          7,
+		"IDENTIFIER":                 8,
 	}
 )
 
@@ -169,7 +184,7 @@ var file_google_api_field_behavior_proto_rawDesc = []byte{
 	0x6f, 0x12, 0x0a, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x1a, 0x20, 0x67,
 	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64,
 	0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2a,
-	0xa6, 0x01, 0x0a, 0x0d, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x42, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f,
+	0xb6, 0x01, 0x0a, 0x0d, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x42, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f,
 	0x72, 0x12, 0x1e, 0x0a, 0x1a, 0x46, 0x49, 0x45, 0x4c, 0x44, 0x5f, 0x42, 0x45, 0x48, 0x41, 0x56,
 	0x49, 0x4f, 0x52, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10,
 	0x00, 0x12, 0x0c, 0x0a, 0x08, 0x4f, 0x50, 0x54, 0x49, 0x4f, 0x4e, 0x41, 0x4c, 0x10, 0x01, 0x12,
@@ -179,7 +194,8 @@ var file_google_api_field_behavior_proto_rawDesc = []byte{
 	0x0a, 0x09, 0x49, 0x4d, 0x4d, 0x55, 0x54, 0x41, 0x42, 0x4c, 0x45, 0x10, 0x05, 0x12, 0x12, 0x0a,
 	0x0e, 0x55, 0x4e, 0x4f, 0x52, 0x44, 0x45, 0x52, 0x45, 0x44, 0x5f, 0x4c, 0x49, 0x53, 0x54, 0x10,
 	0x06, 0x12, 0x15, 0x0a, 0x11, 0x4e, 0x4f, 0x4e, 0x5f, 0x45, 0x4d, 0x50, 0x54, 0x59, 0x5f, 0x44,
-	0x45, 0x46, 0x41, 0x55, 0x4c, 0x54, 0x10, 0x07, 0x3a, 0x60, 0x0a, 0x0e, 0x66, 0x69, 0x65, 0x6c,
+	0x45, 0x46, 0x41, 0x55, 0x4c, 0x54, 0x10, 0x07, 0x12, 0x0e, 0x0a, 0x0a, 0x49, 0x44, 0x45, 0x4e,
+	0x54, 0x49, 0x46, 0x49, 0x45, 0x52, 0x10, 0x08, 0x3a, 0x60, 0x0a, 0x0e, 0x66, 0x69, 0x65, 0x6c,
 	0x64, 0x5f, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x12, 0x1d, 0x2e, 0x67, 0x6f, 0x6f,
 	0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65,
 	0x6c, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x9c, 0x08, 0x20, 0x03, 0x28, 0x0e,
diff --git a/vendor/google.golang.org/genproto/googleapis/api/annotations/field_info.pb.go b/vendor/google.golang.org/genproto/googleapis/api/annotations/field_info.pb.go
new file mode 100644
index 00000000000..d02e6bbc890
--- /dev/null
+++ b/vendor/google.golang.org/genproto/googleapis/api/annotations/field_info.pb.go
@@ -0,0 +1,295 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.26.0
+// 	protoc        v3.21.12
+// source: google/api/field_info.proto
+
+package annotations
+
+import (
+	reflect "reflect"
+	sync "sync"
+
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	descriptorpb "google.golang.org/protobuf/types/descriptorpb"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+// The standard format of a field value. The supported formats are all backed
+// by either an RFC defined by the IETF or a Google-defined AIP.
+type FieldInfo_Format int32
+
+const (
+	// Default, unspecified value.
+	FieldInfo_FORMAT_UNSPECIFIED FieldInfo_Format = 0
+	// Universally Unique Identifier, version 4, value as defined by
+	// https://datatracker.ietf.org/doc/html/rfc4122. The value may be
+	// normalized to entirely lowercase letters. For example, the value
+	// `F47AC10B-58CC-0372-8567-0E02B2C3D479` would be normalized to
+	// `f47ac10b-58cc-0372-8567-0e02b2c3d479`.
+	FieldInfo_UUID4 FieldInfo_Format = 1
+	// Internet Protocol v4 value as defined by [RFC
+	// 791](https://datatracker.ietf.org/doc/html/rfc791). The value may be
+	// condensed, with leading zeros in each octet stripped. For example,
+	// `001.022.233.040` would be condensed to `1.22.233.40`.
+	FieldInfo_IPV4 FieldInfo_Format = 2
+	// Internet Protocol v6 value as defined by [RFC
+	// 2460](https://datatracker.ietf.org/doc/html/rfc2460). The value may be
+	// normalized to entirely lowercase letters, and zero-padded partial and
+	// empty octets. For example, the value `2001:DB8::` would be normalized to
+	// `2001:0db8:0:0`.
+	FieldInfo_IPV6 FieldInfo_Format = 3
+	// An IP address in either v4 or v6 format as described by the individual
+	// values defined herein. See the comments on the IPV4 and IPV6 types for
+	// allowed normalizations of each.
+	FieldInfo_IPV4_OR_IPV6 FieldInfo_Format = 4
+)
+
+// Enum value maps for FieldInfo_Format.
+var (
+	FieldInfo_Format_name = map[int32]string{
+		0: "FORMAT_UNSPECIFIED",
+		1: "UUID4",
+		2: "IPV4",
+		3: "IPV6",
+		4: "IPV4_OR_IPV6",
+	}
+	FieldInfo_Format_value = map[string]int32{
+		"FORMAT_UNSPECIFIED": 0,
+		"UUID4":              1,
+		"IPV4":               2,
+		"IPV6":               3,
+		"IPV4_OR_IPV6":       4,
+	}
+)
+
+func (x FieldInfo_Format) Enum() *FieldInfo_Format {
+	p := new(FieldInfo_Format)
+	*p = x
+	return p
+}
+
+func (x FieldInfo_Format) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (FieldInfo_Format) Descriptor() protoreflect.EnumDescriptor {
+	return file_google_api_field_info_proto_enumTypes[0].Descriptor()
+}
+
+func (FieldInfo_Format) Type() protoreflect.EnumType {
+	return &file_google_api_field_info_proto_enumTypes[0]
+}
+
+func (x FieldInfo_Format) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use FieldInfo_Format.Descriptor instead.
+func (FieldInfo_Format) EnumDescriptor() ([]byte, []int) {
+	return file_google_api_field_info_proto_rawDescGZIP(), []int{0, 0}
+}
+
+// Rich semantic information of an API field beyond basic typing.
+type FieldInfo struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The standard format of a field value. This does not explicitly configure
+	// any API consumer, just documents the API's format for the field it is
+	// applied to.
+	Format FieldInfo_Format `protobuf:"varint,1,opt,name=format,proto3,enum=google.api.FieldInfo_Format" json:"format,omitempty"`
+}
+
+func (x *FieldInfo) Reset() {
+	*x = FieldInfo{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_api_field_info_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *FieldInfo) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*FieldInfo) ProtoMessage() {}
+
+func (x *FieldInfo) ProtoReflect() protoreflect.Message {
+	mi := &file_google_api_field_info_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use FieldInfo.ProtoReflect.Descriptor instead.
+func (*FieldInfo) Descriptor() ([]byte, []int) {
+	return file_google_api_field_info_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *FieldInfo) GetFormat() FieldInfo_Format {
+	if x != nil {
+		return x.Format
+	}
+	return FieldInfo_FORMAT_UNSPECIFIED
+}
+
+var file_google_api_field_info_proto_extTypes = []protoimpl.ExtensionInfo{
+	{
+		ExtendedType:  (*descriptorpb.FieldOptions)(nil),
+		ExtensionType: (*FieldInfo)(nil),
+		Field:         291403980,
+		Name:          "google.api.field_info",
+		Tag:           "bytes,291403980,opt,name=field_info",
+		Filename:      "google/api/field_info.proto",
+	},
+}
+
+// Extension fields to descriptorpb.FieldOptions.
+var (
+	// Rich semantic descriptor of an API field beyond the basic typing.
+	//
+	// Examples:
+	//
+	//	string request_id = 1 [(google.api.field_info).format = UUID4];
+	//	string old_ip_address = 2 [(google.api.field_info).format = IPV4];
+	//	string new_ip_address = 3 [(google.api.field_info).format = IPV6];
+	//	string actual_ip_address = 4 [
+	//	  (google.api.field_info).format = IPV4_OR_IPV6
+	//	];
+	//
+	// optional google.api.FieldInfo field_info = 291403980;
+	E_FieldInfo = &file_google_api_field_info_proto_extTypes[0]
+)
+
+var File_google_api_field_info_proto protoreflect.FileDescriptor
+
+var file_google_api_field_info_proto_rawDesc = []byte{
+	0x0a, 0x1b, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x66, 0x69, 0x65,
+	0x6c, 0x64, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0a, 0x67,
+	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x1a, 0x20, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x65, 0x73, 0x63, 0x72,
+	0x69, 0x70, 0x74, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x94, 0x01, 0x0a, 0x09,
+	0x46, 0x69, 0x65, 0x6c, 0x64, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x34, 0x0a, 0x06, 0x66, 0x6f, 0x72,
+	0x6d, 0x61, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
+	0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x49, 0x6e, 0x66, 0x6f,
+	0x2e, 0x46, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x52, 0x06, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x22,
+	0x51, 0x0a, 0x06, 0x46, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x12, 0x16, 0x0a, 0x12, 0x46, 0x4f, 0x52,
+	0x4d, 0x41, 0x54, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10,
+	0x00, 0x12, 0x09, 0x0a, 0x05, 0x55, 0x55, 0x49, 0x44, 0x34, 0x10, 0x01, 0x12, 0x08, 0x0a, 0x04,
+	0x49, 0x50, 0x56, 0x34, 0x10, 0x02, 0x12, 0x08, 0x0a, 0x04, 0x49, 0x50, 0x56, 0x36, 0x10, 0x03,
+	0x12, 0x10, 0x0a, 0x0c, 0x49, 0x50, 0x56, 0x34, 0x5f, 0x4f, 0x52, 0x5f, 0x49, 0x50, 0x56, 0x36,
+	0x10, 0x04, 0x3a, 0x57, 0x0a, 0x0a, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x69, 0x6e, 0x66, 0x6f,
+	0x12, 0x1d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
+	0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18,
+	0xcc, 0xf1, 0xf9, 0x8a, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
+	0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x49, 0x6e, 0x66, 0x6f,
+	0x52, 0x09, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x49, 0x6e, 0x66, 0x6f, 0x42, 0x6c, 0x0a, 0x0e, 0x63,
+	0x6f, 0x6d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x42, 0x0e, 0x46,
+	0x69, 0x65, 0x6c, 0x64, 0x49, 0x6e, 0x66, 0x6f, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a,
+	0x41, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x67, 0x6f, 0x6c, 0x61, 0x6e, 0x67, 0x2e, 0x6f,
+	0x72, 0x67, 0x2f, 0x67, 0x65, 0x6e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67, 0x6f, 0x6f, 0x67,
+	0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x61, 0x6e, 0x6e, 0x6f, 0x74,
+	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x3b, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f,
+	0x6e, 0x73, 0xa2, 0x02, 0x04, 0x47, 0x41, 0x50, 0x49, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x33,
+}
+
+var (
+	file_google_api_field_info_proto_rawDescOnce sync.Once
+	file_google_api_field_info_proto_rawDescData = file_google_api_field_info_proto_rawDesc
+)
+
+func file_google_api_field_info_proto_rawDescGZIP() []byte {
+	file_google_api_field_info_proto_rawDescOnce.Do(func() {
+		file_google_api_field_info_proto_rawDescData = protoimpl.X.CompressGZIP(file_google_api_field_info_proto_rawDescData)
+	})
+	return file_google_api_field_info_proto_rawDescData
+}
+
+var file_google_api_field_info_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
+var file_google_api_field_info_proto_msgTypes = make([]protoimpl.MessageInfo, 1)
+var file_google_api_field_info_proto_goTypes = []interface{}{
+	(FieldInfo_Format)(0),             // 0: google.api.FieldInfo.Format
+	(*FieldInfo)(nil),                 // 1: google.api.FieldInfo
+	(*descriptorpb.FieldOptions)(nil), // 2: google.protobuf.FieldOptions
+}
+var file_google_api_field_info_proto_depIdxs = []int32{
+	0, // 0: google.api.FieldInfo.format:type_name -> google.api.FieldInfo.Format
+	2, // 1: google.api.field_info:extendee -> google.protobuf.FieldOptions
+	1, // 2: google.api.field_info:type_name -> google.api.FieldInfo
+	3, // [3:3] is the sub-list for method output_type
+	3, // [3:3] is the sub-list for method input_type
+	2, // [2:3] is the sub-list for extension type_name
+	1, // [1:2] is the sub-list for extension extendee
+	0, // [0:1] is the sub-list for field type_name
+}
+
+func init() { file_google_api_field_info_proto_init() }
+func file_google_api_field_info_proto_init() {
+	if File_google_api_field_info_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_google_api_field_info_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*FieldInfo); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_google_api_field_info_proto_rawDesc,
+			NumEnums:      1,
+			NumMessages:   1,
+			NumExtensions: 1,
+			NumServices:   0,
+		},
+		GoTypes:           file_google_api_field_info_proto_goTypes,
+		DependencyIndexes: file_google_api_field_info_proto_depIdxs,
+		EnumInfos:         file_google_api_field_info_proto_enumTypes,
+		MessageInfos:      file_google_api_field_info_proto_msgTypes,
+		ExtensionInfos:    file_google_api_field_info_proto_extTypes,
+	}.Build()
+	File_google_api_field_info_proto = out.File
+	file_google_api_field_info_proto_rawDesc = nil
+	file_google_api_field_info_proto_goTypes = nil
+	file_google_api_field_info_proto_depIdxs = nil
+}
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 919756ccf3c..47d670bbe80 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -4,11 +4,11 @@ cloud.google.com/go/compute/internal
 # cloud.google.com/go/compute/metadata v0.2.3
 ## explicit; go 1.19
 cloud.google.com/go/compute/metadata
-# cloud.google.com/go/iam v1.1.1
+# cloud.google.com/go/iam v1.1.2
 ## explicit; go 1.19
 cloud.google.com/go/iam
 cloud.google.com/go/iam/apiv1/iampb
-# cloud.google.com/go/kms v1.15.1
+# cloud.google.com/go/kms v1.15.2
 ## explicit; go 1.19
 cloud.google.com/go/kms/apiv1
 cloud.google.com/go/kms/apiv1/kmspb
@@ -29,7 +29,7 @@ dario.cat/mergo
 ## explicit
 github.com/Azure/azure-sdk-for-go/services/preview/containerregistry/runtime/2019-08-15-preview/containerregistry
 github.com/Azure/azure-sdk-for-go/version
-# github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.1
+# github.com/Azure/azure-sdk-for-go/sdk/azcore v1.8.0
 ## explicit; go 1.18
 github.com/Azure/azure-sdk-for-go/sdk/azcore
 github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud
@@ -47,7 +47,7 @@ github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime
 github.com/Azure/azure-sdk-for-go/sdk/azcore/streaming
 github.com/Azure/azure-sdk-for-go/sdk/azcore/to
 github.com/Azure/azure-sdk-for-go/sdk/azcore/tracing
-# github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.1
+# github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0
 ## explicit; go 1.18
 github.com/Azure/azure-sdk-for-go/sdk/azidentity
 # github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0
@@ -149,7 +149,7 @@ github.com/acomagu/bufpipe
 # github.com/ahmetb/gen-crd-api-reference-docs v0.3.1-0.20220720053627-e327d0730470 => github.com/tektoncd/ahmetb-gen-crd-api-reference-docs v0.3.1-0.20220729140133-6ce2d5aafcb4
 ## explicit; go 1.17
 github.com/ahmetb/gen-crd-api-reference-docs
-# github.com/aws/aws-sdk-go-v2 v1.21.0
+# github.com/aws/aws-sdk-go-v2 v1.21.2
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2
 github.com/aws/aws-sdk-go-v2/aws
@@ -172,10 +172,10 @@ github.com/aws/aws-sdk-go-v2/internal/shareddefaults
 github.com/aws/aws-sdk-go-v2/internal/strings
 github.com/aws/aws-sdk-go-v2/internal/sync/singleflight
 github.com/aws/aws-sdk-go-v2/internal/timeconv
-# github.com/aws/aws-sdk-go-v2/config v1.18.37
+# github.com/aws/aws-sdk-go-v2/config v1.18.45
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/config
-# github.com/aws/aws-sdk-go-v2/credentials v1.13.35
+# github.com/aws/aws-sdk-go-v2/credentials v1.13.43
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/credentials
 github.com/aws/aws-sdk-go-v2/credentials/ec2rolecreds
@@ -184,17 +184,17 @@ github.com/aws/aws-sdk-go-v2/credentials/endpointcreds/internal/client
 github.com/aws/aws-sdk-go-v2/credentials/processcreds
 github.com/aws/aws-sdk-go-v2/credentials/ssocreds
 github.com/aws/aws-sdk-go-v2/credentials/stscreds
-# github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.11
+# github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.13
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds/internal/config
-# github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.41
+# github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.43
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/internal/configsources
-# github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.35
+# github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2
-# github.com/aws/aws-sdk-go-v2/internal/ini v1.3.42
+# github.com/aws/aws-sdk-go-v2/internal/ini v1.3.45
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/internal/ini
 # github.com/aws/aws-sdk-go-v2/service/ecr v1.18.11
@@ -207,30 +207,30 @@ github.com/aws/aws-sdk-go-v2/service/ecr/types
 github.com/aws/aws-sdk-go-v2/service/ecrpublic
 github.com/aws/aws-sdk-go-v2/service/ecrpublic/internal/endpoints
 github.com/aws/aws-sdk-go-v2/service/ecrpublic/types
-# github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.35
+# github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.37
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url
-# github.com/aws/aws-sdk-go-v2/service/kms v1.24.5
+# github.com/aws/aws-sdk-go-v2/service/kms v1.24.6
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/service/kms
 github.com/aws/aws-sdk-go-v2/service/kms/internal/endpoints
 github.com/aws/aws-sdk-go-v2/service/kms/types
-# github.com/aws/aws-sdk-go-v2/service/sso v1.13.5
+# github.com/aws/aws-sdk-go-v2/service/sso v1.15.2
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/service/sso
 github.com/aws/aws-sdk-go-v2/service/sso/internal/endpoints
 github.com/aws/aws-sdk-go-v2/service/sso/types
-# github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.5
+# github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.3
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/service/ssooidc
 github.com/aws/aws-sdk-go-v2/service/ssooidc/internal/endpoints
 github.com/aws/aws-sdk-go-v2/service/ssooidc/types
-# github.com/aws/aws-sdk-go-v2/service/sts v1.21.5
+# github.com/aws/aws-sdk-go-v2/service/sts v1.23.2
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/service/sts
 github.com/aws/aws-sdk-go-v2/service/sts/internal/endpoints
 github.com/aws/aws-sdk-go-v2/service/sts/types
-# github.com/aws/smithy-go v1.14.2
+# github.com/aws/smithy-go v1.15.0
 ## explicit; go 1.15
 github.com/aws/smithy-go
 github.com/aws/smithy-go/auth/bearer
@@ -555,8 +555,8 @@ github.com/google/go-containerregistry/pkg/authn/kubernetes
 ## explicit; go 1.12
 github.com/google/gofuzz
 github.com/google/gofuzz/bytesource
-# github.com/google/s2a-go v0.1.5
-## explicit; go 1.16
+# github.com/google/s2a-go v0.1.7
+## explicit; go 1.19
 github.com/google/s2a-go
 github.com/google/s2a-go/fallback
 github.com/google/s2a-go/internal/authinfo
@@ -581,7 +581,7 @@ github.com/google/s2a-go/stream
 # github.com/google/uuid v1.3.1
 ## explicit
 github.com/google/uuid
-# github.com/googleapis/enterprise-certificate-proxy v0.2.5
+# github.com/googleapis/enterprise-certificate-proxy v0.3.1
 ## explicit; go 1.19
 github.com/googleapis/enterprise-certificate-proxy/client
 github.com/googleapis/enterprise-certificate-proxy/client/util
@@ -639,7 +639,7 @@ github.com/hashicorp/hcl/hcl/token
 github.com/hashicorp/hcl/json/parser
 github.com/hashicorp/hcl/json/scanner
 github.com/hashicorp/hcl/json/token
-# github.com/hashicorp/vault/api v1.9.2
+# github.com/hashicorp/vault/api v1.10.0
 ## explicit; go 1.19
 github.com/hashicorp/vault/api
 # github.com/imdario/mergo v0.3.13
@@ -814,17 +814,17 @@ github.com/sigstore/sigstore/pkg/signature/kms
 github.com/sigstore/sigstore/pkg/signature/kms/fake
 github.com/sigstore/sigstore/pkg/signature/options
 github.com/sigstore/sigstore/pkg/signature/payload
-# github.com/sigstore/sigstore/pkg/signature/kms/aws v1.7.3
-## explicit; go 1.19
+# github.com/sigstore/sigstore/pkg/signature/kms/aws v1.7.4
+## explicit; go 1.20
 github.com/sigstore/sigstore/pkg/signature/kms/aws
-# github.com/sigstore/sigstore/pkg/signature/kms/azure v1.7.3
-## explicit; go 1.19
+# github.com/sigstore/sigstore/pkg/signature/kms/azure v1.7.4
+## explicit; go 1.20
 github.com/sigstore/sigstore/pkg/signature/kms/azure
-# github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.7.3
-## explicit; go 1.19
+# github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.7.4
+## explicit; go 1.20
 github.com/sigstore/sigstore/pkg/signature/kms/gcp
-# github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.7.3
-## explicit; go 1.19
+# github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.7.4
+## explicit; go 1.20
 github.com/sigstore/sigstore/pkg/signature/kms/hashivault
 # github.com/sirupsen/logrus v1.9.3
 ## explicit; go 1.13
@@ -1011,13 +1011,15 @@ golang.org/x/net/internal/socks
 golang.org/x/net/internal/timeseries
 golang.org/x/net/proxy
 golang.org/x/net/trace
-# golang.org/x/oauth2 v0.11.0
+# golang.org/x/oauth2 v0.13.0
 ## explicit; go 1.18
 golang.org/x/oauth2
 golang.org/x/oauth2/authhandler
 golang.org/x/oauth2/clientcredentials
 golang.org/x/oauth2/google
 golang.org/x/oauth2/google/internal/externalaccount
+golang.org/x/oauth2/google/internal/externalaccountauthorizeduser
+golang.org/x/oauth2/google/internal/stsexchange
 golang.org/x/oauth2/internal
 golang.org/x/oauth2/jws
 golang.org/x/oauth2/jwt
@@ -1073,7 +1075,7 @@ golang.org/x/tools/internal/typesinternal
 # gomodules.xyz/jsonpatch/v2 v2.4.0
 ## explicit; go 1.20
 gomodules.xyz/jsonpatch/v2
-# google.golang.org/api v0.138.0
+# google.golang.org/api v0.147.0
 ## explicit; go 1.19
 google.golang.org/api/googleapi
 google.golang.org/api/googleapi/transport
@@ -1098,22 +1100,20 @@ google.golang.org/appengine/internal/datastore
 google.golang.org/appengine/internal/log
 google.golang.org/appengine/internal/modules
 google.golang.org/appengine/internal/remote_api
-google.golang.org/appengine/internal/socket
 google.golang.org/appengine/internal/urlfetch
-google.golang.org/appengine/socket
 google.golang.org/appengine/urlfetch
-# google.golang.org/genproto v0.0.0-20230803162519-f966b187b2e5
+# google.golang.org/genproto v0.0.0-20231002182017-d307bd883b97
 ## explicit; go 1.19
 google.golang.org/genproto/googleapis/cloud/location
 google.golang.org/genproto/googleapis/type/expr
 google.golang.org/genproto/internal
 google.golang.org/genproto/protobuf/field_mask
-# google.golang.org/genproto/googleapis/api v0.0.0-20230803162519-f966b187b2e5
+# google.golang.org/genproto/googleapis/api v0.0.0-20231002182017-d307bd883b97
 ## explicit; go 1.19
 google.golang.org/genproto/googleapis/api
 google.golang.org/genproto/googleapis/api/annotations
 google.golang.org/genproto/googleapis/api/httpbody
-# google.golang.org/genproto/googleapis/rpc v0.0.0-20230807174057-1744710a1577
+# google.golang.org/genproto/googleapis/rpc v0.0.0-20231009173412-8bfb1ae86b6c
 ## explicit; go 1.19
 google.golang.org/genproto/googleapis/rpc/code
 google.golang.org/genproto/googleapis/rpc/errdetails